Annotation of src/usr.bin/signify/signify.1, Revision 1.14
1.14 ! tedu 1: .\" $OpenBSD: signify.1,v 1.13 2014/01/10 07:53:04 jmc Exp $
1.1 tedu 2: .\"
3: .\"Copyright (c) 2013 Marc Espie <espie@openbsd.org>
4: .\"Copyright (c) 2013 Ted Unangst <tedu@openbsd.org>
5: .\"
6: .\"Permission to use, copy, modify, and distribute this software for any
7: .\"purpose with or without fee is hereby granted, provided that the above
8: .\"copyright notice and this permission notice appear in all copies.
9: .\"
10: .\"THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
11: .\"WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
12: .\"MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
13: .\"ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
14: .\"WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15: .\"ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16: .\"OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
1.10 deraadt 17: .Dd $Mdocdate: January 10 2014 $
1.1 tedu 18: .Dt SIGNIFY 1
19: .Os
20: .Sh NAME
21: .Nm signify
22: .Nd cryptographically sign and verify files
23: .Sh SYNOPSIS
24: .Nm signify
1.10 deraadt 25: .Fl G
1.6 tedu 26: .Op Fl n
1.14 ! tedu 27: .Op Fl c Ar comment
1.7 espie 28: .Fl p Ar pubkey
29: .Fl s Ar seckey
30: .Nm signify
1.10 deraadt 31: .Fl I
1.12 tedu 32: .Op Fl o Ar sigfile
1.9 tedu 33: .Op Fl p Ar pubkey
34: .Op Fl s Ar seckey
35: .Nm signify
1.10 deraadt 36: .Fl S
1.8 tedu 37: .Op Fl e
1.12 tedu 38: .Op Fl o Ar sigfile
1.7 espie 39: .Fl s Ar seckey
1.8 tedu 40: .Ar message
1.7 espie 41: .Nm signify
1.10 deraadt 42: .Fl V
1.8 tedu 43: .Op Fl e
1.12 tedu 44: .Op Fl o Ar sigfile
1.7 espie 45: .Fl p Ar pubkey
1.8 tedu 46: .Ar message
1.1 tedu 47: .Sh DESCRIPTION
48: The
49: .Nm
1.7 espie 50: utility creates and verifies cryptographic signatures for
51: an input file
1.8 tedu 52: .Ar message .
1.10 deraadt 53: The mode of operation is selected with the following options:
1.12 tedu 54: .Bl -tag -width Dsssigfile
1.10 deraadt 55: .It Fl G
56: Generate a new keypair.
57: .It Fl I
58: Inspect the specified keys or signature and print their fingerprint.
59: .It Fl S
60: Sign the input file.
61: .It Fl V
62: Verify the input file and signature match.
63: .El
1.4 jmc 64: .Pp
1.10 deraadt 65: The other options are as follows:
1.12 tedu 66: .Bl -tag -width Dsssignature
1.14 ! tedu 67: .It Fl c Ar comment
! 68: Specify the comment to be added during key generation.
1.8 tedu 69: .It Fl e
70: Embed the message after the signature when signing.
71: For verification, extract the message from the signature.
1.6 tedu 72: .It Fl n
1.1 tedu 73: Do not ask for a passphrase during key generation.
74: Otherwise,
75: .Nm
1.4 jmc 76: will prompt the user for a passphrase on the terminal.
1.8 tedu 77: .It Fl o Ar sigfile
1.1 tedu 78: The signature file to create or verify.
79: The default is
1.12 tedu 80: .Ar message Ns .sig .
1.6 tedu 81: .It Fl p Ar pubkey
1.1 tedu 82: Public key produced by
1.7 espie 83: .Fl G ,
1.1 tedu 84: and used by
1.7 espie 85: .Fl V
1.1 tedu 86: to check a signature.
1.6 tedu 87: .It Fl s Ar seckey
1.1 tedu 88: Secret (private) key produced by
1.7 espie 89: .Fl G ,
1.1 tedu 90: and used by
1.7 espie 91: .Fl S
1.1 tedu 92: to sign a message.
93: .El
1.4 jmc 94: .Pp
95: The key and signature files created by
96: .Nm
97: have the same format.
98: The first line of the file is a free form text comment that may be edited,
99: so long as it does not exceed a single line.
100: The second line of the file is the actual key or signature base64 encoded.
1.1 tedu 101: .Sh EXIT STATUS
1.4 jmc 102: .Ex -std signify
103: It may fail because of one of the following reasons:
104: .Pp
1.1 tedu 105: .Bl -bullet -compact
1.4 jmc 106: .It
1.1 tedu 107: Some necessary files do not exist.
108: .It
109: Entered passphrase is incorrect.
110: .It
111: The message file was corrupted and its signature does not match.
112: .It
113: The message file is too large.
114: .El
115: .Sh EXAMPLES
116: Create a new keypair:
1.7 espie 117: .Dl $ signify -G -p newkey.pub -s newkey.sec
1.4 jmc 118: .Pp
119: Sign a file, specifying a signature name:
1.7 espie 120: .Dl $ signify -S -s key.sec -o msg.sig message.txt
1.4 jmc 121: .Pp
1.1 tedu 122: Verify a signature, using the default signature name:
1.7 espie 123: .Dl $ signify -V -p key.pub generalsorders.txt
1.11 deraadt 124: .Pp
125: Verify a release directory:
126: .Dl $ signify -p /etc/signify/55base.pub -V SHA256 && sha256 -c SHA256
1.1 tedu 127: .Sh SEE ALSO
1.11 deraadt 128: .Xr fw_update 1 ,
129: .Xr pkg_add 1 ,
130: .Xr sha256 1
1.1 tedu 131: .Sh HISTORY
132: The
133: .Nm
134: command first appeared in
1.7 espie 135: .Ox 5.5 .
![[BACK]](/icons/back.gif){kind=icon}
Return to signify.1 CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / usr.bin / signify