Sortix nightly manual
This manual documents Sortix nightly, a development build that has not been officially released. You can instead view this document in the latest official manual.
NAME
signify — cryptographically sign and verify filesSYNOPSIS
signify | -C [-q] [-p pubkey] [-t keytype] -x sigfile [file ...] |
signify | -G [-n] [-c comment] -p pubkey -s seckey |
signify | -S [-enz] [-x sigfile] -s seckey -m message |
signify | -V [-eqz] [-p pubkey] [-t keytype] [-x sigfile] -m message |
DESCRIPTION
The signify utility creates and verifies cryptographic signatures. A signature verifies the integrity of a message. The mode of operation is selected with the following options:- -C
- Verify a signed checksum list, and then verify the checksum for each file. If no files are specified, all of them are checked. sigfile should be the signed output of sha256(1).
- -G
- Generate a new key pair. Keynames should follow the convention of keyname.pub and keyname.sec for the public and secret keys, respectively.
- -S
- Sign the specified message file and create a signature.
- -V
- Verify the message and signature match.
- -c comment
- Specify the comment to be added during key generation.
- -e
- When signing, embed the message after the signature. When verifying, extract the message from the signature. (This requires that the signature was created using -e and creates a new message file as output.)
- -m message
- When signing, the file containing the message to sign. When verifying, the file containing the message to verify. When verifying with -e, the file to create.
- -n
- When generating a key pair, do not ask for a passphrase. Otherwise, signify will prompt the user for a passphrase to protect the secret key. When signing with -z, store a zero time stamp in the gzip(1) header.
- -p pubkey
- Public key produced by -G, and used by -V to check a signature.
- -q
- Quiet mode. Suppress informational output.
- -s seckey
- Secret (private) key produced by -G, and used by -S to sign a message.
- -t keytype
- When deducing the correct key to check a signature, make sure the actual key matches /etc/signify/*-keytype.pub.
- -x sigfile
- The signature file to create or verify. The default is message.sig.
- -z
- Sign and verify gzip(1) archives, where the signing data is embedded in the gzip(1) header.
EXIT STATUS
The signify utility exits 0 on success, and >0 if an error occurs. It may fail because of one of the following reasons:- Some necessary files do not exist.
- Entered passphrase is incorrect.
- The message file was corrupted and its signature does not match.
- The message file is too large.
EXAMPLES
Create a new key pair:$ signify -G -p newkey.pub -s newkey.sec
$ signify -S -s key.sec -m message.txt -x msg.sig
$ signify -V -p key.pub -m generalsorders.txt
$ signify -C -p /etc/signify/openbsd-77-base.pub -x SHA256.sig
$ signify -C -p /etc/signify/openbsd-77-base.pub -x SHA256.sig bsd.rd
$ signify -Sz -s key-arc.sec -m in.tgz -x out.tgz
$ ftp url | signify -Vz -t arc | tar ztf -