|SIGNIFY(1)||General Commands Manual||SIGNIFY(1)|
cryptographically sign and verify files
signify utility creates and verifies
cryptographic signatures. A signature verifies the integrity of a
message. The mode of operation is selected with the
The other options are as follows:
-eand creates a new message file as output.)
-e, the file to create.
signifywill prompt the user for a passphrase to protect the secret key. When signing with
-z, store a zero time stamp in the gzip(1) header.
-G, and used by
-Vto check a signature.
-G, and used by
-Sto sign a message.
The key and signature files created by
signify have the same format. The first line of the
file is a free form text comment that may be edited, so long as it does not
exceed a single line. Signature comments will be generated based on the name
of the secret key used for signing. This comment can then be used as a hint
for the name of the public key when verifying. The second line of the file
is the actual key or signature base64 encoded.
signify utility exits 0 on
success, and >0 if an error occurs. It may fail because of one of
the following reasons:
Create a new key pair:
$ signify -G -p newkey.pub -s newkey.sec
Sign a file, specifying a signature name:
$ signify -S -s key.sec -m message.txt -x msg.sig
Verify a signature, using the default signature name:
$ signify -V -p key.pub -m generalsorders.txt
Verify a release directory containing SHA256.sig and a full set of release files:
$ signify -C -p /etc/signify/openbsd-71-base.pub -x SHA256.sig
Verify a bsd.rd before an upgrade:
$ signify -C -p /etc/signify/openbsd-71-base.pub -x SHA256.sig bsd.rd
Sign a gzip archive:
$ signify -Sz -s key-arc.sec -m in.tgz -x out.tgz
Verify a gzip pipeline:
$ ftp url | signify -Vz -t arc | tar ztf -
signify command first appeared in
|September 19, 2021||OpenBSD-7.0|