|SIGNIFY(1)||General Commands Manual||SIGNIFY(1)|
signifyutility creates and verifies cryptographic signatures. A signature verifies the integrity of a message. The mode of operation is selected with the following options:
The other options are as follows:
-eand creates a new message file as output.)
-e, the file to create.
signifywill prompt the user for a passphrase to protect the secret key. When signing with
-z, store a zero time stamp in the gzip(1) header.
-G, and used by
-Vto check a signature.
-G, and used by
-Sto sign a message.
The key and signature files created by
signify have the same format. The first line of the
file is a free form text comment that may be edited, so long as it does not
exceed a single line. Signature comments will be generated based on the name
of the secret key used for signing. This comment can then be used as a hint
for the name of the public key when verifying. The second line of the file
is the actual key or signature base64 encoded.
signifyutility exits 0 on success, and >0 if an error occurs. It may fail because of one of the following reasons:
$ signify -G -p newkey.pub -s newkey.sec
Sign a file, specifying a signature name:
$ signify -S -s key.sec -m message.txt -x msg.sig
Verify a signature, using the default signature name:
$ signify -V -p key.pub -m generalsorders.txt
Verify a release directory containing SHA256.sig and a full set of release files:
$ signify -C -p /etc/signify/openbsd-66-base.pub -x SHA256.sig
Verify a bsd.rd before an upgrade:
$ signify -C -p /etc/signify/openbsd-66-base.pub -x SHA256.sig bsd.rd
Sign a gzip archive:
$ signify -Sz -s key-arc.sec -m in.tgz -x out.tgz
Verify a gzip pipeline:
$ ftp url | signify -Vz -t arc | tar ztf -
signifycommand first appeared in OpenBSD 5.5.
|May 8, 2019||OpenBSD-current|