aboutsummaryrefslogtreecommitdiff
path: root/orig/signify.1
diff options
context:
space:
mode:
Diffstat (limited to 'orig/signify.1')
-rw-r--r--orig/signify.1199
1 files changed, 0 insertions, 199 deletions
diff --git a/orig/signify.1 b/orig/signify.1
deleted file mode 100644
index 569c14e..0000000
--- a/orig/signify.1
+++ /dev/null
@@ -1,199 +0,0 @@
-.\" $OpenBSD: signify.1,v 1.41 2017/03/09 19:42:05 benno Exp $
-.\"
-.\"Copyright (c) 2013 Marc Espie <espie@openbsd.org>
-.\"Copyright (c) 2013 Ted Unangst <tedu@openbsd.org>
-.\"
-.\"Permission to use, copy, modify, and distribute this software for any
-.\"purpose with or without fee is hereby granted, provided that the above
-.\"copyright notice and this permission notice appear in all copies.
-.\"
-.\"THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
-.\"WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
-.\"MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
-.\"ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
-.\"WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
-.\"ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
-.\"OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-.Dd $Mdocdate: March 9 2017 $
-.Dt SIGNIFY 1
-.Os
-.Sh NAME
-.Nm signify
-.Nd cryptographically sign and verify files
-.Sh SYNOPSIS
-.Nm signify
-.Fl C
-.Op Fl q
-.Fl p Ar pubkey
-.Fl x Ar sigfile
-.Op Ar
-.Nm signify
-.Fl G
-.Op Fl n
-.Op Fl c Ar comment
-.Fl p Ar pubkey
-.Fl s Ar seckey
-.Nm signify
-.Fl S
-.Op Fl ez
-.Op Fl x Ar sigfile
-.Fl s Ar seckey
-.Fl m Ar message
-.Nm signify
-.Fl V
-.Op Fl eqz
-.Op Fl p Ar pubkey
-.Op Fl t Ar keytype
-.Op Fl x Ar sigfile
-.Fl m Ar message
-.Sh DESCRIPTION
-The
-.Nm
-utility creates and verifies cryptographic signatures.
-A signature verifies the integrity of a
-.Ar message .
-The mode of operation is selected with the following options:
-.Bl -tag -width Dsssigfile
-.It Fl C
-Verify a signed checksum list, and then verify the checksum for
-each file.
-If no files are specified, all of them are checked.
-.Ar sigfile
-should be the signed output of
-.Xr sha256 1 .
-.It Fl G
-Generate a new key pair.
-Keynames should follow the convention of
-.Pa keyname.pub
-and
-.Pa keyname.sec
-for the public and secret keys, respectively.
-.It Fl S
-Sign the specified message file and create a signature.
-.It Fl V
-Verify the message and signature match.
-.El
-.Pp
-The other options are as follows:
-.Bl -tag -width Dsssignature
-.It Fl c Ar comment
-Specify the comment to be added during key generation.
-.It Fl e
-When signing, embed the message after the signature.
-When verifying, extract the message from the signature.
-(This requires that the signature was created using
-.Fl e
-and creates a new message file as output.)
-.It Fl m Ar message
-When signing, the file containing the message to sign.
-When verifying, the file containing the message to verify.
-When verifying with
-.Fl e ,
-the file to create.
-.It Fl n
-Do not ask for a passphrase during key generation.
-Otherwise,
-.Nm
-will prompt the user for a passphrase to protect the secret key.
-.It Fl p Ar pubkey
-Public key produced by
-.Fl G ,
-and used by
-.Fl V
-to check a signature.
-.It Fl q
-Quiet mode.
-Suppress informational output.
-.It Fl s Ar seckey
-Secret (private) key produced by
-.Fl G ,
-and used by
-.Fl S
-to sign a message.
-.It Fl t Ar keytype
-When deducing the correct key to check a signature, make sure
-the actual key matches
-.Pa /etc/signify/*-keytype.pub .
-.It Fl x Ar sigfile
-The signature file to create or verify.
-The default is
-.Ar message Ns .sig .
-.It Fl z
-Sign and verify
-.Xr gzip 1
-archives, where the signing data
-is embedded in the
-.Xr gzip 1
-header.
-.El
-.Pp
-The key and signature files created by
-.Nm
-have the same format.
-The first line of the file is a free form text comment that may be edited,
-so long as it does not exceed a single line.
-Signature comments will be generated based on the name of the secret
-key used for signing.
-This comment can then be used as a hint for the name of the public key
-when verifying.
-The second line of the file is the actual key or signature base64 encoded.
-.Sh EXIT STATUS
-.Ex -std signify
-It may fail because of one of the following reasons:
-.Pp
-.Bl -bullet -compact
-.It
-Some necessary files do not exist.
-.It
-Entered passphrase is incorrect.
-.It
-The message file was corrupted and its signature does not match.
-.It
-The message file is too large.
-.El
-.Sh EXAMPLES
-Create a new key pair:
-.Dl $ signify -G -p newkey.pub -s newkey.sec
-.Pp
-Sign a file, specifying a signature name:
-.Dl $ signify -S -s key.sec -m message.txt -x msg.sig
-.Pp
-Verify a signature, using the default signature name:
-.Dl $ signify -V -p key.pub -m generalsorders.txt
-.Pp
-Verify a release directory containing
-.Pa SHA256.sig
-and a full set of release files:
-.Bd -literal -offset indent -compact
-$ signify -C -p /etc/signify/openbsd-62-base.pub -x SHA256.sig
-.Ed
-.Pp
-Verify a bsd.rd before an upgrade:
-.Bd -literal -offset indent -compact
-$ signify -C -p /etc/signify/openbsd-62-base.pub -x SHA256.sig bsd.rd
-.Ed
-.Pp
-Sign a gzip archive:
-.Bd -literal -offset indent -compact
-$ signify -Sz -s key-arc.sec -m in.tgz -x out.tgz
-.Ed
-.Pp
-Verify a gzip pipeline:
-.Bd -literal -offset indent -compact
-$ ftp url | signify -Vz -t arc | tar ztf -
-.Ed
-.Sh SEE ALSO
-.Xr fw_update 1 ,
-.Xr gzip 1 ,
-.Xr pkg_add 1 ,
-.Xr sha256 1
-.Sh HISTORY
-The
-.Nm
-command first appeared in
-.Ox 5.5 .
-.Sh AUTHORS
-.An -nosplit
-.An Ted Unangst Aq Mt tedu@openbsd.org
-and
-.An Marc Espie Aq Mt espie@openbsd.org .