DragonFly On-Line Manual Pages
asignify(1) User Commands asignify(1)
NAME
asignify - cryptographically sign, verify, encrypt or decrypt files.
SYNOPSIS
asignify [-q] verify pubkey signature
asignify [-q] check pubkey signature file [file...]
asignify [-q] sign [-n] [-d digest] [-s sshkey] secretkey signature
[file1 [file2...]]
asignify [-q] generate [-n] [-r rounds] secretkey [publickey]
asignify [-q] encrypt [-d] secretkey publickey infile outfile
asignify [-q] decrypt secretkey publickey infile outfile
DESCRIPTION
The asignify utility creates and verifies cryptographic signatures. A
signature is stamped on a digests file that contains hash digests of
files using various hash functions (namely, sha256, sha512 and
blake2b).
The mode of operation is selected with the following options:
-q Quiet mode. Suppress informational output.
verify Verify signarure for a digests file (but do not verify digests
themselves):
pubkey Name of the file with a public key.
signature Name of signature file.
check Verify a signed digests list, and then verify the checksum for
each file listed in the arguments and specified in the digests
list:
pubkey Name of the file with a public key.
signature Name of a signature file.
file List of files whose digests need to be verified.
generate
Generate a new key pair of secret and public keys:
-n, --no-password
Do not ask for a passphrase during key generation.
Otherwise, asignify will prompt the user for a
passphrase to encrypt the secret key with.
-r, --rounds
Indicate a number of iterations (rounds) used by
PBKDF algorithm (default number of rounds: 10000).
-s, --ssh Convert unencrypted ed25519 private key generated
by openssh to the native asignify format. The
target key could be encrypted as usually.
secretkey Mandatory path to file where secret key will be
writen.
pubkey Optional path to file where public key will be
writed and by default will be generated from as
[secretkey].pub. This option is not used with ssh
keys.
sign Calculate digests for the files specified and create a signed
digests file:
-n, --no-size
Do not record files sizes in signature file.
-d, --digest
Indicate a hash function which will be used for
singing. Currently the asignify has support of
following hashes: sha256(1), sha512(1), blake2
(default if none is defined). It is possible to
specify multiple -d options to calculate multiple
checksums for each file.
secretkey Name of the file with a secret key.
signature Name of file where signed digests will be stored.
file List of file(s) to calculate digests for.
encrypt Encrypt a file using local private key and remote public key
(and vice-versa for decryption):
-d, --decrypt
Decrypt using remote privkey and local pubkey (that
is same as invoking this command as decrypt)
secretkey Name of the file with a secret key: local for
encryption and remote for decryption.
publickey Name of the file with a public key: remote for
encryption and local for decryption.
in The name of input file.
out The name of output file.
EXIT STATUS
The asignify return zero exit code on success, and non-zero if an error
occurs. It may fail because of one of the following reasons:
- Some files requested are absent.
- Passphrase is incorrect (or passphrase and verification are not
equal).
- The message file has been corrupted and its signature is no longer
valid.
EXAMPLES
Create a new key pair:
$ asignify generate keys/key.secret keys/key.public
Sign a file, specifying a signature name:
$ asignify sign -d blake2 keys/key.secret motd.sig /etc/motd
Verify a signature:
$ asignify verify keys/key.public motd.sig
Verify a signed digest list:
$ asignify check keys/key.public motd.sig /etc/motd
perl v5.18.2 2015-01-12 asignify(1)