FreeBSD Manual Pages
asignify(1) User Commands asignify(1) NAME asignify - cryptographically sign, verify, encrypt or decrypt files. SYNOPSIS asignify [-q] verify pubkey signature asignify [-q] check pubkey signature file [file...] asignify [-q] sign [-n] [-d digest] [-s sshkey] secretkey signature [file1 [file2...]] asignify [-q] generate [-n] [-r rounds] secretkey [publickey] asignify [-q] encrypt [-d] secretkey publickey infile outfile asignify [-q] decrypt secretkey publickey infile outfile DESCRIPTION The asignify utility creates and verifies cryptographic signatures. A signature is stamped on a digests file that contains hash digests of files using various hash functions (namely, sha256, sha512 and blake2b). The mode of operation is selected with the following options: -q Quiet mode. Suppress informational output. verify Verify signarure for a digests file (but do not verify digests themselves): pubkey Name of the file with a public key. signature Name of signature file. check Verify a signed digests list, and then verify the checksum for each file listed in the arguments and specified in the digests list: pubkey Name of the file with a public key. signature Name of a signature file. file List of files whose digests need to be verified. generate Generate a new key pair of secret and public keys: -n, --no-password Do not ask for a passphrase during key generation. Otherwise, asignify will prompt the user for a passphrase to encrypt the secret key with. -r, --rounds Indicate a number of iterations (rounds) used by PBKDF algorithm (default number of rounds: 10000). -s, --ssh Convert unencrypted ed25519 private key generated by openssh to the native asignify format. The target key could be encrypted as usually. secretkey Mandatory path to file where secret key will be writen. pubkey Optional path to file where public key will be writed and by default will be generated from as [secretkey].pub. This option is not used with ssh keys. sign Calculate digests for the files specified and create a signed digests file: -n, --no-size Do not record files sizes in signature file. -d, --digest Indicate a hash function which will be used for singing. Currently the asignify has support of following hashes: sha256(1), sha512(1), blake2 (default if none is defined). It is possible to specify multiple -d options to calculate multiple checksums for each file. secretkey Name of the file with a secret key. signature Name of file where signed digests will be stored. file List of file(s) to calculate digests for. encrypt Encrypt a file using local private key and remote public key (and vice-versa for decryption): -d, --decrypt Decrypt using remote privkey and local pubkey (that is same as invoking this command as decrypt) secretkey Name of the file with a secret key: local for encryption and remote for decryption. publickey Name of the file with a public key: remote for encryption and local for decryption. in The name of input file. out The name of output file. EXIT STATUS The asignify return zero exit code on success, and non-zero if an error occurs. It may fail because of one of the following reasons: - Some files requested are absent. - Passphrase is incorrect (or passphrase and verification are not equal). - The message file has been corrupted and its signature is no longer valid. EXAMPLES Create a new key pair: $ asignify generate keys/key.secret keys/key.public Sign a file, specifying a signature name: $ asignify sign -d blake2 keys/key.secret motd.sig /etc/motd Verify a signature: $ asignify verify keys/key.public motd.sig Verify a signed digest list: $ asignify check keys/key.public motd.sig /etc/motd perl v5.18.2 2015-01-12 asignify(1)
NAME | SYNOPSIS | DESCRIPTION | EXIT STATUS | EXAMPLES
Want to link to this manual page? Use this URL:
<https://man.freebsd.org/cgi/man.cgi?query=asignify&sektion=1&manpath=FreeBSD+Ports+15.0>