Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help
asignify(1)			 User Commands			   asignify(1)

NAME
       asignify	- cryptographically sign, verify, encrypt or decrypt files.

SYNOPSIS
       asignify	[-q] verify pubkey signature

       asignify	[-q] check pubkey signature file [file...]

       asignify	[-q] sign [-n] [-d digest] [-s sshkey] secretkey signature
       [file1 [file2...]]

       asignify	[-q] generate [-n] [-r rounds] secretkey [publickey]

       asignify	[-q] encrypt [-d] secretkey publickey infile outfile

       asignify	[-q] decrypt secretkey publickey infile	outfile

DESCRIPTION
       The asignify utility creates and	verifies cryptographic signatures. A
       signature is stamped on a digests file that contains hash digests of
       files using various hash	functions (namely, sha256, sha512 and
       blake2b).

       The mode	of operation is	selected with the following options:

       -q      Quiet mode. Suppress informational output.

       verify  Verify signarure	for a digests file (but	do not verify digests
	       themselves):

	       pubkey	   Name	of the file with a public key.

	       signature   Name	of signature file.

       check   Verify a	signed digests list, and then verify the checksum for
	       each file listed	in the arguments and specified in the digests
	       list:

	       pubkey	   Name	of the file with a public key.

	       signature   Name	of a signature file.

	       file	   List	of files whose digests need to be verified.

       generate
	       Generate	a new key pair of secret and public keys:

	       -n, --no-password
			   Do not ask for a passphrase during key generation.
			   Otherwise, asignify will prompt the user for	a
			   passphrase to encrypt the secret key	with.

	       -r, --rounds
			   Indicate a number of	iterations (rounds) used by
			   PBKDF algorithm (default number of rounds: 10000).

	       -s, --ssh   Convert unencrypted ed25519 private key generated
			   by openssh to the native asignify format. The
			   target key could be encrypted as usually.

	       secretkey   Mandatory path to file where	secret key will	be
			   writen.

	       pubkey	   Optional path to file where public key will be
			   writed and by default will be generated from	as
			   [secretkey].pub. This option	is not used with ssh
			   keys.

       sign    Calculate digests for the files specified and create a signed
	       digests file:

	       -n, --no-size
			   Do not record files sizes in	signature file.

	       -d, --digest
			   Indicate a hash function which will be used for
			   singing. Currently the asignify has support of
			   following hashes: sha256(1),	sha512(1), blake2
			   (default if none is defined). It is possible	to
			   specify multiple -d options to calculate multiple
			   checksums for each file.

	       secretkey   Name	of the file with a secret key.

	       signature   Name	of file	where signed digests will be stored.

	       file	   List	of file(s) to calculate	digests	for.

       encrypt Encrypt a file using local private key and remote public	key
	       (and vice-versa for decryption):

	       -d, --decrypt
			   Decrypt using remote	privkey	and local pubkey (that
			   is same as invoking this command as decrypt)

	       secretkey   Name	of the file with a secret key: local for
			   encryption and remote for decryption.

	       publickey   Name	of the file with a public key: remote for
			   encryption and local	for decryption.

	       in	   The name of input file.

	       out	   The name of output file.

EXIT STATUS
       The asignify return zero	exit code on success, and non-zero if an error
       occurs.	It may	fail because of	one of the following reasons:

       - Some files requested are absent.
       - Passphrase is incorrect (or passphrase	and verification are not
       equal).
       - The message file has been corrupted and its signature is no longer
       valid.

EXAMPLES
       Create a	new key	pair:

	$ asignify generate keys/key.secret keys/key.public

       Sign a file, specifying a signature name:

	$ asignify sign	-d blake2 keys/key.secret motd.sig /etc/motd

       Verify a	signature:

	$ asignify verify keys/key.public motd.sig

       Verify a	signed digest list:

	$ asignify check keys/key.public motd.sig /etc/motd

perl v5.18.2			  2015-01-12			   asignify(1)

NAME | SYNOPSIS | DESCRIPTION | EXIT STATUS | EXAMPLES

Want to link to this manual page? Use this URL:
<https://www.freebsd.org/cgi/man.cgi?query=asignify&sektion=1&manpath=FreeBSD+12.0-RELEASE+and+Ports>

home | help