Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages


home | help
asignify(1)			 User Commands			   asignify(1)

       asignify	- cryptographically sign, verify, encrypt or decrypt files.

       asignify	[-q] verify pubkey signature

       asignify	[-q] check pubkey signature file [file...]

       asignify	[-q] sign [-n] [-d digest] [-s sshkey] secretkey signature
       [file1 [file2...]]

       asignify	[-q] generate [-n] [-r rounds] secretkey [publickey]

       asignify	[-q] encrypt [-d] secretkey publickey infile outfile

       asignify	[-q] decrypt secretkey publickey infile	outfile

       The asignify utility creates and	verifies cryptographic signatures. A
       signature is stamped on a digests file that contains hash digests of
       files using various hash	functions (namely, sha256, sha512 and

       The mode	of operation is	selected with the following options:

       -q      Quiet mode. Suppress informational output.

       verify  Verify signarure	for a digests file (but	do not verify digests

	       pubkey	   Name	of the file with a public key.

	       signature   Name	of signature file.

       check   Verify a	signed digests list, and then verify the checksum for
	       each file listed	in the arguments and specified in the digests

	       pubkey	   Name	of the file with a public key.

	       signature   Name	of a signature file.

	       file	   List	of files whose digests need to be verified.

	       Generate	a new key pair of secret and public keys:

	       -n, --no-password
			   Do not ask for a passphrase during key generation.
			   Otherwise, asignify will prompt the user for	a
			   passphrase to encrypt the secret key	with.

	       -r, --rounds
			   Indicate a number of	iterations (rounds) used by
			   PBKDF algorithm (default number of rounds: 10000).

	       -s, --ssh   Convert unencrypted ed25519 private key generated
			   by openssh to the native asignify format. The
			   target key could be encrypted as usually.

	       secretkey   Mandatory path to file where	secret key will	be

	       pubkey	   Optional path to file where public key will be
			   writed and by default will be generated from	as
			   [secretkey].pub. This option	is not used with ssh

       sign    Calculate digests for the files specified and create a signed
	       digests file:

	       -n, --no-size
			   Do not record files sizes in	signature file.

	       -d, --digest
			   Indicate a hash function which will be used for
			   singing. Currently the asignify has support of
			   following hashes: sha256(1),	sha512(1), blake2
			   (default if none is defined). It is possible	to
			   specify multiple -d options to calculate multiple
			   checksums for each file.

	       secretkey   Name	of the file with a secret key.

	       signature   Name	of file	where signed digests will be stored.

	       file	   List	of file(s) to calculate	digests	for.

       encrypt Encrypt a file using local private key and remote public	key
	       (and vice-versa for decryption):

	       -d, --decrypt
			   Decrypt using remote	privkey	and local pubkey (that
			   is same as invoking this command as decrypt)

	       secretkey   Name	of the file with a secret key: local for
			   encryption and remote for decryption.

	       publickey   Name	of the file with a public key: remote for
			   encryption and local	for decryption.

	       in	   The name of input file.

	       out	   The name of output file.

       The asignify return zero	exit code on success, and non-zero if an error
       occurs.	It may	fail because of	one of the following reasons:

       - Some files requested are absent.
       - Passphrase is incorrect (or passphrase	and verification are not
       - The message file has been corrupted and its signature is no longer

       Create a	new key	pair:

	$ asignify generate keys/key.secret keys/key.public

       Sign a file, specifying a signature name:

	$ asignify sign	-d blake2 keys/key.secret motd.sig /etc/motd

       Verify a	signature:

	$ asignify verify keys/key.public motd.sig

       Verify a	signed digest list:

	$ asignify check keys/key.public motd.sig /etc/motd

perl v5.18.2			  2015-01-12			   asignify(1)


Want to link to this manual page? Use this URL:

home | help