mirrors/minisign
1
0
Fork 0
mirror of https://github.com/jedisct1/minisign.git synced 2025-04-04 11:27:42 +03:00
Code Issues Projects Releases Packages Wiki Activity

add a note about signify compatibility

Browse source 
based nearly verbatim on @jedisct1's explanation in the discussion of #59
This commit is contained in:
Chad Dougherty 2025-03-11 13:20:27 -04:00 committed by GitHub
parent d5a2f02bc0
commit d221b88fdd
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 4 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

5
share/man/man1/minisign.1
View file

@ -152,7 +152,7 @@ This requires the signature \fBmyfile\.txt\.minisig\fR to be present in the same
.P
The public key can either reside in a file (\fB\./minisign\.pub\fR by default) or be directly specified on the command line\.
.
.SH "Notes"
.SH "NOTES"
Signature files include an untrusted comment line that can be freely modified, even after signature creation\.
.
.P
@ -161,5 +161,8 @@ They also include a second comment line, that cannot be modified without the sec
.P
Trusted comments can be used to add instructions or application\-specific metadata (intended file name, timestamps, resource identifiers, version numbers to prevent downgrade attacks)\.
.
.P
OpenBSD's signify(1) is conceptually similar to Minisign\. Minisign creates signatures that can be verified by signify, but signatures created by signify \fBcannot\fR be verified with minisign because minisign expects the trusted comment section to be present\. Trusted comments are important to describe what has been signed in addition to the fact that something has been signed\.
.
.SH "AUTHOR"
Frank Denis (github [at] pureftpd [dot] org)