mirrors/minisign
1
0
Fork 0
mirror of https://github.com/jedisct1/minisign.git synced 2025-04-05 03:47:45 +03:00
Code Issues Projects Releases Packages Wiki Activity

Update man page

Browse source 
Fixes #106
This commit is contained in:
Frank Denis 2021-10-25 00:53:09 +02:00
parent aa99a5c417
commit e74428c464
2 changed files with 13 additions and 72 deletions
Download patch file Download diff file Expand all files Collapse all files

53
share/man/man1/minisign.1
View file

@ -1,7 +1,7 @@
.\" generated with Ronn/v0.7.3 .\" generated with Ronn/v0.7.3
.\" http://github.com/rtomayko/ronn/tree/0.7.3 .\" http://github.com/rtomayko/ronn/tree/0.7.3
. .
.TH "MINISIGN" "1" "June 2020" "" "" .TH "MINISIGN" "1" "October 2021" "" ""
. .
.SH "NAME" .SH "NAME"
\fBminisign\fR \- A dead simple tool to sign files and verify signatures\. \fBminisign\fR \- A dead simple tool to sign files and verify signatures\.
@ -48,10 +48,6 @@ File to sign/verify
Combined with \-V, output the file content after verification Combined with \-V, output the file content after verification
. .
.TP .TP
\fB\-H\fR
Combined with \-S, pre\-hash in order to sign large files
.
.TP
\fB\-p <pubkeyfile>\fR \fB\-p <pubkeyfile>\fR
Public key file (default: \./minisign\.pub) Public key file (default: \./minisign\.pub)
. .
@ -76,10 +72,18 @@ Add a one\-line untrusted comment
Add a one\-line trusted comment Add a one\-line trusted comment
. .
.TP .TP
\fB\-l\fR
Sign using the legacy format
.
.TP
\fB\-q\fR \fB\-q\fR
Quiet mode, suppress output Quiet mode, suppress output
. .
.TP .TP
\fB\-H\fR
Requires the input to be prehashed
.
.TP
\fB\-Q\fR \fB\-Q\fR
Pretty quiet mode, only print the trusted comment Pretty quiet mode, only print the trusted comment
. .
@ -138,9 +142,6 @@ This requires the signature \fBmyfile\.txt\.minisig\fR to be present in the same
The public key can either reside in a file (\fB\./minisign\.pub\fR by default) or be directly specified on the command line\. The public key can either reside in a file (\fB\./minisign\.pub\fR by default) or be directly specified on the command line\.
. .
.SH "Notes" .SH "Notes"
\fBTrusted comments\fR
.
.P
Signature files include an untrusted comment line that can be freely modified, even after signature creation\. Signature files include an untrusted comment line that can be freely modified, even after signature creation\.
. .
.P .P
@ -149,41 +150,5 @@ They also include a second comment line, that cannot be modified without the sec
.P .P
Trusted comments can be used to add instructions or application\-specific metadata (intended file name, timestamps, resource identifiers, version numbers to prevent downgrade attacks)\. Trusted comments can be used to add instructions or application\-specific metadata (intended file name, timestamps, resource identifiers, version numbers to prevent downgrade attacks)\.
. .
.P
\fBCompatibility with OpenBSD signify\fR
.
.P
Signatures written by \fBminisign\fR can be verified using OpenBSD\'s \fBsignify\fR tool: public key files and signature files are compatible\.
.
.P
However, \fBminisign\fR uses a slightly different format to store secret keys\.
.
.P
\fBMinisign\fR signatures include trusted comments in addition to untrusted comments\. Trusted comments are signed, thus verified, before being displayed\.
.
.P
This adds two lines to the signature files, that signify silently ignores\.
.
.P
\fBPre\-hashing\fR
.
.P
By default, signing and verification require as much memory as the size of the file\.
.
.P
Since \fBMinisign 0\.6\fR, huge files can be signed and verified with very low memory requirements, by pre\-hashing the content\.
.
.P
The \-H command\-line switch, in combination with \-S, generates a pre\-hashed signature (HashEdDSA):
.
.P
$ \fBminisign\fR \-SHm myfile\.txt
.
.P
Verification of such a signature doesn\'t require any specific switch: the appropriate algorithm will automatically be detected\.
.
.P
Signatures generated that way are not compatible with OpenBSD\'s \fBsignify\fR tool and are not compatible with \fBMinisign\fR versions prior to 0\.6\.
.
.SH "AUTHOR" .SH "AUTHOR"
Frank Denis (github [at] pureftpd [dot] org) Frank Denis (github [at] pureftpd [dot] org)

32
src/manpage.md
View file

@ -34,8 +34,6 @@ These options control the actions of `minisign`.
File to sign/verify File to sign/verify
* `-o`: * `-o`:
Combined with -V, output the file content after verification Combined with -V, output the file content after verification
* `-H`:
Combined with -S, pre-hash in order to sign large files
* `-p <pubkeyfile>`: * `-p <pubkeyfile>`:
Public key file (default: ./minisign.pub) Public key file (default: ./minisign.pub)
* `-P <pubkey>`: * `-P <pubkey>`:
@ -48,8 +46,12 @@ These options control the actions of `minisign`.
Add a one-line untrusted comment Add a one-line untrusted comment
* `-t <comment>`: * `-t <comment>`:
Add a one-line trusted comment Add a one-line trusted comment
* `-l`:
Sign using the legacy format
* `-q`: * `-q`:
Quiet mode, suppress output Quiet mode, suppress output
* `-H`:
Requires the input to be prehashed
* `-Q`: * `-Q`:
Pretty quiet mode, only print the trusted comment Pretty quiet mode, only print the trusted comment
* `-R`: * `-R`:
@ -93,38 +95,12 @@ The public key can either reside in a file (`./minisign.pub` by default) or be d
## Notes ## Notes
**Trusted comments**
Signature files include an untrusted comment line that can be freely modified, even after signature creation. Signature files include an untrusted comment line that can be freely modified, even after signature creation.
They also include a second comment line, that cannot be modified without the secret key. They also include a second comment line, that cannot be modified without the secret key.
Trusted comments can be used to add instructions or application-specific metadata (intended file name, timestamps, resource identifiers, version numbers to prevent downgrade attacks). Trusted comments can be used to add instructions or application-specific metadata (intended file name, timestamps, resource identifiers, version numbers to prevent downgrade attacks).
**Compatibility with OpenBSD signify**
Signatures written by `minisign` can be verified using OpenBSD's `signify` tool: public key files and signature files are compatible.
However, `minisign` uses a slightly different format to store secret keys.
`Minisign` signatures include trusted comments in addition to untrusted comments. Trusted comments are signed, thus verified, before being displayed.
This adds two lines to the signature files, that signify silently ignores.
**Pre-hashing**
By default, signing and verification require as much memory as the size of the file.
Since `Minisign 0.6`, huge files can be signed and verified with very low memory requirements, by pre-hashing the content.
The -H command-line switch, in combination with -S, generates a pre-hashed signature (HashEdDSA):
$ `minisign` -SHm myfile.txt
Verification of such a signature doesn't require any specific switch: the appropriate algorithm will automatically be detected.
Signatures generated that way are not compatible with OpenBSD's `signify` tool and are not compatible with `Minisign` versions prior to 0.6.
## AUTHOR ## AUTHOR
Frank Denis (github [at] pureftpd [dot] org) Frank Denis (github [at] pureftpd [dot] org)