mirrors/minisign
1
0
Fork 0
mirror of https://github.com/jedisct1/minisign.git synced 2025-04-05 03:47:45 +03:00
Code Issues Projects Releases Packages Wiki Activity

Update man page

Browse source 
Fixes #106
This commit is contained in:
Frank Denis 2021-10-25 00:53:09 +02:00
parent aa99a5c417
commit e74428c464
2 changed files with 13 additions and 72 deletions
Download patch file Download diff file Expand all files Collapse all files

53
share/man/man1/minisign.1
View file

@ -1,7 +1,7 @@
.\" generated with Ronn/v0.7.3
.\" http://github.com/rtomayko/ronn/tree/0.7.3
.
.TH "MINISIGN" "1" "June 2020" "" ""
.TH "MINISIGN" "1" "October 2021" "" ""
.
.SH "NAME"
\fBminisign\fR \- A dead simple tool to sign files and verify signatures\.
@ -48,10 +48,6 @@ File to sign/verify
Combined with \-V, output the file content after verification
.
.TP
\fB\-H\fR
Combined with \-S, pre\-hash in order to sign large files
.
.TP
\fB\-p <pubkeyfile>\fR
Public key file (default: \./minisign\.pub)
.
@ -76,10 +72,18 @@ Add a one\-line untrusted comment
Add a one\-line trusted comment
.
.TP
\fB\-l\fR
Sign using the legacy format
.
.TP
\fB\-q\fR
Quiet mode, suppress output
.
.TP
\fB\-H\fR
Requires the input to be prehashed
.
.TP
\fB\-Q\fR
Pretty quiet mode, only print the trusted comment
.
@ -138,9 +142,6 @@ This requires the signature \fBmyfile\.txt\.minisig\fR to be present in the same
The public key can either reside in a file (\fB\./minisign\.pub\fR by default) or be directly specified on the command line\.
.
.SH "Notes"
\fBTrusted comments\fR
.
.P
Signature files include an untrusted comment line that can be freely modified, even after signature creation\.
.
.P
@ -149,41 +150,5 @@ They also include a second comment line, that cannot be modified without the sec
.P
Trusted comments can be used to add instructions or application\-specific metadata (intended file name, timestamps, resource identifiers, version numbers to prevent downgrade attacks)\.
.
.P
\fBCompatibility with OpenBSD signify\fR
.
.P
Signatures written by \fBminisign\fR can be verified using OpenBSD\'s \fBsignify\fR tool: public key files and signature files are compatible\.
.
.P
However, \fBminisign\fR uses a slightly different format to store secret keys\.
.
.P
\fBMinisign\fR signatures include trusted comments in addition to untrusted comments\. Trusted comments are signed, thus verified, before being displayed\.
.
.P
This adds two lines to the signature files, that signify silently ignores\.
.
.P
\fBPre\-hashing\fR
.
.P
By default, signing and verification require as much memory as the size of the file\.
.
.P
Since \fBMinisign 0\.6\fR, huge files can be signed and verified with very low memory requirements, by pre\-hashing the content\.
.
.P
The \-H command\-line switch, in combination with \-S, generates a pre\-hashed signature (HashEdDSA):
.
.P
$ \fBminisign\fR \-SHm myfile\.txt
.
.P
Verification of such a signature doesn\'t require any specific switch: the appropriate algorithm will automatically be detected\.
.
.P
Signatures generated that way are not compatible with OpenBSD\'s \fBsignify\fR tool and are not compatible with \fBMinisign\fR versions prior to 0\.6\.
.
.SH "AUTHOR"
Frank Denis (github [at] pureftpd [dot] org)

32
src/manpage.md
View file

@ -34,8 +34,6 @@ These options control the actions of `minisign`.
File to sign/verify
* `-o`:
Combined with -V, output the file content after verification
* `-H`:
Combined with -S, pre-hash in order to sign large files
* `-p <pubkeyfile>`:
Public key file (default: ./minisign.pub)
* `-P <pubkey>`:
@ -48,8 +46,12 @@ These options control the actions of `minisign`.
Add a one-line untrusted comment
* `-t <comment>`:
Add a one-line trusted comment
* `-l`:
Sign using the legacy format
* `-q`:
Quiet mode, suppress output
* `-H`:
Requires the input to be prehashed
* `-Q`:
Pretty quiet mode, only print the trusted comment
* `-R`:
@ -93,38 +95,12 @@ The public key can either reside in a file (`./minisign.pub` by default) or be d
## Notes
**Trusted comments**
Signature files include an untrusted comment line that can be freely modified, even after signature creation.
They also include a second comment line, that cannot be modified without the secret key.
Trusted comments can be used to add instructions or application-specific metadata (intended file name, timestamps, resource identifiers, version numbers to prevent downgrade attacks).
**Compatibility with OpenBSD signify**
Signatures written by `minisign` can be verified using OpenBSD's `signify` tool: public key files and signature files are compatible.
However, `minisign` uses a slightly different format to store secret keys.
`Minisign` signatures include trusted comments in addition to untrusted comments. Trusted comments are signed, thus verified, before being displayed.
This adds two lines to the signature files, that signify silently ignores.
**Pre-hashing**
By default, signing and verification require as much memory as the size of the file.
Since `Minisign 0.6`, huge files can be signed and verified with very low memory requirements, by pre-hashing the content.
The -H command-line switch, in combination with -S, generates a pre-hashed signature (HashEdDSA):
$ `minisign` -SHm myfile.txt
Verification of such a signature doesn't require any specific switch: the appropriate algorithm will automatically be detected.
Signatures generated that way are not compatible with OpenBSD's `signify` tool and are not compatible with `Minisign` versions prior to 0.6.
## AUTHOR
Frank Denis (github [at] pureftpd [dot] org)