Using signify tool for sign and verification
We generally use GNUPG for sign and verify files on our systems. There are other tools available to do so; some tools are particularly written only for this purpose. signify is one such tool from the OpenBSD land.
How to install signify?
pkg install signify
I used the above command to install the tool on my FreeBSD system, and you can
install it in your Debian system too, the tool is called signify-openbsd
as
Debian already has another tool with the same name. signify
is yet to be
packaged for Fedora, if you are Fedora packager, you may want to package this
one for all of us.
Creating a public/private key pair
signify -G -s atest.sec -p atest.pub -c "Test key for blog post"
The command will also ask for a password for the secret key. -c
allows us
to add a comment in our key files. The following is the content of the public
keyfile.
untrusted comment: Test key for blog post public key
RWRjWJ28QRKKQCXxYPqwbnOqgsLYQSwvqfa2WDpp0dRDQX2Ht6Xl4Vz4
As it is very small in size, you can even create a QR code for the same.
Signing a file
In our demo directory, we have a hello.txt
file, and we can use the newly
generated key to create a signature.
signify -S -s atest.sec -m hello.txt
This will create a hello.txt.sig
file as the signature.
Verifying the signature
$ signify -V -p atest.pub -m hello.txt
Signature Verified
This assumes the signature file in the same directory. You can find the
OpenBSD signature files under /usr/local/etc/signify
(or in /etc/signify/
if you are on Debian).
To know more about the tool, read this paper.