We generally use GNUPG for sign and verify files on our systems. There are other tools available to do so; some tools are particularly written only for this purpose. signify is one such tool from the OpenBSD land.
How to install signify?
pkg install signify
I used the above command to install the tool on my FreeBSD system, and you can
install it in your Debian system too, the tool is called
Debian already has another tool with the same name.
signify is yet to be
packaged for Fedora, if you are Fedora packager, you may want to package this
one for all of us.
Creating a public/private key pair
signify -G -s atest.sec -p atest.pub -c "Test key for blog post"
The command will also ask for a password for the secret key.
-c allows us
to add a comment in our key files. The following is the content of the public
untrusted comment: Test key for blog post public key RWRjWJ28QRKKQCXxYPqwbnOqgsLYQSwvqfa2WDpp0dRDQX2Ht6Xl4Vz4
As it is very small in size, you can even create a QR code for the same.
Signing a file
In our demo directory, we have a
hello.txt file, and we can use the newly
generated key to create a signature.
signify -S -s atest.sec -m hello.txt
This will create a
hello.txt.sig file as the signature.
Verifying the signature
$ signify -V -p atest.pub -m hello.txt Signature Verified
This assumes the signature file in the same directory. You can find the
OpenBSD signature files under
/usr/local/etc/signify (or in
if you are on Debian).
To know more about the tool, read this paper.