sick

sign and check files using ed25519
git clone git://z3bra.org/sick
Log | Files | Refs | README | LICENSE

sick.1 (2457B)


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
.Dd 2016-05-03
.Dt SICK 1
.Os POSIX.1-2008
.Sh NAME
.Nm sick
.Nd sign/check files using ed25519 signatures
.Sh SYNOPSIS
.Nm sick
.Op Fl astv
.Op Fl g Ar ALIAS
.Op Fl f Ar KEY
.Sh DESCRIPTION
.Nm
generates key pairs, signs, checks and remove signatures for a file or stream.
.Sh OPTIONS
.Bl -tag -width "-g ALIAS"
The default action is to check the signature appended to the message given on
stdin. If the signature can be verified, the message will be written to stdout
without the signature. If the
.Fl f
flag is not specified on the command line, all files in the
.Ev KEYRING
directory will be tried to verify the message.
.It Fl a
Deal with armored signature. The signature are base64 encoded, wrapped
at 76 characters and surrounded with two context lines. See
.Sx SIGNATURE FORMAT
For more information on the signature format.
.It Fl s
Make
.Nm
perform a signing operation on the current stream. This will append the base64
encoded signature to the stream and dump them both to stdout. See
.Sx SIGNATURE FORMAT
for information on what will be appended to the stream.
.It Fl t
Make
.Nm
trim the signature at the end of the stream if there is one, and write the
message to stdout. If there is no signature, the whole stream gets written.
.It Fl v
Enable verbose mode.
.Nm
will log informative messages to stderr.
.It Fl g Ar ALIAS
Generates an ed25519 key pairs: `ALIAS.key` and `ALIAS.pub`
.It Fl f Ar KEY
Specifies the key file to be used for the current operation (sign or check).
.Sh SIGNATURE FORMAT
ed25519 signatures are 64 bytes long. For easier reading in text/plain format,
.Nm
can base64 encode them (see
.Fl a
flag) prior to appending them to stdout. The base64 signature is wrapped
at 76 bytes as specified by POSIX uuencode. In order to make it easier
to detect the signature, it will be wrapped between two lines, as follows:
.Bd -literal
	-----BEGIN ED25519 SIGNATURE-----
	base64 encoded signature
	-----END ED25519 SIGNATURE-----
.Ed
.El
.Sh ENVIRONMENT
.Bl -tag -width "KEYRING"
.It Ev KEYRING
Location of the keyring directory
.El
.Sh EXAMPLES
.Bd -literal
Generating a key pair:
	$ sick -g $USER
.Ed

Signing a stream:
.Bd -literal
	$ sick -f ${USER}.key < FILE > SIGNED
.Ed

Checking a signed file (FILE will be empty if the signature doesn't match the
public key):
.Bd -literal
	$ sick -f ${USER}.pub SIGNED > FILE
.Ed
.Sh SEE ALSO
.Xr ed25519 7 ,
.Xr base64 1 ,
.Xr uuencode 1
.Sh AUTHORS
.An Willy Goiffon Aq Mt willy@mailoo.org