# sigchk Sign and check files using ed25519. sigchk(1) will let your generate private/public key pairs, sign files using your private key, and check a file signature using public keys stored in a keyring. ## Generating keys To generate a key pair, run $ sigchk -g alice It will create the files `alice.key`, which is the private key, and `alice.pub`, the public key. If you don't provide any name "ed25519" will be used as a default name. ## Signing files To sign a file, you need to provide the path to your private key: $ sigchk -s -f ~/.keys/priv/alice.key /tmp/archive.tar.bz2 This will create a 64 bytes signature and append it after the file. If you try to sign it again, you will get the following error: $ sigchk -s -f ~/.keys/priv/alice.key /tmp/archive.tar.bz2 /tmp/archive.tar.bz2: Already signed ## Checking signatures sigchk(1) uses a keyring to check signatures. The keyring is simply a directory containing the public keys you trust: $ find ~/.keys/trusted -type f /home/z3bra/.keys/trusted/ /home/z3bra/.keys/trusted/alice.pub /home/z3bra/.keys/trusted/bob.pub Once your public key is in your keyring, you can start checking files with: $ sigchk /tmp/archive.tar.bz2 /tmp/archive.tar.bz2 If the signature check is successful, the path to the file is printed to `stdout`. If no public key in your keyring match the signature, the filename is not printed, and 1 is returned.