Signify: Cryptographically Sign and Verify Files
Introduction[edit]
Written in 2014 for OpenBSD, signify is a tool to cryptographically sign and verify files: [1]
It only supports a single algorithm, Ed25519, created by djb and his gang. It’s fast, immune to timing attacks by design, produce deterministic signatures, uses small keys and produce small signatures, … it does look like a sound choice.
Signify's main benefits is that it has a small codebase and is not based on GnuPG. On the downside, there is no revocation mechanism [2] and the trust path relies on getting the key directly from a trusted developer. [1]
Signify's usage is not just limited to OpenBSD and the tool has also been been packaged in Debian. [3] To learn more about signify, refer to this blog post
by the original author.
Installation and Usage[edit]
In the steps below, installing package qrencode is optional and only needed if you intend to create QR codes.
1. Install signify.
Install signify-openbsd qrencode.
1. Update the package lists.
2. Upgrade the system.
3. Install the signify-openbsd qrencode package.
Using apt command line parameter --no-install-recommends is in most cases optional.
4. Done.
The procedure of installing signify-openbsd qrencode is complete.
2. Create a key.
This only needs to be done once unless multiple keys are desired; in that case different key names should be used. In the following example, keyname is used as the sample key name.
3. Optional: Add a key comment.
Replace comments here with the actual comment but keep the ". The comment could be a name, position, website, e-mail address and/or anything else.
Note:
- The private key file
keyname.secneeds to stay private -- never sharekeyname.secwith anyone as this would defeat the purpose of signing files! - The public key file
keyname.pubcan be shared with anyone.
4. Utilize signify.
To sign a file message.txt (which has to be created by the user beforehand).
This will create a signature file message.txt.sig.
To verify a file message.txt with signature file message.txt.sig.
5. Optional: Create a QR code for the public key.
File keyname.pub.png would be the QR code of the public key.
Refer to the Debian signify-openbsd Manual Page for further options.
See Also[edit]
Footnotes[edit]
- ↑ 1.0 1.1 https://isopenbsdsecu.re/mitigations/signify/
- ↑ Meaning if the key is stolen, people can only be informed the key should not be trusted anymore.
- ↑ https://packages.debian.org/bullseye/signify-openbsd
- ↑
At Whonix we believe in freedom and trust. That's why we fully support Open Source and Freedom Software.
Learn more.
Whonix ™ is supported by Evolution Host DDoS Protected VPS.
Whonix is the most watertight privacy operating system in the world
Scan the QR code or use the wallet address below.
Are you proficient with iptables? Want to contribute? Check out possible improvements to iptables. Please come and introduce yourself in the development forum.