Signify: Cryptographically Sign and Verify Files

From Whonix



Written in 2014 for OpenBSD, signify is a tool to cryptographically sign and verify files: [1]

It only supports a single algorithm, Ed25519, created by djb and his gang. It’s fast, immune to timing attacks by design, produce deterministic signatures, uses small keys and produce small signatures, … it does look like a sound choice.

Signify's main benefits is that it has a small codebase and is not based on GnuPG. On the downside, there is no revocation mechanism [2] and the trust path relies on getting the key directly from a trusted developer. [1]

Signify's usage is not just limited to OpenBSD and the tool has also been been packaged in Debian. [3] To learn more about signify, refer to this blog post [archive] by the original author.

Installation and Usage[edit]

Info In the steps below, installing package qrencode is optional and only needed if you intend to create QR codes.

1. Install signify.

Install signify-openbsd qrencode.

1. Update the package lists.

sudo apt-get update

2. Upgrade the system.

sudo apt-get dist-upgrade

3. Install the signify-openbsd qrencode package.

Using apt-get command line parameter --no-install-recommends is in most cases optional.

sudo apt-get install --no-install-recommends signify-openbsd qrencode

The procedure of installing signify-openbsd qrencode is complete.

2. Create a key.

This only needs to be done once unless multiple keys are desired; in that case different key names should be used. In the following example, keyname is used as the sample key name.

signify-openbsd -G -p -s keyname.sec

3. Optional: Add a key comment.

Replace comments here with the actual comment but keep the ". The comment could be a name, position, website, e-mail address and/or anything else.

signify-openbsd -G -p -s keyname.sec -c "comments here"


  • The private key file keyname.sec needs to stay private -- never share keyname.sec with anyone as this would defeat the purpose of signing files!
  • The public key file can be shared with anyone.

4. Utilize signify.

To sign a file message.txt (which has to be created by the user beforehand).

signify-openbsd -S -s keyname.sec -m message.txt

This will create a signature file message.txt.sig.

To verify a file message.txt with signature file message.txt.sig.

signify-openbsd -V -p -m message.txt

5. Optional: Create a QR code for the public key.

qrencode -r -o

File would be the QR code of the public key.

Refer to the Debian signify-openbsd Manual Page [archive] for further options.


See Also[edit]


text=Jobs in USA
Jobs in USA

Search engines: YaCy | Qwant | ecosia | MetaGer | peekier | Whonix ™ Wiki

Follow: 1024px-Telegram 2019 Logo.svg.png Iconfinder Apple Mail 2697658.png Twitter.png Facebook.png Rss.png Reddit.jpg 200px-Mastodon Logotype (Simple).svg.png

Support: 1024px-Telegram 2019 Logo.svg.png Discourse logo.png Matrix logo.svg.png

Donate: Donate Bank Wire Paypal Bitcoin accepted here Monero accepted here Contriute

Whonix donate bitcoin.png Monero donate Whonix.png United Federation of Planets 1000px.png

Share: Twitter | Facebook

Love Whonix ™ and want to help spread the word? You can start by telling your friends or posting news about Whonix ™ on your website, blog or social media.

https link onion link

This is a wiki. Want to improve this page? Help is welcome and volunteer contributions are happily considered! Read, understand and agree to Conditions for Contributions to Whonix ™, then Edit! Edits are held for moderation. Policy of Whonix Website and Whonix Chat and Policy On Nonfreedom Software applies.

Copyright (C) 2012 - 2020 ENCRYPTED SUPPORT LP. Whonix ™ is a trademark. Whonix ™ is a licensee [archive] of the Open Invention Network [archive]. Unless otherwise noted, the content of this page is copyrighted and licensed under the same Freedom Software license as Whonix ™ itself. (Why?)

Whonix ™ is a derivative of and not affiliated with Debian [archive]. Debian is a registered trademark [archive] owned by Software in the Public Interest, Inc [archive].

Whonix ™ is produced independently from the Tor® [archive] anonymity software and carries no guarantee from The Tor Project [archive] about quality, suitability or anything else.

By using our website, you acknowledge that you have read, understood and agreed to our Privacy Policy, Cookie Policy, Terms of Service, and E-Sign Consent. Whonix ™ is provided by ENCRYPTED SUPPORT LP. See Imprint, Contact.