GSP
Quick Navigator
Search Site

Unix VPS
A - Starter
B - Basic
C - Preferred
D - Commercial
MPS - Dedicated
Previous VPSs
* Sign Up! *

Support
Contact Us
Online Help
Handbooks
Domain Status
Man Pages

FAQ
Virtual Servers
Pricing
Billing
Technical

Network
Facilities
Connectivity
Topology Map

Miscellaneous
Server Agreement
Year 2038
Credits
 

USA Flag

 

 

Man Pages
MINISIGN(1) MINISIGN(1)

minisign - A dead simple tool to sign files and verify signatures.

minisign -G [-p pubkey_file] [-s seckey_file] [-W]

minisign -R [-s seckey_file] [-p pubkey_file]

minisign -C [-s seckey_file] [-W]

minisign -S [-H] [-x sig_file] [-s seckey_file] [-c untrusted_comment] [-t trusted_comment] -m file [file ...]

minisign -V [-x sig_file] [-p pubkey_file | -P pubkey] [-o] [-q] -m file

Minisign is a dead simple tool to sign files and verify signatures.

It is portable, lightweight, and uses the highly secure Ed25519 http://ed25519.cr.yp.to/ public-key signature system.

These options control the actions of minisign.

Generate a new key pair
Change/remove the password of a secret key
Recreate a public key file from a secret key file
Sign files
Verify that a signature is valid for a given file
Requires the input to be prehashed
Sign using the legacy format
File to sign/verify
Combined with -V, output the file content after verification
Public key file (default: ./minisign.pub)
Public key, as a base64 string
Secret key file (default: ~/.minisign/minisign.key)
Do not encrypt/decrypt the secret key with a password
Signature file (default: <file>.minisig)
Add a one-line untrusted comment
Add a one-line trusted comment
Quiet mode, suppress output
Pretty quiet mode, only print the trusted comment
Force. Combined with -G, overwrite a previous key pair
Display version number

Creating a key pair

minisign -G

The public key is printed and put into the minisign.pub file. The secret key is encrypted and saved as a file named ~/.minisign/minisign.key.

Signing files

$ minisign -Sm myfile.txt $ minisign -Sm myfile.txt myfile2.txt *.c

Or to include a comment in the signature, that will be verified and displayed when verifying the file:

$ minisign -Sm myfile.txt -t ´This comment will be signed as well´

The secret key is loaded from ${MINISIGN_CONFIG_DIR}/minisign.key, ~/.minisign/minisign.key, or its path can be explicitly set with the -s <path> command-line switch.

Verifying a file

$ minisign -Vm myfile.txt -P <pubkey>

or

$ minisign -Vm myfile.txt -p signature.pub

This requires the signature myfile.txt.minisig to be present in the same directory.

The public key can either reside in a file (./minisign.pub by default) or be directly specified on the command line.

Signature files include an untrusted comment line that can be freely modified, even after signature creation.

They also include a second comment line, that cannot be modified without the secret key.

Trusted comments can be used to add instructions or application-specific metadata (intended file name, timestamps, resource identifiers, version numbers to prevent downgrade attacks).

Frank Denis (github [at] pureftpd [dot] org)

January 2023
Search for    or go to Top of page |  Section 1 |  Main Index

Powered by GSP Visit the GSP FreeBSD Man Page Interface.
Output converted with ManDoc.