{{Header}} __FORCETOC__
{{Title|title=
Signify: Cryptographically Sign and Verify Files
}}
{{#seo:
|description=HowTo: Use Signify on Debian (based) Distributions
|image=Signify1323.jpg
}}
{{verification_tools_mininav}}
[[File:Signify1323.jpg|thumb]]
{{intro|
HowTo: Use Signify on Debian (based) Distributions
}}
= Introduction =

Written in 2014 for OpenBSD, signify is a tool to cryptographically sign and verify files: <ref name=signify>https://isopenbsdsecu.re/mitigations/signify/</ref>
<blockquote>It only supports a single algorithm, Ed25519, created by djb and his gang. It’s fast, immune to timing attacks by design, produce deterministic signatures, uses small keys and produce small signatures, … it does look like a sound choice.</blockquote>

Signify's main benefits is that it has a small codebase and is not based on GnuPG. On the downside, there is no revocation mechanism <ref>Meaning if the key is stolen, people can only be informed the key should not be trusted anymore.</ref> and the trust path relies on getting the key directly from a trusted developer. <ref name=signify />

Signify's usage is not just limited to OpenBSD and the tool has also been been packaged in Debian.  <ref>https://packages.debian.org/{{Stable project version based on Debian codename}}/signify-openbsd</ref> To learn more about signify, refer to [https://flak.tedunangst.com/post/signify this blog post] by the original author.

= Installation and Usage =

{{mbox
| type    = notice
| image   = [[File:Ambox_notice.png|40px|alt=Info]]
| text    = In the steps below, installing package <code>qrencode</code> is optional and only needed if you intend to create QR codes.
}}

{{Box|text=
'''1.''' Install signify.

{{Install_Package
|package=signify-openbsd qrencode
}}

'''2.''' Create a key.

This only needs to be done once unless multiple keys are desired; in that case different key names should be used. In the following example, <code>keyname</code> is used as the sample key name.

{{CodeSelect|code=
signify-openbsd -G -p keyname.pub -s keyname.sec
}}

'''3.''' ''Optional:'' Add a key comment.

Replace <code>comments here</code> with the actual comment but keep the <code>"</code>. The comment could be a name, position, website, e-mail address and/or anything else.

{{CodeSelect|code=
signify-openbsd -G -p keyname.pub -s keyname.sec -c "comments here"
}}

<u>Note</u>:
* The private key file <code>keyname.sec</code> needs to stay private -- never share <code>keyname.sec</code> with anyone as this would defeat the purpose of signing files!
* The public key file <code>keyname.pub</code> can be shared with anyone.

'''4.''' Utilize signify.

To sign a file <code>message.txt</code> (which has to be created by the user beforehand).

{{CodeSelect|code=
signify-openbsd -S -s keyname.sec -m message.txt
}}

This will create a signature file <code>message.txt.sig</code>.

To verify a file <code>message.txt</code> with signature file <code>message.txt.sig</code>.

{{CodeSelect|code=
signify-openbsd -V -p keyname.pub -m message.txt
}}

'''5.''' ''Optional:'' Create a QR code for the public key.

{{CodeSelect|code=
qrencode -r keyname.pub -o keyname.pub.png
}}

File <code>keyname.pub.png</code> would be the QR code of the public key.

Refer to the Debian [https://manpages.debian.org/signify-openbsd signify-openbsd Manual Page] for further options.

<ref>
* https://www.openbsd.org/papers/bsdcan-signify.html
* https://forums.whonix.org/t/signify-openbsd/7842
</ref>
}}

= See Also =
* [[Verify the images#Signify_Signatures|Verify the {{project_name_long}} Signify Signatures]]

= Footnotes =
{{reflist|close=1}}

{{Footer}}

[[Category:Documentation]]

You are viewing proxied material from ftp.icm.edu.pl. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.