commit b57ad6de0dc56cc0a4e94913e5d211db99162f3e parent b3e88aee5ac4cd166913cb6cb90eab185f04efbb Author: z3bra <willyatmailoodotorg> Date: Mon May 16 10:19:28 +12000 Update README and manpage Diffstat:
| README | | | 31 | +++++++++++++++++++++++++++++-- |
| sick.1 | | | 53 | ++++++++++++++++++++++++++++++++++++++++++++++++++--- |
diff --git a/README b/README @@ -1,11 +1,38 @@ -# sick +sick +==== Sign and check files using ed25519. sick(1) will let you generate private/public key pairs, sign files using your private key, and check a file signature using public keys stored in a keyring. -## Generating keys +Generating keys +--------------- To generate a key pair, run $ sick -g alice + +This will create two files: `alice.key` (private) and `alice.pub` (public). +The private key is used to sign files, while the public key can be distributed +and used to check signatures. + +Signing streams +--------------- + +Once the private key is generated, you can use it to sign streams of data with +the following command: + + $ sick -f alice.key -s < README > SIGNED + +The whole stream will be dumped to stdout, and the signature will be appended. + +Checking streams +---------------- + +A signed stream can be verified against a public key with the following +command: + + $ sick -f alice.pub < SIGNED + +If the signature can be verified against the public key provided, the content +of the message will be dumped to stdout. diff --git a/sick.1 b/sick.1 @@ -7,12 +7,60 @@ .Sh SYNOPSIS .Nm sick .Op Fl g Ar ALIAS +.Op Fl f Ar KEY +.Op Fl sv .Sh DESCRIPTION .Nm generates key pairs, signs, checks and remove signatures for a file or stream. -.Bl -tag -width Ds +.Sh OPTIONS +.Bl -tag -width "-g ALIAS" +The default action is to check the signature appended to the message given on +stdin. A public key must be provided with the +.Fl f +flag. .It Fl g Ar ALIAS Generates an ed25519 key pairs: `ALIAS.key` and `ALIAS.pub` +.It Fl f Ar KEY +Specifies the key file to be used for the current operation (sign or check). +.It Fl s +Make +.Nm +perform a signing operation on the current stream. This will append the base64 +encoded signature to the stream and dump them both to stdout. See +.Sx SIGNATURE FORMAT +for information on what will be appended to the stream. +.Sh SIGNATURE FORMAT +ed25519 signatures are 64 bytes long. For easier reading in text/plain format, +.Nm +will base64 encode them prior to appending them to stdout. The base64 signature +is wrapped at 76 bytes as specified by POSIX uuencode. +In order to make it easier to detect the signature, it will be wrapped between +two lines, as follows: +.Bd -literal + -----BEGIN ED25519 SIGNATURE----- + base64 encoded signature + -----END ED25519 SIGNATURE----- +.Ed .El +.Sh EXAMPLES +.Bd -literal +Generating a key pair: + $ sick -g $USER +.Ed + +Signing a stream: +.Bd -literal + $ sick -f ${USER}.key < FILE > SIGNED +.Ed + +Checking a signed stream (FILE will be empty if the signature doesn't match the +public key): +.Bd -literal + $ sick -f ${USER}.pub < SIGNED > FILE +.Ed +.Sh SEE ALSO +.Xr ed25519 7 , +.Xr base64 1 , +.Xr uuencode 1 .Sh AUTHORS -.An Willy Goiffon Aq Mt willy@mailoo.org- \ No newline at end of file +.An Willy Goiffon Aq Mt willy@mailoo.org