sick

sign and check files using ed25519
Log | Files | Refs | Submodules | README | LICENSE

sick.1 (2101B)

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79

.Dd 2016-05-03
.Dt SICK 1
.Os POSIX.1-2008
.Sh NAME
.Nm sick
.Nd sign/check files using ed25519 signatures
.Sh SYNOPSIS
.Nm sick
.Op Fl stv
.Op Fl g Ar ALIAS
.Op Fl f Ar KEY
.Sh DESCRIPTION
.Nm
generates key pairs, signs, checks and remove signatures for a file or stream.
.Sh OPTIONS
.Bl -tag -width "-g ALIAS"
The default action is to check the signature appended to the message given on
stdin. If the signature can be verified, the message will be written to stdout
without the signature.
.It Fl s
Make
.Nm
perform a signing operation on the current stream. This will append the base64
encoded signature to the stream and dump them both to stdout. See
.Sx SIGNATURE FORMAT
for information on what will be appended to the stream.
.It Fl t
Make
.Nm
trim the signature at the end of the stream if there is one, and write the
message to stdout. If there is no signature, the whole stream gets written.
.It Fl v
Enable verbose mode.
.Nm
will log informative messages to stderr.
.It Fl g Ar ALIAS
Generates an ed25519 key pairs: `ALIAS.key` and `ALIAS.pub`
.It Fl f Ar KEY
Specifies the key file to be used for the current operation (sign or check).
.Sh SIGNATURE FORMAT
ed25519 signatures are 64 bytes long. For easier reading in text/plain format,
.Nm
will base64 encode them prior to appending them to stdout. The base64 signature
is wrapped at 76 bytes as specified by POSIX uuencode.
In order to make it easier to detect the signature, it will be wrapped between
two lines, as follows:
.Bd -literal
	-----BEGIN ED25519 SIGNATURE-----
	base64 encoded signature
	-----END ED25519 SIGNATURE-----
.Ed
.El
.Sh ENVIRONMENT
.Bl -tag -width "KEYRING"
.It Ev KEYRING
Location of the keyring directory
.El
.Sh EXAMPLES
.Bd -literal
Generating a key pair:
	$ sick -g $USER
.Ed

Signing a stream:
.Bd -literal
	$ sick -f ${USER}.key < FILE > SIGNED
.Ed

Checking a signed file (FILE will be empty if the signature doesn't match the
public key):
.Bd -literal
	$ sick -f ${USER}.pub SIGNED > FILE
.Ed
.Sh SEE ALSO
.Xr ed25519 7 ,
.Xr base64 1 ,
.Xr uuencode 1
.Sh AUTHORS
.An Willy Goiffon Aq Mt willy@mailoo.org