Content-type: text/html Manpage of sign

sign

Section: User Commands (1)
Index Return to Main Contents

BSD mandoc
   

NAME

sign, unsign - file signing and signature verification utilities  

SYNOPSIS

sign [-u | -t | -g ] [options | filenames] [--] [filenames]
unsign [-s | -t | -g ] [options | filenames] [--] [filenames]  

OVERVIEW

sign creates a digital signature of file's content and appends it to the file. unsign verifies and strips the signature.

The signature is a file digest encrypted with signer's private key using public-key cryptography algorithms. Unlike simple hashing this not only ensures file's integrity, but also allows for checking an authenticity of the file.

Authenticity check requires verifying party to first establish a trust with a signer by associating signer's public key with a certain file name prefix (the title). This only needs to be done once, all subsequent authenticity checks for all files starting with this title are performed automatically without any human interaction.

This is very similar to the concept behind known_hosts file maintained by OpenSSH. Trust hierarchy is flat and it is built gradually on as-needed basis.  

DESCRIPTION

sign expects a list of file names to accompany the command-line options. Each file is replaced by a signed version of itself; its name is appended with ".signed".

unsign (or sign -u) verifies file's signature and replaces the file with the copy of itself less the signature. The extension of the file is changed according to the following table:


      <filename>.signed  ->  <filename>
      <filename>.sgz     ->  <filename>.gz
      <filename>.sbz     ->  <filename>.bz
      <filename>.sbz2    ->  <filename>.bz2
      <filename>.stgz    ->  <filename>.tgz
      <filename>.stbz    ->  <filename>.tbz
      <filename>.stbz2   ->  <filename>.tbz2

In all other cases, the warning is issued and the file name is appended with ".out". If no files are specified, sign processes standard input to standard output; --title argument is required in this case.

Both sign and unsign will process standard input to standard output if no file names are supplied. They will neither overwrite existing files nor will keep the originals.

sign -t is similar to unsign, but it only verifies (tests) the signature and creates no output files.  

OPTIONS

-s -sign
Force signing. sign and unsign are the same program, which is run with a different default set of flags depenging on the invokation name. -s and -u flags allow overriding this mechanism.
-u -unsign
Force unsiging, ie verify and strip the signature.
-t -test
Verify the signature without stripping it. Functionally similar to unsign -ck ... > /dev/null.
-g -keygen
Generate a signing key to be used for creating signatures. Currently sign does not have its own key generation facility; ssh-keygen is spawned instead.

-s -u -t -g flags are mutually exclusive, only the last in a command line has effect.

-c -stdout
Output to standard output
-k -keep
Keep (don't delete) input files
-f -force
Overwrite existing output files
-v -verbose
Increase verbosity level. There are four verbosity levels - error (default), warning, informational and trace, each emitting progressively more information during the processing
-V -version
Display software version and copyright information
-L -license
Display software license information
--title title
Do not try to automatically select a title when signing, use title instead.
--password password
If private key is encrypted, use password to decrypt it. Otherwise sign will prompt for a password if reading input from the file(s) or will fail with an error if stdin is used.
--strict
Use strict signature checking, meaning that files with unknown titles will be rejected as unauthentic. Note that if the title is known, but signer's key does not match, the file is rejected regardless of any command line flags.
--weak
Use weak signature checking, ie accept files with unknown titles as authentic. Note that this does not however add the title/pubkey to known_titles.
-
Treat all subsequent arguments as file names, even if they start with a dash.
 

FILES

$HOME/.sign/pubkey
Contains the public portion of the signing key. It's a text file in OpenSSH id_xxx.pub file format.
$HOME/.sign/prikey
Contains the private portion of the signing key. Sensitive data can also be optionally encrypted with 3DES. The file should be readable by the user but not accesible by others.
$HOME/.sign/owned_titles
Contains a list of titles (one title per line), which sign scans from top to bottom for every file being signed. The first match yields file's title. If there's no match, sign complains and expects --title argument.
$HOME/.sign/known_titles
Lists known authenticated titles. The file contains public keys, one per line, preceeded by a title that this key is authorized for.
 

DIAGNOSTICS

sign and unsign return:


      0  - a normal exit 
      1  - a generic problem (no enough memory, I/O error, etc) 
      10 - no signature found
      11 - corrupted signature or wrong version
      12 - the title doesn't match the filename
      13 - the signature doesn't match the content (!)
      14 - the signature is OK, the title known, but pubkey is different
      15 - the signature is OK, but the title is unknown  

AUTHOR

Alex Pankratov, ap@swapped.cc

http://swapped.cc/sign

The code is partially based on ideas and the design of bzip2, OpenSSH and a handful of other Open Source projects.

 

Index

NAME
SYNOPSIS
OVERVIEW
DESCRIPTION
OPTIONS
FILES
DIAGNOSTICS
AUTHOR
This document was created by man2html, using the manual pages.
Time: 07:17:55 GMT, August 07, 2004