1MINISIGN(1)                                                        MINISIGN(1)
2
3
4

NAME

6       minisign - A dead simple tool to sign files and verify signatures.
7

SYNOPSIS

9       minisign -G [-p pubkey_file] [-s seckey_file] [-W]
10
11       minisign -R [-s seckey_file] [-p pubkey_file]
12
13       minisign -C [-s seckey_file] [-W]
14
15       minisign  -S [-H] [-x sig_file] [-s seckey_file] [-c untrusted_comment]
16       [-t trusted_comment] -m file [file ...]
17
18       minisign -V [-x sig_file] [-p pubkey_file | -P  pubkey]  [-o]  [-q]  -m
19       file
20

DESCRIPTION

22       Minisign is a dead simple tool to sign files and verify signatures.
23
24       It  is  portable,  lightweight,  and  uses  the  highly  secure Ed25519
25       http://ed25519.cr.yp.to/ public-key signature system.
26

OPTIONS

28       These options control the actions of minisign.
29
30       -G     Generate a new key pair
31
32       -C     Change/remove the password of a secret key
33
34       -R     Recreate a public key file from a secret key file
35
36       -S     Sign files
37
38       -V     Verify that a signature is valid for a given file
39
40       -H     Requires the input to be prehashed
41
42       -l     Sign using the legacy format
43
44       -m <file>
45              File to sign/verify
46
47       -o     Combined with -V, output the file content after verification
48
49       -p <pubkey_file>
50              Public key file (default: ./minisign.pub)
51
52       -P <pubkey>
53              Public key, as a base64 string
54
55       -s <seckey_file>
56              Secret key file (default: ~/.minisign/minisign.key)
57
58       -W     Do not encrypt/decrypt the secret key with a password
59
60       -x <sig_file>
61              Signature file (default: <file>.minisig)
62
63       -c <comment>
64              Add a one-line untrusted comment
65
66       -t <comment>
67              Add a one-line trusted comment
68
69       -q     Quiet mode, suppress output
70
71       -Q     Pretty quiet mode, only print the trusted comment
72
73       -f     Force. Combined with -G, overwrite a previous key pair
74
75       -v     Display version number
76

EXAMPLES

78       Creating a key pair
79
80       minisign -G
81
82       The public key is printed and put into the minisign.pub file.  The  se‐
83       cret  key  is  encrypted  and  saved  as  a file named ~/.minisign/min‐
84       isign.key.
85
86       Signing files
87
88       $ minisign -Sm myfile.txt $ minisign -Sm myfile.txt myfile2.txt *.c
89
90       Or to include a comment in the signature, that  will  be  verified  and
91       displayed when verifying the file:
92
93       $ minisign -Sm myfile.txt -t ´This comment will be signed as well´
94
95       The  secret  key  is  loaded  from ${MINISIGN_CONFIG_DIR}/minisign.key,
96       ~/.minisign/minisign.key, or its path can be explicitly set with the -s
97       <path> command-line switch.
98
99       Verifying a file
100
101       $ minisign -Vm myfile.txt -P <pubkey>
102
103       or
104
105       $ minisign -Vm myfile.txt -p signature.pub
106
107       This  requires  the  signature  myfile.txt.minisig to be present in the
108       same directory.
109
110       The public key can either reside in a file (./minisign.pub by  default)
111       or be directly specified on the command line.
112

Notes

114       Signature  files  include  an untrusted comment line that can be freely
115       modified, even after signature creation.
116
117       They also include a second comment line, that cannot be modified  with‐
118       out the secret key.
119
120       Trusted  comments  can  be used to add instructions or application-spe‐
121       cific metadata (intended file name, timestamps,  resource  identifiers,
122       version numbers to prevent downgrade attacks).
123

AUTHOR

125       Frank Denis (github [at] pureftpd [dot] org)
126
127
128
129                                 January 2023                      MINISIGN(1)
Impressum