minisign - A dead simple tool to sign files and verify signatures.

       Frank Denis (github [at] pureftpd [dot] org)

                                                  January 2023                                       MINISIGN(1)

Minisign is a dead simple tool to sign files and verify signatures.

       It  is  portable,  lightweight,  and  uses  the highly secure Ed25519 http://ed25519.cr.yp.to/ public-key
       signature system.

       Creating a key pair

       minisign -G

       The public key is printed and put into the minisign.pub file. The secret key is encrypted and saved as  a
       file named ~/.minisign/minisign.key.

       Signing files

       $ minisign -Sm myfile.txt $ minisign -Sm myfile.txt myfile2.txt *.c

       Or to include a comment in the signature, that will be verified and displayed when verifying the file:

       $ minisign -Sm myfile.txt -t 'This comment will be signed as well'

       The  secret key is loaded from ${MINISIGN_CONFIG_DIR}/minisign.key, ~/.minisign/minisign.key, or its path
       can be explicitly set with the -s<path> command-line switch.

       Verifying a file

       $ minisign -Vm myfile.txt -P <pubkey>

       or

       $ minisign -Vm myfile.txt -p signature.pub

       This requires the signature myfile.txt.minisig to be present in the same directory.

       The public key can either reside in a file (./minisign.pub by default) or be directly  specified  on  the
       command line.

minisign - A dead simple tool to sign files and verify signatures.

       Signature  files  include  an  untrusted  comment  line that can be freely modified, even after signature
       creation.

       They also include a second comment line, that cannot be modified without the secret key.

       Trusted comments can be used to add instructions or application-specific metadata  (intended  file  name,
       timestamps, resource identifiers, version numbers to prevent downgrade attacks).

       These options control the actions of minisign.

       -G     Generate a new key pair

       -C     Change/remove the password of a secret key

       -R     Recreate a public key file from a secret key file

       -S     Sign files

       -V     Verify that a signature is valid for a given file

       -H     Requires the input to be prehashed

       -l     Sign using the legacy format

       -m<file>
              File to sign/verify

       -o     Combined with -V, output the file content after verification

       -p<pubkey_file>
              Public key file (default: ./minisign.pub)

       -P<pubkey>
              Public key, as a base64 string

       -s<seckey_file>
              Secret key file (default: ~/.minisign/minisign.key)

       -W     Do not encrypt/decrypt the secret key with a password

       -x<sig_file>
              Signature file (default: <file>.minisig)

       -c<comment>
              Add a one-line untrusted comment

       -t<comment>
              Add a one-line trusted comment

       -q     Quiet mode, suppress output

       -Q     Pretty quiet mode, only print the trusted comment

       -f     Force. Combined with -G, overwrite a previous key pair

       -v     Display version number

minisign -G [-p pubkey_file] [-s seckey_file] [-W]

       minisign -R [-s seckey_file] [-p pubkey_file]

       minisign -C [-s seckey_file] [-W]

       minisign -S [-H] [-x sig_file] [-s seckey_file] [-c untrusted_comment] [-t trusted_comment] -m file [file
       ...]

       minisign -V [-x sig_file] [-p pubkey_file | -P pubkey] [-o] [-q] -m file