Share to: share facebook share twitter share wa share telegram print page

 

Signify (OpenBSD)

signify
Original author(s)Ted Unangst, Marc Espie[1]
Developer(s)OpenBSD[2]
Initial release1 May 2014; 10 years ago (2014-05-01)
Repositorygithub.com/aperezdc/signify
Written inC
Operating systemOpenBSD,[1] Linux,[3] Microsoft Windows[4]
LicenseISC license[3]

signify is a free and open source tool developed by OpenBSD to generate and verify signatures.[1]

It makes use of Ed25519 and was created to enable the OpenBSD project to sign releases while not having to use GnuPG since its code complexity didn't comply with OpenBSD's standards for security and maintainability.[2]

Contrary to OpenPGP keys, signify keys are meant to be rotated frequently and are not tied to an identity.[2]

OpenBSD for example includes the next signing public key in each release. When version 5.6 was released, the keys for version 5.8 were generated to be included in version 5.7.[2]

Background

The creator of the signify utility, Ted Unangst, wrote in 2015, speaking of OpenPGP and GnuPG: "The concerns I had using an existing tool were complexity, quality, and complexity."[2] This is in line with the project's longtime tendency to reduce complexity, and in turn, reduce the probability of vulnerabilities existing in the software, and help the user understand the software better and make more security-educated decisions. signify is integrated into the base operating system and used for verification of all releases, patches, and packages starting with OpenBSD 5.5.[5][6]

Format

signify public keys are 56 base64 characters. The first two bytes of the decoded data specifies the algorithm.[7] The only currently supported algorithm is Ed25519 with the ID "Ed" but other algorithms can be added, for example to extend the software with post-quantum cryptography.[7]

The key and signature formats are prepended with an untrusted comment that can be manipulated and shouldn't be relied on.[7][1]

Examples

Public key

untrusted comment: signify public key
RWT8aOqwyEbFcBqOgENsuEDD2h8uBCWKxcX+Fv1QQk7IGUrKhbcZUY09

Private key

untrusted comment: signify secret key
RWRCSwAAAAARy9ex6GaxBnbYJirsxcF6LGvFOt5iF+n8aOqwyEbFcORd11nFXvrzBLfyRObCJ+JlSh7CKVBgOE3t108hAl9AGo6AQ2y4QMPaHy4EJYrFxf4W/VBCTsgZSsqFtxlRjT0=

Signature

untrusted comment: verify with key.pub
RWT8aOqwyEbFcNswGh6YdUTl1JQ4ifAzmNjGQQVkcH2MIfH6In3xVgishY1k9JjL7TLMuUDsLGXNfXxIFHTZpSZ58qk5SJVy/gQ=

Signature with embedded message

untrusted comment: verify with key.pub
RWT8aOqwyEbFcLj0u4//hJEOZBa3+e1FFhv8d1HUwgZDcG0PgL5lBO9veYucAn5NxuPc9qCSIaXZ6PoUX4GBcp
Ds0Pup81YhqA0=
Hello world!

Usage

signify has 4 possible modes:[1] 

signify -G [-n] [-c comment] -p pubkey -s seckey

to generate a new keypair and save the public part in a file named "pubkey" and the secret part in a file named "seckey" 

signify -S [-enz] [-x sigfile] -s seckey -m message

to sign a file named "message" with the private key saved in "seckey" and store the signature in a file named "sigfile. Specifying -e embeds the message after the signature. 

signify -V [-eqz] [-p pubkey] [-t keytype] [-x sigfile] -m message

to verify a file named "message" with the public keys stored in a file named "pubkey" and the signature stored in a file called "sigfile. Specifying -e extracts the embedded message from the signature and writes it into the message file. 

signify -C [-q] [-p pubkey] [-t keytype] -x sigfile [file ...]

to verify a list of signed files with the "sigfile" being a signed list with the embedded output of the sha256 command.

Usage

Apart from the obvious usage in OpenBSD, other projects also use signify:

In contrast, other Free Software operating systems and security-focused software tend to use OpenPGP for release verification, and as of 2024 continue to do so, including: Debian, a prominent operating system that's also used as a base for other operating systems, including Ubuntu;[10] Kali Linux, a specialized operating system for penetration testing, security research, digital forensics, and reverse engineering;[11] Qubes OS, a security-focused operating system;[12] Tor Browser, an anonymous Web browser;[13] SecureDrop, a software package for journalists and whistleblowers to exchange information securely and anonymously over the Internet;[14] and VeraCrypt, a software program for on-the-fly encryption and full disk encryption.[15]

References

  1. ^ a b c d e "signify(1)". OpenBSD manual pages. Retrieved 2024-12-11.
  2. ^ a b c d e "signify: Securing OpenBSD From Us To You". OpenBSD. Retrieved 2024-12-11.
  3. ^ a b "aperezdc/signify: OpenBSD tool to sign and verify signatures on files. Portable version". GitHub. 2014-01-14. Retrieved 2024-12-11.
  4. ^ "stoeckmann/signify-windows: OpenBSD signify for Windows systems". GitHub. 2015-10-20. Retrieved 2024-12-11.
  5. ^ "OpenBSD 5.5". www.openbsd.org. Retrieved 12 July 2022.
  6. ^ "OpenBSD: Innovations". www.openbsd.org.
  7. ^ a b c "sign and verify". flak. 2013-12-31. Retrieved 2024-12-11.
  8. ^ "Dive into anything". Reddit. 2024-12-11. Retrieved 2024-12-11.
  9. ^ "usign". Retrieved 2024-12-11.
  10. ^ "Verifying authenticity of Debian images". www.debian.org. Retrieved 12 July 2022.
  11. ^ "Download Kali Linux Images Securely | Kali Linux Documentation". Kali Linux. Retrieved 12 July 2022.
  12. ^ "Verifying signatures". Qubes OS. Retrieved 12 July 2022.
  13. ^ "How can I verify Tor Browser's signature? | Tor Project | Support". support.torproject.org. Retrieved 12 July 2022.
  14. ^ "Share and accept documents securely". SecureDrop. Freedom of the Press Foundation. Retrieved 12 July 2022.
  15. ^ "VeraCrypt - Free Open source disk encryption with strong security for the Paranoid". veracrypt.fr. IDRIX. Retrieved 12 July 2022.


Stub icon

This cryptography-related article is a stub. You can help Wikipedia by expanding it.
Index: pl ar de en es fr it arz nl ja pt ceb sv uk vi war zh ru af ast az bg zh-min-nan bn be ca cs cy da et el eo eu fa gl ko hi hr id he ka la lv lt hu mk ms min no nn ce uz kk ro simple sk sl sr sh fi ta tt th tg azb tr ur zh-yue hy my ace als am an hyw ban bjn map-bms ba be-tarask bcl bpy bar bs br cv nv eml hif fo fy ga gd gu hak ha hsb io ig ilo ia ie os is jv kn ht ku ckb ky mrj lb lij li lmo mai mg ml zh-classical mr xmf mzn cdo mn nap new ne frr oc mhr or as pa pnb ps pms nds crh qu sa sah sco sq scn si sd szl su sw tl shn te bug vec vo wa wuu yi yo diq bat-smg zu lad kbd ang smn ab roa-rup frp arc gn av ay bh bi bo bxr cbk-zam co za dag ary se pdc dv dsb myv ext fur gv gag inh ki glk gan guw xal haw rw kbp pam csb kw km kv koi kg gom ks gcr lo lbe ltg lez nia ln jbo lg mt mi tw mwl mdf mnw nqo fj nah na nds-nl nrm nov om pi pag pap pfl pcd krc kaa ksh rm rue sm sat sc trv stq nso sn cu so srn kab roa-tara tet tpi to chr tum tk tyv udm ug vep fiu-vro vls wo xh zea ty ak bm ch ny ee ff got iu ik kl mad cr pih ami pwn pnt dz rmy rn sg st tn ss ti din chy ts kcg ve
Prefix: a b c d e f g h i j k l m n o p q r s t u v w x y z 0 1 2 3 4 5 6 7 8 9

Portal di Ensiklopedia Dunia

Portal : Agama
Agama
Portal : Bahasa
Bahasa
Portal : Biografi
Biografi
Portal : Budaya
Budaya
Portal : Ekonomi
Ekonomi
Portal : Elektronika
Elektronika
Portal : Film
Film
Portal : Filsafat
Filsafat
Portal : Geografi
Geografi
Portal : Indonesia
Indonesia
Portal : Ilmu
Ilmu
Portal : Lingkungan
Lingkungan
Portal : Masyarakat
Masyarakat
Portal : Matematika
Matematika
Portal : Militer
Militer
Portal : Mitologi
Mitologi
Portal : Musik
Musik
Portal : Olahraga
Olahraga
Portal : Pendidikan
Pendidikan
Portal : Politik
Politik
Portal : Sastra
Sastra
Portal : Sejarah
Sejarah
Portal : Seni
Seni
Portal : Teknologi
Teknologi
Kembali kehalaman sebelumnya