X-Git-Url: https://pd.if.org/git/?a=blobdiff_plain;f=doc%2Fzpm-sign.8;fp=doc%2Fzpm-sign.8;h=7ee293690f3e714b725f530f4dff010a5f571df7;hb=bd21f0a1265b43ad5f05353a39db31c16826f05c;hp=0000000000000000000000000000000000000000;hpb=62f6ff407bc4f2cf03d1fa7cf3dc9a3f4026624a;p=zpackage diff --git a/doc/zpm-sign.8 b/doc/zpm-sign.8 new file mode 100644 index 0000000..7ee2936 --- /dev/null +++ b/doc/zpm-sign.8 @@ -0,0 +1,103 @@ +.TH zpm-sign 8 2019-02-15 "ZPM 0.3" +.SH NAME +zpm-sign \- manage package signatures +.SH SYNOPSIS +.B zpm sign +[ +.B -hrdsgev +] +[ +.BI -f " sigfile" +] +[ +.BI -o " outfile" +] +[ +.BI -S " sigstring" +] +[ +.BI -k " keystring" +] +[ +.BI -K " keyfile" +] +[ +.BI -p " passphrase" +] +[ +.BI -m " messagestring" +] +.RI [ file ] +.SH DESCRIPTION +\fBzpm-sign\fR +manages signatures on zpm packages. It can generate signing keys, +sign files, and verify signatures. The ed25519 algorithms are +used exclusively, and all the signature code is taken from the +ref10 implementation. Signatures themselves are hex encoded +representions of the signature metadata and the actual signature value. +.PP +Private keys are potentially encrypted with chacha20 before storing +them on disk. +.SH OPTIONS +.B -r +.TP +.B \-g +Generate a private key +.TP +.B \-e +Extract a public key from a private key. +.TP +.B \-s +Sign a file or message. In addition to the message to be signed, +signature metadata is signed. +.TP +.B \-v +Verify a signature on a file or message. +.TP +.B \-h +hexencode values +.TP +.B \-d +Increase the debug level. May be given more than once. +.TP +.B \-r +Output the raw signature, rather than a full zpm certificate. +This also just signs the data given, without any signature +metadata. +.TP +.BI \-p passphrase +Specify a passphrase to decrypt a private key. +.TP +.BI \-m message +Specify a message to be signed or verified. If not set with the -m option, the +message is taken from file named with the first non-option argument. +.TP +.BI \-k path +Take the private key for message signing from the path given. This +defaults to ~/.zpm/key. If ~/.zpm/key is not found and the euid +is root, /var/lib/zpm/key is tried. +.TP +.BI \-K key +Take the private key from the command line argument. This is not +particularly secure and is primarily intended for testing. +.TP +.BI \-S sigstring +Use sigstring as the signature to verify. +.TP +.BI \-m message +Specify a message to be signed or verified. If not set with the -m option, the +message is taken from file named with the first non-option argument. +.SH EXAMPLES +.TP +.B zpm sign +lists all files in the local database +.SH EXIT STATUS +0 on success non zero on failure +.SH FILES +/var/lib/zpm/local.db +.SH ENVIRONMENT +ZPMDB +.SH AUTHOR +Nathan Wagner +.SH SEE ALSO +.BR zpm (8)