.TH zpm-sign 8 2019-02-15 "ZPM 0.3"
.SH NAME
zpm-sign \- manage package signatures
.SH SYNOPSIS
.B zpm sign
[
.B -hrdsgev
]
[
.BI -f " sigfile"
]
[
.BI -o " outfile"
]
[
.BI -S " sigstring"
]
[
.BI -k " keystring"
]
[
.BI -K " keyfile"
]
[
.BI -p " passphrase"
]
[
.BI -m " messagestring"
]
.RI [ file ]
.SH DESCRIPTION
\fBzpm-sign\fR
manages signatures on zpm packages.  It can generate signing keys,
sign files, and verify signatures.  The ed25519 algorithms are
used exclusively, and all the signature code is taken from the
ref10 implementation.  Signatures themselves are hex encoded
representions of the signature metadata and the actual signature value.
.PP
Private keys are potentially encrypted with chacha20 before storing
them on disk.
.SH OPTIONS
.B -r
.TP
.B \-g
Generate a private key
.TP
.B \-e
Extract a public key from a private key.
.TP
.B \-s
Sign a file or message.  In addition to the message to be signed,
signature metadata is signed.
.TP
.B \-v
Verify a signature on a file or message.
.TP
.B \-h
hexencode values
.TP
.B \-d
Increase the debug level.  May be given more than once.
.TP
.B \-r
Output the raw signature, rather than a full zpm certificate.
This also just signs the data given, without any signature
metadata.
.TP
.BI \-p passphrase
Specify a passphrase to decrypt a private key.
.TP
.BI \-m message
Specify a message to be signed or verified.  If not set with the -m option, the
message is taken from file named with the first non-option argument.
.TP
.BI \-k path
Take the private key for message signing from the path given.  This
defaults to ~/.zpm/key.  If ~/.zpm/key is not found and the euid
is root, /var/lib/zpm/key is tried.
.TP
.BI \-K key
Take the private key from the command line argument.  This is not
particularly secure and is primarily intended for testing.
.TP
.BI \-S sigstring
Use sigstring as the signature to verify.
.TP
.BI \-m message
Specify a message to be signed or verified.  If not set with the -m option, the
message is taken from file named with the first non-option argument.
.SH EXAMPLES
.TP
.B zpm sign
lists all files in the local database
.SH EXIT STATUS
0 on success non zero on failure
.SH FILES
/var/lib/zpm/local.db
.SH ENVIRONMENT
ZPMDB
.SH AUTHOR
Nathan Wagner
.SH SEE ALSO
.BR zpm (8)