NAME

pminisign -- perl implementation of minisign

SYNOPSIS

pminisign -G [-p pubkey] [-s seckey]

pminisign -S [-H] [-x sigfile] [-s seckey] [-c untrusted_comment] [-t trusted_comment] -m file [file ...]

pminisign -V [-x sigfile] [-p pubkeyfile | -P pubkey] [-o] [-q] -m file

pminisign -R -s seckey -p pubkeyfile

OPTIONS

These options control the actions of pminisign.

actions:
  -G: Generate a new key pair
  -S: Sign files
  -V: Verify that a signature is valid for a given file
  -R: Recreate a public key file from a secret key file

options:
  -m <file>: File to sign/verify
  -o: Combined with -V, output the file content after verification
  -p <pubkeyfile>: Public key file (default: ./minisign.pub)
  -P <pubkey>: Public key, as a base64 string
  -s <seckey>: Secret key file (default: ~/.minisign/minisign.key)
  -x <sigfile>: Signature file (default: <file>.minisig)
  -c <comment>: Add a one-line untrusted comment
  -t <comment>: Add a one-line trusted comment
  -l: Sign using the legacy format
  -q: Quiet mode, suppress output
  -H: Requires the input to be prehashed
  -Q: Pretty quiet mode, only print the trusted comment
  -f: Force. Combined with -G, overwrite a previous key pair
  -v: Display version number

DESCRIPTION

This tool and its documentation are ported to perl from minisign. It intends to be interoperable and bug-for-bug compatible.

Minisign is a dead simple tool to sign files and verify signatures using libsodium. This is a perl version of that command using Crypt::Sodium::XS.

It uses the highly secure Ed25519 public-key signature system.

EXAMPLES

NOTE: MINISIGN_CONFIG_DIR defaults to "$HOME/.minisign". the variable and default directory names are for compatibility with minisign.

Creating a key pair

pminisign -G

The public key is printed and put into the file specified by the -P <pubkeyfile> option, or $ENV{MINISIGN_CONFIG_DIR}/minisign.pub. The secret key is encrypted and saved as a file specified by the -s <seckey> option, or $ENV{MINISIGN_CONFIG_DIR}/minisign.key.

Signing files

$ pminisign -Sm myfile.txt
$ pminisign -Sm myfile.txt myfile2.txt *.c

Or to include a comment in the signature, that will be verified and displayed when verifying the file:

$ pminisign -Sm myfile.txt -t 'This comment will be signed as well'

The secret key is loaded from the file specified by the -x <seckeyfile> option, or ${MINISIGN_CONFIG_DIR}/minisign.key. The signature will be written to the file specified by the -x <sigfile> option, or to the input file path with .sig appended.

Verifying a file

$ pminisign -Vm myfile.txt -P <pubkey>

$ pminisign -Vm myfile.txt -p signature.pub

This requires the signature myfile.txt.minisig to be present in the same directory unless overriden with the -x <file> option. The public key can either reside in a file (./minisign.pub by default) or be directly specified on the command line.

NOTES

Signature files include an untrusted comment line that can be freely modified, even after signature creation.

They also include a second comment line, that cannot be modified without the secret key. Trusted comments can be used to add instructions or application-specific metadata (intended file name, timestamps, resource identifiers, version numbers to prevent downgrade attacks).

SIGNIFY COMPATABILITY

The environment variable PMINISIGN_NO_TRUSTED_COMMENT, if set to any not-false string (not empty nor "0"), will cause pminisign to ignore (when verifying signatures) and skip creation of (when signing) trusted comments. When set, pminisign is compatible with the OpenBSD signify utility.

MINISIGN COMPATABILITY

The environment variable PMINISIGN_COMPATIBLE_SECRETKEY, if set to any not-false string (not empty nor "0"), will cause pminisign to use passphrases compatible with minisign. This is required only for using any secret keys created by minisign, or to generate a key which can be used by minisign.

WARNING: Key compatability is a work in progress and does not yet function. Keys generated with minisign cannot currently be used with pminisign. Keys generated with pminisign cannot be used and will not be usable with minisign. This limitation will be fixed in a future release.

AUTHOR

Brad Barden <perlmodules@5c30.org>

COPYRIGHT & LICENSE

Minisign is developed by the author of libsodium. It is released under the ISC License. This script adopts the same license.

Permission to use, copy, modify, and/or distribute this software for any purpose with or without fee is hereby granted, provided that the above copyright notice and this permission notice appear in all copies.

THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.

To install Crypt::Sodium::XS, copy and paste the appropriate command in to your terminal.

cpanm

cpanm Crypt::Sodium::XS

CPAN shell

perl -MCPAN -e shell
install Crypt::Sodium::XS

For more information on module installation, please visit the detailed CPAN module installation guide.

	Global
`s`	Focus search bar
`?`	Bring up this help dialog

	GitHub
`g` `p`	Go to pull requests
`g` `i`	go to github issues (only if github is preferred repository)

	POD
`g` `a`	Go to author
`g` `c`	Go to changes
`g` `i`	Go to issues
`g` `d`	Go to dist
`g` `r`	Go to repository/SCM
`g` `s`	Go to source
`g` `b`	Go to file browse

	Search terms
module: (e.g. module:Plugin)
distribution: (e.g. distribution:Dancer auth)
author: (e.g. author:SONGMU Redis)
version: (e.g. version:1.00)