How to use the command minisign (with examples)
Minisign is a command-line tool used to sign files and verify signatures. It is designed to be simple and secure, providing a means for ensuring the integrity and authenticity of files.
Use case 1: Generate a new keypair at the default location
Code:
minisign -G
Motivation: Generating a new keypair is an essential step before signing files. By generating a new keypair, you establish your identity as the signer and create a public key file needed for verification.
Explanation: The -G option tells Minisign to generate a new keypair. The command will create two files: minisign.key (the private key) and minisign.pub (the public key). By default, these files will be stored in the current directory where the command is executed.
Example output:
A new key pair has been generated and written to minisign.key and minisign.pub.
The secret key file is meant to be kept secret and minisign will refuse to use a secret key that is freely accessible. It is essential that you MOVE YOUR SECRET KEY TO A SAFE LOCATION. There is no undo.
Use case 2: Sign a file
Code:
minisign -Sm path/to/file
Motivation: Signing a file allows you to prove that the file has not been tampered with and that it was indeed signed by a trusted party. This can be useful in scenarios where the authenticity and integrity of a file are paramount.
Explanation: The -S option tells Minisign to sign the specified file. The -m option specifies the path to the file that will be signed.
Example output:
Signature created with minisign secret key minisign.key
Use case 3: Sign a file, adding a trusted and an untrusted comment in the signature
Code:
minisign -Sm path/to/file -c "Untrusted comment" -t "Trusted comment"
Motivation: Adding comments to a signature allows the signer to provide additional information about the file or the signing process. These comments can be useful for other users to understand the context or purpose of the signed file.
Explanation: The -c option specifies an untrusted comment that will be added to the signature. The -t option specifies a trusted comment that will also be included in the signature.
Example output:
Signature created with minisign secret key minisign.key
Use case 4: Verify a file and the trusted comments in its signature using the specified public key file
Code:
minisign -Vm path/to/file -p path/to/publickey.pub
Motivation: Verifying a file and its signature ensures that the file has not been altered since it was signed and that the signature was made by the trusted party. This provides an added layer of confidence in the authenticity and integrity of the file.
Explanation: The -V option tells Minisign to verify the specified file. The -m option specifies the path to the file that will be verified. The -p option specifies the path to the public key file that will be used for verification.
Example output:
Signature and comments verified
Use case 5: Verify a file and the trusted comments in its signature, specifying a public key as a Base64 encoded literal
Code:
minisign -Vm path/to/file -P "public_key_base64"
Motivation: In some cases, it might be more convenient to specify the public key as a Base64 encoded literal directly in the command, instead of providing a separate public key file. This can simplify the verification process when dealing with a small number of files.
Explanation: The -P option allows you to specify the public key as a Base64 encoded literal, avoiding the need for a separate public key file. The public key should be provided within quotes.
Example output:
Signature and comments verified
Conclusion:
Minisign is a powerful and easy-to-use command-line tool for signing files and verifying signatures. By following the examples provided, you can confidently utilize Minisign to ensure the integrity and authenticity of your files.
