step crypto nacl sign – sign small messages using public-key cryptography


step crypto nacl sign subcommand [arguments] [global-flags] [subcommand-flags]


step crypto nacl sign command group uses public-key cryptography to sign and verify messages. The implementation is based on NaCl's crypto_sign function.

NaCl crypto_sign function is designed to meet the standard notion of unforgeability for a public-key signature scheme under chosen-message attacks.

NaCl crypto_sign is crypto_sign_edwards25519sha512batch, a particular combination of Curve25519 in Edwards form and SHA-512 into a signature scheme suitable for high-speed batch verification. This function is conjectured to meet the standard notion of unforgeability under chosen-message attacks.

These commands are interoperable with NaCl:


Create a keypair for verifying amd signing messages:

$ step crypto nacl sign keypair nacl.sign.priv

Sign a message using the private key:

$ step crypto nacl sign sign nacl.sign.priv
Please enter text to sign: ********

$ cat message.txt | step crypto nacl sign sign ~/step/keys/nacl.recipient.sign.priv

Verify the signed message using the public key:

$ echo rNrOfqsv4svlRnVPSVYe2REXodL78yEMHtNkzAGNp4MgHuVGoyayp0zx4D5rjTzYVVrD2HRP306ZILT62ohvCG1lc3NhZ2U \
     | step crypto nacl sign open


keypairgenerate a pair for use with sign and open
openverify a signed message produced by sign
signsign a message using Ed25519