step crypto nacl sign
Name
step crypto nacl sign -- sign small messages using public-key cryptography
Usage
step crypto nacl sign <subcommand> [arguments] [global-flags] [subcommand-flags]
Description
step crypto nacl sign command group uses public-key cryptography to sign and verify messages. The implementation is based on NaCl's crypto_sign function.
NaCl crypto_sign is crypto_sign_edwards25519sha512batch, a particular combination of Curve25519 in Edwards form and SHA-512 into a signature scheme suitable for high-speed batch verification. This function is conjectured to meet the standard notion of unforgeability under chosen-message attacks.
These commands are interoperable with NaCl: https://nacl.cr.yp.to/sign.html
Examples
Create a keypair for verifying and signing messages:
$ step crypto nacl sign keypair nacl.sign.pub nacl.sign.priv
Sign a message using the private key:
$ step crypto nacl sign sign nacl.sign.priv
Please enter text to sign:
rNrOfqsv4svlRnVPSVYe2REXodL78yEMHtNkzAGNp4MgHuVGoyayp0zx4D5rjTzYVVrD2HRP306ZILT62ohvCG1lc3NhZ2U
$ cat message.txt | step crypto nacl sign sign ~/step/keys/nacl.recipient.sign.priv
rNrOfqsv4svlRnVPSVYe2REXodL78yEMHtNkzAGNp4MgHuVGoyayp0zx4D5rjTzYVVrD2HRP306ZILT62ohvCG1lc3NhZ2U
Verify the signed message using the public key:
$ echo rNrOfqsv4svlRnVPSVYe2REXodL78yEMHtNkzAGNp4MgHuVGoyayp0zx4D5rjTzYVVrD2HRP306ZILT62ohvCG1lc3NhZ2U \
| step crypto nacl sign open nacl.sign.pub
message