I really, really want to have an actual parameter for sign and verify, this makes more sense.
Also, the set of modes of signify means it's much clearer to have separate synopsis in the manpage... Also fix some .Ar which should be .Fl while we're at it. To *keep things simple*, let's only sign a single file... ;) (note that this actually fixes the code logic, again, since you could specify an input file option, and generate a sigfile name, and even error out in cases things were too long if -G got used)... Note that I haven't changed the option order in the synopsis, though I would tend to put -G/-S/-V first, personally... Index: signify.1 =================================================================== RCS file: /build/data/openbsd/cvs/src/usr.bin/signify/signify.1,v retrieving revision 1.6 diff -u -p -r1.6 signify.1 --- signify.1 1 Jan 2014 17:50:33 -0000 1.6 +++ signify.1 3 Jan 2014 13:47:54 -0000 @@ -23,15 +23,25 @@ .Sh SYNOPSIS .Nm signify .Op Fl n -.Op Fl i Ar input +.Fl p Ar pubkey +.Fl s Ar seckey +.Fl G +.Nm signify .Op Fl o Ar output -.Op Fl p Ar pubkey -.Op Fl s Ar seckey -.Fl G | S | V +.Fl s Ar seckey +.Fl S +.Ar input +.Nm signify +.Op Fl o Ar output +.Fl p Ar pubkey +.Fl V +.Ar input .Sh DESCRIPTION The .Nm -utility creates and verifies cryptographic signatures. +utility creates and verifies cryptographic signatures for +an input file +.Ar input . The mode of operation is selected by the .Fl G , .Fl S , @@ -43,8 +53,6 @@ The options are as follows: .Bl -tag -width Ds .It Fl G Generate a new keypair. -.It Fl i Ar input -Input file to sign or verify. .It Fl n Do not ask for a passphrase during key generation. Otherwise, @@ -56,17 +64,17 @@ The default is .Ar input Ns .sig . .It Fl p Ar pubkey Public key produced by -.Ar G , +.Fl G , and used by -.Ar V +.Fl V to check a signature. .It Fl S Sign the input file. .It Fl s Ar seckey Secret (private) key produced by -.Ar G , +.Fl G , and used by -.Ar S +.Fl S to sign a message. .It Fl V Verify the input file and signature match. @@ -94,13 +102,13 @@ The message file is too large. .El .Sh EXAMPLES Create a new keypair: -.Dl $ signify -p newkey.pub -s newkey.sec -G +.Dl $ signify -G -p newkey.pub -s newkey.sec .Pp Sign a file, specifying a signature name: -.Dl $ signify -s key.sec -i message.txt -o msg.sig -S +.Dl $ signify -S -s key.sec -o msg.sig message.txt .Pp Verify a signature, using the default signature name: -.Dl $ signify -p key.pub -i generalsorders.txt -V +.Dl $ signify -V -p key.pub generalsorders.txt .Sh SEE ALSO .Xr cmp 1 , .Xr sha256 1 , @@ -109,4 +117,4 @@ Verify a signature, using the default si The .Nm command first appeared in -.Ox 5.5 +.Ox 5.5 . Index: signify.c =================================================================== RCS file: /build/data/openbsd/cvs/src/usr.bin/signify/signify.c,v retrieving revision 1.7 diff -u -p -r1.7 signify.c --- signify.c 2 Jan 2014 16:34:02 -0000 1.7 +++ signify.c 3 Jan 2014 13:57:23 -0000 @@ -64,8 +64,8 @@ extern char *__progname; static void usage(void) { - fprintf(stderr, "usage: %s [-n] [-i input] [-o output] [-p pubkey] [-s seckey] " - "-G | -S | -V\n", __progname); + fprintf(stderr, "usage: %s [-n] [-o output] [-p pubkey] [-s seckey] " + "-G | -S | -V [input]\n", __progname); exit(1); } @@ -338,7 +338,7 @@ main(int argc, char **argv) rounds = 42; - while ((ch = getopt(argc, argv, "GSVi:no:p:s:")) != -1) { + while ((ch = getopt(argc, argv, "GSVno:p:s:")) != -1) { switch (ch) { case 'G': if (verb) @@ -355,9 +355,6 @@ main(int argc, char **argv) usage(); verb = VERIFY; break; - case 'i': - inputfile = optarg; - break; case 'n': rounds = 0; break; @@ -376,21 +373,29 @@ main(int argc, char **argv) } } argc -= optind; - if (argc != 0) + argv += optind; + + if (verb == GENERATE) { + if (!pubkeyfile || !seckeyfile || argc != 0) + usage(); + generate(pubkeyfile, seckeyfile, rounds); + } else if (verb == NONE) { + usage(); + } + + if (argc != 1) usage(); - if (inputfile && !sigfile) { + inputfile = argv[0]; + + if (!sigfile) { if (snprintf(sigfilebuf, sizeof(sigfilebuf), "%s.sig", inputfile) >= sizeof(sigfilebuf)) errx(1, "path too long"); sigfile = sigfilebuf; } - if (verb == GENERATE) { - if (!pubkeyfile || !seckeyfile) - usage(); - generate(pubkeyfile, seckeyfile, rounds); - } else if (verb == SIGN) { + if (verb == SIGN) { if (!seckeyfile || !inputfile) usage(); sign(seckeyfile, inputfile, sigfile); @@ -398,8 +403,7 @@ main(int argc, char **argv) if (!pubkeyfile || !inputfile) usage(); verify(pubkeyfile, inputfile, sigfile); - } else { - usage(); } + return 0; }