Aha, now I better understand the `-e` explanation in signify(1). Still I believe the example of generating the signed embedded checksum list may be very welcome.
On Tue, 6 May 2025 at 13:39, Crystal Kolipe <kolip...@exoticsilicon.com> wrote: > On Tue, May 06, 2025 at 01:14:50PM +0200, Jan mydke wrote: > > However, the sigfile actually is rather the signature file of the SHA256 > > file appended with the contents of the SHA256 file. (Then the original > > SHA256 file is no longer necessary for use with signify.) So the > checksums > > are embedded in the signature file. > > This is the format produced by the '-e' argument to signify. > > $ signify -Se -s key.sec -m SHA256 > > Produces SHA256.sig with an embedded signature. > > It's already explained fairly near the start of signify(1). >
