Rechecked that -G was working (broken) and jmc wants identical SYNOPSIS/usage.
Together with the \n for base64...
Index: signify.1
===================================================================
RCS file: /build/data/openbsd/cvs/src/usr.bin/signify/signify.1,v
retrieving revision 1.6
diff -u -p -r1.6 signify.1
--- signify.1 1 Jan 2014 17:50:33 -0000 1.6
+++ signify.1 3 Jan 2014 13:47:54 -0000
@@ -23,15 +23,25 @@
.Sh SYNOPSIS
.Nm signify
.Op Fl n
-.Op Fl i Ar input
+.Fl p Ar pubkey
+.Fl s Ar seckey
+.Fl G
+.Nm signify
.Op Fl o Ar output
-.Op Fl p Ar pubkey
-.Op Fl s Ar seckey
-.Fl G | S | V
+.Fl s Ar seckey
+.Fl S
+.Ar input
+.Nm signify
+.Op Fl o Ar output
+.Fl p Ar pubkey
+.Fl V
+.Ar input
.Sh DESCRIPTION
The
.Nm
-utility creates and verifies cryptographic signatures.
+utility creates and verifies cryptographic signatures for
+an input file
+.Ar input .
The mode of operation is selected by the
.Fl G ,
.Fl S ,
@@ -43,8 +53,6 @@ The options are as follows:
.Bl -tag -width Ds
.It Fl G
Generate a new keypair.
-.It Fl i Ar input
-Input file to sign or verify.
.It Fl n
Do not ask for a passphrase during key generation.
Otherwise,
@@ -56,17 +64,17 @@ The default is
.Ar input Ns .sig .
.It Fl p Ar pubkey
Public key produced by
-.Ar G ,
+.Fl G ,
and used by
-.Ar V
+.Fl V
to check a signature.
.It Fl S
Sign the input file.
.It Fl s Ar seckey
Secret (private) key produced by
-.Ar G ,
+.Fl G ,
and used by
-.Ar S
+.Fl S
to sign a message.
.It Fl V
Verify the input file and signature match.
@@ -94,13 +102,13 @@ The message file is too large.
.El
.Sh EXAMPLES
Create a new keypair:
-.Dl $ signify -p newkey.pub -s newkey.sec -G
+.Dl $ signify -G -p newkey.pub -s newkey.sec
.Pp
Sign a file, specifying a signature name:
-.Dl $ signify -s key.sec -i message.txt -o msg.sig -S
+.Dl $ signify -S -s key.sec -o msg.sig message.txt
.Pp
Verify a signature, using the default signature name:
-.Dl $ signify -p key.pub -i generalsorders.txt -V
+.Dl $ signify -V -p key.pub generalsorders.txt
.Sh SEE ALSO
.Xr cmp 1 ,
.Xr sha256 1 ,
@@ -109,4 +117,4 @@ Verify a signature, using the default si
The
.Nm
command first appeared in
-.Ox 5.5
+.Ox 5.5 .
Index: signify.c
===================================================================
RCS file: /build/data/openbsd/cvs/src/usr.bin/signify/signify.c,v
retrieving revision 1.7
diff -u -p -r1.7 signify.c
--- signify.c 2 Jan 2014 16:34:02 -0000 1.7
+++ signify.c 3 Jan 2014 15:37:57 -0000
@@ -64,8 +64,11 @@ extern char *__progname;
static void
usage(void)
{
- fprintf(stderr, "usage: %s [-n] [-i input] [-o output] [-p pubkey] [-s
seckey] "
- "-G | -S | -V\n", __progname);
+ fprintf(stderr, "usage:"
+ "\t%s [-n] -p pubkey -s seckey -G\n"
+ "\t%s [-o output] -s seckey -S input\n"
+ "\t%s [-o output] -p pubkey -V input\n",
+ __progname, __progname, __progname);
exit(1);
}
@@ -170,8 +173,9 @@ writeb64file(const char *filename, const
fd = xopen(filename, O_CREAT|O_EXCL|O_NOFOLLOW|O_RDWR, mode);
snprintf(header, sizeof(header), "signify -- %s\n", comment);
writeall(fd, header, strlen(header), filename);
- if ((rv = b64_ntop(buf, len, b64, sizeof(b64))) == -1)
+ if ((rv = b64_ntop(buf, len, b64, sizeof(b64)-1)) == -1)
errx(1, "b64 encode failed");
+ b64[rv++] = '\n';
writeall(fd, b64, rv, filename);
memset(b64, 0, sizeof(b64));
close(fd);
@@ -338,7 +342,7 @@ main(int argc, char **argv)
rounds = 42;
- while ((ch = getopt(argc, argv, "GSVi:no:p:s:")) != -1) {
+ while ((ch = getopt(argc, argv, "GSVno:p:s:")) != -1) {
switch (ch) {
case 'G':
if (verb)
@@ -355,9 +359,6 @@ main(int argc, char **argv)
usage();
verb = VERIFY;
break;
- case 'i':
- inputfile = optarg;
- break;
case 'n':
rounds = 0;
break;
@@ -376,30 +377,37 @@ main(int argc, char **argv)
}
}
argc -= optind;
- if (argc != 0)
- usage();
-
- if (inputfile && !sigfile) {
- if (snprintf(sigfilebuf, sizeof(sigfilebuf), "%s.sig",
- inputfile) >= sizeof(sigfilebuf))
- errx(1, "path too long");
- sigfile = sigfilebuf;
- }
+ argv += optind;
if (verb == GENERATE) {
- if (!pubkeyfile || !seckeyfile)
+ if (!pubkeyfile || !seckeyfile || argc != 0)
usage();
generate(pubkeyfile, seckeyfile, rounds);
- } else if (verb == SIGN) {
- if (!seckeyfile || !inputfile)
- usage();
- sign(seckeyfile, inputfile, sigfile);
- } else if (verb == VERIFY) {
- if (!pubkeyfile || !inputfile)
- usage();
- verify(pubkeyfile, inputfile, sigfile);
- } else {
+ } else if (verb == NONE) {
usage();
+ } else {
+ if (argc != 1)
+ usage();
+
+ inputfile = argv[0];
+
+ if (!sigfile) {
+ if (snprintf(sigfilebuf, sizeof(sigfilebuf), "%s.sig",
+ inputfile) >= sizeof(sigfilebuf))
+ errx(1, "path too long");
+ sigfile = sigfilebuf;
+ }
+
+ if (verb == SIGN) {
+ if (!seckeyfile || !inputfile)
+ usage();
+ sign(seckeyfile, inputfile, sigfile);
+ } else if (verb == VERIFY) {
+ if (!pubkeyfile || !inputfile)
+ usage();
+ verify(pubkeyfile, inputfile, sigfile);
+ }
}
+
return 0;
}
