Rechecked that -G was working (broken) and jmc wants identical SYNOPSIS/usage. Together with the \n for base64...
Index: signify.1 =================================================================== RCS file: /build/data/openbsd/cvs/src/usr.bin/signify/signify.1,v retrieving revision 1.6 diff -u -p -r1.6 signify.1 --- signify.1 1 Jan 2014 17:50:33 -0000 1.6 +++ signify.1 3 Jan 2014 13:47:54 -0000 @@ -23,15 +23,25 @@ .Sh SYNOPSIS .Nm signify .Op Fl n -.Op Fl i Ar input +.Fl p Ar pubkey +.Fl s Ar seckey +.Fl G +.Nm signify .Op Fl o Ar output -.Op Fl p Ar pubkey -.Op Fl s Ar seckey -.Fl G | S | V +.Fl s Ar seckey +.Fl S +.Ar input +.Nm signify +.Op Fl o Ar output +.Fl p Ar pubkey +.Fl V +.Ar input .Sh DESCRIPTION The .Nm -utility creates and verifies cryptographic signatures. +utility creates and verifies cryptographic signatures for +an input file +.Ar input . The mode of operation is selected by the .Fl G , .Fl S , @@ -43,8 +53,6 @@ The options are as follows: .Bl -tag -width Ds .It Fl G Generate a new keypair. -.It Fl i Ar input -Input file to sign or verify. .It Fl n Do not ask for a passphrase during key generation. Otherwise, @@ -56,17 +64,17 @@ The default is .Ar input Ns .sig . .It Fl p Ar pubkey Public key produced by -.Ar G , +.Fl G , and used by -.Ar V +.Fl V to check a signature. .It Fl S Sign the input file. .It Fl s Ar seckey Secret (private) key produced by -.Ar G , +.Fl G , and used by -.Ar S +.Fl S to sign a message. .It Fl V Verify the input file and signature match. @@ -94,13 +102,13 @@ The message file is too large. .El .Sh EXAMPLES Create a new keypair: -.Dl $ signify -p newkey.pub -s newkey.sec -G +.Dl $ signify -G -p newkey.pub -s newkey.sec .Pp Sign a file, specifying a signature name: -.Dl $ signify -s key.sec -i message.txt -o msg.sig -S +.Dl $ signify -S -s key.sec -o msg.sig message.txt .Pp Verify a signature, using the default signature name: -.Dl $ signify -p key.pub -i generalsorders.txt -V +.Dl $ signify -V -p key.pub generalsorders.txt .Sh SEE ALSO .Xr cmp 1 , .Xr sha256 1 , @@ -109,4 +117,4 @@ Verify a signature, using the default si The .Nm command first appeared in -.Ox 5.5 +.Ox 5.5 . Index: signify.c =================================================================== RCS file: /build/data/openbsd/cvs/src/usr.bin/signify/signify.c,v retrieving revision 1.7 diff -u -p -r1.7 signify.c --- signify.c 2 Jan 2014 16:34:02 -0000 1.7 +++ signify.c 3 Jan 2014 15:37:57 -0000 @@ -64,8 +64,11 @@ extern char *__progname; static void usage(void) { - fprintf(stderr, "usage: %s [-n] [-i input] [-o output] [-p pubkey] [-s seckey] " - "-G | -S | -V\n", __progname); + fprintf(stderr, "usage:" + "\t%s [-n] -p pubkey -s seckey -G\n" + "\t%s [-o output] -s seckey -S input\n" + "\t%s [-o output] -p pubkey -V input\n", + __progname, __progname, __progname); exit(1); } @@ -170,8 +173,9 @@ writeb64file(const char *filename, const fd = xopen(filename, O_CREAT|O_EXCL|O_NOFOLLOW|O_RDWR, mode); snprintf(header, sizeof(header), "signify -- %s\n", comment); writeall(fd, header, strlen(header), filename); - if ((rv = b64_ntop(buf, len, b64, sizeof(b64))) == -1) + if ((rv = b64_ntop(buf, len, b64, sizeof(b64)-1)) == -1) errx(1, "b64 encode failed"); + b64[rv++] = '\n'; writeall(fd, b64, rv, filename); memset(b64, 0, sizeof(b64)); close(fd); @@ -338,7 +342,7 @@ main(int argc, char **argv) rounds = 42; - while ((ch = getopt(argc, argv, "GSVi:no:p:s:")) != -1) { + while ((ch = getopt(argc, argv, "GSVno:p:s:")) != -1) { switch (ch) { case 'G': if (verb) @@ -355,9 +359,6 @@ main(int argc, char **argv) usage(); verb = VERIFY; break; - case 'i': - inputfile = optarg; - break; case 'n': rounds = 0; break; @@ -376,30 +377,37 @@ main(int argc, char **argv) } } argc -= optind; - if (argc != 0) - usage(); - - if (inputfile && !sigfile) { - if (snprintf(sigfilebuf, sizeof(sigfilebuf), "%s.sig", - inputfile) >= sizeof(sigfilebuf)) - errx(1, "path too long"); - sigfile = sigfilebuf; - } + argv += optind; if (verb == GENERATE) { - if (!pubkeyfile || !seckeyfile) + if (!pubkeyfile || !seckeyfile || argc != 0) usage(); generate(pubkeyfile, seckeyfile, rounds); - } else if (verb == SIGN) { - if (!seckeyfile || !inputfile) - usage(); - sign(seckeyfile, inputfile, sigfile); - } else if (verb == VERIFY) { - if (!pubkeyfile || !inputfile) - usage(); - verify(pubkeyfile, inputfile, sigfile); - } else { + } else if (verb == NONE) { usage(); + } else { + if (argc != 1) + usage(); + + inputfile = argv[0]; + + if (!sigfile) { + if (snprintf(sigfilebuf, sizeof(sigfilebuf), "%s.sig", + inputfile) >= sizeof(sigfilebuf)) + errx(1, "path too long"); + sigfile = sigfilebuf; + } + + if (verb == SIGN) { + if (!seckeyfile || !inputfile) + usage(); + sign(seckeyfile, inputfile, sigfile); + } else if (verb == VERIFY) { + if (!pubkeyfile || !inputfile) + usage(); + verify(pubkeyfile, inputfile, sigfile); + } } + return 0; }