Tool to sign files and verify signatures
- Modern cryptography primitives (ed25519, curve25519, blake2b)
- Protecting secret keys by passwords using pbkdf2-blake2b routine
Here are some (descriptive) usage examples of
- Generate keypair:
$ jsign generate skey pkey $ jsign generate --no-password skey pkey
- Sign files
$ jsign sign skey file
- Verify signature
$ jsign verify pkey file
For digital signatures
ed25519 algorithm which is blazingly fast and
proven to be secure even without random oracle (based on Schnorr scheme).
To sign a file,
jsign does the following steps:
- Opens secret key file (decrypting it if needed)
- Calculates digest of a file
- Calculates ed25519 signature
- Write digest and signature to the output file in json format
To verify signature,
jsign loads public key, verifies the signature in the same
way, load file digest and verify corresponding file agains that digest.
jsign only sign digests of files and not files themselves, and a signature
contains both digests and its ed25519 signature.
Secret key for
jsign can be encrypted using password-based key derivation function,
pbkdf2-blake2b. This function can be tuned for the number of rounds to increase
amount of work required for an adversary to brute-force the encryption password into
a valid encryption key.
jsign uses the json format for keys and signatures, doc.