forked from mirror/Riven
82 lines
2.4 KiB
Groff
82 lines
2.4 KiB
Groff
.TH sshpk\-sign 1 "Jan 2016" sshpk "sshpk Commands"
|
|
.SH NAME
|
|
.PP
|
|
sshpk\-sign \- sign data using an SSH key
|
|
.SH SYNOPSYS
|
|
.PP
|
|
\fB\fCsshpk\-sign\fR \-i KEYPATH [OPTION...]
|
|
.SH DESCRIPTION
|
|
.PP
|
|
Takes in arbitrary bytes, and signs them using an SSH private key. The key can
|
|
be of any type or format supported by the \fB\fCsshpk\fR library, including the
|
|
standard OpenSSH formats, as well as PEM PKCS#1 and PKCS#8.
|
|
.PP
|
|
The signature is printed out in Base64 encoding, unless the \fB\fC\-\-binary\fR or \fB\fC\-b\fR
|
|
option is given.
|
|
.SH EXAMPLES
|
|
.PP
|
|
Signing with default settings:
|
|
.PP
|
|
.RS
|
|
.nf
|
|
$ printf 'foo' | sshpk\-sign \-i ~/.ssh/id_ecdsa
|
|
MEUCIAMdLS/vXrrtWFepwe...
|
|
.fi
|
|
.RE
|
|
.PP
|
|
Signing in SSH (RFC 4253) format (rather than the default ASN.1):
|
|
.PP
|
|
.RS
|
|
.nf
|
|
$ printf 'foo' | sshpk\-sign \-i ~/.ssh/id_ecdsa \-t ssh
|
|
AAAAFGVjZHNhLXNoYTIt...
|
|
.fi
|
|
.RE
|
|
.PP
|
|
Saving the binary signature to a file:
|
|
.PP
|
|
.RS
|
|
.nf
|
|
$ printf 'foo' | sshpk\-sign \-i ~/.ssh/id_ecdsa \\
|
|
\-o signature.bin \-b
|
|
$ cat signature.bin | base64
|
|
MEUCIAMdLS/vXrrtWFepwe...
|
|
.fi
|
|
.RE
|
|
.SH OPTIONS
|
|
.TP
|
|
\fB\fC\-v, \-\-verbose\fR
|
|
Print extra information about the key and signature to stderr when signing.
|
|
.TP
|
|
\fB\fC\-b, \-\-binary\fR
|
|
Don't base64\-encode the signature before outputting it.
|
|
.TP
|
|
\fB\fC\-i KEY, \-\-identity=KEY\fR
|
|
Select the key to be used for signing. \fB\fCKEY\fR must be a relative or absolute
|
|
filesystem path to the key file. Any format supported by the \fB\fCsshpk\fR library
|
|
is supported, including OpenSSH formats and standard PEM PKCS.
|
|
.TP
|
|
\fB\fC\-f PATH, \-\-file=PATH\fR
|
|
Input file to sign instead of stdin.
|
|
.TP
|
|
\fB\fC\-o PATH, \-\-out=PATH\fR
|
|
Output file to save signature in instead of stdout.
|
|
.TP
|
|
\fB\fC\-H HASH, \-\-hash=HASH\fR
|
|
Set the hash algorithm to be used for signing. This should be one of \fB\fCsha1\fR,
|
|
\fB\fCsha256\fR or \fB\fCsha512\fR\&. Some key types may place restrictions on which hash
|
|
algorithms may be used (e.g. ED25519 keys can only use SHA\-512).
|
|
.TP
|
|
\fB\fC\-t FORMAT, \-\-format=FORMAT\fR
|
|
Choose the signature format to use, from \fB\fCasn1\fR, \fB\fCssh\fR or \fB\fCraw\fR (only for
|
|
ED25519 signatures). The \fB\fCasn1\fR format is the default, as it is the format
|
|
used with TLS and typically the standard in most non\-SSH libraries (e.g.
|
|
OpenSSL). The \fB\fCssh\fR format is used in the SSH protocol and by the ssh\-agent.
|
|
.SH SEE ALSO
|
|
.PP
|
|
.BR sshpk-verify (1)
|
|
.SH BUGS
|
|
.PP
|
|
Report bugs at Github
|
|
\[la]https://github.com/arekinath/node-sshpk/issues\[ra]
|