| [6a3a178] | 1 | .TH sshpk\-sign 1 "Jan 2016" sshpk "sshpk Commands"
|
|---|
| 2 | .SH NAME
|
|---|
| 3 | .PP
|
|---|
| 4 | sshpk\-sign \- sign data using an SSH key
|
|---|
| 5 | .SH SYNOPSYS
|
|---|
| 6 | .PP
|
|---|
| 7 | \fB\fCsshpk\-sign\fR \-i KEYPATH [OPTION...]
|
|---|
| 8 | .SH DESCRIPTION
|
|---|
| 9 | .PP
|
|---|
| 10 | Takes in arbitrary bytes, and signs them using an SSH private key. The key can
|
|---|
| 11 | be of any type or format supported by the \fB\fCsshpk\fR library, including the
|
|---|
| 12 | standard OpenSSH formats, as well as PEM PKCS#1 and PKCS#8.
|
|---|
| 13 | .PP
|
|---|
| 14 | The signature is printed out in Base64 encoding, unless the \fB\fC\-\-binary\fR or \fB\fC\-b\fR
|
|---|
| 15 | option is given.
|
|---|
| 16 | .SH EXAMPLES
|
|---|
| 17 | .PP
|
|---|
| 18 | Signing with default settings:
|
|---|
| 19 | .PP
|
|---|
| 20 | .RS
|
|---|
| 21 | .nf
|
|---|
| 22 | $ printf 'foo' | sshpk\-sign \-i ~/.ssh/id_ecdsa
|
|---|
| 23 | MEUCIAMdLS/vXrrtWFepwe...
|
|---|
| 24 | .fi
|
|---|
| 25 | .RE
|
|---|
| 26 | .PP
|
|---|
| 27 | Signing in SSH (RFC 4253) format (rather than the default ASN.1):
|
|---|
| 28 | .PP
|
|---|
| 29 | .RS
|
|---|
| 30 | .nf
|
|---|
| 31 | $ printf 'foo' | sshpk\-sign \-i ~/.ssh/id_ecdsa \-t ssh
|
|---|
| 32 | AAAAFGVjZHNhLXNoYTIt...
|
|---|
| 33 | .fi
|
|---|
| 34 | .RE
|
|---|
| 35 | .PP
|
|---|
| 36 | Saving the binary signature to a file:
|
|---|
| 37 | .PP
|
|---|
| 38 | .RS
|
|---|
| 39 | .nf
|
|---|
| 40 | $ printf 'foo' | sshpk\-sign \-i ~/.ssh/id_ecdsa \\
|
|---|
| 41 | \-o signature.bin \-b
|
|---|
| 42 | $ cat signature.bin | base64
|
|---|
| 43 | MEUCIAMdLS/vXrrtWFepwe...
|
|---|
| 44 | .fi
|
|---|
| 45 | .RE
|
|---|
| 46 | .SH OPTIONS
|
|---|
| 47 | .TP
|
|---|
| 48 | \fB\fC\-v, \-\-verbose\fR
|
|---|
| 49 | Print extra information about the key and signature to stderr when signing.
|
|---|
| 50 | .TP
|
|---|
| 51 | \fB\fC\-b, \-\-binary\fR
|
|---|
| 52 | Don't base64\-encode the signature before outputting it.
|
|---|
| 53 | .TP
|
|---|
| 54 | \fB\fC\-i KEY, \-\-identity=KEY\fR
|
|---|
| 55 | Select the key to be used for signing. \fB\fCKEY\fR must be a relative or absolute
|
|---|
| 56 | filesystem path to the key file. Any format supported by the \fB\fCsshpk\fR library
|
|---|
| 57 | is supported, including OpenSSH formats and standard PEM PKCS.
|
|---|
| 58 | .TP
|
|---|
| 59 | \fB\fC\-f PATH, \-\-file=PATH\fR
|
|---|
| 60 | Input file to sign instead of stdin.
|
|---|
| 61 | .TP
|
|---|
| 62 | \fB\fC\-o PATH, \-\-out=PATH\fR
|
|---|
| 63 | Output file to save signature in instead of stdout.
|
|---|
| 64 | .TP
|
|---|
| 65 | \fB\fC\-H HASH, \-\-hash=HASH\fR
|
|---|
| 66 | Set the hash algorithm to be used for signing. This should be one of \fB\fCsha1\fR,
|
|---|
| 67 | \fB\fCsha256\fR or \fB\fCsha512\fR\&. Some key types may place restrictions on which hash
|
|---|
| 68 | algorithms may be used (e.g. ED25519 keys can only use SHA\-512).
|
|---|
| 69 | .TP
|
|---|
| 70 | \fB\fC\-t FORMAT, \-\-format=FORMAT\fR
|
|---|
| 71 | Choose the signature format to use, from \fB\fCasn1\fR, \fB\fCssh\fR or \fB\fCraw\fR (only for
|
|---|
| 72 | ED25519 signatures). The \fB\fCasn1\fR format is the default, as it is the format
|
|---|
| 73 | used with TLS and typically the standard in most non\-SSH libraries (e.g.
|
|---|
| 74 | OpenSSL). The \fB\fCssh\fR format is used in the SSH protocol and by the ssh\-agent.
|
|---|
| 75 | .SH SEE ALSO
|
|---|
| 76 | .PP
|
|---|
| 77 | .BR sshpk-verify (1)
|
|---|
| 78 | .SH BUGS
|
|---|
| 79 | .PP
|
|---|
| 80 | Report bugs at Github
|
|---|
| 81 | \[la]https://github.com/arekinath/node-sshpk/issues\[ra]
|
|---|
