signify-rs 0.4.0

OpenBSD-compatible file signing & verification tool
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93

## signify - OpenBSD-compatible file signing & verification tool

[![crates.io](https://img.shields.io/crates/v/signify-rs.svg?style=flat-square)](https://crates.io/crates/signify-rs)
[![docs.rs docs](https://img.shields.io/badge/docs-latest-blue.svg?style=flat-square)](https://docs.rs/crate/signify-rs/latest)
[![msrv](https://img.shields.io/badge/rustc-1.85%2B-green?style=plastic)](https://blog.rust-lang.org/2025/02/20/Rust-1.85.0/)
[![license: ISC](https://img.shields.io/badge/license-ISC-97CA00)](https://opensource.org/licenses/isc-license.txt)
[![build status](https://builds.sr.ht/~alip/signify.svg)](https://builds.sr.ht/~alip/signify?)

The signify utility creates and verifies cryptographic signatures. A
signature verifies the integrity of a _message_. This utility is a Rust
rewrite of [OpenBSD's reference
implementation](https://man.openbsd.org/signify), and provides a library
and a CLI tool for signing and verifying files. It's released under the
same license and focuses on security, simplicity, and strict adherence
to the OpenBSD implementation's formats and logic, while leveraging
Rust's safety guarantees. Codebase is well-tested and it's free of
unsafe code and arithmetic side effects. Main code runs sandboxed using
[capsicum(4)](https://man.freebsd.org/cgi/man.cgi?capsicum(4)) on
FreeBSD,
[pledge(2)](https://man.openbsd.org/pledge.2)/[unveil(2)](https://man.openbsd.org/unveil)
on OpenBSD, and
[landlock(7)](https://www.man7.org/linux/man-pages/man7/landlock.7.html)
on Linux.

Usage is identical to the reference implementation, so the user is
recommended to read signify's [OpenBSD manual
page](https://man.openbsd.org/signify). Another recommended read is the
article [Securing OpenBSD From Us To
You](https://www.openbsd.org/papers/bsdcan-signify.html).

The crate is fairly portable, builds on FreeBSD, NetBSD, OpenBSD, Linux,
Windows, and WASM. Tests run on all these operating systems on each git
push using [Sourcehut Builds](https://builds.sr.ht/~alip/signify). CI
builds create static-linked signify binaries as artifacts which may be
preferred by users who don't have the option to build signify from
source.

### Use with keyrings(7)

This crate comes with a single extension to the reference
implementation: When the crate is built on Linux or Android,
[keyrings(7)](https://www.man7.org/linux/man-pages/man7/keyrings.7.html)
support is compiled in. This adds the CLI option `-k key-id` to the
signify subcommands `-G`(enerate), and `-S`(ign) which allows the user
to specify their passphrase using a 32-bit key ID rather than inputting
it manually with a password prompt.

### Programmatic Use

1. Use `signify` binary in scripts.
   Output and exit codes are stable, compatible with OpenBSD.
2. Use [`libsignify-rs`](https://crates.io/crates/libsignify-rs) library
   as a dependency for your Rust code.

### Security

This implementation employs defense-in-depth with multiple hardening layers:

- **OS-level sandboxing**: _capsicum_(4) on FreeBSD,
  _pledge_(2)/_unveil_(2) on OpenBSD, _landlock_(7) on Linux.
- **Hardened file opens**: _openat2_(2) on Linux with
  `RESOLVE_NO_SYMLINKS`, `O_NOFOLLOW` on all Unix.
- **Safe filename validation**: Rejects control characters, leading
  dashes, and path traversal patterns per [Wheeler's LSM
  rules](https://dwheeler.com/essays/fixing-unix-linux-filenames.html).
- **Memory protections**: Memory-Deny-Write-Execute (MDWE)
  refuse-exec-gain flag set on Linux.
- **Privilege containment**: No-new-privileges (NNP) bit set on
  Linux/Android, resource limits on Unix.
- **No auto-locate**: Public keys must be explicitly specified,
  eliminating comment-injection attacks.
- **Password strength**:
  [`zxcvbn`](https://crates.io/crates/zxcvbn)-based estimation rejects
  weak passphrases with actionable feedback.
- **Safe Rust**: Zero unsafe code, no arithmetic side effects, no unwrap
  on user input.

The security architecture follows the principle of least privilege:
Argument validation occurs before any file operations, files are
pre-opened before entering the sandbox, and the sandbox is entered
before any cryptographic operations execute. This strict execution flow
ensures that even if cryptographic code were compromised, the attacker
would be confined within an extremely restricted sandbox with no
filesystem access beyond the pre-opened file handles, no network access,
and no ability to spawn processes or gain additional privileges.

### ChangeLog

See [ChangeLog.md](https://git.sr.ht/~alip/signify/tree/main/item/ChangeLog.md)

### License

ISC. See [COPYING](https://git.sr.ht/~alip/signify/tree/main/item/COPYING).