hngopher.com

       [HN Gopher] minisign
       ___________________________________________________________________
        
       minisign
        
       Author : tosh
       Score  : 50 points
       Date   : 2021-12-23 09:14 UTC (13 hours ago)
        
 (HTM) web link (github.com)
 (TXT) w3m dump (github.com)
        
       | eps wrote:
       | There is an older tool of the same nature that appends signature
       | to the file and that can be used with tar/gz pipelines -
       | https://github.com/apankrat/sign
        
       | 1vuio0pswjnm7 wrote:
       | Me: Still using ed25529tools,^1 which predates minisign.
       | Separation of concerns, fewer "features", fewer options to
       | remember. Uses original nacl-20110221 source. More concise code.
       | Unable to find compelling reason to switch to something more
       | complicated.
       | 
       | 1.
       | https://github.com/stribika/curveprotect/tree/master/source/...
        
         | rdpintqogeogsaa wrote:
         | > _Uses original nacl-20110221 source._
         | 
         | Considering the website[0] starts with "WARNING: This signature
         | software (both at the C level and at the C++ level) is a
         | prototype. It will be replaced by the final system Ed25519 in
         | future NaCl releases. A NaCl-compatible Ed25519 implementation
         | is already available as part of SUPERCOP," I'm not convinced
         | that using the original NaCl source for signing is a good sign.
         | 
         | [0] https://nacl.cr.yp.to/sign.html
        
       | tiziano88 wrote:
       | It's Now Possible To Sign Arbitrary Data With Your SSH Keys:
       | https://www.agwa.name/blog/post/ssh_signatures
        
       | bullen wrote:
       | How does this compare to gpg?
        
         | SAI_Peregrinus wrote:
         | It's substantially simpler and harder to misuse. It only does
         | signing & verification, and only allows secure primitives to be
         | used, so there's vastly lower risk of user error.
        
         | upofadown wrote:
         | It's simpler and much more manual. There is no keychain to keep
         | track of the keys and any trust stuff has to be done
         | separately.
         | 
         | It is basically just the raw signature function...
        
         | wolf550e wrote:
         | https://latacora.micro.blog/2019/07/16/the-pgp-problem.html
        
       | kseistrup wrote:
       | FYI: There's also the python wrapper around `age` and `minisign`:
       | https://docs.red-dove.com/pagesign/
        
       | [deleted]
        
       ___________________________________________________________________
       (page generated 2021-12-23 23:02 UTC)