.TL
My Keys
.AU
tropf
.AB
list of my keys and short usage
.AE
.DA
.
.NH 1
My Keys
.PP
I use SSH keys to sign stuff if I need to.
The following keys are mine:
.
.TS
nospaces center tab(|);
l l l l l
lfC l l l lfC.
Name | Note | Valid Since | Link | Full Text
_
tropf.pub | default key | 2025 | T{
.URL ../blob/tropf.pub "download"
T} | T{
.so ../blob/tropf.pub
T}
tropf_secondary.pub | backup key | 2025 | T{
.URL ../blob/tropf_secondary.pub "download"
T} | T{
.so ../blob/tropf_secondary.pub
T}
.TE
.
.PP
By default, you will encounter
.CW tropf.pub ";"
however in case I ever lose it the backup key is equally valid as a replacement.
.NH 2
Cross-signed
.PP
This table lists signatures of keys on each other.
Download the signatures using the links in the table,
the referenced keys can be retrieved above.
Additional keys may appear here to establish their authenticity.
.
.TS
nospaces center tab(|);
l l l
lfC lfC lfC.
Signing Key | Signed Key | Signature
_
tropf.pub | tropf_secondary.pub | T{
.URL ../blob/tropf_secondary.pub.sig "tropf_secondary.pub.sig"
T}
tropf_secondary.pub | tropf.pub | T{
.URL ../blob/tropf.pub.sig "tropf.pub.sig"
T}
.TE
.
.NH 1
Usage
.
.NH 2
Signing
.PP
To sign a file
.CW FILE
with the SSH key
.CW KEY
use the following command:
.CB
ssh-keygen -Y sign -f KEY -n file FILE
.CE
.
.PP
The result will be written into
.CW file.name.sig .
.
.NOTE
The argument
.CW file
is the so-called "namespace".
It is hard-coded and does not refer to any specific file.
.
.NH 2
Verifying Signatures
.PP
Use this command to validate that the public key
.CW KEY.pub
created the signature
.CW FILE.sig
for the file
.CW FILE :
.
.CB
ssh-keygen -Y check-novalidate -f KEY.pub -n file -s FILE.sig < FILE
.CE
.
.PP
There are two commands in
.CW ssh-keygen
to check signatures.
As 
.CW verify
requires a key database (an extra file with its own format) prefer
.CW check-novalidate
which only validates a signature against exactly one key.
.
.NH 1
See also
.PP
.ULS
.LI
.B ssh-keygen (1):
Tool to create and check signatures
.
.LI
.URL "https://gist.github.com/Kranzes/be4fffba5da3799ee93134dc68a4c67b" "cheat sheet for FIDO2 SSH key generation"
.ULE