Bug#773861: Signify - OpenBSD's cryptographic signing tool

To: "debian-security@lists.debian.org" <debian-security@lists.debian.org>
Cc: 773861@bugs.debian.org
Subject: Bug#773861: Signify - OpenBSD's cryptographic signing tool
From: Riley Baird <BM-2cVqnDuYbAU5do2DfJTrN7ZbAJ246S4Xix@bitmessage.ch>
Date: Thu, 08 Jan 2015 17:51:52 +1100
Message-id: <[🔎] 54AE2908.60706@bitmessage.ch>
Reply-to: Riley Baird <BM-2cVqnDuYbAU5do2DfJTrN7ZbAJ246S4Xix@bitmessage.ch>, 773861@bugs.debian.org

Greetings, debian-security!

OpenBSD has recently developed a tool called "signify" for cryptographic
signing and verifying. It is extremely lightweight, and produces
extremely small signatures. For an idea of how small, note that this is
a complete signature:

RWSRtYZ5JArIEj7Q2Q5qTHD1c2JCvWAu7z0s0ARhlA4s/ac3lc1T5PLplmq1x/LTRZxl9J27Re/QVnUkU9wp14vN/+3Wnb2Tyw4=

It is currently being used to sign not only the releases of OpenBSD (and
its forks, Bitrig and LibertyBSD), but also LibreSSL, OpenBSD's fork of
the OpenSSL library created after heartbleed.

I've packaged signify for Debian, and I'm currently looking for a
sponsor. You can download the package with this command:

dget -x http://mentors.debian.net/debian/pool/main/s/signify-openbsd
/signify-openbsd_8-1.dsc

The mentors summary page is here:
http://mentors.debian.net/package/signify-openbsd

More information about signify can be obtained from
http://www.tedunangst.com/flak/post/signify

Yours sincerely,

Riley Baird

Reply to:

Follow-Ups:
- Bug#773861: Signify - OpenBSD's cryptographic signing tool
  - From: Jakub Wilk <jwilk@debian.org>

Prev by Date: Bug#774753: sponsorship-requests: RFS - pu policyd-weight/0.1.15.2-5+wheezy2
Next by Date: Bug#774895: RFS: mgrs/0.0~20131209-80d5465-1~exp2
Previous by thread: Bug#774805: marked as done (RFS: mkgmap/0.0.0+svn3393-1~exp1)
Next by thread: Bug#773861: Signify - OpenBSD's cryptographic signing tool
Index(es):
- Date
- Thread