Menu

Platform

The Smallstep Platform
Authorities
Provisioners
Inventories
Templates
Events

Open Source

step CLI
Installation
The step Command
Basic Crypto Operations
Command Reference
step-ca
Installation
Core Concepts
Getting Started
Basic CA Operations
ACME Basics
Configuration
Policies
Provisioners
Templates
Webhooks
Production Considerations
Renewal
Revocation
Registration Authority Mode
Integrations
Practical Zero Trust
Mutual TLS
Tutorials
Configure popular ACME clients to use a private CA
Use Kubernetes cert-manager with step-ca
Issue X.509 host certificates to cloud VMs
Issue X.509 user certificates via your identity provider
Create a CA that uses RSA keys
Import an existing root or intermediate CA into step-ca
Use Keycloak to issue SSH certificates with step-ca
Run an SSH CA and connect to VMs using SSH certificates
Use AWS to deploy a certificate authority and secure microservices
Run step-ca in a Docker container
Federate multiple autonomous certificate authorities

Platform

The Smallstep Platform
Authorities
Provisioners
Inventories
Templates
Events

Open Source

`step crypto nacl sign`

Name

step crypto nacl sign -- sign small messages using public-key cryptography

Usage

step crypto nacl sign <subcommand> [arguments] [global-flags] [subcommand-flags]

Description

step crypto nacl sign command group uses public-key cryptography to sign and verify messages. The implementation is based on NaCl's crypto_sign function.

NaCl crypto_sign is crypto_sign_edwards25519sha512batch, a particular combination of Curve25519 in Edwards form and SHA-512 into a signature scheme suitable for high-speed batch verification. This function is conjectured to meet the standard notion of unforgeability under chosen-message attacks.

These commands are interoperable with NaCl: https://nacl.cr.yp.to/sign.html

Examples

Create a keypair for verifying and signing messages:

$ step crypto nacl sign keypair nacl.sign.pub nacl.sign.priv

Sign a message using the private key:

$ step crypto nacl sign sign nacl.sign.priv
Please enter text to sign: 
rNrOfqsv4svlRnVPSVYe2REXodL78yEMHtNkzAGNp4MgHuVGoyayp0zx4D5rjTzYVVrD2HRP306ZILT62ohvCG1lc3NhZ2U

$ cat message.txt | step crypto nacl sign sign ~/step/keys/nacl.recipient.sign.priv
rNrOfqsv4svlRnVPSVYe2REXodL78yEMHtNkzAGNp4MgHuVGoyayp0zx4D5rjTzYVVrD2HRP306ZILT62ohvCG1lc3NhZ2U

Verify the signed message using the public key:

$ echo rNrOfqsv4svlRnVPSVYe2REXodL78yEMHtNkzAGNp4MgHuVGoyayp0zx4D5rjTzYVVrD2HRP306ZILT62ohvCG1lc3NhZ2U \
     | step crypto nacl sign open nacl.sign.pub
message

Commands

Name	Usage
keypair	generate a pair for use with sign and open
open	verify a signed message produced by sign
sign	sign a message using Ed25519

Commands

step crypto nacl

•
step crypto nacl sign

step crypto nacl sign keypair

step crypto nacl sign open

step crypto nacl sign sign

Subscribe to updates

Unsubscribe anytime. See our privacy policy.

Learn

Register for Demo

Products

Certificate Manager

ACME Registration Authority

Pricing

Certificate Manager

Documentation

Certificate Manager

step Command Reference

Open Source

Company

© 2023 Smallstep Labs, Inc. All rights reserved.

Terms & Conditions

Website Preferences

Do Not Sell My Information