grapheneos.org: signature verification failed

I need to figure out if it makes sense. It probably does because Windows also likely has OpenSSH available now as first party software.

If we used https://github.com/jedisct1/minisign rather than the standard signify we could use the pre-hashing extension via -H. It wouldn’t be possible to verify those signatures with signify. The reason we didn’t do that is that Debian doesn’t have a minisign package. If I only had to support Arch Linux, I’d happily have used minisign with -H.

It would be nice if signify supported this but we couldn’t use it due to Debian having ancient versions of applications.

It’s actually possible to sign and verify files with SSH so perhaps we should be doing that instead for more portability.

Why would the verify command work? It’s the checksum file that’s signed, and the file is included in the checksum file. The -C command is the correct way to verify the signature of a checksum file and all files referenced in it via the hashes. It’s not the zip that’s signed directly but rather a hash of the zip is signed, and signify has first class support for doing it this way via the -C switch.

Signify isn’t really meant to be used to sign a large file directly. It would take a really long time and memory equal to the size of the file to sign and verify. Instead, it uses a signed checksum file which you verify with -C to verify the checksum file with signify and the listed files with the hashes. It’s just how signify works. If we used minisign with the minisign-specific signature format instead of signify, it would work the way you expect. Signify doesn’t do any implicit pre-hashing but rather requires that you do it this way. See https://www.openbsd.org/faq/faq4.html#Download for how it’s used by OpenBSD. It’s the same thing, but they actually have multiple files.