# signet - code signing tool

signet is a command line tool for signing source code changes and
arbitrary files such as build outputs. Signatures are generated in
[SSHSIG][sshsig] format and signing keys are standard SSH keys so
signet is compatible with OpenSSH's `ssh-keygen -Y sign | verify`.

signet stores encrypted signing keys in keychains located in
~/.config/signet on Unix systems including macOS and Linux, and
the user's AppData folder on Windows.

    signet init -s
    signet keys -c
    signet sign -k <id> -n file <FILE>

Configure git to use signet to sign commits and tags:

    git config user.signingkey <id>
    git config gpg.format      ssh
    git config gpg.ssh.program signet

    git config commit.gpgsign  true
    git config tag.gpgsign     true

Signing keys are encrypted with a password supplied by the user and
that password can be stored in the system keyring or requested via
interactive prompt when required.

[sshsig]: https://github.com/openssh/openssh-portable/blob/master/PROTOCOL.sshsig