Open BTBurke opened 4 years ago
Yeah adding in a --quiet option sounds like a good idea.
I think the bigger issue is the lack of any output when you verify something. For example, if I sign a file with minisign, I get a nice console output saying that the signature is valid, time, comment, etc.
$ minisign -V -m test.txt
Signature and comment signature verified
Trusted comment: timestamp:1589922579 file:test.txt
The other nice thing about the minisign UX is that there is an option to hash large files and then sign the hash instead of the whole file.
Saltpack sign v2 supports streaming in the case of large files, https://saltpack.org/signing-format-v2.
I haven't looked into supporting comments and time and nicer output but those sound like good improvements.
Hi @gabriel
I want to use keys to sign a SHA256 hash of a binary, but the UX seems off to me. As far as I can tell so far, there is no output when the signature is successfully verified. The only obvious sign that it did something is a 0 exit code.
I started with this:
Then verified with this:
That works, because I get "verify failed" if I make a change to the binary.
But, from a user experience perspective I think it would inspire more confidence if a successful verification also had something on stdout, with maybe a
-q, --quiet
flag to only look at the return code.