Signing and Verifying Messages

The nacl libs have the capability to sign and verify messages. Please be advised that public key encrypted messages do not need to be signed, the nacl box construct verifies the validity of the sender.

To sign and verify messages use the Signer and Verifier classes:

import libnacl.sign

msg = (b'Well, that\'s no ordinary rabbit.  That\'s the most foul, '
       b'cruel, and bad-tempered rodent you ever set eyes on.')
# Create a Signer Object, if the key seed value is not passed in the
# signing keys will be automatically generated
signer = libnacl.sign.Signer()
# Sign the message, the signed string is the message itself plus the
# signature
signed = signer.sign(msg)
# If only the signature is desired without the message:
signature = signer.signature(msg)
# To create a verifier pass in the verify key:
veri = libnacl.sign.Verifier(signer.hex_vk())
# Verify the message!
verified = veri.verify(signed)
verified2 = veri.verify(signature + msg)

Saving Keys to Disk

All libnacl key objects can be safely saved to disk via the save method. This method changes the umask before saving the key file to ensure that the saved file can only be read by the user creating it and cannot be written to.

import libnacl.sign

signer = libnacl.sign.Signer()
signer.save('/etc/nacl/signer.key')