Signify: Cryptographically Sign and Verify Files
HowTo: Use Signify on Debian (based) Distributions
Written in 2014 for OpenBSD, signify is a tool to cryptographically sign and verify files: 
It only supports a single algorithm, Ed25519, created by djb and his gang. It’s fast, immune to timing attacks by design, produce deterministic signatures, uses small keys and produce small signatures, … it does look like a sound choice.
Signify's main benefits is that it has a small codebase and is not based on GnuPG. On the downside, there is no revocation mechanism  and the trust path relies on getting the key directly from a trusted developer. 
Installation and Usage
1. Install signify.
signify-openbsd qrencode. To accomplish that, the following steps A. to D. need to be done.
A. Update the package lists.
sudo apt update
B. Upgrade the system.
sudo apt full-upgrade
C. Install the
signify-openbsd qrencode package.
sudo apt install --no-install-recommends signify-openbsd qrencode
The procedure of installing
signify-openbsd qrencode is complete.
2. Create a key.
This only needs to be done once unless multiple keys are desired; in that case different key names should be used. In the following example,
keyname is used as the sample key name.
signify-openbsd -G -p keyname.pub -s keyname.sec
3. Optional: Add a key comment.
comments here with the actual comment but keep the
". The comment could be a name, position, website, e-mail address and/or anything else.
signify-openbsd -G -p keyname.pub -s keyname.sec -c "comments here"
- The private key file
keyname.secneeds to stay private -- never share
keyname.secwith anyone as this would defeat the purpose of signing files!
- The public key file
keyname.pubcan be shared with anyone.
4. Utilize signify.
To sign a file
message.txt (which has to be created by the user beforehand).
signify-openbsd -S -s keyname.sec -m message.txt
This will create a signature file
To verify a file
message.txt with signature file
signify-openbsd -V -p keyname.pub -m message.txt
5. Optional: Create a QR code for the public key.
qrencode -r keyname.pub -o keyname.pub.png
keyname.pub.png would be the QR code of the public key.
Refer to the Debian signify-openbsd Manual Page for further options.
- Meaning if the key is stolen, people can only be informed the key should not be trusted anymore.