aboutsummaryrefslogtreecommitdiff
path: root/sign.go
diff options
context:
space:
mode:
Diffstat (limited to 'sign.go')
-rw-r--r--sign.go77
1 files changed, 77 insertions, 0 deletions
diff --git a/sign.go b/sign.go
new file mode 100644
index 0000000..4eee930
--- /dev/null
+++ b/sign.go
@@ -0,0 +1,77 @@
+package main
+
+import (
+ "flag"
+ "fmt"
+ "io/ioutil"
+ "os"
+
+ "dim13.org/signify/ask"
+ "dim13.org/signify/file"
+ "dim13.org/signify/key"
+)
+
+// Usage: signify -S [-ez] [-x sigfile] -s seckey -m message
+
+func Sign() error {
+ args := flag.NewFlagSet("sign", flag.ExitOnError)
+ var (
+ embedded = args.Bool("e", false, "Embed the message")
+ zip = args.Bool("z", false, "Sign gzip archive")
+ sigFile = args.String("x", "", "Signature file")
+ encFile = args.String("s", "", "Secret file (required)")
+ msgFile = args.String("m", "", "Message file (required)")
+ )
+ args.Parse(os.Args[2:])
+ if *embedded && *zip {
+ return ErrEZ
+ }
+ if *encFile == "" || *msgFile == "" {
+ args.Usage()
+ return nil
+ }
+ _, _ = zip, sigFile
+
+ encKey, err := OpenEnc(*encFile)
+ if err != nil {
+ return err
+ }
+ body, err := ioutil.ReadFile(*msgFile)
+ if err != nil {
+ return err
+ }
+ sig := encKey.Sign(body)
+ sigRaw, err := key.Marshal(sig)
+ if err != nil {
+ return err
+ }
+ block := &file.Block{
+ Comment: fmt.Sprintf("verify with %s", file.PubName(*encFile)),
+ Bytes: sigRaw,
+ }
+ if *embedded {
+ block.Message = body
+ }
+ if err := file.EncodeFile(*msgFile+".sig", file.SigMode, block); err != nil {
+ return err
+ }
+ return nil
+}
+
+func OpenEnc(fname string) (*key.Enc, error) {
+ block, err := file.DecodeFile(fname)
+ if err != nil {
+ return nil, err
+ }
+ encKey := new(key.Enc)
+ if err := key.Unmarshal(block.Bytes, encKey); err != nil {
+ return nil, err
+ }
+ if err := Kdf(encKey, ask.Password); err != nil {
+ return nil, err
+ }
+ if err := encKey.Check(); err != nil {
+ return nil, err
+ }
+ return encKey, nil
+}