From 8bb62c061174bc9098d7ccf1b6772783f1336ba9 Mon Sep 17 00:00:00 2001 From: Dimitri Sokolyuk Date: Tue, 13 Feb 2018 01:22:10 +0100 Subject: combine --- check.go | 43 ------------- cmd_check.go | 43 +++++++++++++ cmd_generate.go | 78 ++++++++++++++++++++++++ cmd_sign.go | 152 ++++++++++++++++++++++++++++++++++++++++++++++ cmd_verify.go | 183 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++ generate.go | 78 ------------------------ main.go | 11 ++++ progname.go | 16 ----- sign.go | 152 ---------------------------------------------- verify.go | 183 -------------------------------------------------------- 10 files changed, 467 insertions(+), 472 deletions(-) delete mode 100644 check.go create mode 100644 cmd_check.go create mode 100644 cmd_generate.go create mode 100644 cmd_sign.go create mode 100644 cmd_verify.go delete mode 100644 generate.go delete mode 100644 progname.go delete mode 100644 sign.go delete mode 100644 verify.go diff --git a/check.go b/check.go deleted file mode 100644 index 2dfb786..0000000 --- a/check.go +++ /dev/null @@ -1,43 +0,0 @@ -package main - -import ( - "context" - "flag" - "fmt" - - "github.com/google/subcommands" -) - -// Usage: signify -C [-q] -p pubkey -x sigfile [file ...] - -type checkCommand struct { - quiet bool - pubFile string - sigFile string -} - -func (c *checkCommand) Name() string { return "check" } -func (c *checkCommand) Synopsis() string { return "check signatures" } -func (c *checkCommand) Usage() string { - return "check [-q] -p pubkey -x sigfile [file ...]\n" -} - -func (c *checkCommand) SetFlags(f *flag.FlagSet) { - f.BoolVar(&c.quiet, "q", false, "quiet mode") - f.StringVar(&c.pubFile, "p", "", "public key file (required)") - f.StringVar(&c.sigFile, "x", "", "signature file (required)") -} - -func (c *checkCommand) Execute(ctx context.Context, f *flag.FlagSet, args ...interface{}) subcommands.ExitStatus { - if c.pubFile == "" || c.sigFile == "" { - f.Usage() - return subcommands.ExitUsageError - } - files := make([]string, f.NArg()) - for i := 0; i < f.NArg(); i++ { - files[i] = f.Arg(i) - } - fmt.Println(files) - // TODO - return subcommands.ExitSuccess -} diff --git a/cmd_check.go b/cmd_check.go new file mode 100644 index 0000000..2dfb786 --- /dev/null +++ b/cmd_check.go @@ -0,0 +1,43 @@ +package main + +import ( + "context" + "flag" + "fmt" + + "github.com/google/subcommands" +) + +// Usage: signify -C [-q] -p pubkey -x sigfile [file ...] + +type checkCommand struct { + quiet bool + pubFile string + sigFile string +} + +func (c *checkCommand) Name() string { return "check" } +func (c *checkCommand) Synopsis() string { return "check signatures" } +func (c *checkCommand) Usage() string { + return "check [-q] -p pubkey -x sigfile [file ...]\n" +} + +func (c *checkCommand) SetFlags(f *flag.FlagSet) { + f.BoolVar(&c.quiet, "q", false, "quiet mode") + f.StringVar(&c.pubFile, "p", "", "public key file (required)") + f.StringVar(&c.sigFile, "x", "", "signature file (required)") +} + +func (c *checkCommand) Execute(ctx context.Context, f *flag.FlagSet, args ...interface{}) subcommands.ExitStatus { + if c.pubFile == "" || c.sigFile == "" { + f.Usage() + return subcommands.ExitUsageError + } + files := make([]string, f.NArg()) + for i := 0; i < f.NArg(); i++ { + files[i] = f.Arg(i) + } + fmt.Println(files) + // TODO + return subcommands.ExitSuccess +} diff --git a/cmd_generate.go b/cmd_generate.go new file mode 100644 index 0000000..74c24e5 --- /dev/null +++ b/cmd_generate.go @@ -0,0 +1,78 @@ +package main + +import ( + "context" + "encoding" + "flag" + "log" + "os" + + "dim13.org/signify/ask" + "dim13.org/signify/b64file" + "dim13.org/signify/key" + "github.com/google/subcommands" +) + +// Usage: signify -G [-n] [-c comment] -p pubkey -s seckey + +type generateCommand struct { + nopass bool + comment string + pubFile string + secFile string +} + +func (g *generateCommand) Name() string { return "generate" } +func (g *generateCommand) Synopsis() string { return "generate key" } +func (g *generateCommand) Usage() string { + return "generate [-n] [-c comment] -p pubkey -s seckey\n" +} + +func (g *generateCommand) SetFlags(f *flag.FlagSet) { + f.BoolVar(&g.nopass, "n", false, "no key passphrase") + f.StringVar(&g.comment, "c", "signify", "comment") + f.StringVar(&g.pubFile, "p", "", "public key file (required)") + f.StringVar(&g.secFile, "s", "", "secret key file (required)") +} + +func (g *generateCommand) Execute(ctx context.Context, f *flag.FlagSet, args ...interface{}) subcommands.ExitStatus { + if g.pubFile == "" || g.secFile == "" { + f.Usage() + return subcommands.ExitUsageError + } + if err := ValidateNames(g.pubFile, g.secFile); err != nil { + log.Println(err) + return subcommands.ExitFailure + } + + var der key.Deriver + if !g.nopass { + der = ask.Confirmed{} + } + + pubKey, secKey, err := key.Generate(der) + if err != nil { + log.Println(err) + return subcommands.ExitFailure + } + + if err := writeFile(g.secFile, g.comment+" secret key", secKey, ModeSec); err != nil { + log.Println(err) + return subcommands.ExitFailure + } + if err := writeFile(g.pubFile, g.comment+" public key", pubKey, ModePub); err != nil { + log.Println(err) + return subcommands.ExitFailure + } + + return subcommands.ExitSuccess +} + +func writeFile(fname, comment string, u encoding.BinaryMarshaler, mode os.FileMode) error { + fd, err := Create(fname, mode) + if err != nil { + return err + } + defer fd.Close() + return b64file.Encode(fd, u, comment, nil) +} diff --git a/cmd_sign.go b/cmd_sign.go new file mode 100644 index 0000000..91b58ea --- /dev/null +++ b/cmd_sign.go @@ -0,0 +1,152 @@ +package main + +import ( + "context" + "flag" + "io/ioutil" + "log" + + "dim13.org/signify/ask" + "dim13.org/signify/b64file" + "dim13.org/signify/key" + "dim13.org/signify/zsig" + "github.com/google/subcommands" +) + +// Usage: signify -S [-ez] [-x sigfile] -s seckey -m message + +type signCommand struct { + embedded bool + zip bool + sigFile string + secFile string + msgFile string +} + +func (s *signCommand) Name() string { return "sign" } +func (s *signCommand) Synopsis() string { return "sign file" } +func (s *signCommand) Usage() string { + return "sign [-ez] [-x sigfile] -s seckey -m message\n" +} + +func (s *signCommand) SetFlags(f *flag.FlagSet) { + f.BoolVar(&s.embedded, "e", false, "embed the message") + f.BoolVar(&s.zip, "z", false, "sign gzip archive") // TODO + f.StringVar(&s.sigFile, "x", "", "signature file") + f.StringVar(&s.secFile, "s", "", "secret file (required)") + f.StringVar(&s.msgFile, "m", "", "message file (required)") +} + +func (s *signCommand) Execute(ctx context.Context, f *flag.FlagSet, args ...interface{}) subcommands.ExitStatus { + if s.secFile == "" || s.msgFile == "" { + f.Usage() + return subcommands.ExitUsageError + } + if s.sigFile == "" { + s.sigFile = SigName(s.msgFile) + } + + switch { + case s.zip && s.embedded: + return subcommands.ExitUsageError + case s.zip: + if err := signGzip(s.secFile, s.msgFile, s.sigFile); err != nil { + log.Println(err) + return subcommands.ExitFailure + } + case s.embedded: + if err := signEmbedded(s.secFile, s.msgFile, s.sigFile); err != nil { + log.Println(err) + return subcommands.ExitFailure + } + default: + if err := signPlain(s.secFile, s.msgFile, s.sigFile); err != nil { + log.Println(err) + return subcommands.ExitFailure + } + } + + return subcommands.ExitSuccess +} + +func signPlain(secFile, msgFile, sigFile string) error { + sec, err := openSec(secFile) + if err != nil { + return err + } + msg, err := ioutil.ReadFile(msgFile) + if err != nil { + return err + } + sig := sec.Sign(msg) + comment := VerifyWith(secFile) + fd, err := Create(sigFile, ModeSig) + if err != nil { + return err + } + defer fd.Close() + return b64file.Encode(fd, sig, comment, nil) +} + +func signEmbedded(secFile, msgFile, sigFile string) error { + sec, err := openSec(secFile) + if err != nil { + return err + } + msg, err := ioutil.ReadFile(msgFile) + if err != nil { + return err + } + sig := sec.Sign(msg) + comment := VerifyWith(secFile) + fd, err := Create(sigFile, ModeSig) + if err != nil { + return err + } + fd.Close() + return b64file.Encode(fd, sig, comment, msg) +} + +// TODO +func signGzip(secFile, msgFile, sigFile string) error { + fd, err := Open(msgFile) + if err != nil { + return err + } + defer fd.Close() + z, err := zsig.NewReader(fd) + if err != nil { + return err + } + log.Println(z) + zhead, err := zsig.NewHeader(z) + if err != nil { + return err + } + log.Println(zhead) + body, err := zhead.MarshalText() + if err != nil { + return err + } + log.Println(body) + return nil +} + +func openSec(fname string) (*key.Sec, error) { + sec := new(key.Sec) + fd, err := Open(fname) + if err != nil { + return nil, err + } + defer fd.Close() + if _, _, err := b64file.Decode(fd, sec); err != nil { + return nil, err + } + if err := sec.Crypt(ask.Passphrase{}); err != nil { + return nil, err + } + if err := sec.Validate(); err != nil { + return nil, err + } + return sec, nil +} diff --git a/cmd_verify.go b/cmd_verify.go new file mode 100644 index 0000000..c38955d --- /dev/null +++ b/cmd_verify.go @@ -0,0 +1,183 @@ +package main + +import ( + "context" + "flag" + "fmt" + "io/ioutil" + "log" + "strings" + + "dim13.org/signify/b64file" + "dim13.org/signify/key" + "dim13.org/signify/zsig" + "github.com/google/subcommands" +) + +// Usage: signify -V [-eqz] [-p pubkey] [-t keytype] [-x sigfile] -m message + +type verifyCommand struct { + embedded bool + quiet bool + zip bool + pubFile string + keyFile string + sigFile string + msgFile string +} + +func (v *verifyCommand) Name() string { return "verify" } +func (v *verifyCommand) Synopsis() string { return "verify signature" } +func (v *verifyCommand) Usage() string { + return "verify [-eqz] [-p pubkey] [-t keytype] [-x sigfile] -m message\n" +} + +func (v *verifyCommand) SetFlags(f *flag.FlagSet) { + f.BoolVar(&v.embedded, "e", false, "embed message") + f.BoolVar(&v.quiet, "q", false, "quiet mode") + f.BoolVar(&v.zip, "z", false, "verify gzip archive") // TODO + f.StringVar(&v.pubFile, "p", "", "public key file") + f.StringVar(&v.keyFile, "t", "", "key type") // TODO + f.StringVar(&v.sigFile, "x", "", "signature file") + f.StringVar(&v.msgFile, "m", "", "message file (required)") +} + +func (v *verifyCommand) Execute(ctx context.Context, f *flag.FlagSet, args ...interface{}) subcommands.ExitStatus { + if v.msgFile == "" { + f.Usage() + return subcommands.ExitUsageError + } + if v.sigFile == "" { + v.sigFile = SigName(v.msgFile) + } + // TODO keyType + + switch { + case v.zip && v.embedded: + return subcommands.ExitUsageError + case v.zip: + if err := verifyGzip(v.pubFile, v.sigFile); err != nil { + log.Println(err) + return subcommands.ExitFailure + } + case v.embedded: + if err := verifyEmbedded(v.pubFile, v.sigFile); err != nil { + log.Println(err) + return subcommands.ExitFailure + } + default: + if err := verifyPlain(v.pubFile, v.sigFile, v.msgFile); err != nil { + log.Println(err) + return subcommands.ExitFailure + } + } + if !v.quiet { + fmt.Println("Signature Verified") + } + return subcommands.ExitSuccess +} + +func verifyPlain(pubFile, sigFile, msgFile string) error { + msg, err := ioutil.ReadFile(msgFile) + if err != nil { + return err + } + sig, _, verifyWith, err := openSig(sigFile) + if err != nil { + return err + } + if pubFile == "" { + pubFile = verifyWith + } + pub, err := openPub(pubFile) + if err != nil { + return err + } + return sig.Verify(msg, pub) +} + +func verifyEmbedded(pubFile, sigFile string) error { + sig, msg, verifyWith, err := openSig(sigFile) + if err != nil { + return err + } + if pubFile == "" { + pubFile = verifyWith + } + pub, err := openPub(pubFile) + if err != nil { + return err + } + return sig.Verify(msg, pub) +} + +// TODO ugly work-in-progress +func verifyGzip(pubFile, sigFile string) error { + fd, err := Open(sigFile) + if err != nil { + return err + } + defer fd.Close() + z, err := zsig.NewReader(fd) + if err != nil { + return err + } + + sig := new(key.Sig) + _, msg, err := b64file.Decode(strings.NewReader(z.Comment), sig) + if err != nil { + return err + } + if err := sig.Validate(); err != nil { + return err + } + + pub, err := openPub(pubFile) + if err != nil { + return err + } + if err := sig.Verify(msg, pub); err != nil { + return err + } + + zhead, err := zsig.ParseBytes(msg) + if err != nil { + return err + } + + return zhead.Verify(z) +} + +func openPub(fname string) (*key.Pub, error) { + pub := new(key.Pub) + fd, err := Open(fname) + if err != nil { + return nil, err + } + defer fd.Close() + if _, _, err := b64file.Decode(fd, pub); err != nil { + return nil, err + } + if err := pub.Validate(); err != nil { + return nil, err + } + return pub, nil +} + +func openSig(fname string) (*key.Sig, []byte, string, error) { + sig := new(key.Sig) + fd, err := Open(fname) + if err != nil { + return nil, nil, "", err + } + defer fd.Close() + comment, msg, err := b64file.Decode(fd, sig) + if err != nil { + return nil, nil, "", err + } + if err := sig.Validate(); err != nil { + return nil, nil, "", err + } + pubKey := CommentPubFile(comment) + return sig, msg, pubKey, nil +} diff --git a/generate.go b/generate.go deleted file mode 100644 index 74c24e5..0000000 --- a/generate.go +++ /dev/null @@ -1,78 +0,0 @@ -package main - -import ( - "context" - "encoding" - "flag" - "log" - "os" - - "dim13.org/signify/ask" - "dim13.org/signify/b64file" - "dim13.org/signify/key" - "github.com/google/subcommands" -) - -// Usage: signify -G [-n] [-c comment] -p pubkey -s seckey - -type generateCommand struct { - nopass bool - comment string - pubFile string - secFile string -} - -func (g *generateCommand) Name() string { return "generate" } -func (g *generateCommand) Synopsis() string { return "generate key" } -func (g *generateCommand) Usage() string { - return "generate [-n] [-c comment] -p pubkey -s seckey\n" -} - -func (g *generateCommand) SetFlags(f *flag.FlagSet) { - f.BoolVar(&g.nopass, "n", false, "no key passphrase") - f.StringVar(&g.comment, "c", "signify", "comment") - f.StringVar(&g.pubFile, "p", "", "public key file (required)") - f.StringVar(&g.secFile, "s", "", "secret key file (required)") -} - -func (g *generateCommand) Execute(ctx context.Context, f *flag.FlagSet, args ...interface{}) subcommands.ExitStatus { - if g.pubFile == "" || g.secFile == "" { - f.Usage() - return subcommands.ExitUsageError - } - if err := ValidateNames(g.pubFile, g.secFile); err != nil { - log.Println(err) - return subcommands.ExitFailure - } - - var der key.Deriver - if !g.nopass { - der = ask.Confirmed{} - } - - pubKey, secKey, err := key.Generate(der) - if err != nil { - log.Println(err) - return subcommands.ExitFailure - } - - if err := writeFile(g.secFile, g.comment+" secret key", secKey, ModeSec); err != nil { - log.Println(err) - return subcommands.ExitFailure - } - if err := writeFile(g.pubFile, g.comment+" public key", pubKey, ModePub); err != nil { - log.Println(err) - return subcommands.ExitFailure - } - - return subcommands.ExitSuccess -} - -func writeFile(fname, comment string, u encoding.BinaryMarshaler, mode os.FileMode) error { - fd, err := Create(fname, mode) - if err != nil { - return err - } - defer fd.Close() - return b64file.Encode(fd, u, comment, nil) -} diff --git a/main.go b/main.go index 5088e84..1c6a0b6 100644 --- a/main.go +++ b/main.go @@ -3,11 +3,22 @@ package main import ( "context" "flag" + "log" "os" + "path" "github.com/google/subcommands" ) +func init() { + log.SetFlags(0) + log.SetPrefix(progName() + ": ") +} + +func progName() string { + return path.Base(os.Args[0]) +} + func main() { subcommands.Register(subcommands.CommandsCommand(), "") subcommands.Register(subcommands.FlagsCommand(), "") diff --git a/progname.go b/progname.go deleted file mode 100644 index 5f14ac5..0000000 --- a/progname.go +++ /dev/null @@ -1,16 +0,0 @@ -package main - -import ( - "log" - "os" - "path" -) - -func init() { - log.SetFlags(0) - log.SetPrefix(progName() + ": ") -} - -func progName() string { - return path.Base(os.Args[0]) -} diff --git a/sign.go b/sign.go deleted file mode 100644 index 91b58ea..0000000 --- a/sign.go +++ /dev/null @@ -1,152 +0,0 @@ -package main - -import ( - "context" - "flag" - "io/ioutil" - "log" - - "dim13.org/signify/ask" - "dim13.org/signify/b64file" - "dim13.org/signify/key" - "dim13.org/signify/zsig" - "github.com/google/subcommands" -) - -// Usage: signify -S [-ez] [-x sigfile] -s seckey -m message - -type signCommand struct { - embedded bool - zip bool - sigFile string - secFile string - msgFile string -} - -func (s *signCommand) Name() string { return "sign" } -func (s *signCommand) Synopsis() string { return "sign file" } -func (s *signCommand) Usage() string { - return "sign [-ez] [-x sigfile] -s seckey -m message\n" -} - -func (s *signCommand) SetFlags(f *flag.FlagSet) { - f.BoolVar(&s.embedded, "e", false, "embed the message") - f.BoolVar(&s.zip, "z", false, "sign gzip archive") // TODO - f.StringVar(&s.sigFile, "x", "", "signature file") - f.StringVar(&s.secFile, "s", "", "secret file (required)") - f.StringVar(&s.msgFile, "m", "", "message file (required)") -} - -func (s *signCommand) Execute(ctx context.Context, f *flag.FlagSet, args ...interface{}) subcommands.ExitStatus { - if s.secFile == "" || s.msgFile == "" { - f.Usage() - return subcommands.ExitUsageError - } - if s.sigFile == "" { - s.sigFile = SigName(s.msgFile) - } - - switch { - case s.zip && s.embedded: - return subcommands.ExitUsageError - case s.zip: - if err := signGzip(s.secFile, s.msgFile, s.sigFile); err != nil { - log.Println(err) - return subcommands.ExitFailure - } - case s.embedded: - if err := signEmbedded(s.secFile, s.msgFile, s.sigFile); err != nil { - log.Println(err) - return subcommands.ExitFailure - } - default: - if err := signPlain(s.secFile, s.msgFile, s.sigFile); err != nil { - log.Println(err) - return subcommands.ExitFailure - } - } - - return subcommands.ExitSuccess -} - -func signPlain(secFile, msgFile, sigFile string) error { - sec, err := openSec(secFile) - if err != nil { - return err - } - msg, err := ioutil.ReadFile(msgFile) - if err != nil { - return err - } - sig := sec.Sign(msg) - comment := VerifyWith(secFile) - fd, err := Create(sigFile, ModeSig) - if err != nil { - return err - } - defer fd.Close() - return b64file.Encode(fd, sig, comment, nil) -} - -func signEmbedded(secFile, msgFile, sigFile string) error { - sec, err := openSec(secFile) - if err != nil { - return err - } - msg, err := ioutil.ReadFile(msgFile) - if err != nil { - return err - } - sig := sec.Sign(msg) - comment := VerifyWith(secFile) - fd, err := Create(sigFile, ModeSig) - if err != nil { - return err - } - fd.Close() - return b64file.Encode(fd, sig, comment, msg) -} - -// TODO -func signGzip(secFile, msgFile, sigFile string) error { - fd, err := Open(msgFile) - if err != nil { - return err - } - defer fd.Close() - z, err := zsig.NewReader(fd) - if err != nil { - return err - } - log.Println(z) - zhead, err := zsig.NewHeader(z) - if err != nil { - return err - } - log.Println(zhead) - body, err := zhead.MarshalText() - if err != nil { - return err - } - log.Println(body) - return nil -} - -func openSec(fname string) (*key.Sec, error) { - sec := new(key.Sec) - fd, err := Open(fname) - if err != nil { - return nil, err - } - defer fd.Close() - if _, _, err := b64file.Decode(fd, sec); err != nil { - return nil, err - } - if err := sec.Crypt(ask.Passphrase{}); err != nil { - return nil, err - } - if err := sec.Validate(); err != nil { - return nil, err - } - return sec, nil -} diff --git a/verify.go b/verify.go deleted file mode 100644 index c38955d..0000000 --- a/verify.go +++ /dev/null @@ -1,183 +0,0 @@ -package main - -import ( - "context" - "flag" - "fmt" - "io/ioutil" - "log" - "strings" - - "dim13.org/signify/b64file" - "dim13.org/signify/key" - "dim13.org/signify/zsig" - "github.com/google/subcommands" -) - -// Usage: signify -V [-eqz] [-p pubkey] [-t keytype] [-x sigfile] -m message - -type verifyCommand struct { - embedded bool - quiet bool - zip bool - pubFile string - keyFile string - sigFile string - msgFile string -} - -func (v *verifyCommand) Name() string { return "verify" } -func (v *verifyCommand) Synopsis() string { return "verify signature" } -func (v *verifyCommand) Usage() string { - return "verify [-eqz] [-p pubkey] [-t keytype] [-x sigfile] -m message\n" -} - -func (v *verifyCommand) SetFlags(f *flag.FlagSet) { - f.BoolVar(&v.embedded, "e", false, "embed message") - f.BoolVar(&v.quiet, "q", false, "quiet mode") - f.BoolVar(&v.zip, "z", false, "verify gzip archive") // TODO - f.StringVar(&v.pubFile, "p", "", "public key file") - f.StringVar(&v.keyFile, "t", "", "key type") // TODO - f.StringVar(&v.sigFile, "x", "", "signature file") - f.StringVar(&v.msgFile, "m", "", "message file (required)") -} - -func (v *verifyCommand) Execute(ctx context.Context, f *flag.FlagSet, args ...interface{}) subcommands.ExitStatus { - if v.msgFile == "" { - f.Usage() - return subcommands.ExitUsageError - } - if v.sigFile == "" { - v.sigFile = SigName(v.msgFile) - } - // TODO keyType - - switch { - case v.zip && v.embedded: - return subcommands.ExitUsageError - case v.zip: - if err := verifyGzip(v.pubFile, v.sigFile); err != nil { - log.Println(err) - return subcommands.ExitFailure - } - case v.embedded: - if err := verifyEmbedded(v.pubFile, v.sigFile); err != nil { - log.Println(err) - return subcommands.ExitFailure - } - default: - if err := verifyPlain(v.pubFile, v.sigFile, v.msgFile); err != nil { - log.Println(err) - return subcommands.ExitFailure - } - } - if !v.quiet { - fmt.Println("Signature Verified") - } - return subcommands.ExitSuccess -} - -func verifyPlain(pubFile, sigFile, msgFile string) error { - msg, err := ioutil.ReadFile(msgFile) - if err != nil { - return err - } - sig, _, verifyWith, err := openSig(sigFile) - if err != nil { - return err - } - if pubFile == "" { - pubFile = verifyWith - } - pub, err := openPub(pubFile) - if err != nil { - return err - } - return sig.Verify(msg, pub) -} - -func verifyEmbedded(pubFile, sigFile string) error { - sig, msg, verifyWith, err := openSig(sigFile) - if err != nil { - return err - } - if pubFile == "" { - pubFile = verifyWith - } - pub, err := openPub(pubFile) - if err != nil { - return err - } - return sig.Verify(msg, pub) -} - -// TODO ugly work-in-progress -func verifyGzip(pubFile, sigFile string) error { - fd, err := Open(sigFile) - if err != nil { - return err - } - defer fd.Close() - z, err := zsig.NewReader(fd) - if err != nil { - return err - } - - sig := new(key.Sig) - _, msg, err := b64file.Decode(strings.NewReader(z.Comment), sig) - if err != nil { - return err - } - if err := sig.Validate(); err != nil { - return err - } - - pub, err := openPub(pubFile) - if err != nil { - return err - } - if err := sig.Verify(msg, pub); err != nil { - return err - } - - zhead, err := zsig.ParseBytes(msg) - if err != nil { - return err - } - - return zhead.Verify(z) -} - -func openPub(fname string) (*key.Pub, error) { - pub := new(key.Pub) - fd, err := Open(fname) - if err != nil { - return nil, err - } - defer fd.Close() - if _, _, err := b64file.Decode(fd, pub); err != nil { - return nil, err - } - if err := pub.Validate(); err != nil { - return nil, err - } - return pub, nil -} - -func openSig(fname string) (*key.Sig, []byte, string, error) { - sig := new(key.Sig) - fd, err := Open(fname) - if err != nil { - return nil, nil, "", err - } - defer fd.Close() - comment, msg, err := b64file.Decode(fd, sig) - if err != nil { - return nil, nil, "", err - } - if err := sig.Validate(); err != nil { - return nil, nil, "", err - } - pubKey := CommentPubFile(comment) - return sig, msg, pubKey, nil -} -- cgit v1.2.3