From 619afaba8db996ba61d90c69ed2261b5ab910473 Mon Sep 17 00:00:00 2001 From: Dimitri Sokolyuk Date: Wed, 19 Apr 2017 16:21:26 +0200 Subject: Pkg --- cmd/signify/main.go | 205 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 205 insertions(+) create mode 100644 cmd/signify/main.go (limited to 'cmd/signify') diff --git a/cmd/signify/main.go b/cmd/signify/main.go new file mode 100644 index 0000000..6937894 --- /dev/null +++ b/cmd/signify/main.go @@ -0,0 +1,205 @@ +package main + +import ( + "flag" + "fmt" + "io/ioutil" + "log" + "path" + + "dim13.org/signify" +) + +/* + signify -C [-q] -p pubkey -x sigfile [file ...] + signify -G [-n] [-c comment] -p pubkey -s seckey + signify -S [-ez] [-x sigfile] -s seckey -m message + signify -V [-eqz] [-p pubkey] [-t keytype] [-x sigfile] -m message +*/ + +const safePath = "/etc/signify" + +var ( + checksum = flag.Bool("C", false, "Verify a signed checksum list") + generate = flag.Bool("G", false, "Generate a new key pair") + sign = flag.Bool("S", false, "Sign the specfied message") + verify = flag.Bool("V", false, "Verify the message") + comment = flag.String("c", "signify", "Comment") + embed = flag.Bool("e", false, "Embed the message") + msg = flag.String("m", "", "Message file") + nopass = flag.Bool("n", false, "No key passphrase") + pub = flag.String("p", "", "Public key file") + quiet = flag.Bool("q", false, "Quiet mode") + sec = flag.String("s", "", "Secret key file") + sig = flag.String("x", "", "Signature file") + gzip = flag.Bool("z", false, "Sign and verify gzip archives") +) + +func main() { + flag.Parse() + + switch { + case *generate: + rounds := signify.DefaultRounds + if *nopass { + rounds = 0 + } + if err := Generate(*pub, *sec, *comment, rounds); err != nil { + log.Fatal(err) + } + case *sign: + if err := Sign(*msg, *sec, *embed); err != nil { + log.Fatal(err) + } + case *verify: + if err := Verify(*msg, *pub); err != nil { + log.Fatal(err) + } + default: + flag.Usage() + } +} + +func Generate(pubFile, secFile, comment string, rounds int) error { + pubKey, encKey, err := signify.NewKey() + if err != nil { + return err + } + + if rounds > 0 { + pass, err := signify.AskPassword(true) + if err != nil { + return err + } + encKey.Kdf(pass, rounds) + } + + encRaw, err := signify.Marshal(encKey) + if err != nil { + return err + } + + sfile := signify.File{ + Comment: fmt.Sprintf("%s secret key", comment), + RawKey: encRaw, + } + if err := sfile.WriteFile(secFile, signify.SecMode); err != nil { + return err + } + + pubRaw, err := signify.Marshal(pubKey) + if err != nil { + return err + } + pfile := signify.File{ + Comment: fmt.Sprintf("%s public key", comment), + RawKey: pubRaw, + } + if err := pfile.WriteFile(pubFile, signify.PubMode); err != nil { + return err + } + + return nil +} + +func OpenSec(fname string) (*signify.EncKey, error) { + f, err := signify.ParseFile(fname) + if err != nil { + return nil, err + } + encKey := new(signify.EncKey) + if err := signify.Unmarshal(f.RawKey, encKey); err != nil { + return nil, err + } + if encKey.KDFRounds > 0 { + pass, err := signify.AskPassword(false) + if err != nil { + return nil, err + } + encKey.Kdf(pass, int(encKey.KDFRounds)) + } + if err := encKey.Check(); err != nil { + return nil, err + } + return encKey, nil +} + +func OpenPub(fname string) (*signify.PubKey, error) { + f, err := signify.ParseFile(fname) + if err != nil { + return nil, err + } + pubKey := new(signify.PubKey) + if err := signify.Unmarshal(f.RawKey, pubKey); err != nil { + return nil, err + } + if err := pubKey.Check(); err != nil { + return nil, err + } + return pubKey, nil +} + +func OpenSig(fname string) (*signify.Sig, []byte, error) { + f, err := signify.ParseFile(fname + ".sig") + if err != nil { + return nil, nil, err + } + sig := new(signify.Sig) + if err := signify.Unmarshal(f.RawKey, sig); err != nil { + return nil, nil, err + } + if err := sig.Check(); err != nil { + return nil, nil, err + } + if f.Embedded() { + return sig, f.Message, nil + } + msg, err := ioutil.ReadFile(fname) + if err != nil { + return nil, nil, err + } + return sig, msg, nil +} + +func Sign(msgFile, secFile string, embed bool) error { + encKey, err := OpenSec(secFile) + if err != nil { + return err + } + body, err := ioutil.ReadFile(msgFile) + if err != nil { + return err + } + sig := encKey.Sign(body) + sigRaw, err := signify.Marshal(sig) + if err != nil { + return err + } + sigfile := signify.File{ + Comment: fmt.Sprintf("verify with %s", path.Base(secFile)), // TODO replace .sec with .pub + RawKey: sigRaw, + } + if embed { + sigfile.Message = body + } + if err := sigfile.WriteFile(msgFile+".sig", signify.PubMode); err != nil { + return err + } + return nil +} + +func Verify(msgFile, pubFile string) error { + pubKey, err := OpenPub(pubFile) + if err != nil { + return err + } + sig, body, err := OpenSig(msgFile) + if err != nil { + return err + } + if err := pubKey.Verify(body, sig); err != nil { + return err + } + log.Println("Signature Verfied") + return nil +} -- cgit v1.2.3