package main import ( "errors" "flag" "fmt" "io/ioutil" "log" "path" ) const ( verFailed = "signature verfication failed" verOK = "Signature Verfied" ) /* signify -C [-q] -p pubkey -x sigfile [file ...] signify -G [-n] [-c comment] -p pubkey -s seckey signify -S [-ez] [-x sigfile] -s seckey -m message signify -V [-eqz] [-p pubkey] [-t keytype] [-x sigfile] -m message */ var ( checksum = flag.Bool("C", false, "Verify a signed checksum list") generate = flag.Bool("G", false, "Generate a new key pair") sign = flag.Bool("S", false, "Sign the specfied message") verify = flag.Bool("V", false, "Verify the message") comment = flag.String("c", "signify", "Comment") embed = flag.Bool("e", false, "Embed the message") msg = flag.String("m", "", "Message file") nopass = flag.Bool("n", false, "No key passphrase") pub = flag.String("p", "", "Public key file") quiet = flag.Bool("q", false, "Quiet mode") sec = flag.String("s", "", "Secret key file") sig = flag.String("x", "", "Signature file") gzip = flag.Bool("z", false, "Sign and verify gzip archives") ) func main() { flag.Parse() switch { case *generate: rounds := DefaultRounds if *nopass { rounds = 0 } if err := Generate(*pub, *sec, *comment, rounds); err != nil { log.Fatal(err) } case *sign: if err := Sign(*msg, *sec, *embed); err != nil { log.Fatal(err) } case *verify: if err := Verify(*msg, *pub); err != nil { log.Fatal(err) } default: flag.Usage() } } func Generate(pubFile, secFile, comment string, rounds int) error { pubKey, encKey, err := NewKey() if err != nil { return err } if rounds > 0 { pass, err := AskPassword(nil, true) if err != nil { return err } encKey.Kdf(pass, rounds) } encRaw, err := Marshal(encKey) if err != nil { return err } sfile := File{ Comment: fmt.Sprintf("%s secret key", comment), RawKey: encRaw, } if err := sfile.WriteFile(secFile, SecMode); err != nil { return err } pubRaw, err := Marshal(pubKey) if err != nil { return err } pfile := File{ Comment: fmt.Sprintf("%s public key", comment), RawKey: pubRaw, } if err := pfile.WriteFile(pubFile, PubMode); err != nil { return err } return nil } func Sign(msgFile, secFile string, embed bool) error { sfile, err := ParseFile(secFile) if err != nil { return err } encKey := new(EncKey) if err := Unmarshal(sfile.RawKey, encKey); err != nil { return err } if encKey.KDFRounds > 0 { pass, err := AskPassword(nil, false) if err != nil { return err } encKey.Kdf(pass, int(encKey.KDFRounds)) } if !encKey.IsValid() { return errors.New("invalid key") } body, err := ioutil.ReadFile(msgFile) if err != nil { return err } sig := encKey.Sign(body) sigRaw, err := Marshal(sig) if err != nil { return err } sigfile := File{ Comment: fmt.Sprintf("verify with %s", path.Base(secFile)), // TODO replace .sec with .pub RawKey: sigRaw, } if embed { sigfile.Message = body } if err := sigfile.WriteFile(msgFile+".sig", PubMode); err != nil { return err } return nil } func Verify(msgFile, pubFile string) error { return nil }