package main import ( "flag" "io/ioutil" "log" "dim13.org/signify/ask" "dim13.org/signify/b64file" "dim13.org/signify/key" "dim13.org/signify/zsig" ) // Usage: signify -S [-ez] [-x sigfile] -s seckey -m message func sign(args []string) error { opts := flag.NewFlagSet("sign", flag.ExitOnError) var ( embedded = opts.Bool("e", false, "Embed the message") zip = opts.Bool("z", false, "Sign gzip archive") // TODO sigFile = opts.String("x", "", "Signature file") secFile = opts.String("s", "", "Secret file (required)") msgFile = opts.String("m", "", "Message file (required)") ) opts.Parse(args) if *secFile == "" || *msgFile == "" { opts.Usage() return nil } if *sigFile == "" { *sigFile = SigName(*msgFile) } switch { case *zip && *embedded: return ErrEZ case *zip: if err := signGzip(*secFile, *msgFile, *sigFile); err != nil { return err } case *embedded: if err := signEmbedded(*secFile, *msgFile, *sigFile); err != nil { return err } default: if err := signPlain(*secFile, *msgFile, *sigFile); err != nil { return err } } return nil } func signPlain(secFile, msgFile, sigFile string) error { sec, err := openSec(secFile) if err != nil { return err } msg, err := ioutil.ReadFile(msgFile) if err != nil { return err } sig := sec.Sign(msg) comment := VerifyWith(secFile) fd, err := Create(sigFile, ModeSig) if err != nil { return err } defer fd.Close() return b64file.Encode(fd, sig, comment, nil) } func signEmbedded(secFile, msgFile, sigFile string) error { sec, err := openSec(secFile) if err != nil { return err } msg, err := ioutil.ReadFile(msgFile) if err != nil { return err } sig := sec.Sign(msg) comment := VerifyWith(secFile) fd, err := Create(sigFile, ModeSig) if err != nil { return err } fd.Close() return b64file.Encode(fd, sig, comment, msg) } // TODO func signGzip(secFile, msgFile, sigFile string) error { fd, err := Open(msgFile) if err != nil { return err } defer fd.Close() z, err := zsig.NewReader(fd) if err != nil { return err } log.Println(z) zhead, err := zsig.NewHeader(z) if err != nil { return err } log.Println(zhead) body, err := zhead.MarshalText() if err != nil { return err } log.Println(body) return nil } func openSec(fname string) (*key.Sec, error) { sec := new(key.Sec) fd, err := Open(fname) if err != nil { return nil, err } defer fd.Close() if _, _, err := b64file.Decode(fd, sec); err != nil { return nil, err } if err := sec.Crypt(ask.Passphrase{}); err != nil { return nil, err } if err := sec.Validate(); err != nil { return nil, err } return sec, nil }