package main import ( "flag" "io/ioutil" "dim13.org/signify/ask" "dim13.org/signify/file" "dim13.org/signify/key" ) // Usage: signify -S [-ez] [-x sigfile] -s seckey -m message func sign(args []string) error { opts := flag.NewFlagSet("sign", flag.ExitOnError) var ( embedded = opts.Bool("e", false, "Embed the message") zip = opts.Bool("z", false, "Sign gzip archive") // TODO sigFile = opts.String("x", "", "Signature file") secFile = opts.String("s", "", "Secret file (required)") msgFile = opts.String("m", "", "Message file (required)") ) opts.Parse(args) if *secFile == "" || *msgFile == "" { opts.Usage() return nil } if *sigFile == "" { *sigFile = file.SigName(*msgFile) } switch { case *zip && *embedded: return ErrEZ case *zip: if err := signGzip(*secFile, *msgFile, *sigFile); err != nil { return err } case *embedded: if err := signEmbedded(*secFile, *msgFile, *sigFile); err != nil { return err } default: if err := signPlain(*secFile, *msgFile, *sigFile); err != nil { return err } } return nil } func signPlain(secFile, msgFile, sigFile string) error { sec, err := openSec(secFile) if err != nil { return err } msg, err := ioutil.ReadFile(msgFile) if err != nil { return err } sig := sec.Sign(msg) comment := file.VerifyWith(secFile) return file.EncodeFile(sigFile, file.ModeSig, sig, comment, nil) } func signEmbedded(secFile, msgFile, sigFile string) error { sec, err := openSec(secFile) if err != nil { return err } msg, err := ioutil.ReadFile(msgFile) if err != nil { return err } sig := sec.Sign(msg) comment := file.VerifyWith(secFile) return file.EncodeFile(sigFile, file.ModeSig, sig, comment, msg) } func signGzip(secFile, msgFile, sigFile string) error { return nil } func openSec(fname string) (*key.Sec, error) { sec := new(key.Sec) if _, _, err := file.DecodeFile(fname, sec); err != nil { return nil, err } if err := sec.Crypt(ask.Passphrase{}); err != nil { return nil, err } if err := sec.Validate(); err != nil { return nil, err } return sec, nil }