minisign 0.0.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. checksums.yaml +7 -0
  2. data/lib/minisign.rb +38 -0
  3. metadata +57 -0
checksums.yaml ADDED
@@ -0,0 +1,7 @@
1
+ ---
2
+ SHA256:
3
+ metadata.gz: ab99f429385b0f4e6588f199322c1d3b4f0e74fc3653d44d9b7e3be64a16c1a4
4
+ data.tar.gz: 87d81af21c0f8dfe4cd90846f921014dcc7383ea7a09ee5811ff22102fc3a8ba
5
+ SHA512:
6
+ metadata.gz: d2009870037a601e9417f2ea753486aa5a9b1dcca7effb7293924649978320992969c28113056953e95afeb854f05f25b1738e3dd5af203346a66b325d013884
7
+ data.tar.gz: 771fa8348725c66211b95eff9e3790c0a57dfa8bcd67fafeaebe2276982a8704e69763f3a62d273192ee813449b44e72ebe22ff424ad7efd28df6c2d0a7e2366
data/lib/minisign.rb ADDED
@@ -0,0 +1,38 @@
1
+ # frozen_string_literal: true
2
+
3
+ require 'ed25519'
4
+ require 'base64'
5
+ require 'openssl'
6
+
7
+ module Minisign
8
+ # Parse a .minisig file's contents
9
+ class Signature
10
+ attr_reader :signature, :comment, :comment_signature
11
+
12
+ def initialize(str)
13
+ lines = str.split("\n")
14
+ @signature = Base64.decode64(lines[1])[10..]
15
+ @comment = lines[2].split('trusted comment: ')[1]
16
+ @comment_signature = Base64.decode64(lines[3])
17
+ end
18
+ end
19
+
20
+ # Parse ed25519 verify key from minisign public key
21
+ class PublicKey
22
+ def initialize(str)
23
+ @public_key = Base64.strict_decode64(str)[10..]
24
+ @verify_key = Ed25519::VerifyKey.new(@public_key)
25
+ end
26
+
27
+ def verify(sig, message)
28
+ blake = OpenSSL::Digest.new('BLAKE2b512')
29
+ @verify_key.verify(sig.signature, blake.digest(message))
30
+ begin
31
+ @verify_key.verify(sig.comment_signature, sig.signature + sig.comment)
32
+ rescue Ed25519::VerifyError
33
+ raise 'Comment signature verification failed'
34
+ end
35
+ "Signature and comment signature verified\nTrusted comment: #{sig.comment}"
36
+ end
37
+ end
38
+ end
metadata ADDED
@@ -0,0 +1,57 @@
1
+ --- !ruby/object:Gem::Specification
2
+ name: minisign
3
+ version: !ruby/object:Gem::Version
4
+ version: 0.0.3
5
+ platform: ruby
6
+ authors:
7
+ - Jesse Shawl
8
+ autorequire:
9
+ bindir: bin
10
+ cert_chain: []
11
+ date: 2022-05-30 00:00:00.000000000 Z
12
+ dependencies:
13
+ - !ruby/object:Gem::Dependency
14
+ name: ed25519
15
+ requirement: !ruby/object:Gem::Requirement
16
+ requirements:
17
+ - - "~>"
18
+ - !ruby/object:Gem::Version
19
+ version: '1.3'
20
+ type: :runtime
21
+ prerelease: false
22
+ version_requirements: !ruby/object:Gem::Requirement
23
+ requirements:
24
+ - - "~>"
25
+ - !ruby/object:Gem::Version
26
+ version: '1.3'
27
+ description: Verify minisign signatures
28
+ email: jesse@jesse.sh
29
+ executables: []
30
+ extensions: []
31
+ extra_rdoc_files: []
32
+ files:
33
+ - lib/minisign.rb
34
+ homepage: https://rubygems.org/gems/minisign
35
+ licenses:
36
+ - MIT
37
+ metadata: {}
38
+ post_install_message:
39
+ rdoc_options: []
40
+ require_paths:
41
+ - lib
42
+ required_ruby_version: !ruby/object:Gem::Requirement
43
+ requirements:
44
+ - - ">="
45
+ - !ruby/object:Gem::Version
46
+ version: 2.6.0
47
+ required_rubygems_version: !ruby/object:Gem::Requirement
48
+ requirements:
49
+ - - ">="
50
+ - !ruby/object:Gem::Version
51
+ version: '0'
52
+ requirements: []
53
+ rubygems_version: 3.0.3.1
54
+ signing_key:
55
+ specification_version: 4
56
+ summary: Minisign, in Ruby!
57
+ test_files: []