minisign 0.0.3
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- data/lib/minisign.rb +38 -0
- metadata +57 -0
checksums.yaml
ADDED
@@ -0,0 +1,7 @@
|
|
1
|
+
---
|
2
|
+
SHA256:
|
3
|
+
metadata.gz: ab99f429385b0f4e6588f199322c1d3b4f0e74fc3653d44d9b7e3be64a16c1a4
|
4
|
+
data.tar.gz: 87d81af21c0f8dfe4cd90846f921014dcc7383ea7a09ee5811ff22102fc3a8ba
|
5
|
+
SHA512:
|
6
|
+
metadata.gz: d2009870037a601e9417f2ea753486aa5a9b1dcca7effb7293924649978320992969c28113056953e95afeb854f05f25b1738e3dd5af203346a66b325d013884
|
7
|
+
data.tar.gz: 771fa8348725c66211b95eff9e3790c0a57dfa8bcd67fafeaebe2276982a8704e69763f3a62d273192ee813449b44e72ebe22ff424ad7efd28df6c2d0a7e2366
|
data/lib/minisign.rb
ADDED
@@ -0,0 +1,38 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
require 'ed25519'
|
4
|
+
require 'base64'
|
5
|
+
require 'openssl'
|
6
|
+
|
7
|
+
module Minisign
|
8
|
+
# Parse a .minisig file's contents
|
9
|
+
class Signature
|
10
|
+
attr_reader :signature, :comment, :comment_signature
|
11
|
+
|
12
|
+
def initialize(str)
|
13
|
+
lines = str.split("\n")
|
14
|
+
@signature = Base64.decode64(lines[1])[10..]
|
15
|
+
@comment = lines[2].split('trusted comment: ')[1]
|
16
|
+
@comment_signature = Base64.decode64(lines[3])
|
17
|
+
end
|
18
|
+
end
|
19
|
+
|
20
|
+
# Parse ed25519 verify key from minisign public key
|
21
|
+
class PublicKey
|
22
|
+
def initialize(str)
|
23
|
+
@public_key = Base64.strict_decode64(str)[10..]
|
24
|
+
@verify_key = Ed25519::VerifyKey.new(@public_key)
|
25
|
+
end
|
26
|
+
|
27
|
+
def verify(sig, message)
|
28
|
+
blake = OpenSSL::Digest.new('BLAKE2b512')
|
29
|
+
@verify_key.verify(sig.signature, blake.digest(message))
|
30
|
+
begin
|
31
|
+
@verify_key.verify(sig.comment_signature, sig.signature + sig.comment)
|
32
|
+
rescue Ed25519::VerifyError
|
33
|
+
raise 'Comment signature verification failed'
|
34
|
+
end
|
35
|
+
"Signature and comment signature verified\nTrusted comment: #{sig.comment}"
|
36
|
+
end
|
37
|
+
end
|
38
|
+
end
|
metadata
ADDED
@@ -0,0 +1,57 @@
|
|
1
|
+
--- !ruby/object:Gem::Specification
|
2
|
+
name: minisign
|
3
|
+
version: !ruby/object:Gem::Version
|
4
|
+
version: 0.0.3
|
5
|
+
platform: ruby
|
6
|
+
authors:
|
7
|
+
- Jesse Shawl
|
8
|
+
autorequire:
|
9
|
+
bindir: bin
|
10
|
+
cert_chain: []
|
11
|
+
date: 2022-05-30 00:00:00.000000000 Z
|
12
|
+
dependencies:
|
13
|
+
- !ruby/object:Gem::Dependency
|
14
|
+
name: ed25519
|
15
|
+
requirement: !ruby/object:Gem::Requirement
|
16
|
+
requirements:
|
17
|
+
- - "~>"
|
18
|
+
- !ruby/object:Gem::Version
|
19
|
+
version: '1.3'
|
20
|
+
type: :runtime
|
21
|
+
prerelease: false
|
22
|
+
version_requirements: !ruby/object:Gem::Requirement
|
23
|
+
requirements:
|
24
|
+
- - "~>"
|
25
|
+
- !ruby/object:Gem::Version
|
26
|
+
version: '1.3'
|
27
|
+
description: Verify minisign signatures
|
28
|
+
email: jesse@jesse.sh
|
29
|
+
executables: []
|
30
|
+
extensions: []
|
31
|
+
extra_rdoc_files: []
|
32
|
+
files:
|
33
|
+
- lib/minisign.rb
|
34
|
+
homepage: https://rubygems.org/gems/minisign
|
35
|
+
licenses:
|
36
|
+
- MIT
|
37
|
+
metadata: {}
|
38
|
+
post_install_message:
|
39
|
+
rdoc_options: []
|
40
|
+
require_paths:
|
41
|
+
- lib
|
42
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
43
|
+
requirements:
|
44
|
+
- - ">="
|
45
|
+
- !ruby/object:Gem::Version
|
46
|
+
version: 2.6.0
|
47
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
48
|
+
requirements:
|
49
|
+
- - ">="
|
50
|
+
- !ruby/object:Gem::Version
|
51
|
+
version: '0'
|
52
|
+
requirements: []
|
53
|
+
rubygems_version: 3.0.3.1
|
54
|
+
signing_key:
|
55
|
+
specification_version: 4
|
56
|
+
summary: Minisign, in Ruby!
|
57
|
+
test_files: []
|