minisign 0.0.3

Sign up to get free protection for your applications and to get access to all the features.
Files changed (3) hide show
  1. checksums.yaml +7 -0
  2. data/lib/minisign.rb +38 -0
  3. metadata +57 -0
checksums.yaml ADDED
@@ -0,0 +1,7 @@
1
+ ---
2
+ SHA256:
3
+ metadata.gz: ab99f429385b0f4e6588f199322c1d3b4f0e74fc3653d44d9b7e3be64a16c1a4
4
+ data.tar.gz: 87d81af21c0f8dfe4cd90846f921014dcc7383ea7a09ee5811ff22102fc3a8ba
5
+ SHA512:
6
+ metadata.gz: d2009870037a601e9417f2ea753486aa5a9b1dcca7effb7293924649978320992969c28113056953e95afeb854f05f25b1738e3dd5af203346a66b325d013884
7
+ data.tar.gz: 771fa8348725c66211b95eff9e3790c0a57dfa8bcd67fafeaebe2276982a8704e69763f3a62d273192ee813449b44e72ebe22ff424ad7efd28df6c2d0a7e2366
data/lib/minisign.rb ADDED
@@ -0,0 +1,38 @@
1
+ # frozen_string_literal: true
2
+
3
+ require 'ed25519'
4
+ require 'base64'
5
+ require 'openssl'
6
+
7
+ module Minisign
8
+ # Parse a .minisig file's contents
9
+ class Signature
10
+ attr_reader :signature, :comment, :comment_signature
11
+
12
+ def initialize(str)
13
+ lines = str.split("\n")
14
+ @signature = Base64.decode64(lines[1])[10..]
15
+ @comment = lines[2].split('trusted comment: ')[1]
16
+ @comment_signature = Base64.decode64(lines[3])
17
+ end
18
+ end
19
+
20
+ # Parse ed25519 verify key from minisign public key
21
+ class PublicKey
22
+ def initialize(str)
23
+ @public_key = Base64.strict_decode64(str)[10..]
24
+ @verify_key = Ed25519::VerifyKey.new(@public_key)
25
+ end
26
+
27
+ def verify(sig, message)
28
+ blake = OpenSSL::Digest.new('BLAKE2b512')
29
+ @verify_key.verify(sig.signature, blake.digest(message))
30
+ begin
31
+ @verify_key.verify(sig.comment_signature, sig.signature + sig.comment)
32
+ rescue Ed25519::VerifyError
33
+ raise 'Comment signature verification failed'
34
+ end
35
+ "Signature and comment signature verified\nTrusted comment: #{sig.comment}"
36
+ end
37
+ end
38
+ end
metadata ADDED
@@ -0,0 +1,57 @@
1
+ --- !ruby/object:Gem::Specification
2
+ name: minisign
3
+ version: !ruby/object:Gem::Version
4
+ version: 0.0.3
5
+ platform: ruby
6
+ authors:
7
+ - Jesse Shawl
8
+ autorequire:
9
+ bindir: bin
10
+ cert_chain: []
11
+ date: 2022-05-30 00:00:00.000000000 Z
12
+ dependencies:
13
+ - !ruby/object:Gem::Dependency
14
+ name: ed25519
15
+ requirement: !ruby/object:Gem::Requirement
16
+ requirements:
17
+ - - "~>"
18
+ - !ruby/object:Gem::Version
19
+ version: '1.3'
20
+ type: :runtime
21
+ prerelease: false
22
+ version_requirements: !ruby/object:Gem::Requirement
23
+ requirements:
24
+ - - "~>"
25
+ - !ruby/object:Gem::Version
26
+ version: '1.3'
27
+ description: Verify minisign signatures
28
+ email: jesse@jesse.sh
29
+ executables: []
30
+ extensions: []
31
+ extra_rdoc_files: []
32
+ files:
33
+ - lib/minisign.rb
34
+ homepage: https://rubygems.org/gems/minisign
35
+ licenses:
36
+ - MIT
37
+ metadata: {}
38
+ post_install_message:
39
+ rdoc_options: []
40
+ require_paths:
41
+ - lib
42
+ required_ruby_version: !ruby/object:Gem::Requirement
43
+ requirements:
44
+ - - ">="
45
+ - !ruby/object:Gem::Version
46
+ version: 2.6.0
47
+ required_rubygems_version: !ruby/object:Gem::Requirement
48
+ requirements:
49
+ - - ">="
50
+ - !ruby/object:Gem::Version
51
+ version: '0'
52
+ requirements: []
53
+ rubygems_version: 3.0.3.1
54
+ signing_key:
55
+ specification_version: 4
56
+ summary: Minisign, in Ruby!
57
+ test_files: []