minisign 0.0.5 → 0.0.7
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/minisign.rb +51 -16
- metadata +4 -3
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 8dd11c61143149fd612a6c08a084a4e5831ec66f860c6a706edea18fc53bec00
|
4
|
+
data.tar.gz: f7b6013996e7e72b35ad8c500e2bf5d24ebc2a9abe0d1d09bda86cfaca2d4ba8
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 615740c7d8fde14c2de494b2f7f9d28ebfaff2cb583210e29ee18573b97180d2a3d1ff3631085cdb53803d35a08cd31d01457c321a45d6d8b684849bcf69cb08
|
7
|
+
data.tar.gz: d89f2cace36de94f4909420161a120888a929b3a097b00cbfa33e7081f7dcb15bacd93ca21be52df9f36009c5b3f1455b75dd49c29c99c3299d6130c8561a8b7
|
data/lib/minisign.rb
CHANGED
@@ -9,23 +9,42 @@ require 'openssl'
|
|
9
9
|
module Minisign
|
10
10
|
# Parse a .minisig file's contents
|
11
11
|
class Signature
|
12
|
-
attr_reader :signature, :comment, :comment_signature
|
13
|
-
|
14
|
-
# @!attribute [r] signature
|
15
|
-
# @return [String] the ed25519 verify key
|
16
|
-
# @!attribute [r] comment_signature
|
17
|
-
# @return [String] the signature for the trusted comment
|
18
|
-
# @!attribute [r] comment
|
19
|
-
# @return [String] the trusted comment
|
20
|
-
|
21
12
|
# @param str [String] The contents of the .minisig file
|
22
13
|
# @example
|
23
14
|
# Minisign::Signature.new(File.read('test/example.txt.minisig'))
|
24
15
|
def initialize(str)
|
25
|
-
lines = str.split("\n")
|
26
|
-
|
27
|
-
|
28
|
-
|
16
|
+
@lines = str.split("\n")
|
17
|
+
end
|
18
|
+
|
19
|
+
# @return [String] the key id
|
20
|
+
# @example
|
21
|
+
# Minisign::Signature.new(File.read('test/example.txt.minisig')).key_id
|
22
|
+
# #=> "E86FECED695E8E0"
|
23
|
+
def key_id
|
24
|
+
encoded_signature[2..9].bytes.map { |c| c.to_s(16) }.reverse.join.upcase
|
25
|
+
end
|
26
|
+
|
27
|
+
# @return [String] the trusted comment
|
28
|
+
# @example
|
29
|
+
# Minisign::Signature.new(File.read('test/example.txt.minisig')).trusted_comment
|
30
|
+
# #=> "timestamp:1653934067\tfile:example.txt\thashed"
|
31
|
+
def trusted_comment
|
32
|
+
@lines[2].split('trusted comment: ')[1]
|
33
|
+
end
|
34
|
+
|
35
|
+
def trusted_comment_signature
|
36
|
+
Base64.decode64(@lines[3])
|
37
|
+
end
|
38
|
+
|
39
|
+
# @return [String] the signature
|
40
|
+
def signature
|
41
|
+
encoded_signature[10..]
|
42
|
+
end
|
43
|
+
|
44
|
+
private
|
45
|
+
|
46
|
+
def encoded_signature
|
47
|
+
Base64.decode64(@lines[1])
|
29
48
|
end
|
30
49
|
end
|
31
50
|
|
@@ -37,10 +56,19 @@ module Minisign
|
|
37
56
|
# @example
|
38
57
|
# Minisign::PublicKey.new('RWTg6JXWzv6GDtDphRQ/x7eg0LaWBcTxPZ7i49xEeiqXVcR+r79OZRWM')
|
39
58
|
def initialize(str)
|
40
|
-
@
|
59
|
+
@decoded = Base64.strict_decode64(str)
|
60
|
+
@public_key = @decoded[10..]
|
41
61
|
@verify_key = Ed25519::VerifyKey.new(@public_key)
|
42
62
|
end
|
43
63
|
|
64
|
+
# @return [String] the key id
|
65
|
+
# @example
|
66
|
+
# Minisign::PublicKey.new('RWTg6JXWzv6GDtDphRQ/x7eg0LaWBcTxPZ7i49xEeiqXVcR+r79OZRWM').key_id
|
67
|
+
# #=> "E86FECED695E8E0"
|
68
|
+
def key_id
|
69
|
+
@decoded[2..9].bytes.map { |c| c.to_s(16) }.reverse.join.upcase
|
70
|
+
end
|
71
|
+
|
44
72
|
# Verify a message's signature
|
45
73
|
#
|
46
74
|
# @param sig [Minisign::Signature]
|
@@ -50,13 +78,20 @@ module Minisign
|
|
50
78
|
# @raise RuntimeError on tampered trusted comments
|
51
79
|
def verify(sig, message)
|
52
80
|
blake = OpenSSL::Digest.new('BLAKE2b512')
|
81
|
+
ensure_matching_key_ids(sig.key_id, key_id)
|
53
82
|
@verify_key.verify(sig.signature, blake.digest(message))
|
54
83
|
begin
|
55
|
-
@verify_key.verify(sig.
|
84
|
+
@verify_key.verify(sig.trusted_comment_signature, sig.signature + sig.trusted_comment)
|
56
85
|
rescue Ed25519::VerifyError
|
57
86
|
raise 'Comment signature verification failed'
|
58
87
|
end
|
59
|
-
"Signature and comment signature verified\nTrusted comment: #{sig.
|
88
|
+
"Signature and comment signature verified\nTrusted comment: #{sig.trusted_comment}"
|
89
|
+
end
|
90
|
+
|
91
|
+
private
|
92
|
+
|
93
|
+
def ensure_matching_key_ids(key_id1, key_id2)
|
94
|
+
raise "Signature key id is #{key_id1}\nbut the key id in the public key is #{key_id2}" unless key_id1 == key_id2
|
60
95
|
end
|
61
96
|
end
|
62
97
|
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: minisign
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.0.
|
4
|
+
version: 0.0.7
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Jesse Shawl
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2022-
|
11
|
+
date: 2022-06-22 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: ed25519
|
@@ -34,7 +34,8 @@ files:
|
|
34
34
|
homepage: https://rubygems.org/gems/minisign
|
35
35
|
licenses:
|
36
36
|
- MIT
|
37
|
-
metadata:
|
37
|
+
metadata:
|
38
|
+
rubygems_mfa_required: 'true'
|
38
39
|
post_install_message:
|
39
40
|
rdoc_options: []
|
40
41
|
require_paths:
|