minisign 0.2.0 → 0.2.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/minisign/cli.rb +19 -27
- data/lib/minisign/public_key.rb +6 -6
- data/lib/minisign/signature.rb +4 -8
- data/lib/minisign/utils.rb +5 -0
- metadata +7 -3
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 007c98083c5c2f0343244efee9295ca3b9464c8b8edb59ca809e779ae7d0f76e
|
|
4
|
+
data.tar.gz: bdf21e444448429ee135d59ae7403646afd84b4df0724391563858763bec9a43
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: b7db6eab732643303cb76aab37b8c31bd8efd349992c5dfedcd8a7c772936a6554f8382b05efc6c170bbfb970222024790096b5fa611884204cc94882a45338d
|
|
7
|
+
data.tar.gz: e635054fe989e5c76edadc0a16128b2c14b23e201949bda438b593c8671b2cc688df3729eff4733ef65e71a68caf137842ef9f060e6b0199746e92502f39026e
|
data/lib/minisign/cli.rb
CHANGED
|
@@ -41,6 +41,7 @@ module Minisign
|
|
|
41
41
|
puts '-f force. Combined with -G, overwrite a previous key pair'
|
|
42
42
|
puts '-v display version number'
|
|
43
43
|
puts ''
|
|
44
|
+
exit 1
|
|
44
45
|
end
|
|
45
46
|
|
|
46
47
|
def self.prompt
|
|
@@ -90,44 +91,25 @@ module Minisign
|
|
|
90
91
|
end
|
|
91
92
|
|
|
92
93
|
def self.recreate(options)
|
|
93
|
-
|
|
94
|
+
options[:s] ||= "#{Dir.home}/.minisign/minisign.key"
|
|
94
95
|
public_key = options[:p] || './minisign.pub'
|
|
95
|
-
|
|
96
|
-
begin
|
|
97
|
-
# try without a password first
|
|
98
|
-
private_key = Minisign::PrivateKey.new(private_key_contents)
|
|
99
|
-
rescue Minisign::PasswordMissingError
|
|
100
|
-
print 'Password: '
|
|
101
|
-
private_key = Minisign::PrivateKey.new(private_key_contents, prompt)
|
|
102
|
-
end
|
|
103
|
-
File.write(public_key, private_key.public_key)
|
|
96
|
+
File.write(public_key, private_key(options[:s]).public_key)
|
|
104
97
|
end
|
|
105
98
|
|
|
106
99
|
def self.change_password(options)
|
|
107
100
|
options[:s] ||= "#{Dir.home}/.minisign/minisign.key"
|
|
108
|
-
|
|
109
|
-
Minisign::PrivateKey.new(File.read(options[:s]))
|
|
110
|
-
rescue Minisign::PasswordMissingError
|
|
111
|
-
print 'Password: '
|
|
112
|
-
Minisign::PrivateKey.new(File.read(options[:s]), prompt)
|
|
113
|
-
end
|
|
101
|
+
new_private_key = private_key(options[:s])
|
|
114
102
|
print 'New Password: '
|
|
115
103
|
new_password = options[:W] ? nil : prompt
|
|
116
|
-
|
|
117
|
-
File.write(options[:s],
|
|
104
|
+
new_private_key.change_password! new_password
|
|
105
|
+
File.write(options[:s], new_private_key)
|
|
118
106
|
end
|
|
119
107
|
|
|
120
108
|
def self.sign(options)
|
|
121
109
|
# TODO: multiple files
|
|
122
110
|
options[:x] ||= "#{options[:m]}.minisig"
|
|
123
111
|
options[:s] ||= "#{Dir.home}/.minisign/minisign.key"
|
|
124
|
-
|
|
125
|
-
Minisign::PrivateKey.new(File.read(options[:s]))
|
|
126
|
-
rescue Minisign::PasswordMissingError
|
|
127
|
-
print 'Password: '
|
|
128
|
-
Minisign::PrivateKey.new(File.read(options[:s]), prompt)
|
|
129
|
-
end
|
|
130
|
-
signature = private_key.sign(options[:m], File.read(options[:m]), options[:t], options[:c])
|
|
112
|
+
signature = private_key(options[:s]).sign(options[:m], File.read(options[:m]), options[:t], options[:c])
|
|
131
113
|
File.write(options[:x], signature)
|
|
132
114
|
end
|
|
133
115
|
|
|
@@ -140,8 +122,8 @@ module Minisign
|
|
|
140
122
|
signature = Minisign::Signature.new(File.read(options[:x]))
|
|
141
123
|
begin
|
|
142
124
|
verification = public_key.verify(signature, message)
|
|
143
|
-
rescue
|
|
144
|
-
puts
|
|
125
|
+
rescue Minisign::SignatureVerificationError => e
|
|
126
|
+
puts e.message
|
|
145
127
|
exit 1
|
|
146
128
|
end
|
|
147
129
|
return if options[:q]
|
|
@@ -150,6 +132,16 @@ module Minisign
|
|
|
150
132
|
puts options[:Q] ? signature.trusted_comment : verification
|
|
151
133
|
end
|
|
152
134
|
|
|
135
|
+
def self.private_key(seckey_file)
|
|
136
|
+
seckey_file_contents = File.read(seckey_file)
|
|
137
|
+
begin
|
|
138
|
+
Minisign::PrivateKey.new(seckey_file_contents)
|
|
139
|
+
rescue Minisign::PasswordMissingError
|
|
140
|
+
print 'Password: '
|
|
141
|
+
Minisign::PrivateKey.new(seckey_file_contents, prompt)
|
|
142
|
+
end
|
|
143
|
+
end
|
|
144
|
+
|
|
153
145
|
# rubocop:enable Metrics/CyclomaticComplexity
|
|
154
146
|
# rubocop:enable Metrics/AbcSize
|
|
155
147
|
# rubocop:enable Metrics/MethodLength
|
data/lib/minisign/public_key.rb
CHANGED
|
@@ -21,7 +21,7 @@ module Minisign
|
|
|
21
21
|
# public_key.key_id
|
|
22
22
|
# #=> "E86FECED695E8E0"
|
|
23
23
|
def key_id
|
|
24
|
-
key_id_binary_string.bytes
|
|
24
|
+
hex key_id_binary_string.bytes
|
|
25
25
|
end
|
|
26
26
|
|
|
27
27
|
# Verify a message's signature
|
|
@@ -29,9 +29,9 @@ module Minisign
|
|
|
29
29
|
# @param signature [Minisign::Signature]
|
|
30
30
|
# @param message [String] the content that was signed
|
|
31
31
|
# @return [String] the trusted comment
|
|
32
|
-
# @raise
|
|
33
|
-
# @raise
|
|
34
|
-
# @raise
|
|
32
|
+
# @raise Minisign::SignatureVerificationError on invalid signatures
|
|
33
|
+
# @raise Minisign::SignatureVerificationError on tampered trusted comments
|
|
34
|
+
# @raise Minisign::SignatureVerificationError on mismatching key ids
|
|
35
35
|
def verify(signature, message)
|
|
36
36
|
assert_matching_key_ids!(signature.key_id, key_id)
|
|
37
37
|
verify_message_signature(signature.signature, message)
|
|
@@ -54,8 +54,8 @@ module Minisign
|
|
|
54
54
|
|
|
55
55
|
def verify_message_signature(signature, message)
|
|
56
56
|
ed25519_verify_key.verify(signature, blake2b512(message))
|
|
57
|
-
rescue Ed25519::VerifyError
|
|
58
|
-
raise Minisign::SignatureVerificationError,
|
|
57
|
+
rescue Ed25519::VerifyError
|
|
58
|
+
raise Minisign::SignatureVerificationError, 'Signature verification failed'
|
|
59
59
|
end
|
|
60
60
|
|
|
61
61
|
def untrusted_comment
|
data/lib/minisign/signature.rb
CHANGED
|
@@ -3,11 +3,13 @@
|
|
|
3
3
|
module Minisign
|
|
4
4
|
# Parse a .minisig file's contents
|
|
5
5
|
class Signature
|
|
6
|
+
include Utils
|
|
6
7
|
# @param str [String] The contents of the .minisig file
|
|
7
8
|
# @example
|
|
8
9
|
# Minisign::Signature.new(File.read('test/example.txt.minisig'))
|
|
9
10
|
def initialize(str)
|
|
10
11
|
@lines = str.split("\n")
|
|
12
|
+
@decoded = Base64.strict_decode64(@lines[1])
|
|
11
13
|
end
|
|
12
14
|
|
|
13
15
|
# @return [String] the key id
|
|
@@ -15,7 +17,7 @@ module Minisign
|
|
|
15
17
|
# Minisign::Signature.new(File.read('test/example.txt.minisig')).key_id
|
|
16
18
|
# #=> "E86FECED695E8E0"
|
|
17
19
|
def key_id
|
|
18
|
-
|
|
20
|
+
hex @decoded[2..9].bytes
|
|
19
21
|
end
|
|
20
22
|
|
|
21
23
|
# @return [String] the trusted comment
|
|
@@ -33,18 +35,12 @@ module Minisign
|
|
|
33
35
|
|
|
34
36
|
# @return [String] the global signature
|
|
35
37
|
def signature
|
|
36
|
-
|
|
38
|
+
@decoded[10..]
|
|
37
39
|
end
|
|
38
40
|
|
|
39
41
|
# @return [String] The signature that can be written to a file
|
|
40
42
|
def to_s
|
|
41
43
|
"#{@lines.join("\n")}\n"
|
|
42
44
|
end
|
|
43
|
-
|
|
44
|
-
private
|
|
45
|
-
|
|
46
|
-
def encoded_signature
|
|
47
|
-
Base64.decode64(@lines[1])
|
|
48
|
-
end
|
|
49
45
|
end
|
|
50
46
|
end
|
data/lib/minisign/utils.rb
CHANGED
|
@@ -18,6 +18,11 @@ module Minisign
|
|
|
18
18
|
end
|
|
19
19
|
end
|
|
20
20
|
|
|
21
|
+
# @return [String] bytes as little endian hexadecimal
|
|
22
|
+
def hex(bytes)
|
|
23
|
+
bytes.map { |c| c.to_s(16) }.reverse.join.upcase
|
|
24
|
+
end
|
|
25
|
+
|
|
21
26
|
# @return [String] the <kdf_output> used to xor the ed25519 keys
|
|
22
27
|
def derive_key(password, kdf_salt, kdf_opslimit, kdf_memlimit)
|
|
23
28
|
RbNaCl::PasswordHash.scrypt(
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: minisign
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.2.
|
|
4
|
+
version: 0.2.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Jesse Shawl
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2024-02-
|
|
11
|
+
date: 2024-02-19 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: ed25519
|
|
@@ -38,7 +38,7 @@ dependencies:
|
|
|
38
38
|
- - "~>"
|
|
39
39
|
- !ruby/object:Gem::Version
|
|
40
40
|
version: '7.1'
|
|
41
|
-
description:
|
|
41
|
+
description: Create and verify minisign signatures
|
|
42
42
|
email: jesse@jesse.sh
|
|
43
43
|
executables:
|
|
44
44
|
- minisign
|
|
@@ -58,6 +58,10 @@ homepage: https://github.com/jshawl/minisign
|
|
|
58
58
|
licenses:
|
|
59
59
|
- MIT
|
|
60
60
|
metadata:
|
|
61
|
+
bug_tracker_uri: https://github.com/jshawl/minisign/issues
|
|
62
|
+
changelog_uri: https://github.com/jshawl/minisign/blob/main/CHANGELOG.md
|
|
63
|
+
documentation_uri: https://www.rubydoc.info/gems/minisign/0.2.1
|
|
64
|
+
source_code_uri: https://github.com/jshawl/minisign/tree/v0.2.1
|
|
61
65
|
rubygems_mfa_required: 'true'
|
|
62
66
|
post_install_message:
|
|
63
67
|
rdoc_options: []
|