minisign 0.2.0 → 0.2.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/minisign/cli.rb +19 -27
- data/lib/minisign/public_key.rb +6 -6
- data/lib/minisign/signature.rb +4 -8
- data/lib/minisign/utils.rb +5 -0
- metadata +7 -3
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 007c98083c5c2f0343244efee9295ca3b9464c8b8edb59ca809e779ae7d0f76e
|
|
4
|
+
data.tar.gz: bdf21e444448429ee135d59ae7403646afd84b4df0724391563858763bec9a43
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: b7db6eab732643303cb76aab37b8c31bd8efd349992c5dfedcd8a7c772936a6554f8382b05efc6c170bbfb970222024790096b5fa611884204cc94882a45338d
|
|
7
|
+
data.tar.gz: e635054fe989e5c76edadc0a16128b2c14b23e201949bda438b593c8671b2cc688df3729eff4733ef65e71a68caf137842ef9f060e6b0199746e92502f39026e
|
data/lib/minisign/cli.rb
CHANGED
|
@@ -41,6 +41,7 @@ module Minisign
|
|
|
41
41
|
puts '-f force. Combined with -G, overwrite a previous key pair'
|
|
42
42
|
puts '-v display version number'
|
|
43
43
|
puts ''
|
|
44
|
+
exit 1
|
|
44
45
|
end
|
|
45
46
|
|
|
46
47
|
def self.prompt
|
|
@@ -90,44 +91,25 @@ module Minisign
|
|
|
90
91
|
end
|
|
91
92
|
|
|
92
93
|
def self.recreate(options)
|
|
93
|
-
|
|
94
|
+
options[:s] ||= "#{Dir.home}/.minisign/minisign.key"
|
|
94
95
|
public_key = options[:p] || './minisign.pub'
|
|
95
|
-
|
|
96
|
-
begin
|
|
97
|
-
# try without a password first
|
|
98
|
-
private_key = Minisign::PrivateKey.new(private_key_contents)
|
|
99
|
-
rescue Minisign::PasswordMissingError
|
|
100
|
-
print 'Password: '
|
|
101
|
-
private_key = Minisign::PrivateKey.new(private_key_contents, prompt)
|
|
102
|
-
end
|
|
103
|
-
File.write(public_key, private_key.public_key)
|
|
96
|
+
File.write(public_key, private_key(options[:s]).public_key)
|
|
104
97
|
end
|
|
105
98
|
|
|
106
99
|
def self.change_password(options)
|
|
107
100
|
options[:s] ||= "#{Dir.home}/.minisign/minisign.key"
|
|
108
|
-
|
|
109
|
-
Minisign::PrivateKey.new(File.read(options[:s]))
|
|
110
|
-
rescue Minisign::PasswordMissingError
|
|
111
|
-
print 'Password: '
|
|
112
|
-
Minisign::PrivateKey.new(File.read(options[:s]), prompt)
|
|
113
|
-
end
|
|
101
|
+
new_private_key = private_key(options[:s])
|
|
114
102
|
print 'New Password: '
|
|
115
103
|
new_password = options[:W] ? nil : prompt
|
|
116
|
-
|
|
117
|
-
File.write(options[:s],
|
|
104
|
+
new_private_key.change_password! new_password
|
|
105
|
+
File.write(options[:s], new_private_key)
|
|
118
106
|
end
|
|
119
107
|
|
|
120
108
|
def self.sign(options)
|
|
121
109
|
# TODO: multiple files
|
|
122
110
|
options[:x] ||= "#{options[:m]}.minisig"
|
|
123
111
|
options[:s] ||= "#{Dir.home}/.minisign/minisign.key"
|
|
124
|
-
|
|
125
|
-
Minisign::PrivateKey.new(File.read(options[:s]))
|
|
126
|
-
rescue Minisign::PasswordMissingError
|
|
127
|
-
print 'Password: '
|
|
128
|
-
Minisign::PrivateKey.new(File.read(options[:s]), prompt)
|
|
129
|
-
end
|
|
130
|
-
signature = private_key.sign(options[:m], File.read(options[:m]), options[:t], options[:c])
|
|
112
|
+
signature = private_key(options[:s]).sign(options[:m], File.read(options[:m]), options[:t], options[:c])
|
|
131
113
|
File.write(options[:x], signature)
|
|
132
114
|
end
|
|
133
115
|
|
|
@@ -140,8 +122,8 @@ module Minisign
|
|
|
140
122
|
signature = Minisign::Signature.new(File.read(options[:x]))
|
|
141
123
|
begin
|
|
142
124
|
verification = public_key.verify(signature, message)
|
|
143
|
-
rescue
|
|
144
|
-
puts
|
|
125
|
+
rescue Minisign::SignatureVerificationError => e
|
|
126
|
+
puts e.message
|
|
145
127
|
exit 1
|
|
146
128
|
end
|
|
147
129
|
return if options[:q]
|
|
@@ -150,6 +132,16 @@ module Minisign
|
|
|
150
132
|
puts options[:Q] ? signature.trusted_comment : verification
|
|
151
133
|
end
|
|
152
134
|
|
|
135
|
+
def self.private_key(seckey_file)
|
|
136
|
+
seckey_file_contents = File.read(seckey_file)
|
|
137
|
+
begin
|
|
138
|
+
Minisign::PrivateKey.new(seckey_file_contents)
|
|
139
|
+
rescue Minisign::PasswordMissingError
|
|
140
|
+
print 'Password: '
|
|
141
|
+
Minisign::PrivateKey.new(seckey_file_contents, prompt)
|
|
142
|
+
end
|
|
143
|
+
end
|
|
144
|
+
|
|
153
145
|
# rubocop:enable Metrics/CyclomaticComplexity
|
|
154
146
|
# rubocop:enable Metrics/AbcSize
|
|
155
147
|
# rubocop:enable Metrics/MethodLength
|
data/lib/minisign/public_key.rb
CHANGED
|
@@ -21,7 +21,7 @@ module Minisign
|
|
|
21
21
|
# public_key.key_id
|
|
22
22
|
# #=> "E86FECED695E8E0"
|
|
23
23
|
def key_id
|
|
24
|
-
key_id_binary_string.bytes
|
|
24
|
+
hex key_id_binary_string.bytes
|
|
25
25
|
end
|
|
26
26
|
|
|
27
27
|
# Verify a message's signature
|
|
@@ -29,9 +29,9 @@ module Minisign
|
|
|
29
29
|
# @param signature [Minisign::Signature]
|
|
30
30
|
# @param message [String] the content that was signed
|
|
31
31
|
# @return [String] the trusted comment
|
|
32
|
-
# @raise
|
|
33
|
-
# @raise
|
|
34
|
-
# @raise
|
|
32
|
+
# @raise Minisign::SignatureVerificationError on invalid signatures
|
|
33
|
+
# @raise Minisign::SignatureVerificationError on tampered trusted comments
|
|
34
|
+
# @raise Minisign::SignatureVerificationError on mismatching key ids
|
|
35
35
|
def verify(signature, message)
|
|
36
36
|
assert_matching_key_ids!(signature.key_id, key_id)
|
|
37
37
|
verify_message_signature(signature.signature, message)
|
|
@@ -54,8 +54,8 @@ module Minisign
|
|
|
54
54
|
|
|
55
55
|
def verify_message_signature(signature, message)
|
|
56
56
|
ed25519_verify_key.verify(signature, blake2b512(message))
|
|
57
|
-
rescue Ed25519::VerifyError
|
|
58
|
-
raise Minisign::SignatureVerificationError,
|
|
57
|
+
rescue Ed25519::VerifyError
|
|
58
|
+
raise Minisign::SignatureVerificationError, 'Signature verification failed'
|
|
59
59
|
end
|
|
60
60
|
|
|
61
61
|
def untrusted_comment
|
data/lib/minisign/signature.rb
CHANGED
|
@@ -3,11 +3,13 @@
|
|
|
3
3
|
module Minisign
|
|
4
4
|
# Parse a .minisig file's contents
|
|
5
5
|
class Signature
|
|
6
|
+
include Utils
|
|
6
7
|
# @param str [String] The contents of the .minisig file
|
|
7
8
|
# @example
|
|
8
9
|
# Minisign::Signature.new(File.read('test/example.txt.minisig'))
|
|
9
10
|
def initialize(str)
|
|
10
11
|
@lines = str.split("\n")
|
|
12
|
+
@decoded = Base64.strict_decode64(@lines[1])
|
|
11
13
|
end
|
|
12
14
|
|
|
13
15
|
# @return [String] the key id
|
|
@@ -15,7 +17,7 @@ module Minisign
|
|
|
15
17
|
# Minisign::Signature.new(File.read('test/example.txt.minisig')).key_id
|
|
16
18
|
# #=> "E86FECED695E8E0"
|
|
17
19
|
def key_id
|
|
18
|
-
|
|
20
|
+
hex @decoded[2..9].bytes
|
|
19
21
|
end
|
|
20
22
|
|
|
21
23
|
# @return [String] the trusted comment
|
|
@@ -33,18 +35,12 @@ module Minisign
|
|
|
33
35
|
|
|
34
36
|
# @return [String] the global signature
|
|
35
37
|
def signature
|
|
36
|
-
|
|
38
|
+
@decoded[10..]
|
|
37
39
|
end
|
|
38
40
|
|
|
39
41
|
# @return [String] The signature that can be written to a file
|
|
40
42
|
def to_s
|
|
41
43
|
"#{@lines.join("\n")}\n"
|
|
42
44
|
end
|
|
43
|
-
|
|
44
|
-
private
|
|
45
|
-
|
|
46
|
-
def encoded_signature
|
|
47
|
-
Base64.decode64(@lines[1])
|
|
48
|
-
end
|
|
49
45
|
end
|
|
50
46
|
end
|
data/lib/minisign/utils.rb
CHANGED
|
@@ -18,6 +18,11 @@ module Minisign
|
|
|
18
18
|
end
|
|
19
19
|
end
|
|
20
20
|
|
|
21
|
+
# @return [String] bytes as little endian hexadecimal
|
|
22
|
+
def hex(bytes)
|
|
23
|
+
bytes.map { |c| c.to_s(16) }.reverse.join.upcase
|
|
24
|
+
end
|
|
25
|
+
|
|
21
26
|
# @return [String] the <kdf_output> used to xor the ed25519 keys
|
|
22
27
|
def derive_key(password, kdf_salt, kdf_opslimit, kdf_memlimit)
|
|
23
28
|
RbNaCl::PasswordHash.scrypt(
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: minisign
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.2.
|
|
4
|
+
version: 0.2.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Jesse Shawl
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2024-02-
|
|
11
|
+
date: 2024-02-19 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: ed25519
|
|
@@ -38,7 +38,7 @@ dependencies:
|
|
|
38
38
|
- - "~>"
|
|
39
39
|
- !ruby/object:Gem::Version
|
|
40
40
|
version: '7.1'
|
|
41
|
-
description:
|
|
41
|
+
description: Create and verify minisign signatures
|
|
42
42
|
email: jesse@jesse.sh
|
|
43
43
|
executables:
|
|
44
44
|
- minisign
|
|
@@ -58,6 +58,10 @@ homepage: https://github.com/jshawl/minisign
|
|
|
58
58
|
licenses:
|
|
59
59
|
- MIT
|
|
60
60
|
metadata:
|
|
61
|
+
bug_tracker_uri: https://github.com/jshawl/minisign/issues
|
|
62
|
+
changelog_uri: https://github.com/jshawl/minisign/blob/main/CHANGELOG.md
|
|
63
|
+
documentation_uri: https://www.rubydoc.info/gems/minisign/0.2.1
|
|
64
|
+
source_code_uri: https://github.com/jshawl/minisign/tree/v0.2.1
|
|
61
65
|
rubygems_mfa_required: 'true'
|
|
62
66
|
post_install_message:
|
|
63
67
|
rdoc_options: []
|