Add support for sign and verify

main
James Mills 6 months ago
parent fb3d6fc9e8
commit ce2b9f6573
Signed by: prologic
GPG Key ID: AC4C014F1440EBD6
  1. 52
      cmd/salty/main.go
  2. 14
      crypto.go
  3. 8
      crypto_test.go

@ -6,6 +6,7 @@ import (
"os"
"path/filepath"
"github.com/keys-pub/keys"
log "github.com/sirupsen/logrus"
flag "github.com/spf13/pflag"
"go.mills.io/salty"
@ -17,6 +18,8 @@ var (
encrypt bool
decrypt bool
sign bool
verify bool
output string
identity string
recipients []string
@ -28,9 +31,11 @@ func init() {
flag.PrintDefaults()
}
flag.BoolVarP(&help, "help", "h", false, "display help information")
flag.BoolVarP(&version, "version", "v", false, "display version information")
flag.BoolVar(&version, "version", false, "display version information")
flag.BoolVarP(&encrypt, "encrypt", "e", false, "Encrypt the input to the output (Default if omitted)")
flag.BoolVarP(&decrypt, "decrypt", "d", false, "Decrypt the input to the output")
flag.BoolVarP(&sign, "sign", "s", false, "Sign the input to the otput")
flag.BoolVarP(&verify, "verify", "v", false, "Verify the input to the output")
flag.StringVarP(&output, "output", "o", "", "Write the result to the file")
flag.StringSliceVarP(&recipients, "recipient", "r", []string{}, "Encrypt to the specified RECIPIENT (Can be repeated)")
flag.StringVarP(&identity, "identity", "i", "", "Use the identity file at PATH. Can be repeated.")
@ -49,19 +54,26 @@ func main() {
os.Exit(0)
}
if !(encrypt || decrypt) {
if !(encrypt || decrypt) && !(sign || verify) {
encrypt = true
}
id, err := os.Open(identity)
if err != nil {
log.WithError(err).Fatalf("error opening identity file: %q", identity)
}
defer id.Close()
var (
err error
key *keys.EdX25519Key
)
key, err := salty.ParseIdentity(id)
if err != nil {
log.WithError(err).Fatalf("error reading private key: %q", identity)
if !verify {
id, err := os.Open(identity)
if err != nil {
log.WithError(err).Fatalf("error opening identity file: %q", identity)
}
defer id.Close()
key, err = salty.ParseIdentity(id)
if err != nil {
log.WithError(err).Fatalf("error reading private key: %q", identity)
}
}
in := os.Stdin
@ -100,13 +112,14 @@ func main() {
var result []byte
if encrypt {
switch {
case encrypt:
encrypted, err := salty.Encrypt(key, input, recipients)
if err != nil {
log.WithError(err).Fatalf("error encrypting input")
}
result = encrypted[:]
} else if decrypt {
case decrypt:
out, sender, err := salty.Decrypt(key, input)
if err != nil {
log.WithError(err).Fatalf("error decrypting input")
@ -115,7 +128,20 @@ func main() {
fmt.Fprintf(os.Stderr, "# signed by: %s\n", sender)
}
result = out[:]
} else {
case sign:
signed, err := salty.Sign(key, input)
if err != nil {
log.WithError(err).Fatalf("error signing input")
}
result = signed[:]
case verify:
out, signer, err := salty.Verify(input)
if err != nil {
log.WithError(err).Fatalf("error verifying input")
}
fmt.Fprintf(os.Stderr, "# signed by: %s\n", signer.ID().String())
result = out
default:
log.Fatalf("one of -e/--encrypt or -d/--decrypt modes not spplied")
}

@ -22,3 +22,17 @@ func Encrypt(key *keys.EdX25519Key, input []byte, recipients []string) ([]byte,
func Decrypt(key *keys.EdX25519Key, input []byte) ([]byte, *keys.EdX25519PublicKey, error) {
return saltpack.SigncryptOpen(input, true, saltpack.NewKeyring(key))
}
// Sign signs the `input` using the Private Key `key`
// Armour serializing is used by default. The armour bytes are returned on
// success or nil bytes and an error on failure.
func Sign(key *keys.EdX25519Key, input []byte) ([]byte, error) {
return saltpack.Sign(input, true, key)
}
// Verify verifies the `input` and returns the otput as well as the key
// used to sign the message on success, or nil bytes, an empty signer key
// and en error on failure.
func Verify(input []byte) ([]byte, keys.ID, error) {
return saltpack.Verify(input)
}

@ -24,4 +24,12 @@ func TestCrypto(t *testing.T) {
assert.NoError(err)
assert.Equal(pub, sender.String())
assert.Equal(decrypted, input)
signed, err := Sign(key, input)
assert.NoError(err)
out, signer, err := Verify(signed)
assert.NoError(err)
assert.Equal(signer.ID().String(), key.ID().String())
assert.Equal(input, out)
}

Loading…
Cancel
Save