summaryrefslogtreecommitdiff
path: root/usr.bin/signify
AgeCommit message (Collapse)Author
2016-10-06- better check for seckeyname/pubkeyname "equality", remove the pathMarc Espie
(you could legitimately store secret keys on a temporary mount - error out if seckeyname does not follow the *.sec pattern for signing, augment the check to deal with that. - special case: seckeyfile can come from a pipe, and then, well, there's no way to store *.pub in the comment. okay tedu@
2016-10-05when generating keys, make sure the names specified adhere to allTed Unangst
department of keyname compliance regulations. see if anybody complains...
2016-10-05more properly check the secret key extension. from espieTed Unangst
2016-10-05document the previously hidden keyname detection. urged by espie.Ted Unangst
2016-10-05combining an assignment and *two* tests in one conditional is a bit much.Ted Unangst
pull things apart. reported by espie in a separate complaint. :)
2016-10-04typoMarc Espie
2016-09-27can make function static now that it's living in a separate file.Ted Unangst
bye bye XXX!
2016-09-27the keytype checking is logically part of verify, and it's small, soTed Unangst
always include it. but it can be made a bit simpler with zero malloc.
2016-09-27no need to copy keypath if we already have oneTed Unangst
2016-09-26have to advance pointer past the / to get basename.Ted Unangst
noticed by naddy
2016-09-26there's a hidden feature to infer the public key from the signatureTed Unangst
comment, but it doesn't work well because it encodes the full path. signature creaters don't usually keep the secret keys in /etc/signify, but that's where we look for public keys. switch to saving only the basename, and have the verifier add the path. should make it easier to start using this feature. anybody depending on the current behavior may have to adjust, but there's a reason this was never officially documented.
2016-09-19use a shell glob wildcard, that's clearer than an out of scope variableTed Unangst
2016-09-10spaces found during re-readTheo de Raadt
2016-09-08simplify the extra buffer size copyMarc Espie
2016-09-04well, adding the filename doesn't help... mostly used with pipes anyhowMarc Espie
2016-09-03add the keyname to meta-info that passes thruMarc Espie
2016-09-03switch back to SHA512/256 now that we have the official nist flavorTed Unangst
2016-09-03naddy@ pointed out that SHA512/256 is slightly differentMarc Espie
so use SHA384 which is on the shelf and good enough
2016-09-03fix parameters checkingMarc Espie
2016-09-03MAJOR tweak: switch to SHA512/256Marc Espie
adjust the header information to be self-descripting and contain a signature date, and pass that thru when checking.
2016-09-03nitpicks. all header info is relative. make gzheader freeable.Marc Espie
allocate properly for storing shas.
2016-09-02style polishingTed Unangst
2016-09-02replace exit() with err() and errx() so user knows what happenedTed Unangst
2016-09-02use err() instead of errx when an errno is setTed Unangst
2016-09-02the old check for when verify needed to create files (affecting pledge)Ted Unangst
was slightly wrong, but it didn't matter. new gzip mode however falls into the gap. the zsig code will default to stdout, therefore it needs much fewer privileges if msgfile is not specified.
2016-09-02combine the pledge switch with the execution switch. no changes yet,Ted Unangst
but we can do a little better in some cases.
2016-09-02-e and -z cannot be combinedTed Unangst
2016-09-02space out the exampleTed Unangst
2016-09-02finish the sentence;Jason McIntyre
2016-09-02more jmc tweaksMarc Espie
2016-09-02document the new stuff, usage nits.Marc Espie
some input by jmc@, to be polished later "get it in now" tedu@ deraadt@
2016-09-02duplicate varMarc Espie
2016-09-02add a new option (-z) for signing gzip archives.Marc Espie
- simple barebones gzip header parsing - signature is outside of the archive - checksums for blocks of 64K - verify stuff then pass it to the pipeline lots of inputs by tedu@ and deraadt@ okay tedu@
2016-09-02move more code into createsig. callers just pass seckey filename.Ted Unangst
2016-09-02split the sign() function into two, with a pure memory core madeTed Unangst
available as a separate function to make it easier to reuse in other code.
2016-09-01don't initialize variables with functionsTed Unangst
2016-09-01add a -t keytype option for untrusted comment automatic key extractionMarc Espie
(not in VERIFYONLY mode) to be documented and used shortly okay tedu@
2016-06-08use getprognameTed Unangst
2016-05-11signify should refer to the future keyTheo de Raadt
2016-01-06document the signify command for the next release, so that users canSebastian Benoit
verify before the netx upgrade. document that signify.1 needs an edit bump once in a while. ok tedu@ florian@
2016-01-05Bump example pubkey filenames for 5.9Florian Obser
OK benno@
2015-12-04polishingTed Unangst
2015-11-02Make signify's stdout line buffered. This allows to run the verboseAlexander Bluhm
output through a pipe and still see the progress immediately. OK tedu@
2015-10-30mark usage __deadTed Unangst
2015-10-09Change all tame callers to namechange to pledge(2).Theo de Raadt
2015-10-08add some tame calls. we may need a bunch of permissions to create filesTed Unangst
and manipulate the tty for readpassphrase, but once we've parsed options and have some idea of what's going to happen next, we can reduce down quite a bit more. particular use case of "signify | patch" is limited to feeding garbage to patch.
2015-07-14Bump example pubkey filenames for 5.8Florian Obser
OK benno@
2015-02-16Declare ge25519_base as extern, to prevent it from becoming a common. Gets usMiod Vallat
rid of ``lignment 4 of symbol `crypto_sign_ed25519_ref_ge25519_base' in mod_ge25519.o is smaller than 16 in mod_ed25519.o'' warnings at link time.
2015-01-20i wrote thisTed Unangst
2015-01-16improve checksum parsing slightly. now handles filenames with spaces.Ted Unangst
(though not names with ')'; sorry.)