| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2017-04-18 | use freezero() instead of explicit_bzero + free | Theo de Raadt | |
| 2017-03-09 | show how to verify the next release after 6.1 | Sebastian Benoit | |
| 2016-10-06 | - better check for seckeyname/pubkeyname "equality", remove the path | Marc Espie | |
| (you could legitimately store secret keys on a temporary mount - error out if seckeyname does not follow the *.sec pattern for signing, augment the check to deal with that. - special case: seckeyfile can come from a pipe, and then, well, there's no way to store *.pub in the comment. okay tedu@ | |||
| 2016-10-05 | when generating keys, make sure the names specified adhere to all | Ted Unangst | |
| department of keyname compliance regulations. see if anybody complains... | |||
| 2016-10-05 | more properly check the secret key extension. from espie | Ted Unangst | |
| 2016-10-05 | document the previously hidden keyname detection. urged by espie. | Ted Unangst | |
| 2016-10-05 | combining an assignment and *two* tests in one conditional is a bit much. | Ted Unangst | |
| pull things apart. reported by espie in a separate complaint. :) | |||
| 2016-10-04 | typo | Marc Espie | |
| 2016-09-27 | can make function static now that it's living in a separate file. | Ted Unangst | |
| bye bye XXX! | |||
| 2016-09-27 | the keytype checking is logically part of verify, and it's small, so | Ted Unangst | |
| always include it. but it can be made a bit simpler with zero malloc. | |||
| 2016-09-27 | no need to copy keypath if we already have one | Ted Unangst | |
| 2016-09-26 | have to advance pointer past the / to get basename. | Ted Unangst | |
| noticed by naddy | |||
| 2016-09-26 | there's a hidden feature to infer the public key from the signature | Ted Unangst | |
| comment, but it doesn't work well because it encodes the full path. signature creaters don't usually keep the secret keys in /etc/signify, but that's where we look for public keys. switch to saving only the basename, and have the verifier add the path. should make it easier to start using this feature. anybody depending on the current behavior may have to adjust, but there's a reason this was never officially documented. | |||
| 2016-09-19 | use a shell glob wildcard, that's clearer than an out of scope variable | Ted Unangst | |
| 2016-09-10 | spaces found during re-read | Theo de Raadt | |
| 2016-09-08 | simplify the extra buffer size copy | Marc Espie | |
| 2016-09-04 | well, adding the filename doesn't help... mostly used with pipes anyhow | Marc Espie | |
| 2016-09-03 | add the keyname to meta-info that passes thru | Marc Espie | |
| 2016-09-03 | switch back to SHA512/256 now that we have the official nist flavor | Ted Unangst | |
| 2016-09-03 | naddy@ pointed out that SHA512/256 is slightly different | Marc Espie | |
| so use SHA384 which is on the shelf and good enough | |||
| 2016-09-03 | fix parameters checking | Marc Espie | |
| 2016-09-03 | MAJOR tweak: switch to SHA512/256 | Marc Espie | |
| adjust the header information to be self-descripting and contain a signature date, and pass that thru when checking. | |||
| 2016-09-03 | nitpicks. all header info is relative. make gzheader freeable. | Marc Espie | |
| allocate properly for storing shas. | |||
| 2016-09-02 | style polishing | Ted Unangst | |
| 2016-09-02 | replace exit() with err() and errx() so user knows what happened | Ted Unangst | |
| 2016-09-02 | use err() instead of errx when an errno is set | Ted Unangst | |
| 2016-09-02 | the old check for when verify needed to create files (affecting pledge) | Ted Unangst | |
| was slightly wrong, but it didn't matter. new gzip mode however falls into the gap. the zsig code will default to stdout, therefore it needs much fewer privileges if msgfile is not specified. | |||
| 2016-09-02 | combine the pledge switch with the execution switch. no changes yet, | Ted Unangst | |
| but we can do a little better in some cases. | |||
| 2016-09-02 | -e and -z cannot be combined | Ted Unangst | |
| 2016-09-02 | space out the example | Ted Unangst | |
| 2016-09-02 | finish the sentence; | Jason McIntyre | |
| 2016-09-02 | more jmc tweaks | Marc Espie | |
| 2016-09-02 | document the new stuff, usage nits. | Marc Espie | |
| some input by jmc@, to be polished later "get it in now" tedu@ deraadt@ | |||
| 2016-09-02 | duplicate var | Marc Espie | |
| 2016-09-02 | add a new option (-z) for signing gzip archives. | Marc Espie | |
| - simple barebones gzip header parsing - signature is outside of the archive - checksums for blocks of 64K - verify stuff then pass it to the pipeline lots of inputs by tedu@ and deraadt@ okay tedu@ | |||
| 2016-09-02 | move more code into createsig. callers just pass seckey filename. | Ted Unangst | |
| 2016-09-02 | split the sign() function into two, with a pure memory core made | Ted Unangst | |
| available as a separate function to make it easier to reuse in other code. | |||
| 2016-09-01 | don't initialize variables with functions | Ted Unangst | |
| 2016-09-01 | add a -t keytype option for untrusted comment automatic key extraction | Marc Espie | |
| (not in VERIFYONLY mode) to be documented and used shortly okay tedu@ | |||
| 2016-06-08 | use getprogname | Ted Unangst | |
| 2016-05-11 | signify should refer to the future key | Theo de Raadt | |
| 2016-01-06 | document the signify command for the next release, so that users can | Sebastian Benoit | |
| verify before the netx upgrade. document that signify.1 needs an edit bump once in a while. ok tedu@ florian@ | |||
| 2016-01-05 | Bump example pubkey filenames for 5.9 | Florian Obser | |
| OK benno@ | |||
| 2015-12-04 | polishing | Ted Unangst | |
| 2015-11-02 | Make signify's stdout line buffered. This allows to run the verbose | Alexander Bluhm | |
| output through a pipe and still see the progress immediately. OK tedu@ | |||
| 2015-10-30 | mark usage __dead | Ted Unangst | |
| 2015-10-09 | Change all tame callers to namechange to pledge(2). | Theo de Raadt | |
| 2015-10-08 | add some tame calls. we may need a bunch of permissions to create files | Ted Unangst | |
| and manipulate the tty for readpassphrase, but once we've parsed options and have some idea of what's going to happen next, we can reduce down quite a bit more. particular use case of "signify | patch" is limited to feeding garbage to patch. | |||
| 2015-07-14 | Bump example pubkey filenames for 5.8 | Florian Obser | |
| OK benno@ | |||
| 2015-02-16 | Declare ge25519_base as extern, to prevent it from becoming a common. Gets us | Miod Vallat | |
| rid of ``lignment 4 of symbol `crypto_sign_ed25519_ref_ge25519_base' in mod_ge25519.o is smaller than 16 in mod_ed25519.o'' warnings at link time. | |||
 |
index : src | |
| OpenBSD base system |
| summaryrefslogtreecommitdiff |