def test_generate_no_comment(self): pub, priv = signify.generate(None, None) self.assertTrue(pub.to_bytes().startswith( b'untrusted comment: signify public key')) self.assertTrue(priv.to_bytes().startswith( b'untrusted comment: signify secret key'))
def test_generate_sign_no_password(self): pub, priv = signify.generate('test', None) self.assertTrue( pub.to_bytes().startswith(b'untrusted comment: test public key')) self.assertTrue( priv.to_bytes().startswith(b'untrusted comment: test secret key')) sku = priv.unprotect(None) sig = signify.sign(sku, b'My Message') self.assertTrue(signify.verify(pub, sig, b'My Message'))
def test_generate_sign_no_password(self): pub, priv = signify.generate('test', None) self.assertTrue(pub.to_bytes().startswith(b'untrusted comment: test public key')) self.assertTrue(priv.to_bytes().startswith(b'untrusted comment: test secret key')) sku = priv.unprotect(None) sig = signify.sign(sku, b'My Message') self.assertTrue( signify.verify(pub, sig, b'My Message'))
def test_generate_no_comment(self): pub, priv = signify.generate(None, None) self.assertTrue(pub.to_bytes().startswith(b'untrusted comment: signify public key')) self.assertTrue(priv.to_bytes().startswith(b'untrusted comment: signify secret key'))
def main(): parser = argparse.ArgumentParser(usage=""" %(prog)s -C [-q] -p pubkey -x sigfile [file ...] %(prog)s -F -s seckey -x sigfile [file ...] %(prog)s -G [-n] [-c comment] -p pubkey -s seckey %(prog)s -S [-e] [-x sigfile] -s seckey -m message %(prog)s -V [-eq] [-x sigfile] -p pubkey -m message""") action_group = parser.add_mutually_exclusive_group(required=True) action_group.add_argument('-V', '--verify', action='store_true', help='verify') action_group.add_argument('-S', '--sign', action='store_true', help='sign') action_group.add_argument('-G', '--generate', action='store_true', help='generate') action_group.add_argument('-C', '--check', action='store_true', help='check signed openbsd sha256(1)') action_group.add_argument('-F', '--files', action='store_true', help='sign files') parser.add_argument('path', nargs='*') parser.add_argument('-p', '--pubkey', help='pubkey file') parser.add_argument('-s', '--seckey', help='seckey file') parser.add_argument('-m', '--message', help='message file') parser.add_argument('-x', '--signature', help='signature file') misc_group = parser.add_argument_group('misc') misc_group.add_argument('-e', '--embed', action='store_true', help='embed signature') misc_group.add_argument('-q', '--quiet', action='store_true', help='quiet mode') misc_group.add_argument('-n', '--nopass', action='store_true', help='do not password protect') misc_group.add_argument('-c', '--comment', help='comment') misc_group.add_argument('-a', '--hash', help='hash algo for -F option [%(default)s]', default='sha256', choices=['sha256', 'sha512']) args = parser.parse_args() if args.verify: if not (args.pubkey and args.message): parser.error('-V require -p and -m') with open(args.pubkey, 'rb') as fobj: pubkey = signify.PublicKey.from_bytes(fobj.read()) if args.embed: if args.signature: parser.error('-e and -x are mutually exclusive') sig = None else: sig_filename = args.message + '.sig' if args.signature: sig_filename = args.signature with open(sig_filename, 'rb') as fobj: sig = signify.Signature.from_bytes(fobj.read()) with open(args.message, 'rb') as fobj: message = fobj.read() try: if args.embed: signify.verify_embedded(pubkey, message) else: signify.verify(pubkey, sig, message) if not args.quiet: print('Signature Verified') except signify.InvalidSignature as e: if not args.quiet: print('signify: verification failed') sys.exit(1) elif args.files: if not (args.seckey and args.signature): parser.error('-F require -s and -x') sku = get_unprotected_secret_key(args) sig = signify.sign_files(sku, args.hash.upper(), args.path, os.getcwd()) with open(args.signature, 'wb') as fobj: fobj.write(sig.to_bytes()) elif args.check: if not (args.pubkey and args.signature): parser.error('-C require -p and -x') with open(args.pubkey, 'rb') as fobj: pubkey = signify.PublicKey.from_bytes(fobj.read()) with open(args.signature, 'rb') as fobj: sig = signify.Signature.from_bytes(fobj.read()) try: message = signify.verify_embedded(pubkey, sig) if not args.quiet: print('Signature Verified') except signify.InvalidSignature as e: if not args.quiet: print('signify: verification failed') sys.exit(1) exit_fail = False for path, status in check.checkfiles(os.getcwd(), message): if args.path: include = (path in args.path) else: include = True if include: if not status: exit_fail = True if not args.quiet: if status == True: print('%s: OK' % (path,)) elif status == False: print('%s: FAIL' % (path,)) else: print('%s: FAIL (%s)' % (path, str(status))) if exit_fail: sys.exit(1) elif args.sign: if not (args.seckey and args.message): parser.error('-S require -s and -m') sku = get_unprotected_secret_key(args) with open(args.message, 'rb') as fobj: message = fobj.read() sig = signify.sign(sku, message) output_filename = args.message + '.sig' if args.signature: output_filename = args.signature with open(output_filename, 'wb') as fobj: fobj.write(sig.to_bytes()) if args.embed: fobj.write(message) elif args.generate: if not (args.pubkey and args.seckey): parser.error('-G require -p and -s') if args.pubkey == args.seckey: parser.error('need distinct names for -p and -s') if args.nopass: password1 = None else: password1 = getpass.getpass('Password: '******'Password again: ') if password1 != password2: parser.error('passwords do not match') pub, priv = signify.generate(args.comment, password1) with open(args.pubkey, 'wb') as fobj: fobj.write(pub.to_bytes()) with open(args.seckey, 'wb') as fobj: fobj.write(priv.to_bytes())