From d01ff6d7de9ebd40c4f5bbd3af90e4282e76115e Mon Sep 17 00:00:00 2001 From: Eli Ribble Date: Mon, 6 Nov 2023 11:20:40 -0700 Subject: [PATCH] Add basic functions to sign and validate a signature. This is blessedly simple and I'm assuming working with the very basic tests I've done. --- gongor/aegis.py | 56 +++++++++++++++++++++++++++++++++++++++++++++++++ pyproject.toml | 4 ++++ 2 files changed, 60 insertions(+) diff --git a/gongor/aegis.py b/gongor/aegis.py index c571c4d..ee8488c 100644 --- a/gongor/aegis.py +++ b/gongor/aegis.py @@ -1,5 +1,12 @@ +import argparse +from pathlib import Path import subprocess +from cryptography import x509 +from cryptography.hazmat.primitives import hashes, serialization +from cryptography.hazmat.primitives.serialization import pkcs12 +from cryptography.hazmat.primitives.asymmetric import ec, ed25519, padding + MAX_HUMAN_AGE = 365 * 200 def generate(): print("Please name this aegis. You can call it anything. Frequently people use their legal name.") @@ -17,3 +24,52 @@ def generate(): "-keyout", "key.pem", # Generate an encrypted private key file with a .pem extension ], check=True,) + +def sign(): + "Sign some arbitrary data." + parser = argparse.ArgumentParser() + parser.add_argument("aegis_key_pem", type=Path, help="The file for the PEM-encoded aegis private key.") + parser.add_argument("message", type=Path, help="The file containing the message to sign.") + parser.add_argument("-p", "--password", help="The password to use to open the key file.") + args = parser.parse_args() + + with open(args.aegis_key_pem, "rb") as f: + private_key = serialization.load_pem_private_key( + data=f.read(), + password=args.password.encode("UTF-8"), + ) + with open(args.message, "rb") as f: + data = f.read() + signature = private_key.sign( + data, + ec.ECDSA(hashes.SHA256()), + ) + with open("signature.bin", "wb") as f: + f.write(signature) + print("Wrote signature to signature.bin") + +def validate(): + "Validate the signature of some arbitrary data." + parser = argparse.ArgumentParser() + parser.add_argument("aegis_cert_pem", type=Path, help="The file for the PEM-encoded aegis public certificate.") + parser.add_argument("message", type=Path, help="The file containing the message to validate.") + parser.add_argument("signature", type=Path, help="The file containing the signature to validate.") + args = parser.parse_args() + + with open(args.aegis_cert_pem, "rb") as f: + certificate = x509.load_pem_x509_certificate( + data=f.read(), + ) + with open(args.message, "rb") as f: + data = f.read() + with open(args.signature, "rb") as f: + signature = f.read() + + key = certificate.public_key() + key.verify( + signature=signature, + data=data, + signature_algorithm=ec.ECDSA(hashes.SHA256()), + ) + print("Signature is valid") + diff --git a/pyproject.toml b/pyproject.toml index 9190ea9..c3b3185 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -8,6 +8,10 @@ license = {file = "LICENSE.txt"} [project.scripts] aegis-generate = "gongor.aegis:generate" +aegis-sign = "gongor.aegis:sign" +aegis-validate-signature = "gongor.aegis:validate" +aegis-box = "gongor.aegis:box" +aegis-unbox = "gongor.cipher:unbox" [build-system] requires = ["setuptools >= 61.0.0"]