Add basic functions to sign and validate a signature.
This is blessedly simple and I'm assuming working with the very basic tests I've done.
This commit is contained in:
parent
7dcec92bf9
commit
d01ff6d7de
|
|
@ -1,5 +1,12 @@
|
||||||
|
import argparse
|
||||||
|
from pathlib import Path
|
||||||
import subprocess
|
import subprocess
|
||||||
|
|
||||||
|
from cryptography import x509
|
||||||
|
from cryptography.hazmat.primitives import hashes, serialization
|
||||||
|
from cryptography.hazmat.primitives.serialization import pkcs12
|
||||||
|
from cryptography.hazmat.primitives.asymmetric import ec, ed25519, padding
|
||||||
|
|
||||||
MAX_HUMAN_AGE = 365 * 200
|
MAX_HUMAN_AGE = 365 * 200
|
||||||
def generate():
|
def generate():
|
||||||
print("Please name this aegis. You can call it anything. Frequently people use their legal name.")
|
print("Please name this aegis. You can call it anything. Frequently people use their legal name.")
|
||||||
|
|
@ -17,3 +24,52 @@ def generate():
|
||||||
"-keyout", "key.pem", # Generate an encrypted private key file with a .pem extension
|
"-keyout", "key.pem", # Generate an encrypted private key file with a .pem extension
|
||||||
],
|
],
|
||||||
check=True,)
|
check=True,)
|
||||||
|
|
||||||
|
def sign():
|
||||||
|
"Sign some arbitrary data."
|
||||||
|
parser = argparse.ArgumentParser()
|
||||||
|
parser.add_argument("aegis_key_pem", type=Path, help="The file for the PEM-encoded aegis private key.")
|
||||||
|
parser.add_argument("message", type=Path, help="The file containing the message to sign.")
|
||||||
|
parser.add_argument("-p", "--password", help="The password to use to open the key file.")
|
||||||
|
args = parser.parse_args()
|
||||||
|
|
||||||
|
with open(args.aegis_key_pem, "rb") as f:
|
||||||
|
private_key = serialization.load_pem_private_key(
|
||||||
|
data=f.read(),
|
||||||
|
password=args.password.encode("UTF-8"),
|
||||||
|
)
|
||||||
|
with open(args.message, "rb") as f:
|
||||||
|
data = f.read()
|
||||||
|
signature = private_key.sign(
|
||||||
|
data,
|
||||||
|
ec.ECDSA(hashes.SHA256()),
|
||||||
|
)
|
||||||
|
with open("signature.bin", "wb") as f:
|
||||||
|
f.write(signature)
|
||||||
|
print("Wrote signature to signature.bin")
|
||||||
|
|
||||||
|
def validate():
|
||||||
|
"Validate the signature of some arbitrary data."
|
||||||
|
parser = argparse.ArgumentParser()
|
||||||
|
parser.add_argument("aegis_cert_pem", type=Path, help="The file for the PEM-encoded aegis public certificate.")
|
||||||
|
parser.add_argument("message", type=Path, help="The file containing the message to validate.")
|
||||||
|
parser.add_argument("signature", type=Path, help="The file containing the signature to validate.")
|
||||||
|
args = parser.parse_args()
|
||||||
|
|
||||||
|
with open(args.aegis_cert_pem, "rb") as f:
|
||||||
|
certificate = x509.load_pem_x509_certificate(
|
||||||
|
data=f.read(),
|
||||||
|
)
|
||||||
|
with open(args.message, "rb") as f:
|
||||||
|
data = f.read()
|
||||||
|
with open(args.signature, "rb") as f:
|
||||||
|
signature = f.read()
|
||||||
|
|
||||||
|
key = certificate.public_key()
|
||||||
|
key.verify(
|
||||||
|
signature=signature,
|
||||||
|
data=data,
|
||||||
|
signature_algorithm=ec.ECDSA(hashes.SHA256()),
|
||||||
|
)
|
||||||
|
print("Signature is valid")
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -8,6 +8,10 @@ license = {file = "LICENSE.txt"}
|
||||||
|
|
||||||
[project.scripts]
|
[project.scripts]
|
||||||
aegis-generate = "gongor.aegis:generate"
|
aegis-generate = "gongor.aegis:generate"
|
||||||
|
aegis-sign = "gongor.aegis:sign"
|
||||||
|
aegis-validate-signature = "gongor.aegis:validate"
|
||||||
|
aegis-box = "gongor.aegis:box"
|
||||||
|
aegis-unbox = "gongor.cipher:unbox"
|
||||||
|
|
||||||
[build-system]
|
[build-system]
|
||||||
requires = ["setuptools >= 61.0.0"]
|
requires = ["setuptools >= 61.0.0"]
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue