Add basic functions to sign and validate a signature.
This is blessedly simple and I'm assuming working with the very basic tests I've done.
This commit is contained in:
parent
7dcec92bf9
commit
d01ff6d7de
|
|
@ -1,5 +1,12 @@
|
|||
import argparse
|
||||
from pathlib import Path
|
||||
import subprocess
|
||||
|
||||
from cryptography import x509
|
||||
from cryptography.hazmat.primitives import hashes, serialization
|
||||
from cryptography.hazmat.primitives.serialization import pkcs12
|
||||
from cryptography.hazmat.primitives.asymmetric import ec, ed25519, padding
|
||||
|
||||
MAX_HUMAN_AGE = 365 * 200
|
||||
def generate():
|
||||
print("Please name this aegis. You can call it anything. Frequently people use their legal name.")
|
||||
|
|
@ -17,3 +24,52 @@ def generate():
|
|||
"-keyout", "key.pem", # Generate an encrypted private key file with a .pem extension
|
||||
],
|
||||
check=True,)
|
||||
|
||||
def sign():
|
||||
"Sign some arbitrary data."
|
||||
parser = argparse.ArgumentParser()
|
||||
parser.add_argument("aegis_key_pem", type=Path, help="The file for the PEM-encoded aegis private key.")
|
||||
parser.add_argument("message", type=Path, help="The file containing the message to sign.")
|
||||
parser.add_argument("-p", "--password", help="The password to use to open the key file.")
|
||||
args = parser.parse_args()
|
||||
|
||||
with open(args.aegis_key_pem, "rb") as f:
|
||||
private_key = serialization.load_pem_private_key(
|
||||
data=f.read(),
|
||||
password=args.password.encode("UTF-8"),
|
||||
)
|
||||
with open(args.message, "rb") as f:
|
||||
data = f.read()
|
||||
signature = private_key.sign(
|
||||
data,
|
||||
ec.ECDSA(hashes.SHA256()),
|
||||
)
|
||||
with open("signature.bin", "wb") as f:
|
||||
f.write(signature)
|
||||
print("Wrote signature to signature.bin")
|
||||
|
||||
def validate():
|
||||
"Validate the signature of some arbitrary data."
|
||||
parser = argparse.ArgumentParser()
|
||||
parser.add_argument("aegis_cert_pem", type=Path, help="The file for the PEM-encoded aegis public certificate.")
|
||||
parser.add_argument("message", type=Path, help="The file containing the message to validate.")
|
||||
parser.add_argument("signature", type=Path, help="The file containing the signature to validate.")
|
||||
args = parser.parse_args()
|
||||
|
||||
with open(args.aegis_cert_pem, "rb") as f:
|
||||
certificate = x509.load_pem_x509_certificate(
|
||||
data=f.read(),
|
||||
)
|
||||
with open(args.message, "rb") as f:
|
||||
data = f.read()
|
||||
with open(args.signature, "rb") as f:
|
||||
signature = f.read()
|
||||
|
||||
key = certificate.public_key()
|
||||
key.verify(
|
||||
signature=signature,
|
||||
data=data,
|
||||
signature_algorithm=ec.ECDSA(hashes.SHA256()),
|
||||
)
|
||||
print("Signature is valid")
|
||||
|
||||
|
|
|
|||
|
|
@ -8,6 +8,10 @@ license = {file = "LICENSE.txt"}
|
|||
|
||||
[project.scripts]
|
||||
aegis-generate = "gongor.aegis:generate"
|
||||
aegis-sign = "gongor.aegis:sign"
|
||||
aegis-validate-signature = "gongor.aegis:validate"
|
||||
aegis-box = "gongor.aegis:box"
|
||||
aegis-unbox = "gongor.cipher:unbox"
|
||||
|
||||
[build-system]
|
||||
requires = ["setuptools >= 61.0.0"]
|
||||
|
|
|
|||
Loading…
Reference in New Issue