Teach sigtool verify to use public key as a command line string (in l…

…ieu of a file). - Reorganized the code a bit and split each of sigtool's commands into a separate file. - Added extra tests to validate verify's new capabilities - Updated README
opencoff · Jan 13, 2024 · e305314 · e305314
1 parent d49f732
commit e305314
Show file tree

Hide file tree

Showing 11 changed files with 475 additions and 362 deletions.
diff --git a/README.md b/README.md
@@ -101,6 +101,10 @@ e.g., to verify the signature of *archive.tar.gz* against
     sigtool verify /tmp/testkey.pub archive.sig archive.tar.gz
 
 
+You can also pass a public key as a string (instead of a file):
+
+    sigtool verify iF84Dymq/bAEnUMK6DRIHWAQDRD8FwDDDfsgFfzdjWM= archive.sig archive.tar.gz
+
 Note that signing and verifying can also work with OpenSSH ed25519
 keys.
 

diff --git a/build b/build
@@ -13,7 +13,7 @@
 #
 # License: GPLv2
 #
-Progs=".:sigtool"
+Progs="src:sigtool"
 
 # Relative path to protobuf sources
 # e.g. src/foo/a.proto

diff --git a/sign/keys.go b/sign/keys.go
@@ -369,6 +369,29 @@ func MakePublicKey(yml []byte) (*PublicKey, error) {
 	return &pk, nil
 }
 
+// Make a public key from a string
+func MakePublicKeyFromString(s string) (*PublicKey, error) {
+	// first try to decode it as a openssh key
+	if pk2, err := parseEncPubKey([]byte(s), "command-line-pk"); err == nil {
+		return pk2, nil
+	}
+
+	// Now try to decode as an sigtool key
+	b64 := base64.StdEncoding.DecodeString
+
+	pkb, err := b64(s)
+	if err != nil {
+		return nil, err
+	}
+
+	var pk PublicKey
+	err = makePublicKeyFromBytes(&pk, pkb)
+	if err != nil {
+		return nil, err
+	}
+	return &pk, nil
+}
+
 func makePublicKeyFromBytes(pk *PublicKey, b []byte) error {
 	if len(b) != 32 {
 		return fmt.Errorf("public key is malformed (len %d!)", len(b))