jedisct1 / rsign2 Goto Github PK

View Code? Open in Web Editor NEW

123.0 7.0 10.0 46 KB

A command-line tool to sign files and verify signatures in pure Rust.

License: MIT License

Rust 100.00%

minisign signatures cryptography ed25519 rust

rsign2's Introduction

rsign2

A Rust implementation of Minisign.

All signatures produced by rsign can be verified with minisign including trusted comments.

And minisign is able to sign files with keys generated by rsign2.

In Rust, signatures can also be verified with the minisign-verify crate.

rsign2 is a maintained fork of rsign, originally written by Daniel Rangel.

Main differences with rsign:

rsign2 is written in pure Rust.
rsign2 has way less dependencies.
rsign2 includes bug fixes and improvements.
rsign2 tries to be usable as a library, not just as a command-line tool.
rsign2 supports WebAssembly.

API documentation

rsign2 is only a command-line interface. It relies on the Minisign crate, that can be embedded in any application:

API documentation on docs.rs

Usage

rsign generate

Generates a new key pair. The public key is printed in the screen and stored in rsign.pub by default. The secret key will be written at ~/.rsign/rsign.key. You can change the default paths with -p and -s respectively.

rsign sign myfile.txt

Sign myfile.txt with your secret key. You can add a signed trusted comment with:

rsign sign myfile.txt -t "my trusted comment"

If you are signing files larger than 1Gb you must use -H to first hash the file and sign the hash after that:

rsign sign mylargefile.bin -H

And to verify the signature with a given public key you can use:

rsign verify myfile.txt -p rsign.pub

Or if you have saved the signature file with a custom name other than myfile.txt.minisig and want to use a public key string you can use:

rsign verify myfile.txt -P [PUBLIC KEY STRING] -x mysignature.file

You can find more information using the help subcommand as in:

rsign help [SUBCOMMAND]

USAGE:
    rsign [SUBCOMMAND]

FLAGS:
    -h, --help       Prints help information
    -V, --version    Prints version information

SUBCOMMANDS:
    generate    Generate public and private keys
    help        Prints this message or the help of the given subcommand(s)
    sign        Sign a file with a given private key
    verify      Verify a signed file with a given public key

rsign2's People

Contributors

Stargazers

Watchers

Forkers

nixberg ofer-dev tiziano88 blockchaincommons bmwtsn098 kaerez jht5945

rsign2's Issues

How to read password from stdin?

I would like to read the password from stdin in CD, how can I achieve that as for example with gpg?

echo "${{ inputs.rsign-passphrase }}" | gpg --pinentry-mode=loopback \
          --passphrase-fd 0 --local-user 131241512131DEF \
          --armor --output $RELEASE_NAME.asc --detach-sign $RELEASE_NAME

Afaics -W is only for no password at all?

Enhancement request: improve scriptablility

Woul be nice if rsign were given args to enable it to be more scriptable. At the moment it expects key password to be typed in, a scriptable alternative for this (e.g. path to env file) would be very much appreciated.

Freebsd compile fails

Attempting to cross-compile for FreeBSD on an Mac OSX Machine

% cargo build --release --target=x86_64-unknown-freebsd --verbose
       Fresh version_check v0.9.2
       Fresh subtle v2.3.0
       Fresh opaque-debug v0.3.0
       Fresh cpuid-bool v0.1.2
       Fresh cfg-if v1.0.0
       Fresh cfg-if v0.1.10
       Fresh unicode-width v0.1.8
       Fresh strsim v0.8.0
       Fresh ansi_term v0.11.0
       Fresh vec_map v0.8.2
       Fresh base64 v0.13.0
       Fresh textwrap v0.11.0
       Fresh typenum v1.12.0
       Fresh libc v0.2.80
       Fresh bitflags v1.2.1
       Fresh dirs-sys v0.3.5
       Fresh getrandom v0.2.0
       Fresh atty v0.2.14
       Fresh rpassword v5.0.0
       Fresh generic-array v0.14.4
       Fresh dirs v3.0.1
       Fresh clap v2.33.3
       Fresh crypto-mac v0.10.0
       Fresh digest v0.9.0
       Fresh block-buffer v0.9.0
       Fresh cipher v0.2.5
       Fresh hmac v0.10.1
       Fresh pbkdf2 v0.6.0
       Fresh sha2 v0.9.2
       Fresh salsa20 v0.7.2
       Fresh scrypt v0.5.0
       Fresh minisign v0.6.0
   Compiling rsign2 v0.5.6 (/Users/foobar/rsign2)
     Running `rustc --crate-name rsign src/bin/rsign/main.rs --error-format=json --json=diagnostic-rendered-ansi --crate-type bin --emit=dep-info,link -C opt-level=3 -C panic=abort -C lto -C metadata=a37a53bd37c869ec -C extra-filename=-a37a53bd37c869ec --out-dir /Users/foobar/rsign2/target/x86_64-unknown-freebsd/release/deps --target x86_64-unknown-freebsd -L dependency=/Users/foobar/rsign2/target/x86_64-unknown-freebsd/release/deps -L dependency=/Users/foobar/rsign2/target/release/deps --extern base64=/Users/foobar/rsign2/target/x86_64-unknown-freebsd/release/deps/libbase64-73f240f3f30667d0.rlib --extern clap=/Users/foobar/rsign2/target/x86_64-unknown-freebsd/release/deps/libclap-b4022481e61d52b9.rlib --extern dirs=/Users/foobar/rsign2/target/x86_64-unknown-freebsd/release/deps/libdirs-6ed9f336d8c3084b.rlib --extern minisign=/Users/foobar/rsign2/target/x86_64-unknown-freebsd/release/deps/libminisign-c4cbe3d0bb16352b.rlib`
error: linking with `cc` failed: exit code: 1
  |
  = note: "cc" "-Wl,--as-needed" "-Wl,-z,noexecstack" "-m64" "-Wl,--eh-frame-hdr" "-L" "/Users/foobar/.rustup/toolchains/stable-x86_64-apple-darwin/lib/rustlib/x86_64-unknown-freebsd/lib" "/Users/foobar/rsign2/target/x86_64-unknown-freebsd/release/deps/rsign-a37a53bd37c869ec.rsign.2qvdj8m3-cgu.0.rcgu.o" "-o" "/Users/foobar/rsign2/target/x86_64-unknown-freebsd/release/deps/rsign-a37a53bd37c869ec" "-Wl,--gc-sections" "-pie" "-Wl,-zrelro" "-Wl,-znow" "-Wl,-O1" "-nodefaultlibs" "-L" "/Users/foobar/rsign2/target/x86_64-unknown-freebsd/release/deps" "-L" "/Users/foobar/rsign2/target/release/deps" "-L" "/Users/foobar/.rustup/toolchains/stable-x86_64-apple-darwin/lib/rustlib/x86_64-unknown-freebsd/lib" "-Wl,--start-group" "-Wl,--end-group" "-Wl,-Bstatic" "/Users/foobar/.rustup/toolchains/stable-x86_64-apple-darwin/lib/rustlib/x86_64-unknown-freebsd/lib/libcompiler_builtins-3283ae690927487e.rlib" "-Wl,-Bdynamic" "-lrt" "-lutil" "-lutil" "-lexecinfo" "-lpthread" "-lgcc_s" "-lc" "-lm" "-lrt" "-lpthread" "-lrt" "-lutil" "-lutil"
  = note: clang: warning: argument unused during compilation: '-pie' [-Wunused-command-line-argument]
          ld: unknown option: --as-needed
          clang: error: linker command failed with exit code 1 (use -v to see invocation)
          

error: aborting due to previous error

error: could not compile `rsign2`.

Caused by:
  process didn't exit successfully: `rustc --crate-name rsign src/bin/rsign/main.rs --error-format=json --json=diagnostic-rendered-ansi --crate-type bin --emit=dep-info,link -C opt-level=3 -C panic=abort -C lto -C metadata=a37a53bd37c869ec -C extra-filename=-a37a53bd37c869ec --out-dir /Users/foobar/rsign2/target/x86_64-unknown-freebsd/release/deps --target x86_64-unknown-freebsd -L dependency=/Users/foobar/rsign2/target/x86_64-unknown-freebsd/release/deps -L dependency=/Users/foobar/rsign2/target/release/deps --extern base64=/Users/foobar/rsign2/target/x86_64-unknown-freebsd/release/deps/libbase64-73f240f3f30667d0.rlib --extern clap=/Users/foobar/rsign2/target/x86_64-unknown-freebsd/release/deps/libclap-b4022481e61d52b9.rlib --extern dirs=/Users/foobar/rsign2/target/x86_64-unknown-freebsd/release/deps/libdirs-6ed9f336d8c3084b.rlib --extern minisign=/Users/foobar/rsign2/target/x86_64-unknown-freebsd/release/deps/libminisign-c4cbe3d0bb16352b.rlib` (exit code: 1)

Consider migrating to `anyhow` for error handling

https://docs.rs/anyhow/1.0.31/anyhow/

Add command to wapm.toml

Hello!

Thanks for publishing this on wapm.io ; We're about to publish an article about package signing (that I've been sitting on for 3 weeks at this point) and part of it shows using rsign2 through wapm to generate a key that can be used to sign packages on wapm. There's an issue with the currently published version on wapm.io though, wapm needs a "command" to actually run the wasm module:

We'd just need to add something like,

[[command]]
name = "rsign"
module = "rsign"

To the manifest to get this to work.

Anyways, here's what I think the manifest should could look like in full:

[package]
name = "jedisct1/rsign2"
version = "0.5.2"
description = "A command-line tool to sign files and verify signatures with Minisign"
readme = "README.md"
repository = "https://github.com/jedisct1/rsign2"
homepage = "https://github.com/jedisct1/rsign2"
license = "ISC"

[[module]]
name = "rsign"
source = "rsign.wasm"

[[command]]
name = "rsign"
module = "rsign"

If you could update that and republish it, we'd be very grateful!

By the way, we thank you and link to you and your projects in the article, so feel free to request edits (to the content or to what we link to!). I'll send you an email with a link! If you're interested feel free to respond or leave comments, otherwise we'll publish it in a few days.

Thanks!!

Sign subcommand does not respect RSIGN_CONFIG_DIR

Is there a particular reason the sign subcommand does not use sk_path_or_default?

In related news, I wrote a snap for rsign.

jedisct1 / rsign2 Goto Github PK

rsign2's Introduction

rsign2

API documentation

Usage

rsign2's People

Contributors

Stargazers

Watchers

Forkers

rsign2's Issues

How to read password from stdin?

Enhancement request: improve scriptablility

Freebsd compile fails

Consider migrating to `anyhow` for error handling

Add command to wapm.toml

Sign subcommand does not respect RSIGN_CONFIG_DIR

Recommend Projects

React

Vue.js

Typescript

TensorFlow

Django

Laravel

D3

Recommend Topics

javascript

web

server

Machine learning

Visualization

Game

Recommend Org

Facebook

Microsoft

Google

Alibaba

D3

Tencent

Jobs