mirrors/minisign
1
0
Fork 0
mirror of https://github.com/jedisct1/minisign.git synced 2025-04-05 11:57:40 +03:00
Code Issues Projects Releases Packages Wiki Activity

Compare commits

base: mirrors:master
Branches Tags
mirrors:master
mirrors:gh-pages
mirrors:0.12
mirrors:0.7.4
mirrors:0.11
mirrors:0.10
mirrors:0.9
mirrors:0.8
mirrors:0.7
mirrors:0.6
mirrors:0.5
mirrors:0.4
mirrors:0.3
mirrors:0.2
mirrors:0.1
..
compare: mirrors:0.10
Branches Tags
mirrors:gh-pages
mirrors:master
mirrors:0.12
mirrors:0.7.4
mirrors:0.11
mirrors:0.10
mirrors:0.9
mirrors:0.8
mirrors:0.7
mirrors:0.6
mirrors:0.5
mirrors:0.4
mirrors:0.3
mirrors:0.2
mirrors:0.1

No commits in common. "master" and "0.10" have entirely different histories.
master ... 0.10

22 changed files with 405 additions and 736 deletions
Download patch file Download diff file Expand all files Collapse all files

2
.clang-format
View file

@ -94,7 +94,7 @@ IncludeIsMainSourceRegex: ""
IndentCaseLabels: false
IndentCaseBlocks: false
IndentGotoLabels: true
IndentPPDirectives: AfterHash
IndentPPDirectives: None
IndentExternBlock: AfterExternBlock
IndentRequires: false
IndentWidth: 4

17
.github/workflows/issues.yml vendored
View file

@ -1,17 +0,0 @@
name: Close inactive issues
on:
schedule:
- cron: "30 1 * * *"
jobs:
close-issues:
runs-on: ubuntu-latest
permissions:
issues: write
pull-requests: write
steps:
- uses: actions/stale@v9
with:
stale-issue-message: "This issue is stale because it has been open for 30 days with no activity."
close-issue-message: "This issue was closed because it has been inactive for 14 days since being marked as stale."
repo-token: ${{ secrets.GITHUB_TOKEN }}

2
.gitignore vendored
View file

@ -23,5 +23,5 @@ CMakeFiles
Makefile
cmake_install.cmake
minisign
.zig-cache
zig-cache
zig-out

43
.travis.yml Normal file
View file

@ -0,0 +1,43 @@
sudo: required
language: c
os:
- linux
compiler:
- gcc
before_script:
- git clone https://github.com/jedisct1/libsodium.git --branch=stable
- cd libsodium
- env CPPFLAGS=-DED25519_NONDETERMINISTIC ./configure --disable-dependency-tracking
- make -j$(nproc)
- sudo make install
- sudo ldconfig
- cd ..
script:
- rm -fr build
- mkdir build
- cd build
- cmake ..
- make -j$(nproc)
- cd ..
- rm -fr build
- mkdir build
- cd build
- cmake -D STATIC_LIBSODIUM=1 ..
- make -j$(nproc)
- cd ..
- rm -fr build
- mkdir build
- cd build
- cmake -D BUILD_STATIC_EXECUTABLES=1 ..
- make -j$(nproc)
- cd ..
matrix:
- fast_finish: true

4
CMakeLists.txt
View file

@ -1,4 +1,4 @@
cmake_minimum_required(VERSION 3.10)
cmake_minimum_required(VERSION 2.8)
project(minisign C)
@ -7,7 +7,7 @@ set(CPACK_PACKAGE_VENDOR "Frank Denis")
set(CPACK_PACKAGE_DESCRIPTION_FILE "${CMAKE_CURRENT_SOURCE_DIR}/README.md")
set(CPACK_RESOURCE_FILE_LICENSE "${CMAKE_CURRENT_SOURCE_DIR}/LICENSE")
set(CPACK_PACKAGE_VERSION_MAJOR "0")
set(CPACK_PACKAGE_VERSION_MINOR "12")
set(CPACK_PACKAGE_VERSION_MINOR "10")
set(CPACK_PACKAGE_VERSION_PATCH "0")
set(
CPACK_SOURCE_PACKAGE_FILE_NAME

2
Dockerfile
View file

@ -7,7 +7,7 @@ RUN apk add --no-cache upx ||:
RUN curl https://download.libsodium.org/libsodium/releases/LATEST.tar.gz | tar xzvf - && cd libsodium-stable && env CFLAGS="-Os" CPPFLAGS="-DED25519_NONDETERMINISTIC=1" ./configure --disable-dependency-tracking && make -j$(nproc) check && make install && cd .. && rm -fr libsodium-stable
COPY ./ ./
RUN mkdir build && cd build && cmake -DCMAKE_BUILD_TYPE=MinSizeRel -DBUILD_STATIC_EXECUTABLES=1 .. && make -j$(nproc)
RUN mkdir build && cd build && cmake -D BUILD_STATIC_EXECUTABLES=1 .. && make -j$(nproc)
RUN upx --lzma build/minisign ||:
FROM scratch

2
LICENSE
View file

@ -1,7 +1,7 @@
ISC LICENSE.
/*
* Copyright (c) 2015-2025
* Copyright (c) 2015-2021
* Frank Denis <j at pureftpd dot org>
*
* Permission to use, copy, modify, and/or distribute this software for any

115
README.md
View file

@ -1,6 +1,7 @@
![CodeQL scan](https://github.com/jedisct1/minisign/workflows/CodeQL%20scan/badge.svg)
# Minisign
Minisign
========
Minisign is a dead simple tool to sign files and verify signatures.
@ -12,39 +13,25 @@ public key:
RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3
## Compilation / installation
Compilation / installation
--------------------------
## Building with Zig
## Using [Zig](https://ziglang.org):
Dependencies:
- [libsodium](https://libsodium.org/) (_optional_)
- [zig](https://ziglang.org)
* [libsodium](https://libsodium.org/)
Compilation with libsodium, dynamically linked (libsodium will need to be installed on the system for the command to run):
Compilation:
$ zig build -Doptimize=ReleaseSmall
$ zig build -Drelease-small
Compilation with libsodium, statically linked (libsodium will only be needed for compilation):
## Using cmake and gcc or clang:
$ zig build -Doptimize=ReleaseSmall -Dstatic
Compilation without libsodium, no dependencies required:
$ zig build -Doptimize=ReleaseSmall -Dwithout-libsodium
The resulting binary can be found in `zig-out/bin/minisign`.
In all these examples, `ReleaseFast` can be replaced with `ReleaseSmall` to favor speed over size.
## Building with cmake and gcc or clang:
Dependencies:
- [libsodium](https://libsodium.org/) (_required_)
- cmake
- pkg-config
- gcc or clang
* [libsodium](https://libsodium.org/)
* cmake
* pkg-config
* gcc or clang
Compilation:
@ -62,8 +49,6 @@ or:
$ cmake -D BUILD_STATIC_EXECUTABLES=1 ..
## Pre-built packages
Minisign is also available in Homebrew:
$ brew install minisign
@ -80,53 +65,37 @@ Minisign is also available with docker:
$ docker run -i --rm jedisct1/minisign
For example, verifying a signature using the docker image can be done
with:
Additional tools, libraries and implementations
-----------------------------------------------
$ docker run -v .:/minisign -e HOME=/minisign -w /minisign \
-it --rm jedisct1/minisign \
-Vm file_to_verify -p minisign.pub
* [minizign](https://github.com/jedisct1/zig-minisign) is a compact
implementation in Zig, that can also use ssh-encoded keys.
* [minisign-misc](https://github.com/JayBrown/minisign-misc) is a very
nice set of workflows and scripts for macOS to verify and sign files
with minisign.
* [go-minisign](https://github.com/jedisct1/go-minisign) is a small module
in Go to verify Minisign signatures.
* [rust-minisign](https://github.com/jedisct1/rust-minisign) is a Minisign
library written in pure Rust, that can be embedded in other applications.
* [rsign2](https://github.com/jedisct1/rsign2) is a reimplementation of
the command-line tool in Rust.
* [minisign (go)](https://github.com/aead/minisign) is a rewrite of Minisign
in the Go language. It reimplements the CLI but can also be used as a library.
* [minisign-verify](https://github.com/jedisct1/rust-minisign-verify) is
a small Rust crate to verify Minisign signatures.
* [minisign-net](https://github.com/bitbeans/minisign-net) is a .NET library
to handle and create Minisign signatures.
* [minisign](https://github.com/chm-diederichs/minisign) a Javascript
implementation.
* WebAssembly implementations of [rsign2](https://wapm.io/package/jedisct1/rsign2)
and [minisign-cli](https://wapm.io/package/jedisct1/minisign) are available on
WAPM.
* [minisign-php](https://github.com/soatok/minisign-php) is a PHP implementation.
* [py-minisign](https://github.com/x13a/py-minisign) is a Python
implementation.
The image can be verified with the following cosign public key:
```text
-----BEGIN PUBLIC KEY-----
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAExjZWrlc6c58W7ZzmQnx6mugty99C
OQTDtJeciX9LF9hEbs1J1fzZHRdRhV4OTqcq0jTW9PXnrSSZlk1fbkE/5w==
-----END PUBLIC KEY-----
```
## Additional tools, libraries and implementations
- [minizign](https://github.com/jedisct1/zig-minisign) is a compact
implementation in Zig, that can also use ssh-encoded keys.
- [minisign-misc](https://github.com/JayBrown/minisign-misc) is a very
nice set of workflows and scripts for macOS to verify and sign files
with minisign.
- [go-minisign](https://github.com/jedisct1/go-minisign) is a small module
in Go to verify Minisign signatures.
- [rust-minisign](https://github.com/jedisct1/rust-minisign) is a Minisign
library written in pure Rust, that can be embedded in other applications.
- [rsign2](https://github.com/jedisct1/rsign2) is a reimplementation of
the command-line tool in Rust.
- [minisign (go)](https://github.com/aead/minisign) is a rewrite of Minisign
in the Go language. It reimplements the CLI but can also be used as a library.
- [minisign-verify](https://github.com/jedisct1/rust-minisign-verify) is
a small Rust crate to verify Minisign signatures.
- [minisign-net](https://github.com/bitbeans/minisign-net) is a .NET library
to handle and create Minisign signatures.
- [minisign](https://github.com/chm-diederichs/minisign) a Javascript
implementation.
- WebAssembly implementations of [rsign2](https://wapm.io/package/jedisct1/rsign2)
and [minisign-cli](https://wapm.io/package/jedisct1/minisign) are available on
WAPM.
- [minisign-php](https://github.com/soatok/minisign-php) is a PHP implementation.
- [py-minisign](https://github.com/x13a/py-minisign) is a Python
implementation.
- [minisign](https://hexdocs.pm/minisign/Minisign.html) is an Elixir implementation
(verification only)
## Signature determinism
Signature determinism
---------------------
This implementation uses deterministic signatures, unless libsodium
was compiled with the `ED25519_NONDETERMINISTIC` macro defined. This

4
build-dist-package.sh
View file

@ -1,4 +0,0 @@
#! /bin/sh
tar czpvf minisign-0.12.tar.gz $(git ls-files)
minisign -Sm minisign-0.12.tar.gz

85
build.zig
View file

@ -1,80 +1,17 @@
const builtin = @import("builtin");
const std = @import("std");
pub fn build(b: *std.Build) !void {
const target = b.standardTargetOptions(.{});
const optimize = b.standardOptimizeOption(.{});
const use_libzodium = b.option(bool, "without-libsodium", "Use the zig standard library instead of libsodium") orelse false;
const use_static_linking = b.option(bool, "static", "Statically link the binary") orelse false;
const minisign = b.addExecutable(.{
.name = "minisign",
.target = target,
.optimize = optimize,
.strip = true,
});
if (builtin.zig_version.major == 0 and builtin.zig_version.minor < 14) {
@compileError("Building requires Zig 0.14.0 or later");
}
// fix Mach-O relocation
minisign.headerpad_max_install_names = true;
pub fn build(b: *std.build.Builder) !void {
var target = b.standardTargetOptions(.{});
const mode = b.standardReleaseOptions();
const minisign = b.addExecutable("minisign", null);
minisign.setTarget(target);
minisign.setBuildMode(mode);
minisign.install();
minisign.linkLibC();
if (use_libzodium) {
var libzodium = lib: {
const libzodium_mod = b.createModule(.{
.root_source_file = b.path("src/libzodium/libzodium.zig"),
.target = target,
.optimize = optimize,
});
break :lib b.addStaticLibrary(.{
.name = "zodium",
.root_module = libzodium_mod,
.strip = true,
});
};
libzodium.linkLibC();
b.installArtifact(libzodium);
minisign.root_module.addCMacro("LIBZODIUM", "1");
minisign.linkLibrary(libzodium);
} else {
var override_pkgconfig = false;
if (std.posix.getenv("LIBSODIUM_INCLUDE_PATH")) |path| {
minisign.addSystemIncludePath(.{ .cwd_relative = path });
override_pkgconfig = true;
}
if (std.posix.getenv("LIBSODIUM_LIB_PATH")) |path| {
minisign.addLibraryPath(.{ .cwd_relative = path });
override_pkgconfig = true;
}
minisign.linkSystemLibrary("sodium");
for ([_][]const u8{ "/opt/homebrew/include", "/home/linuxbrew/.linuxbrew/include", "/usr/local/include" }) |path| {
std.fs.accessAbsolute(path, .{}) catch continue;
minisign.addSystemIncludePath(.{ .cwd_relative = path });
}
for ([_][]const u8{ "/opt/homebrew/lib", "/home/linuxbrew/.linuxbrew/lib", "/usr/local/lib" }) |path| {
std.fs.accessAbsolute(path, .{}) catch continue;
minisign.addLibraryPath(.{ .cwd_relative = path });
}
if (!use_static_linking) {
minisign.headerpad_max_install_names = true; // required to compile using Homebrew, see https://github.com/jedisct1/minisign/pull/155
}
minisign.root_module.linkSystemLibrary(
"sodium",
.{
.use_pkg_config = if (override_pkgconfig) .no else .yes,
.preferred_link_mode = if (use_static_linking) .static else .dynamic,
},
);
}
minisign.addIncludePath(b.path("src"));
minisign.root_module.addCMacro("_GNU_SOURCE", "1");
const source_files = &.{ "src/base64.c", "src/get_line.c", "src/helpers.c", "src/minisign.c" };
minisign.addCSourceFiles(.{ .files = source_files });
b.installArtifact(minisign);
minisign.addIncludeDir("src");
minisign.addSystemIncludeDir("/usr/local/include");
minisign.addCSourceFiles(&.{ "src/base64.c", "src/get_line.c", "src/helpers.c", "src/minisign.c" }, &.{});
}

13
build.zig.zon
View file

@ -1,13 +0,0 @@
.{
.name = .minisign,
.version = "0.12.0",
.fingerprint = 0x280456c1fd373c55,
.paths = .{
"LICEMSE",
"README.md",
"build.zig",
"build.zig.zon",
"src",
"share",
},
}

4
cosign.pub
View file

@ -1,4 +0,0 @@
-----BEGIN PUBLIC KEY-----
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAExjZWrlc6c58W7ZzmQnx6mugty99C
OQTDtJeciX9LF9hEbs1J1fzZHRdRhV4OTqcq0jTW9PXnrSSZlk1fbkE/5w==
-----END PUBLIC KEY-----

93
share/man/man1/minisign.1
View file

@ -1,25 +1,22 @@
.\" generated with Ronn/v0.7.3
.\" http://github.com/rtomayko/ronn/tree/0.7.3
.
.TH "MINISIGN" "1" "March 2025" "" ""
.TH "MINISIGN" "1" "June 2020" "" ""
.
.SH "NAME"
\fBminisign\fR \- A dead simple tool to sign files and verify signatures\.
.
.SH "SYNOPSIS"
\fBminisign\fR \-G [\-p pubkey_file] [\-s seckey_file] [\-W]
\fBminisign\fR \-G [\-p pubkey] [\-s seckey]
.
.P
\fBminisign\fR \-R [\-s seckey_file] [\-p pubkey_file]
\fBminisign\fR \-S [\-H] [\-x sigfile] [\-s seckey] [\-c untrusted_comment] [\-t trusted_comment] \-m file [file \.\.\.]
.
.P
\fBminisign\fR \-C [\-s seckey_file] [\-W]
\fBminisign\fR \-V [\-x sigfile] [\-p pubkeyfile | \-P pubkey] [\-o] [\-q] \-m file
.
.P
\fBminisign\fR \-S [\-H] [\-x sig_file] [\-s seckey_file] [\-c untrusted_comment] [\-t trusted_comment] \-m file [file \.\.\.]
.
.P
\fBminisign\fR \-V [\-x sig_file] [\-p pubkey_file | \-P pubkey] [\-o] [\-q] \-m file
\fBminisign\fR \-R \-s seckey \-p pubkeyfile
.
.SH "DESCRIPTION"
\fBMinisign\fR is a dead simple tool to sign files and verify signatures\.
@ -35,14 +32,6 @@ These options control the actions of \fBminisign\fR\.
Generate a new key pair
.
.TP
\fB\-C\fR
Change/remove the password of a secret key
.
.TP
\fB\-R\fR
Recreate a public key file from a secret key file
.
.TP
\fB\-S\fR
Sign files
.
@ -51,14 +40,6 @@ Sign files
Verify that a signature is valid for a given file
.
.TP
\fB\-H\fR
Requires the input to be prehashed
.
.TP
\fB\-l\fR
Sign using the legacy format
.
.TP
\fB\-m <file>\fR
File to sign/verify
.
@ -67,7 +48,11 @@ File to sign/verify
Combined with \-V, output the file content after verification
.
.TP
\fB\-p <pubkey_file>\fR
\fB\-H\fR
Combined with \-S, pre\-hash in order to sign large files
.
.TP
\fB\-p <pubkeyfile>\fR
Public key file (default: \./minisign\.pub)
.
.TP
@ -75,15 +60,11 @@ Public key file (default: \./minisign\.pub)
Public key, as a base64 string
.
.TP
\fB\-s <seckey_file>\fR
\fB\-s <seckey>\fR
Secret key file (default: ~/\.minisign/minisign\.key)
.
.TP
\fB\-W\fR
Do not encrypt/decrypt the secret key with a password
.
.TP
\fB\-x <sig_file>\fR
\fB\-x <sigfile>\fR
Signature file (default: <file>\.minisig)
.
.TP
@ -103,6 +84,10 @@ Quiet mode, suppress output
Pretty quiet mode, only print the trusted comment
.
.TP
\fB\-R\fR
Recreate a public key file from a secret key file
.
.TP
\fB\-f\fR
Force\. Combined with \-G, overwrite a previous key pair
.
@ -152,17 +137,53 @@ This requires the signature \fBmyfile\.txt\.minisig\fR to be present in the same
.P
The public key can either reside in a file (\fB\./minisign\.pub\fR by default) or be directly specified on the command line\.
.
.SH "NOTES"
Signature files include an untrusted comment line that can be freely modified even after the signature is created\.
.SH "Notes"
\fBTrusted comments\fR
.
.P
They also include a second comment line that cannot be modified without the secret key\.
Signature files include an untrusted comment line that can be freely modified, even after signature creation\.
.
.P
Trusted comments can be used to add instructions or application\-specific metadata such as the intended file name, timestamps, resource identifiers, or version numbers to prevent downgrade attacks\.
They also include a second comment line, that cannot be modified without the secret key\.
.
.P
OpenBSD\'s \fBsignify(1)\fR is conceptually similar to Minisign\. Minisign creates signatures that can be verified by \fBsignify\fR; however, signatures created by \fBsignify\fR cannot be verified with Minisign because Minisign expects a trusted comment section to be present\. Trusted comments are crucial for describing what has been signed, in addition to merely confirming that a signature exists\.
Trusted comments can be used to add instructions or application\-specific metadata (intended file name, timestamps, resource identifiers, version numbers to prevent downgrade attacks)\.
.
.P
\fBCompatibility with OpenBSD signify\fR
.
.P
Signatures written by \fBminisign\fR can be verified using OpenBSD\'s \fBsignify\fR tool: public key files and signature files are compatible\.
.
.P
However, \fBminisign\fR uses a slightly different format to store secret keys\.
.
.P
\fBMinisign\fR signatures include trusted comments in addition to untrusted comments\. Trusted comments are signed, thus verified, before being displayed\.
.
.P
This adds two lines to the signature files, that signify silently ignores\.
.
.P
\fBPre\-hashing\fR
.
.P
By default, signing and verification require as much memory as the size of the file\.
.
.P
Since \fBMinisign 0\.6\fR, huge files can be signed and verified with very low memory requirements, by pre\-hashing the content\.
.
.P
The \-H command\-line switch, in combination with \-S, generates a pre\-hashed signature (HashEdDSA):
.
.P
$ \fBminisign\fR \-SHm myfile\.txt
.
.P
Verification of such a signature doesn\'t require any specific switch: the appropriate algorithm will automatically be detected\.
.
.P
Signatures generated that way are not compatible with OpenBSD\'s \fBsignify\fR tool and are not compatible with \fBMinisign\fR versions prior to 0\.6\.
.
.SH "AUTHOR"
Frank Denis (github [at] pureftpd [dot] org)

2
src/base64.c
View file

@ -52,7 +52,7 @@ b64_to_bin(unsigned char *const bin, const char *b64, size_t bin_maxlen, size_t
REV64_NONE, REV64_NONE, REV64_NONE, REV64_NONE
};
const unsigned char *b64_u = (const unsigned char *) b64;
unsigned char *bin_w = bin;
unsigned char * bin_w = bin;
unsigned char mask = 0U;
unsigned char t0 = 0, t1 = 0, t2 = 0, t3 = 0;
uint32_t t = 0;

26
src/get_line.c
View file

@ -1,6 +1,6 @@
#if defined(__unix__) || (defined(__APPLE__) && defined(__MACH__)) || defined(__HAIKU__)
# include <sys/types.h>
#include <sys/types.h>
#endif
#include <assert.h>
@ -10,19 +10,19 @@
#include <string.h>
#if defined(__unix__) || (defined(__APPLE__) && defined(__MACH__)) || defined(__HAIKU__)
# include <fcntl.h>
# include <poll.h>
# include <termios.h>
# include <unistd.h>
#include <fcntl.h>
#include <poll.h>
#include <termios.h>
#include <unistd.h>
#elif defined(_WIN32)
# include <windows.h>
#include <windows.h>
#endif
#include "get_line.h"
#include "helpers.h"
#ifndef TCSAFLUSH
# define TCSAFLUSH 0
#define TCSAFLUSH 0
#endif
#ifndef VERIFY_ONLY
@ -33,7 +33,7 @@ disable_echo(void)
fflush(stdout);
fflush(stderr);
# if defined(__unix__) || (defined(__APPLE__) && defined(__MACH__)) || defined(__HAIKU__)
#if defined(__unix__) || (defined(__APPLE__) && defined(__MACH__)) || defined(__HAIKU__)
{
struct termios p;
@ -43,7 +43,7 @@ disable_echo(void)
p.c_lflag &= ~ECHO;
tcsetattr(0, TCSAFLUSH, &p);
}
# elif defined(_WIN32)
#elif defined(_WIN32)
{
HANDLE handle = GetStdHandle(STD_INPUT_HANDLE);
DWORD mode = 0;
@ -51,7 +51,7 @@ disable_echo(void)
GetConsoleMode(handle, &mode);
SetConsoleMode(handle, mode & ~ENABLE_ECHO_INPUT);
}
# endif
#endif
}
static void
@ -60,7 +60,7 @@ enable_echo(void)
fflush(stdout);
fflush(stderr);
# if defined(__unix__) || (defined(__APPLE__) && defined(__MACH__)) || defined(__HAIKU__)
#if defined(__unix__) || (defined(__APPLE__) && defined(__MACH__)) || defined(__HAIKU__)
{
struct termios p;
@ -70,7 +70,7 @@ enable_echo(void)
p.c_lflag |= ECHO;
tcsetattr(0, TCSAFLUSH, &p);
}
# elif defined(_WIN32)
#elif defined(_WIN32)
{
HANDLE handle = GetStdHandle(STD_INPUT_HANDLE);
DWORD mode = 0;
@ -78,7 +78,7 @@ enable_echo(void)
GetConsoleMode(handle, &mode);
SetConsoleMode(handle, mode | ENABLE_ECHO_INPUT);
}
# endif
#endif
}
int

29
src/helpers.c
View file

@ -1,10 +1,10 @@
#if defined(__unix__) || (defined(__APPLE__) && defined(__MACH__)) || defined(__HAIKU__)
# include <fcntl.h>
# include <sys/stat.h>
# include <sys/types.h>
#include <fcntl.h>
#include <sys/stat.h>
#include <sys/types.h>
#elif defined(_WIN32)
# include <direct.h>
#include <direct.h>
#endif
#include <errno.h>
@ -14,11 +14,7 @@
#include <stdlib.h>
#include <string.h>
#ifdef LIBZODIUM
# include "libzodium/sodium.h"
#else
# include <sodium.h>
#endif
#include <sodium.h>
#include "base64.h"
#include "helpers.h"
@ -104,7 +100,7 @@ xor_buf(unsigned char *dst, const unsigned char *src, size_t len)
int
xfprintf(FILE *fp, const char *format, ...)
{
char *out;
char * out;
size_t out_maxlen = 4096U;
int len;
va_list va;
@ -130,7 +126,7 @@ int
xfput_b64(FILE *fp, const unsigned char *bin, size_t bin_len)
{
const size_t b64_maxlen = (bin_len + 2) * 4 / 3 + 1;
char *b64;
char * b64;
b64 = xsodium_malloc(b64_maxlen);
if (bin_to_b64(b64, bin, b64_maxlen, bin_len) == NULL) {
@ -155,21 +151,16 @@ xfclose(FILE *fp)
return 0;
}
int
void
trim(char *str)
{
size_t i = strlen(str);
int t = 0;
while (i-- > (size_t) 0U) {
if (str[i] == '\n') {
str[i] = 0;
t = 1;
} else if (str[i] == '\r') {
if (str[i] == '\n' || str[i] == '\r') {
str[i] = 0;
}
}
return t;
}
const char *
@ -202,7 +193,7 @@ int
basedir_create_useronly(const char *file)
{
const char *basename;
char *dir;
char * dir;
int ret = -1;
dir = xstrdup(file);

8
src/helpers.h
View file

@ -6,12 +6,12 @@
#include <stdio.h>
#if !defined(__GNUC__) && !defined(__attribute__)
# define __attribute__(X)
#define __attribute__(X)
#endif
#ifdef _WIN32
# define DIR_SEP '\\'
#define DIR_SEP '\\'
#else
# define DIR_SEP '/'
#define DIR_SEP '/'
#endif
uint64_t le64_load(const unsigned char *p);
@ -36,7 +36,7 @@ int xfprintf(FILE *fp, const char *format, ...) __attribute__((format(printf, 2,
int xfclose(FILE *fp);
int trim(char *str);
void trim(char *str);
const char *file_basename(const char *file);

120
src/libzodium/libzodium.zig
View file

@ -1,120 +0,0 @@
const std = @import("std");
const crypto = std.crypto;
const mem = std.mem;
const Ed25519 = crypto.sign.Ed25519;
export fn sodium_init() callconv(.C) c_int {
return 0;
}
export fn sodium_memzero(pnt: [*c]u8, len: usize) callconv(.C) void {
crypto.utils.secureZero(u8, pnt[0..len]);
}
export fn randombytes_buf(pnt: [*c]u8, len: usize) callconv(.C) void {
crypto.random.bytes(pnt[0..len]);
}
export fn sodium_malloc(len: usize) callconv(.C) ?*anyopaque {
return std.c.malloc(len);
}
export fn sodium_free(pnt: ?*anyopaque) callconv(.C) void {
return std.c.free(pnt);
}
export fn crypto_pwhash_scryptsalsa208sha256(
out: [*c]u8,
outlen: c_ulonglong,
passwd: [*c]const u8,
passwdlen: c_ulonglong,
salt: [*c]const u8,
opslimit: c_ulonglong,
memlimit: usize,
) callconv(.C) c_int {
crypto.pwhash.scrypt.kdf(
std.heap.c_allocator,
out[0..@intCast(outlen)],
passwd[0..@intCast(passwdlen)],
salt[0..32],
crypto.pwhash.scrypt.Params.fromLimits(opslimit, memlimit),
) catch return -1;
return 0;
}
const crypto_generichash_state = crypto.hash.blake2.Blake2b512;
export fn crypto_generichash_init(
state: *crypto_generichash_state,
_: [*c]const u8,
_: usize,
outlen: usize,
) c_int {
state.* = crypto.hash.blake2.Blake2b512.init(.{ .expected_out_bits = outlen * 8 });
return 0;
}
export fn crypto_generichash_update(
state: *crypto_generichash_state,
in: [*c]const u8,
inlen: c_ulonglong,
) c_int {
state.*.update(in[0..@intCast(inlen)]);
return 0;
}
export fn crypto_generichash_final(
state: *crypto_generichash_state,
out: [*c]u8,
outlen: usize,
) c_int {
var h: [64]u8 = undefined;
state.*.final(&h);
@memcpy(out[0..outlen], h[0..outlen]);
return 0;
}
export fn crypto_sign_keypair(pk: [*c]u8, sk: [*c]u8) callconv(.C) c_int {
const kp = if (std.meta.hasFn(Ed25519.KeyPair, "generate")) Ed25519.KeyPair.generate() else (Ed25519.KeyPair.create(null) catch return -1);
pk[0..32].* = kp.public_key.toBytes();
sk[0..64].* = kp.secret_key.toBytes();
return 0;
}
export fn crypto_sign_detached(
sig_bytes: [*c]u8,
_: [*c]c_ulonglong,
m: [*c]const u8,
mlen: c_ulonglong,
sk_bytes: [*c]const u8,
) callconv(.C) c_int {
const sk = Ed25519.SecretKey.fromBytes(sk_bytes[0..64].*) catch return -1;
const kp = Ed25519.KeyPair.fromSecretKey(sk) catch return -1;
var noise: [Ed25519.noise_length]u8 = undefined;
crypto.random.bytes(&noise);
const s = kp.sign(m[0..@intCast(mlen)], noise) catch return -1;
sig_bytes[0..64].* = s.toBytes();
return 0;
}
export fn crypto_sign_verify_detached(
sig_bytes: [*c]const u8,
m: [*c]const u8,
mlen: c_ulonglong,
pk_bytes: [*c]const u8,
) callconv(.C) c_int {
const pk = Ed25519.PublicKey.fromBytes(pk_bytes[0..32].*) catch return -1;
const sig = Ed25519.Signature.fromBytes(sig_bytes[0..64].*);
sig.verify(m[0..@intCast(mlen)], pk) catch return 1;
return 0;
}
export fn sodium_bin2hex(
hex: [*c]u8,
hex_maxlen: usize,
bin: [*c]const u8,
bin_len: usize,
) callconv(.C) [*c]u8 {
_ = std.fmt.bufPrint(hex[0..hex_maxlen], "{s}", .{std.fmt.fmtSliceHexLower(bin[0..bin_len])}) catch return null;
return hex;
}

62
src/libzodium/sodium.h
View file

@ -1,62 +0,0 @@
#pragma once
#include <stddef.h>
int sodium_init(void) __attribute__((warn_unused_result));
;
void sodium_memzero(void* const pnt, const size_t len);
void randombytes_buf(void* const buf, const size_t size) __attribute__((nonnull));
void* sodium_malloc(const size_t size) __attribute__((malloc));
void sodium_free(void* ptr);
#define crypto_pwhash_scryptsalsa208sha256_SALTBYTES 32U
#define crypto_pwhash_scryptsalsa208sha256_OPSLIMIT_MIN 32768U
#define crypto_pwhash_scryptsalsa208sha256_MEMLIMIT_MIN 16777216U
#define crypto_pwhash_scryptsalsa208sha256_OPSLIMIT_SENSITIVE 33554432U
#define crypto_pwhash_scryptsalsa208sha256_MEMLIMIT_SENSITIVE 1073741824U
int crypto_pwhash_scryptsalsa208sha256(unsigned char* const out,
unsigned long long outlen,
const char* const passwd,
unsigned long long passwdlen,
const unsigned char* const salt,
unsigned long long opslimit,
size_t memlimit) __attribute__((warn_unused_result))
__attribute__((nonnull));
typedef struct crypto_generichash_state {
unsigned char opaque[512];
} crypto_generichash_state;
#define crypto_generichash_BYTES_MAX 64U
#define crypto_generichash_BYTES 32U
int crypto_generichash_init(crypto_generichash_state* state, const unsigned char* key,
const size_t keylen, const size_t outlen) __attribute__((nonnull(1)));
int crypto_generichash_update(crypto_generichash_state* state,
const unsigned char* in,
unsigned long long inlen) __attribute__((nonnull(1)));
int crypto_generichash_final(crypto_generichash_state* state, unsigned char* out,
const size_t outlen) __attribute__((nonnull));
#define crypto_sign_SECRETKEYBYTES 64
#define crypto_sign_PUBLICKEYBYTES 32
#define crypto_sign_BYTES 64
int crypto_sign_keypair(unsigned char* pk, unsigned char* sk) __attribute__((nonnull));
int crypto_sign_detached(unsigned char* sig, unsigned long long* siglen_p, const unsigned char* m,
unsigned long long mlen, const unsigned char* sk)
__attribute__((nonnull(1, 5)));
int crypto_sign_verify_detached(const unsigned char* sig,
const unsigned char* m,
unsigned long long mlen,
const unsigned char* pk) __attribute__((warn_unused_result))
__attribute__((nonnull(1, 4)));

129
src/manpage.md
View file

@ -1,20 +1,18 @@
<!---
This man page can be generated using ronn - https://rtomayko.github.io/ronn/
This man page can be generated using ronn - http://rtomayko.github.com/ronn/
-->
# minisign(1) -- A dead simple tool to sign files and verify signatures.
minisign(1) -- A dead simple tool to sign files and verify signatures.
======================================================================
## SYNOPSIS
`minisign` -G [-p pubkey_file] [-s seckey_file] [-W]
`minisign` -G [-p pubkey] [-s seckey]
`minisign` -R [-s seckey_file] [-p pubkey_file]
`minisign` -S [-H] [-x sigfile] [-s seckey] [-c untrusted_comment] [-t trusted_comment] -m file [file ...]
`minisign` -C [-s seckey_file] [-W]
`minisign` -V [-x sigfile] [-p pubkeyfile | -P pubkey] [-o] [-q] -m file
`minisign` -S [-H] [-x sig_file] [-s seckey_file] [-c untrusted_comment] [-t trusted_comment] -m file [file ...]
`minisign` -V [-x sig_file] [-p pubkey_file | -P pubkey] [-o] [-q] -m file
`minisign` -R -s seckey -p pubkeyfile
## DESCRIPTION
@ -26,46 +24,41 @@ It is portable, lightweight, and uses the highly secure [Ed25519](http://ed25519
These options control the actions of `minisign`.
- `-G`:
Generate a new key pair
- `-C`:
Change/remove the password of a secret key
- `-R`:
Recreate a public key file from a secret key file
- `-S`:
Sign files
- `-V`:
Verify that a signature is valid for a given file
- `-H`:
Requires the input to be prehashed
- `-l`:
Sign using the legacy format
- `-m <file>`:
File to sign/verify
- `-o`:
Combined with -V, output the file content after verification
- `-p <pubkey_file>`:
Public key file (default: ./minisign.pub)
- `-P <pubkey>`:
Public key, as a base64 string
- `-s <seckey_file>`:
Secret key file (default: ~/.minisign/minisign.key)
- `-W`:
Do not encrypt/decrypt the secret key with a password
- `-x <sig_file>`:
Signature file (default: &lt;file&gt;.minisig)
- `-c <comment>`:
Add a one-line untrusted comment
- `-t <comment>`:
Add a one-line trusted comment
- `-q`:
Quiet mode, suppress output
- `-Q`:
Pretty quiet mode, only print the trusted comment
- `-f`:
Force. Combined with -G, overwrite a previous key pair
- `-v`:
Display version number
* `-G`:
Generate a new key pair
* `-S`:
Sign files
* `-V`:
Verify that a signature is valid for a given file
* `-m <file>`:
File to sign/verify
* `-o`:
Combined with -V, output the file content after verification
* `-H`:
Combined with -S, pre-hash in order to sign large files
* `-p <pubkeyfile>`:
Public key file (default: ./minisign.pub)
* `-P <pubkey>`:
Public key, as a base64 string
* `-s <seckey>`:
Secret key file (default: ~/.minisign/minisign.key)
* `-x <sigfile>`:
Signature file (default: &lt;file&gt;.minisig)
* `-c <comment>`:
Add a one-line untrusted comment
* `-t <comment>`:
Add a one-line trusted comment
* `-q`:
Quiet mode, suppress output
* `-Q`:
Pretty quiet mode, only print the trusted comment
* `-R`:
Recreate a public key file from a secret key file
* `-f`:
Force. Combined with -G, overwrite a previous key pair
* `-v`:
Display version number
## EXAMPLES
@ -78,7 +71,7 @@ The public key is printed and put into the `minisign.pub` file. The secret key i
Signing files
$ `minisign` -Sm myfile.txt
$ `minisign` -Sm myfile.txt myfile2.txt \*.c
$ `minisign` -Sm myfile.txt myfile2.txt *.c
Or to include a comment in the signature, that will be verified and displayed when verifying the file:
@ -88,7 +81,7 @@ The secret key is loaded from `${MINISIGN_CONFIG_DIR}/minisign.key`, `~/.minisig
Verifying a file
$ `minisign` -Vm myfile.txt -P &lt;pubkey&gt;
$ `minisign` -Vm myfile.txt -P &lt;pubkey&gt;
or
@ -98,15 +91,39 @@ This requires the signature `myfile.txt.minisig` to be present in the same direc
The public key can either reside in a file (`./minisign.pub` by default) or be directly specified on the command line.
## NOTES
## Notes
Signature files include an untrusted comment line that can be freely modified even after the signature is created.
**Trusted comments**
They also include a second comment line that cannot be modified without the secret key.
Signature files include an untrusted comment line that can be freely modified, even after signature creation.
Trusted comments can be used to add instructions or application-specific metadata such as the intended file name, timestamps, resource identifiers, or version numbers to prevent downgrade attacks.
They also include a second comment line, that cannot be modified without the secret key.
OpenBSD's `signify(1)` is conceptually similar to Minisign. Minisign creates signatures that can be verified by `signify`; however, signatures created by `signify` cannot be verified with Minisign because Minisign expects a trusted comment section to be present. Trusted comments are crucial for describing what has been signed, in addition to merely confirming that a signature exists.
Trusted comments can be used to add instructions or application-specific metadata (intended file name, timestamps, resource identifiers, version numbers to prevent downgrade attacks).
**Compatibility with OpenBSD signify**
Signatures written by `minisign` can be verified using OpenBSD's `signify` tool: public key files and signature files are compatible.
However, `minisign` uses a slightly different format to store secret keys.
`Minisign` signatures include trusted comments in addition to untrusted comments. Trusted comments are signed, thus verified, before being displayed.
This adds two lines to the signature files, that signify silently ignores.
**Pre-hashing**
By default, signing and verification require as much memory as the size of the file.
Since `Minisign 0.6`, huge files can be signed and verified with very low memory requirements, by pre-hashing the content.
The -H command-line switch, in combination with -S, generates a pre-hashed signature (HashEdDSA):
$ `minisign` -SHm myfile.txt
Verification of such a signature doesn't require any specific switch: the appropriate algorithm will automatically be detected.
Signatures generated that way are not compatible with OpenBSD's `signify` tool and are not compatible with `Minisign` versions prior to 0.6.
## AUTHOR

373
src/minisign.c
View file

@ -10,11 +10,7 @@
#include <time.h>
#include <unistd.h>
#ifdef LIBZODIUM
# include "libzodium/sodium.h"
#else
# include <sodium.h>
#endif
#include <sodium.h>
#include "base64.h"
#include "get_line.h"
@ -22,7 +18,7 @@
#include "minisign.h"
#ifndef VERIFY_ONLY
static const char *getopt_options = "CGSVRHhc:flm:oP:p:qQs:t:vWx:";
static const char *getopt_options = "GSVRHhc:flm:oP:p:qQs:t:vx:";
#else
static const char *getopt_options = "VhHm:oP:p:qQvx:";
#endif
@ -35,30 +31,30 @@ usage(void)
puts(
"Usage:\n"
#ifndef VERIFY_ONLY
"minisign -G [-f] [-p pubkey_file] [-s seckey_file] [-W]\n"
"minisign -R [-s seckey_file] [-p pubkey_file]\n"
"minisign -C [-s seckey_file] [-W]\n"
"minisign -S [-l] [-x sig_file] [-s seckey_file] [-c untrusted_comment]\n"
" [-t trusted_comment] -m file [file ...]\n"
"minisign -G [-p pubkey] [-s seckey]\n"
"minisign -S [-l] [-x sigfile] [-s seckey] [-c untrusted_comment] [-t trusted_comment] -m "
"file [file ...]\n"
#endif
"minisign -V [-H] [-x sigfile] [-p pubkeyfile | -P pubkey] [-o] [-q] -m file\n"
#ifndef VERIFY_ONLY
"minisign -R -s seckey -p pubkeyfile\n"
#endif
"minisign -V [-H] [-x sig_file] [-p pubkey_file | -P pubkey] [-o] [-q] -m file\n"
"\n"
#ifndef VERIFY_ONLY
"-G generate a new key pair\n"
"-R recreate a public key file from a secret key file\n"
"-C change/remove the password of the secret key\n"
#endif
"-H require input to be prehashed\n"
#ifndef VERIFY_ONLY
"-S sign files\n"
#endif
"-V verify that a signature is valid for a given file\n"
"-H require input to be prehashed\n"
"-l sign using the legacy format\n"
"-m <file> file to sign/verify\n"
"-o combined with -V, output the file content after verification\n"
"-p <pubkey_file> public key file (default: ./minisign.pub)\n"
"-p <pubkeyfile> public key file (default: ./minisign.pub)\n"
"-P <pubkey> public key, as a base64 string\n"
#ifndef VERIFY_ONLY
"-s <seckey_file> secret key file (default: ~/.minisign/minisign.key)\n"
"-W do not encrypt/decrypt the secret key with a password\n"
"-s <seckey> secret key file (default: ~/.minisign/minisign.key)\n"
#endif
"-x <sigfile> signature file (default: <file>.minisig)\n"
#ifndef VERIFY_ONLY
@ -67,6 +63,9 @@ usage(void)
#endif
"-q quiet mode, suppress output\n"
"-Q pretty quiet mode, only print the trusted comment\n"
#ifndef VERIFY_ONLY
"-R recreate a public key file from a secret key file\n"
#endif
"-f force. Combined with -G, overwrite a previous key pair\n"
"-v display version number\n");
exit(2);
@ -77,8 +76,8 @@ message_load_hashed(size_t *message_len, const char *message_file)
{
crypto_generichash_state hs;
unsigned char buf[65536U];
unsigned char *message;
FILE *fp;
unsigned char * message;
FILE * fp;
size_t n;
if ((fp = fopen(message_file, "rb")) == NULL) {
@ -102,7 +101,7 @@ message_load_hashed(size_t *message_len, const char *message_file)
static unsigned char *
message_load(size_t *message_len, const char *message_file, int hashed)
{
FILE *fp;
FILE * fp;
unsigned char *message;
off_t message_len_;
@ -131,7 +130,7 @@ static int
output_file(const char *message_file)
{
unsigned char buf[65536U];
FILE *fp;
FILE * fp;
size_t n;
if ((fp = fopen(message_file, "rb")) == NULL) {
@ -156,9 +155,9 @@ sig_load(const char *sig_file, unsigned char global_sig[crypto_sign_BYTES], int
{
char comment[COMMENTMAXBYTES];
SigStruct *sig_struct;
FILE *fp;
char *global_sig_s;
char *sig_s;
FILE * fp;
char * global_sig_s;
char * sig_s;
size_t global_sig_len;
size_t global_sig_s_size;
size_t sig_s_size;
@ -170,9 +169,6 @@ sig_load(const char *sig_file, unsigned char global_sig[crypto_sign_BYTES], int
if (fgets(comment, (int) sizeof comment, fp) == NULL) {
exit_msg("Error while reading the signature file");
}
if (trim(comment) == 0) {
exit_msg("Untrusted signature comment too long");
}
if (strncmp(comment, COMMENT_PREFIX, (sizeof COMMENT_PREFIX) - 1U) != 0) {
exit_msg(
"Untrusted signature comment should start with "
@ -183,9 +179,7 @@ sig_load(const char *sig_file, unsigned char global_sig[crypto_sign_BYTES], int
if (fgets(sig_s, (int) sig_s_size, fp) == NULL) {
exit_msg("Error while reading the signature file");
}
if (trim(sig_s) == 0) {
exit_msg("Signature too long");
}
trim(sig_s);
if (fgets(trusted_comment, (int) trusted_comment_maxlen, fp) == NULL) {
exit_msg("Trusted comment not present");
}
@ -198,9 +192,7 @@ sig_load(const char *sig_file, unsigned char global_sig[crypto_sign_BYTES], int
memmove(trusted_comment,
trusted_comment + sizeof TRUSTED_COMMENT_PREFIX - 1U,
strlen(trusted_comment + sizeof TRUSTED_COMMENT_PREFIX - 1U) + 1U);
if (trim(trusted_comment) == 0) {
exit_msg("Trusted comment too long");
}
trim(trusted_comment);
global_sig_s_size = B64_MAX_LEN_FROM_BIN_LEN(crypto_sign_BYTES) + 2U;
global_sig_s = xmalloc(global_sig_s_size);
if (fgets(global_sig_s, (int) global_sig_s_size, fp) == NULL) {
@ -256,8 +248,8 @@ pubkey_load_file(const char *pk_file)
{
char pk_comment[COMMENTMAXBYTES];
PubkeyStruct *pubkey_struct;
FILE *fp;
char *pubkey_s = NULL;
FILE * fp;
char * pubkey_s = NULL;
size_t pubkey_s_size;
if ((fp = fopen(pk_file, "r")) == NULL) {
@ -293,9 +285,8 @@ pubkey_load(const char *pk_file, const char *pubkey_s)
exit_msg("A public key is required");
}
#ifndef VERIFY_ONLY
static void
seckey_compute_chk(unsigned char chk[crypto_generichash_BYTES], const SeckeyStruct *seckey_struct)
seckey_chk(unsigned char chk[crypto_generichash_BYTES], const SeckeyStruct *seckey_struct)
{
crypto_generichash_state hs;
@ -307,107 +298,27 @@ seckey_compute_chk(unsigned char chk[crypto_generichash_BYTES], const SeckeyStru
crypto_generichash_final(&hs, chk, sizeof seckey_struct->keynum_sk.chk);
}
static void
decrypt_key(SeckeyStruct *const seckey_struct, unsigned char chk[crypto_generichash_BYTES])
{
char *pwd = xsodium_malloc(PASSWORDMAXBYTES);
unsigned char *stream;
if (get_password(pwd, PASSWORDMAXBYTES, "Password: ") != 0) {
exit_msg("get_password()");
}
printf("Deriving a key from the password and decrypting the secret key... ");
fflush(stdout);
stream = xsodium_malloc(sizeof seckey_struct->keynum_sk);
if (crypto_pwhash_scryptsalsa208sha256(stream, sizeof seckey_struct->keynum_sk, pwd,
strlen(pwd), seckey_struct->kdf_salt,
le64_load(seckey_struct->kdf_opslimit_le),
le64_load(seckey_struct->kdf_memlimit_le)) != 0) {
exit_err("Unable to complete key derivation - This probably means out of memory");
}
sodium_free(pwd);
xor_buf((unsigned char *) (void *) &seckey_struct->keynum_sk, stream,
sizeof seckey_struct->keynum_sk);
sodium_free(stream);
puts("done\n");
seckey_compute_chk(chk, seckey_struct);
if (memcmp(chk, seckey_struct->keynum_sk.chk, crypto_generichash_BYTES) != 0) {
exit_msg("Wrong password for that key");
}
sodium_memzero(chk, crypto_generichash_BYTES);
}
static void
encrypt_key(SeckeyStruct *const seckey_struct)
{
char *pwd = xsodium_malloc(PASSWORDMAXBYTES);
char *pwd2 = xsodium_malloc(PASSWORDMAXBYTES);
unsigned char *stream;
unsigned long kdf_memlimit;
unsigned long kdf_opslimit;
puts("Please enter a password to protect the secret key.\n");
if (get_password(pwd, PASSWORDMAXBYTES, "Password: ") != 0 ||
get_password(pwd2, PASSWORDMAXBYTES, "Password (one more time): ") != 0) {
exit_msg("get_password()");
}
if (strcmp(pwd, pwd2) != 0) {
exit_msg("Passwords don't match");
}
printf("Deriving a key from the password in order to encrypt the secret key... ");
fflush(stdout);
stream = xsodium_malloc(sizeof seckey_struct->keynum_sk);
randombytes_buf(seckey_struct->kdf_salt, sizeof seckey_struct->kdf_salt);
kdf_opslimit = crypto_pwhash_scryptsalsa208sha256_OPSLIMIT_SENSITIVE;
kdf_memlimit = crypto_pwhash_scryptsalsa208sha256_MEMLIMIT_SENSITIVE;
while (crypto_pwhash_scryptsalsa208sha256(stream, sizeof seckey_struct->keynum_sk, pwd,
strlen(pwd), seckey_struct->kdf_salt, kdf_opslimit,
kdf_memlimit) != 0) {
kdf_opslimit /= 2;
kdf_memlimit /= 2;
if (kdf_opslimit < crypto_pwhash_scryptsalsa208sha256_OPSLIMIT_MIN ||
kdf_memlimit < crypto_pwhash_scryptsalsa208sha256_MEMLIMIT_MIN) {
exit_err("Unable to complete key derivation - More memory would be needed");
}
}
sodium_free(pwd);
sodium_free(pwd2);
if (kdf_memlimit < crypto_pwhash_scryptsalsa208sha256_MEMLIMIT_SENSITIVE) {
fprintf(stderr,
"Warning: due to limited memory the KDF used less "
"memory than the default\n");
}
le64_store(seckey_struct->kdf_opslimit_le, kdf_opslimit);
le64_store(seckey_struct->kdf_memlimit_le, kdf_memlimit);
seckey_compute_chk(seckey_struct->keynum_sk.chk, seckey_struct);
xor_buf((unsigned char *) (void *) &seckey_struct->keynum_sk, stream,
sizeof seckey_struct->keynum_sk);
sodium_free(stream);
puts("done\n");
}
#ifndef VERIFY_ONLY
static SeckeyStruct *
seckey_load(const char *sk_file, char *const sk_comment_line)
seckey_load(const char *sk_file)
{
char sk_comment_line_buf[COMMENTMAXBYTES];
unsigned char chk[crypto_generichash_BYTES];
SeckeyStruct *seckey_struct;
FILE *fp;
char *seckey_s;
size_t seckey_s_size;
size_t seckey_struct_len;
char sk_comment[COMMENTMAXBYTES];
unsigned char chk[crypto_generichash_BYTES];
SeckeyStruct * seckey_struct;
FILE * fp;
char * pwd = xsodium_malloc(PASSWORDMAXBYTES);
char * seckey_s;
unsigned char *stream;
size_t seckey_s_size;
size_t seckey_struct_len;
if ((fp = fopen(sk_file, "r")) == NULL) {
exit_err(sk_file);
}
if (fgets(sk_comment_line_buf, (int) sizeof sk_comment_line_buf, fp) == NULL) {
if (fgets(sk_comment, (int) sizeof sk_comment, fp) == NULL) {
exit_msg("Error while loading the secret key file");
}
if (sk_comment_line != NULL) {
memcpy(sk_comment_line, sk_comment_line_buf, sizeof sk_comment_line_buf);
}
sodium_memzero(sk_comment_line_buf, sizeof sk_comment_line_buf);
sodium_memzero(sk_comment, sizeof sk_comment);
seckey_s_size = B64_MAX_LEN_FROM_BIN_LEN(sizeof *seckey_struct) + 2U;
seckey_s = xsodium_malloc(seckey_s_size);
seckey_struct = xsodium_malloc(sizeof *seckey_struct);
@ -425,14 +336,35 @@ seckey_load(const char *sk_file, char *const sk_comment_line)
if (memcmp(seckey_struct->sig_alg, SIGALG, sizeof seckey_struct->sig_alg) != 0) {
exit_msg("Unsupported signature algorithm");
}
if (memcmp(seckey_struct->kdf_alg, KDFALG, sizeof seckey_struct->kdf_alg) != 0) {
exit_msg("Unsupported key derivation function");
}
if (memcmp(seckey_struct->chk_alg, CHKALG, sizeof seckey_struct->chk_alg) != 0) {
exit_msg("Unsupported checksum function");
}
if (memcmp(seckey_struct->kdf_alg, KDFALG, sizeof seckey_struct->kdf_alg) == 0) {
decrypt_key(seckey_struct, chk);
} else if (memcmp(seckey_struct->kdf_alg, KDFNONE, sizeof seckey_struct->kdf_alg) != 0) {
exit_msg("Unsupported key derivation function");
if (get_password(pwd, PASSWORDMAXBYTES, "Password: ") != 0) {
exit_msg("get_password()");
}
printf("Deriving a key from the password and decrypting the secret key... ");
fflush(stdout);
stream = xsodium_malloc(sizeof seckey_struct->keynum_sk);
if (crypto_pwhash_scryptsalsa208sha256(stream, sizeof seckey_struct->keynum_sk, pwd,
strlen(pwd), seckey_struct->kdf_salt,
le64_load(seckey_struct->kdf_opslimit_le),
le64_load(seckey_struct->kdf_memlimit_le)) != 0) {
exit_err("Unable to complete key derivation - This probably means out of memory");
}
sodium_free(pwd);
xor_buf((unsigned char *) (void *) &seckey_struct->keynum_sk, stream,
sizeof seckey_struct->keynum_sk);
sodium_free(stream);
puts("done\n");
seckey_chk(chk, seckey_struct);
if (memcmp(chk, seckey_struct->keynum_sk.chk, sizeof chk) != 0) {
exit_msg("Wrong password for that key");
}
sodium_memzero(chk, sizeof chk);
return seckey_struct;
}
#endif
@ -443,9 +375,9 @@ verify(PubkeyStruct *pubkey_struct, const char *message_file, const char *sig_fi
{
char trusted_comment[TRUSTEDCOMMENTMAXBYTES];
unsigned char global_sig[crypto_sign_BYTES];
FILE *info_fp = stdout;
FILE * info_fp = stdout;
unsigned char *sig_and_trusted_comment;
SigStruct *sig_struct;
SigStruct * sig_struct;
unsigned char *message;
size_t message_len;
size_t trusted_comment_len;
@ -465,9 +397,9 @@ verify(PubkeyStruct *pubkey_struct, const char *message_file, const char *sig_fi
if (memcmp(sig_struct->keynum, pubkey_struct->keynum_pk.keynum, sizeof sig_struct->keynum) !=
0) {
fprintf(stderr,
"Signature key id in %s is %016" PRIX64
"Signature key id in %s is %" PRIX64
"\n"
"but the key id in the public key is %016" PRIX64 "\n",
"but the key id in the public key is %" PRIX64 "\n",
sig_file, le64_load(sig_struct->keynum),
le64_load(pubkey_struct->keynum_pk.keynum));
exit(1);
@ -513,7 +445,7 @@ verify(PubkeyStruct *pubkey_struct, const char *message_file, const char *sig_fi
static char *
append_sig_suffix(const char *message_file)
{
char *sig_file;
char * sig_file;
size_t message_file_len = strlen(message_file);
sig_file = xmalloc(message_file_len + sizeof SIG_SUFFIX);
@ -527,7 +459,7 @@ append_sig_suffix(const char *message_file)
static char *
default_trusted_comment(const char *message_file, int hashed)
{
char *ret;
char * ret;
time_t ts = time(NULL);
if (asprintf(&ret, "timestamp:%lu\tfile:%s%s", (unsigned long) ts, file_basename(message_file),
@ -544,10 +476,10 @@ sign(SeckeyStruct *seckey_struct, PubkeyStruct *pubkey_struct, const char *messa
{
unsigned char global_sig[crypto_sign_BYTES];
SigStruct sig_struct;
FILE *fp;
FILE * fp;
unsigned char *message;
unsigned char *sig_and_trusted_comment;
char *tmp_trusted_comment = NULL;
char * tmp_trusted_comment = NULL;
size_t comment_len;
size_t trusted_comment_len;
size_t message_len;
@ -666,34 +598,74 @@ write_pk_file(const char *pk_file, const PubkeyStruct *pubkey_struct)
if ((fp = fopen(pk_file, "w")) == NULL) {
exit_err(pk_file);
}
xfprintf(fp, COMMENT_PREFIX "minisign public key %016" PRIX64 "\n",
xfprintf(fp, COMMENT_PREFIX "minisign public key %" PRIX64 "\n",
le64_load(pubkey_struct->keynum_pk.keynum));
xfput_b64(fp, (const unsigned char *) (const void *) pubkey_struct, sizeof *pubkey_struct);
xfclose(fp);
}
static int
generate(const char *pk_file, const char *sk_file, const char *comment, int force,
int unencrypted_key)
generate(const char *pk_file, const char *sk_file, const char *comment, int force)
{
SeckeyStruct *seckey_struct = xsodium_malloc(sizeof(SeckeyStruct));
PubkeyStruct *pubkey_struct = xsodium_malloc(sizeof(PubkeyStruct));
FILE *fp;
char * pwd = xsodium_malloc(PASSWORDMAXBYTES);
char * pwd2 = xsodium_malloc(PASSWORDMAXBYTES);
SeckeyStruct * seckey_struct = xsodium_malloc(sizeof(SeckeyStruct));
PubkeyStruct * pubkey_struct = xsodium_malloc(sizeof(PubkeyStruct));
unsigned char *stream;
FILE * fp;
unsigned long kdf_memlimit;
unsigned long kdf_opslimit;
abort_on_existing_key_files(pk_file, sk_file, force);
memset(seckey_struct, 0, sizeof(SeckeyStruct));
randombytes_buf(seckey_struct->keynum_sk.keynum, sizeof seckey_struct->keynum_sk.keynum);
crypto_sign_keypair(pubkey_struct->keynum_pk.pk, seckey_struct->keynum_sk.sk);
memcpy(seckey_struct->sig_alg, SIGALG, sizeof seckey_struct->sig_alg);
memcpy(seckey_struct->kdf_alg, unencrypted_key ? KDFNONE : KDFALG,
sizeof seckey_struct->kdf_alg);
memcpy(seckey_struct->kdf_alg, KDFALG, sizeof seckey_struct->kdf_alg);
memcpy(seckey_struct->chk_alg, CHKALG, sizeof seckey_struct->chk_alg);
memcpy(pubkey_struct->keynum_pk.keynum, seckey_struct->keynum_sk.keynum,
sizeof pubkey_struct->keynum_pk.keynum);
memcpy(pubkey_struct->sig_alg, SIGALG, sizeof pubkey_struct->sig_alg);
if (unencrypted_key == 0) {
encrypt_key(seckey_struct);
puts("Please enter a password to protect the secret key.\n");
if (get_password(pwd, PASSWORDMAXBYTES, "Password: ") != 0 ||
get_password(pwd2, PASSWORDMAXBYTES, "Password (one more time): ") != 0) {
exit_msg("get_password()");
}
if (strcmp(pwd, pwd2) != 0) {
exit_msg("Passwords don't match");
}
printf("Deriving a key from the password in order to encrypt the secret key... ");
fflush(stdout);
stream = xsodium_malloc(sizeof seckey_struct->keynum_sk);
randombytes_buf(seckey_struct->kdf_salt, sizeof seckey_struct->kdf_salt);
kdf_opslimit = crypto_pwhash_scryptsalsa208sha256_OPSLIMIT_SENSITIVE;
kdf_memlimit = crypto_pwhash_scryptsalsa208sha256_MEMLIMIT_SENSITIVE;
while (crypto_pwhash_scryptsalsa208sha256(stream, sizeof seckey_struct->keynum_sk, pwd,
strlen(pwd), seckey_struct->kdf_salt, kdf_opslimit,
kdf_memlimit) != 0) {
kdf_opslimit /= 2;
kdf_memlimit /= 2;
if (kdf_opslimit < crypto_pwhash_scryptsalsa208sha256_OPSLIMIT_MIN ||
kdf_memlimit < crypto_pwhash_scryptsalsa208sha256_MEMLIMIT_MIN) {
exit_err("Unable to complete key derivation - More memory would be needed");
}
}
sodium_free(pwd);
sodium_free(pwd2);
if (kdf_memlimit < crypto_pwhash_scryptsalsa208sha256_MEMLIMIT_SENSITIVE) {
fprintf(stderr,
"Warning: due to limited memory the KDF used less "
"memory than the default\n");
}
le64_store(seckey_struct->kdf_opslimit_le, kdf_opslimit);
le64_store(seckey_struct->kdf_memlimit_le, kdf_memlimit);
seckey_chk(seckey_struct->keynum_sk.chk, seckey_struct);
xor_buf((unsigned char *) (void *) &seckey_struct->keynum_sk, stream,
sizeof seckey_struct->keynum_sk);
sodium_free(stream);
puts("done\n");
abort_on_existing_key_files(pk_file, sk_file, force);
if (basedir_create_useronly(sk_file) != 0) {
fprintf(stderr, "Warning: you may have to create the parent directory\n");
@ -728,7 +700,7 @@ recreate_pk(const char *pk_file, const char *sk_file, int force)
if (force == 0) {
abort_on_existing_key_file(pk_file);
}
if ((seckey_struct = seckey_load(sk_file, NULL)) == NULL) {
if ((seckey_struct = seckey_load(sk_file)) == NULL) {
return -1;
}
memcpy(pubkey_struct.sig_alg, seckey_struct->sig_alg, sizeof pubkey_struct.sig_alg);
@ -746,43 +718,6 @@ recreate_pk(const char *pk_file, const char *sk_file, int force)
return 0;
}
static int
update_password(const char *sk_file, int unencrypted_key)
{
SeckeyStruct *seckey_struct;
char *sk_comment_line;
FILE *fp;
if (unencrypted_key != 0) {
printf("Key encryption for [%s] is going to be removed.\n", sk_file);
}
sk_comment_line = xsodium_malloc(COMMENTMAXBYTES);
if ((seckey_struct = seckey_load(sk_file, sk_comment_line)) == NULL) {
return -1;
}
memcpy(seckey_struct->kdf_alg, unencrypted_key ? KDFNONE : KDFALG,
sizeof seckey_struct->kdf_alg);
if (unencrypted_key == 0) {
encrypt_key(seckey_struct);
}
if ((fp = fopen_create_useronly(sk_file)) == NULL) {
exit_err(sk_file);
}
trim(sk_comment_line);
xfprintf(fp, "%s\n", sk_comment_line);
sodium_free(sk_comment_line);
xfput_b64(fp, (unsigned char *) (void *) seckey_struct, sizeof *seckey_struct);
xfclose(fp);
sodium_free(seckey_struct);
if (unencrypted_key == 0) {
puts("Password updated.");
} else {
puts("Password removed.");
}
return 0;
}
#endif
#ifndef VERIFY_ONLY
@ -790,8 +725,8 @@ static char *
sig_config_dir(void)
{
const char *config_dir_env;
char *config_dir;
char *home_dir;
char * config_dir;
char * home_dir;
config_dir = NULL;
if ((config_dir_env = getenv(SIG_DEFAULT_CONFIG_DIR_ENV_VAR)) != NULL) {
@ -833,28 +768,19 @@ main(int argc, char **argv)
#ifndef VERIFY_ONLY
char *sk_file = sig_default_skfile();
#endif
const char *sig_file = NULL;
const char *message_file = NULL;
#ifndef VERIFY_ONLY
const char *comment = NULL;
#endif
const char *pubkey_s = NULL;
#ifndef VERIFY_ONLY
const char *trusted_comment = NULL;
#endif
unsigned char opt_seen[16] = { 0 };
const char * sig_file = NULL;
const char * message_file = NULL;
const char * comment = NULL;
const char * pubkey_s = NULL;
const char * trusted_comment = NULL;
unsigned char opt_seen[16] = { 0 };
int opt_flag;
int quiet = 0;
int output = 0;
#ifndef VERIFY_ONLY
int force = 0;
#endif
int allow_legacy = 1;
#ifndef VERIFY_ONLY
int sign_legacy = 0;
int unencrypted_key = 0;
#endif
Action action = ACTION_NONE;
int quiet = 0;
int output = 0;
int force = 0;
int allow_legacy = 1;
int sign_legacy = 0;
Action action = ACTION_NONE;
while ((opt_flag = getopt(argc, argv, getopt_options)) != -1) {
switch (opt_flag) {
@ -871,12 +797,6 @@ main(int argc, char **argv)
}
action = ACTION_SIGN;
break;
case 'C':
if (action != ACTION_NONE && action != ACTION_UPDATE_PASSWORD) {
usage();
}
action = ACTION_UPDATE_PASSWORD;
break;
case 'R':
if (action != ACTION_NONE && action != ACTION_RECREATE_PK) {
usage();
@ -903,11 +823,9 @@ main(int argc, char **argv)
case 'H':
allow_legacy = 0;
break;
#ifndef VERIFY_ONLY
case 'l':
sign_legacy = 1;
break;
#endif
case 'm':
message_file = optarg;
break;
@ -934,9 +852,6 @@ main(int argc, char **argv)
case 't':
trusted_comment = optarg;
break;
case 'W':
unencrypted_key = 1;
break;
#endif
case 'x':
sig_file = optarg;
@ -968,7 +883,7 @@ main(int argc, char **argv)
if (pk_file == NULL) {
pk_file = SIG_DEFAULT_PKFILE;
}
return generate(pk_file, sk_file, comment, force, unencrypted_key) != 0;
return generate(pk_file, sk_file, comment, force) != 0;
case ACTION_SIGN:
if (message_file == NULL) {
usage();
@ -980,7 +895,7 @@ main(int argc, char **argv)
comment = DEFAULT_COMMENT;
}
return sign_all(
seckey_load(sk_file, NULL),
seckey_load(sk_file),
((pk_file != NULL || pubkey_s != NULL) ? pubkey_load(pk_file, pubkey_s) : NULL),
message_file, (const char **) &argv[optind], argc - optind, sig_file, comment,
trusted_comment, sign_legacy) != 0;
@ -989,8 +904,6 @@ main(int argc, char **argv)
pk_file = SIG_DEFAULT_PKFILE;
}
return recreate_pk(pk_file, sk_file, force) != 0;
case ACTION_UPDATE_PASSWORD:
return update_password(sk_file, unencrypted_key) != 0;
#endif
case ACTION_VERIFY:
if (message_file == NULL) {

6
src/minisign.h
View file

@ -9,7 +9,6 @@
#define SIGALG "Ed"
#define SIGALG_HASHED "ED"
#define KDFALG "Sc"
#define KDFNONE "\0\0"
#define CHKALG "B2"
#define COMMENT_PREFIX "untrusted comment: "
#define DEFAULT_COMMENT "signature from minisign secret key"
@ -20,7 +19,7 @@
#define SIG_DEFAULT_PKFILE "minisign.pub"
#define SIG_DEFAULT_SKFILE "minisign.key"
#define SIG_SUFFIX ".minisig"
#define VERSION_STRING "minisign 0.12"
#define VERSION_STRING "minisign 0.10"
typedef struct KeynumSK_ {
unsigned char keynum[KEYNUMBYTES];
@ -59,8 +58,7 @@ typedef enum Action_ {
ACTION_GENERATE,
ACTION_SIGN,
ACTION_VERIFY,
ACTION_RECREATE_PK,
ACTION_UPDATE_PASSWORD
ACTION_RECREATE_PK
} Action;
#endif