Support SSHSIG and SK verification.
This adds support for OpenSSH SSHSIG signatures, used for signing arbitrary payloads. This also adds support for public-key verification from -SK algorithms so that signatures from security keys can be verified. This enables using security keys for SSHSIG, as well as using security keys as SSH-cert CAs.
This commit is contained in:
Kevin Jones
Родитель
1890c4bfc4
Коммит
e0c24b2c39
|
|
@ -0,0 +1,8 @@
|
|||
root = true
|
||||
|
||||
[*]
|
||||
insert_final_newline = true
|
||||
|
||||
[*.rb]
|
||||
indent_size = 2
|
||||
indent_style = space
|
||||
|
|
@ -20,5 +20,5 @@ jobs:
|
|||
run: |
|
||||
gem install bundler
|
||||
bundle install --jobs 4 --retry 3
|
||||
chmod 600 ./spec/fixtures/*
|
||||
find ./spec/fixtures -type f -exec chmod 600 -- {} +
|
||||
bundle exec rspec
|
||||
|
|
|
|||
|
|
@ -34,3 +34,4 @@ require "ssh_data/certificate"
|
|||
require "ssh_data/public_key"
|
||||
require "ssh_data/private_key"
|
||||
require "ssh_data/encoding"
|
||||
require "ssh_data/signature"
|
||||
|
|
|
|||
|
|
@ -3,6 +3,19 @@ module SSHData
|
|||
# Fields in an OpenSSL private key
|
||||
# https://github.com/openssh/openssh-portable/blob/master/PROTOCOL.key
|
||||
OPENSSH_PRIVATE_KEY_MAGIC = "openssh-key-v1\x00"
|
||||
|
||||
OPENSSH_SIGNATURE_MAGIC = "SSHSIG"
|
||||
OPENSSH_SIGNATURE_VERSION = 0x01
|
||||
|
||||
OPENSSH_SIGNATURE_FIELDS = [
|
||||
[:sigversion, :uint32],
|
||||
[:publickey, :string_public_key],
|
||||
[:namespace, :string],
|
||||
[:reserved, :string],
|
||||
[:hashalgorithm, :string],
|
||||
[:signature, :string],
|
||||
]
|
||||
|
||||
OPENSSH_PRIVATE_KEY_FIELDS = [
|
||||
[:ciphername, :string],
|
||||
[:kdfname, :string],
|
||||
|
|
@ -313,6 +326,21 @@ module SSHData
|
|||
[key, str_read]
|
||||
end
|
||||
|
||||
def decode_openssh_signature(raw, offset=0)
|
||||
total_read = 0
|
||||
|
||||
magic = raw.byteslice(total_read, OPENSSH_SIGNATURE_MAGIC.bytesize)
|
||||
unless magic == OPENSSH_SIGNATURE_MAGIC
|
||||
raise DecodeError, "bad OpenSSH signature"
|
||||
end
|
||||
|
||||
total_read += OPENSSH_SIGNATURE_MAGIC.bytesize
|
||||
offset = total_read
|
||||
data, read = decode_fields(raw, OPENSSH_SIGNATURE_FIELDS, offset)
|
||||
total_read += read
|
||||
[data, total_read]
|
||||
end
|
||||
|
||||
# Decode the fields in a certificate.
|
||||
#
|
||||
# raw - Binary String certificate as described by RFC4253 section 6.6.
|
||||
|
|
@ -680,6 +708,32 @@ module SSHData
|
|||
[value].pack("L>")
|
||||
end
|
||||
|
||||
# Read a uint8 from the provided raw data.
|
||||
#
|
||||
# raw - A binary String.
|
||||
# offset - The offset into raw at which to read (default 0).
|
||||
#
|
||||
# Returns an Array including the decoded uint8 as an Integer and the
|
||||
# Integer number of bytes read.
|
||||
def decode_uint8(raw, offset=0)
|
||||
if raw.bytesize < offset + 1
|
||||
raise DecodeError, "data too short"
|
||||
end
|
||||
|
||||
uint8 = raw.byteslice(offset, 1).unpack("C").first
|
||||
|
||||
[uint8, 1]
|
||||
end
|
||||
|
||||
# Encoding an integer as a uint8.
|
||||
#
|
||||
# value - The Integer value to encode.
|
||||
#
|
||||
# Returns an encoded representation of the value.
|
||||
def encode_uint8(value)
|
||||
[value].pack("C")
|
||||
end
|
||||
|
||||
extend self
|
||||
end
|
||||
end
|
||||
|
|
|
|||
|
|
@ -35,7 +35,33 @@ module SSHData
|
|||
end
|
||||
|
||||
def verify(signed_data, signature)
|
||||
raise UnsupportedError, "SK-ECDSA verification is not supported."
|
||||
read = 0
|
||||
sig_algo, raw_sig, signature_read = Encoding.decode_signature(signature)
|
||||
read += signature_read
|
||||
sk_flags, sk_flags_read = Encoding.decode_uint8(signature, read)
|
||||
read += sk_flags_read
|
||||
counter, counter_read = Encoding.decode_uint32(signature, read)
|
||||
read += counter_read
|
||||
|
||||
if read != signature.bytesize
|
||||
raise DecodeError, "unexpected trailing data"
|
||||
end
|
||||
|
||||
self.class.check_algorithm!(sig_algo, curve)
|
||||
|
||||
application_hash = OpenSSL::Digest::SHA256.digest(application)
|
||||
message_hash = OpenSSL::Digest::SHA256.digest(signed_data)
|
||||
|
||||
blob =
|
||||
application_hash +
|
||||
Encoding.encode_uint8(sk_flags) +
|
||||
Encoding.encode_uint32(counter) +
|
||||
message_hash
|
||||
|
||||
openssl_sig = self.class.openssl_signature(raw_sig)
|
||||
digest = DIGEST_FOR_CURVE[curve]
|
||||
|
||||
openssl.verify(digest.new, openssl_sig, blob)
|
||||
end
|
||||
|
||||
def ==(other)
|
||||
|
|
|
|||
|
|
@ -7,7 +7,7 @@ module SSHData
|
|||
@application = application
|
||||
super(algo: algo, pk: pk)
|
||||
end
|
||||
|
||||
|
||||
def self.algorithm_identifier
|
||||
ALGO_SKED25519
|
||||
end
|
||||
|
|
@ -24,7 +24,38 @@ module SSHData
|
|||
end
|
||||
|
||||
def verify(signed_data, signature)
|
||||
raise UnsupportedError, "SK-Ed25519 verification is not supported."
|
||||
self.class.ed25519_gem_required!
|
||||
|
||||
read = 0
|
||||
sig_algo, raw_sig, signature_read = Encoding.decode_signature(signature)
|
||||
read += signature_read
|
||||
sk_flags, sk_flags_read = Encoding.decode_uint8(signature, read)
|
||||
read += sk_flags_read
|
||||
counter, counter_read = Encoding.decode_uint32(signature, read)
|
||||
read += counter_read
|
||||
|
||||
if read != signature.bytesize
|
||||
raise DecodeError, "unexpected trailing data"
|
||||
end
|
||||
|
||||
if sig_algo != self.class.algorithm_identifier
|
||||
raise DecodeError, "bad signature algorithm: #{sig_algo.inspect}"
|
||||
end
|
||||
|
||||
application_hash = OpenSSL::Digest::SHA256.digest(application)
|
||||
message_hash = OpenSSL::Digest::SHA256.digest(signed_data)
|
||||
|
||||
blob =
|
||||
application_hash +
|
||||
Encoding.encode_uint8(sk_flags) +
|
||||
Encoding.encode_uint32(counter) +
|
||||
message_hash
|
||||
|
||||
begin
|
||||
ed25519_key.verify(raw_sig, blob)
|
||||
rescue Ed25519::VerifyError
|
||||
false
|
||||
end
|
||||
end
|
||||
|
||||
def ==(other)
|
||||
|
|
|
|||
|
|
@ -0,0 +1,105 @@
|
|||
# frozen_string_literal: true
|
||||
|
||||
module SSHData
|
||||
class Signature
|
||||
PEM_TYPE = "SSH SIGNATURE"
|
||||
SIGNATURE_PREAMBLE = "SSHSIG"
|
||||
MIN_SUPPORTED_VERSION = 1
|
||||
MAX_SUPPORTED_VERSION = 1
|
||||
|
||||
# Spec: no SHA1 or SHA384. In practice, OpenSSH is always going to use SHA512.
|
||||
# Note the actual signing / verify primitive may use a different hash algorithm.
|
||||
# https://github.com/openssh/openssh-portable/blob/b7ffbb17e37f59249c31f1ff59d6c5d80888f689/PROTOCOL.sshsig#L67
|
||||
SUPPORTED_HASH_ALGORITHMS = {
|
||||
"sha256" => OpenSSL::Digest::SHA256,
|
||||
"sha512" => OpenSSL::Digest::SHA512,
|
||||
}
|
||||
|
||||
PERMITTED_RSA_SIGNATURE_ALGORITHMS = [
|
||||
PublicKey::ALGO_RSA_SHA2_256,
|
||||
PublicKey::ALGO_RSA_SHA2_512,
|
||||
]
|
||||
|
||||
attr_reader :sigversion, :namespace, :signature, :reserved, :hashalgorithm
|
||||
|
||||
# Parses a PEM armored SSH signature.
|
||||
# pem - A PEM encoded SSH signature.
|
||||
#
|
||||
# Returns a Signature instance.
|
||||
def self.parse_pem(pem)
|
||||
pem_type = Encoding.pem_type(pem)
|
||||
|
||||
if pem_type != PEM_TYPE
|
||||
raise DecodeError, "Mismatched PEM type. Expecting '#{PEM_TYPE}', actually '#{pem_type}'."
|
||||
end
|
||||
|
||||
blob = Encoding.decode_pem(pem, pem_type)
|
||||
self.parse_blob(blob)
|
||||
end
|
||||
|
||||
def self.parse_blob(blob)
|
||||
data, read = Encoding.decode_openssh_signature(blob)
|
||||
|
||||
if read != blob.bytesize
|
||||
raise DecodeError, "unexpected trailing data"
|
||||
end
|
||||
|
||||
new(**data)
|
||||
end
|
||||
|
||||
def initialize(sigversion:, publickey:, namespace:, reserved:, hashalgorithm:, signature:)
|
||||
if sigversion > MAX_SUPPORTED_VERSION || sigversion < MIN_SUPPORTED_VERSION
|
||||
raise UnsupportedError, "Signature version is not supported"
|
||||
end
|
||||
|
||||
unless SUPPORTED_HASH_ALGORITHMS.has_key?(hashalgorithm)
|
||||
raise UnsupportedError, "Hash algorithm #{hashalgorithm} is not supported."
|
||||
end
|
||||
|
||||
# Spec: empty namespaces are not permitted.
|
||||
# https://github.com/openssh/openssh-portable/blob/b7ffbb17e37f59249c31f1ff59d6c5d80888f689/PROTOCOL.sshsig#L57
|
||||
raise UnsupportedError, "A namespace is required." if namespace.empty?
|
||||
|
||||
# Spec: ignore 'reserved', don't need to validate that it is empty.
|
||||
|
||||
@sigversion = sigversion
|
||||
@publickey = publickey
|
||||
@namespace = namespace
|
||||
@reserved = reserved
|
||||
@hashalgorithm = hashalgorithm
|
||||
@signature = signature
|
||||
end
|
||||
|
||||
def verify(signed_data)
|
||||
key = public_key
|
||||
digest_algorithm = SUPPORTED_HASH_ALGORITHMS[@hashalgorithm]
|
||||
|
||||
if key.is_a?(PublicKey::RSA)
|
||||
sig_algo, * = Encoding.decode_signature(@signature)
|
||||
|
||||
# Spec: If the signature is an RSA signature, the legacy 'ssh-rsa'
|
||||
# identifer is not permitted.
|
||||
# https://github.com/openssh/openssh-portable/blob/b7ffbb17e37f59249c31f1ff59d6c5d80888f689/PROTOCOL.sshsig#L72
|
||||
unless PERMITTED_RSA_SIGNATURE_ALGORITHMS.include?(sig_algo)
|
||||
raise UnsupportedError, "RSA signature #{sig_algo} is not supported."
|
||||
end
|
||||
end
|
||||
|
||||
raise AlgorithmError, "Unsupported digest algorithm #{@hashalgorithm}" if digest_algorithm.nil?
|
||||
|
||||
message_digest = digest_algorithm.digest(signed_data)
|
||||
blob =
|
||||
SIGNATURE_PREAMBLE +
|
||||
Encoding.encode_string(@namespace) +
|
||||
Encoding.encode_string(@reserved || "") +
|
||||
Encoding.encode_string(@hashalgorithm) +
|
||||
Encoding.encode_string(message_digest)
|
||||
|
||||
key.verify(blob, @signature)
|
||||
end
|
||||
|
||||
def public_key
|
||||
PublicKey.from_data(@publickey)
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
@ -281,6 +281,22 @@ describe SSHData::Certificate do
|
|||
SSHData::PublicKey::RSA # ca key type
|
||||
]
|
||||
|
||||
test_cases << [
|
||||
:rsa_leaf_for_skecdsa_ca, # name
|
||||
"rsa_leaf_for_skecdsa_ca-cert.pub", # fixture
|
||||
SSHData::Certificate::ALGO_RSA, # algo
|
||||
SSHData::PublicKey::RSA, # public key type
|
||||
SSHData::PublicKey::SKECDSA # ca key type
|
||||
]
|
||||
|
||||
test_cases << [
|
||||
:rsa_leaf_for_sked25519_ca, # name
|
||||
"rsa_leaf_for_sked25519_ca-cert.pub", # fixture
|
||||
SSHData::Certificate::ALGO_RSA, # algo
|
||||
SSHData::PublicKey::RSA, # public key type
|
||||
SSHData::PublicKey::SKED25519 # ca key type
|
||||
]
|
||||
|
||||
test_cases.each do |name, fixture_name, algo, public_key_class, ca_key_class|
|
||||
describe(name) do
|
||||
let(:openssh) { fixture(fixture_name).strip }
|
||||
|
|
|
|||
|
|
@ -1,7 +1,7 @@
|
|||
#!/bin/bash
|
||||
|
||||
generate_security_keys=0
|
||||
read -p "Generated security key-backed keys (Requires key and user interaction)? [yN] " -n 1 -r
|
||||
read -p "Generate security key-backed keys (Requires key and user interaction)? [yN] " -n 1 -r
|
||||
echo
|
||||
if [[ $REPLY =~ ^[Yy]$ ]]
|
||||
then
|
||||
|
|
@ -15,6 +15,18 @@ ssh-keygen -tdsa -N "" -f ./dsa_ca
|
|||
ssh-keygen -tecdsa -N "" -f ./ecdsa_ca
|
||||
ssh-keygen -ted25519 -N "" -f ./ed25519_ca
|
||||
|
||||
if [[ $generate_security_keys -eq 1 ]]
|
||||
then
|
||||
ssh-keygen -ted25519-sk -N "" -f ./sked25519_ca
|
||||
ssh-keygen -tecdsa-sk -N "" -f ./skecdsa_ca
|
||||
|
||||
ssh-keygen -trsa -N "" -f ./rsa_leaf_for_sked25519_ca
|
||||
ssh-keygen -s sked25519_ca -z 123 -n p1,p2 -O clear -I my-ident -O critical:foo=bar -O extension:baz=qwer -O permit-X11-forwarding rsa_leaf_for_sked25519_ca.pub
|
||||
|
||||
ssh-keygen -trsa -N "" -f ./rsa_leaf_for_skecdsa_ca
|
||||
ssh-keygen -s skecdsa_ca -z 123 -n p1,p2 -O clear -I my-ident -O critical:foo=bar -O extension:baz=qwer -O permit-X11-forwarding rsa_leaf_for_skecdsa_ca.pub
|
||||
fi
|
||||
|
||||
ssh-keygen -trsa -N "" -f ./rsa_leaf_for_rsa_ca
|
||||
ssh-keygen -s rsa_ca -z 123 -n p1,p2 -O clear -I my-ident -O critical:foo=bar -O extension:baz=qwer -O permit-X11-forwarding rsa_leaf_for_rsa_ca.pub
|
||||
|
||||
|
|
|
|||
|
|
@ -0,0 +1,38 @@
|
|||
-----BEGIN OPENSSH PRIVATE KEY-----
|
||||
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABlwAAAAdzc2gtcn
|
||||
NhAAAAAwEAAQAAAYEAxzIj0SZz5rXQdCys5Z4A8m7EQ3AIoXm0CGJ8yjgITB0M8HtvM4aV
|
||||
BeDe/u+nzU1D24CfLqRFvMUQRhWAERJcla+zwSMmBg1qz92SNa+QYOttiuBhWwgzramO1F
|
||||
7TUoJu+1mIS/U7CE2WNJp+TaX5IHLtrPmgQ1yBkGSsW5chHqsYX0V7yp//whDGUCdFWTvB
|
||||
/q7VWms4dqrl2Q+IyJtYgpgBOg2DhELnO/1umLx/dLYyyLLfwkWKszBM12tktD0dKbnouZ
|
||||
0prxgKt0XUtIOV9ROXXhAJe9T3XWquTjulT2E5FiHtJ3ZGWdnXWFPzmmNlzfkMHj+YqEEa
|
||||
oPiOEDgXnYeszaHH6adVuzqwqEt1Wm9Zz5sqpZVaN5pZOK4w6bAFg76lNQG6FM3wyiVgOp
|
||||
IddZRJu0ELNC+ZeQ4LRRc+5HOwbptqIMdsjJ4YY55FnmxT7/7dPMDf9Iz7aVm3f7K2wNR0
|
||||
nHE5rCGCRItwg/ODjTC+HH2jrV2Uw8xUDeWviuW/AAAFkHgl/vF4Jf7xAAAAB3NzaC1yc2
|
||||
EAAAGBAMcyI9Emc+a10HQsrOWeAPJuxENwCKF5tAhifMo4CEwdDPB7bzOGlQXg3v7vp81N
|
||||
Q9uAny6kRbzFEEYVgBESXJWvs8EjJgYNas/dkjWvkGDrbYrgYVsIM62pjtRe01KCbvtZiE
|
||||
v1OwhNljSafk2l+SBy7az5oENcgZBkrFuXIR6rGF9Fe8qf/8IQxlAnRVk7wf6u1VprOHaq
|
||||
5dkPiMibWIKYAToNg4RC5zv9bpi8f3S2Msiy38JFirMwTNdrZLQ9HSm56LmdKa8YCrdF1L
|
||||
SDlfUTl14QCXvU911qrk47pU9hORYh7Sd2RlnZ11hT85pjZc35DB4/mKhBGqD4jhA4F52H
|
||||
rM2hx+mnVbs6sKhLdVpvWc+bKqWVWjeaWTiuMOmwBYO+pTUBuhTN8MolYDqSHXWUSbtBCz
|
||||
QvmXkOC0UXPuRzsG6baiDHbIyeGGOeRZ5sU+/+3TzA3/SM+2lZt3+ytsDUdJxxOawhgkSL
|
||||
cIPzg40wvhx9o61dlMPMVA3lr4rlvwAAAAMBAAEAAAGBAIa90OKKOz4lYEMlcTLFJWjYKm
|
||||
RfpUbtFy3QyQ7UxjAOOpF1PWxCLg3S5aTXIc/K4wrYv1SChDXDq1Vs97sUi5IpTtNnXjIb
|
||||
41OGUn+EKYqV1fxp+RDlxGdFWbsoBZQ7bK0TDBItaOgd62vb0XHewl0DwOgP1yuZqH6uyr
|
||||
QNz7Z6D7tqOel/Pzbbt/nCBrPsqzYGt4U5H/GNenrQejsQcdes0K+fMoZF5zp6HNSuNR0S
|
||||
ndmKvbcg6Uh6dJAHMhCFgUHwuHib+VyZvMTFZd6VFGiP9g5z8tU3xpIUrkiBTkloy+2XLJ
|
||||
MkyWPW9KTgwxiHaY4+txbipdzLSoE7MhkGnP+0Gfev3s6v5wfJgpL/wMvSOyMbHKzZBVgX
|
||||
7tx0obfoNFRDsZpS8LB+DOsTJphbFeJFBfTlKRWcdJ+SIy6teI2hrC2Dm6Rc3DM1kpePvv
|
||||
hihi1etMalZKsiZBsm8X9HL0Yw9yGn3ehm3C/VuE1uGcrytAvySGvF1YOtxFcjgge3mQAA
|
||||
AMEAuf3pctrqSazBFt2Adnq0aQHJhzbKQMfrYeJU1pEX5Jykfz867ZWQfTKmUqZHTc4yv/
|
||||
dngezh9rgVeiE+kNgVkRoJujhXjt51tS2F2hX7vBiuj26jMjsub4g2zi9H29EOub2fLeAL
|
||||
07AlE9qOuEAGCcx6k7Eh2tM1SC4JuKlTtZySykeHMarm/dg89q9f1XVQcBDXlOVYtQOcrf
|
||||
UFi9t31dWFmC0ZFn+b0OD8emXIXBUz2yawESSq5g7Eo09CbUHoAAAAwQDo64oZwoZizfBP
|
||||
UUIkKIs0eeJWBOjiI4tLaeMs59+XGdvZKw+pCRhzCy9ygE5SQmumFatqVWyxWX27EXBAh8
|
||||
ywaViFrKu6Oc88NGGUcP7qMEsDHbmdujbFByxj5GNjUp79kSArqtpDs01LBjI6m1lT3Vzi
|
||||
nLzFxlHIAK8AEOIgqZSs8QOF233R1rRarnHMtXL8zQYq6sGKqNftpNKbIsXzd06B7kwdvd
|
||||
TScNRWWJcUu8YL+1iTuM4B0RzlaU1GzIUAAADBANrvHx+coP8QNBbUsrHVBCAAtSZ57+sY
|
||||
ls9cdC3JJSejbFTBcqpEJwgkkFltzW6NDoT/oDc3bXtsLo6dEiIrwaiqBCzUI6YWv/8/53
|
||||
DtwdpunO+w/m/d2fsMOD7hBCsJq9F8bqjFYS+RmgltKecTnwJ2UmVBjXsxgxQxviKdfGjn
|
||||
w0fXy422PdTjRbj3XbyPAy7pdWws6sdU9s6EH2gwELGky088HWX8HxmirfI3JX7tcosANx
|
||||
idQYsG+n67hKLOcwAAABN2Y3Nqb25lc0BLZXZpbnMtTUJQAQIDBAUG
|
||||
-----END OPENSSH PRIVATE KEY-----
|
||||
|
|
@ -0,0 +1 @@
|
|||
ssh-rsa-cert-v01@openssh.com AAAAHHNzaC1yc2EtY2VydC12MDFAb3BlbnNzaC5jb20AAAAgzkt8R6EX7iCu4+5Fr1Dt4UqYAREilnmKsBX90/2EEUUAAAADAQABAAABgQDHMiPRJnPmtdB0LKzlngDybsRDcAihebQIYnzKOAhMHQzwe28zhpUF4N7+76fNTUPbgJ8upEW8xRBGFYARElyVr7PBIyYGDWrP3ZI1r5Bg622K4GFbCDOtqY7UXtNSgm77WYhL9TsITZY0mn5Npfkgcu2s+aBDXIGQZKxblyEeqxhfRXvKn//CEMZQJ0VZO8H+rtVaazh2quXZD4jIm1iCmAE6DYOEQuc7/W6YvH90tjLIst/CRYqzMEzXa2S0PR0puei5nSmvGAq3RdS0g5X1E5deEAl71Pddaq5OO6VPYTkWIe0ndkZZ2ddYU/OaY2XN+QweP5ioQRqg+I4QOBedh6zNocfpp1W7OrCoS3Vab1nPmyqllVo3mlk4rjDpsAWDvqU1AboUzfDKJWA6kh11lEm7QQs0L5l5DgtFFz7kc7Bum2ogx2yMnhhjnkWebFPv/t08wN/0jPtpWbd/srbA1HSccTmsIYJEi3CD84ONML4cfaOtXZTDzFQN5a+K5b8AAAAAAAAAewAAAAEAAAAIbXktaWRlbnQAAAAMAAAAAnAxAAAAAnAyAAAAAAAAAAD//////////wAAABIAAAADZm9vAAAABwAAAANiYXIAAAAwAAAAA2JhegAAAAgAAAAEcXdlcgAAABVwZXJtaXQtWDExLWZvcndhcmRpbmcAAAAAAAAAAAAAAH8AAAAic2stZWNkc2Etc2hhMi1uaXN0cDI1NkBvcGVuc3NoLmNvbQAAAAhuaXN0cDI1NgAAAEEEqtXuPt8YlfvCd9SNupUrv0RcqseUbzFkiNEttrSCZuD1KKDuDluU/g4t/42YJKPbsBc6/8w2U8urlsg0IZPRvAAAAARzc2g6AAAAdwAAACJzay1lY2RzYS1zaGEyLW5pc3RwMjU2QG9wZW5zc2guY29tAAAASAAAACAoTZ3DnZY5pDal5IIk3wF0T62keDPE120XADZOD6bR9AAAACBdNq4i61BbTncPBPlRrW/MwxiCLYVCrClYwUEwoPTH2gEAAAAO vcsjones@Kevins-MBP
|
||||
|
|
@ -0,0 +1 @@
|
|||
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDHMiPRJnPmtdB0LKzlngDybsRDcAihebQIYnzKOAhMHQzwe28zhpUF4N7+76fNTUPbgJ8upEW8xRBGFYARElyVr7PBIyYGDWrP3ZI1r5Bg622K4GFbCDOtqY7UXtNSgm77WYhL9TsITZY0mn5Npfkgcu2s+aBDXIGQZKxblyEeqxhfRXvKn//CEMZQJ0VZO8H+rtVaazh2quXZD4jIm1iCmAE6DYOEQuc7/W6YvH90tjLIst/CRYqzMEzXa2S0PR0puei5nSmvGAq3RdS0g5X1E5deEAl71Pddaq5OO6VPYTkWIe0ndkZZ2ddYU/OaY2XN+QweP5ioQRqg+I4QOBedh6zNocfpp1W7OrCoS3Vab1nPmyqllVo3mlk4rjDpsAWDvqU1AboUzfDKJWA6kh11lEm7QQs0L5l5DgtFFz7kc7Bum2ogx2yMnhhjnkWebFPv/t08wN/0jPtpWbd/srbA1HSccTmsIYJEi3CD84ONML4cfaOtXZTDzFQN5a+K5b8= vcsjones@Kevins-MBP
|
||||
|
|
@ -0,0 +1,38 @@
|
|||
-----BEGIN OPENSSH PRIVATE KEY-----
|
||||
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABlwAAAAdzc2gtcn
|
||||
NhAAAAAwEAAQAAAYEAuDxsZAjV3QkUVhrYF78JRt7e/kDAQLlcmuLNN/GcvD3R1d0r0eV1
|
||||
RnDrWtt8kT3WcDxHxVeyyvAa3S1VAUhQOnXbAmc6klEvhf8kd9r/KJbsqKdcyEOhSTlT69
|
||||
gg+fopqRa9O+SY+P2mz0Zm6JdVrdmniFVyYq1GKHnlfqUGELhda4URLW53mVa2ahKjFg1o
|
||||
QZf+e0zoDVuO6gcZs1bSIYos5BkAER0FSJ+r1UZL+rSYy+mFBXaQ6mDIiWl0/3sqaVRrNl
|
||||
qKhCdiffDlp53GBU4u32b8h+BqbS619NC87XbXS9igwu6/+WqG2klrHvYXd2oPjqTnAl4D
|
||||
nrCfxyABBkUqh07trJZPqBldrYaogzwUL1LYCdYI5yQGqKivL4uINy9DyZetLFvkPN5mak
|
||||
xwADE5n9dSf37tMoQxM7krUoUxrPJ7Y8BCzQ2LRkP51MG9h4JTMQge1FZfBjhlbf5IagoX
|
||||
WOfKNwggBBODJvZReW4rpzTLK4ktBVeX6+sdeELXAAAFiO4sBWXuLAVlAAAAB3NzaC1yc2
|
||||
EAAAGBALg8bGQI1d0JFFYa2Be/CUbe3v5AwEC5XJrizTfxnLw90dXdK9HldUZw61rbfJE9
|
||||
1nA8R8VXssrwGt0tVQFIUDp12wJnOpJRL4X/JHfa/yiW7KinXMhDoUk5U+vYIPn6KakWvT
|
||||
vkmPj9ps9GZuiXVa3Zp4hVcmKtRih55X6lBhC4XWuFES1ud5lWtmoSoxYNaEGX/ntM6A1b
|
||||
juoHGbNW0iGKLOQZABEdBUifq9VGS/q0mMvphQV2kOpgyIlpdP97KmlUazZaioQnYn3w5a
|
||||
edxgVOLt9m/Ifgam0utfTQvO1210vYoMLuv/lqhtpJax72F3dqD46k5wJeA56wn8cgAQZF
|
||||
KodO7ayWT6gZXa2GqIM8FC9S2AnWCOckBqiory+LiDcvQ8mXrSxb5DzeZmpMcAAxOZ/XUn
|
||||
9+7TKEMTO5K1KFMazye2PAQs0Ni0ZD+dTBvYeCUzEIHtRWXwY4ZW3+SGoKF1jnyjcIIAQT
|
||||
gyb2UXluK6c0yyuJLQVXl+vrHXhC1wAAAAMBAAEAAAGAKts7Z4W6ogEzrtftvpBcyxSbEM
|
||||
/lKOk1hn4NuN7GU++ZeUNKpzfWMP2hcfAuqOaWlGMhWuGMoLJ7vUmHRZYZu4+g041JzbF+
|
||||
+Y+hXxQdWMbK5GySI6+/u/XO9MTA3wV3XXMBsAX8I6d1fy/kTmSttJQ16Xve8N9Xu6CnZu
|
||||
9iWs9YQ+OfXE8fGRdXtZMCRuX1g5SkyO/Z5wmOVBg0vUgL92taB/Fc155FlWA3K5R/piEO
|
||||
jhiTLfMnwK2k2Hokki2HCfD/t7qgQhm76Y412HIXVRZZMiiB5sFvGnT76rBZrcusTgebX0
|
||||
2m4XIWAwXgInthen6xn3tV/EqShYo3YBJeTSJle0osZ8M41hJZkQB7IqAwhAdDXIhhbrXt
|
||||
BJXnun6Ho0OF+l0qrvgxUq8Adbc50X4Sw7zg4zjdALxPix03i58CMBY+WYGKoC72D2hy39
|
||||
k6g7JzA9ba3lPbGcUIN2QSwk0iBTFfTld+lvNhbkkJZOaiwU8tZn4J8Sv84vWFlwLRAAAA
|
||||
wDm1mGbDUmJJ9hfWMf1KxDAEqJKXV0W4sPBlF/2kcu86zQsZcE9LwBwcPWvsJXYmo+5Qiq
|
||||
vlgtOIVd1e+YfBbvZs+pOFvPDt6mOyTwD46sDOKpqbRk2SPg70aaGmf4+vPTGvonozbzMO
|
||||
uGgzrSfRK3BTMfvna3M8jZCWC9v3vo7Nh114fZfUYfg6uF1diy7IEdHmY95QcCLY3QzKPd
|
||||
9ndpJ8xVuII3w9OXiPckSzhK/1t/S4jT03WC11SSdYMu8yaAAAAMEA5F9bnNpqzON4TrqD
|
||||
uVhEklhNBgGvexcdqof7BFygW3KvG3pMA91ed/z0U6HnGsWW1GVjDzZc9K0H/9RAm+lU+V
|
||||
K/Vj+qmJbI+Qp94CAB1C+n0AWASID31J2FYPh6UTeJhi9ULoXQmF7a4PBOyAf0Nd2aP5E+
|
||||
Aj+7QhUKPnNO/laaFFWDE+opLQLVjnHlvd3Gxjl8fk/NYHbXKssPQwH5z5eaP3hxY6brpd
|
||||
ZSfhjkWMcx5SKlwt5HclFOyOnT0py5AAAAwQDOhityKrwbpnxkEqQ/6swBGL0MbsmlI1fP
|
||||
w8IMRilUhD9mqOY4aMg9YsRlxtj/JKGEtIFFbnsl6dQJ++AuDke1JQVIrO5PqvMXL0GLgc
|
||||
BxB13PQr2A9GBughOMylA7vWYEuVHkvE25EW80//T+8zMM6Ql07zPWxXJLXBaPxFRykSIU
|
||||
1gXvSCspOc7zaIRKispKPm6lysLZPJZBJzY4wB7ff9VN55J2RO1lYFSEWbZPUVtj1UdReE
|
||||
tD95dj4kvntA8AAAATdmNzam9uZXNAS2V2aW5zLU1CUA==
|
||||
-----END OPENSSH PRIVATE KEY-----
|
||||
|
|
@ -0,0 +1 @@
|
|||
ssh-rsa-cert-v01@openssh.com AAAAHHNzaC1yc2EtY2VydC12MDFAb3BlbnNzaC5jb20AAAAgL6EcAFjD1fjsU4Tzx4Gb0kMQGjrYQDe2FJrYP8kM8C8AAAADAQABAAABgQC4PGxkCNXdCRRWGtgXvwlG3t7+QMBAuVya4s038Zy8PdHV3SvR5XVGcOta23yRPdZwPEfFV7LK8BrdLVUBSFA6ddsCZzqSUS+F/yR32v8oluyop1zIQ6FJOVPr2CD5+impFr075Jj4/abPRmbol1Wt2aeIVXJirUYoeeV+pQYQuF1rhREtbneZVrZqEqMWDWhBl/57TOgNW47qBxmzVtIhiizkGQARHQVIn6vVRkv6tJjL6YUFdpDqYMiJaXT/eyppVGs2WoqEJ2J98OWnncYFTi7fZvyH4GptLrX00LztdtdL2KDC7r/5aobaSWse9hd3ag+OpOcCXgOesJ/HIAEGRSqHTu2slk+oGV2thqiDPBQvUtgJ1gjnJAaoqK8vi4g3L0PJl60sW+Q83mZqTHAAMTmf11J/fu0yhDEzuStShTGs8ntjwELNDYtGQ/nUwb2HglMxCB7UVl8GOGVt/khqChdY58o3CCAEE4Mm9lF5biunNMsriS0FV5fr6x14QtcAAAAAAAAAewAAAAEAAAAIbXktaWRlbnQAAAAMAAAAAnAxAAAAAnAyAAAAAAAAAAD//////////wAAABIAAAADZm9vAAAABwAAAANiYXIAAAAwAAAAA2JhegAAAAgAAAAEcXdlcgAAABVwZXJtaXQtWDExLWZvcndhcmRpbmcAAAAAAAAAAAAAAEoAAAAac2stc3NoLWVkMjU1MTlAb3BlbnNzaC5jb20AAAAgHRksgHwd+cfdg1asRsUSrNuyaT4qCWcbl+TtPWCRttwAAAAEc3NoOgAAAGcAAAAac2stc3NoLWVkMjU1MTlAb3BlbnNzaC5jb20AAABAL/DReFMJ7RkpYRhYCzYc56wDXRFeqkBdUvLu2DFUQbnu8Boa7QWAjxBq00uyFOTBGILJMGfcXRCX0QeVoICRBwEAAAAM vcsjones@Kevins-MBP
|
||||
|
|
@ -0,0 +1 @@
|
|||
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC4PGxkCNXdCRRWGtgXvwlG3t7+QMBAuVya4s038Zy8PdHV3SvR5XVGcOta23yRPdZwPEfFV7LK8BrdLVUBSFA6ddsCZzqSUS+F/yR32v8oluyop1zIQ6FJOVPr2CD5+impFr075Jj4/abPRmbol1Wt2aeIVXJirUYoeeV+pQYQuF1rhREtbneZVrZqEqMWDWhBl/57TOgNW47qBxmzVtIhiizkGQARHQVIn6vVRkv6tJjL6YUFdpDqYMiJaXT/eyppVGs2WoqEJ2J98OWnncYFTi7fZvyH4GptLrX00LztdtdL2KDC7r/5aobaSWse9hd3ag+OpOcCXgOesJ/HIAEGRSqHTu2slk+oGV2thqiDPBQvUtgJ1gjnJAaoqK8vi4g3L0PJl60sW+Q83mZqTHAAMTmf11J/fu0yhDEzuStShTGs8ntjwELNDYtGQ/nUwb2HglMxCB7UVl8GOGVt/khqChdY58o3CCAEE4Mm9lF5biunNMsriS0FV5fr6x14Qtc= vcsjones@Kevins-MBP
|
||||
|
|
@ -0,0 +1,35 @@
|
|||
#!/usr/bin/env bash
|
||||
|
||||
filedir=`dirname $0`
|
||||
pushd $filedir
|
||||
|
||||
message=$filedir/message
|
||||
|
||||
if [ ! -f "$message" ]; then
|
||||
dd if=/dev/urandom count=1 bs=64 | base64 > $message
|
||||
fi
|
||||
|
||||
create_key_and_sign() {
|
||||
local alg=$1
|
||||
local keysize=$2
|
||||
local key=$filedir/$alg-$keysize.key
|
||||
yes | ssh-keygen -q -N "" -t $alg -b $keysize -C "" -f $key
|
||||
cat $message | ssh-keygen -Y sign -n file -f $key > $message.$alg-$keysize.sig
|
||||
}
|
||||
|
||||
create_key_and_sign "rsa" 2048
|
||||
create_key_and_sign "ecdsa" 256
|
||||
create_key_and_sign "ecdsa" 384
|
||||
create_key_and_sign "ecdsa" 521
|
||||
create_key_and_sign "ed25519" 256
|
||||
|
||||
generate_security_keys=0
|
||||
read -p "Generate security key-backed keys (Requires key and user interaction)? [yN] " -n 1 -r
|
||||
echo
|
||||
if [[ $REPLY =~ ^[Yy]$ ]]
|
||||
then
|
||||
create_key_and_sign "ed25519-sk" 256
|
||||
create_key_and_sign "ecdsa-sk" 256
|
||||
fi
|
||||
|
||||
popd
|
||||
|
|
@ -0,0 +1,8 @@
|
|||
-----BEGIN OPENSSH PRIVATE KEY-----
|
||||
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAaAAAABNlY2RzYS
|
||||
1zaGEyLW5pc3RwMjU2AAAACG5pc3RwMjU2AAAAQQTkKAxi+7mnAzaQPnO+xPMVEI7WdZ8+
|
||||
Tj0r1WXib7od+ej6H5eXInlH4CF8HZvqOpk8+Wk1KwXXfJvFD21XhQdaAAAAoLiMlKW4jJ
|
||||
SlAAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBOQoDGL7uacDNpA+
|
||||
c77E8xUQjtZ1nz5OPSvVZeJvuh356Pofl5cieUfgIXwdm+o6mTz5aTUrBdd8m8UPbVeFB1
|
||||
oAAAAhALUq9AgkV1MDJNzxQ4zm1mawBoA19l+GJCN4XnR5b+NYAAAAAAECAwQFBgc=
|
||||
-----END OPENSSH PRIVATE KEY-----
|
||||
|
|
@ -0,0 +1 @@
|
|||
ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBOQoDGL7uacDNpA+c77E8xUQjtZ1nz5OPSvVZeJvuh356Pofl5cieUfgIXwdm+o6mTz5aTUrBdd8m8UPbVeFB1o=
|
||||
|
|
@ -0,0 +1,10 @@
|
|||
-----BEGIN OPENSSH PRIVATE KEY-----
|
||||
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAiAAAABNlY2RzYS
|
||||
1zaGEyLW5pc3RwMzg0AAAACG5pc3RwMzg0AAAAYQSzFqfqbQRq+bNApN3otjDR6mmal8tZ
|
||||
wkOB0lP/H5/pWKdq2Mxxyq9t4x1M/zBvY+xfo0xjGheaOERP6GRcBNsntgA7VFZ9B35Ujf
|
||||
pyIAGz5AzndcVVIQM27kzgo2VBHJQAAADII8whciPMIXIAAAATZWNkc2Etc2hhMi1uaXN0
|
||||
cDM4NAAAAAhuaXN0cDM4NAAAAGEEsxan6m0EavmzQKTd6LYw0eppmpfLWcJDgdJT/x+f6V
|
||||
inatjMccqvbeMdTP8wb2PsX6NMYxoXmjhET+hkXATbJ7YAO1RWfQd+VI36ciABs+QM53XF
|
||||
VSEDNu5M4KNlQRyUAAAAMFYlo7mBX43tYzygVhtlwdmCHyAZjwfKZwrZPajz3N/cPopsdN
|
||||
o9ajUQQtoi3NN1sAAAAAA=
|
||||
-----END OPENSSH PRIVATE KEY-----
|
||||
|
|
@ -0,0 +1 @@
|
|||
ecdsa-sha2-nistp384 AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBLMWp+ptBGr5s0Ck3ei2MNHqaZqXy1nCQ4HSU/8fn+lYp2rYzHHKr23jHUz/MG9j7F+jTGMaF5o4RE/oZFwE2ye2ADtUVn0HflSN+nIgAbPkDOd1xVUhAzbuTOCjZUEclA==
|
||||
|
|
@ -0,0 +1,12 @@
|
|||
-----BEGIN OPENSSH PRIVATE KEY-----
|
||||
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAArAAAABNlY2RzYS
|
||||
1zaGEyLW5pc3RwNTIxAAAACG5pc3RwNTIxAAAAhQQBTqIGKF5+kaZFLt2ETYan7Wy2PNPY
|
||||
a8m2bE89xuTwN/GGB0QYQM9H5YhgK4WZGllCw7h9upS8RTpvH9TmEfxgHo0ASsfqz5/wui
|
||||
UvGvQU7MQl6fK+1hxl6v6gAB8EXr5jaVCPhNWhCOSjMAmPgqgcNYZUXZG/qWg1bPwoGkJG
|
||||
OmLc9PgAAAEAK/PNRivzzUYAAAATZWNkc2Etc2hhMi1uaXN0cDUyMQAAAAhuaXN0cDUyMQ
|
||||
AAAIUEAU6iBihefpGmRS7dhE2Gp+1stjzT2GvJtmxPPcbk8DfxhgdEGEDPR+WIYCuFmRpZ
|
||||
QsO4fbqUvEU6bx/U5hH8YB6NAErH6s+f8LolLxr0FOzEJenyvtYcZer+oAAfBF6+Y2lQj4
|
||||
TVoQjkozAJj4KoHDWGVF2Rv6loNWz8KBpCRjpi3PT4AAAAQWh55sQ+fBI4LQLUDN5RLT4C
|
||||
LubO51jTCIVDkykksnNHfyZB0CNlxSbpAwKUjbchT7DuF9h8TeZ94EKb3a8GWUkXAAAAAA
|
||||
ECAw==
|
||||
-----END OPENSSH PRIVATE KEY-----
|
||||
|
|
@ -0,0 +1 @@
|
|||
ecdsa-sha2-nistp521 AAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlzdHA1MjEAAACFBAFOogYoXn6RpkUu3YRNhqftbLY809hrybZsTz3G5PA38YYHRBhAz0fliGArhZkaWULDuH26lLxFOm8f1OYR/GAejQBKx+rPn/C6JS8a9BTsxCXp8r7WHGXq/qAAHwRevmNpUI+E1aEI5KMwCY+CqBw1hlRdkb+paDVs/CgaQkY6Ytz0+A==
|
||||
|
|
@ -0,0 +1,10 @@
|
|||
-----BEGIN OPENSSH PRIVATE KEY-----
|
||||
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAfwAAACJzay1lY2
|
||||
RzYS1zaGEyLW5pc3RwMjU2QG9wZW5zc2guY29tAAAACG5pc3RwMjU2AAAAQQRE7ETUY6t4
|
||||
+fiDnVI5Vs3jAh4oaiQ8IWof2H+o3zpVebQf+7qNosSnYOGDxN0xednWrSddWjSFHYhsB5
|
||||
9thXSQAAAABHNzaDoAAADYB2rdHAdq3RwAAAAic2stZWNkc2Etc2hhMi1uaXN0cDI1NkBv
|
||||
cGVuc3NoLmNvbQAAAAhuaXN0cDI1NgAAAEEEROxE1GOrePn4g51SOVbN4wIeKGokPCFqH9
|
||||
h/qN86VXm0H/u6jaLEp2Dhg8TdMXnZ1q0nXVo0hR2IbAefbYV0kAAAAARzc2g6AQAAAEDE
|
||||
1Wdgu/Rt+nqEddM9XVIvZgNwC3bgu0xLH1kiOqPkUi/ZFkC2MHx+16coYegqlgZMreBP8+
|
||||
jKvGQysdwE+PchAAAAAAAAAAABAgME
|
||||
-----END OPENSSH PRIVATE KEY-----
|
||||
|
|
@ -0,0 +1 @@
|
|||
sk-ecdsa-sha2-nistp256@openssh.com AAAAInNrLWVjZHNhLXNoYTItbmlzdHAyNTZAb3BlbnNzaC5jb20AAAAIbmlzdHAyNTYAAABBBETsRNRjq3j5+IOdUjlWzeMCHihqJDwhah/Yf6jfOlV5tB/7uo2ixKdg4YPE3TF52datJ11aNIUdiGwHn22FdJAAAAAEc3NoOg==
|
||||
|
|
@ -0,0 +1,7 @@
|
|||
-----BEGIN OPENSSH PRIVATE KEY-----
|
||||
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
|
||||
QyNTUxOQAAACCheCDZeB6kTAGvcJDOQdeKDLxPy6+zr0O+jHl+CcaA8wAAAIi66rVYuuq1
|
||||
WAAAAAtzc2gtZWQyNTUxOQAAACCheCDZeB6kTAGvcJDOQdeKDLxPy6+zr0O+jHl+CcaA8w
|
||||
AAAEAylVdyV3Kct67/xo1exqxiMqVaB3Zcji+s5VB7PQ7S5qF4INl4HqRMAa9wkM5B14oM
|
||||
vE/Lr7OvQ76MeX4JxoDzAAAAAAECAwQF
|
||||
-----END OPENSSH PRIVATE KEY-----
|
||||
|
|
@ -0,0 +1 @@
|
|||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKF4INl4HqRMAa9wkM5B14oMvE/Lr7OvQ76MeX4JxoDz
|
||||
|
|
@ -0,0 +1,9 @@
|
|||
-----BEGIN OPENSSH PRIVATE KEY-----
|
||||
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAASgAAABpzay1zc2
|
||||
gtZWQyNTUxOUBvcGVuc3NoLmNvbQAAACC5TzTioebDxDVFQicHX1JSKLhoGgLBi/f/qkCD
|
||||
XaXBUAAAAARzc2g6AAAA4CjqYlwo6mJcAAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY2
|
||||
9tAAAAILlPNOKh5sPENUVCJwdfUlIouGgaAsGL9/+qQINdpcFQAAAABHNzaDoBAAAAgENU
|
||||
XbPTSRo6B9x8UzfEjRpdp4wZrhLAphZPVGi1qZIdZ9mSWjW4II11Fv9F8h5QtP9dmUTeKb
|
||||
Azr07lTcy92cGLngr5PjHM904yLBCg61zQL75YNZ3FReVG8SZhg7YD7MER1thy1t7ItWR0
|
||||
vQf65700K+QGBF7WhtznGms0A6oXAAAAAAAAAAAB
|
||||
-----END OPENSSH PRIVATE KEY-----
|
||||
|
|
@ -0,0 +1 @@
|
|||
sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAILlPNOKh5sPENUVCJwdfUlIouGgaAsGL9/+qQINdpcFQAAAABHNzaDo=
|
||||
|
|
@ -0,0 +1 @@
|
|||
Z0dzRu/AfSjNd7H1LlEk/vxw/tuGVeY3NSzb8wxSw6lAN9o+nefDntF9Ij3u9oj6Jhis6aQP6iCv3YHHcKfd9A==
|
||||
|
|
@ -0,0 +1,7 @@
|
|||
-----BEGIN SSH SIGNATURE-----
|
||||
U1NIU0lHAAAAAQAAAGgAAAATZWNkc2Etc2hhMi1uaXN0cDI1NgAAAAhuaXN0cDI1NgAAAE
|
||||
EE5CgMYvu5pwM2kD5zvsTzFRCO1nWfPk49K9Vl4m+6Hfno+h+XlyJ5R+AhfB2b6jqZPPlp
|
||||
NSsF13ybxQ9tV4UHWgAAAARmaWxlAAAAAAAAAAZzaGE1MTIAAABkAAAAE2VjZHNhLXNoYT
|
||||
ItbmlzdHAyNTYAAABJAAAAIQCV+yVd666huw+0MMotdB+b00loaCYY8yWVU3KuVgHe3AAA
|
||||
ACBYDwDWqTlIMFJZBCyu61VVAxJzp2A/v1iYQ0vzp4x7mA==
|
||||
-----END SSH SIGNATURE-----
|
||||
|
|
@ -0,0 +1,8 @@
|
|||
-----BEGIN SSH SIGNATURE-----
|
||||
U1NIU0lHAAAAAQAAAIgAAAATZWNkc2Etc2hhMi1uaXN0cDM4NAAAAAhuaXN0cDM4NAAAAG
|
||||
EEsxan6m0EavmzQKTd6LYw0eppmpfLWcJDgdJT/x+f6VinatjMccqvbeMdTP8wb2PsX6NM
|
||||
YxoXmjhET+hkXATbJ7YAO1RWfQd+VI36ciABs+QM53XFVSEDNu5M4KNlQRyUAAAABGZpbG
|
||||
UAAAAAAAAABnNoYTUxMgAAAIUAAAATZWNkc2Etc2hhMi1uaXN0cDM4NAAAAGoAAAAxAJXR
|
||||
bcuPoyo2MeNmFZsgusb2J2NQRPRmVV4xg1zMMN45THkiSasC3KVxXpSCe6GWYgAAADEA4L
|
||||
utlhNdNB5r19u9unohEnJuWJh9F07tDcFwnux0MCmiQHSo6R06q4W0/BZVqrsI
|
||||
-----END SSH SIGNATURE-----
|
||||
|
|
@ -0,0 +1,10 @@
|
|||
-----BEGIN SSH SIGNATURE-----
|
||||
U1NIU0lHAAAAAQAAAKwAAAATZWNkc2Etc2hhMi1uaXN0cDUyMQAAAAhuaXN0cDUyMQAAAI
|
||||
UEAU6iBihefpGmRS7dhE2Gp+1stjzT2GvJtmxPPcbk8DfxhgdEGEDPR+WIYCuFmRpZQsO4
|
||||
fbqUvEU6bx/U5hH8YB6NAErH6s+f8LolLxr0FOzEJenyvtYcZer+oAAfBF6+Y2lQj4TVoQ
|
||||
jkozAJj4KoHDWGVF2Rv6loNWz8KBpCRjpi3PT4AAAABGZpbGUAAAAAAAAABnNoYTUxMgAA
|
||||
AKcAAAATZWNkc2Etc2hhMi1uaXN0cDUyMQAAAIwAAABCAa+hJCcamPsA0jIzbb+OMmL047
|
||||
II6+6SaD/zcjSwSELgvI0uf7ogyjYl04/7VHWJZqOHpgGKS5UmlBB1Pe+njGxQAAAAQgCm
|
||||
Z1H5TH+KyimsHGn+ibpLcjjYGiRKwFDW/Rred8Isukja6DFf/X1iNTpMKYxCNXYsYPHbj4
|
||||
cnClYpIovywgiA5A==
|
||||
-----END SSH SIGNATURE-----
|
||||
|
|
@ -0,0 +1,8 @@
|
|||
-----BEGIN SSH SIGNATURE-----
|
||||
U1NIU0lHAAAAAQAAAH8AAAAic2stZWNkc2Etc2hhMi1uaXN0cDI1NkBvcGVuc3NoLmNvbQ
|
||||
AAAAhuaXN0cDI1NgAAAEEEROxE1GOrePn4g51SOVbN4wIeKGokPCFqH9h/qN86VXm0H/u6
|
||||
jaLEp2Dhg8TdMXnZ1q0nXVo0hR2IbAefbYV0kAAAAARzc2g6AAAABGZpbGUAAAAAAAAABn
|
||||
NoYTUxMgAAAHgAAAAic2stZWNkc2Etc2hhMi1uaXN0cDI1NkBvcGVuc3NoLmNvbQAAAEkA
|
||||
AAAgHiBNWuPpUEMyt2bz8vn3ehtbaHVPDeyDornotDMuY2AAAAAhAPTzwayZ2djj+Xjplc
|
||||
+t9+mKd8xZH5teyTyeEtzVlfstBQAAAAg=
|
||||
-----END SSH SIGNATURE-----
|
||||
|
|
@ -0,0 +1,6 @@
|
|||
-----BEGIN SSH SIGNATURE-----
|
||||
U1NIU0lHAAAAAQAAADMAAAALc3NoLWVkMjU1MTkAAAAgoXgg2XgepEwBr3CQzkHXigy8T8
|
||||
uvs69Dvox5fgnGgPMAAAAEZmlsZQAAAAAAAAAGc2hhNTEyAAAAUwAAAAtzc2gtZWQyNTUx
|
||||
OQAAAECRxENUPwmbRveDvNFOc36EuyMIa6jXWbCVkEQ2dtORyFAnChmr1kHMFX4B9TQm6U
|
||||
ssvYRRUo6ePL5DuAjLP+kD
|
||||
-----END SSH SIGNATURE-----
|
||||
|
|
@ -0,0 +1,7 @@
|
|||
-----BEGIN SSH SIGNATURE-----
|
||||
U1NIU0lHAAAAAQAAAEoAAAAac2stc3NoLWVkMjU1MTlAb3BlbnNzaC5jb20AAAAguU804q
|
||||
Hmw8Q1RUInB19SUii4aBoCwYv3/6pAg12lwVAAAAAEc3NoOgAAAARmaWxlAAAAAAAAAAZz
|
||||
aGE1MTIAAABnAAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAQDecacfTcsDHHy
|
||||
ijGxCojJhUbT+KMznT868J7BQy/FQPL3adiFTiuhJnOcd7d3fPp7ZGl5IAykn01vHN/qk4
|
||||
KwkFAAAABg==
|
||||
-----END SSH SIGNATURE-----
|
||||
|
|
@ -0,0 +1,14 @@
|
|||
-----BEGIN SSH SIGNATURE-----
|
||||
U1NIU0lHAAAAAQAAARcAAAAHc3NoLXJzYQAAAAMBAAEAAAEBALAgJpJCy7h57ymyD+SwZk
|
||||
MhN5QYjXo7eLKRLfIEcKhtaQdbzsXXbJM1K1vxU4L0wpfj1qcwzmbBwAZwnKeWyjOLtMFe
|
||||
FBd491SnnDjeGL8UdLE4ny4rK6lJvra0n+2u91/+SVl51aAkSsmffm4InKuve44Bi33rYK
|
||||
FtJ5bqOha77HxopBP22JwMJT9pgISxoeL7yvlmj67RJmBmBWi3zP345f2gW3+Q22APy6HZ
|
||||
LtEWF3AwalShRecswGqCho4M9eZ2zxkosAs+8KPXWlaflM2cdJXM8D62scmm7Jujc5KZsl
|
||||
V2kWgS4sNo+Kqg5otFajJvVGK2Csm2IQJKw1qidysAAAAEZmlsZQAAAAAAAAAGc2hhNTEy
|
||||
AAABFAAAAAxyc2Etc2hhMi01MTIAAAEAfIoJi0dM+uHYlQ9wtMy0vc9acZo2EcC/GWeInK
|
||||
Rc2IXEn/kyFlR9uiOaHAPzLAbiWefVYHqZbwaL+DBm0rrPmDoZdXbB7W/h/ebQgYWRAnmf
|
||||
1PNOkv8554xCnqoaaqqaXHRpDyIQZvTqkaR4I5DmVIDEDZoWIxGpgF8Qvj0CtK+TcubDy7
|
||||
DmU7CGFxeZ4bYjc215Ra8D6KhjX4pjhm8gf0eQlCMZwnWy8zFIEceAjyrx3151fe00OTuI
|
||||
bO/nP6tYaAD1y5l4uydzkBu5BxHL/sJQKkPVTEuez7ImWdL7FTXlyaq/YipBGt+HW2W0N5
|
||||
rlcgCZG4ddB2RtywHZYargJg==
|
||||
-----END SSH SIGNATURE-----
|
||||
|
|
@ -0,0 +1,27 @@
|
|||
-----BEGIN OPENSSH PRIVATE KEY-----
|
||||
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABFwAAAAdzc2gtcn
|
||||
NhAAAAAwEAAQAAAQEAsCAmkkLLuHnvKbIP5LBmQyE3lBiNejt4spEt8gRwqG1pB1vOxdds
|
||||
kzUrW/FTgvTCl+PWpzDOZsHABnCcp5bKM4u0wV4UF3j3VKecON4YvxR0sTifLisrqUm+tr
|
||||
Sf7a73X/5JWXnVoCRKyZ9+bgicq697jgGLfetgoW0nluo6FrvsfGikE/bYnAwlP2mAhLGh
|
||||
4vvK+WaPrtEmYGYFaLfM/fjl/aBbf5DbYA/Lodku0RYXcDBqVKFF5yzAaoKGjgz15nbPGS
|
||||
iwCz7wo9daVp+UzZx0lczwPraxyabsm6NzkpmyVXaRaBLiw2j4qqDmi0VqMm9UYrYKybYh
|
||||
AkrDWqJ3KwAAA7jBNsoEwTbKBAAAAAdzc2gtcnNhAAABAQCwICaSQsu4ee8psg/ksGZDIT
|
||||
eUGI16O3iykS3yBHCobWkHW87F12yTNStb8VOC9MKX49anMM5mwcAGcJynlsozi7TBXhQX
|
||||
ePdUp5w43hi/FHSxOJ8uKyupSb62tJ/trvdf/klZedWgJErJn35uCJyrr3uOAYt962ChbS
|
||||
eW6joWu+x8aKQT9ticDCU/aYCEsaHi+8r5Zo+u0SZgZgVot8z9+OX9oFt/kNtgD8uh2S7R
|
||||
FhdwMGpUoUXnLMBqgoaODPXmds8ZKLALPvCj11pWn5TNnHSVzPA+trHJpuybo3OSmbJVdp
|
||||
FoEuLDaPiqoOaLRWoyb1RitgrJtiECSsNaoncrAAAAAwEAAQAAAQBptbJQ4QRzIcRZK0V8
|
||||
xh9qtTotihsIPT+xNY/1DZMslBaQ0xqlBiplpGj000CDfjJ5hcdlK9cGN83wT5DGyattCr
|
||||
IfyT6X5APW7I7IVw1VSorLf6eSx1h6UAfGk1zWBMj29aHCsWx1pLK6lx8EHeki5r1quySl
|
||||
HCwwV1qGqujYkU1xr8kxEiiH9mdDE95gMMREVadHUitMnykVshvtA3oow9V+gzid2b58BE
|
||||
HL2hIKycNlNyuC7vTouviN80FwyqWlEIhjeAMYGs6svI1SR5f4yZ9vAXjbjXjT7AKnBSx5
|
||||
AIovLVQPEarpmIB3TXKzIMK4bpFb6X+cfMRl9+ah3U5pAAAAgFQ2bqjGts5/3cJ64xVsil
|
||||
BS5HCgWHhiGWVFxrber4z2zM141TaEDK4pmmrE4wX1QrBcGjMIBFNGT/7+nlMgo6KgSYKc
|
||||
7tOE4pdBI2Br0UGyEg1s0A27PO9V0q2iojvJMESWCNcxgKVysbX02uh15EQP2s1y9+TEs8
|
||||
3DhopvEpA7AAAAgQDXJuAHyvcDbATV5XpRr9M+cY4Eswahc7fW2z9gV7MbcxpI2XS+KLiX
|
||||
IA6eOVKjD3vHH3gJOqDg8jfkSpfE24HozmnjVVv6mQ9DUSfSwEwsZHDSe+ZOp5CGdBv7Vv
|
||||
6Y1yJwZiBnmYU96HWSJY6SBMRQbMiQMqCEFmQgl19ww2uMfwAAAIEA0ZB2wLZktLeo64uB
|
||||
o/c30jZDZvMRHmfpTTKX23y7n/ZVQAa3U0TakX2qOqOF9FFiGD9QSfiDiRyoQ1ULcDHode
|
||||
Jjo8cTwU9KOAqtbwHALYCsl3tyR01RZO3clzAeRKbusd8LEExzHd30cqisCMd8VMYu5/4p
|
||||
HnPFlNu+UIQer1UAAAAAAQID
|
||||
-----END OPENSSH PRIVATE KEY-----
|
||||
|
|
@ -0,0 +1 @@
|
|||
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCwICaSQsu4ee8psg/ksGZDITeUGI16O3iykS3yBHCobWkHW87F12yTNStb8VOC9MKX49anMM5mwcAGcJynlsozi7TBXhQXePdUp5w43hi/FHSxOJ8uKyupSb62tJ/trvdf/klZedWgJErJn35uCJyrr3uOAYt962ChbSeW6joWu+x8aKQT9ticDCU/aYCEsaHi+8r5Zo+u0SZgZgVot8z9+OX9oFt/kNtgD8uh2S7RFhdwMGpUoUXnLMBqgoaODPXmds8ZKLALPvCj11pWn5TNnHSVzPA+trHJpuybo3OSmbJVdpFoEuLDaPiqoOaLRWoyb1RitgrJtiECSsNaoncr
|
||||
|
|
@ -0,0 +1,10 @@
|
|||
-----BEGIN OPENSSH PRIVATE KEY-----
|
||||
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAfwAAACJzay1lY2
|
||||
RzYS1zaGEyLW5pc3RwMjU2QG9wZW5zc2guY29tAAAACG5pc3RwMjU2AAAAQQSq1e4+3xiV
|
||||
+8J31I26lSu/RFyqx5RvMWSI0S22tIJm4PUooO4OW5T+Di3/jZgko9uwFzr/zDZTy6uWyD
|
||||
Qhk9G8AAAABHNzaDoAAADoeklfLnpJXy4AAAAic2stZWNkc2Etc2hhMi1uaXN0cDI1NkBv
|
||||
cGVuc3NoLmNvbQAAAAhuaXN0cDI1NgAAAEEEqtXuPt8YlfvCd9SNupUrv0RcqseUbzFkiN
|
||||
EttrSCZuD1KKDuDluU/g4t/42YJKPbsBc6/8w2U8urlsg0IZPRvAAAAARzc2g6AQAAAECE
|
||||
3HUalOjXfOTrfIRFnJIzVmj1Oq1o5vaGZdevL12Ue8oy01QAMvDLhu7tenBtwzXb65N6aH
|
||||
n21rJShWK/Nc6EAAAAAAAAABN2Y3Nqb25lc0BLZXZpbnMtTUJQAQ==
|
||||
-----END OPENSSH PRIVATE KEY-----
|
||||
|
|
@ -0,0 +1 @@
|
|||
sk-ecdsa-sha2-nistp256@openssh.com AAAAInNrLWVjZHNhLXNoYTItbmlzdHAyNTZAb3BlbnNzaC5jb20AAAAIbmlzdHAyNTYAAABBBKrV7j7fGJX7wnfUjbqVK79EXKrHlG8xZIjRLba0gmbg9Sig7g5blP4OLf+NmCSj27AXOv/MNlPLq5bINCGT0bwAAAAEc3NoOg== vcsjones@Kevins-MBP
|
||||
|
|
@ -0,0 +1,10 @@
|
|||
-----BEGIN OPENSSH PRIVATE KEY-----
|
||||
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAASgAAABpzay1zc2
|
||||
gtZWQyNTUxOUBvcGVuc3NoLmNvbQAAACAdGSyAfB35x92DVqxGxRKs27JpPioJZxuX5O09
|
||||
YJG23AAAAARzc2g6AAAA+DJHBAkyRwQJAAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY2
|
||||
9tAAAAIB0ZLIB8HfnH3YNWrEbFEqzbsmk+KglnG5fk7T1gkbbcAAAABHNzaDoBAAAAgDKR
|
||||
R3sjWdfZ4HVt6ZDoCzSuoF24bmrztloIUdysTpc/LQWjeH/fS5ob6glvnSNVF+ilFd2nct
|
||||
hvUvDSemVXYBVc54je/gsTzTCRpnQ/557G3ABOXCYvH/C3w0D8Ogkh2e7JTrpYIJjkurlG
|
||||
Ctg2SteEN1Mms/5fQXmK0nwW3rB1AAAAAAAAABN2Y3Nqb25lc0BLZXZpbnMtTUJQAQIDBA
|
||||
UG
|
||||
-----END OPENSSH PRIVATE KEY-----
|
||||
|
|
@ -0,0 +1 @@
|
|||
sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIB0ZLIB8HfnH3YNWrEbFEqzbsmk+KglnG5fk7T1gkbbcAAAABHNzaDo= vcsjones@Kevins-MBP
|
||||
|
|
@ -109,10 +109,6 @@ describe SSHData::PublicKey::SKECDSA do
|
|||
expect(round_tripped).to eq(openssl_sig)
|
||||
end
|
||||
|
||||
it "can not verify signatures" do
|
||||
expect { subject.verify(msg, sig) }.to raise_error(SSHData::UnsupportedError)
|
||||
end
|
||||
|
||||
it "blows up parsing malformed keys" do
|
||||
malformed = [algo, Base64.strict_encode64([
|
||||
SSHData::Encoding.encode_string(algo),
|
||||
|
|
|
|||
|
|
@ -57,10 +57,6 @@ describe SSHData::PublicKey::SKED25519 do
|
|||
expect(subject.ed25519_key.to_bytes).to eq(verify_key.to_bytes)
|
||||
end
|
||||
|
||||
it "can not verify signatures" do
|
||||
expect { subject.verify(msg, sig) }.to raise_error(SSHData::UnsupportedError)
|
||||
end
|
||||
|
||||
it "can be rencoded" do
|
||||
expect(openssh_key.rfc4253).to eq(fixture("sked25519_leaf_for_rsa_ca.pub", binary: true))
|
||||
end
|
||||
|
|
|
|||
|
|
@ -0,0 +1,81 @@
|
|||
require_relative "./spec_helper"
|
||||
|
||||
describe SSHData::Signature do
|
||||
describe "end to end" do
|
||||
it "can verify an Ed25519-SK git signature" do
|
||||
message= "tree ed9f16d32a89e48289d9d4becc4ff47cbd11f58c\nparent 7c6364502eceecc87b276d8b49d8eb0ae96fd9e3\nauthor Kevin Jones <octocat@github.com> 1638815753 -0500\ncommitter Kevin Jones <octocat@github.com> 1638815828 -0500\n\ntest\n"
|
||||
signature = <<~SIG
|
||||
-----BEGIN SSH SIGNATURE-----
|
||||
U1NIU0lHAAAAAQAAAEoAAAAac2stc3NoLWVkMjU1MTlAb3BlbnNzaC5jb20AAAAgnXUo8l
|
||||
URoToCMzr+Rxeia/9yy+Rn+VwTTOqXdIgf7TUAAAAEc3NoOgAAAANnaXQAAAAAAAAABnNo
|
||||
YTUxMgAAAGcAAAAac2stc3NoLWVkMjU1MTlAb3BlbnNzaC5jb20AAABAud+P+aC7yCEcgy
|
||||
smyAyN5iokI0T+dKuhl7Ml7XB/wPBlefSamMXoHE7k3BbAXBNXJQH0TtHo/aX0gZxLy44D
|
||||
DgUAAAAG
|
||||
-----END SSH SIGNATURE-----
|
||||
SIG
|
||||
|
||||
subject = described_class.parse_pem(signature)
|
||||
expect(subject.verify(message)).to be(true)
|
||||
end
|
||||
|
||||
it "can verify an RSA git signature" do
|
||||
message = "tree 4b825dc642cb6eb9a060e54bf8d69288fbee4904\nparent 339ca5fd2a41e29236ea793772308bb054b9d81b\nauthor Kevin Jones <vcsjones@github.com> 1637774236 -0500\ncommitter Kevin Jones <vcsjones@github.com> 1637774236 -0500\n\nWHAT\n"
|
||||
signature = <<~SIG
|
||||
-----BEGIN SSH SIGNATURE-----
|
||||
U1NIU0lHAAAAAQAAAZcAAAAHc3NoLXJzYQAAAAMBAAEAAAGBANEwkDjsYE02vY+bTFXAL9
|
||||
xaGDFRwpAYutfhl7eL1Qn6dziGnokqMz1FnwPbRkPUOtdwXbojK0W45DS8rODLhvwyEJjj
|
||||
sY2L9pKX/6hKDgb1RjtNAv57OHnfW3qyZWM/Nyd5js9K+43JN1ECoWCTVqtAaJcyfNXY8Y
|
||||
FeR6x5ARkBZf+tgPA2+xIdmDf0jxyZ+hr6LRnE6/N9WsrCURnwx3u8XE8kusudBXDD4XKp
|
||||
F/AqptHwi6OML+9kRQmyXXYs1dvPaJi4TGAGlPPD7mQaWT9fsKXJZa3jl6ckzq6D7SDDPh
|
||||
CF2e/ZpzIJuusMQrx2snhKgKYh+G4WS/FpLcan+HG+/bv91lzNBXufJSLs5oo0B13L6ZaK
|
||||
CJMkzG4zo/evDiomkXv9Fg8f2bIw2Ayh56Cd4Dcc2MYfziG3yLiVQrDu2eCTuILYzYdcFw
|
||||
hzxkS8V6Ep+9U4ct0Zt+hTpyloSnQ7AEX/FKHAT7xdQxVoYaY7cVRyOWMROQ6ArxiNbPnk
|
||||
JQAAAANnaXQAAAAAAAAABnNoYTUxMgAAAZQAAAAMcnNhLXNoYTItNTEyAAABgKE+f+H3D1
|
||||
+kgPGi1TulPivysng0PIUthoVHSpJ5OKd2VrbdiH5B/XK1DmhpxCFVy6WAKD/x7a6Qpjd2
|
||||
VSVsKdtJeBLfniTWB/LJQD/5miEVBG10F9V5EaEl4uRiQrTTGEAznBg3k0yIUVBdWWjoJh
|
||||
5dLw+NQNWf9yw+/hNbtcCjkMeeZLvLwZNhsFxhRiIi5cy5m6O/eSSekaXe4sj0HxmuSIwh
|
||||
8bFRlU+JQwmJ5P1tsnyhwaSSs5qnJ0MXiDeLD5MOt9PGDJhnNarMqYkA61slhhq1XkQu1E
|
||||
FXdurNLkKaTpViSlFXqjFGXgoyB8yWB9DuqoZm69xGtCh1TmKkyE3M2R6hqXTqc90Szkxr
|
||||
POr3R0OsJrYu1VOc//AKz7AHp1DGHOTNZkpfYVzm76wrkPS9LMVieZkelcr75/az+w6kev
|
||||
qi1HNSYwD+pWej8+oCw6jri/ulGHDYyARR4ZSIR2AgBP5QZ0B0aLNr5F9ufbJvkGEpUvQH
|
||||
rfqicASU/vCBEQ==
|
||||
-----END SSH SIGNATURE-----
|
||||
SIG
|
||||
|
||||
subject = described_class.parse_pem(signature)
|
||||
expect(subject.verify(message)).to be(true)
|
||||
end
|
||||
end
|
||||
|
||||
describe "#verify" do
|
||||
|
||||
Dir["spec/fixtures/signatures/message.*.sig"].each do |path|
|
||||
name = File.basename(path)
|
||||
|
||||
describe name do
|
||||
let(:signature) { File.read(path) }
|
||||
let(:data) { File.read("spec/fixtures/signatures/message") }
|
||||
|
||||
it "verifies with data" do
|
||||
subject = described_class.parse_pem(signature)
|
||||
expect(subject.verify(data)).to be(true)
|
||||
end
|
||||
|
||||
it "does not verify with tampered data" do
|
||||
bad_data = data + "bad"
|
||||
subject = described_class.parse_pem(signature)
|
||||
expect(subject.verify(bad_data)).to be(false)
|
||||
end
|
||||
|
||||
it "parses correctly" do
|
||||
subject = described_class.parse_pem(signature)
|
||||
expect(subject.sigversion).to eq(1)
|
||||
expect(subject.namespace).to eq("file")
|
||||
expect(subject.reserved).to be_empty
|
||||
expect(subject.hashalgorithm).to eq("sha512")
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
end
|
||||
end
|
||||
Загрузка…
Ссылка в новой задаче