Why does anyone require this functionality? (minus the irony the additional feature is coming from a "slimmed" clone)
Paul Spooren <m...@aparcar.org> wrote: > To know the fingerprint used for a sec/pub/sig the option `-F` is added > which works in combination with `-s`, `-p` or `-x`. It will load the > file and and print the used fingerprint in hex. > > This feature was ported over from OpenWrt's usign[0], which is a slimmed > simpler implementation of `signify`. > > [0]: https://git.openwrt.org/project/usign.git > > Signed-off-by: Paul Spooren <m...@aparcar.org> > --- > signify.c | 46 +++++++++++++++++++++++++++++++++++++++++++--- > 1 file changed, 43 insertions(+), 3 deletions(-) > > diff --git a/signify.c b/signify.c > index 8e54737..0f88ee4 100644 > --- a/signify.c > +++ b/signify.c > @@ -84,7 +84,8 @@ usage(const char *error) > "\t%1$s -G [-n] [-c comment] -p pubkey -s seckey\n" > "\t%1$s -S [-enz] [-x sigfile] -s seckey -m message\n" > #endif > - "\t%1$s -V [-eqz] [-p pubkey] [-t keytype] [-x sigfile] -m > message\n", > + "\t%1$s -V [-eqz] [-p pubkey] [-t keytype] [-x sigfile] -m > message\n" > + "\t%1$s -F [-p pubkey] [-s seckey ] [-x sigfile]\n", > getprogname()); > exit(1); > } > @@ -547,6 +548,35 @@ verifysimple(const char *pubkeyfile, const char > *msgfile, const char *sigfile, > free(msg); > } > > +static int > +fingerprint(const char *seckeyfile, const char *pubkeyfile, const char > *sigfile) > +{ > + struct sig sig; > + struct pubkey pubkey; > + struct enckey enckey; > + uint8_t *fp; > + > + if (seckeyfile) { > + readb64file(seckeyfile, &enckey, sizeof(enckey), NULL); > + fp = enckey.keynum; > + } else if (pubkeyfile) { > + readb64file(pubkeyfile, &pubkey, sizeof(pubkey), NULL); > + fp = pubkey.keynum; > + } else if (sigfile) { > + readb64file(sigfile, &sig, sizeof(sig), NULL); > + fp = sig.keynum; > + } else > + return 1; > + > + int i; > + for (i = 0; i < KEYNUMLEN; i++) > + { > + fprintf(stdout, "%02x", fp[i]); > + } > + fprintf(stdout, "\n"); > + return 0; > +} > + > static uint8_t * > verifyembedded(const char *pubkeyfile, const char *sigfile, > int quiet, unsigned long long *msglenp, const char *keytype) > @@ -769,13 +799,14 @@ main(int argc, char **argv) > CHECK, > GENERATE, > SIGN, > - VERIFY > + VERIFY, > + FINGERPRINT > } verb = NONE; > > if (pledge("stdio rpath wpath cpath tty", NULL) == -1) > err(1, "pledge"); > > - while ((ch = getopt(argc, argv, "CGSVzc:em:np:qs:t:x:")) != -1) { > + while ((ch = getopt(argc, argv, "CGSVFzc:em:np:qs:t:x:")) != -1) { > switch (ch) { > #ifndef VERIFYONLY > case 'C': > @@ -802,6 +833,11 @@ main(int argc, char **argv) > usage(NULL); > verb = VERIFY; > break; > + case 'F': > + if (verb) > + usage(NULL); > + verb = FINGERPRINT; > + break; > case 'c': > comment = optarg; > break; > @@ -909,6 +945,10 @@ main(int argc, char **argv) > quiet, keytype); > } > break; > + case FINGERPRINT: > + if (!!seckeyfile + !!pubkeyfile + !!sigfile != 1) > + usage("Need one secret/public key or signature"); > + return fingerprint(seckeyfile, pubkeyfile, sigfile); > default: > if (pledge("stdio", NULL) == -1) > err(1, "pledge"); > -- > 2.30.2 >
