Add new output format: "signify" #16
Conversation
|
Thanks, Dmitry! I'm interested in accepting this, and I've pushed some
additional changes reflecting how I plan to do so. They make no actual
changes to the output.
However, I don't like the keynum derivation. If two people happen to pick
the same User ID, they'll have the same keynum, which defeats the purpose
of the keynum as a unique key identifier. Instead it should be derived
from the public key, itself derived from the ID and passphrase. If two
people pick the same passphrase, then the game is already lost.
With zero KDF rounds, the salt is unused, right? It could simply be
zeroes. If this output format supported --protect (-e) — which is
currently not the case — then the salt matters, but it should also be
randomly generated, not derived from the ID or even the key. Protection
encryption shouldn't be deterministic.
So for keynum I'm thinking hash the public key, just a straight SHA-512
truncated to 8 bytes. SHA-224 which is merely SHA-512 truncated (well,
plus a different initial state), and truncating twice instead of once
seems arbitrary.
What do you think?
|
Looks fine. I don't have much to say about style of go code.
Makes sense. I am sure I can do this.
This format supports passphrase that protects key. I was not exactly correct in my commit message.
Wasn't aware of this relation. Sure, sounds easy. |
This is BSD tool used to sign release, with simpler interface and without support of old key types. It does not do encryption. This is how signify can be used: $ signify -G -n -p new.pub -s new.key $ signify -S -s new.key -m message.txt # creates message.txt.sig $ signify -V -p new.pub -m message.txt # checks signature Now first step can be replaced with $ passphrase2pgp -f signify > new.combined First two lines in generated file are public key, next two -- secret key. Note that first line in both starts with "untrusted comment: ". signify(1) insists for it to be the case. Co-Authored: Christopher Wellons <wellons@nullprogram.com>
KAction
force-pushed
the
contrib/0/signify/out
branch
from
647ee42
to
12a623c
Compare
|
That new keynum looks good.
You suggest that I do 64 rounds, like with ssh, or it should be
configurable?
Looks like signify uses 42 rounds, unconfigurable. It makes the most sense
to me to just match this.
https://github.com/aperezdc/signify/blob/7960f78/signify.c#L876
|
|
Since there wasn't much to it, I added --protect support for signify keys
in 757a5a9. I'm happy with things at this point, so if you're satisfied
then I'll merge it.
|
|
Looks good to me. Took some time to understand that it works because arrays are zero-initialized. |
This is BSD tool used to sign release, with simpler interface and without
support of old key types. It does not do encryption.
This is how signify can be used:
$ signify -G -p new.pub -s new.key
$ signify -S -s new.key -m message.txt # creates message.txt.sig
$ signify -V -p new.pub -m message.txt # checks signature
Now first step can be replaced with
$ passphrase2pgp -f signify > new.combined
First two lines in generated file are public key, next two -- secret key. Note
that first line in both starts with "untrusted comment: ". signify(1) insists
for it to be the case.