add db signing to setup and switch to aead.dev/minisign

author: axtloss <axtlos@getcryst.al> 2024-02-05 21:15:37 +0100
committer: axtloss <axtlos@getcryst.al> 2024-02-05 21:15:37 +0100
commit: ae67ea6a67c25fef305964ee34d4bf96b9da8519 (patch)
tree: bb4d2227ea6ec2a9b8543c7cdb39b58429cec467 /verifysetup/core
parent: f1524db2c9d935daabd3b1557caf54fbdd63dde5 (diff)
download: fsverify-ae67ea6a67c25fef305964ee34d4bf96b9da8519.tar.gz
fsverify-ae67ea6a67c25fef305964ee34d4bf96b9da8519.tar.bz2
1 files changed, 23 insertions, 0 deletions
diff --git a/verifysetup/core/crypt.go b/verifysetup/core/crypt.go
index 81130a3..77df221 100644
--- a/verifysetup/core/crypt.go
+++ b/verifysetup/core/crypt.go
@@ -1,10 +1,13 @@
 package core
 
 import (
+	"aead.dev/minisign"
 	"bytes"
 	"crypto/sha256"
 	"fmt"
+	"golang.org/x/term"
 	"io"
+	"os"
 	"strings"
 )
 
@@ -16,3 +19,23 @@ func CalculateBlockHash(block []byte) (string, error) {
 	hashInBytes := hash.Sum(nil)[:32]
 	return strings.TrimSpace(fmt.Sprintf("%x", hashInBytes)), nil
 }
+
+func SignDatabase(database string, minisignKeys string) ([]byte, error) {
+	fmt.Print("Enter your password (will not echo): ")
+	p, err := term.ReadPassword(int(os.Stdin.Fd()))
+	if err != nil {
+		panic(err)
+	}
+	fmt.Println("\nSigning database")
+	privateKey, err := minisign.PrivateKeyFromFile(string(p), minisignKeys+"/minisign.key")
+	if err != nil {
+		return nil, err
+	}
+
+	data, err := os.ReadFile(database)
+	if err != nil {
+		return nil, err
+	}
+	signature := minisign.SignWithComments(privateKey, data, "fsverify", "fsverify")
+	return signature, err
+}
author	axtloss <axtlos@getcryst.al>	2024-02-05 21:15:37 +0100
committer	axtloss <axtlos@getcryst.al>	2024-02-05 21:15:37 +0100
commit	ae67ea6a67c25fef305964ee34d4bf96b9da8519 (patch)
tree	bb4d2227ea6ec2a9b8543c7cdb39b58429cec467 /verifysetup/core
parent	f1524db2c9d935daabd3b1557caf54fbdd63dde5 (diff)
download	fsverify-ae67ea6a67c25fef305964ee34d4bf96b9da8519.tar.gz fsverify-ae67ea6a67c25fef305964ee34d4bf96b9da8519.tar.bz2