add db signing to setup and switch to aead.dev/minisign

4 files changed, 42 insertions, 2 deletions

diff --git a/verifysetup/cmd/setup.go b/verifysetup/cmd/setup.go
index c2676fc..674557e 100644
--- a/verifysetup/cmd/setup.go
+++ b/verifysetup/cmd/setup.go
@@ -73,5 +73,14 @@ func SetupCommand(_ *cobra.Command, args []string) error {
 	}
 	fmt.Println(finalNode)
 	err = core.AddNode(finalNode, nil, "./fsverify.db")
-	return err
+	if err != nil {
+		return err
+	}
+
+	signature, err := core.SignDatabase("./fsverify.db", "./minisign/")
+	if err != nil {
+		return err
+	}
+	fmt.Println(string(signature))
+	return nil
 }
diff --git a/verifysetup/core/crypt.go b/verifysetup/core/crypt.go
index 81130a3..77df221 100644
--- a/verifysetup/core/crypt.go
+++ b/verifysetup/core/crypt.go
@@ -1,10 +1,13 @@
 package core
 
 import (
+	"aead.dev/minisign"
 	"bytes"
 	"crypto/sha256"
 	"fmt"
+	"golang.org/x/term"
 	"io"
+	"os"
 	"strings"
 )
 
@@ -16,3 +19,23 @@ func CalculateBlockHash(block []byte) (string, error) {
 	hashInBytes := hash.Sum(nil)[:32]
 	return strings.TrimSpace(fmt.Sprintf("%x", hashInBytes)), nil
 }
+
+func SignDatabase(database string, minisignKeys string) ([]byte, error) {
+	fmt.Print("Enter your password (will not echo): ")
+	p, err := term.ReadPassword(int(os.Stdin.Fd()))
+	if err != nil {
+		panic(err)
+	}
+	fmt.Println("\nSigning database")
+	privateKey, err := minisign.PrivateKeyFromFile(string(p), minisignKeys+"/minisign.key")
+	if err != nil {
+		return nil, err
+	}
+
+	data, err := os.ReadFile(database)
+	if err != nil {
+		return nil, err
+	}
+	signature := minisign.SignWithComments(privateKey, data, "fsverify", "fsverify")
+	return signature, err
+}
diff --git a/verifysetup/go.mod b/verifysetup/go.mod
index 7acfa12..72fe2a5 100644
--- a/verifysetup/go.mod
+++ b/verifysetup/go.mod
@@ -3,6 +3,7 @@ module github.com/axtloss/fsverify/verifysetup
 go 1.21.6
 
 require (
+	aead.dev/minisign v0.2.1 // indirect
 	github.com/axtloss/fsverify v0.0.0-20240204141913-a215d3358f35 // indirect
 	github.com/inconshreveable/mousetrap v1.1.0 // indirect
 	github.com/jedisct1/go-minisign v0.0.0-20230811132847-661be99b8267 // indirect
@@ -11,5 +12,6 @@ require (
 	github.com/tarm/serial v0.0.0-20180830185346-98f6abe2eb07 // indirect
 	go.etcd.io/bbolt v1.3.8 // indirect
 	golang.org/x/crypto v0.17.0 // indirect
-	golang.org/x/sys v0.15.0 // indirect
+	golang.org/x/sys v0.16.0 // indirect
+	golang.org/x/term v0.16.0 // indirect
 )
diff --git a/verifysetup/go.sum b/verifysetup/go.sum
index 9ad7abe..debe9f9 100644
--- a/verifysetup/go.sum
+++ b/verifysetup/go.sum
@@ -1,3 +1,5 @@
+aead.dev/minisign v0.2.1 h1:Z+7HA9dsY/eGycYj6kpWHpcJpHtjAwGiJFvbiuO9o+M=
+aead.dev/minisign v0.2.1/go.mod h1:oCOjeA8VQNEbuSCFaaUXKekOusa/mll6WtMoO5JY4M4=
 github.com/axtloss/fsverify v0.0.0-20240204141913-a215d3358f35 h1:GnvD9HxKht9mD1NLjDaffqNfTJcxbOgXfkexYDGAJ5E=
 github.com/axtloss/fsverify v0.0.0-20240204141913-a215d3358f35/go.mod h1:Tve3hFV8BxkGp5iY/k+sKSF/Qv1SGLDoHFYQI3xjdHQ=
 github.com/cpuguy83/go-md2man/v2 v2.0.3/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
@@ -18,5 +20,9 @@ golang.org/x/crypto v0.17.0 h1:r8bRNjWL3GshPW3gkd+RpvzWrZAwPS49OmTGZ/uhM4k=
 golang.org/x/crypto v0.17.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4=
 golang.org/x/sys v0.15.0 h1:h48lPFYpsTvQJZF4EKyI4aLHaev3CxivZmv7yZig9pc=
 golang.org/x/sys v0.15.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/sys v0.16.0 h1:xWw16ngr6ZMtmxDyKyIgsE93KNKz5HKmMa3b8ALHidU=
+golang.org/x/sys v0.16.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/term v0.16.0 h1:m+B6fahuftsE9qjo0VWp2FW0mB3MTJvR0BaMQrq0pmE=
+golang.org/x/term v0.16.0/go.mod h1:yn7UURbUtPyrVJPGPq404EukNFxcm/foM+bV/bfcDsY=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=