From ae67ea6a67c25fef305964ee34d4bf96b9da8519 Mon Sep 17 00:00:00 2001
From: axtloss <axtlos@getcryst.al>
Date: Mon, 5 Feb 2024 21:15:37 +0100
Subject: add db signing to setup and switch to aead.dev/minisign

---
 verifysetup/core/crypt.go | 23 +++++++++++++++++++++++
 1 file changed, 23 insertions(+)

(limited to 'verifysetup/core/crypt.go')

diff --git a/verifysetup/core/crypt.go b/verifysetup/core/crypt.go
index 81130a3..77df221 100644
--- a/verifysetup/core/crypt.go
+++ b/verifysetup/core/crypt.go
@@ -1,10 +1,13 @@
 package core
 
 import (
+	"aead.dev/minisign"
 	"bytes"
 	"crypto/sha256"
 	"fmt"
+	"golang.org/x/term"
 	"io"
+	"os"
 	"strings"
 )
 
@@ -16,3 +19,23 @@ func CalculateBlockHash(block []byte) (string, error) {
 	hashInBytes := hash.Sum(nil)[:32]
 	return strings.TrimSpace(fmt.Sprintf("%x", hashInBytes)), nil
 }
+
+func SignDatabase(database string, minisignKeys string) ([]byte, error) {
+	fmt.Print("Enter your password (will not echo): ")
+	p, err := term.ReadPassword(int(os.Stdin.Fd()))
+	if err != nil {
+		panic(err)
+	}
+	fmt.Println("\nSigning database")
+	privateKey, err := minisign.PrivateKeyFromFile(string(p), minisignKeys+"/minisign.key")
+	if err != nil {
+		return nil, err
+	}
+
+	data, err := os.ReadFile(database)
+	if err != nil {
+		return nil, err
+	}
+	signature := minisign.SignWithComments(privateKey, data, "fsverify", "fsverify")
+	return signature, err
+}
-- 
cgit v1.2.3