### -*-sh-*- ### ### Key type for B. Poettering's `Seccure' suite ### ### (c) 2011 Mark Wooding ### ###----- Licensing notice --------------------------------------------------- ### ### This file is part of the distorted.org.uk key management suite. ### ### distorted-keys is free software; you can redistribute it and/or modify ### it under the terms of the GNU General Public License as published by ### the Free Software Foundation; either version 2 of the License, or ### (at your option) any later version. ### ### distorted-keys is distributed in the hope that it will be useful, ### but WITHOUT ANY WARRANTY; without even the implied warranty of ### MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ### GNU General Public License for more details. ### ### You should have received a copy of the GNU General Public License ### along with distorted-keys; if not, write to the Free Software Foundation, ### Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. ###-------------------------------------------------------------------------- ### Utility functions. run_seccure () { op=$1; shift ## run_seccure OP ARG ... ## ## Run a Seccure program, ensuring that its stderr is reported if it had ## anything very interesting to say, but suppressed if it was boring. set +e; seccure-$op "$@" 2>$tmp/seccure.out; rc=$?; set -e grep -v '^WARNING: Cannot obtain memory lock' $tmp/seccure.out >&2 || : return $rc } ###-------------------------------------------------------------------------- ### Key type definition. defprops k_props <"$nub" k_public "$base" "$nub" >"$base/pub" } k_check () { base=$1 nub=$2 this=$(k_public "$base" "$nub") orig=$(cat "$base/pub") case "$orig" in "$this") return 0 ;; *) return 1 ;; esac } k_encrypt () { base=$1 run_seccure encrypt -q -c$kprop_curve -m$kprop_tagsz -- $(cat "$base/pub") } k_decrypt () { nub=$2 if ! run_seccure decrypt -q -c$kprop_curve -m$kprop_tagsz -F"$nub"; then echo >&2 "$quis: decryption failed" return 1 fi } k_sign () { nub=$2 run_seccure sign -q -c$kprop_curve -F"$nub" -s/dev/stdout } k_verify () { base=$1 sig=$3 if run_seccure verify -q -c$kprop_curve -- \ $(cat "$base/pub") "$sig" then :; else rc=$? echo >&2 "$quis: signature verification failed" return $rc fi } ###----- That's all, folks --------------------------------------------------