###----- Licensing notice ---------------------------------------------------
###
-### This program is free software; you can redistribute it and/or modify
+### This file is part of the distorted.org.uk key management suite.
+###
+### distorted-keys is free software; you can redistribute it and/or modify
### it under the terms of the GNU General Public License as published by
### the Free Software Foundation; either version 2 of the License, or
### (at your option) any later version.
###
-### This program is distributed in the hope that it will be useful,
+### distorted-keys is distributed in the hope that it will be useful,
### but WITHOUT ANY WARRANTY; without even the implied warranty of
### MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
### GNU General Public License for more details.
###
### You should have received a copy of the GNU General Public License
-### along with this program; if not, write to the Free Software Foundation,
+### along with distorted-keys; if not, write to the Free Software Foundation,
### Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
quis=${0##*/}
case ":$PATH:" in *:"$bindir":*) ;; *) PATH=$bindir:$PATH ;; esac
+if [ -f $KEYS/keys.conf ]; then . $KEYS/keys.conf; fi
+: ${random=/dev/random}
+
+case "${KEYS_DEBUG+t}" in t) set -x ;; esac
+
###--------------------------------------------------------------------------
### Cleanup handling.
## Make and return the name of a temporary directory.
case "${tmp+t}" in t) echo "$tmp"; return ;; esac
- mem=$(userv root claim-mem-dir)
+ mem=$(userv root claim-mem-dir </dev/null)
tmp="$mem/keys.tmp.$$"
rm -rf "$tmp"
mkdir -m700 "$tmp"
esac
}
+checklabel () {
+ what=$1 thing=$2
+ case "$thing" in
+ *[!-0-9a-zA-Z_!%@+=/#]* | *//* | /* | */)
+ echo >&2 "$quis: bad $what label \`$thing'"
+ exit 1
+ ;;
+ esac
+}
+
###--------------------------------------------------------------------------
### Crypto operations.
###
private=$1 public=$2
## Make a new key, write private key to PRIVATE and public key to PUBLIC.
- dd if=/dev/random bs=1 count=512 2>/dev/null |
- openssl sha384 -binary |
+ dd if=$random bs=1 count=512 2>/dev/null |
+ openssl dgst -sha384 -binary |
(umask 077 && openssl base64 >"$private")
ec_public "$private" >"$public"
}
run_seccure decrypt -q -cp256 -m128 -F"$private" "$@"
}
+ec_sign () {
+ private=$1; shift
+ ## Sign stuff using the PRIVATE key. Use -i/-o or redirection.
+
+ run_seccure sign -q -cp256 -F"$private" "$@"
+}
+
+ec_verify () {
+ public=$1 signature=$2; shift
+ ## Verify a SIGNATURE using the PUBLIC key; use -i or redirection for the
+ ## input.
+
+ run_seccure verify -q -cp256 "$@" -- $(cat "$public") "$signature"
+}
+
###--------------------------------------------------------------------------
### Help text.