Source-Changes archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

CVS import: othersrc/external/bsd/starsign



Module Name:    othersrc
Committed By:   agc
Date:           Wed Apr  2 04:03:33 UTC 2014

Update of /cvsroot/othersrc/external/bsd/starsign
In directory ivanova.netbsd.org:/tmp/cvs-serv619

Log Message:
Initial import of starsign into othersrc/external/bsd/starsign

The starsign suite of scripts allows (ssh and pgp) signatures to be
made on files and data.  The user's signatures provide trust for the
public part of an ephemeral key; the private part is thrown away after
signing the data.  A signed tar (or "star") archive is produced when
signing. Start times and durations of signatures are supported, and
are covered by the ephemeral key signature.

When signing (with starsign(1)), the start time, durations, signing
host's public ssh host key, and the data to be signed are all covered
by the signature.  The default key type is ssh.  PGP keys can be
specified at signing time.  Care should be taken that the relevant
public key is available on the remote host where the data will be
verified; although, if the key is not available, the data can always
be retrieved by using tar(1), the only difference being that the trust
has not been verified.

When verifying (with starverify(1)), firstly, the signature on the
public part of the ephemeral key is verified, and then the ephemeral
key's signature on the data and metadata is verified. Finally, the
start time and duration are verified.

starcat(1) can be used to sign or verify in a pipe.

starinfo(1) displays signature information on the signed data and
metadata in the archive.

In action:

        % cp /usr/pkgsrc/packages/All/digest-20121220.tgz .

Signing data:

        % starsign -t pgp -u agc%pkgsrc.org@localhost digest-20121220.tgz
        Creating signed archive for digest-20121220.tgz
        Generating ephemeral key
        Generating public/private rsa key pair.
        Your identification has been saved in starsign-ephemeral-key.
        Your public key has been saved in starsign-ephemeral-key.pub.
        The key fingerprint is:
        5c:0a:02:a5:71:bb:ee:12:d5:df:46:21:93:f5:20:b7 
agc%netbsd-001.cupertino.alistaircrooks.com@localhost
        The key's randomart image is:
        +--[ RSA 4096]----+
        |  o.o   .o+      |
        |   = .  +o.+     |
        |  . o..  oE..    |
        |    .o.o o.      |
        |   ..  .So       |
        |  ..    . o      |
        |   ..    .       |
        |  ..             |
        |   ..            |
        +-----------------+
        Signing ephemeral key to add trust
        signature  2048/RSA (Encrypt or Sign) 1b68dcfcc0596823 2004-01-12
        Key fingerprint: d415 9deb 336d e4cc cdfa 00cd 1b68 dcfc c059 6823
        uid              Alistair Crooks <alistair%hockley-crooks.com@localhost>
        uid              Alistair Crooks <agc%pkgsrc.org@localhost>
        uid              Alistair Crooks <agc%netbsd.org@localhost>
        uid              Alistair Crooks <agc%alistaircrooks.com@localhost>
        uid              Alistair Crooks (Yahoo!) 
<agcrooks%yahoo-inc.com@localhost>
        uid              Alistair Crooks <agc%netflix.com@localhost>
        encryption 2048/RSA (Encrypt or Sign) 79deb61e488eee74 2004-01-12
        netpgp passphrase:
        signature  4096/RSA (Encrypt or Sign) cdbe2fcf04983a76 1970-01-01
        Key fingerprint: 835c 67c3 f7a9 dd10 5a26 d009 cdbe 2fcf 0498 3a76
        uid              netbsd-001.cupertino.alistaircrooks.com 
(starsign-ephemeral-key.pub) 
<agc%netbsd-001.cupertino.alistaircrooks.com@localhost>
        % ls -al digest-20121220.tgz.star
        -rw-r--r--   1 agc  users   43356 Apr  1 20:45 digest-20121220.tgz.star
        % tar tvzf digest-20121220.tgz.star
        -rw-r--r--  1 agc      wheel      41192 Apr  1 20:45 signed.tar.gz
        -rw-------  1 agc      wheel        549 Apr  1 20:45 signed.tar.gz.sig
        -rw-r--r--  1 agc      wheel        769 Apr  1 20:45 
starsign-ephemeral-key.pub
        -rw-------  1 agc      wheel        293 Apr  1 20:45 
starsign-ephemeral-key.pub.sig
        -rw-r--r--  1 agc      wheel          3 Apr  1 20:45 keytype
        -rw-r--r--  1 agc      wheel         14 Apr  1 20:45 userid
        -rw-r--r--  1 agc      wheel         28 Apr  1 20:45 secring
        tar: ustar vol 1, 7 files, 51200 bytes read, 0 bytes written in 1 secs 
(51200 bytes/sec)

Display information on the star file:

        % starinfo digest-20121220.tgz.star
        Verifying signed archive: digest-20121220.tgz.star
        Key type: pgp
        User id: agc%pkgsrc.org@localhost
        =========
        Verifying signature on ephemeral key
        Good signature for starsign-ephemeral-key.pub.sig made Tue Apr  1 
20:45:48 2014
        signature     2048/RSA (Encrypt or Sign) 1b68dcfcc0596823 2004-01-12
        fingerprint   d415 9deb 336d e4cc cdfa 00cd 1b68 dcfc c059 6823
        uid           Alistair Crooks <agc%alistaircrooks.com@localhost>
        uid           Alistair Crooks <alistair%hockley-crooks.com@localhost>
        uid           Alistair Crooks <agc%pkgsrc.org@localhost>
        uid           Alistair Crooks <agc%netbsd.org@localhost>
        uid           Alistair Crooks (Yahoo!) 
<agcrooks%yahoo-inc.com@localhost>
        uid           Alistair Crooks <agc%netflix.com@localhost>
        Signature on ephemeral key is good
        =========
        Verifying ephemeral key signature on 
/home/agc/local/starsign-20140307/digest-20121220.tgz.star
        Good signature for signed.tar.gz.sig made Tue Apr  1 20:45:48 2014
        signature     4096/RSA (Encrypt or Sign) cdbe2fcf04983a76 1970-01-01
        fingerprint   835c 67c3 f7a9 dd10 5a26 d009 cdbe 2fcf 0498 3a76
        uid           netbsd-001.cupertino.alistaircrooks.com 
(starsign-ephemeral-key.pub) 
<agc%netbsd-001.cupertino.alistaircrooks.com@localhost>
        Ephemeral key signature on data is good
        =========
        Signing host: NetBSD netbsd-001.cupertino.alistaircrooks.com 6.99.25 
NetBSD 6.99.25 (GENERIC) #1: Sun Nov  3 09:43:40 PST 2013  
agc@build2:/disk/1/jails/2/build/src/obj/amd64/disk/1/jails/2/src/sys/arch/amd64/compile/GENERIC
 amd64
        Host pubkey:  ssh-rsa 
AAAAB3NzaC1yc2EAAAADAQABAAABAQCc01Oitk7SBQxu7RCm2G5rpo7cebIJQgYBRkBpwb1a3Oiyz5RmyWZ3AL/Etd01dVt0ZXc+YSV9n04ylPEoFZjlEudEtD8t1LYYSCtWubfB4x3Y6NPbAttq3DfDgI3OzavUypPOKkk3I10UIiwgdbCQDINhDQ/+iZfz9WFRCiHAXGyIUEdJ09w+BaRecd0F9JZISueJsJvYofmSP62g4MjFcbbQUM3ag1IuJ5yELJn5MB9KhLpnvS+yn2tkr3Ufisj6XkIxwOjrzae+8n+fNX0c7WhK7Y10S66Wy9BOVVKYDk50JcDmOiVz/ZTAPYIH+aTDFuHC5hqgUvvJtiBc8Wqr
 root@
        Host secring: /home/agc/.gnupg/secring.gpg
        =========
        Signed On:    Tue Apr  1 20:45:41 PDT 2014
        Valid From:   Tue Apr  1 20:45:41 PDT 2014
        Valid To:     Sun Mar 31 20:45:41 PDT 2019
        Time now:     Tue Apr  1 20:46:29 PDT 2014
        =========
        -rw-r--r--  1 agc  wheel  40794 Apr  1 20:45 signed/data -> 
digest-20121220.tgz

verifying the signed data (i.e. recover the data if the signature is good):

        % starverify digest-20121220.tgz.star 
        Verifying signed archive: digest-20121220.tgz.star
        Verifying signature on ephemeral key
        Good signature for starsign-ephemeral-key.pub.sig made Tue Apr  1 
20:45:48 2014
        signature     2048/RSA (Encrypt or Sign) 1b68dcfcc0596823 2004-01-12
        fingerprint   d415 9deb 336d e4cc cdfa 00cd 1b68 dcfc c059 6823
        uid           Alistair Crooks <agc%alistaircrooks.com@localhost>
        uid           Alistair Crooks <alistair%hockley-crooks.com@localhost>
        uid           Alistair Crooks <agc%pkgsrc.org@localhost>
        uid           Alistair Crooks <agc%netbsd.org@localhost>
        uid           Alistair Crooks (Yahoo!) 
<agcrooks%yahoo-inc.com@localhost>
        uid           Alistair Crooks <agc%netflix.com@localhost>
        Verifying ephemeral key signature on digest-20121220.tgz.star
        Good signature for signed.tar.gz.sig made Tue Apr  1 20:45:48 2014
        signature     4096/RSA (Encrypt or Sign) cdbe2fcf04983a76 1970-01-01
        fingerprint   835c 67c3 f7a9 dd10 5a26 d009 cdbe 2fcf 0498 3a76
        uid           netbsd-001.cupertino.alistaircrooks.com 
(starsign-ephemeral-key.pub) 
<agc%netbsd-001.cupertino.alistaircrooks.com@localhost>

strcat can be used as part of a pipe, to sign or to verify:

        % cat gmake-4.0.tgz | starcat -s | starcat | tar tvzf -
        === testing ssh key starcat
        Creating signed archive for /tmp/starcat.024172aa/archive.tgz.025609aa
        Generating ephemeral key
        Generating public/private rsa key pair.
        Your identification has been saved in starsign-ephemeral-key.
        Your public key has been saved in starsign-ephemeral-key.pub.
        The key fingerprint is:
        6f:21:54:46:ab:d8:03:2f:61:aa:b7:91:da:22:31:db 
agc%netbsd-001.cupertino.alistaircrooks.com@localhost
        The key's randomart image is:
        +--[ RSA 4096]----+
        |         .+      |
        |         o .     |
        |      + . .      |
        |     o B .       |
        |    . o S .      |
        |o  . . . + .     |
        | =. +     o      |
        |o E+ o   .       |
        | ...o            |
        +-----------------+
        Signing ephemeral key to add trust
        Enter PEM pass phrase:
        signature  2048/RSA (Encrypt or Sign) ac3adb7b3bc92fa9 1970-01-01
        Key fingerprint: 5349 6b80 620a 8f54 4abf 7b89 ac3a db7b 3bc9 2fa9
        uid              netbsd-001.cupertino.alistaircrooks.com 
(/home/agc/.ssh/id_rsa.pub) <agc%vc39.vc.panix.com@localhost>
        signature  4096/RSA (Encrypt or Sign) 418e41e0662bba18 1970-01-01
        Key fingerprint: d210 8d4b 9e34 65d1 59bc e9a1 418e 41e0 662b ba18
        uid              netbsd-001.cupertino.alistaircrooks.com 
(starsign-ephemeral-key.pub) 
<agc%netbsd-001.cupertino.alistaircrooks.com@localhost>
        Verifying signed archive:
        Verifying signature on ephemeral key
        Good signature for starsign-ephemeral-key.pub.sig made Tue Apr  1 
20:46:22 2014
        signature     2048/RSA (Encrypt or Sign) ac3adb7b3bc92fa9 1970-01-01
        fingerprint   5349 6b80 620a 8f54 4abf 7b89 ac3a db7b 3bc9 2fa9
        uid           netbsd-001.cupertino.alistaircrooks.com 
(/home/agc/.ssh/id_rsa.pub) <agc%vc39.vc.panix.com@localhost>
        Verifying ephemeral key signature on [stdin]
        Good signature for signed.tar.gz.sig made Tue Apr  1 20:46:22 2014
        signature     4096/RSA (Encrypt or Sign) 418e41e0662bba18 1970-01-01
        fingerprint   d210 8d4b 9e34 65d1 59bc e9a1 418e 41e0 662b ba18
        uid           netbsd-001.cupertino.alistaircrooks.com 
(starsign-ephemeral-key.pub) 
<agc%netbsd-001.cupertino.alistaircrooks.com@localhost>
        -rw-r--r--  1 root     wheel       2880 Nov  8 09:40 +CONTENTS
        -r--r--r--  1 root     wheel         30 Nov  8 09:40 +COMMENT
        -r--r--r--  1 root     wheel        520 Nov  8 09:40 +DESC
        -rwxr-xr-x  1 root     wheel       7958 Nov  8 09:40 +INSTALL
        -rwxr-xr-x  1 root     wheel       4076 Nov  8 09:40 +DEINSTALL
        -rw-r--r--  1 root     wheel        563 Nov  8 09:40 +BUILD_VERSION
        -rw-r--r--  1 root     wheel       3198 Nov  8 09:40 +BUILD_INFO
        -rw-r--r--  1 root     wheel          8 Nov  8 09:40 +SIZE_PKG
        -rw-r--r--  1 root     wheel          8 Nov  8 09:40 +SIZE_ALL
        -rwxr-xr-x  1 root     wheel     204240 Nov  8 09:40 bin/gmake
        lrwxr-xr-x  1 root     wheel          0 Nov  8 09:40 gnu/bin/make -> 
/usr/pkg/bin/gmake
        lrwxr-xr-x  1 root     wheel          0 Nov  8 09:40 
gnu/man/man1/make.1 -> /usr/pkg/man/man1/gmake.1
        -rw-r--r--  1 root     wheel       2907 Nov  8 09:40 include/gnumake.h
        -rw-r--r--  1 root     wheel       5978 Nov  8 09:40 info/make.info
        -rw-r--r--  1 root     wheel     291887 Nov  8 09:40 info/make.info-1
        -rw-r--r--  1 root     wheel     298299 Nov  8 09:40 info/make.info-2
        -rw-r--r--  1 root     wheel      10997 Nov  8 09:40 man/man1/gmake.1
        -rw-r--r--  1 root     wheel       7574 Nov  8 09:40 
share/locale/be/LC_MESSAGES/make.mo
        -rw-r--r--  1 root     wheel      46061 Nov  8 09:40 
share/locale/cs/LC_MESSAGES/make.mo
        -rw-r--r--  1 root     wheel      25052 Nov  8 09:40 
share/locale/da/LC_MESSAGES/make.mo
        -rw-r--r--  1 root     wheel      15562 Nov  8 09:40 
share/locale/de/LC_MESSAGES/make.mo
        -rw-r--r--  1 root     wheel      26931 Nov  8 09:40 
share/locale/es/LC_MESSAGES/make.mo
        -rw-r--r--  1 root     wheel      20417 Nov  8 09:40 
share/locale/fi/LC_MESSAGES/make.mo
        -rw-r--r--  1 root     wheel      26484 Nov  8 09:40 
share/locale/fr/LC_MESSAGES/make.mo
        -rw-r--r--  1 root     wheel      20848 Nov  8 09:40 
share/locale/ga/LC_MESSAGES/make.mo
        -rw-r--r--  1 root     wheel      23719 Nov  8 09:40 
share/locale/gl/LC_MESSAGES/make.mo
        -rw-r--r--  1 root     wheel      11862 Nov  8 09:40 
share/locale/he/LC_MESSAGES/make.mo
        -rw-r--r--  1 root     wheel      26062 Nov  8 09:40 
share/locale/hr/LC_MESSAGES/make.mo
        -rw-r--r--  1 root     wheel      20627 Nov  8 09:40 
share/locale/id/LC_MESSAGES/make.mo
        -rw-r--r--  1 root     wheel      45617 Nov  8 09:40 
share/locale/it/LC_MESSAGES/make.mo
        -rw-r--r--  1 root     wheel      25372 Nov  8 09:40 
share/locale/ja/LC_MESSAGES/make.mo
        -rw-r--r--  1 root     wheel      11938 Nov  8 09:40 
share/locale/ko/LC_MESSAGES/make.mo
        -rw-r--r--  1 root     wheel       7754 Nov  8 09:40 
share/locale/lt/LC_MESSAGES/make.mo
        -rw-r--r--  1 root     wheel      44804 Nov  8 09:40 
share/locale/nl/LC_MESSAGES/make.mo
        -rw-r--r--  1 root     wheel      44940 Nov  8 09:40 
share/locale/pl/LC_MESSAGES/make.mo
        -rw-r--r--  1 root     wheel      25786 Nov  8 09:40 
share/locale/pt_BR/LC_MESSAGES/make.mo
        -rw-r--r--  1 root     wheel      57185 Nov  8 09:40 
share/locale/ru/LC_MESSAGES/make.mo
        -rw-r--r--  1 root     wheel      43854 Nov  8 09:40 
share/locale/sv/LC_MESSAGES/make.mo
        -rw-r--r--  1 root     wheel      21193 Nov  8 09:40 
share/locale/tr/LC_MESSAGES/make.mo
        -rw-r--r--  1 root     wheel      56603 Nov  8 09:40 
share/locale/uk/LC_MESSAGES/make.mo
        -rw-r--r--  1 root     wheel      47627 Nov  8 09:40 
share/locale/vi/LC_MESSAGES/make.mo
        -rw-r--r--  1 root     wheel      19609 Nov  8 09:40 
share/locale/zh_CN/LC_MESSAGES/make.mo
        tar: ustar vol 1, 42 files, 1597440 bytes read, 0 bytes written in 18 
secs (88746 bytes/sec)

        %

Status:

Vendor Tag:     CROOKS
Release Tags:   starsign-base
                
N othersrc/external/bsd/starsign/Makefile
N othersrc/external/bsd/starsign/bin/Makefile
N othersrc/external/bsd/starsign/dist/starsign.1
N othersrc/external/bsd/starsign/dist/tst
N othersrc/external/bsd/starsign/dist/Makefile
N othersrc/external/bsd/starsign/dist/starcat.sh
N othersrc/external/bsd/starsign/dist/starsign.sh
N othersrc/external/bsd/starsign/dist/starverify.sh
N othersrc/external/bsd/starsign/dist/itst
N othersrc/external/bsd/starsign/dist/starinfo.sh

No conflicts created by this import




Home | Main Index | Thread Index | Old Index