redo signfify options
I misinterpreted Theo's comments about the option letters before.
Revert to lowercase for most options, and change the verb option into
three distinct uppercase options, -G -S and -V.
Sorry Marc...
Index: signify.1
===
RCS file: /cvs/src/usr.bin/signify/signify.1,v
retrieving revision 1.5
diff -u -p -r1.5 signify.1
--- signify.1 31 Dec 2013 18:18:36 - 1.5
+++ signify.1 1 Jan 2014 15:00:28 -
@@ -22,47 +22,56 @@
.Nd cryptographically sign and verify files
.Sh SYNOPSIS
.Nm signify
-.Op Fl N
-.Op Fl I Ar input
-.Op Fl O Ar output
-.Op Fl P Ar pubkey
-.Op Fl S Ar seckey
-.Fl V Ar generate | sign | verify
+.Op Fl n
+.Op Fl i Ar input
+.Op Fl o Ar output
+.Op Fl p Ar pubkey
+.Op Fl s Ar seckey
+.Fl G
+.Fl S
+.Fl V
.Sh DESCRIPTION
The
.Nm
utility creates and verifies cryptographic signatures.
The mode of operation is selected by the
+.Fl G ,
+.Fl S ,
+or
.Fl V
option.
.Pp
The options are as follows:
.Bl -tag -width Ds
-.It Fl I Ar input
+.It Fl G
+Generate a new keypair.
+.It Fl S
+Sign the input file.
+.It Fl V
+Verify the input file and signature match.
+.It Fl i Ar input
Input file to sign or verify.
-.It Fl N
+.It Fl n
Do not ask for a passphrase during key generation.
Otherwise,
.Nm
will prompt the user for a passphrase on the terminal.
-.It Fl O Ar output
+.It Fl o Ar output
The signature file to create or verify.
The default is
.Ar input Ns .sig .
-.It Fl P Ar pubkey
+.It Fl p Ar pubkey
Public key produced by
.Ar generate ,
and used by
.Ar verify
to check a signature.
-.It Fl S Ar seckey
+.It Fl s Ar seckey
Secret (private) key produced by
.Ar generate ,
and used by
.Ar sign
to sign a message.
-.It Fl V Ar generate | sign | verify
-Select the desired operation.
.El
.Pp
The key and signature files created by
@@ -87,13 +96,13 @@ The message file is too large.
.El
.Sh EXAMPLES
Create a new keypair:
-.Dl $ signify -P newkey.pub -S newkey.sec -V generate
+.Dl $ signify -p newkey.pub -s newkey.sec -G
.Pp
Sign a file, specifying a signature name:
-.Dl $ signify -S key.sec -I message.txt -O msg.sig -V sign
+.Dl $ signify -s key.sec -i message.txt -o msg.sig -S
.Pp
Verify a signature, using the default signature name:
-.Dl $ signify -P key.pub -I generalsorders.txt -V verify
+.Dl $ signify -p key.pub -i generalsorders.txt -V
.Sh SEE ALSO
.Xr cmp 1 ,
.Xr sha256 1 ,
Index: signify.c
===
RCS file: /cvs/src/usr.bin/signify/signify.c,v
retrieving revision 1.5
diff -u -p -r1.5 signify.c
--- signify.c 31 Dec 2013 17:33:17 - 1.5
+++ signify.c 1 Jan 2014 15:00:28 -
@@ -64,8 +64,8 @@ extern char *__progname;
static void
usage(void)
{
- fprintf(stderr, usage: %s [-N] [-I input] [-O output] [-P pubkey] [-S
seckey]
- -V generate | sign | verify\n, __progname);
+ fprintf(stderr, usage: %s [-n] [-i input] [-o output] [-p pubkey] [-s
seckey]
+ -G | -S | -V\n, __progname);
exit(1);
}
@@ -316,41 +316,59 @@ verify(const char *pubkeyfile, const cha
int
main(int argc, char **argv)
{
- const char *verb = NULL;
const char *pubkeyfile = NULL, *seckeyfile = NULL, *inputfile = NULL,
*sigfile = NULL;
char sigfilebuf[1024];
int ch, rounds;
+ enum {
+ NONE,
+ GENERATE,
+ SIGN,
+ VERIFY
+ } verb = NONE;
+
rounds = 42;
- while ((ch = getopt(argc, argv, I:NO:P:S:V:)) != -1) {
+ while ((ch = getopt(argc, argv, GSVi:no:p:s:)) != -1) {
switch (ch) {
- case 'I':
+ case 'G':
+ if (verb)
+ usage();
+ verb = GENERATE;
+ break;
+ case 'S':
+ if (verb)
+ usage();
+ verb = SIGN;
+ break;
+ case 'V':
+ if (verb)
+ usage();
+ verb = VERIFY;
+ break;
+ case 'i':
inputfile = optarg;
break;
- case 'N':
+ case 'n':
rounds = 0;
break;
- case 'O':
+ case 'o':
sigfile = optarg;
break;
- case 'P':
+ case 'p':
pubkeyfile = optarg;
break;
- case 'S':
+ case 's':
seckeyfile = optarg;
break;
- case 'V':
- verb = optarg;
- break;
default:
usage();
Re: redo signfify options
Something like this for the program itself:
Index: signify.c
===
RCS file: /build/data/openbsd/cvs/src/usr.bin/signify/signify.c,v
retrieving revision 1.5
diff -u -p -r1.5 signify.c
--- signify.c 31 Dec 2013 17:33:17 - 1.5
+++ signify.c 1 Jan 2014 15:50:11 -
@@ -64,8 +64,8 @@ extern char *__progname;
static void
usage(void)
{
- fprintf(stderr, usage: %s [-N] [-I input] [-O output] [-P pubkey] [-S
seckey]
- -V generate | sign | verify\n, __progname);
+ fprintf(stderr, usage: %s -G | -S | -V [-n] [-o output]
+ [-p pubkey] [-s seckey] [file...]\n, __progname);
exit(1);
}
@@ -316,64 +316,91 @@ verify(const char *pubkeyfile, const cha
int
main(int argc, char **argv)
{
- const char *verb = NULL;
- const char *pubkeyfile = NULL, *seckeyfile = NULL, *inputfile = NULL,
- *sigfile = NULL;
- char sigfilebuf[1024];
- int ch, rounds;
+ const char *pubkeyfile = NULL, *seckeyfile = NULL,
+ *sigfilefmt = %s.sig;
+ int ch, rounds, needfmt, i;
+ enum {
+ NONE,
+ GENERATE,
+ SIGN,
+ VERIFY
+ } verb = NONE;
+
rounds = 42;
- while ((ch = getopt(argc, argv, I:NO:P:S:V:)) != -1) {
+ while ((ch = getopt(argc, argv, GSVi:no:p:s:)) != -1) {
switch (ch) {
- case 'I':
- inputfile = optarg;
+ case 'G':
+ if (verb)
+ usage();
+ verb = GENERATE;
+ break;
+ case 'S':
+ if (verb)
+ usage();
+ verb = SIGN;
+ break;
+ case 'V':
+ if (verb)
+ usage();
+ verb = VERIFY;
break;
- case 'N':
+ case 'n':
rounds = 0;
break;
- case 'O':
- sigfile = optarg;
+ case 'o':
+ sigfilefmt = optarg;
break;
- case 'P':
+ case 'p':
pubkeyfile = optarg;
break;
- case 'S':
+ case 's':
seckeyfile = optarg;
break;
- case 'V':
- verb = optarg;
- break;
default:
usage();
break;
}
}
argc -= optind;
- if (argc != 0 || verb == NULL)
- usage();
-
- if (inputfile !sigfile) {
- if (snprintf(sigfilebuf, sizeof(sigfilebuf), %s.sig,
- inputfile) = sizeof(sigfilebuf))
- errx(1, path too long);
- sigfile = sigfilebuf;
- }
- if (streq(verb, generate)) {
- if (!pubkeyfile || !seckeyfile)
+ if (verb == GENERATE) {
+ if (argc != 0 || !pubkeyfile || !seckeyfile)
usage();
generate(pubkeyfile, seckeyfile, rounds);
- } else if (streq(verb, sign)) {
- if (!seckeyfile || !inputfile)
- usage();
- sign(seckeyfile, inputfile, sigfile);
- } else if (streq(verb, verify)) {
- if (!pubkeyfile || !inputfile)
- usage();
- verify(pubkeyfile, inputfile, sigfile);
- } else {
+ } else if (verb == NONE || argc == 0) {
usage();
+ }
+
+ needfmt = strstr(sigfilefmt, %s) != NULL;
+
+ if (!needfmt argc != 1) {
+ errx(1, -o file for several inputs);
+ }
+
+ for (i = 0; i != argc; i++) {
+ char sigfilebuf[1024];
+ const char *inputfile = argv[i];
+ const char *sigfile = NULL;
+
+ if (needfmt) {
+ if (snprintf(sigfilebuf, sizeof(sigfilebuf),
+ sigfilefmt, inputfile) = sizeof(sigfilebuf))
+ errx(1, path too long);
+ sigfile = sigfilebuf;
+ } else {
+ sigfile = sigfilefmt;
+ }
+ if (verb == SIGN) {
+ if (!seckeyfile)
+ usage();
+ sign(seckeyfile, inputfile, sigfile);
+ } else if (verb == VERIFY) {
+ if (!pubkeyfile || !inputfile)
+ usage();
+ verify(pubkeyfile, inputfile, sigfile);
+ }
}
return 0;
}
Re: redo signfify options
On Wed, Jan 01, 2014 at 16:25, Marc Espie wrote: Now that you're fixing it, I think you've still got it wrong. Instead of signify -V -p pubkey -i input you want to be able to do signify -V -p pubkey input ... e.g., at this point, input would not need to be an option, so that you can verify several files in one go. we can do that too if we need batch verification, but I left it out of this commit.
Re: redo signfify options
On Wed, Jan 01, 2014 at 12:53:09PM -0500, Ted Unangst wrote: On Wed, Jan 01, 2014 at 16:25, Marc Espie wrote: Now that you're fixing it, I think you've still got it wrong. Instead of signify -V -p pubkey -i input you want to be able to do signify -V -p pubkey input ... e.g., at this point, input would not need to be an option, so that you can verify several files in one go. we can do that too if we need batch verification, but I left it out of this commit. Well, at least make input not an option but an actual parameter. Otherwise, you have a command with no parms. And considering the command name, it makes little sense. As the name says, that command is used to sign or verify a file. The *object* of that command is the file. It's not an option !
