signify -z adds a date= line to the header, but nothing reads it. It's also
not very useful, since it's outside the signature. It would still not be
useful, because nothing about the signify design cares about when something
was signed. It does cause trouble, however, because signing the same thing
twice results in two different files. Normal signify operation produces
consistent signatures.
Index: zsig.c
===================================================================
RCS file: /cvs/src/usr.bin/signify/zsig.c,v
retrieving revision 1.15
diff -u -p -r1.15 zsig.c
--- zsig.c 11 Jul 2017 23:52:05 -0000 1.15
+++ zsig.c 23 Feb 2019 22:55:59 -0000
@@ -242,8 +242,6 @@ zsign(const char *seckeyfile, const char
char *p;
uint8_t *buffer;
uint8_t *sighdr;
- char date[80];
- time_t clock;
fdin = xopen(msgfile, O_RDONLY, 0);
if (fstat(fdin, &sb) == -1 || !S_ISREG(sb.st_mode))
@@ -261,14 +259,11 @@ zsign(const char *seckeyfile, const char
msg = xmalloc(space);
buffer = xmalloc(bufsize);
- time(&clock);
- strftime(date, sizeof date, "%Y-%m-%dT%H:%M:%SZ", gmtime(&clock));
snprintf(msg, space,
- "date=%s\n"
"key=%s\n"
"algorithm=SHA512/256\n"
"blocksize=%zu\n\n",
- date, seckeyfile, bufsize);
+ seckeyfile, bufsize);
p = strchr(msg, 0);
while (1) {
