Re: remove date from signify zsig

Mon, 25 Feb 2019 05:33:31 -0800 

Hi,

I, too, would like to have a way of signing the gzip archive in a
reproducible way, so here's a diff that uses -n, similar to gzip(1).

However, if that's a bad idea, I'm fine with continuing to use an
unsigned gzip archive and creating a sigfile with signify.

Regards
Andre

Index: signify.1
===================================================================
RCS file: /cvs/src/usr.bin/signify/signify.1,v
retrieving revision 1.44
diff -u -p -r1.44 signify.1
--- signify.1   10 Aug 2018 20:27:01 -0000      1.44
+++ signify.1   25 Feb 2019 11:55:57 -0000
@@ -35,7 +35,7 @@
 .Fl s Ar seckey
 .Nm signify
 .Fl S
-.Op Fl ez
+.Op Fl enz
 .Op Fl x Ar sigfile
 .Fl s Ar seckey
 .Fl m Ar message
@@ -91,10 +91,15 @@ When verifying with
 .Fl e ,
 the file to create.
 .It Fl n
-Do not ask for a passphrase during key generation.
+When generating a key pair, do not ask for a passphrase.
 Otherwise,
 .Nm
 will prompt the user for a passphrase to protect the secret key.
+When signing with
+.Fl z ,
+do not store the time stamp in the
+.Xr gzip 1
+header.
 .It Fl p Ar pubkey
 Public key produced by
 .Fl G ,
Index: signify.c
===================================================================
RCS file: /cvs/src/usr.bin/signify/signify.c,v
retrieving revision 1.130
diff -u -p -r1.130 signify.c
--- signify.c   17 Jan 2019 05:40:10 -0000      1.130
+++ signify.c   25 Feb 2019 11:55:57 -0000
@@ -80,7 +80,7 @@ usage(const char *error)
 #ifndef VERIFYONLY
            "\t%1$s -C [-q] -p pubkey -x sigfile [file ...]\n"
            "\t%1$s -G [-n] [-c comment] -p pubkey -s seckey\n"
-           "\t%1$s -S [-ez] [-x sigfile] -s seckey -m message\n"
+           "\t%1$s -S [-enz] [-x sigfile] -s seckey -m message\n"
 #endif
            "\t%1$s -V [-eqz] [-p pubkey] [-t keytype] [-x sigfile] -m 
message\n",
            getprogname());
@@ -878,7 +878,7 @@ main(int argc, char **argv)
                if (gzip) {
                        if (!msgfile || !seckeyfile || !sigfile)
                                usage("must specify message sigfile seckey");
-                       zsign(seckeyfile, msgfile, sigfile);
+                       zsign(seckeyfile, msgfile, sigfile, rounds);
                } else {
                        if (!msgfile || !seckeyfile)
                                usage("must specify message and seckey");
Index: signify.h
===================================================================
RCS file: /cvs/src/usr.bin/signify/signify.h,v
retrieving revision 1.1
diff -u -p -r1.1 signify.h
--- signify.h   2 Sep 2016 16:10:56 -0000       1.1
+++ signify.h   25 Feb 2019 11:55:57 -0000
@@ -19,7 +19,7 @@
 #ifndef signify_h
 #define signify_h
 extern void zverify(const char *, const char *, const char *, const char *);
-extern void zsign(const char *, const char *, const char *);
+extern void zsign(const char *, const char *, const char *, int);
 
 extern void *xmalloc(size_t);
 extern void writeall(int, const void *, size_t, const char *);
Index: zsig.c
===================================================================
RCS file: /cvs/src/usr.bin/signify/zsig.c,v
retrieving revision 1.15
diff -u -p -r1.15 zsig.c
--- zsig.c      11 Jul 2017 23:52:05 -0000      1.15
+++ zsig.c      25 Feb 2019 11:55:57 -0000
@@ -231,7 +231,8 @@ zverify(const char *pubkeyfile, const ch
 }
 
 void
-zsign(const char *seckeyfile, const char *msgfile, const char *sigfile)
+zsign(const char *seckeyfile, const char *msgfile, const char *sigfile,
+    int storedate)
 {
        size_t bufsize = MYBUFSIZE;
        int fdin, fdout;
@@ -242,8 +243,6 @@ zsign(const char *seckeyfile, const char
        char *p;
        uint8_t *buffer;
        uint8_t *sighdr;
-       char date[80];
-       time_t clock;
 
        fdin = xopen(msgfile, O_RDONLY, 0);
        if (fstat(fdin, &sb) == -1 || !S_ISREG(sb.st_mode))
@@ -261,14 +260,24 @@ zsign(const char *seckeyfile, const char
 
        msg = xmalloc(space);
        buffer = xmalloc(bufsize);
-       time(&clock);
-       strftime(date, sizeof date, "%Y-%m-%dT%H:%M:%SZ", gmtime(&clock));
-       snprintf(msg, space,
-           "date=%s\n"
-           "key=%s\n"
-           "algorithm=SHA512/256\n"
-           "blocksize=%zu\n\n",
-           date, seckeyfile, bufsize);
+       if (storedate) {
+               char date[80];
+               time_t clock;
+               time(&clock);
+               strftime(date, sizeof date, "%Y-%m-%dT%H:%M:%SZ",
+                   gmtime(&clock));
+               snprintf(msg, space,
+                   "date=%s\n"
+                   "key=%s\n"
+                   "algorithm=SHA512/256\n"
+                   "blocksize=%zu\n\n",
+                   date, seckeyfile, bufsize);
+       } else
+               snprintf(msg, space,
+                   "key=%s\n"
+                   "algorithm=SHA512/256\n"
+                   "blocksize=%zu\n\n",
+                   seckeyfile, bufsize);
        p = strchr(msg, 0);
 
        while (1) {

Reply via email to