Module Name: othersrc
Committed By: agc
Date: Wed Apr 2 04:03:33 UTC 2014
Update of /cvsroot/othersrc/external/bsd/starsign
In directory ivanova.netbsd.org:/tmp/cvs-serv619
Log Message:
Initial import of starsign into othersrc/external/bsd/starsign
The starsign suite of scripts allows (ssh and pgp) signatures to be
made on files and data. The user's signatures provide trust for the
public part of an ephemeral key; the private part is thrown away after
signing the data. A signed tar (or "star") archive is produced when
signing. Start times and durations of signatures are supported, and
are covered by the ephemeral key signature.
When signing (with starsign(1)), the start time, durations, signing
host's public ssh host key, and the data to be signed are all covered
by the signature. The default key type is ssh. PGP keys can be
specified at signing time. Care should be taken that the relevant
public key is available on the remote host where the data will be
verified; although, if the key is not available, the data can always
be retrieved by using tar(1), the only difference being that the trust
has not been verified.
When verifying (with starverify(1)), firstly, the signature on the
public part of the ephemeral key is verified, and then the ephemeral
key's signature on the data and metadata is verified. Finally, the
start time and duration are verified.
starcat(1) can be used to sign or verify in a pipe.
starinfo(1) displays signature information on the signed data and
metadata in the archive.
In action:
% cp /usr/pkgsrc/packages/All/digest-20121220.tgz .
Signing data:
% starsign -t pgp -u a...@pkgsrc.org digest-20121220.tgz
Creating signed archive for digest-20121220.tgz
Generating ephemeral key
Generating public/private rsa key pair.
Your identification has been saved in starsign-ephemeral-key.
Your public key has been saved in starsign-ephemeral-key.pub.
The key fingerprint is:
5c:0a:02:a5:71:bb:ee:12:d5:df:46:21:93:f5:20:b7
a...@netbsd-001.cupertino.alistaircrooks.com
The key's randomart image is:
+--[ RSA 4096]----+
| o.o .o+ |
| = . +o.+ |
| . o.. oE.. |
| .o.o o. |
| .. .So |
| .. . o |
| .. . |
| .. |
| .. |
+-----------------+
Signing ephemeral key to add trust
signature 2048/RSA (Encrypt or Sign) 1b68dcfcc0596823 2004-01-12
Key fingerprint: d415 9deb 336d e4cc cdfa 00cd 1b68 dcfc c059 6823
uid Alistair Crooks <alist...@hockley-crooks.com>
uid Alistair Crooks <a...@pkgsrc.org>
uid Alistair Crooks <a...@netbsd.org>
uid Alistair Crooks <a...@alistaircrooks.com>
uid Alistair Crooks (Yahoo!) <agcro...@yahoo-inc.com>
uid Alistair Crooks <a...@netflix.com>
encryption 2048/RSA (Encrypt or Sign) 79deb61e488eee74 2004-01-12
netpgp passphrase:
signature 4096/RSA (Encrypt or Sign) cdbe2fcf04983a76 1970-01-01
Key fingerprint: 835c 67c3 f7a9 dd10 5a26 d009 cdbe 2fcf 0498 3a76
uid netbsd-001.cupertino.alistaircrooks.com
(starsign-ephemeral-key.pub) <a...@netbsd-001.cupertino.alistaircrooks.com>
% ls -al digest-20121220.tgz.star
-rw-r--r-- 1 agc users 43356 Apr 1 20:45 digest-20121220.tgz.star
% tar tvzf digest-20121220.tgz.star
-rw-r--r-- 1 agc wheel 41192 Apr 1 20:45 signed.tar.gz
-rw------- 1 agc wheel 549 Apr 1 20:45 signed.tar.gz.sig
-rw-r--r-- 1 agc wheel 769 Apr 1 20:45
starsign-ephemeral-key.pub
-rw------- 1 agc wheel 293 Apr 1 20:45
starsign-ephemeral-key.pub.sig
-rw-r--r-- 1 agc wheel 3 Apr 1 20:45 keytype
-rw-r--r-- 1 agc wheel 14 Apr 1 20:45 userid
-rw-r--r-- 1 agc wheel 28 Apr 1 20:45 secring
tar: ustar vol 1, 7 files, 51200 bytes read, 0 bytes written in 1 secs
(51200 bytes/sec)
Display information on the star file:
% starinfo digest-20121220.tgz.star
Verifying signed archive: digest-20121220.tgz.star
Key type: pgp
User id: a...@pkgsrc.org
=========
Verifying signature on ephemeral key
Good signature for starsign-ephemeral-key.pub.sig made Tue Apr 1
20:45:48 2014
signature 2048/RSA (Encrypt or Sign) 1b68dcfcc0596823 2004-01-12
fingerprint d415 9deb 336d e4cc cdfa 00cd 1b68 dcfc c059 6823
uid Alistair Crooks <a...@alistaircrooks.com>
uid Alistair Crooks <alist...@hockley-crooks.com>
uid Alistair Crooks <a...@pkgsrc.org>
uid Alistair Crooks <a...@netbsd.org>
uid Alistair Crooks (Yahoo!) <agcro...@yahoo-inc.com>
uid Alistair Crooks <a...@netflix.com>
Signature on ephemeral key is good
=========
Verifying ephemeral key signature on
/home/agc/local/starsign-20140307/digest-20121220.tgz.star
Good signature for signed.tar.gz.sig made Tue Apr 1 20:45:48 2014
signature 4096/RSA (Encrypt or Sign) cdbe2fcf04983a76 1970-01-01
fingerprint 835c 67c3 f7a9 dd10 5a26 d009 cdbe 2fcf 0498 3a76
uid netbsd-001.cupertino.alistaircrooks.com
(starsign-ephemeral-key.pub) <a...@netbsd-001.cupertino.alistaircrooks.com>
Ephemeral key signature on data is good
=========
Signing host: NetBSD netbsd-001.cupertino.alistaircrooks.com 6.99.25
NetBSD 6.99.25 (GENERIC) #1: Sun Nov 3 09:43:40 PST 2013
agc@build2:/disk/1/jails/2/build/src/obj/amd64/disk/1/jails/2/src/sys/arch/amd64/compile/GENERIC
amd64
Host pubkey: ssh-rsa
AAAAB3NzaC1yc2EAAAADAQABAAABAQCc01Oitk7SBQxu7RCm2G5rpo7cebIJQgYBRkBpwb1a3Oiyz5RmyWZ3AL/Etd01dVt0ZXc+YSV9n04ylPEoFZjlEudEtD8t1LYYSCtWubfB4x3Y6NPbAttq3DfDgI3OzavUypPOKkk3I10UIiwgdbCQDINhDQ/+iZfz9WFRCiHAXGyIUEdJ09w+BaRecd0F9JZISueJsJvYofmSP62g4MjFcbbQUM3ag1IuJ5yELJn5MB9KhLpnvS+yn2tkr3Ufisj6XkIxwOjrzae+8n+fNX0c7WhK7Y10S66Wy9BOVVKYDk50JcDmOiVz/ZTAPYIH+aTDFuHC5hqgUvvJtiBc8Wqr
root@
Host secring: /home/agc/.gnupg/secring.gpg
=========
Signed On: Tue Apr 1 20:45:41 PDT 2014
Valid From: Tue Apr 1 20:45:41 PDT 2014
Valid To: Sun Mar 31 20:45:41 PDT 2019
Time now: Tue Apr 1 20:46:29 PDT 2014
=========
-rw-r--r-- 1 agc wheel 40794 Apr 1 20:45 signed/data ->
digest-20121220.tgz
verifying the signed data (i.e. recover the data if the signature is good):
% starverify digest-20121220.tgz.star
Verifying signed archive: digest-20121220.tgz.star
Verifying signature on ephemeral key
Good signature for starsign-ephemeral-key.pub.sig made Tue Apr 1
20:45:48 2014
signature 2048/RSA (Encrypt or Sign) 1b68dcfcc0596823 2004-01-12
fingerprint d415 9deb 336d e4cc cdfa 00cd 1b68 dcfc c059 6823
uid Alistair Crooks <a...@alistaircrooks.com>
uid Alistair Crooks <alist...@hockley-crooks.com>
uid Alistair Crooks <a...@pkgsrc.org>
uid Alistair Crooks <a...@netbsd.org>
uid Alistair Crooks (Yahoo!) <agcro...@yahoo-inc.com>
uid Alistair Crooks <a...@netflix.com>
Verifying ephemeral key signature on digest-20121220.tgz.star
Good signature for signed.tar.gz.sig made Tue Apr 1 20:45:48 2014
signature 4096/RSA (Encrypt or Sign) cdbe2fcf04983a76 1970-01-01
fingerprint 835c 67c3 f7a9 dd10 5a26 d009 cdbe 2fcf 0498 3a76
uid netbsd-001.cupertino.alistaircrooks.com
(starsign-ephemeral-key.pub) <a...@netbsd-001.cupertino.alistaircrooks.com>
strcat can be used as part of a pipe, to sign or to verify:
% cat gmake-4.0.tgz | starcat -s | starcat | tar tvzf -
=== testing ssh key starcat
Creating signed archive for /tmp/starcat.024172aa/archive.tgz.025609aa
Generating ephemeral key
Generating public/private rsa key pair.
Your identification has been saved in starsign-ephemeral-key.
Your public key has been saved in starsign-ephemeral-key.pub.
The key fingerprint is:
6f:21:54:46:ab:d8:03:2f:61:aa:b7:91:da:22:31:db
a...@netbsd-001.cupertino.alistaircrooks.com
The key's randomart image is:
+--[ RSA 4096]----+
| .+ |
| o . |
| + . . |
| o B . |
| . o S . |
|o . . . + . |
| =. + o |
|o E+ o . |
| ...o |
+-----------------+
Signing ephemeral key to add trust
Enter PEM pass phrase:
signature 2048/RSA (Encrypt or Sign) ac3adb7b3bc92fa9 1970-01-01
Key fingerprint: 5349 6b80 620a 8f54 4abf 7b89 ac3a db7b 3bc9 2fa9
uid netbsd-001.cupertino.alistaircrooks.com
(/home/agc/.ssh/id_rsa.pub) <a...@vc39.vc.panix.com>
signature 4096/RSA (Encrypt or Sign) 418e41e0662bba18 1970-01-01
Key fingerprint: d210 8d4b 9e34 65d1 59bc e9a1 418e 41e0 662b ba18
uid netbsd-001.cupertino.alistaircrooks.com
(starsign-ephemeral-key.pub) <a...@netbsd-001.cupertino.alistaircrooks.com>
Verifying signed archive:
Verifying signature on ephemeral key
Good signature for starsign-ephemeral-key.pub.sig made Tue Apr 1
20:46:22 2014
signature 2048/RSA (Encrypt or Sign) ac3adb7b3bc92fa9 1970-01-01
fingerprint 5349 6b80 620a 8f54 4abf 7b89 ac3a db7b 3bc9 2fa9
uid netbsd-001.cupertino.alistaircrooks.com
(/home/agc/.ssh/id_rsa.pub) <a...@vc39.vc.panix.com>
Verifying ephemeral key signature on [stdin]
Good signature for signed.tar.gz.sig made Tue Apr 1 20:46:22 2014
signature 4096/RSA (Encrypt or Sign) 418e41e0662bba18 1970-01-01
fingerprint d210 8d4b 9e34 65d1 59bc e9a1 418e 41e0 662b ba18
uid netbsd-001.cupertino.alistaircrooks.com
(starsign-ephemeral-key.pub) <a...@netbsd-001.cupertino.alistaircrooks.com>
-rw-r--r-- 1 root wheel 2880 Nov 8 09:40 +CONTENTS
-r--r--r-- 1 root wheel 30 Nov 8 09:40 +COMMENT
-r--r--r-- 1 root wheel 520 Nov 8 09:40 +DESC
-rwxr-xr-x 1 root wheel 7958 Nov 8 09:40 +INSTALL
-rwxr-xr-x 1 root wheel 4076 Nov 8 09:40 +DEINSTALL
-rw-r--r-- 1 root wheel 563 Nov 8 09:40 +BUILD_VERSION
-rw-r--r-- 1 root wheel 3198 Nov 8 09:40 +BUILD_INFO
-rw-r--r-- 1 root wheel 8 Nov 8 09:40 +SIZE_PKG
-rw-r--r-- 1 root wheel 8 Nov 8 09:40 +SIZE_ALL
-rwxr-xr-x 1 root wheel 204240 Nov 8 09:40 bin/gmake
lrwxr-xr-x 1 root wheel 0 Nov 8 09:40 gnu/bin/make ->
/usr/pkg/bin/gmake
lrwxr-xr-x 1 root wheel 0 Nov 8 09:40
gnu/man/man1/make.1 -> /usr/pkg/man/man1/gmake.1
-rw-r--r-- 1 root wheel 2907 Nov 8 09:40 include/gnumake.h
-rw-r--r-- 1 root wheel 5978 Nov 8 09:40 info/make.info
-rw-r--r-- 1 root wheel 291887 Nov 8 09:40 info/make.info-1
-rw-r--r-- 1 root wheel 298299 Nov 8 09:40 info/make.info-2
-rw-r--r-- 1 root wheel 10997 Nov 8 09:40 man/man1/gmake.1
-rw-r--r-- 1 root wheel 7574 Nov 8 09:40
share/locale/be/LC_MESSAGES/make.mo
-rw-r--r-- 1 root wheel 46061 Nov 8 09:40
share/locale/cs/LC_MESSAGES/make.mo
-rw-r--r-- 1 root wheel 25052 Nov 8 09:40
share/locale/da/LC_MESSAGES/make.mo
-rw-r--r-- 1 root wheel 15562 Nov 8 09:40
share/locale/de/LC_MESSAGES/make.mo
-rw-r--r-- 1 root wheel 26931 Nov 8 09:40
share/locale/es/LC_MESSAGES/make.mo
-rw-r--r-- 1 root wheel 20417 Nov 8 09:40
share/locale/fi/LC_MESSAGES/make.mo
-rw-r--r-- 1 root wheel 26484 Nov 8 09:40
share/locale/fr/LC_MESSAGES/make.mo
-rw-r--r-- 1 root wheel 20848 Nov 8 09:40
share/locale/ga/LC_MESSAGES/make.mo
-rw-r--r-- 1 root wheel 23719 Nov 8 09:40
share/locale/gl/LC_MESSAGES/make.mo
-rw-r--r-- 1 root wheel 11862 Nov 8 09:40
share/locale/he/LC_MESSAGES/make.mo
-rw-r--r-- 1 root wheel 26062 Nov 8 09:40
share/locale/hr/LC_MESSAGES/make.mo
-rw-r--r-- 1 root wheel 20627 Nov 8 09:40
share/locale/id/LC_MESSAGES/make.mo
-rw-r--r-- 1 root wheel 45617 Nov 8 09:40
share/locale/it/LC_MESSAGES/make.mo
-rw-r--r-- 1 root wheel 25372 Nov 8 09:40
share/locale/ja/LC_MESSAGES/make.mo
-rw-r--r-- 1 root wheel 11938 Nov 8 09:40
share/locale/ko/LC_MESSAGES/make.mo
-rw-r--r-- 1 root wheel 7754 Nov 8 09:40
share/locale/lt/LC_MESSAGES/make.mo
-rw-r--r-- 1 root wheel 44804 Nov 8 09:40
share/locale/nl/LC_MESSAGES/make.mo
-rw-r--r-- 1 root wheel 44940 Nov 8 09:40
share/locale/pl/LC_MESSAGES/make.mo
-rw-r--r-- 1 root wheel 25786 Nov 8 09:40
share/locale/pt_BR/LC_MESSAGES/make.mo
-rw-r--r-- 1 root wheel 57185 Nov 8 09:40
share/locale/ru/LC_MESSAGES/make.mo
-rw-r--r-- 1 root wheel 43854 Nov 8 09:40
share/locale/sv/LC_MESSAGES/make.mo
-rw-r--r-- 1 root wheel 21193 Nov 8 09:40
share/locale/tr/LC_MESSAGES/make.mo
-rw-r--r-- 1 root wheel 56603 Nov 8 09:40
share/locale/uk/LC_MESSAGES/make.mo
-rw-r--r-- 1 root wheel 47627 Nov 8 09:40
share/locale/vi/LC_MESSAGES/make.mo
-rw-r--r-- 1 root wheel 19609 Nov 8 09:40
share/locale/zh_CN/LC_MESSAGES/make.mo
tar: ustar vol 1, 42 files, 1597440 bytes read, 0 bytes written in 18
secs (88746 bytes/sec)
%
Status:
Vendor Tag: CROOKS
Release Tags: starsign-base
N othersrc/external/bsd/starsign/Makefile
N othersrc/external/bsd/starsign/bin/Makefile
N othersrc/external/bsd/starsign/dist/starsign.1
N othersrc/external/bsd/starsign/dist/tst
N othersrc/external/bsd/starsign/dist/Makefile
N othersrc/external/bsd/starsign/dist/starcat.sh
N othersrc/external/bsd/starsign/dist/starsign.sh
N othersrc/external/bsd/starsign/dist/starverify.sh
N othersrc/external/bsd/starsign/dist/itst
N othersrc/external/bsd/starsign/dist/starinfo.sh
No conflicts created by this import
