Changes from previous version: Add the ability for netpgpverify to verify ssh-pub-key-based signatures. It is much more likely for ssh (rather than pgp) keys to be available, and used, as a source of authentication data. These changes add the ability for netpgpverify(1) -- the standalone, zero-prereq utility - to verify signatures made by netpgp when using ssh keys. Running the regression tests in WRKDIR gives the following output: % mk -f *.bsd tst ./netpgpverify -k pubring.gpg NetBSD-6.0_RC1_hashes.asc Good signature for NetBSD-6.0_RC1_hashes.asc made Thu Aug 23 11:47:50 2012 signature 4096/RSA (Encrypt or Sign) 064973ac4c4a706e 2009-06-23 fingerprint ddee 2bdb 9c98 a0d1 d4fb dbf7 0649 73ac 4c4a 706e uid NetBSD Security Officer <security-officer@NetBSD.org> ./netpgpverify -k pubring.gpg NetBSD-6.0_RC1_hashes.gpg Good signature for NetBSD-6.0_RC1_hashes.gpg made Thu Mar 14 13:32:59 2013 signature 4096/RSA (Encrypt or Sign) 064973ac4c4a706e 2009-06-23 fingerprint ddee 2bdb 9c98 a0d1 d4fb dbf7 0649 73ac 4c4a 706e uid NetBSD Security Officer <security-officer@NetBSD.org> ./netpgpverify -v netpgpverify portable 20140202 ./netpgpverify -S sshtest-20140202.pub data.gpg Good signature for data.gpg made Mon Feb 3 17:54:21 2014 signature 4096/RSA (Encrypt or Sign) 4d129225945bbb8f 1970-01-01 fingerprint 874b 75de d6a3 341f 2d5a 2219 4d12 9225 945b bb8f uid netbsd-001.cupertino.alistaircrooks.com (sshtest-20140202.pub) <agc@netbsd-001.cupertino.alistaircrooks.com> ./netpgpverify -S sshtest-20140202.pub data.sig Good signature for data.sig made Sun Feb 2 21:45:05 2014 signature 4096/RSA (Encrypt or Sign) 4d129225945bbb8f 1970-01-01 fingerprint 874b 75de d6a3 341f 2d5a 2219 4d12 9225 945b bb8f uid netbsd-001.cupertino.alistaircrooks.com (sshtest-20140202.pub) <agc@netbsd-001.cupertino.alistaircrooks.com> expected failure, to check bad signatures fail to verify sed -e 's|A|B|' data.gpg | ./netpgpverify -S sshtest-20140202.pub Signature did not match contents -- Signature on data did not match *** Error code 1 (ignored) % A new HOWTO file is provided in the sources (files/HOWTO) to show how to sign data using ssh keys and netpgp(1).
1 line
769 B
Text
1 line
769 B
Text
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC9GQFh9ZovYFZ+alATAZX9un7IlwstYzvFRjsuu0vhOrdh5WyU9fIyWQL9ZTIv8JTIDx9DfPnqb5LuFmpe2l5ZtgZDo7un8EV4xx5knph2GZJMMokLs64XhWc2pgbkterCV6cUR7gtO3v281JkSQFyyG5Gz3EWnq+tCub4ulMcqhcqX9Q+x/Ury4Bahz+Y9MyrIh0nHppRdDR/DAWj+3wTjtTAthCTcEViVj1HRx61UBcIKi1OZzleeYolHpgpQDrQWBTi+T7HkiBKm42gy+6EM9ptoClAsfDXf0R+a6XOzMGlXi4SWdcHDkJ1D9E/2be91p+NueUrcPGDFtTd5G9QUhuSN27mqLptuXGpJ5/Uxv8HDY6p7AU0ybdlDXtXceoCZgYEHAHZ6H9ypGUJFxh68DZvIzrV1MzRe3m8HNvE1ZbpZ4mYP6hg/6CVhFGYri4l54o4VJaoOFtKPoR9gf5QW7SJXjITEoZ5UoFPCF+l5y66xXvdrBheLC1Ko/XZSNGhOlh9dseW+l4yHIHDSgpaN5neSjgouFXOOgtPxulJshJojwaJUFYJywxmaZn8+QYMD47w16S1nlP3OW1aWxe58dVDnHYGJ8rAasiCHUlLfxR2DAhBUVP/r2nlxyv9o+5MgBDHvtfNHNN0R5aW7LZyjBkXl+70dDk7338yLrVzuQ== agc@netbsd-001.cupertino.alistaircrooks.com
|