Class: Minisign::PrivateKey

Inherits:
Object
  • Object
show all
Includes:
Utils
Defined in:
lib/minisign/private_key.rb

Overview

The private key used to create signatures

Instance Attribute Summary collapse

Instance Method Summary collapse

Methods included from Utils

#blake2b256, #blake2b512, #derive_key, #xor

Constructor Details

#initialize(str, password = nil) ⇒ PrivateKey

Parse signing information from the minisign private key

Examples:

Minisign::PrivateKey.new(File.read("test/minisign.key"), 'password')

Parameters:

  • str (String)

    The minisign private key

  • password (String) (defaults to: nil)

    The password used to encrypt the private key



15
16
17
18
19
20
21
22
23
24
 
# File 'lib/minisign/private_key.rb', line 15

def initialize(str, password = nil)
  comment, data = str.split("\n")
  @password = password
  decoded = Base64.decode64(data)
  @untrusted_comment = comment.split('untrusted comment: ').last
  @bytes = decoded.bytes
  @kdf_salt, @kdf_opslimit, @kdf_memlimit = scrypt_params(@bytes)
  @key_id, @ed25519_private_key_bytes, @ed25519_public_key_bytes, @checksum = key_data(password, @bytes[54..157])
  assert_valid_key!
end

Instance Attribute Details

#key_idObject (readonly)

Returns the value of attribute key_id.



7
8
9
 
# File 'lib/minisign/private_key.rb', line 7

def key_id
  @key_id
end

Instance Method Details

#change_password!(new_password) ⇒ Object

Change or remove a password

Parameters:

  • new_password (String) 


68
69
70
71
 
# File 'lib/minisign/private_key.rb', line 68

def change_password!(new_password)
  @password = new_password
  @bytes[2..3] = [0, 0] if new_password.nil? # kdf_algorithm
end

#public_keyMinisign::PublicKey

Get the corresponding public key from the private key

Returns:



29
30
31
32
 
# File 'lib/minisign/private_key.rb', line 29

def public_key
  data = Base64.strict_encode64("Ed#{@key_id.pack('C*')}#{@ed25519_public_key_bytes.pack('C*')}")
  Minisign::PublicKey.new(data)
end

#sign(filename, message, trusted_comment = nil, untrusted_comment = nil) ⇒ Minisign::Signature

Sign a file/message

Parameters:

  • filename (String)

    The filename to be used in the trusted comment section

  • message (String)

    The file’s contents

  • trusted_comment (String) (defaults to: nil)

    An optional trusted comment to be included in the signature

  • untrusted_comment (String) (defaults to: nil)

    An optional untrusted comment

Returns:



41
42
43
44
45
46
47
48
49
50
51
52
 
# File 'lib/minisign/private_key.rb', line 41

def sign(filename, message, trusted_comment = nil, untrusted_comment = nil)
  signature = ed25519_signing_key.sign(blake2b512(message))
  trusted_comment ||= "timestamp:#{Time.now.to_i}\tfile:#{filename}\thashed"
  untrusted_comment ||= 'signature from minisign secret key'
  global_signature = ed25519_signing_key.sign("#{signature}#{trusted_comment}")
  Minisign::Signature.new([
    "untrusted comment: #{untrusted_comment}",
    Base64.strict_encode64("ED#{@key_id.pack('C*')}#{signature}"),
    "trusted comment: #{trusted_comment}",
    "#{Base64.strict_encode64(global_signature)}\n"
  ].join("\n"))
end

#to_sString

Returns A string in the minisign.pub format.

Returns:

  • (String)

    A string in the minisign.pub format



55
56
57
58
59
60
61
62
63
 
# File 'lib/minisign/private_key.rb', line 55

def to_s
  kdf_salt = @kdf_salt.pack('C*')
  kdf_opslimit = [@kdf_opslimit, 0].pack('L*')
  kdf_memlimit = [@kdf_memlimit, 0].pack('L*')
  keynum_sk = key_data(@password,
                       @key_id + @ed25519_private_key_bytes + @ed25519_public_key_bytes + @checksum).flatten
  data = "Ed#{kdf_algorithm}B2#{kdf_salt}#{kdf_opslimit}#{kdf_memlimit}#{keynum_sk.pack('C*')}"
  "untrusted comment: #{@untrusted_comment}\n#{Base64.strict_encode64(data)}\n"
end