sign 1.0.7 review

Download
by rbytes.net on

sign is a file signing and signature verification utility

License: BSD License
File size: 27K
Developer: Alex Pankratov
0 stars award from rbytes.net

sign is a file signing and signature verification utility. It's main purpose is to be a simple and convenient extension to a tar/gz/bzip2 line of tools to check file integrity and authenticity. It's small and simple, it does just one thing and hopefully does it well.

I needed a tool to digitally sign a bunch of .tar.gz and to allow recepients of the files to easily check, unzip, untar and start enjoying the content as quickly and painlessly as possible.

There are OpenSSL, GnuPG, PGP and others and they are of course perfectly capable of file signing. OpenSSL is probably the most widely spread one and best suited for the role of being a universal signing utility. However the state of affairs is such that OpenSSL as an application is not really used for anything more than generating tarball MD5 hashes. The other packages are plain big and complex for a simple task of file integrity checking. It's like getting a professional sound editing suite instead of a dead-simple .mp3 player. The larger crypto-packages also tend to lack modularity in a sense that to get file signing working I would need to configure a handful of core, but otherwise unrelated settings first. Besides if I am not going to use anything but a signing code, the rest will be sitting there collecting dust, creating untrivial shared libraries dependencies and a general feeling of a wasted disk space.

First of all, sign is a file processing tool, it reads from the files (including stdin) and writes to the files (including stdout). It can be used to attach signatures to the files or to verify and/or strip them.

Between signing and verifying latter will account for a bulk of usage. When checking the signature, sign will check for both integrity and authenticity of the file. An integrity check is done by validating SHA-1 hash embedded into the signature, and an authenticity is ensured by checking signer's credentials against a trusted list.

sign adopts OpenSSH-style authentication model, where the trust hierarchy is flat (no certificates), an authentication is done with public keys and the list of trusted keys is grown gradually on as-needed basis.

Every trusted key is associated with a file name prefix called the title. The key can be trusted for signing files, whose name start with key's title. The same key may be associated with more than one title, but not vice versa.

The signature is appended at the end of the file and it carries three bits of information - the title, the public key of the signer and the hash of all preceeding data encrypted with signer's private key. The verification is performed as follows:

The filename is checked to start with a title
The hash is decrypted using the public key
The hash is compared to the locally computed value (this ensures integrity)
The title is looked up locally; if it's known and associated public key is the same as in the signature, the file is deemed authentic.
Otherwise if the title is known, but the key is different, the file is considered to be signed by untrusted, impersonating party and the check fails.
And lastly, if the title is unknown, the authenticity of the file cannot be established. The user is provided with public key fingerprint, which should be manually authenticated. Then the title and the key are added to the trusted list; and subsequent signatures from the this signer for this particular title will be cleared automatically.

In order to sign files, the signing keypair must first be generated. The keypair is maintained on per-user basis and can be created by running sign with a special command-line flag. The signing process itself is as follows (give or take insignificant details):

Run the filename through a list of owned titles and find the best match. Alternately accept explicit title from the user using one of the command-line flags.
Attach the title, attach public signing key
Compute the hash, encrypt it with private signing key
Attach encrypted hash.

For details on command-line syntax and other operating parameters, please refer to a man page; an online version is here.

sign 1.0.7 keywords