Actions
Architecture #6480
closed
Create a script to sign files using openssl on windows
Pull Request:
Effort required:
Name check:
Fix check:
Regression:
Description
Usage would be ./signature.cmd file
It would use cfengine keys and create a file.sign
Updated by Benoît PECCATTE about 9 years ago
- Tracker changed from Enhancement to Architecture
Updated by Vincent MEMBRÉ about 9 years ago
- Target version changed from 3.0.4 to 3.0.5
Updated by
Updated by Matthieu CERDA about 9 years ago
- Assignee changed from Nicolas CHARLES to Benoît PECCATTE
- Priority changed from N/A to 3
- Target version changed from 3.0.5 to 3.1.0~beta1
First script iteration (won't work yet, still wip):
IF EXIST "C:\Program Files\Rudder\sbin\openssl\openssl.exe" ( REM OpenSSL is here, all good. ) else ( echo "ERROR: No OpenSSL detected. Bailing out" quit ) REM md4 md5 sha sha1 sha224 sha256 sha384 sha512 whirlpool REM The oldest openssl we support is 0.9.8 and it supports sha512 SET HASH=sha512 REM the file to sign SET FILE="%1" IF EXIST %FILE% ( echo HERE ) else ( echo NOTHERE ) REM the key to use for signature SET PRIVKEY=localhost.priv REM cfengine passphrase SET PASSPHRASE="Cfengine passphrase" REM Create signature SET SIGNATURE=$(openssl dgst -passin "pass:%PASSPHRASE%" -%HASH% -hex -sign "%PRIVKEY%" -in "%FILE%" REM| sed -e 's/.*= //') REM Create a signature FILE echo header=rudder-signature-v1 algorithm=%HASH% digest=%SIGNATURE% REM > %1.sign
Updated by François ARMAND almost 9 years ago
- Assignee changed from Benoît PECCATTE to Matthieu CERDA
Matthieu, could you take that one on you side, since you came back before it was possible to do it ?
Thanks,
Updated by Vincent MEMBRÉ almost 9 years ago
- Target version changed from 3.1.0~beta1 to 3.1.0~rc1
Updated by Matthieu CERDA almost 9 years ago
- Status changed from New to In progress
Updated by Matthieu CERDA almost 9 years ago
- Status changed from In progress to Rejected
The work on this part is finished, and will be included as part of the Windows packaging.
For future reference, the script is:
# Argument definition
## -file: defines the file to be signed
Param ( [string]$file )
# Variables
## OpenSSL binary
$openssl="C:\Program Files\Rudder\sbin\openssl\openssl.exe"
## Key to use for signature
If ( Test-Path "C:\Program Files\Cfengine\ppkeys\localhost.priv" )
{
$privkey="C:\Program Files\Cfengine\ppkeys\localhost.priv"
} Else {
$privkey="C:\Program Files (x86)\Cfengine\ppkeys\localhost.priv"
}
## Hash algorithm to use
## md4 md5 sha sha1 sha224 sha256 sha384 sha512 whirlpool
## The oldest openssl we support is 0.9.8 and it supports sha512
$hash="sha512"
## CFEngine default passphrase
$passphrase="Cfengine passphrase"
# Code
If (-Not (Test-Path $openssl))
{
Write-Host "ERROR: No OpenSSL detected. Bailing out"
Exit
}
If (-Not (Test-Path $file))
{
Write-Host "ERROR: Given file not found. Bailing out"
Exit
}
# Create signature
$signature = & $openssl dgst -passin "pass:$passphrase" -$hash -hex -sign "$privkey" "$file" 2>$null | % { $_ -replace ".*= ","" }
# Create a signature
"header=rudder-signature-v1`nalgorithm=$hash`ndigest=$signature" | Out-File -Encoding UTF8 "$file.sign"
Actions