Actions
Architecture #6480
closedCreate a script to sign files using openssl on windows
Pull Request:
Effort required:
Name check:
Fix check:
Regression:
Description
Usage would be ./signature.cmd file
It would use cfengine keys and create a file.sign
Updated by Benoît PECCATTE over 9 years ago
- Tracker changed from Enhancement to Architecture
Updated by Vincent MEMBRÉ over 9 years ago
- Target version changed from 3.0.4 to 3.0.5
Updated by Matthieu CERDA over 9 years ago
- Assignee changed from Nicolas CHARLES to Benoît PECCATTE
- Priority changed from N/A to 3
- Target version changed from 3.0.5 to 3.1.0~beta1
First script iteration (won't work yet, still wip):
IF EXIST "C:\Program Files\Rudder\sbin\openssl\openssl.exe" ( REM OpenSSL is here, all good. ) else ( echo "ERROR: No OpenSSL detected. Bailing out" quit ) REM md4 md5 sha sha1 sha224 sha256 sha384 sha512 whirlpool REM The oldest openssl we support is 0.9.8 and it supports sha512 SET HASH=sha512 REM the file to sign SET FILE="%1" IF EXIST %FILE% ( echo HERE ) else ( echo NOTHERE ) REM the key to use for signature SET PRIVKEY=localhost.priv REM cfengine passphrase SET PASSPHRASE="Cfengine passphrase" REM Create signature SET SIGNATURE=$(openssl dgst -passin "pass:%PASSPHRASE%" -%HASH% -hex -sign "%PRIVKEY%" -in "%FILE%" REM| sed -e 's/.*= //') REM Create a signature FILE echo header=rudder-signature-v1 algorithm=%HASH% digest=%SIGNATURE% REM > %1.sign
Updated by François ARMAND over 9 years ago
- Assignee changed from Benoît PECCATTE to Matthieu CERDA
Matthieu, could you take that one on you side, since you came back before it was possible to do it ?
Thanks,
Updated by Vincent MEMBRÉ over 9 years ago
- Target version changed from 3.1.0~beta1 to 3.1.0~rc1
Updated by Matthieu CERDA over 9 years ago
- Status changed from New to In progress
Updated by Matthieu CERDA over 9 years ago
- Status changed from In progress to Rejected
The work on this part is finished, and will be included as part of the Windows packaging.
For future reference, the script is:
# Argument definition ## -file: defines the file to be signed Param ( [string]$file ) # Variables ## OpenSSL binary $openssl="C:\Program Files\Rudder\sbin\openssl\openssl.exe" ## Key to use for signature If ( Test-Path "C:\Program Files\Cfengine\ppkeys\localhost.priv" ) { $privkey="C:\Program Files\Cfengine\ppkeys\localhost.priv" } Else { $privkey="C:\Program Files (x86)\Cfengine\ppkeys\localhost.priv" } ## Hash algorithm to use ## md4 md5 sha sha1 sha224 sha256 sha384 sha512 whirlpool ## The oldest openssl we support is 0.9.8 and it supports sha512 $hash="sha512" ## CFEngine default passphrase $passphrase="Cfengine passphrase" # Code If (-Not (Test-Path $openssl)) { Write-Host "ERROR: No OpenSSL detected. Bailing out" Exit } If (-Not (Test-Path $file)) { Write-Host "ERROR: Given file not found. Bailing out" Exit } # Create signature $signature = & $openssl dgst -passin "pass:$passphrase" -$hash -hex -sign "$privkey" "$file" 2>$null | % { $_ -replace ".*= ","" } # Create a signature "header=rudder-signature-v1`nalgorithm=$hash`ndigest=$signature" | Out-File -Encoding UTF8 "$file.sign"
Actions