Subject: CVS commit: pkgsrc/security/netpgpverify
From: Alistair G. Crooks
Date: 2014-02-04 03:11:18
Message id: 20140204021118.CD47296@cvs.netbsd.org
Log Message:
Update security/netpgpverify to version 20140202

Changes from previous version:

Add the ability for netpgpverify to verify ssh-pub-key-based signatures.

It is much more likely for ssh (rather than pgp) keys to be available,
and used, as a source of authentication data.  These changes add the
ability for netpgpverify(1) -- the standalone, zero-prereq utility -
to verify signatures made by netpgp when using ssh keys.

Running the regression tests in WRKDIR gives the following output:

	% mk -f *.bsd tst
	./netpgpverify -k pubring.gpg NetBSD-6.0_RC1_hashes.asc
	Good signature for NetBSD-6.0_RC1_hashes.asc made Thu Aug 23 11:47:50 2012
	signature     4096/RSA (Encrypt or Sign) 064973ac4c4a706e 2009-06-23
	fingerprint   ddee 2bdb 9c98 a0d1 d4fb dbf7 0649 73ac 4c4a 706e
	uid           NetBSD Security Officer <security-officer@NetBSD.org>

	./netpgpverify -k pubring.gpg NetBSD-6.0_RC1_hashes.gpg
	Good signature for NetBSD-6.0_RC1_hashes.gpg made Thu Mar 14 13:32:59 2013
	signature     4096/RSA (Encrypt or Sign) 064973ac4c4a706e 2009-06-23
	fingerprint   ddee 2bdb 9c98 a0d1 d4fb dbf7 0649 73ac 4c4a 706e
	uid           NetBSD Security Officer <security-officer@NetBSD.org>

	./netpgpverify -v
	netpgpverify portable 20140202
	./netpgpverify -S sshtest-20140202.pub data.gpg
	Good signature for data.gpg made Mon Feb  3 17:54:21 2014
	signature     4096/RSA (Encrypt or Sign) 4d129225945bbb8f 1970-01-01
	fingerprint   874b 75de d6a3 341f 2d5a 2219 4d12 9225 945b bb8f
	uid           netbsd-001.cupertino.alistaircrooks.com (sshtest-20140202.pub) \ 
<agc@netbsd-001.cupertino.alistaircrooks.com>

	./netpgpverify -S sshtest-20140202.pub data.sig
	Good signature for data.sig made Sun Feb  2 21:45:05 2014
	signature     4096/RSA (Encrypt or Sign) 4d129225945bbb8f 1970-01-01
	fingerprint   874b 75de d6a3 341f 2d5a 2219 4d12 9225 945b bb8f
	uid           netbsd-001.cupertino.alistaircrooks.com (sshtest-20140202.pub) \ 
<agc@netbsd-001.cupertino.alistaircrooks.com>

	expected failure, to check bad signatures fail to verify
	sed -e 's|A|B|' data.gpg | ./netpgpverify -S sshtest-20140202.pub
	Signature did not match contents -- Signature on data did not match
	*** Error code 1 (ignored)
	%

A new HOWTO file is provided in the sources (files/HOWTO) to show how
to sign data using ssh keys and netpgp(1).
Files:
RevisionActionfile
1.5modifypkgsrc/security/netpgpverify/Makefile
1.2modifypkgsrc/security/netpgpverify/files/Makefile.bsd
1.2modifypkgsrc/security/netpgpverify/files/Makefile.in
1.3modifypkgsrc/security/netpgpverify/files/bignum.c
1.2modifypkgsrc/security/netpgpverify/files/libverify.c
1.3modifypkgsrc/security/netpgpverify/files/main.c
1.3modifypkgsrc/security/netpgpverify/files/netpgpverify.1
1.2modifypkgsrc/security/netpgpverify/files/pubring.gpg
1.4modifypkgsrc/security/netpgpverify/files/verify.h
1.1addpkgsrc/security/netpgpverify/files/bufgap.c
1.1addpkgsrc/security/netpgpverify/files/bufgap.h
1.1addpkgsrc/security/netpgpverify/files/chk.sh
1.1addpkgsrc/security/netpgpverify/files/data
1.1addpkgsrc/security/netpgpverify/files/data.gpg
1.1addpkgsrc/security/netpgpverify/files/data.sig
1.1addpkgsrc/security/netpgpverify/files/defs.h
1.1addpkgsrc/security/netpgpverify/files/sshtest-20140202
1.1addpkgsrc/security/netpgpverify/files/sshtest-20140202.pub