add tooling for signing

There's tools for key generation and conversion and there's tools for signing and verifying a tree leaf. Note that the leaf signing tools use the yet to be decided about SSH signing format, with message (ie signers checksum) being hashed with SHA-512 to match SSH tooling (ssh-keygen -Y).
author: Linus Nordberg <linus@nordberg.se> 2021-12-08 09:55:37 +0100
committer: Linus Nordberg <linus@nordberg.se> 2021-12-08 09:55:37 +0100
commit: 7576a1ebd03e1d7e68bd1701b8bff8159230fe19 (patch)
tree: 34a6b53a432b842c5aa93fdb97cb17971515280e /tools/sigsum-gensigkey.py
parent: b06f07550957ba8ba4ff237332f16147a29a6dd2 (diff)
1 files changed, 21 insertions, 0 deletions
diff --git a/tools/sigsum-gensigkey.py b/tools/sigsum-gensigkey.py
new file mode 100755
index 0000000..3c74108
--- /dev/null
+++ b/tools/sigsum-gensigkey.py
@@ -0,0 +1,21 @@
+#! /usr/bin/env python3
+
+import sys
+import os
+from stat import *
+from nacl.encoding import HexEncoder
+from nacl.signing import SigningKey
+
+def generate_and_store_sigkey(fn):
+    signing_key = SigningKey.generate()
+    verify_key = signing_key.verify_key
+    with open(fn, 'w') as f:
+        os.chmod(f.fileno(), S_IRUSR)
+        f.write(signing_key.encode(HexEncoder).decode('ascii') + '\n')
+    print(verify_key.encode(HexEncoder).decode('ascii'))
+
+def main():
+    generate_and_store_sigkey(sys.argv[1])
+
+if __name__ == '__main__':
+    main()
author	Linus Nordberg <linus@nordberg.se>	2021-12-08 09:55:37 +0100
committer	Linus Nordberg <linus@nordberg.se>	2021-12-08 09:55:37 +0100
commit	7576a1ebd03e1d7e68bd1701b8bff8159230fe19 (patch)
tree	34a6b53a432b842c5aa93fdb97cb17971515280e /tools/sigsum-gensigkey.py
parent	b06f07550957ba8ba4ff237332f16147a29a6dd2 (diff)