aboutsummaryrefslogtreecommitdiff
path: root/tools/sigsum-verify-leaf.py
diff options
context:
space:
mode:
Diffstat (limited to 'tools/sigsum-verify-leaf.py')
-rwxr-xr-xtools/sigsum-verify-leaf.py32
1 files changed, 32 insertions, 0 deletions
diff --git a/tools/sigsum-verify-leaf.py b/tools/sigsum-verify-leaf.py
new file mode 100755
index 0000000..d8a15fa
--- /dev/null
+++ b/tools/sigsum-verify-leaf.py
@@ -0,0 +1,32 @@
+#! /usr/bin/env python3
+
+# Input: vkeyfile shard_hint signature [checksum]
+# Example: echo foo | ./sigsum-verify-leaf.py nacl.vk 0 $(echo foo | ./sigsum-sign-leaf.py nacl.sk 0)
+# OK
+
+import sys
+from nacl.signing import VerifyKey
+from nacl.encoding import HexEncoder
+from libsigntools import checksum_stdin, ssh_to_sign
+
+alg = 'sha512'
+
+def main():
+ keyfile = sys.argv[1]
+ shard_hint = int(sys.argv[2])
+ sig = bytes.fromhex(sys.argv[3])
+
+ with open(keyfile, 'r') as f:
+ vkey = VerifyKey(f.readline().strip(), encoder=HexEncoder)
+ if len(sys.argv) > 4:
+ checksum = bytes.fromhex(sys.argv[4])
+ else:
+ checksum = checksum_stdin(hashalg=alg)
+
+ namespace = 'tree_leaf:v0:{}@sigsum.org'.format(shard_hint)
+ data = ssh_to_sign(namespace, alg, checksum)
+ vkey.verify(data, signature=sig)
+ print("OK")
+
+if __name__ == '__main__':
+ main()
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-15 22:32:20 +0000