From 7576a1ebd03e1d7e68bd1701b8bff8159230fe19 Mon Sep 17 00:00:00 2001
From: Linus Nordberg <linus@nordberg.se>
Date: Wed, 8 Dec 2021 09:55:37 +0100
Subject: add tooling for signing

There's tools for key generation and conversion and there's tools for
signing and verifying a tree leaf. Note that the leaf signing tools
use the yet to be decided about SSH signing format, with message (ie
signers checksum) being hashed with SHA-512 to match SSH
tooling (ssh-keygen -Y).
---
 tools/sigsum-gensigkey.py | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)
 create mode 100755 tools/sigsum-gensigkey.py

(limited to 'tools/sigsum-gensigkey.py')

diff --git a/tools/sigsum-gensigkey.py b/tools/sigsum-gensigkey.py
new file mode 100755
index 0000000..3c74108
--- /dev/null
+++ b/tools/sigsum-gensigkey.py
@@ -0,0 +1,21 @@
+#! /usr/bin/env python3
+
+import sys
+import os
+from stat import *
+from nacl.encoding import HexEncoder
+from nacl.signing import SigningKey
+
+def generate_and_store_sigkey(fn):
+    signing_key = SigningKey.generate()
+    verify_key = signing_key.verify_key
+    with open(fn, 'w') as f:
+        os.chmod(f.fileno(), S_IRUSR)
+        f.write(signing_key.encode(HexEncoder).decode('ascii') + '\n')
+    print(verify_key.encode(HexEncoder).decode('ascii'))
+
+def main():
+    generate_and_store_sigkey(sys.argv[1])
+
+if __name__ == '__main__':
+    main()
-- 
cgit v1.2.3