-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathssh-sign
executable file
·51 lines (42 loc) · 1.27 KB
/
ssh-sign
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
#!/usr/bin/env bash
set -euo pipefail
usage() {
{
echo "usage: $0 <namespace> <ssh-key> [<message-file>...]"
echo ""
echo " namespace: is an arbitrary string you need to agree on with the recipient"
echo " ssh-key: will be used to sign the payload."
echo " message-file: one or more files to sign. /dev/stdin is used by default"
echo " signature will be saved with a file suffixed .sig"
echo " if a process substitution or stdin will be provided"
echo " then the signature will be written to stdout"
} >&2
return 1
}
main() {
declare namespace="${1:-}" ssh_key="${2:-}"
shift 2 || :
if [[ -z "$namespace" ]]; then
echo "Error: namespace argument is required" >&2
usage
fi
if [[ -z "$ssh_key" ]]; then
echo "Error: ssh-key argument is required" >&2
usage
fi
if [[ ! -r "$ssh_key" ]]; then
echo "Key $ssh_key does not exist or is not readable" >&2
return 1
fi
if [[ -z "$*" ]]; then
ssh-keygen -Y sign -n "$namespace" -f "$ssh_key"
fi
for file in "$@"; do
if [[ -f "$file" ]]; then
ssh-keygen -Y sign -n "$namespace" -f "$ssh_key" "$file"
else
ssh-keygen -Y sign -n "$namespace" -f "$ssh_key" < "$file"
fi
done
}
main "$@"