From d6d240b6b296a6fadfb46657f458c86e97f2f465 Mon Sep 17 00:00:00 2001 From: f Date: Thu, 3 Mar 2022 16:33:03 -0300 Subject: [PATCH 1/9] no commitear llaves por error --- .gitignore | 2 ++ 1 file changed, 2 insertions(+) create mode 100644 .gitignore diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..6434aaf --- /dev/null +++ b/.gitignore @@ -0,0 +1,2 @@ +./key +./key.pub -- 2.45.2 From 37f3f1586ef7969249818db7bff9ba55d0a0f1a6 Mon Sep 17 00:00:00 2001 From: f Date: Thu, 3 Mar 2022 16:33:12 -0300 Subject: [PATCH 2/9] variable para la llave privada --- nodemecu.conf.sample | 1 + 1 file changed, 1 insertion(+) diff --git a/nodemecu.conf.sample b/nodemecu.conf.sample index bfb5883..84b73a1 100644 --- a/nodemecu.conf.sample +++ b/nodemecu.conf.sample @@ -14,3 +14,4 @@ stack=$install_dir/stack historical=$install_dir/historical log=$install_dir/errors.log corrupt=$install_dir/corrupt +private_key=$install_dir/key -- 2.45.2 From 9ad90339ba13897e5f09043ea07507592bedf838 Mon Sep 17 00:00:00 2001 From: f Date: Thu, 3 Mar 2022 16:34:32 -0300 Subject: [PATCH 3/9] generar una llave privada --- functions | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/functions b/functions index 1f0f68e..1f2ce34 100644 --- a/functions +++ b/functions @@ -6,5 +6,9 @@ get_stack () { fi } +# Generar una llave privada ECDSA si no existe +generate_private_key () { + test -f "$private_key" && return 1 - + ssh-keygen -t ecdsa -f "$private_key" -N "" -m PEM +} -- 2.45.2 From b6c02292e2c384c915ac116dfe884fc2e626e9a8 Mon Sep 17 00:00:00 2001 From: f Date: Thu, 3 Mar 2022 16:34:47 -0300 Subject: [PATCH 4/9] firmar un archivo y devolver el nombre del archivo firmado --- functions | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/functions b/functions index 1f2ce34..f4dc5ff 100644 --- a/functions +++ b/functions @@ -12,3 +12,20 @@ generate_private_key () { ssh-keygen -t ecdsa -f "$private_key" -N "" -m PEM } + +# Firmar el archivo usando la llave privada. +# +# Uso: sign_file archivo.json +# Devuelve: archivo.json.sign +sign_file () { + local _file="$1" + + test ! -f "$_file" && return 1 + + if ! openssl dgst -sha512 -sign "$private_key" "$_file" | base64 | tr -d "\n" > "$_file.sign" ; then + rm -f "$_file.sign" + return 1 + fi + + echo "$_file.sign" +} -- 2.45.2 From 0bbd07e07466f85786028d2a87205761817d8218 Mon Sep 17 00:00:00 2001 From: f Date: Sat, 12 Mar 2022 18:51:17 -0300 Subject: [PATCH 5/9] no es necesario exportar como PEM --- functions | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/functions b/functions index f4dc5ff..228bb2d 100644 --- a/functions +++ b/functions @@ -10,7 +10,7 @@ get_stack () { generate_private_key () { test -f "$private_key" && return 1 - ssh-keygen -t ecdsa -f "$private_key" -N "" -m PEM + ssh-keygen -t ecdsa -f "$private_key" -N "" } # Firmar el archivo usando la llave privada. -- 2.45.2 From 9fcb2c0c54d0623140e0395c70b485ba26628cb1 Mon Sep 17 00:00:00 2001 From: f Date: Sat, 12 Mar 2022 18:51:29 -0300 Subject: [PATCH 6/9] aceptar un comentario como parametro de la funcion --- functions | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/functions b/functions index 228bb2d..5f1f932 100644 --- a/functions +++ b/functions @@ -10,7 +10,7 @@ get_stack () { generate_private_key () { test -f "$private_key" && return 1 - ssh-keygen -t ecdsa -f "$private_key" -N "" + ssh-keygen -t ecdsa -f "$private_key" -N "" -C "$@" } # Firmar el archivo usando la llave privada. -- 2.45.2 From f41678fb726058dc095f54ba7f334cdc37f966f4 Mon Sep 17 00:00:00 2001 From: f Date: Sat, 12 Mar 2022 18:51:52 -0300 Subject: [PATCH 7/9] firmar con ssh-keygen --- functions | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/functions b/functions index 5f1f932..2c113fe 100644 --- a/functions +++ b/functions @@ -21,11 +21,10 @@ sign_file () { local _file="$1" test ! -f "$_file" && return 1 - - if ! openssl dgst -sha512 -sign "$private_key" "$_file" | base64 | tr -d "\n" > "$_file.sign" ; then - rm -f "$_file.sign" - return 1 + if test -f "$_file.sig" ; then + echo "$_file.sig" + return 0 fi - echo "$_file.sign" + LC_ALL=C ssh-keygen -Y sign -f ~/.ssh/id_ed25519 -n file "$_file" 2>&1| grep Write | cut -d " " -f 4 } -- 2.45.2 From fa32b2bf37eef4c894ef8abd623d3e67ab74a47d Mon Sep 17 00:00:00 2001 From: f Date: Sat, 12 Mar 2022 18:53:48 -0300 Subject: [PATCH 8/9] devolver la firma --- functions | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/functions b/functions index 2c113fe..4f40a85 100644 --- a/functions +++ b/functions @@ -16,15 +16,12 @@ generate_private_key () { # Firmar el archivo usando la llave privada. # # Uso: sign_file archivo.json -# Devuelve: archivo.json.sign +# Devuelve: La firma sign_file () { local _file="$1" test ! -f "$_file" && return 1 - if test -f "$_file.sig" ; then - echo "$_file.sig" - return 0 - fi + test -f "$_file.sig" || ssh-keygen -Y sign -f ~/.ssh/id_ed25519 -n file "$_file" 2>&1 >/dev/null - LC_ALL=C ssh-keygen -Y sign -f ~/.ssh/id_ed25519 -n file "$_file" 2>&1| grep Write | cut -d " " -f 4 + cat "${_file}.sig" | grep -v SIGNATURE | tr -d "\n" } -- 2.45.2 From aca3d0fba1ed9b4785770d6501dffeb578dac79a Mon Sep 17 00:00:00 2001 From: f Date: Mon, 14 Mar 2022 16:23:45 -0300 Subject: [PATCH 9/9] usar la llave privada --- functions | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/functions b/functions index 4f40a85..809fc40 100644 --- a/functions +++ b/functions @@ -21,7 +21,7 @@ sign_file () { local _file="$1" test ! -f "$_file" && return 1 - test -f "$_file.sig" || ssh-keygen -Y sign -f ~/.ssh/id_ed25519 -n file "$_file" 2>&1 >/dev/null + test -f "$_file.sig" || ssh-keygen -Y sign -f "$private_key" -n file "$_file" 2>&1 >/dev/null cat "${_file}.sig" | grep -v SIGNATURE | tr -d "\n" } -- 2.45.2