at least for now, we're going to need some -Inspector magic

diff --git a/usr.bin/signify/signify.1 b/usr.bin/signify/signify.1
index 9f8397a..8d82634 100644 (file)
--- a/usr.bin/signify/signify.1
+++ b/usr.bin/signify/signify.1
@@ -1,4 +1,4 @@
-.\" $OpenBSD: signify.1,v 1.8 2014/01/09 15:36:40 tedu Exp $
+.\" $OpenBSD: signify.1,v 1.9 2014/01/10 04:15:38 tedu Exp $
 .\"
 .\"Copyright (c) 2013 Marc Espie <espie@openbsd.org>
 .\"Copyright (c) 2013 Ted Unangst <tedu@openbsd.org>
@@ -14,7 +14,7 @@
 .\"WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
 .\"ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 .\"OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-.Dd $Mdocdate: January 9 2014 $
+.Dd $Mdocdate: January 10 2014 $
 .Dt SIGNIFY 1
 .Os
 .Sh NAME
@@ -27,6 +27,11 @@
 .Fl s Ar seckey
 .Fl G
 .Nm signify
+.Op Fl o Ar signature
+.Op Fl p Ar pubkey
+.Op Fl s Ar seckey
+.Fl I
+.Nm signify
 .Op Fl e
 .Op Fl o Ar output
 .Fl s Ar seckey
@@ -58,6 +63,8 @@ Embed the message after the signature when signing.
 For verification, extract the message from the signature.
 .It Fl G
 Generate a new keypair.
+.It Fl I
+Inspect the specified keys or signature and print their fingerprint.
 .It Fl n
 Do not ask for a passphrase during key generation.
 Otherwise,

diff --git a/usr.bin/signify/signify.c b/usr.bin/signify/signify.c
index 1c0e37a..52957c7 100644 (file)
--- a/usr.bin/signify/signify.c
+++ b/usr.bin/signify/signify.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: signify.c,v 1.21 2014/01/09 21:19:38 jmc Exp $ */
+/* $OpenBSD: signify.c,v 1.22 2014/01/10 04:15:38 tedu Exp $ */
 /*
  * Copyright (c) 2013 Ted Unangst <tedu@openbsd.org>
  *
@@ -73,11 +73,12 @@ usage(void)
        fprintf(stderr, "usage:"
 #ifndef VERIFYONLY
            "\t%s [-n] -p pubkey -s seckey -G\n"
+           "\t%s [-o sig] [-p pubkey] [-s seckey] -I\n"
            "\t%s [-e] [-o output] -s seckey -S message\n"
 #endif
            "\t%s [-e] [-o output] -p pubkey -V message\n",
 #ifndef VERIFYONLY
-           __progname, __progname, 
+           __progname, __progname, __progname,
 #endif
            __progname);
        exit(1);
@@ -341,6 +342,31 @@ sign(const char *seckeyfile, const char *msgfile, const char *sigfile,
 
        free(msg);
 }
+
+static void
+inspect(const char *seckeyfile, const char *pubkeyfile, const char *sigfile)
+{
+       struct sig sig;
+       struct enckey enckey;
+       struct pubkey pubkey;
+       char fp[(FPLEN + 2) / 3 * 4 + 1];
+
+       if (seckeyfile) {
+               readb64file(seckeyfile, &enckey, sizeof(enckey), NULL);
+               b64_ntop(enckey.fingerprint, FPLEN, fp, sizeof(fp));
+               printf("sec fp: %s\n", fp);
+       }
+       if (pubkeyfile) {
+               readb64file(pubkeyfile, &pubkey, sizeof(pubkey), NULL);
+               b64_ntop(pubkey.fingerprint, FPLEN, fp, sizeof(fp));
+               printf("pub fp: %s\n", fp);
+       }
+       if (sigfile) {
+               readb64file(sigfile, &sig, sizeof(sig), NULL);
+               b64_ntop(sig.fingerprint, FPLEN, fp, sizeof(fp));
+               printf("sig fp: %s\n", fp);
+       }
+}
 #endif
 
 static void
@@ -384,8 +410,12 @@ verify(const char *pubkeyfile, const char *msgfile, const char *sigfile,
                readb64file(sigfile, &sig, sizeof(sig), NULL);
        }
 
-       if (memcmp(pubkey.fingerprint, sig.fingerprint, FPLEN))
+       if (memcmp(pubkey.fingerprint, sig.fingerprint, FPLEN)) {
+#ifndef VERIFYONLY
+               inspect(NULL, pubkeyfile, sigfile);
+#endif
                errx(1, "verification failed: checked against wrong key");
+       }
 
        verifymsg(pubkey.pubkey, msg, msglen, sig.sig);
        if (embedded) {
@@ -410,6 +440,7 @@ main(int argc, char **argv)
        enum {
                NONE,
                GENERATE,
+               INSPECT,
                SIGN,
                VERIFY
        } verb = NONE;
@@ -417,7 +448,7 @@ main(int argc, char **argv)
 
        rounds = 42;
 
-       while ((ch = getopt(argc, argv, "GSVeno:p:s:")) != -1) {
+       while ((ch = getopt(argc, argv, "GISVeno:p:s:")) != -1) {
                switch (ch) {
 #ifndef VERIFYONLY
                case 'G':
@@ -425,6 +456,11 @@ main(int argc, char **argv)
                                usage();
                        verb = GENERATE;
                        break;
+               case 'I':
+                       if (verb)
+                               usage();
+                       verb = INSPECT;
+                       break;
                case 'S':
                        if (verb)
                                usage();
@@ -471,6 +507,10 @@ main(int argc, char **argv)
                if (!pubkeyfile || !seckeyfile || argc != 0)
                        usage();
                generate(pubkeyfile, seckeyfile, rounds);
+       } else if (verb == INSPECT) {
+               if (argc != 0)
+                       usage();
+               inspect(seckeyfile, pubkeyfile, sigfile);
        } else
 #endif
        {