Skip to content
Snippets Groups Projects

APT ED25519 Repository signing reference implementation

Implementation of APT ED25519 signatures in Python.

Usage

aptsign generate-primary FILENAME : Generate a new primary key in the given file

aptsign generate-subkey PRIMARY SUBKEY : Generate a new subkey in the file SUBKEY based on the primary key in file PRIMARY

aptsign sign-file KEY : Sign standard input using the given key (primary or subkey), returns signed version on standard output

aptsign verify-file : Verify the standard input, returns signed content on standard output

aptsign public-key PRIVATEKEY : Print the public key for the private key in the given file to stdout

Example

$ cat > Test  << EOF
> Key: value
> OtherKey: otherValue
>
> EOF
$ python3 -m aptsign generate-primary primary.sec
$ python3 -m aptsign generate-subkey primary.sec subkey.sec
$ cat primary.sec
private-key: nzXRBQ+S+IKUWDqLRjrnk9mqPCBMxLKzDoH4wS5RiBo=

$ cat subkey.sec
private-key: SnX+QPB327w8xUH+/bm8el5E/UM6rmizgwWNuxzyZGU=
subkey:  s1yq1YBOsjZYT9+8Hq2y2MBlvJ31EDjFf8OzgufpeFVDuO3aZMWDJJvU9SP5KHW+G+Uo25myfQRjQdojh8KqDf//////////AAAAABt1KuFrxNctO84dWeXgwiQutPJjUs2mA8uNqBcNGC7yPJs2x/ZVZ6DFIRRfzq1iq8EwzKA/sW/nIBSc3ri71Qw=

$ python3 -m aptsign sign-file primary.sec < Test
Key: value
OtherKey: otherValue
Signatures:
 s1yq1YBOsjZYT9+8Hq2y2MBlvJ31EDjFf8OzgufpeFV9wOKLg9HlN4yIPfiOrpDnZ3XqYCkrTbIER3Fu+PDIBQdPMjlVbaatnWurff54Fmi7nVkGrDb5rgSo3y1+6WkD

$ python3 -m aptsign sign-file subkey.sec < Test
Key: value
OtherKey: otherValue
Signatures:
 s1yq1YBOsjZYT9+8Hq2y2MBlvJ31EDjFf8OzgufpeFVDuO3aZMWDJJvU9SP5KHW+G+Uo25myfQRjQdojh8KqDf//////////AAAAABt1KuFrxNctO84dWeXgwiQutPJjUs2mA8uNqBcNGC7yPJs2x/ZVZ6DFIRRfzq1iq8EwzKA/sW/nIBSc3ri71QyUksnq7Rz74vEe9eFD+ZbuuD/audMDeqOebiJI8459yEHbZr/mI2rRKV1Voib0OQf3uj8ZlDCT9lydzk2dgtMC

$ python3 -m aptsign sign-file subkey.sec < Test | python3 -m aptsign verify-file
I: Verified signature from s1yq1YBOsjZYT9+8Hq2y2MBlvJ31EDjFf8OzgufpeFU=:Q7jt2mTFgySb1PUj+Sh1vhvlKNuZsn0EY0HaI4fCqg0=
Key: value
OtherKey: otherValue
$ python3 -m aptsign public-key subkey.sec
Q7jt2mTFgySb1PUj+Sh1vhvlKNuZsn0EY0HaI4fCqg0=
$ python3 -m aptsign public-key primary.sec
s1yq1YBOsjZYT9+8Hq2y2MBlvJ31EDjFf8OzgufpeFU=