murex.tngl.sh
forked from
tangled.org/core
fork
Configure Feed
Select the types of activity you want to include in your feed.
Monorepo for Tangled
fork
Configure Feed
Select the types of activity you want to include in your feed.
oppi.li
1package crypto
2
3import (
4 "bytes"
5 "crypto/sha256"
6 "encoding/base64"
7 "fmt"
8
9 "github.com/hiddeco/sshsig"
10 "golang.org/x/crypto/ssh"
11)
12
13func VerifySignature(pubKey, signature, payload []byte) (error, bool) {
14 pub, _, _, _, err := ssh.ParseAuthorizedKey(pubKey)
15 if err != nil {
16 return fmt.Errorf("failed to parse public key: %w", err), false
17 }
18
19 sig, err := sshsig.Unarmor(signature)
20 if err != nil {
21 return fmt.Errorf("failed to parse signature: %w", err), false
22 }
23
24 buf := bytes.NewBuffer(payload)
25 // we use sha-512 because ed25519 keys require it internally; rsa keys support
26 // multiple algorithms but sha-512 is most secure, and git's ssh signing defaults
27 // to sha-512 for all key types anyway.
28 err = sshsig.Verify(buf, sig, pub, sshsig.HashSHA512, "git")
29
30 return err, err == nil
31}
32
33// SSHFingerprint computes the fingerprint of the supplied ssh pubkey.
34func SSHFingerprint(pubKey string) (string, error) {
35 pk, _, _, _, err := ssh.ParseAuthorizedKey([]byte(pubKey))
36 if err != nil {
37 return "", err
38 }
39
40 hash := sha256.Sum256(pk.Marshal())
41 return "SHA256:" + base64.StdEncoding.EncodeToString(hash[:]), nil
42}