15 Signature Checking
(require denxi/signature) | package: denxi |
denxi/signature uses asymmetric cryptography to verify if a digest was signed by a private key. The quality of signature verification is therefore dependent on the quality of the CHF used to create the digest.
value
value
= (or/c raw-signature? sourced-signature?)
value
= (not/c well-formed-signature?)
sourced-signature? returns #t if at least one of the fields of the instance is a source. This is unlike sourced-integrity?, which only checks if the digest field is a source.
procedure
(fetch-signature-payload src exhaust) → any/c
src : source-variant? exhaust : exhaust/c
In practice, the fetched bytes are expected to contain either a public key or a signature. In any case, the output is assumed to be compatible with the tool used to verify signatures.
procedure
(lock-signature [ #:public-key-budget public-key-budget #:signature-budget signature-budget] siginfo exhaust) → signature?
public-key-budget : budget/c = MAX_EXPECTED_SIGNATURE_PAYLOAD_LENGTH
signature-budget : budget/c = MAX_EXPECTED_SIGNATURE_PAYLOAD_LENGTH siginfo : well-formed-signature? exhaust : exhaust/c
procedure
(make-snake-oil-signature digest [chf-name]) → raw-signature?
digest : bytes? chf-name : symbol? = (get-default-chf)
Do not use in production code.
procedure
(call-with-snake-oil-cipher-trust thunk) → any
thunk : (-> any)
Implies call-with-snake-oil-chf-trust.
setting
setting
DENXI_TRUST_UNSIGNED : boolean? = #f
setting
setting
DENXI_TRUST_PUBLIC_KEYS : (listof well-formed-integrity?) = ()
15.1 Signature Checking Primitives
(require denxi/signature/base) | package: denxi |
A digest as unencoded bytes
A symbol representing the name of the cryptographic hash function used to create the first argument.
A private key of some encoding.
A password for the private key, or #f if there is no password.
A digest as unencoded bytes
A symbol representing the name of the cryptographic hash function used to create the first argument.
A public key of some encoding.
An unencoded signature
Allowing #f in the arguments is intentional due to the possibility of missing information.
procedure
(check-signature #:trust-public-key? trust-public-key? #:trust-unsigned trust-unsigned #:verify-signature verify-signature #:trust-bad-digest trust-bad-digest sig int) → symbol? trust-public-key? : (-> input-port? any/c) trust-unsigned : any/c verify-signature : verify-signature/c trust-bad-digest : any/c sig : (or/c #f signature?) int : (or/c #f integrity?)
'skip and 'skip-unsigned are not equivalent. check-signature only handles a lack of a signature when sig or int is malformed.
Returns
'skip if the check was skipped.
'signature-verified when trusting the public key and the signature.
'signature-unverified when trusting the public key but not the signature.
'blocked-public-key when distrusting the public key.
'unsigned if sig or int are missing too much information to conclude that a signature is present.
'skip-unsigned is a combination of 'skip and 'unsigned. int and/or sig are missing information, but this is considered permissable when trust-unsigned is #t.
If (signature-ffi-available?!) is #t, the default value is signature-ffi-verify-signature. Otherwise, (const #f).
15.2 Signature Checking FFI
(require denxi/signature/ffi) | package: denxi |
denxi/signature/ffi is a private module that defines FFI bindings for a bundled library.
procedure
procedure
procedure
procedure
Each call must be paired with a call to the function returned from (signature-ffi-get-end-signature!).
procedure
procedure
15.2.1 Signature Foreign Functions
To be included.
15.3 Signature Prototyping
(require denxi/signature/snake-oil) | package: denxi |
value
value
value
Each key is PEM-encoded.
Use only for prototyping signature creation and verification. Distrust for all other purposes.