Is a python script to help make airgapped signatures with Krux devices. It also can verify the signatures.
The project is a suite with two platform specific built softwares:
ksigner-cli-<platform>
: is already able to sign and verify files with a CLI.ksigner-gui-<platform>
: is already able to sign and verify files with a GUI.
Where <platform>
can be one of the targets:
linux
;win.exe
;mac
git clone https://github.com/selfcustody/krux-file-signer.git
This flow was made by odudex and is a helper of usage and development.
The ksigner
suite is built as Python scripts with its dependencies
managed by poetry
Install python-poetry
Linux:
- pip:
pip install poetry
- debian-like:
sudo apt-get -y install python3-poetry
- archlinux-like:
sudo pacman -S python-poetry
- fedora:
sudo dnf -y install poetry
MacOS (TODO) Windows (TODO)
Before proceed you will need to install a dependency for pyzbar; in linux
it's libzbar0
(see this):
Linux:
- debian-like:
sudo apt-get install -y libzbar0
- archlinux-like:
sudo pacman -S zbar
- fedora:
sudo dnf -y install zbar-libs
MacOS
mkdir ~/lib
ln -s $(brew --prefix zbar)/lib/libzbar.dylib ~/lib/libzbar.dylib
Windows (TODO)
This will also install all development tools so that you can run pylint, format code with black, and build an agnostic OS executable.
poetry install
Use this everytime you want to add a dependency.
poetry lock --no-update`
poetry run black ./src
poetry run pylint ./src
To run the suite as python scripts, you will need to use poetry correctly:
poetry run python src/ksigner-cli.py [args...]
poetry run python src/ksigner-gui.py
ksigner
intends to be Operating System agnostic.
To achieve this goal, the project requires the correct use of pyinstaller:
poetry run poe build
Will generate a platform specific executable placed on dist/ksigner-<cli|gui>-<platform>
Running ./dist/ksigner-cli-<platform> --help
will show:
usage: ksigner-cli [-h] [-v] [-l LOGLEVEL] {sign,verify} ...
This python script is a tool to create air-gapped signatures of files using Krux, converting hexadecimal public keys exported from Krux to public key certificates in base64 format, in a way that signatures can be verified using
openssl.
positional arguments:
{sign,verify} sub-command help
sign sign a file
verify verify signature
options:
-h, --help show this help message and exit
-v, --version shows version
-l LOGLEVEL, --log LOGLEVEL
log output (info|warning|debug|error, defaults to 'info')
Running ./dist/ksigner-cli-<platform> sign --help
, will show:
usage: ksigner-cli sign [-h] [-f FILE] [-o OWNER] [-u]
options:
-h, --help show this help message and exit
-f FILE, --file FILE path to file to sign
-o OWNER, --owner OWNER
the owner's name of public key certificate, i.e, the .pem file (default: 'pubkey')
-u, --uncompressed flag to create a uncompreesed public key (default: False)
Running ./dist/ksigner-cli-<platform> verify --help
, will show:
usage: ksigner-cli verify [-h] [-f FILE] [-s SIG_FILE] [-p PUB_FILE]
options:
-h, --help show this help message and exit
-f FILE, --file FILE path to file to verify
-s SIG_FILE, --sig-file SIG_FILE
path to signature file
-p PUB_FILE, --pub-file PUB_FILE
path to pubkey file
For normal usage, simple run:
./dist/ksigner-gui-platform
You can add a LOG_LEVEL
environment variable to increase verbosity:
LOG_LEVEL=info ./dist/ksigner-gui-<platform>
LOG_LEVEL=warning ./dist/ksigner-gui-<platform>
LOG_LEVEL=debug ./dist/ksigner-gui-<platform>