/** * Execute the start command, which will start a new hangar session. * * @param array $args * @return bool * @throws \Error */ public function fire(array $args = []) : bool { $file = $this->selectFile($args[0] ?? ''); if (!isset($this->config['salt']) && \count($args) < 2) { throw new \Error('No salt configured or passed'); } if (\count($args) > 2) { switch (\strtolower($args[2])) { case 'fast': case 'i': case 'interactive': case 'weak': $level = KeyFactory::INTERACTIVE; break; case 'm': case 'signing': case 'moderate': $level = KeyFactory::MODERATE; break; default: $level = KeyFactory::SENSITIVE; break; } } elseif (isset($this->config['keytype'])) { switch ($this->config['keytype']) { case 'fast': case 'i': case 'interactive': case 'weak': $level = KeyFactory::INTERACTIVE; break; case 'm': case 'signing': case 'moderate': $level = KeyFactory::MODERATE; break; default: $level = KeyFactory::SENSITIVE; break; } } else { $level = KeyFactory::SENSITIVE; } $salt = \Sodium\hex2bin($args[1] ?? $this->config['salt']); echo 'Generating a signature for: ', $file, "\n"; $password = $this->silentPrompt('Enter password: '******'false' in version 2.0.0 (with Halite 3) $sign_kp = KeyFactory::deriveSignatureKeyPair($password, $salt, false, $level); if (!$sign_kp instanceof SignatureKeyPair) { throw new \Error('Error during key derivation'); } $signature = File::sign($file, $sign_kp->getSecretKey()); if (isset($this->history)) { $this->config['build_history']['signed'] = true; } \file_put_contents($file . '.sig', $signature); echo 'File signed: ' . $file . '.sig', "\n"; echo 'Public key: ' . \Sodium\bin2hex($sign_kp->getPublicKey()->getRawKeyMaterial()), "\n"; return true; }
/** * Sign a motif * * @param array $manifest * @param string $path */ protected function signMotif(array $manifest, string $path) { $zipName = $manifest['supplier'] . '.' . $manifest['name'] . '.zip'; $sign_secret = $this->signPreamble($manifest); // This is the actual signing part. $signature = File::sign($path . '/dist/' . $zipName, $sign_secret); // We no longer need this, so unset it. Halite will zero the buffer for us. unset($sign_secret); $res = \file_put_contents($path . '/dist/' . $zipName . '.ed25519.sig', $signature); if ($res !== false) { echo 'Signed: ', $path, '/dist/', $zipName, '.ed25519.sig', "\n"; exit(0); } }