Is a python script to help make airgapped signatures with Krux devices. It also can verify the signatures.
The project is a suite with two platform specific built softwares:
ksigner-cli-<platform>: is already able to sign and verify files with a CLI.ksigner-gui-<platform>: is already able to sign and verify files with a GUI.
Where <platform> can be one of the targets:
linux;win.exe;mac
git clone https://github.com/selfcustody/krux-file-signer.gitThis flow was made by odudex and is a helper of usage and development.
Figure 1: Workflow of usage and development
The ksigner suite is built as Python scripts with its dependencies
managed by poetry
Install python-poetry
Linux:
- pip:
pip install poetry - debian-like:
sudo apt-get -y install python3-poetry - archlinux-like:
sudo pacman -S python-poetry - fedora:
sudo dnf -y install poetry
MacOS (TODO) Windows (TODO)
Before proceed you will need to install a dependency for pyzbar; in linux
it's libzbar0 (see this):
Linux:
- debian-like:
sudo apt-get install -y libzbar0 - archlinux-like:
sudo pacman -S zbar - fedora:
sudo dnf -y install zbar-libs
MacOS
mkdir ~/lib
ln -s $(brew --prefix zbar)/lib/libzbar.dylib ~/lib/libzbar.dylib Windows (TODO)
This will also install all development tools so that you can run pylint, format code with black, and build an agnostic OS executable.
poetry installUse this everytime you want to add a dependency.
poetry lock --no-update`poetry run black ./srcpoetry run pylint ./srcTo run the suite as python scripts, you will need to use poetry correctly:
poetry run python src/ksigner-cli.py [args...]poetry run python src/ksigner-gui.pyksigner intends to be Operating System agnostic.
To achieve this goal, the project requires the correct use of pyinstaller:
poetry run poe buildWill generate a platform specific executable placed on dist/ksigner-<cli|gui>-<platform>
Running ./dist/ksigner-cli-<platform> --help will show:
usage: ksigner-cli [-h] [-v] [-l LOGLEVEL] {sign,verify} ...
This python script is a tool to create air-gapped signatures of files using Krux, converting hexadecimal public keys exported from Krux to public key certificates in base64 format, in a way that signatures can be verified using
openssl.
positional arguments:
{sign,verify} sub-command help
sign sign a file
verify verify signature
options:
-h, --help show this help message and exit
-v, --version shows version
-l LOGLEVEL, --log LOGLEVEL
log output (info|warning|debug|error, defaults to 'info')Running ./dist/ksigner-cli-<platform> sign --help, will show:
usage: ksigner-cli sign [-h] [-f FILE] [-o OWNER] [-u]
options:
-h, --help show this help message and exit
-f FILE, --file FILE path to file to sign
-o OWNER, --owner OWNER
the owner's name of public key certificate, i.e, the .pem file (default: 'pubkey')
-u, --uncompressed flag to create a uncompreesed public key (default: False)Running ./dist/ksigner-cli-<platform> verify --help, will show:
usage: ksigner-cli verify [-h] [-f FILE] [-s SIG_FILE] [-p PUB_FILE]
options:
-h, --help show this help message and exit
-f FILE, --file FILE path to file to verify
-s SIG_FILE, --sig-file SIG_FILE
path to signature file
-p PUB_FILE, --pub-file PUB_FILE
path to pubkey fileFor normal usage, simple run:
./dist/ksigner-gui-platformYou can add a LOG_LEVEL environment variable to increase verbosity:
LOG_LEVEL=info ./dist/ksigner-gui-<platform>
LOG_LEVEL=warning ./dist/ksigner-gui-<platform>
LOG_LEVEL=debug ./dist/ksigner-gui-<platform>