You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
tailscale/clientupdate/distsign
Andrew Lytvynov d45af7c66f
release/dist/cli: add sign-key and verify-key-signature commands (#9041)
Now we have all the commands to generate the key hierarchy and verify
that signing keys were signed correctly:
```
$ ./tool/go run ./cmd/dist gen-key --priv-path root-priv.pem --pub-path root-pub.pem --root
wrote private key to root-priv.pem
wrote public key to root-pub.pem

$ ./tool/go run ./cmd/dist gen-key --priv-path signing-priv.pem --pub-path signing-pub.pem --signing
wrote private key to signing-priv.pem
wrote public key to signing-pub.pem

$ ./tool/go run ./cmd/dist sign-key --root-priv-path root-priv.pem --sign-pub-path signing-pub.pem
wrote signature to signature.bin

$ ./tool/go run ./cmd/dist verify-key-signature --root-pub-path root-pub.pem --sign-pub-path signing-pub.pem --sig-path signature.bin
signature ok
```

Updates #8760

Signed-off-by: Andrew Lytvynov <awly@tailscale.com>
1 year ago
..
roots clientupdate/distsign: use distinct PEM types for root/signing keys (#9045) 1 year ago
distsign.go release/dist/cli: add sign-key and verify-key-signature commands (#9041) 1 year ago
distsign_test.go clientupdate/distsign: use distinct PEM types for root/signing keys (#9045) 1 year ago
roots.go clientupdate/distsign: use distinct PEM types for root/signing keys (#9045) 1 year ago
roots_test.go clientupdate/distsign: add new library for package signing/verification (#8943) 1 year ago