这是indexloc提供的服务,不要输入任何密码
Skip to content

Add termux-keystore #33

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Sep 27, 2018
Merged

Add termux-keystore #33

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
126 changes: 126 additions & 0 deletions scripts/termux-keystore
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,126 @@
#!/data/data/com.termux/files/usr/bin/sh
set -e -u

readonly CMD_BASE="/data/data/com.termux/files/usr/libexec/termux-api Keystore"

SCRIPTNAME=termux-keystore
show_usage () {
echo "Usage: $SCRIPTNAME command"
echo "These commands are supported:"
echo " list [-d]"
echo " delete <alias>"
echo " generate <alias> [-a alg] [-s size] [-u validity]"
echo " sign <alias> <algorithm>"
echo " verify <alias> <algorithm> <signature>"
echo
echo "list: List the keys stored inside the keystore."
echo " -d Detailed results (includes key parameters)."
echo
echo "delete: Permanently delete a given key from the keystore."
echo " alias Alias of the key to delete."
echo
echo "generate: Create a new key inside the hardware keystore."
echo " alias Alias of the key."
echo " -a alg Algorithm to use (either 'RSA' or 'EC'). Defaults to RSA."
echo " -s size Key size to use. For RSA, the options are 2048, 3072"
echo " and 4096. For EC, the options are 256, 384 and 521."
echo " -u validity User validity duration in seconds. Omit to disable."
echo " When enabled, the key can only be used for the"
echo " duration specified after the device unlocks. After"
echo " the duration has passed, the user needs to re-lock"
echo " and unlock the device again to be able to use this key."
echo
echo "sign: Sign using the given key, the data is read from stdin and the"
echo "signature is output to stdout."
echo " alias Alias of the key to use for signing."
echo " algorithm Algorithm to use, e.g. 'SHA256withRSA'. This should"
echo " match the algorithm of the key."
echo
echo "verify: Verify a signature. The data (original file) is read from stdin."
echo " alias Alias of the key to use for verify."
echo " algorithm Algorithm that was used to sign this data."
echo " signature Signature file to use in verification."
}


check_args () {
if [ "$2" != "$3" ]; then
echo "$SCRIPTNAME: $1 needs exactly $2 arguments"
exit 1
fi
}

list_keys () {
if [ "$#" -gt 0 ] && [ "$1" = "-d" ]; then
$CMD_BASE -e command list --ez detailed true
else
$CMD_BASE -e command list
fi
}

delete_key () {
check_args delete 1 $#
$CMD_BASE -e command delete -e alias "$1"
}

sign_data () {
check_args sign 2 $#
$CMD_BASE -e command sign -e alias "$1" -e algorithm "$2" | base64 -d
}

verify_data () {
check_args verify 3 $#
$CMD_BASE -e command verify -e alias "$1" -e algorithm "$2" \
-e signature "$(realpath "$3")"
}

generate_key () {
if [ $# -lt 1 ]; then
echo "$SCRIPTNAME generate: alias argument is required"
exit 1
fi
ALIAS=$1; shift
ALGORITHM=RSA; SIZE=-1; CURVE=secp256r1; VALIDITY=0
while getopts a:s:c:u: NAME; do
case "$NAME" in
a) ALGORITHM=$OPTARG ;;
s) SIZE=$OPTARG ;;
u) VALIDITY=$OPTARG ;;
?) ;;
esac
done

if [ "$ALGORITHM" = "RSA" ]; then
case "$SIZE" in
-1) SIZE=2048 ;;
2048|3072|4096) ;;
*) echo "$SCRIPTNAME: invalid RSA key size $SIZE"; exit 1 ;;
esac
elif [ "$ALGORITHM" = "EC" ]; then
case "$SIZE" in
-1|256) CURVE=secp256r1 ;;
384) CURVE=secp384r1 ;;
521) CURVE=secp521r1 ;;
*) echo "$SCRIPTNAME: invalid EC key size $SIZE"; exit 1 ;;
esac
else
echo "$SCRIPTNAME: invalid algorithm $ALGORITHM"; exit 1
fi

# purpose 12 is SIGN+VERIFY
$CMD_BASE -e command generate -e alias "$ALIAS" -e algorithm "$ALGORITHM" \
--ei purposes 12 --esa digests SHA-1,SHA-256,SHA-384,SHA-512 \
--ei size "$SIZE" -e curve "$CURVE" --ei validity "$VALIDITY"
}

ACTION="${1-}"
if [ "$#" -gt 0 ]; then shift; fi

case "$ACTION" in
list) list_keys "$@" ;;
generate) generate_key "$@" ;;
delete) delete_key "$@" ;;
sign) sign_data "$@" ;;
verify) verify_data "$@" ;;
*) show_usage ;;
esac