GNU bug report logs -
#32399
[PATCH] gnu: Add asignify.
Previous Next
Reported by: Leo Famulari <leo <at> famulari.name>
Date: Wed, 8 Aug 2018 14:35:01 UTC
Severity: normal
Tags: patch
Done: Leo Famulari <leo <at> famulari.name>
Bug is archived. No further changes may be made.
To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 32399 in the body.
You can then email your comments to 32399 AT debbugs.gnu.org in the normal way.
Toggle the display of automated, internal messages from the tracker.
Report forwarded
to
guix-patches <at> gnu.org:
bug#32399; Package
guix-patches.
(Wed, 08 Aug 2018 14:35:01 GMT)
Full text and
rfc822 format available.
Acknowledgement sent
to
Leo Famulari <leo <at> famulari.name>:
New bug report received and forwarded. Copy sent to
guix-patches <at> gnu.org.
(Wed, 08 Aug 2018 14:35:02 GMT)
Full text and
rfc822 format available.
Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):
I wonder if we should mark this program as "experimental" or "not
audited?" It includes the features I'd like to have in a tool for
signing and authenticated encryption, but it hasn't received much
cryptanalytic attention, from what I can tell.
* gnu/packages/crypto.scm (asignify): New variable.
---
gnu/packages/crypto.scm | 37 +++++++++++++++++++++++++++++++++++++
1 file changed, 37 insertions(+)
diff --git a/gnu/packages/crypto.scm b/gnu/packages/crypto.scm
index 730895efd..00fa1e8d2 100644
--- a/gnu/packages/crypto.scm
+++ b/gnu/packages/crypto.scm
@@ -813,3 +813,40 @@ which is also used in the Advanced Encryption Standard (AES, see
@url{http://www.nist.gov/aes}). This cipher is believed to provide very strong
security.")
(license license:gpl2)))
+
+(define-public asignify
+ (let ((commit "f58e7977a599f040797975d649ed318e25cbd2d5")
+ (revision "0"))
+ (package
+ (name "asignify")
+ (version (git-version "1.1" revision commit))
+ (source (origin
+ (method git-fetch)
+ (uri (git-reference
+ (url "https://github.com/vstakhov/asignify.git")
+ (commit commit)))
+ (sha256
+ (base32
+ "1zl68qq6js6fdahxzyhvhrpyrwlv8c2zhdplycnfxyr1ckkhq8dw"))))
+ (build-system gnu-build-system)
+ (arguments
+ `(#:configure-flags
+ (list "--enable-openssl"
+ (string-append "--with-openssl="
+ (assoc-ref %build-inputs "openssl")))))
+ (native-inputs
+ `(("autoconf" ,autoconf)
+ ("automake" ,automake)
+ ("libtool" ,libtool)))
+ (inputs
+ `(("openssl" ,openssl-next)))
+ (home-page "https://github.com/vstakhov/asignify")
+ (synopsis "Cryptographic authentication and encryption tool and library")
+ (description "Asignify offers public cryptographic signatures and
+encryption with a library or a command-line tool. The tool is heavily inspired
+by signify as used in OpenBSD. The main goal of this project is to define a
+high level API for signing files, validating signatures and encrypting using
+public-key cryptography. Asignify is designed to be portable and self-contained
+with zero external dependencies. Asignify can verify OpenBSD signatures, but it
+cannot sign messages in OpenBSD format yet.")
+ (license license:bsd-2))))
--
2.18.0
Information forwarded
to
guix-patches <at> gnu.org:
bug#32399; Package
guix-patches.
(Wed, 08 Aug 2018 18:40:01 GMT)
Full text and
rfc822 format available.
Message #8 received at submit <at> debbugs.gnu.org (full text, mbox):
asignify appears to embed tweetnacl and blake2. Is that a concern?
Information forwarded
to
guix-patches <at> gnu.org:
bug#32399; Package
guix-patches.
(Wed, 08 Aug 2018 19:04:02 GMT)
Full text and
rfc822 format available.
Message #11 received at 32399 <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
On Wed, Aug 08, 2018 at 01:39:02PM -0500, Alex ter Weele wrote:
> asignify appears to embed tweetnacl and blake2. Is that a concern?
Tweetnacl is intended to be embedded: "TweetNaCl is a self-contained
public-domain C library, so it can easily be integrated into
applications."
https://tweetnacl.cr.yp.to/
BLAKE2 is designed in a similar way, although they also offer a "full"
package with a build system, libb2. Looking at the list of users on
their web site, we already have lots of packages that embed BLAKE2. From
what I can tell, asignify doesn't use libb2.
https://github.com/BLAKE2
[signature.asc (application/pgp-signature, inline)]
Reply sent
to
Leo Famulari <leo <at> famulari.name>:
You have taken responsibility.
(Mon, 10 Sep 2018 00:08:02 GMT)
Full text and
rfc822 format available.
Notification sent
to
Leo Famulari <leo <at> famulari.name>:
bug acknowledged by developer.
(Mon, 10 Sep 2018 00:08:02 GMT)
Full text and
rfc822 format available.
Message #16 received at 32399-done <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
Pushed as de15ff1a6c319a46046093d26baa6117c6a22e73
[signature.asc (application/pgp-signature, inline)]
bug archived.
Request was from
Debbugs Internal Request <help-debbugs <at> gnu.org>
to
internal_control <at> debbugs.gnu.org.
(Mon, 08 Oct 2018 11:24:05 GMT)
Full text and
rfc822 format available.
This bug report was last modified 6 years and 256 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.