~fmac/gemisign

Verify integrity of Gemini capsules resources.
d6ff566e — Francesco Camuffo 2 months ago
Initial commit

refs

main
browse  log 

clone

read-only
https://git.sr.ht/~fmac/gemisign
read/write
git@git.sr.ht:~fmac/gemisign

You can also use your local clone with git send-email.

#gemisign

Verify integrity of Gemini capsules resources.

NOTE: at the actual state, this program is pretty bad.


Uses [gmni] (https://git.sr.ht/~sircmpwn/gmni) as Gemini client.

Uses OpenBSD [signify] (https://www.openbsd.org/papers/bsdcan-signify.html). TODO: support GPG.

Basic support for tilde communities. ~username is expected right after the FQDM. If present, a username-specific subdirectory is created in the cache directory.

Checks for key.pub at $XDG_CACHE_HOME/gemisign/<host>/[<~name>/]. If not present, retrieved from gemini://capsule.tld/[~name/].well-known/key.pub and TOFU.

SHA256SUMS and SHA256SUMS.sig are retrieved if not cached || bad signature || bad resource SHASUM.

Doesn't work if the exact URL is not specified. gemini://capsule.tld/index.gmi without index.gmi won't work.

#Build

go build

#Usage

$ gemisign -h
Usage: gemisign [options] URL
Options:
  -h	show help message
  -v	verbose output

Example:
gemisign gemini://capsule.tld/page.gmi