search

cloudflare / plexi

Your Key Transparency auditor companion
https://developers.cloudflare.com/key-transparency
Apache License 2.0
14 stars 3 forks source link

Offline signature verification subcommand #12

Open henrywang8atfbdotcom opened 1 month ago

henrywang8atfbdotcom commented 1 month ago

Are there any plans to extend the CLI with a subcommand that verifies a pre-obtained SignatureResponse (either input as JSON or its constituents). Such that the flow would be completely offline. 

cli verify \
--version 1 \
--namespace ns \
--epoch 1 \
--digest abc \
--signature bcd \
thibmeu commented 1 month ago

this would be a good addition. I think the cli should rather be consuming the signature from stdin or a path, allowing chaining with curl for instance, or a json output should this be done at some point.

curl 'https://plexi.key-transparency.cloudflare.com/namespaces/{namespace}/audits/{epoch}' | plexi verify --publickey '<hex>'
henrywang8atfbdotcom commented 1 month ago

That would be great! Right, stdin or json input file would be more practical than passing in the constituents.

henrywang8atfbdotcom commented 1 week ago

Do you think we can get this feature in the next version upgrade, whenever that is? Just wanted to avoid keeping internal patches.

thibmeu commented 2 days ago

yes. I'll take a look