keys-pub / keys-ext

Extensions and experiments.
https://keys.pub
Other
65 stars 6 forks source link

CLI signature verification output #13

Open BTBurke opened 4 years ago

BTBurke commented 4 years ago

Hi @gabriel

I want to use keys to sign a SHA256 hash of a binary, but the UX seems off to me. As far as I can tell so far, there is no output when the signature is successfully verified. The only obvious sign that it did something is a 0 exit code.

I started with this:

sha256sum mybinary | keys sign -s btburke@github -m armor,detached > mybinary.sig

Then verified with this:

sha256sum mybinary | keys verify -s btburke@github -x mybinary.sig

That works, because I get "verify failed" if I make a change to the binary.

But, from a user experience perspective I think it would inspire more confidence if a successful verification also had something on stdout, with maybe a -q, --quiet flag to only look at the return code.

gabriel commented 4 years ago

Yeah adding in a --quiet option sounds like a good idea.

BTBurke commented 4 years ago

I think the bigger issue is the lack of any output when you verify something. For example, if I sign a file with minisign, I get a nice console output saying that the signature is valid, time, comment, etc.

$ minisign -V -m test.txt
Signature and comment signature verified
Trusted comment: timestamp:1589922579   file:test.txt

The other nice thing about the minisign UX is that there is an option to hash large files and then sign the hash instead of the whole file.

gabriel commented 4 years ago

Saltpack sign v2 supports streaming in the case of large files, https://saltpack.org/signing-format-v2.

I haven't looked into supporting comments and time and nicer output but those sound like good improvements.