[bug#32399] [PATCH] gnu: Add asignify.

[bug#32399] [PATCH] gnu: Add asignify.

[Leo Famulari]

I wonder if we should mark this program as "experimental" or "not
audited?" It includes the features I'd like to have in a tool for
signing and authenticated encryption, but it hasn't received much
cryptanalytic attention, from what I can tell.

* gnu/packages/crypto.scm (asignify): New variable.
---
 gnu/packages/crypto.scm | 37 +++++++++++++++++++++++++++++++++++++
 1 file changed, 37 insertions(+)

diff --git a/gnu/packages/crypto.scm b/gnu/packages/crypto.scm
index 730895efd..00fa1e8d2 100644
--- a/gnu/packages/crypto.scm
+++ b/gnu/packages/crypto.scm
@@ -813,3 +813,40 @@ which is also used in the Advanced Encryption Standard (AES, see
 @url{http://www.nist.gov/aes}).  This cipher is believed to provide very strong
 security.")
     (license license:gpl2)))
+
+(define-public asignify
+  (let ((commit "f58e7977a599f040797975d649ed318e25cbd2d5")
+        (revision "0"))
+    (package
+      (name "asignify")
+      (version (git-version "1.1" revision commit))
+      (source (origin
+                (method git-fetch)
+                (uri (git-reference
+                       (url "https://github.com/vstakhov/asignify.git")
+                       (commit commit)))
+                (sha256
+                 (base32
+                  "1zl68qq6js6fdahxzyhvhrpyrwlv8c2zhdplycnfxyr1ckkhq8dw"))))
+      (build-system gnu-build-system)
+      (arguments
+       `(#:configure-flags
+         (list "--enable-openssl"
+               (string-append "--with-openssl="
+                              (assoc-ref %build-inputs "openssl")))))
+      (native-inputs
+       `(("autoconf" ,autoconf)
+         ("automake" ,automake)
+         ("libtool" ,libtool)))
+      (inputs
+       `(("openssl" ,openssl-next)))
+      (home-page "https://github.com/vstakhov/asignify")
+      (synopsis "Cryptographic authentication and encryption tool and library")
+      (description "Asignify offers public cryptographic signatures and
+encryption with a library or a command-line tool.  The tool is heavily inspired
+by signify as used in OpenBSD.  The main goal of this project is to define a
+high level API for signing files, validating signatures and encrypting using
+public-key cryptography.  Asignify is designed to be portable and self-contained
+with zero external dependencies.  Asignify can verify OpenBSD signatures, but it
+cannot sign messages in OpenBSD format yet.")
+      (license license:bsd-2))))
-- 
2.18.0

[bug#32399] [PATCH] gnu: Add asignify.

[Alex ter Weele]

asignify appears to embed tweetnacl and blake2. Is that a concern?

[bug#32399] [PATCH] gnu: Add asignify.

[Leo Famulari]

[-- Attachment #1: Type: text/plain, Size: 593 bytes --]

On Wed, Aug 08, 2018 at 01:39:02PM -0500, Alex ter Weele wrote:
> asignify appears to embed tweetnacl and blake2. Is that a concern?

Tweetnacl is intended to be embedded: "TweetNaCl is a self-contained
public-domain C library, so it can easily be integrated into
applications."

https://tweetnacl.cr.yp.to/

BLAKE2 is designed in a similar way, although they also offer a "full"
package with a build system, libb2. Looking at the list of users on
their web site, we already have lots of packages that embed BLAKE2. From
what I can tell, asignify doesn't use libb2.

https://github.com/BLAKE2

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

bug#32399: Acknowledgement ([PATCH] gnu: Add asignify.)

[Leo Famulari]

[-- Attachment #1: Type: text/plain, Size: 51 bytes --]

Pushed as de15ff1a6c319a46046093d26baa6117c6a22e73

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]