summaryrefslogtreecommitdiff
path: root/guix/pki.scm
diff options
context:
space:
mode:
Diffstat (limited to 'guix/pki.scm')
-rw-r--r--guix/pki.scm23
1 files changed, 22 insertions, 1 deletions
diff --git a/guix/pki.scm b/guix/pki.scm
index 5e4dbadd35..4b90b65a13 100644
--- a/guix/pki.scm
+++ b/guix/pki.scm
@@ -29,8 +29,12 @@
current-acl
public-keys->acl
acl->public-keys
+ authorized-key?
+
signature-sexp
- authorized-key?))
+ signature-subject
+ signature-signed-data
+ valid-signature?))
;;; Commentary:
;;;
@@ -136,4 +140,21 @@ PUBLIC-KEY (see <http://theworld.com/~cme/spki.txt> for examples.)"
(canonical-sexp->string (sign data secret-key))
(canonical-sexp->string public-key))))
+(define (signature-subject sig)
+ "Return the signer's public key for SIG."
+ (find-sexp-token sig 'public-key))
+
+(define (signature-signed-data sig)
+ "Return the signed data from SIG, typically an sexp such as
+ (hash \"sha256\" #...#)."
+ (find-sexp-token sig 'data))
+
+(define (valid-signature? sig)
+ "Return #t if SIG is valid."
+ (let* ((data (signature-signed-data sig))
+ (signature (find-sexp-token sig 'sig-val))
+ (public-key (signature-subject sig)))
+ (and data signature
+ (verify signature data public-key))))
+
;;; pki.scm ends here
generated by cgit v1.2.3 (git 2.25.4) at 2024-06-16 11:03:04 +0000