From 2a69f39e4b49750cc5e72ab0843d63b03d1ca10e Mon Sep 17 00:00:00 2001
From: stephen mcquay <stephen@mcquay.me>
Date: Sun, 25 Feb 2018 19:56:04 -0800
Subject: [PATCH] Adds pm keyring verify <file> <sig>

---
 cmd/pm/main.go     | 19 +++++++++++++++++++
 keyring/keyring.go | 16 ++++++++++++++++
 2 files changed, 35 insertions(+)

diff --git a/cmd/pm/main.go b/cmd/pm/main.go
index 2376163..d808a5a 100644
--- a/cmd/pm/main.go
+++ b/cmd/pm/main.go
@@ -23,6 +23,7 @@ subcommands:
   import      (i)  -- import a public key from stdin
   list        (ls) --  list configured key info
   sign        (s)  -- sign a file
+  verify      (v)  -- verify a detached signature
 `
 
 func main() {
@@ -91,6 +92,24 @@ func main() {
 			if err := keyring.Sign(root, signID, os.Stdin, os.Stdout); err != nil {
 				fatalf("signing: %v\n", err)
 			}
+		case "verify", "v":
+			if len(args) != 2 {
+				fatalf("usage: pm key verify <file> <sig>\n")
+			}
+			fn, sn := args[0], args[1]
+			ff, err := os.Open(fn)
+			if err != nil {
+				fatalf("opening %q: %v\n", fn, err)
+			}
+			defer ff.Close()
+			sf, err := os.Open(sn)
+			if err != nil {
+				fatalf("opening %q: %v\n", fn, err)
+			}
+			defer sf.Close()
+			if err := keyring.Verify(root, ff, sf); err != nil {
+				fatalf("detached sig verify: %v\n", err)
+			}
 		case "i", "import":
 			if err := keyring.Import(root, os.Stdin); err != nil {
 				fatalf("importing key: %v\n", err)
diff --git a/keyring/keyring.go b/keyring/keyring.go
index 3ec5558..2385336 100644
--- a/keyring/keyring.go
+++ b/keyring/keyring.go
@@ -204,6 +204,22 @@ func Sign(root, id string, in io.Reader, sig io.Writer) error {
 	return nil
 }
 
+// Verify verifies a file's deatched signature.
+func Verify(root string, file, sig io.Reader) error {
+	if err := ensureDir(root); err != nil {
+		return errors.Wrap(err, "can't find or create pgp dir")
+	}
+	srn, prn := getNames(root)
+	_, pubs, err := getELs(srn, prn)
+	if err != nil {
+		return errors.Wrap(err, "getting existing keyrings")
+	}
+	if _, err = openpgp.CheckArmoredDetachedSignature(pubs, file, sig); err != nil {
+		return errors.Wrap(err, "check sig")
+	}
+	return nil
+}
+
 func pGPDir(root string) string {
 	return filepath.Join(root, "var", "lib", "pm", "pgp")
 }