generate_keyset.sh

#!/bin/sh
# Usage: ./generate_keyset.sh keyset_location
# Example: ./generate_keyset.sh /home/foobar
#  Will create /home/foobar/rsa_sign and /home/foobar/rsa_sign.pub

BASE_PATH=$1

RSA_PRIV=$BASE_PATH/rsa_sign
RSA_PUB=$BASE_PATH/rsa_sign.pub

if [ ! -d "$BASE_PATH" ]; then
    echo "Base path $BASE_PATH is not a valid directory."
    exit 1;
fi

if [ -d "$RSA_PRIV" ]; then
    echo "$RSA_PRIV already exists, couldn't overwrite."
    exit 2;
fi

if [ -d "$RSA_PUB" ]; then
    echo "$RSA_PUB already exists, couldn't overwrite."
    exit 2;
fi

mkdir -p $RSA_PRIV
mkdir -p $RSA_PUB

# Create new key set
python keyczart.py create --location=$RSA_PRIV --purpose=sign --asymmetric=rsa
# Add two new keys
python keyczart.py addkey --location=$RSA_PRIV --size=1024
python keyczart.py addkey --location=$RSA_PRIV
# Promote the second one to PRIMARY
python keyczart.py promote --location=$RSA_PRIV --version=2
# Export the public key associated with this RSA key
python keyczart.py pubkey --location=$RSA_PRIV --destination=$RSA_PUB

rsa_sign.py

# Example:
# $ ./generate_keyset.sh /home/foobar
# $ python rsa_sign.py /home/foobar/rsa_sign /home/foobar/rsa_sign.pub
import sys
import keyczar

priv_key = sys.argv[1]
pub_key = sys.argv[2]
msg = 'A simple message to sign'

# Signer side
signer = keyczar.Signer.Read(priv_key)
signature = signer.Sign(msg)
print('signature: %s' % signature)

# Verifier side
verifier = keyczar.Verifier.Read(pub_key)
res = verifier.Verify(msg, signature)
print('signature is valid: %s' % res)