community.crypto.openssl_signature_info – Verify signatures with openssl

From Get docs
Ansible/docs/2.11/collections/community/crypto/openssl signature info module


community.crypto.openssl_signature_info – Verify signatures with openssl

Note

This plugin is part of the community.crypto collection (version 1.4.0).

To install it use: ansible-galaxy collection install community.crypto.

To use it in a playbook, specify: community.crypto.openssl_signature_info.


New in version 1.1.0: of community.crypto


Synopsis

  • This module allows one to verify a signature for a file by a certificate.
  • The module can use the cryptography Python library, or the pyOpenSSL Python library. By default, it tries to detect which one is available. This can be overridden with the select_crypto_backend option. Please note that the PyOpenSSL backend was deprecated in Ansible 2.9 and will be removed in community.crypto 2.0.0.

Requirements

The below requirements are needed on the host that executes this module.

  • Either cryptography >= 1.4 (some key types require newer versions)
  • Or pyOpenSSL >= 0.11 (Ed25519 and Ed448 keys are not supported with this backend)

Parameters

Parameter Choices/Defaults Comments

certificate_content

string

The content of the certificate used to verify the signature.

Either certificate_path or certificate_content must be specified, but not both.

certificate_path

path

The path to the certificate used to verify the signature.

Either certificate_path or certificate_content must be specified, but not both.

path

path / required

The signed file to verify.

This file will only be read and not modified.

select_crypto_backend

string

  • auto

  • cryptography
  • pyopenssl

Determines which crypto backend to use.

The default choice is auto, which tries to use cryptography if available, and falls back to pyopenssl.

If set to pyopenssl, will try to use the pyOpenSSL library.

If set to cryptography, will try to use the cryptography library.

signature

string / required

Base64 encoded signature.



Notes

Note

  • When using the cryptography backend, the following key types require at least the following cryptography version: RSA keys: cryptography >= 1.4 DSA and ECDSA keys: cryptography >= 1.5 ed448 and ed25519 keys: cryptography >= 2.6
  • Supports check_mode.


See Also

See also

community.crypto.openssl_signature
The official documentation on the community.crypto.openssl_signature module.
community.crypto.x509_certificate
The official documentation on the community.crypto.x509_certificate module.


Examples

- name: Sign example file
  community.crypto.openssl_signature:
    privatekey_path: private.key
    path: /tmp/example_file
  register: sig

- name: Verify signature of example file
  community.crypto.openssl_signature_info:
    certificate_path: cert.pem
    path: /tmp/example_file
    signature: "{{ sig.signature }}"
  register: verify

- name: Make sure the signature is valid
  assert:
    that:
      - verify.valid

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key Returned Description

valid

boolean

success

true means the signature was valid for the given file, false means it was not.





Authors

  • Patrick Pichler (@aveexy)
  • Markus Teufelberger (@MarkusTeufelberger)

© 2012–2018 Michael DeHaan
© 2018–2021 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.11/collections/community/crypto/openssl_signature_info_module.html


Retrieved from "https://getdocs.org/index.php?title=Ansible/docs/2.11/collections/community/crypto/openssl_signature_info_module&oldid=61559"
Powered by MediaWiki