PKI.sign.tar
appends a signature to a tar file PKI.verify.tar
verifies the signature in a tar file
PKI.sign.tar(tarfile, key, certificate, output = tarfile)
PKI.verify.tar(tarfile, key, silent = FALSE, enforce.cert = FALSE)
PKI.sign.tar
: private key to use for signing;
PKI.verify.tar
: optional, public key to use for verificationkey
. If not present the
signature will only contain the public key.TRUE
then no warning are generatod, otherwise
a warning is issues for failed verification describing the reason
for failureTRUE
then a certificate is required in
the signature. It can be also set to a valid certificate in which
case the public key of the certificate in the signature must also
match the public key in the supplied certificate.PKI.tar.sign
adds extra entry .signature
with the
signature based on the contents of the tarfile
. Note that
any existing signatures are retained. key
is a mandatory
private key used to sign the content. certificate
is optional
but if present, it will be embedded in the signature. The tarfile
can be in compressed form (gzip, bzip2 or xz) in
which case it is decompressed internally before the signature is
applied. If output
is a file name then the same compression is
applied to the output, otherwise the output is uncompressed.
PKI.verify.tar
retrieves the last .signature
entry from
the tar file (if tarfile
is a file name then the same
compression auto-detection is applied as above) and
verifies the signature against either the supplied (public) key
or against the key or certificate stored in the signature. The result
is TRUE
or FALSE
except when enforce.cert
is
set. In that case the result is the certificate contained in the
signature if the validation succeeded (and thus it can be further
verified against a chain of trust), otherwise FALSE
.