v0.2.0 (#40)

jshawl · Feb 17, 2024 · e97c27d · e97c27d
1 parent 38f2fae
commit e97c27d
Show file tree

Hide file tree

Showing 7 changed files with 32 additions and 8 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -6,9 +6,20 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+## [0.2.0] - 2024-02-17
+
 ### Added
 - Support for changing or removing the password from the private key
 - `minisign` executable
+- `Minisign::PrivateKey#sign` adds a new optional `untrusted_comment` argument
+- Custom error classes:
+  - `Minisign::SignatureVerificationError`
+  - `Minisign::PasswordMissingError`
+  - `Minisign::PasswordIncorrectError`
+
+### Changed
+- `Minisign::PublicKey#verify` now raises `Minisign::SignatureVerificationError` instead of `Ed25519::VerifyError` and specifies whether the global signature or the comment signature failed to verify
+- `Minisign::PrivateKey` now raises `Minisign::PasswordMissingError` or `Minisign::PasswordIncorrectError` instead of `RuntimeError`
 
 ## [0.1.0] - 2024-02-09
 
@@ -45,7 +56,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - This CHANGELOG file to hopefully serve as an evolving example of a
   standardized open source project CHANGELOG.
 
-[Unreleased]: https://github.com/jshawl/minisign/compare/v0.1.0...HEAD
+[Unreleased]: https://github.com/jshawl/minisign/compare/v0.2.0...HEAD
+[0.2.0]: https://github.com/jshawl/minisign/compare/v0.1.0...v0.2.0
 [0.1.0]: https://github.com/jshawl/minisign/compare/v0.0.8...v0.1.0
 [0.0.8]: https://github.com/jshawl/minisign/compare/v0.0.7...v0.0.8
 [0.0.7]: https://github.com/jshawl/minisign/compare/v0.0.6...v0.0.7

diff --git a/Gemfile.lock b/Gemfile.lock
@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    minisign (0.1.0)
+    minisign (0.2.0)
       ed25519 (~> 1.3)
       rbnacl (~> 7.1)
 

diff --git a/README.md b/README.md
@@ -1,6 +1,6 @@
 # Minisign
 
-A rubygem for creating and verifying [Minisign](http://jedisct1.github.io/minisign/) signatures.
+A ruby implemenation of [Minisign](http://jedisct1.github.io/minisign/).
 
 - [Installation \& Usage](#installation--usage)
   - [Read a public key](#read-a-public-key)
@@ -57,7 +57,9 @@ private_key.change_password! nil
 ```rb
 file_path = "example.txt"
 password = "password"
-signature = private_key.sign(file_path, File.read(file_path))
+trusted_comment = "the trusted comment"
+untrusted_comment = "the untrusted comment"
+signature = private_key.sign(file_path, File.read(file_path), trusted_comment, untrusted_comment)
 File.write("#{file_path}.minisig", signature.to_s)
 ```
 

diff --git a/SECURITY.md b/SECURITY.md
@@ -4,7 +4,8 @@
 
 | Version | Supported          |
 | ------- | ------------------ |
-| 0.1.x   | :white_check_mark: |
+| 0.2.x   | :white_check_mark: |
+| 0.1.x   | :x: |
 | 0.0.x   | :x:                |
 
 ## Reporting a Vulnerability

diff --git a/lib/minisign/cli.rb b/lib/minisign/cli.rb
@@ -4,11 +4,15 @@
 
 # rubocop:disable Metrics/ModuleLength
 module Minisign
-  # The command line interface
+  # The command line interface.
+  # This module is _not_ intended for library usage and is subject to
+  # breaking changes.
   module CLI
     # rubocop:disable Metrics/AbcSize
     # rubocop:disable Metrics/MethodLength
     # rubocop:disable Metrics/CyclomaticComplexity
+
+    # Command line usage
     def self.usage
       puts 'Usage:'
       puts 'minisign -G [-f] [-p pubkey_file] [-s seckey_file] [-W]'
@@ -145,6 +149,7 @@ def self.verify(options)
 
       puts options[:Q] ? signature.trusted_comment : verification
     end
+
     # rubocop:enable Metrics/CyclomaticComplexity
     # rubocop:enable Metrics/AbcSize
     # rubocop:enable Metrics/MethodLength

diff --git a/lib/minisign/key_pair.rb b/lib/minisign/key_pair.rb
@@ -5,6 +5,10 @@ module Minisign
   class KeyPair
     include Minisign::Utils
 
+    # Create a new key pair
+    # @param password [String] The password used to encrypt the private key
+    # @example
+    #   Minisign::KeyPair.new("53cr3t P4s5w0rd")
     def initialize(password = nil)
       @password = password
       @key_id = SecureRandom.bytes(8)

diff --git a/minisign.gemspec b/minisign.gemspec
@@ -2,15 +2,15 @@
 
 Gem::Specification.new do |s|
   s.name        = 'minisign'
-  s.version     = '0.1.0'
+  s.version     = '0.2.0'
   s.summary     = 'Minisign, in Ruby!'
   s.description = 'Verify minisign signatures'
   s.authors     = ['Jesse Shawl']
   s.email       = '[email protected]'
   s.files       = Dir['lib/**/*']
   s.executables << 'minisign'
   s.homepage =
-    'https://rubygems.org/gems/minisign'
+    'https://github.com/jshawl/minisign'
   s.license = 'MIT'
   s.add_runtime_dependency 'ed25519', '~> 1.3'
   s.add_runtime_dependency 'rbnacl', '~> 7.1'