Try SpotterVerify signatures with openssl
| "added in version" 1.1.0 of community.crypto"
Authors: Patrick Pichler (@aveexy), Markus Teufelberger (@MarkusTeufelberger)
Install with ansible-galaxy collection install community.crypto:==2.18.0
collections:
- name: community.crypto
version: 2.18.0This module allows one to verify a signature for a file by a certificate.
The module uses the cryptography Python library.
- name: Sign example file
community.crypto.openssl_signature:
privatekey_path: private.key
path: /tmp/example_file
register: sig
- name: Verify signature of example file
community.crypto.openssl_signature_info:
certificate_path: cert.pem
path: /tmp/example_file
signature: "{{ sig.signature }}"
register: verify
- name: Make sure the signature is valid
ansible.builtin.assert:
that:
- verify.valid
path:
description:
- The signed file to verify.
- This file will only be read and not modified.
required: true
type: path
signature:
description: Base64 encoded signature.
required: true
type: str
certificate_path:
description:
- The path to the certificate used to verify the signature.
- Either O(certificate_path) or O(certificate_content) must be specified, but not
both.
type: path
certificate_content:
description:
- The content of the certificate used to verify the signature.
- Either O(certificate_path) or O(certificate_content) must be specified, but not
both.
type: str
select_crypto_backend:
choices:
- auto
- cryptography
default: auto
description:
- Determines which crypto backend to use.
- The default choice is V(auto), which tries to use C(cryptography) if available.
- If set to V(cryptography), will try to use the L(cryptography,https://cryptography.io/)
library.
type: str
valid:
description: V(true) means the signature was valid for the given file, V(false)
means it was not.
returned: success
type: bool