community / community.crypto / 2.18.0 / module / openssl_signature_info Verify signatures with openssl | "added in version" 1.1.0 of community.crypto" Authors: Patrick Pichler (@aveexy), Markus Teufelberger (@MarkusTeufelberger)community.crypto.openssl_signature_info (2.18.0) — module
Install with ansible-galaxy collection install community.crypto:==2.18.0
collections: - name: community.crypto version: 2.18.0
This module allows one to verify a signature for a file by a certificate.
The module uses the cryptography Python library.
- name: Sign example file community.crypto.openssl_signature: privatekey_path: private.key path: /tmp/example_file register: sig
- name: Verify signature of example file community.crypto.openssl_signature_info: certificate_path: cert.pem path: /tmp/example_file signature: "{{ sig.signature }}" register: verify
- name: Make sure the signature is valid ansible.builtin.assert: that: - verify.valid
path: description: - The signed file to verify. - This file will only be read and not modified. required: true type: path signature: description: Base64 encoded signature. required: true type: str certificate_path: description: - The path to the certificate used to verify the signature. - Either O(certificate_path) or O(certificate_content) must be specified, but not both. type: path certificate_content: description: - The content of the certificate used to verify the signature. - Either O(certificate_path) or O(certificate_content) must be specified, but not both. type: str select_crypto_backend: choices: - auto - cryptography default: auto description: - Determines which crypto backend to use. - The default choice is V(auto), which tries to use C(cryptography) if available. - If set to V(cryptography), will try to use the L(cryptography,https://cryptography.io/) library. type: str
valid: description: V(true) means the signature was valid for the given file, V(false) means it was not. returned: success type: bool