Free single sign on software for linux

Single Marker Association is a simple tool that calculates the single marker association between individual SNP markers and a case/control dichotomy.
Usage:
The tool reads two files as input, the first is a set of case and the second a case of control haplotypes. The format of the files is one line per haplotype, where the SNP data is represented as 0 or 1, separated by white-space.
- The tool outputs a list of statistics for each marker
- The marker number (from left to right in the input data)
- The frequency of the 0 allele for the cases file
- The chi-square contingency table statistics for the marker
- The CDF of the chi-square statistics
- The p-value of the statistics (1-CDF)
Installation:
The SMA tool is written in C++. It should compile on any Unix like system. To install, download the source code and unpack it (tar xzf sma-v.tar.gz, where v is the version number of sma), then run make in the subdirectory sma-v created during unpacking.
Enhancements:
- Support for (unphased) genotype data.

PGPSigner project is a tool born out of the main virtues of a sysadmin: Lazyness and Impatience. Have you ever been to a PGP key signing party? It is fun, you verify all these ids, check the keys on the party list and then... then you get home. And find out that you have 47 different keys to sign with one or more of your private keys. You will do it tomorrow. Surely.

When I found one of these lists from an event eight months past, I decided that I do not want to do all the work by myself. So PGPSigner was born: Strong cryptography and command line completion in a single application.

This application uses strong cryptography, something that might pose problems for you if you happen to live in a region of the world where this is an issue.

To use this application, you must probably install the "Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files" for the Sun JCE. If you encounter the following error.

java.lang.SecurityException: Unsupported keysize or algorithm parameters.

then this is most likely the problem. Download these for the Sun JDK 1.5 at http://java.sun.com/javase/downloads/index_jdk5.jsp (scroll down to the bottom of the page).

sign is a file signing and signature verification utility. Its main purpose is to be a simple and convenient extension to a tar/gz/bzip2 line of tools to check file integrity and authenticity. Its small and simple, it does just one thing and hopefully does it well.

I needed a tool to digitally sign a bunch of .tar.gz and to allow recepients of the files to easily check, unzip, untar and start enjoying the content as quickly and painlessly as possible.

There are OpenSSL, GnuPG, PGP and others and they are of course perfectly capable of file signing. OpenSSL is probably the most widely spread one and best suited for the role of being a universal signing utility. However the state of affairs is such that OpenSSL as an application is not really used for anything more than generating tarball MD5 hashes. The other packages are plain big and complex for a simple task of file integrity checking. Its like getting a professional sound editing suite instead of a dead-simple .mp3 player. The larger crypto-packages also tend to lack modularity in a sense that to get file signing working I would need to configure a handful of core, but otherwise unrelated settings first. Besides if I am not going to use anything but a signing code, the rest will be sitting there collecting dust, creating untrivial shared libraries dependencies and a general feeling of a wasted disk space.

First of all, sign is a file processing tool, it reads from the files (including stdin) and writes to the files (including stdout). It can be used to attach signatures to the files or to verify and/or strip them.

Between signing and verifying latter will account for a bulk of usage. When checking the signature, sign will check for both integrity and authenticity of the file. An integrity check is done by validating SHA-1 hash embedded into the signature, and an authenticity is ensured by checking signers credentials against a trusted list.

sign adopts OpenSSH-style authentication model, where the trust hierarchy is flat (no certificates), an authentication is done with public keys and the list of trusted keys is grown gradually on as-needed basis.

Every trusted key is associated with a file name prefix called the title. The key can be trusted for signing files, whose name start with keys title. The same key may be associated with more than one title, but not vice versa.

The signature is appended at the end of the file and it carries three bits of information - the title, the public key of the signer and the hash of all preceeding data encrypted with signers private key. The verification is performed as follows:

The filename is checked to start with a title
The hash is decrypted using the public key
The hash is compared to the locally computed value (this ensures integrity)
The title is looked up locally; if its known and associated public key is the same as in the signature, the file is deemed authentic.
Otherwise if the title is known, but the key is different, the file is considered to be signed by untrusted, impersonating party and the check fails.
And lastly, if the title is unknown, the authenticity of the file cannot be established. The user is provided with public key fingerprint, which should be manually authenticated. Then the title and the key are added to the trusted list; and subsequent signatures from the this signer for this particular title will be cleared automatically.

In order to sign files, the signing keypair must first be generated. The keypair is maintained on per-user basis and can be created by running sign with a special command-line flag. The signing process itself is as follows (give or take insignificant details):

Run the filename through a list of owned titles and find the best match. Alternately accept explicit title from the user using one of the command-line flags.
Attach the title, attach public signing key
Compute the hash, encrypt it with private signing key
Attach encrypted hash.

For details on command-line syntax and other operating parameters, please refer to a man page; an online version is here.

Module::Signature is a Perl module signature file manipulation.

SYNOPSIS

As a shell command:
% cpansign # verify an existing SIGNATURE, or
# make a new one if none exists

% cpansign sign # make signature; overwrites existing one
% cpansign -s # same thing

% cpansign verify # verify a signature
% cpansign -v # same thing
% cpansign -v --skip # ignore files in MANIFEST.SKIP

% cpansign help # display this documentation
% cpansign -h # same thing
In programs:
use Module::Signature qw(sign verify SIGNATURE_OK);
sign();
sign(overwrite => 1); # overwrites without asking

# see the CONSTANTS section below
(verify() == SIGNATURE_OK) or die "failed!";

Mail::DKIM::Signature module encapsulates a DKIM signature header.

CONSTRUCTORS

new() - create a new signature from parameters

my $signature = new Mail::DKIM::Signature(
[ Algorithm => "rsa-sha1", ]
[ Signature => $base64, ]
[ Method => "relaxed", ]
[ Domain => "example.org", ]
[ Headers => "from:subject:date:message-id", ]
[ Query => "dns", ]
[ Selector => "alpha", ]
);
parse() - create a new signature from a DKIM-Signature header
my $sig = parse Mail::DKIM::Signature(
"DKIM-Signature: a=rsa-sha1; b=yluiJ7+0=; c=relaxed"
);

Constructs a signature by parsing the provided DKIM-Signature header content. You do not have to include the header name (i.e. "DKIM-Signature:") but it is recommended, so the header name can be preserved and returned the same way in as_string().

Note: The input to this constructor is in the same format as the output of the as_string method.

METHODS

algorithm() - get or set the algorithm (a=) field

The algorithm used to generate the signature. Should be either "rsa-sha1", an RSA-signed SHA-1 digest, or "rsa-sha256", an RSA-signed SHA-256 digest.
See also hash_algorithm().

as_string() - the signature header as a string
print $signature->as_string . "n";

outputs

DKIM-Signature: a=rsa-sha1; b=yluiJ7+0=; c=relaxed

As shown in the example, the as_string method can be used to generate the DKIM-Signature that gets prepended to a signed message.
as_string_without_data() - signature without the signature data

print $signature->as_string_without_data . "n";

outputs

DKIM-Signature: a=rsa-sha1; b=; c=relaxed

This is similar to the as_string() method, but it always excludes the "data" part. This is used by the DKIM canonicalization methods, which require incorporating this part of the signature into the signed message.

body_count() - get or set the body count (l=) field

my $i = $signature->body_count;

Informs the verifier of the number of bytes in the body of the email included in the cryptographic hash, starting from 0 immediately following the CRLF preceding the body. Also known as the l= tag.

When creating a signature, this tag may be either omitted, or set after the selected canonicalization system has received the entire message body (but before it canonicalizes the DKIM-Signature).

body_hash() - get or set the body hash (bh=) field

my $bh = $signature->body_hash;

The hash of the body part of the message. Whitespace is ignored in this value. This tag is required.

When accessing this value, whitespace is stripped from the tag for you.

canonicalization() - get or set the canonicalization (c=) field

$signature->canonicalization("relaxed", "simple");

($header, $body) = $signature->canonicalization;

Message canonicalization (default is "simple/simple"). This informs the verifier of the type of canonicalization used to prepare the message for signing.
In scalar context, this returns header/body canonicalization as a single string separated by /. In list context, it returns a two element array, containing first the header canonicalization, then the body.

domain() - get or set the domain (d=) field

my $d = $signature->domain; # gets the domain value
$signature->domain("example.org"); # sets the domain value

The domain of the signing entity, as specified in the signature. This is the domain that will be queried for the public key.

expiration() - get or set the signature expiration (x=) field

Signature expiration (default is undef, meaning no expiration). The signature expiration, if defined, is an unsigned integer identifying the standard Unix seconds-since-1970 time when the signature will expire.

get_public_key() - fetches the public key referenced by this signature

my $pubkey = $signature->get_public_key;

Public key to fetch is determined by the protocol, selector, and domain fields.

hash_algorithm() - access the hash algorithm specified in this signature

my $hash = $signature->hash_algorithm;

Determines what hashing algorithm is used as part of the signatures specified algorithm.

For algorithm "rsa-sha1", the hash algorithm is "sha1". Likewise, for algorithm "rsa-sha256", the hash algorithm is "sha256". If the algorithm is not recognized, undef is returned.

headerlist() - get or set the signed header fields (h=) field

$signature->headerlist("a:b:c");

my $headerlist = $signature->headerlist;

my @headers = $signature->headerlist;

Signed header fields. A colon-separated list of header field names that identify the header fields presented to the signing algorithm.

In scalar context, the list of header field names will be returned as a single string, with the names joined together with colons. In list context, the header field names will be returned as a list.

identity() - get or set the signing identity (i=) field

my $i = $signature->identity;

Identity of the user or agent on behalf of which this message is signed. The identity has an optional local part, followed by "@", then a domain name. The domain name should be the same as or a subdomain of the domain returned by the domain method.

Ideally, the identity should match the identity listed in the From: header, or the Sender: header, but this is not required to have a valid signature. Whether the identity used is "authorized" to sign for the given message is not determined here.

method() - get or set the canonicalization (c=) field

Message canonicalization (default is "simple"). This informs the verifier of the type of canonicalization used to prepare the message for signing.

protocol() - get or set the query methods (q=) field

A colon-separated list of query methods used to retrieve the public key (default is "dns"). Each query method is of the form "type[/options]", where the syntax and semantics of the options depends on the type.

selector() - get or set the selector (s=) field

The selector subdivides the namespace for the "d=" (domain) tag.

data() - get or set the signature data (b=) field

my $base64 = $signature->data;
$signature->data($base64);

The signature data. Whitespace is automatically stripped from the returned value. The data is Base64-encoded.

prettify() - alters the signature to look "nicer" as an email header

$signature->prettify;

This method may alter the signature in a way that breaks signatures, so it should be done ONLY when the signature is being generated, BEFORE being fed to the canonicalization algorithm.

prettify_safe() - same as prettify() but only touches the b= part

$signature->prettify_safe;

This method will not break the signature, but it only affects the b= part of the signature.

timestamp() - get or set the signature timestamp (t=) field

Signature timestamp (default is undef, meaning unknown creation time). This is the time that the signature was created. The value is an unsigned integer identifying the number of standard Unix seconds-since-1970.

version() - get or set the DKIM specification version (v=) field

This is the version of the DKIM specification that applies to this signature record.