Artifact Signing Skill
This skill allows an AI agent to sign files, binaries, or any artifact using a PEM-encoded private key. It generates a detached signature file.
Dependencies
- - Python 3.x
- INLINECODE0� library (
pip install cryptography)
Tools
sign_artifact
Signs a given artifact with a private key.
Arguments:
- -
artifact_path: (Required) Absolute path to the file to be signed. - INLINECODE4�: (Required) Absolute path to the PEM-encoded private key.
- INLINECODE5�: (Optional) Absolute path where the signature should be saved. Defaults to
<artifact_path>.sig.
Example Usage:
CODEBLOCK0
Security Considerations
- - Private Key Protection: Never share your private key. Ensure the key file has restricted permissions.
- Verification: Always verify the signature using the corresponding public key before trusting an artifact.
工件签名技能
该技能允许AI代理使用PEM编码的私钥对文件、二进制文件或任何工件进行签名。它会生成一个分离的签名文件。
依赖项
- - Python 3.x
- cryptography库(pip install cryptography)
工具
sign_artifact
使用私钥对指定工件进行签名。
参数:
- - artifactpath:(必需)待签名文件的绝对路径。
- keypath:(必需)PEM编码私钥的绝对路径。
- outputpath:(可选)签名文件的保存路径。默认为path>.sig。
使用示例:
powershell
python c:\Docs\skills\artifact-signing\scripts\signartifact.py C:\path\to\artifact.zip C:\path\to\privatekey.pem
安全注意事项
- - 私钥保护:切勿分享您的私钥。确保密钥文件具有受限的访问权限。
- 验证:在信任工件之前,始终使用对应的公钥验证签名。
