You are reading an unmaintained version of the Ansible documentation. Unmaintained Ansible versions can contain unfixed security vulnerabilities (CVE). Please upgrade to a maintained version. See the latest Ansible documentation.

community.crypto.openssl_signature_info module – Verify signatures with openssl

Note

This module is part of the community.crypto collection (version 2.3.4).

You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install community.crypto.

To use it in a playbook, specify: community.crypto.openssl_signature_info.

New in version 1.1.0: of community.crypto

Synopsis

• This module allows one to verify a signature for a file by a certificate.

• The module uses the cryptography Python library.

Requirements

The below requirements are needed on the host that executes this module.

• cryptography >= 1.4 (some key types require newer versions)

Parameters

Parameter	Comments
certificate_content string	The content of the certificate used to verify the signature. Either certificate_path or certificate_content must be specified, but not both.
certificate_path path	The path to the certificate used to verify the signature. Either certificate_path or certificate_content must be specified, but not both.
path path / required	The signed file to verify. This file will only be read and not modified.
select_crypto_backend string	Determines which crypto backend to use. The default choice is auto, which tries to use cryptography if available. If set to cryptography, will try to use the cryptography library. Choices: auto ← (default) cryptography
signature string / required	Base64 encoded signature.

Notes

Note

• When using the cryptography backend, the following key types require at least the following cryptography version: RSA keys: cryptography >= 1.4 DSA and ECDSA keys: cryptography >= 1.5 ed448 and ed25519 keys: cryptography >= 2.6

• Supports check_mode.

See Also

See also

community.crypto.openssl_signature

The official documentation on the community.crypto.openssl_signature module.

community.crypto.x509_certificate

The official documentation on the community.crypto.x509_certificate module.

Examples

- name: Sign example file
  community.crypto.openssl_signature:
    privatekey_path: private.key
    path: /tmp/example_file
  register: sig

- name: Verify signature of example file
  community.crypto.openssl_signature_info:
    certificate_path: cert.pem
    path: /tmp/example_file
    signature: "{{ sig.signature }}"
  register: verify

- name: Make sure the signature is valid
  assert:
    that:
      - verify.valid

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key	Description
valid boolean	true means the signature was valid for the given file, false means it was not. Returned: success

Authors

• Patrick Pichler (@aveexy)

• Markus Teufelberger (@MarkusTeufelberger)

Collection links

Issue Tracker Repository (Sources) Submit a bug report Request a feature Communication