@rodarmor
Added key generation, signing, and verification to #filepack , and feeling pretty good about the whole endeavor.
Filepack is a utility for hashing collections of files, and optionally creating signatures over a root hash which covers those individual file hashes.
It is a replacement for shasum, and, ambitiously, GPG.
I thought hard about possibly depending on #GPG , but GPG is just too insane. GPG supports a huge number of hash and signature algorithms, has a terrible interface, includes a number of byzantine formats, bakes in the quixotic web of trust, and turns what should be simple tasks into arduous sagas.
Filepack is also a stab at creating some kind of common ground for next-generation filesharing. Filesharing is fundamentally about using a small pointer, a hash or a public key, to download whatever that pointer points to from untrusted peers.
Filepack provides those pointers, using BLAKE3 hashes and ed25519 signatures.
It also hopes to improve filesharing UX, by standardizing machine-readable metadata that describes not just how to retrieve a piece of content, but the semantics of a piece of content, i.e., *what* it is, hopefully making it easy to build rich user interfaces which can profitably compete with the likes of Netflix and Spotify.
Filepack is very much not ready. Everything is in flux, it hasn't been reviewed, and many breaking changes are planned.
But, it's starting to feel like a worthwhile enterprise!
If you have thoughts on hashing files and signing hashes, check it out!
https://filepack.com
https://github.com/casey/filepack/
And the PR which added key generation, signing, and signature verification: https://github.com/casey/filepack/pull/48
