My favourite part of these tools is the zany use of numbered file descriptors. `keypair` outputs the public key on fd 5 and secret key on fd 9. But signing reads the secret key on fd 8, while verification reads the public key on fd 4! Why aren't they the same?? I have to read the manpage every time.
Sounds like the perfect place to embed credential stealing malware. Good thing they publish their code on an independent third-party public code sharing platform. Oh wait...
7 comments
[ 3.2 ms ] story [ 26.1 ms ] threadMy favourite part of these tools is the zany use of numbered file descriptors. `keypair` outputs the public key on fd 5 and secret key on fd 9. But signing reads the secret key on fd 8, while verification reads the public key on fd 4! Why aren't they the same?? I have to read the manpage every time.
hmm
> It is a weird and footgun-shaped middle ground.
Oh? HMMMMM :|
Is the project trying to compete with GPG for worst interface ? Magic numbers BAD, especially in something that will mostly be used in scripts