Build and About page (#64 )

* Adding credits txt * Switch up build number
Header cleanup
2025-07-01 09:43:37 +00:00 · 2020-03-19 21:16:14 -07:00 · 2020-03-18 20:04:48 -07:00 · 2020-03-18 20:04:24 -07:00 · 2020-03-17 23:28:51 -07:00 · 2020-03-17 22:59:03 -07:00
16 changed files with 298 additions and 70 deletions
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@ -45,9 +45,12 @@ jobs:
    - name: Update Build Number
      env:
        TAG_NAME: ${{ github.ref }}
+        RUN_ID: ${{ github.run_id }}
      run: |
            export CLEAN_TAG=$(echo $TAG_NAME | sed -e 's/refs\/tags\/v//')
-            sed -i '' -e "s/CI_VERSION = 0.0.0/CI_VERSION = $CLEAN_TAG/g" Config/Config.xcconfig
+            sed -i '' -e "s/GITHUB_CI_VERSION/$CLEAN_TAG/g" Config/Config.xcconfig
+            sed -i '' -e "s/GITHUB_BUILD_NUMBER/1.$RUN_ID/g" Config/Config.xcconfig
+            sed -i '' -e "s/GITHUB_BUILD_URL/https:\/\/github.com\/maxgoedjen\/secretive\/actions\/runs\/$RUN_ID/g" Secretive/Credits.rtf
    - name: Build
      run: xcrun xcodebuild -project Secretive.xcodeproj -scheme Secretive -configuration Release -archivePath Archive.xcarchive archive
    - name: Create ZIPs
--- a/Config/Config.xcconfig
+++ b/Config/Config.xcconfig
@ -1 +1,2 @@
-CI_VERSION = 0.0.0
+CI_VERSION = GITHUB_CI_VERSION
+CI_BUILD_NUMBER = GITHUB_BUILD_NUMBER
--- a/SecretAgent/AppDelegate.swift
+++ b/SecretAgent/AppDelegate.swift
@ -1,5 +1,6 @@
 import Cocoa
 import SecretKit
+import SecretAgentKit
 import OSLog

@NSApplicationMain
@ -13,7 +14,7 @@ class AppDelegate: NSObject, NSApplicationDelegate {
    }()
    let notifier = Notifier()
    lazy var agent: Agent = {
-        Agent(storeList: storeList, notifier: notifier)
+        Agent(storeList: storeList, witness: notifier)
    }()
    lazy var socketController: SocketController = {
        let path = (NSHomeDirectory() as NSString).appendingPathComponent("socket.ssh") as String
--- a/SecretAgent/Notifier.swift
+++ b/SecretAgent/Notifier.swift
@ -1,5 +1,6 @@
 import Foundation
 import SecretKit
+import SecretAgentKit
 import UserNotifications

 class Notifier {
@ -10,13 +11,24 @@ class Notifier {
        }
    }

-    func notify<SecretType: Secret>(accessTo secret: SecretType) {
+    func notify(accessTo secret: AnySecret, by provenance: SigningRequestProvenance) {
        let notificationCenter = UNUserNotificationCenter.current()
        let notificationContent = UNMutableNotificationContent()
        notificationContent.title = "Signed Request"
-        notificationContent.body = "\(secret.name) was used to sign a request."
+        notificationContent.body = "\(secret.name) was used to sign a request from \(provenance.origin.name)."
        let request = UNNotificationRequest(identifier: UUID().uuidString, content: notificationContent, trigger: nil)
        notificationCenter.add(request, withCompletionHandler: nil)
    }

 }
+
+extension Notifier: SigningWitness {
+
+    func speakNowOrForeverHoldYourPeace(forAccessTo secret: AnySecret, by provenance: SigningRequestProvenance) throws {
+    }
+
+    func witness(accessTo secret: AnySecret, by provenance: SigningRequestProvenance) throws {
+        notify(accessTo: secret, by: provenance)
+    }
+
+}
--- a/SecretAgentKit/Agent.swift
+++ b/SecretAgentKit/Agent.swift
@ -3,23 +3,26 @@ import CryptoKit
 import OSLog
 import SecretKit
 import SecretAgentKit
+import AppKit

-class Agent {
+public class Agent {

    fileprivate let storeList: SecretStoreList
-    fileprivate let notifier: Notifier
+    fileprivate let witness: SigningWitness?
+    fileprivate let writer = OpenSSHKeyWriter()
+    fileprivate let requestTracer = SigningRequestTracer()

-    public init(storeList: SecretStoreList, notifier: Notifier) {
+    public init(storeList: SecretStoreList, witness: SigningWitness? = nil) {
        os_log(.debug, "Agent is running")
        self.storeList = storeList
-        self.notifier = notifier
+        self.witness = witness
    }
    
 }

 extension Agent {

-    func handle(fileHandle: FileHandle) {
+    public func handle(fileHandle: FileHandle) {
        os_log(.debug, "Agent handling new data")
        let data = fileHandle.availableData
        guard !data.isEmpty else { return }
@ -40,7 +43,7 @@ extension Agent {
                os_log(.debug, "Agent returned %@", SSHAgent.ResponseType.agentIdentitiesAnswer.debugDescription)
            case .signRequest:
                response.append(SSHAgent.ResponseType.agentSignResponse.data)
-                response.append(try sign(data: data))
+                response.append(try sign(data: data, from: fileHandle.fileDescriptor))
                os_log(.debug, "Agent returned %@", SSHAgent.ResponseType.agentSignResponse.debugDescription)
            }
        } catch {
@ -74,26 +77,22 @@ extension Agent {
        return countData + keyData
    }

-    func sign(data: Data) throws -> Data {
+    func sign(data: Data, from pid: Int32) throws -> Data {
        let reader = OpenSSHReader(data: data)
-        let writer = OpenSSHKeyWriter()
        let hash = try reader.readNextChunk()
-        let matching = storeList.stores.compactMap { store -> (AnySecretStore, AnySecret)? in
-            let allMatching = store.secrets.filter { secret in
-                hash == writer.data(secret: secret)
-            }
-            if let matching = allMatching.first {
-                return (store, matching)
-            }
-            return nil
-        }
-        guard let (store, secret) = matching.first else {
+        guard let (store, secret) = secret(matching: hash) else {
+            os_log(.debug, "Agent did not have a key matching %@", hash as NSData)
            throw AgentError.noMatchingKey
        }
+
+        let provenance = requestTracer.provenance(from: pid)
+        if let witness = witness {
+            try witness.speakNowOrForeverHoldYourPeace(forAccessTo: secret, by: provenance)
+        }
+
        let dataToSign = try reader.readNextChunk()
        let derSignature = try store.sign(data: dataToSign, with: secret)
-        // TODO: Move this
-        notifier.notify(accessTo: secret)
+
        let curveData = writer.curveType(for: secret.algorithm, length: secret.keySize).data(using: .utf8)!

        // Convert from DER formatted rep to raw (r||s)
@ -123,6 +122,10 @@ extension Agent {
        sub.append(writer.lengthAndData(of: signatureChunk))
        signedData.append(writer.lengthAndData(of: sub))

+        if let witness = witness {
+            try witness.witness(accessTo: secret, by: provenance)
+        }
+
        os_log(.debug, "Agent signed request")

        return signedData
@ -130,6 +133,22 @@ extension Agent {

 }

+extension Agent {
+
+    func secret(matching hash: Data) -> (AnySecretStore, AnySecret)? {
+        storeList.stores.compactMap { store -> (AnySecretStore, AnySecret)? in
+            let allMatching = store.secrets.filter { secret in
+                hash == writer.data(secret: secret)
+            }
+            if let matching = allMatching.first {
+                return (store, matching)
+            }
+            return nil
+        }.first
+    }
+
+}
+

 extension Agent {

--- a/SecretAgentKit/SecretAgentKit.h
+++ b/SecretAgentKit/SecretAgentKit.h
@ -7,6 +7,16 @@
 //

 #import <Foundation/Foundation.h>
+#import <Security/Security.h>
+
+
+// Forward declarations
+
+// from libproc.h
+int proc_pidpath(int pid, void * buffer, uint32_t  buffersize);
+
+// from SecTask.h
+OSStatus SecCodeCreateWithPID(int32_t, SecCSFlags, SecCodeRef *);

 //! Project version number for SecretAgentKit.
 FOUNDATION_EXPORT double SecretAgentKitVersionNumber;
@ -14,6 +24,4 @@ FOUNDATION_EXPORT double SecretAgentKitVersionNumber;
 //! Project version string for SecretAgentKit.
 FOUNDATION_EXPORT const unsigned char SecretAgentKitVersionString[];

-// In this header, you should import all the public headers of your framework using statements like #import <SecretAgentKit/PublicHeader.h>
-

--- a/SecretAgentKit/SigningRequestProvenance.swift
+++ b/SecretAgentKit/SigningRequestProvenance.swift
@ -0,0 +1,45 @@
+import Foundation
+import AppKit
+
+public struct SigningRequestProvenance {
+
+    public var chain: [Process]
+    public init(root: Process) {
+        self.chain = [root]
+    }
+
+}
+
+extension SigningRequestProvenance {
+
+    public var origin: Process {
+        chain.last!
+    }
+
+    public var intact: Bool {
+        return chain.reduce(true) { $0 && $1.validSignature }
+    }
+
+}
+
+extension SigningRequestProvenance {
+
+    public struct Process {
+
+        public let pid: Int32
+        public let name: String
+        public let path: String
+        public let validSignature: Bool
+        let parentPID: Int32?
+
+        init(pid: Int32, name: String, path: String, validSignature: Bool, parentPID: Int32?) {
+            self.pid = pid
+            self.name = name
+            self.path = path
+            self.validSignature = validSignature
+            self.parentPID = parentPID
+        }
+
+    }
+
+}
--- a/SecretAgentKit/SigningRequestTracer.swift
+++ b/SecretAgentKit/SigningRequestTracer.swift
@ -0,0 +1,43 @@
+import Foundation
+import AppKit
+import Security
+
+struct SigningRequestTracer {
+
+    func provenance(from pid: Int32) -> SigningRequestProvenance {
+        let pidPointer = UnsafeMutableRawPointer.allocate(byteCount: 4, alignment: 1)
+        var len = socklen_t(MemoryLayout<Int32>.size)
+        getsockopt(pid, SOCK_STREAM, LOCAL_PEERPID, pidPointer, &len)
+        let pid = pidPointer.load(as: Int32.self)
+        let firstInfo = process(from: pid)
+
+        var provenance = SigningRequestProvenance(root: firstInfo)
+        while NSRunningApplication(processIdentifier: provenance.origin.pid) == nil && provenance.origin.parentPID != nil {
+            provenance.chain.append(process(from: provenance.origin.parentPID!))
+        }
+        return provenance
+    }
+
+    func pidAndNameInfo(from pid: Int32) -> kinfo_proc {
+        var len = MemoryLayout<kinfo_proc>.size
+        let infoPointer = UnsafeMutableRawPointer.allocate(byteCount: len, alignment: 1)
+        var name: [Int32] = [CTL_KERN, KERN_PROC, KERN_PROC_PID, pid]
+        sysctl(&name, UInt32(name.count), infoPointer, &len, nil, 0)
+        return infoPointer.load(as: kinfo_proc.self)
+    }
+
+    func process(from pid: Int32) -> SigningRequestProvenance.Process {
+        var pidAndNameInfo = self.pidAndNameInfo(from: pid)
+        let ppid = pidAndNameInfo.kp_eproc.e_ppid != 0 ? pidAndNameInfo.kp_eproc.e_ppid : nil
+        let procName = String(cString: &pidAndNameInfo.kp_proc.p_comm.0)
+        let pathPointer = UnsafeMutablePointer<UInt8>.allocate(capacity: Int(MAXPATHLEN))
+        _ = proc_pidpath(pid, pathPointer, UInt32(MAXPATHLEN))
+        let path = String(cString: pathPointer)
+        var secCode: Unmanaged<SecCode>!
+        let flags: SecCSFlags = [.considerExpiration, .enforceRevocationChecks]
+        SecCodeCreateWithPID(pid, SecCSFlags(), &secCode)
+        let valid = SecCodeCheckValidity(secCode.takeRetainedValue(), flags, nil) == errSecSuccess
+        return SigningRequestProvenance.Process(pid: pid, name: procName, path: path, validSignature: valid, parentPID: ppid)
+    }
+
+}
--- a/SecretAgentKit/SigningWitness.swift
+++ b/SecretAgentKit/SigningWitness.swift
@ -0,0 +1,9 @@
+import Foundation
+import SecretKit
+
+public protocol SigningWitness {
+
+    func speakNowOrForeverHoldYourPeace(forAccessTo secret: AnySecret, by provenance: SigningRequestProvenance) throws
+    func witness(accessTo secret: AnySecret, by provenance: SigningRequestProvenance) throws
+
+}
--- a/SecretAgentKit/SocketController.swift
+++ b/SecretAgentKit/SocketController.swift
@ -1,13 +1,13 @@
 import Foundation
 import OSLog

-class SocketController {
+public class SocketController {

    fileprivate var fileHandle: FileHandle?
    fileprivate var port: SocketPort?
-    var handler: ((FileHandle) -> Void)?
+    public var handler: ((FileHandle) -> Void)?

-    init(path: String) {
+    public init(path: String) {
        os_log(.debug, "Socket controller setting up at %@", path)
        if let _ = try? FileManager.default.removeItem(atPath: path) {
            os_log(.debug, "Socket controller removed existing socket")
--- a/SecretKit/SmartCard/SmartCardStore.swift
+++ b/SecretKit/SmartCard/SmartCardStore.swift
@ -11,16 +11,17 @@ extension SmartCard {
        // TODO: Read actual smart card name, eg "YubiKey 5c"
        @Published public var isAvailable: Bool = false
        public let id = UUID()
-        public let name = NSLocalizedString("Smart Card", comment: "Smart Card")
+        public fileprivate(set) var name = NSLocalizedString("Smart Card", comment: "Smart Card")
        @Published public fileprivate(set) var secrets: [Secret] = []
        fileprivate let watcher = TKTokenWatcher()
        fileprivate var tokenID: String?

        public init() {
-            tokenID = watcher.tokenIDs.filter { !$0.contains("setoken") }.first
+            tokenID = watcher.nonSecureEnclaveTokens.first
            watcher.setInsertionHandler { string in
                guard self.tokenID == nil else { return }
                guard !string.contains("setoken") else { return }
+
                self.tokenID = string
                self.reloadSecrets()
                self.watcher.addRemovalHandler(self.smartcardRemoved, forTokenID: string)
@ -97,6 +98,14 @@ extension SmartCard.Store {

    fileprivate func loadSecrets() {
        guard let tokenID = tokenID else { return }
+        // Hack to read name if there's only one smart card
+        let slotNames = TKSmartCardSlotManager().slotNames
+        if watcher.nonSecureEnclaveTokens.count == 1 && slotNames.count == 1 {
+            name = slotNames.first!
+        } else {
+            name = NSLocalizedString("Smart Card", comment: "Smart Card")
+        }
+
        let attributes = [
            kSecClass: kSecClassKey,
            kSecAttrTokenID: tokenID,
@ -124,6 +133,14 @@ extension SmartCard.Store {

 }

+extension TKTokenWatcher {
+
+    fileprivate var nonSecureEnclaveTokens: [String] {
+        tokenIDs.filter { !$0.contains("setoken") }
+    }
+
+}
+
 extension SmartCard {

    public struct KeychainError: Error {
--- a/SecretKitTests/OpenSSHWriterTests.swift
+++ b/SecretKitTests/OpenSSHWriterTests.swift
@ -0,0 +1,45 @@
+import Foundation
+import XCTest
+@testable import SecretKit
+
+class OpenSSHWriterTests: XCTestCase {
+
+    let writer = OpenSSHKeyWriter()
+
+    func testECDSA256Fingerprint() {
+        XCTAssertEqual(writer.openSSHFingerprint(secret:  Constants.ecdsa256Secret), "dc:60:4d:ff:c2:d9:18:8b:2f:24:40:b5:7f:43:47:e5")
+    }
+
+    func testECDSA256PublicKey() {
+        XCTAssertEqual(writer.openSSHString(secret:  Constants.ecdsa256Secret),
+        "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBOVEjgAA5PHqRgwykjN5qM21uWCHFSY/Sqo5gkHAkn+e1MMQKHOLga7ucB9b3mif33MBid59GRK9GEPVlMiSQwo=")
+    }
+
+    func testECDSA256Hash() {
+    XCTAssertEqual(writer.data(secret: Constants.ecdsa256Secret), Data(base64Encoded: "AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBOVEjgAA5PHqRgwykjN5qM21uWCHFSY/Sqo5gkHAkn+e1MMQKHOLga7ucB9b3mif33MBid59GRK9GEPVlMiSQwo="))
+    }
+
+    func testECDSA384Fingerprint() {
+        XCTAssertEqual(writer.openSSHFingerprint(secret:  Constants.ecdsa384Secret), "66:e0:66:d7:41:ed:19:8e:e2:20:df:ce:ac:7e:2b:6e")
+    }
+
+    func testECDSA384PublicKey() {
+        XCTAssertEqual(writer.openSSHString(secret:  Constants.ecdsa384Secret),
+                       "ecdsa-sha2-nistp384 AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBG2MNc/C5OTHFE2tBvbZCVcpOGa8vBMquiTLkH4lwkeqOPxhi+PyYUfQZMTRJNPiTyWPoMBqNiCIFRVv60yPN/AHufHaOgbdTP42EgMlMMImkAjYUEv9DESHTVIs2PW1yQ==")
+    }
+
+    func testECDSA384Hash() {
+        XCTAssertEqual(writer.data(secret: Constants.ecdsa384Secret), Data(base64Encoded: "AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBG2MNc/C5OTHFE2tBvbZCVcpOGa8vBMquiTLkH4lwkeqOPxhi+PyYUfQZMTRJNPiTyWPoMBqNiCIFRVv60yPN/AHufHaOgbdTP42EgMlMMImkAjYUEv9DESHTVIs2PW1yQ=="))
+    }
+
+}
+
+extension OpenSSHWriterTests {
+
+    enum Constants {
+        static let ecdsa256Secret =  SmartCard.Secret(id: Data(), name: "Test Key (ECDSA 256)", algorithm: .ellipticCurve, keySize: 256, publicKey: Data(base64Encoded: "BOVEjgAA5PHqRgwykjN5qM21uWCHFSY/Sqo5gkHAkn+e1MMQKHOLga7ucB9b3mif33MBid59GRK9GEPVlMiSQwo=")!)
+        static let ecdsa384Secret =  SmartCard.Secret(id: Data(), name: "Test Key (ECDSA 384)", algorithm: .ellipticCurve, keySize: 384, publicKey: Data(base64Encoded: "BG2MNc/C5OTHFE2tBvbZCVcpOGa8vBMquiTLkH4lwkeqOPxhi+PyYUfQZMTRJNPiTyWPoMBqNiCIFRVv60yPN/AHufHaOgbdTP42EgMlMMImkAjYUEv9DESHTVIs2PW1yQ==")!)
+
+    }
+
+}
--- a/SecretKitTests/SecretKitTests.swift
+++ b/SecretKitTests/SecretKitTests.swift
@ -1,27 +0,0 @@
-//
-//  SecretKitTests.swift
-//  SecretKitTests
-//
-//  Created by Max Goedjen on 2/18/20.
-//  Copyright © 2020 Max Goedjen. All rights reserved.
-//
-
-import XCTest
-@testable import SecretKit
-
-class SecretKitTests: XCTestCase {
-
-    override func setUp() {
-        // Put setup code here. This method is called before the invocation of each test method in the class.
-    }
-
-    override func tearDown() {
-        // Put teardown code here. This method is called after the invocation of each test method in the class.
-    }
-
-    func testExample() {
-        // This is an example of a functional test case.
-        // Use XCTAssert and related functions to verify your tests produce the correct results.
-    }
-
-}
--- a/Secretive.xcodeproj/project.pbxproj
+++ b/Secretive.xcodeproj/project.pbxproj
@ -9,6 +9,7 @@
 /* Begin PBXBuildFile section */
 		50020BB024064869003D4025 /* AppDelegate.swift in Sources */ = {isa = PBXBuildFile; fileRef = 50020BAF24064869003D4025 /* AppDelegate.swift */; };
 		5018F54F24064786002EB505 /* Notifier.swift in Sources */ = {isa = PBXBuildFile; fileRef = 5018F54E24064786002EB505 /* Notifier.swift */; };
+		50524B442420969E008DBD97 /* OpenSSHWriterTests.swift in Sources */ = {isa = PBXBuildFile; fileRef = 50524B432420969D008DBD97 /* OpenSSHWriterTests.swift */; };
 		50617D8323FCE48E0099B055 /* AppDelegate.swift in Sources */ = {isa = PBXBuildFile; fileRef = 50617D8223FCE48E0099B055 /* AppDelegate.swift */; };
 		50617D8523FCE48E0099B055 /* ContentView.swift in Sources */ = {isa = PBXBuildFile; fileRef = 50617D8423FCE48E0099B055 /* ContentView.swift */; };
 		50617D8723FCE48E0099B055 /* Assets.xcassets in Resources */ = {isa = PBXBuildFile; fileRef = 50617D8623FCE48E0099B055 /* Assets.xcassets */; };
@ -16,7 +17,6 @@
 		50617D8D23FCE48E0099B055 /* Main.storyboard in Resources */ = {isa = PBXBuildFile; fileRef = 50617D8B23FCE48E0099B055 /* Main.storyboard */; };
 		50617D9923FCE48E0099B055 /* SecretiveTests.swift in Sources */ = {isa = PBXBuildFile; fileRef = 50617D9823FCE48E0099B055 /* SecretiveTests.swift */; };
 		50617DB123FCE4AB0099B055 /* SecretKit.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 50617DA823FCE4AB0099B055 /* SecretKit.framework */; };
-		50617DB823FCE4AB0099B055 /* SecretKitTests.swift in Sources */ = {isa = PBXBuildFile; fileRef = 50617DB723FCE4AB0099B055 /* SecretKitTests.swift */; };
 		50617DBA23FCE4AB0099B055 /* SecretKit.h in Headers */ = {isa = PBXBuildFile; fileRef = 50617DAA23FCE4AB0099B055 /* SecretKit.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		50617DBD23FCE4AB0099B055 /* SecretKit.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 50617DA823FCE4AB0099B055 /* SecretKit.framework */; };
 		50617DBE23FCE4AB0099B055 /* SecretKit.framework in Embed Frameworks */ = {isa = PBXBuildFile; fileRef = 50617DA823FCE4AB0099B055 /* SecretKit.framework */; settings = {ATTRIBUTES = (CodeSignOnCopy, RemoveHeadersOnCopy, ); }; };
@ -26,12 +26,18 @@
 		50617DCE23FCECFA0099B055 /* SecureEnclaveSecret.swift in Sources */ = {isa = PBXBuildFile; fileRef = 50617DCD23FCECFA0099B055 /* SecureEnclaveSecret.swift */; };
 		50617DD023FCED2C0099B055 /* SecureEnclave.swift in Sources */ = {isa = PBXBuildFile; fileRef = 50617DCF23FCED2C0099B055 /* SecureEnclave.swift */; };
 		50617DD223FCEFA90099B055 /* PreviewStore.swift in Sources */ = {isa = PBXBuildFile; fileRef = 50617DD123FCEFA90099B055 /* PreviewStore.swift */; };
+		506772C72424784600034DED /* Credits.rtf in Resources */ = {isa = PBXBuildFile; fileRef = 506772C62424784600034DED /* Credits.rtf */; };
 		5068389E241471CD00F55094 /* SecretStoreList.swift in Sources */ = {isa = PBXBuildFile; fileRef = 5068389D241471CD00F55094 /* SecretStoreList.swift */; };
 		506838A12415EA5600F55094 /* AnySecret.swift in Sources */ = {isa = PBXBuildFile; fileRef = 506838A02415EA5600F55094 /* AnySecret.swift */; };
 		506838A32415EA5D00F55094 /* AnySecretStore.swift in Sources */ = {isa = PBXBuildFile; fileRef = 506838A22415EA5D00F55094 /* AnySecretStore.swift */; };
 		506AB87E2412334700335D91 /* SecretAgent.app in CopyFiles */ = {isa = PBXBuildFile; fileRef = 50A3B78A24026B7500D209EA /* SecretAgent.app */; settings = {ATTRIBUTES = (RemoveHeadersOnCopy, ); }; };
 		50731666241DF8660023809E /* Updater.swift in Sources */ = {isa = PBXBuildFile; fileRef = 50731665241DF8660023809E /* Updater.swift */; };
 		50731669241E00C20023809E /* NoticeView.swift in Sources */ = {isa = PBXBuildFile; fileRef = 50731668241E00C20023809E /* NoticeView.swift */; };
+		507CE4ED2420A3C70029F750 /* Agent.swift in Sources */ = {isa = PBXBuildFile; fileRef = 50A3B79F24026B9900D209EA /* Agent.swift */; };
+		507CE4EE2420A3CA0029F750 /* SocketController.swift in Sources */ = {isa = PBXBuildFile; fileRef = 50A3B79D24026B9900D209EA /* SocketController.swift */; };
+		507CE4F02420A4C50029F750 /* SigningWitness.swift in Sources */ = {isa = PBXBuildFile; fileRef = 507CE4EF2420A4C50029F750 /* SigningWitness.swift */; };
+		507CE4F42420A8C10029F750 /* SigningRequestProvenance.swift in Sources */ = {isa = PBXBuildFile; fileRef = 507CE4F32420A8C10029F750 /* SigningRequestProvenance.swift */; };
+		507CE4F62420A96F0029F750 /* SigningRequestTracer.swift in Sources */ = {isa = PBXBuildFile; fileRef = 507CE4F52420A96F0029F750 /* SigningRequestTracer.swift */; };
 		508A58AA241E06B40069DC07 /* PreviewUpdater.swift in Sources */ = {isa = PBXBuildFile; fileRef = 508A58A9241E06B40069DC07 /* PreviewUpdater.swift */; };
 		508A58B3241ED2180069DC07 /* AgentStatusChecker.swift in Sources */ = {isa = PBXBuildFile; fileRef = 508A58B2241ED2180069DC07 /* AgentStatusChecker.swift */; };
 		508A58B5241ED48F0069DC07 /* PreviewAgentStatusChecker.swift in Sources */ = {isa = PBXBuildFile; fileRef = 508A58B4241ED48F0069DC07 /* PreviewAgentStatusChecker.swift */; };
@ -49,8 +55,6 @@
 		50A3B79124026B7600D209EA /* Assets.xcassets in Resources */ = {isa = PBXBuildFile; fileRef = 50A3B79024026B7600D209EA /* Assets.xcassets */; };
 		50A3B79424026B7600D209EA /* Preview Assets.xcassets in Resources */ = {isa = PBXBuildFile; fileRef = 50A3B79324026B7600D209EA /* Preview Assets.xcassets */; };
 		50A3B79724026B7600D209EA /* Main.storyboard in Resources */ = {isa = PBXBuildFile; fileRef = 50A3B79524026B7600D209EA /* Main.storyboard */; };
-		50A3B7A024026B9900D209EA /* SocketController.swift in Sources */ = {isa = PBXBuildFile; fileRef = 50A3B79D24026B9900D209EA /* SocketController.swift */; };
-		50A3B7A224026B9900D209EA /* Agent.swift in Sources */ = {isa = PBXBuildFile; fileRef = 50A3B79F24026B9900D209EA /* Agent.swift */; };
 		50A5C18C240E4B4B00E2996C /* SecretAgentKit.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 5099A06C240242BA0062B6F2 /* SecretAgentKit.framework */; };
 		50A5C18D240E4B4B00E2996C /* SecretAgentKit.framework in Embed Frameworks */ = {isa = PBXBuildFile; fileRef = 5099A06C240242BA0062B6F2 /* SecretAgentKit.framework */; settings = {ATTRIBUTES = (CodeSignOnCopy, RemoveHeadersOnCopy, ); }; };
 		50A5C18F240E4B4C00E2996C /* SecretKit.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 50617DA823FCE4AB0099B055 /* SecretKit.framework */; };
@ -98,6 +102,13 @@
 			remoteGlobalIDString = 50617DA723FCE4AB0099B055;
 			remoteInfo = SecretKit;
 		};
+		507CE4F12420A6B50029F750 /* PBXContainerItemProxy */ = {
+			isa = PBXContainerItemProxy;
+			containerPortal = 50617D7723FCE48D0099B055 /* Project object */;
+			proxyType = 1;
+			remoteGlobalIDString = 50617DA723FCE4AB0099B055;
+			remoteInfo = SecretKit;
+		};
 		5099A076240242BA0062B6F2 /* PBXContainerItemProxy */ = {
 			isa = PBXContainerItemProxy;
 			containerPortal = 50617D7723FCE48D0099B055 /* Project object */;
@ -166,6 +177,7 @@
 /* Begin PBXFileReference section */
 		50020BAF24064869003D4025 /* AppDelegate.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = AppDelegate.swift; sourceTree = "<group>"; };
 		5018F54E24064786002EB505 /* Notifier.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = Notifier.swift; sourceTree = "<group>"; };
+		50524B432420969D008DBD97 /* OpenSSHWriterTests.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = OpenSSHWriterTests.swift; sourceTree = "<group>"; };
 		50617D7F23FCE48E0099B055 /* Secretive.app */ = {isa = PBXFileReference; explicitFileType = wrapper.application; includeInIndex = 0; path = Secretive.app; sourceTree = BUILT_PRODUCTS_DIR; };
 		50617D8223FCE48E0099B055 /* AppDelegate.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = AppDelegate.swift; sourceTree = "<group>"; };
 		50617D8423FCE48E0099B055 /* ContentView.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = ContentView.swift; sourceTree = "<group>"; };
@ -181,7 +193,6 @@
 		50617DAA23FCE4AB0099B055 /* SecretKit.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = SecretKit.h; sourceTree = "<group>"; };
 		50617DAB23FCE4AB0099B055 /* Info.plist */ = {isa = PBXFileReference; lastKnownFileType = text.plist.xml; path = Info.plist; sourceTree = "<group>"; };
 		50617DB023FCE4AB0099B055 /* SecretKitTests.xctest */ = {isa = PBXFileReference; explicitFileType = wrapper.cfbundle; includeInIndex = 0; path = SecretKitTests.xctest; sourceTree = BUILT_PRODUCTS_DIR; };
-		50617DB723FCE4AB0099B055 /* SecretKitTests.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = SecretKitTests.swift; sourceTree = "<group>"; };
 		50617DB923FCE4AB0099B055 /* Info.plist */ = {isa = PBXFileReference; lastKnownFileType = text.plist.xml; path = Info.plist; sourceTree = "<group>"; };
 		50617DC623FCE4EA0099B055 /* SecretStore.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = SecretStore.swift; sourceTree = "<group>"; };
 		50617DC823FCE50E0099B055 /* SecureEnclaveStore.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = SecureEnclaveStore.swift; sourceTree = "<group>"; };
@ -189,11 +200,15 @@
 		50617DCD23FCECFA0099B055 /* SecureEnclaveSecret.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = SecureEnclaveSecret.swift; sourceTree = "<group>"; };
 		50617DCF23FCED2C0099B055 /* SecureEnclave.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = SecureEnclave.swift; sourceTree = "<group>"; };
 		50617DD123FCEFA90099B055 /* PreviewStore.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = PreviewStore.swift; sourceTree = "<group>"; };
+		506772C62424784600034DED /* Credits.rtf */ = {isa = PBXFileReference; lastKnownFileType = text.rtf; path = Credits.rtf; sourceTree = "<group>"; };
 		5068389D241471CD00F55094 /* SecretStoreList.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = SecretStoreList.swift; sourceTree = "<group>"; };
 		506838A02415EA5600F55094 /* AnySecret.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = AnySecret.swift; sourceTree = "<group>"; };
 		506838A22415EA5D00F55094 /* AnySecretStore.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = AnySecretStore.swift; sourceTree = "<group>"; };
 		50731665241DF8660023809E /* Updater.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = Updater.swift; sourceTree = "<group>"; };
 		50731668241E00C20023809E /* NoticeView.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = NoticeView.swift; sourceTree = "<group>"; };
+		507CE4EF2420A4C50029F750 /* SigningWitness.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = SigningWitness.swift; sourceTree = "<group>"; };
+		507CE4F32420A8C10029F750 /* SigningRequestProvenance.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = SigningRequestProvenance.swift; sourceTree = "<group>"; };
+		507CE4F52420A96F0029F750 /* SigningRequestTracer.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = SigningRequestTracer.swift; sourceTree = "<group>"; };
 		508A58A9241E06B40069DC07 /* PreviewUpdater.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = PreviewUpdater.swift; sourceTree = "<group>"; };
 		508A58AB241E121B0069DC07 /* Config.xcconfig */ = {isa = PBXFileReference; lastKnownFileType = text.xcconfig; path = Config.xcconfig; sourceTree = "<group>"; };
 		508A58B2241ED2180069DC07 /* AgentStatusChecker.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = AgentStatusChecker.swift; sourceTree = "<group>"; };
@ -324,6 +339,7 @@
 				50617D8B23FCE48E0099B055 /* Main.storyboard */,
 				50617D8E23FCE48E0099B055 /* Info.plist */,
 				50617D8F23FCE48E0099B055 /* Secretive.entitlements */,
+				506772C62424784600034DED /* Credits.rtf */,
 				50617D8823FCE48E0099B055 /* Preview Content */,
 			);
 			path = Secretive;
@ -366,7 +382,7 @@
 		50617DB623FCE4AB0099B055 /* SecretKitTests */ = {
 			isa = PBXGroup;
 			children = (
-				50617DB723FCE4AB0099B055 /* SecretKitTests.swift */,
+				50524B432420969D008DBD97 /* OpenSSHWriterTests.swift */,
 				50617DB923FCE4AB0099B055 /* Info.plist */,
 			);
 			path = SecretKitTests;
@ -457,6 +473,11 @@
 			children = (
 				5099A06E240242BA0062B6F2 /* SecretAgentKit.h */,
 				5099A089240242C20062B6F2 /* SSHAgentProtocol.swift */,
+				50A3B79D24026B9900D209EA /* SocketController.swift */,
+				507CE4EF2420A4C50029F750 /* SigningWitness.swift */,
+				507CE4F32420A8C10029F750 /* SigningRequestProvenance.swift */,
+				507CE4F52420A96F0029F750 /* SigningRequestTracer.swift */,
+				50A3B79F24026B9900D209EA /* Agent.swift */,
 				5099A06F240242BA0062B6F2 /* Info.plist */,
 			);
 			path = SecretAgentKit;
@ -482,9 +503,7 @@
 			isa = PBXGroup;
 			children = (
 				50020BAF24064869003D4025 /* AppDelegate.swift */,
-				50A3B79F24026B9900D209EA /* Agent.swift */,
 				5018F54E24064786002EB505 /* Notifier.swift */,
-				50A3B79D24026B9900D209EA /* SocketController.swift */,
 				50A3B79024026B7600D209EA /* Assets.xcassets */,
 				50A3B79524026B7600D209EA /* Main.storyboard */,
 				50A3B79824026B7600D209EA /* Info.plist */,
@ -611,6 +630,7 @@
 			buildRules = (
 			);
 			dependencies = (
+				507CE4F22420A6B50029F750 /* PBXTargetDependency */,
 			);
 			name = SecretAgentKit;
 			productName = SecretAgentKit;
@ -724,6 +744,7 @@
 				50617D8D23FCE48E0099B055 /* Main.storyboard in Resources */,
 				50617D8A23FCE48E0099B055 /* Preview Assets.xcassets in Resources */,
 				50617D8723FCE48E0099B055 /* Assets.xcassets in Resources */,
+				506772C72424784600034DED /* Credits.rtf in Resources */,
 			);
 			runOnlyForDeploymentPostprocessing = 0;
 		};
@ -827,7 +848,7 @@
 			isa = PBXSourcesBuildPhase;
 			buildActionMask = 2147483647;
 			files = (
-				50617DB823FCE4AB0099B055 /* SecretKitTests.swift in Sources */,
+				50524B442420969E008DBD97 /* OpenSSHWriterTests.swift in Sources */,
 			);
 			runOnlyForDeploymentPostprocessing = 0;
 		};
@ -835,7 +856,12 @@
 			isa = PBXSourcesBuildPhase;
 			buildActionMask = 2147483647;
 			files = (
+				507CE4EE2420A3CA0029F750 /* SocketController.swift in Sources */,
 				5099A08A240242C20062B6F2 /* SSHAgentProtocol.swift in Sources */,
+				507CE4ED2420A3C70029F750 /* Agent.swift in Sources */,
+				507CE4F02420A4C50029F750 /* SigningWitness.swift in Sources */,
+				507CE4F62420A96F0029F750 /* SigningRequestTracer.swift in Sources */,
+				507CE4F42420A8C10029F750 /* SigningRequestProvenance.swift in Sources */,
 			);
 			runOnlyForDeploymentPostprocessing = 0;
 		};
@ -853,8 +879,6 @@
 			files = (
 				50020BB024064869003D4025 /* AppDelegate.swift in Sources */,
 				5018F54F24064786002EB505 /* Notifier.swift in Sources */,
-				50A3B7A224026B9900D209EA /* Agent.swift in Sources */,
-				50A3B7A024026B9900D209EA /* SocketController.swift in Sources */,
 			);
 			runOnlyForDeploymentPostprocessing = 0;
 		};
@ -886,6 +910,11 @@
 			target = 50617DA723FCE4AB0099B055 /* SecretKit */;
 			targetProxy = 50617DBB23FCE4AB0099B055 /* PBXContainerItemProxy */;
 		};
+		507CE4F22420A6B50029F750 /* PBXTargetDependency */ = {
+			isa = PBXTargetDependency;
+			target = 50617DA723FCE4AB0099B055 /* SecretKit */;
+			targetProxy = 507CE4F12420A6B50029F750 /* PBXContainerItemProxy */;
+		};
 		5099A077240242BA0062B6F2 /* PBXTargetDependency */ = {
 			isa = PBXTargetDependency;
 			target = 5099A06B240242BA0062B6F2 /* SecretAgentKit */;
--- a/Secretive.xcodeproj/xcshareddata/xcschemes/Secretive.xcscheme
+++ b/Secretive.xcodeproj/xcshareddata/xcschemes/Secretive.xcscheme
@ -67,7 +67,7 @@
      </Testables>
   </TestAction>
   <LaunchAction
-      buildConfiguration = "Test"
+      buildConfiguration = "Debug"
      selectedDebuggerIdentifier = "Xcode.DebuggerFoundation.Debugger.LLDB"
      selectedLauncherIdentifier = "Xcode.DebuggerFoundation.Launcher.LLDB"
      launchStyle = "0"
--- a/Secretive/Credits.rtf
+++ b/Secretive/Credits.rtf
@ -0,0 +1,23 @@
+{\rtf1\ansi\ansicpg1252\cocoartf2511
+\cocoatextscaling0\cocoaplatform0{\fonttbl\f0\fswiss\fcharset0 Helvetica;}
+{\colortbl;\red255\green255\blue255;}
+{\*\expandedcolortbl;;}
+\margl1440\margr1440\vieww9000\viewh8400\viewkind0
+\pard\tx720\tx1440\tx2160\tx2880\tx3600\tx4320\tx5040\tx5760\tx6119\tx6480\tx7200\tx7920\tx8640\pardirnatural\partightenfactor0
+{\field{\*\fldinst{HYPERLINK "https://github.com/maxgoedjen/secretive"}}{\fldrslt 
+\f0\fs24 \cf0 https://github.com/maxgoedjen/secretive}}
+\f0\fs24 \
+\pard\tx720\tx1440\tx2160\tx2880\tx3600\tx4320\tx5040\tx5760\tx6480\tx7200\tx7920\tx8640\pardirnatural\partightenfactor0
+\cf0 \
+GITHUB_BUILD_URL\
+\
+Special Thanks To:\
+https://github.com/bdash\
+https://github.com/danielctull\
+https://github.com/davedelong\
+https://github.com/esttorhe\
+https://github.com/joeblau\
+https://github.com/marksands\
+https://github.com/mergesort\
+https://github.com/phillco\
+https://github.com/zackdotcomputer}
Author	SHA1	Message	Date
Max Goedjen	fe16e4d9c4	Build and About page (#64 ) * Adding credits txt * Switch up build number	2020-03-19 21:16:14 -07:00
Max Goedjen	1caf65c68d	Header cleanup	2020-03-18 20:04:48 -07:00
Max Goedjen	85eb4983bc	Split witness call (fixes #62 )	2020-03-18 20:04:24 -07:00
Max Goedjen	5a2d3ecc2e	Fix dumb mistake.	2020-03-17 23:28:51 -07:00
Max Goedjen	32f0ed88f4	Validate code signature as well.	2020-03-17 22:59:03 -07:00
Max Goedjen	d35c58509b	Hacky fix for #16	2020-03-17 20:41:37 -07:00
Max Goedjen	f810b185f0	Fix debug config for running	2020-03-17 20:34:32 -07:00
Max Goedjen	5ef1fe996b	Add path to request trace (#61 )	2020-03-17 01:23:49 -07:00
Max Goedjen	2b5fdf541d	Request Attribution (#59 )	2020-03-17 00:56:55 -07:00
Max Goedjen	4b66e874a7	Cleanup of agent (#58 ) * Extract key selection. * Moving agent and socket stuff to SecretAgentKit * Cleanup of agent	2020-03-16 23:39:34 -07:00
Max Goedjen	aa52da2c04	OpenSSH writer tests (#57 )	2020-03-16 23:08:48 -07:00