| Mathew Inwood | 96c419f | 2018-12-04 11:52:42 +0000 | [diff] [blame] | 1 | #!/bin/bash |
| 2 | |
| 3 | # Script to verify signatures, with both signature & data given in b64 |
| 4 | # Args: |
| 5 | # 1. data (base64 encoded) |
| 6 | # 2. signature (base64 encoded) |
| 7 | # The arg values can be taken from the debug log for SignedConfigService when verbose logging is |
| 8 | # enabled. |
| 9 | |
| Mathew Inwood | 4594251 | 2018-12-14 13:53:52 +0000 | [diff] [blame] | 10 | function verify() { |
| 11 | D=${1} |
| 12 | S=${2} |
| 13 | K=${3} |
| 14 | echo Trying ${K} |
| 15 | openssl dgst -sha256 -verify $(dirname $0)/${K} -signature <(echo ${S} | base64 -d) <(echo ${D} | base64 -d) |
| 16 | } |
| 17 | |
| 18 | |
| 19 | PROD_KEY_NAME=prod_public.pem |
| 20 | DEBUG_KEY_NAME=debug_public.pem |
| 21 | SIGNATURE="$2" |
| 22 | DATA="$1" |
| 23 | |
| 24 | echo DATA: ${DATA} |
| 25 | echo SIGNATURE: ${SIGNATURE} |
| 26 | |
| 27 | if verify "${DATA}" "${SIGNATURE}" "${PROD_KEY_NAME}"; then |
| 28 | echo Verified with ${PROD_KEY_NAME} |
| 29 | exit 0 |
| 30 | fi |
| 31 | |
| 32 | if verify "${DATA}" "${SIGNATURE}" "${DEBUG_KEY_NAME}"; then |
| 33 | echo Verified with ${DEBUG_KEY_NAME} |
| 34 | exit 0 |
| 35 | fi |
| 36 | exit 1 |