#!/bin/bash
# ===========================================================
# verify a digial signature (hash) of a file
# ===========================================================
cert=certs/client.cert.pem
file=gettysburg_address.txt
hash=hashes/gettysburg_address.sha256
pub=pubkeys/client.pub
# ---------------------------------------------------------
echo
echo Creating public key from certificate
# does the cert exist?
if [ ! -f $cert ]; then
echo
echo "Certificate ($cert) not found"
echo
exit 1
else
echo
echo Certificate already exists
fi
# does the public key exist?
if [ ! -f $pub ]; then
echo
echo "Public key ($pub) not found"
echo
exit 1
fi
# create public key
openssl x509 -in certs/client.cert.pem -pubkey \
-noout > pubkeys/client.pub
# ---------------------------------------------------------
echo
echo Verifying file using public key
# does the file exist?
if [ ! -f $file ]; then
echo
echo "File ($file) does no exist"
echo
exit 1
fi
# does the file hash exist?
if [ ! -f $hash ]; then
echo
echo "Hash ($hash) not found"
echo
exit 1
fi
# verify file has not been modified
openssl dgst -sha256 -verify $pub -signature $hash $file