1 #!/bin/bash 2 3 # Script to verify signatures, with both signature & data given in b64 4 # Args: 5 # 1. data (base64 encoded) 6 # 2. signature (base64 encoded) 7 # The arg values can be taken from the debug log for SignedConfigService when verbose logging is 8 # enabled. 9 10 function verify() { 11 D=${1} 12 S=${2} 13 K=${3} 14 echo Trying ${K} 15 openssl dgst -sha256 -verify $(dirname $0)/${K} -signature <(echo ${S} | base64 -d) <(echo ${D} | base64 -d) 16 } 17 18 19 PROD_KEY_NAME=prod_public.pem 20 DEBUG_KEY_NAME=debug_public.pem 21 SIGNATURE="$2" 22 DATA="$1" 23 24 echo DATA: ${DATA} 25 echo SIGNATURE: ${SIGNATURE} 26 27 if verify "${DATA}" "${SIGNATURE}" "${PROD_KEY_NAME}"; then 28 echo Verified with ${PROD_KEY_NAME} 29 exit 0 30 fi 31 32 if verify "${DATA}" "${SIGNATURE}" "${DEBUG_KEY_NAME}"; then 33 echo Verified with ${DEBUG_KEY_NAME} 34 exit 0 35 fi 36 exit 1 37
