1#!/bin/bash 2 3# Script to verify signatures, with both signature & data given in b64 4# Args: 5# 1. data (base64 encoded) 6# 2. signature (base64 encoded) 7# The arg values can be taken from the debug log for SignedConfigService when verbose logging is 8# enabled. 9 10function verify() { 11 D=${1} 12 S=${2} 13 K=${3} 14 echo Trying ${K} 15 openssl dgst -sha256 -verify $(dirname $0)/${K} -signature <(echo ${S} | base64 -d) <(echo ${D} | base64 -d) 16} 17 18 19PROD_KEY_NAME=prod_public.pem 20DEBUG_KEY_NAME=debug_public.pem 21SIGNATURE="$2" 22DATA="$1" 23 24echo DATA: ${DATA} 25echo SIGNATURE: ${SIGNATURE} 26 27if verify "${DATA}" "${SIGNATURE}" "${PROD_KEY_NAME}"; then 28 echo Verified with ${PROD_KEY_NAME} 29 exit 0 30fi 31 32if verify "${DATA}" "${SIGNATURE}" "${DEBUG_KEY_NAME}"; then 33 echo Verified with ${DEBUG_KEY_NAME} 34 exit 0 35fi 36exit 1 37