summaryrefslogtreecommitdiff
path: root/tools/signedconfig/verify_b64.sh
blob: a4ac6a816d1472a567779705e35a3660d95fba3a (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36

#!/bin/bash

# Script to verify signatures, with both signature & data given in b64
# Args:
# 1. data (base64 encoded)
# 2. signature (base64 encoded)
# The arg values can be taken from the debug log for SignedConfigService when verbose logging is
# enabled.

function verify() {
  D=${1}
  S=${2}
  K=${3}
  echo Trying ${K}
  openssl dgst -sha256 -verify $(dirname $0)/${K} -signature <(echo ${S} | base64 -d) <(echo ${D} | base64 -d)
}


PROD_KEY_NAME=prod_public.pem
DEBUG_KEY_NAME=debug_public.pem
SIGNATURE="$2"
DATA="$1"

echo DATA: ${DATA}
echo SIGNATURE: ${SIGNATURE}

if verify "${DATA}" "${SIGNATURE}" "${PROD_KEY_NAME}"; then
  echo Verified with ${PROD_KEY_NAME}
  exit 0
fi

if verify "${DATA}" "${SIGNATURE}" "${DEBUG_KEY_NAME}"; then
  echo Verified with ${DEBUG_KEY_NAME}
  exit 0
fi
exit 1
generated by cgit v1.2.3 (git 2.25.1) at 2025-10-03 02:29:13 +0000