1#!/bin/sh 2# 3# $OpenBSD: signify.sh,v 1.10 2020/04/03 12:01:56 bluhm Exp $ 4 5srcdir=$1 6 7pubkey="$srcdir/regresskey.pub" 8seckey="$srcdir/regresskey.sec" 9orders="$srcdir/orders.txt" 10forgery="$srcdir/forgery.txt" 11 12set -e 13 14cat $seckey | signify -S -s - -x test.sig -m $orders 15diff -u "$orders.sig" test.sig 16 17signify -V -q -p $pubkey -m $orders 18 19signify -V -q -p $pubkey -m $forgery 2> /dev/null && exit 1 20 21signify -S -s $seckey -x confirmorders.sig -e -m $orders 22signify -V -q -p $pubkey -e -m confirmorders 23diff -u $orders confirmorders 24 25sha256 $pubkey $seckey > HASH 26sha512 $orders $forgery >> HASH 27signify -S -e -s $seckey -m HASH 28rm HASH 29signify -C -q -p $pubkey -x HASH.sig 30 31tar zcPf archive.tgz $srcdir/*.txt 32signify -zS -s $seckey -m archive.tgz -x signed.tgz 33# check it's still valid gzip 34gunzip -t signed.tgz 35# verify it 36signify -zV -p $pubkey <signed.tgz|signify -zV -p $pubkey|gunzip -t 37true 38