blob: a4ac6a816d1472a567779705e35a3660d95fba3a [file] [log] [blame]
#!/bin/bash
# Script to verify signatures, with both signature & data given in b64
# Args:
# 1. data (base64 encoded)
# 2. signature (base64 encoded)
# The arg values can be taken from the debug log for SignedConfigService when verbose logging is
# enabled.
function verify() {
D=${1}
S=${2}
K=${3}
echo Trying ${K}
openssl dgst -sha256 -verify $(dirname $0)/${K} -signature <(echo ${S} | base64 -d) <(echo ${D} | base64 -d)
}
PROD_KEY_NAME=prod_public.pem
DEBUG_KEY_NAME=debug_public.pem
SIGNATURE="$2"
DATA="$1"
echo DATA: ${DATA}
echo SIGNATURE: ${SIGNATURE}
if verify "${DATA}" "${SIGNATURE}" "${PROD_KEY_NAME}"; then
echo Verified with ${PROD_KEY_NAME}
exit 0
fi
if verify "${DATA}" "${SIGNATURE}" "${DEBUG_KEY_NAME}"; then
echo Verified with ${DEBUG_KEY_NAME}
exit 0
fi
exit 1