Add initial files

create-file-message.sh

@@ -0,0 +1,17 @@
+#!/bin/bash
+
+TEMPLATE_FILE="$(dirname $0)/verify-script.template"
+
+read -p "Enter message to sign for the file: " MESSAGE
+MESSAGE="$MESSAGE\n"
+#echo "message: $MESSAGE"
+
+FILE_NAME="$(basename $1)"
+#echo "file name: $FILE_NAME"
+FILE_HASH="$(sha256sum $FILE_NAME | awk '{print $1}')"
+#echo "file hash: $FILE_HASH"
+
+SUBSTITUTED_TEMPLATE=$(sed -e "s!{message}!$MESSAGE!g" -e "s!{filename}!$FILE_NAME!g" -e "s!{filehash}!$FILE_HASH!g" $TEMPLATE_FILE)
+
+#echo "substituted: $SUBSTITUTED_TEMPLATE"
+printf "$SUBSTITUTED_TEMPLATE" > "$1.sh"

readme.txt

@@ -0,0 +1,3 @@
+Signing a file typically means "I authored this", but sometimes you want to sign something else, for example to indicate that you retrieved something on a given date.
+
+However, just signing the file can't really convey that meaning. There are probably plenty of potential formats that could deal with this, but one very simple method is to create a bash file associated with the file you want to attest and have a message + file hash embedded in the script. Then you can sign the script which ties the message to the specific version of the file. Whoever recieves the trio of files would verify the script with the signature, then run the script which would output the message if the target file matches the embedded hash.

verify-script.template

@@ -0,0 +1,13 @@
+#! /bin/bash
+
+MESSAGE="{message}"
+FILE="{filename}"
+EXPECTED_HASH="{filehash}"
+
+if [ "$(sha256sum "$FILE" | awk '{print $1}')" = "$EXPECTED_HASH" ]; then
+	printf "File $FILE validated with message:\n$MESSAGE"
+	exit 0
+else
+	echo "File $FILE is not valid"
+	exit 1
+fi