commit bad45b4a1ae82a88c2f9cbf3b2a295eb158250d6
Author: Nathan Christopher McRae <me@nathanmcrae.name>
Date:   Sat Nov 22 22:50:50 2025 -0800

    Add initial files

diff --git a/create-file-message.sh b/create-file-message.sh
new file mode 100644
index 0000000..e493df5
--- /dev/null
+++ b/create-file-message.sh
@@ -0,0 +1,17 @@
+#!/bin/bash
+
+TEMPLATE_FILE="$(dirname $0)/verify-script.template"
+
+read -p "Enter message to sign for the file: " MESSAGE
+MESSAGE="$MESSAGE\n"
+#echo "message: $MESSAGE"
+
+FILE_NAME="$(basename $1)"
+#echo "file name: $FILE_NAME"
+FILE_HASH="$(sha256sum $FILE_NAME | awk '{print $1}')"
+#echo "file hash: $FILE_HASH"
+
+SUBSTITUTED_TEMPLATE=$(sed -e "s!{message}!$MESSAGE!g" -e "s!{filename}!$FILE_NAME!g" -e "s!{filehash}!$FILE_HASH!g" $TEMPLATE_FILE)
+
+#echo "substituted: $SUBSTITUTED_TEMPLATE"
+printf "$SUBSTITUTED_TEMPLATE" > "$1.sh"
\ No newline at end of file
diff --git a/readme.txt b/readme.txt
new file mode 100644
index 0000000..8febc74
--- /dev/null
+++ b/readme.txt
@@ -0,0 +1,3 @@
+Signing a file typically means "I authored this", but sometimes you want to sign something else, for example to indicate that you retrieved something on a given date.
+
+However, just signing the file can't really convey that meaning. There are probably plenty of potential formats that could deal with this, but one very simple method is to create a bash file associated with the file you want to attest and have a message + file hash embedded in the script. Then you can sign the script which ties the message to the specific version of the file. Whoever recieves the trio of files would verify the script with the signature, then run the script which would output the message if the target file matches the embedded hash.
\ No newline at end of file
diff --git a/verify-script.template b/verify-script.template
new file mode 100644
index 0000000..23dd06e
--- /dev/null
+++ b/verify-script.template
@@ -0,0 +1,13 @@
+#! /bin/bash
+
+MESSAGE="{message}"
+FILE="{filename}"
+EXPECTED_HASH="{filehash}"
+
+if [ "$(sha256sum "$FILE" | awk '{print $1}')" = "$EXPECTED_HASH" ]; then
+	printf "File $FILE validated with message:\n$MESSAGE"
+	exit 0
+else
+	echo "File $FILE is not valid"
+	exit 1
+fi
\ No newline at end of file