nathanmcrae/create-file-message
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add simple usage explanation + TODOs

Browse Source
This commit is contained in:
Nathan McRae
2025-11-22 22:57:07 -08:00
parent bad45b4a1a
commit c4b9ad3c12
2 changed files with 7 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
create-file-message.sh
View File

@@ -2,6 +2,7 @@
TEMPLATE_FILE="$(dirname $0)/verify-script.template"
# TODO: argument for the message in case you want to apply it to many files.
read -p "Enter message to sign for the file: " MESSAGE
MESSAGE="$MESSAGE\n"
#echo "message: $MESSAGE"

6
readme.txt
View File

@@ -1,3 +1,9 @@
This simple script takes a file as an argument and prompts the user for a message. Then a new script is created alongside the target file as {filename}.sh which has the message and file hash embedded. You would then sign the script file and distribute all three.
To verify that your message applies to the file they recieved, your recipient(s) would verify your signature of the script, and then run it (or merely inspect it if they don't trust you too much) which will confirm their file matches the one you wrote the message about.
Motivation:
Signing a file typically means "I authored this", but sometimes you want to sign something else, for example to indicate that you retrieved something on a given date.
However, just signing the file can't really convey that meaning. There are probably plenty of potential formats that could deal with this, but one very simple method is to create a bash file associated with the file you want to attest and have a message + file hash embedded in the script. Then you can sign the script which ties the message to the specific version of the file. Whoever recieves the trio of files would verify the script with the signature, then run the script which would output the message if the target file matches the embedded hash.