tools/signedconfig/verify_b64.sh - platform/frameworks/base - Git at Google

 #!/bin/bash

 # Script to verify signatures, with both signature & data given in b64
 # Args:
 # 1. data (base64 encoded)
 # 2. signature (base64 encoded)
 # The arg values can be taken from the debug log for SignedConfigService when verbose logging is
 # enabled.

 function verify() {
   D=${1}
   S=${2}
   K=${3}
   echo Trying ${K}
   openssl dgst -sha256 -verify $(dirname $0)/${K} -signature <(echo ${S} | base64 -d) <(echo ${D} | base64 -d)
 }


 PROD_KEY_NAME=prod_public.pem
 DEBUG_KEY_NAME=debug_public.pem
 SIGNATURE="$2"
 DATA="$1"

 echo DATA: ${DATA}
 echo SIGNATURE: ${SIGNATURE}

 if verify "${DATA}" "${SIGNATURE}" "${PROD_KEY_NAME}"; then
   echo Verified with ${PROD_KEY_NAME}
   exit 0
 fi

 if verify "${DATA}" "${SIGNATURE}" "${DEBUG_KEY_NAME}"; then
   echo Verified with ${DEBUG_KEY_NAME}
   exit 0
 fi
 exit 1
	#!/bin/bash

	# Script to verify signatures, with both signature & data given in b64
	# Args:
	# 1. data (base64 encoded)
	# 2. signature (base64 encoded)
	# The arg values can be taken from the debug log for SignedConfigService when verbose logging is
	# enabled.

	function verify() {
	D=${1}
	S=${2}
	K=${3}
	echo Trying ${K}
	openssl dgst -sha256 -verify $(dirname $0)/${K} -signature <(echo ${S} \| base64 -d) <(echo ${D} \| base64 -d)
	}


	PROD_KEY_NAME=prod_public.pem
	DEBUG_KEY_NAME=debug_public.pem
	SIGNATURE="$2"
	DATA="$1"

	echo DATA: ${DATA}
	echo SIGNATURE: ${SIGNATURE}

	if verify "${DATA}" "${SIGNATURE}" "${PROD_KEY_NAME}"; then
	echo Verified with ${PROD_KEY_NAME}
	exit 0
	fi

	if verify "${DATA}" "${SIGNATURE}" "${DEBUG_KEY_NAME}"; then
	echo Verified with ${DEBUG_KEY_NAME}
	exit 0
	fi
	exit 1