BASH SCRIPT

Digital Signatures

For the files contained in a directory (given as a command line argument) match each digital signature (*.sign files) to it's corresponding data file (*.dat files). The public key required to verified a signature will be given as a second command line argument.

Any hashes were created using the following: $ openssl dgst -sha256 -binary

Below is the general signing and verification process for reference.

Example:

$ bash script.sh folder pub.key

Data File | Signature

qwerty.dat - signature_one.sign

cookies.dat - signature_two.sign

Sol22:

Here's a possible Bash script to match digital signatures to their corresponding data files and verify them using a public key:

#!/bin/bash

# Check that the correct number of arguments were provided

if [ "$#" -ne 2 ]; then

echo "Usage: $0 "

exit 1

fi

# Save the directory and public key arguments

directory="$1"

public_key="$2"

# Loop through each signature file in the directory

for signature_file in "${directory}"/*.sign; do

# Extract the name of the corresponding data file

data_file="${signature_file%.sign}.dat"

# Verify the signature using the public key

if openssl dgst -sha256 -verify "${public_key}" -signature "${signature_file}" "${data_file}"; then

echo "Verified: ${data_file} | ${signature_file}"

else

echo "Not verified: ${data_file} | ${signature_file}"

fi

done

The script takes two command line arguments: the directory containing the data and signature files, and the public key used to verify the signatures. It then loops through each signature file in the directory, extracts the name of the corresponding data file by replacing the ".sign" extension with ".dat", and verifies the signature using the openssl dgst command. If the verification succeeds, it outputs a message indicating that the data file was verified with the corresponding signature file. If the verification fails, it outputs a message indicating that the data file was not verified with the corresponding signature file.