nolim1t/test.txt

## test.txt
Hello World

## test.txt.sha256
d2a84f4b8b650937ec8f73cd8be2c74add5a911ba64df27458ed8229da804a26  test.txt

## test.txt.sha256.asc
-----BEGIN PGP SIGNATURE-----

iQIzBAABCAAdFiEEksL5+RunkK1CmZ/Q9ih7gsyEvL0FAl9PgGIACgkQ9ih7gsyE
vL20Mw//dtDboYt34uHQnz/I7Fwfut3CLb/nJaSCCh+RHzRWWdGqOMAsPwyqyGIW
fj8HpsFoNXFT639Lr5gLbxbXR6bxt82Lb72BFBB4mk4i1OFb+L21cc1dav7RfyGh
0L3k22rCDPt5Y3RiFNmhuRk6gP4EW7IR96WelGlxNHdwIgsWMG7fWwsp6ADxL5zp
5vp5a0MML5aYI8lxNqu+MCiVo5A1KgesVsa5ywgwUjJosIi1thEdVAuan69wVu4h
3c8b4G3pCO6mT/S3+lwRonOzozNVoyMR25PVTs9mU6YYQpUv2AxUaDo3vVPObccH
tWT+bnwEFT75HKhzg5LgJuhFVQqyiZnp3BhK1faOCPtHjmjavzuGI+ncN98NbXDX
Z+63hNzpfUQJOGQRVp9Hect0Us7y3InW+t0Jexft7fDfjwLN6p+Nr1P/kB8KM9EA
L6h2elEqg6lyfPbSfgf7aWstXAjgWsmiEPY30Xjdmc/RhT1Ji07zG3su1j3dlIFN
nl3bpTO/XB9nZzlgBTB528/4zDPfMar0Lf3EqjV310a0TPC2jmOIZtuAIQd4TzKw
Kgb3tcSe2J0yyh9eXjWg3dL6aWYGsZo6SZEZYPWPgh/VUbTAn8rY/b2dt3J+VyZ5
XrI9rC5LZLYj3lSEU7f86bJLrFRdijQ0eRp3RMwj/kvTUSGE1bw=
=Xfbz
-----END PGP SIGNATURE-----

## verify.sh
#!/bin/bash


# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
# IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY CLAIM, DAMAGES OR
# OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
# ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
# OTHER DEALINGS IN THE SOFTWARE.

check_dependencies () {
  for cmd in "$@"; do
    if ! command -v $cmd >/dev/null 2>&1; then
      echo "This script requires \"${cmd}\" to be installed"
      exit 1
    fi
done
}

check_dependencies sha256sum getopts gpg

while getopts f:h flag
do
    case "${flag}" in
        f) FILENAME=${OPTARG};;
        h)
            echo "Usage: "
            echo "      verify.sh -h                Displays this help message"
            echo "      verify.sh -f <filename>     Checks sha256sum of a file"
            exit 0
            ;;
        \?)
            echo "Invalid option. Try -h for options"
            exit 1
            ;;
        :)
            echo "Invalid Option: -$OPTARG requires an argument" 1>&2
            exit 1
            ;;
    esac
done
if [ -z $FILENAME ]; then
    echo "Error: Must specify a filename with the -f flag"
    exit 1
fi

if [ ! -f $FILENAME ]; then
        echo "Filename ${FILENAME} does not exist!"
        exit 1
fi

SHA256SUM=$(cat $FILENAME | sha256sum | awk '{print $1}')
SHA256SUMFILE=$(cat "${FILENAME}.sha256" | awk '{print $1}')
# 64-bit key ID (You can get it from gpg --keyid-format LONG --list-keys)
GPGKEY="F6287B82CC84BCBD"

gpg --keyserver keyserver.ubuntu.com --recv-key $GPGKEY

if [ $SHA256SUM == $SHA256SUMFILE ]; then
    echo "OK"
    # Do PGP verify
    # gpg --armor --output test.txt.sha256.asc --detach-sig test.txt.sha256
    # side note: signing gpg --armor --output test.txt.sha256.asc --detach-sig test.txt.sha256
    if [ -f $(echo "${FILENAME}.sha256.asc") ]; then
      gpg --verify ${FILENAME}.sha256.asc
      exit 0
    else
      echo "GPG signed file doesn't exist! Maintainer needs to sign with output and --detach-sig option"
      exit 1
    fi
else
    echo "Not ok"
    echo "Filename Hash ${SHA256SUM} but got ${SHA256SUMFILE} for the hash file. Please check"
    exit 1
fi
	-----BEGIN PGP SIGNATURE-----

	iQIzBAABCAAdFiEEksL5+RunkK1CmZ/Q9ih7gsyEvL0FAl9PgGIACgkQ9ih7gsyE
	vL20Mw//dtDboYt34uHQnz/I7Fwfut3CLb/nJaSCCh+RHzRWWdGqOMAsPwyqyGIW
	fj8HpsFoNXFT639Lr5gLbxbXR6bxt82Lb72BFBB4mk4i1OFb+L21cc1dav7RfyGh
	0L3k22rCDPt5Y3RiFNmhuRk6gP4EW7IR96WelGlxNHdwIgsWMG7fWwsp6ADxL5zp
	5vp5a0MML5aYI8lxNqu+MCiVo5A1KgesVsa5ywgwUjJosIi1thEdVAuan69wVu4h
	3c8b4G3pCO6mT/S3+lwRonOzozNVoyMR25PVTs9mU6YYQpUv2AxUaDo3vVPObccH
	tWT+bnwEFT75HKhzg5LgJuhFVQqyiZnp3BhK1faOCPtHjmjavzuGI+ncN98NbXDX
	Z+63hNzpfUQJOGQRVp9Hect0Us7y3InW+t0Jexft7fDfjwLN6p+Nr1P/kB8KM9EA
	L6h2elEqg6lyfPbSfgf7aWstXAjgWsmiEPY30Xjdmc/RhT1Ji07zG3su1j3dlIFN
	nl3bpTO/XB9nZzlgBTB528/4zDPfMar0Lf3EqjV310a0TPC2jmOIZtuAIQd4TzKw
	Kgb3tcSe2J0yyh9eXjWg3dL6aWYGsZo6SZEZYPWPgh/VUbTAn8rY/b2dt3J+VyZ5
	XrI9rC5LZLYj3lSEU7f86bJLrFRdijQ0eRp3RMwj/kvTUSGE1bw=
	=Xfbz
	-----END PGP SIGNATURE-----
	#!/bin/bash


	# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
	# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
	# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
	# IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY CLAIM, DAMAGES OR
	# OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
	# ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
	# OTHER DEALINGS IN THE SOFTWARE.

	check_dependencies () {
	for cmd in "$@"; do
	if ! command -v $cmd >/dev/null 2>&1; then
	echo "This script requires \"${cmd}\" to be installed"
	exit 1
	fi
	done
	}

	check_dependencies sha256sum getopts gpg

	while getopts f:h flag
	do
	case "${flag}" in
	f) FILENAME=${OPTARG};;
	h)
	echo "Usage: "
	echo " verify.sh -h Displays this help message"
	echo " verify.sh -f <filename> Checks sha256sum of a file"
	exit 0
	;;
	\?)
	echo "Invalid option. Try -h for options"
	exit 1
	;;
	:)
	echo "Invalid Option: -$OPTARG requires an argument" 1>&2
	exit 1
	;;
	esac
	done
	if [ -z $FILENAME ]; then
	echo "Error: Must specify a filename with the -f flag"
	exit 1
	fi

	if [ ! -f $FILENAME ]; then
	echo "Filename ${FILENAME} does not exist!"
	exit 1
	fi

	SHA256SUM=$(cat $FILENAME \| sha256sum \| awk '{print $1}')
	SHA256SUMFILE=$(cat "${FILENAME}.sha256" \| awk '{print $1}')
	# 64-bit key ID (You can get it from gpg --keyid-format LONG --list-keys)
	GPGKEY="F6287B82CC84BCBD"

	gpg --keyserver keyserver.ubuntu.com --recv-key $GPGKEY

	if [ $SHA256SUM == $SHA256SUMFILE ]; then
	echo "OK"
	# Do PGP verify
	# gpg --armor --output test.txt.sha256.asc --detach-sig test.txt.sha256
	# side note: signing gpg --armor --output test.txt.sha256.asc --detach-sig test.txt.sha256
	if [ -f $(echo "${FILENAME}.sha256.asc") ]; then
	gpg --verify ${FILENAME}.sha256.asc
	exit 0
	else
	echo "GPG signed file doesn't exist! Maintainer needs to sign with output and --detach-sig option"
	exit 1
	fi
	else
	echo "Not ok"
	echo "Filename Hash ${SHA256SUM} but got ${SHA256SUMFILE} for the hash file. Please check"
	exit 1
	fi