#!/bin/bash
if [ -e "${1}_hash.txt" ]
 then
echo "
Verifying file checksums
========================"
  shasum -a 256 -c "${1}_hash.txt"
fi

if [ -e "${1}_hash.SHA256withRSA.sig" ]
 then
  openssl enc -d -A -base64 -in "${1}_hash.SHA256withRSA.sig" -out "${1}-decoded.sig"
fi

if [ -e cert.pem ]
 then
  openssl x509 -pubkey -noout -in cert.pem > "publickey-${1}.pem"
fi

echo "
Verifying signature
==================="
openssl dgst -sha256 -verify "publickey-${1}.pem" -signature "${1}-decoded.sig" "${1}_hash.txt"
rm "${1}-decoded.sig" "publickey-${1}.pem"
