#!/bin/sh
set -e

rm -f signify.sec signify.pub checksums checksums.sig file*.txt

# -G : Generate
# -s : Secret key
# -p : Public key
# -n : No password
signify -G -s signify.sec -p signify.pub -n

echo "Sample data" >file_1.txt
echo "Sample data2" >file_2.txt
echo "Sample data3" >file_3.txt

# Cksum, generate BSD-style checksums
cksum -a sha256 file_*.txt >checksums

# Print the regular cksums
echo -e "\n=== Cksum Generated ===\n"
cat checksums

# How cksum verifies checksums without signify
cksum --quiet -a sha256 -c checksums

# -e : Embed data under signature
signify -Sm checksums -s signify.sec -e

# Print the now inline-signed checksums
echo -e "\n=== Signify Generated ===\n"
cat checksums.sig
echo

# One-step verification of signature *and* checksums
signify -Vm checksums -p signify.pub