0x77dev · October 26, 2024 04:40 · 0x77dev · Oct 26, 2024
diff --git a/2024rotation.txt.sig b/2024rotation.txt.sig
 -----BEGIN PGP SIGNED MESSAGE-----
 Hash: SHA512

 Every two years, I rotate my keys. This time, I did it properly.

 https://keybase.io/0x77dev/sigchain#41043405618604e21fd80cf51afcbc43bf26e5dc71897403615626f25666d42a0f

 https://keybase.io/0x77dev/sigchain#265300a3bb9196faccb722605acb9e8c3fdc7669b9cb119dd6d25347b154df5e0f

 https://keybase.io/0x77dev/pgp_keys.asc
 -----BEGIN PGP SIGNATURE-----

 iQIzBAEBCgAdFiEEg1w6tOxSALPu35AknCUozA/+QTIFAmccbvEACgkQnCUozA/+
 QTJDaw//c4SG6doSKk/hKlTyYlIKADa0uH7kZ3PBRHwOB8x/s8FKJyrpviLNUnE2
 W6c9seqwRVdjoP5ZwV4K+/r3Oa/0LZpehxDBajgDp0lqieAa/D60LFhgbAxGsq0/
 nUgbk5Q9eApSdqMQ+aknU2R3HdDgAVbfkhYHiY6aHhBdVHX/KBAG12omRyJcbanT
 OlsQ/YYo6f3piZpKJqOze1DiHavyMKkKrrL1iyXo0d6Cob5efHqT13FHX8GM0W+i
 NLpW0mZq/npJV/RQxFGBDC+DWDgmIF3lKtfF8nNidstztclzn2mL5cQugb/KhqBk
 JnGG61xMZROFyitsADqkAEAgwb+R3lM5p4yGza0kYj6sRQ6biLdsdkK1H5AyPOk4
 Q3jVWJ2AJjK4vtM8MJobnr78uWz4IKnRQC9f0AQPnx8QyFzSkl2QHPf2SFGzAQd4
 0jLdJ7q3cb7jHQgo9sChKDKFyYyQmFipNSY9Q1YKdzIp+Hbp7Wkx/yPXuZft7Fo2
 wvPTRCA5V5IKmAVsLpCLQ995psiv47hvUG2D/y9gmQtUGzeVFWrijBa648Vd+J0I
 zyd3eo28PfCkNHIvmjFNP95ZrdNCQtJ9+R21qDviivN4/blA3fgKMcYHbOCBJcnh
 WsTWVBJ4VVEHEY0lzgDh9jjcIELH3yL5lMCPtITvxXD/YGO24Gs=
 =Xzim
 -----END PGP SIGNATURE-----
diff --git a/3914D7E2 Revocation certificate.asc b/3914D7E2 Revocation certificate.asc
 -----BEGIN PGP PUBLIC KEY BLOCK-----
 Comment: This is a revocation certificate

 iQI2BCABCgAgFiEENjHxKUwXkyYfK9QgBD+tYTkU1+IFAmcccrACHQAACgkQBD+t
 YTkU1+JQPQ//fgXjdj1hE0CgHrK4vNn44O3U77IotDv9K5TicXs4fuiVAbuJgec/
 4uNcFsEZb/gqhRsigWbpVgRDskUpBFnSPu0/V3Waf8szsnwIOWhjjMDIpbyeixrf
 mM5pB69oNDYgTqOVogKg0fslQon9kQYJXRAxwyWnKOVpG8V6zCu1oMyZw2HsTVrq
 ZHOjgKcxL33rRkNKvZbhWuZO/NMsotUwvJr1nMwcmYBiTZ9hVIX1SFd4akF3LSxs
 4k/XrAC5E879qwnI5uofl1iELn1/1QYFF3ZEzqPMJc5jQgTmz6kHG3xyqu6OaEuI
 cUIdAnwlPoh7tuTnG/7E6sXwXnEiV76bVfh47GGiOsODu4uJAQ0fEAxCYJWjHbrD
 gMVvjI7OW/XtlGhr68WIhQU3Sb91pL1QC6gCyIXsCTSY18a58q1al9JunruNu2WR
 J6IAGdBW1zB8xdiyKJQ5UbJDqYJFxYpC6VRYnliy+taZ7ETH3V5i4H7X+JeeoVGM
 bH4jL26KSUNPGS+Fh1Fm+A8Qb2LDnC5Et9rwa/CFY4PztXES0PwUQnDAa/n/4PgR
 lN9IhVT52GSaqsC7amFWeXGQwdd/C4HdBsPtzmGlycxYJj0Us+7ChwRd6ec8+Gmw
 I5wzQW5yTR/WVV8yHDbipDXmAEqSnNHn+LeazbS+e2d2wUMAlbzpE0g=
 =aJMF
 -----END PGP PUBLIC KEY BLOCK-----
diff --git a/verify.sh b/verify.sh
 #!/usr/bin/env bash

 # Exit on any error
 set -e

 # Strict variable handling
 set -u

 # Export variables for clarity and scope control
 export KEYBASE_URL="https://keybase.io/0x77dev/pgp_keys.asc"
 export GIST_URL="https://gist.githubusercontent.com/0x77dev/73eef30de26d939e40b8b4e90df3be02/raw/74f645ac23bcb69ac1a84b3eead5234d7d96b827/2024rotation.txt.sig"
 export EXPECTED_SHA256="bce9c15cc0102dfc7e8536f37659e9a77989819bdc3121a13690333b3fe705d4"

 # Function to clean up temporary files
 cleanup() {
    if [ -n "${TEMP_DIR:-}" ] && [ -d "$TEMP_DIR" ]; then
        rm -rf "$TEMP_DIR"
    fi
 }

 # Set up trap for cleanup on script exit
 trap cleanup EXIT

 # Create secure temporary directory that works on both macOS and Linux
 create_temp_dir() {
    TEMP_DIR=$(mktemp -d 2>/dev/null || mktemp -d -t 'pgpverify')
    echo "$TEMP_DIR"
 }

 # Function to download file with fallback methods
 download_file() {
    local url="$1"
    local output="$2"
    
    if command -v curl >/dev/null 2>&1; then
        curl -sSL "$url" -o "$output"
    elif command -v wget >/dev/null 2>&1; then
        wget -q "$url" -O "$output"
    else
        echo "Error: Neither curl nor wget is available" >&2
        exit 1
    fi
 }

 # Function to verify SHA256 checksum
 verify_sha256() {
    local file="$1"
    local expected="$2"
    local computed
    
    if command -v sha256sum >/dev/null 2>&1; then
        computed=$(sha256sum "$file" | cut -d' ' -f1)
    elif command -v shasum >/dev/null 2>&1; then
        computed=$(shasum -a 256 "$file" | cut -d' ' -f1)
    else
        echo "Error: No SHA256 verification tool available" >&2
        exit 1
    fi
    
    if [ "$computed" != "$expected" ]; then
        echo "SHA256 verification failed!" >&2
        echo "Expected: $expected" >&2
        echo "Got:      $computed" >&2
        exit 1
    fi
 }

 # Main execution
 main() {
    # Create temporary directory
    TEMP_DIR=$(create_temp_dir)
    export TEMP_DIR
    
    # Download PGP key
    local key_file="$TEMP_DIR/pgp_key.asc"
    echo "Downloading PGP key..."
    download_file "$KEYBASE_URL" "$key_file"
    
    # Verify SHA256 of the key
    echo "Verifying PGP key SHA256..."
    verify_sha256 "$key_file" "$EXPECTED_SHA256"
    echo "SHA256 verification successful!"
    
    # Import the key
    echo "Importing PGP key..."
    gpg --batch --yes --import "$key_file"
    
    # Download signed message
    local sig_file="$TEMP_DIR/message.sig"
    echo "Downloading signed message..."
    download_file "$GIST_URL" "$sig_file"
    
    # Verify signature
    echo "Verifying signature..."
    if gpg --batch --verify "$sig_file" 2>&1; then
        echo "Signature verification successful!"
    else
        echo "Signature verification failed!" >&2
        exit 1
    fi
 }

 # Execute main function
 main
	-----BEGIN PGP SIGNED MESSAGE-----
	Hash: SHA512

	Every two years, I rotate my keys. This time, I did it properly.

	https://keybase.io/0x77dev/sigchain#41043405618604e21fd80cf51afcbc43bf26e5dc71897403615626f25666d42a0f

	https://keybase.io/0x77dev/sigchain#265300a3bb9196faccb722605acb9e8c3fdc7669b9cb119dd6d25347b154df5e0f

	https://keybase.io/0x77dev/pgp_keys.asc
	-----BEGIN PGP SIGNATURE-----

	iQIzBAEBCgAdFiEEg1w6tOxSALPu35AknCUozA/+QTIFAmccbvEACgkQnCUozA/+
	QTJDaw//c4SG6doSKk/hKlTyYlIKADa0uH7kZ3PBRHwOB8x/s8FKJyrpviLNUnE2
	W6c9seqwRVdjoP5ZwV4K+/r3Oa/0LZpehxDBajgDp0lqieAa/D60LFhgbAxGsq0/
	nUgbk5Q9eApSdqMQ+aknU2R3HdDgAVbfkhYHiY6aHhBdVHX/KBAG12omRyJcbanT
	OlsQ/YYo6f3piZpKJqOze1DiHavyMKkKrrL1iyXo0d6Cob5efHqT13FHX8GM0W+i
	NLpW0mZq/npJV/RQxFGBDC+DWDgmIF3lKtfF8nNidstztclzn2mL5cQugb/KhqBk
	JnGG61xMZROFyitsADqkAEAgwb+R3lM5p4yGza0kYj6sRQ6biLdsdkK1H5AyPOk4
	Q3jVWJ2AJjK4vtM8MJobnr78uWz4IKnRQC9f0AQPnx8QyFzSkl2QHPf2SFGzAQd4
	0jLdJ7q3cb7jHQgo9sChKDKFyYyQmFipNSY9Q1YKdzIp+Hbp7Wkx/yPXuZft7Fo2
	wvPTRCA5V5IKmAVsLpCLQ995psiv47hvUG2D/y9gmQtUGzeVFWrijBa648Vd+J0I
	zyd3eo28PfCkNHIvmjFNP95ZrdNCQtJ9+R21qDviivN4/blA3fgKMcYHbOCBJcnh
	WsTWVBJ4VVEHEY0lzgDh9jjcIELH3yL5lMCPtITvxXD/YGO24Gs=
	=Xzim
	-----END PGP SIGNATURE-----
	-----BEGIN PGP PUBLIC KEY BLOCK-----
	Comment: This is a revocation certificate

	iQI2BCABCgAgFiEENjHxKUwXkyYfK9QgBD+tYTkU1+IFAmcccrACHQAACgkQBD+t
	YTkU1+JQPQ//fgXjdj1hE0CgHrK4vNn44O3U77IotDv9K5TicXs4fuiVAbuJgec/
	4uNcFsEZb/gqhRsigWbpVgRDskUpBFnSPu0/V3Waf8szsnwIOWhjjMDIpbyeixrf
	mM5pB69oNDYgTqOVogKg0fslQon9kQYJXRAxwyWnKOVpG8V6zCu1oMyZw2HsTVrq
	ZHOjgKcxL33rRkNKvZbhWuZO/NMsotUwvJr1nMwcmYBiTZ9hVIX1SFd4akF3LSxs
	4k/XrAC5E879qwnI5uofl1iELn1/1QYFF3ZEzqPMJc5jQgTmz6kHG3xyqu6OaEuI
	cUIdAnwlPoh7tuTnG/7E6sXwXnEiV76bVfh47GGiOsODu4uJAQ0fEAxCYJWjHbrD
	gMVvjI7OW/XtlGhr68WIhQU3Sb91pL1QC6gCyIXsCTSY18a58q1al9JunruNu2WR
	J6IAGdBW1zB8xdiyKJQ5UbJDqYJFxYpC6VRYnliy+taZ7ETH3V5i4H7X+JeeoVGM
	bH4jL26KSUNPGS+Fh1Fm+A8Qb2LDnC5Et9rwa/CFY4PztXES0PwUQnDAa/n/4PgR
	lN9IhVT52GSaqsC7amFWeXGQwdd/C4HdBsPtzmGlycxYJj0Us+7ChwRd6ec8+Gmw
	I5wzQW5yTR/WVV8yHDbipDXmAEqSnNHn+LeazbS+e2d2wUMAlbzpE0g=
	=aJMF
	-----END PGP PUBLIC KEY BLOCK-----
	#!/usr/bin/env bash

	# Exit on any error
	set -e

	# Strict variable handling
	set -u

	# Export variables for clarity and scope control
	export KEYBASE_URL="https://keybase.io/0x77dev/pgp_keys.asc"
	export GIST_URL="https://gist.githubusercontent.com/0x77dev/73eef30de26d939e40b8b4e90df3be02/raw/74f645ac23bcb69ac1a84b3eead5234d7d96b827/2024rotation.txt.sig"
	export EXPECTED_SHA256="bce9c15cc0102dfc7e8536f37659e9a77989819bdc3121a13690333b3fe705d4"

	# Function to clean up temporary files
	cleanup() {
	if [ -n "${TEMP_DIR:-}" ] && [ -d "$TEMP_DIR" ]; then
	rm -rf "$TEMP_DIR"
	fi
	}

	# Set up trap for cleanup on script exit
	trap cleanup EXIT

	# Create secure temporary directory that works on both macOS and Linux
	create_temp_dir() {
	TEMP_DIR=$(mktemp -d 2>/dev/null \|\| mktemp -d -t 'pgpverify')
	echo "$TEMP_DIR"
	}

	# Function to download file with fallback methods
	download_file() {
	local url="$1"
	local output="$2"

	if command -v curl >/dev/null 2>&1; then
	curl -sSL "$url" -o "$output"
	elif command -v wget >/dev/null 2>&1; then
	wget -q "$url" -O "$output"
	else
	echo "Error: Neither curl nor wget is available" >&2
	exit 1
	fi
	}

	# Function to verify SHA256 checksum
	verify_sha256() {
	local file="$1"
	local expected="$2"
	local computed

	if command -v sha256sum >/dev/null 2>&1; then
	computed=$(sha256sum "$file" \| cut -d' ' -f1)
	elif command -v shasum >/dev/null 2>&1; then
	computed=$(shasum -a 256 "$file" \| cut -d' ' -f1)
	else
	echo "Error: No SHA256 verification tool available" >&2
	exit 1
	fi

	if [ "$computed" != "$expected" ]; then
	echo "SHA256 verification failed!" >&2
	echo "Expected: $expected" >&2
	echo "Got: $computed" >&2
	exit 1
	fi
	}

	# Main execution
	main() {
	# Create temporary directory
	TEMP_DIR=$(create_temp_dir)
	export TEMP_DIR

	# Download PGP key
	local key_file="$TEMP_DIR/pgp_key.asc"
	echo "Downloading PGP key..."
	download_file "$KEYBASE_URL" "$key_file"

	# Verify SHA256 of the key
	echo "Verifying PGP key SHA256..."
	verify_sha256 "$key_file" "$EXPECTED_SHA256"
	echo "SHA256 verification successful!"

	# Import the key
	echo "Importing PGP key..."
	gpg --batch --yes --import "$key_file"

	# Download signed message
	local sig_file="$TEMP_DIR/message.sig"
	echo "Downloading signed message..."
	download_file "$GIST_URL" "$sig_file"

	# Verify signature
	echo "Verifying signature..."
	if gpg --batch --verify "$sig_file" 2>&1; then
	echo "Signature verification successful!"
	else
	echo "Signature verification failed!" >&2
	exit 1
	fi
	}

	# Execute main function
	main