Last active
May 25, 2020 00:51
-
-
Save trinitronx/aee110cbdf55e67185dc44272784e694 to your computer and use it in GitHub Desktop.
Script to Verify My Software Signing Key & Keybase Identity
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| KEYBASE_USERID=trinitronx | |
| GPG_PUBKEY_URL="https://keybase.io/trinitronx/key.asc" | |
| SIGCHAIN_LINK="271330c45423cd997dafdc3f355c9575c0e6213aeb464596a457995ba0ae89110f" | |
| THIS_SCRIPT_URL="https://gist.github.com/trinitronx/aee110cbdf55e67185dc44272784e694/raw/keybase-verify-signing-key-sig.sh" | |
| THIS_SCRIPT_KEYBASE_SIGNATURE_URL="https://gist.github.com/trinitronx/aee110cbdf55e67185dc44272784e694/raw/keybase-verify-signing-key-sig.sh.keybase.sig.asc" | |
| THIS_SCRIPT_GPG_SIGNATURE_URL="https://gist.github.com/trinitronx/aee110cbdf55e67185dc44272784e694/raw/keybase-verify-signing-key-sig.sh.gpg.sig.asc" | |
| echo "This script requires that curl, gpg2, and jq are installed" | |
| echo "" | |
| echo "To install them on a Mac: brew install curl jq && brew cask install gpgtools" | |
| echo "" | |
| echo "Verifying Sibling Key Signature on Keybase Sigchain:" | |
| echo "https://keybase.io/${KEYBASE_USERID}/sigchain#${SIGCHAIN_LINK}" | |
| echo "" | |
| curl -sL "https://keybase.io/_/api/1.0/sig/get.json?sig_id=${SIGCHAIN_LINK}" | jq --raw-output '.sigs[].payload_json' | jq --raw-output '.body.sibkey.reverse_sig' | gpg2 --verify | |
| keybase id $KEYBASE_USERID | |
| echo "Current Key From: $GPG_PUBKEY_URL" | |
| echo "" | |
| curl -Ls "$GPG_PUBKEY_URL" | gpg2 | |
| # Only lists current user GPG keys | |
| #keybase pgp list | |
| echo "" | |
| echo "Verifying Keybase Signature of THIS SCRIPT..." | |
| echo "" | |
| echo "-----BEGIN KEYBASE SIGNED MESSAGE-----" | |
| curl -H 'Cookie: varnish=breakcache' -Ls "$THIS_SCRIPT_KEYBASE_SIGNATURE_URL" | keybase verify -i - -S $KEYBASE_USERID | |
| echo "-----END KEYBASE SIGNED MESSAGE-----" | |
| echo "" | |
| echo "" | |
| echo "Verifying GPG Signature of THIS SCRIPT..." | |
| echo "" | |
| curl -H 'Cookie: varnish=breakcache' -Ls "$THIS_SCRIPT_URL" | gpg2 --verify <(curl -H 'Cookie: varnish=breakcache' -Ls "$THIS_SCRIPT_GPG_SIGNATURE_URL") - | |
| echo "" |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| -----BEGIN PGP SIGNATURE----- | |
| Comment: GPGTools - https://gpgtools.org | |
| iQIcBAABCgAGBQJXhfGIAAoJECaJpFmxVo0JatgQALoIEEvWodmBeY6i2vgPm4ub | |
| ZmqyWwLjyHpD719djyVfBqZSBBkR5bixn8TQbQVXls8IHaBG4sOdG9LDF9sQ6jUI | |
| abwESUsSyhuJ8Eu+rD48K535o3bk8KvqNvlvOvQbpDI/fgI2cBH3wVf645UItbbw | |
| vl5ytbQIhqqAGJbH+iZXyOSU0BZ/3R+czEI8hMgZUGNbJowEo44+f1XnfWzIYYJm | |
| h++6NLtgi1DjGkKXhPHfU8qmeWoQcN9T6KIN4zYUdbsInINfhOFhaSZo9DHb8VsQ | |
| cc369odDBYD+q2dTT6WO2WkRL3q1/DXghTL8R3UTAfMx8xVJka0YGvIkYUQ1ofUs | |
| 8f0lp/NcTpmlVvjXXit4uVpG1kozox5fogVmWaB9q2aEKNLzh13A3yGhC5zFln5C | |
| JGM2sUNnFNU3S0woIS7816ve7Q2XdaqaGDbhEtgPYH5awYiwpGP9/t0IbxCFkCrx | |
| KUyhauJxQl+DVfY/O2EWJqdbW/bHZ2BTdnTQI9XBUAjY7Tv2H2kwLf8T7OsWj6R0 | |
| 0WUZ6a9Iyz+LBp6spgAW+dxeyZDhx9Ui7SKdcbcVZFkU+Hw2NeCm5zU88D/jjCNk | |
| 1OhbA0/NIqrL1ytYKjpufYFMXmdzf1E5wrb2Vs8P/x9+ubWRaMUxNDmeoYQQLLGb | |
| xwQJ1E1aptaQjx10kAxS | |
| =zAN7 | |
| -----END PGP SIGNATURE----- |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| BEGIN KEYBASE SALTPACK SIGNED MESSAGE. kXR7VktZdyH7rvq v5wcIkHbs2W6g2I 7lgNvhIsMvZjNQ3 f1cYbr9FBNLBtdc r9tsjpqIgPjWI3R 6U19AaO4kjDrYxK 2l5lhp37enNaYxi fkbtfIGg1J80j1r BswqlOWNmXP9FIp ppd4EbrcZUoU4sw FCF0W7XDB1TdL7H J8AaAuS6VnfCzl9 yyeqXzQl1SD9HBq lmNnFBLjv0LzDHC q40azJkFsxNl2WF Vf6PG4lu3k3tSfO WZnPFi0R3WlN58S 4KL89ryWDYCF0DE 0zzTL3rcMRItoU5 FTUCQk4wC8WTeHu 7O3s5wz2vV1mwdV hj50TTxwJXjGNHI kV26gOApyJdxKvC NOLf1ForN5uVobZ lIot7zHaC5ArfW0 3wXEaI5CZJdVNHn vR21CGPj9YWG7yx 8QDgCVm5dKL8KRh tN6D6GQn3nJk8lQ z0BoRbXsqf2JdXT IUjXyqT93NpCEs1 ng7U8SfGNZuIg5d l8LxWfwNNxt9qBQ I6ryYEhDOvSD5vZ AyFGi8CeyZs7A6U XGhABHI4j8LKZfq hCoi6hIZNz8dkBS fRrFOIZc3dk7K7N O8PIrsfX66op8q3 gzFh2A6k3yyecZc 9xJ30sroHyjdzwS 88CvcMnaHkquiTu TzL1bkncfSLXBvu BBijh1vR4oc1lkz POvMj1YOufTx0Jj xs02t5kcxBe4rBf E9aIstZXccFSi1c EUUvAWZnQx4DuXv dleeqXgK0tlSGH0 alWcN0xkXgeisUZ dkXTrijxMA1DKvO 7mKZ40N0hB0vLDh tzTy2ohCrDSKZUD Ga3lfvDwJMco4Sv 4jxnKWyManLeunG ODw03Bdjb9qegdE rv9Rmob9nO8AAoj rtDeOB0EdBKpX8j B0SyRR8HKoQy0NX LLTpIA3cql5pGwn bACOEfb8ULcBrFc oqwSZSGVznGx15T MiIhFuJL11IsNup 0N6jN01cyJRT0kc WTrG5aht0QZZ2UK 5ZtsQB0bskxGF6O Sz4CAlBPHlbvcuq CQuGIQ0T8NjMkfU bS0NG0ogwvC9Qu5 2kczaz9mm5AHOxn 9j1bfyjSmSA5OTS YyMVqzsWtlR7qaU rT21XJxMSI6Krwd i62il12HetSaK42 eGx2q90bQBrTvgQ zlghKKl4d9y4h5K g5E140lFgfZD2Xz apaWVFPi2KLowi4 WpjtmKjm5zqHowM oAGH2Ph0sWvdcye 9H0aOWlu8OI5ura jzM8vp4DFkMGwLc SxLFYaeIx5a5f6O FiOSAlwP77jyGtx NkLAWatrL1Caaxf e4V5P5XLGihkEOP RMY7KdKpbmo23ki JNMT1mnLRvCOwDG N8IJIvHjkaObiN6 jN0Dv8vE9P52WWz Wsnb5Lk1dNYgrky QskvffxTMyXQ7FW 7TYTPomwdnDuqgb nFstiVNp6Ub506p 8UvDEfjlaPdftkd OM7bodgCNF72wrU PfGfhTlm2u8l07a QZb3MpbBf3T7qMT wySqU54BN8mzPXf 5eVVFL0qK0fKfc3 MFpezHNknwCNEsp FeL0DbKfjW6CeSj Tn7CZBdVadcdTF1 0YlOzf5MdvQVzoM d9cEYMBZB8MjCZ2 3lQUYGtISgOUBwQ pRqphfnxtHSCddd DvKH4RFdPVbpGcq L6KDGTsg3mIsVz7 cKeUv9hGxrcfHNr MnV26920iFo0GjL GQUHQ0QCjzLfGRZ RdAkzI346puTmeZ zZ3hfhX7TXFzejd V3SNk0gMlF7eVp4 XfokLQeenzcdIhi lbunVcSAnWszSUZ kkVza3B4NaFjlJh SGaxswlJ9bELZ0u UT83zlKE2vaAQDe Ps4tKJBrgHoa6aE 1qlxCL0yoyLnFWY n6UdnTXm8o8MOaA r0WF7gdO49RFzvz 7vm2gCvOgBU4TZo HMbe7D7Zknv13Fu za2SqJiHOBHGgs7 euReoTuM2WtcgYS ZPF5dpfWzDzvg0b R7qaW6jqTxGIWTU dbYJGXfV9KzjN3f GLZToZ1HJGBj1Ol OsmJhEg3M2f8h4d xHnIc1ikaZat6h3 TroeMunQ0QvJl3U wugqbE3QrunjaHA PmMJVhKvcaxgYkv kK4qJwTbNR8NeKm IABUX1hjYKDcCdr nYwRPpXeUdJNFy0 9tnC3wgHNrm2SIV D8r5t7xoPcKH6a4 k0iFGu2qQxupNLF W4k8HNKP0SrHF5C MXLnVIhWaHEX9HQ pqYkhv5iPUmWCWc VxzGRAcLZCdyDrg vrp3ndjot87lvjB LqSLQNRuKjDZLyg 3IYk2CSAMJS9fMK m1GH0UvTWM9bK5S y5K969drxkEXFg8 5pFlObaHlZwXAH9 obLjbSiAO4so3Oy J3X3wHUvafFl7gr dfp3H7ra9JHu9Nf 8z5ZuACa4W9Jg0H mmPDspr9Rs7d4DY JYynLn10rOjSVE5 tiDLFZX2C7JXrRG 0LXsHnIF7d4HHVQ PM2QlOgIQxJmRUF eS8MiUgEXglfuYR CHoL4XAmOSEklAz NS2FmFtWYXE5B92 5341a7gxOTBY8gY QPjFRMjCftITqCj xeWH5IHhamHxuNI s49bN3AyxYPcEdo 5kManLeunGODw03 Bdjb9qegdErsALh 9t7Gqi2OZi4ByEM kXI1JMpwsl1ClnQ RpRGdjWvTxVJABA TUH1Bewb24W5zex XjEcinadfdabP2l u7w7avQna3xIObm 2rNLxtNoZM32R1u Rk. END KEYBASE SALTPACK SIGNED MESSAGE. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
To verify these signatures & run the script, you may do one of either:
curl -H 'Cookie: varnish=breakcache' -Ls https://gist.githubusercontent.com/trinitronx/aee110cbdf55e67185dc44272784e694/raw/8254c26f6936be23e2c0a8a3572aaab3a3e8e6f6/keybase-verify-signing-key-sig.sh | bashgit clone https://gist.github.com/aee110cbdf55e67185dc44272784e694.git keybase-verify-trinitronx-signing-key-sig && cd keybase-verify-trinitronx-signing-key-sig && bash keybase-verify-signing-key-sig.shTo show the commit signatures of this gist: