180 lines
6.6 KiB
Bash
Executable File
180 lines
6.6 KiB
Bash
Executable File
#!/bin/bash
|
|
#===============================================================================
|
|
#
|
|
# DIRECTORY:
|
|
# /home/*/.local/share/nautilus/scripts/01-verify/
|
|
# OR
|
|
# /home/*/.gnome2/nautilus-sctipts/01-verify/ (deprecated)
|
|
#
|
|
# FILE:
|
|
# 02c-gpg-verify
|
|
#
|
|
# USAGE:
|
|
# Right klick on the first file of an EWF image and
|
|
# choose this nautilus script from the context menu.
|
|
#
|
|
# OPTIONS:
|
|
# none
|
|
#
|
|
# DESCRIPTION:
|
|
# Verifies that an logfile was digitally signed by a specific examiner.
|
|
#
|
|
# REQUIREMENTS:
|
|
# bash, zenity, gpg, grep, awk and coreutils
|
|
#
|
|
# BUGS:
|
|
# ---
|
|
#
|
|
# NOTES:
|
|
# Tested on
|
|
# - Arch Linux
|
|
#
|
|
# AUTHOR:
|
|
# Patrick Neumann, patrick@neumannsland.de
|
|
#
|
|
# COMPANY:
|
|
# (privately)
|
|
#
|
|
# VERSION:
|
|
# 0.9 (beta)
|
|
#
|
|
# LINK TO THE MOST CURRENT VERSIONS:
|
|
# https://...
|
|
#
|
|
# CREATED:
|
|
# 11.09.2020
|
|
#
|
|
# COPYRIGHT (C):
|
|
# 2015-2020 - Patrick Neumann
|
|
#
|
|
# LICENSE:
|
|
# This program is free software: you can redistribute it and/or modify
|
|
# it under the terms of the GNU General Public License as published by
|
|
# the Free Software Foundation, either version 3 of the License, or
|
|
# (at your option) any later version.
|
|
#
|
|
# WARRANTY:
|
|
# This program is distributed in the hope that it will be useful,
|
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
# GNU General Public License for more details.
|
|
#
|
|
# You should have received a copy of the GNU General Public License
|
|
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
#
|
|
# TODO:
|
|
# - more DRY (dont repeat yourself)!
|
|
#
|
|
# HISTORY:
|
|
# 0.9 - Patrick Neumann - Initial (public) release
|
|
#
|
|
#===============================================================================
|
|
|
|
#-------------------------------------------------------------------------------
|
|
# Additional supported Distribution(s) (add before Library!).
|
|
#-------------------------------------------------------------------------------
|
|
SUPPORTED_OSR="arch"
|
|
|
|
#-------------------------------------------------------------------------------
|
|
# Check for library (casualscripter_nautilus-scripts_functions.sh).
|
|
#-------------------------------------------------------------------------------
|
|
readonly LIBRARY="${0%/*/*}/.casualscripter_nautilus-scripts_functions.sh"
|
|
if [ ! -f "${LIBRARY}" ] ; then
|
|
zenity --error \
|
|
--text \
|
|
"ERROR: casualscripter_nautilus-scripts_functions.sh MISSING!"
|
|
exit 1
|
|
fi
|
|
|
|
source "${LIBRARY}"
|
|
|
|
#-------------------------------------------------------------------------------
|
|
# Checks (see library "casualscripter_nautilus-scripts_functions.sh").
|
|
#-------------------------------------------------------------------------------
|
|
check_dep "${BASENAME_BIN}" "coreutils"
|
|
check_dep "${OPENSSL_BIN}" "openssl"
|
|
check_dep "${AWK_BIN}" "gawk"
|
|
check_dep "${GREP_BIN}" "grep"
|
|
check_dep "${GPG_BIN}" "gnupg"
|
|
|
|
check_ext "${SOURCE}" "info|log|txt"
|
|
|
|
check_tmp
|
|
|
|
#-------------------------------------------------------------------------------
|
|
# Import public key if needed.
|
|
#-------------------------------------------------------------------------------
|
|
if [ -r "${SOURCE}.sig" ] ; then
|
|
if ${GPG_BIN} --verify "${SOURCE}.sig" "${SOURCE}" 2>&1 | ${GREP_BIN} --fixed-strings "No public key" 2>&1 > /dev/null ; then
|
|
readonly GPG_PUB_KEY_FILE="$( ${ZENITY_BIN} --title="Select gpg public key file" \
|
|
--file-selection )"
|
|
if [ -z "${GPG_PUB_KEY_FILE}" ] ; then
|
|
error_exit "no gpg public key file choosen"
|
|
fi
|
|
|
|
PUBKEY1="$( ${GPG_BIN} "${GPG_PUB_KEY_FILE}" 2>/dev/null | ${GREP_BIN} --only-matching --only-matching "[[:xdigit:]]{40}" )"
|
|
PUBKEY2="$( ${GPG_BIN} --verify "${SOURCE}.sig" "${SOURCE}" 2>&1 | ${GREP_BIN} --only-matching --only-matching "[[:xdigit:]]{40}" )"
|
|
|
|
if [ "${PUBKEY1}" != "${PUBKEY2}" ] ; then
|
|
error_exit "wrong gpg public key file"
|
|
fi
|
|
|
|
${GPG_BIN} --import "${GPG_PUB_KEY_FILE}"
|
|
|
|
# gpg --edit-key "${PUBKEY1}"
|
|
# -> trust
|
|
# -> 5
|
|
# -> save
|
|
fi
|
|
elif [ -r "${SOURCE}.asc" ] ; then
|
|
if ${GPG_BIN} --verify "${SOURCE}.asc" 2>&1 | ${GREP_BIN} --fixed-strings "No public key" 2>&1 > /dev/null ; then
|
|
readonly GPG_PUB_KEY_FILE="$( ${ZENITY_BIN} --title="Select gpg public key file" \
|
|
--file-selection )"
|
|
|
|
if [ -z "${GPG_PUB_KEY_FILE}" ] ; then
|
|
error_exit "no gpg public key file choosen"
|
|
fi
|
|
|
|
PUBKEY1="$( ${GPG_BIN} "${GPG_PUB_KEY_FILE}" 2>/dev/null | ${GREP_BIN} --only-matching "[[:xdigit:]]{40}" )"
|
|
PUBKEY2="$( ${GPG_BIN} --verify "${SOURCE}.asc" 2>&1 | ${GREP_BIN} --only-matching "[[:xdigit:]]{40}" )"
|
|
|
|
if [ "${PUBKEY1}" != "${PUBKEY2}" ] ; then
|
|
error_exit "wrong gpg public key file"
|
|
fi
|
|
|
|
${GPG_BIN} --import "${GPG_PUB_KEY_FILE}"
|
|
fi
|
|
else
|
|
error_exit "no gpg signatur (.sig or .asc) found"
|
|
fi
|
|
|
|
#-------------------------------------------------------------------------------
|
|
# Generate gpg verify file, if necessary.
|
|
#-------------------------------------------------------------------------------
|
|
readonly GPGVERIFY="${TMP}/gpg-verify-$( ${BASENAME_BIN} "${SOURCE}" ).txt"
|
|
|
|
if [ ! -f "${GPGVERIFY}" ] ; then
|
|
if [ -r "${SOURCE}.sig" ] ; then
|
|
${PRINTF_BIN} "Verified log file:\n %s\n\n" "$( ${BASENAME_BIN} "${SOURCE}" )" > "${GPGVERIFY}"
|
|
${PRINTF_BIN} "Verified signature file:\n %s\n\n" "$( ${BASENAME_BIN} "${SOURCE}" ).sig" >> "${GPGVERIFY}"
|
|
${PRINTF_BIN} "MD5 of log file:\n %s\n\n" "$( ${OPENSSL_BIN} dgst -md5 "${SOURCE}" | ${AWK_BIN} '{ print $NF }' )" >> "${GPGVERIFY}"
|
|
${PRINTF_BIN} "SHA1 of log file:\n %s\n\n" "$( ${OPENSSL_BIN} dgst -sha1 "${SOURCE}" | ${AWK_BIN} '{ print $NF }' )" >> "${GPGVERIFY}"
|
|
${PRINTF_BIN} "Output of gnupg:\n\n" >> "${GPGVERIFY}"
|
|
${GPG_BIN} --verify "${SOURCE}.sig" "${SOURCE}" 2>> "${GPGVERIFY}"
|
|
elif [ -r "${SOURCE}.asc" ] ; then
|
|
${PRINTF_BIN} "Verified log file:\n %s\n\n" "$( ${BASENAME_BIN} "${SOURCE}" )" > "${GPGVERIFY}"
|
|
${PRINTF_BIN} "Verified signature file:\n %s\n\n" "$( ${BASENAME_BIN} "${SOURCE}" ).asc" >> "${GPGVERIFY}"
|
|
${PRINTF_BIN} "MD5 of log file:\n %s\n\n" "$( ${OPENSSL_BIN} dgst -md5 "${SOURCE}.asc" | ${AWK_BIN} '{ print $NF }' )" >> "${GPGVERIFY}"
|
|
${PRINTF_BIN} "SHA1 of log file:\n %s\n\n" "$( ${OPENSSL_BIN} dgst -sha1 "${SOURCE}.asc" | ${AWK_BIN} '{ print $NF }' )" >> "${GPGVERIFY}"
|
|
${PRINTF_BIN} "Output of gnupg:\n\n" >> "${GPGVERIFY}"
|
|
${GPG_BIN} --verify "${SOURCE}.asc" 2>> "${GPGVERIFY}"
|
|
fi
|
|
fi
|
|
|
|
#-------------------------------------------------------------------------------
|
|
# Display content of the resultfile "gpg-verify...txt".
|
|
#-------------------------------------------------------------------------------
|
|
display_resultfile "${GPGVERIFY}"
|
|
|
|
exit 0
|