#!/bin/sh -e
# Ensure that the public key can verify files signed by the private key

FILE=$(mktemp)
HASH=$(mktemp)

# Create a file with random contents
dd if=/dev/random of="${FILE}" bs=4096 count=1024 status=none

# Create a detached signature using the private key
openssl pkeyutl -sign -keyform PEM -rawin -inkey /usr/share/nemos/private.pem \
    -in "${FILE}" > "${HASH}"

# Verify the signature with the public key
openssl pkeyutl -verify -pubin -keyform PEM -rawin -inkey /usr/share/nemos/public.pem \
    -sigfile "${HASH}" -in "${FILE}"

# Clean up
rm -f "${FILE}" "${HASH}"
