Add gpg signing and verification support

hash_tools/create_hashes.sh

@@ -0,0 +1,14 @@
+#!/usr/bin/env bash
+
+# How to create hashes:
+# 1. run the command with 1 argument
+#   1) the version number of the site
+#
+# Example:
+# ./hash_tools/create_hashes.sh 1.4
+#
+# Will result in a new sha256sum file
+
+echo "---- Version $1 $(date +%Y.%m.%d) ---" > sha256sum
+FILES="$(find ./* -type f ! -name sha256sum ! -path './sigs/*' ! -path './pubkeys/*')"
+shasum -a 256 $FILES >> sha256sum

hash_tools/sign_hashes.sh

@@ -0,0 +1,27 @@
+#!/usr/bin/env bash
+
+# How to sign:
+# 1. run the command with 3 arguments
+#   1) the version number of the site
+#   2) the shortid of the gpg key you wish to sign with
+#   3) the github username you are signing on behalf (this isn't checked)
+#
+# Example:
+# ./hash_tools/sign_hashes.sh 1.4 3A971908 junderw
+#
+# Will result in a new sha256sum file and a new file in sigs folder called
+# sha256sum.junderw.3A971908.asc
+
+echo "---- Version $1 $(date +%Y.%m.%d) ---" > sha256sum
+FILES="$(find ./* -type f ! -name sha256sum ! -path './sigs/*' ! -path './pubkeys/*')"
+OUTPUTFILE="./sigs/sha256sum.$3.$2.asc"
+PUBKEYFILE="./pubkeys/pubkey.$3.$2.asc"
+shasum -a 256 $FILES >> sha256sum
+mkdir -p sigs
+mkdir -p pubkeys
+
+gpg -a --export $2 > $PUBKEYFILE
+echo "$(cat $PUBKEYFILE | grep -ve '^Version\|^Comment')" > $PUBKEYFILE
+
+gpg -u $2 -a --detach-sign --yes -o $OUTPUTFILE ./sha256sum
+echo "$(cat $OUTPUTFILE | grep -ve '^Version\|^Comment')" > $OUTPUTFILE

hash_tools/verify_hashes.sh

@@ -0,0 +1,41 @@
+#!/usr/bin/env bash
+
+# How to verify:
+# 1. run the command with one optional argument
+#    1) --unsafe   imports pubkeys from the pubkeys folder.
+#                  This is unsafe because you should be verifying the pubkeys
+#                  Out of band. (ie. from a keyserver etc.)
+#
+# Example:
+# ./hash_tools/verify_hashes.sh
+#
+# Will say verification success or failed
+#
+# Note: Please make sure you have imported all gpg public keys out of band.
+
+FILES="$(find ./* -type f ! -name sha256sum ! -path './sigs/*' ! -path './pubkeys/*')"
+HASHES="$(shasum -a 256 $FILES)"
+COMMITEDHASHES="$(cat sha256sum | grep -v '\-\-\-\-')"
+if [ ! "$HASHES" == "$COMMITEDHASHES" ] ; then
+  echo "Hash verification failed!!!"
+else
+
+  if [ "$1" == "--unsafe" ] ; then
+    # import keys from pubkeys folder
+    echo "Importing keys from pubkeys folder, this is unsafe..."
+    cat ./pubkeys/pubkey.*.asc > ./pubkeys/tmpkeys.asc
+    gpg --import ./pubkeys/tmpkeys.asc > /dev/null 2>&1
+    rm ./pubkeys/tmpkeys.asc
+  fi
+
+  # join sigs for verification
+  cat ./sigs/sha256sum.*.asc > ./sigs/tmpsigs.asc
+
+  if gpg --verify ./sigs/tmpsigs.asc sha256sum > /dev/null 2>&1 ; then
+    echo "Hash and gpg verification success!!!"
+    rm ./sigs/tmpsigs.asc
+  else
+    echo "gpg verification failed!!!"
+    rm ./sigs/tmpsigs.asc
+  fi
+fi

sha256sum

@@ -0,0 +1,37 @@
+---- Version 1.4 2019.05.06 ---
+7806f790a11180b93e0b3a1518997b6610a3b76347ebeac0fcdbd7acbf3b1f86  ./LICENSE
+ab3472f83291e9a5ad491a1d58747cf2d3dde2cc81a61e9dea3c4cb45ac90055  ./README.md
+f04b517ba5d6a0510485689a3e42dac000f51640fd71b986804cba178eae42a5  ./css/bootstrap.min.css
+c46cb13eedb9057bcde1f9d73a4ae63bf3e75d74106a5e2e5d0ddb6c45cb61e8  ./css/bootstrap-datetimepicker.min.css
+2453e31f9c5e0dbee528d11f97a85edf897ed93406954ce8e475f0244abf249a  ./css/bootstrap-theme.min.css
+60aaae0254a31ca2278dab73fef7e50a1ca10f2a8bd3c67420f2d86ee2b87f93  ./css/style.css
+13634da87d9e23f8c3ed9108ce1724d183a39ad072e73e1b3d8cbf646d2d0407  ./fonts/glyphicons-halflings-regular.eot
+a26394f7ede100ca118eff2eda08596275a9839b959c226e15439557a5a80742  ./fonts/glyphicons-halflings-regular.woff
+e395044093757d82afcb138957d06a1ea9361bdcf0b442d06a18a8051af57456  ./fonts/glyphicons-halflings-regular.ttf
+fe185d11a49676890d47bb783312a0cda5a44c4039214094e7957b4c040ef11c  ./fonts/glyphicons-halflings-regular.woff2
+42f60659d265c1a3c30f9fa42abcbb56bd4a53af4d83d316d6dd7a36903c43e5  ./fonts/glyphicons-halflings-regular.svg
+f75150dd052b4aecd7349b08882ec9740d9c51db62e2727317d4d8bd2eb4633d  ./hash_tools/sign_hashes.sh
+4fd509b9e4e40b591d66fd9fd62eeb4dc355637d7e87fa5bf5222dfee5433f09  ./hash_tools/verify_hashes.sh
+635ca53c02acb8fa34dc32024b787849670ca1ba59825f13fefccdd7884e2c6e  ./hash_tools/create_hashes.sh
+11a94919aa0622ac4a1d3d2d4b74108e544c71bbfc32469d2de92e338c926d19  ./images/coinbin.gif
+1eb9e7880f723999a4ed63eece6a6e4d4976833d3c16dc18b4ace3971728ab0d  ./images/loader.gif
+4f75d87355715c2c34a4fe8a76e8b29803a8e53b24ac97093f96660513b14d63  ./images/btc32x.png
+347b3d62b81e3fa2ca4f89e1621eab6f026bf29ae0c8b9ed7bcd08641d385616  ./index.html
+90888cdd4393b2046a47b7a594628fa633cdeffcfcf2ecf6f2a222c24fdc56c7  ./js/bootstrap-datetimepicker.min.js
+0986afc5406f98969f18d999f512027132a6040062de605f8340088644a3a1ae  ./js/crypto-sha256.js
+9f47604e8b03ca2ac910c595d3a1a9b380042dd016dd65f80a454e73a15e3a74  ./js/coinbin.js
+46d1b141f5861400318793d5819fe8dfb1a51d0c3c242abbe8d080c4a7fd3ecb  ./js/qrcode.js
+ebc11e1ae16df1e29d5533fb898179a70498b57bede817f326e9c1bcaf6aaa26  ./js/sha512.js
+ec2e31faae01d56c58799052ea684ac20a7d00ebc081c664f2d2277e3a6cd1ea  ./js/ellipticcurve.js
+a4f1bab8277c859d4553a47c5a96efcb1510e9f7faf8d1d961b7f9154d7f12ca  ./js/ripemd160.js
+d7e9b31de4f514728e9f77befea0cac56defe286ed87fad28980aeca4db53d6d  ./js/qcode-decoder.min.js
+935c2881e7dad9071644293279cf8f725b63544cbece734d9b62f7b2fdceb6be  ./js/crypto-sha256-hmac.js
+800c7773f0574b5b5573bd89af3cc8b0fc6bb368d6fbde8f7ccf97c30bdbf699  ./js/moment.min.js
+88938afbf449dcf0ca8c94ccc693e6c58fe12921811ba8e7f630608b625a636e  ./js/collapse.js
+81c193a6b2c6276c51257b8dc4e1deee7558e0a670c3db0943c2446c53a1b754  ./js/coin.js
+4211a12d7efb39a987bf408f781da27cfd958c92c2925eaabf41dbfa81a41b36  ./js/transition.js
+fc7e184beeda61bf6427938a84560f52348976bb55e807b224eb53930e97ef6a  ./js/aes.js
+d7533cf4dafa9351777d8ec81c1c6e8e0fe74c2114bdf37744561fc722776fa0  ./js/jsbn.js
+c12f6098e641aaca96c60215800f18f5671039aecf812217fab3c0d152f6adb4  ./js/jquery-1.9.1.min.js
+b77344207979f326907b6e657efa976b130f4e17008d647f303bb1972b5e2aa3  ./js/crypto-min.js
+d5fd173d00d9733900834e0e1083de86b532e048b15c0420ba5c2db0623644b8  ./js/bootstrap.min.js

sigs/sha256sum.junderw.3A971908.asc

@@ -0,0 +1,10 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQEcBAABCgAGBQJcz31ZAAoJELJWGF06lxkIovoIAIhW3d0VgKyodbuRwgs+4GUh
+ZBtgv5VQZE6I3wgJvQoTOd3lGso4sLZEoxf1ExHVXirzLZMuol1bv6CkGMjv4hxf
+sjcmo6xl1DUWR1PcoPSq+OqV+DZA7+TQ9XkrRlQsiTsKY8DW6e91AOzhHbmaD+1b
+iMm3eJP1TmiSWiEmJpSwvrC5lHD6Ch4z2kPcFtbNzU2OKrEJ9YhS8VvSjPeoRJkB
+6ybmy2sXkC7zls3qelF/aOp66T7sXpd2GzIUKJl8rWk2p6Bn3Z7HrFZlEwFLhmB/
+YonrooEbgt/yBBBht+NQosKJCirgegaGuC7g27dnKONc5IPH0cBFBoou1bfj9FI=
+=DksQ
+-----END PGP SIGNATURE-----