Verify script

The following script will download each of the SHA256 hash and cryptographically verified signature of my WhatsApp safety numbers. Once the files are downloaded and confirmed you may compare my five safety numbers against the conversation we have connected.1

curl -o whatsapp-safety-numbers.txt https://thomasdang.ca/nerd/whatsapp/whatsapp-safety-numbers.txt
curl -o whatsapp-safety-numbers.txt.sig https://thomasdang.ca/nerd/whatsapp/whatsapp-safety-numbers.txt.sig
curl -o whatsapp-safety-numbers.txt.sha256 https://thomasdang.ca/nerd/whatsapp/whatsapp-safety-numbers.txt.sha256
curl -o litobro.keys https://github.com/litobro.keys
cat whatsapp-safety-numbers.txt | ssh-keygen -Y check-novalidate -n file -f litobro.keys -s whatsapp-safety-numbers.txt.sig
echo "$(cat whatsapp-safety-numbers.txt.sha256)" | sha256sum --check
cat whatsapp-safety-numbers.txt

Valid output should appear as:

Good "file" signature with RSA key SHA256:vQqBvdn/9FLCLsE1H4qdiSEu1qE5BDUh6Nf4NpGiacs
whatsapp-safety-numbers.txt: OK

If you are extremely trusting - you can pipe the verification script directly into your terminal.

curl -L https://thomasdang.ca/nerd/whatsapp/verify.sh | /bin/bash

  1. Whatsapp safety numbers are the concatenated public safety number of both members of the conversation. Your half of the safety number remains static and is either appended or prepended (depending on size) to my number.