From a2d38d4ce9e547946a7c3b37fc5f954bb078ed2e Mon Sep 17 00:00:00 2001
From: "Lance R. Vick" <lance@lrvick.net>
Date: Mon, 29 May 2023 17:11:36 -0700
Subject: [PATCH] verification example

---
 README.md | 36 ++++++++++++++++++++++++------------
 1 file changed, 24 insertions(+), 12 deletions(-)

diff --git a/README.md b/README.md
index edbfefe..bc8cd91 100644
--- a/README.md
+++ b/README.md
@@ -68,21 +68,33 @@ they appear in all capitals, as shown here.
 
 ## Examples
 
-### Bash: Git and pgp with plaintext review
+### Signature Generation
+
+#### Shell: Git and GPG with plaintext review
+
 ```
-local -r review_body="LGTM"
-local -r review_hash="$(printf $review_body | openssl sha256 | awk '{print $2}')"
-local -r vcs_ref="$(git rev-parse HEAD)"
-local -r tree_hash="$(git rev-parse 'HEAD^{tree}')"
-local -r sig_body="sig:v0:$vcs_ref:$tree_hash:$review_hash:pgp"
-local -r sig=$(\
-    printf "%s" "$body" \
-    | gpg --detach-sign  \
-    | openssl base64 -A \
-)
-printf "%s" "$sig_body:$review_body:$sig"
+review="LGTM"
+review_hash="$(printf $review | openssl sha256 | awk '{print $2}')"
+vcs_ref="$(git rev-parse HEAD)"
+tree_hash="$(git rev-parse 'HEAD^{tree}')"
+body="sig:v0:$vcs_ref:$tree_hash:$review_hash:pgp"
+sig=$(printf "%s" "$body" | gpg --detach-sign  | openssl base64 -A )
+printf "%s" "$body:$review:$sig"
 ```
 
+### Signature Verification
+
+#### PGP
+
+```
+gpg --verify <(printf "$sig_body") <(printf "$sig")
+```
+
+### Review Verification
+
+TODO
+
+
 ## Background
 
 TODO