Sentinel

A simple Go command-line tool for file integrity checks using cryptographic hashes (SHA-256 / SHA-512) and optional Ed25519 signatures for authenticity.

Think of it as a lightweight combination of sha256sum + gpg, written in Go, with Zero Dependency.

---

Features

• Generate SHA-256 / SHA-512 checksums (sum)
• Verify file integrity against a checksum list (verify)
• Generate Ed25519 key pairs (keygen)
• Sign checksum lists with your private key (sign)
• Verify signatures with the corresponding public key (verify -pub)

---

Installation

From source (requires Go 1.25+)

git clone https://github.com/bagasdisini/sentinel
cd sentinel
go build -o sentinel

Then place sentinel somewhere in your $PATH.

---

Usage

1. Generate a key pair (one-time)

./sentinel keygen -priv signer_private.pem -pub signer_public.pem

• signer_private.pem → keep safe, never share
• signer_public.pem → distribute to users so they can verify your signatures

2. Create checksums

./sentinel sum movie.mkv photos.zip > checksums.sha256

or with SHA-512:

./sentinel sum -algo sha512 -out checksums.sha512 big.img

3. Sign the checksum list

./sentinel sign -key signer_private.pem checksums.sha256

Produces checksums.sig (detached signature).

4. Verify hashes (and signature if provided)

# Checks file integrity only
./sentinel verify checksums.sha256

# Checks both integrity and authenticity
./sentinel verify -pub signer_public.pem checksums.sha256

Output example:

SIGNATURE: OK
movie.mkv: OK
photos.zip: OK

---

Security Notes

• Hashing alone detects accidental corruption.
• Signing the checksum list proves authenticity (that it came from you).
• Always keep your private key secure. Share only the public key.

---

License

This project is licensed under the MIT License – feel free to use, modify, and share.