[neuropie]

The use of & instead of && here means that openssl start running at the same time as the base64 decode command. This means that openssl could start reading from an old version of the signature file before base64 starts writing to the new one.

[neilh23]

The shell '>' redirect will truncate the file first of all, for example:

  echo "foo" > message.txt ; ( sleep 3 ; echo "bar" ) > message.txt & echo "message: '$( cat message.txt )'"

will print "message ''", not "message 'foo'".

Interestingly, that means that the 'openssl' command might have been working with an empty signature.

Of course, he might have just aliased 'openssl' as 'echo "Verified OK"' ...