sigsh is a non-interactive, signature requiring and verifying command interpreter. More accurately, it is a signature verification wrapper around a given shell. It reads input in PKCS#7 format from standard in, verifies the signature and, if the signature matches, pipes the decoded input into the command interpreter.
sigsh was written by Jan Schaumann in 2010 while working at Yahoo! Inc. Yahoo! open sourced the tool in the hopes that it will be useful to other people -- unless otherwise noted, all files are released under the terms of a 3-clause BSD license as noted in the file LICENSE.
sigsh is useful in combination with scanmaster.
sigsh has a manual page.
The sources to sigsh can be found at GitHub: http://github.com/jschauma/sigsh.