This topic explains the process of using the verify command to authenticate a signature.
Feature description
The verify command is used to ascertain if a file is a signature file created using a particular key. This process involves the sign operation. It then compares the signature file to the original file and determines if there is an encryption relationship between them, based on the provided public key and the signature algorithm.
Prior to executing this command, ensure that you have initiated the key_mgmt_tool and signed in to HSM as a CU.
Syntax
Enter the parameters using the syntax provided. For descriptions of each parameter, refer to Parameters.
verify -f <message-file>
-s <signature-file>
-k <public-key-handle>
-m <signature-mechanism>Parameters must be entered in the sequence specified by the syntax.
Example
The following example demonstrates the verification of an encryption relationship between signedFile and messageFile. The outcome confirms that signedFile is a signature file produced from messageFile using the private key 8 with the SHA256_RSA_PKC signature algorithm. The public key 7 used by verify and the private key 8 used by sign are derived from the same asymmetric key pair.
Command: sign -f messageFile -k 8 -out signedFile -m 1
Signature creation successful
signature is written to file signedFile
Cfm3Sign: sign returned: 0x00 : HSM Return: SUCCESS
Command: verify -f messageFile -s signedFile -k 7 -m 1
Signature verification successful
Cfm3Verify returned: 0x00 : HSM Return: SUCCESSParameters must be entered in the sequence specified by the syntax.
Parameters
Parameter Name |
Description |
Required |
Valid Values |
-f |
Specifies the name of the source file |
Yes |
No Special Requirements |
-k |
Specifies the handle of the public key used for verification Note
The public key for verification must correspond to the private key used for signing. |
Yes |
No Special Requirements |
-m |
Specifies the integer representing the signature algorithm |
Yes |
|