Партнёры:
Хостинг:
NAME
skiverify - verify signature of file
SYNOPSIS
skiverify [-e [-o verified_data_file]] [-h [-L
virtual_host]] [-s | -v] [-c cert_path] [-i sig_file]
skiverify [-h [-L virtual_host]] [-s | -v] [-c cert_path]
[-d data_file] [-i sig_file]
AVAILABILITY
SUNWski
DESCRIPTION
The skiverify utility verifies the data signed by a signa-
ture utility such as skisign (1) and displays the name of
the signer. If the verification fails, an error message is
printed out to stderr, indicating the reason for the failure
(for example, certificate chain not consistent, none of the
CAs in the chain is trusted, signature does not verify,
etc.).
skiverify reads and verifies the digital signature informa-
tion stored in sig_file. If no sig_file is provided, the
digital signature information is read from stdin.
The digital signature information must be formatted as a
PKCS #7 message with content type "signed-data", and must be
provided in printable encoding format as defined in the
Internet RFC1421 standard.
If the digital signature information includes the data being
verified (skisign default behaviour), the -e option can be
used to extract the (successfully) verified data from the
digital signature information and store them in a separate
file.
If the -x option was used when creating the digital signa-
ture (see skisign (1)), the digital signature information
provided in sig_file will not contain the data which was
originally signed. In this case, skiverify will prompt the
user to provide a separate file, data_file, containing the
data to which the signature applies.
If the verification succeeds, the authenticated signer's
fully qualified X.500 distinguished name is displayed.
The -c option is used to specify the directory path
cert_path where the certificates contained in the PKCS #7
signature information will be stored. This option is con-
sidered only in the case where the signature information is
used to disseminate a certificate (which may have been
requested using a PKCS #10 certification request (see cer-
treq(1)) and its supporting chain, rather than to represent
one signer's digital signature. If no directory name has
been specified, the user will be prompted for one. The
specified directory must not exist. Each certificate is
stored in a separate file in a subdirectory (named "certs")
of the specified directory. Each certificate file is named
after the distinguished name of the certificate owner. The
specified directory name could be used in a subsequent ski-
store(1) operation, in order to store the received certifi-
cates into the configured naming service (for example, NIS,
NIS+).
skiverify requires that the user has registered his or her
private key with the SKI keyserver (see skilogin(1)).
OPTIONS
The following options are supported:
-h Verify the data on behalf of the host. The trusted
public keys from the host's key package will be
retrieved to verify the certificate chain.
-L virtual_host
Name or the dot separated IP address of the virtual
host on whose behalf the data is verified. This option
is valid only with -h option.
-e Extract the data being verified from the signature
input file and store it in a separate file (ignored for
external signatures). The file where the verified data
is stored is named after sig_file, suffixed by ".veri-
fied" (if this file already exists, the skiverify com-
mand exits with an error message), or can be specified
by verified_data_file. If the -e option is provided and
the digital signature information is read from stdin
(no sig_file is provided) and verified_data_file has
not been specified, the verified data is stored in a
file named "verified" in the current directory (if this
file already exists, the skiverify command exits with
an error message).
-s Run application silently (no status or error informa-
tion displayed).
-v Give verbose output. If both the -v and the -s options
are specified, the -v option is ignored.
-c cert_path
Directory where each certificate included in the signa-
ture information is stored. The specified directory
must not exist.
-d data_file
File containing the data to be verified (only used for
external signatures).
-i sig_file
Signature input file.
-o verified_data_file
File where the data being verified is stored (ignored
for external signatures).
EXAMPLES
The following example verifies the signature information in
the file "siginfo", which includes the data to which the
signature applies, and stores the content being verified in
the file "siginfo.verified":
example% skiverify -i siginfo -e
The corresponding signature command would have been used as
follows:
example% skisign -i some_data -o siginfo
This example verifies the external signature in the file
"ext_sig", which applies to the data in file "data":
example% skiverify -i ext_sig -d data
The corresponding signature command would have been used as
follows:
example% skisign -x -i data -o ext_sig
EXIT STATUS
The skiverify command exits with 0 if successful and 1 oth-
erwise.
SEE ALSO
certreq(1), skiencrypt(1), skidecrypt(1), skisign(1), ski-
store(1)
|
Закладки на сайте Проследить за страницей |
Created 1996-2024 by Maxim Chirkov Добавить, Поддержать, Вебмастеру |