pkiutil verify -sig

Verifies a signature.

pkiutil verify -sig -raw -orig <orig> -sigin <sigin> -pubcert <pubcert> -sigalg <sigalg> [-sigalg <sigalg>... -sigalg <sigalg>]

For example:

pkiutil verify -sig -raw -orig myfile.txt -sigin sigfile.der -pubcert mycert.pem -sigalg SHA256withRSA -sigalg SHA256withECDSA

See below for a description of each option.

-orig <orig>

Verify the signature of the <orig> data, where <orig> is the name of a file containing the original data.

Mandatory: Yes.

-pubcert <pubcert>

Verify the signature against the public key of the <pubcert> certificate, where <pubcert> is the name of a file containing the certificate.

Mandatory: Yes.

-raw

Verify a raw signature.

The current version of PKIaaS Post Quantum only supports raw signatures.

Mandatory: Yes

-sigalg <sigalg>

Verify a signature generated with the <sigalg> algorithm, where <sigalg> is one of the algorithm identifiers listed in PKIUtil algorithm reference . Select more than one algorithm to verify a composite signature .

Mandatory: Yes

-sigin <sigin>

Verify the <sigin> signature, where <sigin> is the name of a file generated with the pkiutil sign command.

Mandatory : Yes.