Man pages sections > man8 > tpm2_verifysignature

tpm2_verifysignature - uses loaded keys to validate a signature on a

tpm2_verifysignature(8) tpm2.0-tools tpm2_verifysignature(8)

NAME

tpm2_verifysignature - uses loaded keys to validate a signature on a message with the message digest passed to the TPM. If the signature check succeeds, then the TPM will produce a TPMT_TK_VERIFIED. Otherwise, the TPM shall return TPM_RC_SIGNATURE. If keyHandle references an asymmetric key, only the public portion of the key needs to be loaded. If keyHandle references a symmetric key, both the public and private portions need to be loaded.

SYNOPSIS

tpm2_verifysignature[ COMMON OPTIONS ] [ TCTI OPTIONS ] [ --keyHandle|--keyContext|--halg|--msg|--digest|--sig|--raw|--ticket| ]
uses loaded keys to validate a signature on a message with the message digest passed to the TPM. If the signature check succeeds, then the TPM will produce a TPMT_TK_VERIFIED. Otherwise, the TPM shall return TPM_RC_SIGNATURE. If keyHandle references an asymmetric key, only the public portion of the key needs to be loaded. If keyHandle references a symmetric key, both the public and private portions need to be loaded.

DESCRIPTION

tpm2_verifysignature uses loaded keys to validate a signature on a message with the message digest passed to the TPM. If the signature check succeeds, then the TPM will produce a TPMT_TK_VERIFIED. Otherwise, the TPM shall return TPM_RC_SIGNATURE. If keyHandle references an asymmetric key, only the public portion of the key needs to be loaded. If keyHandle references a symmetric key, both the public and private portions need to be loaded.

OPTIONS

-k ,--keyHandle
handle of public key that will be used in the validation
-c ,--keyContext
filename of the key context used for the operation
-g ,--halg
the hash algorithm used to digest the message 0x0004 TPM_ALG_SHA1 0x000B TPM_ALG_SHA256 0x000C TPM_ALG_SHA384 0x000D TPM_ALG_SHA512 0x0012 TPM_ALG_SM3_256
-m ,--msg
the input message file, containning the content to be digested
-D ,--digest
the input hash file, containning the hash of the message. If this argument been chosed, the argument '-m(--msg)' and '-g(--halg)' is no need
-s ,--sig
the input signature file, containning the signature to be tested
-r ,--raw
set the input signature file to raw type, default TPMT_SIGNATURE, optional
-t ,--ticket
the ticket file, record the validation structure
[COMMON OPTIONS ]
This collection of options are common to many programs and provide information that many users may expect.
-h, --help
Display a manual describing the tool and its usage.
-v, --version
Display version information for this tool.
-V, --verbose
Increase the information that the tool prints to the console during its execution.
[TCTI OPTIONS ]
This collection of options are used to configure the varous TCTI modules available.
-T, --tcti
Select the TCTI used for communication with the next component down the TSS stack. In most configurations this will be the TPM but it could be a simulator or proxy. Supported TCTIs are or “device” or “socket”
-d, --device-file
Specify the TPM device file for use by the device TCTI. The default is /dev/tpm0.
 
-R, --socket-address
Specify the domain name or IP address used by the socket TCTI. The default is 127.0.0.1.
-p, --socket-port
Specify the port number used by the socket TCTI. The default is 2321.
ENVIRONMENT: TCTI
This collection of environment variables that may be used to configure the varous TCTI modules available. The values passed through these variables can be overridden on a per-command basis using the available command line options.
TPM2TOOLS_TCTI_NAME
Select the TCTI used for communication with the next component down the TSS stack. In most configurations this will be the TPM but it could be a simulator or proxy. See ' OPTIONS' section for the names of supported TCTIs.
TPM2TOOLS_DEVICE_FILE
Specify the TPM device file for use by the device TCTI.
 
TPM2TOOLS_SOCKET_ADDRESS
Specify the domain name or IP address used by the socket TCTI.
TPM2TOOLS_SOCKET_PORT
Specify the port number used by the socket TCTI.

EXAMPLES

tpm2_verifysignature
tpm2_verifysignature -k 0x81010001 -g 0x000B -m <filePath> -s <filePath> -t <filePath>
tpm2_verifysignature -k 0x81010001 -D <filePath> -s <filePath> -t <filePath>
tpm2_verifysignature -c key.context -g 0x000B -m <filePath> -s <filePath> -t <filePath>

DECEMBER 2016 Intel