sshpk-verify (1) - Linux Manuals

sshpk-verify: verify a signature on data using an SSH key

NAME

sshpk-verify - verify a signature on data using an SSH key

SYNOPSYS

sshpk-verify -i KEYPATH -s SIGNATURE [OPTION...]

DESCRIPTION

Takes in arbitrary bytes and a Base64-encoded signature, and verifies that the signature was produced by the private half of the given SSH public key.

EXAMPLES

$ printf 'foo' | sshpk-verify -i ~/.ssh/id_ecdsa -s MEUCIQCYp...
OK

$ printf 'foo' | sshpk-verify -i ~/.ssh/id_ecdsa -s GARBAGE...
NOT OK

EXIT STATUS

0
  Signature validates and matches the key.

1
  Signature is parseable and the correct length but does not match the key or
  otherwise is invalid.

2
  The signature or key could not be parsed.

3
  Invalid commandline options were supplied.

OPTIONS

-v, --verbose
  Print extra information about the key and signature to stderr when verifying.

-i KEY, --identity=KEY
  Select the key to be used for verification. KEY must be a relative or
  absolute filesystem path to the key file. Any format supported by the sshpk
  library is supported, including OpenSSH formats and standard PEM PKCS.

-s BASE64, --signature=BASE64
  Supplies the base64-encoded signature to be verified.

-f PATH, --file=PATH
  Input file to verify instead of stdin.

-H HASH, --hash=HASH
  Set the hash algorithm to be used for signing. This should be one of sha1,
  sha256 or sha512. Some key types may place restrictions on which hash
  algorithms may be used (e.g. ED25519 keys can only use SHA-512).

-t FORMAT, --format=FORMAT
  Choose the signature format to use, from asn1ssh or raw (only for
  ED25519 signatures). The asn1 format is the default, as it is the format
  used with TLS and typically the standard in most non-SSH libraries (e.g.
  OpenSSL). The ssh format is used in the SSH protocol and by the ssh-agent.

BUGS

Report bugs at Github https://github.com/arekinath/node-sshpk/issues

SEE ALSO

sshpk-sign(1)