Menu
Products
Open Source
- Configure popular ACME clients to use a private CA
- Use Kubernetes cert-manager with
step-ca - Issue X.509 host certificates to cloud VMs
- Issue X.509 user certificates via your identity provider
- Create a CA that uses RSA keys
- Import an existing root or intermediate CA into
step-ca - Use Keycloak to issue SSH certificates with step-ca
- Run an SSH CA and connect to VMs using SSH certificates
- Use AWS to deploy a certificate authority and secure microservices
- Run
step-cain a Docker container - Federate multiple autonomous certificate authorities
Products
Open Source
- Configure popular ACME clients to use a private CA
- Use Kubernetes cert-manager with
step-ca - Issue X.509 host certificates to cloud VMs
- Issue X.509 user certificates via your identity provider
- Create a CA that uses RSA keys
- Import an existing root or intermediate CA into
step-ca - Use Keycloak to issue SSH certificates with step-ca
- Run an SSH CA and connect to VMs using SSH certificates
- Use AWS to deploy a certificate authority and secure microservices
- Run
step-cain a Docker container - Federate multiple autonomous certificate authorities
step crypto key verify
Name
step crypto key verify -- verify a signed message
Usage
step crypto key verify [<file>] --key=<key-file> --signature=<base64>
[--alg=<algorithm>] [--pss]
Description
step crypto key verify verifies the signature of a file or a message.
Positional arguments
file
File to verify.
Options
--key=file
The path to the file containing the public key.
--signature=base64, --sig=base64
The base64 version of the signature.
--alg=algorithm
The hash algorithm to use on RSA PKCS #1 1.5 and RSA-PSS signatures.
algorithm must be one of:
sha1 (or sha): SHA-1 produces a 160-bit hash value
sha224: SHA-224 produces a 224-bit hash value
sha256 (default): SHA-256 produces a 256-bit hash value
sha384: SHA-384 produces a 384-bit hash value
sha512: SHA-512 produces a 512-bit hash value
sha512-224: SHA-512/224 uses SHA-512 and truncates the output to 224 bits
sha512-256: SHA-512/256 uses SHA-512 and truncates the output to 256 bits
md5: MD5 produces a 128-bit hash value
--pss Verify using the RSA-PSS signature scheme.
Examples
Verify a file with its signature:
s step crypto key verify --key pub.key --sig "base64...=" file.txt
true
Verify a file using the PKCS #1 v1.5:
$ step crypto key verify --key rsa.pub --sig "base64...=" file.txt
Verify a file using the PKCS #1 v1.5 and SHA512:
$ step crypto key verify --key rsa.pub --alg sha512 --sig "base64...=" file.txt
Verify a file using the RSA-PSS scheme:
$ step crypto key verify --key rsa.pub --pss --sig "base64...=" file.txt
Subscribe to updates
Unsubscribe anytime. See our privacy policy.
© 2023 Smallstep Labs, Inc. All rights reserved.