Verifying signatures

If you have a signature, the associated file to verify, and the signer's public key, you can verify that the signature is valid for that file and public key.

You can either specify their public key:

  • As a string (easiest): Ed//L2CzmImpu9UA6HFjllemS4TVaE84PdTTrTNc5i6gxFU=

  • As a .public file (more long-term): signing.public

If the signature file has the same file name (minus the .signature extension) and is in the same directory as the file to verify, you don't need to specify the signature file:

$ kryptor -v -y Ed//L2CzmImpu9UA6HFjllemS4TVaE84PdTTrTNc5i6gxFU= file.zip

Good signature.
Authenticated comment: Signed by Bob on the 4th of February 2022.

Here's an example where the signature file name is different to that of the file to verify:

$ kryptor -v -y Ed//L2CzmImpu9UA6HFjllemS4TVaE84PdTTrTNc5i6gxFU= -t file.signature file.zip

Last updated