NAME

       tpm2_verifysignature -  uses  loaded  keys  to  validate a signature on a message with the
       message digest passed to the TPM. If the signature  check  succeeds,  then  the  TPM  will
       produce a TPMT_TK_VERIFIED. Otherwise, the TPM shall return TPM_RC_SIGNATURE. If keyHandle
       references an asymmetric key, only the public portion of the key needs to  be  loaded.  If
       keyHandle  references  a  symmetric  key,  both the public and private portions need to be
       loaded.

SYNOPSIS

       tpm2_verifysignature[     COMMON     OPTIONS     ]     [     TCTI     OPTIONS     ]      [
       --keyHandle|--keyContext|--halg|--msg|--digest|--sig|--raw|--ticket| ]

       uses  loaded  keys  to validate a signature on a message with the message digest passed to
       the TPM. If the signature check succeeds, then the TPM will  produce  a  TPMT_TK_VERIFIED.
       Otherwise,  the  TPM  shall return TPM_RC_SIGNATURE. If keyHandle references an asymmetric
       key, only the public portion of the key needs to be  loaded.  If  keyHandle  references  a
       symmetric key, both the public and private portions need to be loaded.

DESCRIPTION

       tpm2_verifysignature  uses  loaded  keys  to  validate  a  signature on a message with the
       message digest passed to the TPM. If the signature  check  succeeds,  then  the  TPM  will
       produce a TPMT_TK_VERIFIED. Otherwise, the TPM shall return TPM_RC_SIGNATURE. If keyHandle
       references an asymmetric key, only the public portion of the key needs to  be  loaded.  If
       keyHandle  references  a  symmetric  key,  both the public and private portions need to be
       loaded.

OPTIONS

       -k ,--keyHandle
              handle of public key that will be used in the  validation

       -c ,--keyContext
              filename of the key context used for the operation

       -g ,--halg
              the hash algorithm  used  to  digest  the  message   0x0004  TPM_ALG_SHA1    0x000B
              TPM_ALG_SHA256      0x000C    TPM_ALG_SHA384     0x000D   TPM_ALG_SHA512     0x0012
              TPM_ALG_SM3_256

       -m ,--msg
              the input message file, containning the content  to be digested

       -D ,--digest
              the input hash file, containning the hash of the  message. If  this  argument  been
              chosed, the   argument '-m(--msg)' and '-g(--halg)' is no need

       -s ,--sig
              the input signature file, containning the  signature to be tested

       -r ,--raw
              set the input signature file to raw type, default   TPMT_SIGNATURE, optional

       -t ,--ticket
              the ticket file, record the validation structure

       [COMMON OPTIONS ]
              This collection of options are common to many programs and provide information that
              many users may expect.

       -h, --help
              Display a manual describing the tool and its usage.

       -v, --version
              Display version information for this tool.

       -V, --verbose
              Increase the information that the tool prints to the console during its execution.

       [TCTI OPTIONS ]
              This collection of options are used to configure the varous TCTI modules available.

       -T, --tcti
              Select the TCTI used for communication with the next component down the TSS  stack.
              In  most  configurations this will be the TPM but it could be a simulator or proxy.
              Supported TCTIs are or “device” or “socket” .

       -d, --device-file
              Specify the TPM device file for use by the device TCTI. The default is /dev/tpm0.

       -R, --socket-address
              Specify the domain name or IP address used by  the  socket  TCTI.  The  default  is
              127.0.0.1.

       -p, --socket-port
              Specify the port number used by the socket TCTI. The default is 2321.

       ENVIRONMENT: TCTI
              This  collection  of environment variables that may be used to configure the varous
              TCTI  modules  available.   The  values  passed  through  these  variables  can  be
              overridden on a per-command basis using the available command line options.

       TPM2TOOLS_TCTI_NAME
              Select  the TCTI used for communication with the next component down the TSS stack.
              In most configurations this will be the TPM but it could be a simulator  or  proxy.
              See 'OPTIONS' section for the names of supported TCTIs.

       TPM2TOOLS_DEVICE_FILE
              Specify the TPM device file for use by the device TCTI.

       TPM2TOOLS_SOCKET_ADDRESS
              Specify the domain name or IP address used by the socket TCTI.

       TPM2TOOLS_SOCKET_PORT
              Specify the port number used by the socket TCTI.

EXAMPLES

       tpm2_verifysignature

              tpm2_verifysignature -k 0x81010001 -g 0x000B -m <filePath> -s <filePath> -t <filePath>
              tpm2_verifysignature -k 0x81010001 -D <filePath> -s <filePath> -t <filePath>
              tpm2_verifysignature -c key.context -g 0x000B -m <filePath> -s <filePath> -t <filePath>