File signature verification on Mac OS

05/20/2024 Contributors

PDFs

You can verify an exported VHD file signature for Mac OS by following the steps below.

Steps

Download the Azure Image Digest file from the NetApp Support Site and extract the digest file(.sig), public key certificate file(.pem) and chain certificate file(.pem).

Refer to the Download the Azure Image Digest File for more information.

Verify the chain of trust.

% openssl verify -CAfile Certificate-Chain-9.15.0P1_azure.pem Certificate-9.15.0P1_azure.pem
Certificate-9.15.0P1_azure.pem: OK

Remove the leading 1MB(1048576 Bytes) and ending 512 Bytes of VHD file.

If 'tail' is used, the option '-c +K' outputs bytes starting with the Kth bytes
of the specified file. Hence, 1048577 is passed to 'tail -c'. It takes around 13m
for the tail command to complete on Mac OS.
```
% tail -c +1048577 ./9150.01000024.05090105.vhd > ./sign.tmp.tail
% head -c -512 ./sign.tmp.tail > sign.tmp
% rm ./sign.tmp.tail
```

Use openssl to extract public key from certificate and verify the striped
file(sign.tmp) with the signature file and public key.

If the input file passes the verification, the command will display "Verification OK".
Otherwise, "Verification Failure" will display.

% openssl x509 -pubkey -noout -in ./Certificate-9.15.0P1_azure.pem > ./Code-Sign-Cert-Public-key.pub

% openssl dgst -verify Code-Sign-Cert-Public-key.pub -keyform PEM -sha256 -signature digest.sig -binary ./sign.tmp
Verified OK

% openssl dgst -verify Code-Sign-Cert-Public-key.pub -keyform PEM -sha256 -signature digest.sig -binary ./another_file_from_nowhere.tmp
Verification Failure

Clean up the workspace.

% rm ./9150.01000024.05090105.vhd ./sign.tmp
% rm *.sig *.pub *.pem

File signature verification on Mac OS

Creating your file...