CertUtil | How CertUtil -verifykeys works internally?


I have a CA certificate in Local Machine Certificate Store. When I run this command - enter code here

certutil -verifyKeys gives Key "KEYNAME" verifies as the public key for Certificate "KEYNAME" V0.0

Signature test FAILED CertUtil: -verifykeys command FAILED: 0x80070057 (WIN32: 87 ERROR_INVALID_PARAMETER)

CertUtil: The parameter is incorrect

MSDN says certutil -verifykeys - Verify public/private key set.

I was just wondering how it verifies these keys ? Eager to know the internal working of this command.

asked on Super User Apr 16, 2018 by User1234

1 Answer


It performs an signing operation using the registered provider and then tries to verify the signed text using the public key stored in the certificate.

Since i was using my own custom provider thus i saw a signing request falling on my provider, but no verification request. Thus i conclude that it performs signing using the registered provider but for verification it uses it own provider i.e microsoft own cng provider.

answered on Super User May 13, 2018 by User1234

User contributions licensed under CC BY-SA 3.0