I have a CA certificate in Local Machine Certificate Store.
When I run this command -
enter code here
certutil -verifyKeys gives
Key "KEYNAME" verifies as the public key for Certificate "KEYNAME" V0.0
Signature test FAILED
CertUtil: -verifykeys command FAILED: 0x80070057
(WIN32: 87 ERROR_INVALID_PARAMETER)
CertUtil: The parameter is incorrect
certutil -verifykeys - Verify public/private key set.
I was just wondering how it verifies these keys ? Eager to know the internal working of this command.
It performs an signing operation using the registered provider and then tries to verify the signed text using the public key stored in the certificate.
Since i was using my own custom provider thus i saw a signing request falling on my provider, but no verification request. Thus i conclude that it performs signing using the registered provider but for verification it uses it own provider i.e microsoft own cng provider.
User contributions licensed under CC BY-SA 3.0