gcloud kms mac-verify - verify a user signature file using a MAC key version
gcloud kms mac-verify --input-file=INPUT_FILE --signature-file=SIGNATURE_FILE [--key=KEY] [--keyring=KEYRING] [--location=LOCATION] [--skip-integrity-verification] [--version=VERSION] [GCLOUD_WIDE_FLAG ...]
Verifies a digital signature using the provided MAC signing key version.
By default, the command performs integrity verification on data sent to and received from Cloud KMS. Use --skip-integrity-verification to disable integrity verification.
The following command will read the file '/tmp/my/file.to.verify', and verify it using the symmetric MAC CryptoKey dont-panic Version 3 and the file used previously to generate the MAC tag ('/tmp/my/original.data.file').
$ gcloud kms mac-verify --location=us-central1 \ --keyring=hitchhiker --key=dont-panic --version=3 \ --input-file=/tmp/my/original.data.file \ --signature-file=/tmp/my/file.to.verify
- --input-file=INPUT_FILE
Path to the input file to use for verification.
- --signature-file=SIGNATURE_FILE
Path to the signature file to be verified.
- --key=KEY
to use for signing.
- --keyring=KEYRING
Key ring of the key.
- --location=LOCATION
Location of the keyring.
- --skip-integrity-verification
Skip integrity verification on request and response API fields.
- --version=VERSION
Version to use for signing.
These flags are available to all commands: --access-token-file, --account, --billing-project, --configuration, --flags-file, --flatten, --format, --help, --impersonate-service-account, --log-http, --project, --quiet, --trace-token, --user-output-enabled, --verbosity.
Run $ gcloud help for details.
These variants are also available:
$ gcloud alpha kms mac-verify
$ gcloud beta kms mac-verify