PGPVerifyFile (verify a detached signature)
ts
function PGPVerifyFile(
inFile: string, // required
sigFile: string, // required
pubKeyFile: string // required
): boolean;NOTE
This function is available as of Syncplify Server! v7.1.1. If you are running an older version, upgrade to v7.1.1 or later to use it.
Verifies the detached PGP signature in sigFile against the file inFile using the signer's public key. Returns true when the signature is valid, meaning the file was signed by the holder of the corresponding private key and has not been altered since signing.
| Parameter | Type | Requirement | Explanation |
|---|---|---|---|
inFile | string | required | Fully qualified path to the file whose signature is to be verified |
sigFile | string | required | Fully qualified path to the detached signature file |
pubKeyFile | string | required | Path to the signer's PGP public key file |
| Return value | Explanation |
|---|---|
true | The signature is valid: the file is authentic and unmodified |
false | The signature is invalid or verification failed |
IMPORTANT
A return value of false means either the file has been tampered with, the wrong public key was supplied, or the signature file is corrupt. Do not process the file if verification fails.
Example
ts
var valid = PGPVerifyFile(
'/var/inbox/report.csv',
'/var/inbox/report.csv.sig',
'/keys/partner.pubkey'
);
if (!valid) {
Log('Signature verification FAILED. File may be tampered with.');
} else {
Log('Signature OK. File is authentic.');
}TIP
To produce a signature that can be verified with this function, use PGPSignFile.