Verifying digitally-signed logs

The VerifyWhiskerLog tool (in its usual installed location, C:\Program Files\WhiskerControl\VerifyWhiskerLog\VerifyWhiskerLog.exe) is a command-line utility can be used to check that a log is a valid Whisker log, signed by WhiskerServer at the time of creation. The syntax is:

verifywhiskerlog filename

If the log is valid, VerifyWhiskerLog will produce the following output:

Whisker Public Log Verification Utility. By Rudolf Cardinal.

Copyright (C) 2002-3 Cambridge University Technical Services Ltd.

Verifying file: thing.txt

Digital signature found; checking its validity.

Digital signature is correct and matches the Whisker public key.

If not, the output will end in one of the following ways:

Unable to open file for input.

File is NOT a valid Whisker log.

No digital signature found.

File is NOT a valid Whisker log.

No contents found before digital signature.

File is NOT a valid Whisker log.

Digital signature found; checking its validity.

File is NOT a valid Whisker log.

For further verification, send the log to the authors. Verification via this process will require you to establish your identity to the authors directly.

For more details of this process, see Digital Signing of Data Logs.