scion-pki trc verify

Verify a TRC chain

Synopsis

‘verify’ verifies a TRC chain based on a trusted anchor point.

The anchor can either be a collection of trusted certificates bundled in a PEM file, or a trusted TRC. TRC update chains that start with a base TRC can be verified with either type of anchor. TRC update chains that start with a non-base TRC must have a TRC as anchor. With the optional flag –isd, the ID of the ISD for which the TRC claims to be the root of trust can be matched against an expected value.

scion-pki trc verify [flags]

Examples

  scion-pki trc verify --anchor bundle.pem ISD1-B1-S1.trc
  scion-pki trc verify --anchor ISD1-B1-S1.trc ISD1-B1-S2.trc ISD1-B1-S3.trc

Options

  -a, --anchor string   trust anchor (required)
  -h, --help            help for verify
      --isd uint16      ISD identifier

SEE ALSO

• scion-pki trc - Manage TRCs for the SCION control plane PKI