# Verifying signatures

If you have a signature, the associated file to verify, and the **signer's public key**, you can verify that the signature is valid for that file and public key.

You can either specify their public key:

* As a string (**easiest**): `Ed//L2CzmImpu9UA6HFjllemS4TVaE84PdTTrTNc5i6gxFU=`
* As a `.public` file (**more long-term**): `signing.public`

{% hint style="warning" %}
If you see the message 'Bad signature', the signature is not valid for that public key and the comment will not be displayed. This means either:

* The public key is wrong for that signature file.
* The file has been corrupted or tampered with.
  {% endhint %}

If the signature file has the same file name (minus the `.signature` extension) and is in the same directory as the file to verify, you don't need to specify the signature file:

```bash
$ kryptor -v -y Ed//L2CzmImpu9UA6HFjllemS4TVaE84PdTTrTNc5i6gxFU= file.zip

Good signature.
Authenticated comment: Signed by Bob on the 4th of February 2022.
```

Here's an example where the signature file name is different to that of the file to verify:

```bash
$ kryptor -v -y Ed//L2CzmImpu9UA6HFjllemS4TVaE84PdTTrTNc5i6gxFU= -t file.signature file.zip
```

{% hint style="success" %}
If the signature is valid, you'll see the message 'Good signature', followed by the authenticated comment if there is one.
{% endhint %}