39Chapter 4AuditVerifyAbout the AuditVerify ToolThe AuditVerify tool is used to verify that signed audit logs were signed with thesigned audit private signing key, and that the signed audit log has not beencompromised.Auditors can verify the authenticity of signed audit logs using the AuditVerifytool. This tool uses the public key of the signed audit log signing certificate toverify the digital signatures embedded in a signed audit log. The tool returnsoutput indicating either that the signed audit log was successfully verified or thatthe signed audit log was not successfully verified. An unsuccessful verificationwarns the auditor that the signature failed to verify, indicating the log file mayhave been tampered with (compromised).Setting Up the Auditor’s DatabaseThe AuditVerify tool needs access to a set of security databases containing thesigned audit log signing certificate and its chain of issuing certificates. One of theCA certificates in the issuance chain must be marked as trusted in the database.The auditor should import the audit signing certificate into his/her own certificateand key databases before running the tool. The auditor should not use the samesecurity databases as the CMS instance that generated the signed audit log files.If the auditor does not have a readily accessible certificate and key database, theauditor will have to create a set of certificate and key databases and import thesigned audit log signing certificate chain.To create the security databases and import the certificate chain (Note: if theauditor has a readily accessible certificate and key database, steps 1 and 2 shouldbe skipped):