Validating Audit Log Signature

The TSM Demo project can be accessed as described here.

In the folder tools\audit-validation there is a Golang program that shows how audit log signatures can be validated.

The tool derives the public key from the private seed, which should be done when generating the key, and the public key distributed instead in a real life scenario. The audit log entry is input as a JSON string and parsed and split into signing data and signature. After this the signature is checked.