*** If cmp produces no output then the signature matches.
* Use a well known script/tool
** [https://blog.hboeck.de/archives/888-How-I-tricked-Symantec-with-a-Fake-Private-Key.html Hanno BockBöck's script]: https://github.com/hannob/tlshelpers/blob/master/matchcertkey
***