1.\" $NetBSD: netpgpverify.1,v 1.5.6.1 2014/05/22 13:21:33 yamt Exp $
2.\"
3.\" Copyright (c) 2013,2014 Alistair Crooks <agc@NetBSD.org>
4.\" All rights reserved.
5.\"
6.\" Redistribution and use in source and binary forms, with or without
7.\" modification, are permitted provided that the following conditions
8.\" are met:
9.\" 1. Redistributions of source code must retain the above copyright
10.\" notice, this list of conditions and the following disclaimer.
11.\" 2. Redistributions in binary form must reproduce the above copyright
--- 6 unchanged lines hidden (view full) ---
18.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
19.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
20.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
21.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
22.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
23.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
24.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
25.\"
26.Dd February 2, 2014
27.Dt NETPGPVERIFY 1
28.Os
29.Sh NAME
30.Nm netpgpverify
31.Nd standalone program for digital signature verification
32.Sh SYNOPSIS
33.Nm
34.Op Fl v
35.Op Fl S Ar ssh-pub-key-file
36.Op Fl c Ar command
37.Op Fl k Ar keyring
38.Ar file ...
39.Sh DESCRIPTION
40The
41.Nm
42implements digital signature verification.
43It is designed to be simple and standalone; no external libraries, except
44for
45.Xr libz
46and
47.Xr libbz2
48are used, in order to ensure maximum portability.
49.Pp
50It is completely rewritten from the version of the program that appeared in
51.Nx 6.0
52as part of the
53.Xr netpgp 1
54suite of commands.
55.Pp
56The
57.Nm
58utility requires a file containing public keys, commonly called a
59.Dq keyring .
60Digitally-signed information can be fed to
61.Nm
62in two ways: as standard input, or as files provided on the command line.
63The public key part of the key which was used to sign the file must be
64present, or the signature verification will fail.
65Files may be signed in two distinct ways: as text documents, and as binary
66files.
67Text documents modify the contents to add different line-ending
68characters, and behave differently at the final byte of the input document.
69Binary files are read verbatim, and are not modified in any way.
70.Pp
71The
72.Fl k
73command line argument allows a keyring to be specified.
74The
75.Fl v
76command line argument prints the version of the
77.Nm
78command and then exits.
79Finally, the
80.Fl c
81command specified the command which may be given.
82This can take one of two values:
83.Dq verify
84which is also the default, which verifies the signature
85on the data;
86.Dq cat
87will also verify the signature on the data, and, if
88successfully verified, will display the verified
89data on
90.Dv stdout .
91The
92.Fl S
93argument allows an ssh public key file to be used as the source of
94truth for the key.
95This ssh-key-based signature can be created using the
96.Xr netpgp 1
97utility.
98.Pp
99If a detached signature
100.Dq .sig
101is given on the command line, the signing information will be retrieved
102from that file, and the original data is expected to be found in a file in the same
103directory with the same name with the
104.Dq .sig
105suffix removed.
106.Pp
107Both text mode signatures, and binary signatures, can be verified by
108.Nm
109.Sh SIGNING AND VERIFICATION
110Verification of a file's signature is best viewed using the following example:
111.Bd -literal
112% netpgpverify -k pubring.gpg NetBSD-6.0_RC1_hashes.asc
113Good signature for NetBSD-6.0_RC1_hashes.asc made Thu Aug 23 11:47:50 2012
114signature 4096/RSA (Encrypt or Sign) 064973ac4c4a706e 2009-06-23
115fingerprint ddee 2bdb 9c98 a0d1 d4fb dbf7 0649 73ac 4c4a 706e
116uid NetBSD Security Officer <security-officer@NetBSD.org>
117%
118.Ed
119.Sh EXIT STATUS
120The
121.Nm
122utility will return 0 for a successful verification,
1231 if the file's signature does not match what was expected,
124or 2 if any other error occurs.
125.Sh SEE ALSO
126.Xr netpgp 1 ,
127.\" .Xr libbz2 3 ,
128.Xr zlib 3
129.Sh STANDARDS
130The
131.Nm
132utility is designed to conform to IETF RFC 4880.
133.Sh HISTORY
134The
135.Nm
136command first appeared in
137.Nx 7.0 .
138.Sh AUTHORS
139.An Alistair Crooks Aq agc@NetBSD.org .
2.\"
3.\" Copyright (c) 2013,2014 Alistair Crooks <agc@NetBSD.org>
4.\" All rights reserved.
5.\"
6.\" Redistribution and use in source and binary forms, with or without
7.\" modification, are permitted provided that the following conditions
8.\" are met:
9.\" 1. Redistributions of source code must retain the above copyright
10.\" notice, this list of conditions and the following disclaimer.
11.\" 2. Redistributions in binary form must reproduce the above copyright
--- 6 unchanged lines hidden (view full) ---
18.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
19.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
20.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
21.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
22.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
23.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
24.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
25.\"
26.Dd February 2, 2014
27.Dt NETPGPVERIFY 1
28.Os
29.Sh NAME
30.Nm netpgpverify
31.Nd standalone program for digital signature verification
32.Sh SYNOPSIS
33.Nm
34.Op Fl v
35.Op Fl S Ar ssh-pub-key-file
36.Op Fl c Ar command
37.Op Fl k Ar keyring
38.Ar file ...
39.Sh DESCRIPTION
40The
41.Nm
42implements digital signature verification.
43It is designed to be simple and standalone; no external libraries, except
44for
45.Xr libz
46and
47.Xr libbz2
48are used, in order to ensure maximum portability.
49.Pp
50It is completely rewritten from the version of the program that appeared in
51.Nx 6.0
52as part of the
53.Xr netpgp 1
54suite of commands.
55.Pp
56The
57.Nm
58utility requires a file containing public keys, commonly called a
59.Dq keyring .
60Digitally-signed information can be fed to
61.Nm
62in two ways: as standard input, or as files provided on the command line.
63The public key part of the key which was used to sign the file must be
64present, or the signature verification will fail.
65Files may be signed in two distinct ways: as text documents, and as binary
66files.
67Text documents modify the contents to add different line-ending
68characters, and behave differently at the final byte of the input document.
69Binary files are read verbatim, and are not modified in any way.
70.Pp
71The
72.Fl k
73command line argument allows a keyring to be specified.
74The
75.Fl v
76command line argument prints the version of the
77.Nm
78command and then exits.
79Finally, the
80.Fl c
81command specified the command which may be given.
82This can take one of two values:
83.Dq verify
84which is also the default, which verifies the signature
85on the data;
86.Dq cat
87will also verify the signature on the data, and, if
88successfully verified, will display the verified
89data on
90.Dv stdout .
91The
92.Fl S
93argument allows an ssh public key file to be used as the source of
94truth for the key.
95This ssh-key-based signature can be created using the
96.Xr netpgp 1
97utility.
98.Pp
99If a detached signature
100.Dq .sig
101is given on the command line, the signing information will be retrieved
102from that file, and the original data is expected to be found in a file in the same
103directory with the same name with the
104.Dq .sig
105suffix removed.
106.Pp
107Both text mode signatures, and binary signatures, can be verified by
108.Nm
109.Sh SIGNING AND VERIFICATION
110Verification of a file's signature is best viewed using the following example:
111.Bd -literal
112% netpgpverify -k pubring.gpg NetBSD-6.0_RC1_hashes.asc
113Good signature for NetBSD-6.0_RC1_hashes.asc made Thu Aug 23 11:47:50 2012
114signature 4096/RSA (Encrypt or Sign) 064973ac4c4a706e 2009-06-23
115fingerprint ddee 2bdb 9c98 a0d1 d4fb dbf7 0649 73ac 4c4a 706e
116uid NetBSD Security Officer <security-officer@NetBSD.org>
117%
118.Ed
119.Sh EXIT STATUS
120The
121.Nm
122utility will return 0 for a successful verification,
1231 if the file's signature does not match what was expected,
124or 2 if any other error occurs.
125.Sh SEE ALSO
126.Xr netpgp 1 ,
127.\" .Xr libbz2 3 ,
128.Xr zlib 3
129.Sh STANDARDS
130The
131.Nm
132utility is designed to conform to IETF RFC 4880.
133.Sh HISTORY
134The
135.Nm
136command first appeared in
137.Nx 7.0 .
138.Sh AUTHORS
139.An Alistair Crooks Aq agc@NetBSD.org .