1c1
< .\" $NetBSD: netpgpverify.1,v 1.5.6.1 2014/05/22 13:21:33 yamt Exp $
---
> .\" $NetBSD: netpgpverify.1,v 1.5.10.1 2012/10/20 04:59:53 agc Exp $
3c3
< .\" Copyright (c) 2013,2014 Alistair Crooks <agc@NetBSD.org>
---
> .\" Copyright (c) 2012 Alistair Crooks <agc@NetBSD.org>
26c26
< .Dd February 2, 2014
---
> .Dd September 28, 2012
34,35d33
< .Op Fl v
< .Op Fl S Ar ssh-pub-key-file
38c36
< .Ar file ...
---
> .Op Ar
42,52c40,45
< implements digital signature verification.
< It is designed to be simple and standalone; no external libraries, except
< for
< .Xr libz
< and
< .Xr libbz2
< are used, in order to ensure maximum portability.
< .Pp
< It is completely rewritten from the version of the program that appeared in
< .Nx 6.0
< as part of the
---
> program is an extremely small, stand-alone utility for metching
> and verifying digital signatures.
> It has been rewritten from scratch from RFC 4880 to be small
> and lightweight, and to only verify signatures on a file or on memory.
> .Nm
> complements the
54c47,52
< suite of commands.
---
> program, and duplicates its verification functionality in
> a single standalone program.
> The reason for this duplication is simply because verification
> of digital signatures
> is such a common operation that a single, much smaller,
> standalone program can be used.
58,70c56,64
< utility requires a file containing public keys, commonly called a
< .Dq keyring .
< Digitally-signed information can be fed to
< .Nm
< in two ways: as standard input, or as files provided on the command line.
< The public key part of the key which was used to sign the file must be
< present, or the signature verification will fail.
< Files may be signed in two distinct ways: as text documents, and as binary
< files.
< Text documents modify the contents to add different line-ending
< characters, and behave differently at the final byte of the input document.
< Binary files are read verbatim, and are not modified in any way.
< .Pp
---
> command uses the
> .Xr libnetpgpverify 3
> library to do the signature verification.
> The following commands are used to verify signatures:
> .Bl -tag -width Ar
> .It Fl c Ar command
> This argument takes a single word as an option, and performs the matching according
> to the command.
> The usual behavior is to match, and to print success or failure of that verification.
72,97c66,73
< .Fl k
< command line argument allows a keyring to be specified.
< The
< .Fl v
< command line argument prints the version of the
< .Nm
< command and then exits.
< Finally, the
< .Fl c
< command specified the command which may be given.
< This can take one of two values:
< .Dq verify
< which is also the default, which verifies the signature
< on the data;
< .Dq cat
< will also verify the signature on the data, and, if
< successfully verified, will display the verified
< data on
< .Dv stdout .
< The
< .Fl S
< argument allows an ssh public key file to be used as the source of
< truth for the key.
< This ssh-key-based signature can be created using the
< .Xr netpgp 1
< utility.
---
> .Dv cat
> command can be used to do the signature verification,
> and, if successful,
> to print the signed contents to
> .Dv stdout.
> .It Fl k Ar keyring
> is used to specify a keyring, holding the public keys of the people who may
> sign data.
99,108c75,77
< If a detached signature
< .Dq .sig
< is given on the command line, the signing information will be retrieved
< from that file, and the original data is expected to be found in a file in the same
< directory with the same name with the
< .Dq .sig
< suffix removed.
< .Pp
< Both text mode signatures, and binary signatures, can be verified by
< .Nm
---
> Multiple files may be specified on the command line, and they
> will all have their signatures verified at the same time.
> .El
112,116c81,101
< % netpgpverify -k pubring.gpg NetBSD-6.0_RC1_hashes.asc
< Good signature for NetBSD-6.0_RC1_hashes.asc made Thu Aug 23 11:47:50 2012
< signature 4096/RSA (Encrypt or Sign) 064973ac4c4a706e 2009-06-23
< fingerprint ddee 2bdb 9c98 a0d1 d4fb dbf7 0649 73ac 4c4a 706e
< uid NetBSD Security Officer <security-officer@NetBSD.org>
---
> % netpgp --sign --userid=agc@netbsd.org a
> signature 2048/RSA (Encrypt or Sign) 1b68dcfcc0596823 2004-01-12
> Key fingerprint: d415 9deb 336d e4cc cdfa 00cd 1b68 dcfc c059 6823
> uid Alistair Crooks \*[Lt]alistair@hockley-crooks.com\*[Gt]
> uid Alistair Crooks \*[Lt]agc@pkgsrc.org\*[Gt]
> uid Alistair Crooks \*[Lt]agc@netbsd.org\*[Gt]
> uid Alistair Crooks \*[Lt]agc@alistaircrooks.com\*[Gt]
> uid Alistair Crooks (Yahoo!) \*[Lt]agcrooks@yahoo-inc.com\*[Gt]
> encryption 2048/RSA (Encrypt or Sign) 79deb61e488eee74 2004-01-12
> netpgp passphrase:
> % netpgpverify a.gpg
> Good signature for a.gpg made Thu Jan 29 03:06:00 2009
> using RSA (Encrypt or Sign) key 1B68DCFCC0596823
> signature 2048/RSA (Encrypt or Sign) 1b68dcfcc0596823 2004-01-12
> Key fingerprint: d415 9deb 336d e4cc cdfa 00cd 1b68 dcfc c059 6823
> uid Alistair Crooks \*[Lt]alistair@hockley-crooks.com\*[Gt]
> uid Alistair Crooks \*[Lt]agc@pkgsrc.org\*[Gt]
> uid Alistair Crooks \*[Lt]agc@netbsd.org\*[Gt]
> uid Alistair Crooks \*[Lt]agc@alistaircrooks.com\*[Gt]
> uid Alistair Crooks (Yahoo!) \*[Lt]agcrooks@yahoo-inc.com\*[Gt]
> encryption 2048/RSA (Encrypt or Sign) 79deb61e488eee74 2004-01-12
118a104,124
> .Pp
> In the example above, a signature is made on a single file called
> .Dq Pa a
> using a user identity corresponding to
> .Dq agc@netbsd.org
> and using the
> .Xr netpgp 1
> program.
> The key located for the user identity is displayed, and
> the user is prompted to type in their passphrase.
> The resulting file, called
> .Dq Pa a.gpg
> is placed in the same directory.
> The second part of the example shows a verification
> using
> .Nm
> of the signed file
> taking place.
> The time and user identity of the signatory is displayed, followed
> by a fuller description of the public key of the signatory.
> In both cases, the exit value from the utility was a successful one.
122,124c128,129
< utility will return 0 for a successful verification,
< 1 if the file's signature does not match what was expected,
< or 2 if any other error occurs.
---
> utility will return 0 for a successful signature verification,
> or 1 if the file's signature does not match what was expected.
128c133
< .Xr zlib 3
---
> .Xr libnetpgpverify 3
136a142,143
> .Nx 6.0 .
> This version was written and first appeared in this form in
138a146
> .An -nosplit
< .\" $NetBSD: netpgpverify.1,v 1.5.6.1 2014/05/22 13:21:33 yamt Exp $
---
> .\" $NetBSD: netpgpverify.1,v 1.5.10.1 2012/10/20 04:59:53 agc Exp $
3c3
< .\" Copyright (c) 2013,2014 Alistair Crooks <agc@NetBSD.org>
---
> .\" Copyright (c) 2012 Alistair Crooks <agc@NetBSD.org>
26c26
< .Dd February 2, 2014
---
> .Dd September 28, 2012
34,35d33
< .Op Fl v
< .Op Fl S Ar ssh-pub-key-file
38c36
< .Ar file ...
---
> .Op Ar
42,52c40,45
< implements digital signature verification.
< It is designed to be simple and standalone; no external libraries, except
< for
< .Xr libz
< and
< .Xr libbz2
< are used, in order to ensure maximum portability.
< .Pp
< It is completely rewritten from the version of the program that appeared in
< .Nx 6.0
< as part of the
---
> program is an extremely small, stand-alone utility for metching
> and verifying digital signatures.
> It has been rewritten from scratch from RFC 4880 to be small
> and lightweight, and to only verify signatures on a file or on memory.
> .Nm
> complements the
54c47,52
< suite of commands.
---
> program, and duplicates its verification functionality in
> a single standalone program.
> The reason for this duplication is simply because verification
> of digital signatures
> is such a common operation that a single, much smaller,
> standalone program can be used.
58,70c56,64
< utility requires a file containing public keys, commonly called a
< .Dq keyring .
< Digitally-signed information can be fed to
< .Nm
< in two ways: as standard input, or as files provided on the command line.
< The public key part of the key which was used to sign the file must be
< present, or the signature verification will fail.
< Files may be signed in two distinct ways: as text documents, and as binary
< files.
< Text documents modify the contents to add different line-ending
< characters, and behave differently at the final byte of the input document.
< Binary files are read verbatim, and are not modified in any way.
< .Pp
---
> command uses the
> .Xr libnetpgpverify 3
> library to do the signature verification.
> The following commands are used to verify signatures:
> .Bl -tag -width Ar
> .It Fl c Ar command
> This argument takes a single word as an option, and performs the matching according
> to the command.
> The usual behavior is to match, and to print success or failure of that verification.
72,97c66,73
< .Fl k
< command line argument allows a keyring to be specified.
< The
< .Fl v
< command line argument prints the version of the
< .Nm
< command and then exits.
< Finally, the
< .Fl c
< command specified the command which may be given.
< This can take one of two values:
< .Dq verify
< which is also the default, which verifies the signature
< on the data;
< .Dq cat
< will also verify the signature on the data, and, if
< successfully verified, will display the verified
< data on
< .Dv stdout .
< The
< .Fl S
< argument allows an ssh public key file to be used as the source of
< truth for the key.
< This ssh-key-based signature can be created using the
< .Xr netpgp 1
< utility.
---
> .Dv cat
> command can be used to do the signature verification,
> and, if successful,
> to print the signed contents to
> .Dv stdout.
> .It Fl k Ar keyring
> is used to specify a keyring, holding the public keys of the people who may
> sign data.
99,108c75,77
< If a detached signature
< .Dq .sig
< is given on the command line, the signing information will be retrieved
< from that file, and the original data is expected to be found in a file in the same
< directory with the same name with the
< .Dq .sig
< suffix removed.
< .Pp
< Both text mode signatures, and binary signatures, can be verified by
< .Nm
---
> Multiple files may be specified on the command line, and they
> will all have their signatures verified at the same time.
> .El
112,116c81,101
< % netpgpverify -k pubring.gpg NetBSD-6.0_RC1_hashes.asc
< Good signature for NetBSD-6.0_RC1_hashes.asc made Thu Aug 23 11:47:50 2012
< signature 4096/RSA (Encrypt or Sign) 064973ac4c4a706e 2009-06-23
< fingerprint ddee 2bdb 9c98 a0d1 d4fb dbf7 0649 73ac 4c4a 706e
< uid NetBSD Security Officer <security-officer@NetBSD.org>
---
> % netpgp --sign --userid=agc@netbsd.org a
> signature 2048/RSA (Encrypt or Sign) 1b68dcfcc0596823 2004-01-12
> Key fingerprint: d415 9deb 336d e4cc cdfa 00cd 1b68 dcfc c059 6823
> uid Alistair Crooks \*[Lt]alistair@hockley-crooks.com\*[Gt]
> uid Alistair Crooks \*[Lt]agc@pkgsrc.org\*[Gt]
> uid Alistair Crooks \*[Lt]agc@netbsd.org\*[Gt]
> uid Alistair Crooks \*[Lt]agc@alistaircrooks.com\*[Gt]
> uid Alistair Crooks (Yahoo!) \*[Lt]agcrooks@yahoo-inc.com\*[Gt]
> encryption 2048/RSA (Encrypt or Sign) 79deb61e488eee74 2004-01-12
> netpgp passphrase:
> % netpgpverify a.gpg
> Good signature for a.gpg made Thu Jan 29 03:06:00 2009
> using RSA (Encrypt or Sign) key 1B68DCFCC0596823
> signature 2048/RSA (Encrypt or Sign) 1b68dcfcc0596823 2004-01-12
> Key fingerprint: d415 9deb 336d e4cc cdfa 00cd 1b68 dcfc c059 6823
> uid Alistair Crooks \*[Lt]alistair@hockley-crooks.com\*[Gt]
> uid Alistair Crooks \*[Lt]agc@pkgsrc.org\*[Gt]
> uid Alistair Crooks \*[Lt]agc@netbsd.org\*[Gt]
> uid Alistair Crooks \*[Lt]agc@alistaircrooks.com\*[Gt]
> uid Alistair Crooks (Yahoo!) \*[Lt]agcrooks@yahoo-inc.com\*[Gt]
> encryption 2048/RSA (Encrypt or Sign) 79deb61e488eee74 2004-01-12
118a104,124
> .Pp
> In the example above, a signature is made on a single file called
> .Dq Pa a
> using a user identity corresponding to
> .Dq agc@netbsd.org
> and using the
> .Xr netpgp 1
> program.
> The key located for the user identity is displayed, and
> the user is prompted to type in their passphrase.
> The resulting file, called
> .Dq Pa a.gpg
> is placed in the same directory.
> The second part of the example shows a verification
> using
> .Nm
> of the signed file
> taking place.
> The time and user identity of the signatory is displayed, followed
> by a fuller description of the public key of the signatory.
> In both cases, the exit value from the utility was a successful one.
122,124c128,129
< utility will return 0 for a successful verification,
< 1 if the file's signature does not match what was expected,
< or 2 if any other error occurs.
---
> utility will return 0 for a successful signature verification,
> or 1 if the file's signature does not match what was expected.
128c133
< .Xr zlib 3
---
> .Xr libnetpgpverify 3
136a142,143
> .Nx 6.0 .
> This version was written and first appeared in this form in
138a146
> .An -nosplit