netpgpverify.1 (1.5.6.1) | netpgpverify.1 (1.5.10.1) |
---|---|
1.\" $NetBSD: netpgpverify.1,v 1.5.6.1 2014/05/22 13:21:33 yamt Exp $ | 1.\" $NetBSD: netpgpverify.1,v 1.5.10.1 2012/10/20 04:59:53 agc Exp $ |
2.\" | 2.\" |
3.\" Copyright (c) 2013,2014 Alistair Crooks <agc@NetBSD.org> | 3.\" Copyright (c) 2012 Alistair Crooks <agc@NetBSD.org> |
4.\" All rights reserved. 5.\" 6.\" Redistribution and use in source and binary forms, with or without 7.\" modification, are permitted provided that the following conditions 8.\" are met: 9.\" 1. Redistributions of source code must retain the above copyright 10.\" notice, this list of conditions and the following disclaimer. 11.\" 2. Redistributions in binary form must reproduce the above copyright --- 6 unchanged lines hidden (view full) --- 18.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 19.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 20.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 21.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 22.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 23.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 24.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 25.\" | 4.\" All rights reserved. 5.\" 6.\" Redistribution and use in source and binary forms, with or without 7.\" modification, are permitted provided that the following conditions 8.\" are met: 9.\" 1. Redistributions of source code must retain the above copyright 10.\" notice, this list of conditions and the following disclaimer. 11.\" 2. Redistributions in binary form must reproduce the above copyright --- 6 unchanged lines hidden (view full) --- 18.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 19.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 20.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 21.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 22.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 23.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 24.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 25.\" |
26.Dd February 2, 2014 | 26.Dd September 28, 2012 |
27.Dt NETPGPVERIFY 1 28.Os 29.Sh NAME 30.Nm netpgpverify 31.Nd standalone program for digital signature verification 32.Sh SYNOPSIS 33.Nm | 27.Dt NETPGPVERIFY 1 28.Os 29.Sh NAME 30.Nm netpgpverify 31.Nd standalone program for digital signature verification 32.Sh SYNOPSIS 33.Nm |
34.Op Fl v 35.Op Fl S Ar ssh-pub-key-file | |
36.Op Fl c Ar command 37.Op Fl k Ar keyring | 34.Op Fl c Ar command 35.Op Fl k Ar keyring |
38.Ar file ... | 36.Op Ar |
39.Sh DESCRIPTION 40The 41.Nm | 37.Sh DESCRIPTION 38The 39.Nm |
42implements digital signature verification. 43It is designed to be simple and standalone; no external libraries, except 44for 45.Xr libz 46and 47.Xr libbz2 48are used, in order to ensure maximum portability. 49.Pp 50It is completely rewritten from the version of the program that appeared in 51.Nx 6.0 52as part of the | 40program is an extremely small, stand-alone utility for metching 41and verifying digital signatures. 42It has been rewritten from scratch from RFC 4880 to be small 43and lightweight, and to only verify signatures on a file or on memory. 44.Nm 45complements the |
53.Xr netpgp 1 | 46.Xr netpgp 1 |
54suite of commands. | 47program, and duplicates its verification functionality in 48a single standalone program. 49The reason for this duplication is simply because verification 50of digital signatures 51is such a common operation that a single, much smaller, 52standalone program can be used. |
55.Pp 56The 57.Nm | 53.Pp 54The 55.Nm |
58utility requires a file containing public keys, commonly called a 59.Dq keyring . 60Digitally-signed information can be fed to 61.Nm 62in two ways: as standard input, or as files provided on the command line. 63The public key part of the key which was used to sign the file must be 64present, or the signature verification will fail. 65Files may be signed in two distinct ways: as text documents, and as binary 66files. 67Text documents modify the contents to add different line-ending 68characters, and behave differently at the final byte of the input document. 69Binary files are read verbatim, and are not modified in any way. 70.Pp | 56command uses the 57.Xr libnetpgpverify 3 58library to do the signature verification. 59The following commands are used to verify signatures: 60.Bl -tag -width Ar 61.It Fl c Ar command 62This argument takes a single word as an option, and performs the matching according 63to the command. 64The usual behavior is to match, and to print success or failure of that verification. |
71The | 65The |
72.Fl k 73command line argument allows a keyring to be specified. 74The 75.Fl v 76command line argument prints the version of the 77.Nm 78command and then exits. 79Finally, the 80.Fl c 81command specified the command which may be given. 82This can take one of two values: 83.Dq verify 84which is also the default, which verifies the signature 85on the data; 86.Dq cat 87will also verify the signature on the data, and, if 88successfully verified, will display the verified 89data on 90.Dv stdout . 91The 92.Fl S 93argument allows an ssh public key file to be used as the source of 94truth for the key. 95This ssh-key-based signature can be created using the 96.Xr netpgp 1 97utility. | 66.Dv cat 67command can be used to do the signature verification, 68and, if successful, 69to print the signed contents to 70.Dv stdout. 71.It Fl k Ar keyring 72is used to specify a keyring, holding the public keys of the people who may 73sign data. |
98.Pp | 74.Pp |
99If a detached signature 100.Dq .sig 101is given on the command line, the signing information will be retrieved 102from that file, and the original data is expected to be found in a file in the same 103directory with the same name with the 104.Dq .sig 105suffix removed. 106.Pp 107Both text mode signatures, and binary signatures, can be verified by 108.Nm | 75Multiple files may be specified on the command line, and they 76will all have their signatures verified at the same time. 77.El |
109.Sh SIGNING AND VERIFICATION 110Verification of a file's signature is best viewed using the following example: 111.Bd -literal | 78.Sh SIGNING AND VERIFICATION 79Verification of a file's signature is best viewed using the following example: 80.Bd -literal |
112% netpgpverify -k pubring.gpg NetBSD-6.0_RC1_hashes.asc 113Good signature for NetBSD-6.0_RC1_hashes.asc made Thu Aug 23 11:47:50 2012 114signature 4096/RSA (Encrypt or Sign) 064973ac4c4a706e 2009-06-23 115fingerprint ddee 2bdb 9c98 a0d1 d4fb dbf7 0649 73ac 4c4a 706e 116uid NetBSD Security Officer <security-officer@NetBSD.org> | 81% netpgp --sign --userid=agc@netbsd.org a 82signature 2048/RSA (Encrypt or Sign) 1b68dcfcc0596823 2004-01-12 83Key fingerprint: d415 9deb 336d e4cc cdfa 00cd 1b68 dcfc c059 6823 84uid Alistair Crooks \*[Lt]alistair@hockley-crooks.com\*[Gt] 85uid Alistair Crooks \*[Lt]agc@pkgsrc.org\*[Gt] 86uid Alistair Crooks \*[Lt]agc@netbsd.org\*[Gt] 87uid Alistair Crooks \*[Lt]agc@alistaircrooks.com\*[Gt] 88uid Alistair Crooks (Yahoo!) \*[Lt]agcrooks@yahoo-inc.com\*[Gt] 89encryption 2048/RSA (Encrypt or Sign) 79deb61e488eee74 2004-01-12 90netpgp passphrase: 91% netpgpverify a.gpg 92Good signature for a.gpg made Thu Jan 29 03:06:00 2009 93using RSA (Encrypt or Sign) key 1B68DCFCC0596823 94signature 2048/RSA (Encrypt or Sign) 1b68dcfcc0596823 2004-01-12 95Key fingerprint: d415 9deb 336d e4cc cdfa 00cd 1b68 dcfc c059 6823 96uid Alistair Crooks \*[Lt]alistair@hockley-crooks.com\*[Gt] 97uid Alistair Crooks \*[Lt]agc@pkgsrc.org\*[Gt] 98uid Alistair Crooks \*[Lt]agc@netbsd.org\*[Gt] 99uid Alistair Crooks \*[Lt]agc@alistaircrooks.com\*[Gt] 100uid Alistair Crooks (Yahoo!) \*[Lt]agcrooks@yahoo-inc.com\*[Gt] 101encryption 2048/RSA (Encrypt or Sign) 79deb61e488eee74 2004-01-12 |
117% 118.Ed | 102% 103.Ed |
104.Pp 105In the example above, a signature is made on a single file called 106.Dq Pa a 107using a user identity corresponding to 108.Dq agc@netbsd.org 109and using the 110.Xr netpgp 1 111program. 112The key located for the user identity is displayed, and 113the user is prompted to type in their passphrase. 114The resulting file, called 115.Dq Pa a.gpg 116is placed in the same directory. 117The second part of the example shows a verification 118using 119.Nm 120of the signed file 121taking place. 122The time and user identity of the signatory is displayed, followed 123by a fuller description of the public key of the signatory. 124In both cases, the exit value from the utility was a successful one. |
|
119.Sh EXIT STATUS 120The 121.Nm | 125.Sh EXIT STATUS 126The 127.Nm |
122utility will return 0 for a successful verification, 1231 if the file's signature does not match what was expected, 124or 2 if any other error occurs. | 128utility will return 0 for a successful signature verification, 129or 1 if the file's signature does not match what was expected. |
125.Sh SEE ALSO 126.Xr netpgp 1 , 127.\" .Xr libbz2 3 , | 130.Sh SEE ALSO 131.Xr netpgp 1 , 132.\" .Xr libbz2 3 , |
128.Xr zlib 3 | 133.Xr libnetpgpverify 3 |
129.Sh STANDARDS 130The 131.Nm 132utility is designed to conform to IETF RFC 4880. 133.Sh HISTORY 134The 135.Nm 136command first appeared in | 134.Sh STANDARDS 135The 136.Nm 137utility is designed to conform to IETF RFC 4880. 138.Sh HISTORY 139The 140.Nm 141command first appeared in |
142.Nx 6.0 . 143This version was written and first appeared in this form in |
|
137.Nx 7.0 . 138.Sh AUTHORS | 144.Nx 7.0 . 145.Sh AUTHORS |
146.An -nosplit |
|
139.An Alistair Crooks Aq agc@NetBSD.org . | 147.An Alistair Crooks Aq agc@NetBSD.org . |