mirror of
https://github.com/Stichting-MINIX-Research-Foundation/pkgsrc-ng.git
synced 2025-09-08 03:44:13 -04:00
156 lines
4.8 KiB
Groff
156 lines
4.8 KiB
Groff
.\" $NetBSD: netpgpverify.1,v 1.4 2015/01/30 18:47:51 agc Exp $
|
|
.\"
|
|
.\" Copyright (c) 2013,2014,2015 Alistair Crooks <agc@NetBSD.org>
|
|
.\" All rights reserved.
|
|
.\"
|
|
.\" Redistribution and use in source and binary forms, with or without
|
|
.\" modification, are permitted provided that the following conditions
|
|
.\" are met:
|
|
.\" 1. Redistributions of source code must retain the above copyright
|
|
.\" notice, this list of conditions and the following disclaimer.
|
|
.\" 2. Redistributions in binary form must reproduce the above copyright
|
|
.\" notice, this list of conditions and the following disclaimer in the
|
|
.\" documentation and/or other materials provided with the distribution.
|
|
.\"
|
|
.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
|
|
.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
|
|
.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
|
|
.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
|
|
.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
|
|
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
|
.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
|
.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
|
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
|
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
.\"
|
|
.Dd January 15, 2015
|
|
.Dt NETPGPVERIFY 1
|
|
.Os
|
|
.Sh NAME
|
|
.Nm netpgpverify
|
|
.Nd standalone program for digital signature verification
|
|
.Sh SYNOPSIS
|
|
.Nm
|
|
.Op Fl v
|
|
.Op Fl S Ar ssh-pub-key-file
|
|
.Op Fl c Ar command
|
|
.Op Fl k Ar keyring
|
|
.Ar file ...
|
|
.Sh DESCRIPTION
|
|
The
|
|
.Nm
|
|
implements digital signature verification.
|
|
It is designed to be simple and standalone; no external libraries, except
|
|
for
|
|
.Xr libz
|
|
and
|
|
.Xr libbz2
|
|
are used, in order to ensure maximum portability.
|
|
.Pp
|
|
It is completely rewritten from the version of the program that appeared in
|
|
.Nx 6.0
|
|
as part of the
|
|
.Xr netpgp 1
|
|
suite of commands.
|
|
.Pp
|
|
The
|
|
.Nm
|
|
utility requires a file containing public keys, commonly called a
|
|
.Dq keyring .
|
|
Digitally-signed information can be fed to
|
|
.Nm
|
|
in two ways: as standard input, or as files provided on the command line.
|
|
The public key part of the key which was used to sign the file must be
|
|
present, or the signature verification will fail.
|
|
Files may be signed in two distinct ways: as text documents, and as binary
|
|
files.
|
|
Text documents modify the contents to add different line-ending
|
|
characters, and behave differently at the final byte of the input document.
|
|
Binary files are read verbatim, and are not modified in any way.
|
|
.Pp
|
|
The
|
|
.Fl k
|
|
command line argument allows a keyring to be specified.
|
|
.Pp
|
|
The
|
|
.Fl v
|
|
command line argument prints the version of the
|
|
.Nm
|
|
command and then exits.
|
|
.Pp
|
|
The
|
|
.Fl c
|
|
argument allows a
|
|
.Dq command
|
|
to be given, modifying the behaviour of the
|
|
.Nm
|
|
command.
|
|
This command can take one of three values:
|
|
.Dq verify
|
|
which is also the default, which verifies the signature
|
|
on the data;
|
|
.Dq cat
|
|
will also verify the signature on the data, and, if
|
|
successfully verified, will display the verified
|
|
data on
|
|
.Dv stdout ;
|
|
and
|
|
.Dq dump
|
|
which will dump the individual PGP packets to standard out, along
|
|
with a hexadecimal dump of the first part of the contents of each
|
|
packet.
|
|
Please note that the packets from the public key ring will also be dumped
|
|
using this command.
|
|
The key ring packets will be displayed immediately before the packets in the
|
|
file being verified.
|
|
.Pp
|
|
The
|
|
.Fl S
|
|
argument allows an ssh public key file to be used as the source of
|
|
truth for the key.
|
|
This ssh-key-based signature can be created using the
|
|
.Xr netpgp 1
|
|
utility.
|
|
.Pp
|
|
If a detached signature
|
|
.Dq .sig
|
|
is given on the command line, the signing information will be retrieved
|
|
from that file, and the original data is expected to be found in a file in the same
|
|
directory with the same name with the
|
|
.Dq .sig
|
|
suffix removed.
|
|
.Pp
|
|
Both text mode signatures, and binary signatures, can be verified by
|
|
.Nm
|
|
.Sh SIGNING AND VERIFICATION
|
|
Verification of a file's signature is best viewed using the following example:
|
|
.Bd -literal
|
|
% netpgpverify -k pubring.gpg NetBSD-6.0_RC1_hashes.asc
|
|
Good signature for NetBSD-6.0_RC1_hashes.asc made Thu Aug 23 11:47:50 2012
|
|
signature 4096/RSA (Encrypt or Sign) 064973ac4c4a706e 2009-06-23
|
|
fingerprint ddee 2bdb 9c98 a0d1 d4fb dbf7 0649 73ac 4c4a 706e
|
|
uid NetBSD Security Officer <security-officer@NetBSD.org>
|
|
%
|
|
.Ed
|
|
.Sh EXIT STATUS
|
|
The
|
|
.Nm
|
|
utility will return 0 for a successful verification,
|
|
1 if the file's signature does not match what was expected,
|
|
or 2 if any other error occurs.
|
|
.Sh SEE ALSO
|
|
.Xr netpgp 1 ,
|
|
.\" .Xr libbz2 3 ,
|
|
.Xr zlib 3
|
|
.Sh STANDARDS
|
|
The
|
|
.Nm
|
|
utility is designed to conform to IETF RFC 4880.
|
|
.Sh HISTORY
|
|
The
|
|
.Nm
|
|
command first appeared in
|
|
.Nx 7.0 .
|
|
.Sh AUTHORS
|
|
.An Alistair Crooks Aq agc@NetBSD.org .
|