1.\" $NetBSD: netpgpverify.1,v 1.6 2013/07/20 21:39:56 wiz Exp $
2.\"
3.\" Copyright (c) 2009 The NetBSD Foundation, Inc.
4.\" All rights reserved.
5.\"
6.\" This manual page is derived from software contributed to
7.\" The NetBSD Foundation by Alistair Crooks (agc@NetBSD.org).
8.\"
9.\" Redistribution and use in source and binary forms, with or without
10.\" modification, are permitted provided that the following conditions
11.\" are met:
12.\" 1. Redistributions of source code must retain the above copyright
13.\"    notice, this list of conditions and the following disclaimer.
14.\" 2. Redistributions in binary form must reproduce the above copyright
15.\"    notice, this list of conditions and the following disclaimer in the
16.\"    documentation and/or other materials provided with the distribution.
17.\"
18.\" THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
19.\" ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
20.\" TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
21.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
22.\" BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
23.\" CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
24.\" SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
25.\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
26.\" CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
27.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
28.\" POSSIBILITY OF SUCH DAMAGE.
29.\"
30.Dd November 10, 2010
31.Dt NETPGPVERIFY 1
32.Os
33.Sh NAME
34.Nm netpgpverify
35.Nd standalone program for digital signature verification
36.Sh SYNOPSIS
37.Nm
38.Fl Fl verify
39.Op Fl Fl output Ns = Ns Ar filename
40.Op options
41.Ar file ...
42.Pp
43where the options for all commands are:
44.Pp
45.Op Fl Fl coredumps
46.br
47.Op Fl Fl homedir Ns = Ns Ar home-directory
48.br
49.Op Fl Fl keyring Ns = Ns Ar keyring
50.br
51.Op Fl Fl userid Ns = Ns Ar userid
52.br
53.Op Fl Fl verbose
54.Sh DESCRIPTION
55The
56.Nm
57complements the
58.Xr netpgp 1
59program, and duplicates its verification functionality in
60a single standalone program.
61The reason for this duplication is simply because verification
62of digital signatures
63is such a common operation that a single, much smaller,
64standalone program can be used.
65.Pp
66The following commands are used to verify signatures:
67.Bl -tag -width Ar
68.It Fl Fl coredumps
69In normal processing,
70if an error occurs, the contents of memory are saved to disk, and can
71be read using tools to analyse behaviour.
72Unfortunately this can disclose information to people viewing
73the core dump, such as secret keys, and passphrases protecting
74those keys.
75In normal operation,
76.Nm
77will turn off the ability to save core dumps on persistent storage,
78but selecting this option will allow core dumps to be written to disk.
79This option should be used wisely, and any core dumps should
80be deleted in a secure manner when no longer needed.
81.It Fl Fl homedir Ar home-directory
82Keyrings are normally located, for historical reasons, within
83the user's home directory in a subdirectory called
84.Dq Pa .gnupg
85and this option specifies an alternative location in which to
86find that sub-directory.
87.It Fl Fl keyring Ar keyring
88This option specifies an alternative keyring to be used.
89All keyring operations will be relative to this alternative keyring.
90.It Fl Fl output
91specifies a filename to which verified output from a signed file
92may be redirected.
93The default is to send the verified output to stdout,
94and this may also be specified using the
95.Dq \-
96value.
97.It Fl Fl verbose
98This option can be used to view information during
99the process of the
100.Nm
101requests.
102.El
103.Sh SIGNING AND VERIFICATION
104Verification of a file's signature is best viewed using the following example:
105.Bd -literal
106% netpgp --sign --userid=agc@netbsd.org a
107signature  2048/RSA (Encrypt or Sign) 1b68dcfcc0596823 2004-01-12
108Key fingerprint: d415 9deb 336d e4cc cdfa 00cd 1b68 dcfc c059 6823
109uid              Alistair Crooks \*[Lt]alistair@hockley-crooks.com\*[Gt]
110uid              Alistair Crooks \*[Lt]agc@pkgsrc.org\*[Gt]
111uid              Alistair Crooks \*[Lt]agc@netbsd.org\*[Gt]
112uid              Alistair Crooks \*[Lt]agc@alistaircrooks.com\*[Gt]
113uid              Alistair Crooks (Yahoo!) \*[Lt]agcrooks@yahoo-inc.com\*[Gt]
114encryption 2048/RSA (Encrypt or Sign) 79deb61e488eee74 2004-01-12
115netpgp passphrase:
116% netpgpverify a.gpg
117Good signature for a.gpg made Thu Jan 29 03:06:00 2009
118using RSA (Encrypt or Sign) key 1B68DCFCC0596823
119signature  2048/RSA (Encrypt or Sign) 1b68dcfcc0596823 2004-01-12
120Key fingerprint: d415 9deb 336d e4cc cdfa 00cd 1b68 dcfc c059 6823
121uid              Alistair Crooks \*[Lt]alistair@hockley-crooks.com\*[Gt]
122uid              Alistair Crooks \*[Lt]agc@pkgsrc.org\*[Gt]
123uid              Alistair Crooks \*[Lt]agc@netbsd.org\*[Gt]
124uid              Alistair Crooks \*[Lt]agc@alistaircrooks.com\*[Gt]
125uid              Alistair Crooks (Yahoo!) \*[Lt]agcrooks@yahoo-inc.com\*[Gt]
126encryption 2048/RSA (Encrypt or Sign) 79deb61e488eee74 2004-01-12
127%
128.Ed
129.Pp
130In the example above, a signature is made on a single file called
131.Dq Pa a
132using a user identity corresponding to
133.Dq agc@netbsd.org
134and using the
135.Xr netpgp 1
136program.
137The key located for the user identity is displayed, and
138the user is prompted to type in their passphrase.
139The resulting file, called
140.Dq Pa a.gpg
141is placed in the same directory.
142The second part of the example shows a verification
143using
144.Nm
145of the signed file
146taking place.
147The time and user identity of the signatory is displayed, followed
148by a fuller description of the public key of the signatory.
149In both cases, the exit value from the utility was a successful one.
150.Sh EXIT STATUS
151The
152.Nm
153utility will return 0 for success,
1541 if the file's signature does not match what was expected,
155or 2 if any other error occurs.
156.Sh SEE ALSO
157.Xr netpgp 1 ,
158.\" .Xr libbz2 3 ,
159.Xr libnetpgp 3 ,
160.Xr ssl 3 ,
161.Xr zlib 3
162.Sh STANDARDS
163The
164.Nm
165utility is designed to conform to IETF RFC 4880.
166.Sh HISTORY
167The
168.Nm
169command first appeared in
170.Nx 6.0 .
171.Sh AUTHORS
172.An -nosplit
173.An Ben Laurie ,
174.An Rachel Willmer ,
175and was overhauled and rewritten by
176.An Alistair Crooks Aq Mt agc@NetBSD.org .
177This manual page was written by
178.An Alistair Crooks .
179