1.\" $NetBSD: netpgpverify.1,v 1.6 2013/07/20 21:39:56 wiz Exp $ 2.\" 3.\" Copyright (c) 2009 The NetBSD Foundation, Inc. 4.\" All rights reserved. 5.\" 6.\" This manual page is derived from software contributed to 7.\" The NetBSD Foundation by Alistair Crooks (agc@NetBSD.org). 8.\" 9.\" Redistribution and use in source and binary forms, with or without 10.\" modification, are permitted provided that the following conditions 11.\" are met: 12.\" 1. Redistributions of source code must retain the above copyright 13.\" notice, this list of conditions and the following disclaimer. 14.\" 2. Redistributions in binary form must reproduce the above copyright 15.\" notice, this list of conditions and the following disclaimer in the 16.\" documentation and/or other materials provided with the distribution. 17.\" 18.\" THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS 19.\" ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 20.\" TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 21.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS 22.\" BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 23.\" CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 24.\" SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 25.\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 26.\" CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 27.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 28.\" POSSIBILITY OF SUCH DAMAGE. 29.\" 30.Dd November 10, 2010 31.Dt NETPGPVERIFY 1 32.Os 33.Sh NAME 34.Nm netpgpverify 35.Nd standalone program for digital signature verification 36.Sh SYNOPSIS 37.Nm 38.Fl Fl verify 39.Op Fl Fl output Ns = Ns Ar filename 40.Op options 41.Ar file ... 42.Pp 43where the options for all commands are: 44.Pp 45.Op Fl Fl coredumps 46.br 47.Op Fl Fl homedir Ns = Ns Ar home-directory 48.br 49.Op Fl Fl keyring Ns = Ns Ar keyring 50.br 51.Op Fl Fl userid Ns = Ns Ar userid 52.br 53.Op Fl Fl verbose 54.Sh DESCRIPTION 55The 56.Nm 57complements the 58.Xr netpgp 1 59program, and duplicates its verification functionality in 60a single standalone program. 61The reason for this duplication is simply because verification 62of digital signatures 63is such a common operation that a single, much smaller, 64standalone program can be used. 65.Pp 66The following commands are used to verify signatures: 67.Bl -tag -width Ar 68.It Fl Fl coredumps 69In normal processing, 70if an error occurs, the contents of memory are saved to disk, and can 71be read using tools to analyse behaviour. 72Unfortunately this can disclose information to people viewing 73the core dump, such as secret keys, and passphrases protecting 74those keys. 75In normal operation, 76.Nm 77will turn off the ability to save core dumps on persistent storage, 78but selecting this option will allow core dumps to be written to disk. 79This option should be used wisely, and any core dumps should 80be deleted in a secure manner when no longer needed. 81.It Fl Fl homedir Ar home-directory 82Keyrings are normally located, for historical reasons, within 83the user's home directory in a subdirectory called 84.Dq Pa .gnupg 85and this option specifies an alternative location in which to 86find that sub-directory. 87.It Fl Fl keyring Ar keyring 88This option specifies an alternative keyring to be used. 89All keyring operations will be relative to this alternative keyring. 90.It Fl Fl output 91specifies a filename to which verified output from a signed file 92may be redirected. 93The default is to send the verified output to stdout, 94and this may also be specified using the 95.Dq \- 96value. 97.It Fl Fl verbose 98This option can be used to view information during 99the process of the 100.Nm 101requests. 102.El 103.Sh SIGNING AND VERIFICATION 104Verification of a file's signature is best viewed using the following example: 105.Bd -literal 106% netpgp --sign --userid=agc@netbsd.org a 107signature 2048/RSA (Encrypt or Sign) 1b68dcfcc0596823 2004-01-12 108Key fingerprint: d415 9deb 336d e4cc cdfa 00cd 1b68 dcfc c059 6823 109uid Alistair Crooks \*[Lt]alistair@hockley-crooks.com\*[Gt] 110uid Alistair Crooks \*[Lt]agc@pkgsrc.org\*[Gt] 111uid Alistair Crooks \*[Lt]agc@netbsd.org\*[Gt] 112uid Alistair Crooks \*[Lt]agc@alistaircrooks.com\*[Gt] 113uid Alistair Crooks (Yahoo!) \*[Lt]agcrooks@yahoo-inc.com\*[Gt] 114encryption 2048/RSA (Encrypt or Sign) 79deb61e488eee74 2004-01-12 115netpgp passphrase: 116% netpgpverify a.gpg 117Good signature for a.gpg made Thu Jan 29 03:06:00 2009 118using RSA (Encrypt or Sign) key 1B68DCFCC0596823 119signature 2048/RSA (Encrypt or Sign) 1b68dcfcc0596823 2004-01-12 120Key fingerprint: d415 9deb 336d e4cc cdfa 00cd 1b68 dcfc c059 6823 121uid Alistair Crooks \*[Lt]alistair@hockley-crooks.com\*[Gt] 122uid Alistair Crooks \*[Lt]agc@pkgsrc.org\*[Gt] 123uid Alistair Crooks \*[Lt]agc@netbsd.org\*[Gt] 124uid Alistair Crooks \*[Lt]agc@alistaircrooks.com\*[Gt] 125uid Alistair Crooks (Yahoo!) \*[Lt]agcrooks@yahoo-inc.com\*[Gt] 126encryption 2048/RSA (Encrypt or Sign) 79deb61e488eee74 2004-01-12 127% 128.Ed 129.Pp 130In the example above, a signature is made on a single file called 131.Dq Pa a 132using a user identity corresponding to 133.Dq agc@netbsd.org 134and using the 135.Xr netpgp 1 136program. 137The key located for the user identity is displayed, and 138the user is prompted to type in their passphrase. 139The resulting file, called 140.Dq Pa a.gpg 141is placed in the same directory. 142The second part of the example shows a verification 143using 144.Nm 145of the signed file 146taking place. 147The time and user identity of the signatory is displayed, followed 148by a fuller description of the public key of the signatory. 149In both cases, the exit value from the utility was a successful one. 150.Sh EXIT STATUS 151The 152.Nm 153utility will return 0 for success, 1541 if the file's signature does not match what was expected, 155or 2 if any other error occurs. 156.Sh SEE ALSO 157.Xr netpgp 1 , 158.\" .Xr libbz2 3 , 159.Xr libnetpgp 3 , 160.Xr ssl 3 , 161.Xr zlib 3 162.Sh STANDARDS 163The 164.Nm 165utility is designed to conform to IETF RFC 4880. 166.Sh HISTORY 167The 168.Nm 169command first appeared in 170.Nx 6.0 . 171.Sh AUTHORS 172.An -nosplit 173.An Ben Laurie , 174.An Rachel Willmer , 175and was overhauled and rewritten by 176.An Alistair Crooks Aq Mt agc@NetBSD.org . 177This manual page was written by 178.An Alistair Crooks . 179