1.\" $NetBSD: netpgpverify.1,v 1.13 2018/04/04 21:39:35 sevan Exp $ 2.\" 3.\" Copyright (c) 2013,2014,2015 Alistair Crooks <agc@NetBSD.org> 4.\" All rights reserved. 5.\" 6.\" Redistribution and use in source and binary forms, with or without 7.\" modification, are permitted provided that the following conditions 8.\" are met: 9.\" 1. Redistributions of source code must retain the above copyright 10.\" notice, this list of conditions and the following disclaimer. 11.\" 2. Redistributions in binary form must reproduce the above copyright 12.\" notice, this list of conditions and the following disclaimer in the 13.\" documentation and/or other materials provided with the distribution. 14.\" 15.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 16.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 17.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 18.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 19.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 20.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 21.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 22.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 23.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 24.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 25.\" 26.Dd April 3, 2018 27.Dt NETPGPVERIFY 1 28.Os 29.Sh NAME 30.Nm netpgpverify 31.Nd standalone program for digital signature verification 32.Sh SYNOPSIS 33.Nm 34.Op Fl v 35.Op Fl S Ar ssh-pub-key-file 36.Op Fl c Ar command 37.Op Fl k Ar keyring 38.Ar file ... 39.Sh DESCRIPTION 40The 41.Nm 42implements digital signature verification. 43It is designed to be simple and standalone; no external libraries, except 44for 45.Xr libz 46and 47.Xr libbz2 48are used, in order to ensure maximum portability. 49.Pp 50It is completely rewritten from the version of the program that appeared in 51.Nx 6.0 52as part of the 53.Xr netpgp 1 54suite of commands. 55.Pp 56The 57.Nm 58utility requires a file containing public keys, commonly called a 59.Dq keyring . 60Digitally-signed information can be fed to 61.Nm 62in two ways: as standard input, or as files provided on the command line. 63The public key part of the key which was used to sign the file must be 64present, or the signature verification will fail. 65Files may be signed in two distinct ways: as text documents, and as binary 66files. 67Text documents modify the contents to add different line-ending 68characters, and behave differently at the final byte of the input document. 69Binary files are read verbatim, and are not modified in any way. 70.Pp 71The 72.Fl k 73command line argument allows a keyring to be specified. 74.Pp 75The 76.Fl v 77command line argument prints the version of the 78.Nm 79command and then exits. 80.Pp 81The 82.Fl c 83argument allows a 84.Dq command 85to be given, modifying the behaviour of the 86.Nm 87command. 88This command can take one of three values: 89.Dq verify 90which is also the default, which verifies the signature 91on the data; 92.Dq cat 93will also verify the signature on the data, and, if 94successfully verified, will display the verified 95data on 96.Dv stdout ; 97and 98.Dq dump 99which will dump the individual PGP packets to standard out, along 100with a hexadecimal dump of the first part of the contents of each 101packet. 102Please note that the packets from the public key ring will also be dumped 103using this command. 104The key ring packets will be displayed immediately before the packets in the 105file being verified. 106.Pp 107The 108.Fl S 109argument allows an ssh public key file to be used as the source of 110truth for the key. 111This ssh-key-based signature can be created using the 112.Xr netpgp 1 113utility. 114.Pp 115If a detached signature 116.Dq .sig 117is given on the command line, the signing information will be retrieved 118from that file, and the original data is expected to be found in a file in the same 119directory with the same name with the 120.Dq .sig 121suffix removed. 122.Pp 123Both text mode signatures, and binary signatures, can be verified by 124.Nm 125.Sh SIGNING AND VERIFICATION 126Verification of a file's signature is best viewed using the following example: 127.Bd -literal 128% netpgpverify -k pubring.gpg NetBSD-6.0_RC1_hashes.asc 129Good signature for NetBSD-6.0_RC1_hashes.asc made Thu Aug 23 11:47:50 2012 130signature 4096/RSA (Encrypt or Sign) 064973ac4c4a706e 2009-06-23 131fingerprint ddee 2bdb 9c98 a0d1 d4fb dbf7 0649 73ac 4c4a 706e 132uid NetBSD Security Officer <security-officer@NetBSD.org> 133% 134.Ed 135.Sh EXIT STATUS 136The 137.Nm 138utility will return 0 for a successful verification, 1391 if the file's signature does not match what was expected, 140or 2 if any other error occurs. 141.Sh SEE ALSO 142.Xr netpgp 1 , 143.\" .Xr libbz2 3 , 144.Xr zlib 3 145.Sh STANDARDS 146.Rs 147.%A J. Callas 148.%A L. Donnerhacke 149.%A H. Finney 150.%A D. Shaw 151.%A R. Thayer 152.%D November 2007 153.%R RFC 4880 154.%T OpenPGP Message Format 155.Re 156.Sh HISTORY 157The 158.Nm 159command first appeared in 160.Nx 7.0 . 161.Sh AUTHORS 162.An Alistair Crooks Aq agc@NetBSD.org . 163