Module Name: src
Committed By: agc
Date: Mon Jun 8 06:15:51 UTC 2009
Added Files:
src/crypto/external/bsd/netpgp/dist/src/bin: netpgpverify.1
Log Message:
Add a manual page for netpgpverify(1).
To generate a diff of this commit:
cvs rdiff -u -r0 -r1.1 \
src/crypto/external/bsd/netpgp/dist/src/bin/netpgpverify.1
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Added files:
Index: src/crypto/external/bsd/netpgp/dist/src/bin/netpgpverify.1
diff -u /dev/null src/crypto/external/bsd/netpgp/dist/src/bin/netpgpverify.1:1.1
--- /dev/null Mon Jun 8 06:15:51 2009
+++ src/crypto/external/bsd/netpgp/dist/src/bin/netpgpverify.1 Mon Jun 8 06:15:51 2009
@@ -0,0 +1,174 @@
+.\" $NetBSD: netpgpverify.1,v 1.1 2009/06/08 06:15:51 agc Exp $
+.\"
+.\" Copyright (c) 2009 The NetBSD Foundation, Inc.
+.\" All rights reserved.
+.\"
+.\" This manual page is derived from software contributed to
+.\" The NetBSD Foundation by Alistair Crooks (a...@netbsd.org).
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\" notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\" notice, this list of conditions and the following disclaimer in the
+.\" documentation and/or other materials provided with the distribution.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
+.\" ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+.\" TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
+.\" BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+.\" CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+.\" SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+.\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+.\" CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+.\" POSSIBILITY OF SUCH DAMAGE.
+.\"
+.Dd June 6, 2009
+.Dt NETPGPVERIFY 1
+.Os
+.Sh NAME
+.Nm netpgpverify
+.Nd standalone program for digital signature verification
+.Sh SYNOPSIS
+.Nm
+.Fl Fl verify
+.Op Fl Fl output Ns = Ns Ar filename
+.Op options
+.Ar file ...
+.Pp
+where the options for all commands are:
+.Pp
+.Op Fl Fl coredumps
+.br
+.Op Fl Fl homedir Ns = Ns Ar home-directory
+.br
+.Op Fl Fl keyring Ns = Ns Ar keyring
+.br
+.Op Fl Fl userid Ns = Ns Ar userid
+.br
+.Op Fl Fl verbose
+.Sh DESCRIPTION
+The
+.Nm
+complements the
+.Xr netpgp 1
+program, and duplicates its verification functionality in
+a single standalone program.
+The reason for this duplication is simply because verification
+of digital signatures
+is such a common operation that a single, much smaller,
+standalone program can be used.
+.Pp
+The following commands are used to sign and verify signatures:
+.Bl -tag -width Ar
+.It Fl Fl homedir Ar home-directory
+Keyrings are normally located, for historical reasons, within
+the user's home directory in a subdirectory called
+.Dq Pa .gnupg
+and this option specifies an alternative location in which to
+find that sub-directory.
+.It Fl Fl keyring Ar keyring
+This option specifies an alternative keyring to be used.
+All keyring operations will be relative to this alternative keyring.
+.It Fl Fl output
+specifies a filename to which verified output from a signed file
+may be redirected.
+The default is to send the verified output to stdout,
+and this may also be specified using the
+.Dq -
+value.
+.It Fl Fl verbose
+This option can be used to view information during
+the process of the
+.Nm
+requests.
+.It Fl Fl coredumps
+in normal processing,
+if an error occurs, the contents of memory are saved to disk, and can
+be read using tools to analyse behaviour.
+Unfortuinately this can disclose information to people viewing
+the core dump, such as secret keys, and passphrases protecting
+those keys.
+In normal operation,
+.Nm
+will turn off the ability to save core dumps on persistent storage,
+but selecting this option will allow core dumps to be written to disk.
+This option should be used wisely, and any core dumps should
+be deleted in a secure manner when no longer needed.
+.El
+.Sh SIGNING AND VERIFICATION
+Signing and verification of a file is best viewed using the following example:
+.Bd -literal
+% netpgp --sign --userid=...@netbsd.org a
+pub 2048/RSA (Encrypt or Sign) 1b68dcfcc0596823 2004-01-12
+Key fingerprint: d415 9deb 336d e4cc cdfa 00cd 1b68 dcfc c059 6823
+uid Alistair Crooks \*[lt]...@netbsd.org\*[gt]
+uid Alistair Crooks \*[lt]...@pkgsrc.org\*[gt]
+uid Alistair Crooks \*[lt]...@alistaircrooks.com\*[gt]
+uid Alistair Crooks \*[lt]alist...@hockley-crooks.com\*[gt]
+netpgp passphrase:
+% netpgpverify a.gpg
+Good signature for a.gpg made Thu Jan 29 03:06:00 2009
+using RSA (Encrypt or Sign) key 1B68DCFCC0596823
+pub 2048/RSA (Encrypt or Sign) 1b68dcfcc0596823 2004-01-12
+Key fingerprint: d415 9deb 336d e4cc cdfa 00cd 1b68 dcfc c059 6823
+uid Alistair Crooks \*[lt]alist...@hockley-crooks.com\*[gt]
+uid Alistair Crooks \*[lt]...@pkgsrc.org\*[gt]
+uid Alistair Crooks \*[lt]...@netbsd.org\*[gt]
+uid Alistair Crooks \*[lt]...@alistaircrooks.com\*[gt]
+%
+.Ed
+.Pp
+In the example above, a signature is made on a single file called
+.Dq Pa a
+using a user identity corresponding to
+.Dq a...@netbsd.org
+and using the
+.Xr netpgp 1
+program.
+The key located for the user identity is displayed, and
+the user is prompted to type in their passphrase.
+The resulting file, called
+.Dq Pa a.gpg
+is placed in the same directory.
+The second part of the example shows a verification
+using
+.Nm
+of the signed file
+taking place.
+The time and user identity of the signatory is displayed, followed
+by a fuller description of the public key of the signatory.
+In both cases, the exit value from the utility was a successful one.
+.Sh RETURN VALUES
+The
+.Nm
+utility will return 0 for success,
+1 if the file's signature does not match what was expected,
+or 2 if any other error occurs.
+.Sh SEE ALSO
+.Xr netpgp 1 ,
+.\" .Xr libbz2 3 ,
+.Xr libnetpgp 3 ,
+.Xr ssl 3 ,
+.Xr zlib 3
+.Sh STANDARDS
+The
+.Nm
+utility is designed to conform to IETF RFC 4880.
+.Sh HISTORY
+The
+.Nm
+command first appeared in
+.Nx 6.0 .
+.Sh AUTHORS
+.An -nosplit
+.An Ben Laurie ,
+.An Rachel Willmer ,
+and was overhauled and rewritten by
+.An Alistair Crooks Aq a...@netbsd.org .
+This manual page was written by
+.An Alistair Crooks .
