NETPGPVERIFY(1) |
General Commands Manual |
NETPGPVERIFY(1) |
NAME
netpgpverify — standalone program for digital signature verification
SYNOPSIS
netpgpverify |
--verify [--output=filename] [options] file ... |
where the options for all commands are:
[--coredumps]
[
--homedir=home-directory]
[
--keyring=keyring]
[
--userid=userid]
[
--verbose]
DESCRIPTION
The
netpgpverify complements the
netpgp(1) program, and duplicates its verification functionality in a single standalone program. The reason for this duplication is simply because verification of digital signatures is such a common operation that a single, much smaller, standalone program can be used.
The following commands are used to verify signatures:
-
--coredumps
-
In normal processing, if an error occurs, the contents of memory are saved to disk, and can be read using tools to analyse behaviour. Unfortunately this can disclose information to people viewing the core dump, such as secret keys, and passphrases protecting those keys. In normal operation, netpgpverify will turn off the ability to save core dumps on persistent storage, but selecting this option will allow core dumps to be written to disk. This option should be used wisely, and any core dumps should be deleted in a secure manner when no longer needed.
-
--homedir home-directory
-
Keyrings are normally located, for historical reasons, within the user's home directory in a subdirectory called “.gnupg” and this option specifies an alternative location in which to find that sub-directory.
-
--keyring keyring
-
This option specifies an alternative keyring to be used. All keyring operations will be relative to this alternative keyring.
-
--output
-
specifies a filename to which verified output from a signed file may be redirected. The default is to send the verified output to stdout, and this may also be specified using the “-” value.
-
--verbose
-
This option can be used to view information during the process of the netpgpverify requests.
SIGNING AND VERIFICATION
Verification of a file's signature is best viewed using the following example:
% netpgp --sign --userid=agc@netbsd.org a
signature 2048/RSA (Encrypt or Sign) 1b68dcfcc0596823 2004-01-12
Key fingerprint: d415 9deb 336d e4cc cdfa 00cd 1b68 dcfc c059 6823
uid Alistair Crooks <alistair@hockley-crooks.com>
uid Alistair Crooks <agc@pkgsrc.org>
uid Alistair Crooks <agc@netbsd.org>
uid Alistair Crooks <agc@alistaircrooks.com>
uid Alistair Crooks (Yahoo!) <agcrooks@yahoo-inc.com>
encryption 2048/RSA (Encrypt or Sign) 79deb61e488eee74 2004-01-12
netpgp passphrase:
% netpgpverify a.gpg
Good signature for a.gpg made Thu Jan 29 03:06:00 2009
using RSA (Encrypt or Sign) key 1B68DCFCC0596823
signature 2048/RSA (Encrypt or Sign) 1b68dcfcc0596823 2004-01-12
Key fingerprint: d415 9deb 336d e4cc cdfa 00cd 1b68 dcfc c059 6823
uid Alistair Crooks <alistair@hockley-crooks.com>
uid Alistair Crooks <agc@pkgsrc.org>
uid Alistair Crooks <agc@netbsd.org>
uid Alistair Crooks <agc@alistaircrooks.com>
uid Alistair Crooks (Yahoo!) <agcrooks@yahoo-inc.com>
encryption 2048/RSA (Encrypt or Sign) 79deb61e488eee74 2004-01-12
%
In the example above, a signature is made on a single file called “a” using a user identity corresponding to “agc@netbsd.org” and using the netpgp(1) program. The key located for the user identity is displayed, and the user is prompted to type in their passphrase. The resulting file, called “a.gpg” is placed in the same directory. The second part of the example shows a verification using netpgpverify of the signed file taking place. The time and user identity of the signatory is displayed, followed by a fuller description of the public key of the signatory. In both cases, the exit value from the utility was a successful one.
EXIT STATUS
The netpgpverify utility will return 0 for success, 1 if the file's signature does not match what was expected, or 2 if any other error occurs.
STANDARDS
The netpgpverify utility is designed to conform to IETF RFC 4880.
HISTORY
The netpgpverify command first appeared in NetBSD 6.0.
AUTHORS
Ben Laurie, Rachel Willmer, and was overhauled and rewritten by Alistair Crooks <agc@NetBSD.org>. This manual page was written by Alistair Crooks.