NETPGPVERIFY(1) General Commands Manual NETPGPVERIFY(1)

NAME

netpgpverifystandalone program for digital signature verification

SYNOPSIS

netpgpverify --verify [--output=filename] [options] file ...

where the options for all commands are:

[--coredumps]

 
[--homedir=home-directory]
 
[--keyring=keyring]
 
[--userid=userid]
 
[--verbose]

DESCRIPTION

The netpgpverify complements the netpgp(1) program, and duplicates its verification functionality in a single standalone program. The reason for this duplication is simply because verification of digital signatures is such a common operation that a single, much smaller, standalone program can be used.

The following commands are used to verify signatures:

--coredumps
In normal processing, if an error occurs, the contents of memory are saved to disk, and can be read using tools to analyse behaviour. Unfortunately this can disclose information to people viewing the core dump, such as secret keys, and passphrases protecting those keys. In normal operation, netpgpverify will turn off the ability to save core dumps on persistent storage, but selecting this option will allow core dumps to be written to disk. This option should be used wisely, and any core dumps should be deleted in a secure manner when no longer needed.
--homedir home-directory
Keyrings are normally located, for historical reasons, within the user's home directory in a subdirectory called “.gnupg” and this option specifies an alternative location in which to find that sub-directory.
--keyring keyring
This option specifies an alternative keyring to be used. All keyring operations will be relative to this alternative keyring.
--output
specifies a filename to which verified output from a signed file may be redirected. The default is to send the verified output to stdout, and this may also be specified using the “-” value.
--verbose
This option can be used to view information during the process of the netpgpverify requests.

SIGNING AND VERIFICATION

Verification of a file's signature is best viewed using the following example:

% netpgp --sign --userid=agc@netbsd.org a 
signature  2048/RSA (Encrypt or Sign) 1b68dcfcc0596823 2004-01-12 
Key fingerprint: d415 9deb 336d e4cc cdfa 00cd 1b68 dcfc c059 6823 
uid              Alistair Crooks <alistair@hockley-crooks.com> 
uid              Alistair Crooks <agc@pkgsrc.org> 
uid              Alistair Crooks <agc@netbsd.org> 
uid              Alistair Crooks <agc@alistaircrooks.com> 
uid              Alistair Crooks (Yahoo!) <agcrooks@yahoo-inc.com> 
encryption 2048/RSA (Encrypt or Sign) 79deb61e488eee74 2004-01-12 
netpgp passphrase: 
% netpgpverify a.gpg 
Good signature for a.gpg made Thu Jan 29 03:06:00 2009 
using RSA (Encrypt or Sign) key 1B68DCFCC0596823 
signature  2048/RSA (Encrypt or Sign) 1b68dcfcc0596823 2004-01-12 
Key fingerprint: d415 9deb 336d e4cc cdfa 00cd 1b68 dcfc c059 6823 
uid              Alistair Crooks <alistair@hockley-crooks.com> 
uid              Alistair Crooks <agc@pkgsrc.org> 
uid              Alistair Crooks <agc@netbsd.org> 
uid              Alistair Crooks <agc@alistaircrooks.com> 
uid              Alistair Crooks (Yahoo!) <agcrooks@yahoo-inc.com> 
encryption 2048/RSA (Encrypt or Sign) 79deb61e488eee74 2004-01-12 
%

In the example above, a signature is made on a single file called “a” using a user identity corresponding to “agc@netbsd.org” and using the netpgp(1) program. The key located for the user identity is displayed, and the user is prompted to type in their passphrase. The resulting file, called “a.gpg” is placed in the same directory. The second part of the example shows a verification using netpgpverify of the signed file taking place. The time and user identity of the signatory is displayed, followed by a fuller description of the public key of the signatory. In both cases, the exit value from the utility was a successful one.

EXIT STATUS

The netpgpverify utility will return 0 for success, 1 if the file's signature does not match what was expected, or 2 if any other error occurs.

SEE ALSO

netpgp(1), libnetpgp(3), ssl(3), zlib(3)

STANDARDS

The netpgpverify utility is designed to conform to IETF RFC 4880.

HISTORY

The netpgpverify command first appeared in NetBSD 6.0.

AUTHORS

Ben Laurie, Rachel Willmer, and was overhauled and rewritten by Alistair Crooks <agc@NetBSD.org>. This manual page was written by Alistair Crooks.
November 10, 2010 NetBSD 6.1