Optionally turn off checking of keys.

[u/mdw/catacomb] / catsign.1

diff --git a/catsign.1 b/catsign.1
index 596b76f..e762712 100644 (file)
--- a/catsign.1
+++ b/catsign.1
@@ -44,7 +44,7 @@ is one of:
 .RI [ item ...]
 .br
 .B sign
-.RB [ \-adt ]
+.RB [ \-adtC ]
 .RB [ \-k
 .IR tag ]
 .RB [ \-f
@@ -54,7 +54,7 @@ is one of:
 .RI [ file ]
 .br
 .B verify
-.RB [ \-aquv ]
+.RB [ \-aquvC ]
 .RB [ \-k
 .IR tag ]
 .RB [ \-f
@@ -403,6 +403,11 @@ rather than to standard output.
 .TP
 .B "\-t, \-\-text"
 Read and sign the input as text.  This is the default.
+.TP
+.B "\-C, \-\-nocheck"
+Don't check the private key for validity.  This makes signing go much
+faster, but at the risk of using a duff key, and potentially leaking
+information about the private key.
 .SS verify
 The
 .B verify
@@ -472,6 +477,11 @@ The file is written in text or binary
 mode as appropriate.  The default is to write the message to standard
 output unless verifying a detached signature, in which case nothing is
 written.
+.TP
+.B "\-C, \-\-nocheck"
+Don't check the public key for validity.  This makes verification go
+much faster, but at the risk of using a duff key, and potentially
+accepting false signatures.
 .PP
 Output is written to standard output in a machine-readable format.
 Major problems cause the program to write a diagnostic to standard error