Optionally turn off checking of keys.

[u/mdw/catacomb] / dsig.1

diff --git a/dsig.1 b/dsig.1
index 70a4ea8..10fe6c6 100644 (file)
--- a/dsig.1
+++ b/dsig.1
@@ -44,7 +44,7 @@ is one of:
 .RI [ item ...]
 .br
 .B sign
-.RB [ \-0bqv ]
+.RB [ \-0bqvC ]
 .RB [ \-c
 .IR comment ]
 .RB [ \-k
@@ -59,7 +59,7 @@ is one of:
 .IR output ]
 .br
 .B verify
-.RB [ \-qv ]
+.RB [ \-qvC ]
 .RI [ file ]
 .SH DESCRIPTION
 The
@@ -323,6 +323,11 @@ Set the signature to expire at
 The default is to expire 28 days from creation.  Use
 .B forever
 to make the signature not expire.
+.TP
+.B "\-C, \-\-nocheck"
+Don't check the private key for validity.  This makes signing go much
+faster, but at the risk of using a duff key, and potentially leaking
+information about the private key.
 .PP
 The whitespace-separated format for filenames allows quoting and
 escaping of strange characters.  The backslash
@@ -360,6 +365,11 @@ Produce more informational output.  The default verbosity level is 1.
 .TP
 .B "\-q, \-\-quiet"
 Produce less information output.
+.TP
+.B "\-C, \-\-nocheck"
+Don't check the public key for validity.  This makes verification go
+much faster, but at the risk of using a duff key, and potentially
+accepting false signatures.
 .PP
 Output is written to standard output in a machine-readable format.
 Formatting errors cause the program to write a diagnostic to standard