Merge branch 'master' of git+ssh://metalzone.distorted.org.uk/~mdw/public-git/catacomb/

[u/mdw/catacomb] / catsign.1

diff --git a/catsign.1 b/catsign.1
index 596b76f..3f1cd5e 100644 (file)
--- a/catsign.1
+++ b/catsign.1
@@ -44,7 +44,7 @@ is one of:
 .RI [ item ...]
 .br
 .B sign
-.RB [ \-adt ]
+.RB [ \-adtC ]
 .RB [ \-k
 .IR tag ]
 .RB [ \-f
@@ -54,7 +54,7 @@ is one of:
 .RI [ file ]
 .br
 .B verify
-.RB [ \-aquv ]
+.RB [ \-aquvC ]
 .RB [ \-k
 .IR tag ]
 .RB [ \-f
@@ -243,6 +243,21 @@ algorithm of the
 command (see
 .BR key (1))
 to generate the key.
+.TP
+.B mac
+This uses a symmetric message-authentication algorithm rather than a
+digital signature.  The precise message-authentication scheme used is
+determined by the
+.B mac
+attribute on the key, which defaults to
+.IB hash -hmac
+if unspecified.  Use the
+.B binary
+algorithm of the
+.B key add
+command (see
+.BR key (1))
+to generate the key.
 .PP
 As well as the signature algorithm itself, a hash function is used.
 This is taken from the
@@ -403,6 +418,11 @@ rather than to standard output.
 .TP
 .B "\-t, \-\-text"
 Read and sign the input as text.  This is the default.
+.TP
+.B "\-C, \-\-nocheck"
+Don't check the private key for validity.  This makes signing go much
+faster, but at the risk of using a duff key, and potentially leaking
+information about the private key.
 .SS verify
 The
 .B verify
@@ -472,6 +492,11 @@ The file is written in text or binary
 mode as appropriate.  The default is to write the message to standard
 output unless verifying a detached signature, in which case nothing is
 written.
+.TP
+.B "\-C, \-\-nocheck"
+Don't check the public key for validity.  This makes verification go
+much faster, but at the risk of using a duff key, and potentially
+accepting false signatures.
 .PP
 Output is written to standard output in a machine-readable format.
 Major problems cause the program to write a diagnostic to standard error