projects
/
u
/
mdw
/
catacomb
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
mpbarrett: Found mpbarrett_reduce hanging on this testcase.
[u/mdw/catacomb]
/
dsig.1
diff --git
a/dsig.1
b/dsig.1
index
0d7c83b
..
edd1036
100644
(file)
--- a/
dsig.1
+++ b/
dsig.1
@@
-44,7
+44,7
@@
is one of:
.RI [ item ...]
.br
.B sign
.RI [ item ...]
.br
.B sign
-.RB [ \-0bqv ]
+.RB [ \-0bqv
C
]
.RB [ \-c
.IR comment ]
.RB [ \-k
.RB [ \-c
.IR comment ]
.RB [ \-k
@@
-59,7
+59,7
@@
is one of:
.IR output ]
.br
.B verify
.IR output ]
.br
.B verify
-.RB [ \-qv ]
+.RB [ \-qv
C
]
.RI [ file ]
.SH DESCRIPTION
The
.RI [ file ]
.SH DESCRIPTION
The
@@
-123,7
+123,7
@@
for a list of supported signature algorithms.
.B rsapkcs1
This is almost the same as the RSASSA-PKCS1-v1_5 algorithm described in
RFC3447; the difference is that the hash is left bare rather than being
.B rsapkcs1
This is almost the same as the RSASSA-PKCS1-v1_5 algorithm described in
RFC3447; the difference is that the hash is left bare rather than being
-wrapped in a DER-encoded
+wrapped in a DER-encoded
.B DigestInfo
structure. This doesn't affect security since the key can only be used
with the one hash function anyway, and dropping the DER wrapping permits
.B DigestInfo
structure. This doesn't affect security since the key can only be used
with the one hash function anyway, and dropping the DER wrapping permits
@@
-148,7
+148,7
@@
command (see
to generate the key.
.TP
.B dsa
to generate the key.
.TP
.B dsa
-This is the DSA algorithm described in FIPS180-1 and FIPS180-2.
Use the
+This is the DSA algorithm described in FIPS180-1 and FIPS180-2. Use the
.B dsa
algorithm of the
.B key add
.B dsa
algorithm of the
.B key add
@@
-210,7
+210,7
@@
the default hash function is
.BR sha .
.hP \*o
For
.BR sha .
.hP \*o
For
-.BR kcdsa
+.BR kcdsa
and
.BR eckcdsa ,
the default hash function is
and
.BR eckcdsa ,
the default hash function is
@@
-323,6
+323,11
@@
Set the signature to expire at
The default is to expire 28 days from creation. Use
.B forever
to make the signature not expire.
The default is to expire 28 days from creation. Use
.B forever
to make the signature not expire.
+.TP
+.B "\-C, \-\-nocheck"
+Don't check the private key for validity. This makes signing go much
+faster, but at the risk of using a duff key, and potentially leaking
+information about the private key.
.PP
The whitespace-separated format for filenames allows quoting and
escaping of strange characters. The backslash
.PP
The whitespace-separated format for filenames allows quoting and
escaping of strange characters. The backslash
@@
-360,6
+365,11
@@
Produce more informational output. The default verbosity level is 1.
.TP
.B "\-q, \-\-quiet"
Produce less information output.
.TP
.B "\-q, \-\-quiet"
Produce less information output.
+.TP
+.B "\-C, \-\-nocheck"
+Don't check the public key for validity. This makes verification go
+much faster, but at the risk of using a duff key, and potentially
+accepting false signatures.
.PP
Output is written to standard output in a machine-readable format.
Formatting errors cause the program to write a diagnostic to standard
.PP
Output is written to standard output in a machine-readable format.
Formatting errors cause the program to write a diagnostic to standard
@@
-370,7
+380,7
@@
An error prevented verification.
.TP
.BI "BAD " reason
The signature is bad: some file had the wrong hash or the signature is
.TP
.BI "BAD " reason
The signature is bad: some file had the wrong hash or the signature is
-invalid.
+invalid.
.TP
.BI "WARN " reason
.B dsig
.TP
.BI "WARN " reason
.B dsig
@@
-380,7
+390,7
@@
encountered a situation which may or may not invalidate the signature.
The signature verified correctly.
.TP
.BI "INFO " note
The signature verified correctly.
.TP
.BI "INFO " note
-Any other information.
+Any other information.
.PP
The information written at the various verbosity levels is as follows.
.hP 0.
.PP
The information written at the various verbosity levels is as follows.
.hP 0.
@@
-472,7
+482,7
@@
command. This block need not appear.
.TP
.BR "date: " (3)
The date the signature was made. In a text file, this has the form
.TP
.BR "date: " (3)
The date the signature was made. In a text file, this has the form
-.IB yyyy-mm-dd
+.IB yyyy-mm-dd
.IB hh:mm:ss
.IR timezone ;
in a binary file, it's a 64-bit integer representing the POSIX time.
.IB hh:mm:ss
.IR timezone ;
in a binary file, it's a 64-bit integer representing the POSIX time.
@@
-507,6
+517,7
@@
blocks.
.BR key (1),
.BR hashsum (1),
.BR catcrypt (1),
.BR key (1),
.BR hashsum (1),
.BR catcrypt (1),
+.BR catsign (1),
.BR keyring (5).
.SH AUTHOR
.BR keyring (5).
.SH AUTHOR
-Mark Wooding, <mdw@
nsict.org
>
+Mark Wooding, <mdw@
distorted.org.uk
>