Hash utilities: Check for and report on junk files.

[u/mdw/catacomb] / dsig.1

diff --git a/dsig.1 b/dsig.1
index 3b4223c..85056aa 100644 (file)
--- a/dsig.1
+++ b/dsig.1
@@ -44,7 +44,7 @@ is one of:
 .RI [ item ...]
 .br
 .B sign
 .RI [ item ...]
 .br
 .B sign

-.RB [ \-0bqv ]
+.RB [ \-0bpqvC ]

 .RB [ \-c
 .IR comment ]
 .RB [ \-k
 .RB [ \-c
 .IR comment ]
 .RB [ \-k


@@ -55,11 +55,13 @@ is one of:
 \h'8n'
 .RB [ \-f
 .IR file ]
 \h'8n'
 .RB [ \-f
 .IR file ]

+.RB [ \-h
+.IR file ]

 .RB [ \-o
 .IR output ]
 .br
 .B verify
 .RB [ \-o
 .IR output ]
 .br
 .B verify

-.RB [ \-qv ]
+.RB [ \-pqvjC ]

 .RI [ file ]
 .SH DESCRIPTION
 The
 .RI [ file ]
 .SH DESCRIPTION
 The


@@ -123,7 +125,7 @@ for a list of supported signature algorithms.
 .B rsapkcs1
 This is almost the same as the RSASSA-PKCS1-v1_5 algorithm described in
 RFC3447; the difference is that the hash is left bare rather than being
 .B rsapkcs1
 This is almost the same as the RSASSA-PKCS1-v1_5 algorithm described in
 RFC3447; the difference is that the hash is left bare rather than being

-wrapped in a DER-encoded 
+wrapped in a DER-encoded

 .B DigestInfo
 structure.  This doesn't affect security since the key can only be used
 with the one hash function anyway, and dropping the DER wrapping permits
 .B DigestInfo
 structure.  This doesn't affect security since the key can only be used
 with the one hash function anyway, and dropping the DER wrapping permits


@@ -148,7 +150,7 @@ command (see
 to generate the key.
 .TP
 .B dsa
 to generate the key.
 .TP
 .B dsa

-This is the DSA algorithm described in FIPS180-1 and FIPS180-2.    Use the
+This is the DSA algorithm described in FIPS180-1 and FIPS180-2.  Use the

 .B dsa
 algorithm of the
 .B key add
 .B dsa
 algorithm of the
 .B key add


@@ -210,7 +212,7 @@ the default hash function is
 .BR sha .
 .hP \*o
 For
 .BR sha .
 .hP \*o
 For

-.BR kcdsa 
+.BR kcdsa

 and
 .BR eckcdsa ,
 the default hash function is
 and
 .BR eckcdsa ,
 the default hash function is


@@ -301,11 +303,20 @@ Writes
 as a comment in the output file.  The comment's integrity is protected
 by the signature.
 .TP
 as a comment in the output file.  The comment's integrity is protected
 by the signature.
 .TP

+.BI "\-p, \-\-progress"
+Write a progress meter to standard error while processing large files.
+.TP

 .BI "\-f, \-\-file " name
 Read filenames from
 .I name
 instead of from standard input.
 .TP
 .BI "\-f, \-\-file " name
 Read filenames from
 .I name
 instead of from standard input.
 .TP

+.BI "\-h, \-\-hashes " name
+Rather than hashing files, read precomputed hashes from the file
+.IR name ,
+which should be in the format produced by
+.BR hashsum (1).
+.TP

 .BI "\-o, \-\-output " name
 Write output to
 .I name
 .BI "\-o, \-\-output " name
 Write output to
 .I name


@@ -323,6 +334,11 @@ Set the signature to expire at
 The default is to expire 28 days from creation.  Use
 .B forever
 to make the signature not expire.
 The default is to expire 28 days from creation.  Use
 .B forever
 to make the signature not expire.

+.TP
+.B "\-C, \-\-nocheck"
+Don't check the private key for validity.  This makes signing go much
+faster, but at the risk of using a duff key, and potentially leaking
+information about the private key.

 .PP
 The whitespace-separated format for filenames allows quoting and
 escaping of strange characters.  The backslash
 .PP
 The whitespace-separated format for filenames allows quoting and
 escaping of strange characters.  The backslash


@@ -360,6 +376,17 @@ Produce more informational output.  The default verbosity level is 1.
 .TP
 .B "\-q, \-\-quiet"
 Produce less information output.
 .TP
 .B "\-q, \-\-quiet"
 Produce less information output.

+.TP
+.B "\-j, \-\-junk"
+Report files whose hashes have not been checked.
+.TP
+.BI "\-p, \-\-progress"
+Write a progress meter to standard error while processing large files.
+.TP
+.B "\-C, \-\-nocheck"
+Don't check the public key for validity.  This makes verification go
+much faster, but at the risk of using a duff key, and potentially
+accepting false signatures.

 .PP
 Output is written to standard output in a machine-readable format.
 Formatting errors cause the program to write a diagnostic to standard
 .PP
 Output is written to standard output in a machine-readable format.
 Formatting errors cause the program to write a diagnostic to standard


@@ -370,7 +397,7 @@ An error prevented verification.
 .TP
 .BI "BAD " reason
 The signature is bad: some file had the wrong hash or the signature is
 .TP
 .BI "BAD " reason
 The signature is bad: some file had the wrong hash or the signature is

-invalid. 
+invalid.

 .TP
 .BI "WARN " reason
 .B dsig
 .TP
 .BI "WARN " reason
 .B dsig


@@ -379,8 +406,16 @@ encountered a situation which may or may not invalidate the signature.
 .BI "OK " message
 The signature verified correctly.
 .TP
 .BI "OK " message
 The signature verified correctly.
 .TP

+.BI "JUNK " type " " name
+The file
+.I name
+was found (as a result of the search requested by the
+.RB ` \-j '
+option), but it was not mentioned in the signature file and therefore
+has not been checked.
+.TP

 .BI "INFO " note
 .BI "INFO " note

-Any other information. 
+Any other information.

 .PP
 The information written at the various verbosity levels is as follows.
 .hP 0.
 .PP
 The information written at the various verbosity levels is as follows.
 .hP 0.


@@ -472,7 +507,7 @@ command.  This block need not appear.
 .TP
 .BR "date: " (3)
 The date the signature was made.  In a text file, this has the form
 .TP
 .BR "date: " (3)
 The date the signature was made.  In a text file, this has the form

-.IB yyyy-mm-dd 
+.IB yyyy-mm-dd

 .IB hh:mm:ss
 .IR timezone ;
 in a binary file, it's a 64-bit integer representing the POSIX time.
 .IB hh:mm:ss
 .IR timezone ;
 in a binary file, it's a 64-bit integer representing the POSIX time.


@@ -510,4 +545,4 @@ blocks.
 .BR catsign (1),
 .BR keyring (5).
 .SH AUTHOR
 .BR catsign (1),
 .BR keyring (5).
 .SH AUTHOR

-Mark Wooding, <mdw@nsict.org>
+Mark Wooding, <mdw@distorted.org.uk>