X-Git-Url: https://git.distorted.org.uk/u/mdw/catacomb/blobdiff_plain/c65df27983057ec76ed0e72bb370f9a5ae7dad28..58507325768f8f0a6cef7ba37de4f8492b92fc3b:/key.1

diff --git a/key.1 b/key.1
index 07237a7..785021e 100644
--- a/key.1
+++ b/key.1
@@ -117,6 +117,14 @@ is one of:
 .IR hash ]
 .RI [ tag ...]
 .br
+.B verify
+.RB [ \-f
+.IR filter ]
+.RB [ \-a
+.IR hash ]
+.I tag
+.I fingerprint
+.br
 .B tidy
 .br
 .B extract
@@ -301,7 +309,9 @@ command.
 .B hash
 The hash functions which can be used with the
 .B fingerprint
-command.
+and
+.B verify
+commands.
 .TP
 .B ec
 The built-in elliptic curves which can be used with the
@@ -613,7 +623,7 @@ Finally, the
 option can be given, in which case the parameters are taken directly
 from the provided group specification, which may either be the the name
 of one of the built-in groups (say
-.B "key add \-a dh\-param \-C list 42"
+.B "key show dh"
 for a list) or a triple
 .RI ( p ,\  q ,\  g ).
 separated by commas.  No random generation is done in this case: the
@@ -715,7 +725,7 @@ A
 can be given explicitly (in which case
 .RB ` \-b '
 is ignored).  It can either be the name of a built-in curve (say
-.B "key add \-a ec\-param \-C list 42"
+.B "key show ec"
 for a list of curve names) or a full specification.  The curve is
 checked for correctness and security according to the SEC1
 specification: failed checks cause a warning to be issued to standard
@@ -868,7 +878,7 @@ decrypt locked keys.  Make sure nobody is looking over your shoulder
 when you do this!
 .SS "fingerprint"
 Reports a fingerprint (secure hash) on components of requested keys.
-The following option is supported:
+The following options are supported:
 .TP
 .BI "\-f, \-\-filter " filter
 Specifies a filter.  Only keys and key components which match the filter
@@ -877,7 +887,7 @@ components.
 .TP
 .BI "\-a, \-\-algorithm " hash
 Names the hashing algorithm.  Run
-.B hashsum -a list
+.B key show hash
 for a list of hashing algorithms.  The default is
 .BR rmd160 .
 .PP
@@ -886,6 +896,24 @@ command line arguments.  If no key tags are given, all keys which match
 the filter are fingerprinted.  See
 .BR keyring (5)
 for a description of how key fingerprints are computed.
+.SS "verify"
+Check a key's fingerprint against a reference copy.  The following
+options are supported:
+.TP
+.BI "\-f, \-\-filter " filter
+Specifies a filter.  Only key components which match the filter are
+hashed.  The default is to only fingerprint nonsecret components.  An
+error is reported if no part of the key matches.
+.TP
+.BI "\-a, \-\-algorithm " hash
+Names the hashing algorithm.  Run
+.B key show hash
+for a list of hashing algorithms.  The default is
+.BR rmd160 .
+.PP
+The reference fingerprint is given as hex, in upper or lower case.  The
+hash may contain hyphens, colons and whitespace.  Other characters are
+not permitted.
 .SS "tidy"
 Simply reads the keyring from file and writes it back again.  This has
 the effect of removing any deleted keys from the file.