X-Git-Url: https://git.distorted.org.uk/u/mdw/catacomb/blobdiff_plain/c65df27983057ec76ed0e72bb370f9a5ae7dad28..c97fbcf9622edc35b594bf574f553f7f13c21164:/dsig.1

diff --git a/dsig.1 b/dsig.1
index 0d7c83b..edd1036 100644
--- a/dsig.1
+++ b/dsig.1
@@ -44,7 +44,7 @@ is one of:
 .RI [ item ...]
 .br
 .B sign
-.RB [ \-0bqv ]
+.RB [ \-0bqvC ]
 .RB [ \-c
 .IR comment ]
 .RB [ \-k
@@ -59,7 +59,7 @@ is one of:
 .IR output ]
 .br
 .B verify
-.RB [ \-qv ]
+.RB [ \-qvC ]
 .RI [ file ]
 .SH DESCRIPTION
 The
@@ -123,7 +123,7 @@ for a list of supported signature algorithms.
 .B rsapkcs1
 This is almost the same as the RSASSA-PKCS1-v1_5 algorithm described in
 RFC3447; the difference is that the hash is left bare rather than being
-wrapped in a DER-encoded 
+wrapped in a DER-encoded
 .B DigestInfo
 structure.  This doesn't affect security since the key can only be used
 with the one hash function anyway, and dropping the DER wrapping permits
@@ -148,7 +148,7 @@ command (see
 to generate the key.
 .TP
 .B dsa
-This is the DSA algorithm described in FIPS180-1 and FIPS180-2.    Use the
+This is the DSA algorithm described in FIPS180-1 and FIPS180-2.  Use the
 .B dsa
 algorithm of the
 .B key add
@@ -210,7 +210,7 @@ the default hash function is
 .BR sha .
 .hP \*o
 For
-.BR kcdsa 
+.BR kcdsa
 and
 .BR eckcdsa ,
 the default hash function is
@@ -323,6 +323,11 @@ Set the signature to expire at
 The default is to expire 28 days from creation.  Use
 .B forever
 to make the signature not expire.
+.TP
+.B "\-C, \-\-nocheck"
+Don't check the private key for validity.  This makes signing go much
+faster, but at the risk of using a duff key, and potentially leaking
+information about the private key.
 .PP
 The whitespace-separated format for filenames allows quoting and
 escaping of strange characters.  The backslash
@@ -360,6 +365,11 @@ Produce more informational output.  The default verbosity level is 1.
 .TP
 .B "\-q, \-\-quiet"
 Produce less information output.
+.TP
+.B "\-C, \-\-nocheck"
+Don't check the public key for validity.  This makes verification go
+much faster, but at the risk of using a duff key, and potentially
+accepting false signatures.
 .PP
 Output is written to standard output in a machine-readable format.
 Formatting errors cause the program to write a diagnostic to standard
@@ -370,7 +380,7 @@ An error prevented verification.
 .TP
 .BI "BAD " reason
 The signature is bad: some file had the wrong hash or the signature is
-invalid. 
+invalid.
 .TP
 .BI "WARN " reason
 .B dsig
@@ -380,7 +390,7 @@ encountered a situation which may or may not invalidate the signature.
 The signature verified correctly.
 .TP
 .BI "INFO " note
-Any other information. 
+Any other information.
 .PP
 The information written at the various verbosity levels is as follows.
 .hP 0.
@@ -472,7 +482,7 @@ command.  This block need not appear.
 .TP
 .BR "date: " (3)
 The date the signature was made.  In a text file, this has the form
-.IB yyyy-mm-dd 
+.IB yyyy-mm-dd
 .IB hh:mm:ss
 .IR timezone ;
 in a binary file, it's a 64-bit integer representing the POSIX time.
@@ -507,6 +517,7 @@ blocks.
 .BR key (1),
 .BR hashsum (1),
 .BR catcrypt (1),
+.BR catsign (1),
 .BR keyring (5).
 .SH AUTHOR
-Mark Wooding, <mdw@nsict.org>
+Mark Wooding, <mdw@distorted.org.uk>