X-Git-Url: https://git.distorted.org.uk/u/mdw/catacomb/blobdiff_plain/e1cba07d2ced1016c8a69fbee0eae45f4c9ef363..7c40480318648672af86e03bc72bc45c07194c37:/catsign.1 diff --git a/catsign.1 b/catsign.1 index 961edc3..e762712 100644 --- a/catsign.1 +++ b/catsign.1 @@ -44,7 +44,7 @@ is one of: .RI [ item ...] .br .B sign -.RB [ \-adt ] +.RB [ \-adtC ] .RB [ \-k .IR tag ] .RB [ \-f @@ -54,11 +54,13 @@ is one of: .RI [ file ] .br .B verify -.RB [ \-aquv ] +.RB [ \-aquvC ] .RB [ \-k .IR tag ] .RB [ \-f .IR format ] +.RB [ \-t +.IR time ] .br .RB [ \-o @@ -401,6 +403,11 @@ rather than to standard output. .TP .B "\-t, \-\-text" Read and sign the input as text. This is the default. +.TP +.B "\-C, \-\-nocheck" +Don't check the private key for validity. This makes signing go much +faster, but at the risk of using a duff key, and potentially leaking +information about the private key. .SS verify The .B verify @@ -436,6 +443,7 @@ Read input encoded according to Produce more verbose messages. See below for the messages produced during decryption. The default verbosity level is 1. (Currently this is the most verbose setting. This might not be the case always.) +.TP .B "\-q, \-\-quiet" Produce fewer messages. .TP @@ -447,6 +455,15 @@ signature. Using this option causes verification to fail unless the signature header specifies the key named .IR tag . .TP +.BI "\-t, \-\-freshtime " time +Only accept signatures claiming to have been made more recently than +.IR time . +If +.I time +is +.B always +(the default) then any timestamp in the past is acceptable. +.TP .B "\-u, \-\-utc" Show the datestamp in the signature in UTC rather than (your) local time. The synonym @@ -460,6 +477,11 @@ The file is written in text or binary mode as appropriate. The default is to write the message to standard output unless verifying a detached signature, in which case nothing is written. +.TP +.B "\-C, \-\-nocheck" +Don't check the public key for validity. This makes verification go +much faster, but at the risk of using a duff key, and potentially +accepting false signatures. .PP Output is written to standard output in a machine-readable format. Major problems cause the program to write a diagnostic to standard error @@ -497,7 +519,8 @@ All messages. All output written has been checked for authenticity. However, output can fail madway through for many reasons, and the resulting message may therefore be truncated. Don't rely on the output being complete until -.B OK is printed or +.B OK +is printed or .B catsign verify exits successfully. .SS info @@ -595,13 +618,15 @@ message is expected on stdin (immediately after the signature, if any). The options follow a rough convention: options describing the input format are lower-case and options specifying the output format are upper-case. The following options are recognized. -.TP "\-a, \-\-armour-in" +.TP +.BI "\-a, \-\-armour-in" Read ASCII-armoured input. This is equivalent to specifying .BR "\-f pem" . The variant spelling .B "\-\-armor" is also accepted. -.TP "\-A, \-\-armour-out" +.TP +.BI "\-A, \-\-armour-out" Produce ASCII-armoured output. This is equivalent to specifying .BR "\-F pem" . The variant spelling @@ -657,7 +682,7 @@ Options provided are: Produce output in .IR format . Run -.B catcrypt show enc +.B catsign show enc for a list of encoding formats. .TP .BI "\-b, \-\-boundary " label @@ -691,7 +716,7 @@ Options provided are: Decode input in .IR format . Run -.B catcrypt show enc +.B catsign show enc for a list of encoding formats. .TP .BI "\-b, \-\-boundary " label @@ -703,7 +728,7 @@ between and .BI "\-\-\-\-\-END " label "\-\-\-\-\-" lines. Without this option, -.B catcrypt +.B catsign will start reading at the first plausible boundary string, and continue processing until it reaches the matching end boundary. .TP @@ -726,4 +751,4 @@ the same file. .BR hashsum (1), .BR keyring (5). .SH AUTHOR -Mark Wooding, +Mark Wooding,