X-Git-Url: https://git.distorted.org.uk/u/mdw/catacomb/blobdiff_plain/f387fcb17a980fe165218d217b0187a8c279508a..95d9246390251adba7e6e9f0cc70bf0ebe0b2e60:/dsig.1 diff --git a/dsig.1 b/dsig.1 index 70a4ea8..ad5b6fe 100644 --- a/dsig.1 +++ b/dsig.1 @@ -44,7 +44,7 @@ is one of: .RI [ item ...] .br .B sign -.RB [ \-0bqv ] +.RB [ \-0bpqvC ] .RB [ \-c .IR comment ] .RB [ \-k @@ -55,11 +55,13 @@ is one of: \h'8n' .RB [ \-f .IR file ] +.RB [ \-h +.IR file ] .RB [ \-o .IR output ] .br .B verify -.RB [ \-qv ] +.RB [ \-pqvC ] .RI [ file ] .SH DESCRIPTION The @@ -123,7 +125,7 @@ for a list of supported signature algorithms. .B rsapkcs1 This is almost the same as the RSASSA-PKCS1-v1_5 algorithm described in RFC3447; the difference is that the hash is left bare rather than being -wrapped in a DER-encoded +wrapped in a DER-encoded .B DigestInfo structure. This doesn't affect security since the key can only be used with the one hash function anyway, and dropping the DER wrapping permits @@ -148,7 +150,7 @@ command (see to generate the key. .TP .B dsa -This is the DSA algorithm described in FIPS180-1 and FIPS180-2. Use the +This is the DSA algorithm described in FIPS180-1 and FIPS180-2. Use the .B dsa algorithm of the .B key add @@ -210,7 +212,7 @@ the default hash function is .BR sha . .hP \*o For -.BR kcdsa +.BR kcdsa and .BR eckcdsa , the default hash function is @@ -301,11 +303,20 @@ Writes as a comment in the output file. The comment's integrity is protected by the signature. .TP +.BI "\-p, \-\-progress" +Write a progress meter to standard error while processing large files. +.TP .BI "\-f, \-\-file " name Read filenames from .I name instead of from standard input. .TP +.BI "\-h, \-\-hashes " name +Rather than hashing files, read precomputed hashes from the file +.IR name , +which should be in the format produced by +.BR hashsum (1). +.TP .BI "\-o, \-\-output " name Write output to .I name @@ -323,6 +334,11 @@ Set the signature to expire at The default is to expire 28 days from creation. Use .B forever to make the signature not expire. +.TP +.B "\-C, \-\-nocheck" +Don't check the private key for validity. This makes signing go much +faster, but at the risk of using a duff key, and potentially leaking +information about the private key. .PP The whitespace-separated format for filenames allows quoting and escaping of strange characters. The backslash @@ -360,6 +376,14 @@ Produce more informational output. The default verbosity level is 1. .TP .B "\-q, \-\-quiet" Produce less information output. +.TP +.BI "\-p, \-\-progress" +Write a progress meter to standard error while processing large files. +.TP +.B "\-C, \-\-nocheck" +Don't check the public key for validity. This makes verification go +much faster, but at the risk of using a duff key, and potentially +accepting false signatures. .PP Output is written to standard output in a machine-readable format. Formatting errors cause the program to write a diagnostic to standard @@ -370,7 +394,7 @@ An error prevented verification. .TP .BI "BAD " reason The signature is bad: some file had the wrong hash or the signature is -invalid. +invalid. .TP .BI "WARN " reason .B dsig @@ -380,7 +404,7 @@ encountered a situation which may or may not invalidate the signature. The signature verified correctly. .TP .BI "INFO " note -Any other information. +Any other information. .PP The information written at the various verbosity levels is as follows. .hP 0. @@ -472,7 +496,7 @@ command. This block need not appear. .TP .BR "date: " (3) The date the signature was made. In a text file, this has the form -.IB yyyy-mm-dd +.IB yyyy-mm-dd .IB hh:mm:ss .IR timezone ; in a binary file, it's a 64-bit integer representing the POSIX time.