X-Git-Url: https://git.distorted.org.uk/u/mdw/catacomb/blobdiff_plain/fa54fe1eda6977fc8aef0c154f8483e351e20bdd..f5e91c02ff4057002e480ad4933a1b9aa2496c40:/dsig.1 diff --git a/dsig.1 b/dsig.1 index 3b4223c..85056aa 100644 --- a/dsig.1 +++ b/dsig.1 @@ -44,7 +44,7 @@ is one of: .RI [ item ...] .br .B sign -.RB [ \-0bqv ] +.RB [ \-0bpqvC ] .RB [ \-c .IR comment ] .RB [ \-k @@ -55,11 +55,13 @@ is one of: \h'8n' .RB [ \-f .IR file ] +.RB [ \-h +.IR file ] .RB [ \-o .IR output ] .br .B verify -.RB [ \-qv ] +.RB [ \-pqvjC ] .RI [ file ] .SH DESCRIPTION The @@ -123,7 +125,7 @@ for a list of supported signature algorithms. .B rsapkcs1 This is almost the same as the RSASSA-PKCS1-v1_5 algorithm described in RFC3447; the difference is that the hash is left bare rather than being -wrapped in a DER-encoded +wrapped in a DER-encoded .B DigestInfo structure. This doesn't affect security since the key can only be used with the one hash function anyway, and dropping the DER wrapping permits @@ -148,7 +150,7 @@ command (see to generate the key. .TP .B dsa -This is the DSA algorithm described in FIPS180-1 and FIPS180-2. Use the +This is the DSA algorithm described in FIPS180-1 and FIPS180-2. Use the .B dsa algorithm of the .B key add @@ -210,7 +212,7 @@ the default hash function is .BR sha . .hP \*o For -.BR kcdsa +.BR kcdsa and .BR eckcdsa , the default hash function is @@ -301,11 +303,20 @@ Writes as a comment in the output file. The comment's integrity is protected by the signature. .TP +.BI "\-p, \-\-progress" +Write a progress meter to standard error while processing large files. +.TP .BI "\-f, \-\-file " name Read filenames from .I name instead of from standard input. .TP +.BI "\-h, \-\-hashes " name +Rather than hashing files, read precomputed hashes from the file +.IR name , +which should be in the format produced by +.BR hashsum (1). +.TP .BI "\-o, \-\-output " name Write output to .I name @@ -323,6 +334,11 @@ Set the signature to expire at The default is to expire 28 days from creation. Use .B forever to make the signature not expire. +.TP +.B "\-C, \-\-nocheck" +Don't check the private key for validity. This makes signing go much +faster, but at the risk of using a duff key, and potentially leaking +information about the private key. .PP The whitespace-separated format for filenames allows quoting and escaping of strange characters. The backslash @@ -360,6 +376,17 @@ Produce more informational output. The default verbosity level is 1. .TP .B "\-q, \-\-quiet" Produce less information output. +.TP +.B "\-j, \-\-junk" +Report files whose hashes have not been checked. +.TP +.BI "\-p, \-\-progress" +Write a progress meter to standard error while processing large files. +.TP +.B "\-C, \-\-nocheck" +Don't check the public key for validity. This makes verification go +much faster, but at the risk of using a duff key, and potentially +accepting false signatures. .PP Output is written to standard output in a machine-readable format. Formatting errors cause the program to write a diagnostic to standard @@ -370,7 +397,7 @@ An error prevented verification. .TP .BI "BAD " reason The signature is bad: some file had the wrong hash or the signature is -invalid. +invalid. .TP .BI "WARN " reason .B dsig @@ -379,8 +406,16 @@ encountered a situation which may or may not invalidate the signature. .BI "OK " message The signature verified correctly. .TP +.BI "JUNK " type " " name +The file +.I name +was found (as a result of the search requested by the +.RB ` \-j ' +option), but it was not mentioned in the signature file and therefore +has not been checked. +.TP .BI "INFO " note -Any other information. +Any other information. .PP The information written at the various verbosity levels is as follows. .hP 0. @@ -472,7 +507,7 @@ command. This block need not appear. .TP .BR "date: " (3) The date the signature was made. In a text file, this has the form -.IB yyyy-mm-dd +.IB yyyy-mm-dd .IB hh:mm:ss .IR timezone ; in a binary file, it's a 64-bit integer representing the POSIX time. @@ -510,4 +545,4 @@ blocks. .BR catsign (1), .BR keyring (5). .SH AUTHOR -Mark Wooding, +Mark Wooding,