~mdw
/
catacomb
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
pgen_safetest: Use a separate witness for each test.
[catacomb]
/
catsign.1
diff --git
a/catsign.1
b/catsign.1
index
b4b7f5c
..
e762712
100644
(file)
--- a/
catsign.1
+++ b/
catsign.1
@@
-44,7
+44,7
@@
is one of:
.RI [ item ...]
.br
.B sign
.RI [ item ...]
.br
.B sign
-.RB [ \-adt ]
+.RB [ \-adt
C
]
.RB [ \-k
.IR tag ]
.RB [ \-f
.RB [ \-k
.IR tag ]
.RB [ \-f
@@
-54,11
+54,13
@@
is one of:
.RI [ file ]
.br
.B verify
.RI [ file ]
.br
.B verify
-.RB [ \-aquv ]
+.RB [ \-aquv
C
]
.RB [ \-k
.IR tag ]
.RB [ \-f
.IR format ]
.RB [ \-k
.IR tag ]
.RB [ \-f
.IR format ]
+.RB [ \-t
+.IR time ]
.br
.RB [ \-o
.br
.RB [ \-o
@@
-401,6
+403,11
@@
rather than to standard output.
.TP
.B "\-t, \-\-text"
Read and sign the input as text. This is the default.
.TP
.B "\-t, \-\-text"
Read and sign the input as text. This is the default.
+.TP
+.B "\-C, \-\-nocheck"
+Don't check the private key for validity. This makes signing go much
+faster, but at the risk of using a duff key, and potentially leaking
+information about the private key.
.SS verify
The
.B verify
.SS verify
The
.B verify
@@
-448,6
+455,15
@@
signature. Using this option causes verification to fail unless the
signature header specifies the key named
.IR tag .
.TP
signature header specifies the key named
.IR tag .
.TP
+.BI "\-t, \-\-freshtime " time
+Only accept signatures claiming to have been made more recently than
+.IR time .
+If
+.I time
+is
+.B always
+(the default) then any timestamp in the past is acceptable.
+.TP
.B "\-u, \-\-utc"
Show the datestamp in the signature in UTC rather than (your) local
time. The synonym
.B "\-u, \-\-utc"
Show the datestamp in the signature in UTC rather than (your) local
time. The synonym
@@
-461,6
+477,11
@@
The file is written in text or binary
mode as appropriate. The default is to write the message to standard
output unless verifying a detached signature, in which case nothing is
written.
mode as appropriate. The default is to write the message to standard
output unless verifying a detached signature, in which case nothing is
written.
+.TP
+.B "\-C, \-\-nocheck"
+Don't check the public key for validity. This makes verification go
+much faster, but at the risk of using a duff key, and potentially
+accepting false signatures.
.PP
Output is written to standard output in a machine-readable format.
Major problems cause the program to write a diagnostic to standard error
.PP
Output is written to standard output in a machine-readable format.
Major problems cause the program to write a diagnostic to standard error
@@
-730,4
+751,4
@@
the same file.
.BR hashsum (1),
.BR keyring (5).
.SH AUTHOR
.BR hashsum (1),
.BR keyring (5).
.SH AUTHOR
-Mark Wooding, <mdw@
nsict.org
>
+Mark Wooding, <mdw@
distorted.org.uk
>