#define f_raw 1u
#define f_bin 2u
#define f_bogus 4u
+#define f_nocheck 8u
unsigned f = 0;
const char *ki = "dsig";
{ "output", OPTF_ARGREQ, 0, 'o' },
{ "key", OPTF_ARGREQ, 0, 'k' },
{ "expire", OPTF_ARGREQ, 0, 'e' },
+ { "nocheck", OPTF_ARGREQ, 0, 'C' },
{ 0, 0, 0, 0 }
};
- int i = mdwopt(argc, argv, "+0vqb" "c:" "f:o:" "k:e:", opts, 0, 0, 0);
+ int i = mdwopt(argc, argv, "+0vqbC" "c:" "f:o:" "k:e:", opts, 0, 0, 0);
if (i < 0)
break;
switch (i) {
if (verb > 0)
verb--;
break;
+ case 'C':
+ f |= f_nocheck;
+ break;
case 'c':
c = optarg;
break;
/* --- Check the key --- */
- if ((err = s->ops->check(s)) != 0)
+ if (!(f & f_nocheck) && (err = s->ops->check(s)) != 0)
moan("key `%s' fails check: %s", d.buf, err);
/* --- Open files --- */
#undef f_raw
#undef f_bin
#undef f_bogus
+#undef f_nocheck
}
/*----- Signature verification --------------------------------------------*/
#define f_bogus 1u
#define f_bin 2u
#define f_ok 4u
+#define f_nocheck 8u
unsigned f = 0;
unsigned verb = 1;
static struct option opts[] = {
{ "verbose", 0, 0, 'v' },
{ "quiet", 0, 0, 'q' },
+ { "nocheck", 0, 0, 'C' },
{ 0, 0, 0, 0 }
};
- int i = mdwopt(argc, argv, "+vq", opts, 0, 0, 0);
+ int i = mdwopt(argc, argv, "+vqC", opts, 0, 0, 0);
if (i < 0)
break;
switch (i) {
if (verb)
verb--;
break;
+ case 'C':
+ f |= f_nocheck;
+ break;
default:
f |= f_bogus;
break;
argc -= optind;
argv += optind;
if ((f & f_bogus) || argc > 1)
- die(EXIT_FAILURE, "Usage: verify [-qv] [FILE]");
+ die(EXIT_FAILURE, "Usage: verify [-qvC] [FILE]");
/* --- Open the key file, and start reading the input file --- */
}
s = getsig(k, "dsig", 0);
- if (verb && (err = s->ops->check(s)) != 0)
+ if (!(f & f_nocheck) && verb && (err = s->ops->check(s)) != 0)
printf("WARN public key fails check: %s", err);
for (;;) {
#undef f_bogus
#undef f_bin
#undef f_ok
+#undef f_nocheck
}
/*----- Main code ---------------------------------------------------------*/
{ "help", cmd_help, "help [COMMAND...]" },
{ "show", cmd_show, "show [ITEM...]" },
{ "sign", sign,
- "sign [-0bqv] [-c COMMENT] [-k TAG] [-e EXPIRE]\n\t\
+ "sign [-0bqvC] [-c COMMENT] [-k TAG] [-e EXPIRE]\n\t\
[-f FILE] [-o OUTPUT]",
"\
Options:\n\
-b, --binary Produce a binary output file.\n\
-q, --quiet Produce fewer messages while working.\n\
-v, --verbose Produce more messages while working.\n\
+-C, --nocheck Don't check the private key.\n\
-c, --comment=COMMENT Include COMMENT in the output file.\n\
-f, --file=FILE Read filenames to hash from FILE.\n\
-o, --output=FILE Write the signed result to FILE.\n\
-e, --expire=TIME The signature should expire after TIME.\n\
" },
{ "verify", verify,
- "verify [-qv] [FILE]", "\
+ "verify [-qvC] [FILE]", "\
Options:\n\
\n\
-q, --quiet Produce fewer messages while working.\n\
-v, --verbose Produce more messages while working.\n\
+-C, --nocheck Don't check the public key.\n\
" },
{ 0, 0, 0 }
};