NETPGPVERIFY(1) BSD General Commands Manual NETPGPVERIFY(1)
NAME
netpgpverify -- standalone program for digital signature verification
SYNOPSIS
netpgpverify --verify [--output=filename] [options] file ...
where the options for all commands are:
[--coredumps]
[--homedir=home-directory]
[--keyring=keyring]
[--userid=userid]
[--verbose]
DESCRIPTION
The netpgpverify complements the netpgp(1) program, and duplicates its verification functionality in a single standalone program. The reason
for this duplication is simply because verification of digital signatures is such a common operation that a single, much smaller, standalone
program can be used.
The following commands are used to verify signatures:
--coredumps In normal processing, if an error occurs, the contents of memory are saved to disk, and can be read using tools to analyse be-
haviour. Unfortunately this can disclose information to people viewing the core dump, such as secret keys, and passphrases
protecting those keys. In normal operation, netpgpverify will turn off the ability to save core dumps on persistent storage,
but selecting this option will allow core dumps to be written to disk. This option should be used wisely, and any core dumps
should be deleted in a secure manner when no longer needed.
--homedir home-directory
Keyrings are normally located, for historical reasons, within the user's home directory in a subdirectory called ``.gnupg'' and
this option specifies an alternative location in which to find that sub-directory.
--keyring keyring
This option specifies an alternative keyring to be used. All keyring operations will be relative to this alternative keyring.
--output specifies a filename to which verified output from a signed file may be redirected. The default is to send the verified output
to stdout, and this may also be specified using the ``-'' value.
--verbose This option can be used to view information during the process of the netpgpverify requests.
SIGNING AND VERIFICATION
Verification of a file's signature is best viewed using the following example:
% netpgp --sign --userid=agc@netbsd.org a
signature 2048/RSA (Encrypt or Sign) 1b68dcfcc0596823 2004-01-12
Key fingerprint: d415 9deb 336d e4cc cdfa 00cd 1b68 dcfc c059 6823
uid Alistair Crooks <alistair@hockley-crooks.com>
uid Alistair Crooks <agc@pkgsrc.org>
uid Alistair Crooks <agc@netbsd.org>
uid Alistair Crooks <agc@alistaircrooks.com>
uid Alistair Crooks (Yahoo!) <agcrooks@yahoo-inc.com>
encryption 2048/RSA (Encrypt or Sign) 79deb61e488eee74 2004-01-12
netpgp passphrase:
% netpgpverify a.gpg
Good signature for a.gpg made Thu Jan 29 03:06:00 2009
using RSA (Encrypt or Sign) key 1B68DCFCC0596823
signature 2048/RSA (Encrypt or Sign) 1b68dcfcc0596823 2004-01-12
Key fingerprint: d415 9deb 336d e4cc cdfa 00cd 1b68 dcfc c059 6823
uid Alistair Crooks <alistair@hockley-crooks.com>
uid Alistair Crooks <agc@pkgsrc.org>
uid Alistair Crooks <agc@netbsd.org>
uid Alistair Crooks <agc@alistaircrooks.com>
uid Alistair Crooks (Yahoo!) <agcrooks@yahoo-inc.com>
encryption 2048/RSA (Encrypt or Sign) 79deb61e488eee74 2004-01-12
%
In the example above, a signature is made on a single file called ``a'' using a user identity corresponding to ``agc@netbsd.org'' and using
the netpgp(1) program. The key located for the user identity is displayed, and the user is prompted to type in their passphrase. The
resulting file, called ``a.gpg'' is placed in the same directory. The second part of the example shows a verification using netpgpverify of
the signed file taking place. The time and user identity of the signatory is displayed, followed by a fuller description of the public key
of the signatory. In both cases, the exit value from the utility was a successful one.
EXIT STATUS
The netpgpverify utility will return 0 for success, 1 if the file's signature does not match what was expected, or 2 if any other error
occurs.
SEE ALSO
netpgp(1), libnetpgp(3), ssl(3), zlib(3)
STANDARDS
The netpgpverify utility is designed to conform to IETF RFC 4880.
HISTORY
The netpgpverify command first appeared in NetBSD 6.0.
AUTHORS
Ben Laurie, Rachel Willmer, and was overhauled and rewritten by Alistair Crooks <agc@NetBSD.org>. This manual page was written by Alistair
Crooks.
BSD
November 10, 2010 BSD