\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40)
\"
\" Standard preamble:
\" ========================================================================
de Sp \" Vertical space (when we can't use .PP)
if t .sp .5v
if n .sp
.
de Vb \" Begin verbatim text
ft CW
nf
ne \\$1
.
de Ve \" End verbatim text
ft R
fi
.
\" Set up some character translations and predefined strings.  \*(-- will
\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
\" double quote, and \*(R" will give a right double quote.  \*(C+ will
\" give a nicer C++.  Capital omega is used to do unbreakable dashes and
\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff,
\" nothing in troff, for use with C<>.
tr \(*W-
ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
ie n \{\
   ds -- \(*W-
   ds PI pi
   if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
   if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch
   ds L" ""
   ds R" ""
   ds C` ""
   ds C' ""
'br\}
el\{\
   ds -- \|\(em\|
   ds PI \(*p
   ds L" ``
   ds R" ''
   ds C`
   ds C'
'br\}
\"
\" Escape single quotes in literal strings from groff's Unicode transform.
ie \n(.g .ds Aq \(aq
el       .ds Aq '
\"
\" If the F register is >0, we'll generate index entries on stderr for
\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
\" entries marked with X<> in POD.  Of course, you'll have to process the
\" output yourself in some meaningful fashion.
\"
\" Avoid warning from groff about undefined register 'F'.
de IX
.
nr rF 0
if \n(.g .if rF .nr rF 1
if (\n(rF:(\n(.g==0)) \{\
   if \nF \{\
       de IX
       tm Index:\\$1\t\\n%\t"\\$2"
.
       if !\nF==2 \{\
           nr % 0
           nr F 2
       \}
   \}
\}
rr rF
\"
\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
\" Fear.  Run.  Save yourself.  No user-serviceable parts.
   \" fudge factors for nroff and troff
if n \{\
   ds #H 0
   ds #V .8m
   ds #F .3m
   ds #[ \f1
   ds #] \fP
\}
if t \{\
   ds #H ((1u-(\\\\n(.fu%2u))*.13m)
   ds #V .6m
   ds #F 0
   ds #[ \&
   ds #] \&
\}
   \" simple accents for nroff and troff
if n \{\
   ds ' \&
   ds ` \&
   ds ^ \&
   ds , \&
   ds ~ ~
   ds /
\}
if t \{\
   ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
   ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
   ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
   ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
   ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
   ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
\}
   \" troff and (daisy-wheel) nroff accents
ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
ds 8 \h'\*(#H'\(*b\h'-\*(#H'
ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
ds ae a\h'-(\w'a'u*4/10)'e
ds Ae A\h'-(\w'A'u*4/10)'E
   \" corrections for vroff
if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
   \" for low resolution devices (crt and lpr)
if \n(.H>23 .if \n(.V>19 \
\{\
   ds : e
   ds 8 ss
   ds o a
   ds d- d\h'-1'\(ga
   ds D- D\h'-1'\(hy
   ds th \o'bp'
   ds Th \o'LP'
   ds ae ae
   ds Ae AE
\}
rm #[ #] #H #V #F C
\" ========================================================================
\"
IX Title "PGPVERIFY 8"
TH PGPVERIFY 8 "2018-01-21" "1.30" "Maintenance Commands"
\" For nroff, turn off justification.  Always turn off hyphenation; it makes
\" way too many mistakes in technical documents.
if n .ad l
nh
SH "NAME"
pgpverify \- Cryptographically verify Usenet control messages
SH "SYNOPSIS"
IX Header "SYNOPSIS"
\&\fBpgpverify\fR [\fB\-\-findid\fR=\fIstring\fR] [\fB\-\-test\fR] < \fImessage\fR
SH "DESCRIPTION"
IX Header "DESCRIPTION"
The \fBpgpverify\fR program reads (on standard input) a Usenet control
message that has been cryptographically signed using the \fBsigncontrol\fR
program (or some other program that produces a compatible format).
\&\fBpgpverify\fR then uses a \s-1PGP\s0 implementation to determine who signed the
control message.  If the control message has a valid signature,
\&\fBpgpverify\fR prints (to stdout) the user \s-1ID\s0 of the key that signed the
message.  Otherwise, it exits with a non-zero exit status.
PP
If \fBpgpverify\fR is installed as part of \s-1INN,\s0 it uses \s-1INN\s0's configuration
to determine what signature verification program to use, how to log
errors, what temporary directory to use, and what keyring to use.
Otherwise, all of those parameters can be set by editing the beginning of
this script.
PP
By default, when running as part of \s-1INN,\s0 \fBpgpverify\fR expects the \s-1PGP\s0 key
ring to be found in \fIpathetc\fR/pgp (as either \fIpubring.pgp\fR or
\&\fIpubring.gpg\fR depending on whether \s-1PGP\s0 or GnuPG is used to verify
signatures).  If that directory doesn't exist, it will fall back on using
the default key ring, which is in a \fI.pgp\fR or \fI.gnupg\fR subdirectory of
the running user's home directory.
PP
\&\s-1INN,\s0 when using GnuPG, configures \fBpgpverify\fR to use \fBgpg\fR or \fBgpgv\fR, which
by default expects keys to be in a keyring named \fItrustedkeys.gpg\fR, since it
doesn't implement trust checking directly.  \fBpgpverify\fR uses that file if
present but falls back to \fIpubring.gpg\fR if it's not found.  This bypasses
the trust model for checking keys, but is compatible with the way that
\&\fBpgpverify\fR used to behave.  Of course, if a keyring is found in
\&\fIpathetc\fR/pgp or configured at the top of the script, that overrides all of
this behavior.
SH "OPTIONS"
IX Header "OPTIONS"
IP "\fB\-\-findid\fR=\fIstring\fR" 4
IX Item "--findid=string"
The \fB\-\-findid\fR flag causes \fBpgpverify\fR to explicitly search for
\&\fIstring\fR in the output from \s-1PGP\s0's analysis of the message.  This option
is useful when several UIDs are defined on a single \s-1PGP\s0 key, and the
caller to \fBpgpverify\fR needs checking whether a given one is defined on
this key.  In case the signature is valid but does not contain \fIstring\fR,
\&\fBpgpverify\fR exits with exit status 4.
IP "\fB\-\-test\fR" 4
IX Item "--test"
The \fB\-\-test\fR flag causes \fBpgpverify\fR to print out the input that it is
passing to \s-1PGP\s0 (which is a reconstructed version of the input that
supposedly created the control message) as well as the output from \s-1PGP\s0's
analysis of the message.
SH "EXIT STATUS"
IX Header "EXIT STATUS"
\&\fBpgpverify\fR may exit with the following statuses:
IP "0" 4
The control message had a good \s-1PGP\s0 signature.
IP "1" 4
IX Item "1"
The control message had no \s-1PGP\s0 signature.
IP "2" 4
IX Item "2"
The control message had an unknown \s-1PGP\s0 signature.
IP "3" 4
IX Item "3"
The control message had a bad \s-1PGP\s0 signature.
IP "4" 4
IX Item "4"
The control message had a good \s-1PGP\s0 signature but the argument given
to the \fB\-\-findid\fR flag had non been found in the output from \s-1PGP\s0's
analysis of the message.
IP "255" 4
IX Item "255"
A problem occurred not directly related to \s-1PGP\s0 analysis of signature.
SH "ENVIRONMENT"
IX Header "ENVIRONMENT"
\&\fBpgpverify\fR does not modify or otherwise alter the environment before
invoking the \fBpgp\fR, \fBgpgv\fR or \fBgpg\fR program.  It is the responsibility of
the person who installs \fBpgpverify\fR to ensure that when \fBpgp\fR, \fBgpgv\fR or
\&\fBgpg\fR runs, it has the ability to locate and read a \s-1PGP\s0 key file that
contains the \s-1PGP\s0 public keys for the appropriate Usenet hierarchy
administrators.  \fBpgpverify\fR can be pointed to an appropriate key ring by
editing variables at the beginning of this script.
SH "NOTES"
IX Header "NOTES"
Historically, Usenet news server administrators have configured their news
servers to automatically honor Usenet control messages based on the
originator of the control messages and the hierarchies for which the
control messages applied.  For example, in the past, David Lawrence always
issued control messages for the \*(L"Big\ 8\*(R" hierarchies (comp, humanities,
misc, news, rec, sci, soc, talk).  Usenet news administrators would
configure their news server software to automatically honor newgroup and
rmgroup control messages that originated from David Lawrence and applied
to any of the Big\ 8 hierarchies.
PP
Unfortunately, Usenet news articles (including control messages) are
notoriously easy to forge.  Soon, malicious users realized they could
create or remove (at least temporarily) any Big\ 8 newsgroup they wanted by
simply forging an appropriate control message in David Lawrence's name.
As Usenet became more widely used, forgeries became more common.
PP
The \fBpgpverify\fR program was designed to allow Usenet news administrators
to configure their servers to cryptographically verify control messages
before automatically acting on them.  Under the \fBpgpverify\fR system, a Usenet
hierarchy maintainer creates a \s-1PGP\s0 public/private key pair and
disseminates the public key.  Whenever the hierarchy maintainer issues a
control message, he uses the \fBsigncontrol\fR program to sign the control
message with the \s-1PGP\s0 private key.  Usenet news administrators configure
their news servers to run the \fBpgpverify\fR program on the appropriate
control messages, and take action based on the \s-1PGP\s0 key User \s-1ID\s0 that signed
the control message, not the name and address that appear in the control
message's From: or Sender: headers.
PP
Thus, appropriate use of the \fBsigncontrol\fR and \fBpgpverify\fR programs
essentially eliminates the possibility of malicious users forging Usenet
control messages that sites will act upon, as such users would have to
obtain the \s-1PGP\s0 private key in order to forge a control message that would
pass the cryptographic verification step.  If the hierarchy administrators
properly protect their \s-1PGP\s0 private keys, the only way a malicious user
could forge a validly-signed control message would be by breaking the
public key encryption algorithm, which (at least at this time) is believed
to be prohibitively difficult for \s-1PGP\s0 keys of a sufficient bit length.
SH "HISTORY"
IX Header "HISTORY"
\&\fBpgpverify\fR was written by David C Lawrence <[email protected]>.  Manual page
provided by James Ralston.  It is currently maintained by Russ Allbery
<[email protected]>.
SH "COPYRIGHT AND LICENSE"
IX Header "COPYRIGHT AND LICENSE"
David Lawrence wrote:  \*(L"Our lawyer told me to include the following.  The
upshot of it is that you can use the software for free as much as you
like.\*(R"
PP
Copyright (c) 1996 \s-1UUNET\s0 Technologies, Inc.
All rights reserved.
PP
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are
met:
IP "1." 4
Redistributions of source code must retain the above copyright notice,
this list of conditions and the following disclaimer.
IP "2." 4
Redistributions in binary form must reproduce the above copyright notice,
this list of conditions and the following disclaimer in the documentation
and/or other materials provided with the distribution.
IP "3." 4
All advertising materials mentioning features or use of this software must
display the following acknowledgement:
Sp
Vb 1
\&  This product includes software developed by UUNET Technologies, Inc.
Ve
IP "4." 4
The name of \s-1UUNET\s0 Technologies (\*(L"\s-1UUNET\*(R"\s0) may not be used to endorse or
promote products derived from this software without specific prior written
permission.
PP
\&\s-1THIS SOFTWARE IS PROVIDED BY UUNET \*(L"AS IS\*(R" AND ANY EXPRESS OR IMPLIED
WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.\s0  \s-1IN
NO EVENT SHALL UUNET BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES\s0 (\s-1INCLUDING, BUT NOT LIMITED
TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES\s0; \s-1LOSS OF USE, DATA, OR
PROFITS\s0; \s-1OR BUSINESS INTERRUPTION\s0) \s-1HOWEVER CAUSED AND ON ANY THEORY OF
LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT\s0 (\s-1INCLUDING
NEGLIGENCE OR OTHERWISE\s0) \s-1ARISING IN ANY WAY OUT OF THE USE OF THIS
SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\s0
SH "SEE ALSO"
IX Header "SEE ALSO"
\&\fBgpg\fR\|(1), \fBgpgv\fR\|(1), \fBpgp\fR\|(1).
PP
<https://ftp.isc.org/pub/pgpcontrol/> is where the most recent versions of
\&\fBsigncontrol\fR and \fBpgpverify\fR live, along with \s-1PGP\s0 public keys used for
hierarchy administration.

You are viewing proxied material from sdf.org. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.