NAME¶

dkg-verify -- verifies a detached signature of a file according to OpenPGP

SYNOPSIS¶

dkg-verify [options] KEYFILE

DESCRIPTION¶

This program verifies a detached signature read from STDIN according to the OpenPGP standard. KEYFILE represents the ASCII-armored public key, for which the verification is performed. If KEYFILE is omitted and by option "-k" a file containing a set of keys (keyring) is given, the corresponding public key is determined by the issuer fingerprint or issuer subpacket from the signature. Optionally with "-k" some external revocation keys can be provided by the user. Currently, DSA/DSS, RSA, ECDSA, and EdDSA are permitted as public-key algorithms. The input file for which the signature is checked must be specified by the mandatory option "-i". Instead of reading the detached signature from STDIN, by option "-s" a file containing this signature can be supplied.

By "-f" and "-t" the user can provide a validity period, i.e., signatures made before the TIMESPEC of option "-f" or after the TIMESPEC of option "-t" are not valid. The corresponding TIMESPEC must be of the format "YYYY-MM-DD[_HH:MM:SS]". The default values are "2009-06-01 00:00:00 (publication date of FIPS 186-3)" and the current system date, respectively.

The program returns a non-zero value on error, e.g., if the detached signature is invalid or no admissible public key is found in KEYFILE.

OPTIONS¶

Arguments mandatory for long options are also mandatory for short options.

-b, --binary

consider KEYFILE and each FILENAME as binary input

-f TIMESPEC

signature made before given TIMESPEC is not valid

-h, --help

print this list of options

-i FILENAME

verify detached signature on FILENAME

-k FILENAME

use keyring FILENAME containing (external revocation) keys

-s FILENAME

read detached signature from FILENAME instead of STDIN

-t TIMESPEC

signature made after given TIMESPEC is not valid

-v, --version

print the version number of the program

-V, --verbose

turn on verbose output

-w, --weak

allow weak or expired keys

SECURITY¶

The current implementation is in experimental state and should NOT be used in production environments.

REPORTING BUGS¶

Security vulnerabilities or cryptographic complaints should be reported via an email directly to <HeikoStamer@gmx.net>. Reported problems will be published after they've been fixed.

Please report all other bugs via public bug tracker <https://savannah.nongnu.org/bugs/?func=additem&group=dkgpg>

Home page of Distributed Privacy Guard (DKGPG): <https://savannah.nongnu.org/projects/dkgpg/>

THANKS¶

The author thanks Daniel Kahn Gillmor for his valuable suggestions regarding useful extensions of this program.

COPYRIGHT¶

Copyright (C) 2017, 2018 Heiko Stamer <HeikoStamer@gmx.net>

Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.3 or any later version published by the Free Software Foundation; with no Invariant Sections, no Front-Cover Texts, and no Back-Cover Texts. A copy of the license is included in the sources of this package and additionally can be obtained from Internet <https://www.gnu.org/licenses>.

SEE ALSO¶

dkg-generate(1), dkg-sign(1), dkg-revoke(1)