diff options
Diffstat (limited to 'doc/gpgv.texi')
-rw-r--r-- | doc/gpgv.texi | 193 |
1 files changed, 193 insertions, 0 deletions
diff --git a/doc/gpgv.texi b/doc/gpgv.texi new file mode 100644 index 0000000..2dd9576 --- /dev/null +++ b/doc/gpgv.texi @@ -0,0 +1,193 @@ +@c Copyright (C) 2004 Free Software Foundation, Inc. +@c This is part of the GnuPG manual. +@c For copying conditions, see the file GnuPG.texi. + +@c +@c This is included by tools.texi. +@c + +@include defs.inc + +@c Begin standard stuff +@ifclear gpgtwohack +@manpage gpgv.1 +@node gpgv +@section Verify OpenPGP signatures +@ifset manverb +.B gpgv +\- Verify OpenPGP signatures +@end ifset + +@mansect synopsis +@ifset manverb +.B gpgv +.RI [ options ] +.I signed_files +@end ifset +@end ifclear +@c End standard stuff + +@c Begin gpg2 hack stuff +@ifset gpgtwohack +@manpage gpgv2.1 +@node gpgv +@section Verify OpenPGP signatures +@ifset manverb +.B gpgv2 +\- Verify OpenPGP signatures +@end ifset + +@mansect synopsis +@ifset manverb +.B gpgv2 +.RI [ options ] +.I signed_files +@end ifset +@end ifset +@c End gpg2 hack stuff + +@mansect description +@code{@gpgvname} is an OpenPGP signature verification tool. + +This program is actually a stripped-down version of @code{gpg} which is +only able to check signatures. It is somewhat smaller than the fully-blown +@code{gpg} and uses a different (and simpler) way to check that +the public keys used to make the signature are valid. There are +no configuration files and only a few options are implemented. + +@code{@gpgvname} assumes that all keys in the keyring are trustworthy. +That does also mean that it does not check for expired or revoked +keys. + +If no @code{--keyring} option is given, @code{gpgv} looks for a +``default'' keyring named @file{trustedkeys.kbx} (preferred) or +@file{trustedkeys.gpg} in the home directory of GnuPG, either the +default home directory or the one set by the @code{--homedir} option +or the @code{GNUPGHOME} environment variable. If any @code{--keyring} +option is used, @code{gpgv} will not look for the default keyring. The +@code{--keyring} option may be used multiple times and all specified +keyrings will be used together. + +@noindent +@mansect options +@code{@gpgvname} recognizes these options: + +@table @gnupgtabopt + +@item --verbose +@itemx -v +@opindex verbose +Gives more information during processing. If used +twice, the input data is listed in detail. + +@item --quiet +@itemx -q +@opindex quiet +Try to be as quiet as possible. + +@item --keyring @var{file} +@opindex keyring +Add @var{file} to the list of keyrings. +If @var{file} begins with a tilde and a slash, these +are replaced by the HOME directory. If the filename +does not contain a slash, it is assumed to be in the +home-directory ("~/.gnupg" if --homedir is not used). + +@item --output @var{file} +@itemx -o @var{file} +@opindex output +Write output to @var{file}; to write to stdout use @code{-}. This +option can be used to get the signed text from a cleartext or binary +signature; it also works for detached signatures, but in that case +this option is in general not useful. Note that an existing file will +be overwritten. + + +@item --status-fd @var{n} +@opindex status-fd +Write special status strings to the file descriptor @var{n}. See the +file DETAILS in the documentation for a listing of them. + +@item --logger-fd @code{n} +@opindex logger-fd +Write log output to file descriptor @code{n} and not to stderr. + +@item --log-file @code{file} +@opindex log-file +Same as @option{--logger-fd}, except the logger data is written to +file @code{file}. Use @file{socket://} to log to socket. + +@item --ignore-time-conflict +@opindex ignore-time-conflict +GnuPG normally checks that the timestamps associated with keys and +signatures have plausible values. However, sometimes a signature seems to +be older than the key due to clock problems. This option turns these +checks into warnings. + +@include opt-homedir.texi + +@item --weak-digest @code{name} +@opindex weak-digest +Treat the specified digest algorithm as weak. Signatures made over +weak digests algorithms are normally rejected. This option can be +supplied multiple times if multiple algorithms should be considered +weak. MD5 is always considered weak, and does not need to be listed +explicitly. + +@item --enable-special-filenames +@opindex enable-special-filenames +This option enables a mode in which filenames of the form +@file{-&n}, where n is a non-negative decimal number, +refer to the file descriptor n and not to a file with that name. + +@end table + +@mansect return value + +The program returns 0 if everything is fine, 1 if at least +one signature was bad, and other error codes for fatal errors. + +@mansect examples +@subsection Examples + +@table @asis + +@item @gpgvname @code{pgpfile} +@itemx @gpgvname @code{sigfile} [@code{datafile}] +Verify the signature of the file. The second form is used for detached +signatures, where @code{sigfile} is the detached signature (either +ASCII-armored or binary) and @code{datafile} contains the signed data; +if @code{datafile} is "-" the signed data is expected on +@code{stdin}; if @code{datafile} is not given the name of the file +holding the signed data is constructed by cutting off the extension +(".asc", ".sig" or ".sign") from @code{sigfile}. + +@end table + +@mansect environment +@subsection Environment + +@table @asis + +@item HOME +Used to locate the default home directory. + +@item GNUPGHOME +If set directory used instead of "~/.gnupg". + +@end table + +@mansect files +@subsection FILES + +@table @asis + +@item ~/.gnupg/trustedkeys.gpg +The default keyring with the allowed keys. + +@end table + +@mansect see also +@command{gpg}(1) +@include see-also-note.texi + |