some fixes; debug for missing

[inn-innduct.git] / doc / man / pgpverify.1

.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32
.\"
.\" Standard preamble:
.\" ========================================================================
.de Sh \" Subsection heading
.br
.if t .Sp
.ne 5
.PP
\fB\\$1\fR
.PP
..
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..
.de Vb \" Begin verbatim text
.ft CW
.nf
.ne \\$1
..
.de Ve \" End verbatim text
.ft R
.fi
..
.\" Set up some character translations and predefined strings.  \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote.  \*(C+ will
.\" give a nicer C++.  Capital omega is used to do unbreakable dashes and
.\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff,
.\" nothing in troff, for use with C<>.
.tr \(*W-
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\
.    ds -- \(*W-
.    ds PI pi
.    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
.    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch
.    ds L" ""
.    ds R" ""
.    ds C` ""
.    ds C' ""
'br\}
.el\{\
.    ds -- \|\(em\|
.    ds PI \(*p
.    ds L" ``
.    ds R" ''
'br\}
.\"
.\" If the F register is turned on, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index
.\" entries marked with X<> in POD.  Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
.if \nF \{\
.    de IX
.    tm Index:\\$1\t\\n%\t"\\$2"
..
.    nr % 0
.    rr F
.\}
.\"
.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.hy 0
.if n .na
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear.  Run.  Save yourself.  No user-serviceable parts.
.    \" fudge factors for nroff and troff
.if n \{\
.    ds #H 0
.    ds #V .8m
.    ds #F .3m
.    ds #[ \f1
.    ds #] \fP
.\}
.if t \{\
.    ds #H ((1u-(\\\\n(.fu%2u))*.13m)
.    ds #V .6m
.    ds #F 0
.    ds #[ \&
.    ds #] \&
.\}
.    \" simple accents for nroff and troff
.if n \{\
.    ds ' \&
.    ds ` \&
.    ds ^ \&
.    ds , \&
.    ds ~ ~
.    ds /
.\}
.if t \{\
.    ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
.    ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
.    ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
.    ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
.    ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
.    ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
.\}
.    \" troff and (daisy-wheel) nroff accents
.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
.ds ae a\h'-(\w'a'u*4/10)'e
.ds Ae A\h'-(\w'A'u*4/10)'E
.    \" corrections for vroff
.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
.    \" for low resolution devices (crt and lpr)
.if \n(.H>23 .if \n(.V>19 \
\{\
.    ds : e
.    ds 8 ss
.    ds o a
.    ds d- d\h'-1'\(ga
.    ds D- D\h'-1'\(hy
.    ds th \o'bp'
.    ds Th \o'LP'
.    ds ae ae
.    ds Ae AE
.\}
.rm #[ #] #H #V #F C
.\" ========================================================================
.\"
.IX Title "PGPVERIFY 1"
.TH PGPVERIFY 1 "2008-04-06" "INN 2.4.4" "InterNetNews Documentation"
.SH "NAME"
pgpverify \- Cryptographically verify Usenet control messages
.SH "SYNOPSIS"
.IX Header "SYNOPSIS"
\&\fBpgpverify\fR [\fB\-test\fR] < \fImessage\fR
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
The \fBpgpverify\fR program reads (on standard input) a Usenet control
message that has been cryptographically signed using the \fBsigncontrol\fR
program (or some other program that produces a compatible format).
\&\fBpgpverify\fR then uses a \s-1PGP\s0 implementation to determine who signed the
control message.  If the control message has a valid signature,
\&\fBpgpverify\fR prints (to stdout) the user \s-1ID\s0 of the key that signed the
message.  Otherwise, it exits with a non-zero exit status.
.PP
If \fBpgpverify\fR is installed as part of \s-1INN\s0, it uses \s-1INN\s0's configuration
to determine what signature verification program to use, how to log
errors, what temporary directory to use, and what keyring to use.
Otherwise, all of those parameters can be set by editing the beginning of
this script.
.PP
By default, when running as part of \s-1INN\s0, \fBpgpverify\fR expects the \s-1PGP\s0 key
ring to be found in \fIpathetc\fR/pgp (as either \fIpubring.pgp\fR or
\&\fIpubring.gpg\fR depending on whether \s-1PGP\s0 or GnuPG is used to verify
signatures).  If that directory doesn't exist, it will fall back on using
the default key ring, which is in a \fI.pgp\fR or \fI.gnupg\fR subdirectory of
the running user's home directory.
.PP
\&\s-1INN\s0, when using GnuPG, configures \fBpgpverify\fR to use \fBgpgv\fR, which by
default expects keys to be in a keyring named \fItrustedkeys.gpg\fR, since it
doesn't implement trust checking directly.  \fBpgpverify\fR uses that file if
present but falls back to \fIpubring.gpg\fR if it's not found.  This bypasses
the trust model for checking keys, but is compatible with the way that
\&\fBpgpverify\fR used to behave.  Of course, if a keyring is found in
\&\fIpathetc\fR/pgp or configured at the top of the script, that overrides all of
this behavior.
.SH "OPTIONS"
.IX Header "OPTIONS"
The \fB\-test\fR flag causes \fBpgpverify\fR to print out the input that it is
passing to \s-1PGP\s0 (which is a reconstructed version of the input that
supposedly created the control message) as well as the output from \s-1PGP\s0's
analysis of the message.
.SH "EXIT STATUS"
.IX Header "EXIT STATUS"
\&\fBpgpverify\fR may exit with the following statuses:
.IP "0\&" 4
.IX Item "0"
The control message had a good \s-1PGP\s0 signature.
.IP "1" 4
.IX Item "1"
The control message had no \s-1PGP\s0 signature.
.IP "2" 4
.IX Item "2"
The control message had an unknown \s-1PGP\s0 signature.
.IP "3" 4
.IX Item "3"
The control message had a bad \s-1PGP\s0 signature.
.IP "255" 4
.IX Item "255"
A problem occurred not directly related to \s-1PGP\s0 analysis of signature.
.SH "ENVIRONMENT"
.IX Header "ENVIRONMENT"
\&\fBpgpverify\fR does not modify or otherwise alter the environment before
invoking the \fBpgp\fR or \fBgpgv\fR program.  It is the responsibility of the
person who installs \fBpgpverify\fR to ensure that when \fBpgp\fR or \fBgpgv\fR
runs, it has the ability to locate and read a \s-1PGP\s0 key file that contains
the \s-1PGP\s0 public keys for the appropriate Usenet hierarchy administrators.
\&\fBpgpverify\fR can be pointed to an appropriate key ring by editing
variables at the beginning of this script.
.SH "NOTES"
.IX Header "NOTES"
Historically, Usenet news server administrators have configured their news
servers to automatically honor Usenet control messages based on the
originator of the control messages and the hierarchies for which the
control messages applied.  For example, in the past, David Lawrence always
issued control messages for the \*(L"Big\ 8\*(R" hierarchies (comp, humanities,
misc, news, rec, sci, soc, talk).  Usenet news administrators would
configure their news server software to automatically honor newgroup and
rmgroup control messages that originated from David Lawrence and applied
to any of the Big\ 8 hierarchies.
.PP
Unfortunately, Usenet news articles (including control messages) are
notoriously easy to forge.  Soon, malicious users realized they could
create or remove (at least temporarily) any Big\ 8 newsgroup they wanted by
simply forging an appropriate control message in David Lawrence's name.
As Usenet became more widely used, forgeries became more common.
.PP
The \fBpgpverify\fR program was designed to allow Usenet news administrators
to configure their servers to cryptographically verify control messages
before automatically acting on them.  Under the \fBpgpverify\fR system, a Usenet
hierarchy maintainer creates a \s-1PGP\s0 public/private key pair and
disseminates the public key.  Whenever the hierarchy maintainer issues a
control message, he uses the \fBsigncontrol\fR program to sign the control
message with the \s-1PGP\s0 private key.  Usenet news administrators configure
their news servers to run the \fBpgpverify\fR program on the appropriate
control messages, and take action based on the \s-1PGP\s0 key User \s-1ID\s0 that signed
the control message, not the name and address that appear in the control
message's From: or Sender: headers.
.PP
Thus, appropriate use of the \fBsigncontrol\fR and \fBpgpverify\fR programs
essentially eliminates the possibility of malicious users forging Usenet
control messages that sites will act upon, as such users would have to
obtain the \s-1PGP\s0 private key in order to forge a control message that would
pass the cryptographic verification step.  If the hierarchy administrators
properly protect their \s-1PGP\s0 private keys, the only way a malicious user
could forge a validly-signed control message would be by breaking the
public key encryption algorithm, which (at least at this time) is believed
to be prohibitively difficult for \s-1PGP\s0 keys of a sufficient bit length.
.SH "HISTORY"
.IX Header "HISTORY"
\&\fBpgpverify\fR was written by David C Lawrence <tale@isc.org>.  Manual page
provided by James Ralston.  It is currently maintained by Russ Allbery
<rra@stanford.edu>.
.SH "COPYRIGHT AND LICENSE"
.IX Header "COPYRIGHT AND LICENSE"
David Lawrence wrote:  \*(L"Our lawyer told me to include the following.  The
upshot of it is that you can use the software for free as much as you
like.\*(R"
.PP
Copyright (c) 1996 \s-1UUNET\s0 Technologies, Inc.
All rights reserved.
.PP
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are
met:
.IP "1." 4
Redistributions of source code must retain the above copyright notice,
this list of conditions and the following disclaimer.
.IP "2." 4
Redistributions in binary form must reproduce the above copyright notice,
this list of conditions and the following disclaimer in the documentation
and/or other materials provided with the distribution.
.IP "3." 4
All advertising materials mentioning features or use of this software must
display the following acknowledgement:
.Sp
.Vb 1
\&  This product includes software developed by UUNET Technologies, Inc.
.Ve
.IP "4." 4
The name of \s-1UUNET\s0 Technologies (\*(L"\s-1UUNET\s0\*(R") may not be used to endorse or
promote products derived from this software without specific prior written
permission.
.PP
\&\s-1THIS\s0 \s-1SOFTWARE\s0 \s-1IS\s0 \s-1PROVIDED\s0 \s-1BY\s0 \s-1UUNET\s0 \*(L"\s-1AS\s0 \s-1IS\s0\*(R" \s-1AND\s0 \s-1ANY\s0 \s-1EXPRESS\s0 \s-1OR\s0 \s-1IMPLIED\s0
\&\s-1WARRANTIES\s0, \s-1INCLUDING\s0, \s-1BUT\s0 \s-1NOT\s0 \s-1LIMITED\s0 \s-1TO\s0, \s-1THE\s0 \s-1IMPLIED\s0 \s-1WARRANTIES\s0 \s-1OF\s0
\&\s-1MERCHANTABILITY\s0 \s-1AND\s0 \s-1FITNESS\s0 \s-1FOR\s0 A \s-1PARTICULAR\s0 \s-1PURPOSE\s0 \s-1ARE\s0 \s-1DISCLAIMED\s0.  \s-1IN\s0
\&\s-1NO\s0 \s-1EVENT\s0 \s-1SHALL\s0 \s-1UUNET\s0 \s-1BE\s0 \s-1LIABLE\s0 \s-1FOR\s0 \s-1ANY\s0 \s-1DIRECT\s0, \s-1INDIRECT\s0, \s-1INCIDENTAL\s0,
\&\s-1SPECIAL\s0, \s-1EXEMPLARY\s0, \s-1OR\s0 \s-1CONSEQUENTIAL\s0 \s-1DAMAGES\s0 (\s-1INCLUDING\s0, \s-1BUT\s0 \s-1NOT\s0 \s-1LIMITED\s0
\&\s-1TO\s0, \s-1PROCUREMENT\s0 \s-1OF\s0 \s-1SUBSTITUTE\s0 \s-1GOODS\s0 \s-1OR\s0 \s-1SERVICES\s0; \s-1LOSS\s0 \s-1OF\s0 \s-1USE\s0, \s-1DATA\s0, \s-1OR\s0
\&\s-1PROFITS\s0; \s-1OR\s0 \s-1BUSINESS\s0 \s-1INTERRUPTION\s0) \s-1HOWEVER\s0 \s-1CAUSED\s0 \s-1AND\s0 \s-1ON\s0 \s-1ANY\s0 \s-1THEORY\s0 \s-1OF\s0
\&\s-1LIABILITY\s0, \s-1WHETHER\s0 \s-1IN\s0 \s-1CONTRACT\s0, \s-1STRICT\s0 \s-1LIABILITY\s0, \s-1OR\s0 \s-1TORT\s0 (\s-1INCLUDING\s0
\&\s-1NEGLIGENCE\s0 \s-1OR\s0 \s-1OTHERWISE\s0) \s-1ARISING\s0 \s-1IN\s0 \s-1ANY\s0 \s-1WAY\s0 \s-1OUT\s0 \s-1OF\s0 \s-1THE\s0 \s-1USE\s0 \s-1OF\s0 \s-1THIS\s0
\&\s-1SOFTWARE\s0, \s-1EVEN\s0 \s-1IF\s0 \s-1ADVISED\s0 \s-1OF\s0 \s-1THE\s0 \s-1POSSIBILITY\s0 \s-1OF\s0 \s-1SUCH\s0 \s-1DAMAGE\s0.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\fIgpgv\fR\|(1), \fIpgp\fR\|(1).
.PP
<ftp://ftp.isc.org/pub/pgpcontrol/> is where the most recent versions of
\&\fBsigncontrol\fR and \fBpgpverify\fR live, along with \s-1PGP\s0 public keys used for
hierarchy administration.