+++ /dev/null
-.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32
-.\"
-.\" Standard preamble:
-.\" ========================================================================
-.de Sh \" Subsection heading
-.br
-.if t .Sp
-.ne 5
-.PP
-\fB\\$1\fR
-.PP
-..
-.de Sp \" Vertical space (when we can't use .PP)
-.if t .sp .5v
-.if n .sp
-..
-.de Vb \" Begin verbatim text
-.ft CW
-.nf
-.ne \\$1
-..
-.de Ve \" End verbatim text
-.ft R
-.fi
-..
-.\" Set up some character translations and predefined strings. \*(-- will
-.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
-.\" double quote, and \*(R" will give a right double quote. \*(C+ will
-.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
-.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
-.\" nothing in troff, for use with C<>.
-.tr \(*W-
-.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
-.ie n \{\
-. ds -- \(*W-
-. ds PI pi
-. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
-. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
-. ds L" ""
-. ds R" ""
-. ds C` ""
-. ds C' ""
-'br\}
-.el\{\
-. ds -- \|\(em\|
-. ds PI \(*p
-. ds L" ``
-. ds R" ''
-'br\}
-.\"
-.\" If the F register is turned on, we'll generate index entries on stderr for
-.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index
-.\" entries marked with X<> in POD. Of course, you'll have to process the
-.\" output yourself in some meaningful fashion.
-.if \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
-..
-. nr % 0
-. rr F
-.\}
-.\"
-.\" For nroff, turn off justification. Always turn off hyphenation; it makes
-.\" way too many mistakes in technical documents.
-.hy 0
-.if n .na
-.\"
-.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
-.\" Fear. Run. Save yourself. No user-serviceable parts.
-. \" fudge factors for nroff and troff
-.if n \{\
-. ds #H 0
-. ds #V .8m
-. ds #F .3m
-. ds #[ \f1
-. ds #] \fP
-.\}
-.if t \{\
-. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
-. ds #V .6m
-. ds #F 0
-. ds #[ \&
-. ds #] \&
-.\}
-. \" simple accents for nroff and troff
-.if n \{\
-. ds ' \&
-. ds ` \&
-. ds ^ \&
-. ds , \&
-. ds ~ ~
-. ds /
-.\}
-.if t \{\
-. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
-. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
-. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
-. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
-. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
-. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
-.\}
-. \" troff and (daisy-wheel) nroff accents
-.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
-.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
-.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
-.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
-.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
-.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
-.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
-.ds ae a\h'-(\w'a'u*4/10)'e
-.ds Ae A\h'-(\w'A'u*4/10)'E
-. \" corrections for vroff
-.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
-.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
-. \" for low resolution devices (crt and lpr)
-.if \n(.H>23 .if \n(.V>19 \
-\{\
-. ds : e
-. ds 8 ss
-. ds o a
-. ds d- d\h'-1'\(ga
-. ds D- D\h'-1'\(hy
-. ds th \o'bp'
-. ds Th \o'LP'
-. ds ae ae
-. ds Ae AE
-.\}
-.rm #[ #] #H #V #F C
-.\" ========================================================================
-.\"
-.IX Title "PGPVERIFY 1"
-.TH PGPVERIFY 1 "2008-04-06" "INN 2.4.4" "InterNetNews Documentation"
-.SH "NAME"
-pgpverify \- Cryptographically verify Usenet control messages
-.SH "SYNOPSIS"
-.IX Header "SYNOPSIS"
-\&\fBpgpverify\fR [\fB\-test\fR] < \fImessage\fR
-.SH "DESCRIPTION"
-.IX Header "DESCRIPTION"
-The \fBpgpverify\fR program reads (on standard input) a Usenet control
-message that has been cryptographically signed using the \fBsigncontrol\fR
-program (or some other program that produces a compatible format).
-\&\fBpgpverify\fR then uses a \s-1PGP\s0 implementation to determine who signed the
-control message. If the control message has a valid signature,
-\&\fBpgpverify\fR prints (to stdout) the user \s-1ID\s0 of the key that signed the
-message. Otherwise, it exits with a non-zero exit status.
-.PP
-If \fBpgpverify\fR is installed as part of \s-1INN\s0, it uses \s-1INN\s0's configuration
-to determine what signature verification program to use, how to log
-errors, what temporary directory to use, and what keyring to use.
-Otherwise, all of those parameters can be set by editing the beginning of
-this script.
-.PP
-By default, when running as part of \s-1INN\s0, \fBpgpverify\fR expects the \s-1PGP\s0 key
-ring to be found in \fIpathetc\fR/pgp (as either \fIpubring.pgp\fR or
-\&\fIpubring.gpg\fR depending on whether \s-1PGP\s0 or GnuPG is used to verify
-signatures). If that directory doesn't exist, it will fall back on using
-the default key ring, which is in a \fI.pgp\fR or \fI.gnupg\fR subdirectory of
-the running user's home directory.
-.PP
-\&\s-1INN\s0, when using GnuPG, configures \fBpgpverify\fR to use \fBgpgv\fR, which by
-default expects keys to be in a keyring named \fItrustedkeys.gpg\fR, since it
-doesn't implement trust checking directly. \fBpgpverify\fR uses that file if
-present but falls back to \fIpubring.gpg\fR if it's not found. This bypasses
-the trust model for checking keys, but is compatible with the way that
-\&\fBpgpverify\fR used to behave. Of course, if a keyring is found in
-\&\fIpathetc\fR/pgp or configured at the top of the script, that overrides all of
-this behavior.
-.SH "OPTIONS"
-.IX Header "OPTIONS"
-The \fB\-test\fR flag causes \fBpgpverify\fR to print out the input that it is
-passing to \s-1PGP\s0 (which is a reconstructed version of the input that
-supposedly created the control message) as well as the output from \s-1PGP\s0's
-analysis of the message.
-.SH "EXIT STATUS"
-.IX Header "EXIT STATUS"
-\&\fBpgpverify\fR may exit with the following statuses:
-.IP "0\&" 4
-.IX Item "0"
-The control message had a good \s-1PGP\s0 signature.
-.IP "1" 4
-.IX Item "1"
-The control message had no \s-1PGP\s0 signature.
-.IP "2" 4
-.IX Item "2"
-The control message had an unknown \s-1PGP\s0 signature.
-.IP "3" 4
-.IX Item "3"
-The control message had a bad \s-1PGP\s0 signature.
-.IP "255" 4
-.IX Item "255"
-A problem occurred not directly related to \s-1PGP\s0 analysis of signature.
-.SH "ENVIRONMENT"
-.IX Header "ENVIRONMENT"
-\&\fBpgpverify\fR does not modify or otherwise alter the environment before
-invoking the \fBpgp\fR or \fBgpgv\fR program. It is the responsibility of the
-person who installs \fBpgpverify\fR to ensure that when \fBpgp\fR or \fBgpgv\fR
-runs, it has the ability to locate and read a \s-1PGP\s0 key file that contains
-the \s-1PGP\s0 public keys for the appropriate Usenet hierarchy administrators.
-\&\fBpgpverify\fR can be pointed to an appropriate key ring by editing
-variables at the beginning of this script.
-.SH "NOTES"
-.IX Header "NOTES"
-Historically, Usenet news server administrators have configured their news
-servers to automatically honor Usenet control messages based on the
-originator of the control messages and the hierarchies for which the
-control messages applied. For example, in the past, David Lawrence always
-issued control messages for the \*(L"Big\ 8\*(R" hierarchies (comp, humanities,
-misc, news, rec, sci, soc, talk). Usenet news administrators would
-configure their news server software to automatically honor newgroup and
-rmgroup control messages that originated from David Lawrence and applied
-to any of the Big\ 8 hierarchies.
-.PP
-Unfortunately, Usenet news articles (including control messages) are
-notoriously easy to forge. Soon, malicious users realized they could
-create or remove (at least temporarily) any Big\ 8 newsgroup they wanted by
-simply forging an appropriate control message in David Lawrence's name.
-As Usenet became more widely used, forgeries became more common.
-.PP
-The \fBpgpverify\fR program was designed to allow Usenet news administrators
-to configure their servers to cryptographically verify control messages
-before automatically acting on them. Under the \fBpgpverify\fR system, a Usenet
-hierarchy maintainer creates a \s-1PGP\s0 public/private key pair and
-disseminates the public key. Whenever the hierarchy maintainer issues a
-control message, he uses the \fBsigncontrol\fR program to sign the control
-message with the \s-1PGP\s0 private key. Usenet news administrators configure
-their news servers to run the \fBpgpverify\fR program on the appropriate
-control messages, and take action based on the \s-1PGP\s0 key User \s-1ID\s0 that signed
-the control message, not the name and address that appear in the control
-message's From: or Sender: headers.
-.PP
-Thus, appropriate use of the \fBsigncontrol\fR and \fBpgpverify\fR programs
-essentially eliminates the possibility of malicious users forging Usenet
-control messages that sites will act upon, as such users would have to
-obtain the \s-1PGP\s0 private key in order to forge a control message that would
-pass the cryptographic verification step. If the hierarchy administrators
-properly protect their \s-1PGP\s0 private keys, the only way a malicious user
-could forge a validly-signed control message would be by breaking the
-public key encryption algorithm, which (at least at this time) is believed
-to be prohibitively difficult for \s-1PGP\s0 keys of a sufficient bit length.
-.SH "HISTORY"
-.IX Header "HISTORY"
-\&\fBpgpverify\fR was written by David C Lawrence <tale@isc.org>. Manual page
-provided by James Ralston. It is currently maintained by Russ Allbery
-<rra@stanford.edu>.
-.SH "COPYRIGHT AND LICENSE"
-.IX Header "COPYRIGHT AND LICENSE"
-David Lawrence wrote: \*(L"Our lawyer told me to include the following. The
-upshot of it is that you can use the software for free as much as you
-like.\*(R"
-.PP
-Copyright (c) 1996 \s-1UUNET\s0 Technologies, Inc.
-All rights reserved.
-.PP
-Redistribution and use in source and binary forms, with or without
-modification, are permitted provided that the following conditions are
-met:
-.IP "1." 4
-Redistributions of source code must retain the above copyright notice,
-this list of conditions and the following disclaimer.
-.IP "2." 4
-Redistributions in binary form must reproduce the above copyright notice,
-this list of conditions and the following disclaimer in the documentation
-and/or other materials provided with the distribution.
-.IP "3." 4
-All advertising materials mentioning features or use of this software must
-display the following acknowledgement:
-.Sp
-.Vb 1
-\& This product includes software developed by UUNET Technologies, Inc.
-.Ve
-.IP "4." 4
-The name of \s-1UUNET\s0 Technologies (\*(L"\s-1UUNET\s0\*(R") may not be used to endorse or
-promote products derived from this software without specific prior written
-permission.
-.PP
-\&\s-1THIS\s0 \s-1SOFTWARE\s0 \s-1IS\s0 \s-1PROVIDED\s0 \s-1BY\s0 \s-1UUNET\s0 \*(L"\s-1AS\s0 \s-1IS\s0\*(R" \s-1AND\s0 \s-1ANY\s0 \s-1EXPRESS\s0 \s-1OR\s0 \s-1IMPLIED\s0
-\&\s-1WARRANTIES\s0, \s-1INCLUDING\s0, \s-1BUT\s0 \s-1NOT\s0 \s-1LIMITED\s0 \s-1TO\s0, \s-1THE\s0 \s-1IMPLIED\s0 \s-1WARRANTIES\s0 \s-1OF\s0
-\&\s-1MERCHANTABILITY\s0 \s-1AND\s0 \s-1FITNESS\s0 \s-1FOR\s0 A \s-1PARTICULAR\s0 \s-1PURPOSE\s0 \s-1ARE\s0 \s-1DISCLAIMED\s0. \s-1IN\s0
-\&\s-1NO\s0 \s-1EVENT\s0 \s-1SHALL\s0 \s-1UUNET\s0 \s-1BE\s0 \s-1LIABLE\s0 \s-1FOR\s0 \s-1ANY\s0 \s-1DIRECT\s0, \s-1INDIRECT\s0, \s-1INCIDENTAL\s0,
-\&\s-1SPECIAL\s0, \s-1EXEMPLARY\s0, \s-1OR\s0 \s-1CONSEQUENTIAL\s0 \s-1DAMAGES\s0 (\s-1INCLUDING\s0, \s-1BUT\s0 \s-1NOT\s0 \s-1LIMITED\s0
-\&\s-1TO\s0, \s-1PROCUREMENT\s0 \s-1OF\s0 \s-1SUBSTITUTE\s0 \s-1GOODS\s0 \s-1OR\s0 \s-1SERVICES\s0; \s-1LOSS\s0 \s-1OF\s0 \s-1USE\s0, \s-1DATA\s0, \s-1OR\s0
-\&\s-1PROFITS\s0; \s-1OR\s0 \s-1BUSINESS\s0 \s-1INTERRUPTION\s0) \s-1HOWEVER\s0 \s-1CAUSED\s0 \s-1AND\s0 \s-1ON\s0 \s-1ANY\s0 \s-1THEORY\s0 \s-1OF\s0
-\&\s-1LIABILITY\s0, \s-1WHETHER\s0 \s-1IN\s0 \s-1CONTRACT\s0, \s-1STRICT\s0 \s-1LIABILITY\s0, \s-1OR\s0 \s-1TORT\s0 (\s-1INCLUDING\s0
-\&\s-1NEGLIGENCE\s0 \s-1OR\s0 \s-1OTHERWISE\s0) \s-1ARISING\s0 \s-1IN\s0 \s-1ANY\s0 \s-1WAY\s0 \s-1OUT\s0 \s-1OF\s0 \s-1THE\s0 \s-1USE\s0 \s-1OF\s0 \s-1THIS\s0
-\&\s-1SOFTWARE\s0, \s-1EVEN\s0 \s-1IF\s0 \s-1ADVISED\s0 \s-1OF\s0 \s-1THE\s0 \s-1POSSIBILITY\s0 \s-1OF\s0 \s-1SUCH\s0 \s-1DAMAGE\s0.
-.SH "SEE ALSO"
-.IX Header "SEE ALSO"
-\&\fIgpgv\fR\|(1), \fIpgp\fR\|(1).
-.PP
-<ftp://ftp.isc.org/pub/pgpcontrol/> is where the most recent versions of
-\&\fBsigncontrol\fR and \fBpgpverify\fR live, along with \s-1PGP\s0 public keys used for
-hierarchy administration.
~ian / innduct.git / blobdiff