![[BACK]](/cvsweb/icons/back.gif){kind=icon}
Return to sign.1 CVS log ![[TXT]](/cvsweb/icons/text.gif){kind=icon}
![[DIR]](/cvsweb/icons/dir.gif){kind=icon}
Up to [Research Unix] / researchv10dc / cmd / sign|
Return to sign.1 CVS log | Up to [Research Unix] / researchv10dc / cmd / sign |
1.1 root 1: .TH SIGN 1
2: .CT 1 comm_term sa_mortals secur
3: .SH NAME
4: sign, verify, enroll, resign \(mi document certification
5: .SH SYNOPSIS
6: .B sign
7: [
8: .B -n
9: .I name
10: ] [
11: .I file
12: ]
13: .PP
14: .B verify
15: [
16: .B -s
17: ] [
18: .I file
19: ]
20: .PP
21: .B enroll
22: .PP
23: .B resign
24: .SH DESCRIPTION
25: These routines
26: provide a document-certification service.
27: .PP
28: .I Sign
29: reads a document from the
30: .I file
31: or from the standard input, demands a signing password
32: for the current login id,
33: and places on standard
34: output a signed and dated copy of the document,
35: with a cryptographic certificate attached.
36: The resulting document can be embedded in a larger one.
37: The option is
38: .TP
39: .BI -n " name
40: Set the signing name; its password will be demanded.
41: .PP
42: .I Verify
43: scans the
44: .I file
45: or the standard input for a certified document.
46: If the document and date are as they were when certified,
47: except possibly indented,
48: the verified document is placed on the standard output
49: with a statement of verification attached.
50: The option is
51: .TP
52: .B -s
53: Do not print the document; place only a statement of
54: verification on the standard output.
55: .PP
56: The signer of a document must be registered with the
57: certification service; the recipient need not be.
58: Two commands handle registration:
59: .PP
60: .I Enroll
61: demands a signing password and registers it for the current
62: login id.
63: It is unwise to use your login password.
64: .PP
65: .I Resign
66: demands the signing password and, if it is correct,
67: terminates the registration for the current login id.
68: .PP
69: A signed document and its date are tamperproof
70: and thus are good for ordinary business purposes.
71: The mere appearance of a certificate, however, is not proof
72: of authenticity. That can be determined only by
73: .I verify.
74: The output of
75: .I verify
76: lacks a
77: certificate; its authenticity cannot be attested at a later date.
78: .PP
79: There is no notion of an `original' signed document;
80: all copies are equally good and may be reverified at will.
81: .PP
82: Signers must trust
83: .I sign
84: and recipients must trust
85: .I verify
86: not to have been tampered with on their respective machines.
87: Both parties must trust the verification
88: service, which is on a separate secure machine,
89: and the communication channels to it.
90: .SH EXAMPLES
91: .TP
92: .B sign <doc.raw >doc.cert
93: .TP
94: .B verify <doc.suspect >doc.checked
95: .TP
96: .B sign <letter | mail whomever
97: The recipient can verify the letter from within
98: .IR mail (1)
99: by using
100: .I mail's
101: pipe command:
102: .LR |verify .
103: .SH SEE ALSO
104: .IR notary (8)
105: .SH DIAGNOSTICS
106: .I Verify
107: yields exit status 0 only on successful verification.
108: .PP
109: `Bogus' \- the document has been tampered with, or the
110: original password is no longer registered.
111: .SH BUGS
112: Only one user with a given login name may be registered;
113: thus the certification service cannot be extended too
114: far.
115: .br
116: To minimize dependence on the certification service,
117: no password check is made at signing. A mistyped password
118: will not show up until verification.
This archive runs on limited infrastructure. Preserving old code on modern bandwidth. Automated agents are requested to crawl responsibly.