Single manpage for command-line tool.

10 files changed, 201 insertions, 483 deletions

diff --git a/lib/libkeynote/Makefile.distribution b/lib/libkeynote/Makefile.distribution
index 201ed14e47f..c168d06b929 100644
--- a/lib/libkeynote/Makefile.distribution
+++ b/lib/libkeynote/Makefile.distribution
@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile.distribution,v 1.1 1999/05/24 02:11:40 angelos Exp $
+# $OpenBSD: Makefile.distribution,v 1.2 1999/05/27 01:09:43 angelos Exp $
 #
 # The author of this code is Angelos D. Keromytis (angelos@dsl.cis.upenn.edu)
 #
@@ -134,25 +134,16 @@ test: all
 		-l testsuite/test-assertion5 -l testsuite/test-assertion6 \
 		-l testsuite/test-assertion7 || ${TRUE}
 
-manpages: mankeynote mansystem mansign manver mansigver mankeygen
+manpages: mankeynote mansystem manutility
 
 mankeynote:
-	${NROFF} ${NROFFFLAGS} man/keynote.3 > man/keynote.0
+	${NROFF} ${NROFFFLAGS} man/keynote.3 > man/keynote-library.0
 
 mansystem:
 	${NROFF} ${NROFFFLAGS} man/keynote.4 > man/keynote-system.0
 
-mansign:
-	${NROFF} ${NROFFFLAGS} man/keynote-sign.1 > man/keynote-sign.0
-
-mansigver:
-	${NROFF} ${NROFFFLAGS} man/keynote-sigver.1 > man/keynote-sigver.0
-
-manver:
-	${NROFF} ${NROFFFLAGS} man/keynote-verify.1 > man/keynote-verify.0
-
-mankeygen:
-	${NROFF} ${NROFFFLAGS} man/keynote-keygen.1 > man/keynote-keygen.0
+manutility:
+	${NROFF} ${NROFFFLAGS} man/keynote.1 > man/keynote-utility.0
 
 distribution: test cleanall manpages
 	${MKDIR} ${KNSUBDIR}
diff --git a/lib/libkeynote/README b/lib/libkeynote/README
index d12580f17bb..0b769a8fa50 100644
--- a/lib/libkeynote/README
+++ b/lib/libkeynote/README
@@ -1,4 +1,4 @@
-# $OpenBSD: README,v 1.2 1999/05/24 02:11:41 angelos Exp $
+# $OpenBSD: README,v 1.3 1999/05/27 01:09:43 angelos Exp $
 
 This is release 2-beta2 of the KeyNote trust management library reference
 implementation.
@@ -53,8 +53,8 @@ Compile tips:
 The Makefile creates the libkeynote.a library and the keynote program.
 *** Notice that the 4 programs of previous releases have been folded into one
 
-There is a man page for the library calls (keynote.3) and one for each of the
-keynote utility functions, in the man/ directory. There is also a man page
+There is a man page for the library calls (keynote.3) and one for the command
+line tool (keynote.1), in the man/ directory. There is also a man page
 about KeyNote itself (keynote.4), which contains some text from the spec.
 
 To view them, use:
@@ -62,10 +62,6 @@ To view them, use:
   nroff -mandoc keynote.1 | more
   nroff -mandoc keynote.3 | more
   nroff -mandoc keynote.4 | more
-  nroff -mandoc keynote-verify.1 | more
-  nroff -mandoc keynote-keygen.1 | more
-  nroff -mandoc keynote-sign.1 | more
-  nroff -mandoc keynote-sigver.1 | more
 
 Alternatively, you can just install them in your manpath. If your
 nroff does not support the -mandoc flag, use -man instead. For those
diff --git a/lib/libkeynote/TODO b/lib/libkeynote/TODO
index 1c6933d3304..e21b5412583 100644
--- a/lib/libkeynote/TODO
+++ b/lib/libkeynote/TODO
@@ -1,7 +1,6 @@
-# $OpenBSD: TODO,v 1.2 1999/05/25 21:42:20 angelos Exp $
+# $OpenBSD: TODO,v 1.3 1999/05/27 01:09:43 angelos Exp $
 
 Short term TODOs:
-	- Single manpage for utilities
 	- More interesting/comprehensive testsuite
 	- Add the proper RFC reference to the manpages and README
 	- Write key/signature algorithm draft(s)
diff --git a/lib/libkeynote/keynote-keygen.1 b/lib/libkeynote/keynote-keygen.1
deleted file mode 100644
index 925f7021258..00000000000
--- a/lib/libkeynote/keynote-keygen.1
+++ /dev/null
@@ -1,107 +0,0 @@
-.\" $OpenBSD: keynote-keygen.1,v 1.3 1999/05/25 21:42:21 angelos Exp $
-.\"
-.\" The author of this code is Angelos D. Keromytis (angelos@dsl.cis.upenn.edu)
-.\"
-.\" This code was written by Angelos D. Keromytis in Philadelphia, PA, USA,
-.\" in April-May 1998
-.\"
-.\" Copyright (C) 1998, 1999 by Angelos D. Keromytis.
-.\"      
-.\" Permission to use, copy, and modify this software without fee
-.\" is hereby granted, provided that this entire notice is included in
-.\" all copies of any software which is or includes a copy or
-.\" modification of this software. 
-.\" You may use this code under the GNU public license if you so wish. Please
-.\" contribute changes back to the author.
-.\"
-.\" THIS SOFTWARE IS BEING PROVIDED "AS IS", WITHOUT ANY EXPRESS OR
-.\" IMPLIED WARRANTY. IN PARTICULAR, THE AUTHORS MAKES NO
-.\" REPRESENTATION OR WARRANTY OF ANY KIND CONCERNING THE
-.\" MERCHANTABILITY OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR
-.\" PURPOSE.
-.\"
-.Dd April 29, 1999
-.Dt keynote-keygen 1
-.Os
-.\" .TH keynote-keygen 1 local
-.Sh NAME
-.Nm keynote-keygen
-.Nd command line tool for generating public/private keys
-.Sh SYNOPSIS
-.Nm keynote keygen
-.Ar AlgorithmName
-.Ar KeySize
-.Ar PublicKeyFile
-.Ar PrivateKeyFile
-.Op print-offset
-.Op print-length
-.Sh DESCRIPTION
-.Nm keynote-keygen
-creates a public/private key of size
-.Fa KeySize ,
-for the algorithm specified by
-.Fa AlgorithmName .
-Typical keysizes are 512, 1024, or 2048 (bits). The minimum key size
-for DSA keys is 512 (bits). Supported
-.Fa AlgorithmName
-identifiers are:
-.Bl -tag -width indent
-.It ``dsa-hex:''
-.It ``dsa-base64:''
-.It ``rsa-hex:''
-.It ``rsa-base64:''
-.El
-.Pp
-Notice that the trailing colon is required.
-The resulting public key is stored in file
-.Fa PublicKeyFile .
-Similarly, the resulting private key is stored in file
-.Fa PrivateKeyFile .
-Either of the filenames can be specified to be ``-'', in which
-case the corresponding key(s) will be printed in standard output.
-.Pp
-The optional parameters
-.Fa print-offset
-and
-.Fa print-length
-specify the offset from the begining of the line where the key
-will be printed, and the number of characters of the key that will
-be printed per line.
-.Fa print-length
-includes
-.Fa AlgorithmName
-for the first line and has to be longer (by at least 2) than
-.Fa AlgorithmName .
-.Fa print-length
-also accounts for the line-continuation character (backslash) at
-the end of each line, and the doublequotes at the begining and end
-of the key encoding.  Default values are 12 and 50 respectively.
-.Pp
-.Sh SEE ALSO
-.Xr keynote 1 ,
-.Xr keynote 3 ,
-.Xr keynote 4 ,
-.Xr keynote-sign 1 ,
-.Xr keynote-sigver 1 ,
-.Xr keynote-verify 1
-.Bl -tag -width "AAAAAAA"
-.It ``The KeyNote Trust-Management System'' 
-M. Blaze, J. Feigenbaum, A. D. Keromytis,
-Internet Drafts, draft-ietf-trustmgt-keynote-00.txt
-.It ``Decentralized Trust Management'' 
-M. Blaze, J. Feigenbaum, J. Lacy,
-1996 IEEE Conference on Privacy and Security
-.It ``Compliance-Checking in the PolicyMaker Trust Management System''
-M. Blaze, J. Feigenbaum, M. Strauss,
-1998 Financial Crypto Conference
-.El
-.Sh AUTHOR
-Angelos D. Keromytis (angelos@dsl.cis.upenn.edu)
-.Sh WEB PAGE
-http://www.cis.upenn.edu/~keynote
-.Sh BUGS
-None that we know of.
-If you find any, please report them at
-.Bd -literal -offset indent -compact
-keynote@research.att.com
-.Ed
diff --git a/lib/libkeynote/keynote-sign.1 b/lib/libkeynote/keynote-sign.1
deleted file mode 100644
index cf9d3a0921b..00000000000
--- a/lib/libkeynote/keynote-sign.1
+++ /dev/null
@@ -1,123 +0,0 @@
-.\" $OpenBSD: keynote-sign.1,v 1.5 1999/05/26 20:09:30 angelos Exp $
-.\"
-.\" The author of this code is Angelos D. Keromytis (angelos@dsl.cis.upenn.edu)
-.\"
-.\" This code was written by Angelos D. Keromytis in Philadelphia, PA, USA,
-.\" in April-May 1998
-.\"
-.\" Copyright (C) 1998, 1999 by Angelos D. Keromytis.
-.\"      
-.\" Permission to use, copy, and modify this software without fee
-.\" is hereby granted, provided that this entire notice is included in
-.\" all copies of any software which is or includes a copy or
-.\" modification of this software. 
-.\" You may use this code under the GNU public license if you so wish. Please
-.\" contribute changes back to the author.
-.\"
-.\" THIS SOFTWARE IS BEING PROVIDED "AS IS", WITHOUT ANY EXPRESS OR
-.\" IMPLIED WARRANTY. IN PARTICULAR, THE AUTHORS MAKES NO
-.\" REPRESENTATION OR WARRANTY OF ANY KIND CONCERNING THE
-.\" MERCHANTABILITY OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR
-.\" PURPOSE.
-.\"
-.Dd April 29, 1999
-.Dt keynote-sign 1
-.Os
-.\" .TH keynote-sign 1 local
-.Sh NAME
-.Nm keynote-sign
-.Nd command line tool for signing
-.Xr KeyNote 3
-assertions
-.Sh SYNOPSIS
-.Nm keynote sign
-.Op Fl v
-.Ar AlgorithmName
-.Ar AssertionFile
-.Ar PrivateKeyFile
-.Sh DESCRIPTION
-.Nm keynote-sign
-reads the assertion contained in
-.Fa AssertionFile
-and generates a signature specified by
-.Fa AlgorithmName
-using the private key stored in
-.Fa PrivateKeyFile .
-The private key is expected to be of the form output by
-.Xr keynote-keygen 1 .
-The private key algorithm and the
-.Fa AlgorithmName
-specified as an argument are expected to match. There is no requirement
-for the internal or ASCII encodings to match.
-Valid
-.Fa AlgorithmName
-identifiers are:
-.Bl -tag -width indent
-.It ``sig-dsa-sha1-hex:''
-.It ``sig-dsa-sha1-base64:''
-.It ``sig-rsa-sha1-hex:''
-.It ``sig-rsa-sha1-base64:''
-.It ``sig-rsa-md5-hex:''
-.It ``sig-rsa-md5-base64:''
-.El
-.Pp
-Notice that the trailing colon is required.
-The resulting signature is printed in standard output. This can then
-be added (via cut-and-paste or some script) at the end of the
-assertion, in the
-.Fa Signature
-field.
-.Pp
-The public key corresponding to the private key in
-.Fa PrivateKeyFile
-is expected to already be included in the
-.Fa Authorizer
-field of the assertion, either directly or indirectly (i.e., through
-use of a
-.Fa Local-Init
-attribute). Furthermore, the assertion must have a
-.Fa Signature
-field (even if it is empty), as the signature is computed on
-everything between the
-.Fa KeyNote-Version
-and
-.Fa Signature
-keywords (inclusive), and the
-.Fa AlgorithmName
-string.
-.Pp
-If the
-.Fl v
-flag is provided,
-.Nm keynote-sign
-will also verify the newly-created signature using the
-.Fa Authorizer
-field key.
-.Sh SEE ALSO
-.Xr keynote 1 ,
-.Xr keynote 3 ,
-.Xr keynote 4 ,
-.Xr keynote-keygen 1 ,
-.Xr keynote-sigver 1 ,
-.Xr keynote-verify 1
-.Bl -tag -width "AAAAAAA"
-.It ``The KeyNote Trust-Management System'' 
-M. Blaze, J. Feigenbaum, A. D. Keromytis,
-Internet Drafts, draft-ietf-trustmgt-keynote-00.txt
-.It ``Decentralized Trust Management'' 
-M. Blaze, J. Feigenbaum, J. Lacy,
-1996 IEEE Conference on Privacy and Security
-.It ``Compliance-Checking in the PolicyMaker Trust Management System''
-M. Blaze, J. Feigenbaum, M. Strauss,
-1998 Financial Crypto Conference
-.El
-.Sh AUTHOR
-Angelos D. Keromytis (angelos@dsl.cis.upenn.edu)
-.Sh WEB PAGE
-http://www.cis.upenn.edu/~keynote
-.Sh BUGS
-None that we know of.
-If you find any, please report them at
-.Bd -literal -offset indent -compact
-keynote@research.att.com
-.Ed
diff --git a/lib/libkeynote/keynote-sigver.1 b/lib/libkeynote/keynote-sigver.1
deleted file mode 100644
index dca8192ab9d..00000000000
--- a/lib/libkeynote/keynote-sigver.1
+++ /dev/null
@@ -1,67 +0,0 @@
-.\" $OpenBSD: keynote-sigver.1,v 1.4 1999/05/25 21:42:21 angelos Exp $
-.\"
-.\" The author of this code is Angelos D. Keromytis (angelos@dsl.cis.upenn.edu)
-.\"
-.\" This code was written by Angelos D. Keromytis in Philadelphia, PA, USA,
-.\" in April-May 1998
-.\"
-.\" Copyright (C) 1998, 1999 by Angelos D. Keromytis.
-.\"      
-.\" Permission to use, copy, and modify this software without fee
-.\" is hereby granted, provided that this entire notice is included in
-.\" all copies of any software which is or includes a copy or
-.\" modification of this software. 
-.\" You may use this code under the GNU public license if you so wish. Please
-.\" contribute changes back to the author.
-.\"
-.\" THIS SOFTWARE IS BEING PROVIDED "AS IS", WITHOUT ANY EXPRESS OR
-.\" IMPLIED WARRANTY. IN PARTICULAR, THE AUTHORS MAKES NO
-.\" REPRESENTATION OR WARRANTY OF ANY KIND CONCERNING THE
-.\" MERCHANTABILITY OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR
-.\" PURPOSE.
-.\"
-.Dd April 29, 1999
-.Dt keynote-sigver 1
-.Os
-.\" .TH keynote-sigver 1 local
-.Sh NAME
-.Nm keynote-sigver
-.Nd command line tool for verifying signed
-.Xr KeyNote 3
-assertions
-.Sh SYNOPSIS
-.Nm keynote sigver
-.Op AssertionFile
-.Sh DESCRIPTION
-.Nm keynote-sigver
-reads the assertion contained in
-.Fa AssertionFile
-and verifies the public key signature on it.
-.Sh SEE ALSO
-.Xr keynote 1 ,
-.Xr keynote 3 ,
-.Xr keynote 4 ,
-.Xr keynote-keygen 1 ,
-.Xr keynote-sign 1 ,
-.Xr keynote-verify 1
-.Bl -tag -width "AAAAAAA"
-.It ``The KeyNote Trust-Management System'' 
-M. Blaze, J. Feigenbaum, A. D. Keromytis,
-Internet Drafts, draft-ietf-trustmgt-keynote-00.txt
-.It ``Decentralized Trust Management'' 
-M. Blaze, J. Feigenbaum, J. Lacy,
-1996 IEEE Conference on Privacy and Security
-.It ``Compliance-Checking in the PolicyMaker Trust Management System''
-M. Blaze, J. Feigenbaum, M. Strauss,
-1998 Financial Crypto Conference
-.El
-.Sh AUTHOR
-Angelos D. Keromytis (angelos@dsl.cis.upenn.edu)
-.Sh WEB PAGE
-http://www.cis.upenn.edu/~keynote
-.Sh BUGS
-None that we know of.
-If you find any, please report them at
-.Bd -literal -offset indent -compact
-keynote@research.att.com
-.Ed
diff --git a/lib/libkeynote/keynote-verify.1 b/lib/libkeynote/keynote-verify.1
deleted file mode 100644
index a122e813d35..00000000000
--- a/lib/libkeynote/keynote-verify.1
+++ /dev/null
@@ -1,132 +0,0 @@
-.\" $OpenBSD: keynote-verify.1,v 1.4 1999/05/25 21:42:21 angelos Exp $
-.\"
-.\" The author of this code is Angelos D. Keromytis (angelos@dsl.cis.upenn.edu)
-.\"
-.\" This code was written by Angelos D. Keromytis in Philadelphia, PA, USA,
-.\" in April-May 1998
-.\"
-.\" Copyright (C) 1998, 1999 by Angelos D. Keromytis.
-.\"      
-.\" Permission to use, copy, and modify this software without fee
-.\" is hereby granted, provided that this entire notice is included in
-.\" all copies of any software which is or includes a copy or
-.\" modification of this software. 
-.\" You may use this code under the GNU public license if you so wish. Please
-.\" contribute changes back to the author.
-.\"
-.\" THIS SOFTWARE IS BEING PROVIDED "AS IS", WITHOUT ANY EXPRESS OR
-.\" IMPLIED WARRANTY. IN PARTICULAR, THE AUTHORS MAKES NO
-.\" REPRESENTATION OR WARRANTY OF ANY KIND CONCERNING THE
-.\" MERCHANTABILITY OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR
-.\" PURPOSE.
-.\"
-.Dd April 29, 1999
-.Dt keynote-verify 1
-.Os
-.\" .TH keynote-verify 1 local
-.Sh NAME
-.Nm keynote-verify
-.Nd command line tool for evaluating
-.Xr KeyNote 3
-assertions
-.Sh SYNOPSIS
-.Nm keynote verify
-.Op Fl h
-.Op Fl e Ar file
-.Fl l Ar file
-.Fl r Ar retlist
-.Op Fl k Ar file
-.Op Fl l Ar file
-.Op Ar file ...
-.Sh DESCRIPTION
-For each operand that names a
-.A file ,
-.Nm keynote-verify
-reads the file and parses the assertions contained therein (one
-assertion per file).
-.Pp
-Files given with the
-.Fl l
-flag are assumed to contain trusted assertions (no signature
-verification is performed, and the
-.Fa Authorizer
-field can contain non-key principals.
-There should be at least one assertion with the
-.Fa POLICY
-keyword in the
-.Fa Authorizer
-field.
-.Pp
-The
-.Fl r
-flag is used to provide a comma-separated list of return values, in
-increasing order of compliance from left to right.
-.Pp
-Files given with the
-.Fl e
-flag are assumed to contain environment variables and their values,
-in the format:
-.Bd -literal -offset indent
- varname = \"value\"
-.Ed
-.Pp
-.Fa varname
-can begin with any letter (upper or lower case) or number,
-and can contain underscores.
-.Fa value
-is a quoted string, and can contain any character, and escape
-(backslash) processing is performed, as specified in the KeyNote
-draft. 
-.Pp
-The remaining options are:
-.Bl -tag -width indent
-.It Fl h
-Print a usage message and exit.
-.It Fl k Ar file
-Add a key from
-.Fa file
-in the action authorizers.
-.El
-.Pp
-Exactly one
-.Fl r
-and least one of each
-.Fl e ,
-.Fl l ,
-and
-.Fl k
-flags should be given per invocation. If no flags are given,
-.Nm keynote-verify
-prints the usage message and exits with error code -1.
-.Pp
-The
-.Nm keynote-verify
-exits with code -1 if there was an error, and 0 on success.
-.Sh SEE ALSO
-.Xr keynote 1 ,
-.Xr keynote 3 ,
-.Xr keynote 4 ,
-.Xr keynote-keygen 1 ,
-.Xr keynote-sign 1 ,
-.Xr keynote-sigver 1
-.Bl -tag -width "AAAAAAA"
-.It ``The KeyNote Trust-Management System'' 
-M. Blaze, J. Feigenbaum, A. D. Keromytis,
-Internet Drafts, draft-ietf-trustmgt-keynote-00.txt
-.It ``Decentralized Trust Management'' 
-M. Blaze, J. Feigenbaum, J. Lacy,
-1996 IEEE Conference on Privacy and Security
-.It ``Compliance-Checking in the PolicyMaker Trust Management System''
-M. Blaze, J. Feigenbaum, M. Strauss,
-1998 Financial Crypto Conference
-.El
-.Sh AUTHOR
-Angelos D. Keromytis (angelos@dsl.cis.upenn.edu)
-.Sh WEB PAGE
-http://www.cis.upenn.edu/~keynote
-.Sh BUGS
-None that we know of.
-If you find any, please report them at
-.Bd -literal -offset indent -compact
-keynote@research.att.com
-.Ed
diff --git a/lib/libkeynote/keynote.1 b/lib/libkeynote/keynote.1
index 580446c3667..6f0d1d88fca 100644
--- a/lib/libkeynote/keynote.1
+++ b/lib/libkeynote/keynote.1
@@ -1,4 +1,4 @@
-.\" $OpenBSD: keynote.1,v 1.2 1999/05/25 21:42:22 angelos Exp $
+.\" $OpenBSD: keynote.1,v 1.3 1999/05/27 01:09:44 angelos Exp $
 .\"
 .\" The author of this code is Angelos D. Keromytis (angelos@dsl.cis.upenn.edu)
 .\"
@@ -22,7 +22,6 @@
 .\"
 .Dd April 29, 1999
 .Dt keynote 1
-.Os
 .\" .TH keynote 1 local
 .Sh NAME
 .Nm keynote
@@ -30,26 +29,196 @@
 .Xr KeyNote 3
 operations
 .Sh SYNOPSIS
-.Nm keynote
-.Op sign|verify|sigver|keygen
-.Op ...
-.Sh DESCRIPTION
-.Nm keynote
-does the operation indicated by the first argument. For more details on the
-specific flags for each operation, see the respective manpages (
-.Xr keynote-sign 1 ,
-.Xr keynote-verify 1 ,
-.Xr keynote-sigver 1 ,
+.Nm keynote keygen
+.Ar AlgorithmName
+.Ar KeySize
+.Ar PublicKeyFile
+.Ar PrivateKeyFile
+.Op print-offset
+.Op print-length
+
+.Nm keynote sign
+.Op Fl v
+.Ar AlgorithmName
+.Ar AssertionFile
+.Ar PrivateKeyFile
+
+.Nm keynote sigver
+.Op AssertionFile
+
+.Nm keynote verify
+.Op Fl h
+.Op Fl e Ar file
+.Fl l Ar file
+.Fl r Ar retlist
+.Op Fl k Ar file
+.Op Fl l Ar file
+.Op Ar file ...
+.Sh KEY GENERATION
+"keynote keygen" creates a public/private key of size
+.Fa KeySize ,
+(in bits) for the algorithm specified by
+.Fa AlgorithmName .
+Typical keysizes are 512, 1024, or 2048 (bits). The minimum key size
+for DSA keys is 512 (bits). Supported
+.Fa AlgorithmName
+identifiers are:
+.Bl -tag -width indent
+.It ``dsa-hex:''
+.It ``dsa-base64:''
+.It ``rsa-hex:''
+.It ``rsa-base64:''
+.El
+.Pp
+Notice that the trailing colon is required. The resulting public key is
+stored in file
+.Fa PublicKeyFile .
+Similarly, the resulting private key is stored in file
+.Fa PrivateKeyFile .
+Either of the filenames can be specified to be ``-'', in which
+case the corresponding key(s) will be printed in standard output.
+.Pp
+The optional parameters
+.Fa print-offset
+and
+.Fa print-length
+specify the offset from the begining of the line where the key
+will be printed, and the number of characters of the key that will
+be printed per line.
+.Fa print-length
+includes
+.Fa AlgorithmName
+for the first line and has to be longer (by at least 2) than
+.Fa AlgorithmName .
+.Fa print-length
+also accounts for the line-continuation character (backslash) at
+the end of each line, and the doublequotes at the begining and end
+of the key encoding.  Default values are 12 and 50 respectively.
+.Pp
+.Sh ASSERTION SIGNING
+"keynote sign" reads the assertion contained in
+.Fa AssertionFile
+and generates a signature specified by
+.Fa AlgorithmName
+using the private key stored in
+.Fa PrivateKeyFile .
+The private key is expected to be of the form output by
+"keynote keygen".  The private key algorithm and the
+.Fa AlgorithmName
+specified as an argument are expected to match. There is no requirement
+for the internal or ASCII encodings to match.  Valid
+.Fa AlgorithmName
+identifiers are:
+.Bl -tag -width indent
+.It ``sig-dsa-sha1-hex:''
+.It ``sig-dsa-sha1-base64:''
+.It ``sig-rsa-sha1-hex:''
+.It ``sig-rsa-sha1-base64:''
+.It ``sig-rsa-md5-hex:''
+.It ``sig-rsa-md5-base64:''
+.El
+.Pp
+Notice that the trailing colon is required.
+The resulting signature is printed in standard output. This can then
+be added (via cut-and-paste or some script) at the end of the
+assertion, in the
+.Fa Signature
+field.
+.Pp
+The public key corresponding to the private key in
+.Fa PrivateKeyFile
+is expected to already be included in the
+.Fa Authorizer
+field of the assertion, either directly or indirectly (i.e., through
+use of a
+.Fa Local-Constants
+attribute). Furthermore, the assertion must have a
+.Fa Signature
+field (even if it is empty), as the signature is computed on
+everything between the
+.Fa KeyNote-Version
+and
+.Fa Signature
+keywords (inclusive), and the
+.Fa AlgorithmName
+string.
+.Pp
+If the
+.Fl v
+flag is provided, "keynote sign" will also verify the newly-created
+signature using the
+.Fa Authorizer
+field key.
+.Pp
+.Sh SIGNATURE VERIFICATION
+"keynote sigver" reads the assertion contained in
+.Fa AssertionFile
+and verifies the public-key signature on it.
+.Pp
+.Sh QUERY TOOL
+For each operand that names a
+.A file ,
+"keynote verify" reads the file and parses the assertions contained
+therein (one assertion per file).
+.Pp
+Files given with the
+.Fl l
+flag are assumed to contain trusted assertions (no signature
+verification is performed, and the
+.Fa Authorizer
+field can contain non-key principals.
+There should be at least one assertion with the
+.Fa POLICY
+keyword in the
+.Fa Authorizer
+field.
+.Pp
+The
+.Fl r
+flag is used to provide a comma-separated list of return values, in
+increasing order of compliance from left to right.
+.Pp
+Files given with the
+.Fl e
+flag are assumed to contain environment variables and their values,
+in the format:
+.Bd -literal -offset indent
+ varname = "value"
+.Ed
+.Pp
+.Fa varname
+can begin with any letter (upper or lower case) or number,
+and can contain underscores.
+.Fa value
+is a quoted string, and can contain any character, and escape
+(backslash) processing is performed, as specified in the KeyNote
+draft. 
+.Pp
+The remaining options are:
+.Bl -tag -width indent
+.It Fl h
+Print a usage message and exit.
+.It Fl k Ar file
+Add a key from
+.Fa file
+in the action authorizers.
+.El
+.Pp
+Exactly one
+.Fl r
+and least one of each
+.Fl e ,
+.Fl l ,
 and
-.Xr keynote-keygen 1
-respectively).
+.Fl k
+flags should be given per invocation. If no flags are given,
+"keynote verify" prints the usage message and exits with error code -1.
+.Pp
+"keynote verify" exits with code -1 if there was an error, and 0 on success.
+.Pp
 .Sh SEE ALSO
 .Xr keynote 3 ,
-.Xr keynote 4 ,
-.Xr keynote-keygen 1 ,
-.Xr keynote-sign 1 ,
-.Xr keynote-sigver 1 ,
-.Xr keynote-verify 1
+.Xr keynote 4
 .Bl -tag -width "AAAAAAA"
 .It ``The KeyNote Trust-Management System'' 
 M. Blaze, J. Feigenbaum, A. D. Keromytis,
diff --git a/lib/libkeynote/keynote.3 b/lib/libkeynote/keynote.3
index 74f3c027cb3..972106df099 100644
--- a/lib/libkeynote/keynote.3
+++ b/lib/libkeynote/keynote.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: keynote.3,v 1.4 1999/05/26 20:09:30 angelos Exp $
+.\" $OpenBSD: keynote.3,v 1.5 1999/05/27 01:09:44 angelos Exp $
 .\"
 .\" The author of this code is Angelos D. Keromytis (angelos@dsl.cis.upenn.edu)
 .\"
@@ -745,11 +745,7 @@ algorithm was not supported.
 .Fd libkeynote.a
 .Sh SEE ALSO
 .Xr keynote 1 ,
-.Xr keynote 4 ,
-.Xr keynote-keygen 1 , 
-.Xr keynote-sign 1 , 
-.Xr keynote-sigver 1 ,
-.Xr keynote-verify 1
+.Xr keynote 4
 .Bl -tag -width "AAAAAAA"
 .It ``The KeyNote Trust-Management System'' 
 M. Blaze, J. Feigenbaum, A. D. Keromytis,
diff --git a/lib/libkeynote/keynote.4 b/lib/libkeynote/keynote.4
index b7d598cfb27..15c74328d96 100644
--- a/lib/libkeynote/keynote.4
+++ b/lib/libkeynote/keynote.4
@@ -1,4 +1,4 @@
-.\" $OpenBSD: keynote.4,v 1.4 1999/05/26 20:09:30 angelos Exp $
+.\" $OpenBSD: keynote.4,v 1.5 1999/05/27 01:09:44 angelos Exp $
 .\"
 .\" The author of this code is Angelos D. Keromytis (angelos@dsl.cis.upenn.edu)
 .\"
@@ -232,11 +232,7 @@ actions.
 .Fd libkeynote.a
 .Sh SEE ALSO
 .Xr keynote 1 ,
-.Xr keynote 3 ,
-.Xr keynote-keygen 1 , 
-.Xr keynote-sign 1 , 
-.Xr keynote-sigver 1 ,
-.Xr keynote-verify 1
+.Xr keynote 3
 .Bl -tag -width "AAAAAAA"
 .It ``The KeyNote Trust-Management System'' 
 M. Blaze, J. Feigenbaum, A. D. Keromytis,