diff options
| -rw-r--r-- | lib/libkeynote/Makefile.distribution | 19 | ||||
| -rw-r--r-- | lib/libkeynote/README | 10 | ||||
| -rw-r--r-- | lib/libkeynote/TODO | 3 | ||||
| -rw-r--r-- | lib/libkeynote/keynote-keygen.1 | 107 | ||||
| -rw-r--r-- | lib/libkeynote/keynote-sign.1 | 123 | ||||
| -rw-r--r-- | lib/libkeynote/keynote-sigver.1 | 67 | ||||
| -rw-r--r-- | lib/libkeynote/keynote-verify.1 | 132 | ||||
| -rw-r--r-- | lib/libkeynote/keynote.1 | 207 | ||||
| -rw-r--r-- | lib/libkeynote/keynote.3 | 8 | ||||
| -rw-r--r-- | lib/libkeynote/keynote.4 | 8 |
10 files changed, 201 insertions, 483 deletions
diff --git a/lib/libkeynote/Makefile.distribution b/lib/libkeynote/Makefile.distribution index 201ed14e47f..c168d06b929 100644 --- a/lib/libkeynote/Makefile.distribution +++ b/lib/libkeynote/Makefile.distribution @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile.distribution,v 1.1 1999/05/24 02:11:40 angelos Exp $ +# $OpenBSD: Makefile.distribution,v 1.2 1999/05/27 01:09:43 angelos Exp $ # # The author of this code is Angelos D. Keromytis (angelos@dsl.cis.upenn.edu) # @@ -134,25 +134,16 @@ test: all -l testsuite/test-assertion5 -l testsuite/test-assertion6 \ -l testsuite/test-assertion7 || ${TRUE} -manpages: mankeynote mansystem mansign manver mansigver mankeygen +manpages: mankeynote mansystem manutility mankeynote: - ${NROFF} ${NROFFFLAGS} man/keynote.3 > man/keynote.0 + ${NROFF} ${NROFFFLAGS} man/keynote.3 > man/keynote-library.0 mansystem: ${NROFF} ${NROFFFLAGS} man/keynote.4 > man/keynote-system.0 -mansign: - ${NROFF} ${NROFFFLAGS} man/keynote-sign.1 > man/keynote-sign.0 - -mansigver: - ${NROFF} ${NROFFFLAGS} man/keynote-sigver.1 > man/keynote-sigver.0 - -manver: - ${NROFF} ${NROFFFLAGS} man/keynote-verify.1 > man/keynote-verify.0 - -mankeygen: - ${NROFF} ${NROFFFLAGS} man/keynote-keygen.1 > man/keynote-keygen.0 +manutility: + ${NROFF} ${NROFFFLAGS} man/keynote.1 > man/keynote-utility.0 distribution: test cleanall manpages ${MKDIR} ${KNSUBDIR} diff --git a/lib/libkeynote/README b/lib/libkeynote/README index d12580f17bb..0b769a8fa50 100644 --- a/lib/libkeynote/README +++ b/lib/libkeynote/README @@ -1,4 +1,4 @@ -# $OpenBSD: README,v 1.2 1999/05/24 02:11:41 angelos Exp $ +# $OpenBSD: README,v 1.3 1999/05/27 01:09:43 angelos Exp $ This is release 2-beta2 of the KeyNote trust management library reference implementation. @@ -53,8 +53,8 @@ Compile tips: The Makefile creates the libkeynote.a library and the keynote program. *** Notice that the 4 programs of previous releases have been folded into one -There is a man page for the library calls (keynote.3) and one for each of the -keynote utility functions, in the man/ directory. There is also a man page +There is a man page for the library calls (keynote.3) and one for the command +line tool (keynote.1), in the man/ directory. There is also a man page about KeyNote itself (keynote.4), which contains some text from the spec. To view them, use: @@ -62,10 +62,6 @@ To view them, use: nroff -mandoc keynote.1 | more nroff -mandoc keynote.3 | more nroff -mandoc keynote.4 | more - nroff -mandoc keynote-verify.1 | more - nroff -mandoc keynote-keygen.1 | more - nroff -mandoc keynote-sign.1 | more - nroff -mandoc keynote-sigver.1 | more Alternatively, you can just install them in your manpath. If your nroff does not support the -mandoc flag, use -man instead. For those diff --git a/lib/libkeynote/TODO b/lib/libkeynote/TODO index 1c6933d3304..e21b5412583 100644 --- a/lib/libkeynote/TODO +++ b/lib/libkeynote/TODO @@ -1,7 +1,6 @@ -# $OpenBSD: TODO,v 1.2 1999/05/25 21:42:20 angelos Exp $ +# $OpenBSD: TODO,v 1.3 1999/05/27 01:09:43 angelos Exp $ Short term TODOs: - - Single manpage for utilities - More interesting/comprehensive testsuite - Add the proper RFC reference to the manpages and README - Write key/signature algorithm draft(s) diff --git a/lib/libkeynote/keynote-keygen.1 b/lib/libkeynote/keynote-keygen.1 deleted file mode 100644 index 925f7021258..00000000000 --- a/lib/libkeynote/keynote-keygen.1 +++ /dev/null @@ -1,107 +0,0 @@ -.\" $OpenBSD: keynote-keygen.1,v 1.3 1999/05/25 21:42:21 angelos Exp $ -.\" -.\" The author of this code is Angelos D. Keromytis (angelos@dsl.cis.upenn.edu) -.\" -.\" This code was written by Angelos D. Keromytis in Philadelphia, PA, USA, -.\" in April-May 1998 -.\" -.\" Copyright (C) 1998, 1999 by Angelos D. Keromytis. -.\" -.\" Permission to use, copy, and modify this software without fee -.\" is hereby granted, provided that this entire notice is included in -.\" all copies of any software which is or includes a copy or -.\" modification of this software. -.\" You may use this code under the GNU public license if you so wish. Please -.\" contribute changes back to the author. -.\" -.\" THIS SOFTWARE IS BEING PROVIDED "AS IS", WITHOUT ANY EXPRESS OR -.\" IMPLIED WARRANTY. IN PARTICULAR, THE AUTHORS MAKES NO -.\" REPRESENTATION OR WARRANTY OF ANY KIND CONCERNING THE -.\" MERCHANTABILITY OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR -.\" PURPOSE. -.\" -.Dd April 29, 1999 -.Dt keynote-keygen 1 -.Os -.\" .TH keynote-keygen 1 local -.Sh NAME -.Nm keynote-keygen -.Nd command line tool for generating public/private keys -.Sh SYNOPSIS -.Nm keynote keygen -.Ar AlgorithmName -.Ar KeySize -.Ar PublicKeyFile -.Ar PrivateKeyFile -.Op print-offset -.Op print-length -.Sh DESCRIPTION -.Nm keynote-keygen -creates a public/private key of size -.Fa KeySize , -for the algorithm specified by -.Fa AlgorithmName . -Typical keysizes are 512, 1024, or 2048 (bits). The minimum key size -for DSA keys is 512 (bits). Supported -.Fa AlgorithmName -identifiers are: -.Bl -tag -width indent -.It ``dsa-hex:'' -.It ``dsa-base64:'' -.It ``rsa-hex:'' -.It ``rsa-base64:'' -.El -.Pp -Notice that the trailing colon is required. -The resulting public key is stored in file -.Fa PublicKeyFile . -Similarly, the resulting private key is stored in file -.Fa PrivateKeyFile . -Either of the filenames can be specified to be ``-'', in which -case the corresponding key(s) will be printed in standard output. -.Pp -The optional parameters -.Fa print-offset -and -.Fa print-length -specify the offset from the begining of the line where the key -will be printed, and the number of characters of the key that will -be printed per line. -.Fa print-length -includes -.Fa AlgorithmName -for the first line and has to be longer (by at least 2) than -.Fa AlgorithmName . -.Fa print-length -also accounts for the line-continuation character (backslash) at -the end of each line, and the doublequotes at the begining and end -of the key encoding. Default values are 12 and 50 respectively. -.Pp -.Sh SEE ALSO -.Xr keynote 1 , -.Xr keynote 3 , -.Xr keynote 4 , -.Xr keynote-sign 1 , -.Xr keynote-sigver 1 , -.Xr keynote-verify 1 -.Bl -tag -width "AAAAAAA" -.It ``The KeyNote Trust-Management System'' -M. Blaze, J. Feigenbaum, A. D. Keromytis, -Internet Drafts, draft-ietf-trustmgt-keynote-00.txt -.It ``Decentralized Trust Management'' -M. Blaze, J. Feigenbaum, J. Lacy, -1996 IEEE Conference on Privacy and Security -.It ``Compliance-Checking in the PolicyMaker Trust Management System'' -M. Blaze, J. Feigenbaum, M. Strauss, -1998 Financial Crypto Conference -.El -.Sh AUTHOR -Angelos D. Keromytis (angelos@dsl.cis.upenn.edu) -.Sh WEB PAGE -http://www.cis.upenn.edu/~keynote -.Sh BUGS -None that we know of. -If you find any, please report them at -.Bd -literal -offset indent -compact -keynote@research.att.com -.Ed diff --git a/lib/libkeynote/keynote-sign.1 b/lib/libkeynote/keynote-sign.1 deleted file mode 100644 index cf9d3a0921b..00000000000 --- a/lib/libkeynote/keynote-sign.1 +++ /dev/null @@ -1,123 +0,0 @@ -.\" $OpenBSD: keynote-sign.1,v 1.5 1999/05/26 20:09:30 angelos Exp $ -.\" -.\" The author of this code is Angelos D. Keromytis (angelos@dsl.cis.upenn.edu) -.\" -.\" This code was written by Angelos D. Keromytis in Philadelphia, PA, USA, -.\" in April-May 1998 -.\" -.\" Copyright (C) 1998, 1999 by Angelos D. Keromytis. -.\" -.\" Permission to use, copy, and modify this software without fee -.\" is hereby granted, provided that this entire notice is included in -.\" all copies of any software which is or includes a copy or -.\" modification of this software. -.\" You may use this code under the GNU public license if you so wish. Please -.\" contribute changes back to the author. -.\" -.\" THIS SOFTWARE IS BEING PROVIDED "AS IS", WITHOUT ANY EXPRESS OR -.\" IMPLIED WARRANTY. IN PARTICULAR, THE AUTHORS MAKES NO -.\" REPRESENTATION OR WARRANTY OF ANY KIND CONCERNING THE -.\" MERCHANTABILITY OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR -.\" PURPOSE. -.\" -.Dd April 29, 1999 -.Dt keynote-sign 1 -.Os -.\" .TH keynote-sign 1 local -.Sh NAME -.Nm keynote-sign -.Nd command line tool for signing -.Xr KeyNote 3 -assertions -.Sh SYNOPSIS -.Nm keynote sign -.Op Fl v -.Ar AlgorithmName -.Ar AssertionFile -.Ar PrivateKeyFile -.Sh DESCRIPTION -.Nm keynote-sign -reads the assertion contained in -.Fa AssertionFile -and generates a signature specified by -.Fa AlgorithmName -using the private key stored in -.Fa PrivateKeyFile . -The private key is expected to be of the form output by -.Xr keynote-keygen 1 . -The private key algorithm and the -.Fa AlgorithmName -specified as an argument are expected to match. There is no requirement -for the internal or ASCII encodings to match. -Valid -.Fa AlgorithmName -identifiers are: -.Bl -tag -width indent -.It ``sig-dsa-sha1-hex:'' -.It ``sig-dsa-sha1-base64:'' -.It ``sig-rsa-sha1-hex:'' -.It ``sig-rsa-sha1-base64:'' -.It ``sig-rsa-md5-hex:'' -.It ``sig-rsa-md5-base64:'' -.El -.Pp -Notice that the trailing colon is required. -The resulting signature is printed in standard output. This can then -be added (via cut-and-paste or some script) at the end of the -assertion, in the -.Fa Signature -field. -.Pp -The public key corresponding to the private key in -.Fa PrivateKeyFile -is expected to already be included in the -.Fa Authorizer -field of the assertion, either directly or indirectly (i.e., through -use of a -.Fa Local-Init -attribute). Furthermore, the assertion must have a -.Fa Signature -field (even if it is empty), as the signature is computed on -everything between the -.Fa KeyNote-Version -and -.Fa Signature -keywords (inclusive), and the -.Fa AlgorithmName -string. -.Pp -If the -.Fl v -flag is provided, -.Nm keynote-sign -will also verify the newly-created signature using the -.Fa Authorizer -field key. -.Sh SEE ALSO -.Xr keynote 1 , -.Xr keynote 3 , -.Xr keynote 4 , -.Xr keynote-keygen 1 , -.Xr keynote-sigver 1 , -.Xr keynote-verify 1 -.Bl -tag -width "AAAAAAA" -.It ``The KeyNote Trust-Management System'' -M. Blaze, J. Feigenbaum, A. D. Keromytis, -Internet Drafts, draft-ietf-trustmgt-keynote-00.txt -.It ``Decentralized Trust Management'' -M. Blaze, J. Feigenbaum, J. Lacy, -1996 IEEE Conference on Privacy and Security -.It ``Compliance-Checking in the PolicyMaker Trust Management System'' -M. Blaze, J. Feigenbaum, M. Strauss, -1998 Financial Crypto Conference -.El -.Sh AUTHOR -Angelos D. Keromytis (angelos@dsl.cis.upenn.edu) -.Sh WEB PAGE -http://www.cis.upenn.edu/~keynote -.Sh BUGS -None that we know of. -If you find any, please report them at -.Bd -literal -offset indent -compact -keynote@research.att.com -.Ed diff --git a/lib/libkeynote/keynote-sigver.1 b/lib/libkeynote/keynote-sigver.1 deleted file mode 100644 index dca8192ab9d..00000000000 --- a/lib/libkeynote/keynote-sigver.1 +++ /dev/null @@ -1,67 +0,0 @@ -.\" $OpenBSD: keynote-sigver.1,v 1.4 1999/05/25 21:42:21 angelos Exp $ -.\" -.\" The author of this code is Angelos D. Keromytis (angelos@dsl.cis.upenn.edu) -.\" -.\" This code was written by Angelos D. Keromytis in Philadelphia, PA, USA, -.\" in April-May 1998 -.\" -.\" Copyright (C) 1998, 1999 by Angelos D. Keromytis. -.\" -.\" Permission to use, copy, and modify this software without fee -.\" is hereby granted, provided that this entire notice is included in -.\" all copies of any software which is or includes a copy or -.\" modification of this software. -.\" You may use this code under the GNU public license if you so wish. Please -.\" contribute changes back to the author. -.\" -.\" THIS SOFTWARE IS BEING PROVIDED "AS IS", WITHOUT ANY EXPRESS OR -.\" IMPLIED WARRANTY. IN PARTICULAR, THE AUTHORS MAKES NO -.\" REPRESENTATION OR WARRANTY OF ANY KIND CONCERNING THE -.\" MERCHANTABILITY OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR -.\" PURPOSE. -.\" -.Dd April 29, 1999 -.Dt keynote-sigver 1 -.Os -.\" .TH keynote-sigver 1 local -.Sh NAME -.Nm keynote-sigver -.Nd command line tool for verifying signed -.Xr KeyNote 3 -assertions -.Sh SYNOPSIS -.Nm keynote sigver -.Op AssertionFile -.Sh DESCRIPTION -.Nm keynote-sigver -reads the assertion contained in -.Fa AssertionFile -and verifies the public key signature on it. -.Sh SEE ALSO -.Xr keynote 1 , -.Xr keynote 3 , -.Xr keynote 4 , -.Xr keynote-keygen 1 , -.Xr keynote-sign 1 , -.Xr keynote-verify 1 -.Bl -tag -width "AAAAAAA" -.It ``The KeyNote Trust-Management System'' -M. Blaze, J. Feigenbaum, A. D. Keromytis, -Internet Drafts, draft-ietf-trustmgt-keynote-00.txt -.It ``Decentralized Trust Management'' -M. Blaze, J. Feigenbaum, J. Lacy, -1996 IEEE Conference on Privacy and Security -.It ``Compliance-Checking in the PolicyMaker Trust Management System'' -M. Blaze, J. Feigenbaum, M. Strauss, -1998 Financial Crypto Conference -.El -.Sh AUTHOR -Angelos D. Keromytis (angelos@dsl.cis.upenn.edu) -.Sh WEB PAGE -http://www.cis.upenn.edu/~keynote -.Sh BUGS -None that we know of. -If you find any, please report them at -.Bd -literal -offset indent -compact -keynote@research.att.com -.Ed diff --git a/lib/libkeynote/keynote-verify.1 b/lib/libkeynote/keynote-verify.1 deleted file mode 100644 index a122e813d35..00000000000 --- a/lib/libkeynote/keynote-verify.1 +++ /dev/null @@ -1,132 +0,0 @@ -.\" $OpenBSD: keynote-verify.1,v 1.4 1999/05/25 21:42:21 angelos Exp $ -.\" -.\" The author of this code is Angelos D. Keromytis (angelos@dsl.cis.upenn.edu) -.\" -.\" This code was written by Angelos D. Keromytis in Philadelphia, PA, USA, -.\" in April-May 1998 -.\" -.\" Copyright (C) 1998, 1999 by Angelos D. Keromytis. -.\" -.\" Permission to use, copy, and modify this software without fee -.\" is hereby granted, provided that this entire notice is included in -.\" all copies of any software which is or includes a copy or -.\" modification of this software. -.\" You may use this code under the GNU public license if you so wish. Please -.\" contribute changes back to the author. -.\" -.\" THIS SOFTWARE IS BEING PROVIDED "AS IS", WITHOUT ANY EXPRESS OR -.\" IMPLIED WARRANTY. IN PARTICULAR, THE AUTHORS MAKES NO -.\" REPRESENTATION OR WARRANTY OF ANY KIND CONCERNING THE -.\" MERCHANTABILITY OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR -.\" PURPOSE. -.\" -.Dd April 29, 1999 -.Dt keynote-verify 1 -.Os -.\" .TH keynote-verify 1 local -.Sh NAME -.Nm keynote-verify -.Nd command line tool for evaluating -.Xr KeyNote 3 -assertions -.Sh SYNOPSIS -.Nm keynote verify -.Op Fl h -.Op Fl e Ar file -.Fl l Ar file -.Fl r Ar retlist -.Op Fl k Ar file -.Op Fl l Ar file -.Op Ar file ... -.Sh DESCRIPTION -For each operand that names a -.A file , -.Nm keynote-verify -reads the file and parses the assertions contained therein (one -assertion per file). -.Pp -Files given with the -.Fl l -flag are assumed to contain trusted assertions (no signature -verification is performed, and the -.Fa Authorizer -field can contain non-key principals. -There should be at least one assertion with the -.Fa POLICY -keyword in the -.Fa Authorizer -field. -.Pp -The -.Fl r -flag is used to provide a comma-separated list of return values, in -increasing order of compliance from left to right. -.Pp -Files given with the -.Fl e -flag are assumed to contain environment variables and their values, -in the format: -.Bd -literal -offset indent - varname = \"value\" -.Ed -.Pp -.Fa varname -can begin with any letter (upper or lower case) or number, -and can contain underscores. -.Fa value -is a quoted string, and can contain any character, and escape -(backslash) processing is performed, as specified in the KeyNote -draft. -.Pp -The remaining options are: -.Bl -tag -width indent -.It Fl h -Print a usage message and exit. -.It Fl k Ar file -Add a key from -.Fa file -in the action authorizers. -.El -.Pp -Exactly one -.Fl r -and least one of each -.Fl e , -.Fl l , -and -.Fl k -flags should be given per invocation. If no flags are given, -.Nm keynote-verify -prints the usage message and exits with error code -1. -.Pp -The -.Nm keynote-verify -exits with code -1 if there was an error, and 0 on success. -.Sh SEE ALSO -.Xr keynote 1 , -.Xr keynote 3 , -.Xr keynote 4 , -.Xr keynote-keygen 1 , -.Xr keynote-sign 1 , -.Xr keynote-sigver 1 -.Bl -tag -width "AAAAAAA" -.It ``The KeyNote Trust-Management System'' -M. Blaze, J. Feigenbaum, A. D. Keromytis, -Internet Drafts, draft-ietf-trustmgt-keynote-00.txt -.It ``Decentralized Trust Management'' -M. Blaze, J. Feigenbaum, J. Lacy, -1996 IEEE Conference on Privacy and Security -.It ``Compliance-Checking in the PolicyMaker Trust Management System'' -M. Blaze, J. Feigenbaum, M. Strauss, -1998 Financial Crypto Conference -.El -.Sh AUTHOR -Angelos D. Keromytis (angelos@dsl.cis.upenn.edu) -.Sh WEB PAGE -http://www.cis.upenn.edu/~keynote -.Sh BUGS -None that we know of. -If you find any, please report them at -.Bd -literal -offset indent -compact -keynote@research.att.com -.Ed diff --git a/lib/libkeynote/keynote.1 b/lib/libkeynote/keynote.1 index 580446c3667..6f0d1d88fca 100644 --- a/lib/libkeynote/keynote.1 +++ b/lib/libkeynote/keynote.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: keynote.1,v 1.2 1999/05/25 21:42:22 angelos Exp $ +.\" $OpenBSD: keynote.1,v 1.3 1999/05/27 01:09:44 angelos Exp $ .\" .\" The author of this code is Angelos D. Keromytis (angelos@dsl.cis.upenn.edu) .\" @@ -22,7 +22,6 @@ .\" .Dd April 29, 1999 .Dt keynote 1 -.Os .\" .TH keynote 1 local .Sh NAME .Nm keynote @@ -30,26 +29,196 @@ .Xr KeyNote 3 operations .Sh SYNOPSIS -.Nm keynote -.Op sign|verify|sigver|keygen -.Op ... -.Sh DESCRIPTION -.Nm keynote -does the operation indicated by the first argument. For more details on the -specific flags for each operation, see the respective manpages ( -.Xr keynote-sign 1 , -.Xr keynote-verify 1 , -.Xr keynote-sigver 1 , +.Nm keynote keygen +.Ar AlgorithmName +.Ar KeySize +.Ar PublicKeyFile +.Ar PrivateKeyFile +.Op print-offset +.Op print-length + +.Nm keynote sign +.Op Fl v +.Ar AlgorithmName +.Ar AssertionFile +.Ar PrivateKeyFile + +.Nm keynote sigver +.Op AssertionFile + +.Nm keynote verify +.Op Fl h +.Op Fl e Ar file +.Fl l Ar file +.Fl r Ar retlist +.Op Fl k Ar file +.Op Fl l Ar file +.Op Ar file ... +.Sh KEY GENERATION +"keynote keygen" creates a public/private key of size +.Fa KeySize , +(in bits) for the algorithm specified by +.Fa AlgorithmName . +Typical keysizes are 512, 1024, or 2048 (bits). The minimum key size +for DSA keys is 512 (bits). Supported +.Fa AlgorithmName +identifiers are: +.Bl -tag -width indent +.It ``dsa-hex:'' +.It ``dsa-base64:'' +.It ``rsa-hex:'' +.It ``rsa-base64:'' +.El +.Pp +Notice that the trailing colon is required. The resulting public key is +stored in file +.Fa PublicKeyFile . +Similarly, the resulting private key is stored in file +.Fa PrivateKeyFile . +Either of the filenames can be specified to be ``-'', in which +case the corresponding key(s) will be printed in standard output. +.Pp +The optional parameters +.Fa print-offset +and +.Fa print-length +specify the offset from the begining of the line where the key +will be printed, and the number of characters of the key that will +be printed per line. +.Fa print-length +includes +.Fa AlgorithmName +for the first line and has to be longer (by at least 2) than +.Fa AlgorithmName . +.Fa print-length +also accounts for the line-continuation character (backslash) at +the end of each line, and the doublequotes at the begining and end +of the key encoding. Default values are 12 and 50 respectively. +.Pp +.Sh ASSERTION SIGNING +"keynote sign" reads the assertion contained in +.Fa AssertionFile +and generates a signature specified by +.Fa AlgorithmName +using the private key stored in +.Fa PrivateKeyFile . +The private key is expected to be of the form output by +"keynote keygen". The private key algorithm and the +.Fa AlgorithmName +specified as an argument are expected to match. There is no requirement +for the internal or ASCII encodings to match. Valid +.Fa AlgorithmName +identifiers are: +.Bl -tag -width indent +.It ``sig-dsa-sha1-hex:'' +.It ``sig-dsa-sha1-base64:'' +.It ``sig-rsa-sha1-hex:'' +.It ``sig-rsa-sha1-base64:'' +.It ``sig-rsa-md5-hex:'' +.It ``sig-rsa-md5-base64:'' +.El +.Pp +Notice that the trailing colon is required. +The resulting signature is printed in standard output. This can then +be added (via cut-and-paste or some script) at the end of the +assertion, in the +.Fa Signature +field. +.Pp +The public key corresponding to the private key in +.Fa PrivateKeyFile +is expected to already be included in the +.Fa Authorizer +field of the assertion, either directly or indirectly (i.e., through +use of a +.Fa Local-Constants +attribute). Furthermore, the assertion must have a +.Fa Signature +field (even if it is empty), as the signature is computed on +everything between the +.Fa KeyNote-Version +and +.Fa Signature +keywords (inclusive), and the +.Fa AlgorithmName +string. +.Pp +If the +.Fl v +flag is provided, "keynote sign" will also verify the newly-created +signature using the +.Fa Authorizer +field key. +.Pp +.Sh SIGNATURE VERIFICATION +"keynote sigver" reads the assertion contained in +.Fa AssertionFile +and verifies the public-key signature on it. +.Pp +.Sh QUERY TOOL +For each operand that names a +.A file , +"keynote verify" reads the file and parses the assertions contained +therein (one assertion per file). +.Pp +Files given with the +.Fl l +flag are assumed to contain trusted assertions (no signature +verification is performed, and the +.Fa Authorizer +field can contain non-key principals. +There should be at least one assertion with the +.Fa POLICY +keyword in the +.Fa Authorizer +field. +.Pp +The +.Fl r +flag is used to provide a comma-separated list of return values, in +increasing order of compliance from left to right. +.Pp +Files given with the +.Fl e +flag are assumed to contain environment variables and their values, +in the format: +.Bd -literal -offset indent + varname = "value" +.Ed +.Pp +.Fa varname +can begin with any letter (upper or lower case) or number, +and can contain underscores. +.Fa value +is a quoted string, and can contain any character, and escape +(backslash) processing is performed, as specified in the KeyNote +draft. +.Pp +The remaining options are: +.Bl -tag -width indent +.It Fl h +Print a usage message and exit. +.It Fl k Ar file +Add a key from +.Fa file +in the action authorizers. +.El +.Pp +Exactly one +.Fl r +and least one of each +.Fl e , +.Fl l , and -.Xr keynote-keygen 1 -respectively). +.Fl k +flags should be given per invocation. If no flags are given, +"keynote verify" prints the usage message and exits with error code -1. +.Pp +"keynote verify" exits with code -1 if there was an error, and 0 on success. +.Pp .Sh SEE ALSO .Xr keynote 3 , -.Xr keynote 4 , -.Xr keynote-keygen 1 , -.Xr keynote-sign 1 , -.Xr keynote-sigver 1 , -.Xr keynote-verify 1 +.Xr keynote 4 .Bl -tag -width "AAAAAAA" .It ``The KeyNote Trust-Management System'' M. Blaze, J. Feigenbaum, A. D. Keromytis, diff --git a/lib/libkeynote/keynote.3 b/lib/libkeynote/keynote.3 index 74f3c027cb3..972106df099 100644 --- a/lib/libkeynote/keynote.3 +++ b/lib/libkeynote/keynote.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: keynote.3,v 1.4 1999/05/26 20:09:30 angelos Exp $ +.\" $OpenBSD: keynote.3,v 1.5 1999/05/27 01:09:44 angelos Exp $ .\" .\" The author of this code is Angelos D. Keromytis (angelos@dsl.cis.upenn.edu) .\" @@ -745,11 +745,7 @@ algorithm was not supported. .Fd libkeynote.a .Sh SEE ALSO .Xr keynote 1 , -.Xr keynote 4 , -.Xr keynote-keygen 1 , -.Xr keynote-sign 1 , -.Xr keynote-sigver 1 , -.Xr keynote-verify 1 +.Xr keynote 4 .Bl -tag -width "AAAAAAA" .It ``The KeyNote Trust-Management System'' M. Blaze, J. Feigenbaum, A. D. Keromytis, diff --git a/lib/libkeynote/keynote.4 b/lib/libkeynote/keynote.4 index b7d598cfb27..15c74328d96 100644 --- a/lib/libkeynote/keynote.4 +++ b/lib/libkeynote/keynote.4 @@ -1,4 +1,4 @@ -.\" $OpenBSD: keynote.4,v 1.4 1999/05/26 20:09:30 angelos Exp $ +.\" $OpenBSD: keynote.4,v 1.5 1999/05/27 01:09:44 angelos Exp $ .\" .\" The author of this code is Angelos D. Keromytis (angelos@dsl.cis.upenn.edu) .\" @@ -232,11 +232,7 @@ actions. .Fd libkeynote.a .Sh SEE ALSO .Xr keynote 1 , -.Xr keynote 3 , -.Xr keynote-keygen 1 , -.Xr keynote-sign 1 , -.Xr keynote-sigver 1 , -.Xr keynote-verify 1 +.Xr keynote 3 .Bl -tag -width "AAAAAAA" .It ``The KeyNote Trust-Management System'' M. Blaze, J. Feigenbaum, A. D. Keromytis, |