1 files changed, 138 insertions, 0 deletions
diff --git a/lib/libkeynote/man/keynote-verify.1 b/lib/libkeynote/man/keynote-verify.1
new file mode 100644
index 00000000000..2e390500fba
--- /dev/null
+++ b/lib/libkeynote/man/keynote-verify.1
@@ -0,0 +1,138 @@
+.\" $OpenBSD: keynote-verify.1,v 1.1 1999/05/23 22:11:07 angelos Exp $
+.\"
+.\" The author of this code is Angelos D. Keromytis (angelos@dsl.cis.upenn.edu)
+.\"
+.\" This code was written by Angelos D. Keromytis in Philadelphia, PA, USA,
+.\" in April-May 1998
+.\"
+.\" Copyright (C) 1998, 1999 by Angelos D. Keromytis.
+.\"      
+.\" Permission to use, copy, and modify this software without fee
+.\" is hereby granted, provided that this entire notice is included in
+.\" all copies of any software which is or includes a copy or
+.\" modification of this software. 
+.\" You may use this code under the GNU public license if you so wish. Please
+.\" contribute changes back to the author.
+.\"
+.\" THIS SOFTWARE IS BEING PROVIDED "AS IS", WITHOUT ANY EXPRESS OR
+.\" IMPLIED WARRANTY. IN PARTICULAR, THE AUTHORS MAKES NO
+.\" REPRESENTATION OR WARRANTY OF ANY KIND CONCERNING THE
+.\" MERCHANTABILITY OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR
+.\" PURPOSE.
+.\"
+.Dd April 29, 1999
+.Dt keynote-verify 1
+.Os
+.\" .TH keynote-verify 1 local
+.Sh NAME
+.Nm keynote-verify
+.Nd command line tool for evaluating
+.Xr KeyNote 3
+assertions
+.Sh SYNOPSIS
+.Nm keynote-verify
+.Op Fl h
+.Op Fl e Ar file
+.Fl l Ar file
+.Fl r Ar retlist
+.Op Fl k Ar file
+.Op Fl l Ar file
+.Op Ar file ...
+.Sh DESCRIPTION
+For details on
+.Nm KeyNote ,
+see the web page 
+.Bd -literal -offset indent
+ http://www.cis.upenn.edu/~keynote
+.Ed
+.Pp
+For each operand that names a
+.A file ,
+.Nm keynote-verify
+reads the file and parses the assertions contained therein (one
+assertion per file).
+.Pp
+Files given with the
+.Fl l
+flag are assumed to contain trusted assertions (no signature
+verification is performed, and the
+.Fa Authorizer
+field can contain non-key principals.
+There should be at least one assertion with the
+.Fa POLICY
+keyword in the
+.Fa Authorizer
+field.
+.Pp
+The
+.Fl r
+flag is used to provide a comma-separated list of return values, in
+increasing order of compliance from left to right.
+.Pp
+Files given with the
+.Fl e
+flag are assumed to contain environment variables and their values,
+in the format:
+.Bd -literal -offset indent
+ varname = \"value\"
+.Ed
+.Pp
+.Fa varname
+can begin with any letter (upper or lower case) or number,
+and can contain underscores.
+.Fa value
+is a quoted string, and can contain any character, and escape
+(backslash) processing is performed, as specified in the KeyNote
+draft. 
+.Pp
+The remaining options are:
+.Bl -tag -width indent
+.It Fl h
+Print a usage message and exit.
+.It Fl k Ar file
+Add a key from
+.Fa file
+in the action authorizers.
+.El
+.Pp
+Exactly one
+.Fl r
+and least one of each
+.Fl e ,
+.Fl l ,
+and
+.Fl k
+flags should be given per invocation. If no flags are given,
+.Nm keynote-verify
+prints the usage message and exits with error code -1.
+.Pp
+The
+.Nm keynote-verify
+exits with code -1 if there was an error, and 0 on success.
+.Sh SEE ALSO
+.Xr keynote 3 ,
+.Xr keynote 4 ,
+.Xr keynote-keygen 1 ,
+.Xr keynote-sign 1 ,
+.Xr keynote-sigver 1
+.Bl -tag -width "AAAAAAA"
+.It ``The KeyNote Trust-Management System'' 
+M. Blaze, J. Feigenbaum, A. D. Keromytis,
+Internet Drafts, draft-ietf-trustmgt-keynote-00.txt
+.It ``Decentralized Trust Management'' 
+M. Blaze, J. Feigenbaum, J. Lacy,
+1996 IEEE Conference on Privacy and Security
+.It ``Compliance-Checking in the PolicyMaker Trust Management System''
+M. Blaze, J. Feigenbaum, M. Strauss,
+1998 Financial Crypto Conference
+.El
+.Sh AUTHOR
+Angelos D. Keromytis (angelos@dsl.cis.upenn.edu)
+.Sh WEB PAGE
+http://www.cis.upenn.edu/~keynote
+.Sh BUGS
+None that we know of.
+If you find any, please report them at
+.Bd -literal -offset indent -compact
+keynote@research.att.com
+.Ed