.\" $OpenBSD: keynote-sign.1,v 1.1 1999/05/23 22:32:07 angelos Exp $
.\"
.\" The author of this code is Angelos D. Keromytis (angelos@dsl.cis.upenn.edu)
.\"
.\" This code was written by Angelos D. Keromytis in Philadelphia, PA, USA,
.\" in April-May 1998
.\"
.\" Copyright (C) 1998, 1999 by Angelos D. Keromytis.
.\"      
.\" Permission to use, copy, and modify this software without fee
.\" is hereby granted, provided that this entire notice is included in
.\" all copies of any software which is or includes a copy or
.\" modification of this software. 
.\" You may use this code under the GNU public license if you so wish. Please
.\" contribute changes back to the author.
.\"
.\" THIS SOFTWARE IS BEING PROVIDED "AS IS", WITHOUT ANY EXPRESS OR
.\" IMPLIED WARRANTY. IN PARTICULAR, THE AUTHORS MAKES NO
.\" REPRESENTATION OR WARRANTY OF ANY KIND CONCERNING THE
.\" MERCHANTABILITY OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR
.\" PURPOSE.
.\"
.Dd April 29, 1999
.Dt keynote-sign 1
.Os
.\" .TH keynote-sign 1 local
.Sh NAME
.Nm keynote-sign
.Nd command line tool for signing
.Xr KeyNote 3
assertions
.Sh SYNOPSIS
.Nm keynote-sign
.Op Fl v
.Ar AlgorithmName
.Ar AssertionFile
.Ar PrivateKeyFile
.Sh DESCRIPTION
For details on
.Nm KeyNote ,
see the web page 
.Bd -literal -offset indent
 http://www.cis.upenn.edu/~keynote
.Ed
.Pp
.Nm keynote-sign
reads the assertion contained in
.Fa AssertionFile
and generates a signature specified by
.Fa AlgorithmName
using the private key stored in
.Fa PrivateKeyFile .
The private key is expected to be of the form output by
.Xr keynote-keygen 1 .
The private key algorithm and the
.Fa AlgorithmName
specified as an argument are expected to match. There is no requirement
for the internal or ASCII encodings to match.
Valid
.Fa AlgorithmName
identifiers are:
.Bl -tag -width indent
.It ``sig-dsa-sha1-hex:''
.It ``sig-dsa-sha1-base64:''
.It ``sig-rsa-sha1-hex:''
.It ``sig-rsa-sha1-base64:''
.It ``sig-rsa-md5-hex:''
.It ``sig-rsa-md5-base64:''
.El
.Pp
Notice that the trailing colon is required.
The resulting signature is printed in standard output. This can then
be added (via cut-and-paste or some script) at the end of the
assertion, in the
.Fa Signature
field.
.Pp
The public key corresponding to the private key in
.Fa PrivateKeyFile
is expected to already be included in the
.Fa Authorizer
field of the assertion, either directly or indirectly (i.e., through
use of a
.Fa Local-Init
attribute). Furthermore, the assertion must have a
.Fa Signature
field (even if it is empty), as the signature is computed on
everything between the
.Fa KeyNote-Version
and
.Fa Signature
keywords (inclusive), and the
.Fa AlgorithmName
string.
.Pp
If the
.Op Fl v
flag is provided,
.Nm keynote-sign
will also verify the newly-created signature using the
.Fa Authorizer
field key.
.Sh SEE ALSO
.Xr keynote 3 ,
.Xr keynote 4 ,
.Xr keynote-keygen 1 ,
.Xr keynote-sigver 1 ,
.Xr keynote-verify 1
.Bl -tag -width "AAAAAAA"
.It ``The KeyNote Trust-Management System'' 
M. Blaze, J. Feigenbaum, A. D. Keromytis,
Internet Drafts, draft-ietf-trustmgt-keynote-00.txt
.It ``Decentralized Trust Management'' 
M. Blaze, J. Feigenbaum, J. Lacy,
1996 IEEE Conference on Privacy and Security
.It ``Compliance-Checking in the PolicyMaker Trust Management System''
M. Blaze, J. Feigenbaum, M. Strauss,
1998 Financial Crypto Conference
.El
.Sh AUTHOR
Angelos D. Keromytis (angelos@dsl.cis.upenn.edu)
.Sh WEB PAGE
http://www.cis.upenn.edu/~keynote
.Sh BUGS
None that we know of.
If you find any, please report them at
.Bd -literal -offset indent -compact
keynote@research.att.com
.Ed