1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
|
.\" $OpenBSD: keynote-verify.1,v 1.3 1999/05/24 01:53:58 angelos Exp $
.\"
.\" The author of this code is Angelos D. Keromytis (angelos@dsl.cis.upenn.edu)
.\"
.\" This code was written by Angelos D. Keromytis in Philadelphia, PA, USA,
.\" in April-May 1998
.\"
.\" Copyright (C) 1998, 1999 by Angelos D. Keromytis.
.\"
.\" Permission to use, copy, and modify this software without fee
.\" is hereby granted, provided that this entire notice is included in
.\" all copies of any software which is or includes a copy or
.\" modification of this software.
.\" You may use this code under the GNU public license if you so wish. Please
.\" contribute changes back to the author.
.\"
.\" THIS SOFTWARE IS BEING PROVIDED "AS IS", WITHOUT ANY EXPRESS OR
.\" IMPLIED WARRANTY. IN PARTICULAR, THE AUTHORS MAKES NO
.\" REPRESENTATION OR WARRANTY OF ANY KIND CONCERNING THE
.\" MERCHANTABILITY OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR
.\" PURPOSE.
.\"
.Dd April 29, 1999
.Dt keynote-verify 1
.Os
.\" .TH keynote-verify 1 local
.Sh NAME
.Nm keynote-verify
.Nd command line tool for evaluating
.Xr KeyNote 3
assertions
.Sh SYNOPSIS
.Nm keynote verify
.Op Fl h
.Op Fl e Ar file
.Fl l Ar file
.Fl r Ar retlist
.Op Fl k Ar file
.Op Fl l Ar file
.Op Ar file ...
.Sh DESCRIPTION
For details on
.Nm KeyNote ,
see the web page
.Bd -literal -offset indent
http://www.cis.upenn.edu/~keynote
.Ed
.Pp
For each operand that names a
.A file ,
.Nm keynote-verify
reads the file and parses the assertions contained therein (one
assertion per file).
.Pp
Files given with the
.Fl l
flag are assumed to contain trusted assertions (no signature
verification is performed, and the
.Fa Authorizer
field can contain non-key principals.
There should be at least one assertion with the
.Fa POLICY
keyword in the
.Fa Authorizer
field.
.Pp
The
.Fl r
flag is used to provide a comma-separated list of return values, in
increasing order of compliance from left to right.
.Pp
Files given with the
.Fl e
flag are assumed to contain environment variables and their values,
in the format:
.Bd -literal -offset indent
varname = \"value\"
.Ed
.Pp
.Fa varname
can begin with any letter (upper or lower case) or number,
and can contain underscores.
.Fa value
is a quoted string, and can contain any character, and escape
(backslash) processing is performed, as specified in the KeyNote
draft.
.Pp
The remaining options are:
.Bl -tag -width indent
.It Fl h
Print a usage message and exit.
.It Fl k Ar file
Add a key from
.Fa file
in the action authorizers.
.El
.Pp
Exactly one
.Fl r
and least one of each
.Fl e ,
.Fl l ,
and
.Fl k
flags should be given per invocation. If no flags are given,
.Nm keynote-verify
prints the usage message and exits with error code -1.
.Pp
The
.Nm keynote-verify
exits with code -1 if there was an error, and 0 on success.
.Sh SEE ALSO
.Xr keynote 1 ,
.Xr keynote 3 ,
.Xr keynote 4 ,
.Xr keynote-keygen 1 ,
.Xr keynote-sign 1 ,
.Xr keynote-sigver 1
.Bl -tag -width "AAAAAAA"
.It ``The KeyNote Trust-Management System''
M. Blaze, J. Feigenbaum, A. D. Keromytis,
Internet Drafts, draft-ietf-trustmgt-keynote-00.txt
.It ``Decentralized Trust Management''
M. Blaze, J. Feigenbaum, J. Lacy,
1996 IEEE Conference on Privacy and Security
.It ``Compliance-Checking in the PolicyMaker Trust Management System''
M. Blaze, J. Feigenbaum, M. Strauss,
1998 Financial Crypto Conference
.El
.Sh AUTHOR
Angelos D. Keromytis (angelos@dsl.cis.upenn.edu)
.Sh WEB PAGE
http://www.cis.upenn.edu/~keynote
.Sh BUGS
None that we know of.
If you find any, please report them at
.Bd -literal -offset indent -compact
keynote@research.att.com
.Ed
|
