Интерактивная система просмотра системных руководств (man-ов)
pgpverify (8)
>> pgpverify (8) ( Разные man: Команды системного администрирования )
NAME
pgpverify - cryptographically verify Usenet control messages
SYNOPSIS
pgpverify
[
-test
]
DESCRIPTION
The
pgpverify
program reads (on standard input) a Usenet control message that has
been cryptographically signed using the
signcontrol
program.
pgpverify
then uses the
pgp
program to determine who signed the control message. If the control
message was validly signed,
pgpverify
outputs (to stdout) the User ID of the key ID that signed the message.
OPTIONS
The ``-test'' flag causes
pgpverify
to
print out the input it is passing to pgp (which is a reconstructed
version of the input that supposedly created the control message) as
well as the output of pgp's analysis of the message.
EXIT STATUS
pgpverify
returns the follow exit statuses for the following cases:
0
The control message had a good PGP signature.
1
The control message had no PGP signature.
2
The control message had an unknown PGP signature.
3
The control message had a bad PGP signature.
255
A problem occurred not directly related to PGP analysis of signature.
pgpverify
does not modify or otherwise alter the environment before invoking the
pgp
program. It is the responsibility of the person who installs
pgpverify
to ensure that when
pgp
runs, it has the ability to locate and read a PGP key file that
contains the PGP public keys for the appropriate Usenet hierarchy
administrators.
Historically, Usenet news server administrators have configured their
news servers to automatically honor Usenet control messages based on
the originator of the control messages and the hierarchies for which
the control messages applied. For example, in the past, David C
Lawrence <[email protected]> always issued control messages for the
"Big 8" hierarchies (comp, humanities, misc, news, rec, sci, soc,
talk). Usenet news administrators would configure their news server
software to automatically honor newgroup and rmgroup control messages
that originated from David Lawrence and applied to any of the Big 8
hierarchies.
Unfortunately, Usenet news articles (including control messages) are
notoriously easy to forge. Soon, malicious users realized they could
create or remove (at least temporarily) any Big 8 newsgroup they
wanted by simply forging an appropriate control message in David
Lawrence's name. As Usenet became more widely used, forgeries became
more common.
The
pgpverify
program was designed to allow Usenet news administrators to configure
their servers to cryptographically verify control messages before
automatically acting on them. Under the pgpverify system, a Usenet
hierarchy maintainer creates a PGP public/private key pair and
disseminates the public key. Whenever the hierarchy maintainer issues
a control message, he uses the
signcontrol
program to sign the control message with the PGP private key. Usenet
news administrators configure their news servers to run the
pgpverify
program on the appropriate control messages, and take action based on
the PGP key User ID that signed the control message, not the name and
address that appear in the control message's From or Sender headers.
Thus, using the
signcontrol
and
pgpverify programs
appropriately essentially eliminates the possibility of malicious
users forging Usenet control messages that sites will act upon, as
such users would have to obtain the PGP private key in order to forge
a control message that would pass the cryptographic verification step.
If the hierarchy administrators properly protect their PGP private
keys, the only way a malicious user could forge a validly-signed
control message would be by breaking the RSA encryption algorithm,
which (at least at this time) is believed to be an NP-complete
problem. If this is indeed the case, discovering the PGP private key
based on the PGP public key is computationally impossible for PGP keys
of a sufficient bit length.
<URL:ftp://ftp.isc.org/pub/pgpcontrol/> is where the most recent
versions of
signcontrol
and
pgpverify
live, along with PGP public keys used for hierarchy administration.
