Manual Page Result
0
Command: sign | Section: 1 | Source: UNIX v10 | File: sign.1
SIGN(1) General Commands Manual SIGN(1)
NAME
sign, verify, enroll, resign - document certification
SYNOPSIS
sign [ -n name ] [ file ]
verify [ -s ] [ file ]
enroll
resign
DESCRIPTION
These routines provide a document-certification service.
Sign reads a document from the file or from the standard input, demands
a signing password for the current login id, and places on standard
output a signed and dated copy of the document, with a cryptographic
certificate attached. The resulting document can be embedded in a
larger one. The option is
-n name
Set the signing name; its password will be demanded.
Verify scans the file or the standard input for a certified document.
If the document and date are as they were when certified, except possi-
bly indented, the verified document is placed on the standard output
with a statement of verification attached. The option is
-s Do not print the document; place only a statement of verifica-
tion on the standard output.
The signer of a document must be registered with the certification ser-
vice; the recipient need not be. Two commands handle registration:
Enroll demands a signing password and registers it for the current lo-
gin id. It is unwise to use your login password.
Resign demands the signing password and, if it is correct, terminates
the registration for the current login id.
A signed document and its date are tamperproof and thus are good for
ordinary business purposes. The mere appearance of a certificate, how-
ever, is not proof of authenticity. That can be determined only by
verify. The output of verify lacks a certificate; its authenticity
cannot be attested at a later date.
There is no notion of an `original' signed document; all copies are
equally good and may be reverified at will.
Signers must trust sign and recipients must trust verify not to have
been tampered with on their respective machines. Both parties must
trust the verification service, which is on a separate secure machine,
and the communication channels to it.
EXAMPLES
sign <doc.raw >doc.cert
verify <doc.suspect >doc.checked
sign <letter | mail whomever
The recipient can verify the letter from within mail(1) by using
mail's pipe command:
SEE ALSO
notary(8)
DIAGNOSTICS
Verify yields exit status 0 only on successful verification.
`Bogus' - the document has been tampered with, or the original password
is no longer registered.
BUGS
Only one user with a given login name may be registered; thus the cer-
tification service cannot be extended too far.
To minimize dependence on the certification service, no password check
is made at signing. A mistyped password will not show up until verifi-
cation.
SIGN(1)