MirBSD manpage: gzsig(1)

GZSIG(1)                     BSD Reference Manual                     GZSIG(1)


     gzsig - gzip signing utility


     gzsig sign [-qv] [-f secret_file] privkey [file ...]

     gzsig verify [-qv] pubkey [file ...]


     gzsig embeds or verifies RSA PKCS #1 v2.0 or DSA SHA1 signatures in
     gzip(1) compressed files using SSH identity keys, RSA public keys, or
     X509 certificates.

     The file operands are processed in command-line order. If file is a sin-
     gle dash ('-') or absent, gzsig reads from the standard input.

     The options are as follows:

     sign    Sign the input using the private key in privkey.

     verify  Verify the signature using the public key in pubkey.

     -q      Enable quiet mode.

     -v      Disable quiet mode.

     -f secret_file
             Indicates that the passphrase for the key should be read from
             secret_file instead of being supplied manually.

     The gzsig utility exits 0 on success or >0 if an error occured.


     Sign file1 and file2 with the SSH2 identity key in ~/.ssh/id_rsa:

           $ gzsig sign ~/.ssh/id_rsa file1 file2

     Sign file1 with the SSH2 identity key, saving the signed file in file2:

           $ gzsig sign ~/.ssh/id_rsa < file1 > file2

     Verify the signature on file1 using the SSL certificate in

           $ gzsig verify /etc/ssl/server.crt < file1


     gzip(1), ssh-keygen(1), ssl(8)


     Dug Song <dugsong@arbor.net>

     SSH2 support by Marius Eriksen <marius@openbsd.org>

     RSA public key (in the format generated by ssh-keygen -E) by Thorsten
     Glaser <tg@mirbsd.de>.


     gzsig version 1 only supports SHA-1 hashes. The extension field format
     consists of a magic, "GS", a version identifier (1), and the hash. A pro-
     posed version 2 would write out both the version 1 field and a version 2
     field supporting multiple hashes at the same time, all of which are
     checked, together with some kind of algorithm ID. This would be used to
     prevent attacks against a single algorithm or family of hash algorithms.
     Ideally, you'd combine the version 1 SHA-1 or a version 2 RIPEMD-160 with
     a version 2 TIGER or WHIRLPOOL and a version 2 CRC (cksum, sum, sysvsum,
     suma, sfv).

                                 July 6, 2001                                1

Generated on 2021-12-07 11:07:08 by $MirOS: src/scripts/roff2htm,v 1.103 2021/01/23 20:24:35 tg Exp $ — This product includes material provided by mirabilos.

These manual pages and other documentation are copyrighted by their respective writers; their sources are available at the project’s CVSweb, AnonCVS and other mirrors. The rest is Copyright © 2002–2021 MirBSD.

This manual page’s HTML representation is supposed to be valid XHTML/1.1; if not, please send a bug report — diffs preferred.