| NETPGPVERIFY(1) | General Commands Manual | NETPGPVERIFY(1) | 
netpgpverify —
| netpgpverify | [ -v] [-Sssh-pub-key-file] [-ccommand] [-kkeyring] file ... | 
netpgpverify implements digital signature
  verification. It is designed to be simple and standalone; no external
  libraries, except for libz and
  libbz2 are used, in order to
  ensure maximum portability.
It is completely rewritten from the version of the program that appeared in NetBSD 6.0 as part of the netpgp(1) suite of commands.
The netpgpverify utility requires a file
    containing public keys, commonly called a “keyring”.
    Digitally-signed information can be fed to
    netpgpverify in two ways: as standard input, or as
    files provided on the command line. The public key part of the key which was
    used to sign the file must be present, or the signature verification will
    fail. Files may be signed in two distinct ways: as text documents, and as
    binary files. Text documents modify the contents to add different
    line-ending characters, and behave differently at the final byte of the
    input document. Binary files are read verbatim, and are not modified in any
    way.
The -k command line argument allows a
    keyring to be specified.
The -v command line argument prints the
    version of the netpgpverify command and then
  exits.
The -c argument allows a
    “command” to be given, modifying the behaviour of the
    netpgpverify command. This command can take one of
    three values: “verify” which is also the default, which
    verifies the signature on the data; “cat” will also verify the
    signature on the data, and, if successfully verified, will display the
    verified data on stdout; and “dump”
    which will dump the individual PGP packets to standard out, along with a
    hexadecimal dump of the first part of the contents of each packet. Please
    note that the packets from the public key ring will also be dumped using
    this command. The key ring packets will be displayed immediately before the
    packets in the file being verified.
The -S argument allows an ssh public key
    file to be used as the source of truth for the key. This ssh-key-based
    signature can be created using the
    netpgp(1) utility.
If a detached signature “.sig” is given on the command line, the signing information will be retrieved from that file, and the original data is expected to be found in a file in the same directory with the same name with the “.sig” suffix removed.
Both text mode signatures, and binary signatures, can be verified
    by netpgpverify
% netpgpverify -k pubring.gpg NetBSD-6.0_RC1_hashes.asc Good signature for NetBSD-6.0_RC1_hashes.asc made Thu Aug 23 11:47:50 2012 signature 4096/RSA (Encrypt or Sign) 064973ac4c4a706e 2009-06-23 fingerprint ddee 2bdb 9c98 a0d1 d4fb dbf7 0649 73ac 4c4a 706e uid NetBSD Security Officer <security-officer@NetBSD.org> %
netpgpverify utility will return 0 for a successful
  verification, 1 if the file's signature does not match what was expected, or 2
  if any other error occurs.
netpgpverify command first appeared in
  NetBSD 7.0.
| April 3, 2018 | NetBSD 9.1 |