pgpverify(8)                                                      pgpverify(8)


       pgpverify - cryptographically verify Usenet control messages


       pgpverify [ -test ]


       The  pgpverify  program reads (on standard input) a Usenet control mes-
       sage that has been cryptographically signed using the signcontrol  pro-
       gram.   pgpverify then uses the pgp program to determine who signed the
       control message.  If the control message was validly signed,  pgpverify
       outputs  (to stdout) the User ID of the key ID that signed the message.


       The ‘‘-test’’ flag causes pgpverify to print out the input it is  pass-
       ing  to pgp (which is a reconstructed version of the input that suppos-
       edly created the control message) as well as the output of pgp’s analy-
       sis of the message.


       pgpverify returns the follow exit statuses for the following cases:

       0      The control message had a good PGP signature.

       1      The control message had no PGP signature.

       2      The control message had an unknown PGP signature.

       3      The control message had a bad PGP signature.

       255    A  problem occurred not directly related to PGP analysis of sig-


       David C Lawrence <>


       pgpverify does not modify or otherwise  alter  the  environment  before
       invoking  the  pgp program.  It is the responsibility of the person who
       installs pgpverify to ensure that when pgp runs, it has the ability  to
       locate  and  read  a PGP key file that contains the PGP public keys for
       the appropriate Usenet hierarchy administrators.




       Historically, Usenet news server administrators have  configured  their
       news  servers  to  automatically honor Usenet control messages based on
       the originator of the control messages and the  hierarchies  for  which
       the  control  messages  applied.   For  example,  in  the past, David C
       Lawrence <> always issued  control  messages  for  the
       "Big  8"  hierarchies  (comp,  humanities,  misc,  news, rec, sci, soc,
       talk).  Usenet news administrators would configure  their  news  server
       software  to  automatically honor newgroup and rmgroup control messages
       that originated from David Lawrence and applied to any  of  the  Big  8

       Unfortunately,  Usenet  news  articles (including control messages) are
       notoriously easy to forge.  Soon, malicious users realized  they  could
       create or remove (at least temporarily) any Big 8 newsgroup they wanted
       by simply forging an appropriate control message  in  David  Lawrence’s
       name.  As Usenet became more widely used, forgeries became more common.

       The pgpverify program was designed to allow Usenet news  administrators
       to configure their servers to cryptographically verify control messages
       before automatically acting on them.  Under  the  pgpverify  system,  a
       Usenet  hierarchy  maintainer creates a PGP public/private key pair and
       disseminates the public key.  Whenever the hierarchy maintainer  issues
       a  control message, he uses the signcontrol program to sign the control
       message with the PGP private key.  Usenet news administrators configure
       their news servers to run the pgpverify program on the appropriate con-
       trol messages, and take action based on the PGP key User ID that signed
       the  control  message, not the name and address that appear in the con-
       trol message’s From or Sender headers.

       Thus, using the signcontrol and pgpverify programs appropriately essen-
       tially  eliminates  the  possibility  of malicious users forging Usenet
       control messages that sites will act upon, as such users would have  to
       obtain  the  PGP  private  key in order to forge a control message that
       would pass the  cryptographic  verification  step.   If  the  hierarchy
       administrators  properly protect their PGP private keys, the only way a
       malicious user could forge a validly-signed control message would be by
       breaking the RSA encryption algorithm, which (at least at this time) is
       believed to be an NP-complete problem.  If this  is  indeed  the  case,
       discovering the PGP private key based on the PGP public key is computa-
       tionally impossible for PGP keys of a sufficient bit length.

       <URL:> is where the most  recent  ver-
       sions  of  signcontrol  and  pgpverify live, along with PGP public keys
       used for hierarchy administration.


Man(1) output converted with man2html