msva-query-agent - query a Monkeysphere Validation Agent
Contents
Abstract
msva-query-agent validates certificates for a given use by querying a running Monkeysphere Validation
Agent.
Bugs And Feedback
Bugs or feature requests for msva-perl and associated tools should be filed with the Monkeysphere
project's bug tracker at https://labs.riseup.net/code/projects/monkeysphere/issues/
Communication Protocol Details
Communications with the Monkeysphere Validation Agent are in the form of JSON requests over plain HTTP.
Responses from the agent are also JSON objects. For details on the structure of the requests and
responses, please see http://web.monkeysphere.info/validation-agent/protocolCopyright And License
Copyright X 2010, Jameson Graef Rollins and others from the Monkeysphere team. msva-query-agent is free
software, distributed under the GNU Public License, version 3 or later.
perl v5.32.0 2021-01-04 MSVA-QUERY-AGENT(1)
Environment Variables
msva-query-agent's behavior is controlled by environment variables:
MONKEYSPHERE_VALIDATION_AGENT_SOCKET
Socket over which to query the validation agent. If unset, the default value is
'http://127.0.0.1:8901'.
MSVA_LOG_LEVEL
Log messages about its operation to stderr. MSVA_LOG_LEVEL controls its verbosity, and should be one
of (in increasing verbosity): silent, quiet, fatal, error, info, verbose, debug, debug1, debug2,
debug3. Default is 'error'.
Name
msva-query-agent - query a Monkeysphere Validation Agent
Return Code
If the certificate is valid for the requested peer in the given context, the return code is 0.
Otherwise, the return code is 1.
See Also
msva-perl(1), monkeysphere(1), monkeysphere(7)
Synopsis
msva-query-agent CONTEXT PEER PKC_TYPE [PEER_TYPE] < /path/to/public_key_carrier
msva-query-agent CONTEXT PEER PKC_TYPE PEER_TYPE PKC_DATA
msva-query-agent --version
Usage
msva-query-agent reads a certificate from standard input, and posts it to the running Monkeysphere
Validation Agent. The return code indicates the validity (as determined by the agent) of the certificate
for the specified purpose. The agent's return message (if any) is emitted on stdout.
The various arguments are:
CONTEXT
Context in which the certificate is being validated (e.g. 'https', 'ssh', 'ike')
PEER
The name of the intended peer. When validating a certificate for a service, supply the host's full
DNS name (e.g. 'foo.example.net')
PKC_TYPE
The format of public key carrier data provided on standard input (e.g. 'x509der', 'x509pem',
'opensshpubkey', 'rfc4716', 'openpgp4fpr')
PEER_TYPE
The type of peer we are inquiring about (e.g. 'client', 'server', 'peer'). This argument is optional
and defaults will be used (based on CONTEXT) if it is not supplied.
PKC_DATA
This is the actual public key carrier data itself. If less than five arguments are given, then the
PKC_DATA is expected on stdin. If five arguments are given, the fifth argument is interpreted as the
PKC_DATA. This is likely only useful for supplying an OpenPGP fingerprint with the 'openpgp4fpr'
type.
