logo
Free, unlimited AI code reviews that run on commit
git-lrc git-lrc GitHub Install Now We'd appreciate a star git-lrc - Free, unlimited AI code reviews that run on commit | Product Hunt git-lrc - Free, unlimited AI code reviews that run on commit | Product Hunt

sopv-verify - Verify detached OpenPGP signatures on a message

Contents

Arguments

sopvverify looks for OpenPGP signatures in the SIGNATURES argument, either as a series  of  raw  OpenPGP
       signature  packets,  or as an ASCII-armored series of OpenPGP signature packets. For the signatures to be
       verified, they must be made by one of the supplied CERTS over the message provided on standard input.

       Any Invalid or broken signature will be ignored, as will any signature made by an unknown signer.

       One or more CERTS arguments should point to OpenPGP certificates that would be acceptable signers.

Author

       This  manual  page  was  written by Daniel Kahn Gillmor. Your implementation of sopv is likely written by
       someone else in alignment with the SOP specification. Please run sopvversion to learn  more  about  your
       implementation.

Description

sopvverify  returns  0  if any valid OpenPGP detached signature is made over the data on standard input
       from one of the specified OpenPGP certificates. If no valid  OpenPGP  signature  is  found,  sopvverify
       returns non-zero.

       It emits a stream of VERIFICATIONS (see VERIFICATIONS in sopv(1)) to standard output.

Examples

       if sopv verify message.sig signer.cert < message > /dev/null; then
           echo "message is signed"
       else
           echo "no valid signature found"
       fi

       To implement a no-rollbacks mechanism (e.g. for software upgrades):

           LASTSIGDATE=$(cat lastsigdate || echo '1970-01-01T00:00:00Z')
           rm -f verifs.out
           if sopv verify --not-before=$LASTSIGDATE $SIG author.cert < $PKG > verifs.out; then
              # do something with the now-verified "$PKG":
              #  ...
              # prevent rollback to prior version:
              cut -f1 -d' ' < verifs.out | head -n1 > lastsigdate
           fi

Name

sopv-verify - Verify detached OpenPGP signatures on a message

Options

--not-before=DATE
              Do  not  accept  signatures  made  before  the  specified  DATE.  Supply  DATE in ISO-8601 format,
              preferably in UTC (see DATE in sopv(1)).

       --not-after=DATE
              Do not accept signatures made after the specified DATE. Supply DATE in ISO-8601 format, preferably
              in UTC (see DATE in sopv(1)).

Return Code

sopvverify returns 0 to to indicate that at least one valid signature was found.

       It may fail for other reason, but NO_SIGNATURE (3) is a likely failure mode when none of  the  SIGNATURES
       can be verified as being from any of the CERTS.

See Also

sopv(1),    sopv-version(1),    sopv-inline-verify(1),   Stateless   OpenPGP   Command   Line   Interface
       https://datatracker.ietf.org/doc/draft-dkg-openpgp-stateless-cli/,                RFC                9580
       https://www.rfc-editor.org/rfc/rfc9580.html

sopv 1.1                                          February 2025                                   SOPV-VERIFY(1)

Synopsis

sopv [--debug] verify [--not-before=DATE] [--not-after=DATE] [--] SIGNATURESCERTS [CERTS...] <DATA

See Also

Man Pages
sopv Man Pages
Man Pages
openpgp Man Pages
Man Pages
verify Man Pages
Man Pages
DATE Man Pages
Signature
Signature PNG Icons
Man Pages
signatures Man Pages
Message
Message PNG Icons
MCP
Mcp-pgsql-instance Mcp
Man Pages
Validate Man Pages
← View User commands Category← Back to Security and encryption🙏  Credits & Acknowledgments