NAME
netpgpverify — 
standalone program for
  digital signature verification
SYNOPSIS
  
    
    
  
  
    | netpgpverify | [-v]
      [-S
      ssh-pub-key-file]
      [-c
      command]
      [-k
      keyring] file ... | 
DESCRIPTION
The 
netpgpverify implements digital signature verification. It
  is designed to be simple and standalone; no external libraries, except for
  
libz and
  
libbz2 are used, in order to
  ensure maximum portability.
It is completely rewritten from the version of the program that appeared in
  
NetBSD 6.0 as part of the
  
netpgp(1) suite of commands.
The 
netpgpverify utility requires a file containing public
  keys, commonly called a “keyring”. Digitally-signed information
  can be fed to 
netpgpverify in two ways: as standard input,
  or as files provided on the command line. The public key part of the key which
  was used to sign the file must be present, or the signature verification will
  fail. Files may be signed in two distinct ways: as text documents, and as
  binary files. Text documents modify the contents to add different line-ending
  characters, and behave differently at the final byte of the input document.
  Binary files are read verbatim, and are not modified in any way.
The 
-k command line argument allows a keyring to be specified.
The 
-v command line argument prints the version of the
  
netpgpverify command and then exits.
The 
-c argument allows a “command” to be given,
  modifying the behaviour of the 
netpgpverify command. This
  command can take one of three values: “verify” which is also the
  default, which verifies the signature on the data; “cat” will also
  verify the signature on the data, and, if successfully verified, will display
  the verified data on 
stdout; and “dump”
  which will dump the individual PGP packets to standard out, along with a
  hexadecimal dump of the first part of the contents of each packet. Please note
  that the packets from the public key ring will also be dumped using this
  command. The key ring packets will be displayed immediately before the packets
  in the file being verified.
The 
-S argument allows an ssh public key file to be used as
  the source of truth for the key. This ssh-key-based signature can be created
  using the 
netpgp(1) utility.
If a detached signature “.sig” is given on the command line, the
  signing information will be retrieved from that file, and the original data is
  expected to be found in a file in the same directory with the same name with
  the “.sig” suffix removed.
Both text mode signatures, and binary signatures, can be verified by
  
netpgpverify
SIGNING AND VERIFICATION
Verification of a file's signature is best viewed using the following example:
% netpgpverify -k pubring.gpg NetBSD-6.0_RC1_hashes.asc 
Good signature for NetBSD-6.0_RC1_hashes.asc made Thu Aug 23 11:47:50 2012 
signature     4096/RSA (Encrypt or Sign) 064973ac4c4a706e 2009-06-23 
fingerprint   ddee 2bdb 9c98 a0d1 d4fb dbf7 0649 73ac 4c4a 706e 
uid           NetBSD Security Officer <security-officer@NetBSD.org> 
%
 
EXIT STATUS
The 
netpgpverify utility will return 0 for a successful
  verification, 1 if the file's signature does not match what was expected, or 2
  if any other error occurs.
SEE ALSO
netpgp(1),
  
zlib(3)
STANDARDS
J. Callas, L.
  Donnerhacke, H. Finney, D.
  Shaw, and R. Thayer, OpenPGP
  Message Format, RFC 4880,
  November 2007.
HISTORY
The 
netpgpverify command first appeared in
  
NetBSD 7.0.
AUTHORS
Alistair Crooks ⟨agc@NetBSD.org⟩.