OpenBSD manual page server

Manual Page Search Parameters

GZSIG(1) General Commands Manual GZSIG(1)

gzsiggzip signing utility

gzsig sign [-q] [-f secret_file] privkey [file ...]

gzsig verify [-q] [-f secret_file] pubkey [file ...]

gzsig embeds or verifies RSA PKCS #1 v2.0 or DSA SHA1 signatures in gzip(1) compressed files using SSH identity keys or X.509 certificates.

The file operands are processed in command-line order. If file is a single dash (‘-’) or absent, gzsig reads from the standard input.

The options are as follows:

secret_file
Indicates that the passphrase for the key should be read from secret_file instead of being supplied manually.
Enable quiet mode.
Sign the input using the private key in privkey.
Verify the signature using the public key in pubkey.

The gzsig utility exits 0 on success, and >0 if an error occurs.

Sign file1 and file2 with the SSH2 identity key in ~/.ssh/id_rsa:

$ gzsig sign ~/.ssh/id_rsa file1 file2

Sign file1 with the SSH2 identity key, saving the signed file in file2:

$ gzsig sign ~/.ssh/id_rsa <file1 >file2

Verify the signature on file1 using the SSL certificate in /etc/ssl/server.crt:

$ gzsig verify /etc/ssl/server.crt <file1

gzip(1), ssh-keygen(1), ssl(8)

Dug Song ⟨dugsong@arbor.net⟩. SSH2 support by Marius Eriksen ⟨marius@openbsd.org⟩.

September 29, 2011 OpenBSD-5.3