OpenBSD manual page server

Manual Page Search Parameters
GZSIG(1) General Commands Manual GZSIG(1)

gzsiggzip signing utility

gzsig sign [-q | -v] [-f secret_file] privkey [file ...]

gzsig verify [-q | -v] [-f secret_file] pubkey [file ...]

gzsig embeds or verifies RSA PKCS #1 v2.0 or DSA SHA1 signatures in gzip(1) compressed files using SSH identity keys or X.509 certificates.

The file operands are processed in command-line order. If file is a single dash (‘-’) or absent, gzsig reads from the standard input.

The options are as follows:

secret_file
Indicates that the passphrase for the key should be read from secret_file instead of being supplied manually.
Enable quiet mode. The options -q and -v are mutually exclusive; the last one specified takes precedence.
Enable verbose mode. This is the default. The options -q and -v are mutually exclusive; the last one specified takes precedence.
Sign the input using the private key in privkey.
Verify the signature using the public key in pubkey.

The gzsig utility exits 0 on success, and >0 if an error occurs.

Sign file1 and file2 with the SSH2 identity key in ~/.ssh/id_rsa:

$ gzsig sign ~/.ssh/id_rsa file1 file2

Sign file1 with the SSH2 identity key, saving the signed file in file2:

$ gzsig sign ~/.ssh/id_rsa <file1 >file2

Verify the signature on file1 using the SSL certificate in /etc/ssl/server.crt:

$ gzsig verify /etc/ssl/server.crt <file1

gzip(1), ssh-keygen(1), ssl(8)

Dug Song <dugsong@arbor.net>.

SSH2 support by Marius Eriksen <marius@openbsd.org>.

July 16, 2013 OpenBSD-5.4