NAME

gzsig — gzip signing utility

SYNOPSIS

gzsig sign [-q | -v] [-f secret_file] privkey [file ...]

gzsig verify [-q | -v] [-f secret_file] pubkey [file ...]

gzsig embeds or verifies RSA PKCS #1 v2.0 or DSA SHA1 signatures in gzip(1) compressed files using SSH identity keys or X.509 certificates.

The file operands are processed in command-line order. If file is a single dash (‘-’) or absent, gzsig reads from the standard input.

The options are as follows:

-f secret_file: Indicates that the passphrase for the key should be read from secret_file instead of being supplied manually.
-q: Enable quiet mode. The options -q and -v are mutually exclusive; the last one specified takes precedence.
-v: Enable verbose mode. This is the default. The options -q and -v are mutually exclusive; the last one specified takes precedence.
sign: Sign the input using the private key in privkey.
verify: Verify the signature using the public key in pubkey.

The gzsig utility exits 0 on success, and >0 if an error occurs.

Sign file1 and file2 with the SSH2 identity key in ~/.ssh/id_rsa:

$ gzsig sign ~/.ssh/id_rsa file1
  file2

Sign file1 with the SSH2 identity key, saving the signed file in file2:

$ gzsig sign ~/.ssh/id_rsa <file1
  >file2

Verify the signature on file1 using the SSL certificate in /etc/ssl/server.crt:

$ gzsig verify /etc/ssl/server.crt
  <file1

SSH2 support by Marius Eriksen <‍marius@openbsd.org>.