Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help 
SQ(1)				 User Commands				 SQ(1)

NAME
       sq-verify - Verify signed messages or detached signatures

SYNOPSIS
       sq verify [OPTIONS] FILE

DESCRIPTION
       Verify signed messages or detached signatures.

       When verifying signed messages, the message is written to stdout	or the
       file given to `--output`.

       When  a	detached message is verified, no output	is produced.  Detached
       signatures are often used to sign software packages.

       Verification is only successful if there	is no bad signature,  and  the
       number  of  successfully	verified signatures reaches the	threshold con-
       figured with the	`--signatures` parameter.  If the verification	fails,
       the  program terminates with an exit status indicating failure, and the
       output file is deleted.	If the output was sent	to  stdout,  then  the
       last  25	 MiB of	the message are	withheld (consequently,	if the message
       is smaller than 25 MiB, no output is produced).

       A signature is considered to have been authenticated if the signer  can
       be  authenticated.  If the signer is provided via `--signer-file`, then
       the signer is  considered  authenticated.   Otherwise,  the  signer  is
       looked  up  and	authenticated using the	Web of Trust.  If at least one
       User ID can be fully authenticated, then	the signature is considered to
       have been authenticated.	 If the	signature includes a  Signer  User  ID
       subpacket,  then	 only  that  User ID is	considered.  Note: the User ID
       need not	be self	signed.

       The converse operation is `sq sign`.

       If you are looking for a	standalone program to verify  detached	signa-
       tures, consider using sequoia-sqv.

       `sq  verify`  respects the reference time set by	the top-level `--time`
       argument.  When set, it verifies	the message as of the  reference  time
       instead of the current time.

OPTIONS
   Subcommand options
       --cleartext
	      Verify a cleartext-signed	message

       --message
	      Verify an	inline signed message

       --output=FILE
	      Write to FILE or stdout if omitted

	      [default:	-]

       --signature-file=SIG
	      Verify a detached	signature file

       --signatures=N
	      Set the threshold	of valid signatures to N

	      If  this	threshold is not reached, the message will not be con-
	      sidered verified.

	      [default:	1]

       --signer=FINGERPRINT|KEYID
	      Require a	signature from a certificate with the  specified  fin-
	      gerprint or key ID

       --signer-domain=DOMAIN
	      Require  a signature from	a certificate where a user ID includes
	      an email address for the specified domain

       --signer-email=EMAIL
	      Require a	signature from a certificate where a user ID  includes
	      the specified email address

       --signer-file=PATH
	      Require a	signature from a certificate read from PATH

       --signer-userid=USERID
	      Require  a  signature from a certificate with the	specified user
	      ID

	FILE  Read from	FILE or	stdin if FILE is '-'

	      [default:	-]

   Global options
       See sq(1) for a description of the global options.

EXAMPLES
       Verify a	signed message.

	      sq verify	--message document.pgp

       Verify a	detached signature.

	      sq verify	--signature-file=document.sig document.txt

       Verify a	message	as of June 19, 2024 at midnight	UTC.

	      sq verify	--time 2024-06-19 --message document.pgp

SEE ALSO
       sq(1).

       For the full documentation see <https://book.sequoia-pgp.org/>.

VERSION
       1.3.1

Sequoia	PGP			     1.3.1				 SQ(1)

Want to link to this manual page? Use this URL:
<https://man.freebsd.org/cgi/man.cgi?query=sq-verify&sektion=1&manpath=FreeBSD+Ports+15.0.quarterly>

home | help