Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help 
SQ(1)				 User Commands				 SQ(1)

NAME
       sq verify - Verify signed messages or detached signatures

SYNOPSIS
       sq verify [OPTIONS] FILE

DESCRIPTION
       Verify signed messages or detached signatures.

       When verifying signed messages, the message is written to stdout	or the
       file given to `--output`.

       When  a	detached message is verified, no output	is produced.  Detached
       signatures are often used to sign software packages.

       Verification is only successful if there	is no bad signature,  and  the
       number  of  successfully	verified signatures reaches the	threshold con-
       figured with the	`--signatures` parameter.  If the verification	fails,
       the  program terminates with an exit status indicating failure.	In ad-
       dition to that, the last	25 MiB of the message are  withheld,  i.e.  if
       the message is smaller than 25 MiB, no output is	produced, and if it is
       larger, then the	output will be truncated.

       A  signature is considered to have been authenticated if	the signer can
       be authenticated.  If the signer	is provided via	`--signer-file`,  then
       the  signer  is	considered  authenticated.   Otherwise,	 the signer is
       looked up and authenticated using the Web of Trust.  If	at  least  one
       User ID can be fully authenticated, then	the signature is considered to
       have  been  authenticated.   If the signature includes a	Signer User ID
       subpacket, then only that User ID is considered.	  Note:	 the  User  ID
       need not	be self	signed.

       The converse operation is `sq sign`.

       If  you	are looking for	a standalone program to	verify detached	signa-
       tures, consider using sequoia-sqv.

       `sq verify` respects the	reference time set by the  top-level  `--time`
       argument.   When	 set, it verifies the message as of the	reference time
       instead of the current time.

OPTIONS
   Subcommand options
       --detached=SIG
	      Verify a detached	signature

       -n, --signatures=N
	      Set the threshold	of valid signatures to N. If this threshold is
	      not reached, the message will not	be considered verified.

	      [default:	1]

       -o, --output=FILE
	      Write to FILE or stdout if omitted

	      [default:	-]

       --signer-cert=FINGERPRINT|KEYID
	      Verify signatures	using the specified certificate.   This	 reads
	      the  certificate from the	certificate store, and considers it to
	      be authenticated.	 When this option is not  provided,  the  cer-
	      tificate is still	read from the certificate store, if it exists,
	      but it is	not considered authenticated.

       --signer-file=CERT_FILE
	      Verify signatures	using the certificate in CERT_FILE

	FILE  Read from	FILE or	stdin if omitted

	      [default:	-]

   Global options
       See sq(1) for a description of the global options.

EXAMPLES
       Verify a	signed message

	      sq verify	signed-message.pgp

       Verify a	detached message

	      sq verify	--detached message.sig message.txt

       Verify a	message	as of June 9, 2011 at midnight UTC:

	      sq verify	--time 20130721	msg.pgp

SEE ALSO
       sq(1).

       For the full documentation see <https://book.sequoia-pgp.org>.

VERSION
       0.36.0 (sequoia-openpgp 1.20.0)

Sequoia	PGP			    0.36.0				 SQ(1)

Want to link to this manual page? Use this URL:
<https://man.freebsd.org/cgi/man.cgi?query=sq-verify&sektion=1&manpath=FreeBSD+Ports+14.3.quarterly>

home | help