summaryrefslogtreecommitdiff
path: root/ssh-keygen.1
diff options
context:
space:
mode:
Diffstat (limited to 'ssh-keygen.1')
-rw-r--r--ssh-keygen.124
1 files changed, 21 insertions, 3 deletions
diff --git a/ssh-keygen.1 b/ssh-keygen.1
index 081158546..f8dafb3aa 100644
--- a/ssh-keygen.1
+++ b/ssh-keygen.1
@@ -1,4 +1,4 @@
1.\" $OpenBSD: ssh-keygen.1,v 1.166 2019/09/05 05:47:23 jmc Exp $ 1.\" $OpenBSD: ssh-keygen.1,v 1.167 2019/09/16 03:23:02 djm Exp $
2.\" 2.\"
3.\" Author: Tatu Ylonen <ylo@cs.hut.fi> 3.\" Author: Tatu Ylonen <ylo@cs.hut.fi>
4.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -35,7 +35,7 @@
35.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 35.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
36.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 36.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
37.\" 37.\"
38.Dd $Mdocdate: September 5 2019 $ 38.Dd $Mdocdate: September 16 2019 $
39.Dt SSH-KEYGEN 1 39.Dt SSH-KEYGEN 1
40.Os 40.Os
41.Sh NAME 41.Sh NAME
@@ -149,10 +149,14 @@
149.Nm ssh-keygen 149.Nm ssh-keygen
150.Fl Y Cm verify 150.Fl Y Cm verify
151.Fl I Ar signer_identity 151.Fl I Ar signer_identity
152.Fl f Ar allowed_keys_file 152.Fl f Ar allowed_signers_file
153.Fl n Ar namespace 153.Fl n Ar namespace
154.Fl s Ar signature_file 154.Fl s Ar signature_file
155.Op Fl r Ar revocation_file 155.Op Fl r Ar revocation_file
156.Nm ssh-keygen
157.Fl Y Cm check-novalidate
158.Fl s Ar signature_file
159.Fl n Ar namespace
156.Ek 160.Ek
157.Sh DESCRIPTION 161.Sh DESCRIPTION
158.Nm 162.Nm
@@ -716,6 +720,20 @@ flag.
716The revocation file may be a KRL or a one-per-line list of public keys. 720The revocation file may be a KRL or a one-per-line list of public keys.
717Successful verification by an authorized signer is signalled by 721Successful verification by an authorized signer is signalled by
718.Nm 722.Nm
723.It Fl Y Cm check-novalidate
724Checks that a signature generated using
725.Nm
726.Fl Y Cm sign
727has a valid structure.
728This does not validate if a signature comes from an authorized signer.
729When testing a signature,
730.Nm
731accepts a message on standard input and a signature namespace using
732.Fl n .
733A file containing the corresponding signature must also be supplied using the
734.Fl s
735flag. Successful testing of the signature is signalled by
736.Nm
719returning a zero exit status. 737returning a zero exit status.
720.It Fl z Ar serial_number 738.It Fl z Ar serial_number
721Specifies a serial number to be embedded in the certificate to distinguish 739Specifies a serial number to be embedded in the certificate to distinguish