GSP
Quick Navigator

Search Site

Unix VPS
A - Starter
B - Basic
C - Preferred
D - Commercial
MPS - Dedicated
Previous VPSs
* Sign Up! *

Support
Contact Us
Online Help
Handbooks
Domain Status
Man Pages

FAQ
Virtual Servers
Pricing
Billing
Technical

Network
Facilities
Connectivity
Topology Map

Miscellaneous
Server Agreement
Year 2038
Credits
 

USA Flag

 

 

Man Pages
PMCHECK(1) FreeBSD General Commands Manual PMCHECK(1)

pmcheck - check veracity and applicability of signatures in news articles.

pmcheck [newsgroups|user] [file]

Pmcheck accepts an article from the named file (or standard input if not specified), and performs certain checks against digital signatures present in X-Auth: headers in the news articles. There are two common modes of use of pmcheck, and these are described separately for simplicity, even though there is considerable ability to mix-and-match.

The first use is when a person is reading news, and sees an article and wishes to check whether the article is an approved posting to a moderated newsgroup, or an approved posting from a particular individual user. Piping the article through pmcheck will give a list of valid signatures (or signatures which couldn't be checked because corresponding PGP public keys were unavailable), and of course generate error messages for invalid signatures, which indicate either forged or altered articles. Any alteration might have been intentional, but bear in mind the possibility that an alteration could have been an artifact of the news system, despite precautions against this.

The second use, and the reason for the existence of the PGP Moose system, is when an article is automatically checked upon receipt by a designated news hub. In this case, a moderated newsgroup or user name (represented by an electronic mail address) will be specified, and it is considered an error if there is no corresponding X-Auth: header, or if for any reason it doesn't check out. Furthermore, there can be a configured file which lists pairs of newsgroup/user names, and corresponding PGP user IDs who are allowed to authorise such postings. Even a valid signature from an individual who is not listed in this file will be considered an error. All X-Auth: headers will be checked if their newsgroup/user name appears in the checking file, the only way in which the argument is special is that such a header for that newsgroup or user must appear. The intention is that any article which fails this authentication process will be reported to the user or newsgroup moderator(s), and might be automatically cancelled. This is to react quickly to spamming attacks on moderated newsgroups.

Pmcheck returns an exit status of 0 if everything is all right, and non-zero otherwise. In particular, an exit status of 1 means that the article was not approved with the PGP Moose when it should have been, and a status of 2 is returned for all other authentication problems.

pmapp(1), pmcanon(1) for a description of the fields which go into the signature calculation, the PGP User's Manual, the PGP Moose README file for an understanding of how it all hangs together.

Currently pmcheck always allows cancel messages to pass, despite the fact that pmdaemon always authenticates them. The potential consequences of an automated cancellation-war were simply too horrible to contemplate.

Greg Rose, RoSecure Software.
PGP Moose

Search for    or go to Top of page |  Section 1 |  Main Index

Powered by GSP Visit the GSP FreeBSD Man Page Interface.
Output converted with ManDoc.