Manual Reference Pages - PMCHECK (1)
pmcheck - check veracity and applicability of
signatures in news articles.
Pmcheck accepts an article from the named
file (or standard input if not specified),
and performs certain checks against digital
signatures present in X-Auth: headers
in the news articles. There are two common modes
of pmcheck, and these are described
separately for simplicity, even though there is
considerable ability to mix-and-match.
The first use is when a person is reading news,
and sees an article and wishes to check whether
the article is an approved posting to a moderated
newsgroup, or an approved posting from a
particular individual user. Piping the article
through pmcheck will give a list of valid
signatures (or signatures which couldnt be
checked because corresponding PGP public keys
were unavailable), and of course generate error
messages for invalid signatures, which indicate
either forged or altered articles. Any alteration
might have been intentional, but bear in mind the
possibility that an alteration could have been an
artifact of the news system, despite precautions
The second use, and the reason for the existence
of the PGP Moose system, is when an article is
automatically checked upon receipt by a
designated news hub. In this case, a moderated
newsgroup or user name (represented by an
electronic mail address) will be specified, and
it is considered an error if there is no
corresponding X-Auth: header, or if for
any reason it doesnt check out. Furthermore, there
can be a configured file which lists pairs of
newsgroup/user names, and corresponding PGP user
IDs who are allowed to authorise such postings.
Even a valid signature from an individual who is
not listed in this file will be considered an
error. All X-Auth: headers will be
checked if their newsgroup/user name appears in
the checking file, the only way in which the
argument is special is that such a header for
that newsgroup or user must appear.
The intention is that any article which fails
this authentication process will be reported to
the user or newsgroup moderator(s), and might be
automatically cancelled. This is to react quickly
to spamming attacks on moderated newsgroups.
Pmcheck returns an exit status of 0 if everything is all right, and non-zero otherwise.
In particular, an exit status of 1 means that the article was not
approved with the PGP Moose when it should have been, and a status of
2 is returned for all other authentication problems.
for a description of the fields which go into the
the PGP Users Manual,
the PGP Moose README file for an understanding of
how it all hangs together.
Currently pmcheck always allows cancel
messages to pass, despite the fact that
pmdaemon always authenticates them. The
potential consequences of an automated cancellation-war were
simply too horrible to contemplate.
Greg Rose, RoSecure Software.
|--> ||PMCHECK (1) ||PGP Moose |
Visit the GSP FreeBSD Man Page Interface.
Output converted with manServer 1.07.