Man Linux: Main Page and Category List


       pgpverify - cryptographically verify Usenet control messages




       The  pgpverify  program  reads  (on  standard  input)  a Usenet control
       message that has been cryptographically signed  using  the  signcontrol
       program.   pgpverify  then uses the pgp program to determine who signed
       the control message.   If  the  control  message  was  validly  signed,
       pgpverify outputs (to stdout) the User ID of the key ID that signed the


       The pgpverify program takes no options.


       pgpverify returns the follow exit statuses for the following cases:

       0      The control message had a good PGP signature.

       1      The control message had no PGP signature.

       2      The control message had an unknown PGP signature.

       3      The control message had a bad PGP signature.

       255    A problem occurred not  directly  related  to  PGP  analysis  of


       David C Lawrence <>


       pgpverify  does  not  modify  or otherwise alter the environment before
       invoking the pgp program.  It is the responsibility of the  person  who
       installs  pgpverify to ensure that when pgp runs, it has the ability to
       locate and read a PGP key file that contains the PGP  public  keys  for
       the appropriate Usenet hierarchy administrators.




       Historically,  Usenet  news server administrators have configured their
       news servers to automatically honor Usenet control  messages  based  on
       the  originator  of  the control messages and the hierarchies for which
       the control messages applied.   For  example,  in  the  past,  David  C
       Lawrence  <>  always  issued  control messages for the
       "Big 8" hierarchies (comp,  humanities,  misc,  news,  rec,  sci,  soc,
       talk).   Usenet  news  administrators would configure their news server
       software to automatically honor newgroup and rmgroup  control  messages
       that  originated  from  David  Lawrence and applied to any of the Big 8

       Unfortunately, Usenet news articles (including  control  messages)  are
       notoriously  easy  to forge.  Soon, malicious users realized they could
       create or remove (at least temporarily) any Big 8 newsgroup they wanted
       by  simply  forging  an appropriate control message in David Lawrence’s
       name.  As Usenet became more widely used, forgeries became more common.

       The  pgpverify program was designed to allow Usenet news administrators
       to configure their servers to cryptographically verify control messages
       before  automatically  acting  on  them.  Under the pgpverify system, a
       Usenet hierarchy maintainer creates a PGP public/private key  pair  and
       disseminates  the public key.  Whenever the hierarchy maintainer issues
       a control message, he uses the signcontrol program to sign the  control
       message with the PGP private key.  Usenet news administrators configure
       their news servers to run the  pgpverify  program  on  the  appropriate
       control  messages,  and  take  action based on the PGP key User ID that
       signed the control message, not the name and address that appear in the
       control message’s From or Sender headers.

       Thus,  using  the  signcontrol  and  pgpverify  programs  appropriately
       essentially eliminates  the  possibility  of  malicious  users  forging
       Usenet  control  messages that sites will act upon, as such users would
       have to obtain the PGP private key in order to forge a control  message
       that  would pass the cryptographic verification step.  If the hierarchy
       administrators properly protect their PGP private keys, the only way  a
       malicious user could forge a validly-signed control message would be by
       breaking the RSA encryption algorithm, which (at least at this time) is
       believed  to  be  an  NP-complete problem.  If this is indeed the case,
       discovering the PGP  private  key  based  on  the  PGP  public  key  is
       computationally impossible for PGP keys of a sufficient bit length.

       <URL:>   is   where  the  most  recent
       versions of signcontrol and pgpverify live, along with PGP public  keys
       used for hierarchy administration.