version 1.213, 2021/05/12 11:34:30 |
version 1.214, 2021/07/23 03:37:52 |
|
|
.Ar |
.Ar |
.Nm ssh-keygen |
.Nm ssh-keygen |
.Fl Y Cm find-principals |
.Fl Y Cm find-principals |
|
.Op Fl O Ar option |
.Fl s Ar signature_file |
.Fl s Ar signature_file |
.Fl f Ar allowed_signers_file |
.Fl f Ar allowed_signers_file |
.Nm ssh-keygen |
.Nm ssh-keygen |
.Fl Y Cm check-novalidate |
.Fl Y Cm check-novalidate |
|
.Op Fl O Ar option |
.Fl n Ar namespace |
.Fl n Ar namespace |
.Fl s Ar signature_file |
.Fl s Ar signature_file |
.Nm ssh-keygen |
.Nm ssh-keygen |
|
|
.Ar |
.Ar |
.Nm ssh-keygen |
.Nm ssh-keygen |
.Fl Y Cm verify |
.Fl Y Cm verify |
|
.Op Fl O Ar option |
.Fl f Ar allowed_signers_file |
.Fl f Ar allowed_signers_file |
.Fl I Ar signer_identity |
.Fl I Ar signer_identity |
.Fl n Ar namespace |
.Fl n Ar namespace |
|
|
By default, this information is discarded. |
By default, this information is discarded. |
.El |
.El |
.Pp |
.Pp |
|
When performing signature-related options using the |
|
.Fl Y |
|
flag, the following options are accepted: |
|
.Bl -tag -width Ds |
|
.It Cm verify-time Ns = Ns Ar timestamp |
|
Specifies a time to use when validating signatures instead of the current |
|
time. |
|
The time may be specified as a date in YYYYMMDD format or a time |
|
in YYYYMMDDHHMM[SS] format. |
|
.El |
|
.Pp |
The |
The |
.Fl O |
.Fl O |
option may be specified multiple times. |
option may be specified multiple times. |
|
|
.It Cm cert-authority |
.It Cm cert-authority |
Indicates that this key is accepted as a certificate authority (CA) and |
Indicates that this key is accepted as a certificate authority (CA) and |
that certificates signed by this CA may be accepted for verification. |
that certificates signed by this CA may be accepted for verification. |
.It Cm namespaces="namespace-list" |
.It Cm namespaces Ns = Ns "namespace-list" |
Specifies a pattern-list of namespaces that are accepted for this key. |
Specifies a pattern-list of namespaces that are accepted for this key. |
If this option is present, the signature namespace embedded in the |
If this option is present, the signature namespace embedded in the |
signature object and presented on the verification command-line must |
signature object and presented on the verification command-line must |
match the specified list before the key will be considered acceptable. |
match the specified list before the key will be considered acceptable. |
|
.It Cm valid-after Ns = Ns "timestamp" |
|
Indicates that the key is valid for use at or after the specified timestamp, |
|
which may be a date in YYYYMMDD format or a time in YYYYMMDDHHMM[SS] format, |
|
.It Cm valid-before Ns = Ns "timestamp" |
|
Indicates that the key is valid for use at or before the specified timestamp. |
.El |
.El |
.Pp |
.Pp |
When verifying signatures made by certificates, the expected principal |
When verifying signatures made by certificates, the expected principal |