NAME

sopv-gpgv - Stateless OpenPGP Signature Verification backed by gpgv

SYNOPSIS

sopv-gpgv [-h] [--debug] SUBCOMMAND ...

Verify OpenPGP signatures using gpgv

usage: sopv-gpgv version [-h] [--debug] [--backend | --extended | --sop-spec |
--sopv]

Print version information to stdout

--debug: Provide debugging information
--backend: Show gpgv version
--extended: Show extended version information
--sop-spec: Show last known version of SOP, the Stateless OpenPGP specification
--sopv: Show compliant version of the `sopv` verification only subset of SOP

usage: sopv-gpgv verify [-h] [--debug] [--not-before TIMESTAMP]
[--not-after TIMESTAMP]
SIGNATURES CERTS [CERTS ...]

Verify detached OpenPGP signatures

--debug: Provide debugging information
--not-before TIMESTAMP: Only accept signatures later than this (default: None)
--not-after TIMESTAMP: Only accept signatures earlier than this (default: now)

usage: sopv-gpgv inline-verify [-h] [--debug] [--not-before TIMESTAMP]
[--not-after TIMESTAMP]
[--verifications-out VERIFICATIONS]
CERTS [CERTS ...]

Verify inline OpenPGP signatures (either CSF or "Signed Message" OpenPGP packets)

--debug: Provide debugging information
--not-before TIMESTAMP: Only accept signatures later than this (default: None)
--not-after TIMESTAMP: Only accept signatures earlier than this (default: now)
--verifications-out VERIFICATIONS: Write SOP-style VERIFICATIONS here

This tool implements `sopv`, the verificaftion-only subset of https://datatracker.ietf.org/doc/draft-dkg-openpgp-stateless-cli/

It uses gpgv (from the GnuPG project) as its backend.

The environment variable $SOPV_GPGV can be used to choose the name or path of the gpgv implementation used (defaults to "gpgv").

Daniel Kahn Gillmor <dkg@fifthhorseman.net>

2025-03-18

sopv-gpgv 0.1.4