Provided by: sopv-doc_1.1.0-1_all bug

NAME
       sopv-verify - Verify detached OpenPGP signatures on a message


SYNOPSIS
       sopv [--debug] verify [--not-before=DATE] [--not-after=DATE] [--] SIGNATURES CERTS [CERTS...] <DATA


DESCRIPTION
       sopv  verify  returns  0  if any valid OpenPGP detached signature is made over the data on standard input
       from one of the specified OpenPGP certificates. If no valid  OpenPGP  signature  is  found,  sopv  verify
       returns non-zero.

       It emits a stream of VERIFICATIONS (see VERIFICATIONS in sopv(1)) to standard output.


EXAMPLES
       if sopv verify message.sig signer.cert < message > /dev/null; then
           echo "message is signed"
       else
           echo "no valid signature found"
       fi

       To implement a no-rollbacks mechanism (e.g. for software upgrades):

           LASTSIGDATE=$(cat lastsigdate || echo '1970-01-01T00:00:00Z')
           rm -f verifs.out
           if sopv verify --not-before=$LASTSIGDATE $SIG author.cert < $PKG > verifs.out; then
              # do something with the now-verified "$PKG":
              #  ...
              # prevent rollback to prior version:
              cut -f1 -d' ' < verifs.out | head -n1 > lastsigdate
           fi


OPTIONS
       --not-before=DATE
              Do  not  accept  signatures  made  before  the  specified  DATE.  Supply  DATE in ISO-8601 format,
              preferably in UTC (see DATE in sopv(1)).

       --not-after=DATE
              Do not accept signatures made after the specified DATE. Supply DATE in ISO-8601 format, preferably
              in UTC (see DATE in sopv(1)).


ARGUMENTS
       sopv verify looks for OpenPGP signatures in the SIGNATURES argument, either as a series  of  raw  OpenPGP
       signature  packets,  or as an ASCII-armored series of OpenPGP signature packets. For the signatures to be
       verified, they must be made by one of the supplied CERTS over the message provided on standard input.

       Any Invalid or broken signature will be ignored, as will any signature made by an unknown signer.

       One or more CERTS arguments should point to OpenPGP certificates that would be acceptable signers.


RETURN CODE
       sopv verify returns 0 to to indicate that at least one valid signature was found.

       It may fail for other reason, but NO_SIGNATURE (3) is a likely failure mode when none of  the  SIGNATURES
       can be verified as being from any of the CERTS.


AUTHOR
       This  manual  page  was  written by Daniel Kahn Gillmor. Your implementation of sopv is likely written by
       someone else in alignment with the SOP specification. Please run sopv version to learn  more  about  your
       implementation.


SEE ALSO
       sopv(1),    sopv-version(1),    sopv-inline-verify(1),   Stateless   OpenPGP   Command   Line   Interface
       https://datatracker.ietf.org/doc/draft-dkg-openpgp-stateless-cli/,                RFC                9580
       https://www.rfc-editor.org/rfc/rfc9580.html

sopv 1.1                                          February 2025                                   SOPV-VERIFY(1)