Re: CVS commit: src/usr.bin/nbsvtool

[Dieter Baron <dillo%KD119105101110.ppp-bb.dion.ne.jp@localhost>]

In article <20080714191059.GA5088%britannica.bec.de@localhost> Joerg wrote:
: On Mon, Jul 14, 2008 at 08:55:45PM +0200, Dieter Baron wrote:
: > attached is an updated version of the man page, please review.

: I'm considering to add a second argument for the sign command and
: default to ${file}.sp7 otherwise. That would be consistent with verify.
: Opinions?

  I would rahter specify the signature file as an option (-o or -s),
for both sign and verify.  That way, we could specify more than one
file to sign/verify (with the default signature file name).

: The markup for "file .sp7" is wrong as well as for -u code under
: verify-code.

  wizd?  (I'm more concerned with content than correct markup at the
moment.)

: >   - What is the difference between a key and a certificate.

: A certificate is used to mean "public key + meta data".
: To create signatures the matching private key is required.

  Okay, we should integrate that into the man page somehow.

: >   - What is trusted if no trust anchor is given?

: Nothing.

  So is there any way for verify to succeed without a trust anchor?
Otherwise, -a is required for verify to make sense (and that should be
noted in the man page, and probably enforced by the code).

                                                yours,
                                                dillo