canlock(1)

CLI frontend for libcanlock library

Section 1 canlock bookworm source

Description

canlock

NAME

canlock - CLI frontend for libcanlock library

SYNOPSIS

canlock -h | -v

canlock [-q] -o

canlock [-a scheme] -l [uid]mid

canlock [-a scheme] -k [uid]mid

canlock [-q] -c key,lock

canlock [-q] -m keys,locks

DESCRIPTION

Command line utility for Netnews Cancel-Lock authentication scheme.

canlock can be used to create <c-lock> and <c-key> elements according to RFC 8315. The secret data is read from standard input (using EOF for termination).

canlock also provides a verify interface with the -c option. An external header parser is required to extract the <c-key> and <c-lock> elements from the article headers.
The command line utilities canlock-mhp(1) and canlock-hfp(1) can be used for this purpose.

OPTIONS

The following options are supported:

-a scheme

Use the hash algorithm specified by <scheme>.

Supported values for <scheme> (by version 3.0.0 of canlock):
sha1, sha224, sha256, sha384, sha512

If this option is not present, sha256 is used as default value (because this is the mandatory algorithm defined by RFC 8315).

-l [uid]mid

Generate Cancel-Lock for Message-ID <mid>.

The Message-ID can be prepended with an optional User-ID <uid>.

The result is a <c-lock> element.

-k [uid]mid

Generate Cancel-Key for Message-ID <mid>.

The Message-ID can be prepended with an optional User-ID <uid>.

The result is a <c-key> element.

-c c-key,c-lock

Verify whether <c-key> element of a cancel or supersede matches the <c-lock> element of a target article.

-m keys,locks

Verify whether one of multiple keys matches one of multiple locks.

The elements of both lists must be separated by SP (space) characters.
Anything must be passed as single parameter of the "-m" option, use appropriate quoting.

-q

Write no result to standard output.

Only valid if specified before -c and -o options.

-h

Print help message, then exit.

-o

Print whether libcanlock reports support for overwriting secret data in memory.

The exit status is zero if cl_clear_secret(3) returned zero.

-v

Print version and compile time options, then exit.

EXIT STATUS

Zero on success or regular exit respectively.
All other values indicate an error.

AUTHORS

Michael Baeuerle

REPORTING BUGS

Report bugs to <mailto:michael.baeuerle@gmx.net>.

STANDARDS

canlock tries to comply with the following standards:

RFC 5537, RFC 6234, RFC 8315

SEE ALSO

canlock-hfp(1), canlock-mhp(1), cl_clear_secret(3), cl_get_lock(3), cl_get_key(3), cl_split(3), cl_verify(3), cl_verify_multi(3)
http://en.wikipedia.org/wiki/Usenet