diff --git a/src/commands/mod.rs b/src/commands/mod.rs index 7a4a3512..21a99f37 100644 --- a/src/commands/mod.rs +++ b/src/commands/mod.rs @@ -642,12 +642,12 @@ pub fn verify(config: Config, let helper = VHelper::new(&config, signatures, certs); let helper = if let Some(dsig) = detached { let mut v = DetachedVerifierBuilder::from_reader(dsig)? - .with_policy(&config.policy, None, helper)?; + .with_policy(&config.policy, Some(config.time), helper)?; v.verify_reader(input)?; v.into_helper() } else { let mut v = VerifierBuilder::from_reader(input)? - .with_policy(&config.policy, None, helper)?; + .with_policy(&config.policy, Some(config.time), helper)?; io::copy(&mut v, output)?; v.into_helper() }; diff --git a/src/sq_cli/mod.rs b/src/sq_cli/mod.rs index 16fdd92a..3cf9ef6b 100644 --- a/src/sq_cli/mod.rs +++ b/src/sq_cli/mod.rs @@ -133,7 +133,7 @@ Sets the reference time as an ISO 8601 formatted timestamp. Normally, \ commands use the current time as the reference time. This argument allows \ the user to use a difference reference time. For instance, when creating a \ key using \"sq key generate\", the creation time is normally set to the \ -current time, but can be overriden using this option. Similarly, when \ +current time, but can be overridden using this option. Similarly, when \ verifying a message, the message is verified with respect to the current \ time. This option allows the user to use a different time. diff --git a/src/sq_cli/verify.rs b/src/sq_cli/verify.rs index 6756d2f2..49be5164 100644 --- a/src/sq_cli/verify.rs +++ b/src/sq_cli/verify.rs @@ -29,6 +29,10 @@ The converse operation is \"sq sign\". If you are looking for a standalone program to verify detached signatures, consider using sequoia-sqv. + +\"sq verify\" respects the reference time set by the top-level +\"--time\" argument. When set, it verifies the message as of the +reference time instead of the current time. ", after_help = "EXAMPLES: @@ -38,6 +42,9 @@ $ sq verify --signer-file juliet.pgp signed-message.pgp # Verify a detached message $ sq verify --signer-file juliet.pgp --detached message.sig message.txt + +# Verify a message as of June 9, 2011 at midnight UTC: +$ sq verify --time 20130721 msg.pgp ", )] pub struct Command {