.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "MSVA-PERL 1" .TH MSVA-PERL 1 "2021-01-04" "perl v5.32.0" "User Contributed Perl Documentation" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" msva\-perl \- Perl implementation of a Monkeysphere Validation Agent .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& msva\-perl [ COMMAND [ ARGS ... ] ] .Ve .SH "ABSTRACT" .IX Header "ABSTRACT" msva-perl provides a Perl implementation of the Monkeysphere Validation Agent, a certificate validation service. .SH "INTRODUCTION" .IX Header "INTRODUCTION" The Monkeysphere Validation Agent offers a local service for tools to validate certificates (both X.509 and OpenPGP) and other public keys. .PP Clients of the validation agent query it with a public key carrier (a raw public key, or some flavor of certificate), the supposed name of the remote peer offering the pubkey, and the context in which the validation check is relevant (e.g. ssh, https, etc). .PP The validation agent then tells the client whether it was able to successfully validate the peer's use of the public key in the given context. .SH "USAGE" .IX Header "USAGE" Launched with no arguments, msva-perl simply runs and listens forever. .PP Launched with arguments, it sets up a listener, spawns a subprocess using the supplied command and arguments, but with the \&\s-1MONKEYSPHERE_VALIDATION_AGENT_SOCKET\s0 environment variable set to refer to its listener. When the subprocess terminates, msva-perl tears down the listener and exits as well, returning the same value as the subprocess. .PP This is a similar invocation pattern to that of \fBssh\-agent\fR\|(1). .SH "ENVIRONMENT VARIABLES" .IX Header "ENVIRONMENT VARIABLES" msva-perl is configured by means of environment variables. .IP "\s-1MSVA_LOG_LEVEL\s0" 4 .IX Item "MSVA_LOG_LEVEL" msva-perl logs messages about its operation to stderr. \s-1MSVA_LOG_LEVEL\s0 controls its verbosity, and should be one of (in increasing verbosity): silent, quiet, fatal, error, info, verbose, debug, debug1, debug2, debug3. Default is 'error'. .IP "\s-1MSVA_ALLOWED_USERS\s0" 4 .IX Item "MSVA_ALLOWED_USERS" If your system is capable of it, msva-perl tries to figure out the owner of the connecting client. If \s-1MSVA_ALLOWED_USERS\s0 is unset, msva-perl will only permit connections from the user msva is running as. If you set \s-1MSVA_ALLOWED_USERS,\s0 msva-perl will treat it as a list of local users (by name or user \s-1ID\s0) who are allowed to connect. .IP "\s-1MSVA_PORT\s0" 4 .IX Item "MSVA_PORT" msva-perl listens on a local \s-1TCP\s0 socket to facilitate access. You can choose what port to bind to by setting \s-1MSVA_PORT.\s0 Default is to bind on an arbitrary open port. .IP "\s-1MSVA_KEYSERVER\s0" 4 .IX Item "MSVA_KEYSERVER" msva-perl will request information from OpenPGP keyservers. Set \&\s-1MSVA_KEYSERVER\s0 to declare the keyserver you want it to check with. If this variable is blank or unset, and your gpg.conf contains a keyserver declaration, it will use the GnuPG configuration. Failing that, the default is 'hkp://pool.sks\-keyservers.net'. .IP "\s-1MSVA_KEYSERVER_POLICY\s0" 4 .IX Item "MSVA_KEYSERVER_POLICY" msva-perl must decide when to check with keyservers (for new keys, revocation certificates, new certifications, etc). There are three possible options: 'always' means to check with the keyserver on every query it receives. 'never' means to never check with a keyserver. 'unlessvalid' will only check with the keyserver on a specific query if no keys are already locally known to be valid for the requested peer. Default is 'unlessvalid'. .IP "\s-1MSVA_MONITOR_CHANGES\s0" 4 .IX Item "MSVA_MONITOR_CHANGES" Under graphical environments such as X11, msva-perl is capable of monitoring for changes in its underlying code and can prompt the user to restart the daemon when some of the underlying code changes. Setting this environmnt variable to 'true' enables this monitoring and prompting behavior. Default is 'false'. .SH "COMMUNICATION PROTOCOL DETAILS" .IX Header "COMMUNICATION PROTOCOL DETAILS" Communications with the Monkeysphere Validation Agent are in the form of \s-1JSON\s0 requests over plain \s-1HTTP.\s0 Responses from the agent are also \&\s-1JSON\s0 objects. For details on the structure of the requests and responses, please see http://web.monkeysphere.info/validation\-agent/protocol .SH "SECURITY CONSIDERATIONS" .IX Header "SECURITY CONSIDERATIONS" msva-perl deliberately binds to the IPv4 loopback (on 127.0.0.1) so that remote users do not get access to the daemon. On systems (like Linux) which report ownership of \s-1TCP\s0 sockets in /proc/net/tcp, msva-perl will refuse access from random users (see \s-1MSVA_ALLOWED_USERS\s0 above). .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBmonkeysphere\fR\|(1), \fBmonkeysphere\fR\|(7), \fBssh\-agent\fR\|(1) .SH "BUGS AND FEEDBACK" .IX Header "BUGS AND FEEDBACK" Bugs or feature requests for msva-perl should be filed with the Monkeysphere project's bug tracker at https://labs.riseup.net/code/projects/monkeysphere/issues/ .SH "AUTHORS AND CONTRIBUTORS" .IX Header "AUTHORS AND CONTRIBUTORS" Daniel Kahn Gillmor .PP The Monkeysphere Team http://web.monkeysphere.info/ .SH "COPYRIGHT AND LICENSE" .IX Header "COPYRIGHT AND LICENSE" Copyright X Daniel Kahn Gillmor and others from the Monkeysphere team. msva-perl is free software, distributed under the \s-1GNU\s0 Public License, version 3 or later.