Scroll to navigation

canlock(1) canlock 3.1.0 manual canlock(1)


canlock - CLI frontend for libcanlock library


canlock -h | -v

canlock [-q] -o

canlock [-a scheme] -l [uid]mid

canlock [-a scheme] -k [uid]mid

canlock [-q] -c key,lock


Command line utility for Netnews Cancel-Lock authentication scheme.

canlock can be used to create <c-lock> and <c-key> elements according to RFC8315. The secret data is read from standard input (using EOF for termination).

canlock also provides a verify interface with the -c option. An external header parser is required to extract the <c-key> and <c-lock> elements from the article headers.
The command line utilities canlock-mhp(1) and canlock-hfp(1) can be used for this purpose.


The following options are supported:
-a scheme
Use the hash algorithm specified by <scheme>.
Supported values for <scheme> (by version 3.0.0 of canlock):
sha1, sha224, sha256, sha384, sha512

If this option is not present, sha256 is used as default value (because this is the mandatory algorithm defined by RFC8315).

-l [uid]mid
Generate Cancel-Lock for Message-ID <mid>.
The Message-ID can be prepended with an optional User-ID <uid>.

The result is a <c-lock> element.

-k [uid]mid
Generate Cancel-Key for Message-ID <mid>.
The Message-ID can be prepended with an optional User-ID <uid>.

The result is a <c-key> element.

-c c-key,c-lock
Verify whether <c-key> element of a cancel or supersede matches the <c-lock> element of a target article.
Write no result to standard output.

Only valid if specified before -c and -o options.

Print help message, then exit.
Print whether libcanlock reports support for overwriting secret data in memory.

The exit status is zero if cl_clear_secret(3) returned zero.

Print version and compile time options, then exit.


Zero on success or regular exit respectively.
All other values indicate an error.


Michael Baeuerle


Report bugs to <>.


canlock tries to comply with the following standards:

RFC5537, RFC6234, RFC8315


canlock-hfp(1), canlock-mhp(1), cl_clear_secret(3), cl_get_lock(3), cl_get_key(3), cl_split(3), cl_verify(3)
2019-01-31 Unix