Scroll to navigation

canlock(1) canlock 3.3.0 manual canlock(1)


canlock - CLI frontend for libcanlock library


canlock -h | -v

canlock [-q] -o

canlock [-a scheme] -l [uid]mid

canlock [-a scheme] -k [uid]mid

canlock [-q] -c key,lock

canlock [-q] -m keys,locks


Command line utility for Netnews Cancel-Lock authentication scheme.

canlock can be used to create <c-lock> and <c-key> elements according to RFC 8315. The secret data is read from standard input (using EOF for termination).

canlock also provides a verify interface with the -c option. An external header parser is required to extract the <c-key> and <c-lock> elements from the article headers.
The command line utilities canlock-mhp(1) and canlock-hfp(1) can be used for this purpose.


The following options are supported:

Use the hash algorithm specified by <scheme>.
Supported values for <scheme> (by version 3.0.0 of canlock):
sha1, sha224, sha256, sha384, sha512

If this option is not present, sha256 is used as default value (because this is the mandatory algorithm defined by RFC 8315).

Generate Cancel-Lock for Message-ID <mid>.
The Message-ID can be prepended with an optional User-ID <uid>.

The result is a <c-lock> element.

Generate Cancel-Key for Message-ID <mid>.
The Message-ID can be prepended with an optional User-ID <uid>.

The result is a <c-key> element.

Verify whether <c-key> element of a cancel or supersede matches the <c-lock> element of a target article.
Verify whether one of multiple keys matches one of multiple locks.
The elements of both lists must be separated by SP (space) characters.
Anything must be passed as single parameter of the "-m" option, use appropriate quoting.
Write no result to standard output.

Only valid if specified before -c and -o options.

Print help message, then exit.
Print whether libcanlock reports support for overwriting secret data in memory.

The exit status is zero if cl_clear_secret(3) returned zero.

Print version and compile time options, then exit.


Zero on success or regular exit respectively.
All other values indicate an error.


Michael Baeuerle


Report bugs to <>.


canlock tries to comply with the following standards:

RFC 5537, RFC 6234, RFC 8315


canlock-hfp(1), canlock-mhp(1), cl_clear_secret(3), cl_get_lock(3), cl_get_key(3), cl_split(3), cl_verify(3), cl_verify_multi(3)

2021-11-24 Unix