REOP(1) BSD General Commands Manual REOP(1)NAMEreop — reasonable expectation of privacy
SYNOPSISreop-D -x encfile
reop-E [-1b] [-i ident] -m message -p pubkey -s seckey
reop-S [-e] [-x sigfile] -s seckey -m message
reop-V [-eq] [-x sigfile] -p pubkey -m message
DESCRIPTION
The reop utility creates and verifies cryptographic signatures and
encrypts and decrypts files. The mode of operation is selected with the
following options:
-D Decryption, both public key and symmetric.
-E Encryption, both public key and symmetric. When run without
a public key, will ask for a password and perform symmetric
encryption.
When run with a public key, will encrypt the message so that
it can be decrypted by the matching secret key. Public key
encryption also uses encryptor's secret key to authenticate
the message. Once encrypted, the message can only be
decrypted by recipient's secret key. Although authenticated,
messages are deniable (forgeable by recipient).
-G Generate a new key pair.
-S Sign the specified message file and create a signature.
-V Verify the message and signature match.
The other options are as follows:
-1 Encrypt messages using older v1 format.
-b Use a binary format for encrypted files. This can result
in a considerable space savings over the default base64
encoded format. Decryption automatically detects the cor‐
rect format.
-e When signing, create a signed message instead of just a
signature.
-i ident Specify the ident to be created during key generation or
looked up when using public cryptography.
-m message When signing, the file containing the message to sign.
When verifying, the file containing the message to verify.
When encrypting or decrypting, the plaintext.
-n Do not ask for a passphrase during key generation. Other‐
wise, reop will prompt the user for a passphrase to protect
the secret key.
-p pubkey Public key produced by -G, and used by other commands.
-q Quiet mode. Suppress informational output.
-s seckey Secret (private) key produced by -G, and used by other com‐
mands.
-x xfile The signature file to create or verify. The default is
message.sig. When encrypting, the encrypted file. The
default is message.enc.
The key and data files created by reop have similar format. A plain text
line of the form ident: is used to match key pairs. Most of the actual
key data follows and is base64 encoded.
The ~/.reop directory is searched for default keys named:
seckey User's secret key
pubkey User's public key
pubkeyring User's set trusted of trusted third party keys, searched by
ident.
EXIT STATUS
The reop utility exits 0 on success, and >0 if an error occurs. It may
fail because of one of the following reasons:
· Some necessary files do not exist.
· Entered passphrase is incorrect.
· The message file was corrupted and its signature does not match.
· The message file is too large.
EXAMPLES
Create a new key pair.
$ reop-G -p newkey.pub -s newkey.sec
Create a new key pair, assuming the ~/.reop directory exists:
$ reop-G
Sign a file, specifying a signature name:
$ reop-S -s key.sec -m message.txt -x msg.sig
Verify a signed message, using the default identity:
$ reop-V -x generalsorders.sig
BSD April 29, 2024 BSD
