diff options
| author | jmc <> | 2016-09-15 20:54:28 +0000 | 
|---|---|---|
| committer | jmc <> | 2016-09-15 20:54:28 +0000 | 
| commit | 9722f7fc7bf61af8c0c41e7ffb42d5c26f2a22df (patch) | |
| tree | f6e20bafac4a018f8bd994bf4f2027487c06e48a /src | |
| parent | 29f8aefdfd358a7c47a6690f35d398e576b1f4db (diff) | |
| download | openbsd-9722f7fc7bf61af8c0c41e7ffb42d5c26f2a22df.tar.gz openbsd-9722f7fc7bf61af8c0c41e7ffb42d5c26f2a22df.tar.bz2 openbsd-9722f7fc7bf61af8c0c41e7ffb42d5c26f2a22df.zip | |
some spkac shortening; ok beck
Diffstat (limited to 'src')
| -rw-r--r-- | src/usr.bin/openssl/openssl.1 | 81 | 
1 files changed, 13 insertions, 68 deletions
| diff --git a/src/usr.bin/openssl/openssl.1 b/src/usr.bin/openssl/openssl.1 index 004839f448..a290433d92 100644 --- a/src/usr.bin/openssl/openssl.1 +++ b/src/usr.bin/openssl/openssl.1 | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | .\" $OpenBSD: openssl.1,v 1.72 2016/09/15 17:49:03 jmc Exp $ | 1 | .\" $OpenBSD: openssl.1,v 1.73 2016/09/15 20:54:28 jmc Exp $ | 
| 2 | .\" ==================================================================== | 2 | .\" ==================================================================== | 
| 3 | .\" Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. | 3 | .\" Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. | 
| 4 | .\" | 4 | .\" | 
| @@ -4946,13 +4946,9 @@ If this variable is set to no, | |||
| 4946 | only the signing certificate identifier is included. | 4946 | only the signing certificate identifier is included. | 
| 4947 | The default is no. | 4947 | The default is no. | 
| 4948 | .El | 4948 | .El | 
| 4949 | .\" | ||
| 4950 | .\" SPKAC | ||
| 4951 | .\" | ||
| 4952 | .Sh SPKAC | 4949 | .Sh SPKAC | 
| 4953 | .nr nS 1 | 4950 | .nr nS 1 | 
| 4954 | .Nm "openssl spkac" | 4951 | .Nm "openssl spkac" | 
| 4955 | .Bk -words | ||
| 4956 | .Op Fl challenge Ar string | 4952 | .Op Fl challenge Ar string | 
| 4957 | .Op Fl in Ar file | 4953 | .Op Fl in Ar file | 
| 4958 | .Op Fl key Ar keyfile | 4954 | .Op Fl key Ar keyfile | 
| @@ -4963,25 +4959,21 @@ The default is no. | |||
| 4963 | .Op Fl spkac Ar spkacname | 4959 | .Op Fl spkac Ar spkacname | 
| 4964 | .Op Fl spksect Ar section | 4960 | .Op Fl spksect Ar section | 
| 4965 | .Op Fl verify | 4961 | .Op Fl verify | 
| 4966 | .Ek | ||
| 4967 | .nr nS 0 | 4962 | .nr nS 0 | 
| 4968 | .Pp | 4963 | .Pp | 
| 4969 | The | 4964 | The | 
| 4970 | .Nm spkac | 4965 | .Nm spkac | 
| 4971 | command processes Netscape signed public key and challenge | 4966 | command processes signed public key and challenge (SPKAC) files. | 
| 4972 | .Pq SPKAC | ||
| 4973 | files. | ||
| 4974 | It can print out their contents, verify the signature, | 4967 | It can print out their contents, verify the signature, | 
| 4975 | and produce its own SPKACs from a supplied private key. | 4968 | and produce its own SPKACs from a supplied private key. | 
| 4976 | .Pp | 4969 | .Pp | 
| 4977 | The options are as follows: | 4970 | The options are as follows: | 
| 4978 | .Bl -tag -width Ds | 4971 | .Bl -tag -width Ds | 
| 4979 | .It Fl challenge Ar string | 4972 | .It Fl challenge Ar string | 
| 4980 | Specifies the challenge string if an SPKAC is being created. | 4973 | The challenge string, if an SPKAC is being created. | 
| 4981 | .It Fl in Ar file | 4974 | .It Fl in Ar file | 
| 4982 | This specifies the input | 4975 | The input file to read from, | 
| 4983 | .Ar file | 4976 | or standard input if not specified. | 
| 4984 | to read from, or standard input if this option is not specified. | ||
| 4985 | Ignored if the | 4977 | Ignored if the | 
| 4986 | .Fl key | 4978 | .Fl key | 
| 4987 | option is used. | 4979 | option is used. | 
| @@ -4992,74 +4984,27 @@ The | |||
| 4992 | .Fl in , noout , spksect , | 4984 | .Fl in , noout , spksect , | 
| 4993 | and | 4985 | and | 
| 4994 | .Fl verify | 4986 | .Fl verify | 
| 4995 | options are ignored if present. | 4987 | options are ignored, if present. | 
| 4996 | .It Fl noout | 4988 | .It Fl noout | 
| 4997 | Don't output the text version of the SPKAC | 4989 | Do not output the text version of the SPKAC. | 
| 4998 | .Pq not used if an SPKAC is being created . | ||
| 4999 | .It Fl out Ar file | 4990 | .It Fl out Ar file | 
| 5000 | Specifies the output | 4991 | The output file to write to, | 
| 5001 | .Ar file | 4992 | or standard output if not specified. | 
| 5002 | to write to, or standard output by default. | ||
| 5003 | .It Fl passin Ar arg | 4993 | .It Fl passin Ar arg | 
| 5004 | The key password source. | 4994 | The key password source. | 
| 5005 | .It Fl pubkey | 4995 | .It Fl pubkey | 
| 5006 | Output the public key of an SPKAC | 4996 | Output the public key of an SPKAC. | 
| 5007 | .Pq not used if an SPKAC is being created . | ||
| 5008 | .It Fl spkac Ar spkacname | 4997 | .It Fl spkac Ar spkacname | 
| 5009 | Allows an alternative name for the variable containing the SPKAC. | 4998 | An alternative name for the variable containing the SPKAC. | 
| 5010 | The default is "SPKAC". | 4999 | The default is "SPKAC". | 
| 5011 | This option affects both generated and input SPKAC files. | 5000 | This option affects both generated and input SPKAC files. | 
| 5012 | .It Fl spksect Ar section | 5001 | .It Fl spksect Ar section | 
| 5013 | Allows an alternative name for the | 5002 | An alternative name for the | 
| 5014 | .Ar section | 5003 | .Ar section | 
| 5015 | containing the SPKAC. | 5004 | containing the SPKAC. | 
| 5016 | The default is the default section. | ||
| 5017 | .It Fl verify | 5005 | .It Fl verify | 
| 5018 | Verifies the digital signature on the supplied SPKAC. | 5006 | Verify the digital signature on the supplied SPKAC. | 
| 5019 | .El | 5007 | .El | 
| 5020 | .Sh SPKAC EXAMPLES | ||
| 5021 | Print out the contents of an SPKAC: | ||
| 5022 | .Pp | ||
| 5023 | .Dl $ openssl spkac -in spkac.cnf | ||
| 5024 | .Pp | ||
| 5025 | Verify the signature of an SPKAC: | ||
| 5026 | .Pp | ||
| 5027 | .Dl $ openssl spkac -in spkac.cnf -noout -verify | ||
| 5028 | .Pp | ||
| 5029 | Create an SPKAC using the challenge string | ||
| 5030 | .Qq hello : | ||
| 5031 | .Pp | ||
| 5032 | .Dl $ openssl spkac -key key.pem -challenge hello -out spkac.cnf | ||
| 5033 | .Pp | ||
| 5034 | Example of an SPKAC, | ||
| 5035 | .Pq long lines split up for clarity : | ||
| 5036 | .Bd -unfilled -offset indent | ||
| 5037 | SPKAC=MIG5MGUwXDANBgkqhkiG9w0BAQEFAANLADBIAkEA1cCoq2Wa3Ixs47uI7F\e | ||
| 5038 | PVwHVIPDx5yso105Y6zpozam135a8R0CpoRvkkigIyXfcCjiVi5oWk+6FfPaD03u\e | ||
| 5039 | PFoQIDAQABFgVoZWxsbzANBgkqhkiG9w0BAQQFAANBAFpQtY/FojdwkJh1bEIYuc\e | ||
| 5040 | 2EeM2KHTWPEepWYeawvHD0gQ3DngSC75YCWnnDdq+NQ3F+X4deMx9AaEglZtULwV\e | ||
| 5041 | 4= | ||
| 5042 | .Ed | ||
| 5043 | .Sh SPKAC NOTES | ||
| 5044 | A created SPKAC with suitable DN components appended can be fed into | ||
| 5045 | the | ||
| 5046 | .Nm ca | ||
| 5047 | utility. | ||
| 5048 | .Pp | ||
| 5049 | SPKACs are typically generated by Netscape when a form is submitted | ||
| 5050 | containing the | ||
| 5051 | .Em KEYGEN | ||
| 5052 | tag as part of the certificate enrollment process. | ||
| 5053 | .Pp | ||
| 5054 | The challenge string permits a primitive form of proof of possession | ||
| 5055 | of private key. | ||
| 5056 | By checking the SPKAC signature and a random challenge | ||
| 5057 | string, some guarantee is given that the user knows the private key | ||
| 5058 | corresponding to the public key being certified. | ||
| 5059 | This is important in some applications. | ||
| 5060 | Without this it is possible for a previous SPKAC | ||
| 5061 | to be used in a | ||
| 5062 | .Qq replay attack . | ||
| 5063 | .\" | 5008 | .\" | 
| 5064 | .\" VERIFY | 5009 | .\" VERIFY | 
| 5065 | .\" | 5010 | .\" | 
