some spkac shortening; ok beck

author: jmc <> 2016-09-15 20:54:28 +0000
committer: jmc <> 2016-09-15 20:54:28 +0000
commit: f5ff792d195998bd0d1017ae1701739a695b6d2e (patch)
tree: f6e20bafac4a018f8bd994bf4f2027487c06e48a /src
parent: c08b7528e442c942565b4fa5bc43e17adf44c939 (diff)
download: openbsd-f5ff792d195998bd0d1017ae1701739a695b6d2e.tar.gz
openbsd-f5ff792d195998bd0d1017ae1701739a695b6d2e.tar.bz2
openbsd-f5ff792d195998bd0d1017ae1701739a695b6d2e.zip
1 files changed, 13 insertions, 68 deletions
diff --git a/src/usr.bin/openssl/openssl.1 b/src/usr.bin/openssl/openssl.1
index 004839f448..a290433d92 100644
--- a/src/usr.bin/openssl/openssl.1
+++ b/src/usr.bin/openssl/openssl.1
@@ -1,4 +1,4 @@
-.\" $OpenBSD: openssl.1,v 1.72 2016/09/15 17:49:03 jmc Exp $
+.\" $OpenBSD: openssl.1,v 1.73 2016/09/15 20:54:28 jmc Exp $
 .\" ====================================================================
 .\" Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
 .\"
@@ -4946,13 +4946,9 @@ If this variable is set to no,
 only the signing certificate identifier is included.
 The default is no.
 .El
-.\"
-.\" SPKAC
-.\"
 .Sh SPKAC
 .nr nS 1
 .Nm "openssl spkac"
-.Bk -words
 .Op Fl challenge Ar string
 .Op Fl in Ar file
 .Op Fl key Ar keyfile
@@ -4963,25 +4959,21 @@ The default is no.
 .Op Fl spkac Ar spkacname
 .Op Fl spksect Ar section
 .Op Fl verify
-.Ek
 .nr nS 0
 .Pp
 The
 .Nm spkac
-command processes Netscape signed public key and challenge
+command processes signed public key and challenge (SPKAC) files.
-.Pq SPKAC
-files.
 It can print out their contents, verify the signature,
 and produce its own SPKACs from a supplied private key.
 .Pp
 The options are as follows:
 .Bl -tag -width Ds
 .It Fl challenge Ar string
-Specifies the challenge string if an SPKAC is being created.
+The challenge string, if an SPKAC is being created.
 .It Fl in Ar file
-This specifies the input
+The input file to read from,
-.Ar file
+or standard input if not specified.
-to read from, or standard input if this option is not specified.
 Ignored if the
 .Fl key
 option is used.
@@ -4992,74 +4984,27 @@ The
 .Fl in , noout , spksect ,
 and
 .Fl verify
-options are ignored if present.
+options are ignored, if present.
 .It Fl noout
-Don't output the text version of the SPKAC
+Do not output the text version of the SPKAC.
-.Pq not used if an SPKAC is being created .
 .It Fl out Ar file
-Specifies the output
+The output file to write to,
-.Ar file
+or standard output if not specified.
-to write to, or standard output by default.
 .It Fl passin Ar arg
 The key password source.
 .It Fl pubkey
-Output the public key of an SPKAC
+Output the public key of an SPKAC.
-.Pq not used if an SPKAC is being created .
 .It Fl spkac Ar spkacname
-Allows an alternative name for the variable containing the SPKAC.
+An alternative name for the variable containing the SPKAC.
 The default is "SPKAC".
 This option affects both generated and input SPKAC files.
 .It Fl spksect Ar section
-Allows an alternative name for the
+An alternative name for the
 .Ar section
 containing the SPKAC.
-The default is the default section.
 .It Fl verify
-Verifies the digital signature on the supplied SPKAC.
+Verify the digital signature on the supplied SPKAC.
 .El
-.Sh SPKAC EXAMPLES
-Print out the contents of an SPKAC:
-.Pp
-.Dl $ openssl spkac -in spkac.cnf
-.Pp
-Verify the signature of an SPKAC:
-.Pp
-.Dl $ openssl spkac -in spkac.cnf -noout -verify
-.Pp
-Create an SPKAC using the challenge string
-.Qq hello :
-.Pp
-.Dl $ openssl spkac -key key.pem -challenge hello -out spkac.cnf
-.Pp
-Example of an SPKAC,
-.Pq long lines split up for clarity :
-.Bd -unfilled -offset indent
-SPKAC=MIG5MGUwXDANBgkqhkiG9w0BAQEFAANLADBIAkEA1cCoq2Wa3Ixs47uI7F\e
-PVwHVIPDx5yso105Y6zpozam135a8R0CpoRvkkigIyXfcCjiVi5oWk+6FfPaD03u\e
-PFoQIDAQABFgVoZWxsbzANBgkqhkiG9w0BAQQFAANBAFpQtY/FojdwkJh1bEIYuc\e
-2EeM2KHTWPEepWYeawvHD0gQ3DngSC75YCWnnDdq+NQ3F+X4deMx9AaEglZtULwV\e
-4=
-.Ed
-.Sh SPKAC NOTES
-A created SPKAC with suitable DN components appended can be fed into
-the
-.Nm ca
-utility.
-.Pp
-SPKACs are typically generated by Netscape when a form is submitted
-containing the
-.Em KEYGEN
-tag as part of the certificate enrollment process.
-.Pp
-The challenge string permits a primitive form of proof of possession
-of private key.
-By checking the SPKAC signature and a random challenge
-string, some guarantee is given that the user knows the private key
-corresponding to the public key being certified.
-This is important in some applications.
-Without this it is possible for a previous SPKAC
-to be used in a
-.Qq replay attack .
 .\"
 .\" VERIFY
 .\"
author	jmc <>	2016-09-15 20:54:28 +0000
committer	jmc <>	2016-09-15 20:54:28 +0000
commit	f5ff792d195998bd0d1017ae1701739a695b6d2e (patch)
tree	f6e20bafac4a018f8bd994bf4f2027487c06e48a /src
parent	c08b7528e442c942565b4fa5bc43e17adf44c939 (diff)
download	openbsd-f5ff792d195998bd0d1017ae1701739a695b6d2e.tar.gz openbsd-f5ff792d195998bd0d1017ae1701739a695b6d2e.tar.bz2 openbsd-f5ff792d195998bd0d1017ae1701739a695b6d2e.zip

diff --git a/src/usr.bin/openssl/openssl.1 b/src/usr.bin/openssl/openssl.1 index 004839f448..a290433d92 100644 --- a/src/usr.bin/openssl/openssl.1 +++ b/src/usr.bin/openssl/openssl.1
@@ -1,4 +1,4 @@
1	.\" $OpenBSD: openssl.1,v 1.72 2016/09/15 17:49:03 jmc Exp $	1	.\" $OpenBSD: openssl.1,v 1.73 2016/09/15 20:54:28 jmc Exp $
2	.\" ====================================================================	2	.\" ====================================================================
3	.\" Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.	3	.\" Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
4	.\"	4	.\"
@@ -4946,13 +4946,9 @@ If this variable is set to no,
4946	only the signing certificate identifier is included.	4946	only the signing certificate identifier is included.
4947	The default is no.	4947	The default is no.
4948	.El	4948	.El
4949	.\"
4950	.\" SPKAC
4951	.\"
4952	.Sh SPKAC	4949	.Sh SPKAC
4953	.nr nS 1	4950	.nr nS 1
4954	.Nm "openssl spkac"	4951	.Nm "openssl spkac"
4955	.Bk -words
4956	.Op Fl challenge Ar string	4952	.Op Fl challenge Ar string
4957	.Op Fl in Ar file	4953	.Op Fl in Ar file
4958	.Op Fl key Ar keyfile	4954	.Op Fl key Ar keyfile
@@ -4963,25 +4959,21 @@ The default is no.
4963	.Op Fl spkac Ar spkacname	4959	.Op Fl spkac Ar spkacname
4964	.Op Fl spksect Ar section	4960	.Op Fl spksect Ar section
4965	.Op Fl verify	4961	.Op Fl verify
4966	.Ek
4967	.nr nS 0	4962	.nr nS 0
4968	.Pp	4963	.Pp
4969	The	4964	The
4970	.Nm spkac	4965	.Nm spkac
4971	command processes Netscape signed public key and challenge	4966	command processes signed public key and challenge (SPKAC) files.
4972	.Pq SPKAC
4973	files.
4974	It can print out their contents, verify the signature,	4967	It can print out their contents, verify the signature,
4975	and produce its own SPKACs from a supplied private key.	4968	and produce its own SPKACs from a supplied private key.
4976	.Pp	4969	.Pp
4977	The options are as follows:	4970	The options are as follows:
4978	.Bl -tag -width Ds	4971	.Bl -tag -width Ds
4979	.It Fl challenge Ar string	4972	.It Fl challenge Ar string
4980	Specifies the challenge string if an SPKAC is being created.	4973	The challenge string, if an SPKAC is being created.
4981	.It Fl in Ar file	4974	.It Fl in Ar file
4982	This specifies the input	4975	The input file to read from,
4983	.Ar file	4976	or standard input if not specified.
4984	to read from, or standard input if this option is not specified.
4985	Ignored if the	4977	Ignored if the
4986	.Fl key	4978	.Fl key
4987	option is used.	4979	option is used.
@@ -4992,74 +4984,27 @@ The
4992	.Fl in , noout , spksect ,	4984	.Fl in , noout , spksect ,
4993	and	4985	and
4994	.Fl verify	4986	.Fl verify
4995	options are ignored if present.	4987	options are ignored, if present.
4996	.It Fl noout	4988	.It Fl noout
4997	Don't output the text version of the SPKAC	4989	Do not output the text version of the SPKAC.
4998	.Pq not used if an SPKAC is being created .
4999	.It Fl out Ar file	4990	.It Fl out Ar file
5000	Specifies the output	4991	The output file to write to,
5001	.Ar file	4992	or standard output if not specified.
5002	to write to, or standard output by default.
5003	.It Fl passin Ar arg	4993	.It Fl passin Ar arg
5004	The key password source.	4994	The key password source.
5005	.It Fl pubkey	4995	.It Fl pubkey
5006	Output the public key of an SPKAC	4996	Output the public key of an SPKAC.
5007	.Pq not used if an SPKAC is being created .
5008	.It Fl spkac Ar spkacname	4997	.It Fl spkac Ar spkacname
5009	Allows an alternative name for the variable containing the SPKAC.	4998	An alternative name for the variable containing the SPKAC.
5010	The default is "SPKAC".	4999	The default is "SPKAC".
5011	This option affects both generated and input SPKAC files.	5000	This option affects both generated and input SPKAC files.
5012	.It Fl spksect Ar section	5001	.It Fl spksect Ar section
5013	Allows an alternative name for the	5002	An alternative name for the
5014	.Ar section	5003	.Ar section
5015	containing the SPKAC.	5004	containing the SPKAC.
5016	The default is the default section.
5017	.It Fl verify	5005	.It Fl verify
5018	Verifies the digital signature on the supplied SPKAC.	5006	Verify the digital signature on the supplied SPKAC.
5019	.El	5007	.El
5020	.Sh SPKAC EXAMPLES
5021	Print out the contents of an SPKAC:
5022	.Pp
5023	.Dl $ openssl spkac -in spkac.cnf
5024	.Pp
5025	Verify the signature of an SPKAC:
5026	.Pp
5027	.Dl $ openssl spkac -in spkac.cnf -noout -verify
5028	.Pp
5029	Create an SPKAC using the challenge string
5030	.Qq hello :
5031	.Pp
5032	.Dl $ openssl spkac -key key.pem -challenge hello -out spkac.cnf
5033	.Pp
5034	Example of an SPKAC,
5035	.Pq long lines split up for clarity :
5036	.Bd -unfilled -offset indent
5037	SPKAC=MIG5MGUwXDANBgkqhkiG9w0BAQEFAANLADBIAkEA1cCoq2Wa3Ixs47uI7F\e
5038	PVwHVIPDx5yso105Y6zpozam135a8R0CpoRvkkigIyXfcCjiVi5oWk+6FfPaD03u\e
5039	PFoQIDAQABFgVoZWxsbzANBgkqhkiG9w0BAQQFAANBAFpQtY/FojdwkJh1bEIYuc\e
5040	2EeM2KHTWPEepWYeawvHD0gQ3DngSC75YCWnnDdq+NQ3F+X4deMx9AaEglZtULwV\e
5041	4=
5042	.Ed
5043	.Sh SPKAC NOTES
5044	A created SPKAC with suitable DN components appended can be fed into
5045	the
5046	.Nm ca
5047	utility.
5048	.Pp
5049	SPKACs are typically generated by Netscape when a form is submitted
5050	containing the
5051	.Em KEYGEN
5052	tag as part of the certificate enrollment process.
5053	.Pp
5054	The challenge string permits a primitive form of proof of possession
5055	of private key.
5056	By checking the SPKAC signature and a random challenge
5057	string, some guarantee is given that the user knows the private key
5058	corresponding to the public key being certified.
5059	This is important in some applications.
5060	Without this it is possible for a previous SPKAC
5061	to be used in a
5062	.Qq replay attack .
5063	.\"	5008	.\"
5064	.\" VERIFY	5009	.\" VERIFY
5065	.\"	5010	.\"