From 01aad2c80a2e8ea8ccf1db34dce2b621253d454c Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Fri, 12 Nov 1999 14:04:41 +0000 Subject: [PATCH] Add an spkac manual page and fix the pkcs7 manpage. --- doc/man/pkcs7.pod | 2 + doc/man/spkac.pod | 115 ++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 117 insertions(+) create mode 100644 doc/man/spkac.pod diff --git a/doc/man/pkcs7.pod b/doc/man/pkcs7.pod index a2ebaac982..0514c5d667 100644 --- a/doc/man/pkcs7.pod +++ b/doc/man/pkcs7.pod @@ -12,6 +12,8 @@ B B [B<-in filename>] [B<-out filename>] [B<-print_certs>] +[B<-text>] +[B<-noout>] =head1 DESCRIPTION diff --git a/doc/man/spkac.pod b/doc/man/spkac.pod new file mode 100644 index 0000000000..eb85afe53c --- /dev/null +++ b/doc/man/spkac.pod @@ -0,0 +1,115 @@ +=pod + +=head1 NAME + +spkac - SPKAC printing and generating utility + +=head1 SYNOPSIS + +B B +[B<-in filename>] +[B<-out filename>] +[B<-key keyfile>] +[B<-challenge string>] +[B<-spkac spkacname>] +[B<-spksect section>] +[B<-noout>] +[B<-verify>] + + +=head1 DESCRIPTION + +The B command processes Netscape signed public key and challenge +(SPKAC) files. It can print out their contents, verify the signature and +produce its own SPKACs from a supplied private key. + +=head1 COMMAND OPTIONS + +=over 4 + +=item B<-in filename> + +This specifies the input filename to read from or standard input if this +option is not specified. Ignored if the B<-key> option is used. + +=item B<-out filename> + +specifies the output filename to write to or standard output by +default. + +=item B<-key keyfile> + +create an SPKAC file using the private key in B. The +B<-in>, B<-noout>, B<-spksect> and B<-verify> options are ignored if +present. + +=item B<-challenge string> + +specifies the challenge string if an SPKAC is being created. + +=item B<-spkac spkacname> + +allows an alternative name form the variable containing the +SPKAC. The default is "SPKAC". This option affects both +generated and input SPKAC files. + +=item B<-spksect section> + +allows an alternative name form the section containing the +SPKAC. The default is the default section. + +=item B<-noout> + +don't output the text version of the SPKAC (not used if an +SPKAC is being created). + +=item B<-verify> + +verifies the digital signature on the supplied SPKAC. + + +=back + +=head1 EXAMPLES + +Print out the contents of an SPKAC: + + openssl spkac -in skpac.cnf + +Verify the signature of an SPKAC: + + openssl spkac -in skpac.cnf -noout -verify + +Create an SPKAC using the challenge string "hello": + + openssl spkac -key key.pem -challenge hello -out spkac.cnf + +Example of an SPKAC, (long lines split up for clarity): + + SPKAC=MIG5MGUwXDANBgkqhkiG9w0BAQEFAANLADBIAkEA1cCoq2Wa3Ixs47uI7F\ + PVwHVIPDx5yso105Y6zpozam135a8R0CpoRvkkigIyXfcCjiVi5oWk+6FfPaD03u\ + PFoQIDAQABFgVoZWxsbzANBgkqhkiG9w0BAQQFAANBAFpQtY/FojdwkJh1bEIYuc\ + 2EeM2KHTWPEepWYeawvHD0gQ3DngSC75YCWnnDdq+NQ3F+X4deMx9AaEglZtULwV\ + 4= + +=head1 NOTES + +A created SPKAC with suitable DN components appended can be fed into +the B utility. + +SPKACs are typically generated by Netscape when a form is submitted +containing the B tag as part of the certificate enrollment +process. + +The challenge string permits a primitive form of proof of possession +of private key. By checking the SPKAC signature and a random challenge +string some guarantee is given that the user knows the private key +corresponding to the public key being certified. This is important in +some applications. Without this it is possible for a previous SPKAC +to be used in a "replay attack". + +=head1 SEE ALSO + +ca(1) + +=cut -- 2.25.1