diff options
Diffstat (limited to 'secure/usr.bin/openssl/man/openssl-spkac.1')
| -rw-r--r-- | secure/usr.bin/openssl/man/openssl-spkac.1 | 165 |
1 files changed, 46 insertions, 119 deletions
diff --git a/secure/usr.bin/openssl/man/openssl-spkac.1 b/secure/usr.bin/openssl/man/openssl-spkac.1 index ac5385688804..69518e0e8a2b 100644 --- a/secure/usr.bin/openssl/man/openssl-spkac.1 +++ b/secure/usr.bin/openssl/man/openssl-spkac.1 @@ -1,4 +1,5 @@ -.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42) +.\" -*- mode: troff; coding: utf-8 -*- +.\" Automatically generated by Pod::Man 5.0102 (Pod::Simple 3.45) .\" .\" Standard preamble: .\" ======================================================================== @@ -15,29 +16,12 @@ .ft R .fi .. -.\" Set up some character translations and predefined strings. \*(-- will -.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. \*(C+ will -.\" give a nicer C++. Capital omega is used to do unbreakable dashes and -.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, -.\" nothing in troff, for use with C<>. -.tr \(*W- -.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' +.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>. .ie n \{\ -. ds -- \(*W- -. ds PI pi -. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch -. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch -. ds L" "" -. ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ -. ds -- \|\(em\| -. ds PI \(*p -. ds L" `` -. ds R" '' . ds C` . ds C' 'br\} @@ -68,77 +52,17 @@ . \} .\} .rr rF -.\" Fear. Run. Save yourself. No user-serviceable parts. -. \" fudge factors for nroff and troff -.if n \{\ -. ds #H 0 -. ds #V .8m -. ds #F .3m -. ds #[ \f1 -. ds #] \fP -.\} -.if t \{\ -. ds #H ((1u-(\\\\n(.fu%2u))*.13m) -. ds #V .6m -. ds #F 0 -. ds #[ \& -. ds #] \& -.\} -. \" simple accents for nroff and troff -.if n \{\ -. ds ' \& -. ds ` \& -. ds ^ \& -. ds , \& -. ds ~ ~ -. ds / -.\} -.if t \{\ -. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" -. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' -. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' -. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' -. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' -. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' -.\} -. \" troff and (daisy-wheel) nroff accents -.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' -.ds 8 \h'\*(#H'\(*b\h'-\*(#H' -.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] -.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' -.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' -.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] -.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] -.ds ae a\h'-(\w'a'u*4/10)'e -.ds Ae A\h'-(\w'A'u*4/10)'E -. \" corrections for vroff -.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' -.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' -. \" for low resolution devices (crt and lpr) -.if \n(.H>23 .if \n(.V>19 \ -\{\ -. ds : e -. ds 8 ss -. ds o a -. ds d- d\h'-1'\(ga -. ds D- D\h'-1'\(hy -. ds th \o'bp' -. ds Th \o'LP' -. ds ae ae -. ds Ae AE -.\} -.rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "OPENSSL-SPKAC 1ossl" -.TH OPENSSL-SPKAC 1ossl "2023-09-22" "3.0.11" "OpenSSL" +.TH OPENSSL-SPKAC 1ossl 2025-07-24 3.5.1 OpenSSL .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh -.SH "NAME" +.SH NAME openssl\-spkac \- SPKAC printing and generating command -.SH "SYNOPSIS" +.SH SYNOPSIS .IX Header "SYNOPSIS" \&\fBopenssl\fR \fBspkac\fR [\fB\-help\fR] @@ -146,7 +70,7 @@ openssl\-spkac \- SPKAC printing and generating command [\fB\-out\fR \fIfilename\fR] [\fB\-digest\fR \fIdigest\fR] [\fB\-key\fR \fIfilename\fR|\fIuri\fR] -[\fB\-keyform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR|\fBP12\fR|\fB\s-1ENGINE\s0\fR] +[\fB\-keyform\fR \fBDER\fR|\fBPEM\fR|\fBP12\fR|\fBENGINE\fR] [\fB\-passin\fR \fIarg\fR] [\fB\-challenge\fR \fIstring\fR] [\fB\-pubkey\fR] @@ -157,15 +81,16 @@ openssl\-spkac \- SPKAC printing and generating command [\fB\-engine\fR \fIid\fR] [\fB\-provider\fR \fIname\fR] [\fB\-provider\-path\fR \fIpath\fR] +[\fB\-provparam\fR \fI[name:]key=value\fR] [\fB\-propquery\fR \fIpropq\fR] -.SH "DESCRIPTION" +.SH DESCRIPTION .IX Header "DESCRIPTION" This command processes Netscape signed public key and challenge -(\s-1SPKAC\s0) files. It can print out their contents, verify the signature and +(SPKAC) files. It can print out their contents, verify the signature and produce its own SPKACs from a supplied private key. -.SH "OPTIONS" +.SH OPTIONS .IX Header "OPTIONS" -.IP "\fB\-help\fR" 4 +.IP \fB\-help\fR 4 .IX Item "-help" Print out a usage message. .IP "\fB\-in\fR \fIfilename\fR" 4 @@ -178,14 +103,14 @@ Specifies the output filename to write to or standard output by default. .IP "\fB\-digest\fR \fIdigest\fR" 4 .IX Item "-digest digest" -Use the specified \fIdigest\fR to sign a created \s-1SPKAC\s0 file. -The default digest algorithm is \s-1MD5.\s0 +Use the specified \fIdigest\fR to sign a created SPKAC file. +The default digest algorithm is MD5. .IP "\fB\-key\fR \fIfilename\fR|\fIuri\fR" 4 .IX Item "-key filename|uri" -Create an \s-1SPKAC\s0 file using the private key specified by \fIfilename\fR or \fIuri\fR. +Create an SPKAC file using the private key specified by \fIfilename\fR or \fIuri\fR. The \fB\-in\fR, \fB\-noout\fR, \fB\-spksect\fR and \fB\-verify\fR options are ignored if present. -.IP "\fB\-keyform\fR \fB\s-1DER\s0\fR|\fB\s-1PEM\s0\fR|\fBP12\fR|\fB\s-1ENGINE\s0\fR" 4 +.IP "\fB\-keyform\fR \fBDER\fR|\fBPEM\fR|\fBP12\fR|\fBENGINE\fR" 4 .IX Item "-keyform DER|PEM|P12|ENGINE" The key format; unspecified by default. See \fBopenssl\-format\-options\fR\|(1) for details. @@ -195,61 +120,63 @@ The input file password source. For more information about the format of \fIarg\ see \fBopenssl\-passphrase\-options\fR\|(1). .IP "\fB\-challenge\fR \fIstring\fR" 4 .IX Item "-challenge string" -Specifies the challenge string if an \s-1SPKAC\s0 is being created. +Specifies the challenge string if an SPKAC is being created. .IP "\fB\-spkac\fR \fIspkacname\fR" 4 .IX Item "-spkac spkacname" Allows an alternative name form the variable containing the -\&\s-1SPKAC.\s0 The default is \*(L"\s-1SPKAC\*(R".\s0 This option affects both -generated and input \s-1SPKAC\s0 files. +SPKAC. The default is "SPKAC". This option affects both +generated and input SPKAC files. .IP "\fB\-spksect\fR \fIsection\fR" 4 .IX Item "-spksect section" Allows an alternative name form the section containing the -\&\s-1SPKAC.\s0 The default is the default section. -.IP "\fB\-noout\fR" 4 +SPKAC. The default is the default section. +.IP \fB\-noout\fR 4 .IX Item "-noout" -Don't output the text version of the \s-1SPKAC\s0 (not used if an -\&\s-1SPKAC\s0 is being created). -.IP "\fB\-pubkey\fR" 4 +Don't output the text version of the SPKAC (not used if an +SPKAC is being created). +.IP \fB\-pubkey\fR 4 .IX Item "-pubkey" -Output the public key of an \s-1SPKAC\s0 (not used if an \s-1SPKAC\s0 is +Output the public key of an SPKAC (not used if an SPKAC is being created). -.IP "\fB\-verify\fR" 4 +.IP \fB\-verify\fR 4 .IX Item "-verify" -Verifies the digital signature on the supplied \s-1SPKAC.\s0 +Verifies the digital signature on the supplied SPKAC. .IP "\fB\-engine\fR \fIid\fR" 4 .IX Item "-engine id" -See \*(L"Engine Options\*(R" in \fBopenssl\fR\|(1). +See "Engine Options" in \fBopenssl\fR\|(1). This option is deprecated. .IP "\fB\-provider\fR \fIname\fR" 4 .IX Item "-provider name" .PD 0 .IP "\fB\-provider\-path\fR \fIpath\fR" 4 .IX Item "-provider-path path" +.IP "\fB\-provparam\fR \fI[name:]key=value\fR" 4 +.IX Item "-provparam [name:]key=value" .IP "\fB\-propquery\fR \fIpropq\fR" 4 .IX Item "-propquery propq" .PD -See \*(L"Provider Options\*(R" in \fBopenssl\fR\|(1), \fBprovider\fR\|(7), and \fBproperty\fR\|(7). -.SH "EXAMPLES" +See "Provider Options" in \fBopenssl\fR\|(1), \fBprovider\fR\|(7), and \fBproperty\fR\|(7). +.SH EXAMPLES .IX Header "EXAMPLES" -Print out the contents of an \s-1SPKAC:\s0 +Print out the contents of an SPKAC: .PP .Vb 1 \& openssl spkac \-in spkac.cnf .Ve .PP -Verify the signature of an \s-1SPKAC:\s0 +Verify the signature of an SPKAC: .PP .Vb 1 \& openssl spkac \-in spkac.cnf \-noout \-verify .Ve .PP -Create an \s-1SPKAC\s0 using the challenge string \*(L"hello\*(R": +Create an SPKAC using the challenge string "hello": .PP .Vb 1 \& openssl spkac \-key key.pem \-challenge hello \-out spkac.cnf .Ve .PP -Example of an \s-1SPKAC,\s0 (long lines split up for clarity): +Example of an SPKAC, (long lines split up for clarity): .PP .Vb 6 \& SPKAC=MIG5MGUwXDANBgkqhkiG9w0BAQEFAANLADBIAkEA\e @@ -259,35 +186,35 @@ Example of an \s-1SPKAC,\s0 (long lines split up for clarity): \& h1bEIYuc2EeM2KHTWPEepWYeawvHD0gQ3DngSC75YCWnnD\e \& dq+NQ3F+X4deMx9AaEglZtULwV4= .Ve -.SH "NOTES" +.SH NOTES .IX Header "NOTES" -A created \s-1SPKAC\s0 with suitable \s-1DN\s0 components appended can be fed to +A created SPKAC with suitable DN components appended can be fed to \&\fBopenssl\-ca\fR\|(1). .PP SPKACs are typically generated by Netscape when a form is submitted -containing the \fB\s-1KEYGEN\s0\fR tag as part of the certificate enrollment +containing the \fBKEYGEN\fR tag as part of the certificate enrollment process. .PP The challenge string permits a primitive form of proof of possession -of private key. By checking the \s-1SPKAC\s0 signature and a random challenge +of private key. By checking the SPKAC signature and a random challenge string some guarantee is given that the user knows the private key corresponding to the public key being certified. This is important in -some applications. Without this it is possible for a previous \s-1SPKAC\s0 -to be used in a \*(L"replay attack\*(R". +some applications. Without this it is possible for a previous SPKAC +to be used in a "replay attack". .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBopenssl\fR\|(1), \&\fBopenssl\-ca\fR\|(1) -.SH "HISTORY" +.SH HISTORY .IX Header "HISTORY" The \fB\-engine\fR option was deprecated in OpenSSL 3.0. .PP The \fB\-digest\fR option was added in OpenSSL 3.0. -.SH "COPYRIGHT" +.SH COPYRIGHT .IX Header "COPYRIGHT" Copyright 2000\-2021 The OpenSSL Project Authors. All Rights Reserved. .PP -Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use +Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy -in the file \s-1LICENSE\s0 in the source distribution or at +in the file LICENSE in the source distribution or at <https://www.openssl.org/source/license.html>. |