Merge branch 'vendor/TCPDUMP' and update build for the update.
[dragonfly.git] / secure / usr.bin / openssl / man / spkac.1
CommitLineData
e257b235 1.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05)
8b0cefbb
JR
2.\"
3.\" Standard preamble:
4.\" ========================================================================
5.de Sh \" Subsection heading
984263bc
MD
6.br
7.if t .Sp
8.ne 5
9.PP
10\fB\\$1\fR
11.PP
12..
8b0cefbb 13.de Sp \" Vertical space (when we can't use .PP)
984263bc
MD
14.if t .sp .5v
15.if n .sp
16..
8b0cefbb 17.de Vb \" Begin verbatim text
984263bc
MD
18.ft CW
19.nf
20.ne \\$1
21..
8b0cefbb 22.de Ve \" End verbatim text
984263bc 23.ft R
984263bc
MD
24.fi
25..
8b0cefbb
JR
26.\" Set up some character translations and predefined strings. \*(-- will
27.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
e257b235
PA
28.\" double quote, and \*(R" will give a right double quote. \*(C+ will
29.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
30.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
31.\" nothing in troff, for use with C<>.
32.tr \(*W-
8b0cefbb 33.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
984263bc 34.ie n \{\
8b0cefbb
JR
35. ds -- \(*W-
36. ds PI pi
37. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
38. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
39. ds L" ""
40. ds R" ""
41. ds C` ""
42. ds C' ""
984263bc
MD
43'br\}
44.el\{\
8b0cefbb
JR
45. ds -- \|\(em\|
46. ds PI \(*p
47. ds L" ``
48. ds R" ''
984263bc 49'br\}
8b0cefbb 50.\"
e257b235
PA
51.\" Escape single quotes in literal strings from groff's Unicode transform.
52.ie \n(.g .ds Aq \(aq
53.el .ds Aq '
54.\"
8b0cefbb
JR
55.\" If the F register is turned on, we'll generate index entries on stderr for
56.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index
57.\" entries marked with X<> in POD. Of course, you'll have to process the
58.\" output yourself in some meaningful fashion.
e257b235 59.ie \nF \{\
8b0cefbb
JR
60. de IX
61. tm Index:\\$1\t\\n%\t"\\$2"
984263bc 62..
8b0cefbb
JR
63. nr % 0
64. rr F
984263bc 65.\}
e257b235
PA
66.el \{\
67. de IX
68..
69.\}
aac4ff6f 70.\"
8b0cefbb
JR
71.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
72.\" Fear. Run. Save yourself. No user-serviceable parts.
73. \" fudge factors for nroff and troff
984263bc 74.if n \{\
8b0cefbb
JR
75. ds #H 0
76. ds #V .8m
77. ds #F .3m
78. ds #[ \f1
79. ds #] \fP
984263bc
MD
80.\}
81.if t \{\
8b0cefbb
JR
82. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
83. ds #V .6m
84. ds #F 0
85. ds #[ \&
86. ds #] \&
984263bc 87.\}
8b0cefbb 88. \" simple accents for nroff and troff
984263bc 89.if n \{\
8b0cefbb
JR
90. ds ' \&
91. ds ` \&
92. ds ^ \&
93. ds , \&
94. ds ~ ~
95. ds /
984263bc
MD
96.\}
97.if t \{\
8b0cefbb
JR
98. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
99. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
100. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
101. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
102. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
103. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
984263bc 104.\}
8b0cefbb 105. \" troff and (daisy-wheel) nroff accents
984263bc
MD
106.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
107.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
108.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
109.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
110.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
111.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
112.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
113.ds ae a\h'-(\w'a'u*4/10)'e
114.ds Ae A\h'-(\w'A'u*4/10)'E
8b0cefbb 115. \" corrections for vroff
984263bc
MD
116.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
117.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
8b0cefbb 118. \" for low resolution devices (crt and lpr)
984263bc
MD
119.if \n(.H>23 .if \n(.V>19 \
120\{\
8b0cefbb
JR
121. ds : e
122. ds 8 ss
123. ds o a
124. ds d- d\h'-1'\(ga
125. ds D- D\h'-1'\(hy
126. ds th \o'bp'
127. ds Th \o'LP'
128. ds ae ae
129. ds Ae AE
984263bc
MD
130.\}
131.rm #[ #] #H #V #F C
8b0cefbb
JR
132.\" ========================================================================
133.\"
134.IX Title "SPKAC 1"
405d0527 135.TH SPKAC 1 "2009-04-11" "0.9.8k" "OpenSSL"
e257b235
PA
136.\" For nroff, turn off justification. Always turn off hyphenation; it makes
137.\" way too many mistakes in technical documents.
138.if n .ad l
139.nh
984263bc 140.SH "NAME"
e3cdf75b 141spkac \- SPKAC printing and generating utility
984263bc 142.SH "SYNOPSIS"
8b0cefbb
JR
143.IX Header "SYNOPSIS"
144\&\fBopenssl\fR \fBspkac\fR
984263bc
MD
145[\fB\-in filename\fR]
146[\fB\-out filename\fR]
147[\fB\-key keyfile\fR]
148[\fB\-passin arg\fR]
149[\fB\-challenge string\fR]
150[\fB\-pubkey\fR]
151[\fB\-spkac spkacname\fR]
152[\fB\-spksect section\fR]
153[\fB\-noout\fR]
154[\fB\-verify\fR]
155[\fB\-engine id\fR]
156.SH "DESCRIPTION"
8b0cefbb 157.IX Header "DESCRIPTION"
984263bc 158The \fBspkac\fR command processes Netscape signed public key and challenge
8b0cefbb 159(\s-1SPKAC\s0) files. It can print out their contents, verify the signature and
984263bc
MD
160produce its own SPKACs from a supplied private key.
161.SH "COMMAND OPTIONS"
8b0cefbb
JR
162.IX Header "COMMAND OPTIONS"
163.IP "\fB\-in filename\fR" 4
164.IX Item "-in filename"
984263bc
MD
165This specifies the input filename to read from or standard input if this
166option is not specified. Ignored if the \fB\-key\fR option is used.
8b0cefbb
JR
167.IP "\fB\-out filename\fR" 4
168.IX Item "-out filename"
984263bc
MD
169specifies the output filename to write to or standard output by
170default.
8b0cefbb
JR
171.IP "\fB\-key keyfile\fR" 4
172.IX Item "-key keyfile"
984263bc 173create an \s-1SPKAC\s0 file using the private key in \fBkeyfile\fR. The
8b0cefbb 174\&\fB\-in\fR, \fB\-noout\fR, \fB\-spksect\fR and \fB\-verify\fR options are ignored if
984263bc 175present.
8b0cefbb
JR
176.IP "\fB\-passin password\fR" 4
177.IX Item "-passin password"
984263bc 178the input file password source. For more information about the format of \fBarg\fR
8b0cefbb
JR
179see the \fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1).
180.IP "\fB\-challenge string\fR" 4
181.IX Item "-challenge string"
984263bc 182specifies the challenge string if an \s-1SPKAC\s0 is being created.
8b0cefbb
JR
183.IP "\fB\-spkac spkacname\fR" 4
184.IX Item "-spkac spkacname"
984263bc 185allows an alternative name form the variable containing the
8b0cefbb 186\&\s-1SPKAC\s0. The default is \*(L"\s-1SPKAC\s0\*(R". This option affects both
984263bc 187generated and input \s-1SPKAC\s0 files.
8b0cefbb
JR
188.IP "\fB\-spksect section\fR" 4
189.IX Item "-spksect section"
984263bc 190allows an alternative name form the section containing the
8b0cefbb
JR
191\&\s-1SPKAC\s0. The default is the default section.
192.IP "\fB\-noout\fR" 4
193.IX Item "-noout"
984263bc 194don't output the text version of the \s-1SPKAC\s0 (not used if an
8b0cefbb
JR
195\&\s-1SPKAC\s0 is being created).
196.IP "\fB\-pubkey\fR" 4
197.IX Item "-pubkey"
984263bc
MD
198output the public key of an \s-1SPKAC\s0 (not used if an \s-1SPKAC\s0 is
199being created).
8b0cefbb
JR
200.IP "\fB\-verify\fR" 4
201.IX Item "-verify"
984263bc 202verifies the digital signature on the supplied \s-1SPKAC\s0.
8b0cefbb
JR
203.IP "\fB\-engine id\fR" 4
204.IX Item "-engine id"
984263bc
MD
205specifying an engine (by it's unique \fBid\fR string) will cause \fBreq\fR
206to attempt to obtain a functional reference to the specified engine,
207thus initialising it if needed. The engine will then be set as the default
208for all available algorithms.
209.SH "EXAMPLES"
8b0cefbb
JR
210.IX Header "EXAMPLES"
211Print out the contents of an \s-1SPKAC:\s0
984263bc
MD
212.PP
213.Vb 1
e257b235 214\& openssl spkac \-in spkac.cnf
984263bc 215.Ve
8b0cefbb
JR
216.PP
217Verify the signature of an \s-1SPKAC:\s0
984263bc
MD
218.PP
219.Vb 1
e257b235 220\& openssl spkac \-in spkac.cnf \-noout \-verify
984263bc 221.Ve
8b0cefbb
JR
222.PP
223Create an \s-1SPKAC\s0 using the challenge string \*(L"hello\*(R":
984263bc
MD
224.PP
225.Vb 1
e257b235 226\& openssl spkac \-key key.pem \-challenge hello \-out spkac.cnf
984263bc 227.Ve
8b0cefbb
JR
228.PP
229Example of an \s-1SPKAC\s0, (long lines split up for clarity):
984263bc
MD
230.PP
231.Vb 5
232\& SPKAC=MIG5MGUwXDANBgkqhkiG9w0BAQEFAANLADBIAkEA1cCoq2Wa3Ixs47uI7F\e
233\& PVwHVIPDx5yso105Y6zpozam135a8R0CpoRvkkigIyXfcCjiVi5oWk+6FfPaD03u\e
234\& PFoQIDAQABFgVoZWxsbzANBgkqhkiG9w0BAQQFAANBAFpQtY/FojdwkJh1bEIYuc\e
235\& 2EeM2KHTWPEepWYeawvHD0gQ3DngSC75YCWnnDdq+NQ3F+X4deMx9AaEglZtULwV\e
236\& 4=
237.Ve
238.SH "NOTES"
8b0cefbb
JR
239.IX Header "NOTES"
240A created \s-1SPKAC\s0 with suitable \s-1DN\s0 components appended can be fed into
984263bc
MD
241the \fBca\fR utility.
242.PP
243SPKACs are typically generated by Netscape when a form is submitted
8b0cefbb 244containing the \fB\s-1KEYGEN\s0\fR tag as part of the certificate enrollment
984263bc
MD
245process.
246.PP
247The challenge string permits a primitive form of proof of possession
8b0cefbb 248of private key. By checking the \s-1SPKAC\s0 signature and a random challenge
984263bc
MD
249string some guarantee is given that the user knows the private key
250corresponding to the public key being certified. This is important in
8b0cefbb 251some applications. Without this it is possible for a previous \s-1SPKAC\s0
984263bc
MD
252to be used in a \*(L"replay attack\*(R".
253.SH "SEE ALSO"
e3cdf75b 254.IX Header "SEE ALSO"
8b0cefbb 255\&\fIca\fR\|(1)