Upgrade to OpenSSL 0.9.8h.
[dragonfly.git] / secure / usr.bin / openssl / man / spkac.1
CommitLineData
aac4ff6f 1.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32
8b0cefbb
JR
2.\"
3.\" Standard preamble:
4.\" ========================================================================
5.de Sh \" Subsection heading
984263bc
MD
6.br
7.if t .Sp
8.ne 5
9.PP
10\fB\\$1\fR
11.PP
12..
8b0cefbb 13.de Sp \" Vertical space (when we can't use .PP)
984263bc
MD
14.if t .sp .5v
15.if n .sp
16..
8b0cefbb 17.de Vb \" Begin verbatim text
984263bc
MD
18.ft CW
19.nf
20.ne \\$1
21..
8b0cefbb 22.de Ve \" End verbatim text
984263bc 23.ft R
984263bc
MD
24.fi
25..
8b0cefbb
JR
26.\" Set up some character translations and predefined strings. \*(-- will
27.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
aac4ff6f
PA
28.\" double quote, and \*(R" will give a right double quote. | will give a
29.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to
30.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C'
31.\" expand to `' in nroff, nothing in troff, for use with C<>.
32.tr \(*W-|\(bv\*(Tr
8b0cefbb 33.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
984263bc 34.ie n \{\
8b0cefbb
JR
35. ds -- \(*W-
36. ds PI pi
37. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
38. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
39. ds L" ""
40. ds R" ""
41. ds C` ""
42. ds C' ""
984263bc
MD
43'br\}
44.el\{\
8b0cefbb
JR
45. ds -- \|\(em\|
46. ds PI \(*p
47. ds L" ``
48. ds R" ''
984263bc 49'br\}
8b0cefbb
JR
50.\"
51.\" If the F register is turned on, we'll generate index entries on stderr for
52.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index
53.\" entries marked with X<> in POD. Of course, you'll have to process the
54.\" output yourself in some meaningful fashion.
55.if \nF \{\
56. de IX
57. tm Index:\\$1\t\\n%\t"\\$2"
984263bc 58..
8b0cefbb
JR
59. nr % 0
60. rr F
984263bc 61.\}
8b0cefbb 62.\"
aac4ff6f
PA
63.\" For nroff, turn off justification. Always turn off hyphenation; it makes
64.\" way too many mistakes in technical documents.
65.hy 0
66.if n .na
67.\"
8b0cefbb
JR
68.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
69.\" Fear. Run. Save yourself. No user-serviceable parts.
70. \" fudge factors for nroff and troff
984263bc 71.if n \{\
8b0cefbb
JR
72. ds #H 0
73. ds #V .8m
74. ds #F .3m
75. ds #[ \f1
76. ds #] \fP
984263bc
MD
77.\}
78.if t \{\
8b0cefbb
JR
79. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
80. ds #V .6m
81. ds #F 0
82. ds #[ \&
83. ds #] \&
984263bc 84.\}
8b0cefbb 85. \" simple accents for nroff and troff
984263bc 86.if n \{\
8b0cefbb
JR
87. ds ' \&
88. ds ` \&
89. ds ^ \&
90. ds , \&
91. ds ~ ~
92. ds /
984263bc
MD
93.\}
94.if t \{\
8b0cefbb
JR
95. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
96. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
97. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
98. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
99. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
100. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
984263bc 101.\}
8b0cefbb 102. \" troff and (daisy-wheel) nroff accents
984263bc
MD
103.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
104.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
105.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
106.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
107.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
108.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
109.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
110.ds ae a\h'-(\w'a'u*4/10)'e
111.ds Ae A\h'-(\w'A'u*4/10)'E
8b0cefbb 112. \" corrections for vroff
984263bc
MD
113.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
114.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
8b0cefbb 115. \" for low resolution devices (crt and lpr)
984263bc
MD
116.if \n(.H>23 .if \n(.V>19 \
117\{\
8b0cefbb
JR
118. ds : e
119. ds 8 ss
120. ds o a
121. ds d- d\h'-1'\(ga
122. ds D- D\h'-1'\(hy
123. ds th \o'bp'
124. ds Th \o'LP'
125. ds ae ae
126. ds Ae AE
984263bc
MD
127.\}
128.rm #[ #] #H #V #F C
8b0cefbb
JR
129.\" ========================================================================
130.\"
131.IX Title "SPKAC 1"
aac4ff6f 132.TH SPKAC 1 "2008-09-06" "0.9.8h" "OpenSSL"
984263bc 133.SH "NAME"
e3cdf75b 134spkac \- SPKAC printing and generating utility
984263bc 135.SH "SYNOPSIS"
8b0cefbb
JR
136.IX Header "SYNOPSIS"
137\&\fBopenssl\fR \fBspkac\fR
984263bc
MD
138[\fB\-in filename\fR]
139[\fB\-out filename\fR]
140[\fB\-key keyfile\fR]
141[\fB\-passin arg\fR]
142[\fB\-challenge string\fR]
143[\fB\-pubkey\fR]
144[\fB\-spkac spkacname\fR]
145[\fB\-spksect section\fR]
146[\fB\-noout\fR]
147[\fB\-verify\fR]
148[\fB\-engine id\fR]
149.SH "DESCRIPTION"
8b0cefbb 150.IX Header "DESCRIPTION"
984263bc 151The \fBspkac\fR command processes Netscape signed public key and challenge
8b0cefbb 152(\s-1SPKAC\s0) files. It can print out their contents, verify the signature and
984263bc
MD
153produce its own SPKACs from a supplied private key.
154.SH "COMMAND OPTIONS"
8b0cefbb
JR
155.IX Header "COMMAND OPTIONS"
156.IP "\fB\-in filename\fR" 4
157.IX Item "-in filename"
984263bc
MD
158This specifies the input filename to read from or standard input if this
159option is not specified. Ignored if the \fB\-key\fR option is used.
8b0cefbb
JR
160.IP "\fB\-out filename\fR" 4
161.IX Item "-out filename"
984263bc
MD
162specifies the output filename to write to or standard output by
163default.
8b0cefbb
JR
164.IP "\fB\-key keyfile\fR" 4
165.IX Item "-key keyfile"
984263bc 166create an \s-1SPKAC\s0 file using the private key in \fBkeyfile\fR. The
8b0cefbb 167\&\fB\-in\fR, \fB\-noout\fR, \fB\-spksect\fR and \fB\-verify\fR options are ignored if
984263bc 168present.
8b0cefbb
JR
169.IP "\fB\-passin password\fR" 4
170.IX Item "-passin password"
984263bc 171the input file password source. For more information about the format of \fBarg\fR
8b0cefbb
JR
172see the \fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1).
173.IP "\fB\-challenge string\fR" 4
174.IX Item "-challenge string"
984263bc 175specifies the challenge string if an \s-1SPKAC\s0 is being created.
8b0cefbb
JR
176.IP "\fB\-spkac spkacname\fR" 4
177.IX Item "-spkac spkacname"
984263bc 178allows an alternative name form the variable containing the
8b0cefbb 179\&\s-1SPKAC\s0. The default is \*(L"\s-1SPKAC\s0\*(R". This option affects both
984263bc 180generated and input \s-1SPKAC\s0 files.
8b0cefbb
JR
181.IP "\fB\-spksect section\fR" 4
182.IX Item "-spksect section"
984263bc 183allows an alternative name form the section containing the
8b0cefbb
JR
184\&\s-1SPKAC\s0. The default is the default section.
185.IP "\fB\-noout\fR" 4
186.IX Item "-noout"
984263bc 187don't output the text version of the \s-1SPKAC\s0 (not used if an
8b0cefbb
JR
188\&\s-1SPKAC\s0 is being created).
189.IP "\fB\-pubkey\fR" 4
190.IX Item "-pubkey"
984263bc
MD
191output the public key of an \s-1SPKAC\s0 (not used if an \s-1SPKAC\s0 is
192being created).
8b0cefbb
JR
193.IP "\fB\-verify\fR" 4
194.IX Item "-verify"
984263bc 195verifies the digital signature on the supplied \s-1SPKAC\s0.
8b0cefbb
JR
196.IP "\fB\-engine id\fR" 4
197.IX Item "-engine id"
984263bc
MD
198specifying an engine (by it's unique \fBid\fR string) will cause \fBreq\fR
199to attempt to obtain a functional reference to the specified engine,
200thus initialising it if needed. The engine will then be set as the default
201for all available algorithms.
202.SH "EXAMPLES"
8b0cefbb
JR
203.IX Header "EXAMPLES"
204Print out the contents of an \s-1SPKAC:\s0
984263bc
MD
205.PP
206.Vb 1
aac4ff6f 207\& openssl spkac -in spkac.cnf
984263bc 208.Ve
8b0cefbb
JR
209.PP
210Verify the signature of an \s-1SPKAC:\s0
984263bc
MD
211.PP
212.Vb 1
aac4ff6f 213\& openssl spkac -in spkac.cnf -noout -verify
984263bc 214.Ve
8b0cefbb
JR
215.PP
216Create an \s-1SPKAC\s0 using the challenge string \*(L"hello\*(R":
984263bc
MD
217.PP
218.Vb 1
aac4ff6f 219\& openssl spkac -key key.pem -challenge hello -out spkac.cnf
984263bc 220.Ve
8b0cefbb
JR
221.PP
222Example of an \s-1SPKAC\s0, (long lines split up for clarity):
984263bc
MD
223.PP
224.Vb 5
225\& SPKAC=MIG5MGUwXDANBgkqhkiG9w0BAQEFAANLADBIAkEA1cCoq2Wa3Ixs47uI7F\e
226\& PVwHVIPDx5yso105Y6zpozam135a8R0CpoRvkkigIyXfcCjiVi5oWk+6FfPaD03u\e
227\& PFoQIDAQABFgVoZWxsbzANBgkqhkiG9w0BAQQFAANBAFpQtY/FojdwkJh1bEIYuc\e
228\& 2EeM2KHTWPEepWYeawvHD0gQ3DngSC75YCWnnDdq+NQ3F+X4deMx9AaEglZtULwV\e
229\& 4=
230.Ve
231.SH "NOTES"
8b0cefbb
JR
232.IX Header "NOTES"
233A created \s-1SPKAC\s0 with suitable \s-1DN\s0 components appended can be fed into
984263bc
MD
234the \fBca\fR utility.
235.PP
236SPKACs are typically generated by Netscape when a form is submitted
8b0cefbb 237containing the \fB\s-1KEYGEN\s0\fR tag as part of the certificate enrollment
984263bc
MD
238process.
239.PP
240The challenge string permits a primitive form of proof of possession
8b0cefbb 241of private key. By checking the \s-1SPKAC\s0 signature and a random challenge
984263bc
MD
242string some guarantee is given that the user knows the private key
243corresponding to the public key being certified. This is important in
8b0cefbb 244some applications. Without this it is possible for a previous \s-1SPKAC\s0
984263bc
MD
245to be used in a \*(L"replay attack\*(R".
246.SH "SEE ALSO"
e3cdf75b 247.IX Header "SEE ALSO"
8b0cefbb 248\&\fIca\fR\|(1)