Update files for OpenSSL-1.0.0f import.
[dragonfly.git] / secure / usr.bin / openssl / man / spkac.1
CommitLineData
e3261593 1.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.19)
8b0cefbb
JR
2.\"
3.\" Standard preamble:
4.\" ========================================================================
8b0cefbb 5.de Sp \" Vertical space (when we can't use .PP)
984263bc
MD
6.if t .sp .5v
7.if n .sp
8..
8b0cefbb 9.de Vb \" Begin verbatim text
984263bc
MD
10.ft CW
11.nf
12.ne \\$1
13..
8b0cefbb 14.de Ve \" End verbatim text
984263bc 15.ft R
984263bc
MD
16.fi
17..
8b0cefbb
JR
18.\" Set up some character translations and predefined strings. \*(-- will
19.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
e257b235
PA
20.\" double quote, and \*(R" will give a right double quote. \*(C+ will
21.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
22.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
23.\" nothing in troff, for use with C<>.
24.tr \(*W-
8b0cefbb 25.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
984263bc 26.ie n \{\
8b0cefbb
JR
27. ds -- \(*W-
28. ds PI pi
29. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
30. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
31. ds L" ""
32. ds R" ""
33. ds C` ""
34. ds C' ""
984263bc
MD
35'br\}
36.el\{\
8b0cefbb
JR
37. ds -- \|\(em\|
38. ds PI \(*p
39. ds L" ``
40. ds R" ''
984263bc 41'br\}
8b0cefbb 42.\"
e257b235
PA
43.\" Escape single quotes in literal strings from groff's Unicode transform.
44.ie \n(.g .ds Aq \(aq
45.el .ds Aq '
46.\"
8b0cefbb 47.\" If the F register is turned on, we'll generate index entries on stderr for
01185282 48.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
8b0cefbb
JR
49.\" entries marked with X<> in POD. Of course, you'll have to process the
50.\" output yourself in some meaningful fashion.
e257b235 51.ie \nF \{\
8b0cefbb
JR
52. de IX
53. tm Index:\\$1\t\\n%\t"\\$2"
984263bc 54..
8b0cefbb
JR
55. nr % 0
56. rr F
984263bc 57.\}
e257b235
PA
58.el \{\
59. de IX
60..
61.\}
aac4ff6f 62.\"
8b0cefbb
JR
63.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
64.\" Fear. Run. Save yourself. No user-serviceable parts.
65. \" fudge factors for nroff and troff
984263bc 66.if n \{\
8b0cefbb
JR
67. ds #H 0
68. ds #V .8m
69. ds #F .3m
70. ds #[ \f1
71. ds #] \fP
984263bc
MD
72.\}
73.if t \{\
8b0cefbb
JR
74. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
75. ds #V .6m
76. ds #F 0
77. ds #[ \&
78. ds #] \&
984263bc 79.\}
8b0cefbb 80. \" simple accents for nroff and troff
984263bc 81.if n \{\
8b0cefbb
JR
82. ds ' \&
83. ds ` \&
84. ds ^ \&
85. ds , \&
86. ds ~ ~
87. ds /
984263bc
MD
88.\}
89.if t \{\
8b0cefbb
JR
90. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
91. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
92. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
93. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
94. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
95. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
984263bc 96.\}
8b0cefbb 97. \" troff and (daisy-wheel) nroff accents
984263bc
MD
98.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
99.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
100.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
101.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
102.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
103.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
104.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
105.ds ae a\h'-(\w'a'u*4/10)'e
106.ds Ae A\h'-(\w'A'u*4/10)'E
8b0cefbb 107. \" corrections for vroff
984263bc
MD
108.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
109.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
8b0cefbb 110. \" for low resolution devices (crt and lpr)
984263bc
MD
111.if \n(.H>23 .if \n(.V>19 \
112\{\
8b0cefbb
JR
113. ds : e
114. ds 8 ss
115. ds o a
116. ds d- d\h'-1'\(ga
117. ds D- D\h'-1'\(hy
118. ds th \o'bp'
119. ds Th \o'LP'
120. ds ae ae
121. ds Ae AE
984263bc
MD
122.\}
123.rm #[ #] #H #V #F C
8b0cefbb
JR
124.\" ========================================================================
125.\"
126.IX Title "SPKAC 1"
e3261593 127.TH SPKAC 1 "2012-01-04" "1.0.0f" "OpenSSL"
e257b235
PA
128.\" For nroff, turn off justification. Always turn off hyphenation; it makes
129.\" way too many mistakes in technical documents.
130.if n .ad l
131.nh
984263bc 132.SH "NAME"
e3cdf75b 133spkac \- SPKAC printing and generating utility
984263bc 134.SH "SYNOPSIS"
8b0cefbb
JR
135.IX Header "SYNOPSIS"
136\&\fBopenssl\fR \fBspkac\fR
984263bc
MD
137[\fB\-in filename\fR]
138[\fB\-out filename\fR]
139[\fB\-key keyfile\fR]
140[\fB\-passin arg\fR]
141[\fB\-challenge string\fR]
142[\fB\-pubkey\fR]
143[\fB\-spkac spkacname\fR]
144[\fB\-spksect section\fR]
145[\fB\-noout\fR]
146[\fB\-verify\fR]
147[\fB\-engine id\fR]
148.SH "DESCRIPTION"
8b0cefbb 149.IX Header "DESCRIPTION"
984263bc 150The \fBspkac\fR command processes Netscape signed public key and challenge
8b0cefbb 151(\s-1SPKAC\s0) files. It can print out their contents, verify the signature and
984263bc
MD
152produce its own SPKACs from a supplied private key.
153.SH "COMMAND OPTIONS"
8b0cefbb
JR
154.IX Header "COMMAND OPTIONS"
155.IP "\fB\-in filename\fR" 4
156.IX Item "-in filename"
984263bc
MD
157This specifies the input filename to read from or standard input if this
158option is not specified. Ignored if the \fB\-key\fR option is used.
8b0cefbb
JR
159.IP "\fB\-out filename\fR" 4
160.IX Item "-out filename"
984263bc
MD
161specifies the output filename to write to or standard output by
162default.
8b0cefbb
JR
163.IP "\fB\-key keyfile\fR" 4
164.IX Item "-key keyfile"
984263bc 165create an \s-1SPKAC\s0 file using the private key in \fBkeyfile\fR. The
8b0cefbb 166\&\fB\-in\fR, \fB\-noout\fR, \fB\-spksect\fR and \fB\-verify\fR options are ignored if
984263bc 167present.
8b0cefbb
JR
168.IP "\fB\-passin password\fR" 4
169.IX Item "-passin password"
984263bc 170the input file password source. For more information about the format of \fBarg\fR
8b0cefbb
JR
171see the \fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1).
172.IP "\fB\-challenge string\fR" 4
173.IX Item "-challenge string"
984263bc 174specifies the challenge string if an \s-1SPKAC\s0 is being created.
8b0cefbb
JR
175.IP "\fB\-spkac spkacname\fR" 4
176.IX Item "-spkac spkacname"
984263bc 177allows an alternative name form the variable containing the
8b0cefbb 178\&\s-1SPKAC\s0. The default is \*(L"\s-1SPKAC\s0\*(R". This option affects both
984263bc 179generated and input \s-1SPKAC\s0 files.
8b0cefbb
JR
180.IP "\fB\-spksect section\fR" 4
181.IX Item "-spksect section"
984263bc 182allows an alternative name form the section containing the
8b0cefbb
JR
183\&\s-1SPKAC\s0. The default is the default section.
184.IP "\fB\-noout\fR" 4
185.IX Item "-noout"
984263bc 186don't output the text version of the \s-1SPKAC\s0 (not used if an
8b0cefbb
JR
187\&\s-1SPKAC\s0 is being created).
188.IP "\fB\-pubkey\fR" 4
189.IX Item "-pubkey"
984263bc
MD
190output the public key of an \s-1SPKAC\s0 (not used if an \s-1SPKAC\s0 is
191being created).
8b0cefbb
JR
192.IP "\fB\-verify\fR" 4
193.IX Item "-verify"
984263bc 194verifies the digital signature on the supplied \s-1SPKAC\s0.
8b0cefbb
JR
195.IP "\fB\-engine id\fR" 4
196.IX Item "-engine id"
01185282 197specifying an engine (by its unique \fBid\fR string) will cause \fBspkac\fR
984263bc
MD
198to attempt to obtain a functional reference to the specified engine,
199thus initialising it if needed. The engine will then be set as the default
200for all available algorithms.
201.SH "EXAMPLES"
8b0cefbb
JR
202.IX Header "EXAMPLES"
203Print out the contents of an \s-1SPKAC:\s0
984263bc
MD
204.PP
205.Vb 1
e257b235 206\& openssl spkac \-in spkac.cnf
984263bc 207.Ve
8b0cefbb
JR
208.PP
209Verify the signature of an \s-1SPKAC:\s0
984263bc
MD
210.PP
211.Vb 1
e257b235 212\& openssl spkac \-in spkac.cnf \-noout \-verify
984263bc 213.Ve
8b0cefbb
JR
214.PP
215Create an \s-1SPKAC\s0 using the challenge string \*(L"hello\*(R":
984263bc
MD
216.PP
217.Vb 1
e257b235 218\& openssl spkac \-key key.pem \-challenge hello \-out spkac.cnf
984263bc 219.Ve
8b0cefbb
JR
220.PP
221Example of an \s-1SPKAC\s0, (long lines split up for clarity):
984263bc
MD
222.PP
223.Vb 5
224\& SPKAC=MIG5MGUwXDANBgkqhkiG9w0BAQEFAANLADBIAkEA1cCoq2Wa3Ixs47uI7F\e
225\& PVwHVIPDx5yso105Y6zpozam135a8R0CpoRvkkigIyXfcCjiVi5oWk+6FfPaD03u\e
226\& PFoQIDAQABFgVoZWxsbzANBgkqhkiG9w0BAQQFAANBAFpQtY/FojdwkJh1bEIYuc\e
227\& 2EeM2KHTWPEepWYeawvHD0gQ3DngSC75YCWnnDdq+NQ3F+X4deMx9AaEglZtULwV\e
228\& 4=
229.Ve
230.SH "NOTES"
8b0cefbb
JR
231.IX Header "NOTES"
232A created \s-1SPKAC\s0 with suitable \s-1DN\s0 components appended can be fed into
984263bc
MD
233the \fBca\fR utility.
234.PP
235SPKACs are typically generated by Netscape when a form is submitted
8b0cefbb 236containing the \fB\s-1KEYGEN\s0\fR tag as part of the certificate enrollment
984263bc
MD
237process.
238.PP
239The challenge string permits a primitive form of proof of possession
8b0cefbb 240of private key. By checking the \s-1SPKAC\s0 signature and a random challenge
984263bc
MD
241string some guarantee is given that the user knows the private key
242corresponding to the public key being certified. This is important in
8b0cefbb 243some applications. Without this it is possible for a previous \s-1SPKAC\s0
984263bc
MD
244to be used in a \*(L"replay attack\*(R".
245.SH "SEE ALSO"
e3cdf75b 246.IX Header "SEE ALSO"
8b0cefbb 247\&\fIca\fR\|(1)