source-git / openssl

Clone
Source Code
GIT

Blame doc/man1/spkac.pod

c8 c8s master
  1.   dd46e1f777d2d56ed692a3e9100ebe5052e12513
  2.   doc
  3.   man1
  4.   spkac.pod
Blob History Raw
Packit Service 084de1 
=pod
Packit Service 084de1
Packit Service 084de1 
=head1 NAME
Packit Service 084de1
Packit Service 084de1 
openssl-spkac,
Packit Service 084de1 
spkac - SPKAC printing and generating utility
Packit Service 084de1
Packit Service 084de1 
=head1 SYNOPSIS
Packit Service 084de1
Packit Service 084de1 
B<openssl> B<spkac>
Packit Service 084de1 
[B<-help>]
Packit Service 084de1 
[B<-in filename>]
Packit Service 084de1 
[B<-out filename>]
Packit Service 084de1 
[B<-key keyfile>]
Packit Service 084de1 
[B<-keyform PEM|DER|ENGINE>]
Packit Service 084de1 
[B<-passin arg>]
Packit Service 084de1 
[B<-challenge string>]
Packit Service 084de1 
[B<-pubkey>]
Packit Service 084de1 
[B<-spkac spkacname>]
Packit Service 084de1 
[B<-spksect section>]
Packit Service 084de1 
[B<-noout>]
Packit Service 084de1 
[B<-verify>]
Packit Service 084de1 
[B<-engine id>]
Packit Service 084de1
Packit Service 084de1 
=head1 DESCRIPTION
Packit Service 084de1
Packit Service 084de1 
The B<spkac> command processes Netscape signed public key and challenge
Packit Service 084de1 
(SPKAC) files. It can print out their contents, verify the signature and
Packit Service 084de1 
produce its own SPKACs from a supplied private key.
Packit Service 084de1
Packit Service 084de1 
=head1 OPTIONS
Packit Service 084de1
Packit Service 084de1 
=over 4
Packit Service 084de1
Packit Service 084de1 
=item B<-help>
Packit Service 084de1
Packit Service 084de1 
Print out a usage message.
Packit Service 084de1
Packit Service 084de1 
=item B<-in filename>
Packit Service 084de1
Packit Service 084de1 
This specifies the input filename to read from or standard input if this
Packit Service 084de1 
option is not specified. Ignored if the B<-key> option is used.
Packit Service 084de1
Packit Service 084de1 
=item B<-out filename>
Packit Service 084de1
Packit Service 084de1 
Specifies the output filename to write to or standard output by
Packit Service 084de1 
default.
Packit Service 084de1
Packit Service 084de1 
=item B<-key keyfile>
Packit Service 084de1
Packit Service 084de1 
Create an SPKAC file using the private key in B<keyfile>. The
Packit Service 084de1 
B<-in>, B<-noout>, B<-spksect> and B<-verify> options are ignored if
Packit Service 084de1 
present.
Packit Service 084de1
Packit Service 084de1 
=item B<-keyform PEM|DER|ENGINE>
Packit Service 084de1
Packit Service 084de1 
Whether the key format is PEM, DER, or an engine-backed key.
Packit Service 084de1 
The default is PEM.
Packit Service 084de1
Packit Service 084de1 
=item B<-passin password>
Packit Service 084de1
Packit Service 084de1 
The input file password source. For more information about the format of B<arg>
Packit Service 084de1 
see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)>.
Packit Service 084de1
Packit Service 084de1 
=item B<-challenge string>
Packit Service 084de1
Packit Service 084de1 
Specifies the challenge string if an SPKAC is being created.
Packit Service 084de1
Packit Service 084de1 
=item B<-spkac spkacname>
Packit Service 084de1
Packit Service 084de1 
Allows an alternative name form the variable containing the
Packit Service 084de1 
SPKAC. The default is "SPKAC". This option affects both
Packit Service 084de1 
generated and input SPKAC files.
Packit Service 084de1
Packit Service 084de1 
=item B<-spksect section>
Packit Service 084de1
Packit Service 084de1 
Allows an alternative name form the section containing the
Packit Service 084de1 
SPKAC. The default is the default section.
Packit Service 084de1
Packit Service 084de1 
=item B<-noout>
Packit Service 084de1
Packit Service 084de1 
Don't output the text version of the SPKAC (not used if an
Packit Service 084de1 
SPKAC is being created).
Packit Service 084de1
Packit Service 084de1 
=item B<-pubkey>
Packit Service 084de1
Packit Service 084de1 
Output the public key of an SPKAC (not used if an SPKAC is
Packit Service 084de1 
being created).
Packit Service 084de1
Packit Service 084de1 
=item B<-verify>
Packit Service 084de1
Packit Service 084de1 
Verifies the digital signature on the supplied SPKAC.
Packit Service 084de1
Packit Service 084de1 
=item B<-engine id>
Packit Service 084de1
Packit Service 084de1 
Specifying an engine (by its unique B<id> string) will cause B<spkac>
Packit Service 084de1 
to attempt to obtain a functional reference to the specified engine,
Packit Service 084de1 
thus initialising it if needed. The engine will then be set as the default
Packit Service 084de1 
for all available algorithms.
Packit Service 084de1
Packit Service 084de1 
=back
Packit Service 084de1
Packit Service 084de1 
=head1 EXAMPLES
Packit Service 084de1
Packit Service 084de1 
Print out the contents of an SPKAC:
Packit Service 084de1
Packit Service 084de1 
 openssl spkac -in spkac.cnf
Packit Service 084de1
Packit Service 084de1 
Verify the signature of an SPKAC:
Packit Service 084de1
Packit Service 084de1 
 openssl spkac -in spkac.cnf -noout -verify
Packit Service 084de1
Packit Service 084de1 
Create an SPKAC using the challenge string "hello":
Packit Service 084de1
Packit Service 084de1 
 openssl spkac -key key.pem -challenge hello -out spkac.cnf
Packit Service 084de1
Packit Service 084de1 
Example of an SPKAC, (long lines split up for clarity):
Packit Service 084de1
Packit Service 084de1 
 SPKAC=MIG5MGUwXDANBgkqhkiG9w0BAQEFAANLADBIAkEA\
Packit Service 084de1 
 1cCoq2Wa3Ixs47uI7FPVwHVIPDx5yso105Y6zpozam135a\
Packit Service 084de1 
 8R0CpoRvkkigIyXfcCjiVi5oWk+6FfPaD03uPFoQIDAQAB\
Packit Service 084de1 
 FgVoZWxsbzANBgkqhkiG9w0BAQQFAANBAFpQtY/FojdwkJ\
Packit Service 084de1 
 h1bEIYuc2EeM2KHTWPEepWYeawvHD0gQ3DngSC75YCWnnD\
Packit Service 084de1 
 dq+NQ3F+X4deMx9AaEglZtULwV4=
Packit Service 084de1
Packit Service 084de1 
=head1 NOTES
Packit Service 084de1
Packit Service 084de1 
A created SPKAC with suitable DN components appended can be fed into
Packit Service 084de1 
the B<ca> utility.
Packit Service 084de1
Packit Service 084de1 
SPKACs are typically generated by Netscape when a form is submitted
Packit Service 084de1 
containing the B<KEYGEN> tag as part of the certificate enrollment
Packit Service 084de1 
process.
Packit Service 084de1
Packit Service 084de1 
The challenge string permits a primitive form of proof of possession
Packit Service 084de1 
of private key. By checking the SPKAC signature and a random challenge
Packit Service 084de1 
string some guarantee is given that the user knows the private key
Packit Service 084de1 
corresponding to the public key being certified. This is important in
Packit Service 084de1 
some applications. Without this it is possible for a previous SPKAC
Packit Service 084de1 
to be used in a "replay attack".
Packit Service 084de1
Packit Service 084de1 
=head1 SEE ALSO
Packit Service 084de1
Packit Service 084de1 
L<ca(1)>
Packit Service 084de1
Packit Service 084de1 
=head1 COPYRIGHT
Packit Service 084de1
Packit Service 084de1 
Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
Packit Service 084de1
Packit Service 084de1 
Licensed under the OpenSSL license (the "License").  You may not use
Packit Service 084de1 
this file except in compliance with the License.  You can obtain a copy
Packit Service 084de1 
in the file LICENSE in the source distribution or at
Packit Service 084de1 
L<https://www.openssl.org/source/license.html>.
Packit Service 084de1
Packit Service 084de1 
=cut

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation