source-git / openssl

Clone
Source Code
GIT

Blame doc/man1/tsget.pod

c8 c8s master
  1.   3c126e197bf64be56e1432546d39885b80b61a84
  2.   doc
  3.   man1
  4.   tsget.pod
Blob History Raw
Packit Service 084de1 
=pod
Packit Service 084de1
Packit Service 084de1 
=head1 NAME
Packit Service 084de1
Packit Service 084de1 
openssl-tsget,
Packit Service 084de1 
tsget - Time Stamping HTTP/HTTPS client
Packit Service 084de1
Packit Service 084de1 
=head1 SYNOPSIS
Packit Service 084de1
Packit Service 084de1 
B<tsget>
Packit Service 084de1 
B<-h> server_url
Packit Service 084de1 
[B<-e> extension]
Packit Service 084de1 
[B<-o> output]
Packit Service 084de1 
[B<-v>]
Packit Service 084de1 
[B<-d>]
Packit Service 084de1 
[B<-k> private_key.pem]
Packit Service 084de1 
[B<-p> key_password]
Packit Service 084de1 
[B<-c> client_cert.pem]
Packit Service 084de1 
[B<-C> CA_certs.pem]
Packit Service 084de1 
[B<-P> CA_path]
Packit Service 084de1 
[B<-r> file:file...]
Packit Service 084de1 
[B<-g> EGD_socket]
Packit Service 084de1 
[request]...
Packit Service 084de1
Packit Service 084de1 
=head1 DESCRIPTION
Packit Service 084de1
Packit Service 084de1 
The B<tsget> command can be used for sending a time stamp request, as
Packit Service 084de1 
specified in B<RFC 3161>, to a time stamp server over HTTP or HTTPS and storing
Packit Service 084de1 
the time stamp response in a file. This tool cannot be used for creating the
Packit Service 084de1 
requests and verifying responses, you can use the OpenSSL B<ts(1)> command to
Packit Service 084de1 
do that. B<tsget> can send several requests to the server without closing
Packit Service 084de1 
the TCP connection if more than one requests are specified on the command
Packit Service 084de1 
line.
Packit Service 084de1
Packit Service 084de1 
The tool sends the following HTTP request for each time stamp request:
Packit Service 084de1
Packit Service 084de1 
        POST url HTTP/1.1
Packit Service 084de1 
        User-Agent: OpenTSA tsget.pl/<version>
Packit Service 084de1 
        Host: <host>:<port>
Packit Service 084de1 
        Pragma: no-cache
Packit Service 084de1 
        Content-Type: application/timestamp-query
Packit Service 084de1 
        Accept: application/timestamp-reply
Packit Service 084de1 
        Content-Length: length of body
Packit Service 084de1
Packit Service 084de1 
        ...binary request specified by the user...
Packit Service 084de1
Packit Service 084de1 
B<tsget> expects a response of type application/timestamp-reply, which is
Packit Service 084de1 
written to a file without any interpretation.
Packit Service 084de1
Packit Service 084de1 
=head1 OPTIONS
Packit Service 084de1
Packit Service 084de1 
=over 4
Packit Service 084de1
Packit Service 084de1 
=item B<-h> server_url
Packit Service 084de1
Packit Service 084de1 
The URL of the HTTP/HTTPS server listening for time stamp requests.
Packit Service 084de1
Packit Service 084de1 
=item B<-e> extension
Packit Service 084de1
Packit Service 084de1 
If the B<-o> option is not given this argument specifies the extension of the
Packit Service 084de1 
output files. The base name of the output file will be the same as those of
Packit Service 084de1 
the input files. Default extension is '.tsr'. (Optional)
Packit Service 084de1
Packit Service 084de1 
=item B<-o> output
Packit Service 084de1
Packit Service 084de1 
This option can be specified only when just one request is sent to the
Packit Service 084de1 
server. The time stamp response will be written to the given output file. '-'
Packit Service 084de1 
means standard output. In case of multiple time stamp requests or the absence
Packit Service 084de1 
of this argument the names of the output files will be derived from the names
Packit Service 084de1 
of the input files and the default or specified extension argument. (Optional)
Packit Service 084de1
Packit Service 084de1 
=item B<-v>
Packit Service 084de1
Packit Service 084de1 
The name of the currently processed request is printed on standard
Packit Service 084de1 
error. (Optional)
Packit Service 084de1
Packit Service 084de1 
=item B<-d>
Packit Service 084de1
Packit Service 084de1 
Switches on verbose mode for the underlying B<curl> library. You can see
Packit Service 084de1 
detailed debug messages for the connection. (Optional)
Packit Service 084de1
Packit Service 084de1 
=item B<-k> private_key.pem
Packit Service 084de1
Packit Service 084de1 
(HTTPS) In case of certificate-based client authentication over HTTPS
Packit Service 084de1 
<private_key.pem> must contain the private key of the user. The private key
Packit Service 084de1 
file can optionally be protected by a passphrase. The B<-c> option must also
Packit Service 084de1 
be specified. (Optional)
Packit Service 084de1
Packit Service 084de1 
=item B<-p> key_password
Packit Service 084de1
Packit Service 084de1 
(HTTPS) Specifies the passphrase for the private key specified by the B<-k>
Packit Service 084de1 
argument. If this option is omitted and the key is passphrase protected B<tsget>
Packit Service 084de1 
will ask for it. (Optional)
Packit Service 084de1
Packit Service 084de1 
=item B<-c> client_cert.pem
Packit Service 084de1
Packit Service 084de1 
(HTTPS) In case of certificate-based client authentication over HTTPS
Packit Service 084de1 
<client_cert.pem> must contain the X.509 certificate of the user.  The B<-k>
Packit Service 084de1 
option must also be specified. If this option is not specified no
Packit Service 084de1 
certificate-based client authentication will take place. (Optional)
Packit Service 084de1
Packit Service 084de1 
=item B<-C> CA_certs.pem
Packit Service 084de1
Packit Service 084de1 
(HTTPS) The trusted CA certificate store. The certificate chain of the peer's
Packit Service 084de1 
certificate must include one of the CA certificates specified in this file.
Packit Service 084de1 
Either option B<-C> or option B<-P> must be given in case of HTTPS. (Optional)
Packit Service 084de1
Packit Service 084de1 
=item B<-P> CA_path
Packit Service 084de1
Packit Service 084de1 
(HTTPS) The path containing the trusted CA certificates to verify the peer's
Packit Service 084de1 
certificate. The directory must be prepared with the B<c_rehash>
Packit Service 084de1 
OpenSSL utility. Either option B<-C> or option B<-P> must be given in case of
Packit Service 084de1 
HTTPS. (Optional)
Packit Service 084de1
Packit Service 084de1 
=item B<-rand> file:file...
Packit Service 084de1
Packit Service 084de1 
The files containing random data for seeding the random number
Packit Service 084de1 
generator. Multiple files can be specified, the separator is B<;> for
Packit Service 084de1 
MS-Windows, B<,> for VMS and B<:> for all other platforms. (Optional)
Packit Service 084de1
Packit Service 084de1 
=item B<-g> EGD_socket
Packit Service 084de1
Packit Service 084de1 
The name of an EGD socket to get random data from. (Optional)
Packit Service 084de1
Packit Service 084de1 
=item [request]...
Packit Service 084de1
Packit Service 084de1 
List of files containing B<RFC 3161> DER-encoded time stamp requests. If no
Packit Service 084de1 
requests are specified only one request will be sent to the server and it will be
Packit Service 084de1 
read from the standard input. (Optional)
Packit Service 084de1
Packit Service 084de1 
=back
Packit Service 084de1
Packit Service 084de1 
=head1 ENVIRONMENT VARIABLES
Packit Service 084de1
Packit Service 084de1 
The B<TSGET> environment variable can optionally contain default
Packit Service 084de1 
arguments. The content of this variable is added to the list of command line
Packit Service 084de1 
arguments.
Packit Service 084de1
Packit Service 084de1 
=head1 EXAMPLES
Packit Service 084de1
Packit Service 084de1 
The examples below presume that B<file1.tsq> and B<file2.tsq> contain valid
Packit Service 084de1 
time stamp requests, tsa.opentsa.org listens at port 8080 for HTTP requests
Packit Service 084de1 
and at port 8443 for HTTPS requests, the TSA service is available at the /tsa
Packit Service 084de1 
absolute path.
Packit Service 084de1
Packit Service 084de1 
Get a time stamp response for file1.tsq over HTTP, output is written to
Packit Service 084de1 
file1.tsr:
Packit Service 084de1
Packit Service 084de1 
  tsget -h http://tsa.opentsa.org:8080/tsa file1.tsq
Packit Service 084de1
Packit Service 084de1 
Get a time stamp response for file1.tsq and file2.tsq over HTTP showing
Packit Service 084de1 
progress, output is written to file1.reply and file2.reply respectively:
Packit Service 084de1
Packit Service 084de1 
  tsget -h http://tsa.opentsa.org:8080/tsa -v -e .reply \
Packit Service 084de1 
        file1.tsq file2.tsq
Packit Service 084de1
Packit Service 084de1 
Create a time stamp request, write it to file3.tsq, send it to the server and
Packit Service 084de1 
write the response to file3.tsr:
Packit Service 084de1
Packit Service 084de1 
  openssl ts -query -data file3.txt -cert | tee file3.tsq \
Packit Service 084de1 
        | tsget -h http://tsa.opentsa.org:8080/tsa \
Packit Service 084de1 
        -o file3.tsr
Packit Service 084de1
Packit Service 084de1 
Get a time stamp response for file1.tsq over HTTPS without client
Packit Service 084de1 
authentication:
Packit Service 084de1
Packit Service 084de1 
  tsget -h https://tsa.opentsa.org:8443/tsa \
Packit Service 084de1 
        -C cacerts.pem file1.tsq
Packit Service 084de1
Packit Service 084de1 
Get a time stamp response for file1.tsq over HTTPS with certificate-based
Packit Service 084de1 
client authentication (it will ask for the passphrase if client_key.pem is
Packit Service 084de1 
protected):
Packit Service 084de1
Packit Service 084de1 
  tsget -h https://tsa.opentsa.org:8443/tsa -C cacerts.pem \
Packit Service 084de1 
        -k client_key.pem -c client_cert.pem file1.tsq
Packit Service 084de1
Packit Service 084de1 
You can shorten the previous command line if you make use of the B<TSGET>
Packit Service 084de1 
environment variable. The following commands do the same as the previous
Packit Service 084de1 
example:
Packit Service 084de1
Packit Service 084de1 
  TSGET='-h https://tsa.opentsa.org:8443/tsa -C cacerts.pem \
Packit Service 084de1 
        -k client_key.pem -c client_cert.pem'
Packit Service 084de1 
  export TSGET
Packit Service 084de1 
  tsget file1.tsq
Packit Service 084de1
Packit Service 084de1 
=head1 SEE ALSO
Packit Service 084de1
Packit Service 084de1 
=for comment foreign manuals: curl(1)
Packit Service 084de1
Packit Service 084de1 
L<openssl(1)>, L<ts(1)>, L<curl(1)>,
Packit Service 084de1 
B<RFC 3161>
Packit Service 084de1
Packit Service 084de1 
=head1 COPYRIGHT
Packit Service 084de1
Packit Service 084de1 
Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
Packit Service 084de1
Packit Service 084de1 
Licensed under the OpenSSL license (the "License").  You may not use
Packit Service 084de1 
this file except in compliance with the License.  You can obtain a copy
Packit Service 084de1 
in the file LICENSE in the source distribution or at
Packit Service 084de1 
L<https://www.openssl.org/source/license.html>.
Packit Service 084de1
Packit Service 084de1 
=cut

Powered by Pagure 5.13.3

SSH Hostkey/Fingerprint | Documentation