From aa4d426b4d3527d7e166df1a05058c9a4a0f6683 Mon Sep 17 00:00:00 2001 From: Wojtek Kosior Date: Fri, 30 Apr 2021 00:33:56 +0200 Subject: initial/final commit --- openssl-1.1.0h/doc/apps/spkac.pod | 148 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 148 insertions(+) create mode 100644 openssl-1.1.0h/doc/apps/spkac.pod (limited to 'openssl-1.1.0h/doc/apps/spkac.pod') diff --git a/openssl-1.1.0h/doc/apps/spkac.pod b/openssl-1.1.0h/doc/apps/spkac.pod new file mode 100644 index 0000000..e337e4e --- /dev/null +++ b/openssl-1.1.0h/doc/apps/spkac.pod @@ -0,0 +1,148 @@ +=pod + +=head1 NAME + +openssl-spkac, +spkac - SPKAC printing and generating utility + +=head1 SYNOPSIS + +B B +[B<-help>] +[B<-in filename>] +[B<-out filename>] +[B<-key keyfile>] +[B<-passin arg>] +[B<-challenge string>] +[B<-pubkey>] +[B<-spkac spkacname>] +[B<-spksect section>] +[B<-noout>] +[B<-verify>] +[B<-engine id>] + +=head1 DESCRIPTION + +The B command processes Netscape signed public key and challenge +(SPKAC) files. It can print out their contents, verify the signature and +produce its own SPKACs from a supplied private key. + +=head1 OPTIONS + +=over 4 + +=item B<-help> + +Print out a usage message. + +=item B<-in filename> + +This specifies the input filename to read from or standard input if this +option is not specified. Ignored if the B<-key> option is used. + +=item B<-out filename> + +specifies the output filename to write to or standard output by +default. + +=item B<-key keyfile> + +create an SPKAC file using the private key in B. The +B<-in>, B<-noout>, B<-spksect> and B<-verify> options are ignored if +present. + +=item B<-passin password> + +the input file password source. For more information about the format of B +see the B section in L. + +=item B<-challenge string> + +specifies the challenge string if an SPKAC is being created. + +=item B<-spkac spkacname> + +allows an alternative name form the variable containing the +SPKAC. The default is "SPKAC". This option affects both +generated and input SPKAC files. + +=item B<-spksect section> + +allows an alternative name form the section containing the +SPKAC. The default is the default section. + +=item B<-noout> + +don't output the text version of the SPKAC (not used if an +SPKAC is being created). + +=item B<-pubkey> + +output the public key of an SPKAC (not used if an SPKAC is +being created). + +=item B<-verify> + +verifies the digital signature on the supplied SPKAC. + +=item B<-engine id> + +specifying an engine (by its unique B string) will cause B +to attempt to obtain a functional reference to the specified engine, +thus initialising it if needed. The engine will then be set as the default +for all available algorithms. + +=back + +=head1 EXAMPLES + +Print out the contents of an SPKAC: + + openssl spkac -in spkac.cnf + +Verify the signature of an SPKAC: + + openssl spkac -in spkac.cnf -noout -verify + +Create an SPKAC using the challenge string "hello": + + openssl spkac -key key.pem -challenge hello -out spkac.cnf + +Example of an SPKAC, (long lines split up for clarity): + + SPKAC=MIG5MGUwXDANBgkqhkiG9w0BAQEFAANLADBIAkEA1cCoq2Wa3Ixs47uI7F\ + PVwHVIPDx5yso105Y6zpozam135a8R0CpoRvkkigIyXfcCjiVi5oWk+6FfPaD03u\ + PFoQIDAQABFgVoZWxsbzANBgkqhkiG9w0BAQQFAANBAFpQtY/FojdwkJh1bEIYuc\ + 2EeM2KHTWPEepWYeawvHD0gQ3DngSC75YCWnnDdq+NQ3F+X4deMx9AaEglZtULwV\ + 4= + +=head1 NOTES + +A created SPKAC with suitable DN components appended can be fed into +the B utility. + +SPKACs are typically generated by Netscape when a form is submitted +containing the B tag as part of the certificate enrollment +process. + +The challenge string permits a primitive form of proof of possession +of private key. By checking the SPKAC signature and a random challenge +string some guarantee is given that the user knows the private key +corresponding to the public key being certified. This is important in +some applications. Without this it is possible for a previous SPKAC +to be used in a "replay attack". + +=head1 SEE ALSO + +L + +=head1 COPYRIGHT + +Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the OpenSSL license (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L. + +=cut -- cgit v1.2.3