diff options
Diffstat (limited to 'crypto/openssl/doc/apps/spkac.pod')
| -rw-r--r-- | crypto/openssl/doc/apps/spkac.pod | 127 |
1 files changed, 0 insertions, 127 deletions
diff --git a/crypto/openssl/doc/apps/spkac.pod b/crypto/openssl/doc/apps/spkac.pod deleted file mode 100644 index bb84dfbe3352..000000000000 --- a/crypto/openssl/doc/apps/spkac.pod +++ /dev/null @@ -1,127 +0,0 @@ -=pod - -=head1 NAME - -spkac - SPKAC printing and generating utility - -=head1 SYNOPSIS - -B<openssl> B<spkac> -[B<-in filename>] -[B<-out filename>] -[B<-key keyfile>] -[B<-passin arg>] -[B<-challenge string>] -[B<-pubkey>] -[B<-spkac spkacname>] -[B<-spksect section>] -[B<-noout>] -[B<-verify>] - - -=head1 DESCRIPTION - -The B<spkac> command processes Netscape signed public key and challenge -(SPKAC) files. It can print out their contents, verify the signature and -produce its own SPKACs from a supplied private key. - -=head1 COMMAND OPTIONS - -=over 4 - -=item B<-in filename> - -This specifies the input filename to read from or standard input if this -option is not specified. Ignored if the B<-key> option is used. - -=item B<-out filename> - -specifies the output filename to write to or standard output by -default. - -=item B<-key keyfile> - -create an SPKAC file using the private key in B<keyfile>. The -B<-in>, B<-noout>, B<-spksect> and B<-verify> options are ignored if -present. - -=item B<-passin password> - -the input file password source. For more information about the format of B<arg> -see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)|openssl(1)>. - -=item B<-challenge string> - -specifies the challenge string if an SPKAC is being created. - -=item B<-spkac spkacname> - -allows an alternative name form the variable containing the -SPKAC. The default is "SPKAC". This option affects both -generated and input SPKAC files. - -=item B<-spksect section> - -allows an alternative name form the section containing the -SPKAC. The default is the default section. - -=item B<-noout> - -don't output the text version of the SPKAC (not used if an -SPKAC is being created). - -=item B<-pubkey> - -output the public key of an SPKAC (not used if an SPKAC is -being created). - -=item B<-verify> - -verifies the digital signature on the supplied SPKAC. - - -=back - -=head1 EXAMPLES - -Print out the contents of an SPKAC: - - openssl spkac -in spkac.cnf - -Verify the signature of an SPKAC: - - openssl spkac -in spkac.cnf -noout -verify - -Create an SPKAC using the challenge string "hello": - - openssl spkac -key key.pem -challenge hello -out spkac.cnf - -Example of an SPKAC, (long lines split up for clarity): - - SPKAC=MIG5MGUwXDANBgkqhkiG9w0BAQEFAANLADBIAkEA1cCoq2Wa3Ixs47uI7F\ - PVwHVIPDx5yso105Y6zpozam135a8R0CpoRvkkigIyXfcCjiVi5oWk+6FfPaD03u\ - PFoQIDAQABFgVoZWxsbzANBgkqhkiG9w0BAQQFAANBAFpQtY/FojdwkJh1bEIYuc\ - 2EeM2KHTWPEepWYeawvHD0gQ3DngSC75YCWnnDdq+NQ3F+X4deMx9AaEglZtULwV\ - 4= - -=head1 NOTES - -A created SPKAC with suitable DN components appended can be fed into -the B<ca> utility. - -SPKACs are typically generated by Netscape when a form is submitted -containing the B<KEYGEN> tag as part of the certificate enrollment -process. - -The challenge string permits a primitive form of proof of possession -of private key. By checking the SPKAC signature and a random challenge -string some guarantee is given that the user knows the private key -corresponding to the public key being certified. This is important in -some applications. Without this it is possible for a previous SPKAC -to be used in a "replay attack". - -=head1 SEE ALSO - -L<ca(1)|ca(1)> - -=cut |