245 lines
9.5 KiB
HTML
Raw Permalink Normal View History

2020-03-02 16:50:34 +00:00
<?xml version="1.0" ?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>tsget</title>
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
<link rev="made" href="mailto:root@localhost" />
</head>
<body style="background-color: white">
<!-- INDEX BEGIN -->
<div name="index">
<p><a name="__index__"></a></p>
<ul>
<li><a href="#name">NAME</a></li>
<li><a href="#synopsis">SYNOPSIS</a></li>
<li><a href="#description">DESCRIPTION</a></li>
<li><a href="#options">OPTIONS</a></li>
<li><a href="#environment_variables">ENVIRONMENT VARIABLES</a></li>
<li><a href="#examples">EXAMPLES</a></li>
<li><a href="#see_also">SEE ALSO</a></li>
<li><a href="#copyright">COPYRIGHT</a></li>
</ul>
<hr name="index" />
</div>
<!-- INDEX END -->
<p>
</p>
<hr />
<h1><a name="name">NAME</a></h1>
2020-03-02 17:19:21 +00:00
<p>openssl-tsget,
tsget - Time Stamping HTTP/HTTPS client</p>
2020-03-02 16:50:34 +00:00
<p>
</p>
<hr />
<h1><a name="synopsis">SYNOPSIS</a></h1>
<p><strong>tsget</strong>
2020-03-02 17:19:21 +00:00
<strong>-h</strong> server_url
[<strong>-e</strong> extension]
[<strong>-o</strong> output]
2020-03-02 16:50:34 +00:00
[<strong>-v</strong>]
[<strong>-d</strong>]
2020-03-02 17:19:21 +00:00
[<strong>-k</strong> private_key.pem]
[<strong>-p</strong> key_password]
[<strong>-c</strong> client_cert.pem]
[<strong>-C</strong> CA_certs.pem]
[<strong>-P</strong> CA_path]
[<strong>-r</strong> file:file...]
[<strong>-g</strong> EGD_socket]
[request]...</p>
2020-03-02 16:50:34 +00:00
<p>
</p>
<hr />
<h1><a name="description">DESCRIPTION</a></h1>
2020-03-02 17:19:21 +00:00
<p>The <strong>tsget</strong> command can be used for sending a time stamp request, as
specified in <strong>RFC 3161</strong>, to a time stamp server over HTTP or HTTPS and storing
the time stamp response in a file. This tool cannot be used for creating the
requests and verifying responses, you can use the OpenSSL <strong>ts(1)</strong> command to
do that. <strong>tsget</strong> can send several requests to the server without closing
the TCP connection if more than one requests are specified on the command
line.</p>
<p>The tool sends the following HTTP request for each time stamp request:</p>
2020-03-02 16:50:34 +00:00
<pre>
POST url HTTP/1.1
User-Agent: OpenTSA tsget.pl/&lt;version&gt;
Host: &lt;host&gt;:&lt;port&gt;
Pragma: no-cache
Content-Type: application/timestamp-query
Accept: application/timestamp-reply
Content-Length: length of body</pre>
<pre>
...binary request specified by the user...</pre>
2020-03-02 17:19:21 +00:00
<p><strong>tsget</strong> expects a response of type application/timestamp-reply, which is
2020-03-02 16:50:34 +00:00
written to a file without any interpretation.</p>
<p>
</p>
<hr />
<h1><a name="options">OPTIONS</a></h1>
<dl>
2020-03-02 17:19:21 +00:00
<dt><strong><a name="h_server_url" class="item"><strong>-h</strong> server_url</a></strong></dt>
2020-03-02 16:50:34 +00:00
<dd>
2020-03-02 17:19:21 +00:00
<p>The URL of the HTTP/HTTPS server listening for time stamp requests.</p>
2020-03-02 16:50:34 +00:00
</dd>
2020-03-02 17:19:21 +00:00
<dt><strong><a name="e_extension" class="item"><strong>-e</strong> extension</a></strong></dt>
2020-03-02 16:50:34 +00:00
<dd>
<p>If the <strong>-o</strong> option is not given this argument specifies the extension of the
output files. The base name of the output file will be the same as those of
2020-03-02 17:19:21 +00:00
the input files. Default extension is '.tsr'. (Optional)</p>
2020-03-02 16:50:34 +00:00
</dd>
2020-03-02 17:19:21 +00:00
<dt><strong><a name="o_output" class="item"><strong>-o</strong> output</a></strong></dt>
2020-03-02 16:50:34 +00:00
<dd>
<p>This option can be specified only when just one request is sent to the
2020-03-02 17:19:21 +00:00
server. The time stamp response will be written to the given output file. '-'
means standard output. In case of multiple time stamp requests or the absence
2020-03-02 16:50:34 +00:00
of this argument the names of the output files will be derived from the names
of the input files and the default or specified extension argument. (Optional)</p>
</dd>
<dt><strong><a name="v" class="item"><strong>-v</strong></a></strong></dt>
<dd>
<p>The name of the currently processed request is printed on standard
error. (Optional)</p>
</dd>
<dt><strong><a name="d" class="item"><strong>-d</strong></a></strong></dt>
<dd>
2020-03-02 17:19:21 +00:00
<p>Switches on verbose mode for the underlying <strong>curl</strong> library. You can see
detailed debug messages for the connection. (Optional)</p>
2020-03-02 16:50:34 +00:00
</dd>
2020-03-02 17:19:21 +00:00
<dt><strong><a name="k_private_key_pem" class="item"><strong>-k</strong> private_key.pem</a></strong></dt>
2020-03-02 16:50:34 +00:00
<dd>
<p>(HTTPS) In case of certificate-based client authentication over HTTPS
2020-03-02 17:19:21 +00:00
&lt;private_key.pem&gt; must contain the private key of the user. The private key
2020-03-02 16:50:34 +00:00
file can optionally be protected by a passphrase. The <strong>-c</strong> option must also
be specified. (Optional)</p>
</dd>
2020-03-02 17:19:21 +00:00
<dt><strong><a name="p_key_password" class="item"><strong>-p</strong> key_password</a></strong></dt>
2020-03-02 16:50:34 +00:00
<dd>
<p>(HTTPS) Specifies the passphrase for the private key specified by the <strong>-k</strong>
2020-03-02 17:19:21 +00:00
argument. If this option is omitted and the key is passphrase protected <strong>tsget</strong>
will ask for it. (Optional)</p>
2020-03-02 16:50:34 +00:00
</dd>
2020-03-02 17:19:21 +00:00
<dt><strong><a name="c_client_cert_pem" class="item"><strong>-c</strong> client_cert.pem</a></strong></dt>
2020-03-02 16:50:34 +00:00
<dd>
<p>(HTTPS) In case of certificate-based client authentication over HTTPS
2020-03-02 17:19:21 +00:00
&lt;client_cert.pem&gt; must contain the X.509 certificate of the user. The <strong>-k</strong>
2020-03-02 16:50:34 +00:00
option must also be specified. If this option is not specified no
certificate-based client authentication will take place. (Optional)</p>
</dd>
2020-03-02 17:19:21 +00:00
<dt><strong><a name="c_ca_certs_pem" class="item"><strong>-C</strong> CA_certs.pem</a></strong></dt>
2020-03-02 16:50:34 +00:00
<dd>
<p>(HTTPS) The trusted CA certificate store. The certificate chain of the peer's
certificate must include one of the CA certificates specified in this file.
Either option <strong>-C</strong> or option <strong>-P</strong> must be given in case of HTTPS. (Optional)</p>
</dd>
2020-03-02 17:19:21 +00:00
<dt><strong><a name="p_ca_path" class="item"><strong>-P</strong> CA_path</a></strong></dt>
2020-03-02 16:50:34 +00:00
<dd>
<p>(HTTPS) The path containing the trusted CA certificates to verify the peer's
2020-03-02 17:19:21 +00:00
certificate. The directory must be prepared with the <strong>c_rehash</strong>
OpenSSL utility. Either option <strong>-C</strong> or option <strong>-P</strong> must be given in case of
HTTPS. (Optional)</p>
2020-03-02 16:50:34 +00:00
</dd>
2020-03-02 17:19:21 +00:00
<dt><strong><a name="rand_file_file" class="item"><strong>-rand</strong> file:file...</a></strong></dt>
2020-03-02 16:50:34 +00:00
<dd>
2020-03-02 17:19:21 +00:00
<p>The files containing random data for seeding the random number
generator. Multiple files can be specified, the separator is <strong>;</strong> for
MS-Windows, <strong>,</strong> for VMS and <strong>:</strong> for all other platforms. (Optional)</p>
2020-03-02 16:50:34 +00:00
</dd>
2020-03-02 17:19:21 +00:00
<dt><strong><a name="g_egd_socket" class="item"><strong>-g</strong> EGD_socket</a></strong></dt>
2020-03-02 16:50:34 +00:00
<dd>
<p>The name of an EGD socket to get random data from. (Optional)</p>
</dd>
2020-03-02 17:19:21 +00:00
<dt><strong><a name="request" class="item">[request]...</a></strong></dt>
2020-03-02 16:50:34 +00:00
<dd>
2020-03-02 17:19:21 +00:00
<p>List of files containing <strong>RFC 3161</strong> DER-encoded time stamp requests. If no
requests are specified only one request will be sent to the server and it will be
read from the standard input. (Optional)</p>
2020-03-02 16:50:34 +00:00
</dd>
</dl>
<p>
</p>
<hr />
<h1><a name="environment_variables">ENVIRONMENT VARIABLES</a></h1>
<p>The <strong>TSGET</strong> environment variable can optionally contain default
arguments. The content of this variable is added to the list of command line
arguments.</p>
<p>
</p>
<hr />
<h1><a name="examples">EXAMPLES</a></h1>
2020-03-02 17:19:21 +00:00
<p>The examples below presume that <strong>file1.tsq</strong> and <strong>file2.tsq</strong> contain valid
time stamp requests, tsa.opentsa.org listens at port 8080 for HTTP requests
2020-03-02 16:50:34 +00:00
and at port 8443 for HTTPS requests, the TSA service is available at the /tsa
absolute path.</p>
2020-03-02 17:19:21 +00:00
<p>Get a time stamp response for file1.tsq over HTTP, output is written to
file1.tsr:</p>
2020-03-02 16:50:34 +00:00
<pre>
tsget -h <a href="http://tsa.opentsa.org:8080/tsa">http://tsa.opentsa.org:8080/tsa</a> file1.tsq</pre>
2020-03-02 17:19:21 +00:00
<p>Get a time stamp response for file1.tsq and file2.tsq over HTTP showing
progress, output is written to file1.reply and file2.reply respectively:</p>
2020-03-02 16:50:34 +00:00
<pre>
tsget -h <a href="http://tsa.opentsa.org:8080/tsa">http://tsa.opentsa.org:8080/tsa</a> -v -e .reply \
file1.tsq file2.tsq</pre>
2020-03-02 17:19:21 +00:00
<p>Create a time stamp request, write it to file3.tsq, send it to the server and
write the response to file3.tsr:</p>
2020-03-02 16:50:34 +00:00
<pre>
openssl ts -query -data file3.txt -cert | tee file3.tsq \
| tsget -h <a href="http://tsa.opentsa.org:8080/tsa">http://tsa.opentsa.org:8080/tsa</a> \
-o file3.tsr</pre>
2020-03-02 17:19:21 +00:00
<p>Get a time stamp response for file1.tsq over HTTPS without client
2020-03-02 16:50:34 +00:00
authentication:</p>
<pre>
tsget -h https://tsa.opentsa.org:8443/tsa \
-C cacerts.pem file1.tsq</pre>
2020-03-02 17:19:21 +00:00
<p>Get a time stamp response for file1.tsq over HTTPS with certificate-based
client authentication (it will ask for the passphrase if client_key.pem is
2020-03-02 16:50:34 +00:00
protected):</p>
<pre>
tsget -h https://tsa.opentsa.org:8443/tsa -C cacerts.pem \
-k client_key.pem -c client_cert.pem file1.tsq</pre>
<p>You can shorten the previous command line if you make use of the <strong>TSGET</strong>
environment variable. The following commands do the same as the previous
example:</p>
<pre>
TSGET='-h https://tsa.opentsa.org:8443/tsa -C cacerts.pem \
-k client_key.pem -c client_cert.pem'
export TSGET
tsget file1.tsq</pre>
<p>
</p>
<hr />
<h1><a name="see_also">SEE ALSO</a></h1>
2020-03-02 17:19:21 +00:00
<p><em>openssl(1)</em>, <em>ts(1)</em>, <em>curl(1)</em>,
<strong>RFC 3161</strong></p>
2020-03-02 16:50:34 +00:00
<p>
</p>
<hr />
<h1><a name="copyright">COPYRIGHT</a></h1>
2020-03-02 17:19:21 +00:00
<p>Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.</p>
<p>Licensed under the OpenSSL license (the &quot;License&quot;). You may not use
2020-03-02 16:50:34 +00:00
this file except in compliance with the License. You can obtain a copy
in the file LICENSE in the source distribution or at
<a href="https://www.openssl.org/source/license.html">https://www.openssl.org/source/license.html</a>.</p>
</body>
</html>