203 lines
6.7 KiB
HTML
203 lines
6.7 KiB
HTML
|
<?xml version="1.0" ?>
|
||
|
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
|
||
|
<html xmlns="http://www.w3.org/1999/xhtml">
|
||
|
<head>
|
||
|
<title>spkac</title>
|
||
|
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
|
||
|
<link rev="made" href="mailto:root@localhost" />
|
||
|
</head>
|
||
|
|
||
|
<body style="background-color: white">
|
||
|
|
||
|
|
||
|
<!-- INDEX BEGIN -->
|
||
|
<div name="index">
|
||
|
<p><a name="__index__"></a></p>
|
||
|
|
||
|
<ul>
|
||
|
|
||
|
<li><a href="#name">NAME</a></li>
|
||
|
<li><a href="#synopsis">SYNOPSIS</a></li>
|
||
|
<li><a href="#description">DESCRIPTION</a></li>
|
||
|
<li><a href="#options">OPTIONS</a></li>
|
||
|
<li><a href="#examples">EXAMPLES</a></li>
|
||
|
<li><a href="#notes">NOTES</a></li>
|
||
|
<li><a href="#see_also">SEE ALSO</a></li>
|
||
|
<li><a href="#copyright">COPYRIGHT</a></li>
|
||
|
</ul>
|
||
|
|
||
|
<hr name="index" />
|
||
|
</div>
|
||
|
<!-- INDEX END -->
|
||
|
|
||
|
<p>
|
||
|
</p>
|
||
|
<hr />
|
||
|
<h1><a name="name">NAME</a></h1>
|
||
|
<p>openssl-spkac,
|
||
|
spkac - SPKAC printing and generating utility</p>
|
||
|
<p>
|
||
|
</p>
|
||
|
<hr />
|
||
|
<h1><a name="synopsis">SYNOPSIS</a></h1>
|
||
|
<p><strong>openssl</strong> <strong>spkac</strong>
|
||
|
[<strong>-help</strong>]
|
||
|
[<strong>-in filename</strong>]
|
||
|
[<strong>-out filename</strong>]
|
||
|
[<strong>-key keyfile</strong>]
|
||
|
[<strong>-keyform PEM|DER|ENGINE</strong>]
|
||
|
[<strong>-passin arg</strong>]
|
||
|
[<strong>-challenge string</strong>]
|
||
|
[<strong>-pubkey</strong>]
|
||
|
[<strong>-spkac spkacname</strong>]
|
||
|
[<strong>-spksect section</strong>]
|
||
|
[<strong>-noout</strong>]
|
||
|
[<strong>-verify</strong>]
|
||
|
[<strong>-engine id</strong>]</p>
|
||
|
<p>
|
||
|
</p>
|
||
|
<hr />
|
||
|
<h1><a name="description">DESCRIPTION</a></h1>
|
||
|
<p>The <strong>spkac</strong> command processes Netscape signed public key and challenge
|
||
|
(SPKAC) files. It can print out their contents, verify the signature and
|
||
|
produce its own SPKACs from a supplied private key.</p>
|
||
|
<p>
|
||
|
</p>
|
||
|
<hr />
|
||
|
<h1><a name="options">OPTIONS</a></h1>
|
||
|
<dl>
|
||
|
<dt><strong><a name="help" class="item"><strong>-help</strong></a></strong></dt>
|
||
|
|
||
|
<dd>
|
||
|
<p>Print out a usage message.</p>
|
||
|
</dd>
|
||
|
<dt><strong><a name="in_filename" class="item"><strong>-in filename</strong></a></strong></dt>
|
||
|
|
||
|
<dd>
|
||
|
<p>This specifies the input filename to read from or standard input if this
|
||
|
option is not specified. Ignored if the <strong>-key</strong> option is used.</p>
|
||
|
</dd>
|
||
|
<dt><strong><a name="out_filename" class="item"><strong>-out filename</strong></a></strong></dt>
|
||
|
|
||
|
<dd>
|
||
|
<p>Specifies the output filename to write to or standard output by
|
||
|
default.</p>
|
||
|
</dd>
|
||
|
<dt><strong><a name="key_keyfile" class="item"><strong>-key keyfile</strong></a></strong></dt>
|
||
|
|
||
|
<dd>
|
||
|
<p>Create an SPKAC file using the private key in <strong>keyfile</strong>. The
|
||
|
<strong>-in</strong>, <strong>-noout</strong>, <strong>-spksect</strong> and <strong>-verify</strong> options are ignored if
|
||
|
present.</p>
|
||
|
</dd>
|
||
|
<dt><strong><a name="keyform_pem_der_engine" class="item"><strong>-keyform PEM|DER|ENGINE</strong></a></strong></dt>
|
||
|
|
||
|
<dd>
|
||
|
<p>Whether the key format is PEM, DER, or an engine-backed key.
|
||
|
The default is PEM.</p>
|
||
|
</dd>
|
||
|
<dt><strong><a name="passin_password" class="item"><strong>-passin password</strong></a></strong></dt>
|
||
|
|
||
|
<dd>
|
||
|
<p>The input file password source. For more information about the format of <strong>arg</strong>
|
||
|
see the <strong>PASS PHRASE ARGUMENTS</strong> section in <em>openssl(1)</em>.</p>
|
||
|
</dd>
|
||
|
<dt><strong><a name="challenge_string" class="item"><strong>-challenge string</strong></a></strong></dt>
|
||
|
|
||
|
<dd>
|
||
|
<p>Specifies the challenge string if an SPKAC is being created.</p>
|
||
|
</dd>
|
||
|
<dt><strong><a name="spkac_spkacname" class="item"><strong>-spkac spkacname</strong></a></strong></dt>
|
||
|
|
||
|
<dd>
|
||
|
<p>Allows an alternative name form the variable containing the
|
||
|
SPKAC. The default is "SPKAC". This option affects both
|
||
|
generated and input SPKAC files.</p>
|
||
|
</dd>
|
||
|
<dt><strong><a name="spksect_section" class="item"><strong>-spksect section</strong></a></strong></dt>
|
||
|
|
||
|
<dd>
|
||
|
<p>Allows an alternative name form the section containing the
|
||
|
SPKAC. The default is the default section.</p>
|
||
|
</dd>
|
||
|
<dt><strong><a name="noout" class="item"><strong>-noout</strong></a></strong></dt>
|
||
|
|
||
|
<dd>
|
||
|
<p>Don't output the text version of the SPKAC (not used if an
|
||
|
SPKAC is being created).</p>
|
||
|
</dd>
|
||
|
<dt><strong><a name="pubkey" class="item"><strong>-pubkey</strong></a></strong></dt>
|
||
|
|
||
|
<dd>
|
||
|
<p>Output the public key of an SPKAC (not used if an SPKAC is
|
||
|
being created).</p>
|
||
|
</dd>
|
||
|
<dt><strong><a name="verify" class="item"><strong>-verify</strong></a></strong></dt>
|
||
|
|
||
|
<dd>
|
||
|
<p>Verifies the digital signature on the supplied SPKAC.</p>
|
||
|
</dd>
|
||
|
<dt><strong><a name="engine_id" class="item"><strong>-engine id</strong></a></strong></dt>
|
||
|
|
||
|
<dd>
|
||
|
<p>Specifying an engine (by its unique <strong>id</strong> string) will cause <strong>spkac</strong>
|
||
|
to attempt to obtain a functional reference to the specified engine,
|
||
|
thus initialising it if needed. The engine will then be set as the default
|
||
|
for all available algorithms.</p>
|
||
|
</dd>
|
||
|
</dl>
|
||
|
<p>
|
||
|
</p>
|
||
|
<hr />
|
||
|
<h1><a name="examples">EXAMPLES</a></h1>
|
||
|
<p>Print out the contents of an SPKAC:</p>
|
||
|
<pre>
|
||
|
openssl spkac -in spkac.cnf</pre>
|
||
|
<p>Verify the signature of an SPKAC:</p>
|
||
|
<pre>
|
||
|
openssl spkac -in spkac.cnf -noout -verify</pre>
|
||
|
<p>Create an SPKAC using the challenge string "hello":</p>
|
||
|
<pre>
|
||
|
openssl spkac -key key.pem -challenge hello -out spkac.cnf</pre>
|
||
|
<p>Example of an SPKAC, (long lines split up for clarity):</p>
|
||
|
<pre>
|
||
|
SPKAC=MIG5MGUwXDANBgkqhkiG9w0BAQEFAANLADBIAkEA\
|
||
|
1cCoq2Wa3Ixs47uI7FPVwHVIPDx5yso105Y6zpozam135a\
|
||
|
8R0CpoRvkkigIyXfcCjiVi5oWk+6FfPaD03uPFoQIDAQAB\
|
||
|
FgVoZWxsbzANBgkqhkiG9w0BAQQFAANBAFpQtY/FojdwkJ\
|
||
|
h1bEIYuc2EeM2KHTWPEepWYeawvHD0gQ3DngSC75YCWnnD\
|
||
|
dq+NQ3F+X4deMx9AaEglZtULwV4=</pre>
|
||
|
<p>
|
||
|
</p>
|
||
|
<hr />
|
||
|
<h1><a name="notes">NOTES</a></h1>
|
||
|
<p>A created SPKAC with suitable DN components appended can be fed into
|
||
|
the <strong>ca</strong> utility.</p>
|
||
|
<p>SPKACs are typically generated by Netscape when a form is submitted
|
||
|
containing the <strong>KEYGEN</strong> tag as part of the certificate enrollment
|
||
|
process.</p>
|
||
|
<p>The challenge string permits a primitive form of proof of possession
|
||
|
of private key. By checking the SPKAC signature and a random challenge
|
||
|
string some guarantee is given that the user knows the private key
|
||
|
corresponding to the public key being certified. This is important in
|
||
|
some applications. Without this it is possible for a previous SPKAC
|
||
|
to be used in a "replay attack".</p>
|
||
|
<p>
|
||
|
</p>
|
||
|
<hr />
|
||
|
<h1><a name="see_also">SEE ALSO</a></h1>
|
||
|
<p><em>ca(1)</em></p>
|
||
|
<p>
|
||
|
</p>
|
||
|
<hr />
|
||
|
<h1><a name="copyright">COPYRIGHT</a></h1>
|
||
|
<p>Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.</p>
|
||
|
<p>Licensed under the OpenSSL license (the "License"). You may not use
|
||
|
this file except in compliance with the License. You can obtain a copy
|
||
|
in the file LICENSE in the source distribution or at
|
||
|
<a href="https://www.openssl.org/source/license.html">https://www.openssl.org/source/license.html</a>.</p>
|
||
|
|
||
|
</body>
|
||
|
|
||
|
</html>
|