SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG
DONATE


YUM REPOSITORY

 
 

MAN page from Trustix openssl-0.9.7m-1tr.i586.rpm

SPKAC

Section: OpenSSL (1)
Updated: 2003-01-30
Index 

NAME

spkac - SPKAC printing and generating utility 

SYNOPSIS

openssl spkac[-in filename][-out filename][-key keyfile][-passin arg][-challenge string][-pubkey][-spkac spkacname][-spksect section][-noout][-verify][-engine id] 

DESCRIPTION

The spkac command processes Netscape signed public key and challenge(SPKAC) files. It can print out their contents, verify the signature andproduce its own SPKACs from a supplied private key. 

COMMAND OPTIONS

-in filename
This specifies the input filename to read from or standard input if thisoption is not specified. Ignored if the -key option is used.
-out filename
specifies the output filename to write to or standard output bydefault.
-key keyfile
create an SPKAC file using the private key in keyfile. The-in, -noout, -spksect and -verify options are ignored ifpresent.
-passin password
the input file password source. For more information about the format of argsee the PASS PHRASE ARGUMENTS section in openssl(1).
-challenge string
specifies the challenge string if an SPKAC is being created.
-spkac spkacname
allows an alternative name form the variable containing theSPKAC. The default is ``SPKAC''. This option affects bothgenerated and input SPKAC files.
-spksect section
allows an alternative name form the section containing theSPKAC. The default is the default section.
-noout
don't output the text version of the SPKAC (not used if anSPKAC is being created).
-pubkey
output the public key of an SPKAC (not used if an SPKAC isbeing created).
-verify
verifies the digital signature on the supplied SPKAC.
-engine id
specifying an engine (by it's unique id string) will cause reqto attempt to obtain a functional reference to the specified engine,thus initialising it if needed. The engine will then be set as the defaultfor all available algorithms.
 

EXAMPLES

Print out the contents of an SPKAC:

 openssl spkac -in spkac.cnf

Verify the signature of an SPKAC:

 openssl spkac -in spkac.cnf -noout -verify

Create an SPKAC using the challenge string ``hello'':

 openssl spkac -key key.pem -challenge hello -out spkac.cnf

Example of an SPKAC, (long lines split up for clarity):

 SPKAC=MIG5MGUwXDANBgkqhkiG9w0BAQEFAANLADBIAkEA1cCoq2Wa3Ixs47uI7F\ PVwHVIPDx5yso105Y6zpozam135a8R0CpoRvkkigIyXfcCjiVi5oWk+6FfPaD03u\ PFoQIDAQABFgVoZWxsbzANBgkqhkiG9w0BAQQFAANBAFpQtY/FojdwkJh1bEIYuc\ 2EeM2KHTWPEepWYeawvHD0gQ3DngSC75YCWnnDdq+NQ3F+X4deMx9AaEglZtULwV\ 4=
 

NOTES

A created SPKAC with suitable DN components appended can be fed intothe ca utility.

SPKACs are typically generated by Netscape when a form is submittedcontaining the KEYGEN tag as part of the certificate enrollmentprocess.

The challenge string permits a primitive form of proof of possessionof private key. By checking the SPKAC signature and a random challengestring some guarantee is given that the user knows the private keycorresponding to the public key being certified. This is important insome applications. Without this it is possible for a previous SPKACto be used in a ``replay attack''. 

SEE ALSO

ca(1)


 

Index

NAME
SYNOPSIS
DESCRIPTION
COMMAND OPTIONS
EXAMPLES
NOTES
SEE ALSO

This document was created byman2html,using the manual pages.