SPKAC(1) OpenSSL SPKAC(1)
NAME
spkac - SPKAC printing and generating utility
LIBRARY
libcrypto, -lcrypto
SYNOPSIS
openssl spkac [-in filename] [-out filename] [-key key- file] [-passin arg] [-challenge string] [-pubkey] [-spkac spkacname] [-spksect section] [-noout] [-verify]
DESCRIPTION
The spkac command processes Netscape signed public key and challenge (SPKAC) files. It can print out their contents, verify the signature and produce its own SPKACs from a supplied private key.
COMMAND OPTIONS
-in filename This specifies the input filename to read from or standard input if this option is not specified. Ignored if the -key option is used. -out filename specifies the output filename to write to or standard output by default. -key keyfile create an SPKAC file using the private key in keyfile. The -in, -noout, -spksect and -verify options are ignored if present. -passin password the input file password source. For more information about the format of arg see the PASS PHRASE ARGUMENTS section in openssl(1). -challenge string specifies the challenge string if an SPKAC is being created. -spkac spkacname allows an alternative name form the variable contain- ing the SPKAC. The default is "SPKAC". This option affects both generated and input SPKAC files. -spksect section allows an alternative name form the section containing the SPKAC. The default is the default section. -noout don't output the text version of the SPKAC (not used if an SPKAC is being created). 2000-07-22 0.9.6g 1 SPKAC(1) OpenSSL SPKAC(1) -pubkey output the public key of an SPKAC (not used if an SPKAC is being created). -verify verifies the digital signature on the supplied SPKAC.
EXAMPLES
Print out the contents of an SPKAC: openssl spkac -in spkac.cnf Verify the signature of an SPKAC: openssl spkac -in spkac.cnf -noout -verify Create an SPKAC using the challenge string "hello": openssl spkac -key key.pem -challenge hello -out spkac.cnf Example of an SPKAC, (long lines split up for clarity): SPKAC=MIG5MGUwXDANBgkqhkiG9w0BAQEFAANLADBIAkEA1cCoq2Wa3Ixs47uI7F\ PVwHVIPDx5yso105Y6zpozam135a8R0CpoRvkkigIyXfcCjiVi5oWk+6FfPaD03u\ PFoQIDAQABFgVoZWxsbzANBgkqhkiG9w0BAQQFAANBAFpQtY/FojdwkJh1bEIYuc\ 2EeM2KHTWPEepWYeawvHD0gQ3DngSC75YCWnnDdq+NQ3F+X4deMx9AaEglZtULwV\ 4=
NOTES
A created SPKAC with suitable DN components appended can be fed into the ca utility. SPKACs are typically generated by Netscape when a form is submitted containing the KEYGEN tag as part of the cer- tificate enrollment process. The challenge string permits a primitive form of proof of possession of private key. By checking the SPKAC signature and a random challenge string some guarantee is given that the user knows the private key corresponding to the public key being certified. This is important in some applica- tions. Without this it is possible for a previous SPKAC to be used in a "replay attack".
SEE ALSO
openssl_ca(1) 2000-07-22 0.9.6g 2
Powered by man-cgi (2024-08-26). Maintained for NetBSD by Kimmo Suominen. Based on man-cgi by Panagiotis Christias.