diff options
| author | simon <simon@FreeBSD.org> | 2010-11-22 18:29:00 +0000 |
|---|---|---|
| committer | simon <simon@FreeBSD.org> | 2010-11-22 18:29:00 +0000 |
| commit | baef74520563dff454420fc45cbb65b465668325 (patch) | |
| tree | 88ab13e2ea03aedb200603bab91fb927acad16c0 /secure/usr.bin | |
| parent | 7a23485c98b888d229c5e0762dbcfcec293fcef6 (diff) | |
| download | FreeBSD-src-baef74520563dff454420fc45cbb65b465668325.zip FreeBSD-src-baef74520563dff454420fc45cbb65b465668325.tar.gz | |
Regenerate manual pages for OpenSSL 0.9.8p.
Diffstat (limited to 'secure/usr.bin')
38 files changed, 1298 insertions, 1474 deletions
diff --git a/secure/usr.bin/openssl/man/CA.pl.1 b/secure/usr.bin/openssl/man/CA.pl.1 index eb38939..f9b2e48 100644 --- a/secure/usr.bin/openssl/man/CA.pl.1 +++ b/secure/usr.bin/openssl/man/CA.pl.1 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.37 +.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -25,11 +17,11 @@ .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to -.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C' -.\" expand to `' in nroff, nothing in troff, for use with C<>. -.tr \(*W-|\(bv\*(Tr +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- @@ -48,22 +40,25 @@ . ds R" '' 'br\} .\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.if \nF \{\ +.ie \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . nr % 0 . rr F .\} -.\" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.hy 0 -.if n .na +.el \{\ +. de IX +.. +.\} .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +124,11 @@ .\" ======================================================================== .\" .IX Title "CA.PL 1" -.TH CA.PL 1 "2010-03-24" "0.9.8n" "OpenSSL" +.TH CA.PL 1 "2010-11-16" "0.9.8p" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh .SH "NAME" CA.pl \- friendlier interface for OpenSSL certificate programs .SH "SYNOPSIS" @@ -205,7 +204,7 @@ to be present in the file \*(L"newreq.pem\*(R". .IP "\fB\-verify\fR" 4 .IX Item "-verify" verifies certificates against the \s-1CA\s0 certificate for \*(L"demoCA\*(R". If no certificates -are specified on the command line it tries to verify the file \*(L"newcert.pem\*(R". +are specified on the command line it tries to verify the file \*(L"newcert.pem\*(R". .IP "\fBfiles\fR" 4 .IX Item "files" one or more optional certificate file names for use with the \fB\-verify\fR command. @@ -214,17 +213,17 @@ one or more optional certificate file names for use with the \fB\-verify\fR comm Create a \s-1CA\s0 hierarchy: .PP .Vb 1 -\& CA.pl -newca +\& CA.pl \-newca .Ve .PP Complete certificate creation example: create a \s-1CA\s0, create a request, sign the request and finally create a PKCS#12 file containing it. .PP .Vb 4 -\& CA.pl -newca -\& CA.pl -newreq -\& CA.pl -signreq -\& CA.pl -pkcs12 "My Test Certificate" +\& CA.pl \-newca +\& CA.pl \-newreq +\& CA.pl \-signreq +\& CA.pl \-pkcs12 "My Test Certificate" .Ve .SH "DSA CERTIFICATES" .IX Header "DSA CERTIFICATES" @@ -235,19 +234,19 @@ directly. The following example shows the steps that would typically be taken. Create some \s-1DSA\s0 parameters: .PP .Vb 1 -\& openssl dsaparam -out dsap.pem 1024 +\& openssl dsaparam \-out dsap.pem 1024 .Ve .PP Create a \s-1DSA\s0 \s-1CA\s0 certificate and private key: .PP .Vb 1 -\& openssl req -x509 -newkey dsa:dsap.pem -keyout cacert.pem -out cacert.pem +\& openssl req \-x509 \-newkey dsa:dsap.pem \-keyout cacert.pem \-out cacert.pem .Ve .PP Create the \s-1CA\s0 directories and files: .PP .Vb 1 -\& CA.pl -newca +\& CA.pl \-newca .Ve .PP enter cacert.pem when prompted for the \s-1CA\s0 file name. @@ -256,13 +255,13 @@ Create a \s-1DSA\s0 certificate request and private key (a different set of para can optionally be created first): .PP .Vb 1 -\& openssl req -out newreq.pem -newkey dsa:dsap.pem +\& openssl req \-out newreq.pem \-newkey dsa:dsap.pem .Ve .PP Sign the request: .PP .Vb 1 -\& CA.pl -signreq +\& CA.pl \-signreq .Ve .SH "NOTES" .IX Header "NOTES" @@ -278,7 +277,7 @@ directly (for example Win32) and the default configuration file location may be wrong. In this case the command: .PP .Vb 1 -\& perl -S CA.pl +\& perl \-S CA.pl .Ve .PP can be used and the \fB\s-1OPENSSL_CONF\s0\fR environment variable changed to point to diff --git a/secure/usr.bin/openssl/man/asn1parse.1 b/secure/usr.bin/openssl/man/asn1parse.1 index 7ca585d..78f59c5 100644 --- a/secure/usr.bin/openssl/man/asn1parse.1 +++ b/secure/usr.bin/openssl/man/asn1parse.1 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.37 +.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -25,11 +17,11 @@ .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to -.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C' -.\" expand to `' in nroff, nothing in troff, for use with C<>. -.tr \(*W-|\(bv\*(Tr +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- @@ -48,22 +40,25 @@ . ds R" '' 'br\} .\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.if \nF \{\ +.ie \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . nr % 0 . rr F .\} -.\" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.hy 0 -.if n .na +.el \{\ +. de IX +.. +.\} .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +124,11 @@ .\" ======================================================================== .\" .IX Title "ASN1PARSE 1" -.TH ASN1PARSE 1 "2010-03-24" "0.9.8n" "OpenSSL" +.TH ASN1PARSE 1 "2010-11-16" "0.9.8p" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh .SH "NAME" asn1parse \- ASN.1 parsing tool .SH "SYNOPSIS" @@ -191,8 +190,8 @@ generate encoded data based on \fBstring\fR, \fBfile\fR or both using is obtained from the default section using the name \fBasn1\fR. The encoded data is passed through the \s-1ASN1\s0 parser and printed out as though it came from a file, the contents can thus be examined and written to a file -using the \fBout\fR option. -.Sh "\s-1OUTPUT\s0" +using the \fBout\fR option. +.SS "\s-1OUTPUT\s0" .IX Subsection "OUTPUT" The output will typically contain lines like this: .PP @@ -225,7 +224,7 @@ the contents octets. .PP The \fB\-i\fR option can be used to make the output more readable. .PP -Some knowledge of the \s-1ASN\s0.1 structure is needed to interpret the output. +Some knowledge of the \s-1ASN\s0.1 structure is needed to interpret the output. .PP In this example the \s-1BIT\s0 \s-1STRING\s0 at offset 229 is the certificate public key. The contents octets of this will contain the public key information. This can @@ -252,44 +251,40 @@ by white space. The final column is the rest of the line and is the Parse a file: .PP .Vb 1 -\& openssl asn1parse -in file.pem +\& openssl asn1parse \-in file.pem .Ve .PP Parse a \s-1DER\s0 file: .PP .Vb 1 -\& openssl asn1parse -inform DER -in file.der +\& openssl asn1parse \-inform DER \-in file.der .Ve .PP Generate a simple UTF8String: .PP .Vb 1 -\& openssl asn1parse -genstr 'UTF8:Hello World' +\& openssl asn1parse \-genstr \*(AqUTF8:Hello World\*(Aq .Ve .PP Generate and write out a UTF8String, don't print parsed output: .PP .Vb 1 -\& openssl asn1parse -genstr 'UTF8:Hello World' -noout -out utf8.der +\& openssl asn1parse \-genstr \*(AqUTF8:Hello World\*(Aq \-noout \-out utf8.der .Ve .PP Generate using a config file: .PP .Vb 1 -\& openssl asn1parse -genconf asn1.cnf -noout -out asn1.der +\& openssl asn1parse \-genconf asn1.cnf \-noout \-out asn1.der .Ve .PP Example config file: .PP .Vb 1 \& asn1=SEQUENCE:seq_sect -.Ve -.PP -.Vb 1 +\& \& [seq_sect] -.Ve -.PP -.Vb 2 +\& \& field1=BOOL:TRUE \& field2=EXP:0, UTF8:some random string .Ve diff --git a/secure/usr.bin/openssl/man/ca.1 b/secure/usr.bin/openssl/man/ca.1 index d4fd31a..e14eede 100644 --- a/secure/usr.bin/openssl/man/ca.1 +++ b/secure/usr.bin/openssl/man/ca.1 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.37 +.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -25,11 +17,11 @@ .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to -.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C' -.\" expand to `' in nroff, nothing in troff, for use with C<>. -.tr \(*W-|\(bv\*(Tr +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- @@ -48,22 +40,25 @@ . ds R" '' 'br\} .\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.if \nF \{\ +.ie \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . nr % 0 . rr F .\} -.\" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.hy 0 -.if n .na +.el \{\ +. de IX +.. +.\} .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +124,11 @@ .\" ======================================================================== .\" .IX Title "CA 1" -.TH CA 1 "2010-03-24" "0.9.8n" "OpenSSL" +.TH CA 1 "2010-11-16" "0.9.8p" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh .SH "NAME" ca \- sample minimal CA application .SH "SYNOPSIS" @@ -206,7 +205,7 @@ section for information on the required format. .IP "\fB\-infiles\fR" 4 .IX Item "-infiles" if present this should be the last option, all subsequent arguments -are assumed to the the names of files containing certificate requests. +are assumed to the the names of files containing certificate requests. .IP "\fB\-out filename\fR" 4 .IX Item "-out filename" the output file to output certificates to. The default is standard @@ -380,7 +379,7 @@ include. If no \s-1CRL\s0 extension section is present then a V1 \s-1CRL\s0 is created, if the \s-1CRL\s0 extension section is present (even if it is empty) then a V2 \s-1CRL\s0 is created. The \s-1CRL\s0 extensions specified are \&\s-1CRL\s0 extensions and \fBnot\fR \s-1CRL\s0 entry extensions. It should be noted -that some software (for example Netscape) can't handle V2 CRLs. +that some software (for example Netscape) can't handle V2 CRLs. .SH "CONFIGURATION FILE OPTIONS" .IX Header "CONFIGURATION FILE OPTIONS" The section of the configuration file containing options for \fBca\fR @@ -407,7 +406,7 @@ any) used. This specifies a file containing additional \fB\s-1OBJECT\s0 \s-1IDENTIFIERS\s0\fR. Each line of the file should consist of the numerical form of the object identifier followed by white space then the short name followed -by white space and finally the long name. +by white space and finally the long name. .IP "\fBoid_section\fR" 4 .IX Item "oid_section" This specifies a section in the configuration file containing extra @@ -433,7 +432,7 @@ an \s-1EGD\s0 socket (see \fIRAND_egd\fR\|(3)). .IP "\fBdefault_days\fR" 4 .IX Item "default_days" the same as the \fB\-days\fR option. The number of days to certify -a certificate for. +a certificate for. .IP "\fBdefault_startdate\fR" 4 .IX Item "default_startdate" the same as the \fB\-startdate\fR option. The start date to certify @@ -561,31 +560,31 @@ demoCA/index.txt. Sign a certificate request: .PP .Vb 1 -\& openssl ca -in req.pem -out newcert.pem +\& openssl ca \-in req.pem \-out newcert.pem .Ve .PP Sign a certificate request, using \s-1CA\s0 extensions: .PP .Vb 1 -\& openssl ca -in req.pem -extensions v3_ca -out newcert.pem +\& openssl ca \-in req.pem \-extensions v3_ca \-out newcert.pem .Ve .PP Generate a \s-1CRL\s0 .PP .Vb 1 -\& openssl ca -gencrl -out crl.pem +\& openssl ca \-gencrl \-out crl.pem .Ve .PP Sign several requests: .PP .Vb 1 -\& openssl ca -infiles req1.pem req2.pem req3.pem +\& openssl ca \-infiles req1.pem req2.pem req3.pem .Ve .PP Certify a Netscape \s-1SPKAC:\s0 .PP .Vb 1 -\& openssl ca -spkac spkac.txt +\& openssl ca \-spkac spkac.txt .Ve .PP A sample \s-1SPKAC\s0 file (the \s-1SPKAC\s0 line has been truncated for clarity): @@ -603,43 +602,29 @@ A sample configuration file with the relevant sections for \fBca\fR: .Vb 2 \& [ ca ] \& default_ca = CA_default # The default ca section -.Ve -.PP -.Vb 1 +\& \& [ CA_default ] -.Ve -.PP -.Vb 3 +\& \& dir = ./demoCA # top dir \& database = $dir/index.txt # index file. \& new_certs_dir = $dir/newcerts # new certs dir -.Ve -.PP -.Vb 4 +\& \& certificate = $dir/cacert.pem # The CA cert \& serial = $dir/serial # serial no file \& private_key = $dir/private/cakey.pem# CA private key \& RANDFILE = $dir/private/.rand # random number file -.Ve -.PP -.Vb 3 +\& \& default_days = 365 # how long to certify for \& default_crl_days= 30 # how long before next CRL \& default_md = md5 # md to use -.Ve -.PP -.Vb 2 +\& \& policy = policy_any # default policy -\& email_in_dn = no # Don't add the email into cert DN -.Ve -.PP -.Vb 3 +\& email_in_dn = no # Don\*(Aqt add the email into cert DN +\& \& name_opt = ca_default # Subject name display option \& cert_opt = ca_default # Certificate display option -\& copy_extensions = none # Don't copy extensions from request -.Ve -.PP -.Vb 7 +\& copy_extensions = none # Don\*(Aqt copy extensions from request +\& \& [ policy_any ] \& countryName = supplied \& stateOrProvinceName = optional @@ -655,16 +640,16 @@ configuration file entries, environment variables or command line options. The values below reflect the default values. .PP .Vb 10 -\& /usr/local/ssl/lib/openssl.cnf - master configuration file -\& ./demoCA - main CA directory -\& ./demoCA/cacert.pem - CA certificate -\& ./demoCA/private/cakey.pem - CA private key -\& ./demoCA/serial - CA serial number file -\& ./demoCA/serial.old - CA serial number backup file -\& ./demoCA/index.txt - CA text database file -\& ./demoCA/index.txt.old - CA text database backup file -\& ./demoCA/certs - certificate output file -\& ./demoCA/.rnd - CA random seed information +\& /usr/local/ssl/lib/openssl.cnf \- master configuration file +\& ./demoCA \- main CA directory +\& ./demoCA/cacert.pem \- CA certificate +\& ./demoCA/private/cakey.pem \- CA private key +\& ./demoCA/serial \- CA serial number file +\& ./demoCA/serial.old \- CA serial number backup file +\& ./demoCA/index.txt \- CA text database file +\& ./demoCA/index.txt.old \- CA text database backup file +\& ./demoCA/certs \- certificate output file +\& ./demoCA/.rnd \- CA random seed information .Ve .SH "ENVIRONMENT VARIABLES" .IX Header "ENVIRONMENT VARIABLES" diff --git a/secure/usr.bin/openssl/man/ciphers.1 b/secure/usr.bin/openssl/man/ciphers.1 index 3f80cc6..0ac0b1e 100644 --- a/secure/usr.bin/openssl/man/ciphers.1 +++ b/secure/usr.bin/openssl/man/ciphers.1 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.37 +.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -25,11 +17,11 @@ .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to -.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C' -.\" expand to `' in nroff, nothing in troff, for use with C<>. -.tr \(*W-|\(bv\*(Tr +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- @@ -48,22 +40,25 @@ . ds R" '' 'br\} .\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.if \nF \{\ +.ie \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . nr % 0 . rr F .\} -.\" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.hy 0 -.if n .na +.el \{\ +. de IX +.. +.\} .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +124,11 @@ .\" ======================================================================== .\" .IX Title "CIPHERS 1" -.TH CIPHERS 1 "2010-03-24" "0.9.8n" "OpenSSL" +.TH CIPHERS 1 "2010-11-16" "0.9.8p" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh .SH "NAME" ciphers \- SSL cipher display and cipher list tool. .SH "SYNOPSIS" @@ -209,7 +208,7 @@ as a list of ciphers to be appended to the current preference list. If the list includes any ciphers already present they will be ignored: that is they will not moved to the end of the list. .PP -Additionally the cipher string \fB@STRENGTH\fR can be used at any point to sort +Additionally the cipher string \fB\f(CB@STRENGTH\fB\fR can be used at any point to sort the current cipher list in order of encryption algorithm key length. .SH "CIPHER STRINGS" .IX Header "CIPHER STRINGS" @@ -331,176 +330,148 @@ The following lists give the \s-1SSL\s0 or \s-1TLS\s0 cipher suites names from t relevant specification and their OpenSSL equivalents. It should be noted, that several cipher suite names do not include the authentication used, e.g. \s-1DES\-CBC3\-SHA\s0. In these cases, \s-1RSA\s0 authentication is used. -.Sh "\s-1SSL\s0 v3.0 cipher suites." +.SS "\s-1SSL\s0 v3.0 cipher suites." .IX Subsection "SSL v3.0 cipher suites." .Vb 10 -\& SSL_RSA_WITH_NULL_MD5 NULL-MD5 -\& SSL_RSA_WITH_NULL_SHA NULL-SHA -\& SSL_RSA_EXPORT_WITH_RC4_40_MD5 EXP-RC4-MD5 -\& SSL_RSA_WITH_RC4_128_MD5 RC4-MD5 -\& SSL_RSA_WITH_RC4_128_SHA RC4-SHA -\& SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5 EXP-RC2-CBC-MD5 -\& SSL_RSA_WITH_IDEA_CBC_SHA IDEA-CBC-SHA -\& SSL_RSA_EXPORT_WITH_DES40_CBC_SHA EXP-DES-CBC-SHA -\& SSL_RSA_WITH_DES_CBC_SHA DES-CBC-SHA -\& SSL_RSA_WITH_3DES_EDE_CBC_SHA DES-CBC3-SHA -.Ve -.PP -.Vb 12 +\& SSL_RSA_WITH_NULL_MD5 NULL\-MD5 +\& SSL_RSA_WITH_NULL_SHA NULL\-SHA +\& SSL_RSA_EXPORT_WITH_RC4_40_MD5 EXP\-RC4\-MD5 +\& SSL_RSA_WITH_RC4_128_MD5 RC4\-MD5 +\& SSL_RSA_WITH_RC4_128_SHA RC4\-SHA +\& SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5 EXP\-RC2\-CBC\-MD5 +\& SSL_RSA_WITH_IDEA_CBC_SHA IDEA\-CBC\-SHA +\& SSL_RSA_EXPORT_WITH_DES40_CBC_SHA EXP\-DES\-CBC\-SHA +\& SSL_RSA_WITH_DES_CBC_SHA DES\-CBC\-SHA +\& SSL_RSA_WITH_3DES_EDE_CBC_SHA DES\-CBC3\-SHA +\& \& SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA Not implemented. \& SSL_DH_DSS_WITH_DES_CBC_SHA Not implemented. \& SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA Not implemented. \& SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA Not implemented. \& SSL_DH_RSA_WITH_DES_CBC_SHA Not implemented. \& SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA Not implemented. -\& SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA EXP-EDH-DSS-DES-CBC-SHA -\& SSL_DHE_DSS_WITH_DES_CBC_SHA EDH-DSS-CBC-SHA -\& SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA EDH-DSS-DES-CBC3-SHA -\& SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA EXP-EDH-RSA-DES-CBC-SHA -\& SSL_DHE_RSA_WITH_DES_CBC_SHA EDH-RSA-DES-CBC-SHA -\& SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA EDH-RSA-DES-CBC3-SHA -.Ve -.PP -.Vb 5 -\& SSL_DH_anon_EXPORT_WITH_RC4_40_MD5 EXP-ADH-RC4-MD5 -\& SSL_DH_anon_WITH_RC4_128_MD5 ADH-RC4-MD5 -\& SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA EXP-ADH-DES-CBC-SHA -\& SSL_DH_anon_WITH_DES_CBC_SHA ADH-DES-CBC-SHA -\& SSL_DH_anon_WITH_3DES_EDE_CBC_SHA ADH-DES-CBC3-SHA -.Ve -.PP -.Vb 3 +\& SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA EXP\-EDH\-DSS\-DES\-CBC\-SHA +\& SSL_DHE_DSS_WITH_DES_CBC_SHA EDH\-DSS\-CBC\-SHA +\& SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA EDH\-DSS\-DES\-CBC3\-SHA +\& SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA EXP\-EDH\-RSA\-DES\-CBC\-SHA +\& SSL_DHE_RSA_WITH_DES_CBC_SHA EDH\-RSA\-DES\-CBC\-SHA +\& SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA EDH\-RSA\-DES\-CBC3\-SHA +\& +\& SSL_DH_anon_EXPORT_WITH_RC4_40_MD5 EXP\-ADH\-RC4\-MD5 +\& SSL_DH_anon_WITH_RC4_128_MD5 ADH\-RC4\-MD5 +\& SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA EXP\-ADH\-DES\-CBC\-SHA +\& SSL_DH_anon_WITH_DES_CBC_SHA ADH\-DES\-CBC\-SHA +\& SSL_DH_anon_WITH_3DES_EDE_CBC_SHA ADH\-DES\-CBC3\-SHA +\& \& SSL_FORTEZZA_KEA_WITH_NULL_SHA Not implemented. \& SSL_FORTEZZA_KEA_WITH_FORTEZZA_CBC_SHA Not implemented. \& SSL_FORTEZZA_KEA_WITH_RC4_128_SHA Not implemented. .Ve -.Sh "\s-1TLS\s0 v1.0 cipher suites." +.SS "\s-1TLS\s0 v1.0 cipher suites." .IX Subsection "TLS v1.0 cipher suites." .Vb 10 -\& TLS_RSA_WITH_NULL_MD5 NULL-MD5 -\& TLS_RSA_WITH_NULL_SHA NULL-SHA -\& TLS_RSA_EXPORT_WITH_RC4_40_MD5 EXP-RC4-MD5 -\& TLS_RSA_WITH_RC4_128_MD5 RC4-MD5 -\& TLS_RSA_WITH_RC4_128_SHA RC4-SHA -\& TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 EXP-RC2-CBC-MD5 -\& TLS_RSA_WITH_IDEA_CBC_SHA IDEA-CBC-SHA -\& TLS_RSA_EXPORT_WITH_DES40_CBC_SHA EXP-DES-CBC-SHA -\& TLS_RSA_WITH_DES_CBC_SHA DES-CBC-SHA -\& TLS_RSA_WITH_3DES_EDE_CBC_SHA DES-CBC3-SHA -.Ve -.PP -.Vb 12 +\& TLS_RSA_WITH_NULL_MD5 NULL\-MD5 +\& TLS_RSA_WITH_NULL_SHA NULL\-SHA +\& TLS_RSA_EXPORT_WITH_RC4_40_MD5 EXP\-RC4\-MD5 +\& TLS_RSA_WITH_RC4_128_MD5 RC4\-MD5 +\& TLS_RSA_WITH_RC4_128_SHA RC4\-SHA +\& TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 EXP\-RC2\-CBC\-MD5 +\& TLS_RSA_WITH_IDEA_CBC_SHA IDEA\-CBC\-SHA +\& TLS_RSA_EXPORT_WITH_DES40_CBC_SHA EXP\-DES\-CBC\-SHA +\& TLS_RSA_WITH_DES_CBC_SHA DES\-CBC\-SHA +\& TLS_RSA_WITH_3DES_EDE_CBC_SHA DES\-CBC3\-SHA +\& \& TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA Not implemented. \& TLS_DH_DSS_WITH_DES_CBC_SHA Not implemented. \& TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA Not implemented. \& TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA Not implemented. \& TLS_DH_RSA_WITH_DES_CBC_SHA Not implemented. \& TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA Not implemented. -\& TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA EXP-EDH-DSS-DES-CBC-SHA -\& TLS_DHE_DSS_WITH_DES_CBC_SHA EDH-DSS-CBC-SHA -\& TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA EDH-DSS-DES-CBC3-SHA -\& TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA EXP-EDH-RSA-DES-CBC-SHA -\& TLS_DHE_RSA_WITH_DES_CBC_SHA EDH-RSA-DES-CBC-SHA -\& TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA EDH-RSA-DES-CBC3-SHA -.Ve -.PP -.Vb 5 -\& TLS_DH_anon_EXPORT_WITH_RC4_40_MD5 EXP-ADH-RC4-MD5 -\& TLS_DH_anon_WITH_RC4_128_MD5 ADH-RC4-MD5 -\& TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA EXP-ADH-DES-CBC-SHA -\& TLS_DH_anon_WITH_DES_CBC_SHA ADH-DES-CBC-SHA -\& TLS_DH_anon_WITH_3DES_EDE_CBC_SHA ADH-DES-CBC3-SHA +\& TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA EXP\-EDH\-DSS\-DES\-CBC\-SHA +\& TLS_DHE_DSS_WITH_DES_CBC_SHA EDH\-DSS\-CBC\-SHA +\& TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA EDH\-DSS\-DES\-CBC3\-SHA +\& TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA EXP\-EDH\-RSA\-DES\-CBC\-SHA +\& TLS_DHE_RSA_WITH_DES_CBC_SHA EDH\-RSA\-DES\-CBC\-SHA +\& TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA EDH\-RSA\-DES\-CBC3\-SHA +\& +\& TLS_DH_anon_EXPORT_WITH_RC4_40_MD5 EXP\-ADH\-RC4\-MD5 +\& TLS_DH_anon_WITH_RC4_128_MD5 ADH\-RC4\-MD5 +\& TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA EXP\-ADH\-DES\-CBC\-SHA +\& TLS_DH_anon_WITH_DES_CBC_SHA ADH\-DES\-CBC\-SHA +\& TLS_DH_anon_WITH_3DES_EDE_CBC_SHA ADH\-DES\-CBC3\-SHA .Ve -.Sh "\s-1AES\s0 ciphersuites from \s-1RFC3268\s0, extending \s-1TLS\s0 v1.0" +.SS "\s-1AES\s0 ciphersuites from \s-1RFC3268\s0, extending \s-1TLS\s0 v1.0" .IX Subsection "AES ciphersuites from RFC3268, extending TLS v1.0" .Vb 2 -\& TLS_RSA_WITH_AES_128_CBC_SHA AES128-SHA -\& TLS_RSA_WITH_AES_256_CBC_SHA AES256-SHA -.Ve -.PP -.Vb 4 +\& TLS_RSA_WITH_AES_128_CBC_SHA AES128\-SHA +\& TLS_RSA_WITH_AES_256_CBC_SHA AES256\-SHA +\& \& TLS_DH_DSS_WITH_AES_128_CBC_SHA Not implemented. \& TLS_DH_DSS_WITH_AES_256_CBC_SHA Not implemented. \& TLS_DH_RSA_WITH_AES_128_CBC_SHA Not implemented. \& TLS_DH_RSA_WITH_AES_256_CBC_SHA Not implemented. +\& +\& TLS_DHE_DSS_WITH_AES_128_CBC_SHA DHE\-DSS\-AES128\-SHA +\& TLS_DHE_DSS_WITH_AES_256_CBC_SHA DHE\-DSS\-AES256\-SHA +\& TLS_DHE_RSA_WITH_AES_128_CBC_SHA DHE\-RSA\-AES128\-SHA +\& TLS_DHE_RSA_WITH_AES_256_CBC_SHA DHE\-RSA\-AES256\-SHA +\& +\& TLS_DH_anon_WITH_AES_128_CBC_SHA ADH\-AES128\-SHA +\& TLS_DH_anon_WITH_AES_256_CBC_SHA ADH\-AES256\-SHA .Ve -.PP -.Vb 4 -\& TLS_DHE_DSS_WITH_AES_128_CBC_SHA DHE-DSS-AES128-SHA -\& TLS_DHE_DSS_WITH_AES_256_CBC_SHA DHE-DSS-AES256-SHA -\& TLS_DHE_RSA_WITH_AES_128_CBC_SHA DHE-RSA-AES128-SHA -\& TLS_DHE_RSA_WITH_AES_256_CBC_SHA DHE-RSA-AES256-SHA -.Ve -.PP -.Vb 2 -\& TLS_DH_anon_WITH_AES_128_CBC_SHA ADH-AES128-SHA -\& TLS_DH_anon_WITH_AES_256_CBC_SHA ADH-AES256-SHA -.Ve -.Sh "Camellia ciphersuites from \s-1RFC4132\s0, extending \s-1TLS\s0 v1.0" +.SS "Camellia ciphersuites from \s-1RFC4132\s0, extending \s-1TLS\s0 v1.0" .IX Subsection "Camellia ciphersuites from RFC4132, extending TLS v1.0" .Vb 2 -\& TLS_RSA_WITH_CAMELLIA_128_CBC_SHA CAMELLIA128-SHA -\& TLS_RSA_WITH_CAMELLIA_256_CBC_SHA CAMELLIA256-SHA -.Ve -.PP -.Vb 4 +\& TLS_RSA_WITH_CAMELLIA_128_CBC_SHA CAMELLIA128\-SHA +\& TLS_RSA_WITH_CAMELLIA_256_CBC_SHA CAMELLIA256\-SHA +\& \& TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA Not implemented. \& TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA Not implemented. \& TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA Not implemented. \& TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA Not implemented. +\& +\& TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA DHE\-DSS\-CAMELLIA128\-SHA +\& TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA DHE\-DSS\-CAMELLIA256\-SHA +\& TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA DHE\-RSA\-CAMELLIA128\-SHA +\& TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA DHE\-RSA\-CAMELLIA256\-SHA +\& +\& TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA ADH\-CAMELLIA128\-SHA +\& TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA ADH\-CAMELLIA256\-SHA .Ve -.PP -.Vb 4 -\& TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA DHE-DSS-CAMELLIA128-SHA -\& TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA DHE-DSS-CAMELLIA256-SHA -\& TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA DHE-RSA-CAMELLIA128-SHA -\& TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA DHE-RSA-CAMELLIA256-SHA -.Ve -.PP -.Vb 2 -\& TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA ADH-CAMELLIA128-SHA -\& TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA ADH-CAMELLIA256-SHA -.Ve -.Sh "\s-1SEED\s0 ciphersuites from \s-1RFC4162\s0, extending \s-1TLS\s0 v1.0" +.SS "\s-1SEED\s0 ciphersuites from \s-1RFC4162\s0, extending \s-1TLS\s0 v1.0" .IX Subsection "SEED ciphersuites from RFC4162, extending TLS v1.0" .Vb 1 -\& TLS_RSA_WITH_SEED_CBC_SHA SEED-SHA -.Ve -.PP -.Vb 2 +\& TLS_RSA_WITH_SEED_CBC_SHA SEED\-SHA +\& \& TLS_DH_DSS_WITH_SEED_CBC_SHA Not implemented. \& TLS_DH_RSA_WITH_SEED_CBC_SHA Not implemented. +\& +\& TLS_DHE_DSS_WITH_SEED_CBC_SHA DHE\-DSS\-SEED\-SHA +\& TLS_DHE_RSA_WITH_SEED_CBC_SHA DHE\-RSA\-SEED\-SHA +\& +\& TLS_DH_anon_WITH_SEED_CBC_SHA ADH\-SEED\-SHA .Ve -.PP -.Vb 2 -\& TLS_DHE_DSS_WITH_SEED_CBC_SHA DHE-DSS-SEED-SHA -\& TLS_DHE_RSA_WITH_SEED_CBC_SHA DHE-RSA-SEED-SHA -.Ve -.PP -.Vb 1 -\& TLS_DH_anon_WITH_SEED_CBC_SHA ADH-SEED-SHA -.Ve -.Sh "Additional Export 1024 and other cipher suites" +.SS "Additional Export 1024 and other cipher suites" .IX Subsection "Additional Export 1024 and other cipher suites" Note: these ciphers can also be used in \s-1SSL\s0 v3. .PP .Vb 5 -\& TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA EXP1024-DES-CBC-SHA -\& TLS_RSA_EXPORT1024_WITH_RC4_56_SHA EXP1024-RC4-SHA -\& TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA EXP1024-DHE-DSS-DES-CBC-SHA -\& TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA EXP1024-DHE-DSS-RC4-SHA -\& TLS_DHE_DSS_WITH_RC4_128_SHA DHE-DSS-RC4-SHA +\& TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA EXP1024\-DES\-CBC\-SHA +\& TLS_RSA_EXPORT1024_WITH_RC4_56_SHA EXP1024\-RC4\-SHA +\& TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA EXP1024\-DHE\-DSS\-DES\-CBC\-SHA +\& TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA EXP1024\-DHE\-DSS\-RC4\-SHA +\& TLS_DHE_DSS_WITH_RC4_128_SHA DHE\-DSS\-RC4\-SHA .Ve -.Sh "\s-1SSL\s0 v2.0 cipher suites." +.SS "\s-1SSL\s0 v2.0 cipher suites." .IX Subsection "SSL v2.0 cipher suites." .Vb 7 -\& SSL_CK_RC4_128_WITH_MD5 RC4-MD5 -\& SSL_CK_RC4_128_EXPORT40_WITH_MD5 EXP-RC4-MD5 -\& SSL_CK_RC2_128_CBC_WITH_MD5 RC2-MD5 -\& SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5 EXP-RC2-MD5 -\& SSL_CK_IDEA_128_CBC_WITH_MD5 IDEA-CBC-MD5 -\& SSL_CK_DES_64_CBC_WITH_MD5 DES-CBC-MD5 -\& SSL_CK_DES_192_EDE3_CBC_WITH_MD5 DES-CBC3-MD5 +\& SSL_CK_RC4_128_WITH_MD5 RC4\-MD5 +\& SSL_CK_RC4_128_EXPORT40_WITH_MD5 EXP\-RC4\-MD5 +\& SSL_CK_RC2_128_CBC_WITH_MD5 RC2\-MD5 +\& SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5 EXP\-RC2\-MD5 +\& SSL_CK_IDEA_128_CBC_WITH_MD5 IDEA\-CBC\-MD5 +\& SSL_CK_DES_64_CBC_WITH_MD5 DES\-CBC\-MD5 +\& SSL_CK_DES_192_EDE3_CBC_WITH_MD5 DES\-CBC3\-MD5 .Ve .SH "NOTES" .IX Header "NOTES" @@ -514,33 +485,33 @@ listed here because some ciphers were excluded at compile time. Verbose listing of all OpenSSL ciphers including \s-1NULL\s0 ciphers: .PP .Vb 1 -\& openssl ciphers -v 'ALL:eNULL' +\& openssl ciphers \-v \*(AqALL:eNULL\*(Aq .Ve .PP Include all ciphers except \s-1NULL\s0 and anonymous \s-1DH\s0 then sort by strength: .PP .Vb 1 -\& openssl ciphers -v 'ALL:!ADH:@STRENGTH' +\& openssl ciphers \-v \*(AqALL:!ADH:@STRENGTH\*(Aq .Ve .PP Include only 3DES ciphers and then place \s-1RSA\s0 ciphers last: .PP .Vb 1 -\& openssl ciphers -v '3DES:+RSA' +\& openssl ciphers \-v \*(Aq3DES:+RSA\*(Aq .Ve .PP Include all \s-1RC4\s0 ciphers but leave out those without authentication: .PP .Vb 1 -\& openssl ciphers -v 'RC4:!COMPLEMENTOFDEFAULT' +\& openssl ciphers \-v \*(AqRC4:!COMPLEMENTOFDEFAULT\*(Aq .Ve .PP Include all chiphers with \s-1RSA\s0 authentication but leave out ciphers without encryption. .PP .Vb 1 -\& openssl ciphers -v 'RSA:!COMPLEMENTOFALL' +\& openssl ciphers \-v \*(AqRSA:!COMPLEMENTOFALL\*(Aq .Ve .SH "SEE ALSO" .IX Header "SEE ALSO" diff --git a/secure/usr.bin/openssl/man/crl.1 b/secure/usr.bin/openssl/man/crl.1 index 098f51c..82f022d 100644 --- a/secure/usr.bin/openssl/man/crl.1 +++ b/secure/usr.bin/openssl/man/crl.1 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.37 +.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -25,11 +17,11 @@ .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to -.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C' -.\" expand to `' in nroff, nothing in troff, for use with C<>. -.tr \(*W-|\(bv\*(Tr +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- @@ -48,22 +40,25 @@ . ds R" '' 'br\} .\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.if \nF \{\ +.ie \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . nr % 0 . rr F .\} -.\" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.hy 0 -.if n .na +.el \{\ +. de IX +.. +.\} .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +124,11 @@ .\" ======================================================================== .\" .IX Title "CRL 1" -.TH CRL 1 "2010-03-24" "0.9.8n" "OpenSSL" +.TH CRL 1 "2010-11-16" "0.9.8p" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh .SH "NAME" crl \- CRL utility .SH "SYNOPSIS" @@ -203,21 +202,21 @@ to each certificate. The \s-1PEM\s0 \s-1CRL\s0 format uses the header and footer lines: .PP .Vb 2 -\& -----BEGIN X509 CRL----- -\& -----END X509 CRL----- +\& \-\-\-\-\-BEGIN X509 CRL\-\-\-\-\- +\& \-\-\-\-\-END X509 CRL\-\-\-\-\- .Ve .SH "EXAMPLES" .IX Header "EXAMPLES" Convert a \s-1CRL\s0 file from \s-1PEM\s0 to \s-1DER:\s0 .PP .Vb 1 -\& openssl crl -in crl.pem -outform DER -out crl.der +\& openssl crl \-in crl.pem \-outform DER \-out crl.der .Ve .PP Output the text form of a \s-1DER\s0 encoded certificate: .PP .Vb 1 -\& openssl crl -in crl.der -text -noout +\& openssl crl \-in crl.der \-text \-noout .Ve .SH "BUGS" .IX Header "BUGS" diff --git a/secure/usr.bin/openssl/man/crl2pkcs7.1 b/secure/usr.bin/openssl/man/crl2pkcs7.1 index 09012c8..29dc7e7 100644 --- a/secure/usr.bin/openssl/man/crl2pkcs7.1 +++ b/secure/usr.bin/openssl/man/crl2pkcs7.1 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.37 +.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -25,11 +17,11 @@ .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to -.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C' -.\" expand to `' in nroff, nothing in troff, for use with C<>. -.tr \(*W-|\(bv\*(Tr +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- @@ -48,22 +40,25 @@ . ds R" '' 'br\} .\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.if \nF \{\ +.ie \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . nr % 0 . rr F .\} -.\" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.hy 0 -.if n .na +.el \{\ +. de IX +.. +.\} .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +124,11 @@ .\" ======================================================================== .\" .IX Title "CRL2PKCS7 1" -.TH CRL2PKCS7 1 "2010-03-24" "0.9.8n" "OpenSSL" +.TH CRL2PKCS7 1 "2010-11-16" "0.9.8p" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh .SH "NAME" crl2pkcs7 \- Create a PKCS#7 structure from a CRL and certificates. .SH "SYNOPSIS" @@ -181,15 +180,15 @@ included in the output file and a \s-1CRL\s0 is not read from the input file. Create a PKCS#7 structure from a certificate and \s-1CRL:\s0 .PP .Vb 1 -\& openssl crl2pkcs7 -in crl.pem -certfile cert.pem -out p7.pem +\& openssl crl2pkcs7 \-in crl.pem \-certfile cert.pem \-out p7.pem .Ve .PP Creates a PKCS#7 structure in \s-1DER\s0 format with no \s-1CRL\s0 from several different certificates: .PP .Vb 2 -\& openssl crl2pkcs7 -nocrl -certfile newcert.pem -\& -certfile demoCA/cacert.pem -outform DER -out p7.der +\& openssl crl2pkcs7 \-nocrl \-certfile newcert.pem +\& \-certfile demoCA/cacert.pem \-outform DER \-out p7.der .Ve .SH "NOTES" .IX Header "NOTES" diff --git a/secure/usr.bin/openssl/man/dgst.1 b/secure/usr.bin/openssl/man/dgst.1 index 31ba4d8..a0373cc 100644 --- a/secure/usr.bin/openssl/man/dgst.1 +++ b/secure/usr.bin/openssl/man/dgst.1 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.37 +.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -25,11 +17,11 @@ .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to -.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C' -.\" expand to `' in nroff, nothing in troff, for use with C<>. -.tr \(*W-|\(bv\*(Tr +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- @@ -48,22 +40,25 @@ . ds R" '' 'br\} .\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.if \nF \{\ +.ie \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . nr % 0 . rr F .\} -.\" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.hy 0 -.if n .na +.el \{\ +. de IX +.. +.\} .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +124,11 @@ .\" ======================================================================== .\" .IX Title "DGST 1" -.TH DGST 1 "2010-03-24" "0.9.8n" "OpenSSL" +.TH DGST 1 "2010-11-16" "0.9.8p" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh .SH "NAME" dgst, md5, md4, md2, sha1, sha, mdc2, ripemd160 \- message digests .SH "SYNOPSIS" @@ -201,8 +200,8 @@ create a hashed \s-1MAC\s0 using \*(L"key\*(R". a file or files containing random data used to seed the random number generator, or an \s-1EGD\s0 socket (see \fIRAND_egd\fR\|(3)). Multiple files can be specified separated by a OS-dependent character. -The separator is \fB;\fR for MS\-Windows, \fB,\fR for OpenVMS, and \fB:\fR for -all others. +The separator is \fB;\fR for MS-Windows, \fB,\fR for OpenVMS, and \fB:\fR for +all others. .IP "\fBfile...\fR" 4 .IX Item "file..." file or files to digest. If no files are specified then standard input is diff --git a/secure/usr.bin/openssl/man/dhparam.1 b/secure/usr.bin/openssl/man/dhparam.1 index cd0f30a..e93899a 100644 --- a/secure/usr.bin/openssl/man/dhparam.1 +++ b/secure/usr.bin/openssl/man/dhparam.1 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.37 +.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -25,11 +17,11 @@ .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to -.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C' -.\" expand to `' in nroff, nothing in troff, for use with C<>. -.tr \(*W-|\(bv\*(Tr +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- @@ -48,22 +40,25 @@ . ds R" '' 'br\} .\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.if \nF \{\ +.ie \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . nr % 0 . rr F .\} -.\" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.hy 0 -.if n .na +.el \{\ +. de IX +.. +.\} .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +124,11 @@ .\" ======================================================================== .\" .IX Title "DHPARAM 1" -.TH DHPARAM 1 "2010-03-24" "0.9.8n" "OpenSSL" +.TH DHPARAM 1 "2010-11-16" "0.9.8p" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh .SH "NAME" dhparam \- DH parameter manipulation and generation .SH "SYNOPSIS" @@ -192,7 +191,7 @@ input file is ignored and parameters are generated instead. a file or files containing random data used to seed the random number generator, or an \s-1EGD\s0 socket (see \fIRAND_egd\fR\|(3)). Multiple files can be specified separated by a OS-dependent character. -The separator is \fB;\fR for MS\-Windows, \fB,\fR for OpenVMS, and \fB:\fR for +The separator is \fB;\fR for MS-Windows, \fB,\fR for OpenVMS, and \fB:\fR for all others. .IP "\fInumbits\fR" 4 .IX Item "numbits" @@ -227,8 +226,8 @@ versions of OpenSSL. \&\s-1PEM\s0 format \s-1DH\s0 parameters use the header and footer lines: .PP .Vb 2 -\& -----BEGIN DH PARAMETERS----- -\& -----END DH PARAMETERS----- +\& \-\-\-\-\-BEGIN DH PARAMETERS\-\-\-\-\- +\& \-\-\-\-\-END DH PARAMETERS\-\-\-\-\- .Ve .PP OpenSSL currently only supports the older PKCS#3 \s-1DH\s0, not the newer X9.42 diff --git a/secure/usr.bin/openssl/man/dsa.1 b/secure/usr.bin/openssl/man/dsa.1 index 24350cc..1879eab 100644 --- a/secure/usr.bin/openssl/man/dsa.1 +++ b/secure/usr.bin/openssl/man/dsa.1 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.37 +.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -25,11 +17,11 @@ .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to -.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C' -.\" expand to `' in nroff, nothing in troff, for use with C<>. -.tr \(*W-|\(bv\*(Tr +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- @@ -48,22 +40,25 @@ . ds R" '' 'br\} .\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.if \nF \{\ +.ie \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . nr % 0 . rr F .\} -.\" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.hy 0 -.if n .na +.el \{\ +. de IX +.. +.\} .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +124,11 @@ .\" ======================================================================== .\" .IX Title "DSA 1" -.TH DSA 1 "2010-03-24" "0.9.8n" "OpenSSL" +.TH DSA 1 "2010-11-16" "0.9.8p" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh .SH "NAME" dsa \- DSA key processing .SH "SYNOPSIS" @@ -230,46 +229,46 @@ for all available algorithms. The \s-1PEM\s0 private key format uses the header and footer lines: .PP .Vb 2 -\& -----BEGIN DSA PRIVATE KEY----- -\& -----END DSA PRIVATE KEY----- +\& \-\-\-\-\-BEGIN DSA PRIVATE KEY\-\-\-\-\- +\& \-\-\-\-\-END DSA PRIVATE KEY\-\-\-\-\- .Ve .PP The \s-1PEM\s0 public key format uses the header and footer lines: .PP .Vb 2 -\& -----BEGIN PUBLIC KEY----- -\& -----END PUBLIC KEY----- +\& \-\-\-\-\-BEGIN PUBLIC KEY\-\-\-\-\- +\& \-\-\-\-\-END PUBLIC KEY\-\-\-\-\- .Ve .SH "EXAMPLES" .IX Header "EXAMPLES" To remove the pass phrase on a \s-1DSA\s0 private key: .PP .Vb 1 -\& openssl dsa -in key.pem -out keyout.pem +\& openssl dsa \-in key.pem \-out keyout.pem .Ve .PP To encrypt a private key using triple \s-1DES:\s0 .PP .Vb 1 -\& openssl dsa -in key.pem -des3 -out keyout.pem +\& openssl dsa \-in key.pem \-des3 \-out keyout.pem .Ve .PP -To convert a private key from \s-1PEM\s0 to \s-1DER\s0 format: +To convert a private key from \s-1PEM\s0 to \s-1DER\s0 format: .PP .Vb 1 -\& openssl dsa -in key.pem -outform DER -out keyout.der +\& openssl dsa \-in key.pem \-outform DER \-out keyout.der .Ve .PP To print out the components of a private key to standard output: .PP .Vb 1 -\& openssl dsa -in key.pem -text -noout +\& openssl dsa \-in key.pem \-text \-noout .Ve .PP To just output the public part of a private key: .PP .Vb 1 -\& openssl dsa -in key.pem -pubout -out pubkey.pem +\& openssl dsa \-in key.pem \-pubout \-out pubkey.pem .Ve .SH "SEE ALSO" .IX Header "SEE ALSO" diff --git a/secure/usr.bin/openssl/man/dsaparam.1 b/secure/usr.bin/openssl/man/dsaparam.1 index a0bca74..9979766 100644 --- a/secure/usr.bin/openssl/man/dsaparam.1 +++ b/secure/usr.bin/openssl/man/dsaparam.1 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.37 +.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -25,11 +17,11 @@ .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to -.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C' -.\" expand to `' in nroff, nothing in troff, for use with C<>. -.tr \(*W-|\(bv\*(Tr +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- @@ -48,22 +40,25 @@ . ds R" '' 'br\} .\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.if \nF \{\ +.ie \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . nr % 0 . rr F .\} -.\" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.hy 0 -.if n .na +.el \{\ +. de IX +.. +.\} .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +124,11 @@ .\" ======================================================================== .\" .IX Title "DSAPARAM 1" -.TH DSAPARAM 1 "2010-03-24" "0.9.8n" "OpenSSL" +.TH DSAPARAM 1 "2010-11-16" "0.9.8p" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh .SH "NAME" dsaparam \- DSA parameter manipulation and generation .SH "SYNOPSIS" @@ -190,7 +189,7 @@ parameters. a file or files containing random data used to seed the random number generator, or an \s-1EGD\s0 socket (see \fIRAND_egd\fR\|(3)). Multiple files can be specified separated by a OS-dependent character. -The separator is \fB;\fR for MS\-Windows, \fB,\fR for OpenVMS, and \fB:\fR for +The separator is \fB;\fR for MS-Windows, \fB,\fR for OpenVMS, and \fB:\fR for all others. .IP "\fBnumbits\fR" 4 .IX Item "numbits" @@ -208,8 +207,8 @@ for all available algorithms. \&\s-1PEM\s0 format \s-1DSA\s0 parameters use the header and footer lines: .PP .Vb 2 -\& -----BEGIN DSA PARAMETERS----- -\& -----END DSA PARAMETERS----- +\& \-\-\-\-\-BEGIN DSA PARAMETERS\-\-\-\-\- +\& \-\-\-\-\-END DSA PARAMETERS\-\-\-\-\- .Ve .PP \&\s-1DSA\s0 parameter generation is a slow process and as a result the same set of diff --git a/secure/usr.bin/openssl/man/ec.1 b/secure/usr.bin/openssl/man/ec.1 index 347023c..66ee41e 100644 --- a/secure/usr.bin/openssl/man/ec.1 +++ b/secure/usr.bin/openssl/man/ec.1 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.37 +.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -25,11 +17,11 @@ .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to -.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C' -.\" expand to `' in nroff, nothing in troff, for use with C<>. -.tr \(*W-|\(bv\*(Tr +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- @@ -48,22 +40,25 @@ . ds R" '' 'br\} .\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.if \nF \{\ +.ie \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . nr % 0 . rr F .\} -.\" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.hy 0 -.if n .na +.el \{\ +. de IX +.. +.\} .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +124,11 @@ .\" ======================================================================== .\" .IX Title "EC 1" -.TH EC 1 "2010-03-24" "0.9.8n" "OpenSSL" +.TH EC 1 "2010-11-16" "0.9.8p" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh .SH "NAME" ec \- EC key processing .SH "SYNOPSIS" @@ -249,52 +248,52 @@ for all available algorithms. The \s-1PEM\s0 private key format uses the header and footer lines: .PP .Vb 2 -\& -----BEGIN EC PRIVATE KEY----- -\& -----END EC PRIVATE KEY----- +\& \-\-\-\-\-BEGIN EC PRIVATE KEY\-\-\-\-\- +\& \-\-\-\-\-END EC PRIVATE KEY\-\-\-\-\- .Ve .PP The \s-1PEM\s0 public key format uses the header and footer lines: .PP .Vb 2 -\& -----BEGIN PUBLIC KEY----- -\& -----END PUBLIC KEY----- +\& \-\-\-\-\-BEGIN PUBLIC KEY\-\-\-\-\- +\& \-\-\-\-\-END PUBLIC KEY\-\-\-\-\- .Ve .SH "EXAMPLES" .IX Header "EXAMPLES" To encrypt a private key using triple \s-1DES:\s0 .PP .Vb 1 -\& openssl ec -in key.pem -des3 -out keyout.pem +\& openssl ec \-in key.pem \-des3 \-out keyout.pem .Ve .PP -To convert a private key from \s-1PEM\s0 to \s-1DER\s0 format: +To convert a private key from \s-1PEM\s0 to \s-1DER\s0 format: .PP .Vb 1 -\& openssl ec -in key.pem -outform DER -out keyout.der +\& openssl ec \-in key.pem \-outform DER \-out keyout.der .Ve .PP To print out the components of a private key to standard output: .PP .Vb 1 -\& openssl ec -in key.pem -text -noout +\& openssl ec \-in key.pem \-text \-noout .Ve .PP To just output the public part of a private key: .PP .Vb 1 -\& openssl ec -in key.pem -pubout -out pubkey.pem +\& openssl ec \-in key.pem \-pubout \-out pubkey.pem .Ve .PP To change the parameters encoding to \fBexplicit\fR: .PP .Vb 1 -\& openssl ec -in key.pem -param_enc explicit -out keyout.pem +\& openssl ec \-in key.pem \-param_enc explicit \-out keyout.pem .Ve .PP To change the point conversion form to \fBcompressed\fR: .PP .Vb 1 -\& openssl ec -in key.pem -conv_form compressed -out keyout.pem +\& openssl ec \-in key.pem \-conv_form compressed \-out keyout.pem .Ve .SH "SEE ALSO" .IX Header "SEE ALSO" diff --git a/secure/usr.bin/openssl/man/ecparam.1 b/secure/usr.bin/openssl/man/ecparam.1 index c7c2a28..ec79e7a 100644 --- a/secure/usr.bin/openssl/man/ecparam.1 +++ b/secure/usr.bin/openssl/man/ecparam.1 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.37 +.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -25,11 +17,11 @@ .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to -.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C' -.\" expand to `' in nroff, nothing in troff, for use with C<>. -.tr \(*W-|\(bv\*(Tr +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- @@ -48,22 +40,25 @@ . ds R" '' 'br\} .\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.if \nF \{\ +.ie \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . nr % 0 . rr F .\} -.\" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.hy 0 -.if n .na +.el \{\ +. de IX +.. +.\} .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +124,11 @@ .\" ======================================================================== .\" .IX Title "ECPARAM 1" -.TH ECPARAM 1 "2010-03-24" "0.9.8n" "OpenSSL" +.TH ECPARAM 1 "2010-11-16" "0.9.8p" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh .SH "NAME" ecparam \- EC parameter manipulation and generation .SH "SYNOPSIS" @@ -226,7 +225,7 @@ This option will generate a \s-1EC\s0 private key using the specified parameters a file or files containing random data used to seed the random number generator, or an \s-1EGD\s0 socket (see \fIRAND_egd\fR\|(3)). Multiple files can be specified separated by a OS-dependent character. -The separator is \fB;\fR for MS\-Windows, \fB,\fR for OpenVMS, and \fB:\fR for +The separator is \fB;\fR for MS-Windows, \fB,\fR for OpenVMS, and \fB:\fR for all others. .IP "\fB\-engine id\fR" 4 .IX Item "-engine id" @@ -239,48 +238,48 @@ for all available algorithms. \&\s-1PEM\s0 format \s-1EC\s0 parameters use the header and footer lines: .PP .Vb 2 -\& -----BEGIN EC PARAMETERS----- -\& -----END EC PARAMETERS----- +\& \-\-\-\-\-BEGIN EC PARAMETERS\-\-\-\-\- +\& \-\-\-\-\-END EC PARAMETERS\-\-\-\-\- .Ve .PP OpenSSL is currently not able to generate new groups and therefore -\&\fBecparam\fR can only create \s-1EC\s0 parameters from known (named) curves. +\&\fBecparam\fR can only create \s-1EC\s0 parameters from known (named) curves. .SH "EXAMPLES" .IX Header "EXAMPLES" To create \s-1EC\s0 parameters with the group 'prime192v1': .PP .Vb 1 -\& openssl ecparam -out ec_param.pem -name prime192v1 +\& openssl ecparam \-out ec_param.pem \-name prime192v1 .Ve .PP To create \s-1EC\s0 parameters with explicit parameters: .PP .Vb 1 -\& openssl ecparam -out ec_param.pem -name prime192v1 -param_enc explicit +\& openssl ecparam \-out ec_param.pem \-name prime192v1 \-param_enc explicit .Ve .PP To validate given \s-1EC\s0 parameters: .PP .Vb 1 -\& openssl ecparam -in ec_param.pem -check +\& openssl ecparam \-in ec_param.pem \-check .Ve .PP To create \s-1EC\s0 parameters and a private key: .PP .Vb 1 -\& openssl ecparam -out ec_key.pem -name prime192v1 -genkey +\& openssl ecparam \-out ec_key.pem \-name prime192v1 \-genkey .Ve .PP To change the point encoding to 'compressed': .PP .Vb 1 -\& openssl ecparam -in ec_in.pem -out ec_out.pem -conv_form compressed +\& openssl ecparam \-in ec_in.pem \-out ec_out.pem \-conv_form compressed .Ve .PP To print out the \s-1EC\s0 parameters to standard output: .PP .Vb 1 -\& openssl ecparam -in ec_param.pem -noout -text +\& openssl ecparam \-in ec_param.pem \-noout \-text .Ve .SH "SEE ALSO" .IX Header "SEE ALSO" diff --git a/secure/usr.bin/openssl/man/enc.1 b/secure/usr.bin/openssl/man/enc.1 index 1760a59..f5e9c20 100644 --- a/secure/usr.bin/openssl/man/enc.1 +++ b/secure/usr.bin/openssl/man/enc.1 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.37 +.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -25,11 +17,11 @@ .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to -.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C' -.\" expand to `' in nroff, nothing in troff, for use with C<>. -.tr \(*W-|\(bv\*(Tr +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- @@ -48,22 +40,25 @@ . ds R" '' 'br\} .\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.if \nF \{\ +.ie \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . nr % 0 . rr F .\} -.\" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.hy 0 -.if n .na +.el \{\ +. de IX +.. +.\} .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +124,11 @@ .\" ======================================================================== .\" .IX Title "ENC 1" -.TH ENC 1 "2010-03-24" "0.9.8n" "OpenSSL" +.TH ENC 1 "2010-11-16" "0.9.8p" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh .SH "NAME" enc \- symmetric cipher routines .SH "SYNOPSIS" @@ -271,136 +270,114 @@ Blowfish and \s-1RC5\s0 algorithms use a 128 bit key. .IX Header "SUPPORTED CIPHERS" .Vb 1 \& base64 Base 64 -.Ve -.PP -.Vb 5 -\& bf-cbc Blowfish in CBC mode -\& bf Alias for bf-cbc -\& bf-cfb Blowfish in CFB mode -\& bf-ecb Blowfish in ECB mode -\& bf-ofb Blowfish in OFB mode -.Ve -.PP -.Vb 6 -\& cast-cbc CAST in CBC mode -\& cast Alias for cast-cbc -\& cast5-cbc CAST5 in CBC mode -\& cast5-cfb CAST5 in CFB mode -\& cast5-ecb CAST5 in ECB mode -\& cast5-ofb CAST5 in OFB mode -.Ve -.PP -.Vb 5 -\& des-cbc DES in CBC mode -\& des Alias for des-cbc -\& des-cfb DES in CBC mode -\& des-ofb DES in OFB mode -\& des-ecb DES in ECB mode -.Ve -.PP -.Vb 4 -\& des-ede-cbc Two key triple DES EDE in CBC mode -\& des-ede Two key triple DES EDE in ECB mode -\& des-ede-cfb Two key triple DES EDE in CFB mode -\& des-ede-ofb Two key triple DES EDE in OFB mode -.Ve -.PP -.Vb 5 -\& des-ede3-cbc Three key triple DES EDE in CBC mode -\& des-ede3 Three key triple DES EDE in ECB mode -\& des3 Alias for des-ede3-cbc -\& des-ede3-cfb Three key triple DES EDE CFB mode -\& des-ede3-ofb Three key triple DES EDE in OFB mode -.Ve -.PP -.Vb 1 +\& +\& bf\-cbc Blowfish in CBC mode +\& bf Alias for bf\-cbc +\& bf\-cfb Blowfish in CFB mode +\& bf\-ecb Blowfish in ECB mode +\& bf\-ofb Blowfish in OFB mode +\& +\& cast\-cbc CAST in CBC mode +\& cast Alias for cast\-cbc +\& cast5\-cbc CAST5 in CBC mode +\& cast5\-cfb CAST5 in CFB mode +\& cast5\-ecb CAST5 in ECB mode +\& cast5\-ofb CAST5 in OFB mode +\& +\& des\-cbc DES in CBC mode +\& des Alias for des\-cbc +\& des\-cfb DES in CBC mode +\& des\-ofb DES in OFB mode +\& des\-ecb DES in ECB mode +\& +\& des\-ede\-cbc Two key triple DES EDE in CBC mode +\& des\-ede Two key triple DES EDE in ECB mode +\& des\-ede\-cfb Two key triple DES EDE in CFB mode +\& des\-ede\-ofb Two key triple DES EDE in OFB mode +\& +\& des\-ede3\-cbc Three key triple DES EDE in CBC mode +\& des\-ede3 Three key triple DES EDE in ECB mode +\& des3 Alias for des\-ede3\-cbc +\& des\-ede3\-cfb Three key triple DES EDE CFB mode +\& des\-ede3\-ofb Three key triple DES EDE in OFB mode +\& \& desx DESX algorithm. -.Ve -.PP -.Vb 5 -\& idea-cbc IDEA algorithm in CBC mode -\& idea same as idea-cbc -\& idea-cfb IDEA in CFB mode -\& idea-ecb IDEA in ECB mode -\& idea-ofb IDEA in OFB mode -.Ve -.PP -.Vb 7 -\& rc2-cbc 128 bit RC2 in CBC mode -\& rc2 Alias for rc2-cbc -\& rc2-cfb 128 bit RC2 in CFB mode -\& rc2-ecb 128 bit RC2 in ECB mode -\& rc2-ofb 128 bit RC2 in OFB mode -\& rc2-64-cbc 64 bit RC2 in CBC mode -\& rc2-40-cbc 40 bit RC2 in CBC mode -.Ve -.PP -.Vb 3 +\& +\& idea\-cbc IDEA algorithm in CBC mode +\& idea same as idea\-cbc +\& idea\-cfb IDEA in CFB mode +\& idea\-ecb IDEA in ECB mode +\& idea\-ofb IDEA in OFB mode +\& +\& rc2\-cbc 128 bit RC2 in CBC mode +\& rc2 Alias for rc2\-cbc +\& rc2\-cfb 128 bit RC2 in CFB mode +\& rc2\-ecb 128 bit RC2 in ECB mode +\& rc2\-ofb 128 bit RC2 in OFB mode +\& rc2\-64\-cbc 64 bit RC2 in CBC mode +\& rc2\-40\-cbc 40 bit RC2 in CBC mode +\& \& rc4 128 bit RC4 -\& rc4-64 64 bit RC4 -\& rc4-40 40 bit RC4 -.Ve -.PP -.Vb 5 -\& rc5-cbc RC5 cipher in CBC mode -\& rc5 Alias for rc5-cbc -\& rc5-cfb RC5 cipher in CFB mode -\& rc5-ecb RC5 cipher in ECB mode -\& rc5-ofb RC5 cipher in OFB mode -.Ve -.PP -.Vb 7 -\& aes-[128|192|256]-cbc 128/192/256 bit AES in CBC mode -\& aes-[128|192|256] Alias for aes-[128|192|256]-cbc -\& aes-[128|192|256]-cfb 128/192/256 bit AES in 128 bit CFB mode -\& aes-[128|192|256]-cfb1 128/192/256 bit AES in 1 bit CFB mode -\& aes-[128|192|256]-cfb8 128/192/256 bit AES in 8 bit CFB mode -\& aes-[128|192|256]-ecb 128/192/256 bit AES in ECB mode -\& aes-[128|192|256]-ofb 128/192/256 bit AES in OFB mode +\& rc4\-64 64 bit RC4 +\& rc4\-40 40 bit RC4 +\& +\& rc5\-cbc RC5 cipher in CBC mode +\& rc5 Alias for rc5\-cbc +\& rc5\-cfb RC5 cipher in CFB mode +\& rc5\-ecb RC5 cipher in ECB mode +\& rc5\-ofb RC5 cipher in OFB mode +\& +\& aes\-[128|192|256]\-cbc 128/192/256 bit AES in CBC mode +\& aes\-[128|192|256] Alias for aes\-[128|192|256]\-cbc +\& aes\-[128|192|256]\-cfb 128/192/256 bit AES in 128 bit CFB mode +\& aes\-[128|192|256]\-cfb1 128/192/256 bit AES in 1 bit CFB mode +\& aes\-[128|192|256]\-cfb8 128/192/256 bit AES in 8 bit CFB mode +\& aes\-[128|192|256]\-ecb 128/192/256 bit AES in ECB mode +\& aes\-[128|192|256]\-ofb 128/192/256 bit AES in OFB mode .Ve .SH "EXAMPLES" .IX Header "EXAMPLES" Just base64 encode a binary file: .PP .Vb 1 -\& openssl base64 -in file.bin -out file.b64 +\& openssl base64 \-in file.bin \-out file.b64 .Ve .PP Decode the same file .PP .Vb 1 -\& openssl base64 -d -in file.b64 -out file.bin +\& openssl base64 \-d \-in file.b64 \-out file.bin .Ve .PP Encrypt a file using triple \s-1DES\s0 in \s-1CBC\s0 mode using a prompted password: .PP .Vb 1 -\& openssl des3 -salt -in file.txt -out file.des3 +\& openssl des3 \-salt \-in file.txt \-out file.des3 .Ve .PP Decrypt a file using a supplied password: .PP .Vb 1 -\& openssl des3 -d -salt -in file.des3 -out file.txt -k mypassword +\& openssl des3 \-d \-salt \-in file.des3 \-out file.txt \-k mypassword .Ve .PP Encrypt a file then base64 encode it (so it can be sent via mail for example) using Blowfish in \s-1CBC\s0 mode: .PP .Vb 1 -\& openssl bf -a -salt -in file.txt -out file.bf +\& openssl bf \-a \-salt \-in file.txt \-out file.bf .Ve .PP Base64 decode a file then decrypt it: .PP .Vb 1 -\& openssl bf -d -salt -a -in file.bf -out file.txt +\& openssl bf \-d \-salt \-a \-in file.bf \-out file.txt .Ve .PP Decrypt some data using a supplied 40 bit \s-1RC4\s0 key: .PP .Vb 1 -\& openssl rc4-40 -in file.rc4 -out file.txt -K 0102030405 +\& openssl rc4\-40 \-in file.rc4 \-out file.txt \-K 0102030405 .Ve .SH "BUGS" .IX Header "BUGS" diff --git a/secure/usr.bin/openssl/man/errstr.1 b/secure/usr.bin/openssl/man/errstr.1 index 0f9c075..d579aa0 100644 --- a/secure/usr.bin/openssl/man/errstr.1 +++ b/secure/usr.bin/openssl/man/errstr.1 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.37 +.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -25,11 +17,11 @@ .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to -.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C' -.\" expand to `' in nroff, nothing in troff, for use with C<>. -.tr \(*W-|\(bv\*(Tr +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- @@ -48,22 +40,25 @@ . ds R" '' 'br\} .\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.if \nF \{\ +.ie \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . nr % 0 . rr F .\} -.\" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.hy 0 -.if n .na +.el \{\ +. de IX +.. +.\} .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +124,11 @@ .\" ======================================================================== .\" .IX Title "ERRSTR 1" -.TH ERRSTR 1 "2010-03-24" "0.9.8n" "OpenSSL" +.TH ERRSTR 1 "2010-11-16" "0.9.8p" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh .SH "NAME" errstr \- lookup error codes .SH "SYNOPSIS" diff --git a/secure/usr.bin/openssl/man/gendsa.1 b/secure/usr.bin/openssl/man/gendsa.1 index f8a472d..1a584a7 100644 --- a/secure/usr.bin/openssl/man/gendsa.1 +++ b/secure/usr.bin/openssl/man/gendsa.1 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.37 +.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -25,11 +17,11 @@ .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to -.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C' -.\" expand to `' in nroff, nothing in troff, for use with C<>. -.tr \(*W-|\(bv\*(Tr +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- @@ -48,22 +40,25 @@ . ds R" '' 'br\} .\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.if \nF \{\ +.ie \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . nr % 0 . rr F .\} -.\" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.hy 0 -.if n .na +.el \{\ +. de IX +.. +.\} .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +124,11 @@ .\" ======================================================================== .\" .IX Title "GENDSA 1" -.TH GENDSA 1 "2010-03-24" "0.9.8n" "OpenSSL" +.TH GENDSA 1 "2010-11-16" "0.9.8p" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh .SH "NAME" gendsa \- generate a DSA private key from a set of parameters .SH "SYNOPSIS" @@ -158,7 +157,7 @@ If none of these options is specified no encryption is used. a file or files containing random data used to seed the random number generator, or an \s-1EGD\s0 socket (see \fIRAND_egd\fR\|(3)). Multiple files can be specified separated by a OS-dependent character. -The separator is \fB;\fR for MS\-Windows, \fB,\fR for OpenVMS, and \fB:\fR for +The separator is \fB;\fR for MS-Windows, \fB,\fR for OpenVMS, and \fB:\fR for all others. .IP "\fB\-engine id\fR" 4 .IX Item "-engine id" diff --git a/secure/usr.bin/openssl/man/genrsa.1 b/secure/usr.bin/openssl/man/genrsa.1 index 4be978d..9b28efa 100644 --- a/secure/usr.bin/openssl/man/genrsa.1 +++ b/secure/usr.bin/openssl/man/genrsa.1 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.37 +.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -25,11 +17,11 @@ .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to -.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C' -.\" expand to `' in nroff, nothing in troff, for use with C<>. -.tr \(*W-|\(bv\*(Tr +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- @@ -48,22 +40,25 @@ . ds R" '' 'br\} .\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.if \nF \{\ +.ie \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . nr % 0 . rr F .\} -.\" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.hy 0 -.if n .na +.el \{\ +. de IX +.. +.\} .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +124,11 @@ .\" ======================================================================== .\" .IX Title "GENRSA 1" -.TH GENRSA 1 "2010-03-24" "0.9.8n" "OpenSSL" +.TH GENRSA 1 "2010-11-16" "0.9.8p" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh .SH "NAME" genrsa \- generate an RSA private key .SH "SYNOPSIS" @@ -153,7 +152,7 @@ The \fBgenrsa\fR command generates an \s-1RSA\s0 private key. .IP "\fB\-out filename\fR" 4 .IX Item "-out filename" the output filename. If this argument is not specified then standard output is -used. +used. .IP "\fB\-passout arg\fR" 4 .IX Item "-passout arg" the output file password source. For more information about the format of \fBarg\fR @@ -172,7 +171,7 @@ the public exponent to use, either 65537 or 3. The default is 65537. a file or files containing random data used to seed the random number generator, or an \s-1EGD\s0 socket (see \fIRAND_egd\fR\|(3)). Multiple files can be specified separated by a OS-dependent character. -The separator is \fB;\fR for MS\-Windows, \fB,\fR for OpenVMS, and \fB:\fR for +The separator is \fB;\fR for MS-Windows, \fB,\fR for OpenVMS, and \fB:\fR for all others. .IP "\fB\-engine id\fR" 4 .IX Item "-engine id" diff --git a/secure/usr.bin/openssl/man/nseq.1 b/secure/usr.bin/openssl/man/nseq.1 index b239d58..8e74ba1 100644 --- a/secure/usr.bin/openssl/man/nseq.1 +++ b/secure/usr.bin/openssl/man/nseq.1 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.37 +.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -25,11 +17,11 @@ .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to -.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C' -.\" expand to `' in nroff, nothing in troff, for use with C<>. -.tr \(*W-|\(bv\*(Tr +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- @@ -48,22 +40,25 @@ . ds R" '' 'br\} .\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.if \nF \{\ +.ie \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . nr % 0 . rr F .\} -.\" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.hy 0 -.if n .na +.el \{\ +. de IX +.. +.\} .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +124,11 @@ .\" ======================================================================== .\" .IX Title "NSEQ 1" -.TH NSEQ 1 "2010-03-24" "0.9.8n" "OpenSSL" +.TH NSEQ 1 "2010-11-16" "0.9.8p" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh .SH "NAME" nseq \- create or examine a netscape certificate sequence .SH "SYNOPSIS" @@ -164,21 +163,21 @@ a file of certificates. Output the certificates in a Netscape certificate sequence .PP .Vb 1 -\& openssl nseq -in nseq.pem -out certs.pem +\& openssl nseq \-in nseq.pem \-out certs.pem .Ve .PP Create a Netscape certificate sequence .PP .Vb 1 -\& openssl nseq -in certs.pem -toseq -out nseq.pem +\& openssl nseq \-in certs.pem \-toseq \-out nseq.pem .Ve .SH "NOTES" .IX Header "NOTES" The \fB\s-1PEM\s0\fR encoded form uses the same headers and footers as a certificate: .PP .Vb 2 -\& -----BEGIN CERTIFICATE----- -\& -----END CERTIFICATE----- +\& \-\-\-\-\-BEGIN CERTIFICATE\-\-\-\-\- +\& \-\-\-\-\-END CERTIFICATE\-\-\-\-\- .Ve .PP A Netscape certificate sequence is a Netscape specific form that can be sent diff --git a/secure/usr.bin/openssl/man/ocsp.1 b/secure/usr.bin/openssl/man/ocsp.1 index 5f18173..8080acf 100644 --- a/secure/usr.bin/openssl/man/ocsp.1 +++ b/secure/usr.bin/openssl/man/ocsp.1 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.37 +.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -25,11 +17,11 @@ .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to -.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C' -.\" expand to `' in nroff, nothing in troff, for use with C<>. -.tr \(*W-|\(bv\*(Tr +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- @@ -48,22 +40,25 @@ . ds R" '' 'br\} .\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.if \nF \{\ +.ie \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . nr % 0 . rr F .\} -.\" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.hy 0 -.if n .na +.el \{\ +. de IX +.. +.\} .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +124,11 @@ .\" ======================================================================== .\" .IX Title "OCSP 1" -.TH OCSP 1 "2010-03-24" "0.9.8n" "OpenSSL" +.TH OCSP 1 "2010-11-16" "0.9.8p" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh .SH "NAME" ocsp \- Online Certificate Status Protocol utility .SH "SYNOPSIS" @@ -346,7 +345,7 @@ Port to listen for \s-1OCSP\s0 requests on. The port may also be specified using option. .IP "\fB\-nrequest number\fR" 4 .IX Item "-nrequest number" -The \s-1OCSP\s0 server will exit after receiving \fBnumber\fR requests, default unlimited. +The \s-1OCSP\s0 server will exit after receiving \fBnumber\fR requests, default unlimited. .IP "\fB\-nmin minutes\fR, \fB\-ndays days\fR" 4 .IX Item "-nmin minutes, -ndays days" Number of minutes or days when fresh revocation information is available: used in the @@ -390,7 +389,7 @@ multiple CAs and has its own separate certificate chain then its root \&\s-1CA\s0 can be trusted for \s-1OCSP\s0 signing. For example: .PP .Vb 1 -\& openssl x509 -in ocspCA.pem -addtrust OCSPSigning -out trustedCA.pem +\& openssl x509 \-in ocspCA.pem \-addtrust OCSPSigning \-out trustedCA.pem .Ve .PP Alternatively the responder certificate itself can be explicitly trusted @@ -416,49 +415,49 @@ script using the \fBrespin\fR and \fBrespout\fR options. Create an \s-1OCSP\s0 request and write it to a file: .PP .Vb 1 -\& openssl ocsp -issuer issuer.pem -cert c1.pem -cert c2.pem -reqout req.der +\& openssl ocsp \-issuer issuer.pem \-cert c1.pem \-cert c2.pem \-reqout req.der .Ve .PP Send a query to an \s-1OCSP\s0 responder with \s-1URL\s0 http://ocsp.myhost.com/ save the response to a file and print it out in text form .PP .Vb 2 -\& openssl ocsp -issuer issuer.pem -cert c1.pem -cert c2.pem \e -\& -url http://ocsp.myhost.com/ -resp_text -respout resp.der +\& openssl ocsp \-issuer issuer.pem \-cert c1.pem \-cert c2.pem \e +\& \-url http://ocsp.myhost.com/ \-resp_text \-respout resp.der .Ve .PP Read in an \s-1OCSP\s0 response and print out text form: .PP .Vb 1 -\& openssl ocsp -respin resp.der -text +\& openssl ocsp \-respin resp.der \-text .Ve .PP \&\s-1OCSP\s0 server on port 8888 using a standard \fBca\fR configuration, and a separate responder certificate. All requests and responses are printed to a file. .PP .Vb 2 -\& openssl ocsp -index demoCA/index.txt -port 8888 -rsigner rcert.pem -CA demoCA/cacert.pem -\& -text -out log.txt +\& openssl ocsp \-index demoCA/index.txt \-port 8888 \-rsigner rcert.pem \-CA demoCA/cacert.pem +\& \-text \-out log.txt .Ve .PP As above but exit after processing one request: .PP .Vb 2 -\& openssl ocsp -index demoCA/index.txt -port 8888 -rsigner rcert.pem -CA demoCA/cacert.pem -\& -nrequest 1 +\& openssl ocsp \-index demoCA/index.txt \-port 8888 \-rsigner rcert.pem \-CA demoCA/cacert.pem +\& \-nrequest 1 .Ve .PP Query status information using internally generated request: .PP .Vb 2 -\& openssl ocsp -index demoCA/index.txt -rsigner rcert.pem -CA demoCA/cacert.pem -\& -issuer demoCA/cacert.pem -serial 1 +\& openssl ocsp \-index demoCA/index.txt \-rsigner rcert.pem \-CA demoCA/cacert.pem +\& \-issuer demoCA/cacert.pem \-serial 1 .Ve .PP Query status information using request read from a file, write response to a second file. .PP .Vb 2 -\& openssl ocsp -index demoCA/index.txt -rsigner rcert.pem -CA demoCA/cacert.pem -\& -reqin req.der -respout resp.der +\& openssl ocsp \-index demoCA/index.txt \-rsigner rcert.pem \-CA demoCA/cacert.pem +\& \-reqin req.der \-respout resp.der .Ve diff --git a/secure/usr.bin/openssl/man/openssl.1 b/secure/usr.bin/openssl/man/openssl.1 index b097a96..0cf9d61 100644 --- a/secure/usr.bin/openssl/man/openssl.1 +++ b/secure/usr.bin/openssl/man/openssl.1 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.37 +.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -25,11 +17,11 @@ .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to -.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C' -.\" expand to `' in nroff, nothing in troff, for use with C<>. -.tr \(*W-|\(bv\*(Tr +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- @@ -48,22 +40,25 @@ . ds R" '' 'br\} .\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.if \nF \{\ +.ie \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . nr % 0 . rr F .\} -.\" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.hy 0 -.if n .na +.el \{\ +. de IX +.. +.\} .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +124,11 @@ .\" ======================================================================== .\" .IX Title "OPENSSL 1" -.TH OPENSSL 1 "2010-03-24" "0.9.8n" "OpenSSL" +.TH OPENSSL 1 "2010-11-16" "0.9.8p" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh .SH "NAME" openssl \- OpenSSL command line tool .SH "SYNOPSIS" @@ -150,7 +149,7 @@ cryptography standards required by them. .PP The \fBopenssl\fR program is a command line tool for using the various cryptography functions of OpenSSL's \fBcrypto\fR library from the shell. -It can be used for +It can be used for .PP .Vb 6 \& o Creation of RSA, DH and DSA key parameters @@ -181,14 +180,14 @@ same name, this provides an easy way for shell scripts to test for the availability of ciphers in the \fBopenssl\fR program. (\fBno\-\fR\fI\s-1XXX\s0\fR is not able to detect pseudo-commands such as \fBquit\fR, \&\fBlist\-\fR\fI...\fR\fB\-commands\fR, or \fBno\-\fR\fI\s-1XXX\s0\fR itself.) -.Sh "\s-1STANDARD\s0 \s-1COMMANDS\s0" +.SS "\s-1STANDARD\s0 \s-1COMMANDS\s0" .IX Subsection "STANDARD COMMANDS" .IP "\fBasn1parse\fR" 10 .IX Item "asn1parse" Parse an \s-1ASN\s0.1 sequence. .IP "\fBca\fR" 10 .IX Item "ca" -Certificate Authority (\s-1CA\s0) Management. +Certificate Authority (\s-1CA\s0) Management. .IP "\fBciphers\fR" 10 .IX Item "ciphers" Cipher Suite Description Determination. @@ -289,7 +288,7 @@ OpenSSL Version Information. .IP "\fBx509\fR" 10 .IX Item "x509" X.509 Certificate Data Management. -.Sh "\s-1MESSAGE\s0 \s-1DIGEST\s0 \s-1COMMANDS\s0" +.SS "\s-1MESSAGE\s0 \s-1DIGEST\s0 \s-1COMMANDS\s0" .IX Subsection "MESSAGE DIGEST COMMANDS" .IP "\fBmd2\fR" 10 .IX Item "md2" @@ -321,7 +320,7 @@ X.509 Certificate Data Management. .IP "\fBsha512\fR" 10 .IX Item "sha512" \&\s-1SHA\-512\s0 Digest -.Sh "\s-1ENCODING\s0 \s-1AND\s0 \s-1CIPHER\s0 \s-1COMMANDS\s0" +.SS "\s-1ENCODING\s0 \s-1AND\s0 \s-1CIPHER\s0 \s-1COMMANDS\s0" .IX Subsection "ENCODING AND CIPHER COMMANDS" .IP "\fBbase64\fR" 10 .IX Item "base64" @@ -400,7 +399,7 @@ read the password from standard input. \&\fIs_server\fR\|(1), \fIs_time\fR\|(1), \&\fIsmime\fR\|(1), \fIspkac\fR\|(1), \&\fIverify\fR\|(1), \fIversion\fR\|(1), \fIx509\fR\|(1), -\&\fIcrypto\fR\|(3), \fIssl\fR\|(3) +\&\fIcrypto\fR\|(3), \fIssl\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" The \fIopenssl\fR\|(1) document appeared in OpenSSL 0.9.2. diff --git a/secure/usr.bin/openssl/man/passwd.1 b/secure/usr.bin/openssl/man/passwd.1 index 3937bd2..405c605 100644 --- a/secure/usr.bin/openssl/man/passwd.1 +++ b/secure/usr.bin/openssl/man/passwd.1 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.37 +.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -25,11 +17,11 @@ .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to -.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C' -.\" expand to `' in nroff, nothing in troff, for use with C<>. -.tr \(*W-|\(bv\*(Tr +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- @@ -48,22 +40,25 @@ . ds R" '' 'br\} .\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.if \nF \{\ +.ie \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . nr % 0 . rr F .\} -.\" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.hy 0 -.if n .na +.el \{\ +. de IX +.. +.\} .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +124,11 @@ .\" ======================================================================== .\" .IX Title "PASSWD 1" -.TH PASSWD 1 "2010-03-24" "0.9.8n" "OpenSSL" +.TH PASSWD 1 "2010-11-16" "0.9.8p" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh .SH "NAME" passwd \- compute password hashes .SH "SYNOPSIS" @@ -188,6 +187,6 @@ to each password hash. .IX Header "EXAMPLES" \&\fBopenssl passwd \-crypt \-salt xx password\fR prints \fBxxj31ZMTZzkVA\fR. .PP -\&\fBopenssl passwd \-1 \-salt xxxxxxxx password\fR prints \fB$1$xxxxxxxx$UYCIxa628.9qXjpQCjM4a.\fR. +\&\fBopenssl passwd \-1 \-salt xxxxxxxx password\fR prints \fB\f(CB$1\fB$xxxxxxxx$UYCIxa628.9qXjpQCjM4a.\fR. .PP -\&\fBopenssl passwd \-apr1 \-salt xxxxxxxx password\fR prints \fB$apr1$xxxxxxxx$dxHfLAsjHkDRmG83UXe8K0\fR. +\&\fBopenssl passwd \-apr1 \-salt xxxxxxxx password\fR prints \fB\f(CB$apr1\fB$xxxxxxxx$dxHfLAsjHkDRmG83UXe8K0\fR. diff --git a/secure/usr.bin/openssl/man/pkcs12.1 b/secure/usr.bin/openssl/man/pkcs12.1 index d468c69..9eeb47c 100644 --- a/secure/usr.bin/openssl/man/pkcs12.1 +++ b/secure/usr.bin/openssl/man/pkcs12.1 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.37 +.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -25,11 +17,11 @@ .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to -.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C' -.\" expand to `' in nroff, nothing in troff, for use with C<>. -.tr \(*W-|\(bv\*(Tr +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- @@ -48,22 +40,25 @@ . ds R" '' 'br\} .\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.if \nF \{\ +.ie \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . nr % 0 . rr F .\} -.\" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.hy 0 -.if n .na +.el \{\ +. de IX +.. +.\} .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +124,11 @@ .\" ======================================================================== .\" .IX Title "PKCS12 1" -.TH PKCS12 1 "2010-03-24" "0.9.8n" "OpenSSL" +.TH PKCS12 1 "2010-11-16" "0.9.8p" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh .SH "NAME" pkcs12 \- PKCS#12 file utility .SH "SYNOPSIS" @@ -331,7 +330,7 @@ to be needed to use \s-1MAC\s0 iterations counts but they are now used by defaul a file or files containing random data used to seed the random number generator, or an \s-1EGD\s0 socket (see \fIRAND_egd\fR\|(3)). Multiple files can be specified separated by a OS-dependent character. -The separator is \fB;\fR for MS\-Windows, \fB,\fR for OpenVMS, and \fB:\fR for +The separator is \fB;\fR for MS-Windows, \fB,\fR for OpenVMS, and \fB:\fR for all others. .SH "NOTES" .IX Header "NOTES" @@ -361,38 +360,38 @@ description of all algorithms is contained in the \fBpkcs8\fR manual page. Parse a PKCS#12 file and output it to a file: .PP .Vb 1 -\& openssl pkcs12 -in file.p12 -out file.pem +\& openssl pkcs12 \-in file.p12 \-out file.pem .Ve .PP Output only client certificates to a file: .PP .Vb 1 -\& openssl pkcs12 -in file.p12 -clcerts -out file.pem +\& openssl pkcs12 \-in file.p12 \-clcerts \-out file.pem .Ve .PP Don't encrypt the private key: .PP .Vb 1 -\& openssl pkcs12 -in file.p12 -out file.pem -nodes +\& openssl pkcs12 \-in file.p12 \-out file.pem \-nodes .Ve .PP Print some info about a PKCS#12 file: .PP .Vb 1 -\& openssl pkcs12 -in file.p12 -info -noout +\& openssl pkcs12 \-in file.p12 \-info \-noout .Ve .PP Create a PKCS#12 file: .PP .Vb 1 -\& openssl pkcs12 -export -in file.pem -out file.p12 -name "My Certificate" +\& openssl pkcs12 \-export \-in file.pem \-out file.p12 \-name "My Certificate" .Ve .PP Include some extra certificates: .PP .Vb 2 -\& openssl pkcs12 -export -in file.pem -out file.p12 -name "My Certificate" \e -\& -certfile othercerts.pem +\& openssl pkcs12 \-export \-in file.pem \-out file.p12 \-name "My Certificate" \e +\& \-certfile othercerts.pem .Ve .SH "BUGS" .IX Header "BUGS" @@ -416,8 +415,8 @@ from the PKCS#12 file using an older version of OpenSSL and recreating the PKCS# file from the keys and certificates using a newer version of OpenSSL. For example: .PP .Vb 2 -\& old-openssl -in bad.p12 -out keycerts.pem -\& openssl -in keycerts.pem -export -name "My PKCS#12 file" -out fixed.p12 +\& old\-openssl \-in bad.p12 \-out keycerts.pem +\& openssl \-in keycerts.pem \-export \-name "My PKCS#12 file" \-out fixed.p12 .Ve .SH "SEE ALSO" .IX Header "SEE ALSO" diff --git a/secure/usr.bin/openssl/man/pkcs7.1 b/secure/usr.bin/openssl/man/pkcs7.1 index 79b134e..40bf064 100644 --- a/secure/usr.bin/openssl/man/pkcs7.1 +++ b/secure/usr.bin/openssl/man/pkcs7.1 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.37 +.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -25,11 +17,11 @@ .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to -.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C' -.\" expand to `' in nroff, nothing in troff, for use with C<>. -.tr \(*W-|\(bv\*(Tr +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- @@ -48,22 +40,25 @@ . ds R" '' 'br\} .\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.if \nF \{\ +.ie \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . nr % 0 . rr F .\} -.\" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.hy 0 -.if n .na +.el \{\ +. de IX +.. +.\} .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +124,11 @@ .\" ======================================================================== .\" .IX Title "PKCS7 1" -.TH PKCS7 1 "2010-03-24" "0.9.8n" "OpenSSL" +.TH PKCS7 1 "2010-11-16" "0.9.8p" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh .SH "NAME" pkcs7 \- PKCS#7 utility .SH "SYNOPSIS" @@ -188,28 +187,28 @@ for all available algorithms. Convert a PKCS#7 file from \s-1PEM\s0 to \s-1DER:\s0 .PP .Vb 1 -\& openssl pkcs7 -in file.pem -outform DER -out file.der +\& openssl pkcs7 \-in file.pem \-outform DER \-out file.der .Ve .PP Output all certificates in a file: .PP .Vb 1 -\& openssl pkcs7 -in file.pem -print_certs -out certs.pem +\& openssl pkcs7 \-in file.pem \-print_certs \-out certs.pem .Ve .SH "NOTES" .IX Header "NOTES" The \s-1PEM\s0 PKCS#7 format uses the header and footer lines: .PP .Vb 2 -\& -----BEGIN PKCS7----- -\& -----END PKCS7----- +\& \-\-\-\-\-BEGIN PKCS7\-\-\-\-\- +\& \-\-\-\-\-END PKCS7\-\-\-\-\- .Ve .PP For compatibility with some CAs it will also accept: .PP .Vb 2 -\& -----BEGIN CERTIFICATE----- -\& -----END CERTIFICATE----- +\& \-\-\-\-\-BEGIN CERTIFICATE\-\-\-\-\- +\& \-\-\-\-\-END CERTIFICATE\-\-\-\-\- .Ve .SH "RESTRICTIONS" .IX Header "RESTRICTIONS" diff --git a/secure/usr.bin/openssl/man/pkcs8.1 b/secure/usr.bin/openssl/man/pkcs8.1 index bb07c73..4cc0a68 100644 --- a/secure/usr.bin/openssl/man/pkcs8.1 +++ b/secure/usr.bin/openssl/man/pkcs8.1 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.37 +.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -25,11 +17,11 @@ .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to -.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C' -.\" expand to `' in nroff, nothing in troff, for use with C<>. -.tr \(*W-|\(bv\*(Tr +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- @@ -48,22 +40,25 @@ . ds R" '' 'br\} .\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.if \nF \{\ +.ie \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . nr % 0 . rr F .\} -.\" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.hy 0 -.if n .na +.el \{\ +. de IX +.. +.\} .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +124,11 @@ .\" ======================================================================== .\" .IX Title "PKCS8 1" -.TH PKCS8 1 "2010-03-24" "0.9.8n" "OpenSSL" +.TH PKCS8 1 "2010-11-16" "0.9.8p" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh .SH "NAME" pkcs8 \- PKCS#8 format private key conversion tool .SH "SYNOPSIS" @@ -246,15 +245,15 @@ The encrypted form of a \s-1PEM\s0 encode PKCS#8 files uses the following headers and footers: .PP .Vb 2 -\& -----BEGIN ENCRYPTED PRIVATE KEY----- -\& -----END ENCRYPTED PRIVATE KEY----- +\& \-\-\-\-\-BEGIN ENCRYPTED PRIVATE KEY\-\-\-\-\- +\& \-\-\-\-\-END ENCRYPTED PRIVATE KEY\-\-\-\-\- .Ve .PP The unencrypted form uses: .PP .Vb 2 -\& -----BEGIN PRIVATE KEY----- -\& -----END PRIVATE KEY----- +\& \-\-\-\-\-BEGIN PRIVATE KEY\-\-\-\-\- +\& \-\-\-\-\-END PRIVATE KEY\-\-\-\-\- .Ve .PP Private keys encrypted using PKCS#5 v2.0 algorithms and high iteration @@ -297,33 +296,33 @@ Convert a private from traditional to PKCS#5 v2.0 format using triple \&\s-1DES:\s0 .PP .Vb 1 -\& openssl pkcs8 -in key.pem -topk8 -v2 des3 -out enckey.pem +\& openssl pkcs8 \-in key.pem \-topk8 \-v2 des3 \-out enckey.pem .Ve .PP Convert a private key to PKCS#8 using a PKCS#5 1.5 compatible algorithm (\s-1DES\s0): .PP .Vb 1 -\& openssl pkcs8 -in key.pem -topk8 -out enckey.pem +\& openssl pkcs8 \-in key.pem \-topk8 \-out enckey.pem .Ve .PP Convert a private key to PKCS#8 using a PKCS#12 compatible algorithm (3DES): .PP .Vb 1 -\& openssl pkcs8 -in key.pem -topk8 -out enckey.pem -v1 PBE-SHA1-3DES +\& openssl pkcs8 \-in key.pem \-topk8 \-out enckey.pem \-v1 PBE\-SHA1\-3DES .Ve .PP Read a \s-1DER\s0 unencrypted PKCS#8 format private key: .PP .Vb 1 -\& openssl pkcs8 -inform DER -nocrypt -in key.der -out key.pem +\& openssl pkcs8 \-inform DER \-nocrypt \-in key.der \-out key.pem .Ve .PP Convert a private key from any PKCS#8 format to traditional format: .PP .Vb 1 -\& openssl pkcs8 -in pk8.pem -out key.pem +\& openssl pkcs8 \-in pk8.pem \-out key.pem .Ve .SH "STANDARDS" .IX Header "STANDARDS" @@ -348,4 +347,4 @@ the old format at present. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fIdsa\fR\|(1), \fIrsa\fR\|(1), \fIgenrsa\fR\|(1), -\&\fIgendsa\fR\|(1) +\&\fIgendsa\fR\|(1) diff --git a/secure/usr.bin/openssl/man/rand.1 b/secure/usr.bin/openssl/man/rand.1 index 279bc04..115a453 100644 --- a/secure/usr.bin/openssl/man/rand.1 +++ b/secure/usr.bin/openssl/man/rand.1 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.37 +.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -25,11 +17,11 @@ .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to -.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C' -.\" expand to `' in nroff, nothing in troff, for use with C<>. -.tr \(*W-|\(bv\*(Tr +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- @@ -48,22 +40,25 @@ . ds R" '' 'br\} .\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.if \nF \{\ +.ie \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . nr % 0 . rr F .\} -.\" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.hy 0 -.if n .na +.el \{\ +. de IX +.. +.\} .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +124,11 @@ .\" ======================================================================== .\" .IX Title "RAND 1" -.TH RAND 1 "2010-03-24" "0.9.8n" "OpenSSL" +.TH RAND 1 "2010-11-16" "0.9.8p" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh .SH "NAME" rand \- generate pseudo\-random bytes .SH "SYNOPSIS" @@ -144,9 +143,9 @@ rand \- generate pseudo\-random bytes .IX Header "DESCRIPTION" The \fBrand\fR command outputs \fInum\fR pseudo-random bytes after seeding the random number generator once. As in other \fBopenssl\fR command -line tools, \s-1PRNG\s0 seeding uses the file \fI$HOME/\fR\fB.rnd\fR or \fB.rnd\fR +line tools, \s-1PRNG\s0 seeding uses the file \fI\f(CI$HOME\fI/\fR\fB.rnd\fR or \fB.rnd\fR in addition to the files given in the \fB\-rand\fR option. A new -\&\fI$HOME\fR/\fB.rnd\fR or \fB.rnd\fR file will be written back if enough +\&\fI\f(CI$HOME\fI\fR/\fB.rnd\fR or \fB.rnd\fR file will be written back if enough seeding was obtained from these sources. .SH "OPTIONS" .IX Header "OPTIONS" @@ -158,7 +157,7 @@ Write to \fIfile\fR instead of standard output. Use specified file or files or \s-1EGD\s0 socket (see \fIRAND_egd\fR\|(3)) for seeding the random number generator. Multiple files can be specified separated by a OS-dependent character. -The separator is \fB;\fR for MS\-Windows, \fB,\fR for OpenVMS, and \fB:\fR for +The separator is \fB;\fR for MS-Windows, \fB,\fR for OpenVMS, and \fB:\fR for all others. .IP "\fB\-base64\fR" 4 .IX Item "-base64" diff --git a/secure/usr.bin/openssl/man/req.1 b/secure/usr.bin/openssl/man/req.1 index e8b1f83..8f5dd2b 100644 --- a/secure/usr.bin/openssl/man/req.1 +++ b/secure/usr.bin/openssl/man/req.1 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.37 +.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -25,11 +17,11 @@ .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to -.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C' -.\" expand to `' in nroff, nothing in troff, for use with C<>. -.tr \(*W-|\(bv\*(Tr +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- @@ -48,22 +40,25 @@ . ds R" '' 'br\} .\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.if \nF \{\ +.ie \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . nr % 0 . rr F .\} -.\" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.hy 0 -.if n .na +.el \{\ +. de IX +.. +.\} .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +124,11 @@ .\" ======================================================================== .\" .IX Title "REQ 1" -.TH REQ 1 "2010-03-24" "0.9.8n" "OpenSSL" +.TH REQ 1 "2010-11-16" "0.9.8p" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh .SH "NAME" req \- PKCS#10 certificate request and certificate generating utility. .SH "SYNOPSIS" @@ -234,7 +233,7 @@ key using information specified in the configuration file. a file or files containing random data used to seed the random number generator, or an \s-1EGD\s0 socket (see \fIRAND_egd\fR\|(3)). Multiple files can be specified separated by a OS-dependent character. -The separator is \fB;\fR for MS\-Windows, \fB,\fR for OpenVMS, and \fB:\fR for +The separator is \fB;\fR for MS-Windows, \fB,\fR for OpenVMS, and \fB:\fR for all others. .IP "\fB\-newkey arg\fR" 4 .IX Item "-newkey arg" @@ -383,7 +382,7 @@ overridden by the \fB\-keyout\fR option. This specifies a file containing additional \fB\s-1OBJECT\s0 \s-1IDENTIFIERS\s0\fR. Each line of the file should consist of the numerical form of the object identifier followed by white space then the short name followed -by white space and finally the long name. +by white space and finally the long name. .IP "\fBoid_section\fR" 4 .IX Item "oid_section" This specifies a section in the configuration file containing extra @@ -509,26 +508,26 @@ will be treated as though they were a DirectoryString. Examine and verify certificate request: .PP .Vb 1 -\& openssl req -in req.pem -text -verify -noout +\& openssl req \-in req.pem \-text \-verify \-noout .Ve .PP Create a private key and then generate a certificate request from it: .PP .Vb 2 -\& openssl genrsa -out key.pem 1024 -\& openssl req -new -key key.pem -out req.pem +\& openssl genrsa \-out key.pem 1024 +\& openssl req \-new \-key key.pem \-out req.pem .Ve .PP The same but just using req: .PP .Vb 1 -\& openssl req -newkey rsa:1024 -keyout key.pem -out req.pem +\& openssl req \-newkey rsa:1024 \-keyout key.pem \-out req.pem .Ve .PP Generate a self signed root certificate: .PP .Vb 1 -\& openssl req -x509 -newkey rsa:1024 -keyout key.pem -out req.pem +\& openssl req \-x509 \-newkey rsa:1024 \-keyout key.pem \-out req.pem .Ve .PP Example of a file pointed to by the \fBoid_file\fR option: @@ -555,50 +554,32 @@ Sample configuration file prompting for field values: \& distinguished_name = req_distinguished_name \& attributes = req_attributes \& x509_extensions = v3_ca -.Ve -.PP -.Vb 1 +\& \& dirstring_type = nobmp -.Ve -.PP -.Vb 5 +\& \& [ req_distinguished_name ] \& countryName = Country Name (2 letter code) \& countryName_default = AU \& countryName_min = 2 \& countryName_max = 2 -.Ve -.PP -.Vb 1 +\& \& localityName = Locality Name (eg, city) -.Ve -.PP -.Vb 1 +\& \& organizationalUnitName = Organizational Unit Name (eg, section) -.Ve -.PP -.Vb 2 +\& \& commonName = Common Name (eg, YOUR name) \& commonName_max = 64 -.Ve -.PP -.Vb 2 +\& \& emailAddress = Email Address \& emailAddress_max = 40 -.Ve -.PP -.Vb 4 +\& \& [ req_attributes ] \& challengePassword = A challenge password \& challengePassword_min = 4 \& challengePassword_max = 20 -.Ve -.PP -.Vb 1 +\& \& [ v3_ca ] -.Ve -.PP -.Vb 3 +\& \& subjectKeyIdentifier=hash \& authorityKeyIdentifier=keyid:always,issuer:always \& basicConstraints = CA:true @@ -608,9 +589,7 @@ Sample configuration containing all field values: .PP .Vb 1 \& RANDFILE = $ENV::HOME/.rnd -.Ve -.PP -.Vb 7 +\& \& [ req ] \& default_bits = 1024 \& default_keyfile = keyfile.pem @@ -618,9 +597,7 @@ Sample configuration containing all field values: \& attributes = req_attributes \& prompt = no \& output_password = mypass -.Ve -.PP -.Vb 8 +\& \& [ req_distinguished_name ] \& C = GB \& ST = Test State or Province @@ -629,9 +606,7 @@ Sample configuration containing all field values: \& OU = Organizational Unit Name \& CN = Common Name \& emailAddress = test@email.address -.Ve -.PP -.Vb 2 +\& \& [ req_attributes ] \& challengePassword = A challenge password .Ve @@ -640,15 +615,15 @@ Sample configuration containing all field values: The header and footer lines in the \fB\s-1PEM\s0\fR format are normally: .PP .Vb 2 -\& -----BEGIN CERTIFICATE REQUEST----- -\& -----END CERTIFICATE REQUEST----- +\& \-\-\-\-\-BEGIN CERTIFICATE REQUEST\-\-\-\-\- +\& \-\-\-\-\-END CERTIFICATE REQUEST\-\-\-\-\- .Ve .PP some software (some versions of Netscape certificate server) instead needs: .PP .Vb 2 -\& -----BEGIN NEW CERTIFICATE REQUEST----- -\& -----END NEW CERTIFICATE REQUEST----- +\& \-\-\-\-\-BEGIN NEW CERTIFICATE REQUEST\-\-\-\-\- +\& \-\-\-\-\-END NEW CERTIFICATE REQUEST\-\-\-\-\- .Ve .PP which is produced with the \fB\-newhdr\fR option but is otherwise compatible. @@ -670,7 +645,7 @@ The following messages are frequently asked about: This is followed some time later by... .PP .Vb 2 -\& unable to find 'distinguished_name' in config +\& unable to find \*(Aqdistinguished_name\*(Aq in config \& problems making Certificate Request .Ve .PP diff --git a/secure/usr.bin/openssl/man/rsa.1 b/secure/usr.bin/openssl/man/rsa.1 index 03ed5aa..b504453 100644 --- a/secure/usr.bin/openssl/man/rsa.1 +++ b/secure/usr.bin/openssl/man/rsa.1 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.37 +.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -25,11 +17,11 @@ .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to -.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C' -.\" expand to `' in nroff, nothing in troff, for use with C<>. -.tr \(*W-|\(bv\*(Tr +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- @@ -48,22 +40,25 @@ . ds R" '' 'br\} .\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.if \nF \{\ +.ie \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . nr % 0 . rr F .\} -.\" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.hy 0 -.if n .na +.el \{\ +. de IX +.. +.\} .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +124,11 @@ .\" ======================================================================== .\" .IX Title "RSA 1" -.TH RSA 1 "2010-03-24" "0.9.8n" "OpenSSL" +.TH RSA 1 "2010-11-16" "0.9.8p" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh .SH "NAME" rsa \- RSA key processing tool .SH "SYNOPSIS" @@ -208,7 +207,7 @@ These options can only be used with \s-1PEM\s0 format output files. .IP "\fB\-text\fR" 4 .IX Item "-text" prints out the various public or private key components in -plain text in addition to the encoded version. +plain text in addition to the encoded version. .IP "\fB\-noout\fR" 4 .IX Item "-noout" this option prevents output of the encoded version of the key. @@ -238,15 +237,15 @@ for all available algorithms. The \s-1PEM\s0 private key format uses the header and footer lines: .PP .Vb 2 -\& -----BEGIN RSA PRIVATE KEY----- -\& -----END RSA PRIVATE KEY----- +\& \-\-\-\-\-BEGIN RSA PRIVATE KEY\-\-\-\-\- +\& \-\-\-\-\-END RSA PRIVATE KEY\-\-\-\-\- .Ve .PP The \s-1PEM\s0 public key format uses the header and footer lines: .PP .Vb 2 -\& -----BEGIN PUBLIC KEY----- -\& -----END PUBLIC KEY----- +\& \-\-\-\-\-BEGIN PUBLIC KEY\-\-\-\-\- +\& \-\-\-\-\-END PUBLIC KEY\-\-\-\-\- .Ve .PP The \fB\s-1NET\s0\fR form is a format compatible with older Netscape servers @@ -255,7 +254,7 @@ It is not very secure and so should only be used when necessary. .PP Some newer version of \s-1IIS\s0 have additional data in the exported .key files. To use these with the utility, view the file with a binary editor -and look for the string \*(L"private\-key\*(R", then trace back to the byte +and look for the string \*(L"private-key\*(R", then trace back to the byte sequence 0x30, 0x82 (this is an \s-1ASN1\s0 \s-1SEQUENCE\s0). Copy all the data from this point onwards to another file and use that as the input to the \fBrsa\fR utility with the \fB\-inform \s-1NET\s0\fR option. If you get @@ -265,31 +264,31 @@ an error after entering the password try the \fB\-sgckey\fR option. To remove the pass phrase on an \s-1RSA\s0 private key: .PP .Vb 1 -\& openssl rsa -in key.pem -out keyout.pem +\& openssl rsa \-in key.pem \-out keyout.pem .Ve .PP To encrypt a private key using triple \s-1DES:\s0 .PP .Vb 1 -\& openssl rsa -in key.pem -des3 -out keyout.pem +\& openssl rsa \-in key.pem \-des3 \-out keyout.pem .Ve .PP -To convert a private key from \s-1PEM\s0 to \s-1DER\s0 format: +To convert a private key from \s-1PEM\s0 to \s-1DER\s0 format: .PP .Vb 1 -\& openssl rsa -in key.pem -outform DER -out keyout.der +\& openssl rsa \-in key.pem \-outform DER \-out keyout.der .Ve .PP To print out the components of a private key to standard output: .PP .Vb 1 -\& openssl rsa -in key.pem -text -noout +\& openssl rsa \-in key.pem \-text \-noout .Ve .PP To just output the public part of a private key: .PP .Vb 1 -\& openssl rsa -in key.pem -pubout -out pubkey.pem +\& openssl rsa \-in key.pem \-pubout \-out pubkey.pem .Ve .SH "BUGS" .IX Header "BUGS" @@ -301,4 +300,4 @@ without having to manually edit them. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fIpkcs8\fR\|(1), \fIdsa\fR\|(1), \fIgenrsa\fR\|(1), -\&\fIgendsa\fR\|(1) +\&\fIgendsa\fR\|(1) diff --git a/secure/usr.bin/openssl/man/rsautl.1 b/secure/usr.bin/openssl/man/rsautl.1 index f4ae4db..a2ad8e6 100644 --- a/secure/usr.bin/openssl/man/rsautl.1 +++ b/secure/usr.bin/openssl/man/rsautl.1 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.37 +.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -25,11 +17,11 @@ .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to -.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C' -.\" expand to `' in nroff, nothing in troff, for use with C<>. -.tr \(*W-|\(bv\*(Tr +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- @@ -48,22 +40,25 @@ . ds R" '' 'br\} .\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.if \nF \{\ +.ie \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . nr % 0 . rr F .\} -.\" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.hy 0 -.if n .na +.el \{\ +. de IX +.. +.\} .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +124,11 @@ .\" ======================================================================== .\" .IX Title "RSAUTL 1" -.TH RSAUTL 1 "2010-03-24" "0.9.8n" "OpenSSL" +.TH RSAUTL 1 "2010-11-16" "0.9.8p" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh .SH "NAME" rsautl \- RSA utility .SH "SYNOPSIS" @@ -168,10 +167,10 @@ default. the input key file, by default it should be an \s-1RSA\s0 private key. .IP "\fB\-pubin\fR" 4 .IX Item "-pubin" -the input file is an \s-1RSA\s0 public key. +the input file is an \s-1RSA\s0 public key. .IP "\fB\-certin\fR" 4 .IX Item "-certin" -the input is a certificate containing an \s-1RSA\s0 public key. +the input is a certificate containing an \s-1RSA\s0 public key. .IP "\fB\-sign\fR" 4 .IX Item "-sign" sign the input data and output the signed result. This requires @@ -207,30 +206,28 @@ used to sign or verify small pieces of data. Sign some data using a private key: .PP .Vb 1 -\& openssl rsautl -sign -in file -inkey key.pem -out sig +\& openssl rsautl \-sign \-in file \-inkey key.pem \-out sig .Ve .PP Recover the signed data .PP .Vb 1 -\& openssl rsautl -verify -in sig -inkey key.pem +\& openssl rsautl \-verify \-in sig \-inkey key.pem .Ve .PP Examine the raw signed data: .PP .Vb 1 -\& openssl rsautl -verify -in file -inkey key.pem -raw -hexdump -.Ve -.PP -.Vb 8 -\& 0000 - 00 01 ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................ -\& 0010 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................ -\& 0020 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................ -\& 0030 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................ -\& 0040 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................ -\& 0050 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................ -\& 0060 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................ -\& 0070 - ff ff ff ff 00 68 65 6c-6c 6f 20 77 6f 72 6c 64 .....hello world +\& openssl rsautl \-verify \-in file \-inkey key.pem \-raw \-hexdump +\& +\& 0000 \- 00 01 ff ff ff ff ff ff\-ff ff ff ff ff ff ff ff ................ +\& 0010 \- ff ff ff ff ff ff ff ff\-ff ff ff ff ff ff ff ff ................ +\& 0020 \- ff ff ff ff ff ff ff ff\-ff ff ff ff ff ff ff ff ................ +\& 0030 \- ff ff ff ff ff ff ff ff\-ff ff ff ff ff ff ff ff ................ +\& 0040 \- ff ff ff ff ff ff ff ff\-ff ff ff ff ff ff ff ff ................ +\& 0050 \- ff ff ff ff ff ff ff ff\-ff ff ff ff ff ff ff ff ................ +\& 0060 \- ff ff ff ff ff ff ff ff\-ff ff ff ff ff ff ff ff ................ +\& 0070 \- ff ff ff ff 00 68 65 6c\-6c 6f 20 77 6f 72 6c 64 .....hello world .Ve .PP The PKCS#1 block formatting is evident from this. If this was done using @@ -242,10 +239,8 @@ utility in conjunction with \fBasn1parse\fR. Consider the self signed example in certs/pca\-cert.pem . Running \fBasn1parse\fR as follows yields: .PP .Vb 1 -\& openssl asn1parse -in pca-cert.pem -.Ve -.PP -.Vb 18 +\& openssl asn1parse \-in pca\-cert.pem +\& \& 0:d=0 hl=4 l= 742 cons: SEQUENCE \& 4:d=1 hl=4 l= 591 cons: SEQUENCE \& 8:d=2 hl=2 l= 3 cons: cont [ 0 ] @@ -269,28 +264,26 @@ example in certs/pca\-cert.pem . Running \fBasn1parse\fR as follows yields: The final \s-1BIT\s0 \s-1STRING\s0 contains the actual signature. It can be extracted with: .PP .Vb 1 -\& openssl asn1parse -in pca-cert.pem -out sig -noout -strparse 614 +\& openssl asn1parse \-in pca\-cert.pem \-out sig \-noout \-strparse 614 .Ve .PP The certificate public key can be extracted with: .PP .Vb 1 -\& openssl x509 -in test/testx509.pem -pubkey -noout >pubkey.pem +\& openssl x509 \-in test/testx509.pem \-pubkey \-noout >pubkey.pem .Ve .PP The signature can be analysed with: .PP .Vb 1 -\& openssl rsautl -in sig -verify -asn1parse -inkey pubkey.pem -pubin -.Ve -.PP -.Vb 6 +\& openssl rsautl \-in sig \-verify \-asn1parse \-inkey pubkey.pem \-pubin +\& \& 0:d=0 hl=2 l= 32 cons: SEQUENCE \& 2:d=1 hl=2 l= 12 cons: SEQUENCE \& 4:d=2 hl=2 l= 8 prim: OBJECT :md5 \& 14:d=2 hl=2 l= 0 prim: NULL \& 16:d=1 hl=2 l= 16 prim: OCTET STRING -\& 0000 - f3 46 9e aa 1a 4a 73 c9-37 ea 93 00 48 25 08 b5 .F...Js.7...H%.. +\& 0000 \- f3 46 9e aa 1a 4a 73 c9\-37 ea 93 00 48 25 08 b5 .F...Js.7...H%.. .Ve .PP This is the parsed version of an \s-1ASN1\s0 DigestInfo structure. It can be seen that @@ -298,13 +291,13 @@ the digest used was md5. The actual part of the certificate that was signed can be extracted with: .PP .Vb 1 -\& openssl asn1parse -in pca-cert.pem -out tbs -noout -strparse 4 +\& openssl asn1parse \-in pca\-cert.pem \-out tbs \-noout \-strparse 4 .Ve .PP and its digest computed with: .PP .Vb 2 -\& openssl md5 -c tbs +\& openssl md5 \-c tbs \& MD5(tbs)= f3:46:9e:aa:1a:4a:73:c9:37:ea:93:00:48:25:08:b5 .Ve .PP diff --git a/secure/usr.bin/openssl/man/s_client.1 b/secure/usr.bin/openssl/man/s_client.1 index ff2b640..931189f 100644 --- a/secure/usr.bin/openssl/man/s_client.1 +++ b/secure/usr.bin/openssl/man/s_client.1 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.37 +.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -25,11 +17,11 @@ .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to -.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C' -.\" expand to `' in nroff, nothing in troff, for use with C<>. -.tr \(*W-|\(bv\*(Tr +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- @@ -48,22 +40,25 @@ . ds R" '' 'br\} .\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.if \nF \{\ +.ie \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . nr % 0 . rr F .\} -.\" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.hy 0 -.if n .na +.el \{\ +. de IX +.. +.\} .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +124,11 @@ .\" ======================================================================== .\" .IX Title "S_CLIENT 1" -.TH S_CLIENT 1 "2010-03-24" "0.9.8n" "OpenSSL" +.TH S_CLIENT 1 "2010-11-16" "0.9.8p" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh .SH "NAME" s_client \- SSL/TLS client program .SH "SYNOPSIS" @@ -315,7 +314,7 @@ for all available algorithms. a file or files containing random data used to seed the random number generator, or an \s-1EGD\s0 socket (see \fIRAND_egd\fR\|(3)). Multiple files can be specified separated by a OS-dependent character. -The separator is \fB;\fR for MS\-Windows, \fB,\fR for OpenVMS, and \fB:\fR for +The separator is \fB;\fR for MS-Windows, \fB,\fR for OpenVMS, and \fB:\fR for all others. .SH "CONNECTED COMMANDS" .IX Header "CONNECTED COMMANDS" @@ -331,7 +330,7 @@ connection will be closed down. server the command: .PP .Vb 1 -\& openssl s_client -connect servername:443 +\& openssl s_client \-connect servername:443 .Ve .PP would typically be used (https uses port 443). If the connection succeeds diff --git a/secure/usr.bin/openssl/man/s_server.1 b/secure/usr.bin/openssl/man/s_server.1 index 467f7b0..e51e6f4 100644 --- a/secure/usr.bin/openssl/man/s_server.1 +++ b/secure/usr.bin/openssl/man/s_server.1 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.37 +.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -25,11 +17,11 @@ .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to -.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C' -.\" expand to `' in nroff, nothing in troff, for use with C<>. -.tr \(*W-|\(bv\*(Tr +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- @@ -48,22 +40,25 @@ . ds R" '' 'br\} .\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.if \nF \{\ +.ie \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . nr % 0 . rr F .\} -.\" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.hy 0 -.if n .na +.el \{\ +. de IX +.. +.\} .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +124,11 @@ .\" ======================================================================== .\" .IX Title "S_SERVER 1" -.TH S_SERVER 1 "2010-03-24" "0.9.8n" "OpenSSL" +.TH S_SERVER 1 "2010-11-16" "0.9.8p" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh .SH "NAME" s_server \- SSL/TLS server program .SH "SYNOPSIS" @@ -315,7 +314,7 @@ the \fBciphers\fR command for more information. print out a hex dump of any \s-1TLS\s0 extensions received from the server. .IP "\fB\-no_ticket\fR" 4 .IX Item "-no_ticket" -disable RFC4507bis session ticket support. +disable RFC4507bis session ticket support. .IP "\fB\-www\fR" 4 .IX Item "-www" sends a status message back to the client when it connects. This includes @@ -351,13 +350,13 @@ IDs (eg. with a certain prefix). a file or files containing random data used to seed the random number generator, or an \s-1EGD\s0 socket (see \fIRAND_egd\fR\|(3)). Multiple files can be specified separated by a OS-dependent character. -The separator is \fB;\fR for MS\-Windows, \fB,\fR for OpenVMS, and \fB:\fR for +The separator is \fB;\fR for MS-Windows, \fB,\fR for OpenVMS, and \fB:\fR for all others. .SH "CONNECTED COMMANDS" .IX Header "CONNECTED COMMANDS" If a connection request is established with an \s-1SSL\s0 client and neither the \&\fB\-www\fR nor the \fB\-WWW\fR option has been used then normally any data received -from the client is displayed and any key presses will be sent to the client. +from the client is displayed and any key presses will be sent to the client. .PP Certain single letter commands are also recognized which perform special operations: these are listed below. @@ -386,7 +385,7 @@ print out some session cache status information. a web browser the command: .PP .Vb 1 -\& openssl s_server -accept 443 -www +\& openssl s_server \-accept 443 \-www .Ve .PP can be used for example. diff --git a/secure/usr.bin/openssl/man/s_time.1 b/secure/usr.bin/openssl/man/s_time.1 index 9642134..e769409 100644 --- a/secure/usr.bin/openssl/man/s_time.1 +++ b/secure/usr.bin/openssl/man/s_time.1 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.37 +.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -25,11 +17,11 @@ .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to -.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C' -.\" expand to `' in nroff, nothing in troff, for use with C<>. -.tr \(*W-|\(bv\*(Tr +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- @@ -48,22 +40,25 @@ . ds R" '' 'br\} .\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.if \nF \{\ +.ie \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . nr % 0 . rr F .\} -.\" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.hy 0 -.if n .na +.el \{\ +. de IX +.. +.\} .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +124,11 @@ .\" ======================================================================== .\" .IX Title "S_TIME 1" -.TH S_TIME 1 "2010-03-24" "0.9.8n" "OpenSSL" +.TH S_TIME 1 "2010-11-16" "0.9.8p" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh .SH "NAME" s_time \- SSL/TLS performance timing program .SH "SYNOPSIS" @@ -238,7 +237,7 @@ and the link speed determine how many connections \fBs_time\fR can establish. To connect to an \s-1SSL\s0 \s-1HTTP\s0 server and get the default page the command .PP .Vb 1 -\& openssl s_time -connect servername:443 -www / -CApath yourdir -CAfile yourfile.pem -cipher commoncipher [-ssl3] +\& openssl s_time \-connect servername:443 \-www / \-CApath yourdir \-CAfile yourfile.pem \-cipher commoncipher [\-ssl3] .Ve .PP would typically be used (https uses port 443). 'commoncipher' is a cipher to diff --git a/secure/usr.bin/openssl/man/sess_id.1 b/secure/usr.bin/openssl/man/sess_id.1 index 134cdb2..3d59b8c 100644 --- a/secure/usr.bin/openssl/man/sess_id.1 +++ b/secure/usr.bin/openssl/man/sess_id.1 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.37 +.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -25,11 +17,11 @@ .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to -.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C' -.\" expand to `' in nroff, nothing in troff, for use with C<>. -.tr \(*W-|\(bv\*(Tr +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- @@ -48,22 +40,25 @@ . ds R" '' 'br\} .\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.if \nF \{\ +.ie \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . nr % 0 . rr F .\} -.\" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.hy 0 -.if n .na +.el \{\ +. de IX +.. +.\} .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +124,11 @@ .\" ======================================================================== .\" .IX Title "SESS_ID 1" -.TH SESS_ID 1 "2010-03-24" "0.9.8n" "OpenSSL" +.TH SESS_ID 1 "2010-11-16" "0.9.8p" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh .SH "NAME" sess_id \- SSL/TLS session handling utility .SH "SYNOPSIS" @@ -170,7 +169,7 @@ output if this option is not specified. .IP "\fB\-text\fR" 4 .IX Item "-text" prints out the various public or private key components in -plain text in addition to the encoded version. +plain text in addition to the encoded version. .IP "\fB\-cert\fR" 4 .IX Item "-cert" if a certificate is present in the session it will be output using this option, @@ -188,13 +187,13 @@ be used. Typical output: .PP .Vb 10 -\& SSL-Session: +\& SSL\-Session: \& Protocol : TLSv1 \& Cipher : 0016 -\& Session-ID: 871E62626C554CE95488823752CBD5F3673A3EF3DCE9C67BD916C809914B40ED -\& Session-ID-ctx: 01000000 -\& Master-Key: A7CEFC571974BE02CAC305269DC59F76EA9F0B180CB6642697A68251F2D2BB57E51DBBB4C7885573192AE9AEE220FACD -\& Key-Arg : None +\& Session\-ID: 871E62626C554CE95488823752CBD5F3673A3EF3DCE9C67BD916C809914B40ED +\& Session\-ID\-ctx: 01000000 +\& Master\-Key: A7CEFC571974BE02CAC305269DC59F76EA9F0B180CB6642697A68251F2D2BB57E51DBBB4C7885573192AE9AEE220FACD +\& Key\-Arg : None \& Start Time: 948459261 \& Timeout : 300 (sec) \& Verify return code 0 (ok) @@ -234,8 +233,8 @@ this is the return code when an \s-1SSL\s0 client certificate is verified. The \s-1PEM\s0 encoded session format uses the header and footer lines: .PP .Vb 2 -\& -----BEGIN SSL SESSION PARAMETERS----- -\& -----END SSL SESSION PARAMETERS----- +\& \-\-\-\-\-BEGIN SSL SESSION PARAMETERS\-\-\-\-\- +\& \-\-\-\-\-END SSL SESSION PARAMETERS\-\-\-\-\- .Ve .PP Since the \s-1SSL\s0 session output contains the master key it is possible to read the contents diff --git a/secure/usr.bin/openssl/man/smime.1 b/secure/usr.bin/openssl/man/smime.1 index a10fdfe..e6cab4c 100644 --- a/secure/usr.bin/openssl/man/smime.1 +++ b/secure/usr.bin/openssl/man/smime.1 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.37 +.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -25,11 +17,11 @@ .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to -.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C' -.\" expand to `' in nroff, nothing in troff, for use with C<>. -.tr \(*W-|\(bv\*(Tr +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- @@ -48,22 +40,25 @@ . ds R" '' 'br\} .\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.if \nF \{\ +.ie \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . nr % 0 . rr F .\} -.\" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.hy 0 -.if n .na +.el \{\ +. de IX +.. +.\} .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +124,11 @@ .\" ======================================================================== .\" .IX Title "SMIME 1" -.TH SMIME 1 "2010-03-24" "0.9.8n" "OpenSSL" +.TH SMIME 1 "2010-11-16" "0.9.8p" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh .SH "NAME" smime \- S/MIME utility .SH "SYNOPSIS" @@ -315,12 +314,12 @@ see the \fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR section in \fIopenssl\f a file or files containing random data used to seed the random number generator, or an \s-1EGD\s0 socket (see \fIRAND_egd\fR\|(3)). Multiple files can be specified separated by a OS-dependent character. -The separator is \fB;\fR for MS\-Windows, \fB,\fR for OpenVMS, and \fB:\fR for +The separator is \fB;\fR for MS-Windows, \fB,\fR for OpenVMS, and \fB:\fR for all others. .IP "\fBcert.pem...\fR" 4 .IX Item "cert.pem..." one or more certificates of message recipients: used when encrypting -a message. +a message. .IP "\fB\-to, \-from, \-subject\fR" 4 .IX Item "-to, -from, -subject" the relevant mail headers. These are included outside the signed @@ -377,54 +376,54 @@ the signers certificates. Create a cleartext signed message: .PP .Vb 2 -\& openssl smime -sign -in message.txt -text -out mail.msg \e -\& -signer mycert.pem +\& openssl smime \-sign \-in message.txt \-text \-out mail.msg \e +\& \-signer mycert.pem .Ve .PP -Create and opaque signed message +Create and opaque signed message: .PP .Vb 2 -\& openssl smime -sign -in message.txt -text -out mail.msg -nodetach \e -\& -signer mycert.pem +\& openssl smime \-sign \-in message.txt \-text \-out mail.msg \-nodetach \e +\& \-signer mycert.pem .Ve .PP Create a signed message, include some additional certificates and read the private key from another file: .PP .Vb 2 -\& openssl smime -sign -in in.txt -text -out mail.msg \e -\& -signer mycert.pem -inkey mykey.pem -certfile mycerts.pem +\& openssl smime \-sign \-in in.txt \-text \-out mail.msg \e +\& \-signer mycert.pem \-inkey mykey.pem \-certfile mycerts.pem .Ve .PP Send a signed message under Unix directly to sendmail, including headers: .PP .Vb 3 -\& openssl smime -sign -in in.txt -text -signer mycert.pem \e -\& -from steve@openssl.org -to someone@somewhere \e -\& -subject "Signed message" | sendmail someone@somewhere +\& openssl smime \-sign \-in in.txt \-text \-signer mycert.pem \e +\& \-from steve@openssl.org \-to someone@somewhere \e +\& \-subject "Signed message" | sendmail someone@somewhere .Ve .PP Verify a message and extract the signer's certificate if successful: .PP .Vb 1 -\& openssl smime -verify -in mail.msg -signer user.pem -out signedtext.txt +\& openssl smime \-verify \-in mail.msg \-signer user.pem \-out signedtext.txt .Ve .PP Send encrypted mail using triple \s-1DES:\s0 .PP .Vb 3 -\& openssl smime -encrypt -in in.txt -from steve@openssl.org \e -\& -to someone@somewhere -subject "Encrypted message" \e -\& -des3 user.pem -out mail.msg +\& openssl smime \-encrypt \-in in.txt \-from steve@openssl.org \e +\& \-to someone@somewhere \-subject "Encrypted message" \e +\& \-des3 user.pem \-out mail.msg .Ve .PP Sign and encrypt mail: .PP .Vb 4 -\& openssl smime -sign -in ml.txt -signer my.pem -text \e -\& | openssl smime -encrypt -out mail.msg \e -\& -from steve@openssl.org -to someone@somewhere \e -\& -subject "Signed and Encrypted message" -des3 user.pem +\& openssl smime \-sign \-in ml.txt \-signer my.pem \-text \e +\& | openssl smime \-encrypt \-out mail.msg \e +\& \-from steve@openssl.org \-to someone@somewhere \e +\& \-subject "Signed and Encrypted message" \-des3 user.pem .Ve .PP Note: the encryption command does not include the \fB\-text\fR option because the message @@ -433,7 +432,7 @@ being encrypted already has \s-1MIME\s0 headers. Decrypt mail: .PP .Vb 1 -\& openssl smime -decrypt -in mail.msg -recip mycert.pem -inkey key.pem +\& openssl smime \-decrypt \-in mail.msg \-recip mycert.pem \-inkey key.pem .Ve .PP The output from Netscape form signing is a PKCS#7 structure with the @@ -442,26 +441,26 @@ signature by line wrapping the base64 encoded structure and surrounding it with: .PP .Vb 2 -\& -----BEGIN PKCS7----- -\& -----END PKCS7----- +\& \-\-\-\-\-BEGIN PKCS7\-\-\-\-\- +\& \-\-\-\-\-END PKCS7\-\-\-\-\- .Ve .PP -and using the command, +and using the command: .PP .Vb 1 -\& openssl smime -verify -inform PEM -in signature.pem -content content.txt +\& openssl smime \-verify \-inform PEM \-in signature.pem \-content content.txt .Ve .PP -alternatively you can base64 decode the signature and use +Alternatively you can base64 decode the signature and use: .PP .Vb 1 -\& openssl smime -verify -inform DER -in signature.der -content content.txt +\& openssl smime \-verify \-inform DER \-in signature.der \-content content.txt .Ve .PP Create an encrypted message using 128 bit Camellia: .PP .Vb 1 -\& openssl smime -encrypt -in plain.txt -camellia128 -out mail.msg cert.pem +\& openssl smime \-encrypt \-in plain.txt \-camellia128 \-out mail.msg cert.pem .Ve .SH "BUGS" .IX Header "BUGS" @@ -475,7 +474,7 @@ should be some heuristic that determines the correct encryption certificate. Ideally a database should be maintained of a certificates for each email address. .PP The code doesn't currently take note of the permitted symmetric encryption -algorithms as supplied in the SMIMECapabilities signed attribute. this means the +algorithms as supplied in the SMIMECapabilities signed attribute. This means the user has to manually include the correct encryption algorithm. It should store the list of permitted ciphers in a database and only use those. .PP diff --git a/secure/usr.bin/openssl/man/speed.1 b/secure/usr.bin/openssl/man/speed.1 index 5b0b299..c6849b8 100644 --- a/secure/usr.bin/openssl/man/speed.1 +++ b/secure/usr.bin/openssl/man/speed.1 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.37 +.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -25,11 +17,11 @@ .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to -.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C' -.\" expand to `' in nroff, nothing in troff, for use with C<>. -.tr \(*W-|\(bv\*(Tr +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- @@ -48,22 +40,25 @@ . ds R" '' 'br\} .\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.if \nF \{\ +.ie \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . nr % 0 . rr F .\} -.\" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.hy 0 -.if n .na +.el \{\ +. de IX +.. +.\} .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +124,11 @@ .\" ======================================================================== .\" .IX Title "SPEED 1" -.TH SPEED 1 "2010-03-24" "0.9.8n" "OpenSSL" +.TH SPEED 1 "2010-11-16" "0.9.8p" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh .SH "NAME" speed \- test library performance .SH "SYNOPSIS" diff --git a/secure/usr.bin/openssl/man/spkac.1 b/secure/usr.bin/openssl/man/spkac.1 index 1d749b4..d0760c1 100644 --- a/secure/usr.bin/openssl/man/spkac.1 +++ b/secure/usr.bin/openssl/man/spkac.1 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.37 +.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -25,11 +17,11 @@ .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to -.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C' -.\" expand to `' in nroff, nothing in troff, for use with C<>. -.tr \(*W-|\(bv\*(Tr +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- @@ -48,22 +40,25 @@ . ds R" '' 'br\} .\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.if \nF \{\ +.ie \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . nr % 0 . rr F .\} -.\" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.hy 0 -.if n .na +.el \{\ +. de IX +.. +.\} .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +124,11 @@ .\" ======================================================================== .\" .IX Title "SPKAC 1" -.TH SPKAC 1 "2010-03-24" "0.9.8n" "OpenSSL" +.TH SPKAC 1 "2010-11-16" "0.9.8p" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh .SH "NAME" spkac \- SPKAC printing and generating utility .SH "SYNOPSIS" @@ -204,19 +203,19 @@ for all available algorithms. Print out the contents of an \s-1SPKAC:\s0 .PP .Vb 1 -\& openssl spkac -in spkac.cnf +\& openssl spkac \-in spkac.cnf .Ve .PP Verify the signature of an \s-1SPKAC:\s0 .PP .Vb 1 -\& openssl spkac -in spkac.cnf -noout -verify +\& openssl spkac \-in spkac.cnf \-noout \-verify .Ve .PP Create an \s-1SPKAC\s0 using the challenge string \*(L"hello\*(R": .PP .Vb 1 -\& openssl spkac -key key.pem -challenge hello -out spkac.cnf +\& openssl spkac \-key key.pem \-challenge hello \-out spkac.cnf .Ve .PP Example of an \s-1SPKAC\s0, (long lines split up for clarity): diff --git a/secure/usr.bin/openssl/man/verify.1 b/secure/usr.bin/openssl/man/verify.1 index 51bb25d..34338d2 100644 --- a/secure/usr.bin/openssl/man/verify.1 +++ b/secure/usr.bin/openssl/man/verify.1 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.37 +.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -25,11 +17,11 @@ .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to -.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C' -.\" expand to `' in nroff, nothing in troff, for use with C<>. -.tr \(*W-|\(bv\*(Tr +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- @@ -48,22 +40,25 @@ . ds R" '' 'br\} .\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.if \nF \{\ +.ie \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . nr % 0 . rr F .\} -.\" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.hy 0 -.if n .na +.el \{\ +. de IX +.. +.\} .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +124,11 @@ .\" ======================================================================== .\" .IX Title "VERIFY 1" -.TH VERIFY 1 "2010-03-24" "0.9.8n" "OpenSSL" +.TH VERIFY 1 "2010-11-16" "0.9.8p" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh .SH "NAME" verify \- Utility to verify certificates. .SH "SYNOPSIS" @@ -243,7 +242,7 @@ the \fB\s-1CERTIFICATE\s0 \s-1EXTENSIONS\s0\fR section of the \fBx509\fR utility The third operation is to check the trust settings on the root \s-1CA\s0. The root \&\s-1CA\s0 should be trusted for the supplied purpose. For compatibility with previous versions of SSLeay and OpenSSL a certificate with no trust settings is considered -to be valid for all purposes. +to be valid for all purposes. .PP The final operation is to check the validity of the certificate chain. The validity period is checked against the current system time and the notBefore and notAfter diff --git a/secure/usr.bin/openssl/man/version.1 b/secure/usr.bin/openssl/man/version.1 index a4ca356..529043d 100644 --- a/secure/usr.bin/openssl/man/version.1 +++ b/secure/usr.bin/openssl/man/version.1 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.37 +.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -25,11 +17,11 @@ .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to -.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C' -.\" expand to `' in nroff, nothing in troff, for use with C<>. -.tr \(*W-|\(bv\*(Tr +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- @@ -48,22 +40,25 @@ . ds R" '' 'br\} .\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.if \nF \{\ +.ie \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . nr % 0 . rr F .\} -.\" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.hy 0 -.if n .na +.el \{\ +. de IX +.. +.\} .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +124,11 @@ .\" ======================================================================== .\" .IX Title "VERSION 1" -.TH VERSION 1 "2010-03-24" "0.9.8n" "OpenSSL" +.TH VERSION 1 "2010-11-16" "0.9.8p" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh .SH "NAME" version \- print OpenSSL version information .SH "SYNOPSIS" diff --git a/secure/usr.bin/openssl/man/x509.1 b/secure/usr.bin/openssl/man/x509.1 index 3238a83..34ea002 100644 --- a/secure/usr.bin/openssl/man/x509.1 +++ b/secure/usr.bin/openssl/man/x509.1 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.37 +.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -25,11 +17,11 @@ .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to -.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C' -.\" expand to `' in nroff, nothing in troff, for use with C<>. -.tr \(*W-|\(bv\*(Tr +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- @@ -48,22 +40,25 @@ . ds R" '' 'br\} .\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.if \nF \{\ +.ie \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . nr % 0 . rr F .\} -.\" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.hy 0 -.if n .na +.el \{\ +. de IX +.. +.\} .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +124,11 @@ .\" ======================================================================== .\" .IX Title "X509 1" -.TH X509 1 "2010-03-24" "0.9.8n" "OpenSSL" +.TH X509 1 "2010-11-16" "0.9.8p" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh .SH "NAME" x509 \- Certificate display and signing utility .SH "SYNOPSIS" @@ -191,7 +190,7 @@ Since there are a large number of options they will split up into various sections. .SH "OPTIONS" .IX Header "OPTIONS" -.Sh "\s-1INPUT\s0, \s-1OUTPUT\s0 \s-1AND\s0 \s-1GENERAL\s0 \s-1PURPOSE\s0 \s-1OPTIONS\s0" +.SS "\s-1INPUT\s0, \s-1OUTPUT\s0 \s-1AND\s0 \s-1GENERAL\s0 \s-1PURPOSE\s0 \s-1OPTIONS\s0" .IX Subsection "INPUT, OUTPUT AND GENERAL PURPOSE OPTIONS" .IP "\fB\-inform DER|PEM|NET\fR" 4 .IX Item "-inform DER|PEM|NET" @@ -225,7 +224,7 @@ specifying an engine (by it's unique \fBid\fR string) will cause \fBreq\fR to attempt to obtain a functional reference to the specified engine, thus initialising it if needed. The engine will then be set as the default for all available algorithms. -.Sh "\s-1DISPLAY\s0 \s-1OPTIONS\s0" +.SS "\s-1DISPLAY\s0 \s-1OPTIONS\s0" .IX Subsection "DISPLAY OPTIONS" Note: the \fB\-alias\fR and \fB\-purpose\fR options are also display options but are described in the \fB\s-1TRUST\s0 \s-1SETTINGS\s0\fR section. @@ -292,7 +291,7 @@ prints out the digest of the \s-1DER\s0 encoded version of the whole certificate .IP "\fB\-C\fR" 4 .IX Item "-C" this outputs the certificate in the form of a C source file. -.Sh "\s-1TRUST\s0 \s-1SETTINGS\s0" +.SS "\s-1TRUST\s0 \s-1SETTINGS\s0" .IX Subsection "TRUST SETTINGS" Please note these options are currently experimental and may well change. .PP @@ -349,14 +348,14 @@ option. this option performs tests on the certificate extensions and outputs the results. For a more complete description see the \fB\s-1CERTIFICATE\s0 \&\s-1EXTENSIONS\s0\fR section. -.Sh "\s-1SIGNING\s0 \s-1OPTIONS\s0" +.SS "\s-1SIGNING\s0 \s-1OPTIONS\s0" .IX Subsection "SIGNING OPTIONS" The \fBx509\fR utility can be used to sign certificates and requests: it can thus behave like a \*(L"mini \s-1CA\s0\*(R". .IP "\fB\-signkey filename\fR" 4 .IX Item "-signkey filename" this option causes the input file to be self signed using the supplied -private key. +private key. .Sp If the input file is a certificate it sets the issuer name to the subject name (i.e. makes it self signed) changes the public key to the @@ -441,7 +440,7 @@ the section to add certificate extensions from. If this option is not specified then the extensions should either be contained in the unnamed (default) section or the default section should contain a variable called \&\*(L"extensions\*(R" which contains the section to use. -.Sh "\s-1NAME\s0 \s-1OPTIONS\s0" +.SS "\s-1NAME\s0 \s-1OPTIONS\s0" .IX Subsection "NAME OPTIONS" The \fBnameopt\fR command line switch determines how the subject and issuer names are displayed. If no \fBnameopt\fR switch is present the default \*(L"oneline\*(R" @@ -552,7 +551,7 @@ align field values for a more readable output. Only usable with .IX Item "space_eq" places spaces round the \fB=\fR character which follows the field name. -.Sh "\s-1TEXT\s0 \s-1OPTIONS\s0" +.SS "\s-1TEXT\s0 \s-1OPTIONS\s0" .IX Subsection "TEXT OPTIONS" As well as customising the name output format, it is also possible to customise the actual fields printed using the \fBcertopt\fR options when @@ -617,102 +616,102 @@ line. Display the contents of a certificate: .PP .Vb 1 -\& openssl x509 -in cert.pem -noout -text +\& openssl x509 \-in cert.pem \-noout \-text .Ve .PP Display the certificate serial number: .PP .Vb 1 -\& openssl x509 -in cert.pem -noout -serial +\& openssl x509 \-in cert.pem \-noout \-serial .Ve .PP Display the certificate subject name: .PP .Vb 1 -\& openssl x509 -in cert.pem -noout -subject +\& openssl x509 \-in cert.pem \-noout \-subject .Ve .PP Display the certificate subject name in \s-1RFC2253\s0 form: .PP .Vb 1 -\& openssl x509 -in cert.pem -noout -subject -nameopt RFC2253 +\& openssl x509 \-in cert.pem \-noout \-subject \-nameopt RFC2253 .Ve .PP Display the certificate subject name in oneline form on a terminal supporting \s-1UTF8:\s0 .PP .Vb 1 -\& openssl x509 -in cert.pem -noout -subject -nameopt oneline,-esc_msb +\& openssl x509 \-in cert.pem \-noout \-subject \-nameopt oneline,\-esc_msb .Ve .PP Display the certificate \s-1MD5\s0 fingerprint: .PP .Vb 1 -\& openssl x509 -in cert.pem -noout -fingerprint +\& openssl x509 \-in cert.pem \-noout \-fingerprint .Ve .PP Display the certificate \s-1SHA1\s0 fingerprint: .PP .Vb 1 -\& openssl x509 -sha1 -in cert.pem -noout -fingerprint +\& openssl x509 \-sha1 \-in cert.pem \-noout \-fingerprint .Ve .PP Convert a certificate from \s-1PEM\s0 to \s-1DER\s0 format: .PP .Vb 1 -\& openssl x509 -in cert.pem -inform PEM -out cert.der -outform DER +\& openssl x509 \-in cert.pem \-inform PEM \-out cert.der \-outform DER .Ve .PP Convert a certificate to a certificate request: .PP .Vb 1 -\& openssl x509 -x509toreq -in cert.pem -out req.pem -signkey key.pem +\& openssl x509 \-x509toreq \-in cert.pem \-out req.pem \-signkey key.pem .Ve .PP Convert a certificate request into a self signed certificate using extensions for a \s-1CA:\s0 .PP .Vb 2 -\& openssl x509 -req -in careq.pem -extfile openssl.cnf -extensions v3_ca \e -\& -signkey key.pem -out cacert.pem +\& openssl x509 \-req \-in careq.pem \-extfile openssl.cnf \-extensions v3_ca \e +\& \-signkey key.pem \-out cacert.pem .Ve .PP Sign a certificate request using the \s-1CA\s0 certificate above and add user certificate extensions: .PP .Vb 2 -\& openssl x509 -req -in req.pem -extfile openssl.cnf -extensions v3_usr \e -\& -CA cacert.pem -CAkey key.pem -CAcreateserial +\& openssl x509 \-req \-in req.pem \-extfile openssl.cnf \-extensions v3_usr \e +\& \-CA cacert.pem \-CAkey key.pem \-CAcreateserial .Ve .PP Set a certificate to be trusted for \s-1SSL\s0 client use and change set its alias to \&\*(L"Steve's Class 1 \s-1CA\s0\*(R" .PP .Vb 2 -\& openssl x509 -in cert.pem -addtrust clientAuth \e -\& -setalias "Steve's Class 1 CA" -out trust.pem +\& openssl x509 \-in cert.pem \-addtrust clientAuth \e +\& \-setalias "Steve\*(Aqs Class 1 CA" \-out trust.pem .Ve .SH "NOTES" .IX Header "NOTES" The \s-1PEM\s0 format uses the header and footer lines: .PP .Vb 2 -\& -----BEGIN CERTIFICATE----- -\& -----END CERTIFICATE----- +\& \-\-\-\-\-BEGIN CERTIFICATE\-\-\-\-\- +\& \-\-\-\-\-END CERTIFICATE\-\-\-\-\- .Ve .PP it will also handle files containing: .PP .Vb 2 -\& -----BEGIN X509 CERTIFICATE----- -\& -----END X509 CERTIFICATE----- +\& \-\-\-\-\-BEGIN X509 CERTIFICATE\-\-\-\-\- +\& \-\-\-\-\-END X509 CERTIFICATE\-\-\-\-\- .Ve .PP Trusted certificates have the lines .PP .Vb 2 -\& -----BEGIN TRUSTED CERTIFICATE----- -\& -----END TRUSTED CERTIFICATE----- +\& \-\-\-\-\-BEGIN TRUSTED CERTIFICATE\-\-\-\-\- +\& \-\-\-\-\-END TRUSTED CERTIFICATE\-\-\-\-\- .Ve .PP The conversion to \s-1UTF8\s0 format used with the name options assumes that @@ -817,7 +816,7 @@ if the keyUsage extension is present. The extended key usage extension must be absent or include the \*(L"email protection\*(R" \s-1OID\s0. Netscape certificate type must be absent or must have the S/MIME \s-1CA\s0 bit set: this is used as a work around if the basicConstraints -extension is absent. +extension is absent. .IP "\fB\s-1CRL\s0 Signing\fR" 4 .IX Item "CRL Signing" The keyUsage extension must be absent or it must have the \s-1CRL\s0 signing bit diff --git a/secure/usr.bin/openssl/man/x509v3_config.1 b/secure/usr.bin/openssl/man/x509v3_config.1 index 20705e7..ae7e180 100644 --- a/secure/usr.bin/openssl/man/x509v3_config.1 +++ b/secure/usr.bin/openssl/man/x509v3_config.1 @@ -1,15 +1,7 @@ -.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.37 +.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07) .\" .\" Standard preamble: .\" ======================================================================== -.de Sh \" Subsection heading -.br -.if t .Sp -.ne 5 -.PP -\fB\\$1\fR -.PP -.. .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp @@ -25,11 +17,11 @@ .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left -.\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to -.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C' -.\" expand to `' in nroff, nothing in troff, for use with C<>. -.tr \(*W-|\(bv\*(Tr +.\" double quote, and \*(R" will give a right double quote. \*(C+ will +.\" give a nicer C++. Capital omega is used to do unbreakable dashes and +.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, +.\" nothing in troff, for use with C<>. +.tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- @@ -48,22 +40,25 @@ . ds R" '' 'br\} .\" +.\" Escape single quotes in literal strings from groff's Unicode transform. +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" .\" If the F register is turned on, we'll generate index entries on stderr for -.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. -.if \nF \{\ +.ie \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . nr % 0 . rr F .\} -.\" -.\" For nroff, turn off justification. Always turn off hyphenation; it makes -.\" way too many mistakes in technical documents. -.hy 0 -.if n .na +.el \{\ +. de IX +.. +.\} .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +124,11 @@ .\" ======================================================================== .\" .IX Title "X509V3_CONFIG 1" -.TH X509V3_CONFIG 1 "2010-03-24" "0.9.8n" "OpenSSL" +.TH X509V3_CONFIG 1 "2010-11-16" "0.9.8p" "OpenSSL" +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. +.if n .ad l +.nh .SH "NAME" x509v3_config \- X509 V3 certificate extension configuration format .SH "DESCRIPTION" @@ -171,13 +170,9 @@ The long form allows the values to be placed in a separate section: .PP .Vb 1 \& basicConstraints=critical,@bs_section -.Ve -.PP -.Vb 1 +\& \& [bs_section] -.Ve -.PP -.Vb 2 +\& \& CA=true \& pathlen=1 .Ve @@ -194,7 +189,7 @@ must be used, see the \s-1ARBITRART\s0 \s-1EXTENSIONS\s0 section for more detail .SH "STANDARD EXTENSIONS" .IX Header "STANDARD EXTENSIONS" The following sections describe each supported extension in detail. -.Sh "Basic Constraints." +.SS "Basic Constraints." .IX Subsection "Basic Constraints." This is a multi valued extension which indicates whether a certificate is a \s-1CA\s0 certificate. The first (mandatory) name is \fB\s-1CA\s0\fR followed by \fB\s-1TRUE\s0\fR or @@ -205,13 +200,9 @@ For example: .PP .Vb 1 \& basicConstraints=CA:TRUE -.Ve -.PP -.Vb 1 +\& \& basicConstraints=CA:FALSE -.Ve -.PP -.Vb 1 +\& \& basicConstraints=critical,CA:TRUE, pathlen:0 .Ve .PP @@ -223,7 +214,7 @@ with \s-1CA\s0 set to \s-1FALSE\s0 for end entity certificates. The pathlen parameter indicates the maximum number of CAs that can appear below this one in a chain. So if you have a \s-1CA\s0 with a pathlen of zero it can only be used to sign end user certificates and not further CAs. -.Sh "Key Usage." +.SS "Key Usage." .IX Subsection "Key Usage." Key usage is a multi valued extension consisting of a list of names of the permitted key usages. @@ -236,12 +227,10 @@ Examples: .PP .Vb 1 \& keyUsage=digitalSignature, nonRepudiation -.Ve -.PP -.Vb 1 +\& \& keyUsage=critical, keyCertSign .Ve -.Sh "Extended Key Usage." +.SS "Extended Key Usage." .IX Subsection "Extended Key Usage." This extensions consists of a list of usages indicating purposes for which the certificate public key can be used for, @@ -250,13 +239,13 @@ These can either be object short names of the dotted numerical form of OIDs. While any \s-1OID\s0 can be used only certain values make sense. In particular the following \s-1PKIX\s0, \s-1NS\s0 and \s-1MS\s0 values are meaningful: .PP -.Vb 13 +.Vb 10 \& Value Meaning -\& ----- ------- +\& \-\-\-\-\- \-\-\-\-\-\-\- \& serverAuth SSL/TLS Web Server Authentication. \& clientAuth SSL/TLS Web Client Authentication. \& codeSigning Code signing. -\& emailProtection E-mail Protection (S/MIME). +\& emailProtection E\-mail Protection (S/MIME). \& timeStamping Trusted Timestamping \& msCodeInd Microsoft Individual Code Signing (authenticode) \& msCodeCom Microsoft Commercial Code Signing (authenticode) @@ -272,7 +261,7 @@ Examples: \& extendedKeyUsage=critical,codeSigning,1.2.3.4 \& extendedKeyUsage=nsSGC,msSGC .Ve -.Sh "Subject Key Identifier." +.SS "Subject Key Identifier." .IX Subsection "Subject Key Identifier." This is really a string extension and can take two possible values. Either the word \fBhash\fR which will automatically follow the guidelines in \s-1RFC3280\s0 @@ -284,7 +273,7 @@ Example: .Vb 1 \& subjectKeyIdentifier=hash .Ve -.Sh "Authority Key Identifier." +.SS "Authority Key Identifier." .IX Subsection "Authority Key Identifier." The authority key identifier extension permits two options. keyid and issuer: both can take the optional value \*(L"always\*(R". @@ -302,7 +291,7 @@ Example: .Vb 1 \& authorityKeyIdentifier=keyid,issuer .Ve -.Sh "Subject Alternative Name." +.SS "Subject Alternative Name." .IX Subsection "Subject Alternative Name." The subject alternative name extension allows various literal values to be included in the configuration file. These include \fBemail\fR (an email address) @@ -332,20 +321,16 @@ Examples: \& subjectAltName=IP:13::17 \& subjectAltName=email:my@other.address,RID:1.2.3.4 \& subjectAltName=otherName:1.2.3.4;UTF8:some other identifier -.Ve -.PP -.Vb 1 +\& \& subjectAltName=dirName:dir_sect -.Ve -.PP -.Vb 5 +\& \& [dir_sect] \& C=UK \& O=My Organization \& OU=My Unit \& CN=My Name .Ve -.Sh "Issuer Alternative Name." +.SS "Issuer Alternative Name." .IX Subsection "Issuer Alternative Name." The issuer alternative name option supports all the literal options of subject alternative name. It does \fBnot\fR support the email:copy option because @@ -358,7 +343,7 @@ Example: .Vb 1 \& issuserAltName = issuer:copy .Ve -.Sh "Authority Info Access." +.SS "Authority Info Access." .IX Subsection "Authority Info Access." The authority information access extension gives details about how to access certain information relating to the \s-1CA\s0. Its syntax is accessOID;location @@ -372,7 +357,7 @@ Example: \& authorityInfoAccess = OCSP;URI:http://ocsp.my.host/ \& authorityInfoAccess = caIssuers;URI:http://my.ca/ca.html .Ve -.Sh "\s-1CRL\s0 distribution points." +.SS "\s-1CRL\s0 distribution points." .IX Subsection "CRL distribution points." This is a multi-valued extension that supports all the literal options of subject alternative name. Of the few software packages that currently interpret @@ -390,7 +375,7 @@ Examples: \& crlDistributionPoints=URI:http://myhost.com/myca.crl \& crlDistributionPoints=URI:http://my.com/my.crl,URI:http://oth.com/my.crl .Ve -.Sh "Certificate Policies." +.SS "Certificate Policies." .IX Subsection "Certificate Policies." This is a \fIraw\fR extension. All the fields of this extension can be set by using the appropriate syntax. @@ -432,24 +417,16 @@ Example: .PP .Vb 1 \& certificatePolicies=ia5org,1.2.3.4,1.5.6.7.8,@polsect -.Ve -.PP -.Vb 1 +\& \& [polsect] -.Ve -.PP -.Vb 4 +\& \& policyIdentifier = 1.3.5.8 \& CPS.1="http://my.host.name/" \& CPS.2="http://my.your.name/" \& userNotice.1=@notice -.Ve -.PP -.Vb 1 +\& \& [notice] -.Ve -.PP -.Vb 3 +\& \& explicitText="Explicit Text Here" \& organization="Organisation Name" \& noticeNumbers=1,2,3,4 @@ -458,7 +435,7 @@ Example: The \fBia5org\fR option changes the type of the \fIorganization\fR field. In \s-1RFC2459\s0 it can only be of type DisplayText. In \s-1RFC3280\s0 IA5Strring is also permissible. Some software (for example some versions of \s-1MSIE\s0) may require ia5org. -.Sh "Policy Constraints" +.SS "Policy Constraints" .IX Subsection "Policy Constraints" This is a multi-valued extension which consisting of the names \&\fBrequireExplicitPolicy\fR or \fBinhibitPolicyMapping\fR and a non negative intger @@ -469,7 +446,7 @@ Example: .Vb 1 \& policyConstraints = requireExplicitPolicy:3 .Ve -.Sh "Inhibit Any Policy" +.SS "Inhibit Any Policy" .IX Subsection "Inhibit Any Policy" This is a string extension whose value must be a non negative integer. .PP @@ -478,7 +455,7 @@ Example: .Vb 1 \& inhibitAnyPolicy = 2 .Ve -.Sh "Name Constraints" +.SS "Name Constraints" .IX Subsection "Name Constraints" The name constraints extension is a multi-valued extension. The name should begin with the word \fBpermitted\fR or \fBexcluded\fR followed by a \fB;\fR. The rest of @@ -490,20 +467,16 @@ Examples: .PP .Vb 1 \& nameConstraints=permitted;IP:192.168.0.0/255.255.0.0 -.Ve -.PP -.Vb 1 +\& \& nameConstraints=permitted;email:.somedomain.com -.Ve -.PP -.Vb 1 +\& \& nameConstraints=excluded;email:.com .Ve .SH "DEPRECATED EXTENSIONS" .IX Header "DEPRECATED EXTENSIONS" The following extensions are non standard, Netscape specific and largely obsolete. Their use in new applications is discouraged. -.Sh "Netscape String extensions." +.SS "Netscape String extensions." .IX Subsection "Netscape String extensions." Netscape Comment (\fBnsComment\fR) is a string extension containing a comment which will be displayed when the certificate is viewed in some browsers. @@ -517,7 +490,7 @@ Example: Other supported extensions in this category are: \fBnsBaseUrl\fR, \&\fBnsRevocationUrl\fR, \fBnsCaRevocationUrl\fR, \fBnsRenewalUrl\fR, \fBnsCaPolicyUrl\fR and \fBnsSslServerName\fR. -.Sh "Netscape Certificate Type" +.SS "Netscape Certificate Type" .IX Subsection "Netscape Certificate Type" This is a multi-valued extensions which consists of a list of flags to be included. It was used to indicate the purposes for which a certificate could @@ -540,17 +513,11 @@ using the same syntax as \fIASN1_generate_nconf()\fR. For example: .PP .Vb 1 \& 1.2.3.4=critical,ASN1:UTF8String:Some random data -.Ve -.PP -.Vb 1 +\& \& 1.2.3.4=ASN1:SEQUENCE:seq_sect -.Ve -.PP -.Vb 1 +\& \& [seq_sect] -.Ve -.PP -.Vb 2 +\& \& field1 = UTF8:field1 \& field2 = UTF8:field2 .Ve @@ -593,27 +560,21 @@ will produce an error but the equivalent form: .PP .Vb 1 \& subjectAltName=@subject_alt_section -.Ve -.PP -.Vb 2 +\& \& [subject_alt_section] \& subjectAltName=URI:ldap://somehost.com/CN=foo,OU=bar .Ve .PP -is valid. +is valid. .PP Due to the behaviour of the OpenSSL \fBconf\fR library the same field name can only occur once in a section. This means that: .PP .Vb 1 \& subjectAltName=@alt_section -.Ve -.PP -.Vb 1 +\& \& [alt_section] -.Ve -.PP -.Vb 2 +\& \& email=steve@here \& email=steve@there .Ve @@ -622,9 +583,7 @@ will only recognize the last value. This can be worked around by using the form: .PP .Vb 1 \& [alt_section] -.Ve -.PP -.Vb 2 +\& \& email.1=steve@here \& email.2=steve@there .Ve |
