Annotation of embedaddon/strongswan/src/pki/man/pki---acert.1.in, revision 1.1
1.1 ! misho 1: .TH "PKI \-\-ACERT" 1 "2014-02-05" "@PACKAGE_VERSION@" "strongSwan"
! 2: .
! 3: .SH "NAME"
! 4: .
! 5: pki \-\-acert \- Issue an attribute certificate
! 6: .
! 7: .SH "SYNOPSIS"
! 8: .
! 9: .SY pki\ \-\-acert
! 10: .OP \-\-in file
! 11: .OP \-\-group membership
! 12: .BI \-\-issuerkey\~ file |\-\-issuerkeyid\~ hex
! 13: .BI \-\-issuercert\~ file
! 14: .OP \-\-lifetime hours
! 15: .OP \-\-not-before datetime
! 16: .OP \-\-not-after datetime
! 17: .OP \-\-serial hex
! 18: .OP \-\-digest digest
! 19: .OP \-\-rsa\-padding padding
! 20: .OP \-\-outform encoding
! 21: .OP \-\-debug level
! 22: .YS
! 23: .
! 24: .SY pki\ \-\-acert
! 25: .BI \-\-options\~ file
! 26: .YS
! 27: .
! 28: .SY "pki \-\-acert"
! 29: .B \-h
! 30: |
! 31: .B \-\-help
! 32: .YS
! 33: .
! 34: .SH "DESCRIPTION"
! 35: .
! 36: This sub-command of
! 37: .BR pki (1)
! 38: is used to issue an attribute certificate using an issuer certificate with its
! 39: private key and the holder certificate.
! 40: .
! 41: .SH "OPTIONS"
! 42: .
! 43: .TP
! 44: .B "\-h, \-\-help"
! 45: Print usage information with a summary of the available options.
! 46: .TP
! 47: .BI "\-v, \-\-debug " level
! 48: Set debug level, default: 1.
! 49: .TP
! 50: .BI "\-+, \-\-options " file
! 51: Read command line options from \fIfile\fR.
! 52: .TP
! 53: .BI "\-i, \-\-in " file
! 54: Holder certificate to issue an attribute certificate for. If not given the
! 55: certificate is read from \fISTDIN\fR.
! 56: .TP
! 57: .BI "\-m, \-\-group " membership
! 58: Group membership the attribute certificate shall certify. The specified group
! 59: is included as a string. To include multiple groups, the option can be repeated.
! 60: .TP
! 61: .BI "\-k, \-\-issuerkey " file
! 62: Issuer private key file. Either this or
! 63: .B \-\-issuerkeyid
! 64: is required.
! 65: .TP
! 66: .BI "\-x, \-\-issuerkeyid " hex
! 67: Smartcard or TPM issuer private key object handle in hex format with an optional
! 68: h0x prefix. Either this or
! 69: .B \-\-issuerkey
! 70: is required.
! 71: .TP
! 72: .BI "\-c, \-\-issuercert " file
! 73: Issuer certificate file. Required.
! 74: .TP
! 75: .BI "\-l, \-\-lifetime " hours
! 76: Hours the attribute certificate is valid, default: 24. Ignored if both
! 77: an absolute start and end time are given.
! 78: .TP
! 79: .BI "\-F, \-\-not-before " datetime
! 80: Absolute time when the validity of the AC begins. The datetime format is
! 81: defined by the
! 82: .B \-\-dateform
! 83: option.
! 84: .TP
! 85: .BI "\-T, \-\-not-after " datetime
! 86: Absolute time when the validity of the AC ends. The datetime format is
! 87: defined by the
! 88: .B \-\-dateform
! 89: option.
! 90: .TP
! 91: .BI "\-D, \-\-dateform " form
! 92: strptime(3) format for the
! 93: .B \-\-not\-before
! 94: and
! 95: .B \-\-not\-after
! 96: options, default:
! 97: .B %d.%m.%y %T
! 98: .TP
! 99: .BI "\-s, \-\-serial " hex
! 100: Serial number in hex. It is randomly allocated by default.
! 101: .TP
! 102: .BI "\-g, \-\-digest " digest
! 103: Digest to use for signature creation. One of \fImd5\fR, \fIsha1\fR,
! 104: \fIsha224\fR, \fIsha256\fR, \fIsha384\fR, or \fIsha512\fR. The default is
! 105: determined based on the type and size of the signature key.
! 106: .TP
! 107: .BI "\-R, \-\-rsa\-padding " padding
! 108: Padding to use for RSA signatures. Either \fIpkcs1\fR or \fIpss\fR, defaults
! 109: to \fIpkcs1\fR.
! 110: .TP
! 111: .BI "\-f, \-\-outform " encoding
! 112: Encoding of the created certificate file. Either \fIder\fR (ASN.1 DER) or
! 113: \fIpem\fR (Base64 PEM), defaults to \fIder\fR.
! 114: .
! 115: .SH "EXAMPLES"
! 116: .
! 117: To save repetitive typing, command line options can be stored in files.
! 118: Lets assume
! 119: .I acert.opt
! 120: contains the following contents:
! 121: .PP
! 122: .EX
! 123: --issuercert aacert.der --issuerkey aakey.der --digest sha256 --lifetime 4
! 124: .EE
! 125: .PP
! 126: Then the following command can be used to issue an attribute certificate based
! 127: on a holder certificate and the options above:
! 128: .PP
! 129: .EX
! 130: pki --acert --options acert.opt --in holder.der --group sales --group finance -f pem
! 131: .EE
! 132: .PP
! 133: .
! 134: .SH "SEE ALSO"
! 135: .
! 136: .BR pki (1)
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to pki---acert.1.in CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / strongswan / src / pki / man