generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Add info about the header and footer lines used in PEM formats

Browse Source 
and add an nseq manpage.
This commit is contained in:
Dr. Stephen Henson 1999-11-13 21:58:39 +00:00
parent 938ead8f88
commit 0286d94454
7 changed files with 123 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
doc/man/dsa.pod
View File

@ -117,6 +117,13 @@ a public key.
=back =back
=head1 NOTES
The PEM private key format uses the header and footer lines:
-----BEGIN DSA PRIVATE KEY-----
-----END DSA PRIVATE KEY-----
=head1 EXAMPLES =head1 EXAMPLES
To remove the pass phrase on a DSA private key: To remove the pass phrase on a DSA private key:

5
doc/man/dsaparam.pod
View File

@ -82,6 +82,11 @@ the input file (if any) is ignored.
=head1 NOTES =head1 NOTES
PEM format DSA parameters use the header and footer lines:
-----BEGIN DSA PARAMETERS-----
-----END DSA PARAMETERS-----
DSA parameter generation is a slow process and as a result the same set of DSA parameter generation is a slow process and as a result the same set of
DSA parameters is often used to generate several distinct keys. DSA parameters is often used to generate several distinct keys.

70
doc/man/nseq.pod Normal file
View File

@ -0,0 +1,70 @@
=pod
=head1 NAME
nseq - create or examine a netscape certificate sequence
=head1 SYNOPSIS
B<openssl> B<nseq>
[B<-in filename>]
[B<-out filename>]
[B<-toseq>]
=head1 DESCRIPTION
The B<nseq> command takes a file containing a Netscape certificate
sequence and prints out the certificates contained in it or takes a
file of certificates and converts it into a Netscape certificate
sequence.
=head1 COMMAND OPTIONS
=over 4
=item B<-in filename>
This specifies the input filename to read or standard input if this
option is not specified.
=item B<-out filename>
specifies the output filename or standard output by default.
=item B<-toseq>
normally a Netscape certificate sequence will be input and the output
is the certificates contained in it. With the B<-toseq> option the
situation is reversed: a Netscape certificate sequence is created from
a file of certificates.
=back
=head1 EXAMPLES
Output the certificates in a Netscape certificate sequence
openssl nseq -in nseq.pem -out certs.pem
Create a Netscape certificate sequence
openssl nseq -in certs.pem -toseq -out nseq.pem
=head1 NOTES
The B<PEM> encoded form uses the same headers and footers as a certificate:
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
A Netscape certificate sequence is a Netscape specific form that can be sent
to browsers as an alternative to the standard PKCS#7 format when several
certificates are sent to the browser: for example during certificate erollment.
It is used by Netscape certificate server for example.
=head1 BUGS
This program needs a few more options: like allowing DER or PEM input and
output files and allowing multiple certificate files to be used.
=cut

11
doc/man/pkcs8.pod
View File

@ -93,6 +93,17 @@ B<des>, B<des3> and B<rc2>. It is recommended that B<des3> is used.
=head1 NOTES =head1 NOTES
The encrypted form of a PEM encode PKCS#8 files uses the following
headers and footers:
-----BEGIN ENCRYPTED PRIVATE KEY-----
-----END ENCRYPTED PRIVATE KEY-----
The unencrypted form uses:
-----BEGIN PRIVATE KEY-----
-----END PRIVATE KEY-----
Private keys encrypted using PKCS#5 v2.0 algorithms and high iteration Private keys encrypted using PKCS#5 v2.0 algorithms and high iteration
counts are more secure that those encrypted using the traditional counts are more secure that those encrypted using the traditional
SSLeay compatible formats. So if additional security is considered SSLeay compatible formats. So if additional security is considered

16
doc/man/req.pod
View File

@ -371,11 +371,17 @@ Sample configuration file:
=head1 NOTES =head1 NOTES
The header and footer lines in the B<PEM> format contain the words The header and footer lines in the B<PEM> format are respectively:
B<BEGIN CERTIFICATE REQUEST> and B<END CERTIFICATE REQUEST> some software
(for example some versions of Netscape certificate server) requires the -----BEGIN CERTIFICATE REQUEST----
words B<BEGIN NEW CERTIFICATE REQUEST> and B<END NEW CERTIFICATE REQUEST> -----END CERTIFICATE REQUEST----
instead.
some software (some versions of Netscape certificate server) instead needs:
-----BEGIN NEW CERTIFICATE REQUEST----
-----END NEW CERTIFICATE REQUEST----
but is otherwise compatible. Either form is accepted on input.
The certificate requests generated by B<Xenroll> with MSIE have extensions The certificate requests generated by B<Xenroll> with MSIE have extensions
added. It includes the B<keyUsage> extension which determines the type of added. It includes the B<keyUsage> extension which determines the type of

7
doc/man/rsa.pod
View File

@ -123,6 +123,13 @@ a public key.
=back =back
=head1 NOTES
The PEM private key format uses the header and footer lines:
-----BEGIN RSA PRIVATE KEY-----
-----END RSA PRIVATE KEY-----
=head1 EXAMPLES =head1 EXAMPLES
To remove the pass phrase on an RSA private key: To remove the pass phrase on an RSA private key:

12
doc/man/x509.pod
View File

@ -371,6 +371,18 @@ Set a certificate to be trusted for SSL client use and change set its alias to
openssl x509 -in cert.pem -addtrust sslclient \ openssl x509 -in cert.pem -addtrust sslclient \
-alias "Steve's Class 1 CA" -out trust.pem -alias "Steve's Class 1 CA" -out trust.pem
=head1 NOTES
The PEM format uses the header and footer lines:
-----BEGIN CERTIFICATE----
-----END CERTIFICATE----
it will also handle files containing:
-----BEGIN X509 CERTIFICATE----
-----END X509 CERTIFICATE----
=head1 BUGS =head1 BUGS
The way DNs are printed is in a "historical SSLeay" format which doesn't The way DNs are printed is in a "historical SSLeay" format which doesn't