Man page or keyword search:   man All Sections 1 - General Commands 2 - System Calls 3 - Subroutines, Functions 4 - Special Files 5 - File Formats 6 - Games and Screensavers 7 - Macros and Conventions 8 - Maintenence Commands 9 - Kernel Interface New Commands Server 4.4BSD AIX Alpinelinux Archlinux Aros BSDOS BSDi Bifrost CentOS Cygwin Darwin Debian DigitalUNIX DragonFly ElementaryOS Fedora FreeBSD Gentoo GhostBSD HP-UX Haiku Hurd IRIX Inferno JazzOS Kali Knoppix LinuxMint MacOSX Mageia Mandriva Manjaro Minix MirBSD NeXTSTEP NetBSD OPENSTEP OSF1 OpenBSD OpenDarwin OpenIndiana OpenMandriva OpenServer OpenSuSE OpenVMS Oracle PC-BSD Peanut Pidora Plan9 QNX Raspbian RedHat Scientific Slackware SmartOS Solaris SuSE SunOS Syllable Tru64 UNIXv7 Ubuntu Ultrix UnixWare Xenix YellowDog aLinux   12896 pages apropos Keyword Search (all sections) Output format html ascii pdf view pdf save postscript

spkac(1ssl)							   spkac(1ssl)

NAME
       spkac - SPKAC printing and generating utility

SYNOPSIS
       openssl	spkac  [-infilename] [-outfilename] [-keykeyfile] [-passinarg]
       [-challengestring]   [-pubkey]	[-spkacspkacname]    [-spksectsection]
       [-noout] [-verify]

OPTIONS
       Specifies  the  input  filename	to read from or standard input if this
       option is not specified. Ignored if the -key option is used.  Specifies
       the output filename to write to or standard output by default.  Creates
       an SPKAC file using the private key in keyfile.	The -in, -noout, -spk‐
       sect  and -verify options are ignored if present.  The input file pass‐
       word source. For more information about the format of arg, see the Pass
       Phrase  Arguments  section  in  openssl(1ssl).  Specifies the challenge
       string if an SPKAC is being created.  Allows an alternative  name  from
       the  variable  containing  the SPKAC. The default is SPKAC. This option
       affects both generated and input SPKAC files.   Allows  an  alternative
       name  from the section containing the SPKAC. The default is the default
       section.	 Does not output the text version of the SPKAC (not used if an
       SPKAC  is being created).  Outputs the public key of an SPKAC (not used
       if an SPKAC is being created).  Verifies the digital signature  on  the
       supplied SPKAC.

DESCRIPTION
       The  spkac  command  processes Netscape signed public key and challenge
       (SPKAC) files. It can print out their contents,	verify	the  signature
       and produce its own SPKACs from a supplied private key.

NOTES
       A  created  SPKAC  with suitable DN components appended can be fed into
       the ca utility.

       SPKACs are typically generated by Netscape when	a  form	 is  submitted
       containing  the	KEYGEN	tag  as	 part  of  the	certificate enrollment
       process.

       The challenge string permits a primitive form of proof of possession of
       private	key.  By  checking  the SPKAC signature and a random challenge
       string some guarantee is given that the user knows the private key cor‐
       responding to the public key being certified. This is important in some
       applications.  Without this it is possible for a previous SPKAC	to  be
       used in a replay attack.

EXAMPLES
       Print out the contents of an SPKAC: openssl spkac -in spkac.cnf

       Verify  the  signature  of an SPKAC: openssl spkac -in spkac.cnf -noout
       -verify

       Create an SPKAC using the challenge string "hello": openssl spkac  -key
       key.pem -challenge hello -out spkac.cnf

       Example	 of   an   SPKAC,   (long   lines   split   up	for  clarity):
       SPKAC=MIG5MGUwXDANBgkqhkiG9w0BAQEFAANLADBIAkEA1cCoq2Wa3Ixs47uI7F\
       PVwHVIPDx5yso105Y6zpozam135a8R0CpoRvkkigIyXfcCjiVi5oWk+6FfPaD03u\  PFo‐
       QIDAQABFgVoZWxsbzANBgkqhkiG9w0BAQQFAANBAFpQtY/FojdwkJh1bEIYuc\
       2EeM2KHTWPEepWYeawvHD0gQ3DngSC75YCWnnDdq+NQ3F+X4deMx9AaEglZtULwV\ 4=

SEE ALSO
       Commands: ca(1ssl)

								   spkac(1ssl)

Vote for polarhome