summaryrefslogtreecommitdiff
path: root/secure/usr.bin/openssl/man/ts.1
diff options
context:
space:
mode:
Diffstat (limited to 'secure/usr.bin/openssl/man/ts.1')
-rw-r--r--secure/usr.bin/openssl/man/ts.169
1 files changed, 39 insertions, 30 deletions
diff --git a/secure/usr.bin/openssl/man/ts.1 b/secure/usr.bin/openssl/man/ts.1
index 6ffa749653cb..a1010924ad43 100644
--- a/secure/usr.bin/openssl/man/ts.1
+++ b/secure/usr.bin/openssl/man/ts.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.23)
+.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -38,6 +38,8 @@
. ds PI \(*p
. ds L" ``
. ds R" ''
+. ds C`
+. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
@@ -48,17 +50,24 @@
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
-.ie \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.\"
+.\" Avoid warning from groff about undefined register 'F'.
+.de IX
..
-. nr % 0
-. rr F
-.\}
-.el \{\
-. de IX
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{
+. if \nF \{
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
+. if !\nF==2 \{
+. nr % 0
+. nr F 2
+. \}
+. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -124,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "TS 1"
-.TH TS 1 "2013-02-11" "1.0.1e" "OpenSSL"
+.TH TS 1 "2015-01-15" "1.0.1l" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -177,13 +186,13 @@ ts \- Time Stamping Authority tool (client/server)
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
The \fBts\fR command is a basic Time Stamping Authority (\s-1TSA\s0) client and server
-application as specified in \s-1RFC\s0 3161 (Time-Stamp Protocol, \s-1TSP\s0). A
+application as specified in \s-1RFC 3161 \s0(Time-Stamp Protocol, \s-1TSP\s0). A
\&\s-1TSA\s0 can be part of a \s-1PKI\s0 deployment and its role is to provide long
term proof of the existence of a certain datum before a particular
time. Here is a brief description of the protocol:
.IP "1." 4
The \s-1TSA\s0 client computes a one-way hash value for a data file and sends
-the hash to the \s-1TSA\s0.
+the hash to the \s-1TSA.\s0
.IP "2." 4
The \s-1TSA\s0 attaches the current date and time to the received hash value,
signs them and sends the time stamp token back to the client. By
@@ -192,7 +201,7 @@ data file at the time of response generation.
.IP "3." 4
The \s-1TSA\s0 client receives the time stamp token and verifies the
signature on it. It also checks if the token contains the same hash
-value that it had sent to the \s-1TSA\s0.
+value that it had sent to the \s-1TSA.\s0
.PP
There is one \s-1DER\s0 encoded protocol data unit defined for transporting a time
stamp request to the \s-1TSA\s0 and one for sending the time stamp response
@@ -202,7 +211,7 @@ creating a time stamp response based on a request, verifying if a
response corresponds to a particular request or a data file.
.PP
There is no support for sending the requests/responses automatically
-over \s-1HTTP\s0 or \s-1TCP\s0 yet as suggested in \s-1RFC\s0 3161. The users must send the
+over \s-1HTTP\s0 or \s-1TCP\s0 yet as suggested in \s-1RFC 3161.\s0 The users must send the
requests either by ftp or e\-mail.
.SH "OPTIONS"
.IX Header "OPTIONS"
@@ -236,7 +245,7 @@ in use. (Optional)
.IX Item "-md2|-md4|-md5|-sha|-sha1|-mdc2|-ripemd160|..."
The message digest to apply to the data file, it supports all the message
digest algorithms that are supported by the openssl \fBdgst\fR command.
-The default is \s-1SHA\-1\s0. (Optional)
+The default is \s-1SHA\-1. \s0(Optional)
.IP "\fB\-policy\fR object_id" 4
.IX Item "-policy object_id"
The policy that the client expects the \s-1TSA\s0 to use for creating the
@@ -267,7 +276,7 @@ is stdout. (Optional)
.IP "\fB\-text\fR" 4
.IX Item "-text"
If this option is specified the output is human-readable text format
-instead of \s-1DER\s0. (Optional)
+instead of \s-1DER. \s0(Optional)
.SS "Time Stamp Response generation"
.IX Subsection "Time Stamp Response generation"
A time stamp response (TimeStampResp) consists of a response status
@@ -280,20 +289,20 @@ otherwise it is a time stamp token (ContentInfo).
.IP "\fB\-config\fR configfile" 4
.IX Item "-config configfile"
The configuration file to use, this option overrides the
-\&\fB\s-1OPENSSL_CONF\s0\fR environment variable. See \fB\s-1CONFIGURATION\s0 \s-1FILE\s0
-\&\s-1OPTIONS\s0\fR for configurable variables. (Optional)
+\&\fB\s-1OPENSSL_CONF\s0\fR environment variable. See \fB\s-1CONFIGURATION FILE
+OPTIONS\s0\fR for configurable variables. (Optional)
.IP "\fB\-section\fR tsa_section" 4
.IX Item "-section tsa_section"
The name of the config file section conatining the settings for the
response generation. If not specified the default \s-1TSA\s0 section is
-used, see \fB\s-1CONFIGURATION\s0 \s-1FILE\s0 \s-1OPTIONS\s0\fR for details. (Optional)
+used, see \fB\s-1CONFIGURATION FILE OPTIONS\s0\fR for details. (Optional)
.IP "\fB\-queryfile\fR request.tsq" 4
.IX Item "-queryfile request.tsq"
The name of the file containing a \s-1DER\s0 encoded time stamp request. (Optional)
.IP "\fB\-passin\fR password_src" 4
.IX Item "-passin password_src"
-Specifies the password source for the private key of the \s-1TSA\s0. See
-\&\fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR in \fIopenssl\fR\|(1). (Optional)
+Specifies the password source for the private key of the \s-1TSA.\s0 See
+\&\fB\s-1PASS PHRASE ARGUMENTS\s0\fR in \fIopenssl\fR\|(1). (Optional)
.IP "\fB\-signer\fR tsa_cert.pem" 4
.IX Item "-signer tsa_cert.pem"
The signer certificate of the \s-1TSA\s0 in \s-1PEM\s0 format. The \s-1TSA\s0 signing
@@ -345,7 +354,7 @@ response (TimeStampResp). (Optional)
.IP "\fB\-text\fR" 4
.IX Item "-text"
If this option is specified the output is human-readable text format
-instead of \s-1DER\s0. (Optional)
+instead of \s-1DER. \s0(Optional)
.IP "\fB\-engine\fR id" 4
.IX Item "-engine id"
Specifying an engine (by its unique \fBid\fR string) will cause \fBts\fR
@@ -388,7 +397,7 @@ client. See the similar option of \fIverify\fR\|(1) for additional
details. Either this option or \fB\-CAfile\fR must be specified. (Optional)
.IP "\fB\-CAfile\fR trusted_certs.pem" 4
.IX Item "-CAfile trusted_certs.pem"
-The name of the file containing a set of trusted self-signed \s-1CA\s0
+The name of the file containing a set of trusted self-signed \s-1CA \s0
certificates in \s-1PEM\s0 format. See the similar option of
\&\fIverify\fR\|(1) for additional details. Either this option
or \fB\-CApath\fR must be specified.
@@ -415,7 +424,7 @@ switch always overrides the settings in the config file.
.IX Item "tsa section, default_tsa"
This is the main section and it specifies the name of another section
that contains all the options for the \fB\-reply\fR command. This default
-section can be overriden with the \fB\-section\fR command line switch. (Optional)
+section can be overridden with the \fB\-section\fR command line switch. (Optional)
.IP "\fBoid_file\fR" 4
.IX Item "oid_file"
See \fIca\fR\|(1) for description. (Optional)
@@ -488,7 +497,7 @@ the \s-1TSA\s0 name field of the response. Default is no. (Optional)
.IX Item "ess_cert_id_chain"
The SignedData objects created by the \s-1TSA\s0 always contain the
certificate identifier of the signing certificate in a signed
-attribute (see \s-1RFC\s0 2634, Enhanced Security Services). If this option
+attribute (see \s-1RFC 2634,\s0 Enhanced Security Services). If this option
is set to yes and either the \fBcerts\fR variable or the \fB\-chain\fR option
is specified then the certificate identifiers of the chain will also
be included in the SigningCertificate signed attribute. If this
@@ -497,7 +506,7 @@ included. Default is no. (Optional)
.SH "ENVIRONMENT VARIABLES"
.IX Header "ENVIRONMENT VARIABLES"
\&\fB\s-1OPENSSL_CONF\s0\fR contains the path of the configuration file and can be
-overriden by the \fB\-config\fR command line option.
+overridden by the \fB\-config\fR command line option.
.SH "EXAMPLES"
.IX Header "EXAMPLES"
All the examples below presume that \fB\s-1OPENSSL_CONF\s0\fR is set to a proper
@@ -505,7 +514,7 @@ configuration file, e.g. the example configuration file
openssl/apps/openssl.cnf will do.
.SS "Time Stamp Request"
.IX Subsection "Time Stamp Request"
-To create a time stamp request for design1.txt with \s-1SHA\-1\s0
+To create a time stamp request for design1.txt with \s-1SHA\-1 \s0
without nonce and policy and no certificate is required in the response:
.PP
.Vb 2
@@ -544,9 +553,9 @@ without any other key usage extensions. You can add the
\&'extendedKeyUsage = critical,timeStamping' line to the user certificate section
of the config file to generate a proper certificate. See \fIreq\fR\|(1),
\&\fIca\fR\|(1), \fIx509\fR\|(1) for instructions. The examples
-below assume that cacert.pem contains the certificate of the \s-1CA\s0,
+below assume that cacert.pem contains the certificate of the \s-1CA,\s0
tsacert.pem is the signing certificate issued by cacert.pem and
-tsakey.pem is the private key of the \s-1TSA\s0.
+tsakey.pem is the private key of the \s-1TSA.\s0
.PP
To create a time stamp response for a request:
.PP
@@ -621,7 +630,7 @@ You could also look at the 'test' directory for more examples.
If you find any bugs or you have suggestions please write to
Zoltan Glozik <zglozik@opentsa.org>. Known issues:
.IP "\(bu" 4
-No support for time stamps over \s-1SMTP\s0, though it is quite easy
+No support for time stamps over \s-1SMTP,\s0 though it is quite easy
to implement an automatic e\-mail based \s-1TSA\s0 with \fIprocmail\fR\|(1)
and \fIperl\fR\|(1). \s-1HTTP\s0 server support is provided in the form of
a separate apache module. \s-1HTTP\s0 client support is provided by
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-21 03:10:31 +0000