210 lines
6.9 KiB
Diff
210 lines
6.9 KiB
Diff
|
diff --git a/doc/certutil.xml b/doc/certutil.xml
|
||
|
--- a/doc/certutil.xml
|
||
|
+++ b/doc/certutil.xml
|
||
|
@@ -634,16 +634,37 @@ of the attribute codes:
|
||
|
</varlistentry>
|
||
|
|
||
|
<varlistentry>
|
||
|
<term>--extSKID</term>
|
||
|
<listitem><para>Add the Subject Key ID extension to the certificate. X.509 certificate extensions are described in RFC 5280.</para></listitem>
|
||
|
</varlistentry>
|
||
|
|
||
|
<varlistentry>
|
||
|
+ <term>--extNC</term>
|
||
|
+ <listitem><para>Add a Name Constraint extension to the certificate. X.509 certificate extensions are described in RFC 5280.</para></listitem>
|
||
|
+ </varlistentry>
|
||
|
+
|
||
|
+ <varlistentry>
|
||
|
+ <term>--keyAttrFlags attrflags</term>
|
||
|
+ <listitem><para>
|
||
|
+PKCS #11 key Attributes. Comma separated list of key attribute flags, selected from the following list of choices: {token | session} {public | private} {sensitive | insensitive} {modifiable | unmodifiable} {extractable | unextractable}</para></listitem>
|
||
|
+ </varlistentry>
|
||
|
+
|
||
|
+ <varlistentry>
|
||
|
+ <term>--keyFlagsOn opflags</term>
|
||
|
+ <term>--keyFlagsOff opflags</term>
|
||
|
+ <listitem><para>
|
||
|
+PKCS #11 key Operation Flags.
|
||
|
+Comma separated list of one or more of the following:
|
||
|
+{token | session} {public | private} {sensitive | insensitive} {modifiable | unmodifiable} {extractable | unextractable}
|
||
|
+ </para></listitem>
|
||
|
+ </varlistentry>
|
||
|
+
|
||
|
+ <varlistentry>
|
||
|
<term>--source-dir certdir</term>
|
||
|
<listitem><para>Identify the certificate database directory to upgrade.</para></listitem>
|
||
|
</varlistentry>
|
||
|
|
||
|
<varlistentry>
|
||
|
<term>--source-prefix certdir</term>
|
||
|
<listitem><para>Give the prefix of the certificate and key databases to upgrade.</para></listitem>
|
||
|
</varlistentry>
|
||
|
@@ -795,17 +816,17 @@ JyBVgFqDXRYSyTBNw1DrxUU/3GvWA/ngjAwHEv0C
|
||
|
XRzPORlC2WY3gkk7vmlsLvYpyecNazAi/NAwVnU/66HOsaoVFWE+gBQo99UrN2yk
|
||
|
0BiK/GMFlLm5dXQROgA9ZKKyFdI0LIXtf6SbAgMBAAGjMzAxMBEGCWCGSAGG+EIB
|
||
|
AQQEAwIHADAMBgNVHRMEBTADAQH/MA4GA1UdDwEB/wQEAwICBDANBgkqhkiG9w0B
|
||
|
AQUFAAOBgQA6chkzkACN281d1jKMrc+RHG2UMaQyxiteaLVZO+Ro1nnRUvseDf09
|
||
|
XKYFwPMJjWCihVku6bw/ihZfuMHhxK22Nue6inNQ6eDu7WmrqL8z3iUrQwxs+WiF
|
||
|
ob2rb8XRVVJkzXdXxlk4uo3UtNvw8sAz7sWD71qxKaIHU5q49zijfg==
|
||
|
-----END CERTIFICATE-----
|
||
|
</programlisting>
|
||
|
-<pa>For a humam-readable display</para>
|
||
|
+<para>For a human-readable display</para>
|
||
|
<programlisting>$ certutil -L -d sql:$HOME/nssdb -n my-ca-cert
|
||
|
Certificate:
|
||
|
Data:
|
||
|
Version: 3 (0x2)
|
||
|
Serial Number: 3650 (0xe42)
|
||
|
Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption
|
||
|
Issuer: "CN=Example CA"
|
||
|
Validity:
|
||
|
diff --git a/doc/cmsutil.xml b/doc/cmsutil.xml
|
||
|
--- a/doc/cmsutil.xml
|
||
|
+++ b/doc/cmsutil.xml
|
||
|
@@ -84,19 +84,26 @@ The options and arguments for the cmsuti
|
||
|
<varlistentry>
|
||
|
<term>-S </term>
|
||
|
<listitem><para>Sign a message.</para></listitem>
|
||
|
</varlistentry>
|
||
|
|
||
|
</variablelist>
|
||
|
|
||
|
<para><command>Arguments</command></para>
|
||
|
- <para>Option arguments modify an action and are lowercase.</para>
|
||
|
+ <para>Option arguments modify an action.</para>
|
||
|
<variablelist>
|
||
|
<varlistentry>
|
||
|
+ <term>-b </term>
|
||
|
+ <listitem>
|
||
|
+ <para>Decode a batch of files named in infile.</para>
|
||
|
+ </listitem>
|
||
|
+ </varlistentry>
|
||
|
+
|
||
|
+ <varlistentry>
|
||
|
<term>-c content </term>
|
||
|
<listitem>
|
||
|
<para>Use this detached content (decode only).</para>
|
||
|
</listitem>
|
||
|
</varlistentry>
|
||
|
|
||
|
<varlistentry>
|
||
|
<term>-d dbdir</term>
|
||
|
@@ -108,37 +115,58 @@ The options and arguments for the cmsuti
|
||
|
<varlistentry>
|
||
|
<term>-e envfile</term>
|
||
|
<listitem>
|
||
|
<para>Specify a file containing an enveloped message for a set of recipients to which you would like to send an encrypted message. If this is the first encrypted message for that set of recipients, a new enveloped message will be created that you can then use for future messages (encrypt only).</para>
|
||
|
</listitem>
|
||
|
</varlistentry>
|
||
|
|
||
|
<varlistentry>
|
||
|
+ <term>-f pwfile</term>
|
||
|
+ <listitem>
|
||
|
+ <para>Use password file to set password on all PKCS#11 tokens.</para>
|
||
|
+ </listitem>
|
||
|
+ </varlistentry>
|
||
|
+
|
||
|
+ <varlistentry>
|
||
|
<term>-G</term>
|
||
|
<listitem>
|
||
|
<para>Include a signing time attribute (sign only).</para>
|
||
|
</listitem>
|
||
|
</varlistentry>
|
||
|
-
|
||
|
+
|
||
|
+ <varlistentry>
|
||
|
+ <term>-H hash</term>
|
||
|
+ <listitem>
|
||
|
+ <para>Use specified hash algorithm (default:SHA1).</para>
|
||
|
+ </listitem>
|
||
|
+ </varlistentry>
|
||
|
+
|
||
|
<varlistentry>
|
||
|
<term>-h num</term>
|
||
|
<listitem>
|
||
|
<para>Generate email headers with info about CMS message (decode only).</para>
|
||
|
</listitem>
|
||
|
</varlistentry>
|
||
|
|
||
|
<varlistentry>
|
||
|
<term>-i infile</term>
|
||
|
<listitem>
|
||
|
<para>Use infile as a source of data (default is stdin).</para>
|
||
|
</listitem>
|
||
|
</varlistentry>
|
||
|
|
||
|
<varlistentry>
|
||
|
+ <term>-k</term>
|
||
|
+ <listitem>
|
||
|
+ <para>Keep decoded encryption certs in permanent cert db.</para>
|
||
|
+ </listitem>
|
||
|
+ </varlistentry>
|
||
|
+
|
||
|
+ <varlistentry>
|
||
|
<term>-N nickname</term>
|
||
|
<listitem>
|
||
|
<para>Specify nickname of certificate to sign with (sign only).</para>
|
||
|
</listitem>
|
||
|
</varlistentry>
|
||
|
|
||
|
<varlistentry>
|
||
|
<term>-n </term>
|
||
|
@@ -188,16 +216,23 @@ For certificates-only message, list of c
|
||
|
<varlistentry>
|
||
|
<term>-u certusage</term>
|
||
|
<listitem>
|
||
|
<para>Set type of cert usage (default is certUsageEmailSigner).</para>
|
||
|
</listitem>
|
||
|
</varlistentry>
|
||
|
|
||
|
<varlistentry>
|
||
|
+ <term>-v</term>
|
||
|
+ <listitem>
|
||
|
+ <para>Print debugging information.</para>
|
||
|
+ </listitem>
|
||
|
+ </varlistentry>
|
||
|
+
|
||
|
+ <varlistentry>
|
||
|
<term>-Y ekprefnick</term>
|
||
|
<listitem>
|
||
|
<para>Specify an encryption key preference by nickname.</para>
|
||
|
</listitem>
|
||
|
</varlistentry>
|
||
|
|
||
|
</variablelist>
|
||
|
|
||
|
diff --git a/doc/crlutil.xml b/doc/crlutil.xml
|
||
|
--- a/doc/crlutil.xml
|
||
|
+++ b/doc/crlutil.xml
|
||
|
@@ -261,16 +261,30 @@ Specify type of CRL. possible types are:
|
||
|
<term>-u url </term>
|
||
|
<listitem>
|
||
|
<para>
|
||
|
Specify the url.
|
||
|
</para>
|
||
|
</listitem>
|
||
|
</varlistentry>
|
||
|
|
||
|
+ <varlistentry>
|
||
|
+ <term>-w pwd-string</term>
|
||
|
+ <listitem>
|
||
|
+ <para>Provide db password in command line.</para>
|
||
|
+ </listitem>
|
||
|
+ </varlistentry>
|
||
|
+
|
||
|
+ <varlistentry>
|
||
|
+ <term>-Z algorithm</term>
|
||
|
+ <listitem>
|
||
|
+ <para>Specify the hash algorithm to use for signing the CRL.</para>
|
||
|
+ </listitem>
|
||
|
+ </varlistentry>
|
||
|
+
|
||
|
</variablelist>
|
||
|
</refsection>
|
||
|
|
||
|
<refsection id="syntax">
|
||
|
<title>CRL Generation script syntax</title>
|
||
|
<para>CRL generation script file has the following syntax:</para>
|
||
|
<para>
|
||
|
* Line with comments should have # as a first symbol of a line</para>
|