vmx: allow setting mac address of using ea:nnnnnnnnnnnn! prefix, use genrandom()...

[plan9front.git] / sys / man / 8 / rsa

diff --git a/sys/man/8/rsa b/sys/man/8/rsa
old mode 100755 (executable)
new mode 100644 (file)
index cc0ca8a..1970280
--- a/sys/man/8/rsa
+++ b/sys/man/8/rsa
@@ -1,6 +1,6 @@
 .TH RSA 8
 .SH NAME
 .TH RSA 8
 .SH NAME

-rsagen, rsafill, asn12rsa, rsa2pub, rsa2ssh, rsa2x509 \- generate and format rsa keys
+rsagen, rsafill, asn12rsa, rsa2asn1, rsa2pub, rsa2ssh, rsa2x509, rsa2csr \- generate and format rsa keys

 .SH SYNOPSIS
 .B rsagen
 [
 .SH SYNOPSIS
 .B rsagen
 [


@@ -26,6 +26,11 @@ rsagen, rsafill, asn12rsa, rsa2pub, rsa2ssh, rsa2x509 \- generate and format rsa
 .I file
 ]
 .PP
 .I file
 ]
 .PP

+.B rsa2asn1
+[
+.I file
+]
+.PP

 .B rsa2pub
 [
 .I file
 .B rsa2pub
 [
 .I file


@@ -33,6 +38,10 @@ rsagen, rsafill, asn12rsa, rsa2pub, rsa2ssh, rsa2x509 \- generate and format rsa
 .PP
 .B rsa2ssh
 [
 .PP
 .B rsa2ssh
 [

+.B -c
+.I comment
+]
+[

 .I file
 ]
 .PP
 .I file
 ]
 .PP


@@ -45,6 +54,12 @@ rsagen, rsafill, asn12rsa, rsa2pub, rsa2ssh, rsa2x509 \- generate and format rsa
 [
 .I file
 ]
 [
 .I file
 ]

+.PP
+.B rsa2csr
+.I subject
+[
+.I file
+]

 .SH DESCRIPTION
 Plan 9 represents an RSA key as an attribute-value pair list
 prefixed with the string
 .SH DESCRIPTION
 Plan 9 represents an RSA key as an attribute-value pair list
 prefixed with the string


@@ -111,7 +126,7 @@ whose
 .B n
 has exactly
 .I nbits
 .B n
 has exactly
 .I nbits

-(default 1024)
+(default 2048)

 significant bits.
 If
 .I tag
 significant bits.
 If
 .I tag


@@ -134,7 +149,7 @@ attributes if they are missing,
 and prints a full key.
 .PP
 .I Asn12rsa
 and prints a full key.
 .PP
 .I Asn12rsa

-reads an RSA private key stored as ASN.1
+reads an RSA private or public key stored as ASN.1

 encoded in the binary Distinguished Encoding Rules (DER)
 and prints a Plan 9 RSA key,
 inserting
 encoded in the binary Distinguished Encoding Rules (DER)
 and prints a Plan 9 RSA key,
 inserting


@@ -163,18 +178,16 @@ reads a Plan 9 RSA public or private key,
 removes the private attributes, and prints the resulting public key.
 Comment attributes are preserved.
 .PP
 removes the private attributes, and prints the resulting public key.
 Comment attributes are preserved.
 .PP

+.I Rsa2asn1
+is like
+.I rsa2pub
+but outputs the public key in ASN.1/DER format.
+.PP

 .I Rsa2ssh
 reads a Plan 9 RSA public or private key and prints the public portion 
 .I Rsa2ssh
 reads a Plan 9 RSA public or private key and prints the public portion 

-in the format used by SSH: three space-separated decimal numbers
-.BR size ,
-.BR ek ,
-and
-.BR n .
-For compatibility with external SSH implementations, the public keys in
-.B /sys/lib/ssh/keyring
-and
-.B $home/lib/keyring
-are stored in this format.
+in the format used by SSH2. The
+.B -c
+option will set the comment.

 .PP
 .I Rsa2x509
 reads a Plan 9 RSA private key and writes a self-signed X.509 certificate
 .PP
 .I Rsa2x509
 reads a Plan 9 RSA private key and writes a self-signed X.509 certificate


@@ -195,6 +208,10 @@ This info is typically in the form:
 C=US ST=NJ L=07974 O=Lucent OU='Bell Labs' CN=G.R.Emlin
 .EE
 .LP
 C=US ST=NJ L=07974 O=Lucent OU='Bell Labs' CN=G.R.Emlin
 .EE
 .LP

+One can append further Distinguished Names, DNS Names and
+E-Mail addresses as a ``Subject Alternative Name'' separated
+with a comma after the main subject.
+.LP

 The X.509 ASN.1/DER format is often encoded in text using a PEM section
 labeled as a
 .RB `` CERTIFICATE .''
 The X.509 ASN.1/DER format is often encoded in text using a PEM section
 labeled as a
 .RB `` CERTIFICATE .''


@@ -212,6 +229,16 @@ Applications that serve TLS-encrypted sessions (for example,
 and
 .IR tlssrv (8))
 expect certificates in ASN.1/DER/PEM format.
 and
 .IR tlssrv (8))
 expect certificates in ASN.1/DER/PEM format.

+.PP
+The Plan 9 RSA private key needs to be loaded into factotum
+for TLS server applications. It is recommended to put the key into
+.IR secstore (1),
+avoiding it being stored unencrypted on the filesystem.
+.PP
+.I Rsa2csr
+takes the
+.I subject
+and a RSA private key and outputs a signing request in ASN.1 format.

 .SH EXAMPLES
 Generate a fresh key and use it to start a TLS-enabled web server:
 .IP
 .SH EXAMPLES
 Generate a fresh key and use it to start a TLS-enabled web server:
 .IP


@@ -232,11 +259,25 @@ auth/rsa2ssh key | ssh unix 'cat >>.ssh/authorized_keys'
 cat key >/mnt/factotum/ctl
 ssh unix
 .EE
 cat key >/mnt/factotum/ctl
 ssh unix
 .EE

+.PP
+Convert a private key in PEM format (as generated by OpenSSL)
+and load it into factotum:
+.IP
+.EX
+auth/pemdecode 'PRIVATE KEY' key.pem | 
+       auth/asn12rsa -t 'service=tls' >/mnt/factotum/ctl
+.EE
+.PP
+Generate a certificate signing request (CSR) in PEM format:
+.IP
+.EX
+auth/rsa2csr 'CN=example.com' key |
+       auth/pemencode 'CERTIFICATE REQUEST'
+.EE

 .SH SOURCE
 .B /sys/src/cmd/auth
 .SH "SEE ALSO
 .IR factotum (4),
 .IR pem (8),
 .SH SOURCE
 .B /sys/src/cmd/auth
 .SH "SEE ALSO
 .IR factotum (4),
 .IR pem (8),

-.IR ssh (1)

 .SH BUGS
 There are too many key formats.
 .SH BUGS
 There are too many key formats.