merge

[plan9front.git] / sys / man / 8 / rsa

diff --git a/sys/man/8/rsa b/sys/man/8/rsa
index 5baf185746b4773fe96cafd037563734d12bc3bc..20b444b593bdc3a33d50dbbeb3b51044598445c2 100644 (file)
--- a/sys/man/8/rsa
+++ b/sys/man/8/rsa
@@ -1,6 +1,6 @@
 .TH RSA 8
 .SH NAME
-rsagen, rsafill, asn12rsa, rsa2pub, rsa2ssh, rsa2x509 \- generate and format rsa keys
+rsagen, rsafill, asn12rsa, rsa2asn1, rsa2pub, rsa2ssh, rsa2x509, rsa2csr \- generate and format rsa keys
 .SH SYNOPSIS
 .B rsagen
 [
@@ -26,15 +26,17 @@ rsagen, rsafill, asn12rsa, rsa2pub, rsa2ssh, rsa2x509 \- generate and format rsa
 .I file
 ]
 .PP
-.B rsa2pub
+.B rsa2asn1
 [
 .I file
 ]
 .PP
-.B rsa2ssh
+.B rsa2pub
 [
-.B -2
+.I file
 ]
+.PP
+.B rsa2ssh
 [
 .B -c
 .I comment
@@ -52,6 +54,12 @@ rsagen, rsafill, asn12rsa, rsa2pub, rsa2ssh, rsa2x509 \- generate and format rsa
 [
 .I file
 ]
+.PP
+.B rsa2csr
+.I subject
+[
+.I file
+]
 .SH DESCRIPTION
 Plan 9 represents an RSA key as an attribute-value pair list
 prefixed with the string
@@ -118,7 +126,7 @@ whose
 .B n
 has exactly
 .I nbits
-(default 1024)
+(default 2048)
 significant bits.
 If
 .I tag
@@ -170,23 +178,16 @@ reads a Plan 9 RSA public or private key,
 removes the private attributes, and prints the resulting public key.
 Comment attributes are preserved.
 .PP
+.I Rsa2asn1
+is like
+.I rsa2pub
+but outputs the public key in ASN.1/DER format.
+.PP
 .I Rsa2ssh
 reads a Plan 9 RSA public or private key and prints the public portion 
-in the format used by SSH: three space-separated decimal numbers
-.BR size ,
-.BR ek ,
-and
-.BR n .
-The
-.B -2
-option will change the output to SSH2 RSA public key format. The
+in the format used by SSH2. The
 .B -c
 option will set the comment.
-For compatibility with external SSH implementations, the public keys in
-.B /sys/lib/ssh/keyring
-and
-.B $home/lib/keyring
-are stored in this format.
 .PP
 .I Rsa2x509
 reads a Plan 9 RSA private key and writes a self-signed X.509 certificate
@@ -207,6 +208,10 @@ This info is typically in the form:
 C=US ST=NJ L=07974 O=Lucent OU='Bell Labs' CN=G.R.Emlin
 .EE
 .LP
+One can append further Distinguished Names, DNS Names and
+E-Mail addresses as a ``Subject Alternative Name'' separated
+with a comma after the main subject.
+.LP
 The X.509 ASN.1/DER format is often encoded in text using a PEM section
 labeled as a
 .RB `` CERTIFICATE .''
@@ -229,6 +234,11 @@ The Plan 9 RSA private key needs to be loaded into factotum
 for TLS server applications. It is recommended to put the key into
 .IR secstore (1),
 avoiding it being stored unencrypted on the filesystem.
+.PP
+.I Rsa2csr
+takes the
+.I subject
+and a RSA private key and outputs a signing request in ASN.1 format.
 .SH EXAMPLES
 Generate a fresh key and use it to start a TLS-enabled web server:
 .IP
@@ -249,11 +259,25 @@ auth/rsa2ssh key | ssh unix 'cat >>.ssh/authorized_keys'
 cat key >/mnt/factotum/ctl
 ssh unix
 .EE
+.PP
+Convert a private key in PEM format (as generated by OpenSSL)
+and load it into factotum:
+.IP
+.EX
+auth/pemdecode 'PRIVATE KEY' key.pem | 
+       auth/asn12rsa -t 'service=tls' >/mnt/factotum/ctl
+.EE
+.PP
+Generate a certificate signing request (CSR) in PEM format:
+.IP
+.EX
+auth/rsa2csr 'CN=example.com' key |
+       auth/pemencode 'CERTIFICATE REQUEST'
+.EE
 .SH SOURCE
 .B /sys/src/cmd/auth
 .SH "SEE ALSO
 .IR factotum (4),
 .IR pem (8),
-.IR ssh (1)
 .SH BUGS
 There are too many key formats.