merging erik quanstros nupas

[plan9front.git] / sys / man / 8 / rsa

diff --git a/sys/man/8/rsa b/sys/man/8/rsa
index 94ae8775ba1b3031c18be72498d5aa911bb7c39f..a5d36573a93f18ba9639e14a78cdfbff117c7f53 100644 (file)
--- a/sys/man/8/rsa
+++ b/sys/man/8/rsa
@@ -1,6 +1,6 @@
 .TH RSA 8
 .SH NAME
-rsagen, rsafill, asn12rsa, rsa2pub, rsa2ssh, rsa2x509 \- generate and format rsa keys
+rsagen, rsafill, asn12rsa, rsa2pub, rsa2ssh, rsa2x509, rsa2csr \- generate and format rsa keys
 .SH SYNOPSIS
 .B rsagen
 [
@@ -52,6 +52,12 @@ rsagen, rsafill, asn12rsa, rsa2pub, rsa2ssh, rsa2x509 \- generate and format rsa
 [
 .I file
 ]
+.PP
+.B rsa2csr
+.I subject
+[
+.I file
+]
 .SH DESCRIPTION
 Plan 9 represents an RSA key as an attribute-value pair list
 prefixed with the string
@@ -207,6 +213,10 @@ This info is typically in the form:
 C=US ST=NJ L=07974 O=Lucent OU='Bell Labs' CN=G.R.Emlin
 .EE
 .LP
+One can append further Distinguished Names, DNS Names and
+E-Mail addresses as a ``Subject Alternative Name'' separated
+with a comma after the main subject.
+.LP
 The X.509 ASN.1/DER format is often encoded in text using a PEM section
 labeled as a
 .RB `` CERTIFICATE .''
@@ -229,6 +239,11 @@ The Plan 9 RSA private key needs to be loaded into factotum
 for TLS server applications. It is recommended to put the key into
 .IR secstore (1),
 avoiding it being stored unencrypted on the filesystem.
+.PP
+.I Rsa2csr
+takes the
+.I subject
+and a RSA private key and outputs a signing request in ASN.1 format.
 .SH EXAMPLES
 Generate a fresh key and use it to start a TLS-enabled web server:
 .IP
@@ -257,11 +272,17 @@ and load it into factotum:
 auth/pemdecode 'PRIVATE KEY' key.pem | 
        auth/asn12rsa -t 'service=tls' >/mnt/factotum/ctl
 .EE
+.PP
+Generate a certificate signing request (CSR) in PEM format:
+.IP
+.EX
+auth/rsa2csr 'CN=example.com' key |
+       auth/pemencode 'CERTIFICATE REQUEST'
+.EE
 .SH SOURCE
 .B /sys/src/cmd/auth
 .SH "SEE ALSO
 .IR factotum (4),
 .IR pem (8),
-.IR ssh (1)
 .SH BUGS
 There are too many key formats.