diff options
| author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2014-01-24 19:21:36 +0100 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2014-01-24 19:21:36 +0100 |
| commit | f65d977d224b04e9d7954292d92045aa62ea8a4c (patch) | |
| tree | 24be007a6502a41688cd7983479357b74a6fbc83 | |
| parent | 6a377b4fb29650adaefbbd5b08e5c7d2518524f2 (diff) | |
| download | gnutls_3_1_19.tar.gz | |
doc updategnutls_3_1_19
| -rw-r--r-- | doc/invoke-certtool.texi | 64 | ||||
| -rw-r--r-- | doc/invoke-danetool.texi | 38 | ||||
| -rw-r--r-- | doc/invoke-ocsptool.texi | 6 | ||||
| -rw-r--r-- | doc/invoke-p11tool.texi | 20 | ||||
| -rw-r--r-- | doc/invoke-psktool.texi | 4 | ||||
| -rw-r--r-- | doc/invoke-srptool.texi | 8 | ||||
| -rw-r--r-- | doc/invoke-tpmtool.texi | 22 |
7 files changed, 111 insertions, 51 deletions
diff --git a/doc/invoke-certtool.texi b/doc/invoke-certtool.texi index f6749458a6..f0071565d1 100644 --- a/doc/invoke-certtool.texi +++ b/doc/invoke-certtool.texi @@ -6,7 +6,7 @@ # # DO NOT EDIT THIS FILE (invoke-certtool.texi) # -# It has been AutoGen-ed December 16, 2013 at 01:40:32 PM by AutoGen 5.18 +# It has been AutoGen-ed January 24, 2014 at 07:12:17 PM by AutoGen 5.18.2 # From the definitions ../src/certtool-args.def # and the template file agtexi-cmd.tpl @end ignore @@ -93,23 +93,23 @@ Usage: certtool [ -<flag> [<val>] | --<name>[@{=| @}<val>] ]... - requires the option 'load-certificate' --to-p8 Generate a PKCS #8 structure -8, --pkcs8 Use PKCS #8 format for private keys - --rsa Generate RSA key - --dsa Generate DSA key - --ecc Generate ECC (ECDSA) key - --ecdsa an alias for the 'ecc' option - --hash=str Hash algorithm to use for signing. - --inder Use DER format for input certificates and private keys. + -!, --rsa Generate RSA key + -", --dsa Generate DSA key + -#, --ecc Generate ECC (ECDSA) key + -$, --ecdsa an alias for the 'ecc' option + -%, --hash=str Hash algorithm to use for signing. + -&, --inder Use DER format for input certificates and private keys. - disabled as '--no-inder' - --inraw an alias for the 'inder' option - --outder Use DER format for output certificates and private keys + -', --inraw an alias for the 'inder' option + -(, --outder Use DER format for output certificates and private keys - disabled as '--no-outder' - --outraw an alias for the 'outder' option - --bits=num Specify the number of bits for key generate - --sec-param=str Specify the security level [low, legacy, normal, high, ultra]. - --disable-quick-random No effect - --template=file Template file to use for non-interactive operation + -), --outraw an alias for the 'outder' option + -*, --bits=num Specify the number of bits for key generate + -+, --sec-param=str Specify the security level [low, legacy, normal, high, ultra]. + -,, --disable-quick-random No effect + --, --template=file Template file to use for non-interactive operation - file must pre-exist - --pkcs-cipher=str Cipher to use for PKCS #8 and #12 operations + -., --pkcs-cipher=str Cipher to use for PKCS #8 and #12 operations -v, --version[=arg] output version information and exit -h, --help display extended usage information and exit -!, --more-help extended usage information passed thru pager @@ -129,7 +129,7 @@ Please send bug reports to: <bugs@@gnutls.org> @subsubheading debug option (-d) This is the ``enable debugging.'' option. -This option takes an argument number. +This option takes a number argument. Specifies the debug level. @anchor{certtool generate-request} @subsubheading generate-request option (-q) @@ -188,31 +188,31 @@ are more efficient since GnuTLS 3.0.9. @subsubheading load-privkey option This is the ``loads a private key file'' option. -This option takes an argument string. +This option takes a string argument. This can be either a file or a PKCS #11 URL @anchor{certtool load-pubkey} @subsubheading load-pubkey option This is the ``loads a public key file'' option. -This option takes an argument string. +This option takes a string argument. This can be either a file or a PKCS #11 URL @anchor{certtool load-certificate} @subsubheading load-certificate option This is the ``loads a certificate file'' option. -This option takes an argument string. +This option takes a string argument. This can be either a file or a PKCS #11 URL @anchor{certtool load-ca-privkey} @subsubheading load-ca-privkey option This is the ``loads the certificate authority's private key file'' option. -This option takes an argument string. +This option takes a string argument. This can be either a file or a PKCS #11 URL @anchor{certtool load-ca-certificate} @subsubheading load-ca-certificate option This is the ``loads the certificate authority's certificate file'' option. -This option takes an argument string. +This option takes a string argument. This can be either a file or a PKCS #11 URL @anchor{certtool cprint} @subsubheading cprint option @@ -268,12 +268,20 @@ This is an alias for the @code{ecc} option, @subsubheading hash option This is the ``hash algorithm to use for signing.'' option. -This option takes an argument string. +This option takes a string argument. Available hash functions are SHA1, RMD160, SHA256, SHA384, SHA512. @anchor{certtool inder} @subsubheading inder option This is the ``use der format for input certificates and private keys.'' option. + +@noindent +This option has some usage constraints. It: +@itemize @bullet +@item +can be disabled with --no-inder. +@end itemize + The input files will be assumed to be in DER or RAW format. Unlike options that in PEM input would allow multiple input data (e.g. multiple certificates), when reading in DER format a single data structure is read. @@ -287,6 +295,14 @@ This is an alias for the @code{inder} option, @subsubheading outder option This is the ``use der format for output certificates and private keys'' option. + +@noindent +This option has some usage constraints. It: +@itemize @bullet +@item +can be disabled with --no-outder. +@end itemize + The output will be in DER or RAW format. @anchor{certtool outraw} @subsubheading outraw option @@ -298,13 +314,13 @@ This is an alias for the @code{outder} option, @subsubheading sec-param option This is the ``specify the security level [low, legacy, normal, high, ultra].'' option. -This option takes an argument string @file{Security parameter}. +This option takes a string argument @file{Security parameter}. This is alternative to the bits option. @anchor{certtool pkcs-cipher} @subsubheading pkcs-cipher option This is the ``cipher to use for pkcs #8 and #12 operations'' option. -This option takes an argument string @file{Cipher}. +This option takes a string argument @file{Cipher}. Cipher may be one of 3des, 3des-pkcs12, aes-128, aes-192, aes-256, rc2-40, arcfour. @anchor{certtool exit status} @subsubheading certtool exit status diff --git a/doc/invoke-danetool.texi b/doc/invoke-danetool.texi index 477e32938f..5a66002f77 100644 --- a/doc/invoke-danetool.texi +++ b/doc/invoke-danetool.texi @@ -6,7 +6,7 @@ # # DO NOT EDIT THIS FILE (invoke-danetool.texi) # -# It has been AutoGen-ed December 16, 2013 at 01:40:34 PM by AutoGen 5.18 +# It has been AutoGen-ed January 24, 2014 at 07:12:19 PM by AutoGen 5.18.2 # From the definitions ../src/danetool-args.def # and the template file agtexi-cmd.tpl @end ignore @@ -89,37 +89,37 @@ Please send bug reports to: <bugs@@gnutls.org> @subsubheading debug option (-d) This is the ``enable debugging.'' option. -This option takes an argument number. +This option takes a number argument. Specifies the debug level. @anchor{danetool load-pubkey} @subsubheading load-pubkey option This is the ``loads a public key file'' option. -This option takes an argument string. +This option takes a string argument. This can be either a file or a PKCS #11 URL @anchor{danetool load-certificate} @subsubheading load-certificate option This is the ``loads a certificate file'' option. -This option takes an argument string. +This option takes a string argument. This can be either a file or a PKCS #11 URL @anchor{danetool dlv} @subsubheading dlv option This is the ``sets a dlv file'' option. -This option takes an argument string. +This option takes a string argument. This sets a DLV file to be used for DNSSEC verification. @anchor{danetool hash} @subsubheading hash option This is the ``hash algorithm to use for signing.'' option. -This option takes an argument string. +This option takes a string argument. Available hash functions are SHA1, RMD160, SHA256, SHA384, SHA512. @anchor{danetool check} @subsubheading check option This is the ``check a host's dane tlsa entry.'' option. -This option takes an argument string. +This option takes a string argument. Obtains the DANE TLSA entry from the given hostname and prints information. Note that the actual certificate of the host has to be provided using --load-certificate. @anchor{danetool check-ee} @subsubheading check-ee option @@ -140,12 +140,28 @@ Ignores any DNSSEC signature verification results. @subsubheading local-dns option This is the ``use the local dns server for dnssec resolving.'' option. + +@noindent +This option has some usage constraints. It: +@itemize @bullet +@item +can be disabled with --no-local-dns. +@end itemize + This option will use the local DNS server for DNSSEC. This is disabled by default due to many servers not allowing DNSSEC. @anchor{danetool inder} @subsubheading inder option This is the ``use der format for input certificates and private keys.'' option. + +@noindent +This option has some usage constraints. It: +@itemize @bullet +@item +can be disabled with --no-inder. +@end itemize + The input files will be assumed to be in DER or RAW format. Unlike options that in PEM input would allow multiple input data (e.g. multiple certificates), when reading in DER format a single data structure is read. @@ -173,13 +189,13 @@ This command prints the DANE RR data needed to enable DANE on a DNS server. @subsubheading host option This is the ``specify the hostname to be used in the dane rr'' option. -This option takes an argument string @file{Hostname}. +This option takes a string argument @file{Hostname}. This command sets the hostname for the DANE RR. @anchor{danetool proto} @subsubheading proto option This is the ``the protocol set for dane data (tcp, udp etc.)'' option. -This option takes an argument string @file{Protocol}. +This option takes a string argument @file{Protocol}. This command specifies the protocol for the service set in the DANE data. @anchor{danetool ca} @subsubheading ca option @@ -206,7 +222,9 @@ This is the ``the provided certificate or public key is issued by the local doma This option has some usage constraints. It: @itemize @bullet @item -is enabled by default. +can be disabled with --no-domain. +@item +It is enabled by default. @end itemize DANE distinguishes certificates and public keys offered via the DNSSEC to trusted and local entities. This flag indicates that this is a domain-issued certificate, meaning that there could be no CA involved. diff --git a/doc/invoke-ocsptool.texi b/doc/invoke-ocsptool.texi index f169225c05..3274710515 100644 --- a/doc/invoke-ocsptool.texi +++ b/doc/invoke-ocsptool.texi @@ -6,7 +6,7 @@ # # DO NOT EDIT THIS FILE (invoke-ocsptool.texi) # -# It has been AutoGen-ed December 16, 2013 at 01:40:33 PM by AutoGen 5.18 +# It has been AutoGen-ed January 24, 2014 at 07:12:18 PM by AutoGen 5.18.2 # From the definitions ../src/ocsptool-args.def # and the template file agtexi-cmd.tpl @end ignore @@ -92,13 +92,13 @@ Please send bug reports to: <bugs@@gnutls.org> @subsubheading debug option (-d) This is the ``enable debugging.'' option. -This option takes an argument number. +This option takes a number argument. Specifies the debug level. @anchor{ocsptool ask} @subsubheading ask option This is the ``ask an ocsp/http server on a certificate validity'' option. -This option takes an optional argument string @file{server name|url}. +This option takes an optional string argument @file{server name|url}. @noindent This option has some usage constraints. It: diff --git a/doc/invoke-p11tool.texi b/doc/invoke-p11tool.texi index 128df72896..2842f5c621 100644 --- a/doc/invoke-p11tool.texi +++ b/doc/invoke-p11tool.texi @@ -6,7 +6,7 @@ # # DO NOT EDIT THIS FILE (invoke-p11tool.texi) # -# It has been AutoGen-ed December 16, 2013 at 01:40:37 PM by AutoGen 5.18 +# It has been AutoGen-ed January 24, 2014 at 07:12:22 PM by AutoGen 5.18.2 # From the definitions ../src/p11tool-args.def # and the template file agtexi-cmd.tpl @end ignore @@ -117,7 +117,7 @@ Please send bug reports to: <bugs@@gnutls.org> @subsubheading debug option (-d) This is the ``enable debugging.'' option. -This option takes an argument number. +This option takes a number argument. Specifies the debug level. @anchor{p11tool write} @subsubheading write option @@ -148,7 +148,9 @@ This is the ``marks the object to be written as private'' option. This option has some usage constraints. It: @itemize @bullet @item -is enabled by default. +can be disabled with --no-private. +@item +It is enabled by default. @end itemize The written object will require a PIN to be used. @@ -156,12 +158,20 @@ The written object will require a PIN to be used. @subsubheading sec-param option This is the ``specify the security level'' option. -This option takes an argument string @file{Security parameter}. +This option takes a string argument @file{Security parameter}. This is alternative to the bits option. Available options are [low, legacy, normal, high, ultra]. @anchor{p11tool inder} @subsubheading inder option This is the ``use der/raw format for input'' option. + +@noindent +This option has some usage constraints. It: +@itemize @bullet +@item +can be disabled with --no-inder. +@end itemize + Use DER/RAW format for input certificates and private keys. @anchor{p11tool inraw} @subsubheading inraw option @@ -173,7 +183,7 @@ This is an alias for the @code{inder} option, @subsubheading provider option This is the ``specify the pkcs #11 provider library'' option. -This option takes an argument file. +This option takes a file argument. This will override the default options in /etc/gnutls/pkcs11.conf @anchor{p11tool exit status} @subsubheading p11tool exit status diff --git a/doc/invoke-psktool.texi b/doc/invoke-psktool.texi index 685015ae47..8cc704b45b 100644 --- a/doc/invoke-psktool.texi +++ b/doc/invoke-psktool.texi @@ -6,7 +6,7 @@ # # DO NOT EDIT THIS FILE (invoke-psktool.texi) # -# It has been AutoGen-ed December 16, 2013 at 01:40:36 PM by AutoGen 5.18 +# It has been AutoGen-ed January 24, 2014 at 07:12:21 PM by AutoGen 5.18.2 # From the definitions ../src/psk-args.def # and the template file agtexi-cmd.tpl @end ignore @@ -65,7 +65,7 @@ Please send bug reports to: <bugs@@gnutls.org> @subsubheading debug option (-d) This is the ``enable debugging.'' option. -This option takes an argument number. +This option takes a number argument. Specifies the debug level. @anchor{psktool exit status} @subsubheading psktool exit status diff --git a/doc/invoke-srptool.texi b/doc/invoke-srptool.texi index 9d27258070..0975884105 100644 --- a/doc/invoke-srptool.texi +++ b/doc/invoke-srptool.texi @@ -6,7 +6,7 @@ # # DO NOT EDIT THIS FILE (invoke-srptool.texi) # -# It has been AutoGen-ed December 16, 2013 at 01:40:35 PM by AutoGen 5.18 +# It has been AutoGen-ed January 24, 2014 at 07:12:20 PM by AutoGen 5.18.2 # From the definitions ../src/srptool-args.def # and the template file agtexi-cmd.tpl @end ignore @@ -77,7 +77,7 @@ Please send bug reports to: <bugs@@gnutls.org> @subsubheading debug option (-d) This is the ``enable debugging.'' option. -This option takes an argument number. +This option takes a number argument. Specifies the debug level. @anchor{srptool verify} @subsubheading verify option @@ -88,13 +88,13 @@ Verifies the password provided against the password file. @subsubheading passwd-conf option (-v) This is the ``specify a password conf file.'' option. -This option takes an argument string. +This option takes a string argument. Specify a filename or a PKCS #11 URL to read the CAs from. @anchor{srptool create-conf} @subsubheading create-conf option This is the ``generate a password configuration file.'' option. -This option takes an argument string. +This option takes a string argument. This generates a password configuration file (tpasswd.conf) containing the required for TLS parameters. @anchor{srptool exit status} diff --git a/doc/invoke-tpmtool.texi b/doc/invoke-tpmtool.texi index 37dacae3dd..72e82c50fe 100644 --- a/doc/invoke-tpmtool.texi +++ b/doc/invoke-tpmtool.texi @@ -6,7 +6,7 @@ # # DO NOT EDIT THIS FILE (invoke-tpmtool.texi) # -# It has been AutoGen-ed December 16, 2013 at 01:40:38 PM by AutoGen 5.18 +# It has been AutoGen-ed January 24, 2014 at 07:12:23 PM by AutoGen 5.18.2 # From the definitions ../src/tpmtool-args.def # and the template file agtexi-cmd.tpl @end ignore @@ -85,7 +85,7 @@ Please send bug reports to: <bugs@@gnutls.org> @subsubheading debug option (-d) This is the ``enable debugging.'' option. -This option takes an argument number. +This option takes a number argument. Specifies the debug level. @anchor{tpmtool generate-rsa} @subsubheading generate-rsa option @@ -132,13 +132,21 @@ The generated key will be stored in system persistent storage. @subsubheading sec-param option This is the ``specify the security level [low, legacy, normal, high, ultra].'' option. -This option takes an argument string @file{Security parameter}. +This option takes a string argument @file{Security parameter}. This is alternative to the bits option. Note however that the values allowed by the TPM chip are quantized and given values may be rounded up. @anchor{tpmtool inder} @subsubheading inder option This is the ``use the der format for keys.'' option. + +@noindent +This option has some usage constraints. It: +@itemize @bullet +@item +can be disabled with --no-inder. +@end itemize + The input files will be assumed to be in the portable DER format of TPM. The default format is a custom format used by various TPM tools @@ -146,6 +154,14 @@ TPM tools @subsubheading outder option This is the ``use der format for output keys'' option. + +@noindent +This option has some usage constraints. It: +@itemize @bullet +@item +can be disabled with --no-outder. +@end itemize + The output will be in the TPM portable DER format. @anchor{tpmtool exit status} @subsubheading tpmtool exit status |