aboutsummaryrefslogtreecommitdiffstats
path: root/secure/usr.bin/openssl/man/ts.1
diff options
context:
space:
mode:
Diffstat (limited to 'secure/usr.bin/openssl/man/ts.1')
-rw-r--r--secure/usr.bin/openssl/man/ts.198
1 files changed, 49 insertions, 49 deletions
diff --git a/secure/usr.bin/openssl/man/ts.1 b/secure/usr.bin/openssl/man/ts.1
index 73cc9e5605cd..463ca106586c 100644
--- a/secure/usr.bin/openssl/man/ts.1
+++ b/secure/usr.bin/openssl/man/ts.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.11 (Pod::Simple 3.40)
+.\" Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -133,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "TS 1"
-.TH TS 1 "2020-04-21" "1.1.1g" "OpenSSL"
+.TH TS 1 "2020-09-22" "1.1.1h" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -229,19 +229,19 @@ The \s-1TSA\s0 client computes a one-way hash value for a data file and sends
the hash to the \s-1TSA.\s0
.IP "2." 4
The \s-1TSA\s0 attaches the current date and time to the received hash value,
-signs them and sends the time stamp token back to the client. By
+signs them and sends the timestamp token back to the client. By
creating this token the \s-1TSA\s0 certifies the existence of the original
data file at the time of response generation.
.IP "3." 4
-The \s-1TSA\s0 client receives the time stamp token and verifies the
+The \s-1TSA\s0 client receives the timestamp token and verifies the
signature on it. It also checks if the token contains the same hash
value that it had sent to the \s-1TSA.\s0
.PP
-There is one \s-1DER\s0 encoded protocol data unit defined for transporting a time
-stamp request to the \s-1TSA\s0 and one for sending the time stamp response
+There is one \s-1DER\s0 encoded protocol data unit defined for transporting
+a timestamp request to the \s-1TSA\s0 and one for sending the timestamp response
back to the client. The \fBts\fR command has three main functions:
-creating a time stamp request based on a data file,
-creating a time stamp response based on a request, verifying if a
+creating a timestamp request based on a data file,
+creating a timestamp response based on a request, verifying if a
response corresponds to a particular request or a data file.
.PP
There is no support for sending the requests/responses automatically
@@ -251,7 +251,7 @@ requests either by ftp or e\-mail.
.IX Header "OPTIONS"
.SS "Time Stamp Request generation"
.IX Subsection "Time Stamp Request generation"
-The \fB\-query\fR switch can be used for creating and printing a time stamp
+The \fB\-query\fR switch can be used for creating and printing a timestamp
request with the following options:
.IP "\fB\-rand file...\fR" 4
.IX Item "-rand file..."
@@ -271,7 +271,7 @@ Optional; for a description of the default value,
see \*(L"\s-1COMMAND SUMMARY\*(R"\s0 in \fBopenssl\fR\|(1).
.IP "\fB\-data\fR file_to_hash" 4
.IX Item "-data file_to_hash"
-The data file for which the time stamp request needs to be
+The data file for which the timestamp request needs to be
created. stdin is the default if neither the \fB\-data\fR nor the \fB\-digest\fR
parameter is specified. (Optional)
.IP "\fB\-digest\fR digest_bytes" 4
@@ -289,7 +289,7 @@ The default is \s-1SHA\-1.\s0 (Optional)
.IP "\fB\-tspolicy\fR object_id" 4
.IX Item "-tspolicy object_id"
The policy that the client expects the \s-1TSA\s0 to use for creating the
-time stamp token. Either the dotted \s-1OID\s0 notation or \s-1OID\s0 names defined
+timestamp token. Either the dotted \s-1OID\s0 notation or \s-1OID\s0 names defined
in the config file can be used. If no policy is requested the \s-1TSA\s0 will
use its own default policy. (Optional)
.IP "\fB\-no_nonce\fR" 4
@@ -304,7 +304,7 @@ The \s-1TSA\s0 is expected to include its signing certificate in the
response. (Optional)
.IP "\fB\-in\fR request.tsq" 4
.IX Item "-in request.tsq"
-This option specifies a previously created time stamp request in \s-1DER\s0
+This option specifies a previously created timestamp request in \s-1DER\s0
format that will be printed into the output file. Useful when you need
to examine the content of a request in human-readable
format. (Optional)
@@ -318,13 +318,13 @@ If this option is specified the output is human-readable text format
instead of \s-1DER.\s0 (Optional)
.SS "Time Stamp Response generation"
.IX Subsection "Time Stamp Response generation"
-A time stamp response (TimeStampResp) consists of a response status
-and the time stamp token itself (ContentInfo), if the token generation was
-successful. The \fB\-reply\fR command is for creating a time stamp
-response or time stamp token based on a request and printing the
+A timestamp response (TimeStampResp) consists of a response status
+and the timestamp token itself (ContentInfo), if the token generation was
+successful. The \fB\-reply\fR command is for creating a timestamp
+response or timestamp token based on a request and printing the
response/token in human-readable format. If \fB\-token_out\fR is not
-specified the output is always a time stamp response (TimeStampResp),
-otherwise it is a time stamp token (ContentInfo).
+specified the output is always a timestamp response (TimeStampResp),
+otherwise it is a timestamp token (ContentInfo).
.IP "\fB\-config\fR configfile" 4
.IX Item "-config configfile"
The configuration file to use.
@@ -338,7 +338,7 @@ response generation. If not specified the default \s-1TSA\s0 section is
used, see \fB\s-1CONFIGURATION FILE OPTIONS\s0\fR for details. (Optional)
.IP "\fB\-queryfile\fR request.tsq" 4
.IX Item "-queryfile request.tsq"
-The name of the file containing a \s-1DER\s0 encoded time stamp request. (Optional)
+The name of the file containing a \s-1DER\s0 encoded timestamp request. (Optional)
.IP "\fB\-passin\fR password_src" 4
.IX Item "-passin password_src"
Specifies the password source for the private key of the \s-1TSA.\s0 See
@@ -376,18 +376,18 @@ either in dotted notation or with its name. Overrides the
\&\fBdefault_policy\fR config file option. (Optional)
.IP "\fB\-in\fR response.tsr" 4
.IX Item "-in response.tsr"
-Specifies a previously created time stamp response or time stamp token
+Specifies a previously created timestamp response or timestamp token
(if \fB\-token_in\fR is also specified) in \s-1DER\s0 format that will be written
to the output file. This option does not require a request, it is
useful e.g. when you need to examine the content of a response or
-token or you want to extract the time stamp token from a response. If
-the input is a token and the output is a time stamp response a default
+token or you want to extract the timestamp token from a response. If
+the input is a token and the output is a timestamp response a default
\&'granted' status info is added to the token. (Optional)
.IP "\fB\-token_in\fR" 4
.IX Item "-token_in"
This flag can be used together with the \fB\-in\fR option and indicates
-that the input is a \s-1DER\s0 encoded time stamp token (ContentInfo) instead
-of a time stamp response (TimeStampResp). (Optional)
+that the input is a \s-1DER\s0 encoded timestamp token (ContentInfo) instead
+of a timestamp response (TimeStampResp). (Optional)
.IP "\fB\-out\fR response.tsr" 4
.IX Item "-out response.tsr"
The response is written to this file. The format and content of the
@@ -395,7 +395,7 @@ file depends on other options (see \fB\-text\fR, \fB\-token_out\fR). The default
stdout. (Optional)
.IP "\fB\-token_out\fR" 4
.IX Item "-token_out"
-The output is a time stamp token (ContentInfo) instead of time stamp
+The output is a timestamp token (ContentInfo) instead of timestamp
response (TimeStampResp). (Optional)
.IP "\fB\-text\fR" 4
.IX Item "-text"
@@ -409,8 +409,8 @@ thus initialising it if needed. The engine will then be set as the default
for all available algorithms. Default is builtin. (Optional)
.SS "Time Stamp Response verification"
.IX Subsection "Time Stamp Response verification"
-The \fB\-verify\fR command is for verifying if a time stamp response or time
-stamp token is valid and matches a particular time stamp request or
+The \fB\-verify\fR command is for verifying if a timestamp response or
+timestamp token is valid and matches a particular timestamp request or
data file. The \fB\-verify\fR command does not use the configuration file.
.IP "\fB\-data\fR file_to_hash" 4
.IX Item "-data file_to_hash"
@@ -426,16 +426,16 @@ specified in the token. The \fB\-data\fR and \fB\-queryfile\fR options must not
specified with this one. (Optional)
.IP "\fB\-queryfile\fR request.tsq" 4
.IX Item "-queryfile request.tsq"
-The original time stamp request in \s-1DER\s0 format. The \fB\-data\fR and \fB\-digest\fR
+The original timestamp request in \s-1DER\s0 format. The \fB\-data\fR and \fB\-digest\fR
options must not be specified with this one. (Optional)
.IP "\fB\-in\fR response.tsr" 4
.IX Item "-in response.tsr"
-The time stamp response that needs to be verified in \s-1DER\s0 format. (Mandatory)
+The timestamp response that needs to be verified in \s-1DER\s0 format. (Mandatory)
.IP "\fB\-token_in\fR" 4
.IX Item "-token_in"
This flag can be used together with the \fB\-in\fR option and indicates
-that the input is a \s-1DER\s0 encoded time stamp token (ContentInfo) instead
-of a time stamp response (TimeStampResp). (Optional)
+that the input is a \s-1DER\s0 encoded timestamp token (ContentInfo) instead
+of a timestamp response (TimeStampResp). (Optional)
.IP "\fB\-CApath\fR trusted_cert_path" 4
.IX Item "-CApath trusted_cert_path"
The name of the directory containing the trusted \s-1CA\s0 certificates of the
@@ -494,7 +494,7 @@ See \fBca\fR\|(1) for description. (Optional)
.IP "\fBserial\fR" 4
.IX Item "serial"
The name of the file containing the hexadecimal serial number of the
-last time stamp response created. This number is incremented by 1 for
+last timestamp response created. This number is incremented by 1 for
each response. If the file does not exist at the time of response
generation a new file is created with serial number 1. (Mandatory)
.IP "\fBcrypto_device\fR" 4
@@ -541,7 +541,7 @@ the components is missing zero is assumed for that field. (Optional)
.IP "\fBclock_precision_digits\fR" 4
.IX Item "clock_precision_digits"
Specifies the maximum number of digits, which represent the fraction of
-seconds, that need to be included in the time field. The trailing zeroes
+seconds, that need to be included in the time field. The trailing zeros
must be removed from the time, so there might actually be fewer digits,
or no fraction of seconds at all. Supported only on \s-1UNIX\s0 platforms.
The maximum value is 6, default is 0.
@@ -576,7 +576,7 @@ configuration file, e.g. the example configuration file
openssl/apps/openssl.cnf will do.
.SS "Time Stamp Request"
.IX Subsection "Time Stamp Request"
-To create a time stamp request for design1.txt with \s-1SHA\-1\s0
+To create a timestamp request for design1.txt with \s-1SHA\-1\s0
without nonce and policy and no certificate is required in the response:
.PP
.Vb 2
@@ -584,7 +584,7 @@ without nonce and policy and no certificate is required in the response:
\& \-out design1.tsq
.Ve
.PP
-To create a similar time stamp request with specifying the message imprint
+To create a similar timestamp request with specifying the message imprint
explicitly:
.PP
.Vb 2
@@ -598,7 +598,7 @@ To print the content of the previous request in human readable format:
\& openssl ts \-query \-in design1.tsq \-text
.Ve
.PP
-To create a time stamp request which includes the \s-1MD\-5\s0 digest
+To create a timestamp request which includes the \s-1MD\-5\s0 digest
of design2.txt, requests the signer certificate and nonce,
specifies a policy id (assuming the tsa_policy1 name is defined in the
\&\s-1OID\s0 section of the config file):
@@ -623,7 +623,7 @@ below assume that cacert.pem contains the certificate of the \s-1CA,\s0
tsacert.pem is the signing certificate issued by cacert.pem and
tsakey.pem is the private key of the \s-1TSA.\s0
.PP
-To create a time stamp response for a request:
+To create a timestamp response for a request:
.PP
.Vb 2
\& openssl ts \-reply \-queryfile design1.tsq \-inkey tsakey.pem \e
@@ -636,31 +636,31 @@ If you want to use the settings in the config file you could just write:
\& openssl ts \-reply \-queryfile design1.tsq \-out design1.tsr
.Ve
.PP
-To print a time stamp reply to stdout in human readable format:
+To print a timestamp reply to stdout in human readable format:
.PP
.Vb 1
\& openssl ts \-reply \-in design1.tsr \-text
.Ve
.PP
-To create a time stamp token instead of time stamp response:
+To create a timestamp token instead of timestamp response:
.PP
.Vb 1
\& openssl ts \-reply \-queryfile design1.tsq \-out design1_token.der \-token_out
.Ve
.PP
-To print a time stamp token to stdout in human readable format:
+To print a timestamp token to stdout in human readable format:
.PP
.Vb 1
\& openssl ts \-reply \-in design1_token.der \-token_in \-text \-token_out
.Ve
.PP
-To extract the time stamp token from a response:
+To extract the timestamp token from a response:
.PP
.Vb 1
\& openssl ts \-reply \-in design1.tsr \-out design1_token.der \-token_out
.Ve
.PP
-To add 'granted' status info to a time stamp token thereby creating a
+To add 'granted' status info to a timestamp token thereby creating a
valid response:
.PP
.Vb 1
@@ -668,25 +668,25 @@ valid response:
.Ve
.SS "Time Stamp Verification"
.IX Subsection "Time Stamp Verification"
-To verify a time stamp reply against a request:
+To verify a timestamp reply against a request:
.PP
.Vb 2
\& openssl ts \-verify \-queryfile design1.tsq \-in design1.tsr \e
\& \-CAfile cacert.pem \-untrusted tsacert.pem
.Ve
.PP
-To verify a time stamp reply that includes the certificate chain:
+To verify a timestamp reply that includes the certificate chain:
.PP
.Vb 2
\& openssl ts \-verify \-queryfile design2.tsq \-in design2.tsr \e
\& \-CAfile cacert.pem
.Ve
.PP
-To verify a time stamp token against the original data file:
+To verify a timestamp token against the original data file:
openssl ts \-verify \-data design2.txt \-in design2.tsr \e
\-CAfile cacert.pem
.PP
-To verify a time stamp token against a message imprint:
+To verify a timestamp token against a message imprint:
openssl ts \-verify \-digest b7e5d3f93198b38379852f2c04e78d73abdd0f4b \e
\-in design2.tsr \-CAfile cacert.pem
.PP
@@ -694,7 +694,7 @@ You could also look at the 'test' directory for more examples.
.SH "BUGS"
.IX Header "BUGS"
.IP "\(bu" 2
-No support for time stamps over \s-1SMTP,\s0 though it is quite easy
+No support for timestamps over \s-1SMTP,\s0 though it is quite easy
to implement an automatic e\-mail based \s-1TSA\s0 with \fBprocmail\fR\|(1)
and \fBperl\fR\|(1). \s-1HTTP\s0 server support is provided in the form of
a separate apache module. \s-1HTTP\s0 client support is provided by
@@ -702,7 +702,7 @@ a separate apache module. \s-1HTTP\s0 client support is provided by
.IP "\(bu" 2
The file containing the last serial number of the \s-1TSA\s0 is not
locked when being read or written. This is a problem if more than one
-instance of \fBopenssl\fR\|(1) is trying to create a time stamp
+instance of \fBopenssl\fR\|(1) is trying to create a timestamp
response at the same time. This is not an issue when using the apache
server module, it does proper locking.
.IP "\(bu" 2
@@ -719,7 +719,7 @@ test/testtsa).
\&\fBconfig\fR\|(5)
.SH "COPYRIGHT"
.IX Header "COPYRIGHT"
-Copyright 2006\-2019 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2006\-2020 The OpenSSL Project Authors. All Rights Reserved.
.PP
Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use
this file except in compliance with the License. You can obtain a copy