Login or Register to Ask a Question and Join Our Community

Linux and UNIX Man Pages

Linux & Unix Commands - Search Man Pages

lcp_crtpollist(8) [centos man page]

LCP_CRTPOLLIST(8)						   User Manuals 						 LCP_CRTPOLLIST(8)

NAME

       lcp_crtpollist - create an Intel(R) TXT policy list

SYNOPSIS

       lcp_crtpollist COMMAND [OPTION]

DESCRIPTION

       lcp_crtpollist is used to create an Intel(R) TXT policy list.

OPTIONS

       --create
	      Create an TXT policy list. The following options are available:

	      --out file	policy list file

	      [--ver version]	version

	      [file]... 	policy element files

       --sigh Sign an TXT policy list.

	      --pub key-file	PEM file of public key

	      --out file	policy list file

	      [--priv key-file] PEM file of private key

	      [--rev rev-ctr]	revocation counter value

	      [--nosig] 	don't add SigBlock

       --addsig

	      --sig file	file containing signature (big-endian)

	      --out file	policy list file

       --show file
	      policy list file

       --help Print out the help message.

       --verbose
	      Enable verbose output; can be specified with any command.

EXAMPLES

   Create policy list:
       Assuming  there have been two element file mle.elt and pconf.elt generated by lcp_crtpolelt(8) The following example can create an unsigned
       policy list:

       lcp_crtpollist --create --out list-unsig.lst mle.elt pconf.elt

   Sign policy list:
       Unsigned policy list can be signed by the command lcp_crtpollist(8) or openssl(1).  The openssl(1) signing is supported for cases where the
       signing	environment  is  separate  from  the  policy creation environment and the software allowed to run there is strictly controlled and
       already supports openssl(1).

       The following example uses openssl(1) to sign the list:

       1   openssl rsa -pubout -in privkey.pem -out pubkey.pem

       2   cp list-unsig.lst list-sig.lst
       3   lcp_crtpollist --sigh --pub pubkey.pem --nosig --out list-sig.lst
       4   openssl genrsa -out privkey.pem 2048
       5   openssl dgst -sha1 -sign privkey.pem -out list.sig list-sig.lst
       6   lcp_crtpollist --addsig --sig list.sig --out list-sig.lst

       lcp_crtpollist can also be used to sigh a policy list. The following example are intended to be mutually exclusive with the preceding exam-
       ple.

       1   openssl genrsa -out privkey.pem 2048
       2   openssl rsa -pubout -in privkey.pem -out pubkey.pem
       3   cp list-unsig.lst list-sig.lst
       4   lcp_crtpollist --sign --pub pubkey.pem --priv privkey.pem --out list-sig.lst

SEE ALSO

       lcp_crtpol2(8), lcp_crtpolelt(8), lcp_crtpollist(8), openssl(1).

tboot								    2011-12-31							 LCP_CRTPOLLIST(8)

Check Out this Related Man Page

PKCS1-CONV(1)							   Nettle tools 						     PKCS1-CONV(1)

NAME

       pkcs1-conv - convert keys from PKCS#1 format to s-expression format

SYNOPSIS

       pkcs1-conv [{--private-rsa-key|--public-rsa-key|--public-key-info} [--base-64]] < FILE

DESCRIPTION

       This  manual page documents briefly the pkcs1-conv command.  This manual page was written for the Debian GNU/Linux distribution because the
       original program does not have a manual page.

       pkcs1-conv converts private and public RSA keys from PKCS #1 format to sexp format.

OPTIONS

       This program follows the usual GNU command line syntax, with long options starting with two dashes (`-').

       By default pkcs1-conv expects a PEM-encapsulated RSA key on standard input, and will determine its type from the  Pre-Encapsulation  Bound-
       ary.  To convert a DER-encoded (non PEM-encoded) key, one of the first three options below must be used:

       --private-rsa-key
	      Specify  that a DER-encoded RSAPrivateKey, as defined by PKCS #1 (RFC 3447), and described in section A.1.2 of its appendix A, is to
	      be expected as input.

       --public-rsa-key
	      Specify that a DER-encoded RSAPublicKey, as defined by PKCS #1 (RFC 3447), and described in section A.1.1 of its appendix A,  is	to
	      be expected as input.

       --public-key-info
	      Specify  that a DER-encoded SubjectPublicKeyInfo, as defined by PKCS #6, and described in section A.1 of its appendix A, encapsulat-
	      ing an RSAPublicKey, is to be expected as input.

       --base-64
	      Together with --private-rsa-key, --public-rsa-key, or --public-key-info, specify that base64 encoding is applied on top of  the  DER
	      encoding.

       -?, --help
	      Show summary of options (not implemented).

       -V, --version
	      Show version of program.

DIAGNOSTICS

       pkcs1-conv  will  complain and exit with a status of 1 if the input doesn't match expectations. In PEM mode (when no option is used), if no
       PEM block is found, pkcs1-conv will output nothing but exit with a zero status.

EXAMPLES

       $ openssl genrsa -out privkey.pem
       $ pkcs1-conv < privkey.pem > privkey.sexp
       $ openssl rsa -in privkey.pem -outform DER -out privkey.der
       $ openssl rsa -in privkey.pem -outform DER -pubout -out pubkey.der
       $ pkcs1-conv --rsa-private-key < privkey.der > privkey.sexp
       $ pkcs1-conv --public-key-info < pubkey.der > pubkey.sexp

SEE ALSO

       ssh-conv(1), sexp-conv(1), rsa(1SSL), genrsa(1SSL), RFC 3447.

AUTHOR

       This manual page was written by Magnus Holmgren <holmgren@debian.org> for the Debian GNU/Linux system (but may be used by others).

COPYRIGHT

       Copyright (C) 2007 Magnus Holmgren.

       Copying and distribution of this file, with or without modification, are permitted in any medium without  royalty  provided  the  copyright
       notice and this notice are preserved.

nettle 1.15							     June 2007							     PKCS1-CONV(1)
Man Page