Visit Our UNIX and Linux User Community

Linux and UNIX Man Pages

Test Your Knowledge in Computers #783
Difficulty: Medium
Microsoft launched its first retail version of Microsoft Windows in 1983.
True or False?
Linux & Unix Commands - Search Man Pages

openssl_spki_new(3) [php man page]

OPENSSL_SPKI_NEW(3)							 1						       OPENSSL_SPKI_NEW(3)

openssl_spki_new - Generate a new signed public key and challenge

SYNOPSIS
string openssl_spki_new (resource &$privkey, string &$challenge, [int $algorithm]) DESCRIPTION
Generates a signed public key and challenge using specified hashing algorithm PARAMETERS
o $privkey -$privkey should be set to a private key that was previously generated by openssl_pkey_new(3) (or otherwise obtained from the other openssl_pkey family of functions). The corresponding public portion of the key will be used to sign the CSR. o $challenge - The challenge associated to associate with the SPKAC o $algorithm - The digest algorithm. See openssl_get_md_method(). RETURN VALUES
Returns a signed public key and challenge string or NULL on failure. ERRORS
/EXCEPTIONS Emits an E_WARNING level error if an unknown signature algorithm is passed via the $algorithm parameter. EXAMPLES
Example #1 openssl_spki_new(3) example Generate a new SPKAC with the default digest (MD5) <?php $pkey = openssl_pkey_new('secret password'); $spkac = openssl_spki_new($pkey, 'testing'); if ($spkac !== NULL) { echo $spkac; } else { echo "SPKAC generation failed"; } ?> The above example will output something similar to: MIICRzCCAS8wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDM3V3sS4o4 mB9dczziRnjGAmSp+JwPrHoYMAFGvDNmZGyiWfU586X4BKs++BAj7e/FsAfno0Hd hN9FwpCNFSox30L03nQvLYJE7f/WqigwBeMRT7Op/xvFks4sT70xP2HRYv4KqP9a WRcKU6cFH8VxhFhqM2txEIxZKdFLaL28yT7bEDmcglf4JLDdgNMb9rET1dkgtKE6 dOaJHPGjf1uvnOH4YwkQr7n4sLUR3Kdbh0ZJAFuQVDZulo+LLzxBBkqJJcB6FhF+ oXCdHTKZnqAhpWDz+NXYytAmevab6IYm5TWPWsJUv1YKJA5lg2mXbbloIZlN9Mgc i9fi03bdw+crAgMBAAEWB3Rlc3RpbmcwDQYJKoZIhvcNAQEEBQADggEBALyUvP/o pPSoWBlorFyZ2RnGwKf9qMpE0q2IJP7G3oDR4LyK/m933DUiZ+YnqThrH/CWb4Ek y5I3OCyl3S4wCuU1ibZZwDVwYShr5ELp0J9PEf7qMQZOhNsizoC7k+Czb2xB6hYW sKfsfTKm3cXBtH3fdgc/Z1Z7VSWnAzYo38snqm72NTf5yFRnrQdphNNXi+kn1zHA lxXRyFDXHOcYsOnwAWfyXFA4QDHQ0ezz0UoCY8gJXovcZb4GRYqOLUAsF2HcNboy 29WN8VqE29sL9QxVZFlwMcqyoLcNnyw38GvNvAGqSvzzbnEFP2MAQXJVe0H0hdp/ MML5G2iNVgNozAo= SEE ALSO
openssl_spki_new(3), openssl_spki_export_challenge(3), openssl_spki_export(3), openssl_csr_new(3), openssl_csr_sign(3). PHP Documentation Group OPENSSL_SPKI_NEW(3)

Check Out this Related Man Page

SPKAC(1)							      OpenSSL								  SPKAC(1)

NAME
spkac - SPKAC printing and generating utility LIBRARY
libcrypto, -lcrypto SYNOPSIS
openssl spkac [-in filename] [-out filename] [-key keyfile] [-passin arg] [-challenge string] [-pubkey] [-spkac spkacname] [-spksect section] [-noout] [-verify] [-engine id] DESCRIPTION
The spkac command processes Netscape signed public key and challenge (SPKAC) files. It can print out their contents, verify the signature and produce its own SPKACs from a supplied private key. COMMAND OPTIONS
-in filename This specifies the input filename to read from or standard input if this option is not specified. Ignored if the -key option is used. -out filename specifies the output filename to write to or standard output by default. -key keyfile create an SPKAC file using the private key in keyfile. The -in, -noout, -spksect and -verify options are ignored if present. -passin password the input file password source. For more information about the format of arg see the PASS PHRASE ARGUMENTS section in openssl(1). -challenge string specifies the challenge string if an SPKAC is being created. -spkac spkacname allows an alternative name form the variable containing the SPKAC. The default is "SPKAC". This option affects both generated and input SPKAC files. -spksect section allows an alternative name form the section containing the SPKAC. The default is the default section. -noout don't output the text version of the SPKAC (not used if an SPKAC is being created). -pubkey output the public key of an SPKAC (not used if an SPKAC is being created). -verify verifies the digital signature on the supplied SPKAC. -engine id specifying an engine (by its unique id string) will cause spkac to attempt to obtain a functional reference to the specified engine, thus initialising it if needed. The engine will then be set as the default for all available algorithms. EXAMPLES
Print out the contents of an SPKAC: openssl spkac -in spkac.cnf Verify the signature of an SPKAC: openssl spkac -in spkac.cnf -noout -verify Create an SPKAC using the challenge string "hello": openssl spkac -key key.pem -challenge hello -out spkac.cnf Example of an SPKAC, (long lines split up for clarity): SPKAC=MIG5MGUwXDANBgkqhkiG9w0BAQEFAANLADBIAkEA1cCoq2Wa3Ixs47uI7F PVwHVIPDx5yso105Y6zpozam135a8R0CpoRvkkigIyXfcCjiVi5oWk+6FfPaD03u PFoQIDAQABFgVoZWxsbzANBgkqhkiG9w0BAQQFAANBAFpQtY/FojdwkJh1bEIYuc 2EeM2KHTWPEepWYeawvHD0gQ3DngSC75YCWnnDdq+NQ3F+X4deMx9AaEglZtULwV 4= NOTES
A created SPKAC with suitable DN components appended can be fed into the ca utility. SPKACs are typically generated by Netscape when a form is submitted containing the KEYGEN tag as part of the certificate enrollment process. The challenge string permits a primitive form of proof of possession of private key. By checking the SPKAC signature and a random challenge string some guarantee is given that the user knows the private key corresponding to the public key being certified. This is important in some applications. Without this it is possible for a previous SPKAC to be used in a "replay attack". SEE ALSO
openssl_ca(1) 1.0.1i 2009-07-20 SPKAC(1)

Featured Tech Videos