wanboot_p12split(1M) System Administration Commands wanboot_p12split(1M)NAME
wanboot_p12split - split a PKCS #12 file into separate certificate and key files
SYNOPSIS
/usr/lib/inet/wanboot/p12split -i p12file -c out_cert -k out_key [-t out_trust -l id -v]
DESCRIPTION
The p12split utility extracts a certificate and private key from the repository specified by p12file, depositing the certificate in
out_cert and the key in out_key. If supplied, the -l option specifies the value for the LocalKeyId that will be used in the new certificate
and key files. p12split can optionally extract a trust certificate into the out_trust file if the -t option is specified. Use the -v option
to get a verbose description of the split displayed to standard output.
OPTIONS
The following arguments and options are supported:
-c out_cert
Specifies a repository that receives a extracted certificate.
-i p12file
Specifies a repository from which a certificate and private key is extracted.
-k out_key
Specifies a repository that receives a extracted private key.
-l id
Specifies the value for the LocalKeyId that will be used in the new certificate and key files.
-t out_trust
Specifies a file for receiving an extracted trust certificate.
-v
Displays a verbose description of the split to sdtout.
EXIT STATUS
0
Successful operation.
>0
An error occurred.
ATTRIBUTES
See attributes(5) for descriptions of the following attributes:
+-----------------------------+-----------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+-----------------------------+-----------------------------+
|Availability |SUNWwbsup |
+-----------------------------+-----------------------------+
|Interface Stability |Unstable |
+-----------------------------+-----------------------------+
SEE ALSO attributes(5)SunOS 5.10 18 Apr 2003 wanboot_p12split(1M)
Check Out this Related Man Page
NBSVTOOL(1) BSD General Commands Manual NBSVTOOL(1)NAME
nbsvtool -- create and verify detached signatures of files
SYNOPSIS
nbsvtool [-v] [-a anchor-certificates] [-c certificate-chain] [-f certificate-file] [-k private-key-file] [-u required-key-usage] command
args ...
DESCRIPTION
nbsvtool is used to create and verify detached X509 signatures of files. Private keys and certificates are expected to be PEM encoded, sig-
natures are in PEM/SMIME format.
Supported commands:
sign file Sign file, placing the signature in file.sp7. The options -f and -k are required for this command.
verify file [signature] Verify signature for file. If signature is not specified, file.sp7 is used.
verify-code file [signature] This is a short cut for verify with the option -u code.
Supported options:
-a anchor-certificates A file containing one or more (concatenated) keys that are considered trusted.
-c certificate-chain A file containing additional certificates that will be added to the signature when creating one. They will be
used to fill missing links in the trust chain when verifying the signature.
-f certificate-file A file containing the certificate to use for signing. The certificate must match the key given by -k.
-k private-key-file A file containing the private key to use for signing.
-u required-key-usage Verify that the extended key-usage attribute in the signing certificate matches required-key-usage. Otherwise,
the signature is rejected. key usage can be one of: ``ssl-server'', ``ssl-client'', ``code'', or ``smime''.
-v Print verbose information about the signing certificate.
EXIT STATUS
The nbsvtool utility exits 0 on success, and >0 if an error occurs.
EXAMPLES
Create signature file hello.sp7 for file hello. The private key is found in file key, the matching certificate is in cert, additional cer-
tificates from cert-chain are included in the created signature.
nbsvtool -k key -f cert -c cert-chain sign hello hello.sp7
Verify that the signature hello.sp7 is valid for file hello and that the signing certificate allows code signing. Certificates in
anchor-file are considered trusted, and there must be a certificate chain from one of those certificates to the signing certificate.
nbsvtool -a anchor-file verify-code hello hello.sp7
SEE ALSO openssl_smime(1)CAVEATS
As there is currently no default trust anchor, you must explicilty specify one with -a, otherwise no verification can succeed.
BSD March 11, 2009 BSD