#
# DO NOT EDIT THIS FILE (invoke-certtool.texi)
#
-# It has been AutoGen-ed November 23, 2013 at 10:34:46 AM by AutoGen 5.18.2
+# It has been AutoGen-ed December 16, 2013 at 01:40:32 PM by AutoGen 5.18
# From the definitions ../src/certtool-args.def
# and the template file agtexi-cmd.tpl
@end ignore
@subsubheading debug option (-d)
This is the ``enable debugging.'' option.
-This option takes a number argument.
+This option takes an argument number.
Specifies the debug level.
@anchor{certtool generate-request}
@subsubheading generate-request option (-q)
@subsubheading load-privkey option
This is the ``loads a private key file'' option.
-This option takes a string argument.
+This option takes an argument string.
This can be either a file or a PKCS #11 URL
@anchor{certtool load-pubkey}
@subsubheading load-pubkey option
This is the ``loads a public key file'' option.
-This option takes a string argument.
+This option takes an argument string.
This can be either a file or a PKCS #11 URL
@anchor{certtool load-certificate}
@subsubheading load-certificate option
This is the ``loads a certificate file'' option.
-This option takes a string argument.
+This option takes an argument string.
This can be either a file or a PKCS #11 URL
@anchor{certtool load-ca-privkey}
@subsubheading load-ca-privkey option
This is the ``loads the certificate authority's private key file'' option.
-This option takes a string argument.
+This option takes an argument string.
This can be either a file or a PKCS #11 URL
@anchor{certtool load-ca-certificate}
@subsubheading load-ca-certificate option
This is the ``loads the certificate authority's certificate file'' option.
-This option takes a string argument.
+This option takes an argument string.
This can be either a file or a PKCS #11 URL
@anchor{certtool cprint}
@subsubheading cprint option
@subsubheading hash option
This is the ``hash algorithm to use for signing.'' option.
-This option takes a string argument.
+This option takes an argument string.
Available hash functions are SHA1, RMD160, SHA256, SHA384, SHA512.
@anchor{certtool inder}
@subsubheading inder option
This is the ``use der format for input certificates and private keys.'' option.
-
-@noindent
-This option has some usage constraints. It:
-@itemize @bullet
-@item
-can be disabled with --no-inder.
-@end itemize
-
The input files will be assumed to be in DER or RAW format.
Unlike options that in PEM input would allow multiple input data (e.g. multiple
certificates), when reading in DER format a single data structure is read.
@subsubheading outder option
This is the ``use der format for output certificates and private keys'' option.
-
-@noindent
-This option has some usage constraints. It:
-@itemize @bullet
-@item
-can be disabled with --no-outder.
-@end itemize
-
The output will be in DER or RAW format.
@anchor{certtool outraw}
@subsubheading outraw option
@subsubheading sec-param option
This is the ``specify the security level [low, legacy, normal, high, ultra].'' option.
-This option takes a string argument @file{Security parameter}.
+This option takes an argument string @file{Security parameter}.
This is alternative to the bits option.
@anchor{certtool pkcs-cipher}
@subsubheading pkcs-cipher option
This is the ``cipher to use for pkcs #8 and #12 operations'' option.
-This option takes a string argument @file{Cipher}.
+This option takes an argument string @file{Cipher}.
Cipher may be one of 3des, 3des-pkcs12, aes-128, aes-192, aes-256, rc2-40, arcfour.
@anchor{certtool exit status}
@subsubheading certtool exit status
#
# DO NOT EDIT THIS FILE (invoke-danetool.texi)
#
-# It has been AutoGen-ed November 23, 2013 at 10:34:53 AM by AutoGen 5.18.2
+# It has been AutoGen-ed December 16, 2013 at 01:40:34 PM by AutoGen 5.18
# From the definitions ../src/danetool-args.def
# and the template file agtexi-cmd.tpl
@end ignore
@subsubheading debug option (-d)
This is the ``enable debugging.'' option.
-This option takes a number argument.
+This option takes an argument number.
Specifies the debug level.
@anchor{danetool load-pubkey}
@subsubheading load-pubkey option
This is the ``loads a public key file'' option.
-This option takes a string argument.
+This option takes an argument string.
This can be either a file or a PKCS #11 URL
@anchor{danetool load-certificate}
@subsubheading load-certificate option
This is the ``loads a certificate file'' option.
-This option takes a string argument.
+This option takes an argument string.
This can be either a file or a PKCS #11 URL
@anchor{danetool dlv}
@subsubheading dlv option
This is the ``sets a dlv file'' option.
-This option takes a string argument.
+This option takes an argument string.
This sets a DLV file to be used for DNSSEC verification.
@anchor{danetool hash}
@subsubheading hash option
This is the ``hash algorithm to use for signing.'' option.
-This option takes a string argument.
+This option takes an argument string.
Available hash functions are SHA1, RMD160, SHA256, SHA384, SHA512.
@anchor{danetool check}
@subsubheading check option
This is the ``check a host's dane tlsa entry.'' option.
-This option takes a string argument.
+This option takes an argument string.
Obtains the DANE TLSA entry from the given hostname and prints information. Note that the actual certificate of the host has to be provided using --load-certificate.
@anchor{danetool check-ee}
@subsubheading check-ee option
@subsubheading local-dns option
This is the ``use the local dns server for dnssec resolving.'' option.
-
-@noindent
-This option has some usage constraints. It:
-@itemize @bullet
-@item
-can be disabled with --no-local-dns.
-@end itemize
-
This option will use the local DNS server for DNSSEC.
This is disabled by default due to many servers not allowing DNSSEC.
@anchor{danetool inder}
@subsubheading inder option
This is the ``use der format for input certificates and private keys.'' option.
-
-@noindent
-This option has some usage constraints. It:
-@itemize @bullet
-@item
-can be disabled with --no-inder.
-@end itemize
-
The input files will be assumed to be in DER or RAW format.
Unlike options that in PEM input would allow multiple input data (e.g. multiple
certificates), when reading in DER format a single data structure is read.
@subsubheading host option
This is the ``specify the hostname to be used in the dane rr'' option.
-This option takes a string argument @file{Hostname}.
+This option takes an argument string @file{Hostname}.
This command sets the hostname for the DANE RR.
@anchor{danetool proto}
@subsubheading proto option
This is the ``the protocol set for dane data (tcp, udp etc.)'' option.
-This option takes a string argument @file{Protocol}.
+This option takes an argument string @file{Protocol}.
This command specifies the protocol for the service set in the DANE data.
@anchor{danetool ca}
@subsubheading ca option
This option has some usage constraints. It:
@itemize @bullet
@item
-can be disabled with --no-domain.
-@item
-It is enabled by default.
+is enabled by default.
@end itemize
DANE distinguishes certificates and public keys offered via the DNSSEC to trusted and local entities. This flag indicates that this is a domain-issued certificate, meaning that there could be no CA involved.
#
# DO NOT EDIT THIS FILE (invoke-gnutls-cli-debug.texi)
#
-# It has been AutoGen-ed November 23, 2013 at 10:34:44 AM by AutoGen 5.18.2
+# It has been AutoGen-ed December 16, 2013 at 01:40:29 PM by AutoGen 5.18
# From the definitions ../src/cli-debug-args.def
# and the template file agtexi-cmd.tpl
@end ignore
@subheading debug option (-d)
This is the ``enable debugging.'' option.
-This option takes a number argument.
+This option takes an argument number.
Specifies the debug level.
@anchor{gnutls-cli-debug exit status}
@subheading gnutls-cli-debug exit status
#
# DO NOT EDIT THIS FILE (invoke-gnutls-cli.texi)
#
-# It has been AutoGen-ed November 23, 2013 at 10:34:43 AM by AutoGen 5.18.2
+# It has been AutoGen-ed December 16, 2013 at 01:40:28 PM by AutoGen 5.18
# From the definitions ../src/cli-args.def
# and the template file agtexi-cmd.tpl
@end ignore
@subheading debug option (-d)
This is the ``enable debugging.'' option.
-This option takes a number argument.
+This option takes an argument number.
Specifies the debug level.
@anchor{gnutls-cli tofu}
@subheading tofu option
This is the ``enable trust on first use authentication'' option.
-
-@noindent
-This option has some usage constraints. It:
-@itemize @bullet
-@item
-can be disabled with --no-tofu.
-@end itemize
-
This option will, in addition to certificate authentication, perform authentication based on previously seen public keys, a model similar to SSH authentication.
@anchor{gnutls-cli dane}
@subheading dane option
This is the ``enable dane certificate verification (dnssec)'' option.
-
-@noindent
-This option has some usage constraints. It:
-@itemize @bullet
-@item
-can be disabled with --no-dane.
-@end itemize
-
This option will, in addition to certificate authentication using
the trusted CAs, verify the server certificates using on the DANE information
available via DNSSEC.
@subheading local-dns option
This is the ``use the local dns server for dnssec resolving.'' option.
-
-@noindent
-This option has some usage constraints. It:
-@itemize @bullet
-@item
-can be disabled with --no-local-dns.
-@end itemize
-
This option will use the local DNS server for DNSSEC.
This is disabled by default due to many servers not allowing DNSSEC.
@anchor{gnutls-cli ca-verification}
This option has some usage constraints. It:
@itemize @bullet
@item
-can be disabled with --no-ca-verification.
-@item
-It is enabled by default.
+is enabled by default.
@end itemize
This option will disable CA certificate verification. It is to be used with the --dane or --tofu options.
@subheading ocsp option
This is the ``enable ocsp certificate verification'' option.
-
-@noindent
-This option has some usage constraints. It:
-@itemize @bullet
-@item
-can be disabled with --no-ocsp.
-@end itemize
-
This option will enable verification of the peer's certificate using ocsp
@anchor{gnutls-cli resume}
@subheading resume option (-r)
@subheading dh-bits option
This is the ``the minimum number of bits allowed for dh'' option.
-This option takes a number argument.
+This option takes an argument number.
This option sets the minimum number of bits allowed for a Diffie-Hellman key exchange. You may want to lower the default value if the peer sends a weak prime and you get an connection error with unacceptable prime.
@anchor{gnutls-cli priority}
@subheading priority option
This is the ``priorities string'' option.
-This option takes a string argument.
+This option takes an argument string.
TLS algorithms and protocols to enable. You can
use predefined sets of ciphersuites such as PERFORMANCE,
NORMAL, SECURE128, SECURE256.
#
# DO NOT EDIT THIS FILE (invoke-gnutls-serv.texi)
#
-# It has been AutoGen-ed November 23, 2013 at 10:34:45 AM by AutoGen 5.18.2
+# It has been AutoGen-ed December 16, 2013 at 01:40:30 PM by AutoGen 5.18
# From the definitions ../src/serv-args.def
# and the template file agtexi-cmd.tpl
@end ignore
@subheading debug option (-d)
This is the ``enable debugging.'' option.
-This option takes a number argument.
+This option takes an argument number.
Specifies the debug level.
@anchor{gnutls-serv heartbeat}
@subheading heartbeat option (-b)
@subheading priority option
This is the ``priorities string'' option.
-This option takes a string argument.
+This option takes an argument string.
TLS algorithms and protocols to enable. You can
use predefined sets of ciphersuites such as PERFORMANCE,
NORMAL, SECURE128, SECURE256.
@subheading ocsp-response option
This is the ``the ocsp response to send to client'' option.
-This option takes a file argument.
+This option takes an argument file.
If the client requested an OCSP response, return data from this file to the client.
@anchor{gnutls-serv list}
@subheading list option (-l)
#
# DO NOT EDIT THIS FILE (invoke-ocsptool.texi)
#
-# It has been AutoGen-ed November 23, 2013 at 10:34:48 AM by AutoGen 5.18.2
+# It has been AutoGen-ed December 16, 2013 at 01:40:33 PM by AutoGen 5.18
# From the definitions ../src/ocsptool-args.def
# and the template file agtexi-cmd.tpl
@end ignore
@subsubheading debug option (-d)
This is the ``enable debugging.'' option.
-This option takes a number argument.
+This option takes an argument number.
Specifies the debug level.
@anchor{ocsptool ask}
@subsubheading ask option
This is the ``ask an ocsp/http server on a certificate validity'' option.
-This option takes an optional string argument @file{server name|url}.
+This option takes an optional argument string @file{server name|url}.
@noindent
This option has some usage constraints. It:
#
# DO NOT EDIT THIS FILE (invoke-p11tool.texi)
#
-# It has been AutoGen-ed November 23, 2013 at 10:34:50 AM by AutoGen 5.18.2
+# It has been AutoGen-ed December 16, 2013 at 01:40:37 PM by AutoGen 5.18
# From the definitions ../src/p11tool-args.def
# and the template file agtexi-cmd.tpl
@end ignore
@subsubheading debug option (-d)
This is the ``enable debugging.'' option.
-This option takes a number argument.
+This option takes an argument number.
Specifies the debug level.
@anchor{p11tool write}
@subsubheading write option
This option has some usage constraints. It:
@itemize @bullet
@item
-can be disabled with --no-private.
-@item
-It is enabled by default.
+is enabled by default.
@end itemize
The written object will require a PIN to be used.
@subsubheading sec-param option
This is the ``specify the security level'' option.
-This option takes a string argument @file{Security parameter}.
+This option takes an argument string @file{Security parameter}.
This is alternative to the bits option. Available options are [low, legacy, normal, high, ultra].
@anchor{p11tool inder}
@subsubheading inder option
This is the ``use der/raw format for input'' option.
-
-@noindent
-This option has some usage constraints. It:
-@itemize @bullet
-@item
-can be disabled with --no-inder.
-@end itemize
-
Use DER/RAW format for input certificates and private keys.
@anchor{p11tool inraw}
@subsubheading inraw option
@subsubheading provider option
This is the ``specify the pkcs #11 provider library'' option.
-This option takes a file argument.
+This option takes an argument file.
This will override the default options in /etc/gnutls/pkcs11.conf
@anchor{p11tool exit status}
@subsubheading p11tool exit status
#
# DO NOT EDIT THIS FILE (invoke-psktool.texi)
#
-# It has been AutoGen-ed November 23, 2013 at 10:34:49 AM by AutoGen 5.18.2
+# It has been AutoGen-ed December 16, 2013 at 01:40:36 PM by AutoGen 5.18
# From the definitions ../src/psk-args.def
# and the template file agtexi-cmd.tpl
@end ignore
@subsubheading debug option (-d)
This is the ``enable debugging.'' option.
-This option takes a number argument.
+This option takes an argument number.
Specifies the debug level.
@anchor{psktool exit status}
@subsubheading psktool exit status
#
# DO NOT EDIT THIS FILE (invoke-srptool.texi)
#
-# It has been AutoGen-ed November 23, 2013 at 10:34:47 AM by AutoGen 5.18.2
+# It has been AutoGen-ed December 16, 2013 at 01:40:35 PM by AutoGen 5.18
# From the definitions ../src/srptool-args.def
# and the template file agtexi-cmd.tpl
@end ignore
@subsubheading debug option (-d)
This is the ``enable debugging.'' option.
-This option takes a number argument.
+This option takes an argument number.
Specifies the debug level.
@anchor{srptool verify}
@subsubheading verify option
@subsubheading passwd-conf option (-v)
This is the ``specify a password conf file.'' option.
-This option takes a string argument.
+This option takes an argument string.
Specify a filename or a PKCS #11 URL to read the CAs from.
@anchor{srptool create-conf}
@subsubheading create-conf option
This is the ``generate a password configuration file.'' option.
-This option takes a string argument.
+This option takes an argument string.
This generates a password configuration file (tpasswd.conf)
containing the required for TLS parameters.
@anchor{srptool exit status}
#
# DO NOT EDIT THIS FILE (invoke-tpmtool.texi)
#
-# It has been AutoGen-ed November 23, 2013 at 10:34:52 AM by AutoGen 5.18.2
+# It has been AutoGen-ed December 16, 2013 at 01:40:38 PM by AutoGen 5.18
# From the definitions ../src/tpmtool-args.def
# and the template file agtexi-cmd.tpl
@end ignore
@subsubheading debug option (-d)
This is the ``enable debugging.'' option.
-This option takes a number argument.
+This option takes an argument number.
Specifies the debug level.
@anchor{tpmtool generate-rsa}
@subsubheading generate-rsa option
@subsubheading sec-param option
This is the ``specify the security level [low, legacy, normal, high, ultra].'' option.
-This option takes a string argument @file{Security parameter}.
+This option takes an argument string @file{Security parameter}.
This is alternative to the bits option. Note however that the
values allowed by the TPM chip are quantized and given values may be rounded up.
@anchor{tpmtool inder}
@subsubheading inder option
This is the ``use the der format for keys.'' option.
-
-@noindent
-This option has some usage constraints. It:
-@itemize @bullet
-@item
-can be disabled with --no-inder.
-@end itemize
-
The input files will be assumed to be in the portable
DER format of TPM. The default format is a custom format used by various
TPM tools
@subsubheading outder option
This is the ``use der format for output keys'' option.
-
-@noindent
-This option has some usage constraints. It:
-@itemize @bullet
-@item
-can be disabled with --no-outder.
-@end itemize
-
The output will be in the TPM portable DER format.
@anchor{tpmtool exit status}
@subsubheading tpmtool exit status
projects / thirdparty / gnutls.git / commitdiff
