diff options
Diffstat (limited to 'man')
-rw-r--r-- | man/rules/meson.build | 1 | ||||
-rw-r--r-- | man/systemd-keyutil.xml | 105 | ||||
-rw-r--r-- | man/systemd-measure.xml | 10 | ||||
-rw-r--r-- | man/systemd-sbsign.xml | 16 |
4 files changed, 106 insertions, 26 deletions
diff --git a/man/rules/meson.build b/man/rules/meson.build index 7d2c62f574..e76cb0223b 100644 --- a/man/rules/meson.build +++ b/man/rules/meson.build @@ -992,6 +992,7 @@ manpages = [ 'systemd-journald@.service', 'systemd-journald@.socket'], ''], + ['systemd-keyutil', '1', [], ''], ['systemd-localed.service', '8', ['systemd-localed'], 'ENABLE_LOCALED'], ['systemd-logind.service', '8', ['systemd-logind'], 'ENABLE_LOGIND'], ['systemd-machine-id-commit.service', '8', [], ''], diff --git a/man/systemd-keyutil.xml b/man/systemd-keyutil.xml new file mode 100644 index 0000000000..99d4d903b4 --- /dev/null +++ b/man/systemd-keyutil.xml @@ -0,0 +1,105 @@ +<?xml version='1.0'?> <!--*-nxml-*--> +<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" + "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd"> +<!-- SPDX-License-Identifier: LGPL-2.1-or-later --> + +<refentry id="systemd-keyutil" + xmlns:xi="http://www.w3.org/2001/XInclude"> + <refentryinfo> + <title>systemd-keyutil</title> + <productname>systemd</productname> + </refentryinfo> + + <refmeta> + <refentrytitle>systemd-keyutil</refentrytitle> + <manvolnum>1</manvolnum> + </refmeta> + + <refnamediv> + <refname>systemd-keyutil</refname> + <refpurpose>Perform various operations on private keys and X.509 certificates</refpurpose> + </refnamediv> + + <refsynopsisdiv> + <cmdsynopsis> + <command>systemd-keyutil</command> + <arg choice="opt" rep="repeat">OPTIONS</arg> + <arg choice="req">COMMAND</arg> + </cmdsynopsis> + </refsynopsisdiv> + + <refsect1> + <title>Description</title> + + <para><command>systemd-keyutil</command> can be used to perform various operations on private keys and + X.509 certificates.</para> + </refsect1> + + <refsect1> + <title>Commands</title> + + <variablelist> + <varlistentry> + <term><option>validate</option></term> + + <listitem><para>Checks that we can load the private key and certificate specified with + <option>--private-key=</option> and <option>--certificate=</option> respectively.</para> + + <para>As a side effect, if the private key is loaded from a PIN-protected hardware token, this + command can be used to cache the PIN in the kernel keyring. The + <varname>$SYSTEMD_ASK_PASSWORD_KEYRING_TIMEOUT_SEC</varname> and + <varname>$SYSTEMD_ASK_PASSWORD_KEYRING_TYPE</varname> environment variables can be used to control + how long and in which kernel keyring the PIN is cached.</para> + + <xi:include href="version-info.xml" xpointer="v257"/> + </listitem> + </varlistentry> + + <varlistentry> + <term><command>public</command></term> + + <listitem><para>This commands prints the public key in PEM format extracted from either the + certificate given with <option>--certificate=</option> or the private key given with + <option>--private-key=</option>.</para> + + <xi:include href="version-info.xml" xpointer="v257"/></listitem> + </varlistentry> + </variablelist> + </refsect1> + + <refsect1> + <title>Options</title> + <para>The following options are understood:</para> + + <variablelist> + <varlistentry> + <term><option>--private-key=<replaceable>PATH/URI</replaceable></option></term> + <term><option>--private-key-source=<replaceable>TYPE</replaceable>[:<replaceable>NAME</replaceable>]</option></term> + <term><option>--certificate=<replaceable>PATH</replaceable></option></term> + <term><option>--certificate-source=<replaceable>TYPE</replaceable>[:<replaceable>NAME</replaceable>]</option></term> + + <listitem><para>Set the private key and certificate to use. The <option>--certificate=</option> + option takes a path to a PEM encoded X.509 certificate or a URI that's passed to the OpenSSL provider + configured with <option>--certificate-source</option>. The <option>--certificate-source</option> + takes one of <literal>file</literal> or <literal>provider</literal>, with the latter being followed + by a specific provider identifier, separated with a colon, e.g. <literal>provider:pkcs11</literal>. + The <option>--private-key=</option> option can take a path or a URI that will be passed to the + OpenSSL engine or provider, as specified by <option>--private-key-source=</option> as a + <literal>type:name</literal> tuple, such as <literal>engine:pkcs11</literal></para>. + + <xi:include href="version-info.xml" xpointer="v257"/></listitem> + </varlistentry> + + <xi:include href="standard-options.xml" xpointer="help"/> + <xi:include href="standard-options.xml" xpointer="version"/> + </variablelist> + </refsect1> + + <refsect1> + <title>See Also</title> + <para><simplelist type="inline"> + <member><citerefentry><refentrytitle>systemd-sbsign</refentrytitle><manvolnum>1</manvolnum></citerefentry></member> + <member><citerefentry><refentrytitle>systemd-measure</refentrytitle><manvolnum>1</manvolnum></citerefentry></member> + </simplelist></para> + </refsect1> +</refentry> diff --git a/man/systemd-measure.xml b/man/systemd-measure.xml index 5ca373f181..c7e5a5e9e2 100644 --- a/man/systemd-measure.xml +++ b/man/systemd-measure.xml @@ -104,16 +104,6 @@ <xi:include href="version-info.xml" xpointer="v252"/></listitem> </varlistentry> - - <varlistentry> - <term><command>pcrpkey</command></term> - - <listitem><para>This commands prints the public key either given with <option>--public-key=</option>, - or extracted from the certificate given with <option>--certificate=</option> or the private key given - with <option>--private-key=</option>.</para> - - <xi:include href="version-info.xml" xpointer="v257"/></listitem> - </varlistentry> </variablelist> </refsect1> diff --git a/man/systemd-sbsign.xml b/man/systemd-sbsign.xml index 1248377845..57b685f8c3 100644 --- a/man/systemd-sbsign.xml +++ b/man/systemd-sbsign.xml @@ -49,22 +49,6 @@ <xi:include href="version-info.xml" xpointer="v257"/> </listitem> </varlistentry> - - <varlistentry> - <term><option>validate-key</option></term> - - <listitem><para>Checks that we can load the private key specified with - <option>--private-key=</option>. </para> - - <para>As a side effect, if the private key is loaded from a PIN-protected hardware token, this - command can be used to cache the PIN in the kernel keyring. The - <varname>$SYSTEMD_ASK_PASSWORD_KEYRING_TIMEOUT_SEC</varname> and - <varname>$SYSTEMD_ASK_PASSWORD_KEYRING_TYPE</varname> environment variables can be used to control - how long and in which kernel keyring the PIN is cached.</para> - - <xi:include href="version-info.xml" xpointer="v257"/> - </listitem> - </varlistentry> </variablelist> </refsect1> |