Changes between Initial Version and Version 1 of CreddyDoc


Ignore:
Timestamp:
Jul 17, 2013 12:32:50 PM (9 years ago)
Author:
Mei
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • CreddyDoc

    v1 v1  
     1
     2
     3
     4User Commands                                           creddy(1)
     5
     6
     7
     8NAME
     9     creddy - ABAC X.509 identity and XML  attribute  certificate
     10     manager (for cool kids)
     11
     12
     13SYNOPSIS
     14     creddy [ --<mode> ] --help
     15
     16
     17DESCRIPTION
     18     creddy is an awesome and wonderful ABAC  credential  manage-
     19     ment  tool.  It creates, verifies, and otherwise frobnicates
     20     X.509 identity and XML attribute certificates. The output of
     21     the  tool  is  suitable for use with ABAC. Additionally, the
     22     self-signed X.509 identity certs  (with  associated  private
     23     keys) can be used with OpenSSL.
     24
     25
     26OPTIONS
     27  --generate
     28     Generate an X.509 identity cert and private  key  pair.  The
     29     certificate  is saved in ${cn}_id.pem and the private key is
     30     saved in ${cn}_private.pem.
     31
     32     Note that private key generation is slow and uses a  lot  of
     33     entropy. You can generate entropy by moving your mouse a lot
     34     or running large find commands on your local file systems.
     35
     36
     37     --cn common name used on certificate, provided as a conveni-
     38          ence and ignored by ABAC
     39
     40
     41     --validity
     42          optional certificate validity. This  argument  takes  a
     43          time period followed by an optional suffix of s m h d y
     44          (defaults to d if omitted). The default is 1080 days.
     45
     46
     47     --out
     48          optional output directory. Must exist  before  invoking
     49          the command.
     50
     51
     52  --verify
     53     verify the signature on a self-signed X.509 identity cert or
     54     an X.509 attribute cert
     55
     56
     57     --cert
     58          self-signed X.509 identity cert
     59
     60
     61
     62
     63
     64
     65
     66
     67
     68
     69
     70
     71     --attrcert
     72          optional XML  attribute  cert.  If  omitted  the  self-
     73          signature of the ID cert is checked
     74
     75
     76  --keyid
     77     extract the subjectKeyIdentifier (SHA1 hash) from  an  X.509
     78     identity cert
     79
     80
     81     --cert
     82          X.509 identity cert
     83
     84
     85  --attribute
     86     generate a XML attribute cert representing an  ABAC  creden-
     87     tial
     88
     89     An attribute cert has one or more subjects. A single subject
     90     may  be  defined  without  a  role.  Otherwise, subjects are
     91     defined by a pair of a  --subject-{cert,id}  and  --subject-
     92     role.  Providing  multiple  subjects creates an intersection
     93     certificate.
     94
     95
     96     --issuer
     97          X.509 identity cert issuing the credential
     98
     99
     100     --key
     101          private key associated with issuer cert
     102
     103
     104     --role
     105          role in issuer's local attribute space
     106
     107
     108     --subject-cert
     109          X.509 identity cert representing the principal to which
     110          the  role  is being issued. This fulfills the same pur-
     111          pose as --subject-id and should only be used  once  per
     112          subject.
     113
     114
     115     --subject-id
     116          public key identifier (SHA1 hash) of the  principal  to
     117          which  the role is being issued. This fulfills the same
     118          purpose as --subject-cert and should only be used  once
     119          per subject.
     120
     121
     122     --subject-role
     123
     124
     125
     126
     127
     128
     129
     130
     131
     132
     133
     134          optional role in subject's local  attribute  space.  If
     135          the  issuer  is  A,  role  is  r1,  subject  is  B, and
     136          subject-role is r2, the attribute issued will  be  A.r1
     137          <- B.r2.
     138
     139
     140     --validity
     141          optional certificate validity. This  argument  takes  a
     142          time period followed by an optional suffix of s m h d y
     143          (defaults to d if omitted). The default is 365 days.
     144
     145
     146     --out
     147          where to save the  XML  attribute  cert.  In  order  to
     148          interoperate  with  the  rest of ABAC, this name should
     149          end in _attr.xml.
     150
     151
     152
     153  --roles
     154     Extract the roles from an XML attribute cert
     155
     156
     157     --cert
     158          XML attribute cert containing ABAC roles
     159
     160
     161  --display
     162     Displays metadata from an X.509 identity  or  XML  attribute
     163     cert
     164
     165
     166     --show=[issuer,..,all]
     167          comma-separated list of:
     168
     169              issuer      DN of issuer
     170              subject     DN of subject
     171              validity    validity period
     172              roles       attribute cert roles (fails silently on
     173          ID certs)
     174              all         all of the above
     175
     176
     177     --cert
     178          X.509 identity or XML attribute cert
     179
     180
     181  --version
     182     display ABAC/creddy version
     183
     184
     185
     186
     187
     188
     189
     190
     191
     192
     193
     194
     195
     196
     197EXAMPLES
     198     Generate ID cert and private key pairs:
     199
     200          creddy --generate --cn Alice
     201          creddy --generate --cn Bob
     202
     203
     204     Issue the credential Alice.friend <- Bob
     205
     206          creddy --attribute \
     207                 --issuer Alice_ID.pem --key Alice_private.pem \
     208                 --role friend --subject-cert Bob_ID.pem \
     209                 --out Alice_friend__Bob_attr.der
     210
     211
     212AUTHOR
     213     Written by Mike Ryan, Edited by Mei-Hui Su <mei@ISI.EDU>
     214
     215
     216BUGS
     217     None yet. Report to http://abac.deterlab.net/
     218
     219
     220COPYRIGHT
     221     Copyright (c) 2010-2013 USC/ISI. Released under MIT license.
     222     See COPYING included with source for details.
     223
     224
     225
     226
     227
     228
     229
     230
     231
     232
     233
     234
     235
     236
     237
     238
     239
     240
     241
     242
     243
     244
     245
     246
     247
     248
     249
     250
     251ABAC 0.1.5           Last change: July 2013                     4
     252
     253