Changes between Initial Version and Version 1 of CreddyDoc

Timestamp:

Jul 17, 2013 12:32:50 PM (11 years ago)

Author:

Mei

Comment:

--

CreddyDoc

@@ +1 @@
+
+
+
+User Commands                                           creddy(1)
+
+
+
+NAME
+     creddy - ABAC X.509 identity and XML  attribute  certificate
+     manager (for cool kids)
+
+
+SYNOPSIS
+     creddy [ --<mode> ] --help
+
+
+DESCRIPTION
+     creddy is an awesome and wonderful ABAC  credential  manage-
+     ment  tool.  It creates, verifies, and otherwise frobnicates
+     X.509 identity and XML attribute certificates. The output of
+     the  tool  is  suitable for use with ABAC. Additionally, the
+     self-signed X.509 identity certs  (with  associated  private
+     keys) can be used with OpenSSL.
+
+
+OPTIONS
+  --generate
+     Generate an X.509 identity cert and private  key  pair.  The
+     certificate  is saved in ${cn}_id.pem and the private key is
+     saved in ${cn}_private.pem.
+
+     Note that private key generation is slow and uses a  lot  of
+     entropy. You can generate entropy by moving your mouse a lot
+     or running large find commands on your local file systems.
+
+
+     --cn common name used on certificate, provided as a conveni-
+          ence and ignored by ABAC
+
+
+     --validity
+          optional certificate validity. This  argument  takes  a
+          time period followed by an optional suffix of s m h d y
+          (defaults to d if omitted). The default is 1080 days.
+
+
+     --out
+          optional output directory. Must exist  before  invoking
+          the command.
+
+
+  --verify
+     verify the signature on a self-signed X.509 identity cert or
+     an X.509 attribute cert
+
+
+     --cert
+          self-signed X.509 identity cert
+
+
+
+
+
+
+
+
+
+
+
+
+     --attrcert
+          optional XML  attribute  cert.  If  omitted  the  self-
+          signature of the ID cert is checked
+
+
+  --keyid
+     extract the subjectKeyIdentifier (SHA1 hash) from  an  X.509
+     identity cert
+
+
+     --cert
+          X.509 identity cert
+
+
+  --attribute
+     generate a XML attribute cert representing an  ABAC  creden-
+     tial
+
+     An attribute cert has one or more subjects. A single subject
+     may  be  defined  without  a  role.  Otherwise, subjects are
+     defined by a pair of a  --subject-{cert,id}  and  --subject-
+     role.  Providing  multiple  subjects creates an intersection
+     certificate.
+
+
+     --issuer
+          X.509 identity cert issuing the credential
+
+
+     --key
+          private key associated with issuer cert
+
+
+     --role
+          role in issuer's local attribute space
+
+
+     --subject-cert
+          X.509 identity cert representing the principal to which
+          the  role  is being issued. This fulfills the same pur-
+          pose as --subject-id and should only be used  once  per
+          subject.
+
+
+     --subject-id
+          public key identifier (SHA1 hash) of the  principal  to
+          which  the role is being issued. This fulfills the same
+          purpose as --subject-cert and should only be used  once
+          per subject.
+
+
+     --subject-role
+
+
+
+
+
+
+
+
+
+
+
+          optional role in subject's local  attribute  space.  If
+          the  issuer  is  A,  role  is  r1,  subject  is  B, and
+          subject-role is r2, the attribute issued will  be  A.r1
+          <- B.r2.
+
+
+     --validity
+          optional certificate validity. This  argument  takes  a
+          time period followed by an optional suffix of s m h d y
+          (defaults to d if omitted). The default is 365 days.
+
+
+     --out
+          where to save the  XML  attribute  cert.  In  order  to
+          interoperate  with  the  rest of ABAC, this name should
+          end in _attr.xml.
+
+
+
+  --roles
+     Extract the roles from an XML attribute cert
+
+
+     --cert
+          XML attribute cert containing ABAC roles
+
+
+  --display
+     Displays metadata from an X.509 identity  or  XML  attribute
+     cert
+
+
+     --show=[issuer,..,all]
+          comma-separated list of:
+
+              issuer      DN of issuer
+              subject     DN of subject
+              validity    validity period
+              roles       attribute cert roles (fails silently on
+          ID certs)
+              all         all of the above
+
+
+     --cert
+          X.509 identity or XML attribute cert
+
+
+  --version
+     display ABAC/creddy version
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+EXAMPLES
+     Generate ID cert and private key pairs:
+
+          creddy --generate --cn Alice
+          creddy --generate --cn Bob
+
+
+     Issue the credential Alice.friend <- Bob
+
+          creddy --attribute \
+                 --issuer Alice_ID.pem --key Alice_private.pem \
+                 --role friend --subject-cert Bob_ID.pem \
+                 --out Alice_friend__Bob_attr.der
+
+
+AUTHOR
+     Written by Mike Ryan, Edited by Mei-Hui Su <mei@ISI.EDU>
+
+
+BUGS
+     None yet. Report to http://abac.deterlab.net/
+
+
+COPYRIGHT
+     Copyright (c) 2010-2013 USC/ISI. Released under MIT license.
+     See COPYING included with source for details.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ABAC 0.1.5           Last change: July 2013                     4
+
+