| version 1.113, 2013/01/18 08:39:04 |
version 1.114, 2013/01/18 21:48:43 |
|
|
| .Nm |
.Nm |
| will generate a KRL file at the location specified via the |
will generate a KRL file at the location specified via the |
| .Fl f |
.Fl f |
| flag that revokes every key or certificate presented on the command-line. |
flag that revokes every key or certificate presented on the command line. |
| Keys/certificates to be revoked may be specified by public key file or |
Keys/certificates to be revoked may be specified by public key file or |
| using the format described in the |
using the format described in the |
| .Sx KEY REVOCATION LISTS |
.Sx KEY REVOCATION LISTS |
|
|
| Update a KRL. |
Update a KRL. |
| When specified with |
When specified with |
| .Fl k , |
.Fl k , |
| keys listed via the command-line are added to the existing KRL rather than |
keys listed via the command line are added to the existing KRL rather than |
| a new KRL being created. |
a new KRL being created. |
| .It Fl V Ar validity_interval |
.It Fl V Ar validity_interval |
| Specify a validity interval when signing a certificate. |
Specify a validity interval when signing a certificate. |
|
|
| KRLs may be generated using the |
KRLs may be generated using the |
| .Fl k |
.Fl k |
| flag. |
flag. |
| This option reads one or more files from the command-line and generates a new |
This option reads one or more files from the command line and generates a new |
| KRL. |
KRL. |
| The files may either contain a KRL specification (see below) or public keys, |
The files may either contain a KRL specification (see below) or public keys, |
| listed one per line. |
listed one per line. |
|
|
| of serial numbers including and between each is revoked. |
of serial numbers including and between each is revoked. |
| The CA key must have been specified on the |
The CA key must have been specified on the |
| .Nm |
.Nm |
| command-line using the |
command line using the |
| .Fl s |
.Fl s |
| option. |
option. |
| .It Cm id : Ar key_id |
.It Cm id : Ar key_id |
| Revokes a certificate with the specified key ID string. |
Revokes a certificate with the specified key ID string. |
| The CA key must have been specified on the |
The CA key must have been specified on the |
| .Nm |
.Nm |
| command-line using the |
command line using the |
| .Fl s |
.Fl s |
| option. |
option. |
| .It Cm key : Ar public_key |
.It Cm key : Ar public_key |
|
|
| .Fl u |
.Fl u |
| flag in addition to |
flag in addition to |
| .Fl k . |
.Fl k . |
| When this option is specified, keys listed via the command-line are merged into |
When this option is specified, keys listed via the command line are merged into |
| the KRL, adding to those already there. |
the KRL, adding to those already there. |
| .Pp |
.Pp |
| It is also possible, given a KRL, to test whether it revokes a particular key |
It is also possible, given a KRL, to test whether it revokes a particular key |
|
|
| The |
The |
| .Fl Q |
.Fl Q |
| flag will query an existing KRL, testing each key specified on the commandline. |
flag will query an existing KRL, testing each key specified on the commandline. |
| If any key listed on the command-line has been revoked (or an error encountered) |
If any key listed on the command line has been revoked (or an error encountered) |
| then |
then |
| .Nm |
.Nm |
| will exit with a non-zero exit status. |
will exit with a non-zero exit status. |
![[BACK]](/icons/back.gif){kind=icon}
Return to ssh-keygen.1 CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / usr.bin / ssh