- jmc@cvs.openbsd.org 2013/01/18 07:57:47

[ssh-keygen.1] tweak previous;
author: Damien Miller <djm@mindrot.org> 2013-01-20 22:33:02 +1100
committer: Damien Miller <djm@mindrot.org> 2013-01-20 22:33:02 +1100
commit: ac5542b6b879636144cef61ea318ecf177518b50 (patch)
tree: 65f9c77c50ba2fe0f8570e4b1a688c34ff8e68cc /ssh-keygen.1
parent: da5cc5d09a193f29d1a1e1c5a96e06980d240816 (diff)
1 files changed, 16 insertions, 15 deletions
diff --git a/ssh-keygen.1 b/ssh-keygen.1
index 52f4b6ea6..ac97678d3 100644
--- a/ssh-keygen.1
+++ b/ssh-keygen.1
@@ -1,4 +1,4 @@
-.\"     $OpenBSD: ssh-keygen.1,v 1.111 2013/01/17 23:00:01 djm Exp $
+.\"     $OpenBSD: ssh-keygen.1,v 1.112 2013/01/18 07:57:47 jmc Exp $
 .\"
 .\" Author: Tatu Ylonen <ylo@cs.hut.fi>
 .\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -35,7 +35,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: January 17 2013 $
+.Dd $Mdocdate: January 18 2013 $
 .Dt SSH-KEYGEN 1
 .Os
 .Sh NAME
@@ -126,8 +126,8 @@
 .Fl k
 .Fl f Ar krl_file
 .Op Fl u
-.Op Fl s ca_public
+.Op Fl s Ar ca_public
-.Op Fl z version_number
+.Op Fl z Ar version_number
 .Ar
 .Nm ssh-keygen
 .Fl Q
@@ -158,7 +158,8 @@ section for details.
 Finally,
 .Nm
 can be used to generate and update Key Revocation Lists, and to test whether
-given keys have been revoked by one. See the
+given keys have been revoked by one.
+See the
 .Sx KEY REVOCATION LISTS
 section for details.
 .Pp
@@ -480,7 +481,7 @@ section for details.
 .Pp
 When generating a KRL,
 .Fl s
-specifies a path to a CA public key file used to revoke certificated directly
+specifies a path to a CA public key file used to revoke certificates directly
 by key ID or serial number.
 See the
 .Sx KEY REVOCATION LISTS
@@ -499,6 +500,12 @@ for protocol version 1 and
 or
 .Dq rsa
 for protocol version 2.
+.It Fl u
+Update a KRL.
+When specified with
+.Fl k ,
+keys listed via the command-line are added to the existing KRL rather than
+a new KRL being created.
 .It Fl V Ar validity_interval
 Specify a validity interval when signing a certificate.
 A validity interval may consist of a single time, indicating that the
@@ -522,12 +529,6 @@ For example:
 (valid from 12:30 PM, January 1st, 2010 to 12:30 PM, January 1st, 2011),
 .Dq -1d:20110101
 (valid from yesterday to midnight, January 1st, 2011).
-.It Fl u
-Update a KRL.
-When specified with
-.Fl k ,
-keys listed via the command-line are added to the existing KRL rather than
-a new KRL being created.
 .It Fl v
 Verbose mode.
 Causes
@@ -689,7 +690,7 @@ Please refer to those manual pages for details.
 .Nm
 is able to manage OpenSSH format Key Revocation Lists (KRLs).
 These binary files specify keys or certificates to be revoked using a
-compact format; taking as little a one bit per certificate if they are being
+compact format, taking as little a one bit per certificate if they are being
 revoked by serial number.
 .Pp
 KRLs may be generated using the
@@ -712,7 +713,7 @@ followed by a colon and some directive-specific information.
 .Bl -tag -width Ds
 .It Cm serial : Ar serial_number Op -serial_number
 Revokes a certificate with the specified serial number.
-Serial numbers are 64 bit values, not including zero and may be expressed
+Serial numbers are 64-bit values, not including zero and may be expressed
 in decimal, hex or octal.
 If two serial numbers are specified separated by a hyphen, then the range
 of serial numbers including and between each is revoked.
@@ -730,7 +731,7 @@ command-line using the
 option.
 .It Cm key : Ar public_key
 Revokes the specified key.
-In a certificate is listed, then it is revoked as a plain public key.
+If a certificate is listed, then it is revoked as a plain public key.
 .It Cm sha1 : Ar public_key
 Revokes the specified key by its SHA1 hash.
 .El
author	Damien Miller <djm@mindrot.org>	2013-01-20 22:33:02 +1100
committer	Damien Miller <djm@mindrot.org>	2013-01-20 22:33:02 +1100
commit	ac5542b6b879636144cef61ea318ecf177518b50 (patch)
tree	65f9c77c50ba2fe0f8570e4b1a688c34ff8e68cc /ssh-keygen.1
parent	da5cc5d09a193f29d1a1e1c5a96e06980d240816 (diff)

diff --git a/ssh-keygen.1 b/ssh-keygen.1 index 52f4b6ea6..ac97678d3 100644 --- a/ssh-keygen.1 +++ b/ssh-keygen.1
@@ -1,4 +1,4 @@
1	.\" $OpenBSD: ssh-keygen.1,v 1.111 2013/01/17 23:00:01 djm Exp $	1	.\" $OpenBSD: ssh-keygen.1,v 1.112 2013/01/18 07:57:47 jmc Exp $
2	.\"	2	.\"
3	.\" Author: Tatu Ylonen <ylo@cs.hut.fi>	3	.\" Author: Tatu Ylonen <ylo@cs.hut.fi>
4	.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland	4	.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -35,7 +35,7 @@
35	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF	35	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
36	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.	36	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
37	.\"	37	.\"
38	.Dd $Mdocdate: January 17 2013 $	38	.Dd $Mdocdate: January 18 2013 $
39	.Dt SSH-KEYGEN 1	39	.Dt SSH-KEYGEN 1
40	.Os	40	.Os
41	.Sh NAME	41	.Sh NAME
@@ -126,8 +126,8 @@
126	.Fl k	126	.Fl k
127	.Fl f Ar krl_file	127	.Fl f Ar krl_file
128	.Op Fl u	128	.Op Fl u
129	.Op Fl s ca_public	129	.Op Fl s Ar ca_public
130	.Op Fl z version_number	130	.Op Fl z Ar version_number
131	.Ar	131	.Ar
132	.Nm ssh-keygen	132	.Nm ssh-keygen
133	.Fl Q	133	.Fl Q
@@ -158,7 +158,8 @@ section for details.
158	Finally,	158	Finally,
159	.Nm	159	.Nm
160	can be used to generate and update Key Revocation Lists, and to test whether	160	can be used to generate and update Key Revocation Lists, and to test whether
161	given keys have been revoked by one. See the	161	given keys have been revoked by one.
		162	See the
162	.Sx KEY REVOCATION LISTS	163	.Sx KEY REVOCATION LISTS
163	section for details.	164	section for details.
164	.Pp	165	.Pp
@@ -480,7 +481,7 @@ section for details.
480	.Pp	481	.Pp
481	When generating a KRL,	482	When generating a KRL,
482	.Fl s	483	.Fl s
483	specifies a path to a CA public key file used to revoke certificated directly	484	specifies a path to a CA public key file used to revoke certificates directly
484	by key ID or serial number.	485	by key ID or serial number.
485	See the	486	See the
486	.Sx KEY REVOCATION LISTS	487	.Sx KEY REVOCATION LISTS
@@ -499,6 +500,12 @@ for protocol version 1 and
499	or	500	or
500	.Dq rsa	501	.Dq rsa
501	for protocol version 2.	502	for protocol version 2.
		503	.It Fl u
		504	Update a KRL.
		505	When specified with
		506	.Fl k ,
		507	keys listed via the command-line are added to the existing KRL rather than
		508	a new KRL being created.
502	.It Fl V Ar validity_interval	509	.It Fl V Ar validity_interval
503	Specify a validity interval when signing a certificate.	510	Specify a validity interval when signing a certificate.
504	A validity interval may consist of a single time, indicating that the	511	A validity interval may consist of a single time, indicating that the
@@ -522,12 +529,6 @@ For example:
522	(valid from 12:30 PM, January 1st, 2010 to 12:30 PM, January 1st, 2011),	529	(valid from 12:30 PM, January 1st, 2010 to 12:30 PM, January 1st, 2011),
523	.Dq -1d:20110101	530	.Dq -1d:20110101
524	(valid from yesterday to midnight, January 1st, 2011).	531	(valid from yesterday to midnight, January 1st, 2011).
525	.It Fl u
526	Update a KRL.
527	When specified with
528	.Fl k ,
529	keys listed via the command-line are added to the existing KRL rather than
530	a new KRL being created.
531	.It Fl v	532	.It Fl v
532	Verbose mode.	533	Verbose mode.
533	Causes	534	Causes
@@ -689,7 +690,7 @@ Please refer to those manual pages for details.
689	.Nm	690	.Nm
690	is able to manage OpenSSH format Key Revocation Lists (KRLs).	691	is able to manage OpenSSH format Key Revocation Lists (KRLs).
691	These binary files specify keys or certificates to be revoked using a	692	These binary files specify keys or certificates to be revoked using a
692	compact format; taking as little a one bit per certificate if they are being	693	compact format, taking as little a one bit per certificate if they are being
693	revoked by serial number.	694	revoked by serial number.
694	.Pp	695	.Pp
695	KRLs may be generated using the	696	KRLs may be generated using the
@@ -712,7 +713,7 @@ followed by a colon and some directive-specific information.
712	.Bl -tag -width Ds	713	.Bl -tag -width Ds
713	.It Cm serial : Ar serial_number Op -serial_number	714	.It Cm serial : Ar serial_number Op -serial_number
714	Revokes a certificate with the specified serial number.	715	Revokes a certificate with the specified serial number.
715	Serial numbers are 64 bit values, not including zero and may be expressed	716	Serial numbers are 64-bit values, not including zero and may be expressed
716	in decimal, hex or octal.	717	in decimal, hex or octal.
717	If two serial numbers are specified separated by a hyphen, then the range	718	If two serial numbers are specified separated by a hyphen, then the range
718	of serial numbers including and between each is revoked.	719	of serial numbers including and between each is revoked.
@@ -730,7 +731,7 @@ command-line using the
730	option.	731	option.
731	.It Cm key : Ar public_key	732	.It Cm key : Ar public_key
732	Revokes the specified key.	733	Revokes the specified key.
733	In a certificate is listed, then it is revoked as a plain public key.	734	If a certificate is listed, then it is revoked as a plain public key.
734	.It Cm sha1 : Ar public_key	735	.It Cm sha1 : Ar public_key
735	Revokes the specified key by its SHA1 hash.	736	Revokes the specified key by its SHA1 hash.
736	.El	737	.El