diff options
author | james <james@e7ae566f-a301-0410-adde-c780ea21d3b5> | 2005-10-13 08:38:41 +0000 |
---|---|---|
committer | james <james@e7ae566f-a301-0410-adde-c780ea21d3b5> | 2005-10-13 08:38:41 +0000 |
commit | ce98fd24bd72d479805cb121ca8e118826f1ed76 (patch) | |
tree | b109113870455d2c5595a0833301f234353578e3 /openvpn.8 | |
parent | Renamed plugin to plugins to work around (diff) | |
download | openvpn-ce98fd24bd72d479805cb121ca8e118826f1ed76.tar.xz |
Merged PKCS#11 patch.
Pre-2.1_beta3
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@604 e7ae566f-a301-0410-adde-c780ea21d3b5
Diffstat (limited to '')
-rw-r--r-- | openvpn.8 | 88 |
1 files changed, 88 insertions, 0 deletions
@@ -202,6 +202,13 @@ openvpn \- secure IP tunnel daemon. [\ \fB\-\-ping\-restart\fR\ \fIn\fR\ ] [\ \fB\-\-ping\-timer\-rem\fR\ ] [\ \fB\-\-ping\fR\ \fIn\fR\ ] +[\ \fB\-\-pkcs11\-providers\fR\ \fIprovider...\fR\ ] +[\ \fB\-\-pkcs11\-sign\-mode\fR\ \fImode...\fR\ ] +[\ \fB\-\-pkcs11\-slot\-type\fR\ \fItype\fR\ ] +[\ \fB\-\-pkcs11\-slot\fR\ \fIname\fR\ ] +[\ \fB\-\-pkcs11\-id\-type\fR\ \fItype\fR\ ] +[\ \fB\-\-pkcs11\-id\fR\ \fIname\fR\ ] +[\ \fB\-\-pkcs11\-protected\-authentication\fR\ ] [\ \fB\-\-pkcs12\fR\ \fIfile\fR\ ] [\ \fB\-\-plugin\fR\ \fImodule\-pathname\ init\-string\fR\ ] [\ \fB\-\-port\fR\ \fIport\fR\ ] @@ -239,6 +246,8 @@ openvpn \- secure IP tunnel daemon. [\ \fB\-\-show\-ciphers\fR\ ] [\ \fB\-\-show\-digests\fR\ ] [\ \fB\-\-show\-engines\fR\ ] +[\ \fB\-\-show\-pkcs11\-slots\fR\ \fIprovider\fR\ ] +[\ \fB\-\-show\-pkcs11\-objects\fR\ \fIprovider\ slot\fR\ ] [\ \fB\-\-show\-net\-up\fR\ ] [\ \fB\-\-show\-net\fR\ ] [\ \fB\-\-show\-tls\fR\ ] @@ -3513,6 +3522,73 @@ and .B --key. .\"********************************************************* .TP +.B --pkcs11-providers provider... +Specify a RSA Security Inc. PKCS #11 Cryptographic Token Interface (Cryptoki) providers +to load. +This option can be used instead of +.B --cert, --key, +and +.B --pkcs12. +.\"********************************************************* +.TP +.B --pkcs11-sign-mode mode... +Specify which method to use in order to sign data. A different mode can be specified +for each provider. Mode can be one of the following: + +.B 'auto' +(default) -- Try to determind automatically. +.br +.B 'recover' +-- Use SignRecover. +.br +.B 'sign' +-- Use Sign. +.br +.\"********************************************************* +.TP +.B --pkcs11-slot-type type +Specify how to locate the correct slot. Type can be one of the following: + +.B 'id' +-- Locate the slot by a numeric id. The format is [provider:]id, for example, slot 2 of provider 1 +is encoded as 1:2. If you have only one provider you can omit the provider number. +The provider number is set by the order specified in the --pkcs11-providers option. +.br +.B 'name' +-- Locate the slot by its name. +.br +.B 'label' +-- Locate the slot by the label of the token that reside within. +.br +.\"********************************************************* +.TP +.B --pkcs11-slot name +Specify a name of the slot to search for. +.\"********************************************************* +.TP +.B --pkcs11-id-type type +Specify how to locate the correct objects. Type can be one of the following: + +.B 'id' +-- Locate by the id attribte, name should be hex encoded string. +.br +.B 'label' +-- Locate by the label attribute, name should be string. +.br +.B 'subject' +-- Locate by certificate subject attribute, name should be string. +.br +.\"********************************************************* +.TP +.B --pkcs11-id name +Specify a name of the object to search for. +.\"********************************************************* +.TP +.B --pkcs11-protected-authentication +Use PKCS#11 protected authentication path, useful for biometric and external +keypad devices. +.\"********************************************************* +.TP .B --cryptoapicert select-string Load the certificate and private key from the Windows Certificate System Store (Windows Only). @@ -4306,6 +4382,18 @@ must be the middle two addresses of a /30 subnet (netmask 255.255.255.252). Show OpenVPN's view of the system routing table and network adapter list. .\"********************************************************* +.SS PKCS#11 Standalone Options: +.\"********************************************************* +.TP +.B --show-pkcs11-slots provider +(Standalone) +Show PKCS#11 provider slot list. +.\"********************************************************* +.TP +.B --show-pkcs11-objects provider slot +(Standalone) +Show PKCS#11 token object list. +.\"********************************************************* .SH SCRIPTING AND ENVIRONMENTAL VARIABLES OpenVPN exports a series of environmental variables for use by user-defined scripts. |