2004-04-09 Sebastien Pouliot <sebastien@ximian.com>

	* chktrust.1: Added some details and documented the CAB format
	restriction (not supported).
	* makecert.1: Added missing options, details for existing options and
	removed duplicate options.
	* setreg.1: Minor changes.
	* signcode.1: Added some details and documented the CAB format
	restriction (not supported). Also added a warning when using both a
	strongname and an Authenticode signature on a assembly.

svn path=/trunk/mono/; revision=25253

1 files changed, 75 insertions, 34 deletions

diff --git a/man/makecert.1 b/man/makecert.1
index 0329bc5fc27..3a1b1053036 100755
--- a/man/makecert.1
+++ b/man/makecert.1
@@ -1,15 +1,16 @@
 .\" 
 .\" makecert manual page.
 .\" Copyright 2003 Motus Technologies
+.\" Copyright 2004 Novell
 .\" Author:
-.\"   Sebastien Pouliot (spouliot@motus.com)
+.\"   Sebastien Pouliot (sebastien@ximian.com)
 .\"
 .TH Mono "MakeCert"
 .SH NAME
 MakeCert \- Create X.509 certificates for test purposes
 .SH SYNOPSIS
 .PP
-.B MakeCert [options] certificate
+.B makecert [options] certificate
 .SH DESCRIPTION
 Create an X.509 certificate using the provided informations. This
 is useful for testing Authenticode signatures, SSL and S/MIME
@@ -17,68 +18,108 @@ technologies.
 .SH PARAMETERS
 .TP
 .I "-# num"
-Certificate serial number
+Specify the certificate serial number.
 .TP
 .I "-n dn"
-Subject Distinguished Name
+Specify the subject Distinguished Name (DN).
 .TP
 .I "-in dn"
-Issuert Distinguished Name
+Specify the issuer Distinguished Name (DN).
 .TP
 .I "-r"
-Create a self-signed (root) certificate
-.TP
-.I "-sv pkvfile"
-Private key file (.PVK) for the subject (created if missing)
+Create a self-signed, also called root, certificate.
 .TP
 .I "-iv pvkfile"
-Private key file (.PVK) for the issuer
+Specify the private key file (.PVK) for the issuer. The private key in the 
+specified file will be used to sign the new certificate.
 .TP
 .I "-ic certfile"
-Extract the issuer's name from the specified certificate
+Extract the issuer's name from the specified certificate file - i.e. the
+subject name of the specified certificate becomes the issuer name of the
+new certificate.
 .TP
-.I "-?"
-Help (display this help message)
+.I "-in name"
+Use the issuer's name from the specified parameter.
 .TP
-.I "-!"
-Extended help (for advanced options)
+.I "-ik container"
+Specify the key container name to be used for the issuer.
+.TP
+.I "-iky [signature | exchange | #]"
+Specify the key number to be used in the provider (when used with -ik).
+.TP
+.I "-ip provider"
+Specify the cryptographic provider to be used for the issuer.
+.TP
+.I "-ir [localmachine | currentuser]"
+Specify the provider will search the user or the machine keys containers for
+the issuer.
+.TP
+.I "-iy number"
+Specify the provider type to be used for the issuer.
+.TP
+.I "-sv pkvfile"
+Specify the private key file (.PVK) for the subject. The public part of the
+key will be inserted into the created certificate. If non-existant the 
+specified file will be created with a new key pair (default to 1024 bits RSA
+key pair).
+.TP
+.I "-sk container"
+Specify the key container name to be used for the subject.
+.TP
+.I "-sky [signature | exchange | #]"
+Specify the key number to be used in the provider (when used with -sk).
+.TP
+.I "-sp provider"
+Specify the cryptographic provider to be used for the subject.
+.TP
+.I "-sr [localmachine | currentuser]"
+Specify the provider will search the user or the machine keys containers for
+the subject.
+.TP
+.I "-sy number"
+Specify the provider type to be used for the issuer.
 .TP
 .I "-a hash"
-Select hash algorithm. Only MD5 and SHA1 are supported.
+Select hash algorithm. Only MD5 and SHA1 algorithms are supported.
 .TP
 .I "-b date"
 The date since when the certificate is valid (notBefore).
 .TP
-.I "-cy [authority|end]"
-Basic constraints. Select Authority or End-Entity certificate.
-.TP
 .I "-e date"
 The date until when the certificate is valid (notAfter).
 .TP
-.I "-eku oid[,oid]"
-Add some extended key usage OID to the certificate.
-.TP
-.I "-h number"
-Add a path length restriction to the certificate chain.
+.I "-m number"
+Specify the certificate validity period in months. This is added to the
+notBefore validity date which can be set with -b or will default to the 
+current date/time.
 .TP
-.I "-ic cert"
-Take the issuer's name from the specified certificate.
+.I "-cy [authority|end]"
+Basic constraints. Select Authority or End-Entity certificate. Only Authority
+certificates can be used to sign other certificates (-ic). End-Entity can
+be used by clients (e.g. Authenticode, S/MIME) or servers (e.g. SSL).
 .TP
-.I "-in name"
-Take the issuer's name from the specified parameter.
+.I "-h number"
+Add a path length restriction to the certificate chain. This is only 
+applicable for certificates that have BasicConstraint set to Authority (-cy 
+authority). This is used to limit the chain of certificates than can be
+issued under this authority.
 .TP
-.I "-iv pvkfile"
-Sign the certificate using the private key inside the PVK file.
+.I "-eku oid[,oid]"
+Add some extended key usage OID to the certificate.
 .TP
-.I "-m number"
-Certificate validity period (in months).
+.I "-?"
+Help (display this help message)
 .TP
-.I "-sv pvkfile"
-Create a new PVK file if non-existant, otherwise use the PVK file as the subject public key.
+.I "-!"
+Extended help (for advanced options)
+.SH KNOWN RESTRICTIONS
+Compared to the Windows version some options aren't supported (-$, -d, -l, 
+-nscp, -is, -sc, -ss). Also PVK files with passwords aren't supported.
 .SH AUTHOR
 Written by Sebastien Pouliot
 .SH COPYRIGHT
 Copyright (C) 2003 Motus Technologies. 
+Copyright (C) 2004 Novell. 
 Released under BSD license.
 .SH MAILING LISTS
 Visit http://mail.ximian.com/mailman/mono-list for details.