2004-04-09 Sebastien Pouliot <sebastien@ximian.com>

	* chktrust.1: Added some details and documented the CAB format
	restriction (not supported).
	* makecert.1: Added missing options, details for existing options and
	removed duplicate options.
	* setreg.1: Minor changes.
	* signcode.1: Added some details and documented the CAB format
	restriction (not supported). Also added a warning when using both a
	strongname and an Authenticode signature on a assembly.

svn path=/trunk/mono/; revision=25253

4 files changed, 107 insertions, 45 deletions

diff --git a/man/chktrust.1 b/man/chktrust.1
index 15914692f5d..64ea33f1335 100755
--- a/man/chktrust.1
+++ b/man/chktrust.1
@@ -1,8 +1,9 @@
 .\" 
 .\" chktrust manual page.
 .\" Copyright 2003 Motus Technologies
+.\" Copyright 2004 Novell
 .\" Author:
-.\"   Sebastien Pouliot (spouliot@motus.com)
+.\"   Sebastien Pouliot (sebastien@ximian.com)
 .\"
 .TH Mono "chktrust"
 .SH NAME
@@ -13,25 +14,33 @@ chktrust \- Check the trust of a PE executable.
 .SH DESCRIPTION
 Verify if an PE executable (CLR assembly, Win32 EXE or DLL) has a valid 
 Authenticode(r) signature that can be traced back to a trusted certificate
-authority (CA).
+authority (CA). This means that
+.TP
+(a) the signature is valid (i.e. file integrity) and,
+.TP
+(b) the code-signing certificate can be chained back to one of the 
+certificates in the Trust store.
 .SH OPTIONS
 .TP
 .I "-q", "-quiet"
-Limited display on console.
+Quiet mode. Limited display on console.
 .TP
 .I "-v", "-verbose"
-More details displayed on the console.
+Verbose mode. More details displayed on the console.
 .TP
 .I "-help", "-h", "-?", "/?"
 Display help about this tool.
+.SH KNOWN RESTRICTIONS
+chktrust cannot validate Authenticode signatures on CAB files.
 .SH AUTHOR
 Written by Sebastien Pouliot
 .SH COPYRIGHT
 Copyright (C) 2003 Motus Technologies. 
+Copyright (C) 2004 Novell. 
 Released under BSD license.
 .SH MAILING LISTS
 Visit http://mail.ximian.com/mailman/mono-list for details.
 .SH WEB SITE
 Visit: http://www.go-mono.com for details
 .SH SEE ALSO
-.BR signcode(1), makecert(1)
+.BR signcode(1), makecert(1), certmgr(1), setreg(1)
diff --git a/man/makecert.1 b/man/makecert.1
index 0329bc5fc27..3a1b1053036 100755
--- a/man/makecert.1
+++ b/man/makecert.1
@@ -1,15 +1,16 @@
 .\" 
 .\" makecert manual page.
 .\" Copyright 2003 Motus Technologies
+.\" Copyright 2004 Novell
 .\" Author:
-.\"   Sebastien Pouliot (spouliot@motus.com)
+.\"   Sebastien Pouliot (sebastien@ximian.com)
 .\"
 .TH Mono "MakeCert"
 .SH NAME
 MakeCert \- Create X.509 certificates for test purposes
 .SH SYNOPSIS
 .PP
-.B MakeCert [options] certificate
+.B makecert [options] certificate
 .SH DESCRIPTION
 Create an X.509 certificate using the provided informations. This
 is useful for testing Authenticode signatures, SSL and S/MIME
@@ -17,68 +18,108 @@ technologies.
 .SH PARAMETERS
 .TP
 .I "-# num"
-Certificate serial number
+Specify the certificate serial number.
 .TP
 .I "-n dn"
-Subject Distinguished Name
+Specify the subject Distinguished Name (DN).
 .TP
 .I "-in dn"
-Issuert Distinguished Name
+Specify the issuer Distinguished Name (DN).
 .TP
 .I "-r"
-Create a self-signed (root) certificate
-.TP
-.I "-sv pkvfile"
-Private key file (.PVK) for the subject (created if missing)
+Create a self-signed, also called root, certificate.
 .TP
 .I "-iv pvkfile"
-Private key file (.PVK) for the issuer
+Specify the private key file (.PVK) for the issuer. The private key in the 
+specified file will be used to sign the new certificate.
 .TP
 .I "-ic certfile"
-Extract the issuer's name from the specified certificate
+Extract the issuer's name from the specified certificate file - i.e. the
+subject name of the specified certificate becomes the issuer name of the
+new certificate.
 .TP
-.I "-?"
-Help (display this help message)
+.I "-in name"
+Use the issuer's name from the specified parameter.
 .TP
-.I "-!"
-Extended help (for advanced options)
+.I "-ik container"
+Specify the key container name to be used for the issuer.
+.TP
+.I "-iky [signature | exchange | #]"
+Specify the key number to be used in the provider (when used with -ik).
+.TP
+.I "-ip provider"
+Specify the cryptographic provider to be used for the issuer.
+.TP
+.I "-ir [localmachine | currentuser]"
+Specify the provider will search the user or the machine keys containers for
+the issuer.
+.TP
+.I "-iy number"
+Specify the provider type to be used for the issuer.
+.TP
+.I "-sv pkvfile"
+Specify the private key file (.PVK) for the subject. The public part of the
+key will be inserted into the created certificate. If non-existant the 
+specified file will be created with a new key pair (default to 1024 bits RSA
+key pair).
+.TP
+.I "-sk container"
+Specify the key container name to be used for the subject.
+.TP
+.I "-sky [signature | exchange | #]"
+Specify the key number to be used in the provider (when used with -sk).
+.TP
+.I "-sp provider"
+Specify the cryptographic provider to be used for the subject.
+.TP
+.I "-sr [localmachine | currentuser]"
+Specify the provider will search the user or the machine keys containers for
+the subject.
+.TP
+.I "-sy number"
+Specify the provider type to be used for the issuer.
 .TP
 .I "-a hash"
-Select hash algorithm. Only MD5 and SHA1 are supported.
+Select hash algorithm. Only MD5 and SHA1 algorithms are supported.
 .TP
 .I "-b date"
 The date since when the certificate is valid (notBefore).
 .TP
-.I "-cy [authority|end]"
-Basic constraints. Select Authority or End-Entity certificate.
-.TP
 .I "-e date"
 The date until when the certificate is valid (notAfter).
 .TP
-.I "-eku oid[,oid]"
-Add some extended key usage OID to the certificate.
-.TP
-.I "-h number"
-Add a path length restriction to the certificate chain.
+.I "-m number"
+Specify the certificate validity period in months. This is added to the
+notBefore validity date which can be set with -b or will default to the 
+current date/time.
 .TP
-.I "-ic cert"
-Take the issuer's name from the specified certificate.
+.I "-cy [authority|end]"
+Basic constraints. Select Authority or End-Entity certificate. Only Authority
+certificates can be used to sign other certificates (-ic). End-Entity can
+be used by clients (e.g. Authenticode, S/MIME) or servers (e.g. SSL).
 .TP
-.I "-in name"
-Take the issuer's name from the specified parameter.
+.I "-h number"
+Add a path length restriction to the certificate chain. This is only 
+applicable for certificates that have BasicConstraint set to Authority (-cy 
+authority). This is used to limit the chain of certificates than can be
+issued under this authority.
 .TP
-.I "-iv pvkfile"
-Sign the certificate using the private key inside the PVK file.
+.I "-eku oid[,oid]"
+Add some extended key usage OID to the certificate.
 .TP
-.I "-m number"
-Certificate validity period (in months).
+.I "-?"
+Help (display this help message)
 .TP
-.I "-sv pvkfile"
-Create a new PVK file if non-existant, otherwise use the PVK file as the subject public key.
+.I "-!"
+Extended help (for advanced options)
+.SH KNOWN RESTRICTIONS
+Compared to the Windows version some options aren't supported (-$, -d, -l, 
+-nscp, -is, -sc, -ss). Also PVK files with passwords aren't supported.
 .SH AUTHOR
 Written by Sebastien Pouliot
 .SH COPYRIGHT
 Copyright (C) 2003 Motus Technologies. 
+Copyright (C) 2004 Novell. 
 Released under BSD license.
 .SH MAILING LISTS
 Visit http://mail.ximian.com/mailman/mono-list for details.
diff --git a/man/setreg.1 b/man/setreg.1
index 0ead62ee83f..45f2af10415 100755
--- a/man/setreg.1
+++ b/man/setreg.1
@@ -16,16 +16,16 @@ parameters used in Mono.
 .SH OPTIONS
 .TP
 .I "-q"
-Limited display on console.
+Quiet mode. Limited display on console.
 .TP
 .I "-help", "-h", "-?", "/?"
 Display help about this tool.
 .SH FEATURES
 .TP
 .I "1"
-Trust the test root certificates (both Micrsoft and Mono). Depending on the 
+Trust the test root certificates (both Microsoft and Mono). Depending on the 
 value this will add (TRUE) or remove (FALSE) the two self-signed certificates
-from the current user Trust store (~/.mono/certs/Trust/).
+from the current user Trust store.
 .SH AUTHOR
 Written by Sebastien Pouliot
 .SH COPYRIGHT
diff --git a/man/signcode.1 b/man/signcode.1
index 3a65fd4b65d..1226d55c1b9 100755
--- a/man/signcode.1
+++ b/man/signcode.1
@@ -1,8 +1,9 @@
 .\" 
 .\" signcode manual page.
 .\" Copyright 2003 Motus Technologies
+.\" Copyright 2004 Novell
 .\" Author:
-.\"   Sebastien Pouliot (spouliot@motus.com)
+.\"   Sebastien Pouliot (sebastien@ximian.com)
 .\"
 .TH Mono "signcode"
 .SH NAME
@@ -13,7 +14,8 @@ signcode \- Digitally sign an PE executable using an X.509 certificate.
 .SH DESCRIPTION
 Digitally sign an PE executable (CLR assembly, Win32 EXE or DLL) using an 
 X.509 certificate and it's associated private key. The signature is compatible
-with Authenticode(r) and can be validated with chktrust.
+with Authenticode(r) and can be validated with chktrust (either on Windows or
+on any platform supported by Mono).
 .SH OPTIONS
 .TP
 .I "-spc spcfile"
@@ -48,7 +50,7 @@ had a valid (non-expired) certificate when the PE executable was signed.
 .I "-tr #"
 Number of retries to get a timestamp for the countersignature.
 .TP
-.I "-td #"
+.I "-tw #"
 Delay (in seconds) between the retries to get a timestamp for the countersignature.
 .TP
 .I "-k name"
@@ -68,10 +70,20 @@ CryptoAPI key location (when not using -v).
 .TP
 .I "-help", "-h", "-?", "/?"
 Display help about this tool.
+.SH OTHER CODE SIGNING TECHNOLOGIES
+Assemblies are PE files that can also be strongnamed using the sn.exe tool. The 
+order of code signature is important if a file requires both an Authenticode 
+and a strongname signature. Strongname must be applied before the Authenticode 
+signature. Applying a strongname after the Authenticode signature, like 
+re-signing an assembly (e.g. delay-sign), will invalidate the Authenticode 
+signature.
+.SH KNOWN RESTRICTIONS
+signcode cannot generate Authenticode signatures for CAB files.
 .SH AUTHOR
 Written by Sebastien Pouliot
 .SH COPYRIGHT
 Copyright (C) 2003 Motus Technologies. 
+Copyright (C) 2004 Novell.
 Released under BSD license.
 .SH MAILING LISTS
 Visit http://mail.ximian.com/mailman/mono-list for details.