minor docu update

thanks to Ville Skytt� git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@1881 c6295689-39f2-0310-b995-f0e70906c6a9
2004-07-28 20:02:07 +00:00 · 2004-07-28 20:02:07 +00:00 · 5044b0e133
parent 2ba6ad3954
commit 5044b0e133
6 changed files with 25 additions and 21 deletions
--- a/11
+++ b/11
@ -9,7 +9,7 @@ b) "ldap" - store the certificate for a user in a central ldap

 This guide only deals with flavor a). If you want to add documentation
 on using pam with ldap, please send a patch to the opensc-devel mailing
-list.
+list.  See also the PAM section in the OpenSC HTML docs.

 First initialize the token, create a user with a pin, create a key
 and create a certificate, all as documented in the QUICKSTART file.
@ -36,16 +36,19 @@ auth       required   pam_unix.so nullok
 Note the first line is marked as "sufficient", so successful smart card
 authentication will let a user in. If both lines read "required", a user
 would have to use a smart card with the right key and certificate on it,
-enter the right pin *AND* have the right passwort for the normal login
+enter the right pin *AND* have the right password for the normal login
 procedure.

 Now every user needs to create a directory ".eid" in his or her home
 directory and put the certificate in a file called "authorized_certificates".
-To do this, enter the command
+To do this, enter the command (beware, this will overwrite the file):
 $ pkcs15-tool -r 45 -o ~/.eid/authorized_certificates

 Now try to login using the smart card. Remember to first insert your
 smart card into the reader, then enter your username, and then the
 pin on your key.

-
+As of OpenSC version 0.9.2, ~/.eid/authorized_certificates can contain
+multiple certificates.  To use multiple certificates there, simply
+concatenate them, for example like
+$ pkcs15-tool -r 45 >> ~/.eid/authorized_certificates
--- a/docs/opensc-explorer.1
+++ b/docs/opensc-explorer.1
@ -27,7 +27,7 @@ Use the given card driver.  The default is auto-detected.
 Causes \*(nm to be more verbose. Specify this flag several times
 to enable debug output in the opensc library.
 .SH COMMANDS
-The following commands are suported at the \*(nm interactive prompt.
+The following commands are supported at the \*(nm interactive prompt.
 .PP
 .TP
 .BR ls
--- a/docs/pkcs15-crypt.1
+++ b/docs/pkcs15-crypt.1
@ -9,7 +9,7 @@ pkcs15-crypt \- perform crypto operations using pkcs15 smart card
 .SH DESCRIPTION
 The \*(nm utility can be used from the command line to perform
 cryptographic operations such as computing digital signatures or
-decrypting data, using keys stored on a PKCS#15 compliant smart
+decrypting data, using keys stored on a PKCS #15 compliant smart
 card.
 .SH OPTIONS
 .TP
@ -21,7 +21,7 @@ option. By default, the contents of the file are assumed to
 be the result of an MD5 hash operation. Note that \*(nm
 expects the data in binary representation, not ASCII.
 .IP
-The digitial signature is stored, in binary representation,
+The digital signature is stored, in binary representation,
 in the file specified by the
 .B \-\-output
 option. If this option is not given, the signature
@ -36,7 +36,7 @@ a 1024 bit key, the input must be padded to 128 bytes to match
 the modulus length). When giving the
 .B \-\-pkcs1
 option, however, \*(nm will perform the required padding
-using the algorithm outlined in the PCKS#1 v1.5 standard.
+using the algorithm outlined in the PKCS #1 standard version 1.5.
 .TP
 .B \-\-sha1
 This option tells \(*nm that the input file is the result
--- a/docs/pkcs15-init.1
+++ b/docs/pkcs15-init.1
@ -13,7 +13,7 @@ The profile used by default is \fBpkcs15\fR. Alternative
 profiles can be specified via the \fB-p\fR switch.
 .SH PIN Usage
 .B pkcs15-init
-can be used to create a PKCS#15 structure on your smart card,
+can be used to create a PKCS #15 structure on your smart card,
 create PINs, and install keys and certificates on the card.
 This process is also called \fIpersonalization\fP.
 .PP
@ -30,7 +30,7 @@ characters other than digits will make the card unusable with PIN pad
 readers, because those usually have keys for entering digits only.
 .PP
 The security officer (SO) PIN is special; it is used to protect
-meta data information on the card, such as the PKCS#15 structure
+meta data information on the card, such as the PKCS #15 structure
 itself.  Setting the SO PIN is optional, because the worst that can
 usually happen is that someone finding your card can mess it up.
 To extract any of your secret keys stored on the card, an attacker
@ -63,7 +63,7 @@ at least one PIN to protect these objects. you can do this using
 .PP
 .BI "   pkcs15-init --store-pin --auth-id " nn
 .PP
-where \fInn\fP is a PKCS#15 ID in hexadecimal notation. Common values 
+where \fInn\fP is a PKCS #15 ID in hexadecimal notation. Common values 
 are \fB01\fP, \fB02\fP, etc.
 .PP
 Entering the command above will ask you for the user's PIN and PUK.
@ -150,8 +150,8 @@ You can download certificates to the card using the
 .B \-\-store-certificate
 option, which takes a filename as an argument. This file is supposed
 to contain the DER encoded X.509 certificate.
-.SS Downloading PKCS#12 bags
-Most browsers nowadays use PKCS#12 format files when you ask them to
+.SS Downloading PKCS #12 bags
+Most browsers nowadays use PKCS #12 format files when you ask them to
 export your key and certificate to a file. \*(nm is capable of parsing
 these files, and storing their contents on the card in a single operation.
 This works just like storing a private key, except that you need to
--- a/docs/pkcs15-tool.1
+++ b/docs/pkcs15-tool.1
@ -22,10 +22,10 @@ key is generated and stored on the token), the cache should
 be updated or operations may show stale results.
 .TP
 .BR "\-\-read\-certificate " \fIcert\fP ", \-r " \fIcert\fP
-Read the certificate with the given id
+Reads the certificate with the given id.
 .TP
 .BR \-\-list\-certificates ", " \-c
-Lists all certificates stored on the token
+Lists all certificates stored on the token.
 .TP
 .BR \-\-list\-pins
 Lists all PINs stored on the token.  General information about
@ -49,11 +49,12 @@ Reads the public key with id \fIid\fP, allowing the user to
 extract and store or use the public key.
 .TP
 .BR "\-\-output " \fIfilename\fP ", \-o " \fIfilename\fP
-Specifies where key output should be written.  If this option is not
-given, keys will be printed to standard output.
+Specifies where key output should be written.  If \fIfilename\fP already
+exists, it will be overwritten.  If this option is not given, keys will
+be printed to standard output.
 .TP
 .BR \-\-no\-cache
-Disable token data caching.
+Disables token data caching.
 .TP
 .BR "\-\-pin\-id " \fIpin\fP ", \-a " \fIpin\fP
 Specifies the auth id of the PIN to use for the operation.  This
--- a/docs/sc_pkcs15_compute_signature.3
+++ b/docs/sc_pkcs15_compute_signature.3
@ -37,10 +37,10 @@ of the key.
 .B SC_ALGORITHM_RSA_PAD_PKCS1
 requests that the card should sign the provided data,
 padding it according to the padding algorithm specified
-in PKCS#1.
+in PKCS #1.
 .IP
 The input data must be the output of a digest (hash) function.
-As PKCS#1 padding includes an identifier of the hash algorithm
+As PKCS #1 padding includes an identifier of the hash algorithm
 used, the
 .B flags
 argument must indicate the hash algorithm used,
@ -76,7 +76,7 @@ suitable for the card. For instance, if a smart card supports
 raw RSA only, the function will have to add the required
 padding before passing it to the card driver.
 Conversely, an error should be returned if the card supports
-only PKCS#1 padding with a specific set of hash algorithms.
+only PKCS #1 padding with a specific set of hash algorithms.
 .PP
 ...
 .SH RETURN VALUE