Add m-esr52 at 52.6.0

1 files changed, 182 insertions, 0 deletions

diff --git a/security/nss/cmd/symkeyutil/symkey.man b/security/nss/cmd/symkeyutil/symkey.man
new file mode 100644
index 000000000..e3c2e4c6e
--- /dev/null
+++ b/security/nss/cmd/symkeyutil/symkey.man
@@ -0,0 +1,182 @@
+
+NAME
+    symkeyutil - manage fixed keys in the database
+
+SYNOPSIS
+    symkeyutil -H
+    symkeyutil -L [std_opts] [-r]
+    symkeyutil -K [-n name] -t type [-s size] [-i id |-j id_file] [std_opts]
+    symkeyutil -D <[-n name | -i id | -j id_file> [std_opts]
+    symkeyutil -I [-n name] [-t type] [-i id | -j id_file] -k data_file [std_opts]
+    symkeyutil -E  <-nname | -i id | -j id_file> [-t type] -k data_file [-r] [std_opts]
+    symkeyutil -U [-n name] [-t type] [-i id | -j id_file] -k data_file <wrap_opts> [std_opts]
+    symkeyutil -W <-n name | -i id | -j id_file> [-t type] -k data_file [-r] <wrap_opts> [std_opts]
+    symkeyutil -M <-n name | -i id | -j id_file> -g target_token [std_opts]
+      std_opts -> [-d certdir] [-P dbprefix] [-p password] [-f passwordFile] [-h token]
+      wrap_opts -> <-w wrap_name | -x wrap_id | -y id_file>
+
+DESCRIPTION
+
+    NSS can store fixed keys as well as asymetric keys in the database. The
+    symkeyutil command can be used to manage these keys. 
+
+    As with certutil, symkeyutil takes two types of arguments, commands and
+    options. Most commands fall into one of two catagories: commands which
+    create keys and commands which extract or destroy keys. 
+
+    Exceptions to these catagories are listed first:
+
+    -H    takes no additional options. It lists a more detailed help message.
+    -L    takes the standard set of options. It lists all the keys in the 
+          specified token (NSS Internal DB Token is the default).  Only the 
+          -L option accepts the all option for tokens to list all the fixed 
+          keys.
+
+    Key Creation commands:
+    For these commands, the key type (-t) option is always required. 
+    In addition, the -s option may be required for certain key types.
+    The standard set of options may be specified.
+
+    -K   Create a new key using the token key gen function.
+    -I   Import a new key from the raw data specified in the data file,
+         specified with the -k options (required). This command may fail on 
+         some tokens that don't support direct import of key material. 
+    -U   Unwrap a new key from an encrypted data file specified with the -k
+         option. The -w, -x, or -y option specifies the unwrapping key.
+         The unwrapping algorithm is selected based on the type of the 
+         unwrapping key.
+
+    Key extraction/destruction options:
+    For these keys, one and only of of the -n, -i, or -j options must be 
+    specified. If more than one key matches the -n option, the 'first' key
+    matching will be used.  The standard set of options may be specified.
+
+    -D   Delete the key specified by the -n, -i, or -j options.
+    -E   Export the key specified by the -n, -i, or -j options and store the
+         contents to a file specified by the -k file (required). 
+         This command will seldom work on any token since most keys are 
+         protected from export.
+    -W   Wrap the key specified by the -n, -i, or -j options and store the
+         encrypted contents to a file specified by the -k file (required). 
+         The -w, -x, or -y option specifies the key used to wrap the 
+         target key. 
+    -M   Move the key specified by the -n, -i, or -j options to the token
+         specified by the -g option (required). The new key will have the
+         same attributes as the source key.
+
+OPTIONS
+
+    Standard options are those options that may be used by any command, and
+    whose meaning is the same for all commands.
+
+    -h token         Specify the token which the command will operate on. 
+                     If -h is not specified the internal token is presumed. In
+                     addition the special value 'all' may be used to specify 
+                     that all tokens should be used. This is only valid for 
+                     the '-L' command.
+    -d certdir       Specify the location of the NSS databases. The default
+                     value is platform dependent.
+    -P dbprefix      Specify the prefix for the NSS database. The default value
+                     is NULL.
+    -p password      Specify the password for the token. On the command line. 
+                     The -p and -f options are mutually exclusive. If 
+                     neither option is specified, the password would be 
+                     prompted from the user.
+    -f passwordFile  Specify a file that contains the password for the token.
+                     This option is mutually exclusive to the -p option.
+
+    In addition to the standard options are the following command specific 
+    options are.
+
+    -r               Opens the NSS databases Read/Write. By default the -L,
+                     -E, and -W commands open the database read only. Other
+                     commands automatically opens the databases Read/Write and
+                     igore this option if it is specified.
+
+    -n name          Specifies the nickname for the key.
+
+                     For the -K, -I, or -U options, name is the name for 
+                     the new key.  If -n is not specified, no name is 
+                     assumed. There is not check for duplicate names.
+
+                     For the -D, -E, -W, or -M, the name specifies the key to
+                     operate on. In this case one andy only one of the -n, -i
+                     or -j options should be specifed. It is possible that
+                     the -n options specifies and ambiguous key. In that case
+                     the 'first' valid key is used.
+
+                     For the -M option, the nickname for the new key is copied
+                     from it's original key, even if the original key is
+                     specified using -i or -j.
+
+    -i key id
+    -j key id file   These options are equivalent and mutually exclusive. 
+                     They specify the key id for the file. The -i option
+                     specifies the key id on the command line using a hex 
+                     string. The -j specifies a file to read the raw key
+                     id from.
+
+                     For the -K, -I, or -U options, key id is the key id for 
+                     the new key.  If -i or -j is not specified, no key id 
+                     is assumed.  Some tokens may generate their own unique 
+                     id for the key in this case (but it is not guarrenteed).
+
+                     For the -D, -E, -W, or -M, the key id specifies the key to
+                     operate on. In this case one andy only one of the -n, -i
+                     or -j options should be specifed. 
+
+   -t type           Specifies the key Type for the new key. This option is
+                     required for the -K, -I, and -U commands. Valid values
+                     are:
+			generic, rc2, rc4, des, des2, des3, cast, cast3,
+                        cast5, cast128, rc5, idea, skipjack, baton, juniper,
+                        cdmf, aes, camellia
+
+                     Not all tokens support all key types. The generic key
+                     type is usually used in MACing and key derivation 
+                     algorithms. Neither generic nor rc4 keys may be used
+                     to wrap other keys. Fixed rc4 keys are dangerous since
+                     multiple use of the same stream cipher key to encrypted
+                     different data can compromise all data encrypted with
+                     that key.
+
+   -s size           Specifies the key size. For most situations the key size
+                     is already known and need not be specified. For some 
+                     algorithms, however, it is necessary to specify the key
+                     size when generation or unwrapping the key.
+
+   -k key file       Specifies the name of a file that contains key data to
+                     import or unwrap (-I or -U), or the location to store
+                     key data or encrypted key data (-E or -W).
+
+   -g target token   Specifies the target token when moving a key (-M). This
+                     option is required for the -M command. It is invalid for
+                     all other commands.
+
+
+
+   -w wrap name
+   -x wrap key id
+   -y wrap key id file Specifies the wrapping key used int the -U and -W
+                      command. Exactly one of these must be specified for the
+                      -U or -W commands. Same semantics as the -n, -i, and -j
+                      options above.
+
+BUGS
+
+   There is no way display the key id of a key.
+
+   The -p and -f options only specifies one password. Multiple passwords may
+   be needed for the -L -h all command and the -M command.
+
+   Perhaps RC4 should not be supported as a key type. Use of these keys as
+   fixed keys is exceedingly dangerous.
+
+   The handling of multiple keys with the same nickname should be more 
+   deterministic than 'the first one'
+
+   There is no way to specify, or display the operation flags of a key. The
+   operation flags are not copied with the -M option as they should be.
+
+   There is no way to change the attributes of a key (nickname, id, operation
+   flags).