docs: Extending documentation and manpages
Refs: #1462
Change-Id: If33a0f3c623daf3502ed301bcdc63892779463e3
diff --git a/docs/conf.py b/docs/conf.py
index 20cd786..c8f55dc 100644
--- a/docs/conf.py
+++ b/docs/conf.py
@@ -230,10 +230,26 @@
# (source start file, name, description, authors, manual section).
man_pages = [
('manpages/ndnsec', 'ndnsec', u'NDN security tools', None, 1),
+ ('manpages/ndnsec-cert-dump', 'ndnsec-cert-dump', 'part of NDN security tools', None, 1),
+ ('manpages/ndnsec-cert-gen', 'ndnsec-cert-gen', 'part of NDN security tools', None, 1),
+ ('manpages/ndnsec-cert-install', 'ndnsec-cert-instal', 'part of NDN security tools', None, 1),
+ ('manpages/ndnsec-delete', 'ndnsec-delete', 'part of NDN security tools', None, 1),
+ ('manpages/ndnsec-export', 'ndnsec-export', 'part of NDN security tools', None, 1),
+ ('manpages/ndnsec-get-default', 'ndnsec-get-default', 'part of NDN security tools', None, 1),
+ ('manpages/ndnsec-import', 'ndnsec-import', 'part of NDN security tools', None, 1),
+ ('manpages/ndnsec-key-gen', 'ndnsec-key-gen', 'part of NDN security tools', None, 1),
+ ('manpages/ndnsec-list', 'ndnsec-list', 'part of NDN security tools', None, 1),
+ ('manpages/ndnsec-op-tool', 'ndnsec-op-tool', 'part of NDN security tools', None, 1),
+ ('manpages/ndnsec-set-acl', 'ndnsec-set-acl', 'part of NDN security tools', None, 1),
+ ('manpages/ndnsec-set-default', 'ndnsec-set-default', 'part of NDN security tools', None, 1),
+ ('manpages/ndnsec-sig-verify', 'ndnsec-sig-verify', 'part of NDN security tools', None, 1),
+ ('manpages/ndnsec-sign-req', 'ndnsec-sign-req', 'part of NDN security tools', None, 1),
+ ('manpages/ndnsec-unlock-tpm', 'ndnsec-unlock-tpm', 'part of NDN security tools', None, 1),
('tutorials/security-validator-config', 'ndnsec-validator.conf',
'NDN trust validator configuration file', None, 5),
+ ('manpages/tlvdump', 'tlvdump', 'Decode structure of TLV encoded buffer', None, 1),
]
# If true, show URL addresses after external links.
-#man_show_urls = False
+man_show_urls = True
diff --git a/docs/examples.rst b/docs/examples.rst
new file mode 100644
index 0000000..3e76704
--- /dev/null
+++ b/docs/examples.rst
@@ -0,0 +1,52 @@
+Basic examples
+==============
+
+Trivial consumer
+----------------
+
+In the following trivial example, a consumer creates a Face with default transport (UnixSocket transport) and sends an Interest for ``/localhost/testApp/randomData``.
+While expressing Interest, the app specifies two callbacks to be called when Data is retrieved or Interest times out.
+
+``ndn::bind`` is an alias for either `boost::bind <http://www.boost.org/doc/libs/1_55_0/libs/bind/bind.html>`_ or `std::bind <http://en.cppreference.com/w/cpp/utility/functional/bind>`_ when the library is compiled in C++11 mode.
+
+.. literalinclude:: ../examples/consumer.cpp
+ :language: c++
+ :linenos:
+ :emphasize-lines: 17-19,25-27,41-44,47
+
+
+Trivial producer
+----------------
+
+The following example demonstrates how to write a simple producer application.
+
+First, application sets interset filter for ``/localhost/testApp`` to receive all Interests that have this prefix.
+``setInterestFilter`` call accepts two callbacks, one which will be called when an Interest is received, and the other if prefix registration (i.e., configuring proper FIB entry in NFD) fails.
+
+After Interest is received, a producer creates a Data packet with the same name as in the received Interest, adds a silly content, and signs the Data packet with the system-default identity.
+It is possible to specify a particular key to be used during the signing.
+For more information, refer to KeyChain API documentation.
+
+Finally, after Data packet has been created and signed, it is returned to the requester using ``Face::put`` method.
+
+.. literalinclude:: ../examples/producer.cpp
+ :language: c++
+ :linenos:
+ :emphasize-lines: 37-40,43,49,63-65
+
+
+Consumer that uses ndn::Scheduler
+---------------------------------
+
+The following example demonstrates use for ``ndn::Scheduler`` to schedule an arbitrary events for execution at specific points of time.
+
+The library internally uses `boost::asio::io_service <http://www.boost.org/doc/libs/1_48_0/doc/html/boost_asio/reference/io_service.html>`_ to implement fully asynchronous NDN operations (i.e., sending and receiving Interests and Data).
+In addition to network-related operations, ``boost::asio::io_service`` can be used to execute any arbitrary callback within the processing thread (run either explicitly via ``io->run`` or implicitly via ``Face::processEvents`` as in previous examples).
+``ndn::Scheduler`` is just a wrapper on top of ``boost::asio::io_service``, allowing simple interface to schedule tasks at specific times.
+
+The highlighted lines in the example demonstrate all that is needed to express a second interest approximately 2 seconds after the first one.
+
+.. literalinclude:: ../examples/consumer-with-timer.cpp
+ :language: c++
+ :linenos:
+ :emphasize-lines: 10,62,69,72-73,76
diff --git a/docs/index.rst b/docs/index.rst
index 08f7084..db36d09 100644
--- a/docs/index.rst
+++ b/docs/index.rst
@@ -4,6 +4,7 @@
`API documentation (doxygen) <doxygen/annotated.html>`_
.. toctree::
+ examples
tutorials/security-library
tutorials/utils-ndn-regex
tutorials/security-validator-config
diff --git a/docs/manpages.rst b/docs/manpages.rst
index 8300f89..af5501d 100644
--- a/docs/manpages.rst
+++ b/docs/manpages.rst
@@ -2,5 +2,23 @@
========
.. toctree::
- manpages/ndnsec
- :maxdepth: 1
+ manpages/ndnsec
+ ndnsec-list <manpages/ndnsec-list>
+ ndnsec-get-default <manpages/ndnsec-get-default>
+ ndnsec-set-default <manpages/ndnsec-set-default>
+ ndnsec-key-gen <manpages/ndnsec-key-gen>
+ ndnsec-sign-req <manpages/ndnsec-sign-req>
+ ndnsec-cert-gen <manpages/ndnsec-cert-gen>
+ ndnsec-cert-install <manpages/ndnsec-cert-install>
+ ndnsec-cert-dump <manpages/ndnsec-cert-dump>
+ ndnsec-delete <manpages/ndnsec-delete>
+ ndnsec-export <manpages/ndnsec-export>
+ ndnsec-import <manpages/ndnsec-import>
+ ndnsec-unlock-tpm <manpages/ndnsec-unlock-tpm>
+ manpages/tlvdump
+ :maxdepth: 1
+
+..
+ manpages/ndnsec-op-tool
+ manpages/ndnsec-set-acl
+ manpages/ndnsec-sig-verify
diff --git a/docs/manpages/ndnsec-cert-dump.rst b/docs/manpages/ndnsec-cert-dump.rst
new file mode 100644
index 0000000..9daf52c
--- /dev/null
+++ b/docs/manpages/ndnsec-cert-dump.rst
@@ -0,0 +1,67 @@
+ndnsec-cert-dump
+================
+
+``ndnsec-cert-dump`` is a tool to dump a certificate from **Public Info Base** or file and output
+it to standard output.
+
+Usage
+-----
+
+::
+
+ $ ndnsec-cert-dump [-h] [-p] [-ikf] name
+
+Description
+-----------
+
+``ndnsec-cert-dump`` can read a certificate from **Public Info Base (PIB)** or a file and output
+the certificate to standard output.
+
+By default, ``name`` is interpreted as a certificate name.
+
+Options
+-------
+
+``-i``
+ Interpret ``name`` as an identity name. If specified, the certificate to dump is the default
+ certificate of the identity.
+
+``-k``
+ Interpret ``name`` as a key name. If specified, the certificate to dump is the default certificate
+ of the key.
+
+``-f``
+ Interpret ``name`` as a path to a file containing the certificate. If ``name`` is ``-``,
+ certificate will be read from standard input.
+
+``-p``
+ Print out the certificate to a human-readable format.
+
+Examples
+--------
+
+Dump a certificate from PIB to standard output:
+::
+
+ $ ndnsec-cert-dump /ndn/test/KEY/david/ksk-1396913058196/ID-CERT/%00%00%01E%3E%9D%A0%DE
+
+Dump a certificate to a human-readable format:
+::
+
+ $ ndnsec-cert-dump -p /ndn/test/KEY/david/ksk-1396913058196/ID-CERT/%00%00%01E%3E%9D%A0%DE
+ Certificate name:
+ /ndn/test/KEY/david/ksk-1396913058196/ID-CERT/%00%00%01E%3E%9D%A0%DE
+ Validity:
+ NotBefore: 20140401T000000
+ NotAfter: 20150331T235959
+ Subject Description:
+ 2.5.4.41: David
+ 2.5.4.10: Some Organization
+ Public key bits:
+ MIIBIDANBgkqhkiG9w0BAQEFAAOCAQ0AMIIBCAKCAQEAtLq50tpynJ15zExEh9l6
+ jvh/HOmwhOppr/hTEPYUn2VTh21+JJIg5pHAAH/DQr8Bq5BGrdDUCIShxSxbaHwu
+ a1y4XgKP1MYBQP/WzcIhIzB/3PBDdmE0jM3Qg6yuk8BOwett3C07GtwW9dfgacwt
+ aC29xIHnYKfryH/gBSIDUIb38M7ILIDgQeIiQcHGHoFO8CbDtKY2OvVkFNgxowAR
+ Xn+gtkIfMdE77Z8p0S21pYfdvPuIpVVLy7lnFdwGzyCi3nmbtd/r9NSTepBczWQz
+ zBbThT7yfeNyHWLu0PZPdz84UpNPsBad3Bx9tT31noIVnt8yyBEfEU1jyEIVkm8U
+ VQIB
diff --git a/docs/manpages/ndnsec-cert-gen.rst b/docs/manpages/ndnsec-cert-gen.rst
new file mode 100644
index 0000000..3c2eff8
--- /dev/null
+++ b/docs/manpages/ndnsec-cert-gen.rst
@@ -0,0 +1,70 @@
+ndnsec-cert-gen
+===============
+
+``ndnsec-cert-gen`` is a tool to issue an identity certificate.
+
+Usage
+-----
+
+::
+
+ $ ndnsec-cert-gen [-h] [-S timestamp] [-E timestamp] [-N name] [-I info] [-s sign-id] request
+
+Description
+-----------
+
+``ndnsec-cert-gen`` takes signing request as input and issues an identity certificate for the key in
+the signing request. The signing request can be created during ``ndnsec-keygen`` and can be
+re-generated with ``ndnsec-sign-req``.
+
+By default, the default key/certificate will be used to sign the issued certificate.
+
+``request`` could be a path to a file that contains the signing request. If ``request`` is ``-``,
+then signing request will be read from standard input.
+
+The generated certificate will be written to standard output in base64 encoding.
+
+
+Options
+-------
+
+``-S timestamp``
+ Timestamp when the certificate becomes valid. The default value is now.
+
+``-E timestamp``
+ Timestamp when the certificate expires. The default value is one year from now.
+
+``-N name``
+ Name of the certificate owner.
+
+``-I info``
+ Other information about the certificate owner. ``subject-info`` is a list of pairs of OID and
+ corresponding value. For example, "2.5.4.10 'Some Organization' 2.5.4.3 'http://home.page/'".
+
+``-s sign-id``
+ Signing identity. The default key/certificate of ``sign-id`` will be used to sign the requested
+ certificate. If this option is not specified, the system default identity will be used.
+
+Examples
+--------
+
+::
+
+ $ ndnsec-cert-gen -S 20140401000000 -E 20150331235959 -N "David"
+ -I "2.5.4.10 'Some Organization'" -s /ndn/test sign_request.cert
+ Bv0C9wc9CANuZG4IBHRlc3QIA0tFWQgFZGF2aWQIEWtzay0xMzk2OTEzMDU4MTk2
+ CAdJRC1DRVJUCAgAAAFFPp2g3hQDGAECFf0BdjCCAXIwIhgPMjAxNDA0MDEwMDAw
+ MDBaGA8yMDE1MDMzMTIzNTk1OVowKDAMBgNVBCkTBURhdmlkMBgGA1UEChMRU29t
+ ZSBPcmdhbml6YXRpb24wggEgMA0GCSqGSIb3DQEBAQUAA4IBDQAwggEIAoIBAQC0
+ urnS2nKcnXnMTESH2XqO+H8c6bCE6mmv+FMQ9hSfZVOHbX4kkiDmkcAAf8NCvwGr
+ kEat0NQIhKHFLFtofC5rXLheAo/UxgFA/9bNwiEjMH/c8EN2YTSMzdCDrK6TwE7B
+ 623cLTsa3Bb11+BpzC1oLb3Egedgp+vIf+AFIgNQhvfwzsgsgOBB4iJBwcYegU7w
+ JsO0pjY69WQU2DGjABFef6C2Qh8x0TvtnynRLbWlh928+4ilVUvLuWcV3AbPIKLe
+ eZu13+v01JN6kFzNZDPMFtOFPvJ943IdYu7Q9k93PzhSk0+wFp3cHH21PfWeghWe
+ 3zLIER8RTWPIQhWSbxRVAgERFjMbAQEcLgcsCANuZG4IA0tFWQgEdGVzdAgRa3Nr
+ LTEzOTQxMjk2OTQ3ODgIB0lELUNFUlQX/QEABUGcl7U+F8cwMHKckerv+1H2Nvsd
+ OfeqX0+4RzWU+wRx2emMGMZZdHSx8M/i45hb0P5hbNEF99L35/SrSTSzhTZdOriD
+ t/LQOcKBoNXY+iw3EUFM0gvRGU0kaEVBKAHtbYhtoHc48QLEyrsVaMqmrjCmpeF/
+ JOcClhzJfFW3cZ/SlhcTEayF0ntogYLR2cMzIwQhhSj5L/Kl7I7uxNxZhK1DS98n
+ q8oGAxHufEAluPrRpDQfI+jeQ4h/YYKcXPW3Vn7VQAGOqIi6gTlUxrmEbyCDF70E
+ xj5t3wfSUmDa1N+hLRMdEAI+IjRRHDSx2Lhj/QcoPIZPWwKjBz9CBL92og==
diff --git a/docs/manpages/ndnsec-cert-install.rst b/docs/manpages/ndnsec-cert-install.rst
new file mode 100644
index 0000000..1ca1ddb
--- /dev/null
+++ b/docs/manpages/ndnsec-cert-install.rst
@@ -0,0 +1,56 @@
+ndnsec-cert-install
+===================
+
+``ndnsec-cert-install`` is a tool to install a certificate into **Public Information Base (PIB)**.
+
+Usage
+-----
+
+::
+
+ $ ndnsec-cert-install [-h] [-IKN] cert-source
+
+Description
+-----------
+
+``ndnsec-cert-install`` can insert a certificate into PIB. By default, the installed certificate
+will be set as the default certificate of its corresponding identity and the identity is set as
+the system default identity.
+
+``cert-source`` could be a filesystem path or an HTTP URL of a file containing to certificate to
+install or . If ``cert-file`` is ``-``, the certificate will be read from standard input.
+
+Options
+-------
+
+``-I``
+ Set the certificate as the default certificate of its corresponding identity, but do not change
+ the system default identity.
+
+``-K``
+ Set the certificate as the default certificate of its corresponding key, but do not change the
+ corresponding identity's default key and the system default identity.
+
+``-N``
+ Install the certificate but do not change any default settings.
+
+Examples
+--------
+
+Install a certificate and set it as the system default certificate:
+
+::
+
+ $ ndnsec-cert-install cert_file.cert
+
+Install a certificate with HTTP URL and set it as the system default certificate:
+
+::
+
+ $ ndnsec-install-cert "http://ndncert.domain.com/cert/get/my-certificate.ndncert"
+
+Install a certificate but do not change any default settings:
+
+::
+
+ $ ndnsec-cert-install -N cert_file.cert
diff --git a/docs/manpages/ndnsec-delete.rst b/docs/manpages/ndnsec-delete.rst
new file mode 100644
index 0000000..e501592
--- /dev/null
+++ b/docs/manpages/ndnsec-delete.rst
@@ -0,0 +1,37 @@
+ndnsec-delete
+=============
+
+``ndnsec-delete`` is a tool to delete security data from both **Public Info Base** and
+**Trusted Platform Module**.
+
+Usage
+-----
+
+::
+
+ ndnsec-delete [-h] [-kc] name
+
+Description
+-----------
+
+By default, ``ndnsec-delete`` interpret ``name`` as an identity name. If an identity is deleted,
+all the keys and certificates belonging to the identity will be deleted as well. If a key is
+deleted, all the certificate belonging to the key will be deleted as well.
+
+Options
+-------
+
+``-k``
+ Interpret ``name`` as a key name and delete the key and its related data.
+
+``-c``
+ Interpret ``name`` as a certificate name and delete the certificate.
+
+Examples
+--------
+
+Delete all data related to an identity:
+
+::
+
+ $ ndnsec-delete /ndn/test/david
diff --git a/docs/manpages/ndnsec-export.rst b/docs/manpages/ndnsec-export.rst
new file mode 100644
index 0000000..839e381
--- /dev/null
+++ b/docs/manpages/ndnsec-export.rst
@@ -0,0 +1,44 @@
+ndnsec-export
+=============
+
+``ndnsec-export`` is a tool to export an identity's security data
+
+Usage
+-----
+
+::
+
+ $ ndnsec-export [-h] [-o output] [-p] identity
+
+Description
+-----------
+
+``ndnsec-export`` can export public data of the ``identity`` including default key/certificate.
+``ndnsec-export`` can also export sensitive data (such as private key), but the sensitive data will
+be encrypted. The exported identity can be imported again using ``ndnsec-import``.
+
+By default, the command will write exported data to standard output.
+
+Options
+-------
+
+``-o output``
+ Output the exported data to a file pointed by ``output``.
+
+``-p``
+ Export private key of the identity. A password will be asked for data encryption.
+
+Examples
+--------
+
+Export an identity's security data including private key and store the security data in a file:
+
+::
+
+ $ ndnsec-export -o id.info -p /ndn/test/alice
+
+Export an identity's security data without private key and write it to standard output:
+
+::
+
+ $ ndnsec-export /ndn/test/alice
diff --git a/docs/manpages/ndnsec-get-default.rst b/docs/manpages/ndnsec-get-default.rst
new file mode 100644
index 0000000..48889c8
--- /dev/null
+++ b/docs/manpages/ndnsec-get-default.rst
@@ -0,0 +1,61 @@
+ndnsec-get-default
+==================
+
+``ndnsec-get-default`` is a tool to display the default setting of a particular entity.
+
+Usage
+-----
+
+::
+
+ $ ndnsec-get-default [-h] [-kc] [-i identity|-K key] [-q]
+
+Description
+-----------
+
+Given a particular entity, ``ndnsec-get-default`` can display its default setting as specified in
+options. If ``identity`` is specified, the given entity becomes the identity. If ``key`` is
+specified, the given identity becomes the key. If no entity is specified, the command will take the
+system default identity as the given entity.
+
+Options
+-------
+
+``-k``
+ Display the given entity's default key name.
+
+``-c``
+ Display the given entity's default certificate name.
+
+``-i identity``
+ Display default setting of the ``identity``
+
+``-K key``
+ Display default setting of the ``key``.
+
+``-q``
+ Disable trailling new line character.
+
+Examples
+--------
+
+Display an identity's default key name.
+
+::
+
+ $ ndnsec-get-default -k -i /ndn/test/alice
+ /ndn/test/alice/ksk-1394129695025
+
+Display an identity's default certificate name.
+
+::
+
+ $ ndnsec-get-default -c -i /ndn/test/alice
+ /ndn/test/KEY/alice/ksk-1394129695025/ID-CERT/%FD%01D%98%9A%F2%3F
+
+Display a key's default certificate name.
+
+::
+
+ $ ndnsec-get-default -c -K /ndn/test/alice/ksk-1394129695025
+ /ndn/test/KEY/alice/ksk-1394129695025/ID-CERT/%FD%01D%98%9A%F2%3F
diff --git a/docs/manpages/ndnsec-import.rst b/docs/manpages/ndnsec-import.rst
new file mode 100644
index 0000000..5b61f59
--- /dev/null
+++ b/docs/manpages/ndnsec-import.rst
@@ -0,0 +1,33 @@
+ndnsec-import
+=============
+
+``ndnsec-import`` is a tool to import an identity's security data that is prepared by
+``ndnsec-export``.
+
+Usage
+-----
+
+::
+
+ $ ndnsec-import [-h] [-p] input
+
+Description
+-----------
+
+``ndnsec-import`` read data from ``input``. It will ask for password if the input contains private
+key. If ``input`` is ``-``, security data will be read from standard input.
+
+Options
+-------
+
+``-p``
+ Indicates the imported data containing private key. A password will be asked for data encryption.
+
+Examples
+--------
+
+Import an identity's security data including private key:
+
+::
+
+ $ ndnsec-import -p input_file
diff --git a/docs/manpages/ndnsec-key-gen.rst b/docs/manpages/ndnsec-key-gen.rst
new file mode 100644
index 0000000..fe70233
--- /dev/null
+++ b/docs/manpages/ndnsec-key-gen.rst
@@ -0,0 +1,50 @@
+ndnsec-key-gen
+==============
+
+``ndnsec-key-gen`` is tool to generate a pair of RSA key.
+
+Usage
+-----
+
+::
+
+ $ ndnsec-key-gen [-h] [-n] identity
+
+Description
+-----------
+
+``ndnsec-key-gen`` creates a RSA key pair for the specified ``identity`` and sets the key as the
+identity's default key. ``ndnsec-key-gen`` will also create a signing request for the generated key.
+The signing request will be written to standard output in base64 encoding.
+
+By default, it will also set the identity as the system default identity.
+
+Options
+-------
+
+``-n``
+ Do not set the identity as the system default identity.
+
+Examples
+--------
+
+::
+
+ $ ndnsec-key-gen /ndn/test/david
+ Bv0DAAc9CANuZG4IBHRlc3QIBWRhdmlkCANLRVkIEWtzay0xMzk2OTEzMDU4MTk2
+ CAdJRC1DRVJUCAgAAAFFPoG0ohQDGAECFf0BeDCCAXQwIhgPMjAxNDA0MDcyMzI0
+ MThaGA8yMDM0MDQwMjIzMjQxOFowKjAoBgNVBCkTIS9uZG4vdGVzdC9kYXZpZC9r
+ c2stMTM5NjkxMzA1ODE5NjCCASAwDQYJKoZIhvcNAQEBBQADggENADCCAQgCggEB
+ ALS6udLacpydecxMRIfZeo74fxzpsITqaa/4UxD2FJ9lU4dtfiSSIOaRwAB/w0K/
+ AauQRq3Q1AiEocUsW2h8LmtcuF4Cj9TGAUD/1s3CISMwf9zwQ3ZhNIzN0IOsrpPA
+ TsHrbdwtOxrcFvXX4GnMLWgtvcSB52Cn68h/4AUiA1CG9/DOyCyA4EHiIkHBxh6B
+ TvAmw7SmNjr1ZBTYMaMAEV5/oLZCHzHRO+2fKdEttaWH3bz7iKVVS8u5ZxXcBs8g
+ ot55m7Xf6/TUk3qQXM1kM8wW04U+8n3jch1i7tD2T3c/OFKTT7AWndwcfbU99Z6C
+ FZ7fMsgRHxFNY8hCFZJvFFUCAREWOhsBARw1BzMIA25kbggEdGVzdAgFZGF2aWQI
+ A0tFWQgRa3NrLTEzOTY5MTMwNTgxOTYIB0lELUNFUlQX/QEAW2yfF8JTgu5okR+n
+ dRlXc3UR/b1REegrpQb3xVzs7fYiiHwFYzQE9RzOuGh/9GSMvQcfejsPw021tJnj
+ oxNx6spGTOK5Bc0QZGeC6YyNoVSaJr9Obc5Uh8eRqxw76r0pCUHP+l38UgUGeBg/
+ aHurtcu5zK0zFYX++SAfUGLUZlG4CqKBUNZC+6w9OGUXlcW411zMzfqQ7V9Gxg+p
+ 1IMNJQ6trTFdIwT/4YWHsxR+16r2TRWCNHtJey2GEG84YoqRh8y37jnu7oPhAtTN
+ TgG9O7O39dZLiFg+UP3LpW1LY64fJXsNfZQmnZWcNo5lX6MXfeiPxWFjOQqnno82
+ 1hgqgA==
diff --git a/docs/manpages/ndnsec-list.rst b/docs/manpages/ndnsec-list.rst
new file mode 100644
index 0000000..bc4a316
--- /dev/null
+++ b/docs/manpages/ndnsec-list.rst
@@ -0,0 +1,83 @@
+ndnsec-list
+===========
+
+``ndnsec-list`` is a tool to display entities stored in **Public Information Base (PIB)**, such as
+identities, keys, and certificates.
+
+Usage
+-----
+
+::
+
+ $ ndnsec-list [-h] [-KkCc]
+
+Description
+-----------
+
+``ndnsec-list`` lists names of all the entities according to the granularity specified in options
+(The default granularity is identity). The default entities will be marked with ``*`` in front of
+their names. For example:
+
+::
+
+ $ ndnsec list
+ * /ndn/edu/ucla/cs/yingdi
+ /ndn/test/cathy
+ /ndn/test/bob
+ /ndn/test/alice
+
+
+Options
+-------
+
+``-K, -k``
+ Display key names for each identity. The key name with ``*`` in front is the default key name of
+ the corresponding identity.
+
+``-C, -c``
+ Display certificate names for each key. The certificate name with ``*`` in front is the default
+ certificate name of the corresponding key.
+
+Examples
+--------
+
+Display all the key names in PIB.
+
+::
+
+ $ ndnsec-list -k
+ * /ndn/edu/ucla/cs/yingdi
+ +->* /ndn/edu/ucla/cs/yingdi/ksk-1397247318867
+ +-> /ndn/edu/ucla/cs/yingdi/ksk-1393811874052
+
+ /ndn/test/cathy
+ +->* /ndn/test/cathy/ksk-1394129695418
+
+ /ndn/test/bob
+ +->* /ndn/test/bob/ksk-1394129695308
+
+ /ndn/test/alice
+ +->* /ndn/test/alice/ksk-1394129695025
+
+Display all the certificate names in PIB.
+
+::
+
+ $ ndnsec-list -c
+ * /ndn/edu/ucla/cs/yingdi
+ +->* /ndn/edu/ucla/cs/yingdi/ksk-1397247318867
+ +->* /ndn/edu/ucla/cs/yingdi/KEY/ksk-1397247318867/ID-CERT/%00%00%01ERn%1B%BE
+ +-> /ndn/edu/ucla/cs/yingdi/ksk-1393811874052
+ +->* /ndn/edu/ucla/cs/yingdi/KEY/ksk-1393811874052/ID-CERT/%FD%01D%85%A9a%DD
+
+ /ndn/test/cathy
+ +->* /ndn/test/cathy/ksk-1394129695418
+ +->* /ndn/test/KEY/cathy/ksk-1394129695418/ID-CERT/%FD%01D%98%9A%F3J
+
+ /ndn/test/bob
+ +->* /ndn/test/bob/ksk-1394129695308
+ +->* /ndn/test/KEY/bob/ksk-1394129695308/ID-CERT/%FD%01D%98%9A%F2%AE
+
+ /ndn/test/alice
+ +->* /ndn/test/alice/ksk-1394129695025
+ +->* /ndn/test/KEY/alice/ksk-1394129695025/ID-CERT/%FD%01D%98%9A%F2%3F
diff --git a/docs/manpages/ndnsec-op-tool.rst b/docs/manpages/ndnsec-op-tool.rst
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/docs/manpages/ndnsec-op-tool.rst
diff --git a/docs/manpages/ndnsec-set-acl.rst b/docs/manpages/ndnsec-set-acl.rst
new file mode 100644
index 0000000..23eb1a3
--- /dev/null
+++ b/docs/manpages/ndnsec-set-acl.rst
@@ -0,0 +1,26 @@
+ndnsec-set-acl
+==============
+
+``ndnsec-set-acl`` is a tool to add an application into access control list of an private key.
+
+Usage
+-----
+
+::
+
+ $ ndnsec-set-acl [-h] keyName appPath
+
+Description
+-----------
+
+``ndnsec-set-acl`` will add the application pointed by ``appPath`` into the ACL of a key with name
+``keyName``.
+
+Examples
+--------
+
+Add an application into a key's ACL:
+
+::
+
+ $ ndnsec-set-acl /ndn/test/alice/ksk-1394129695025 /test/app/path
diff --git a/docs/manpages/ndnsec-set-default.rst b/docs/manpages/ndnsec-set-default.rst
new file mode 100644
index 0000000..da0c5b5
--- /dev/null
+++ b/docs/manpages/ndnsec-set-default.rst
@@ -0,0 +1,49 @@
+ndnsec-set-default
+==================
+
+``ndnsec-set-default`` is a tool to change the default security settings.
+
+Usage
+-----
+
+::
+
+ $ ndnsec-set-default [-h] [-k|c] name
+
+Description
+-----------
+
+By default, ``ndnsec-set-default`` takes ``name`` as an identity name and sets the identity as the
+system default identity.
+
+Options
+-------
+
+``-k``
+ Set default key. ``name`` should be a key name, ``ndnsec-set-default`` can infer the corresponding
+ identity and set the key as the identity's default key.
+
+``-c``
+ Set default certificate. ``name`` should be a certificate name, ``ndnsec-set-default`` can
+ infer the corresponding key name and set the certificate as the key's default certificate.
+
+Examples
+--------
+
+Set a key's default certificate:
+
+::
+
+ $ ndnsec-set-default -c /ndn/test/KEY/alice/ksk-1394129695025/ID-CERT/%FD%01D%98%9A%F2%3F
+
+Set an identity's default key:
+
+::
+
+ $ ndnsec-set-default -k /ndn/test/alice/ksk-1394129695025
+
+Set system default identity:
+
+::
+
+ $ ndnsec-set-default /ndn/test/alice
diff --git a/docs/manpages/ndnsec-sig-verify.rst b/docs/manpages/ndnsec-sig-verify.rst
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/docs/manpages/ndnsec-sig-verify.rst
diff --git a/docs/manpages/ndnsec-sign-req.rst b/docs/manpages/ndnsec-sign-req.rst
new file mode 100644
index 0000000..67d11f4
--- /dev/null
+++ b/docs/manpages/ndnsec-sign-req.rst
@@ -0,0 +1,77 @@
+ndnsec-sign-req
+===============
+
+``ndnsec-sign-req`` is a tool to generate a signing request for a particular key.
+
+Usage
+-----
+
+::
+
+ $ ndnsec-sign-req [-h] [-k] name
+
+Description
+-----------
+
+The signing request of a key is actually a self-signed certificate. Given key's information,
+``ndnsec-sign-req`` looks up the key in PIB. If such a key exists, a self-signed certificate of the
+key, or its signing request, will be outputed to **stdout** with base64 encoding.
+
+By default, ``name`` is interpreted as an identity name. ``ndnsec-sign-req`` will generate a
+signing request for the identity's default key.
+
+Options
+-------
+
+``-k``
+ Interpret ``name`` as a key name.
+
+Examples
+--------
+
+Create a signing request for an identity's default key.
+
+::
+
+ $ ndnsec-sign-req /ndn/test/david
+ Bv0DAAc9CANuZG4IBHRlc3QIBWRhdmlkCANLRVkIEWtzay0xMzk2OTk4Mzg5MjU3
+ CAdJRC1DRVJUCAgAAAFFZ+ibohQDGAECFf0BeDCCAXQwIhgPMjAxNDA0MTYwMDIx
+ MDhaGA8yMDM0MDQxMTAwMjEwOFowKjAoBgNVBCkTIS9uZG4vdGVzdC9kYXZpZC9r
+ c2stMTM5Njk5ODM4OTI1NzCCASAwDQYJKoZIhvcNAQEBBQADggENADCCAQgCggEB
+ AKOhGgpUZXiUkaqgfcIvBKSw4wFcSMhBdXr45Tzh8hi8dv1plXKAV4YQLkjHhJqi
+ VTj8qGWkvaP0Kv/mkynaa2rPzUQ77wE1ydRIBUik62bXQa8SanJsV9ux99t9LBKq
+ MY4mtWgal48wFqwqRPNH4xq0yFACh28eaMCMpNvZd2Fh4gmDvQ5xU7sJTyRLt/Mc
+ mfYppDFGfzUP2nP8eQW5I9+L0DXMAAb4z8w1nXHs21xyPv0SSaJXgBH0ZdBwB++D
+ Eo5RLmcDdhFqN0f9Rlz06LVq+gLUC2M+N54jD5qUhPEdW5erY6pyYhq4Zv2B4lbK
+ Zgf2FWIB2iw0of4snf2SxDcCAREWOhsBARw1BzMIA25kbggEdGVzdAgFZGF2aWQI
+ A0tFWQgRa3NrLTEzOTY5OTgzODkyNTcIB0lELUNFUlQX/QEABe8tCY99uFTPyiNX
+ u/hUY96FGnfQx4usA2rCd+M4bkvsAwKQVlbBx1sDXsakvoHhLaCi+MTwHw17o+oG
+ mtPqklLjM8XS+gF+Lh+OyivJQixb8KR8tAtlGeLDoLU/kpgYv/xVhp8Q5ma0/T47
+ faI4Sn6bQP7YoWj+BdO3oZYthtq3MZPw2hl7wuTRMHNm5i3efnZyZdoPNMR2K43x
+ gH6ew1JbEQG7G6l5Q/jjnfT/oTtUeQzqWf2SSylAX+9xFZ9KG4+S6K7mYieBoqiA
+ 0wHjvDS1cuIH2j6XveoUYapRjZXaEZqB/YoBwRqEYq2KVn/ol5knLM6FIISXXjxn
+ cIh62A==
+
+
+Create a signing request for a particular key.
+
+::
+
+ $ ndnsec-sign-req -k /ndn/test/david/ksk-1396913058196
+ Bv0DAAc9CANuZG4IBHRlc3QIBWRhdmlkCANLRVkIEWtzay0xMzk2OTEzMDU4MTk2
+ CAdJRC1DRVJUCAgAAAFFZ+mbhRQDGAECFf0BeDCCAXQwIhgPMjAxNDA0MTYwMDIy
+ MTRaGA8yMDM0MDQxMTAwMjIxNFowKjAoBgNVBCkTIS9uZG4vdGVzdC9kYXZpZC9r
+ c2stMTM5NjkxMzA1ODE5NjCCASAwDQYJKoZIhvcNAQEBBQADggENADCCAQgCggEB
+ ALS6udLacpydecxMRIfZeo74fxzpsITqaa/4UxD2FJ9lU4dtfiSSIOaRwAB/w0K/
+ AauQRq3Q1AiEocUsW2h8LmtcuF4Cj9TGAUD/1s3CISMwf9zwQ3ZhNIzN0IOsrpPA
+ TsHrbdwtOxrcFvXX4GnMLWgtvcSB52Cn68h/4AUiA1CG9/DOyCyA4EHiIkHBxh6B
+ TvAmw7SmNjr1ZBTYMaMAEV5/oLZCHzHRO+2fKdEttaWH3bz7iKVVS8u5ZxXcBs8g
+ ot55m7Xf6/TUk3qQXM1kM8wW04U+8n3jch1i7tD2T3c/OFKTT7AWndwcfbU99Z6C
+ FZ7fMsgRHxFNY8hCFZJvFFUCAREWOhsBARw1BzMIA25kbggEdGVzdAgFZGF2aWQI
+ A0tFWQgRa3NrLTEzOTY5MTMwNTgxOTYIB0lELUNFUlQX/QEAkA2DjqDq8pcAD579
+ PaGz3sybCMo2zyjAJvLCRRDPrjQfkublIvN3wGykfsYRKTPW/aDlZcgOtqn8+Qdo
+ tpL9PixqB7hPAZzelADB7Rrqw41p5VNJTzBuIzC6bCssMa8xb2VTGkw1oEtWb1vl
+ Dn+WWvmTNE/yTnSTjNXnTdLinBSA1HH4edkjvH9hTn5+DVyZlpZrTX2qRYcNZqdC
+ kgESIroeoFnp95NVmO+jtL/pKaJ53jh7pvpv7y8wOu28Qk6HuhwDUR186Y/TNNt4
+ hIc0NNDfvvyGgbDEGCMJ7/qOSt0qpJ2BxvPCb9S/bQD1odjGfP2F4ZA2S/JN2SYm
+ 5gldDQ==
diff --git a/docs/manpages/ndnsec-unlock-tpm.rst b/docs/manpages/ndnsec-unlock-tpm.rst
new file mode 100644
index 0000000..7672f00
--- /dev/null
+++ b/docs/manpages/ndnsec-unlock-tpm.rst
@@ -0,0 +1,17 @@
+ndnsec-unlock-tpm
+=================
+
+``ndnsec-unlock-tpm`` is a tool to (temporarily) unlock the **Trusted Platform Module (TPM)** that
+manages private keys.
+
+Usage
+-----
+
+::
+
+ $ ndnsec-unlock-tpm [-h]
+
+Description
+-----------
+
+``ndnsec-unlock-tpm`` will ask for password to unlock the TPM.
diff --git a/docs/manpages/ndnsec.rst b/docs/manpages/ndnsec.rst
index 8004f80..1efc2e1 100644
--- a/docs/manpages/ndnsec.rst
+++ b/docs/manpages/ndnsec.rst
@@ -1,352 +1,85 @@
-ndnsec: NDN security tool
-=========================
+ndnsec
+======
-``ndnsec`` is a command-line tools to perform various NDN security management
-operation:
+``ndnsec`` is a command-line toolkit to perform various NDN security management
+operation.
+
+Usage
+-----
::
- $ ndnsec <command> <args>
+ $ ndnsec <command> [<args>]
-One can check the command list by
+or alternatively
::
- $ ndnsec help
+ $ ndnsec-command [<args>]
-Here is a list of commands supported so far:
+Description
+-----------
-::
+The NDN security data are stored and managed in two places: **Public Information Base** and
+**Trusted Platform Module**. ``ndnsec`` toolkit provides a command-line interface of managing and
+using the NDN security data.
- $ ndnsec help
- help Show all commands.
- list Display information in PublicInfo.
- get-default Get default setting info.
- set-default Configure default setting.
- key-gen Generate a Key-Signing-Key for an identity.
- sign-req Generate a certificate signing request.
- cert-gen Generate an identity certificate.
- cert-dump Dump a certificate from PublicInfo.
- cert-install Install a certificate into PublicInfo.
- delete Delete identity/key/certificate.
- export Export an identity package.
- import Import an identity package.
- set-acl Configure ACL of a private key.
- unlock-tpm Unlock Tpm.
- op-tool Operator tool.
+ndnsec commands
+---------------
-Next, we will introduce these commands one-by-one:
+ndnsec-list_
+ Display information in PublicInfo.
-list
-----
+ndnsec-get-default_
+ Get default setting info.
-``list`` command can display the information of identities, keys, and
-certificates. By default, it only display all the identities created in
-the system. For example:
+ndnsec-set-default_
+ Configure default setting.
-::
+ndnsec-key-gen_
+ Generate a Key-Signing-Key for an identity.
- $ ndnsec list
- * /ndn/edu/ucla/cs/yingdi
- /ndn/test/cathy
- /ndn/test/bob
- /ndn/test/alice
+ndnsec-sign-req_
+ Generate a certificate signing request.
-The identity with ``*`` in front is the default identity of the system.
+ndnsec-cert-gen_
+ Generate an identity certificate.
-If option ``-K`` or ``-k`` is specified, the output of the command will
-display key names for each identity. The key name with ``*`` in front is
-the key name of the corresponding identity. For example:
+ndnsec-cert-dump_
+ Dump a certificate from PublicInfo.
-::
+ndnsec-cert-install_
+ Install a certificate into PublicInfo.
- $ ndnsec list -k
- * /ndn/edu/ucla/cs/yingdi
- +->* /ndn/edu/ucla/cs/yingdi/ksk-1393811874052
+ndnsec-delete_
+ Delete identity/key/certificate.
- /ndn/test/cathy
- +->* /ndn/test/cathy/ksk-1394129695418
+ndnsec-export_
+ Export an identity package.
- /ndn/test/bob
- +->* /ndn/test/bob/ksk-1394129695308
+ndnsec-import_
+ Import an identity package.
- /ndn/test/alice
- +->* /ndn/test/alice/ksk-1394129695025
+ndnsec-set-acl_
+ Configure ACL of a private key.
-If option ``-C`` or ``-c`` is specified, the output of the command will
-display certificate names for each key. The certificate name with ``*``
-in front is the certificate name of the corresponding key. For example:
+ndnsec-unlock-tpm_
+ Unlock Tpm.
-::
+ndnsec-op-tool_
+ Operator tool.
- $ ndnsec list -c
- * /ndn/edu/ucla/cs/yingdi
- +->* /ndn/edu/ucla/cs/yingdi/ksk-1393811874052
- +->* /ndn/edu/ucla/cs/yingdi/KEY/ksk-1393811874052/ID-CERT/%FD%01D%85%A9a%DD
-
- /ndn/test/cathy
- +->* /ndn/test/cathy/ksk-1394129695418
- +->* /ndn/test/KEY/cathy/ksk-1394129695418/ID-CERT/%FD%01D%98%9A%F3J
-
- /ndn/test/bob
- +->* /ndn/test/bob/ksk-1394129695308
- +->* /ndn/test/KEY/bob/ksk-1394129695308/ID-CERT/%FD%01D%98%9A%F2%AE
-
- /ndn/test/alice
- +->* /ndn/test/alice/ksk-1394129695025
- +->* /ndn/test/KEY/alice/ksk-1394129695025/ID-CERT/%FD%01D%98%9A%F2%3F
-
-get-default/set-default
------------------------
-
-If you are only curious about the default setting of a particular
-identity or key. You can use ``get-default`` command.
-
-If you want to check the default setting of a particular identity, you
-can specify the identity name with option ``-i``. For example, a
-command:
-
-::
-
- $ ndnsec get-default -k -i /ndn/test/alice
- /ndn/test/alice/ksk-1394129695025
-
-returns the default key name of ``/ndn/test/alice``. And a command:
-
-::
-
- $ ndnsec get-default -c -i /ndn/test/alice
- /ndn/test/KEY/alice/ksk-1394129695025/ID-CERT/%FD%01D%98%9A%F2%3F
-
-returns the default certificate name of ``/ndn/test/alice``. If option
-``-i`` is missing, the system default identity will be used.
-
-If you want to check default settings of a particular key, you can
-specify the key name with option ``-K``.
-
-::
-
- $ ndnsec get-default -c -K /ndn/test/alice/ksk-1394129695025
- /ndn/test/KEY/alice/ksk-1394129695025/ID-CERT/%FD%01D%98%9A%F2%3F
-
-In order to change the default setting, you can change it using command
-``set-default``. If you want to change the default system identity, you
-can use command:
-
-::
-
- $ ndnsec set-default /ndn/test/alice
-
-If you want to set a key as the default key of its corresponding
-identity, you can specify the key name with option ``-k``:
-
-::
-
- $ ndnsec set-default -k /ndn/test/alice/ksk-1394129695025
-
-If you want to set a certificate as the default certificate of its
-corresponding key, you can specify the certificate name with option
-``-c``:
-
-::
-
- $ ndnsec set-default -c /ndn/test/KEY/alice/ksk-1394129695025/ID-CERT/%FD%01D%98%9A%F2%3F
-
-key-gen
--------
-
-Command ``key-gen`` allows you to generate keys for a specified
-identity.
-
-::
-
- $ ndnsec key-gen /ndn/test/david
- Bv0DAAc9CANuZG4IBHRlc3QIBWRhdmlkCANLRVkIEWtzay0xMzk2OTEzMDU4MTk2
- CAdJRC1DRVJUCAgAAAFFPoG0ohQDGAECFf0BeDCCAXQwIhgPMjAxNDA0MDcyMzI0
- MThaGA8yMDM0MDQwMjIzMjQxOFowKjAoBgNVBCkTIS9uZG4vdGVzdC9kYXZpZC9r
- c2stMTM5NjkxMzA1ODE5NjCCASAwDQYJKoZIhvcNAQEBBQADggENADCCAQgCggEB
- ALS6udLacpydecxMRIfZeo74fxzpsITqaa/4UxD2FJ9lU4dtfiSSIOaRwAB/w0K/
- AauQRq3Q1AiEocUsW2h8LmtcuF4Cj9TGAUD/1s3CISMwf9zwQ3ZhNIzN0IOsrpPA
- TsHrbdwtOxrcFvXX4GnMLWgtvcSB52Cn68h/4AUiA1CG9/DOyCyA4EHiIkHBxh6B
- TvAmw7SmNjr1ZBTYMaMAEV5/oLZCHzHRO+2fKdEttaWH3bz7iKVVS8u5ZxXcBs8g
- ot55m7Xf6/TUk3qQXM1kM8wW04U+8n3jch1i7tD2T3c/OFKTT7AWndwcfbU99Z6C
- FZ7fMsgRHxFNY8hCFZJvFFUCAREWOhsBARw1BzMIA25kbggEdGVzdAgFZGF2aWQI
- A0tFWQgRa3NrLTEzOTY5MTMwNTgxOTYIB0lELUNFUlQX/QEAW2yfF8JTgu5okR+n
- dRlXc3UR/b1REegrpQb3xVzs7fYiiHwFYzQE9RzOuGh/9GSMvQcfejsPw021tJnj
- oxNx6spGTOK5Bc0QZGeC6YyNoVSaJr9Obc5Uh8eRqxw76r0pCUHP+l38UgUGeBg/
- aHurtcu5zK0zFYX++SAfUGLUZlG4CqKBUNZC+6w9OGUXlcW411zMzfqQ7V9Gxg+p
- 1IMNJQ6trTFdIwT/4YWHsxR+16r2TRWCNHtJey2GEG84YoqRh8y37jnu7oPhAtTN
- TgG9O7O39dZLiFg+UP3LpW1LY64fJXsNfZQmnZWcNo5lX6MXfeiPxWFjOQqnno82
- 1hgqgA==
-
-And the generated key will be automatically set to be the default key of
-the identity. The output of these command is a base64 encoded
-self-signed certificate of the generated key. By default, the specified
-identity will become the system default identity. If this is not your
-intention, you can specify option ``-n`` to disable that.
-
-sign-req
---------
-
-If you want to ask somebody else to issue you a certificate, you need to
-create a signing request. Such a signing request is a self-signed
-certificate of the your default key. You can generate this request using
-command ``sign-req``, for example:
-
-::
-
- $ ndnsec sign-req /ndn/test/david
-
-The request will be output to stdout. If you want to create a signing
-request for a particular key. You can specify the key name with option
-``-k``, for example:
-
-::
-
- $ ndnsec sign-req -k /ndn/test/david/ksk-1396913058196
-
-cert-gen
---------
-
-In order to issue others certificates, you can use command ``cert-gen``.
-Such a command requires a signing request (a self-signed certificate).
-
-::
-
- $ ndnsec cert-gen sign_request.cert
-
-You can specify the starting timestamp of the certificate's validity via
-option ``-S`` and the ending timestamp of the certificate's validity via
-option ``-E``. You can specify the name of the certificate owner via
-option ``-N`` and other information about the certificate owner via
-option ``-I``. At last, you may also specify the signing identity of the
-certificate via option ``-s``, the default key and certificate of the
-signing identity will be used to generate the requested certificate. If
-``-s`` is missing, the system default identity will be used. A complete
-example of ``cert-gen`` command could be:
-
-::
-
- $ ndnsec cert-gen -S 20140401000000 -E 20150331235959 -N "David" -I "2.5.4.10 'Some Organization'" -s /ndn/test sign_request.cert
- Bv0C9wc9CANuZG4IBHRlc3QIA0tFWQgFZGF2aWQIEWtzay0xMzk2OTEzMDU4MTk2
- CAdJRC1DRVJUCAgAAAFFPp2g3hQDGAECFf0BdjCCAXIwIhgPMjAxNDA0MDEwMDAw
- MDBaGA8yMDE1MDMzMTIzNTk1OVowKDAMBgNVBCkTBURhdmlkMBgGA1UEChMRU29t
- ZSBPcmdhbml6YXRpb24wggEgMA0GCSqGSIb3DQEBAQUAA4IBDQAwggEIAoIBAQC0
- urnS2nKcnXnMTESH2XqO+H8c6bCE6mmv+FMQ9hSfZVOHbX4kkiDmkcAAf8NCvwGr
- kEat0NQIhKHFLFtofC5rXLheAo/UxgFA/9bNwiEjMH/c8EN2YTSMzdCDrK6TwE7B
- 623cLTsa3Bb11+BpzC1oLb3Egedgp+vIf+AFIgNQhvfwzsgsgOBB4iJBwcYegU7w
- JsO0pjY69WQU2DGjABFef6C2Qh8x0TvtnynRLbWlh928+4ilVUvLuWcV3AbPIKLe
- eZu13+v01JN6kFzNZDPMFtOFPvJ943IdYu7Q9k93PzhSk0+wFp3cHH21PfWeghWe
- 3zLIER8RTWPIQhWSbxRVAgERFjMbAQEcLgcsCANuZG4IA0tFWQgEdGVzdAgRa3Nr
- LTEzOTQxMjk2OTQ3ODgIB0lELUNFUlQX/QEABUGcl7U+F8cwMHKckerv+1H2Nvsd
- OfeqX0+4RzWU+wRx2emMGMZZdHSx8M/i45hb0P5hbNEF99L35/SrSTSzhTZdOriD
- t/LQOcKBoNXY+iw3EUFM0gvRGU0kaEVBKAHtbYhtoHc48QLEyrsVaMqmrjCmpeF/
- JOcClhzJfFW3cZ/SlhcTEayF0ntogYLR2cMzIwQhhSj5L/Kl7I7uxNxZhK1DS98n
- q8oGAxHufEAluPrRpDQfI+jeQ4h/YYKcXPW3Vn7VQAGOqIi6gTlUxrmEbyCDF70E
- xj5t3wfSUmDa1N+hLRMdEAI+IjRRHDSx2Lhj/QcoPIZPWwKjBz9CBL92og==
-
-The output of ``cert-gen`` is the generated certificate with base64
-encoding.
-
-cert-install
-------------
-
-On receiving the requested certificate, you can install the certificate
-in your system via command ``cert-install``.
-
-::
-
- $ ndnsec cert-install cert_file.cert
-
-By default, the installed certificate will be set to be the default
-certificate of its corresponding identity. And this identity will become
-the system default identity. If this is not your intention, you can
-specify option ``-N`` to install the certificate without changing any
-default setting; or you can specify option ``-K`` to set the installed
-certificate to be the default certificate of its corresponding key; or
-option ``-I`` to set the installed certificate to be the default
-certificate of its corresponding identity.
-
-cert-dump
----------
-
-If you want to display a certificate in stdout, you can use command
-``cert-dump``.
-
-::
-
- $ ndnsec cert-dump /ndn/test/KEY/david/ksk-1396913058196/ID-CERT/%00%00%01E%3E%9D%A0%DE
-
-By default, a base64 encoded certificate is displayed. You can specify
-option ``-p`` to display a decoded certificate:
-
-::
-
- $ ndnsec cert-dump -p /ndn/test/KEY/david/ksk-1396913058196/ID-CERT/%00%00%01E%3E%9D%A0%DE
- Certificate name:
- /ndn/test/KEY/david/ksk-1396913058196/ID-CERT/%00%00%01E%3E%9D%A0%DE
- Validity:
- NotBefore: 20140401T000000
- NotAfter: 20150331T235959
- Subject Description:
- 2.5.4.41: David
- 2.5.4.10: Some Organization
- Public key bits:
- MIIBIDANBgkqhkiG9w0BAQEFAAOCAQ0AMIIBCAKCAQEAtLq50tpynJ15zExEh9l6
- jvh/HOmwhOppr/hTEPYUn2VTh21+JJIg5pHAAH/DQr8Bq5BGrdDUCIShxSxbaHwu
- a1y4XgKP1MYBQP/WzcIhIzB/3PBDdmE0jM3Qg6yuk8BOwett3C07GtwW9dfgacwt
- aC29xIHnYKfryH/gBSIDUIb38M7ILIDgQeIiQcHGHoFO8CbDtKY2OvVkFNgxowAR
- Xn+gtkIfMdE77Z8p0S21pYfdvPuIpVVLy7lnFdwGzyCi3nmbtd/r9NSTepBczWQz
- zBbThT7yfeNyHWLu0PZPdz84UpNPsBad3Bx9tT31noIVnt8yyBEfEU1jyEIVkm8U
- VQIB
-
-delete
-------
-
-If you want to delete identities, keys, or certificates, you can use
-command ``delete``. You need to supply a name to this command. By
-default the name should be the identity to delete. For example:
-
-::
-
- $ ndnsec delete /ndn/test/david
-
-If option ``-K`` or ``-k`` is specified, the name should be the name of
-the key to delete. If option ``-C`` or ``-c`` is specified, the name
-should be the name of the certificate to delete.
-
-export/import
--------------
-
-You can export or import security data of a specified identity. The
-security data may even include private key (which is protected by
-encryption).
-
-In order to export security data of an identity, you can use command:
-
-::
-
- $ ndnsec export /ndn/test/alice
-
-This will output all the public security data of the specified identity
-to ``stdout``. If you want to export private keys, you need to specify
-option ``-p``. If you want to export security data into a file, you can
-specify the file name with option ``-o``.
-
-If you can also import security data of a particular identity from a
-file, you can use command:
-
-::
-
- $ ndnsec import input_file
-
-If input\_file is ``-``, the command will import security data from
-``stdin``. If the security to import contains private key, you need to
-specify option ``-p``.
-
-unlock-tpm
-----------
-
-Depending on the internal implementation, the Trusted Platform Module
-(TPM) which manages private keys may be locked. If you want to
-explicitly unlock the TPM, you can use ``unlock-tpm`` command.
+.. _ndnsec-list: ndnsec-list.html
+.. _ndnsec-get-default: ndnsec-get-default.html
+.. _ndnsec-set-default: ndnsec-set-default.html
+.. _ndnsec-key-gen: ndnsec-key-gen.html
+.. _ndnsec-sign-req: ndnsec-sign-req.html
+.. _ndnsec-cert-gen: ndnsec-cert-gen.html
+.. _ndnsec-cert-dump: ndnsec-cert-dump.html
+.. _ndnsec-cert-install: ndnsec-cert-install.html
+.. _ndnsec-delete: ndnsec-delete.html
+.. _ndnsec-export: ndnsec-export.html
+.. _ndnsec-import: ndnsec-import.html
+.. _ndnsec-set-acl: ndnsec-set-acl.html
+.. _ndnsec-unlock-tpm: ndnsec-unlock-tpm.html
+.. _ndnsec-op-tool: ndnsec-op-tool.html
diff --git a/docs/manpages/tlvdump.rst b/docs/manpages/tlvdump.rst
new file mode 100644
index 0000000..eb50961
--- /dev/null
+++ b/docs/manpages/tlvdump.rst
@@ -0,0 +1,46 @@
+tlvdump
+=======
+
+``tlvdump`` is a simple application allowing to decode structure of TLV-encoded packet.
+
+Usage
+-----
+
+::
+
+ tlvdump [filename]
+
+Description
+-----------
+
+If filename is specified, ``tlvdump`` will attempt to read and decode content of the file,
+otherwise data will be read from standard input.
+
+Example
+-------
+
+::
+
+ $ tlvdump interest.tlv
+ 5 (Interest) (size: 89)
+ 7 (Name) (size: 20)
+ 8 (NameComponent) (size: 5) [[local]]
+ 8 (NameComponent) (size: 3) [[ndn]]
+ 8 (NameComponent) (size: 6) [[prefix]]
+ 9 (Selectors) (size: 55)
+ 13 (MinSuffixComponents) (size: 1) [[%01]]
+ 14 (MaxSuffixComponents) (size: 1) [[%01]]
+ 28 (KeyLocatorDigest) (size: 22)
+ 7 (Name) (size: 20)
+ 8 (NameComponent) (size: 4) [[test]]
+ 8 (NameComponent) (size: 3) [[key]]
+ 8 (NameComponent) (size: 7) [[locator]]
+ 16 (Exclude) (size: 20)
+ 8 (NameComponent) (size: 4) [[alex]]
+ 8 (NameComponent) (size: 4) [[xxxx]]
+ 19 (Any) (size: 0) [[...]]
+ 8 (NameComponent) (size: 4) [[yyyy]]
+ 17 (ChildSelector) (size: 1) [[%01]]
+ 10 (Nonce) (size: 1) [[%01]]
+ 11 (Scope) (size: 1) [[%01]]
+ 12 (InterestLifetime) (size: 2) [[%03%E8]]
diff --git a/docs/named_data_theme/static/base.css_t b/docs/named_data_theme/static/base.css_t
index 0f0b763..ea6938e 100644
--- a/docs/named_data_theme/static/base.css_t
+++ b/docs/named_data_theme/static/base.css_t
@@ -453,3 +453,11 @@
border-top: 1px solid #ac9;
border-bottom: 1px solid #ac9;
}
+
+td.linenos pre {
+ padding: 5px 0px;
+ border: 0;
+ background-color: transparent;
+ color: #aaa;
+ margin-top: -10pt;
+}
\ No newline at end of file
diff --git a/docs/named_data_theme/static/named_data_style.css_t b/docs/named_data_theme/static/named_data_style.css_t
index 0d00020..f37be7f 100644
--- a/docs/named_data_theme/static/named_data_style.css_t
+++ b/docs/named_data_theme/static/named_data_style.css_t
@@ -10,7 +10,7 @@
padding: 10px;
background-color: #fafafa;
color: #222;
- line-height: 1.0em;
+ /* line-height: 1.0em; */
border: 2px solid #C6C9CB;
font-size: 0.9em;
/* margin: 1.5em 0 1.5em 0; */
diff --git a/examples/consumer-with-timer.cpp b/examples/consumer-with-timer.cpp
index 83bb858..0f3890c 100644
--- a/examples/consumer-with-timer.cpp
+++ b/examples/consumer-with-timer.cpp
@@ -1,76 +1,95 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil -*- */
/**
- * Copyright (C) 2013 Regents of the University of California.
+ * Copyright (c) 2013-2014 Regents of the University of California.
* @author: Alexander Afanasyev <alexander.afanasyev@ucla.edu>
- * See COPYING for copyright and distribution information.
+ * BSD License, see COPYING for copyright and distribution information.
*/
// correct way to include NDN-CPP headers
// #include <ndn-cpp-dev/face.hpp>
+// #include <ndn-cpp-dev/util/scheduler.hpp>
#include "face.hpp"
#include "util/scheduler.hpp"
+// Enclosing code in ndn simplifies coding (can also use `using namespace ndn`)
+namespace ndn {
+// Additional nested namespace could be used to prevent/limit name contentions
+namespace examples {
+
void
-onData(ndn::Face &face,
- const ndn::Interest& interest, ndn::Data& data)
+onData(Face& face,
+ const Interest& interest, Data& data)
{
std::cout << "I: " << interest.toUri() << std::endl;
std::cout << "D: " << data.getName().toUri() << std::endl;
}
void
-onTimeout(ndn::Face &face,
- const ndn::Interest& interest)
+onTimeout(Face& face,
+ const Interest& interest)
{
std::cout << "Timeout" << std::endl;
}
void
-delayedInterest(ndn::Face &face)
+delayedInterest(Face& face)
{
std::cout << "One more Interest, delayed by the scheduler" << std::endl;
-
- ndn::Interest i(ndn::Name("/localhost/testApp/randomData"));
+
+ Interest i(Name("/localhost/testApp/randomData"));
i.setScope(1);
- i.setInterestLifetime(ndn::time::milliseconds(1000));
+ i.setInterestLifetime(time::milliseconds(1000));
i.setMustBeFresh(true);
face.expressInterest(i,
- ndn::bind(&onData, boost::ref(face), _1, _2),
- ndn::bind(&onTimeout, boost::ref(face), _1));
+ bind(&onData, boost::ref(face), _1, _2),
+ bind(&onTimeout, boost::ref(face), _1));
}
-int main()
+int
+main(int argc, char** argv)
{
try {
- // Explicitly create io_service object, which can be shared between
- // Face and Scheduler
- ndn::shared_ptr<boost::asio::io_service> io =
- ndn::make_shared<boost::asio::io_service>();
-
- ndn::Interest i(ndn::Name("/localhost/testApp/randomData"));
+ // Explicitly create io_service object, which can be shared between Face and Scheduler
+ shared_ptr<boost::asio::io_service> io = make_shared<boost::asio::io_service>();
+
+ Interest i(Name("/localhost/testApp/randomData"));
i.setScope(1);
- i.setInterestLifetime(ndn::time::seconds(1));
+ i.setInterestLifetime(time::seconds(1));
i.setMustBeFresh(true);
- ndn::Face face(io);
+ // Create face with io_service object
+ Face face(io);
face.expressInterest(i,
- ndn::bind(&onData, boost::ref(face), _1, _2),
- ndn::bind(&onTimeout, boost::ref(face), _1));
+ bind(&onData, boost::ref(face), _1, _2),
+ bind(&onTimeout, boost::ref(face), _1));
- ndn::Scheduler scheduler(*io);
- scheduler.scheduleEvent(ndn::time::seconds(2),
- ndn::bind(&delayedInterest, boost::ref(face)));
-
+ // Create scheduler object
+ Scheduler scheduler(*io);
+
+ // Schedule a new event
+ scheduler.scheduleEvent(time::seconds(2),
+ bind(&delayedInterest, boost::ref(face)));
+
+ // io->run() will block until all events finished or io->stop() is called
io->run();
-
+
// Alternatively, a helper face.processEvents() also can be called
// processEvents will block until the requested data received or timeout occurs
// face.processEvents();
}
- catch(std::exception &e) {
+ catch(std::exception& e) {
std::cerr << "ERROR: " << e.what() << std::endl;
}
return 0;
}
+
+} // namespace examples
+} // namespace ndn
+
+int
+main(int argc, char** argv)
+{
+ return ndn::examples::main(argc, argv);
+}
diff --git a/examples/consumer.cpp b/examples/consumer.cpp
index 9ef366a..bb4ab31 100644
--- a/examples/consumer.cpp
+++ b/examples/consumer.cpp
@@ -1,47 +1,63 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil -*- */
/**
- * Copyright (C) 2013 Regents of the University of California.
+ * Copyright (c) 2013-2014 Regents of the University of California.
* @author: Alexander Afanasyev <alexander.afanasyev@ucla.edu>
- * See COPYING for copyright and distribution information.
+ * BSD License, see COPYING for copyright and distribution information.
*/
// correct way to include NDN-CPP headers
// #include <ndn-cpp-dev/face.hpp>
#include "face.hpp"
+// Enclosing code in ndn simplifies coding (can also use `using namespace ndn`)
+namespace ndn {
+// Additional nested namespace could be used to prevent/limit name contentions
+namespace examples {
+
void
-onData(ndn::Face &face,
- const ndn::Interest& interest, ndn::Data& data)
+onData(Face& face,
+ const Interest& interest, Data& data)
{
std::cout << "I: " << interest.toUri() << std::endl;
std::cout << "D: " << data.getName().toUri() << std::endl;
}
void
-onTimeout(ndn::Face &face,
- const ndn::Interest& interest)
+onTimeout(Face& face,
+ const Interest& interest)
{
std::cout << "Timeout" << std::endl;
}
-int main()
+int
+main(int argc, char** argv)
{
try {
- ndn::Interest i(ndn::Name("/localhost/testApp/randomData"));
+ Interest i(Name("/localhost/testApp/randomData"));
i.setScope(1);
- i.setInterestLifetime(ndn::time::milliseconds(1000));
+ i.setInterestLifetime(time::milliseconds(1000));
i.setMustBeFresh(true);
- ndn::Face face;
+ Face face;
face.expressInterest(i,
- ndn::bind(onData, boost::ref(face), _1, _2),
- ndn::bind(onTimeout, boost::ref(face), _1));
+ bind(onData, boost::ref(face), _1, _2),
+ bind(onTimeout, boost::ref(face), _1));
// processEvents will block until the requested data received or timeout occurs
face.processEvents();
}
- catch(std::exception &e) {
+ catch(std::exception& e) {
std::cerr << "ERROR: " << e.what() << std::endl;
+ return 1;
}
return 0;
}
+
+} // namespace examples
+} // namespace ndn
+
+int
+main(int argc, char** argv)
+{
+ return ndn::examples::main(argc, argv);
+}
diff --git a/examples/producer.cpp b/examples/producer.cpp
index 1327e94..4defc29 100644
--- a/examples/producer.cpp
+++ b/examples/producer.cpp
@@ -1,8 +1,8 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil -*- */
/**
- * Copyright (C) 2013 Regents of the University of California.
+ * Copyright (c) 2013-2014 Regents of the University of California.
* @author: Alexander Afanasyev <alexander.afanasyev@ucla.edu>
- * See COPYING for copyright and distribution information.
+ * BSD License, see COPYING for copyright and distribution information.
*/
// correct way to include NDN-CPP headers
@@ -12,61 +12,76 @@
#include "face.hpp"
#include "security/key-chain.hpp"
-using namespace ndn;
+// Enclosing code in ndn simplifies coding (can also use `using namespace ndn`)
+namespace ndn {
+// Additional nested namespace could be used to prevent/limit name contentions
+namespace examples {
class Producer
{
public:
- Producer()
- {}
-
void
onInterest(const Name& name, const Interest& interest)
{
std::cout << "<< I: " << interest << std::endl;
- ndn::Data data(ndn::Name(interest.getName()).append("testApp").appendVersion());
- data.setFreshnessPeriod(ndn::time::seconds(10));
+ // Create new name, based on Interest's name
+ Name dataName(interest.getName());
+ dataName
+ .append("testApp") // add "testApp" component to Interest name
+ .appendVersion(); // add "version" component (current UNIX timestamp in milliseconds)
- data.setContent((const uint8_t*)"HELLO KITTY", sizeof("HELLO KITTY"));
+ static const std::string content = "HELLO KITTY";
- keyChain_.sign(data);
+ // Create Data packet
+ Data data;
+ data.setName(dataName);
+ data.setFreshnessPeriod(time::seconds(10));
+ data.setContent(Block(content.c_str(), content.size()));
+ // Sign Data packet with default identity
+ m_keyChain.sign(data);
+ // m_keyChain.sign(data, <identityName>);
+ // m_keyChain.sign(data, <certificate>);
+
+ // Return Data packet to the requester
std::cout << ">> D: " << data << std::endl;
- face_.put(data);
+ m_face.put(data);
}
void
- onRegisterFailed (const ndn::Name& prefix, const std::string& reason)
+ onRegisterFailed(const Name& prefix, const std::string& reason)
{
std::cerr << "ERROR: Failed to register prefix in local hub's daemon (" << reason << ")" << std::endl;
- face_.shutdown ();
+ m_face.shutdown();
}
void
- listen()
+ run()
{
- face_.setInterestFilter("/localhost/testApp",
- func_lib::bind(&Producer::onInterest, this, _1, _2),
- func_lib::bind(&Producer::onRegisterFailed, this, _1, _2));
- face_.processEvents();
+ m_face.setInterestFilter("/localhost/testApp",
+ bind(&Producer::onInterest, this, _1, _2),
+ bind(&Producer::onRegisterFailed, this, _1, _2));
+ m_face.processEvents();
}
private:
- ndn::Face face_;
- KeyChain keyChain_;
-
- Buffer ndndId_;
+ Face m_face;
+ KeyChain m_keyChain;
};
-int main()
+} // namespace examples
+} // namespace ndn
+
+int
+main(int argc, char** argv)
{
try {
- Producer producer;
- producer.listen();
+ ndn::examples::Producer producer;
+ producer.run();
}
- catch(std::exception &e) {
+ catch (std::exception& e) {
std::cerr << "ERROR: " << e.what() << std::endl;
}
return 0;