=================================================================== RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/openssl/openssl.1,v retrieving revision 1.59 retrieving revision 1.60 diff -u -r1.59 -r1.60 --- src/usr.bin/openssl/openssl.1 2016/08/23 18:54:04 1.59 +++ src/usr.bin/openssl/openssl.1 2016/08/24 08:07:33 1.60 @@ -1,4 +1,4 @@ -.\" $OpenBSD: openssl.1,v 1.59 2016/08/23 18:54:04 jmc Exp $ +.\" $OpenBSD: openssl.1,v 1.60 2016/08/24 08:07:33 jmc Exp $ .\" ==================================================================== .\" Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. .\" @@ -112,7 +112,7 @@ .\" .\" OPENSSL .\" -.Dd $Mdocdate: August 23 2016 $ +.Dd $Mdocdate: August 24 2016 $ .Dt OPENSSL 1 .Os .Sh NAME @@ -1354,12 +1354,10 @@ .It Fl passout Ar arg The output file password source. .It Fl pubin -By default, a private key is read from the input file. -With this option a public key is read instead. +Read in a public key, not a private key. .It Fl pubout -By default, a private key is output. -With this option a public key will be output instead. -This option is automatically set if the input is a public key. +Output a public key, not a private key. +Automatically set if the input is a public key. .It Fl text Print the public/private key components and parameters. .El @@ -1551,12 +1549,10 @@ .It Fl passout Ar arg The output file password source. .It Fl pubin -By default a private key is read from the input file; -with this option a public key is read instead. +Read in a public key, not a private key. .It Fl pubout -By default a private key is output; -with this option a public key is output instead. -This option is automatically set if the input is a public key. +Output a public key, not a private key. +Automatically set if the input is a public key. .It Fl text Print the public/private key components and parameters. .El @@ -2856,26 +2852,21 @@ .It Fl passout Ar arg The output file password source. .El -.\" -.\" PKEY -.\" .Sh PKEY .nr nS 1 .Nm "openssl pkey" -.Bk -words .Op Ar cipher .Op Fl in Ar file -.Op Fl inform Ar DER | PEM +.Op Fl inform Cm der | pem .Op Fl noout .Op Fl out Ar file -.Op Fl outform Ar DER | PEM +.Op Fl outform Cm der | pem .Op Fl passin Ar arg .Op Fl passout Ar arg .Op Fl pubin .Op Fl pubout .Op Fl text .Op Fl text_pub -.Ek .nr nS 0 .Pp The @@ -2887,81 +2878,42 @@ The options are as follows: .Bl -tag -width Ds .It Ar cipher -These options encrypt the private key with the supplied cipher. +Encrypt the private key with the specified cipher. Any algorithm name accepted by -.Fn EVP_get_cipherbyname +.Xr EVP_get_cipherbyname 3 is acceptable, such as .Cm des3 . .It Fl in Ar file -This specifies the input filename to read a key from, -or standard input if this option is not specified. +The input file to read from, +or standard input if not specified. If the key is encrypted a pass phrase will be prompted for. -.It Fl inform Ar DER | PEM -This specifies the input format, DER or PEM. +.It Fl inform Cm der | pem +The input format. .It Fl noout Do not output the encoded version of the key. .It Fl out Ar file -This specifies the output filename to write a key to, -or standard output if this option is not specified. +The output file to write to, +or standard output if not specified. If any encryption options are set then a pass phrase will be prompted for. -The output filename should -.Em not -be the same as the input filename. -.It Fl outform Ar DER | PEM -This specifies the output format; -the options have the same meaning as the -.Fl inform -option. +.It Fl outform Cm der | pem +The output format. .It Fl passin Ar arg The key password source. .It Fl passout Ar arg The output file password source. .It Fl pubin -By default a private key is read from the input file: -with this option a public key is read instead. +Read in a public key, not a private key. .It Fl pubout -By default a private key is output: -with this option a public key will be output instead. -This option is automatically set if -the input is a public key. +Output a public key, not a private key. +Automatically set if the input is a public key. .It Fl text -Print out the various public or private key components in -plain text in addition to the encoded version. +Print out the various public or private key components in plain text +in addition to the encoded version. .It Fl text_pub Print out only public key components even if a private key is being processed. .El -.Sh PKEY EXAMPLES -To remove the pass phrase on an RSA private key: -.Bd -literal -offset indent -$ openssl pkey -in key.pem -out keyout.pem -.Ed -.Pp -To encrypt a private key using triple DES: -.Bd -literal -offset indent -$ openssl pkey -in key.pem -des3 -out keyout.pem -.Ed -.Pp -To convert a private key from PEM to DER format: -.Bd -literal -offset indent -$ openssl pkey -in key.pem -outform DER -out keyout.der -.Ed -.Pp -To print the components of a private key to standard output: -.Bd -literal -offset indent -$ openssl pkey -in key.pem -text -noout -.Ed -.Pp -To print the public components of a private key to standard output: -.Bd -literal -offset indent -$ openssl pkey -in key.pem -text_pub -noout -.Ed -.Pp -To just output the public part of a private key: -.Bd -literal -offset indent -$ openssl pkey -in key.pem -pubout -out pubkey.pem -.Ed .\" .\" PKEYPARAM .\"