summaryrefslogtreecommitdiff
path: root/usr.sbin/openssl
diff options
context:
space:
mode:
authorJason McIntyre <jmc@cvs.openbsd.org>2010-10-17 13:30:38 +0000
committerJason McIntyre <jmc@cvs.openbsd.org>2010-10-17 13:30:38 +0000
commitdad845da61fc82ba6a2b98f1db01017949169f23 (patch)
treec8e6aa351dfc51ba5f64e14864e939f9a3817315 /usr.sbin/openssl
parent337bb5882fccf6bbf5a88a8036b5d93f772f73e4 (diff)
various tweaks for consistency;
Diffstat (limited to 'usr.sbin/openssl')
-rw-r--r--usr.sbin/openssl/openssl.1154
1 files changed, 62 insertions, 92 deletions
diff --git a/usr.sbin/openssl/openssl.1 b/usr.sbin/openssl/openssl.1
index 901c9abcd68..ba1b88587a4 100644
--- a/usr.sbin/openssl/openssl.1
+++ b/usr.sbin/openssl/openssl.1
@@ -1,4 +1,4 @@
-.\" $OpenBSD: openssl.1,v 1.82 2010/10/15 21:05:06 jmc Exp $
+.\" $OpenBSD: openssl.1,v 1.83 2010/10/17 13:30:37 jmc Exp $
.\" ====================================================================
.\" Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
.\"
@@ -112,7 +112,7 @@
.\"
.\" OPENSSL
.\"
-.Dd $Mdocdate: October 15 2010 $
+.Dd $Mdocdate: October 17 2010 $
.Dt OPENSSL 1
.Os
.Sh NAME
@@ -1989,10 +1989,8 @@ install user certificates and CAs in MSIE using the Xenroll control.
.nr nS 0
.Pp
.Nm openssl
-.Xo
.Cm md2 | md4 | md5 |
.Cm ripemd160 | sha | sha1
-.Xc
.Op Fl c
.Op Fl d
.Op Ar
@@ -2037,26 +2035,22 @@ Specifies the key format to sign the digest with.
.It Fl mac Ar algorithm
Create a keyed Message Authentication Code (MAC).
The most popular MAC algorithm is HMAC (hash-based MAC),
-but there are other MAC algorithms which are not based on hash,
-for instance the gost-mac algorithm,
-supported by the ccgost engine.
+but there are other MAC algorithms which are not based on hash.
MAC keys and other options should be set via the
.Fl macopt
parameter.
.It Fl macopt Ar nm : Ns Ar v
Passes options to the MAC algorithm, specified by
.Fl mac .
-The following options are supported by both by HMAC and gost-mac:
+The following options are supported by HMAC:
.Bl -tag -width Ds
.It Ar key : Ns Ar string
Specifies the MAC key as an alphanumeric string
(use if the key contain printable characters only).
-String length must conform to any restrictions of the MAC algorithm,
-for example exactly 32 chars for gost-mac.
+String length must conform to any restrictions of the MAC algorithm.
.It Ar hexkey : Ns Ar string
Specifies the MAC key in hexadecimal form (two hex digits per byte).
-Key length must conform to any restrictions of the MAC algorithm,
-for example exactly 32 chars for gost-mac.
+Key length must conform to any restrictions of the MAC algorithm.
.El
.It Fl out Ar file
The file to output to, or standard output by default.
@@ -2382,7 +2376,7 @@ This specifies the output format; the options have the same meaning as the
.Fl inform
option.
.It Fl passin Ar arg
-The input file password source.
+The key password source.
For more information about the format of
.Ar arg ,
see the
@@ -2548,11 +2542,11 @@ DSA parameters is often used to generate several distinct keys.
.Op Fl des
.Op Fl des3
.Op Fl engine Ar id
-.Op Fl in Ar filename
-.Op Fl inform Ar PEM|DER
+.Op Fl in Ar file
+.Op Fl inform Ar DER | PEM
.Op Fl noout
-.Op Fl out Ar filename
-.Op Fl outform Ar PEM|DER
+.Op Fl out Ar file
+.Op Fl outform Ar DER | PEM
.Op Fl param_enc Ar arg
.Op Fl param_out
.Op Fl passin Ar arg
@@ -2620,9 +2614,8 @@ string) will cause
.Nm ec
to attempt to obtain a functional reference to the specified engine,
thus initialising it if needed.
-The engine will then be set as the default
-for all available algorithms.
-.It Fl in Ar filename
+The engine will then be set as the default for all available algorithms.
+.It Fl in Ar file
This specifies the input filename to read a key from,
or standard input if this option is not specified.
If the key is encrypted a pass phrase will be prompted for.
@@ -2639,7 +2632,7 @@ In the case of a private key
PKCS#8 format is also accepted.
.It Fl noout
Prevents output of the encoded version of the key.
-.It Fl out Ar filename
+.It Fl out Ar file
Specifies the output filename to write a key to,
or standard output if none is specified.
If any encryption options are set then a pass phrase will be prompted for.
@@ -2668,7 +2661,7 @@ as specified in RFC 3279,
is currently not implemented in
.Nm OpenSSL .
.It Fl passin Ar arg
-The input file password source.
+The key password source.
For more information about the format of
.Ar arg ,
see the
@@ -2755,13 +2748,13 @@ command was first introduced in
.Op Fl conv_form Ar arg
.Op Fl engine Ar id
.Op Fl genkey
-.Op Fl in Ar filename
+.Op Fl in Ar file
.Op Fl inform Ar DER | PEM
.Op Fl list_curves
.Op Fl name Ar arg
.Op Fl no_seed
.Op Fl noout
-.Op Fl out Ar filename
+.Op Fl out Ar file
.Op Fl outform Ar DER | PEM
.Op Fl param_enc Ar arg
.Op Fl rand Ar file ...
@@ -2805,16 +2798,15 @@ string) will cause
.Nm ecparam
to attempt to obtain a functional reference to the specified engine,
thus initialising it if needed.
-The engine will then be set as the default
-for all available algorithms.
+The engine will then be set as the default for all available algorithms.
.It Fl genkey
Generate an EC private key using the specified parameters.
-.It Fl in Ar filename
+.It Fl in Ar file
Specify the input filename to read parameters from or standard input if
this option is not specified.
.It Fl inform Ar DER | PEM
Specify the input format.
-DER uses an ASN.1 DER encoded
+DER uses an ASN.1 DER-encoded
form compatible with RFC 3279 EcpkParameters.
PEM is the default format:
it consists of the DER format base64 encoded with additional
@@ -2832,7 +2824,7 @@ Inhibit that the 'seed' for the parameter generation
is included in the ECParameters structure (see RFC 3279).
.It Fl noout
Inhibit the output of the encoded version of the parameters.
-.It Fl out Ar filename
+.It Fl out Ar file
Specify the output filename parameters are written to.
Standard output is used if this option is not present.
The output filename should
@@ -3123,7 +3115,6 @@ because this form is processed before the
configuration file is read and any engines loaded.
.Pp
Engines which provide entirely new encryption algorithms
-(such as the ccgost engine which provides the gost89 algorithm)
should be configured in the configuration file.
Engines, specified on the command line using the
.Fl engine
@@ -3456,7 +3447,7 @@ much quicker than RSA key generation, for example.
.Op Ar cipher
.Op Fl engine Ar id
.Op Fl genparam
-.Op Fl out Ar filename
+.Op Fl out Ar file
.Op Fl outform Ar DER | PEM
.Op Fl paramfile Ar file
.Op Fl pass Ar arg
@@ -3499,8 +3490,7 @@ string) will cause
.Nm genpkey
to attempt to obtain a functional reference to the specified engine,
thus initialising it if needed.
-The engine will then be set as the default
-for all available algorithms.
+The engine will then be set as the default for all available algorithms.
.It Fl genparam
Generate a set of parameters instead of a private key.
If used this option must precede any
@@ -3509,7 +3499,7 @@ If used this option must precede any
or
.Fl pkeyopt
options.
-.It Fl out Ar filename
+.It Fl out Ar file
The output filename.
If this argument is not specified then standard output is used.
.It Fl outform Ar DER | PEM
@@ -3530,7 +3520,7 @@ are mutually exclusive.
.It Fl pass Ar arg
The output file password source.
For more information about the format of
-.Ar arg
+.Ar arg ,
see the
.Sx PASS PHRASE ARGUMENTS
section above.
@@ -4531,7 +4521,7 @@ This specifies the output format; the options have the same meaning as the
.Fl inform
option.
.It Fl passin Ar arg
-The input file password source.
+The key password source.
For more information about the format of
.Ar arg ,
see the
@@ -4783,16 +4773,14 @@ The
to write certificates and private keys to, standard output by default.
They are all written in PEM format.
.It Fl passin Ar arg
-The PKCS#12 file
-.Pq i.e. input file
-password source.
+The key password source.
For more information about the format of
.Ar arg ,
see the
.Sx PASS PHRASE ARGUMENTS
section above.
.It Fl passout Ar arg
-Pass phrase source to encrypt any outputed private keys with.
+The output file password source.
For more information about the format of
.Ar arg ,
see the
@@ -4927,16 +4915,14 @@ This specifies
to write the PKCS#12 file to.
Standard output is used by default.
.It Fl passin Ar arg
-Pass phrase source to decrypt any input private keys with.
+The key password source.
For more information about the format of
.Ar arg ,
see the
.Sx PASS PHRASE ARGUMENTS
section above.
.It Fl passout Ar arg
-The PKCS#12 file
-.Pq i.e. output file
-password source.
+The output file password source.
For more information about the format of
.Ar arg ,
see the
@@ -5109,8 +5095,7 @@ string) will cause
.Nm pkey
to attempt to obtain a functional reference to the specified engine,
thus initialising it if needed.
-The engine will then be set as the default
-for all available algorithms.
+The engine will then be set as the default for all available algorithms.
.It Fl in Ar file
This specifies the input filename to read a key from,
or standard input if this option is not specified.
@@ -5133,9 +5118,9 @@ the options have the same meaning as the
.Fl inform
option.
.It Fl passin Ar arg
-The input file password source.
+The key password source.
For more information about the format of
-.Ar arg
+.Ar arg ,
see the
.Sx PASS PHRASE ARGUMENTS
section above.
@@ -5216,8 +5201,7 @@ string) will cause
.Nm pkeyparam
to attempt to obtain a functional reference to the specified engine,
thus initialising it if needed.
-The engine will then be set as the default
-for all available algorithms.
+The engine will then be set as the default for all available algorithms.
.It Fl in Ar file
This specifies the input filename to read parameters from,
or standard input if this option is not specified.
@@ -5257,10 +5241,10 @@ because the key type is determined by the PEM headers.
.Op Fl hexdump
.Op Fl in Ar file
.Op Fl inkey Ar file
-.Op Fl keyform Ar DER | PEM
+.Op Fl keyform Ar DER | ENGINE | PEM
.Op Fl out Ar file
.Op Fl passin Ar arg
-.Op Fl peerform Ar DER | PEM
+.Op Fl peerform Ar DER | ENGINE | PEM
.Op Fl peerkey Ar file
.Op Fl pkeyopt Ar opt : Ns Ar value
.Op Fl pubin
@@ -5299,8 +5283,7 @@ string) will cause
.Nm pkeyutl
to attempt to obtain a functional reference to the specified engine,
thus initialising it if needed.
-The engine will then be set as the default
-for all available algorithms.
+The engine will then be set as the default for all available algorithms.
.It Fl hexdump
Hex dump the output data.
.It Fl in Ar file
@@ -5309,20 +5292,20 @@ or standard input if this option is not specified.
.It Fl inkey Ar file
The input key file.
By default it should be a private key.
-.It Fl keyform Ar DER | PEM
-The key format DER, PEM, or ENGINE.
+.It Fl keyform Ar DER | ENGINE | PEM
+The key format DER, ENGINE, or PEM.
.It Fl out Ar file
Specify the output filename to write to,
or standard output by default.
.It Fl passin Ar arg
-The input key password source.
+The key password source.
For more information about the format of
-.Ar arg
+.Ar arg ,
see the
.Sx PASS PHRASE ARGUMENTS
section above.
-.It Fl peerform Ar DER | PEM
-The peer key format DER, PEM, or ENGINE.
+.It Fl peerform Ar DER | ENGINE | PEM
+The peer key format DER, ENGINE, or PEM.
.It Fl peerkey Ar file
The peer key file, used by key derivation (agreement) operations.
.It Fl pkeyopt Ar opt : Ns Ar value
@@ -5706,9 +5689,7 @@ This specifies the message digest to sign the request with.
This overrides the digest algorithm specified in the configuration file.
.Pp
Some public key algorithms may override this choice.
-For instance, DSA signatures always use SHA1;
-GOST R 34.10 signatures always use GOST R 34.11-94
-.Pq Fl md_gost94 .
+For instance, DSA signatures always use SHA1.
.It Fl modulus
This option prints out the value of the modulus of the public key
contained in the request.
@@ -5779,18 +5760,9 @@ should be specified via the
.Fl pkeyopt
option.
.Pp
-.Ar dsa : Ns Ar filename
+.Ar dsa : Ns Ar file
generates a DSA key using the parameters in the file
-.Ar filename .
-.Ar ec : Ns Ar filename
-generates an EC key (usable both with ECDSA or ECDH algorithms);
-.Ar gost2001 : Ns Ar filename
-generates a GOST R 34.10-2001 key
-(requires the ccgost engine configured in the configuration file).
-If just
-.Cm gost2001
-is specified a parameter set should be specified by
-.Cm -pkeyopt paramset:X .
+.Ar file .
.It Fl no-asn1-kludge
Reverses the effect of
.Fl asn1-kludge .
@@ -5808,7 +5780,7 @@ This specifies the output format; the options have the same meaning as the
.Fl inform
option.
.It Fl passin Ar arg
-The input file password source.
+The key password source.
For more information about the format of
.Ar arg ,
see the
@@ -6446,7 +6418,7 @@ This specifies the output format; the options have the same meaning as the
.Fl inform
option.
.It Fl passin Ar arg
-The input file password source.
+The key password source.
For more information about the format of
.Ar arg ,
see the
@@ -7688,10 +7660,9 @@ The cipher and start time should be printed out in human readable form.
.nr nS 1
.Nm "openssl smime"
.Bk -words
-.Oo Xo
+.Oo
.Fl aes128 | aes192 | aes256 | des |
.Fl des3 | rc2-40 | rc2-64 | rc2-128
-.Xc
.Oc
.Op Fl binary
.Op Fl CAfile Ar file
@@ -7867,8 +7838,7 @@ string) will cause
.Nm smime
to attempt to obtain a functional reference to the specified engine,
thus initialising it if needed.
-The engine will then be set as the default
-for all available algorithms.
+The engine will then be set as the default for all available algorithms.
.It Xo
.Fl from Ar addr ,
.Fl subject Ar s ,
@@ -7992,7 +7962,7 @@ or
.Fl decrypt )
this option has no effect.
.It Fl passin Ar arg
-The private key password source.
+The key password source.
For more information about the format of
.Ar arg ,
see the
@@ -8319,8 +8289,7 @@ string) will cause
.Nm speed
to attempt to obtain a functional reference to the specified engine,
thus initialising it if needed.
-The engine will then be set as the default
-for all available algorithms.
+The engine will then be set as the default for all available algorithms.
.It Fl elapsed
Measure time in real time instead of CPU user time.
.It Fl evp Ar e
@@ -8365,7 +8334,7 @@ benchmarks in parallel.
.Op Fl in Ar response.tsr
.Op Fl inkey Ar private.pem
.Op Fl out Ar response.tsr
-.Op Fl passin Ar password_src
+.Op Fl passin Ar arg
.Op Fl policy Ar object_id
.Op Fl queryfile Ar request.tsq
.Op Fl section Ar tsa_section
@@ -8414,7 +8383,7 @@ It also checks if the token contains the same hash
value that it had sent to the TSA.
.El
.Pp
-There is one DER encoded protocol data unit defined for transporting a time
+There is one DER-encoded protocol data unit defined for transporting a time
stamp request to the TSA and one for sending the time stamp response
back to the client.
The
@@ -8539,8 +8508,7 @@ string) will cause
.Nm ts
to attempt to obtain a functional reference to the specified engine,
thus initialising it if needed.
-The engine will then be set as the default
-for all available algorithms.
+The engine will then be set as the default for all available algorithms.
.It Fl in Ar response.tsr
Specifies a previously created time stamp response or time stamp token, if
.Fl token_in
@@ -8565,9 +8533,11 @@ The format and content of the file depends on other options (see
and
.Fl token_out ) .
The default is stdout.
-.It Fl passin Ar password_src
-Specifies the password source for the private key of the TSA.
-See the
+.It Fl passin Ar arg
+The key password source.
+For more information about the format of
+.Ar arg ,
+see the
.Sx PASS PHRASE ARGUMENTS
section above.
.It Fl policy Ar object_id
@@ -8600,7 +8570,7 @@ instead of DER.
.It Fl token_in
This flag can be used together with the
.Fl in
-option and indicates that the input is a DER encoded time stamp token
+option and indicates that the input is a DER-encoded time stamp token
(ContentInfo) instead of a time stamp response (TimeStampResp).
.It Fl token_out
The output is a time stamp token (ContentInfo) instead of time stamp
@@ -9016,7 +8986,7 @@ Specifies the output
.Ar file
to write to, or standard output by default.
.It Fl passin Ar arg
-The input file password source.
+The key password source.
For more information about the format of
.Ar arg ,
see the