diff options
| -rw-r--r-- | usr.sbin/openssl/openssl.1 | 128 |
1 files changed, 127 insertions, 1 deletions
diff --git a/usr.sbin/openssl/openssl.1 b/usr.sbin/openssl/openssl.1 index 386699c6ff9..73cbf236861 100644 --- a/usr.sbin/openssl/openssl.1 +++ b/usr.sbin/openssl/openssl.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: openssl.1,v 1.73 2010/10/09 10:03:44 jmc Exp $ +.\" $OpenBSD: openssl.1,v 1.74 2010/10/09 18:22:46 jmc Exp $ .\" ==================================================================== .\" Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. .\" @@ -316,6 +316,8 @@ PKCS#7 data management. PKCS#8 data management. .It Cm pkcs12 PKCS#12 data management. +.It Cm pkey +Public and private key management. .It Cm rand Generate pseudo-random bytes. .It Cm req @@ -5018,6 +5020,130 @@ $ openssl -in keycerts.pem -export -name "My PKCS#12 file" \e -out fixed.p12 .Ed .\" +.\" PKEY +.\" +.Sh PKEY +.Cm openssl pkey +.Bk -words +.Op Ar cipher +.Op Fl noout +.Op Fl pubin +.Op Fl pubout +.Op Fl text +.Op Fl text_pub +.Op Fl engine Ar id +.Op Fl in Ar filename +.Op Fl inform Ar DER | PEM +.Op Fl out Ar filename +.Op Fl outform Ar DER | PEM +.Op Fl passin Ar arg +.Op Fl passout Ar arg +.Ek +.Pp +The +.Nm pkey +command processes public or private keys. +They can be converted between various forms +and their components printed out. +.Pp +The options are as follows: +.Bl -tag -width Ds +.It Ar cipher +These options encrypt the private key with the supplied cipher. +Any algorithm name accepted by +.Fn EVP_get_cipherbyname +is acceptable, such as +.Cm des3 . +.It Fl engine Ar id +Specifying an engine (by its unique +.Ar id +string) will cause +.Nm pkey +to attempt to obtain a functional reference to the specified engine, +thus initialising it if needed. +The engine will then be set as the default +for all available algorithms. +.It Fl in Ar filename +This specifies the input filename to read a key from, +or standard input if this option is not specified. +If the key is encrypted a pass phrase will be prompted for. +.It Fl inform Ar DER | PEM +This specifies the input format, DER or PEM. +.It Fl noout +Do not output the encoded version of the key. +.It Fl out Ar filename +This specifies the output filename to write a key to, +or standard output if this option is not specified. +If any encryption options are set then a pass phrase +will be prompted for. +The output filename should +.Em not +be the same as the input filename. +.It Fl outform Ar DER | PEM +This specifies the output format; +the options have the same meaning as the +.Fl inform +option. +.It Fl passin Ar arg +The input file password source. +For more information about the format of +.Ar arg +see the +.Sx PASS PHRASE ARGUMENTS +section above. +.It Fl passout Ar arg +The output file password source. +For more information about the format of +.Ar arg +see the +.Sx PASS PHRASE ARGUMENTS +section above. +.It Fl pubin +By default a private key is read from the input file: +with this option a public key is read instead. +.It Fl pubout +By default a private key is output: +with this option a public key will be output instead. +This option is automatically set if +the input is a public key. +.It Fl text +Print out the various public or private key components in +plain text in addition to the encoded version. +.It Fl text_pub +Print out only public key components +even if a private key is being processed. +.El +.Sh PKEY EXAMPLES +To remove the pass phrase on an RSA private key: +.Bd -literal -offset indent +$ openssl pkey -in key.pem -out keyout.pem +.Ed +.Pp +To encrypt a private key using triple DES: +.Bd -literal -offset indent +$ openssl pkey -in key.pem -des3 -out keyout.pem +.Ed +.Pp +To convert a private key from PEM to DER format: +.Bd -literal -offset indent +$ openssl pkey -in key.pem -outform DER -out keyout.der +.Ed +.Pp +To print the components of a private key to standard output: +.Bd -literal -offset indent +$ openssl pkey -in key.pem -text -noout +.Ed +.Pp +To print the public components of a private key to standard output: +.Bd -literal -offset indent +$ openssl pkey -in key.pem -text_pub -noout +.Ed +.Pp +To just output the public part of a private key: +.Bd -literal -offset indent +$ openssl pkey -in key.pem -pubout -out pubkey.pem +.Ed +.\" .\" RAND .\" .Sh RAND |