diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2006-07-10 23:10:26 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2006-07-10 23:10:26 +0000 |
commit | e45492955809127e7305329f14f2071e273320bf (patch) | |
tree | 86082a4be4d1b3b4eee6e1035c9d7908d09e1aaf /doc | |
parent | 105f6a6323cd1a9ac7fab68d575bf0382324a3bc (diff) | |
download | openssl-e45492955809127e7305329f14f2071e273320bf.tar.gz |
Add docs for pkeyparam. Update some existing docs.
Diffstat (limited to 'doc')
-rw-r--r-- | doc/apps/genpkey.pod | 21 | ||||
-rw-r--r-- | doc/apps/openssl.pod | 42 | ||||
-rw-r--r-- | doc/apps/pkeyparam.pod | 69 |
3 files changed, 117 insertions, 15 deletions
diff --git a/doc/apps/genpkey.pod b/doc/apps/genpkey.pod index 8ca5dca283..3f4489a18a 100644 --- a/doc/apps/genpkey.pod +++ b/doc/apps/genpkey.pod @@ -50,11 +50,14 @@ name accepted by EVP_get_cipherbyname() is acceptable such as B<des3>. specifying an engine (by it's unique B<id> string) will cause B<req> to attempt to obtain a functional reference to the specified engine, thus initialising it if needed. The engine will then be set as the default -for all available algorithms. +for all available algorithms. If used this option should precede all other +options. =item B<-algorithm alg> -public key algorithm to use such as RSA, DSA or DH. +public key algorithm to use such as RSA, DSA or DH. If used this option must +precede and B<-pkeyopt> options. The options B<-paramfile> and B<-algorithm> +are mutually exclusive. =item B<-pkeyopt opt:value> @@ -64,13 +67,21 @@ implementation. See B<KEY GENERATION OPTIONS> below for more details. =item B<-genparam> -generate a set of parameters instead of a private key. +generate a set of parameters instead of a private key. If used this option must +precede and B<-algorithm>, B<-paramfile> or B<-pkeyopt> options. =item B<-paramfile filename> Some public key algorithms generate a private key based on a set of parameters. -They can be supplied using this option. If this option is used the public -key algorithm used is determined by the parameters. +They can be supplied using this option. If this option is used the public key +algorithm used is determined by the parameters. If used this option must +precede and B<-pkeyopt> options. The options B<-paramfile> and B<-algorithm> +are mutually exclusive. + +=item B<-text> + +Print an (unencrypted) text representation of private and public keys and +parameters along with the PEM or DER structure. =back diff --git a/doc/apps/openssl.pod b/doc/apps/openssl.pod index 73723ebd95..7f2504bbbc 100644 --- a/doc/apps/openssl.pod +++ b/doc/apps/openssl.pod @@ -12,7 +12,7 @@ I<command> [ I<command_opts> ] [ I<command_args> ] -B<openssl> [ B<list-standard-commands> | B<list-message-digest-commands> | B<list-cipher-commands> | B<list-cipher-algorithms> | B<list-message-digest-algorithms> | B<list-public-key-algorithms] +B<openssl> [ B<list-standard-commands> | B<list-message-digest-commands> | B<list-cipher-commands> | B<list-cipher-algorithms> | B<list-message-digest-algorithms> | B<list-public-key-algorithms>] B<openssl> B<no->I<XXX> [ I<arbitrary options> ] @@ -26,7 +26,8 @@ The B<openssl> program is a command line tool for using the various cryptography functions of OpenSSL's B<crypto> library from the shell. It can be used for - o Creation of RSA, DH and DSA key parameters + o Creation and management of private keys, public keys and parameters + o Public key cryptographic operations o Creation of X.509 certificates, CSRs and CRLs o Calculation of Message Digests o Encryption and Decryption with Ciphers @@ -103,7 +104,8 @@ DSA Data Management. =item L<B<dsaparam>|dsaparam(1)> -DSA Parameter Generation. +DSA Parameter Generation and Management. Superseded by +L<B<genpkey>|genpkey(1)> and L<B<pkeyparam>|pkeyparam(1)> =item L<B<enc>|enc(1)> @@ -115,7 +117,8 @@ Error Number to Error String Conversion. =item L<B<dhparam>|dhparam(1)> -Generation and Management of Diffie-Hellman Parameters. +Generation and Management of Diffie-Hellman Parameters. Superseded by +L<B<genpkey>|genpkey(1)> and L<B<pkeyparam>|pkeyparam(1)> =item B<gendh> @@ -124,11 +127,16 @@ Obsoleted by L<B<dhparam>|dhparam(1)>. =item L<B<gendsa>|gendsa(1)> -Generation of DSA Parameters. +Generation of DSA Private Key from Parameters. Superseded by +L<B<genpkey>|genpkey(1)> and L<B<pkey>|pkey(1)> + +=item L<B<genpkey>|genpkey(1)> + +Generation of Private Key or Parameters. =item L<B<genrsa>|genrsa(1)> -Generation of RSA Parameters. +Generation of RSA Private Key. Superceded by L<B<genpkey>|genpkey(1)>. =item L<B<ocsp>|ocsp(1)> @@ -146,21 +154,34 @@ PKCS#12 Data Management. PKCS#7 Data Management. +=item L<B<pkey>|pkey(1)> + +Public and private key management. + +=item L<B<pkeyutl>|pkeyutl(1)> + +Public key algorithm cryptographic operation utility. + +=item L<B<pkeyparam>|pkeyparam(1)> + +Public key algorithm parameter management. + =item L<B<rand>|rand(1)> Generate pseudo-random bytes. =item L<B<req>|req(1)> -X.509 Certificate Signing Request (CSR) Management. +PKCS#10 X.509 Certificate Signing Request (CSR) Management. =item L<B<rsa>|rsa(1)> -RSA Data Management. +RSA key management. =item L<B<rsautl>|rsautl(1)> -RSA utility for signing, verification, encryption, and decryption. +RSA utility for signing, verification, encryption, and decryption. Superseded +by L<B<pkeyutl>|pkeyutl(1)> =item L<B<s_client>|s_client(1)> @@ -336,7 +357,7 @@ read the password from standard input. L<asn1parse(1)|asn1parse(1)>, L<ca(1)|ca(1)>, L<config(5)|config(5)>, L<crl(1)|crl(1)>, L<crl2pkcs7(1)|crl2pkcs7(1)>, L<dgst(1)|dgst(1)>, L<dhparam(1)|dhparam(1)>, L<dsa(1)|dsa(1)>, L<dsaparam(1)|dsaparam(1)>, -L<enc(1)|enc(1)>, L<gendsa(1)|gendsa(1)>, +L<enc(1)|enc(1)>, L<gendsa(1)|gendsa(1)>, L<genpkey(1)|genpkey(1)>, L<genrsa(1)|genrsa(1)>, L<nseq(1)|nseq(1)>, L<openssl(1)|openssl(1)>, L<passwd(1)|passwd(1)>, L<pkcs12(1)|pkcs12(1)>, L<pkcs7(1)|pkcs7(1)>, L<pkcs8(1)|pkcs8(1)>, @@ -351,6 +372,7 @@ L<crypto(3)|crypto(3)>, L<ssl(3)|ssl(3)> The openssl(1) document appeared in OpenSSL 0.9.2. The B<list->I<XXX>B<-commands> pseudo-commands were added in OpenSSL 0.9.3; +The B<list->I<XXX>B<-algorithms> pseudo-commands were added in OpenSSL 0.9.9; the B<no->I<XXX> pseudo-commands were added in OpenSSL 0.9.5a. For notes on the availability of other commands, see their individual manual pages. diff --git a/doc/apps/pkeyparam.pod b/doc/apps/pkeyparam.pod new file mode 100644 index 0000000000..453fd027f8 --- /dev/null +++ b/doc/apps/pkeyparam.pod @@ -0,0 +1,69 @@ + +=pod + +=head1 NAME + +pkeyparam - public key algorithm parameter processing tool + +=head1 SYNOPSIS + +B<openssl> B<pkeyparam> +[B<-in filename>] +[B<-out filename>] +[B<-text>] +[B<-noout>] +[B<-engine id>] + +=head1 DESCRIPTION + +The B<pkey> command processes public or private keys. They can be converted +between various forms and their components printed out. + +=head1 COMMAND OPTIONS + +=over 4 + +=item B<-in filename> + +This specifies the input filename to read parameters from or standard input if +this option is not specified. + +=item B<-out filename> + +This specifies the output filename to write parameters to or standard output if +this option is not specified. + +=item B<-text> + +prints out the parameters in plain text in addition to the encoded version. + +=item B<-noout> + +do not output the encoded version of the parameters. + +=item B<-engine id> + +specifying an engine (by it's unique B<id> string) will cause B<req> +to attempt to obtain a functional reference to the specified engine, +thus initialising it if needed. The engine will then be set as the default +for all available algorithms. + +=back + +=head1 EXAMPLE + +Print out text version of parameters: + + openssl pkeyparam -in param.pem -text + +=head1 NOTES + +There are no B<-inform> or B<-outform> options for this command because only +PEM format is supported because the key type is determined by the PEM headers. + +=head1 SEE ALSO + +L<genpkey(1)|genpkey(1)>, L<rsa(1)|rsa(1)>, L<pkcs8(1)|pkcs8(1)>, +L<dsa(1)|dsa(1)>, L<genrsa(1)|genrsa(1)>, L<gendsa(1)|gendsa(1)> + +=cut |