-.\" $OpenBSD: openssl.1,v 1.59 2016/08/23 18:54:04 jmc Exp $
+.\" $OpenBSD: openssl.1,v 1.60 2016/08/24 08:07:33 jmc Exp $
.\" ====================================================================
.\" Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
.\"
.\"
.\" OPENSSL
.\"
-.Dd $Mdocdate: August 23 2016 $
+.Dd $Mdocdate: August 24 2016 $
.Dt OPENSSL 1
.Os
.Sh NAME
.It Fl passout Ar arg
The output file password source.
.It Fl pubin
-By default, a private key is read from the input file.
-With this option a public key is read instead.
+Read in a public key, not a private key.
.It Fl pubout
-By default, a private key is output.
-With this option a public key will be output instead.
-This option is automatically set if the input is a public key.
+Output a public key, not a private key.
+Automatically set if the input is a public key.
.It Fl text
Print the public/private key components and parameters.
.El
.It Fl passout Ar arg
The output file password source.
.It Fl pubin
-By default a private key is read from the input file;
-with this option a public key is read instead.
+Read in a public key, not a private key.
.It Fl pubout
-By default a private key is output;
-with this option a public key is output instead.
-This option is automatically set if the input is a public key.
+Output a public key, not a private key.
+Automatically set if the input is a public key.
.It Fl text
Print the public/private key components and parameters.
.El
.It Fl passout Ar arg
The output file password source.
.El
-.\"
-.\" PKEY
-.\"
.Sh PKEY
.nr nS 1
.Nm "openssl pkey"
-.Bk -words
.Op Ar cipher
.Op Fl in Ar file
-.Op Fl inform Ar DER | PEM
+.Op Fl inform Cm der | pem
.Op Fl noout
.Op Fl out Ar file
-.Op Fl outform Ar DER | PEM
+.Op Fl outform Cm der | pem
.Op Fl passin Ar arg
.Op Fl passout Ar arg
.Op Fl pubin
.Op Fl pubout
.Op Fl text
.Op Fl text_pub
-.Ek
.nr nS 0
.Pp
The
The options are as follows:
.Bl -tag -width Ds
.It Ar cipher
-These options encrypt the private key with the supplied cipher.
+Encrypt the private key with the specified cipher.
Any algorithm name accepted by
-.Fn EVP_get_cipherbyname
+.Xr EVP_get_cipherbyname 3
is acceptable, such as
.Cm des3 .
.It Fl in Ar file
-This specifies the input filename to read a key from,
-or standard input if this option is not specified.
+The input file to read from,
+or standard input if not specified.
If the key is encrypted a pass phrase will be prompted for.
-.It Fl inform Ar DER | PEM
-This specifies the input format, DER or PEM.
+.It Fl inform Cm der | pem
+The input format.
.It Fl noout
Do not output the encoded version of the key.
.It Fl out Ar file
-This specifies the output filename to write a key to,
-or standard output if this option is not specified.
+The output file to write to,
+or standard output if not specified.
If any encryption options are set then a pass phrase
will be prompted for.
-The output filename should
-.Em not
-be the same as the input filename.
-.It Fl outform Ar DER | PEM
-This specifies the output format;
-the options have the same meaning as the
-.Fl inform
-option.
+.It Fl outform Cm der | pem
+The output format.
.It Fl passin Ar arg
The key password source.
.It Fl passout Ar arg
The output file password source.
.It Fl pubin
-By default a private key is read from the input file:
-with this option a public key is read instead.
+Read in a public key, not a private key.
.It Fl pubout
-By default a private key is output:
-with this option a public key will be output instead.
-This option is automatically set if
-the input is a public key.
+Output a public key, not a private key.
+Automatically set if the input is a public key.
.It Fl text
-Print out the various public or private key components in
-plain text in addition to the encoded version.
+Print out the various public or private key components in plain text
+in addition to the encoded version.
.It Fl text_pub
Print out only public key components
even if a private key is being processed.
.El
-.Sh PKEY EXAMPLES
-To remove the pass phrase on an RSA private key:
-.Bd -literal -offset indent
-$ openssl pkey -in key.pem -out keyout.pem
-.Ed
-.Pp
-To encrypt a private key using triple DES:
-.Bd -literal -offset indent
-$ openssl pkey -in key.pem -des3 -out keyout.pem
-.Ed
-.Pp
-To convert a private key from PEM to DER format:
-.Bd -literal -offset indent
-$ openssl pkey -in key.pem -outform DER -out keyout.der
-.Ed
-.Pp
-To print the components of a private key to standard output:
-.Bd -literal -offset indent
-$ openssl pkey -in key.pem -text -noout
-.Ed
-.Pp
-To print the public components of a private key to standard output:
-.Bd -literal -offset indent
-$ openssl pkey -in key.pem -text_pub -noout
-.Ed
-.Pp
-To just output the public part of a private key:
-.Bd -literal -offset indent
-$ openssl pkey -in key.pem -pubout -out pubkey.pem
-.Ed
.\"
.\" PKEYPARAM
.\"
projects / openbsd / commitdiff