shorten genpkey; ok guenther

author: jmc <> 2016-08-14 09:02:52 +0000
committer: jmc <> 2016-08-14 09:02:52 +0000
commit: d375178b9a24f400dad1da5f563fce93ee621827 (patch)
tree: ac49f7f90a31a2b2fa5a4b24e9549bd92906ec09 /src
parent: 999522bb6f15dae8a918ebe151758360da6965fe (diff)
download: openbsd-d375178b9a24f400dad1da5f563fce93ee621827.tar.gz
openbsd-d375178b9a24f400dad1da5f563fce93ee621827.tar.bz2
openbsd-d375178b9a24f400dad1da5f563fce93ee621827.zip
1 files changed, 23 insertions, 78 deletions
diff --git a/src/usr.bin/openssl/openssl.1 b/src/usr.bin/openssl/openssl.1
index ec9d47d6e4..48ec408ac5 100644
--- a/src/usr.bin/openssl/openssl.1
+++ b/src/usr.bin/openssl/openssl.1
@@ -1,4 +1,4 @@
-.\" $OpenBSD: openssl.1,v 1.51 2016/08/13 18:23:39 jmc Exp $
+.\" $OpenBSD: openssl.1,v 1.52 2016/08/14 09:02:52 jmc Exp $
 .\" ====================================================================
 .\" Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
 .\"
@@ -112,7 +112,7 @@
 .\"
 .\" OPENSSL
 .\"
-.Dd $Mdocdate: August 13 2016 $
+.Dd $Mdocdate: August 14 2016 $
 .Dt OPENSSL 1
 .Os
 .Sh NAME
@@ -1890,23 +1890,18 @@ or standard output if none is specified.
 Specify the DSA parameter file to use.
 The parameters in this file determine the size of the private key.
 .El
-.\"
-.\" GENPKEY
-.\"
 .Sh GENPKEY
 .nr nS 1
 .Nm "openssl genpkey"
-.Bk -words
 .Op Fl algorithm Ar alg
 .Op Ar cipher
 .Op Fl genparam
 .Op Fl out Ar file
-.Op Fl outform Ar DER | PEM
+.Op Fl outform Cm der | pem
 .Op Fl paramfile Ar file
 .Op Fl pass Ar arg
 .Op Fl pkeyopt Ar opt : Ns Ar value
 .Op Fl text
-.Ek
 .nr nS 0
 .Pp
 The
@@ -1921,7 +1916,7 @@ The options are as follows:
 .It Fl algorithm Ar alg
 The public key algorithm to use,
 such as RSA, DSA, or DH.
-If used this option must precede any
+This option must precede any
 .Fl pkeyopt
 options.
 The options
@@ -1932,28 +1927,27 @@ are mutually exclusive.
 .It Ar cipher
 Encrypt the private key with the supplied cipher.
 Any algorithm name accepted by
-.Fn EVP_get_cipherbyname
+.Xr EVP_get_cipherbyname 3
-is acceptable, such as
+is acceptable.
-.Cm des3 .
 .It Fl genparam
 Generate a set of parameters instead of a private key.
-If used this option must precede any
+This option must precede any
 .Fl algorithm ,
 .Fl paramfile ,
 or
 .Fl pkeyopt
 options.
 .It Fl out Ar file
-The output filename.
+The output file to write to,
-If this argument is not specified then standard output is used.
+or standard output if none is specified.
-.It Fl outform Ar DER | PEM
+.It Fl outform Cm der | pem
-This specifies the output format, DER or PEM.
+The output format.
 .It Fl paramfile Ar file
-Some public key algorithms generate a private key based on a set of parameters.
+Some public key algorithms generate a private key based on a set of parameters,
-They can be supplied using this option.
+which can be supplied using this option.
 If this option is used the public key
 algorithm used is determined by the parameters.
-If used this option must precede any
+This option must precede any
 .Fl pkeyopt
 options.
 The options
@@ -1967,36 +1961,22 @@ The output file password source.
 Set the public key algorithm option
 .Ar opt
 to
-.Ar value .
+.Ar value ,
-The precise set of options supported
+as follows:
-depends on the public key algorithm used and its implementation.
-See
-.Sx GENPKEY KEY GENERATION OPTIONS
-below for more details.
-.It Fl text
-Print an (unencrypted) text representation of private and public keys and
-parameters along with the DER or PEM structure.
-.El
-.Sh GENPKEY KEY GENERATION OPTIONS
-The options supported by each algorithm
-and indeed each implementation of an algorithm can vary.
-The options for the
-.Nm OpenSSL
-implementations are detailed below.
 .Bl -tag -width Ds -offset indent
 .It rsa_keygen_bits : Ns Ar numbits
 (RSA)
 The number of bits in the generated key.
-If not specified 2048 is used.
+The default is 2048.
 .It rsa_keygen_pubexp : Ns Ar value
 (RSA)
 The RSA public exponent value.
 This can be a large decimal or hexadecimal value if preceded by 0x.
-The default value is 65537.
+The default is 65537.
 .It dsa_paramgen_bits : Ns Ar numbits
 (DSA)
 The number of bits in the generated parameters.
-If not specified 1024 is used.
+The default is 1024.
 .It dh_paramgen_prime_len : Ns Ar numbits
 (DH)
 The number of bits in the prime parameter
@@ -2009,45 +1989,10 @@ The value to use for the generator
 (EC)
 The EC curve to use.
 .El
-.Sh GENPKEY EXAMPLES
+.It Fl text
-Generate an RSA private key using default parameters:
+Print an unencrypted text representation of private and public keys and
-.Bd -literal -offset indent
+parameters along with the DER or PEM structure.
-$ openssl genpkey -algorithm RSA -out key.pem
+.El
-.Ed
-.Pp
-Encrypt and output a private key using 128-bit AES and the passphrase "hello":
-.Bd -literal -offset indent
-$ openssl genpkey -algorithm RSA -out key.pem \e
-        -aes-128-cbc -pass pass:hello
-.Ed
-.Pp
-Generate a 2048-bit RSA key using 3 as the public exponent:
-.Bd -literal -offset indent
-$ openssl genpkey -algorithm RSA -out key.pem \e
-        -pkeyopt rsa_keygen_bits:2048 -pkeyopt rsa_keygen_pubexp:3
-.Ed
-.Pp
-Generate 1024-bit DSA parameters:
-.Bd -literal -offset indent
-$ openssl genpkey -genparam -algorithm DSA \e
-        -out dsap.pem -pkeyopt dsa_paramgen_bits:1024
-.Ed
-.Pp
-Generate a DSA key from parameters:
-.Bd -literal -offset indent
-$ openssl genpkey -paramfile dsap.pem -out dsakey.pem
-.Ed
-.Pp
-Generate 1024-bit DH parameters:
-.Bd -literal -offset indent
-$ openssl genpkey -genparam -algorithm DH \e
-        -out dhp.pem -pkeyopt dh_paramgen_prime_len:1024
-.Ed
-.Pp
-Generate a DH key from parameters:
-.Bd -literal -offset indent
-$ openssl genpkey -paramfile dhp.pem -out dhkey.pem
-.Ed
 .\"
 .\" GENRSA
 .\"
author	jmc <>	2016-08-14 09:02:52 +0000
committer	jmc <>	2016-08-14 09:02:52 +0000
commit	d375178b9a24f400dad1da5f563fce93ee621827 (patch)
tree	ac49f7f90a31a2b2fa5a4b24e9549bd92906ec09 /src
parent	999522bb6f15dae8a918ebe151758360da6965fe (diff)
download	openbsd-d375178b9a24f400dad1da5f563fce93ee621827.tar.gz openbsd-d375178b9a24f400dad1da5f563fce93ee621827.tar.bz2 openbsd-d375178b9a24f400dad1da5f563fce93ee621827.zip

diff --git a/src/usr.bin/openssl/openssl.1 b/src/usr.bin/openssl/openssl.1 index ec9d47d6e4..48ec408ac5 100644 --- a/src/usr.bin/openssl/openssl.1 +++ b/src/usr.bin/openssl/openssl.1
@@ -1,4 +1,4 @@
1	.\" $OpenBSD: openssl.1,v 1.51 2016/08/13 18:23:39 jmc Exp $	1	.\" $OpenBSD: openssl.1,v 1.52 2016/08/14 09:02:52 jmc Exp $
2	.\" ====================================================================	2	.\" ====================================================================
3	.\" Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.	3	.\" Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
4	.\"	4	.\"
@@ -112,7 +112,7 @@
112	.\"	112	.\"
113	.\" OPENSSL	113	.\" OPENSSL
114	.\"	114	.\"
115	.Dd $Mdocdate: August 13 2016 $	115	.Dd $Mdocdate: August 14 2016 $
116	.Dt OPENSSL 1	116	.Dt OPENSSL 1
117	.Os	117	.Os
118	.Sh NAME	118	.Sh NAME
@@ -1890,23 +1890,18 @@ or standard output if none is specified.
1890	Specify the DSA parameter file to use.	1890	Specify the DSA parameter file to use.
1891	The parameters in this file determine the size of the private key.	1891	The parameters in this file determine the size of the private key.
1892	.El	1892	.El
1893	.\"
1894	.\" GENPKEY
1895	.\"
1896	.Sh GENPKEY	1893	.Sh GENPKEY
1897	.nr nS 1	1894	.nr nS 1
1898	.Nm "openssl genpkey"	1895	.Nm "openssl genpkey"
1899	.Bk -words
1900	.Op Fl algorithm Ar alg	1896	.Op Fl algorithm Ar alg
1901	.Op Ar cipher	1897	.Op Ar cipher
1902	.Op Fl genparam	1898	.Op Fl genparam
1903	.Op Fl out Ar file	1899	.Op Fl out Ar file
1904	.Op Fl outform Ar DER \| PEM	1900	.Op Fl outform Cm der \| pem
1905	.Op Fl paramfile Ar file	1901	.Op Fl paramfile Ar file
1906	.Op Fl pass Ar arg	1902	.Op Fl pass Ar arg
1907	.Op Fl pkeyopt Ar opt : Ns Ar value	1903	.Op Fl pkeyopt Ar opt : Ns Ar value
1908	.Op Fl text	1904	.Op Fl text
1909	.Ek
1910	.nr nS 0	1905	.nr nS 0
1911	.Pp	1906	.Pp
1912	The	1907	The
@@ -1921,7 +1916,7 @@ The options are as follows:
1921	.It Fl algorithm Ar alg	1916	.It Fl algorithm Ar alg
1922	The public key algorithm to use,	1917	The public key algorithm to use,
1923	such as RSA, DSA, or DH.	1918	such as RSA, DSA, or DH.
1924	If used this option must precede any	1919	This option must precede any
1925	.Fl pkeyopt	1920	.Fl pkeyopt
1926	options.	1921	options.
1927	The options	1922	The options
@@ -1932,28 +1927,27 @@ are mutually exclusive.
1932	.It Ar cipher	1927	.It Ar cipher
1933	Encrypt the private key with the supplied cipher.	1928	Encrypt the private key with the supplied cipher.
1934	Any algorithm name accepted by	1929	Any algorithm name accepted by
1935	.Fn EVP_get_cipherbyname	1930	.Xr EVP_get_cipherbyname 3
1936	is acceptable, such as	1931	is acceptable.
1937	.Cm des3 .
1938	.It Fl genparam	1932	.It Fl genparam
1939	Generate a set of parameters instead of a private key.	1933	Generate a set of parameters instead of a private key.
1940	If used this option must precede any	1934	This option must precede any
1941	.Fl algorithm ,	1935	.Fl algorithm ,
1942	.Fl paramfile ,	1936	.Fl paramfile ,
1943	or	1937	or
1944	.Fl pkeyopt	1938	.Fl pkeyopt
1945	options.	1939	options.
1946	.It Fl out Ar file	1940	.It Fl out Ar file
1947	The output filename.	1941	The output file to write to,
1948	If this argument is not specified then standard output is used.	1942	or standard output if none is specified.
1949	.It Fl outform Ar DER \| PEM	1943	.It Fl outform Cm der \| pem
1950	This specifies the output format, DER or PEM.	1944	The output format.
1951	.It Fl paramfile Ar file	1945	.It Fl paramfile Ar file
1952	Some public key algorithms generate a private key based on a set of parameters.	1946	Some public key algorithms generate a private key based on a set of parameters,
1953	They can be supplied using this option.	1947	which can be supplied using this option.
1954	If this option is used the public key	1948	If this option is used the public key
1955	algorithm used is determined by the parameters.	1949	algorithm used is determined by the parameters.
1956	If used this option must precede any	1950	This option must precede any
1957	.Fl pkeyopt	1951	.Fl pkeyopt
1958	options.	1952	options.
1959	The options	1953	The options
@@ -1967,36 +1961,22 @@ The output file password source.
1967	Set the public key algorithm option	1961	Set the public key algorithm option
1968	.Ar opt	1962	.Ar opt
1969	to	1963	to
1970	.Ar value .	1964	.Ar value ,
1971	The precise set of options supported	1965	as follows:
1972	depends on the public key algorithm used and its implementation.
1973	See
1974	.Sx GENPKEY KEY GENERATION OPTIONS
1975	below for more details.
1976	.It Fl text
1977	Print an (unencrypted) text representation of private and public keys and
1978	parameters along with the DER or PEM structure.
1979	.El
1980	.Sh GENPKEY KEY GENERATION OPTIONS
1981	The options supported by each algorithm
1982	and indeed each implementation of an algorithm can vary.
1983	The options for the
1984	.Nm OpenSSL
1985	implementations are detailed below.
1986	.Bl -tag -width Ds -offset indent	1966	.Bl -tag -width Ds -offset indent
1987	.It rsa_keygen_bits : Ns Ar numbits	1967	.It rsa_keygen_bits : Ns Ar numbits
1988	(RSA)	1968	(RSA)
1989	The number of bits in the generated key.	1969	The number of bits in the generated key.
1990	If not specified 2048 is used.	1970	The default is 2048.
1991	.It rsa_keygen_pubexp : Ns Ar value	1971	.It rsa_keygen_pubexp : Ns Ar value
1992	(RSA)	1972	(RSA)
1993	The RSA public exponent value.	1973	The RSA public exponent value.
1994	This can be a large decimal or hexadecimal value if preceded by 0x.	1974	This can be a large decimal or hexadecimal value if preceded by 0x.
1995	The default value is 65537.	1975	The default is 65537.
1996	.It dsa_paramgen_bits : Ns Ar numbits	1976	.It dsa_paramgen_bits : Ns Ar numbits
1997	(DSA)	1977	(DSA)
1998	The number of bits in the generated parameters.	1978	The number of bits in the generated parameters.
1999	If not specified 1024 is used.	1979	The default is 1024.
2000	.It dh_paramgen_prime_len : Ns Ar numbits	1980	.It dh_paramgen_prime_len : Ns Ar numbits
2001	(DH)	1981	(DH)
2002	The number of bits in the prime parameter	1982	The number of bits in the prime parameter
@@ -2009,45 +1989,10 @@ The value to use for the generator
2009	(EC)	1989	(EC)
2010	The EC curve to use.	1990	The EC curve to use.
2011	.El	1991	.El
2012	.Sh GENPKEY EXAMPLES	1992	.It Fl text
2013	Generate an RSA private key using default parameters:	1993	Print an unencrypted text representation of private and public keys and
2014	.Bd -literal -offset indent	1994	parameters along with the DER or PEM structure.
2015	$ openssl genpkey -algorithm RSA -out key.pem	1995	.El
2016	.Ed
2017	.Pp
2018	Encrypt and output a private key using 128-bit AES and the passphrase "hello":
2019	.Bd -literal -offset indent
2020	$ openssl genpkey -algorithm RSA -out key.pem \e
2021	-aes-128-cbc -pass pass:hello
2022	.Ed
2023	.Pp
2024	Generate a 2048-bit RSA key using 3 as the public exponent:
2025	.Bd -literal -offset indent
2026	$ openssl genpkey -algorithm RSA -out key.pem \e
2027	-pkeyopt rsa_keygen_bits:2048 -pkeyopt rsa_keygen_pubexp:3
2028	.Ed
2029	.Pp
2030	Generate 1024-bit DSA parameters:
2031	.Bd -literal -offset indent
2032	$ openssl genpkey -genparam -algorithm DSA \e
2033	-out dsap.pem -pkeyopt dsa_paramgen_bits:1024
2034	.Ed
2035	.Pp
2036	Generate a DSA key from parameters:
2037	.Bd -literal -offset indent
2038	$ openssl genpkey -paramfile dsap.pem -out dsakey.pem
2039	.Ed
2040	.Pp
2041	Generate 1024-bit DH parameters:
2042	.Bd -literal -offset indent
2043	$ openssl genpkey -genparam -algorithm DH \e
2044	-out dhp.pem -pkeyopt dh_paramgen_prime_len:1024
2045	.Ed
2046	.Pp
2047	Generate a DH key from parameters:
2048	.Bd -literal -offset indent
2049	$ openssl genpkey -paramfile dhp.pem -out dhkey.pem
2050	.Ed
2051	.\"	1996	.\"
2052	.\" GENRSA	1997	.\" GENRSA
2053	.\"	1998	.\"