1 files changed, 25 insertions, 73 deletions
diff --git a/src/usr.bin/openssl/openssl.1 b/src/usr.bin/openssl/openssl.1
index fa5d9d641b..24987ce535 100644
--- a/src/usr.bin/openssl/openssl.1
+++ b/src/usr.bin/openssl/openssl.1
@@ -1,4 +1,4 @@
-.\" $OpenBSD: openssl.1,v 1.59 2016/08/23 18:54:04 jmc Exp $
+.\" $OpenBSD: openssl.1,v 1.60 2016/08/24 08:07:33 jmc Exp $
 .\" ====================================================================
 .\" Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
 .\"
@@ -112,7 +112,7 @@
 .\"
 .\" OPENSSL
 .\"
-.Dd $Mdocdate: August 23 2016 $
+.Dd $Mdocdate: August 24 2016 $
 .Dt OPENSSL 1
 .Os
 .Sh NAME
@@ -1354,12 +1354,10 @@ The key password source.
 .It Fl passout Ar arg
 The output file password source.
 .It Fl pubin
-By default, a private key is read from the input file.
+Read in a public key, not a private key.
-With this option a public key is read instead.
 .It Fl pubout
-By default, a private key is output.
+Output a public key, not a private key.
-With this option a public key will be output instead.
+Automatically set if the input is a public key.
-This option is automatically set if the input is a public key.
 .It Fl text
 Print the public/private key components and parameters.
 .El
@@ -1551,12 +1549,10 @@ The key password source.
 .It Fl passout Ar arg
 The output file password source.
 .It Fl pubin
-By default a private key is read from the input file;
+Read in a public key, not a private key.
-with this option a public key is read instead.
 .It Fl pubout
-By default a private key is output;
+Output a public key, not a private key.
-with this option a public key is output instead.
+Automatically set if the input is a public key.
-This option is automatically set if the input is a public key.
 .It Fl text
 Print the public/private key components and parameters.
 .El
@@ -2856,26 +2852,21 @@ The key password source.
 .It Fl passout Ar arg
 The output file password source.
 .El
-.\"
-.\" PKEY
-.\"
 .Sh PKEY
 .nr nS 1
 .Nm "openssl pkey"
-.Bk -words
 .Op Ar cipher
 .Op Fl in Ar file
-.Op Fl inform Ar DER | PEM
+.Op Fl inform Cm der | pem
 .Op Fl noout
 .Op Fl out Ar file
-.Op Fl outform Ar DER | PEM
+.Op Fl outform Cm der | pem
 .Op Fl passin Ar arg
 .Op Fl passout Ar arg
 .Op Fl pubin
 .Op Fl pubout
 .Op Fl text
 .Op Fl text_pub
-.Ek
 .nr nS 0
 .Pp
 The
@@ -2887,81 +2878,42 @@ and their components printed out.
 The options are as follows:
 .Bl -tag -width Ds
 .It Ar cipher
-These options encrypt the private key with the supplied cipher.
+Encrypt the private key with the specified cipher.
 Any algorithm name accepted by
-.Fn EVP_get_cipherbyname
+.Xr EVP_get_cipherbyname 3
 is acceptable, such as
 .Cm des3 .
 .It Fl in Ar file
-This specifies the input filename to read a key from,
+The input file to read from,
-or standard input if this option is not specified.
+or standard input if not specified.
 If the key is encrypted a pass phrase will be prompted for.
-.It Fl inform Ar DER | PEM
+.It Fl inform Cm der | pem
-This specifies the input format, DER or PEM.
+The input format.
 .It Fl noout
 Do not output the encoded version of the key.
 .It Fl out Ar file
-This specifies the output filename to write a key to,
+The output file to write to,
-or standard output if this option is not specified.
+or standard output if not specified.
 If any encryption options are set then a pass phrase
 will be prompted for.
-The output filename should
+.It Fl outform Cm der | pem
-.Em not
+The output format.
-be the same as the input filename.
-.It Fl outform Ar DER | PEM
-This specifies the output format;
-the options have the same meaning as the
-.Fl inform
-option.
 .It Fl passin Ar arg
 The key password source.
 .It Fl passout Ar arg
 The output file password source.
 .It Fl pubin
-By default a private key is read from the input file:
+Read in a public key, not a private key.
-with this option a public key is read instead.
 .It Fl pubout
-By default a private key is output:
+Output a public key, not a private key.
-with this option a public key will be output instead.
+Automatically set if the input is a public key.
-This option is automatically set if
-the input is a public key.
 .It Fl text
-Print out the various public or private key components in
+Print out the various public or private key components in plain text
-plain text in addition to the encoded version.
+in addition to the encoded version.
 .It Fl text_pub
 Print out only public key components
 even if a private key is being processed.
 .El
-.Sh PKEY EXAMPLES
-To remove the pass phrase on an RSA private key:
-.Bd -literal -offset indent
-$ openssl pkey -in key.pem -out keyout.pem
-.Ed
-.Pp
-To encrypt a private key using triple DES:
-.Bd -literal -offset indent
-$ openssl pkey -in key.pem -des3 -out keyout.pem
-.Ed
-.Pp
-To convert a private key from PEM to DER format:
-.Bd -literal -offset indent
-$ openssl pkey -in key.pem -outform DER -out keyout.der
-.Ed
-.Pp
-To print the components of a private key to standard output:
-.Bd -literal -offset indent
-$ openssl pkey -in key.pem -text -noout
-.Ed
-.Pp
-To print the public components of a private key to standard output:
-.Bd -literal -offset indent
-$ openssl pkey -in key.pem -text_pub -noout
-.Ed
-.Pp
-To just output the public part of a private key:
-.Bd -literal -offset indent
-$ openssl pkey -in key.pem -pubout -out pubkey.pem
-.Ed
 .\"
 .\" PKEYPARAM
 .\"

diff --git a/src/usr.bin/openssl/openssl.1 b/src/usr.bin/openssl/openssl.1 index fa5d9d641b..24987ce535 100644 --- a/src/usr.bin/openssl/openssl.1 +++ b/src/usr.bin/openssl/openssl.1
@@ -1,4 +1,4 @@
1	.\" $OpenBSD: openssl.1,v 1.59 2016/08/23 18:54:04 jmc Exp $	1	.\" $OpenBSD: openssl.1,v 1.60 2016/08/24 08:07:33 jmc Exp $
2	.\" ====================================================================	2	.\" ====================================================================
3	.\" Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.	3	.\" Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
4	.\"	4	.\"
@@ -112,7 +112,7 @@
112	.\"	112	.\"
113	.\" OPENSSL	113	.\" OPENSSL
114	.\"	114	.\"
115	.Dd $Mdocdate: August 23 2016 $	115	.Dd $Mdocdate: August 24 2016 $
116	.Dt OPENSSL 1	116	.Dt OPENSSL 1
117	.Os	117	.Os
118	.Sh NAME	118	.Sh NAME
@@ -1354,12 +1354,10 @@ The key password source.
1354	.It Fl passout Ar arg	1354	.It Fl passout Ar arg
1355	The output file password source.	1355	The output file password source.
1356	.It Fl pubin	1356	.It Fl pubin
1357	By default, a private key is read from the input file.	1357	Read in a public key, not a private key.
1358	With this option a public key is read instead.
1359	.It Fl pubout	1358	.It Fl pubout
1360	By default, a private key is output.	1359	Output a public key, not a private key.
1361	With this option a public key will be output instead.	1360	Automatically set if the input is a public key.
1362	This option is automatically set if the input is a public key.
1363	.It Fl text	1361	.It Fl text
1364	Print the public/private key components and parameters.	1362	Print the public/private key components and parameters.
1365	.El	1363	.El
@@ -1551,12 +1549,10 @@ The key password source.
1551	.It Fl passout Ar arg	1549	.It Fl passout Ar arg
1552	The output file password source.	1550	The output file password source.
1553	.It Fl pubin	1551	.It Fl pubin
1554	By default a private key is read from the input file;	1552	Read in a public key, not a private key.
1555	with this option a public key is read instead.
1556	.It Fl pubout	1553	.It Fl pubout
1557	By default a private key is output;	1554	Output a public key, not a private key.
1558	with this option a public key is output instead.	1555	Automatically set if the input is a public key.
1559	This option is automatically set if the input is a public key.
1560	.It Fl text	1556	.It Fl text
1561	Print the public/private key components and parameters.	1557	Print the public/private key components and parameters.
1562	.El	1558	.El
@@ -2856,26 +2852,21 @@ The key password source.
2856	.It Fl passout Ar arg	2852	.It Fl passout Ar arg
2857	The output file password source.	2853	The output file password source.
2858	.El	2854	.El
2859	.\"
2860	.\" PKEY
2861	.\"
2862	.Sh PKEY	2855	.Sh PKEY
2863	.nr nS 1	2856	.nr nS 1
2864	.Nm "openssl pkey"	2857	.Nm "openssl pkey"
2865	.Bk -words
2866	.Op Ar cipher	2858	.Op Ar cipher
2867	.Op Fl in Ar file	2859	.Op Fl in Ar file
2868	.Op Fl inform Ar DER \| PEM	2860	.Op Fl inform Cm der \| pem
2869	.Op Fl noout	2861	.Op Fl noout
2870	.Op Fl out Ar file	2862	.Op Fl out Ar file
2871	.Op Fl outform Ar DER \| PEM	2863	.Op Fl outform Cm der \| pem
2872	.Op Fl passin Ar arg	2864	.Op Fl passin Ar arg
2873	.Op Fl passout Ar arg	2865	.Op Fl passout Ar arg
2874	.Op Fl pubin	2866	.Op Fl pubin
2875	.Op Fl pubout	2867	.Op Fl pubout
2876	.Op Fl text	2868	.Op Fl text
2877	.Op Fl text_pub	2869	.Op Fl text_pub
2878	.Ek
2879	.nr nS 0	2870	.nr nS 0
2880	.Pp	2871	.Pp
2881	The	2872	The
@@ -2887,81 +2878,42 @@ and their components printed out.
2887	The options are as follows:	2878	The options are as follows:
2888	.Bl -tag -width Ds	2879	.Bl -tag -width Ds
2889	.It Ar cipher	2880	.It Ar cipher
2890	These options encrypt the private key with the supplied cipher.	2881	Encrypt the private key with the specified cipher.
2891	Any algorithm name accepted by	2882	Any algorithm name accepted by
2892	.Fn EVP_get_cipherbyname	2883	.Xr EVP_get_cipherbyname 3
2893	is acceptable, such as	2884	is acceptable, such as
2894	.Cm des3 .	2885	.Cm des3 .
2895	.It Fl in Ar file	2886	.It Fl in Ar file
2896	This specifies the input filename to read a key from,	2887	The input file to read from,
2897	or standard input if this option is not specified.	2888	or standard input if not specified.
2898	If the key is encrypted a pass phrase will be prompted for.	2889	If the key is encrypted a pass phrase will be prompted for.
2899	.It Fl inform Ar DER \| PEM	2890	.It Fl inform Cm der \| pem
2900	This specifies the input format, DER or PEM.	2891	The input format.
2901	.It Fl noout	2892	.It Fl noout
2902	Do not output the encoded version of the key.	2893	Do not output the encoded version of the key.
2903	.It Fl out Ar file	2894	.It Fl out Ar file
2904	This specifies the output filename to write a key to,	2895	The output file to write to,
2905	or standard output if this option is not specified.	2896	or standard output if not specified.
2906	If any encryption options are set then a pass phrase	2897	If any encryption options are set then a pass phrase
2907	will be prompted for.	2898	will be prompted for.
2908	The output filename should	2899	.It Fl outform Cm der \| pem
2909	.Em not	2900	The output format.
2910	be the same as the input filename.
2911	.It Fl outform Ar DER \| PEM
2912	This specifies the output format;
2913	the options have the same meaning as the
2914	.Fl inform
2915	option.
2916	.It Fl passin Ar arg	2901	.It Fl passin Ar arg
2917	The key password source.	2902	The key password source.
2918	.It Fl passout Ar arg	2903	.It Fl passout Ar arg
2919	The output file password source.	2904	The output file password source.
2920	.It Fl pubin	2905	.It Fl pubin
2921	By default a private key is read from the input file:	2906	Read in a public key, not a private key.
2922	with this option a public key is read instead.
2923	.It Fl pubout	2907	.It Fl pubout
2924	By default a private key is output:	2908	Output a public key, not a private key.
2925	with this option a public key will be output instead.	2909	Automatically set if the input is a public key.
2926	This option is automatically set if
2927	the input is a public key.
2928	.It Fl text	2910	.It Fl text
2929	Print out the various public or private key components in	2911	Print out the various public or private key components in plain text
2930	plain text in addition to the encoded version.	2912	in addition to the encoded version.
2931	.It Fl text_pub	2913	.It Fl text_pub
2932	Print out only public key components	2914	Print out only public key components
2933	even if a private key is being processed.	2915	even if a private key is being processed.
2934	.El	2916	.El
2935	.Sh PKEY EXAMPLES
2936	To remove the pass phrase on an RSA private key:
2937	.Bd -literal -offset indent
2938	$ openssl pkey -in key.pem -out keyout.pem
2939	.Ed
2940	.Pp
2941	To encrypt a private key using triple DES:
2942	.Bd -literal -offset indent
2943	$ openssl pkey -in key.pem -des3 -out keyout.pem
2944	.Ed
2945	.Pp
2946	To convert a private key from PEM to DER format:
2947	.Bd -literal -offset indent
2948	$ openssl pkey -in key.pem -outform DER -out keyout.der
2949	.Ed
2950	.Pp
2951	To print the components of a private key to standard output:
2952	.Bd -literal -offset indent
2953	$ openssl pkey -in key.pem -text -noout
2954	.Ed
2955	.Pp
2956	To print the public components of a private key to standard output:
2957	.Bd -literal -offset indent
2958	$ openssl pkey -in key.pem -text_pub -noout
2959	.Ed
2960	.Pp
2961	To just output the public part of a private key:
2962	.Bd -literal -offset indent
2963	$ openssl pkey -in key.pem -pubout -out pubkey.pem
2964	.Ed
2965	.\"	2917	.\"
2966	.\" PKEYPARAM	2918	.\" PKEYPARAM
2967	.\"	2919	.\"