1 files changed, 39 insertions, 92 deletions
diff --git a/src/usr.bin/openssl/openssl.1 b/src/usr.bin/openssl/openssl.1
index e30510ef7d..6e4c6ae951 100644
--- a/src/usr.bin/openssl/openssl.1
+++ b/src/usr.bin/openssl/openssl.1
@@ -1,4 +1,4 @@
-.\" $OpenBSD: openssl.1,v 1.46 2016/08/08 18:13:51 jmc Exp $
+.\" $OpenBSD: openssl.1,v 1.47 2016/08/09 17:07:33 jmc Exp $
 .\" ====================================================================
 .\" Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
 .\"
@@ -112,7 +112,7 @@
 .\"
 .\" OPENSSL
 .\"
-.Dd $Mdocdate: August 8 2016 $
+.Dd $Mdocdate: August 9 2016 $
 .Dt OPENSSL 1
 .Os
 .Sh NAME
@@ -1427,21 +1427,17 @@ Generate a parameter set of size
 .Ar numbits .
 If this option is included, the input file is ignored.
 .El
-.\"
-.\" EC
-.\"
 .Sh EC
 .nr nS 1
 .Nm "openssl ec"
-.Bk -words
 .Op Fl conv_form Ar arg
 .Op Fl des
 .Op Fl des3
 .Op Fl in Ar file
-.Op Fl inform Ar DER | PEM
+.Op Fl inform Cm der | pem
 .Op Fl noout
 .Op Fl out Ar file
-.Op Fl outform Ar DER | PEM
+.Op Fl outform Cm der | pem
 .Op Fl param_enc Ar arg
 .Op Fl param_out
 .Op Fl passin Ar arg
@@ -1449,7 +1445,6 @@ If this option is included, the input file is ignored.
 .Op Fl pubin
 .Op Fl pubout
 .Op Fl text
-.Ek
 .nr nS 0
 .Pp
 The
@@ -1457,42 +1452,51 @@ The
 command processes EC keys.
 They can be converted between various
 forms and their components printed out.
-Note:
+.Nm openssl
-.Nm OpenSSL
 uses the private key format specified in
 .Dq SEC 1: Elliptic Curve Cryptography
 .Pq Lk http://www.secg.org/ .
 To convert an
-.Nm OpenSSL
 EC private key into the PKCS#8 private key format use the
 .Nm pkcs8
 command.
 .Pp
+The PEM private key format uses the header and footer lines:
+.Bd -literal -offset indent
+-----BEGIN EC PRIVATE KEY-----
+-----END EC PRIVATE KEY-----
+.Ed
+.Pp
+The PEM public key format uses the header and footer lines:
+.Bd -literal -offset indent
+-----BEGIN PUBLIC KEY-----
+-----END PUBLIC KEY-----
+.Ed
+.Pp
 The options are as follows:
 .Bl -tag -width Ds
 .It Fl conv_form Ar arg
-This specifies how the points on the elliptic curve are converted
+Specify how the points on the elliptic curve are converted
 into octet strings.
 Possible values are:
 .Cm compressed
-(the default value),
+(the default),
 .Cm uncompressed ,
 and
 .Cm hybrid .
 For more information regarding
-the point conversion forms please read the X9.62 standard.
+the point conversion forms see the X9.62 standard.
 Note:
 Due to patent issues the
 .Cm compressed
 option is disabled by default for binary curves
 and can be enabled by defining the preprocessor macro
-.Ar OPENSSL_EC_BIN_PT_COMP
+.Dv OPENSSL_EC_BIN_PT_COMP
 at compile time.
 .It Fl des | des3
-These options encrypt the private key with the DES, triple DES, or
+Encrypt the private key with DES, triple DES, or
 any other cipher supported by
-.Nm OpenSSL
+.Nm openssl .
-before outputting it.
 A pass phrase is prompted for.
 If none of these options is specified the key is written in plain text.
 This means that using the
@@ -1503,36 +1507,32 @@ or by setting the encryption options
 it can be use to add or change the pass phrase.
 These options can only be used with PEM format output files.
 .It Fl in Ar file
-This specifies the input filename to read a key from,
+The input file to read a key from,
-or standard input if this option is not specified.
+or standard input if not specified.
 If the key is encrypted a pass phrase will be prompted for.
-.It Fl inform Ar DER | PEM
+.It Fl inform Cm der | pem
-This specifies the input format.
+The input format.
-DER with a private key uses
+.Cm der
+with a private key uses
 an ASN.1 DER-encoded SEC1 private key.
 When used with a public key it
 uses the SubjectPublicKeyInfo structure as specified in RFC 3280.
-PEM is the default format:
+.Cm pem
+is the default format:
 it consists of the DER format base64
 encoded with additional header and footer lines.
 In the case of a private key
 PKCS#8 format is also accepted.
 .It Fl noout
-Prevents output of the encoded version of the key.
+Do not output the encoded version of the key.
 .It Fl out Ar file
-Specifies the output filename to write a key to,
+The output filename to write to,
-or standard output if none is specified.
+or standard output if not specified.
 If any encryption options are set then a pass phrase will be prompted for.
-The output filename should
+.It Fl outform Cm der | pem
-.Em not
+The output format.
-be the same as the input filename.
-.It Fl outform Ar DER | PEM
-This specifies the output format.
-The options have the same meaning as the
-.Fl inform
-option.
 .It Fl param_enc Ar arg
-This specifies how the elliptic curve parameters are encoded.
+Specify how the elliptic curve parameters are encoded.
 Possible value are:
 .Cm named_curve ,
 i.e. the EC parameters are specified by an OID; or
@@ -1545,8 +1545,7 @@ Note: the
 .Cm implicitlyCA
 alternative,
 as specified in RFC 3279,
-is currently not implemented in
+is currently not implemented.
-.Nm OpenSSL .
 .It Fl passin Ar arg
 The key password source.
 .It Fl passout Ar arg
@@ -1559,60 +1558,8 @@ By default a private key is output;
 with this option a public key is output instead.
 This option is automatically set if the input is a public key.
 .It Fl text
-Prints out the public/private key components and parameters.
+Print out the public/private key components and parameters.
 .El
-.Sh EC NOTES
-The PEM private key format uses the header and footer lines:
-.Bd -literal -offset indent
-----BEGIN EC PRIVATE KEY-----
-----END EC PRIVATE KEY-----
-.Ed
-.Pp
-The PEM public key format uses the header and footer lines:
-.Bd -literal -offset indent
-----BEGIN PUBLIC KEY-----
-----END PUBLIC KEY-----
-.Ed
-.Sh EC EXAMPLES
-To encrypt a private key using triple DES:
-.Bd -literal -offset indent
-$ openssl ec -in key.pem -des3 -out keyout.pem
-.Ed
-.Pp
-To convert a private key from PEM to DER format:
-.Bd -literal -offset indent
-$ openssl ec -in key.pem -outform DER -out keyout.der
-.Ed
-.Pp
-To print out the components of a private key to standard output:
-.Bd -literal -offset indent
-$ openssl ec -in key.pem -text -noout
-.Ed
-.Pp
-To just output the public part of a private key:
-.Bd -literal -offset indent
-$ openssl ec -in key.pem -pubout -out pubkey.pem
-.Ed
-.Pp
-To change the parameter encoding to
-.Cm explicit :
-.Bd -literal -offset indent
-$ openssl ec -in key.pem -param_enc explicit -out keyout.pem
-.Ed
-.Pp
-To change the point conversion form to
-.Cm compressed :
-.Bd -literal -offset indent
-$ openssl ec -in key.pem -conv_form compressed -out keyout.pem
-.Ed
-.Sh EC HISTORY
-The
-.Nm ec
-command was first introduced in
-.Nm OpenSSL
-0.9.8.
-.Sh EC AUTHORS
-.An Nils Larsch .
 .\"
 .\" ECPARAM
 .\"

diff --git a/src/usr.bin/openssl/openssl.1 b/src/usr.bin/openssl/openssl.1 index e30510ef7d..6e4c6ae951 100644 --- a/src/usr.bin/openssl/openssl.1 +++ b/src/usr.bin/openssl/openssl.1
@@ -1,4 +1,4 @@
1	.\" $OpenBSD: openssl.1,v 1.46 2016/08/08 18:13:51 jmc Exp $	1	.\" $OpenBSD: openssl.1,v 1.47 2016/08/09 17:07:33 jmc Exp $
2	.\" ====================================================================	2	.\" ====================================================================
3	.\" Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.	3	.\" Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
4	.\"	4	.\"
@@ -112,7 +112,7 @@
112	.\"	112	.\"
113	.\" OPENSSL	113	.\" OPENSSL
114	.\"	114	.\"
115	.Dd $Mdocdate: August 8 2016 $	115	.Dd $Mdocdate: August 9 2016 $
116	.Dt OPENSSL 1	116	.Dt OPENSSL 1
117	.Os	117	.Os
118	.Sh NAME	118	.Sh NAME
@@ -1427,21 +1427,17 @@ Generate a parameter set of size
1427	.Ar numbits .	1427	.Ar numbits .
1428	If this option is included, the input file is ignored.	1428	If this option is included, the input file is ignored.
1429	.El	1429	.El
1430	.\"
1431	.\" EC
1432	.\"
1433	.Sh EC	1430	.Sh EC
1434	.nr nS 1	1431	.nr nS 1
1435	.Nm "openssl ec"	1432	.Nm "openssl ec"
1436	.Bk -words
1437	.Op Fl conv_form Ar arg	1433	.Op Fl conv_form Ar arg
1438	.Op Fl des	1434	.Op Fl des
1439	.Op Fl des3	1435	.Op Fl des3
1440	.Op Fl in Ar file	1436	.Op Fl in Ar file
1441	.Op Fl inform Ar DER \| PEM	1437	.Op Fl inform Cm der \| pem
1442	.Op Fl noout	1438	.Op Fl noout
1443	.Op Fl out Ar file	1439	.Op Fl out Ar file
1444	.Op Fl outform Ar DER \| PEM	1440	.Op Fl outform Cm der \| pem
1445	.Op Fl param_enc Ar arg	1441	.Op Fl param_enc Ar arg
1446	.Op Fl param_out	1442	.Op Fl param_out
1447	.Op Fl passin Ar arg	1443	.Op Fl passin Ar arg
@@ -1449,7 +1445,6 @@ If this option is included, the input file is ignored.
1449	.Op Fl pubin	1445	.Op Fl pubin
1450	.Op Fl pubout	1446	.Op Fl pubout
1451	.Op Fl text	1447	.Op Fl text
1452	.Ek
1453	.nr nS 0	1448	.nr nS 0
1454	.Pp	1449	.Pp
1455	The	1450	The
@@ -1457,42 +1452,51 @@ The
1457	command processes EC keys.	1452	command processes EC keys.
1458	They can be converted between various	1453	They can be converted between various
1459	forms and their components printed out.	1454	forms and their components printed out.
1460	Note:	1455	.Nm openssl
1461	.Nm OpenSSL
1462	uses the private key format specified in	1456	uses the private key format specified in
1463	.Dq SEC 1: Elliptic Curve Cryptography	1457	.Dq SEC 1: Elliptic Curve Cryptography
1464	.Pq Lk http://www.secg.org/ .	1458	.Pq Lk http://www.secg.org/ .
1465	To convert an	1459	To convert an
1466	.Nm OpenSSL
1467	EC private key into the PKCS#8 private key format use the	1460	EC private key into the PKCS#8 private key format use the
1468	.Nm pkcs8	1461	.Nm pkcs8
1469	command.	1462	command.
1470	.Pp	1463	.Pp
		1464	The PEM private key format uses the header and footer lines:
		1465	.Bd -literal -offset indent
		1466	-----BEGIN EC PRIVATE KEY-----
		1467	-----END EC PRIVATE KEY-----
		1468	.Ed
		1469	.Pp
		1470	The PEM public key format uses the header and footer lines:
		1471	.Bd -literal -offset indent
		1472	-----BEGIN PUBLIC KEY-----
		1473	-----END PUBLIC KEY-----
		1474	.Ed
		1475	.Pp
1471	The options are as follows:	1476	The options are as follows:
1472	.Bl -tag -width Ds	1477	.Bl -tag -width Ds
1473	.It Fl conv_form Ar arg	1478	.It Fl conv_form Ar arg
1474	This specifies how the points on the elliptic curve are converted	1479	Specify how the points on the elliptic curve are converted
1475	into octet strings.	1480	into octet strings.
1476	Possible values are:	1481	Possible values are:
1477	.Cm compressed	1482	.Cm compressed
1478	(the default value),	1483	(the default),
1479	.Cm uncompressed ,	1484	.Cm uncompressed ,
1480	and	1485	and
1481	.Cm hybrid .	1486	.Cm hybrid .
1482	For more information regarding	1487	For more information regarding
1483	the point conversion forms please read the X9.62 standard.	1488	the point conversion forms see the X9.62 standard.
1484	Note:	1489	Note:
1485	Due to patent issues the	1490	Due to patent issues the
1486	.Cm compressed	1491	.Cm compressed
1487	option is disabled by default for binary curves	1492	option is disabled by default for binary curves
1488	and can be enabled by defining the preprocessor macro	1493	and can be enabled by defining the preprocessor macro
1489	.Ar OPENSSL_EC_BIN_PT_COMP	1494	.Dv OPENSSL_EC_BIN_PT_COMP
1490	at compile time.	1495	at compile time.
1491	.It Fl des \| des3	1496	.It Fl des \| des3
1492	These options encrypt the private key with the DES, triple DES, or	1497	Encrypt the private key with DES, triple DES, or
1493	any other cipher supported by	1498	any other cipher supported by
1494	.Nm OpenSSL	1499	.Nm openssl .
1495	before outputting it.
1496	A pass phrase is prompted for.	1500	A pass phrase is prompted for.
1497	If none of these options is specified the key is written in plain text.	1501	If none of these options is specified the key is written in plain text.
1498	This means that using the	1502	This means that using the
@@ -1503,36 +1507,32 @@ or by setting the encryption options
1503	it can be use to add or change the pass phrase.	1507	it can be use to add or change the pass phrase.
1504	These options can only be used with PEM format output files.	1508	These options can only be used with PEM format output files.
1505	.It Fl in Ar file	1509	.It Fl in Ar file
1506	This specifies the input filename to read a key from,	1510	The input file to read a key from,
1507	or standard input if this option is not specified.	1511	or standard input if not specified.
1508	If the key is encrypted a pass phrase will be prompted for.	1512	If the key is encrypted a pass phrase will be prompted for.
1509	.It Fl inform Ar DER \| PEM	1513	.It Fl inform Cm der \| pem
1510	This specifies the input format.	1514	The input format.
1511	DER with a private key uses	1515	.Cm der
		1516	with a private key uses
1512	an ASN.1 DER-encoded SEC1 private key.	1517	an ASN.1 DER-encoded SEC1 private key.
1513	When used with a public key it	1518	When used with a public key it
1514	uses the SubjectPublicKeyInfo structure as specified in RFC 3280.	1519	uses the SubjectPublicKeyInfo structure as specified in RFC 3280.
1515	PEM is the default format:	1520	.Cm pem
		1521	is the default format:
1516	it consists of the DER format base64	1522	it consists of the DER format base64
1517	encoded with additional header and footer lines.	1523	encoded with additional header and footer lines.
1518	In the case of a private key	1524	In the case of a private key
1519	PKCS#8 format is also accepted.	1525	PKCS#8 format is also accepted.
1520	.It Fl noout	1526	.It Fl noout
1521	Prevents output of the encoded version of the key.	1527	Do not output the encoded version of the key.
1522	.It Fl out Ar file	1528	.It Fl out Ar file
1523	Specifies the output filename to write a key to,	1529	The output filename to write to,
1524	or standard output if none is specified.	1530	or standard output if not specified.
1525	If any encryption options are set then a pass phrase will be prompted for.	1531	If any encryption options are set then a pass phrase will be prompted for.
1526	The output filename should	1532	.It Fl outform Cm der \| pem
1527	.Em not	1533	The output format.
1528	be the same as the input filename.
1529	.It Fl outform Ar DER \| PEM
1530	This specifies the output format.
1531	The options have the same meaning as the
1532	.Fl inform
1533	option.
1534	.It Fl param_enc Ar arg	1534	.It Fl param_enc Ar arg
1535	This specifies how the elliptic curve parameters are encoded.	1535	Specify how the elliptic curve parameters are encoded.
1536	Possible value are:	1536	Possible value are:
1537	.Cm named_curve ,	1537	.Cm named_curve ,
1538	i.e. the EC parameters are specified by an OID; or	1538	i.e. the EC parameters are specified by an OID; or
@@ -1545,8 +1545,7 @@ Note: the
1545	.Cm implicitlyCA	1545	.Cm implicitlyCA
1546	alternative,	1546	alternative,
1547	as specified in RFC 3279,	1547	as specified in RFC 3279,
1548	is currently not implemented in	1548	is currently not implemented.
1549	.Nm OpenSSL .
1550	.It Fl passin Ar arg	1549	.It Fl passin Ar arg
1551	The key password source.	1550	The key password source.
1552	.It Fl passout Ar arg	1551	.It Fl passout Ar arg
@@ -1559,60 +1558,8 @@ By default a private key is output;
1559	with this option a public key is output instead.	1558	with this option a public key is output instead.
1560	This option is automatically set if the input is a public key.	1559	This option is automatically set if the input is a public key.
1561	.It Fl text	1560	.It Fl text
1562	Prints out the public/private key components and parameters.	1561	Print out the public/private key components and parameters.
1563	.El	1562	.El
1564	.Sh EC NOTES
1565	The PEM private key format uses the header and footer lines:
1566	.Bd -literal -offset indent
1567	-----BEGIN EC PRIVATE KEY-----
1568	-----END EC PRIVATE KEY-----
1569	.Ed
1570	.Pp
1571	The PEM public key format uses the header and footer lines:
1572	.Bd -literal -offset indent
1573	-----BEGIN PUBLIC KEY-----
1574	-----END PUBLIC KEY-----
1575	.Ed
1576	.Sh EC EXAMPLES
1577	To encrypt a private key using triple DES:
1578	.Bd -literal -offset indent
1579	$ openssl ec -in key.pem -des3 -out keyout.pem
1580	.Ed
1581	.Pp
1582	To convert a private key from PEM to DER format:
1583	.Bd -literal -offset indent
1584	$ openssl ec -in key.pem -outform DER -out keyout.der
1585	.Ed
1586	.Pp
1587	To print out the components of a private key to standard output:
1588	.Bd -literal -offset indent
1589	$ openssl ec -in key.pem -text -noout
1590	.Ed
1591	.Pp
1592	To just output the public part of a private key:
1593	.Bd -literal -offset indent
1594	$ openssl ec -in key.pem -pubout -out pubkey.pem
1595	.Ed
1596	.Pp
1597	To change the parameter encoding to
1598	.Cm explicit :
1599	.Bd -literal -offset indent
1600	$ openssl ec -in key.pem -param_enc explicit -out keyout.pem
1601	.Ed
1602	.Pp
1603	To change the point conversion form to
1604	.Cm compressed :
1605	.Bd -literal -offset indent
1606	$ openssl ec -in key.pem -conv_form compressed -out keyout.pem
1607	.Ed
1608	.Sh EC HISTORY
1609	The
1610	.Nm ec
1611	command was first introduced in
1612	.Nm OpenSSL
1613	0.9.8.
1614	.Sh EC AUTHORS
1615	.An Nils Larsch .
1616	.\"	1563	.\"
1617	.\" ECPARAM	1564	.\" ECPARAM
1618	.\"	1565	.\"