1 files changed, 35 insertions, 69 deletions

diff --git a/src/usr.bin/openssl/openssl.1 b/src/usr.bin/openssl/openssl.1
index ee384aa20f..cd0b057ac0 100644
--- a/src/usr.bin/openssl/openssl.1
+++ b/src/usr.bin/openssl/openssl.1
@@ -1,4 +1,4 @@
-.\" $OpenBSD: openssl.1,v 1.44 2016/08/03 06:43:21 jmc Exp $
+.\" $OpenBSD: openssl.1,v 1.45 2016/08/05 08:12:12 jmc Exp $
 .\" ====================================================================
 .\" Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
 .\"
@@ -112,7 +112,7 @@
 .\"
 .\" OPENSSL
 .\"
-.Dd $Mdocdate: August 3 2016 $
+.Dd $Mdocdate: August 5 2016 $
 .Dt OPENSSL 1
 .Os
 .Sh NAME
@@ -1255,29 +1255,24 @@ If not present, a value of 2048 is used.
 If this value is present, the input file is ignored and
 parameters are generated instead.
 .El
-.\"
-.\" DSA
-.\"
 .Sh DSA
 .nr nS 1
 .Nm "openssl dsa"
-.Bk -words
 .Oo
 .Fl aes128 | aes192 | aes256 |
 .Fl des | des3
 .Oc
 .Op Fl in Ar file
-.Op Fl inform Ar DER | PEM
+.Op Fl inform Cm der | pem
 .Op Fl modulus
 .Op Fl noout
 .Op Fl out Ar file
-.Op Fl outform Ar DER | PEM
+.Op Fl outform Cm der | pem
 .Op Fl passin Ar arg
 .Op Fl passout Ar arg
 .Op Fl pubin
 .Op Fl pubout
 .Op Fl text
-.Ek
 .nr nS 0
 .Pp
 The
@@ -1293,33 +1288,43 @@ newer applications should use the more secure PKCS#8 format using the
 .Nm pkcs8
 command.
 .Pp
+The PEM private key format uses the header and footer lines:
+.Bd -unfilled -offset indent
+-----BEGIN DSA PRIVATE KEY-----
+-----END DSA PRIVATE KEY-----
+.Ed
+.Pp
+The PEM public key format uses the header and footer lines:
+.Bd -unfilled -offset indent
+-----BEGIN PUBLIC KEY-----
+-----END PUBLIC KEY-----
+.Ed
+.Pp
 The options are as follows:
 .Bl -tag -width Ds
 .It Xo
 .Fl aes128 | aes192 | aes256 |
 .Fl des | des3
 .Xc
-These options encrypt the private key with the AES, DES, or the triple DES
+Encrypt the private key with the AES, DES, or the triple DES
 ciphers, respectively, before outputting it.
 A pass phrase is prompted for.
-If none of these options is specified, the key is written in plain text.
+If none of these options are specified, the key is written in plain text.
 This means that using the
 .Nm dsa
-utility to read in an encrypted key with no encryption option can be used to
+utility to read an encrypted key with no encryption option can be used to
 remove the pass phrase from a key,
-or by setting the encryption options it can be use to add or change
+or by setting the encryption options it can be used to add or change
 the pass phrase.
 These options can only be used with PEM format output files.
 .It Fl in Ar file
-This specifies the input
-.Ar file
-to read a key from, or standard input if this option is not specified.
+The input file to read from,
+or standard input if not specified.
 If the key is encrypted, a pass phrase will be prompted for.
-.It Fl inform Ar DER | PEM
-This specifies the input format.
-The
-.Ar DER
-argument with a private key uses an ASN1 DER-encoded form of an ASN.1
+.It Fl inform Cm der | pem
+The input format.
+.Cm der
+with a private key uses an ASN1 DER-encoded form of an ASN.1
 SEQUENCE consisting of the values of version
 .Pq currently zero ,
 P, Q, G,
@@ -1328,29 +1333,22 @@ When used with a public key it uses a
 .Em SubjectPublicKeyInfo
 structure: it is an error if the key is not DSA.
 .Pp
-The
-.Ar PEM
-form is the default format:
+.Cm pem
+is the default format:
 it consists of the DER format base64-encoded with additional header and footer
 lines.
 In the case of a private key, PKCS#8 format is also accepted.
 .It Fl modulus
-This option prints out the value of the public key component of the key.
+Print the value of the public key component of the key.
 .It Fl noout
-This option prevents output of the encoded version of the key.
+Prevent output of the encoded version of the key.
 .It Fl out Ar file
-This specifies the output
-.Ar file
-to write a key to, or standard output if not specified.
+The output file to write to,
+or standard output if not specified.
 If any encryption options are set then a pass phrase will be
 prompted for.
-The output filename should
-.Em not
-be the same as the input filename.
-.It Fl outform Ar DER | PEM
-This specifies the output format; the options have the same meaning as the
-.Fl inform
-option.
+.It Fl outform Cm der | pem
+The output format.
 .It Fl passin Ar arg
 The key password source.
 .It Fl passout Ar arg
@@ -1363,40 +1361,8 @@ By default, a private key is output.
 With this option a public key will be output instead.
 This option is automatically set if the input is a public key.
 .It Fl text
-Prints out the public/private key components and parameters.
+Print out the public/private key components and parameters.
 .El
-.Sh DSA NOTES
-The PEM private key format uses the header and footer lines:
-.Bd -unfilled -offset indent
------BEGIN DSA PRIVATE KEY-----
------END DSA PRIVATE KEY-----
-.Ed
-.Pp
-The PEM public key format uses the header and footer lines:
-.Bd -unfilled -offset indent
------BEGIN PUBLIC KEY-----
------END PUBLIC KEY-----
-.Ed
-.Sh DSA EXAMPLES
-To remove the pass phrase on a DSA private key:
-.Pp
-.Dl $ openssl dsa -in key.pem -out keyout.pem
-.Pp
-To encrypt a private key using triple DES:
-.Pp
-.Dl $ openssl dsa -in key.pem -des3 -out keyout.pem
-.Pp
-To convert a private key from PEM to DER format:
-.Pp
-.Dl $ openssl dsa -in key.pem -outform DER -out keyout.der
-.Pp
-To print out the components of a private key to standard output:
-.Pp
-.Dl $ openssl dsa -in key.pem -text -noout
-.Pp
-To just output the public part of a private key:
-.Pp
-.Dl $ openssl dsa -in key.pem -pubout -out pubkey.pem
 .\"
 .\" DSAPARAM
 .\"