1 files changed, 212 insertions, 2 deletions
diff --git a/src/usr.sbin/openssl/openssl.1 b/src/usr.sbin/openssl/openssl.1
index 73cbf23686..ce075f1300 100644
--- a/src/usr.sbin/openssl/openssl.1
+++ b/src/usr.sbin/openssl/openssl.1
@@ -1,4 +1,4 @@
-.\" $OpenBSD: openssl.1,v 1.74 2010/10/09 18:22:46 jmc Exp $
+.\" $OpenBSD: openssl.1,v 1.75 2010/10/12 18:36:03 jmc Exp $
 .\" ====================================================================
 .\" Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
 .\"
@@ -112,7 +112,7 @@
 .\"
 .\" OPENSSL
 .\"
-.Dd $Mdocdate: October 9 2010 $
+.Dd $Mdocdate: October 12 2010 $
 .Dt OPENSSL 1
 .Os
 .Sh NAME
@@ -318,6 +318,8 @@ PKCS#8 data management.
 PKCS#12 data management.
 .It Cm pkey
 Public and private key management.
+.It Cm pkeyutl
+Public key algorithm cryptographic operation utility.
 .It Cm rand
 Generate pseudo-random bytes.
 .It Cm req
@@ -5144,6 +5146,214 @@ To just output the public part of a private key:
 $ openssl pkey -in key.pem -pubout -out pubkey.pem
 .Ed
 .\"
+.\" PKEYUTL
+.\"
+.Sh PKEYUTL
+.Cm openssl pkeyutl
+.Bk -words
+.Op Fl asn1parse
+.Op Fl certin
+.Op Fl decrypt
+.Op Fl derive
+.Op Fl encrypt
+.Op Fl hexdump
+.Op Fl pubin
+.Op Fl rev
+.Op Fl sign
+.Op Fl verify
+.Op Fl verifyrecover
+.Op Fl engine Ar id
+.Op Fl in Ar file
+.Op Fl inkey Ar file
+.Op Fl keyform Ar DER | PEM
+.Op Fl out Ar file
+.Op Fl passin Ar arg
+.Op Fl peerform Ar DER | PEM
+.Op Fl peerkey Ar file
+.Op Fl pkeyopt Ar opt : Ns Ar value
+.Op Fl sigfile Ar file
+.Ek
+.Pp
+The
+.Nm pkeyutl
+command can be used to perform public key operations using
+any supported algorithm.
+.Pp
+The options are as follows:
+.Bl -tag -width Ds
+.It Fl asn1parse
+ASN1parse the output data.
+This is useful when combined with the
+.Fl verifyrecover
+option when an ASN1 structure is signed.
+.It Fl certin
+The input is a certificate containing a public key.
+.It Fl decrypt
+Decrypt the input data using a private key.
+.It Fl derive
+Derive a shared secret using the peer key.
+.It Fl encrypt
+Encrypt the input data using a public key.
+.It Fl engine Ar id
+Specifying an engine (by its unique
+.Ar id
+string) will cause
+.Nm pkeyutl
+to attempt to obtain a functional reference to the specified engine,
+thus initialising it if needed.
+The engine will then be set as the default
+for all available algorithms.
+.It Fl hexdump
+Hex dump the output data.
+.It Fl in Ar file
+Specify the input filename to read data from,
+or standard input if this option is not specified.
+.It Fl inkey Ar file
+The input key file.
+By default it should be a private key.
+.It Fl keyform Ar DER | PEM
+The key format DER, PEM, or ENGINE.
+.It Fl out Ar file
+Specify the output filename to write to,
+or standard output by default.
+.It Fl passin Ar arg
+The input key password source.
+For more information about the format of
+.Ar arg
+see the
+.Sx PASS PHRASE ARGUMENTS
+section above.
+.It Fl peerform Ar DER | PEM
+The peer key format DER, PEM, or ENGINE.
+.It Fl peerkey Ar file
+The peer key file, used by key derivation (agreement) operations.
+.It Fl pkeyopt Ar opt : Ns Ar value
+Public key options.
+.It Fl pubin
+The input file is a public key.
+.It Fl rev
+Reverse the order of the input buffer.
+This is useful for some libraries (such as CryptoAPI)
+which represent the buffer in little endian format.
+.It Fl sigfile Ar file
+Signature file (verify operation only).
+.It Fl sign
+Sign the input data and output the signed result.
+This requires a private key.
+.It Fl verify
+Verify the input data against the signature file and indicate if the
+verification succeeded or failed.
+.It Fl verifyrecover
+Verify the input data and output the recovered data.
+.El
+.Sh PKEYUTL NOTES
+The operations and options supported vary according to the key algorithm
+and its implementation.
+The
+.Nm OpenSSL
+operations and options are indicated below.
+.Pp
+Unless otherwise mentioned all algorithms support the
+.Ar digest : Ns Ar alg
+option which specifies the digest in use
+for sign, verify, and verifyrecover operations.
+The value
+.Ar alg
+should represent a digest name as used in the
+.Fn EVP_get_digestbyname
+function, for example
+.Cm sha1 .
+.Ss RSA algorithm
+The RSA algorithm supports the
+encrypt, decrypt, sign, verify, and verifyrecover operations in general.
+Some padding modes only support some of these
+operations however.
+.Bl -tag -width Ds
+.It rsa_padding_mode : Ns Ar mode
+This sets the RSA padding mode.
+Acceptable values for
+.Ar mode
+are
+.Cm pkcs1
+for PKCS#1 padding;
+.Cm sslv23
+for SSLv23 padding;
+.Cm none
+for no padding;
+.Cm oaep
+for OAEP mode;
+.Cm x931
+for X9.31 mode;
+and
+.Cm pss
+for PSS.
+.Pp
+In PKCS#1 padding if the message digest is not set then the supplied data is
+signed or verified directly instead of using a DigestInfo structure.
+If a digest is set then a DigestInfo
+structure is used and its length
+must correspond to the digest type.
+.Pp
+For oeap mode only encryption and decryption is supported.
+.Pp
+For x931 if the digest type is set it is used to format the block data;
+otherwise the first byte is used to specify the X9.31 digest ID.
+Sign, verify, and verifyrecover can be performed in this mode.
+.Pp
+For pss mode only sign and verify are supported and the digest type must be
+specified.
+.It rsa_pss_saltlen : Ns Ar len
+For pss
+mode only this option specifies the salt length.
+Two special values are supported:
+-1 sets the salt length to the digest length.
+When signing -2 sets the salt length to the maximum permissible value.
+When verifying -2 causes the salt length to be automatically determined
+based on the PSS block structure.
+.El
+.Ss DSA algorithm
+The DSA algorithm supports the sign and verify operations.
+Currently there are no additional options other than
+.Ar digest .
+Only the SHA1 digest can be used and this digest is assumed by default.
+.Ss DH algorithm
+The DH algorithm supports the derive operation
+and no additional options.
+.Ss EC algorithm
+The EC algorithm supports the sign, verify, and derive operations.
+The sign and verify operations use ECDSA and derive uses ECDH.
+Currently there are no additional options other than
+.Ar digest .
+Only the SHA1 digest can be used and this digest is assumed by default.
+.Sh PKEYUTL EXAMPLES
+Sign some data using a private key:
+.Bd -literal -offset indent
+$ openssl pkeyutl -sign -in file -inkey key.pem -out sig
+.Ed
+.Pp
+Recover the signed data (e.g. if an RSA key is used):
+.Bd -literal -offset indent
+$ openssl pkeyutl -verifyrecover -in sig -inkey key.pem
+.Ed
+.Pp
+Verify the signature (e.g. a DSA key):
+.Bd -literal -offset indent
+$ openssl pkeyutl -verify -in file -sigfile sig \e
+        -inkey key.pem
+.Ed
+.Pp
+Sign data using a message digest value (this is currently only valid for RSA):
+.Bd -literal -offset indent
+$ openssl pkeyutl -sign -in file -inkey key.pem \e
+        -out sig -pkeyopt digest:sha256
+.Ed
+.Pp
+Derive a shared secret value:
+.Bd -literal -offset indent
+$ openssl pkeyutl -derive -inkey key.pem \e
+        -peerkey pubkey.pem -out secret
+.Ed
+.\"
 .\" RAND
 .\"
 .Sh RAND

diff --git a/src/usr.sbin/openssl/openssl.1 b/src/usr.sbin/openssl/openssl.1 index 73cbf23686..ce075f1300 100644 --- a/src/usr.sbin/openssl/openssl.1 +++ b/src/usr.sbin/openssl/openssl.1
@@ -1,4 +1,4 @@
1	.\" $OpenBSD: openssl.1,v 1.74 2010/10/09 18:22:46 jmc Exp $	1	.\" $OpenBSD: openssl.1,v 1.75 2010/10/12 18:36:03 jmc Exp $
2	.\" ====================================================================	2	.\" ====================================================================
3	.\" Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.	3	.\" Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
4	.\"	4	.\"
@@ -112,7 +112,7 @@
112	.\"	112	.\"
113	.\" OPENSSL	113	.\" OPENSSL
114	.\"	114	.\"
115	.Dd $Mdocdate: October 9 2010 $	115	.Dd $Mdocdate: October 12 2010 $
116	.Dt OPENSSL 1	116	.Dt OPENSSL 1
117	.Os	117	.Os
118	.Sh NAME	118	.Sh NAME
@@ -318,6 +318,8 @@ PKCS#8 data management.
318	PKCS#12 data management.	318	PKCS#12 data management.
319	.It Cm pkey	319	.It Cm pkey
320	Public and private key management.	320	Public and private key management.
		321	.It Cm pkeyutl
		322	Public key algorithm cryptographic operation utility.
321	.It Cm rand	323	.It Cm rand
322	Generate pseudo-random bytes.	324	Generate pseudo-random bytes.
323	.It Cm req	325	.It Cm req
@@ -5144,6 +5146,214 @@ To just output the public part of a private key:
5144	$ openssl pkey -in key.pem -pubout -out pubkey.pem	5146	$ openssl pkey -in key.pem -pubout -out pubkey.pem
5145	.Ed	5147	.Ed
5146	.\"	5148	.\"
		5149	.\" PKEYUTL
		5150	.\"
		5151	.Sh PKEYUTL
		5152	.Cm openssl pkeyutl
		5153	.Bk -words
		5154	.Op Fl asn1parse
		5155	.Op Fl certin
		5156	.Op Fl decrypt
		5157	.Op Fl derive
		5158	.Op Fl encrypt
		5159	.Op Fl hexdump
		5160	.Op Fl pubin
		5161	.Op Fl rev
		5162	.Op Fl sign
		5163	.Op Fl verify
		5164	.Op Fl verifyrecover
		5165	.Op Fl engine Ar id
		5166	.Op Fl in Ar file
		5167	.Op Fl inkey Ar file
		5168	.Op Fl keyform Ar DER \| PEM
		5169	.Op Fl out Ar file
		5170	.Op Fl passin Ar arg
		5171	.Op Fl peerform Ar DER \| PEM
		5172	.Op Fl peerkey Ar file
		5173	.Op Fl pkeyopt Ar opt : Ns Ar value
		5174	.Op Fl sigfile Ar file
		5175	.Ek
		5176	.Pp
		5177	The
		5178	.Nm pkeyutl
		5179	command can be used to perform public key operations using
		5180	any supported algorithm.
		5181	.Pp
		5182	The options are as follows:
		5183	.Bl -tag -width Ds
		5184	.It Fl asn1parse
		5185	ASN1parse the output data.
		5186	This is useful when combined with the
		5187	.Fl verifyrecover
		5188	option when an ASN1 structure is signed.
		5189	.It Fl certin
		5190	The input is a certificate containing a public key.
		5191	.It Fl decrypt
		5192	Decrypt the input data using a private key.
		5193	.It Fl derive
		5194	Derive a shared secret using the peer key.
		5195	.It Fl encrypt
		5196	Encrypt the input data using a public key.
		5197	.It Fl engine Ar id
		5198	Specifying an engine (by its unique
		5199	.Ar id
		5200	string) will cause
		5201	.Nm pkeyutl
		5202	to attempt to obtain a functional reference to the specified engine,
		5203	thus initialising it if needed.
		5204	The engine will then be set as the default
		5205	for all available algorithms.
		5206	.It Fl hexdump
		5207	Hex dump the output data.
		5208	.It Fl in Ar file
		5209	Specify the input filename to read data from,
		5210	or standard input if this option is not specified.
		5211	.It Fl inkey Ar file
		5212	The input key file.
		5213	By default it should be a private key.
		5214	.It Fl keyform Ar DER \| PEM
		5215	The key format DER, PEM, or ENGINE.
		5216	.It Fl out Ar file
		5217	Specify the output filename to write to,
		5218	or standard output by default.
		5219	.It Fl passin Ar arg
		5220	The input key password source.
		5221	For more information about the format of
		5222	.Ar arg
		5223	see the
		5224	.Sx PASS PHRASE ARGUMENTS
		5225	section above.
		5226	.It Fl peerform Ar DER \| PEM
		5227	The peer key format DER, PEM, or ENGINE.
		5228	.It Fl peerkey Ar file
		5229	The peer key file, used by key derivation (agreement) operations.
		5230	.It Fl pkeyopt Ar opt : Ns Ar value
		5231	Public key options.
		5232	.It Fl pubin
		5233	The input file is a public key.
		5234	.It Fl rev
		5235	Reverse the order of the input buffer.
		5236	This is useful for some libraries (such as CryptoAPI)
		5237	which represent the buffer in little endian format.
		5238	.It Fl sigfile Ar file
		5239	Signature file (verify operation only).
		5240	.It Fl sign
		5241	Sign the input data and output the signed result.
		5242	This requires a private key.
		5243	.It Fl verify
		5244	Verify the input data against the signature file and indicate if the
		5245	verification succeeded or failed.
		5246	.It Fl verifyrecover
		5247	Verify the input data and output the recovered data.
		5248	.El
		5249	.Sh PKEYUTL NOTES
		5250	The operations and options supported vary according to the key algorithm
		5251	and its implementation.
		5252	The
		5253	.Nm OpenSSL
		5254	operations and options are indicated below.
		5255	.Pp
		5256	Unless otherwise mentioned all algorithms support the
		5257	.Ar digest : Ns Ar alg
		5258	option which specifies the digest in use
		5259	for sign, verify, and verifyrecover operations.
		5260	The value
		5261	.Ar alg
		5262	should represent a digest name as used in the
		5263	.Fn EVP_get_digestbyname
		5264	function, for example
		5265	.Cm sha1 .
		5266	.Ss RSA algorithm
		5267	The RSA algorithm supports the
		5268	encrypt, decrypt, sign, verify, and verifyrecover operations in general.
		5269	Some padding modes only support some of these
		5270	operations however.
		5271	.Bl -tag -width Ds
		5272	.It rsa_padding_mode : Ns Ar mode
		5273	This sets the RSA padding mode.
		5274	Acceptable values for
		5275	.Ar mode
		5276	are
		5277	.Cm pkcs1
		5278	for PKCS#1 padding;
		5279	.Cm sslv23
		5280	for SSLv23 padding;
		5281	.Cm none
		5282	for no padding;
		5283	.Cm oaep
		5284	for OAEP mode;
		5285	.Cm x931
		5286	for X9.31 mode;
		5287	and
		5288	.Cm pss
		5289	for PSS.
		5290	.Pp
		5291	In PKCS#1 padding if the message digest is not set then the supplied data is
		5292	signed or verified directly instead of using a DigestInfo structure.
		5293	If a digest is set then a DigestInfo
		5294	structure is used and its length
		5295	must correspond to the digest type.
		5296	.Pp
		5297	For oeap mode only encryption and decryption is supported.
		5298	.Pp
		5299	For x931 if the digest type is set it is used to format the block data;
		5300	otherwise the first byte is used to specify the X9.31 digest ID.
		5301	Sign, verify, and verifyrecover can be performed in this mode.
		5302	.Pp
		5303	For pss mode only sign and verify are supported and the digest type must be
		5304	specified.
		5305	.It rsa_pss_saltlen : Ns Ar len
		5306	For pss
		5307	mode only this option specifies the salt length.
		5308	Two special values are supported:
		5309	-1 sets the salt length to the digest length.
		5310	When signing -2 sets the salt length to the maximum permissible value.
		5311	When verifying -2 causes the salt length to be automatically determined
		5312	based on the PSS block structure.
		5313	.El
		5314	.Ss DSA algorithm
		5315	The DSA algorithm supports the sign and verify operations.
		5316	Currently there are no additional options other than
		5317	.Ar digest .
		5318	Only the SHA1 digest can be used and this digest is assumed by default.
		5319	.Ss DH algorithm
		5320	The DH algorithm supports the derive operation
		5321	and no additional options.
		5322	.Ss EC algorithm
		5323	The EC algorithm supports the sign, verify, and derive operations.
		5324	The sign and verify operations use ECDSA and derive uses ECDH.
		5325	Currently there are no additional options other than
		5326	.Ar digest .
		5327	Only the SHA1 digest can be used and this digest is assumed by default.
		5328	.Sh PKEYUTL EXAMPLES
		5329	Sign some data using a private key:
		5330	.Bd -literal -offset indent
		5331	$ openssl pkeyutl -sign -in file -inkey key.pem -out sig
		5332	.Ed
		5333	.Pp
		5334	Recover the signed data (e.g. if an RSA key is used):
		5335	.Bd -literal -offset indent
		5336	$ openssl pkeyutl -verifyrecover -in sig -inkey key.pem
		5337	.Ed
		5338	.Pp
		5339	Verify the signature (e.g. a DSA key):
		5340	.Bd -literal -offset indent
		5341	$ openssl pkeyutl -verify -in file -sigfile sig \e
		5342	-inkey key.pem
		5343	.Ed
		5344	.Pp
		5345	Sign data using a message digest value (this is currently only valid for RSA):
		5346	.Bd -literal -offset indent
		5347	$ openssl pkeyutl -sign -in file -inkey key.pem \e
		5348	-out sig -pkeyopt digest:sha256
		5349	.Ed
		5350	.Pp
		5351	Derive a shared secret value:
		5352	.Bd -literal -offset indent
		5353	$ openssl pkeyutl -derive -inkey key.pem \e
		5354	-peerkey pubkey.pem -out secret
		5355	.Ed
		5356	.\"
5147	.\" RAND	5357	.\" RAND
5148	.\"	5358	.\"
5149	.Sh RAND	5359	.Sh RAND