From 0cd4498b8f32bb0cb60724c42aa1014f724b2f2c Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Tue, 8 Feb 2000 13:37:08 +0000 Subject: [PATCH] Update docs. --- doc/apps/crl.pod | 7 +++++++ doc/apps/dsa.pod | 11 ++++++++--- doc/apps/pkcs12.pod | 11 +++++++++++ doc/apps/pkcs8.pod | 4 ++-- doc/apps/rsa.pod | 15 ++++++++++----- 5 files changed, 38 insertions(+), 10 deletions(-) diff --git a/doc/apps/crl.pod b/doc/apps/crl.pod index 0dbb013119..a40c873b95 100644 --- a/doc/apps/crl.pod +++ b/doc/apps/crl.pod @@ -88,6 +88,13 @@ to each certificate. =back +=head1 NOTES + +The PEM CRL format uses the header and footer lines: + + -----BEGIN X509 CRL----- + -----END X509 CRL----- + =head1 EXAMPLES Convert a CRL file from PEM to DER: diff --git a/doc/apps/dsa.pod b/doc/apps/dsa.pod index e6a587b729..8196df1ef0 100644 --- a/doc/apps/dsa.pod +++ b/doc/apps/dsa.pod @@ -88,7 +88,7 @@ read the output file password from the environment variable B. These options encrypt the private key with the DES, triple DES, or the IDEA ciphers respectively before outputting it. A pass phrase is prompted for. If none of these options is specified the key is written in plain text. This -means that using the B utility to read in an encrypted key with no +means that using the B utility to read in an encrypted key with no encryption option can be used to remove the pass phrase from a key, or by setting the encryption options it can be use to add or change the pass phrase. These options can only be used with PEM format output files. @@ -107,8 +107,8 @@ this option prints out the value of the public key component of the key. =item B<-pubin> -by default a private key is input file with this option a public key is input -instead. +by default a private key is read from the input file: with this option a +public key is read instead. =item B<-pubout> @@ -125,6 +125,11 @@ The PEM private key format uses the header and footer lines: -----BEGIN DSA PRIVATE KEY----- -----END DSA PRIVATE KEY----- +The PEM public key format uses the header and footer lines: + + -----BEGIN PUBLIC KEY----- + -----END PUBLIC KEY----- + =head1 EXAMPLES To remove the pass phrase on a DSA private key: diff --git a/doc/apps/pkcs12.pod b/doc/apps/pkcs12.pod index 3d2ed36c10..6a17b910b6 100644 --- a/doc/apps/pkcs12.pod +++ b/doc/apps/pkcs12.pod @@ -261,6 +261,17 @@ Although there are a large number of options most of them are very rarely used. For PKCS#12 file parsing only B<-in> and B<-out> need to be used for PKCS#12 file creation B<-export> and B<-name> are also used. +If none of the B<-clcerts>, B<-cacerts> or B<-nocerts> options are present +then all certificates will be output in the order they appear in the input +PKCS#12 files. There is no guarantee that the first certificate present is +the one corresponding to the private key. Certain software which requires +a private key and certificate and assumes the first certificate in the +file is the one corresponding to the private key: this may not always +be the case. Using the B<-clcerts> option will solve this problem by only +outputing the certificate corresponding to the private key. If the CA +certificates are required then they can be output to a separate file using +the B<-nokeys -cacerts> options to just output CA certificates. + The B<-keypbe> and B<-certpbe> algorithms allow the precise encryption algorithms for private keys and certificates to be specified. Normally the defaults are fine but occasionally software can't handle triple DES diff --git a/doc/apps/pkcs8.pod b/doc/apps/pkcs8.pod index 359eb6f898..df2635613f 100644 --- a/doc/apps/pkcs8.pod +++ b/doc/apps/pkcs8.pod @@ -225,8 +225,8 @@ implementation is reasonably accurate at least as far as these algorithms are concerned. The format of PKCS#8 DSA (and other) private keys is not well documented: -it is hidden away in PKCS#11 v2.01, section 11.9. OpenSSL's DSA private -key format complies with this standard. +it is hidden away in PKCS#11 v2.01, section 11.9. OpenSSL's default DSA +PKCS#8 private key format complies with this standard. =head1 BUGS diff --git a/doc/apps/rsa.pod b/doc/apps/rsa.pod index b0503ba183..b381cc5bcc 100644 --- a/doc/apps/rsa.pod +++ b/doc/apps/rsa.pod @@ -113,14 +113,14 @@ this option checks the consistency of an RSA private key. =item B<-pubin> -by default a private key is input file with this option a public key is input -instead. +by default a private key is read from the input file: with this +option a public key is read instead. =item B<-pubout> -by default a private key is output with this option a public -key will be output instead. This option is automatically set if the input is -a public key. +by default a private key is output: with this option a public +key will be output instead. This option is automatically set if +the input is a public key. =back @@ -131,6 +131,11 @@ The PEM private key format uses the header and footer lines: -----BEGIN RSA PRIVATE KEY----- -----END RSA PRIVATE KEY----- +The PEM public key format uses the header and footer lines: + + -----BEGIN PUBLIC KEY----- + -----END PUBLIC KEY----- + =head1 EXAMPLES To remove the pass phrase on an RSA private key: -- 2.25.1