summaryrefslogtreecommitdiffstats
path: root/secure/lib/libcrypto/man/pkcs8.1
diff options
context:
space:
mode:
Diffstat (limited to 'secure/lib/libcrypto/man/pkcs8.1')
-rw-r--r--secure/lib/libcrypto/man/pkcs8.1348
1 files changed, 0 insertions, 348 deletions
diff --git a/secure/lib/libcrypto/man/pkcs8.1 b/secure/lib/libcrypto/man/pkcs8.1
deleted file mode 100644
index 110df1a..0000000
--- a/secure/lib/libcrypto/man/pkcs8.1
+++ /dev/null
@@ -1,348 +0,0 @@
-.\" Automatically generated by Pod::Man version 1.15
-.\" Tue Jul 30 09:20:51 2002
-.\"
-.\" Standard preamble:
-.\" ======================================================================
-.de Sh \" Subsection heading
-.br
-.if t .Sp
-.ne 5
-.PP
-\fB\\$1\fR
-.PP
-..
-.de Sp \" Vertical space (when we can't use .PP)
-.if t .sp .5v
-.if n .sp
-..
-.de Ip \" List item
-.br
-.ie \\n(.$>=3 .ne \\$3
-.el .ne 3
-.IP "\\$1" \\$2
-..
-.de Vb \" Begin verbatim text
-.ft CW
-.nf
-.ne \\$1
-..
-.de Ve \" End verbatim text
-.ft R
-
-.fi
-..
-.\" Set up some character translations and predefined strings. \*(-- will
-.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
-.\" double quote, and \*(R" will give a right double quote. | will give a
-.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used
-.\" to do unbreakable dashes and therefore won't be available. \*(C` and
-.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<>
-.tr \(*W-|\(bv\*(Tr
-.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
-.ie n \{\
-. ds -- \(*W-
-. ds PI pi
-. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
-. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
-. ds L" ""
-. ds R" ""
-. ds C` ""
-. ds C' ""
-'br\}
-.el\{\
-. ds -- \|\(em\|
-. ds PI \(*p
-. ds L" ``
-. ds R" ''
-'br\}
-.\"
-.\" If the F register is turned on, we'll generate index entries on stderr
-.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and
-.\" index entries marked with X<> in POD. Of course, you'll have to process
-.\" the output yourself in some meaningful fashion.
-.if \nF \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
-..
-. nr % 0
-. rr F
-.\}
-.\"
-.\" For nroff, turn off justification. Always turn off hyphenation; it
-.\" makes way too many mistakes in technical documents.
-.hy 0
-.if n .na
-.\"
-.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
-.\" Fear. Run. Save yourself. No user-serviceable parts.
-.bd B 3
-. \" fudge factors for nroff and troff
-.if n \{\
-. ds #H 0
-. ds #V .8m
-. ds #F .3m
-. ds #[ \f1
-. ds #] \fP
-.\}
-.if t \{\
-. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
-. ds #V .6m
-. ds #F 0
-. ds #[ \&
-. ds #] \&
-.\}
-. \" simple accents for nroff and troff
-.if n \{\
-. ds ' \&
-. ds ` \&
-. ds ^ \&
-. ds , \&
-. ds ~ ~
-. ds /
-.\}
-.if t \{\
-. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
-. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
-. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
-. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
-. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
-. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
-.\}
-. \" troff and (daisy-wheel) nroff accents
-.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
-.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
-.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
-.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
-.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
-.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
-.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
-.ds ae a\h'-(\w'a'u*4/10)'e
-.ds Ae A\h'-(\w'A'u*4/10)'E
-. \" corrections for vroff
-.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
-.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
-. \" for low resolution devices (crt and lpr)
-.if \n(.H>23 .if \n(.V>19 \
-\{\
-. ds : e
-. ds 8 ss
-. ds o a
-. ds d- d\h'-1'\(ga
-. ds D- D\h'-1'\(hy
-. ds th \o'bp'
-. ds Th \o'LP'
-. ds ae ae
-. ds Ae AE
-.\}
-.rm #[ #] #H #V #F C
-.\" ======================================================================
-.\"
-.IX Title "PKCS8 1"
-.TH PKCS8 1 "0.9.6e" "2000-04-13" "OpenSSL"
-.UC
-.SH "NAME"
-pkcs8 \- PKCS#8 format private key conversion tool
-.SH "SYNOPSIS"
-.IX Header "SYNOPSIS"
-\&\fBopenssl\fR \fBpkcs8\fR
-[\fB\-topk8\fR]
-[\fB\-inform PEM|DER\fR]
-[\fB\-outform PEM|DER\fR]
-[\fB\-in filename\fR]
-[\fB\-passin arg\fR]
-[\fB\-out filename\fR]
-[\fB\-passout arg\fR]
-[\fB\-noiter\fR]
-[\fB\-nocrypt\fR]
-[\fB\-nooct\fR]
-[\fB\-embed\fR]
-[\fB\-nsdb\fR]
-[\fB\-v2 alg\fR]
-[\fB\-v1 alg\fR]
-.SH "DESCRIPTION"
-.IX Header "DESCRIPTION"
-The \fBpkcs8\fR command processes private keys in PKCS#8 format. It can handle
-both unencrypted PKCS#8 PrivateKeyInfo format and EncryptedPrivateKeyInfo
-format with a variety of PKCS#5 (v1.5 and v2.0) and PKCS#12 algorithms.
-.SH "COMMAND OPTIONS"
-.IX Header "COMMAND OPTIONS"
-.Ip "\fB\-topk8\fR" 4
-.IX Item "-topk8"
-Normally a PKCS#8 private key is expected on input and a traditional format
-private key will be written. With the \fB\-topk8\fR option the situation is
-reversed: it reads a traditional format private key and writes a PKCS#8
-format key.
-.Ip "\fB\-inform DER|PEM\fR" 4
-.IX Item "-inform DER|PEM"
-This specifies the input format. If a PKCS#8 format key is expected on input
-then either a \fB\s-1DER\s0\fR or \fB\s-1PEM\s0\fR encoded version of a PKCS#8 key will be
-expected. Otherwise the \fB\s-1DER\s0\fR or \fB\s-1PEM\s0\fR format of the traditional format
-private key is used.
-.Ip "\fB\-outform DER|PEM\fR" 4
-.IX Item "-outform DER|PEM"
-This specifies the output format, the options have the same meaning as the
-\&\fB\-inform\fR option.
-.Ip "\fB\-in filename\fR" 4
-.IX Item "-in filename"
-This specifies the input filename to read a key from or standard input if this
-option is not specified. If the key is encrypted a pass phrase will be
-prompted for.
-.Ip "\fB\-passin arg\fR" 4
-.IX Item "-passin arg"
-the input file password source. For more information about the format of \fBarg\fR
-see the \fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR section in openssl(1).
-.Ip "\fB\-out filename\fR" 4
-.IX Item "-out filename"
-This specifies the output filename to write a key to or standard output by
-default. If any encryption options are set then a pass phrase will be
-prompted for. The output filename should \fBnot\fR be the same as the input
-filename.
-.Ip "\fB\-passout arg\fR" 4
-.IX Item "-passout arg"
-the output file password source. For more information about the format of \fBarg\fR
-see the \fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR section in openssl(1).
-.Ip "\fB\-nocrypt\fR" 4
-.IX Item "-nocrypt"
-PKCS#8 keys generated or input are normally PKCS#8 EncryptedPrivateKeyInfo
-structures using an appropriate password based encryption algorithm. With
-this option an unencrypted PrivateKeyInfo structure is expected or output.
-This option does not encrypt private keys at all and should only be used
-when absolutely necessary. Certain software such as some versions of Java
-code signing software used unencrypted private keys.
-.Ip "\fB\-nooct\fR" 4
-.IX Item "-nooct"
-This option generates \s-1RSA\s0 private keys in a broken format that some software
-uses. Specifically the private key should be enclosed in a \s-1OCTET\s0 \s-1STRING\s0
-but some software just includes the structure itself without the
-surrounding \s-1OCTET\s0 \s-1STRING\s0.
-.Ip "\fB\-embed\fR" 4
-.IX Item "-embed"
-This option generates \s-1DSA\s0 keys in a broken format. The \s-1DSA\s0 parameters are
-embedded inside the PrivateKey structure. In this form the \s-1OCTET\s0 \s-1STRING\s0
-contains an \s-1ASN1\s0 \s-1SEQUENCE\s0 consisting of two structures: a \s-1SEQUENCE\s0 containing
-the parameters and an \s-1ASN1\s0 \s-1INTEGER\s0 containing the private key.
-.Ip "\fB\-nsdb\fR" 4
-.IX Item "-nsdb"
-This option generates \s-1DSA\s0 keys in a broken format compatible with Netscape
-private key databases. The PrivateKey contains a \s-1SEQUENCE\s0 consisting of
-the public and private keys respectively.
-.Ip "\fB\-v2 alg\fR" 4
-.IX Item "-v2 alg"
-This option enables the use of PKCS#5 v2.0 algorithms. Normally PKCS#8
-private keys are encrypted with the password based encryption algorithm
-called \fBpbeWithMD5AndDES-CBC\fR this uses 56 bit \s-1DES\s0 encryption but it
-was the strongest encryption algorithm supported in PKCS#5 v1.5. Using
-the \fB\-v2\fR option PKCS#5 v2.0 algorithms are used which can use any
-encryption algorithm such as 168 bit triple \s-1DES\s0 or 128 bit \s-1RC2\s0 however
-not many implementations support PKCS#5 v2.0 yet. If you are just using
-private keys with OpenSSL then this doesn't matter.
-.Sp
-The \fBalg\fR argument is the encryption algorithm to use, valid values include
-\&\fBdes\fR, \fBdes3\fR and \fBrc2\fR. It is recommended that \fBdes3\fR is used.
-.Ip "\fB\-v1 alg\fR" 4
-.IX Item "-v1 alg"
-This option specifies a PKCS#5 v1.5 or PKCS#12 algorithm to use. A complete
-list of possible algorithms is included below.
-.SH "NOTES"
-.IX Header "NOTES"
-The encrypted form of a \s-1PEM\s0 encode PKCS#8 files uses the following
-headers and footers:
-.PP
-.Vb 2
-\& -----BEGIN ENCRYPTED PRIVATE KEY-----
-\& -----END ENCRYPTED PRIVATE KEY-----
-.Ve
-The unencrypted form uses:
-.PP
-.Vb 2
-\& -----BEGIN PRIVATE KEY-----
-\& -----END PRIVATE KEY-----
-.Ve
-Private keys encrypted using PKCS#5 v2.0 algorithms and high iteration
-counts are more secure that those encrypted using the traditional
-SSLeay compatible formats. So if additional security is considered
-important the keys should be converted.
-.PP
-The default encryption is only 56 bits because this is the encryption
-that most current implementations of PKCS#8 will support.
-.PP
-Some software may use PKCS#12 password based encryption algorithms
-with PKCS#8 format private keys: these are handled automatically
-but there is no option to produce them.
-.PP
-It is possible to write out \s-1DER\s0 encoded encrypted private keys in
-PKCS#8 format because the encryption details are included at an \s-1ASN1\s0
-level whereas the traditional format includes them at a \s-1PEM\s0 level.
-.SH "PKCS#5 v1.5 and PKCS#12 algorithms."
-.IX Header "PKCS#5 v1.5 and PKCS#12 algorithms."
-Various algorithms can be used with the \fB\-v1\fR command line option,
-including PKCS#5 v1.5 and PKCS#12. These are described in more detail
-below.
-.Ip "\fB\s-1PBE-MD2\-DES\s0 \s-1PBE-MD5\-DES\s0\fR" 4
-.IX Item "PBE-MD2-DES PBE-MD5-DES"
-These algorithms were included in the original PKCS#5 v1.5 specification.
-They only offer 56 bits of protection since they both use \s-1DES\s0.
-.Ip "\fB\s-1PBE-SHA1\-RC2\-64\s0 \s-1PBE-MD2\-RC2\-64\s0 \s-1PBE-MD5\-RC2\-64\s0 \s-1PBE-SHA1\-DES\s0\fR" 4
-.IX Item "PBE-SHA1-RC2-64 PBE-MD2-RC2-64 PBE-MD5-RC2-64 PBE-SHA1-DES"
-These algorithms are not mentioned in the original PKCS#5 v1.5 specification
-but they use the same key derivation algorithm and are supported by some
-software. They are mentioned in PKCS#5 v2.0. They use either 64 bit \s-1RC2\s0 or
-56 bit \s-1DES\s0.
-.Ip "\fB\s-1PBE-SHA1\-RC4\-128\s0 \s-1PBE-SHA1\-RC4\-40\s0 \s-1PBE-SHA1\-3DES\s0 \s-1PBE-SHA1\-2DES\s0 \s-1PBE-SHA1\-RC2\-128\s0 \s-1PBE-SHA1\-RC2\-40\s0\fR" 4
-.IX Item "PBE-SHA1-RC4-128 PBE-SHA1-RC4-40 PBE-SHA1-3DES PBE-SHA1-2DES PBE-SHA1-RC2-128 PBE-SHA1-RC2-40"
-These algorithms use the PKCS#12 password based encryption algorithm and
-allow strong encryption algorithms like triple \s-1DES\s0 or 128 bit \s-1RC2\s0 to be used.
-.SH "EXAMPLES"
-.IX Header "EXAMPLES"
-Convert a private from traditional to PKCS#5 v2.0 format using triple
-\&\s-1DES:\s0
-.PP
-.Vb 1
-\& openssl pkcs8 -in key.pem -topk8 -v2 des3 -out enckey.pem
-.Ve
-Convert a private key to PKCS#8 using a PKCS#5 1.5 compatible algorithm
-(\s-1DES\s0):
-.PP
-.Vb 1
-\& openssl pkcs8 -in key.pem -topk8 -out enckey.pem
-.Ve
-Convert a private key to PKCS#8 using a PKCS#12 compatible algorithm
-(3DES):
-.PP
-.Vb 1
-\& openssl pkcs8 -in key.pem -topk8 -out enckey.pem -v1 PBE-SHA1-3DES
-.Ve
-Read a \s-1DER\s0 unencrypted PKCS#8 format private key:
-.PP
-.Vb 1
-\& openssl pkcs8 -inform DER -nocrypt -in key.der -out key.pem
-.Ve
-Convert a private key from any PKCS#8 format to traditional format:
-.PP
-.Vb 1
-\& openssl pkcs8 -in pk8.pem -out key.pem
-.Ve
-.SH "STANDARDS"
-.IX Header "STANDARDS"
-Test vectors from this PKCS#5 v2.0 implementation were posted to the
-pkcs-tng mailing list using triple \s-1DES\s0, \s-1DES\s0 and \s-1RC2\s0 with high iteration
-counts, several people confirmed that they could decrypt the private
-keys produced and Therefore it can be assumed that the PKCS#5 v2.0
-implementation is reasonably accurate at least as far as these
-algorithms are concerned.
-.PP
-The format of PKCS#8 \s-1DSA\s0 (and other) private keys is not well documented:
-it is hidden away in PKCS#11 v2.01, section 11.9. OpenSSL's default \s-1DSA\s0
-PKCS#8 private key format complies with this standard.
-.SH "BUGS"
-.IX Header "BUGS"
-There should be an option that prints out the encryption algorithm
-in use and other details such as the iteration count.
-.PP
-PKCS#8 using triple \s-1DES\s0 and PKCS#5 v2.0 should be the default private
-key format for OpenSSL: for compatibility several of the utilities use
-the old format at present.
-.SH "SEE ALSO"
-.IX Header "SEE ALSO"
-dsa(1), rsa(1), genrsa(1),
-gendsa(1)
OpenPOWER on IntegriCloud