diff options
Diffstat (limited to 'secure/usr.bin/openssl/man/rsa.1')
-rw-r--r-- | secure/usr.bin/openssl/man/rsa.1 | 84 |
1 files changed, 40 insertions, 44 deletions
diff --git a/secure/usr.bin/openssl/man/rsa.1 b/secure/usr.bin/openssl/man/rsa.1 index ec6a381..e0ee2fe 100644 --- a/secure/usr.bin/openssl/man/rsa.1 +++ b/secure/usr.bin/openssl/man/rsa.1 @@ -1,8 +1,7 @@ -.\" Automatically generated by Pod::Man version 1.15 -.\" Wed Feb 19 16:49:36 2003 +.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.14 .\" .\" Standard preamble: -.\" ====================================================================== +.\" ======================================================================== .de Sh \" Subsection heading .br .if t .Sp @@ -15,12 +14,6 @@ .if t .sp .5v .if n .sp .. -.de Ip \" List item -.br -.ie \\n(.$>=3 .ne \\$3 -.el .ne 3 -.IP "\\$1" \\$2 -.. .de Vb \" Begin verbatim text .ft CW .nf @@ -28,15 +21,14 @@ .. .de Ve \" End verbatim text .ft R - .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. | will give a -.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used -.\" to do unbreakable dashes and therefore won't be available. \*(C` and -.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<> +.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to +.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C' +.\" expand to `' in nroff, nothing in troff, for use with C<>. .tr \(*W-|\(bv\*(Tr .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ @@ -56,10 +48,10 @@ . ds R" '' 'br\} .\" -.\" If the F register is turned on, we'll generate index entries on stderr -.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and -.\" index entries marked with X<> in POD. Of course, you'll have to process -.\" the output yourself in some meaningful fashion. +.\" If the F register is turned on, we'll generate index entries on stderr for +.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index +.\" entries marked with X<> in POD. Of course, you'll have to process the +.\" output yourself in some meaningful fashion. .if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" @@ -68,14 +60,13 @@ . rr F .\} .\" -.\" For nroff, turn off justification. Always turn off hyphenation; it -.\" makes way too many mistakes in technical documents. +.\" For nroff, turn off justification. Always turn off hyphenation; it makes +.\" way too many mistakes in technical documents. .hy 0 .if n .na .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. -.bd B 3 . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 @@ -135,13 +126,12 @@ . ds Ae AE .\} .rm #[ #] #H #V #F C -.\" ====================================================================== +.\" ======================================================================== .\" .IX Title "RSA 1" -.TH RSA 1 "0.9.7a" "2003-02-19" "OpenSSL" -.UC +.TH RSA 1 "2005-02-25" "0.9.7d" "OpenSSL" .SH "NAME" -rsa \- \s-1RSA\s0 key processing tool +rsa \- RSA key processing tool .SH "SYNOPSIS" .IX Header "SYNOPSIS" \&\fBopenssl\fR \fBrsa\fR @@ -171,7 +161,7 @@ applications should use the more secure PKCS#8 format using the \fBpkcs8\fR utility. .SH "COMMAND OPTIONS" .IX Header "COMMAND OPTIONS" -.Ip "\fB\-inform DER|NET|PEM\fR" 4 +.IP "\fB\-inform DER|NET|PEM\fR" 4 .IX Item "-inform DER|NET|PEM" This specifies the input format. The \fB\s-1DER\s0\fR option uses an \s-1ASN1\s0 \s-1DER\s0 encoded form compatible with the PKCS#1 RSAPrivateKey or SubjectPublicKeyInfo format. @@ -179,34 +169,34 @@ The \fB\s-1PEM\s0\fR form is the default format: it consists of the \fB\s-1DER\s encoded with additional header and footer lines. On input PKCS#8 format private keys are also accepted. The \fB\s-1NET\s0\fR form is a format is described in the \fB\s-1NOTES\s0\fR section. -.Ip "\fB\-outform DER|NET|PEM\fR" 4 +.IP "\fB\-outform DER|NET|PEM\fR" 4 .IX Item "-outform DER|NET|PEM" This specifies the output format, the options have the same meaning as the \&\fB\-inform\fR option. -.Ip "\fB\-in filename\fR" 4 +.IP "\fB\-in filename\fR" 4 .IX Item "-in filename" This specifies the input filename to read a key from or standard input if this option is not specified. If the key is encrypted a pass phrase will be prompted for. -.Ip "\fB\-passin arg\fR" 4 +.IP "\fB\-passin arg\fR" 4 .IX Item "-passin arg" the input file password source. For more information about the format of \fBarg\fR -see the \fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR section in openssl(1). -.Ip "\fB\-out filename\fR" 4 +see the \fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1). +.IP "\fB\-out filename\fR" 4 .IX Item "-out filename" This specifies the output filename to write a key to or standard output if this option is not specified. If any encryption options are set then a pass phrase will be prompted for. The output filename should \fBnot\fR be the same as the input filename. -.Ip "\fB\-passout password\fR" 4 +.IP "\fB\-passout password\fR" 4 .IX Item "-passout password" the output file password source. For more information about the format of \fBarg\fR -see the \fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR section in openssl(1). -.Ip "\fB\-sgckey\fR" 4 +see the \fB\s-1PASS\s0 \s-1PHRASE\s0 \s-1ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1). +.IP "\fB\-sgckey\fR" 4 .IX Item "-sgckey" use the modified \s-1NET\s0 algorithm used with some versions of Microsoft \s-1IIS\s0 and \s-1SGC\s0 keys. -.Ip "\fB\-des|\-des3|\-idea\fR" 4 +.IP "\fB\-des|\-des3|\-idea\fR" 4 .IX Item "-des|-des3|-idea" These options encrypt the private key with the \s-1DES\s0, triple \s-1DES\s0, or the \&\s-1IDEA\s0 ciphers respectively before outputting it. A pass phrase is prompted for. @@ -215,29 +205,29 @@ means that using the \fBrsa\fR utility to read in an encrypted key with no encryption option can be used to remove the pass phrase from a key, or by setting the encryption options it can be use to add or change the pass phrase. These options can only be used with \s-1PEM\s0 format output files. -.Ip "\fB\-text\fR" 4 +.IP "\fB\-text\fR" 4 .IX Item "-text" prints out the various public or private key components in plain text in addition to the encoded version. -.Ip "\fB\-noout\fR" 4 +.IP "\fB\-noout\fR" 4 .IX Item "-noout" this option prevents output of the encoded version of the key. -.Ip "\fB\-modulus\fR" 4 +.IP "\fB\-modulus\fR" 4 .IX Item "-modulus" this option prints out the value of the modulus of the key. -.Ip "\fB\-check\fR" 4 +.IP "\fB\-check\fR" 4 .IX Item "-check" this option checks the consistency of an \s-1RSA\s0 private key. -.Ip "\fB\-pubin\fR" 4 +.IP "\fB\-pubin\fR" 4 .IX Item "-pubin" by default a private key is read from the input file: with this option a public key is read instead. -.Ip "\fB\-pubout\fR" 4 +.IP "\fB\-pubout\fR" 4 .IX Item "-pubout" by default a private key is output: with this option a public key will be output instead. This option is automatically set if the input is a public key. -.Ip "\fB\-engine id\fR" 4 +.IP "\fB\-engine id\fR" 4 .IX Item "-engine id" specifying an engine (by it's unique \fBid\fR string) will cause \fBreq\fR to attempt to obtain a functional reference to the specified engine, @@ -251,19 +241,21 @@ The \s-1PEM\s0 private key format uses the header and footer lines: \& -----BEGIN RSA PRIVATE KEY----- \& -----END RSA PRIVATE KEY----- .Ve +.PP The \s-1PEM\s0 public key format uses the header and footer lines: .PP .Vb 2 \& -----BEGIN PUBLIC KEY----- \& -----END PUBLIC KEY----- .Ve +.PP The \fB\s-1NET\s0\fR form is a format compatible with older Netscape servers and Microsoft \s-1IIS\s0 .key files, this uses unsalted \s-1RC4\s0 for its encryption. It is not very secure and so should only be used when necessary. .PP Some newer version of \s-1IIS\s0 have additional data in the exported .key files. To use these with the utility, view the file with a binary editor -and look for the string \*(L"private-key\*(R", then trace back to the byte +and look for the string \*(L"private\-key\*(R", then trace back to the byte sequence 0x30, 0x82 (this is an \s-1ASN1\s0 \s-1SEQUENCE\s0). Copy all the data from this point onwards to another file and use that as the input to the \fBrsa\fR utility with the \fB\-inform \s-1NET\s0\fR option. If you get @@ -275,21 +267,25 @@ To remove the pass phrase on an \s-1RSA\s0 private key: .Vb 1 \& openssl rsa -in key.pem -out keyout.pem .Ve +.PP To encrypt a private key using triple \s-1DES:\s0 .PP .Vb 1 \& openssl rsa -in key.pem -des3 -out keyout.pem .Ve +.PP To convert a private key from \s-1PEM\s0 to \s-1DER\s0 format: .PP .Vb 1 \& openssl rsa -in key.pem -outform DER -out keyout.der .Ve +.PP To print out the components of a private key to standard output: .PP .Vb 1 \& openssl rsa -in key.pem -text -noout .Ve +.PP To just output the public part of a private key: .PP .Vb 1 @@ -304,5 +300,5 @@ There should be an option that automatically handles .key files, without having to manually edit them. .SH "SEE ALSO" .IX Header "SEE ALSO" -pkcs8(1), dsa(1), genrsa(1), -gendsa(1) +\&\fIpkcs8\fR\|(1), \fIdsa\fR\|(1), \fIgenrsa\fR\|(1), +\&\fIgendsa\fR\|(1) |