diff options
author | Richard Levitte <levitte@openssl.org> | 2020-11-30 07:25:46 +0100 |
---|---|---|
committer | Richard Levitte <levitte@openssl.org> | 2020-12-02 20:19:31 +0100 |
commit | f91d003a0ef0c748a11ccdb19c7661a3f2df9ab0 (patch) | |
tree | 20ead7bd3ed8cee5bd59e1076644526959709a5b /doc/man1/openssl-pkcs12.pod.in | |
parent | 0b27381fd544beca44df905991923a7fa374d80a (diff) |
APPS: Adapt load_key() and load_pubkey() for the engine: loader
These two functions react when the FORMAT_ENGINE format is given, and
use the passed ENGINE |e| and the passed key argument to form a URI
suitable for the engine: loader.
Co-authored-by: David von Oheimb <david.von.oheimb@siemens.com>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/13570)
Diffstat (limited to 'doc/man1/openssl-pkcs12.pod.in')
-rw-r--r-- | doc/man1/openssl-pkcs12.pod.in | 20 |
1 files changed, 11 insertions, 9 deletions
diff --git a/doc/man1/openssl-pkcs12.pod.in b/doc/man1/openssl-pkcs12.pod.in index e5da1ec980..db9f65a984 100644 --- a/doc/man1/openssl-pkcs12.pod.in +++ b/doc/man1/openssl-pkcs12.pod.in @@ -12,12 +12,12 @@ B<openssl> B<pkcs12> [B<-export>] [B<-chain>] [B<-untrusted> I<filename>] -[B<-inkey> I<file_or_id>] +[B<-inkey> I<filename>|I<uri>] [B<-certfile> I<filename>] [B<-passcerts> I<arg>] [B<-name> I<name>] [B<-caname> I<name>] -[B<-in> I<filename>] +[B<-in> I<filename>|I<uri>] [B<-out> I<filename>] [B<-noout>] [B<-nomacver>] @@ -86,12 +86,13 @@ The default encryption algorithm is AES-256-CBC with PBKDF2 for key derivation. Print out a usage message. -=item B<-in> I<filename> +=item B<-in> I<filename>|I<uri> This specifies the input filename or URI. Standard input is used by default. Without the B<-export> option this is a PKCS#12 file to be parsed. -With the B<-export> option this is a file with certificates and possibly a key. +With the B<-export> option this is a file with certificates and possibly a key, +or a URI that refers to a key accessed via an engine. =item B<-out> I<filename> @@ -206,12 +207,13 @@ The order doesn't matter but one private key and its corresponding certificate should be present. If additional certificates are present they will also be included in the PKCS#12 file. -=item B<-inkey> I<file_or_id> +=item B<-inkey> I<filename>|I<uri> -File to read private key from for PKCS12 output. -If not present then the input file (B<-in> argument) must contain a private key. -If no engine is used, the argument is taken as a file; if an engine is -specified, the argument is given to the engine as a key identifier. +The private key input for PKCS12 output. If this option is not specified then +the input file (B<-in> argument) must contain a private key. +If no engine is used, the argument is taken as a file; +if the B<-engine> option is used or the URI has prefix C<org.openssl.engine:> +then the rest of the URI is taken as key identifier for the given engine. =item B<-name> I<friendlyname> |