diff options
author | Dr. David von Oheimb <David.von.Oheimb@siemens.com> | 2022-08-26 20:40:48 +0200 |
---|---|---|
committer | Dr. David von Oheimb <dev@ddvo.net> | 2023-03-14 17:26:49 +0100 |
commit | 0e89b396197f75993c8d64c07b4af6aa2d97e2af (patch) | |
tree | a79eb907eefb1c1cd5a84891564511e8e5f6879b /doc/man1 | |
parent | b7cc2d2f295efc342cd46e7e59f93e0ac0472dc0 (diff) |
apps/x509 etc.: allow private key input when public key is expected
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/19076)
Diffstat (limited to 'doc/man1')
-rw-r--r-- | doc/man1/openssl-dsa.pod.in | 5 | ||||
-rw-r--r-- | doc/man1/openssl-ec.pod.in | 5 | ||||
-rw-r--r-- | doc/man1/openssl-pkey.pod.in | 3 | ||||
-rw-r--r-- | doc/man1/openssl-pkeyutl.pod.in | 4 | ||||
-rw-r--r-- | doc/man1/openssl-rsa.pod.in | 5 | ||||
-rw-r--r-- | doc/man1/openssl-rsautl.pod.in | 4 | ||||
-rw-r--r-- | doc/man1/openssl-x509.pod.in | 25 |
7 files changed, 30 insertions, 21 deletions
diff --git a/doc/man1/openssl-dsa.pod.in b/doc/man1/openssl-dsa.pod.in index 6d15e950b9..cdcbbc206c 100644 --- a/doc/man1/openssl-dsa.pod.in +++ b/doc/man1/openssl-dsa.pod.in @@ -115,8 +115,9 @@ This option prints out the value of the public key component of the key. =item B<-pubin> -By default, a private key is read from the input file. With this option a -public key is read instead. +By default, a private key is read from the input. +With this option a public key is read instead. +If the input contains no public key but a private key, its public part is used. =item B<-pubout> diff --git a/doc/man1/openssl-ec.pod.in b/doc/man1/openssl-ec.pod.in index f6f1e3882e..083a3f6e42 100644 --- a/doc/man1/openssl-ec.pod.in +++ b/doc/man1/openssl-ec.pod.in @@ -106,8 +106,9 @@ Print the elliptic curve parameters. =item B<-pubin> -By default, a private key is read from the input file. With this option a -public key is read instead. +By default a private key is read from the input. +With this option a public key is read instead. +If the input contains no public key but a private key, its public part is used. =item B<-pubout> diff --git a/doc/man1/openssl-pkey.pod.in b/doc/man1/openssl-pkey.pod.in index 34d57f7d14..042862b960 100644 --- a/doc/man1/openssl-pkey.pod.in +++ b/doc/man1/openssl-pkey.pod.in @@ -89,7 +89,8 @@ see L<openssl-passphrase-options(1)>. =item B<-pubin> By default a private key is read from the input. -With this option only the public components are read. +With this option a public key is read instead. +If the input contains no public key but a private key, its public part is used. =back diff --git a/doc/man1/openssl-pkeyutl.pod.in b/doc/man1/openssl-pkeyutl.pod.in index dd87829798..4b8e3fc574 100644 --- a/doc/man1/openssl-pkeyutl.pod.in +++ b/doc/man1/openssl-pkeyutl.pod.in @@ -108,7 +108,9 @@ See L<openssl-format-options(1)> for details. =item B<-pubin> -The input file is a public key. +By default a private key is read from the key input. +With this option a public key is read instead. +If the input contains no public key but a private key, its public part is used. =item B<-certin> diff --git a/doc/man1/openssl-rsa.pod.in b/doc/man1/openssl-rsa.pod.in index 35bd300429..5d7af53d0b 100644 --- a/doc/man1/openssl-rsa.pod.in +++ b/doc/man1/openssl-rsa.pod.in @@ -121,8 +121,9 @@ This option checks the consistency of an RSA private key. =item B<-pubin> -By default a private key is read from the input file: with this -option a public key is read instead. +By default a private key is read from the input. +With this option a public key is read instead. +If the input contains no public key but a private key, its public part is used. =item B<-pubout> diff --git a/doc/man1/openssl-rsautl.pod.in b/doc/man1/openssl-rsautl.pod.in index eab34979de..720bb220f8 100644 --- a/doc/man1/openssl-rsautl.pod.in +++ b/doc/man1/openssl-rsautl.pod.in @@ -76,7 +76,9 @@ See L<openssl-format-options(1)> for details. =item B<-pubin> -The input file is an RSA public key. +By default a private key is read from the key input. +With this option a public key is read instead. +If the input contains no public key but a private key, its public part is used. =item B<-certin> diff --git a/doc/man1/openssl-x509.pod.in b/doc/man1/openssl-x509.pod.in index 84110d24f5..8fb1917bfc 100644 --- a/doc/man1/openssl-x509.pod.in +++ b/doc/man1/openssl-x509.pod.in @@ -84,7 +84,7 @@ B<openssl> B<x509> This command is a multi-purposes certificate handling command. It can be used to print certificate information, convert certificates to various forms, edit certificate trust settings, -generate certificates from scratch or from certificating requests +generate certificates from scratch or from certification requests and then self-signing them or signing them like a "micro CA". Generated certificates bear X.509 version 3. @@ -121,7 +121,8 @@ see L<openssl-passphrase-options(1)>. =item B<-new> Generate a certificate from scratch, not using an input certificate -or certificate request. So the B<-in> option must not be used in this case. +or certificate request. +So this excludes the B<-in> and B<-req> options. Instead, the B<-subj> option needs to be given. The public key to include can be given with the B<-force_pubkey> option and defaults to the key given with the B<-key> (or B<-signkey>) option, @@ -176,9 +177,7 @@ the new certificate or certificate request, resulting in a self-signature. This option cannot be used in conjunction with the B<-CA> option. -It sets the issuer name to the subject name (i.e., makes it self-issued) -and changes the public key to the supplied value (unless overridden -by B<-force_pubkey>). +It sets the issuer name to the subject name (i.e., makes it self-issued). Unless the B<-preserve_dates> option is supplied, it sets the validity start date to the current time and the end date to a value determined by the B<-days> option. @@ -403,20 +402,22 @@ Example: C</DC=org/DC=OpenSSL/DC=users/UID=123456+CN=John Doe> -This option can be used in conjunction with the B<-force_pubkey> option -to create a certificate even without providing an input certificate -or certificate request. +This option can be used with the B<-new> and B<-force_pubkey> options to create +a new certificate without providing an input certificate or certificate request. =item B<-force_pubkey> I<filename> -When a certificate is created set its public key to the key in I<filename> +When a new certificate or certificate request is created +set its public key to the given key instead of the key contained in the input or given with the B<-key> (or B<-signkey>) option. +If the input contains no public key but a private key, its public part is used. + +This option can be used in conjunction with b<-new> and B<-subj> +to directly generate a certificate containing any desired public key. -This option is useful for creating self-issued certificates that are not +This option is also useful for creating self-issued certificates that are not self-signed, for instance when the key cannot be used for signing, such as DH. -It can also be used in conjunction with B<-new> and B<-subj> to directly -generate a certificate containing any desired public key. =item B<-clrext> |