summaryrefslogtreecommitdiffstats
path: root/doc
diff options
context:
space:
mode:
authorrfkrocktk <rfkrocktk@gmail.com>2014-06-03 15:24:49 -0700
committerMatt Caswell <matt@openssl.org>2014-06-17 23:10:14 +0100
commit96fc4b72506c1573fd80cfc1d2e5ca4d3d0c2b3f (patch)
tree366b42af9fc849ecef4b4573cce9a33c821ba76f /doc
parent8a6c6bbf21cc11ea0fed69a106250af0d734d786 (diff)
Added documentation for -iter for PKCS#8
Diffstat (limited to 'doc')
-rw-r--r--doc/apps/pkcs8.pod12
1 files changed, 12 insertions, 0 deletions
diff --git a/doc/apps/pkcs8.pod b/doc/apps/pkcs8.pod
index 6901f1f3f2..e946cbdfaf 100644
--- a/doc/apps/pkcs8.pod
+++ b/doc/apps/pkcs8.pod
@@ -14,6 +14,7 @@ B<openssl> B<pkcs8>
[B<-passin arg>]
[B<-out filename>]
[B<-passout arg>]
+[B<-iter count>]
[B<-noiter>]
[B<-nocrypt>]
[B<-nooct>]
@@ -76,6 +77,12 @@ filename.
the output file password source. For more information about the format of B<arg>
see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)|openssl(1)>.
+=item B<-iter count>
+
+When creating new PKCS#8 containers, use a given number of iterations on the password
+in deriving the encryption key for the PKCS#8 output. High values increase the time
+required to brute-force a PKCS#8 container.
+
=item B<-nocrypt>
PKCS#8 keys generated or input are normally PKCS#8 EncryptedPrivateKeyInfo
@@ -224,6 +231,11 @@ Read a DER unencrypted PKCS#8 format private key:
Convert a private key from any PKCS#8 format to traditional format:
openssl pkcs8 -in pk8.pem -out key.pem
+
+Convert a private key to PKCS#8 format, encrypting with AES-256 and with
+one million iterations of the password:
+
+ openssl pkcs8 -in raw.pem -topk8 -v2 aes-256-cbc -iter 1000000 -out pk8.pem
=head1 STANDARDS