diff options
author | Rich Salz <rsalz@openssl.org> | 2017-05-20 21:44:31 -0400 |
---|---|---|
committer | Rich Salz <rsalz@openssl.org> | 2017-05-21 18:24:49 -0400 |
commit | 8f59b3267ddbffc6dd0da780fe5a1f3dcc4a2259 (patch) | |
tree | 2c369cf59b92092533e841371197915eded7a7ad /doc | |
parent | 5a02eefaad7c8e53d6c7b9f57d947a9cfe6a167f (diff) |
-inkey can be an identifier, not just a file
update pkcs12, smime, ts apps.
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3507)
(cherry picked from commit 48b5352212d8c68f7fd071ca9f38822b7e954c5a)
Diffstat (limited to 'doc')
-rw-r--r-- | doc/apps/pkcs12.pod | 6 | ||||
-rw-r--r-- | doc/apps/smime.pod | 6 | ||||
-rw-r--r-- | doc/apps/ts.pod | 6 |
3 files changed, 12 insertions, 6 deletions
diff --git a/doc/apps/pkcs12.pod b/doc/apps/pkcs12.pod index 3dea46cdcf..2df477699e 100644 --- a/doc/apps/pkcs12.pod +++ b/doc/apps/pkcs12.pod @@ -10,7 +10,7 @@ B<openssl> B<pkcs12> [B<-help>] [B<-export>] [B<-chain>] -[B<-inkey filename>] +[B<-inkey file_or_id>] [B<-certfile filename>] [B<-name name>] [B<-caname name>] @@ -173,10 +173,12 @@ default. They must all be in PEM format. The order doesn't matter but one private key and its corresponding certificate should be present. If additional certificates are present they will also be included in the PKCS#12 file. -=item B<-inkey filename> +=item B<-inkey file_or_id> file to read private key from. If not present then a private key must be present in the input file. +If no engine is used, the argument is taken as a file; if an engine is +specified, the argument is given to the engine as a key identifier. =item B<-name friendlyname> diff --git a/doc/apps/smime.pod b/doc/apps/smime.pod index 7980e35e77..d3e0214665 100644 --- a/doc/apps/smime.pod +++ b/doc/apps/smime.pod @@ -54,7 +54,7 @@ B<openssl> B<smime> [B<-recip file>] [B<-inform SMIME|PEM|DER>] [B<-passin arg>] -[B<-inkey file>] +[B<-inkey file_or_id>] [B<-out file>] [B<-outform SMIME|PEM|DER>] [B<-content file>] @@ -280,13 +280,15 @@ verification was successful. the recipients certificate when decrypting a message. This certificate must match one of the recipients of the message or an error occurs. -=item B<-inkey file> +=item B<-inkey file_or_id> the private key to use when signing or decrypting. This must match the corresponding certificate. If this option is not specified then the private key must be included in the certificate file specified with the B<-recip> or B<-signer> file. When signing this option can be used multiple times to specify successive keys. +If no engine is used, the argument is taken as a file; if an engine is +specified, the argument is given to the engine as a key identifier. =item B<-passin arg> diff --git a/doc/apps/ts.pod b/doc/apps/ts.pod index 2ec9837075..cf30947d35 100644 --- a/doc/apps/ts.pod +++ b/doc/apps/ts.pod @@ -27,7 +27,7 @@ B<-reply> [B<-queryfile> request.tsq] [B<-passin> password_src] [B<-signer> tsa_cert.pem] -[B<-inkey> private.pem] +[B<-inkey> file_or_id] [B<-sha1|-sha224|-sha256|-sha384|-sha512>] [B<-chain> certs_file.pem] [B<-tspolicy> object_id] @@ -243,10 +243,12 @@ timeStamping. The extended key usage must also be critical, otherwise the certificate is going to be refused. Overrides the B<signer_cert> variable of the config file. (Optional) -=item B<-inkey> private.pem +=item B<-inkey> file_or_id The signer private key of the TSA in PEM format. Overrides the B<signer_key> config file option. (Optional) +If no engine is used, the argument is taken as a file; if an engine is +specified, the argument is given to the engine as a key identifier. =item B<-sha1|-sha224|-sha256|-sha384|-sha512> |