diff options
| author | Rich Salz <rsalz@akamai.com> | 2019-10-09 21:48:33 -0400 |
|---|---|---|
| committer | Tomas Mraz <tmraz@fedoraproject.org> | 2019-10-23 10:53:03 +0200 |
| commit | 777182a0c77ee374e43b94546f49b25f37945c0e (patch) | |
| tree | e14a1ff25be02b311873b0b2baa7769f4f43a73c /doc | |
| parent | 3c77a41b3097eb9255be834e94152b8f7625241f (diff) | |
Document the -inform, etc., in openssl.pod
Add P12 format description.
Remove PEM NOTES sections; it's in openssl.pod
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10142)
Diffstat (limited to 'doc')
27 files changed, 301 insertions, 366 deletions
diff --git a/doc/man1/openssl-asn1parse.pod b/doc/man1/openssl-asn1parse.pod index 5e755596c2..698ce47897 100644 --- a/doc/man1/openssl-asn1parse.pod +++ b/doc/man1/openssl-asn1parse.pod @@ -39,8 +39,8 @@ Print out a usage message. =item B<-inform> B<DER>|B<PEM> -The input format. B<DER> is binary format and B<PEM> (the default) is base64 -encoded. +The input format; the default is B<PEM>. +See L<openssl(1)/Format Options> for details. =item B<-in> I<filename> diff --git a/doc/man1/openssl-ca.pod b/doc/man1/openssl-ca.pod index 5ff5fd954c..e3d6c7b17c 100644 --- a/doc/man1/openssl-ca.pod +++ b/doc/man1/openssl-ca.pod @@ -135,8 +135,8 @@ The private key to sign requests with. =item B<-keyform> B<DER>|B<PEM> -The format of the data in the private key file. -The default is PEM. +The format of the private key file; the default is B<PEM>. +See L<openssl(1)/Format Options> for details. =item B<-sigopt> I<nm>:I<v> diff --git a/doc/man1/openssl-cms.pod b/doc/man1/openssl-cms.pod index 54620fef32..ff601cc548 100644 --- a/doc/man1/openssl-cms.pod +++ b/doc/man1/openssl-cms.pod @@ -25,10 +25,11 @@ B<openssl> B<cms> [B<-sign_receipt>] [B<-verify_receipt> I<receipt>] [B<-in> I<filename>] -[B<-inform> B<DER>|B<PEM>|B<SMIME>] -[B<-rctform> B<DER>|B<PEM>|B<SMIME>] [B<-out> I<filename>] +[B<-inform> B<DER>|B<PEM>|B<SMIME>] [B<-outform> B<DER>|B<PEM>|B<SMIME>] +[B<-rctform> B<DER>|B<PEM>|B<SMIME>] +[B<-keyform> B<DER>|B<PEM>|B<ENGINE>] [B<-stream>] [B<-indef>] [B<-noindef>] @@ -216,33 +217,33 @@ to the B<-verify> operation. The input message to be encrypted or signed or the message to be decrypted or verified. +=item B<-out> I<filename> + +The message text that has been decrypted or verified or the output MIME +format message that has been signed or verified. + =item B<-inform> B<DER>|B<PEM>|B<SMIME> -This specifies the input format for the CMS structure. The default -is B<SMIME> which reads an S/MIME format message. B<PEM> and B<DER> -format change this to expect PEM and DER format CMS structures -instead. This currently only affects the input format of the CMS -structure, if no CMS structure is being input (for example with -B<-encrypt> or B<-sign>) this option has no effect. +The input format of the CMS structure (if one is being read); +the default is B<SMIME>. +See L<openssl(1)/Format Options> for details. -=item B<-rctform> B<DER>|B<PEM>|B<SMIME> +=item B<-outform> B<DER>|B<PEM>|B<SMIME> -Specify the format for a signed receipt for use with the B<-receipt_verify> -operation. +The output format of the CMS structure (if one is being written); +the default is B<SMIME>. +See L<openssl(1)/Format Options> for details. -=item B<-out> I<filename> +=item B<-keyform> B<DER>|B<PEM>|B<ENGINE> -The message text that has been decrypted or verified or the output MIME -format message that has been signed or verified. +The format of the private key file; the default is B<PEM>. +See L<openssl(1)/Format Options> for details. -=item B<-outform> B<DER>|B<PEM>|B<SMIME> +=item B<-rctform> B<DER>|B<PEM>|B<SMIME> -This specifies the output format for the CMS structure. The default -is B<SMIME> which writes an S/MIME format message. B<PEM> and B<DER> -format change this to write PEM and DER format CMS structures -instead. This currently only affects the output format of the CMS -structure, if no CMS structure is being output (for example with -B<-verify> or B<-decrypt>) this option has no effect. +The signed receipt format for use with the B<-receipt_verify>; the default +is B<SMIME>. +See L<openssl(1)/Format Options> for details. =item B<-stream>, B<-indef>, B<-noindef> diff --git a/doc/man1/openssl-crl.pod b/doc/man1/openssl-crl.pod index 9e5f6ca7c0..911af026bb 100644 --- a/doc/man1/openssl-crl.pod +++ b/doc/man1/openssl-crl.pod @@ -10,6 +10,7 @@ B<openssl> B<crl> [B<-help>] [B<-inform> B<DER>|B<PEM>] [B<-outform> B<DER>|B<PEM>] +[B<-keyform> B<DER>|B<PEM>|B<ENGINE>] [B<-text>] [B<-in> I<filename>] [B<-out> I<filename>] @@ -38,16 +39,15 @@ This command processes CRL files in DER or PEM format. Print out a usage message. -=item B<-inform> B<DER>|B<PEM> +=item B<-inform> B<DER>|B<PEM>, B<-outform> B<DER>|B<PEM> -This specifies the input format. B<DER> format is DER encoded CRL -structure. B<PEM> (the default) is a base64 encoded version of -the DER form with header and footer lines. +The input and output formats of the CRL; the default is B<PEM>. +See L<openssl(1)/Format Options> for details. -=item B<-outform> B<DER>|B<PEM> +=item B<-keyform> B<DER>|B<PEM>|B<ENGINE> -This specifies the output format, the options have the same meaning and default -as the B<-inform> option. +The format of the private key file; the default is B<PEM>. +See L<openssl(1)/Format Options> for details. =item B<-in> I<filename> @@ -100,13 +100,6 @@ See L<openssl(1)/Trusted Certificate Options> for more information. =back -=head1 NOTES - -The PEM CRL format uses the header and footer lines: - - -----BEGIN X509 CRL----- - -----END X509 CRL----- - =head1 EXAMPLES Convert a CRL file from PEM to DER: diff --git a/doc/man1/openssl-crl2pkcs7.pod b/doc/man1/openssl-crl2pkcs7.pod index 8b0f33bbd1..70662d4e0f 100644 --- a/doc/man1/openssl-crl2pkcs7.pod +++ b/doc/man1/openssl-crl2pkcs7.pod @@ -31,15 +31,13 @@ Print out a usage message. =item B<-inform> B<DER>|B<PEM> -This specifies the CRL input format. B<DER> format is DER encoded CRL -structure.B<PEM> (the default) is a base64 encoded version of -the DER form with header and footer lines. The default format is PEM. +The input format of the CRL; the default is B<PEM>. +See L<openssl(1)/Format Options> for details. =item B<-outform> B<DER>|B<PEM> -This specifies the PKCS#7 structure output format. B<DER> format is DER -encoded PKCS#7 structure.B<PEM> (the default) is a base64 encoded version of -the DER form with header and footer lines. The default format is PEM. +The output format of the PKCS#7 object; the default is B<PEM>. +See L<openssl(1)/Format Options> for details. =item B<-in> I<filename> diff --git a/doc/man1/openssl-dgst.pod b/doc/man1/openssl-dgst.pod index e165be94f3..7ea47480bc 100644 --- a/doc/man1/openssl-dgst.pod +++ b/doc/man1/openssl-dgst.pod @@ -17,7 +17,7 @@ B<openssl> B<dgst>|I<digest> [B<-r>] [B<-out> I<filename>] [B<-sign> I<filename>] -[B<-keyform> I<arg>] +[B<-keyform> B<DER>|B<PEM>|B<P12>|B<ENGINE>] [B<-passin> I<arg>] [B<-verify> I<filename>] [B<-prverify> I<filename>] @@ -94,10 +94,10 @@ Digitally sign the digest using the private key in "filename". Note this option does not support Ed25519 or Ed448 private keys. Use the L<openssl-pkeyutl(1)> command instead for this. -=item B<-keyform> I<arg> +=item B<-keyform> B<DER>|B<PEM>|B<P12>|B<ENGINE> -Specifies the key format to sign digest with. The DER, PEM, P12, -and ENGINE formats are supported. +The format of the key to sign with; the default is B<PEM>. +See L<openssl(1)/Format Options> for details. =item B<-sigopt> I<nm>:I<v> diff --git a/doc/man1/openssl-dhparam.pod b/doc/man1/openssl-dhparam.pod index a28d1b81f8..cbd52b00fb 100644 --- a/doc/man1/openssl-dhparam.pod +++ b/doc/man1/openssl-dhparam.pod @@ -39,17 +39,11 @@ This command is used to manipulate DH parameter files. Print out a usage message. -=item B<-inform> B<DER>|B<PEM> +=item B<-inform> B<DER>|B<PEM>, B<-outform> B<DER>|B<PEM> -This specifies the input format. The B<DER> option uses an ASN1 DER encoded -form compatible with the PKCS#3 DHparameter structure. The PEM form is the -default format: it consists of the B<DER> format base64 encoded with -additional header and footer lines. - -=item B<-outform> B<DER>|B<PEM> - -This specifies the output format, the options have the same meaning and default -as the B<-inform> option. +The input format and output format; the default is B<PEM>. +The object is compatible with the PKCS#3 B<DHparameter> structure. +See L<openssl(1)/Format Options> for details. =item B<-in> I<filename> @@ -130,11 +124,6 @@ may have different purposes in future versions of OpenSSL. =head1 NOTES -PEM format DH parameters use the header and footer lines: - - -----BEGIN DH PARAMETERS----- - -----END DH PARAMETERS----- - OpenSSL currently only supports the older PKCS#3 DH, not the newer X9.42 DH. diff --git a/doc/man1/openssl-dsa.pod b/doc/man1/openssl-dsa.pod index ef219adaed..8c7b03781e 100644 --- a/doc/man1/openssl-dsa.pod +++ b/doc/man1/openssl-dsa.pod @@ -50,22 +50,16 @@ applications should use the more secure PKCS#8 format using the B<pkcs8> Print out a usage message. -=item B<-inform> B<DER>|B<PEM> +=item B<-inform> B<DER>|B<PEM>, B<-outform> B<DER>|B<PEM> -This specifies the input format. The B<DER> option with a private key uses -an ASN1 DER encoded form of an ASN.1 SEQUENCE consisting of the values of -version (currently zero), p, q, g, the public and private key components -respectively as ASN.1 INTEGERs. When used with a public key it uses a -SubjectPublicKeyInfo structure: it is an error if the key is not DSA. +The input and formats; the default is B<PEM>. +See L<openssl(1)/Format Options> for details. -The B<PEM> form is the default format: it consists of the B<DER> format base64 -encoded with additional header and footer lines. In the case of a private key -PKCS#8 format is also accepted. +Private keys are a sequence of B<ASN.1 INTEGERS>: the version (zero), B<p>, +B<q>, B<g>, and the public and and private key components. Public keys +are a B<SubjectPublicKeyInfo> structure with the B<DSA> type. -=item B<-outform> B<DER>|B<PEM> - -This specifies the output format, the options have the same meaning and default -as the B<-inform> option. +The B<PEM> format also accepts PKCS#8 data. =item B<-in> I<filename> @@ -128,18 +122,6 @@ for all available algorithms. =back -=head1 NOTES - -The PEM private key format uses the header and footer lines: - - -----BEGIN DSA PRIVATE KEY----- - -----END DSA PRIVATE KEY----- - -The PEM public key format uses the header and footer lines: - - -----BEGIN PUBLIC KEY----- - -----END PUBLIC KEY----- - =head1 EXAMPLES To remove the pass phrase on a DSA private key: diff --git a/doc/man1/openssl-dsaparam.pod b/doc/man1/openssl-dsaparam.pod index 5c145ef1fb..0c85ca0d1d 100644 --- a/doc/man1/openssl-dsaparam.pod +++ b/doc/man1/openssl-dsaparam.pod @@ -26,6 +26,9 @@ B<openssl dsaparam> This command is used to manipulate or generate DSA parameter files. +DSA parameter generation can be a slow process and as a result the same set of +DSA parameters is often used to generate several distinct keys. + =head1 OPTIONS =over 4 @@ -34,17 +37,13 @@ This command is used to manipulate or generate DSA parameter files. Print out a usage message. -=item B<-inform> B<DER>|B<PEM> +=item B<-inform> B<DER>|B<PEM>, B<-outform> B<DER>|B<PEM> -This specifies the input format. The B<DER> option uses an ASN1 DER encoded -form compatible with RFC2459 (PKIX) DSS-Parms that is a SEQUENCE consisting -of p, q and g respectively. The PEM form is the default format: it consists -of the B<DER> format base64 encoded with additional header and footer lines. +The input and formats; the default is B<PEM>. +See L<openssl(1)/Format Options> for details. -=item B<-outform> B<DER>|B<PEM> - -This specifies the output format, the options have the same meaning and default -as the B<-inform> option. +Parameters are a sequence of B<ASN.1 INTEGER>s: B<p>, B<q>, and B<g>. +This is compatible with RFC 2459 B<DSS-Parms> structure. =item B<-in> I<filename> @@ -99,16 +98,6 @@ the input file (if any) is ignored. =back -=head1 NOTES - -PEM format DSA parameters use the header and footer lines: - - -----BEGIN DSA PARAMETERS----- - -----END DSA PARAMETERS----- - -DSA parameter generation is a slow process and as a result the same set of -DSA parameters is often used to generate several distinct keys. - =head1 SEE ALSO L<openssl(1)>, diff --git a/doc/man1/openssl-ec.pod b/doc/man1/openssl-ec.pod index d0d54bcb0b..2646c126b5 100644 --- a/doc/man1/openssl-ec.pod +++ b/doc/man1/openssl-ec.pod @@ -46,19 +46,13 @@ PKCS#8 private key format use the L<openssl-pkcs8(1)> command. Print out a usage message. -=item B<-inform> B<DER>|B<PEM> +=item B<-inform> B<DER>|B<PEM>, B<-outform> B<DER>|B<PEM> -This specifies the input format. The B<DER> option with a private key uses -an ASN.1 DER encoded SEC1 private key. When used with a public key it -uses the SubjectPublicKeyInfo structure as specified in RFC 3280. -The B<PEM> form is the default format: it consists of the B<DER> format base64 -encoded with additional header and footer lines. In the case of a private key -PKCS#8 format is also accepted. +The input and formats; the default is B<PEM>. +See L<openssl(1)/Format Options> for details. -=item B<-outform> B<DER>|B<PEM> - -This specifies the output format, the options have the same meaning and default -as the B<-inform> option. +Private keys are an SEC1 private key or PKCS#8 format. +Public keys are a B<SubjectPublicKeyInfo> as specified in IETF RFC 3280. =item B<-in> I<filename> @@ -146,18 +140,6 @@ for all available algorithms. =back -=head1 NOTES - -The PEM private key format uses the header and footer lines: - - -----BEGIN EC PRIVATE KEY----- - -----END EC PRIVATE KEY----- - -The PEM public key format uses the header and footer lines: - - -----BEGIN PUBLIC KEY----- - -----END PUBLIC KEY----- - =head1 EXAMPLES To encrypt a private key using triple DES: diff --git a/doc/man1/openssl-ecparam.pod b/doc/man1/openssl-ecparam.pod index 09c6927320..c761980953 100644 --- a/doc/man1/openssl-ecparam.pod +++ b/doc/man1/openssl-ecparam.pod @@ -33,6 +33,9 @@ B<openssl ecparam> This command is used to manipulate or generate EC parameter files. +OpenSSL is currently not able to generate new groups and therefore +this command can only create EC parameters from known (named) curves. + =head1 OPTIONS =over 4 @@ -41,17 +44,12 @@ This command is used to manipulate or generate EC parameter files. Print out a usage message. -=item B<-inform> B<DER>|B<PEM> +=item B<-inform> B<DER>|B<PEM>, B<-outform> B<DER>|B<PEM> -This specifies the input format. The B<DER> option uses an ASN.1 DER encoded -form compatible with RFC 3279 EcpkParameters. The PEM form is the default -format: it consists of the B<DER> format base64 encoded with additional -header and footer lines. +The input and formats; the default is B<PEM>. +See L<openssl(1)/Format Options> for details. -=item B<-outform> B<DER>|B<PEM> - -This specifies the output format, the options have the same meaning and default -as the B<-inform> option. +Parameters are encoded as B<EcpkParameters> as specified in IETF RFC 3279. =item B<-in> I<filename> @@ -137,16 +135,6 @@ for all available algorithms. =back -=head1 NOTES - -PEM format EC parameters use the header and footer lines: - - -----BEGIN EC PARAMETERS----- - -----END EC PARAMETERS----- - -OpenSSL is currently not able to generate new groups and therefore -B<openssl ecparam> can only create EC parameters from known (named) curves. - =head1 EXAMPLES To create EC parameters with the group 'prime192v1': diff --git a/doc/man1/openssl-genpkey.pod b/doc/man1/openssl-genpkey.pod index 3c2ff77f73..69c642cdf7 100644 --- a/doc/man1/openssl-genpkey.pod +++ b/doc/man1/openssl-genpkey.pod @@ -40,7 +40,8 @@ standard output is used. =item B<-outform> B<DER>|B<PEM> -This specifies the output format DER or PEM. The default format is PEM. +The output format; the default is B<PEM>. +See L<openssl(1)/Format Options> for details. =item B<-pass> I<arg> diff --git a/doc/man1/openssl-nseq.pod b/doc/man1/openssl-nseq.pod index 6a5f266987..5404e1f340 100644 --- a/doc/man1/openssl-nseq.pod +++ b/doc/man1/openssl-nseq.pod @@ -19,6 +19,11 @@ sequence and prints out the certificates contained in it or takes a file of certificates and converts it into a Netscape certificate sequence. +A Netscape certificate sequence is an old Netscape-specific format that +can be sometimes be sent to browsers as an alternative to the standard PKCS#7 +format when several certificates are sent to the browser, for example during +certificate enrollment. It was also used by Netscape certificate server. + =head1 OPTIONS =over 4 @@ -55,23 +60,6 @@ Create a Netscape certificate sequence openssl nseq -in certs.pem -toseq -out nseq.pem -=head1 NOTES - -The B<PEM> encoded form uses the same headers and footers as a certificate: - - -----BEGIN CERTIFICATE----- - -----END CERTIFICATE----- - -A Netscape certificate sequence is a Netscape specific format that can be sent -to browsers as an alternative to the standard PKCS#7 format when several -certificates are sent to the browser: for example during certificate enrollment. -It is used by Netscape certificate server for example. - -=head1 BUGS - -This program needs a few more options: like allowing DER or PEM input and -output files and allowing multiple certificate files to be used. - =head1 COPYRIGHT Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved. diff --git a/doc/man1/openssl-pkcs7.pod b/doc/man1/openssl-pkcs7.pod index b11973f206..adfe54ec0e 100644 --- a/doc/man1/openssl-pkcs7.pod +++ b/doc/man1/openssl-pkcs7.pod @@ -21,7 +21,11 @@ B<openssl> B<pkcs7> =head1 DESCRIPTION -This command processes PKCS#7 files in DER or PEM format. +This command processes PKCS#7 files. Note that it only understands PKCS#7 +v 1.5 as specified in IETF RFC 2315. It cannot currently parse CMS as +described in IETF RFC 2630. + +There is no option to print out all the fields of a PKCS#7 file. =head1 OPTIONS @@ -31,16 +35,12 @@ This command processes PKCS#7 files in DER or PEM format. Print out a usage message. -=item B<-inform> B<DER>|B<PEM> - -This specifies the input format. B<DER> format is DER encoded PKCS#7 -v1.5 structure.B<PEM> (the default) is a base64 encoded version of -the DER form with header and footer lines. +=item B<-inform> B<DER>|B<PEM>, B<-outform> B<DER>|B<PEM> -=item B<-outform> B<DER>|B<PEM> +The input and formats; the default is B<PEM>. +See L<openssl(1)/Format Options> for details. -This specifies the output format, the options have the same meaning and default -as the B<-inform> option. +The data is a PKCS#7 Version 1.5 structure. =item B<-in> I<filename> @@ -86,25 +86,6 @@ Output all certificates in a file: openssl pkcs7 -in file.pem -print_certs -out certs.pem -=head1 NOTES - -The PEM PKCS#7 format uses the header and footer lines: - - -----BEGIN PKCS7----- - -----END PKCS7----- - -For compatibility with some CAs it will also accept: - - -----BEGIN CERTIFICATE----- - -----END CERTIFICATE----- - -=head1 RESTRICTIONS - -There is no option to print out all the fields of a PKCS#7 file. - -This PKCS#7 routines only understand PKCS#7 v 1.5 as specified in RFC2315 they -cannot currently parse, for example, the new CMS as described in RFC2630. - =head1 SEE ALSO L<openssl(1)>, diff --git a/doc/man1/openssl-pkcs8.pod b/doc/man1/openssl-pkcs8.pod index e3d779a165..f923c986a0 100644 --- a/doc/man1/openssl-pkcs8.pod +++ b/doc/man1/openssl-pkcs8.pod @@ -52,15 +52,27 @@ Normally a PKCS#8 private key is expected on input and a private key will be written to the output file. With the B<-topk8> option the situation is reversed: it reads a private key and writes a PKCS#8 format key. -=item B<-inform> B<DER>|B<PEM> +=item B<-inform> B<DER>|B<PEM>, B<-outform> B<DER>|B<PEM> -This specifies the input format: see L<KEY FORMATS> for more details. The default -format is PEM. +The input and formats; the default is B<PEM>. +See L<openssl(1)/Format Options> for details. -=item B<-outform> B<DER>|B<PEM> +If a key is being converted from PKCS#8 form (i.e. the B<-topk8> option is +not used) then the input file must be in PKCS#8 format. An encrypted +key is expected unless B<-nocrypt> is included. + +If B<-topk8> is not used and B<PEM> mode is set the output file will be an +unencrypted private key in PKCS#8 format. If the B<-traditional> option is +used then a traditional format private key is written instead. + +If B<-topk8> is not used and B<DER> mode is set the output file will be an +unencrypted private key in traditional DER format. + +If B<-topk8> is used then any supported private key can be used for the input +file in a format specified by B<-inform>. The output file will be encrypted +PKCS#8 format using the specified encryption parameters unless B<-nocrypt> +is included. -This specifies the output format: see L<KEY FORMATS> for more details. The default -format is PEM. =item B<-traditional> @@ -148,27 +160,6 @@ Sets the scrypt I<N>, I<r> or I<p> parameters. =back -=head1 KEY FORMATS - -Various different formats are used by this command. These are detailed -below. - -If a key is being converted from PKCS#8 form (i.e. the B<-topk8> option is -not used) then the input file must be in PKCS#8 format. An encrypted -key is expected unless B<-nocrypt> is included. - -If B<-topk8> is not used and B<PEM> mode is set the output file will be an -unencrypted private key in PKCS#8 format. If the B<-traditional> option is -used then a traditional format private key is written instead. - -If B<-topk8> is not used and B<DER> mode is set the output file will be an -unencrypted private key in traditional DER format. - -If B<-topk8> is used then any supported private key can be used for the input -file in a format specified by B<-inform>. The output file will be encrypted -PKCS#8 format using the specified encryption parameters unless B<-nocrypt> -is included. - =head1 NOTES By default, when converting a key to PKCS#8 format, PKCS#5 v2.0 using 256 bit @@ -178,17 +169,6 @@ Some older implementations do not support PKCS#5 v2.0 format and require the older PKCS#5 v1.5 form instead, possibly also requiring insecure weak encryption algorithms such as 56 bit DES. -The encrypted form of a PEM encode PKCS#8 files uses the following -headers and footers: - - -----BEGIN ENCRYPTED PRIVATE KEY----- - -----END ENCRYPTED PRIVATE KEY----- - -The unencrypted form uses: - - -----BEGIN PRIVATE KEY----- - -----END PRIVATE KEY----- - Private keys encrypted using PKCS#5 v2.0 algorithms and high iteration counts are more secure that those encrypted using the traditional SSLeay compatible formats. So if additional security is considered diff --git a/doc/man1/openssl-pkey.pod b/doc/man1/openssl-pkey.pod index 0290ee2662..b1aa4af454 100644 --- a/doc/man1/openssl-pkey.pod +++ b/doc/man1/openssl-pkey.pod @@ -40,14 +40,10 @@ converted between various forms and their components printed out. Print out a usage message. -=item B<-inform> B<DER>|B<PEM> +=item B<-inform> B<DER>|B<PEM>, B<-outform> B<DER>|B<PEM> -This specifies the input format DER or PEM. The default format is PEM. - -=item B<-outform> B<DER>|B<PEM> - -This specifies the output format, the options have the same meaning and default -as the B<-inform> option. +The input and formats; the default is B<PEM>. +See L<openssl(1)/Format Options> for details. =item B<-in> I<filename> diff --git a/doc/man1/openssl-pkeyutl.pod b/doc/man1/openssl-pkeyutl.pod index 58c90436b8..13519399fa 100644 --- a/doc/man1/openssl-pkeyutl.pod +++ b/doc/man1/openssl-pkeyutl.pod @@ -90,7 +90,8 @@ The input key file, by default it should be a private key. =item B<-keyform> B<DER>|B<PEM>|B<ENGINE> -The key format PEM, DER or ENGINE. Default is PEM. +The key format; the default is B<PEM>. +See L<openssl(1)/Format Options> for details. =item B<-passin> I<arg> @@ -103,7 +104,8 @@ The peer key file, used by key derivation (agreement) operations. =item B<-peerform> B<DER>|B<PEM>|B<ENGINE> -The peer key format B<PEM>, B<DER> or B<ENGINE>. Default is B<PEM>. +The peer key format; the default is B<PEM>. +See L<openssl(1)/Format Options> for details. =item B<-pubin> diff --git a/doc/man1/openssl-req.pod b/doc/man1/openssl-req.pod index b84a4c92ab..f976b7948e 100644 --- a/doc/man1/openssl-req.pod +++ b/doc/man1/openssl-req.pod @@ -67,17 +67,12 @@ for use as root CAs for example. Print out a usage message. -=item B<-inform> B<DER>|B<PEM> +=item B<-inform> B<DER>|B<PEM>, B<-outform> B<DER>|B<PEM> -This specifies the input format. The B<DER> option uses an ASN1 DER encoded -form compatible with the PKCS#10. The B<PEM> form is the defau |