diff options
author | Kurt Roeckx <kurt@roeckx.be> | 2019-04-13 15:52:47 +0200 |
---|---|---|
committer | Kurt Roeckx <kurt@roeckx.be> | 2020-09-09 18:32:10 +0200 |
commit | 10203a34725ec75136b03d64fd2126b321419ac1 (patch) | |
tree | 74fe59f88ef556a8bcadd7673bac64f092c7057b /doc | |
parent | ENCODER: Refactor provider implementations, and some cleanup (diff) | |
download | openssl-10203a34725ec75136b03d64fd2126b321419ac1.tar.xz openssl-10203a34725ec75136b03d64fd2126b321419ac1.zip |
Support writing RSA keys using the traditional format again
Fixes: #6855
Reviewed-by: Richard Levitte <levitte@openssl.org>
GH: #8743
Diffstat (limited to 'doc')
-rw-r--r-- | doc/man1/openssl-genrsa.pod.in | 5 | ||||
-rw-r--r-- | doc/man1/openssl-rsa.pod.in | 12 | ||||
-rw-r--r-- | doc/man1/openssl.pod | 2 |
3 files changed, 11 insertions, 8 deletions
diff --git a/doc/man1/openssl-genrsa.pod.in b/doc/man1/openssl-genrsa.pod.in index 33aa60ca4e..3f81e29eb4 100644 --- a/doc/man1/openssl-genrsa.pod.in +++ b/doc/man1/openssl-genrsa.pod.in @@ -28,6 +28,7 @@ B<openssl> B<genrsa> [B<-3>] [B<-primes> I<num>] [B<-verbose>] +[B<-traditional>] {- $OpenSSL::safe::opt_r_synopsis -} {- $OpenSSL::safe::opt_engine_synopsis -} {- $OpenSSL::safe::opt_provider_synopsis -} @@ -83,6 +84,10 @@ RSA key, which is defined in RFC 8017. Print extra details about the operations being performed. +=item B<-traditional> + +Write the key using the traditional PKCS#1 format instead of the PKCS#8 format. + {- $OpenSSL::safe::opt_r_item -} {- $OpenSSL::safe::opt_engine_item -} diff --git a/doc/man1/openssl-rsa.pod.in b/doc/man1/openssl-rsa.pod.in index 4f9c41d668..722e4d584c 100644 --- a/doc/man1/openssl-rsa.pod.in +++ b/doc/man1/openssl-rsa.pod.in @@ -34,6 +34,7 @@ B<openssl> B<rsa> [B<-text>] [B<-noout>] [B<-modulus>] +[B<-traditional>] [B<-check>] [B<-pubin>] [B<-pubout>] @@ -47,10 +48,7 @@ B<openssl> B<rsa> =head1 DESCRIPTION This command processes RSA keys. They can be converted between -various forms and their components printed out. B<Note> this command uses the -traditional SSLeay compatible format for private key encryption: newer -applications should use the more secure PKCS#8 format using the -L<openssl-pkcs8(1)> command. +various forms and their components printed out. =head1 OPTIONS @@ -72,10 +70,10 @@ See L<openssl(1)/Format Options> for details. The key output format; the default is B<PEM>. See L<openssl(1)/Format Options> for details. -=item B<-inform> B<DER>|B<PEM> +=item B<-traditional> -The data is a PKCS#1 B<RSAPrivateKey> or B<SubjectPublicKey> object. -On input, PKCS#8 format private keys are also accepted. +When writing a private key, use the traditional PKCS#1 format +instead of the PKCS#8 format. =item B<-in> I<filename> diff --git a/doc/man1/openssl.pod b/doc/man1/openssl.pod index 2c56cc278c..1f344217a2 100644 --- a/doc/man1/openssl.pod +++ b/doc/man1/openssl.pod @@ -529,7 +529,7 @@ parameters start with a minus sign: Several OpenSSL commands can take input or generate output in a variety of formats. Since OpenSSL 3.0 keys, single certificates, and CRLs can be read from -files in any of the B<DER>, B<PEM>, or B<P12> formats, +files in any of the B<DER>, B<PEM> or B<P12> formats, while specifying their input format is no more needed. The list of acceptable formats, and the default, is |