summaryrefslogtreecommitdiffstats
path: root/doc
diff options
context:
space:
mode:
authorKurt Roeckx <kurt@roeckx.be>2019-04-13 15:52:47 +0200
committerKurt Roeckx <kurt@roeckx.be>2020-09-09 18:32:10 +0200
commit10203a34725ec75136b03d64fd2126b321419ac1 (patch)
tree74fe59f88ef556a8bcadd7673bac64f092c7057b /doc
parentENCODER: Refactor provider implementations, and some cleanup (diff)
downloadopenssl-10203a34725ec75136b03d64fd2126b321419ac1.tar.xz
openssl-10203a34725ec75136b03d64fd2126b321419ac1.zip
Support writing RSA keys using the traditional format again
Fixes: #6855 Reviewed-by: Richard Levitte <levitte@openssl.org> GH: #8743
Diffstat (limited to 'doc')
-rw-r--r--doc/man1/openssl-genrsa.pod.in5
-rw-r--r--doc/man1/openssl-rsa.pod.in12
-rw-r--r--doc/man1/openssl.pod2
3 files changed, 11 insertions, 8 deletions
diff --git a/doc/man1/openssl-genrsa.pod.in b/doc/man1/openssl-genrsa.pod.in
index 33aa60ca4e..3f81e29eb4 100644
--- a/doc/man1/openssl-genrsa.pod.in
+++ b/doc/man1/openssl-genrsa.pod.in
@@ -28,6 +28,7 @@ B<openssl> B<genrsa>
[B<-3>]
[B<-primes> I<num>]
[B<-verbose>]
+[B<-traditional>]
{- $OpenSSL::safe::opt_r_synopsis -}
{- $OpenSSL::safe::opt_engine_synopsis -}
{- $OpenSSL::safe::opt_provider_synopsis -}
@@ -83,6 +84,10 @@ RSA key, which is defined in RFC 8017.
Print extra details about the operations being performed.
+=item B<-traditional>
+
+Write the key using the traditional PKCS#1 format instead of the PKCS#8 format.
+
{- $OpenSSL::safe::opt_r_item -}
{- $OpenSSL::safe::opt_engine_item -}
diff --git a/doc/man1/openssl-rsa.pod.in b/doc/man1/openssl-rsa.pod.in
index 4f9c41d668..722e4d584c 100644
--- a/doc/man1/openssl-rsa.pod.in
+++ b/doc/man1/openssl-rsa.pod.in
@@ -34,6 +34,7 @@ B<openssl> B<rsa>
[B<-text>]
[B<-noout>]
[B<-modulus>]
+[B<-traditional>]
[B<-check>]
[B<-pubin>]
[B<-pubout>]
@@ -47,10 +48,7 @@ B<openssl> B<rsa>
=head1 DESCRIPTION
This command processes RSA keys. They can be converted between
-various forms and their components printed out. B<Note> this command uses the
-traditional SSLeay compatible format for private key encryption: newer
-applications should use the more secure PKCS#8 format using the
-L<openssl-pkcs8(1)> command.
+various forms and their components printed out.
=head1 OPTIONS
@@ -72,10 +70,10 @@ See L<openssl(1)/Format Options> for details.
The key output format; the default is B<PEM>.
See L<openssl(1)/Format Options> for details.
-=item B<-inform> B<DER>|B<PEM>
+=item B<-traditional>
-The data is a PKCS#1 B<RSAPrivateKey> or B<SubjectPublicKey> object.
-On input, PKCS#8 format private keys are also accepted.
+When writing a private key, use the traditional PKCS#1 format
+instead of the PKCS#8 format.
=item B<-in> I<filename>
diff --git a/doc/man1/openssl.pod b/doc/man1/openssl.pod
index 2c56cc278c..1f344217a2 100644
--- a/doc/man1/openssl.pod
+++ b/doc/man1/openssl.pod
@@ -529,7 +529,7 @@ parameters start with a minus sign:
Several OpenSSL commands can take input or generate output in a variety
of formats.
Since OpenSSL 3.0 keys, single certificates, and CRLs can be read from
-files in any of the B<DER>, B<PEM>, or B<P12> formats,
+files in any of the B<DER>, B<PEM> or B<P12> formats,
while specifying their input format is no more needed.
The list of acceptable formats, and the default, is