[B<-out> I<filename>]
[B<-passout> I<arg>]
[B<-traditional>]
-[B<->I<cipher>]
+[B<-I<cipher>>]
[B<-text>]
[B<-text_pub>]
[B<-noout>]
[B<-check>]
[B<-pubcheck>]
+=for comment ifdef engine
+
=head1 DESCRIPTION
-The B<pkey> command processes public or private keys. They can be converted
-between various forms and their components printed out.
+This command processes public or private keys. They can be
+converted between various forms and their components printed out.
=head1 OPTIONS
option is not specified. If the key is encrypted a pass phrase will be
prompted for.
-=item B<-passin> I<arg>
+=item B<-passin> I<arg>, B<-passout> I<arg>
-The input file password source. For more information about the format of B<arg>
-see L<openssl(1)/Pass phrase options>.
+The password source for the input and output file.
+For more information about the format of B<arg>
+see L<openssl(1)/Pass Phrase Options>.
=item B<-out> I<filename>
will be prompted for. The output filename should B<not> be the same as the input
filename.
-=item B<-passout> I<password>
-
-The output file password source. For more information about the format of B<arg>
-see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)>.
-
=item B<-traditional>
Normally a private key is written using standard format: this is PKCS#8 form
with the appropriate encryption algorithm (if any). If the B<-traditional>
option is specified then the older "traditional" format is used instead.
-=item B<->I<cipher>
+=item B<-I<cipher>>
These options encrypt the private key with the supplied cipher. Any algorithm
name accepted by EVP_get_cipherbyname() is acceptable such as B<des3>.
=item B<-engine> I<id>
-Specifying an engine (by its unique B<id> string) will cause B<pkey>
+Specifying an engine (by its unique I<id> string) will cause this command
to attempt to obtain a functional reference to the specified engine,
thus initialising it if needed. The engine will then be set as the default
for all available algorithms.