=head1 NAME
+openssl-pkeyutl,
pkeyutl - public key algorithm utility
=head1 SYNOPSIS
[B<-pkeyopt opt:value>]
[B<-hexdump>]
[B<-asn1parse>]
+[B<-rand file...>]
+[B<-writerand file>]
[B<-engine id>]
[B<-engine_impl>]
=item B<-out filename>
-specifies the output filename to write to or standard output by
+Specifies the output filename to write to or standard output by
default.
=item B<-sigfile file>
=item B<-inkey file>
-the input key file, by default it should be a private key.
+The input key file, by default it should be a private key.
=item B<-keyform PEM|DER|ENGINE>
-the key format PEM, DER or ENGINE. Default is PEM.
+The key format PEM, DER or ENGINE. Default is PEM.
=item B<-passin arg>
-the input key password source. For more information about the format of B<arg>
+The input key password source. For more information about the format of B<arg>
see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)>.
-
=item B<-peerkey file>
-the peer key file, used by key derivation (agreement) operations.
+The peer key file, used by key derivation (agreement) operations.
=item B<-peerform PEM|DER|ENGINE>
-the peer key format PEM, DER or ENGINE. Default is PEM.
+The peer key format PEM, DER or ENGINE. Default is PEM.
=item B<-pubin>
-the input file is a public key.
+The input file is a public key.
=item B<-certin>
-the input is a certificate containing a public key.
+The input is a certificate containing a public key.
=item B<-rev>
-reverse the order of the input buffer. This is useful for some libraries
+Reverse the order of the input buffer. This is useful for some libraries
(such as CryptoAPI) which represent the buffer in little endian format.
=item B<-sign>
-sign the input data and output the signed result. This requires
+Sign the input data and output the signed result. This requires
a private key.
=item B<-verify>
-verify the input data against the signature file and indicate if the
+Verify the input data against the signature file and indicate if the
verification succeeded or failed.
=item B<-verifyrecover>
-verify the input data and output the recovered data.
+Verify the input data and output the recovered data.
=item B<-encrypt>
-encrypt the input data using a public key.
+Encrypt the input data using a public key.
=item B<-decrypt>
-decrypt the input data using a private key.
+Decrypt the input data using a private key.
=item B<-derive>
-derive a shared secret using the peer key.
+Derive a shared secret using the peer key.
=item B<-kdf algorithm>
=item B<-asn1parse>
-asn1parse the output data, this is useful when combined with the
+Parse the ASN.1 output data, this is useful when combined with the
B<-verifyrecover> option when an ASN1 structure is signed.
+=item B<-rand file...>
+
+A file or files containing random data used to seed the random number
+generator.
+Multiple files can be specified separated by an OS-dependent character.
+The separator is B<;> for MS-Windows, B<,> for OpenVMS, and B<:> for
+all others.
+
+=item [B<-writerand file>]
+
+Writes random data to the specified I<file> upon exit.
+This can be used with a subsequent B<-rand> flag.
+
=item B<-engine id>
-specifying an engine (by its unique B<id> string) will cause B<pkeyutl>
+Specifying an engine (by its unique B<id> string) will cause B<pkeyutl>
to attempt to obtain a functional reference to the specified engine,
thus initialising it if needed. The engine will then be set as the default
for all available algorithms.
additional options other than B<digest>. Only the SHA1 digest can be used and
this digest is assumed by default.
-=head1 X25519 ALGORITHM
+=head1 X25519 and X448 ALGORITHMS
-The X25519 algorithm supports key derivation only. Currently there are no
-additional options.
+The X25519 and X448 algorithms support key derivation only. Currently there are
+no additional options.
=head1 EXAMPLES
=head1 COPYRIGHT
-Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2006-2017 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the OpenSSL license (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy