Deprecate SYSerr, add new FUNCerr macro

[openssl.git] / doc / man1 / pkcs12.pod

diff --git a/doc/man1/pkcs12.pod b/doc/man1/pkcs12.pod
index 80373f20347893eb6da4e94fc3775bdbb0e35ceb..b1b688449e9a847df665f8d07f605f6305fa01cd 100644 (file)
--- a/doc/man1/pkcs12.pod
+++ b/doc/man1/pkcs12.pod
@@ -2,6 +2,7 @@
 
 =head1 NAME
 
+openssl-pkcs12,
 pkcs12 - PKCS#12 file utility
 
 =head1 SYNOPSIS
@@ -10,7 +11,7 @@ B<openssl> B<pkcs12>
 [B<-help>]
 [B<-export>]
 [B<-chain>]
-[B<-inkey filename>]
+[B<-inkey file_or_id>]
 [B<-certfile filename>]
 [B<-name name>]
 [B<-caname name>]
@@ -36,7 +37,8 @@ B<openssl> B<pkcs12>
 [B<-password arg>]
 [B<-passin arg>]
 [B<-passout arg>]
-[B<-rand file(s)>]
+[B<-rand file...>]
+[B<-writerand file>]
 [B<-CAfile file>]
 [B<-CApath dir>]
 [B<-no-CAfile>]
@@ -152,7 +154,8 @@ Don't attempt to verify the integrity MAC before reading the file.
 
 Prompt for separate integrity and encryption passwords: most software
 always assumes these are the same so this option will render such
-PKCS#12 files unreadable.
+PKCS#12 files unreadable. Cannot be used in combination with the options
+-password, -passin (if importing) or -passout (if exporting).
 
 =back
 
@@ -177,10 +180,12 @@ default.  They must all be in PEM format. The order doesn't matter but one
 private key and its corresponding certificate should be present. If additional
 certificates are present they will also be included in the PKCS#12 file.
 
-=item B<-inkey filename>
+=item B<-inkey file_or_id>
 
 File to read private key from. If not present then a private key must be present
 in the input file.
+If no engine is used, the argument is taken as a file; if an engine is
+specified, the argument is given to the engine as a key identifier.
 
 =item B<-name friendlyname>
 
@@ -273,14 +278,19 @@ to be needed to use MAC iterations counts but they are now used by default.
 
 Don't attempt to provide the MAC integrity.
 
-=item B<-rand file(s)>
+=item B<-rand file...>
 
 A file or files containing random data used to seed the random number
-generator, or an EGD socket (see L<RAND_egd(3)>).
+generator.
 Multiple files can be specified separated by an OS-dependent character.
 The separator is B<;> for MS-Windows, B<,> for OpenVMS, and B<:> for
 all others.
 
+=item [B<-writerand file>]
+
+Writes random data to the specified I<file> upon exit.
+This can be used with a subsequent B<-rand> flag.
+
 =item B<-CAfile file>
 
 CA storage as a file.
@@ -374,7 +384,7 @@ L<pkcs8(1)>
 
 Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.
 
-Licensed under the OpenSSL license (the "License").  You may not use
+Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
 in the file LICENSE in the source distribution or at
 L<https://www.openssl.org/source/license.html>.