Squashed commit of the following:

[openssl.git] / doc / man1 / pkcs8.pod

diff --git a/doc/man1/pkcs8.pod b/doc/man1/pkcs8.pod
index ebdcea98b706a431c50a3f128bac084a5a69bd56..8099c9075a2e4859cab1ccdef5ae0372ab4cc353 100644 (file)
--- a/doc/man1/pkcs8.pod
+++ b/doc/man1/pkcs8.pod
@@ -2,6 +2,7 @@
 
 =head1 NAME
 
+openssl-pkcs8,
 pkcs8 - PKCS#8 format private key conversion tool
 
 =head1 SYNOPSIS
@@ -17,6 +18,8 @@ B<openssl> B<pkcs8>
 [B<-passout arg>]
 [B<-iter count>]
 [B<-noiter>]
+[B<-rand file...>]
+[B<-writerand file>]
 [B<-nocrypt>]
 [B<-traditional>]
 [B<-v2 alg>]
@@ -50,11 +53,13 @@ reversed: it reads a private key and writes a PKCS#8 format key.
 
 =item B<-inform DER|PEM>
 
-This specifies the input format: see L<KEY FORMATS> for more details.
+This specifies the input format: see L<KEY FORMATS> for more details. The default
+format is PEM.
 
 =item B<-outform DER|PEM>
 
-This specifies the output format: see L<KEY FORMATS> for more details.
+This specifies the output format: see L<KEY FORMATS> for more details. The default
+format is PEM.
 
 =item B<-traditional>
 
@@ -99,6 +104,19 @@ This option does not encrypt private keys at all and should only be used
 when absolutely necessary. Certain software such as some versions of Java
 code signing software used unencrypted private keys.
 
+=item B<-rand file...>
+
+A file or files containing random data used to seed the random number
+generator.
+Multiple files can be specified separated by an OS-dependent character.
+The separator is B<;> for MS-Windows, B<,> for OpenVMS, and B<:> for
+all others.
+
+=item [B<-writerand file>]
+
+Writes random data to the specified I<file> upon exit.
+This can be used with a subsequent B<-rand> flag.
+
 =item B<-v2 alg>
 
 This option sets the PKCS#5 v2.0 algorithm.
@@ -205,14 +223,14 @@ below.
 These algorithms were included in the original PKCS#5 v1.5 specification.
 They only offer 56 bits of protection since they both use DES.
 
-=item B<PBE-SHA1-RC2-64 PBE-MD2-RC2-64 PBE-MD5-RC2-64 PBE-SHA1-DES>
+=item B<PBE-SHA1-RC2-64>, B<PBE-MD2-RC2-64>, B<PBE-MD5-RC2-64>, B<PBE-SHA1-DES>
 
 These algorithms are not mentioned in the original PKCS#5 v1.5 specification
 but they use the same key derivation algorithm and are supported by some
 software. They are mentioned in PKCS#5 v2.0. They use either 64 bit RC2 or
 56 bit DES.
 
-=item B<PBE-SHA1-RC4-128 PBE-SHA1-RC4-40 PBE-SHA1-3DES PBE-SHA1-2DES PBE-SHA1-RC2-128 PBE-SHA1-RC2-40>
+=item B<PBE-SHA1-RC4-128>, B<PBE-SHA1-RC4-40>, B<PBE-SHA1-3DES>, B<PBE-SHA1-2DES>, B<PBE-SHA1-RC2-128>, B<PBE-SHA1-RC2-40>
 
 These algorithms use the PKCS#12 password based encryption algorithm and
 allow strong encryption algorithms like triple DES or 128 bit RC2 to be used.
@@ -287,13 +305,13 @@ L<gendsa(1)>
 
 =head1 HISTORY
 
-The B<-iter> option was added to OpenSSL 1.1.0.
+The B<-iter> option was added in OpenSSL 1.1.0.
 
 =head1 COPYRIGHT
 
-Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
 
-Licensed under the OpenSSL license (the "License").  You may not use
+Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
 in the file LICENSE in the source distribution or at
 L<https://www.openssl.org/source/license.html>.