Add command line password options to the reamining utilities,

[openssl.git] / doc / apps / pkcs12.pod

diff --git a/doc/apps/pkcs12.pod b/doc/apps/pkcs12.pod
index 3643a19fe52b8121f5a1628cb1d9ef538cddc3f1..3d2ed36c10202c69d5ff1fbc8d32377efb82bcb6 100644 (file)
--- a/doc/apps/pkcs12.pod
+++ b/doc/apps/pkcs12.pod
@@ -37,6 +37,10 @@ B<openssl> B<pkcs12>
 [B<-keysig>]
 [B<-password password>]
 [B<-envpass var>]
+[B<-passin password>]
+[B<-envpassin var>]
+[B<-passout password>]
+[B<-envpassout var>]
 
 =head1 DESCRIPTION
 
@@ -64,15 +68,24 @@ by default.
 The filename to write certificates and private keys to, standard output by default.
 They are all written in PEM format.
 
-=item B<-pass password>
+=item B<-pass password>, B<-passin password>
 
-the PKCS#12 file password. Since certain utilities like "ps" make the command line
-visible this option should be used with caution.
+the PKCS#12 file (i.e. input file) password. Since certain utilities like "ps" make
+the command line visible this option should be used with caution.
 
-=item B<-envpass var>
+=item B<-envpass var>, B<-envpassin password>
 
 read the PKCS#12 file password from the environment variable B<var>.
 
+=item B<-passout password>
+
+pass phrase to encrypt any outputed private keys with. Since certain utilities like
+"ps" make the command line visible this option should be used with caution.
+
+=item B<-envpass var>, B<-envpassin password>
+
+read the outputed private keys file password from the environment variable B<var>.
+
 =item B<-noout>
 
 this option inhibits output of the keys and certificates to the output file version
@@ -169,15 +182,24 @@ used multiple times to specify names for all certificates in the order they
 appear. Netscape ignores friendly names on other certificates whereas MSIE
 displays them.
 
-=item B<-pass password>
+=item B<-pass password>, B<-passout password>
 
-the PKCS#12 file password. Since certain utilities like "ps" make the command line
-visible this option should be used with caution.
+the PKCS#12 file (i.e. output file) password. Since certain utilities like "ps"
+make the command line visible this option should be used with caution.
 
-=item B<-envpass var>
+=item B<-envpass var>, B<-envpassout var>
 
 read the PKCS#12 file password from the environment variable B<var>.
 
+=item B<-passin password>
+
+pass phrase to decrypt the input private key with. Since certain utilities like
+"ps" make the command line visible this option should be used with caution.
+
+=item B<-envpassin password>
+
+read the input private key file password from the environment variable B<var>.
+
 =item B<-chain>
 
 if this option is present then an attempt is made to include the entire
@@ -277,9 +299,6 @@ Include some extra certificates:
 
 Some would argue that the PKCS#12 standard is one big bug :-)
 
-Need password options for the PEM files: this will probably be fixed before
-release.
-
 =head1 SEE ALSO
 
 L<pkcs8(1)|pkcs8(1)>