Fix typo and improve a bit of text

[openssl.git] / doc / apps / pkeyutl.pod

diff --git a/doc/apps/pkeyutl.pod b/doc/apps/pkeyutl.pod
index 74055df2e6800b5d332af6e281c10d6e8c3c378e..a7b75e6c756d7a03e372ef2ff18d1c31ca6420ab 100644 (file)
--- a/doc/apps/pkeyutl.pod
+++ b/doc/apps/pkeyutl.pod
@@ -12,6 +12,7 @@ B<openssl> B<pkeyutl>
 [B<-sigfile file>]
 [B<-inkey file>]
 [B<-keyform PEM|DER>]
 [B<-sigfile file>]
 [B<-inkey file>]
 [B<-keyform PEM|DER>]

+[B<-passin arg>]

 [B<-peerkey file>]
 [B<-peerform PEM|DER>]
 [B<-pubin>]
 [B<-peerkey file>]
 [B<-peerform PEM|DER>]
 [B<-pubin>]


@@ -26,6 +27,7 @@ B<openssl> B<pkeyutl>
 [B<-pkeyopt opt:value>]
 [B<-hexdump>]
 [B<-asn1parse>]
 [B<-pkeyopt opt:value>]
 [B<-hexdump>]
 [B<-asn1parse>]

+[B<-engine id>]

 
 =head1 DESCRIPTION
 
 
 =head1 DESCRIPTION
 


@@ -52,7 +54,13 @@ the input key file, by default it should be a private key.
 
 =item B<-keyform PEM|DER>
 
 
 =item B<-keyform PEM|DER>
 

-the key format PEM or DER.
+the key format PEM, DER or ENGINE.
+
+=item B<-passin arg>
+
+the input key password source. For more information about the format of B<arg>
+see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)>.
+

 
 =item B<-peerkey file>
 
 
 =item B<-peerkey file>
 


@@ -60,7 +68,15 @@ the peer key file, used by key derivation (agreement) operations.
 
 =item B<-peerform PEM|DER>
 
 
 =item B<-peerform PEM|DER>
 

-the peer key format PEM or DER.
+the peer key format PEM, DER or ENGINE.
+
+=item B<-engine id>
+
+specifying an engine (by its unique B<id> string) will cause B<pkeyutl>
+to attempt to obtain a functional reference to the specified engine,
+thus initialising it if needed. The engine will then be set as the default
+for all available algorithms.
+

 
 =item B<-pubin>
 
 
 =item B<-pubin>
 


@@ -124,13 +140,14 @@ EVP_get_digestbyname() function for example B<sha1>.
 
 =head1 RSA ALGORITHM
 
 
 =head1 RSA ALGORITHM
 

-The RSA algorithm supports encrypt, decrypt, sign, verify and verifyrecover
-operations in general. Some padding modes only support some of these 
-operations however.
+The RSA algorithm generally supports the encrypt, decrypt, sign,
+verify and verifyrecover operations. However, some padding modes
+support only a subset of these operations. The following additional
+B<pkeyopt> values are supported:

 
 =over 4
 
 
 =over 4
 

-=item -B<rsa_padding_mode:mode>
+=item B<rsa_padding_mode:mode>

 
 This sets the RSA padding mode. Acceptable values for B<mode> are B<pkcs1> for
 PKCS#1 padding, B<sslv23> for SSLv23 padding, B<none> for no padding, B<oaep>
 
 This sets the RSA padding mode. Acceptable values for B<mode> are B<pkcs1> for
 PKCS#1 padding, B<sslv23> for SSLv23 padding, B<none> for no padding, B<oaep>


@@ -141,7 +158,7 @@ signed or verified directly instead of using a B<DigestInfo> structure. If a
 digest is set then the a B<DigestInfo> structure is used and its the length
 must correspond to the digest type.
 
 digest is set then the a B<DigestInfo> structure is used and its the length
 must correspond to the digest type.
 

-For B<oeap> mode only encryption and decryption is supported.
+For B<oaep> mode only encryption and decryption is supported.

 
 For B<x931> if the digest type is set it is used to format the block data
 otherwise the first byte is used to specify the X9.31 digest ID. Sign,
 
 For B<x931> if the digest type is set it is used to format the block data
 otherwise the first byte is used to specify the X9.31 digest ID. Sign,


@@ -202,5 +219,5 @@ Derive a shared secret value:
 
 =head1 SEE ALSO
 
 
 =head1 SEE ALSO
 

-L<genpkey(1)|genpkey(1)>, L<pkey(1)|pkey(1)>, L<rsautl(1)|rsautl(1)>
-L<dgst(1)|dgst(1)>, L<rsa(1)|rsa(1)>, L<genrsa(1)|genrsa(1)>
+L<genpkey(1)>, L<pkey(1)>, L<rsautl(1)>
+L<dgst(1)>, L<rsa(1)>, L<genrsa(1)>