=head1 NAME
+openssl-pkcs8,
pkcs8 - PKCS#8 format private key conversion tool
=head1 SYNOPSIS
[B<-passout arg>]
[B<-iter count>]
[B<-noiter>]
+[B<-rand file...>]
+[B<-writerand file>]
[B<-nocrypt>]
[B<-traditional>]
[B<-v2 alg>]
=item B<-inform DER|PEM>
-This specifies the input format: see L<KEY FORMATS> for more details.
+This specifies the input format: see L<KEY FORMATS> for more details. The default
+format is PEM.
=item B<-outform DER|PEM>
-This specifies the output format: see L<KEY FORMATS> for more details.
+This specifies the output format: see L<KEY FORMATS> for more details. The default
+format is PEM.
=item B<-traditional>
=item B<-passin arg>
-the input file password source. For more information about the format of B<arg>
+The input file password source. For more information about the format of B<arg>
see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)>.
=item B<-out filename>
=item B<-passout arg>
-the output file password source. For more information about the format of B<arg>
+The output file password source. For more information about the format of B<arg>
see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)>.
=item B<-iter count>
when absolutely necessary. Certain software such as some versions of Java
code signing software used unencrypted private keys.
+=item B<-rand file...>
+
+A file or files containing random data used to seed the random number
+generator.
+Multiple files can be specified separated by an OS-dependent character.
+The separator is B<;> for MS-Windows, B<,> for OpenVMS, and B<:> for
+all others.
+
+=item [B<-writerand file>]
+
+Writes random data to the specified I<file> upon exit.
+This can be used with a subsequent B<-rand> flag.
+
=item B<-v2 alg>
This option sets the PKCS#5 v2.0 algorithm.
=item B<-engine id>
-specifying an engine (by its unique B<id> string) will cause B<pkcs8>
+Specifying an engine (by its unique B<id> string) will cause B<pkcs8>
to attempt to obtain a functional reference to the specified engine,
thus initialising it if needed. The engine will then be set as the default
for all available algorithms.
=item B<-scrypt>
-uses the B<scrypt> algorithm for private key encryption using default
+Uses the B<scrypt> algorithm for private key encryption using default
parameters: currently N=16384, r=8 and p=1 and AES in CBC mode with a 256 bit
key. These parameters can be modified using the B<-scrypt_N>, B<-scrypt_r>,
B<-scrypt_p> and B<-v2> options.
-B<-scrypt_N N> B<-scrypt_r r> B<-scrypt_p p>
+=item B<-scrypt_N N> B<-scrypt_r r> B<-scrypt_p p>
-sets the scrypt B<N>, B<r> or B<p> parameters.
+Sets the scrypt B<N>, B<r> or B<p> parameters.
=back
These algorithms were included in the original PKCS#5 v1.5 specification.
They only offer 56 bits of protection since they both use DES.
-=item B<PBE-SHA1-RC2-64 PBE-MD2-RC2-64 PBE-MD5-RC2-64 PBE-SHA1-DES>
+=item B<PBE-SHA1-RC2-64>, B<PBE-MD2-RC2-64>, B<PBE-MD5-RC2-64>, B<PBE-SHA1-DES>
These algorithms are not mentioned in the original PKCS#5 v1.5 specification
but they use the same key derivation algorithm and are supported by some
software. They are mentioned in PKCS#5 v2.0. They use either 64 bit RC2 or
56 bit DES.
-=item B<PBE-SHA1-RC4-128 PBE-SHA1-RC4-40 PBE-SHA1-3DES PBE-SHA1-2DES PBE-SHA1-RC2-128 PBE-SHA1-RC2-40>
+=item B<PBE-SHA1-RC4-128>, B<PBE-SHA1-RC4-40>, B<PBE-SHA1-3DES>, B<PBE-SHA1-2DES>, B<PBE-SHA1-RC2-128>, B<PBE-SHA1-RC2-40>
These algorithms use the PKCS#12 password based encryption algorithm and
allow strong encryption algorithms like triple DES or 128 bit RC2 to be used.
=head1 HISTORY
-The B<-iter> option was added to OpenSSL 1.1.0.
+The B<-iter> option was added in OpenSSL 1.1.0.
=head1 COPYRIGHT
-Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
-Licensed under the OpenSSL license (the "License"). You may not use
+Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
in the file LICENSE in the source distribution or at
L<https://www.openssl.org/source/license.html>.