=head1 NAME
+openssl-pkey,
pkey - public or private key processing tool
=head1 SYNOPSIS
[B<-out filename>]
[B<-passout arg>]
[B<-traditional>]
-[B<-cipher>]
+[B<-I<cipher>>]
[B<-text>]
[B<-text_pub>]
[B<-noout>]
[B<-pubin>]
[B<-pubout>]
[B<-engine id>]
+[B<-check>]
+[B<-pubcheck>]
=head1 DESCRIPTION
The B<pkey> command processes public or private keys. They can be converted
between various forms and their components printed out.
-=head1 COMMAND OPTIONS
+=head1 OPTIONS
=over 4
=item B<-inform DER|PEM>
-This specifies the input format DER or PEM.
+This specifies the input format DER or PEM. The default format is PEM.
=item B<-outform DER|PEM>
-This specifies the output format, the options have the same meaning as the
-B<-inform> option.
+This specifies the output format, the options have the same meaning and default
+as the B<-inform> option.
=item B<-in filename>
=item B<-passin arg>
-the input file password source. For more information about the format of B<arg>
+The input file password source. For more information about the format of B<arg>
see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)>.
=item B<-out filename>
=item B<-passout password>
-the output file password source. For more information about the format of B<arg>
+The output file password source. For more information about the format of B<arg>
see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)>.
=item B<-traditional>
-normally a private key is written using standard format: this is PKCS#8 form
+Normally a private key is written using standard format: this is PKCS#8 form
with the appropriate encryption algorithm (if any). If the B<-traditional>
option is specified then the older "traditional" format is used instead.
-=item B<-cipher>
+=item B<-I<cipher>>
These options encrypt the private key with the supplied cipher. Any algorithm
name accepted by EVP_get_cipherbyname() is acceptable such as B<des3>.
=item B<-text>
-prints out the various public or private key components in
+Prints out the various public or private key components in
plain text in addition to the encoded version.
=item B<-text_pub>
-print out only public key components even if a private key is being processed.
+Print out only public key components even if a private key is being processed.
=item B<-noout>
-do not output the encoded version of the key.
+Do not output the encoded version of the key.
=item B<-pubin>
-by default a private key is read from the input file: with this
+By default a private key is read from the input file: with this
option a public key is read instead.
=item B<-pubout>
-by default a private key is output: with this option a public
+By default a private key is output: with this option a public
key will be output instead. This option is automatically set if
the input is a public key.
=item B<-engine id>
-specifying an engine (by its unique B<id> string) will cause B<pkey>
+Specifying an engine (by its unique B<id> string) will cause B<pkey>
to attempt to obtain a functional reference to the specified engine,
thus initialising it if needed. The engine will then be set as the default
for all available algorithms.
+=item B<-check>
+
+This option checks the consistency of a key pair for both public and private
+components.
+
+=item B<-pubcheck>
+
+This option checks the correctness of either a public key or the public component
+of a key pair.
+
=back
=head1 EXAMPLES
=head1 COPYRIGHT
-Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2006-2017 The OpenSSL Project Authors. All Rights Reserved.
-Licensed under the OpenSSL license (the "License"). You may not use
+Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
in the file LICENSE in the source distribution or at
L<https://www.openssl.org/source/license.html>.