X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=doc%2Fapps%2Freq.pod;h=51d30836a86795e4f329240147db172d569d0a35;hp=65584d1de275c996aa5f3c8f414a62459dd45013;hb=6e661d458f5aa8f52bf3d9098bd10025de5f08ea;hpb=49131a7d942d85bc3a8d649e23ff14f0da18ee4c diff --git a/doc/apps/req.pod b/doc/apps/req.pod index 65584d1de2..51d30836a8 100644 --- a/doc/apps/req.pod +++ b/doc/apps/req.pod @@ -22,13 +22,13 @@ B B [B<-new>] [B<-rand file(s)>] [B<-newkey rsa:bits>] -[B<-newkey dsa:file>] [B<-newkey alg:file>] [B<-nodes>] [B<-key filename>] [B<-keyform PEM|DER>] [B<-keyout filename>] -[B<-[md5|sha1|md2|mdc2]>] +[B<-keygen_engine id>] +[B<-[digest]>] [B<-config filename>] [B<-subj arg>] [B<-multivalue-rdn>] @@ -36,11 +36,15 @@ B B [B<-days n>] [B<-set_serial n>] [B<-asn1-kludge>] +[B<-no-asn1-kludge>] [B<-newhdr>] [B<-extensions section>] [B<-reqexts section>] [B<-utf8>] [B<-nameopt>] +[B<-reqopt>] +[B<-subject>] +[B<-subj arg>] [B<-batch>] [B<-verbose>] [B<-engine id>] @@ -92,6 +96,11 @@ see the B section in L. prints out the certificate request in text form. +=item B<-subject> + +prints out the request subject (or certificate subject if B<-x509> is +specified) + =item B<-pubkey> outputs the public key. @@ -119,6 +128,13 @@ in the configuration file and any requested extensions. If the B<-key> option is not used it will generate a new RSA private key using information specified in the configuration file. +=item B<-subj arg> + +Replaces subject field of input request with specified data and outputs +modified request. The arg must be formatted as +I, +characters may be escaped by \ (backslash), no spaces are skipped. + =item B<-rand file(s)> a file or files containing random data used to seed the random number @@ -132,12 +148,26 @@ all others. this option creates a new certificate request and a new private key. The argument takes one of several forms. B, where B is the number of bits, generates an RSA key B -in size. B generates a DSA key using the parameters -in the file B. B generates a key using the -parameter file B, the algorithm is determined by the -parameters. B use algorithm B and parameter file -B the two algorithms must match or an error occurs. B just -uses algorithm B. +in size. If B is omitted, i.e. B<-newkey rsa> specified, +the default key size, specified in the configuration file is used. + +All other algorithms support the B<-newkey alg:file> form, where file may be +an algorithm parameter file, created by the B command +or and X.509 certificate for a key with approriate algorithm. + +B generates a key using the parameter file or certificate B, +the algorithm is determined by the parameters. B use algorithm +B and parameter file B: the two algorithms must match or an +error occurs. B just uses algorithm B, and parameters, +if necessary should be specified via B<-pkeyopt> parameter. + +B generates a DSA key using the parameters +in the file B. B generates EC key (usable both with +ECDSA or ECDH algorithms), B generates GOST R +34.10-2001 key (requires B engine configured in the configuration +file). If just B is specified a parameter set should be +specified by B<-pkeyopt paramset:X> + =item B<-pkeyopt opt:value> @@ -167,11 +197,15 @@ configuration file is used. if this option is specified then if a private key is created it will not be encrypted. -=item B<-[md5|sha1|md2|mdc2]> +=item B<-[digest]> + +this specifies the message digest to sign the request with (such as +B<-md5>, B<-sha1>). This overrides the digest algorithm specified in +the configuration file. -this specifies the message digest to sign the request with. This -overrides the digest algorithm specified in the configuration file. -This option is ignored for DSA requests: they always use SHA1. +Some public key algorithms may override this choice. For instance, DSA +signatures always use SHA1, GOST R 34.10 signatures always use +GOST R 34.11-94 (B<-md_gost94>). =item B<-config filename> @@ -239,6 +273,15 @@ B