projects
/
openssl.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
|
inline
| side by side (parent:
8a6c6bb
)
Added documentation for -iter for PKCS#8
author
rfkrocktk
<rfkrocktk@gmail.com>
Tue, 3 Jun 2014 22:24:49 +0000
(15:24 -0700)
committer
Matt Caswell
<matt@openssl.org>
Tue, 17 Jun 2014 22:10:14 +0000
(23:10 +0100)
doc/apps/pkcs8.pod
patch
|
blob
|
history
diff --git
a/doc/apps/pkcs8.pod
b/doc/apps/pkcs8.pod
index 6901f1f3f2112ecbb60540a58b68d52e69c2ae1e..e946cbdfaf041c25da50fb4f9efdb592b96d7af2 100644
(file)
--- a/
doc/apps/pkcs8.pod
+++ b/
doc/apps/pkcs8.pod
@@
-14,6
+14,7
@@
B<openssl> B<pkcs8>
[B<-passin arg>]
[B<-out filename>]
[B<-passout arg>]
[B<-passin arg>]
[B<-out filename>]
[B<-passout arg>]
+[B<-iter count>]
[B<-noiter>]
[B<-nocrypt>]
[B<-nooct>]
[B<-noiter>]
[B<-nocrypt>]
[B<-nooct>]
@@
-76,6
+77,12
@@
filename.
the output file password source. For more information about the format of B<arg>
see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)|openssl(1)>.
the output file password source. For more information about the format of B<arg>
see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)|openssl(1)>.
+=item B<-iter count>
+
+When creating new PKCS#8 containers, use a given number of iterations on the password
+in deriving the encryption key for the PKCS#8 output. High values increase the time
+required to brute-force a PKCS#8 container.
+
=item B<-nocrypt>
PKCS#8 keys generated or input are normally PKCS#8 EncryptedPrivateKeyInfo
=item B<-nocrypt>
PKCS#8 keys generated or input are normally PKCS#8 EncryptedPrivateKeyInfo
@@
-224,6
+231,11
@@
Read a DER unencrypted PKCS#8 format private key:
Convert a private key from any PKCS#8 format to traditional format:
openssl pkcs8 -in pk8.pem -out key.pem
Convert a private key from any PKCS#8 format to traditional format:
openssl pkcs8 -in pk8.pem -out key.pem
+
+Convert a private key to PKCS#8 format, encrypting with AES-256 and with
+one million iterations of the password:
+
+ openssl pkcs8 -in raw.pem -topk8 -v2 aes-256-cbc -iter 1000000 -out pk8.pem
=head1 STANDARDS
=head1 STANDARDS