diff options
| author | Dr. David von Oheimb <dev@ddvo.net> | 2024-10-29 19:20:59 +0100 |
|---|---|---|
| committer | Dr. David von Oheimb <dev@ddvo.net> | 2024-11-09 12:06:07 +0100 |
| commit | 26a826c2d1345ce51bda0faf929a54ff803984dc (patch) | |
| tree | 9251540ce9bb9a75f7c6c2e9bc4a6943d52ba45e /doc | |
| parent | APPS/pkeyutl: add missing high-level check for -verifyrecover being usable on... (diff) | |
| download | openssl-26a826c2d1345ce51bda0faf929a54ff803984dc.tar.xz openssl-26a826c2d1345ce51bda0faf929a54ff803984dc.zip | |
openssl-pkeyutl.pod.in: add that -sign is default op, update claim on hash needed for -sign/-verify, etc.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25831)
Diffstat (limited to 'doc')
| -rw-r--r-- | doc/man1/openssl-pkeyutl.pod.in | 20 |
1 files changed, 13 insertions, 7 deletions
diff --git a/doc/man1/openssl-pkeyutl.pod.in b/doc/man1/openssl-pkeyutl.pod.in index 22ce8c4edf..e324656674 100644 --- a/doc/man1/openssl-pkeyutl.pod.in +++ b/doc/man1/openssl-pkeyutl.pod.in @@ -48,6 +48,8 @@ B<openssl> B<pkeyutl> This command can be used to perform low-level public key operations using any supported algorithm. +By default the signing operation (see B<-sign> option) is assumed. + =head1 OPTIONS =over 4 @@ -82,7 +84,7 @@ is omitted but the signature algorithm requires one, a default value will be used. For signature algorithms like RSA, DSA and ECDSA, SHA-256 will be the default digest algorithm. For SM2, it will be SM3. At this time, HashEdDSA (the ph or "prehash" variant of EdDSA) is not supported, -so the B<-digest> option cannot be used with EdDSA). +so the B<-digest> option cannot be used with EdDSA. =item B<-out> I<filename> @@ -133,22 +135,26 @@ The input is a certificate containing a public key. =item B<-rev> Reverse the order of the input buffer. This is useful for some libraries -(such as CryptoAPI) which represent the buffer in little endian format. +(such as CryptoAPI) which represent the buffer in little-endian format. This cannot be used in conjunction with B<-rawin>. =item B<-sign> -Sign the input data (which must be a hash) and output the signed result. This -requires a private key. +Sign the input data and output the signed result. This requires a private key. +The input data given with the B<-in> option should be a hash value +unless the use of a message digest operation is implied, =item B<-verify> -Verify the input data (which must be a hash) against the signature file and -indicate if the verification succeeded or failed. +Verify the input data against the signature given with the B<-sigfile> option +and indicate if the verification succeeded or failed. +The input data given with the B<-in> option should be a hash value +unless the use of a message digest operation is implied, =item B<-verifyrecover> -Verify the input data (which must be a hash) and output the recovered data. +Verify the input data and output the recovered data. +The input data given with the B<-in> option should be a hash value. =item B<-encrypt> |