openssl-pkeyutl.pod.in: add that -sign is default op, update claim on hash needed for -sign/-verify, etc.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/25913)
(cherry picked from commit ded80b3cc7)
This commit is contained in:
Dr. David von Oheimb
parent
805f7eb33f
commit
9eeaac9646
1 changed files with 17 additions and 8 deletions
|
|
@ -44,6 +44,8 @@ B<openssl> B<pkeyutl>
|
|||
This command can be used to perform low-level public key
|
||||
operations using any supported algorithm.
|
||||
|
||||
By default the signing operation (see B<-sign> option) is assumed.
|
||||
|
||||
=head1 OPTIONS
|
||||
|
||||
=over 4
|
||||
|
|
@ -71,8 +73,10 @@ signing or verifying it with the input key. This option could be omitted if the
|
|||
signature algorithm does not require one (for instance, EdDSA). If this option
|
||||
is omitted but the signature algorithm requires one, a default value will be
|
||||
used. For signature algorithms like RSA, DSA and ECDSA, SHA-256 will be the
|
||||
default digest algorithm. For SM2, it will be SM3. If this option is present,
|
||||
then the B<-rawin> option must be also specified.
|
||||
default digest algorithm. For SM2, it will be SM3.
|
||||
If this option is present, then the B<-rawin> option must be also specified.
|
||||
At this time, HashEdDSA (the ph or "prehash" variant of EdDSA) is not supported,
|
||||
so the B<-digest> option cannot be used with EdDSA.
|
||||
|
||||
=item B<-out> I<filename>
|
||||
|
||||
|
|
@ -119,21 +123,26 @@ The input is a certificate containing a public key.
|
|||
=item B<-rev>
|
||||
|
||||
Reverse the order of the input buffer. This is useful for some libraries
|
||||
(such as CryptoAPI) which represent the buffer in little endian format.
|
||||
(such as CryptoAPI) which represent the buffer in little-endian format.
|
||||
This cannot be used in conjunction with B<-rawin>.
|
||||
|
||||
=item B<-sign>
|
||||
|
||||
Sign the input data (which must be a hash) and output the signed result. This
|
||||
requires a private key.
|
||||
Sign the input data and output the signed result. This requires a private key.
|
||||
The input data given with the B<-in> option should be a hash value
|
||||
unless the use of a message digest operation is implied,
|
||||
|
||||
=item B<-verify>
|
||||
|
||||
Verify the input data (which must be a hash) against the signature file and
|
||||
indicate if the verification succeeded or failed.
|
||||
Verify the input data against the signature given with the B<-sigfile> option
|
||||
and indicate if the verification succeeded or failed.
|
||||
The input data given with the B<-in> option should be a hash value
|
||||
unless the use of a message digest operation is implied,
|
||||
|
||||
=item B<-verifyrecover>
|
||||
|
||||
Verify the input data (which must be a hash) and output the recovered data.
|
||||
Verify the input data and output the recovered data.
|
||||
The input data given with the B<-in> option should be a hash value.
|
||||
|
||||
=item B<-encrypt>
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue