Update docs.

2000-02-08 13:37:08 +00:00 · 2000-02-08 13:37:08 +00:00 · 0cd4498b8f
commit 0cd4498b8f
parent f07fb9b24b
5 changed files with 38 additions and 10 deletions
--- a/doc/apps/crl.pod
+++ b/doc/apps/crl.pod
@ -88,6 +88,13 @@ to each certificate.

 =back

+=head1 NOTES
+
+The PEM CRL format uses the header and footer lines:
+
+ -----BEGIN X509 CRL-----
+ -----END X509 CRL-----
+
 =head1 EXAMPLES

 Convert a CRL file from PEM to DER:
--- a/doc/apps/dsa.pod
+++ b/doc/apps/dsa.pod
@ -88,7 +88,7 @@ read the output file password from the environment variable B<var>.
 These options encrypt the private key with the DES, triple DES, or the 
 IDEA ciphers respectively before outputting it. A pass phrase is prompted for.
 If none of these options is specified the key is written in plain text. This
-means that using the B<rsa> utility to read in an encrypted key with no
+means that using the B<dsa> utility to read in an encrypted key with no
 encryption option can be used to remove the pass phrase from a key, or by
 setting the encryption options it can be use to add or change the pass phrase.
 These options can only be used with PEM format output files.
@ -107,8 +107,8 @@ this option prints out the value of the public key component of the key.

 =item B<-pubin>

-by default a private key is input file with this option a public key is input
-instead.
+by default a private key is read from the input file: with this option a
+public key is read instead.

 =item B<-pubout>

@ -125,6 +125,11 @@ The PEM private key format uses the header and footer lines:
 -----BEGIN DSA PRIVATE KEY-----
 -----END DSA PRIVATE KEY-----

+The PEM public key format uses the header and footer lines:
+
+ -----BEGIN PUBLIC KEY-----
+ -----END PUBLIC KEY-----
+
 =head1 EXAMPLES

 To remove the pass phrase on a DSA private key:
--- a/doc/apps/pkcs12.pod
+++ b/doc/apps/pkcs12.pod
@ -261,6 +261,17 @@ Although there are a large number of options most of them are very rarely
 used. For PKCS#12 file parsing only B<-in> and B<-out> need to be used
 for PKCS#12 file creation B<-export> and B<-name> are also used.

+If none of the B<-clcerts>, B<-cacerts> or B<-nocerts> options are present
+then all certificates will be output in the order they appear in the input
+PKCS#12 files. There is no guarantee that the first certificate present is
+the one corresponding to the private key. Certain software which requires
+a private key and certificate and assumes the first certificate in the
+file is the one corresponding to the private key: this may not always
+be the case. Using the B<-clcerts> option will solve this problem by only
+outputing the certificate corresponding to the private key. If the CA
+certificates are required then they can be output to a separate file using
+the B<-nokeys -cacerts> options to just output CA certificates.
+
 The B<-keypbe> and B<-certpbe> algorithms allow the precise encryption
 algorithms for private keys and certificates to be specified. Normally
 the defaults are fine but occasionally software can't handle triple DES
--- a/doc/apps/pkcs8.pod
+++ b/doc/apps/pkcs8.pod
@ -225,8 +225,8 @@ implementation is reasonably accurate at least as far as these
 algorithms are concerned.

 The format of PKCS#8 DSA (and other) private keys is not well documented:
-it is hidden away in PKCS#11 v2.01, section 11.9. OpenSSL's DSA private
-key format complies with this standard.
+it is hidden away in PKCS#11 v2.01, section 11.9. OpenSSL's default DSA
+PKCS#8 private key format complies with this standard.

 =head1 BUGS

--- a/doc/apps/rsa.pod
+++ b/doc/apps/rsa.pod
@ -113,14 +113,14 @@ this option checks the consistency of an RSA private key.

 =item B<-pubin>

-by default a private key is input file with this option a public key is input
-instead.
+by default a private key is read from the input file: with this
+option a public key is read instead.

 =item B<-pubout>

-by default a private key is output with this option a public
-key will be output instead. This option is automatically set if the input is
-a public key.
+by default a private key is output: with this option a public
+key will be output instead. This option is automatically set if
+the input is a public key.

 =back

@ -131,6 +131,11 @@ The PEM private key format uses the header and footer lines:
 -----BEGIN RSA PRIVATE KEY-----
 -----END RSA PRIVATE KEY-----

+The PEM public key format uses the header and footer lines:
+
+ -----BEGIN PUBLIC KEY-----
+ -----END PUBLIC KEY-----
+
 =head1 EXAMPLES

 To remove the pass phrase on an RSA private key: