From: Dr. David von Oheimb Date: Tue, 29 Oct 2024 18:20:59 +0000 (+0100) Subject: openssl-pkeyutl.pod.in: add that -sign is default op, update claim on hash needed... X-Git-Tag: openssl-3.5.0-alpha1~926 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=26a826c2d1345ce51bda0faf929a54ff803984dc;p=thirdparty%2Fopenssl.git openssl-pkeyutl.pod.in: add that -sign is default op, update claim on hash needed for -sign/-verify, etc. Reviewed-by: Tomas Mraz Reviewed-by: Viktor Dukhovni (Merged from https://github.com/openssl/openssl/pull/25831) --- diff --git a/doc/man1/openssl-pkeyutl.pod.in b/doc/man1/openssl-pkeyutl.pod.in index 22ce8c4edf8..e3246566744 100644 --- a/doc/man1/openssl-pkeyutl.pod.in +++ b/doc/man1/openssl-pkeyutl.pod.in @@ -48,6 +48,8 @@ B B This command can be used to perform low-level public key operations using any supported algorithm. +By default the signing operation (see B<-sign> option) is assumed. + =head1 OPTIONS =over 4 @@ -82,7 +84,7 @@ is omitted but the signature algorithm requires one, a default value will be used. For signature algorithms like RSA, DSA and ECDSA, SHA-256 will be the default digest algorithm. For SM2, it will be SM3. At this time, HashEdDSA (the ph or "prehash" variant of EdDSA) is not supported, -so the B<-digest> option cannot be used with EdDSA). +so the B<-digest> option cannot be used with EdDSA. =item B<-out> I @@ -133,22 +135,26 @@ The input is a certificate containing a public key. =item B<-rev> Reverse the order of the input buffer. This is useful for some libraries -(such as CryptoAPI) which represent the buffer in little endian format. +(such as CryptoAPI) which represent the buffer in little-endian format. This cannot be used in conjunction with B<-rawin>. =item B<-sign> -Sign the input data (which must be a hash) and output the signed result. This -requires a private key. +Sign the input data and output the signed result. This requires a private key. +The input data given with the B<-in> option should be a hash value +unless the use of a message digest operation is implied, =item B<-verify> -Verify the input data (which must be a hash) against the signature file and -indicate if the verification succeeded or failed. +Verify the input data against the signature given with the B<-sigfile> option +and indicate if the verification succeeded or failed. +The input data given with the B<-in> option should be a hash value +unless the use of a message digest operation is implied, =item B<-verifyrecover> -Verify the input data (which must be a hash) and output the recovered data. +Verify the input data and output the recovered data. +The input data given with the B<-in> option should be a hash value. =item B<-encrypt>