From: Selva Nair <selva.nair@gmail.com>
Date: Sun, 22 Aug 2021 15:28:20 +0000 (-0400)
Subject: Minor doc correction: tls-crypt-v2 key generation
X-Git-Tag: v2.5.4~6
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=96083a9150edd90a6641477d123324cf0885853e;p=thirdparty%2Fopenvpn.git

Minor doc correction: tls-crypt-v2 key generation

Signed-off-by: Selva Nair <selva.nair@gmail.com>
Acked-by: Arne Schwabe <arne@rfc2549.org>
Message-Id: <20210822152820.7072-1-selva.nair@gmail.com>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg22747.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
(cherry picked from commit 6ee1a272d9ce9b7863487146c3ce141a98f16773)
---

diff --git a/doc/tls-crypt-v2.txt b/doc/tls-crypt-v2.txt
index 3798791f2..f6a6a1395 100644
--- a/doc/tls-crypt-v2.txt
+++ b/doc/tls-crypt-v2.txt
@@ -58,7 +58,7 @@ Implementation
 When setting up a tls-crypt-v2 group (similar to generating a tls-crypt or
 tls-auth key previously):
 
-1. Generate a tls-crypt-v2 server key using OpenVPN's ``--tls-crypt-v2-genkey server``.
+1. Generate a tls-crypt-v2 server key using OpenVPN's ``--genkey tls-crypt-v2-server``.
    This key contains 2 512-bit keys, of which we use:
 
    * the first 256 bits of key 1 as AES-256-CTR encryption key ``Ke``
@@ -73,7 +73,7 @@ tls-auth key previously):
 
 When provisioning a client, create a client-specific tls-crypt key:
 
-1. Generate 2048 bits client-specific key ``Kc`` using OpenVPN's ``--tls-crypt-v2-genkey client``
+1. Generate 2048 bits client-specific key ``Kc`` using OpenVPN's ``--genkey tls-crypt-v2-client``
 
 2. Optionally generate metadata
 
diff --git a/src/openvpn/options.c b/src/openvpn/options.c
index 44e33e94c..a536ebe6a 100644
--- a/src/openvpn/options.c
+++ b/src/openvpn/options.c
@@ -625,7 +625,7 @@ static const char usage_message[] =
     "                  see --secret option for more info.\n"
     "--tls-crypt-v2 key : For clients: use key as a client-specific tls-crypt key.\n"
     "                  For servers: use key to decrypt client-specific keys.  For\n"
-    "                  key generation (--tls-crypt-v2-genkey): use key to\n"
+    "                  key generation (--genkey tls-crypt-v2-client): use key to\n"
     "                  encrypt generated client-specific key.  (See --tls-crypt.)\n"
     "--genkey tls-crypt-v2-client [keyfile] [base64 metadata]: Generate a\n"
     "                  fresh tls-crypt-v2 client key, and store to\n"