diff options
Diffstat (limited to 'openssl/client/options.cli')
| -rw-r--r-- | openssl/client/options.cli | 13 |
1 files changed, 8 insertions, 5 deletions
diff --git a/openssl/client/options.cli b/openssl/client/options.cli index b1d3416..c1f991b 100644 --- a/openssl/client/options.cli +++ b/openssl/client/options.cli @@ -19,27 +19,30 @@ namespace openssl \c{\b{openssl-client --help}\n \b{openssl-client --version}\n - \b{openssl-client} rsautl [<options>]} + \b{openssl-client} pkeyutl [<options>]} \h|DESCRIPTION| - The \cb{rsautl} command is a drop-in replacement for the - \cb{openssl-rsautl(1)} cryptographic operations. Instead of performing + The \cb{pkeyutl} command is a drop-in replacement for the + \cb{openssl-pkeyutl(1)} cryptographic operations. Instead of performing the operations itself, it forwards the request to an OpenSSL key agent that keeps the private key unlocked for the session. Currently, data signing with a private key stored in a \cb{PKCS#11} token is the only supported arrangement. This limits the - \cb{openssl-rsautl(1)} options and values to the following usage: + \cb{openssl-pkeyutl(1)} options and values to the following usage: \ - $ openssl-client rsautl -sign -keyform engine -engine pkcs11 -inkey pkcs11:... + $ openssl-client pkeyutl -sign -keyform engine -engine pkcs11 -inkey pkcs11:... \ This command reads data from \cb{stdin}, asks \cb{openssl-agent-pkcs11(1)} to sign it using the specified unlocked private key, and prints the resulting signature to \cb{stdout}. + Note that the \cb{rsautl} command is also accepted for backwards + compatibility. + The command can be simulated without actually performing any cryptographic operations. If the \cb{--simulate} option is specified with the \cb{success} outcome, then the command prints a dummy signature |