From 31549ac997a12bdb70b76cae8b46d4c729bb1243 Mon Sep 17 00:00:00 2001 From: Karen Arutyunov Date: Wed, 17 Nov 2021 21:35:23 +0300 Subject: Rename rsautl command to pkeyutl Note that the rsautl command name is still accepted for backward compatibility. --- openssl/client/client.cxx | 2 +- openssl/client/options.cli | 13 ++++++++----- tests/client.testscript | 2 +- 3 files changed, 10 insertions(+), 7 deletions(-) diff --git a/openssl/client/client.cxx b/openssl/client/client.cxx index 2e76f31..72ee18f 100644 --- a/openssl/client/client.cxx +++ b/openssl/client/client.cxx @@ -59,7 +59,7 @@ namespace openssl return p.wait () ? 0 : 1; } - if (cmd != "rsautl") + if (cmd != "pkeyutl" && cmd != "rsautl") fail << "openssl-client command expected" << info << "run '" << argv[0] << " --help' for more information"; diff --git a/openssl/client/options.cli b/openssl/client/options.cli index b1d3416..c1f991b 100644 --- a/openssl/client/options.cli +++ b/openssl/client/options.cli @@ -19,27 +19,30 @@ namespace openssl \c{\b{openssl-client --help}\n \b{openssl-client --version}\n - \b{openssl-client} rsautl []} + \b{openssl-client} pkeyutl []} \h|DESCRIPTION| - The \cb{rsautl} command is a drop-in replacement for the - \cb{openssl-rsautl(1)} cryptographic operations. Instead of performing + The \cb{pkeyutl} command is a drop-in replacement for the + \cb{openssl-pkeyutl(1)} cryptographic operations. Instead of performing the operations itself, it forwards the request to an OpenSSL key agent that keeps the private key unlocked for the session. Currently, data signing with a private key stored in a \cb{PKCS#11} token is the only supported arrangement. This limits the - \cb{openssl-rsautl(1)} options and values to the following usage: + \cb{openssl-pkeyutl(1)} options and values to the following usage: \ - $ openssl-client rsautl -sign -keyform engine -engine pkcs11 -inkey pkcs11:... + $ openssl-client pkeyutl -sign -keyform engine -engine pkcs11 -inkey pkcs11:... \ This command reads data from \cb{stdin}, asks \cb{openssl-agent-pkcs11(1)} to sign it using the specified unlocked private key, and prints the resulting signature to \cb{stdout}. + Note that the \cb{rsautl} command is also accepted for backwards + compatibility. + The command can be simulated without actually performing any cryptographic operations. If the \cb{--simulate} option is specified with the \cb{success} outcome, then the command prints a dummy signature diff --git a/tests/client.testscript b/tests/client.testscript index c64e6ed..bd2e865 100644 --- a/tests/client.testscript +++ b/tests/client.testscript @@ -1,7 +1,7 @@ # file : tests/client.testscript # license : MIT; see accompanying LICENSE file -test.arguments += rsautl -sign -keyform engine -engine pkcs11 +test.arguments += pkeyutl -sign -keyform engine -engine pkcs11 : args : -- cgit v1.1