From 6dfcea3dfb167ccf37907601a3be6dc50f9c213b Mon Sep 17 00:00:00 2001 From: Johannes Bauer Date: Tue, 20 Mar 2018 20:06:13 +0100 Subject: [PATCH] Add documentation for -pkeyopt_passin Add documentation to new parameter and two examples showcasing scrypt KDF. Reviewed-by: Matt Caswell Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/5697) --- doc/man1/pkeyutl.pod | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/doc/man1/pkeyutl.pod b/doc/man1/pkeyutl.pod index 664dbef359..a0dae86cfc 100644 --- a/doc/man1/pkeyutl.pod +++ b/doc/man1/pkeyutl.pod @@ -29,6 +29,7 @@ B B [B<-kdf algorithm>] [B<-kdflen length>] [B<-pkeyopt opt:value>] +[B<-pkeyopt_passin opt:passarg>] [B<-hexdump>] [B<-asn1parse>] [B<-rand file...>] @@ -140,6 +141,13 @@ Set the output length for KDF. Public key options specified as opt:value. See NOTES below for more details. +=item B<-pkeyopt_passin opt:passarg> + +Allows reading a public key option B from stdin or a password source. If +only opt is specified, the user will be prompted to enter the value on stdin. +Alternatively, passarg can be specified which can be any value supported by +B in L. + =item B<-hexdump> hex dump the output data. @@ -320,6 +328,16 @@ seed consisting of the single byte 0xFF: openssl pkeyutl -kdf TLS1-PRF -kdflen 48 -pkeyopt md:SHA256 \ -pkeyopt hexsecret:ff -pkeyopt hexseed:ff -hexdump +Derive a key using B where the password is read from command line: + + openssl pkeyutl -kdf scrypt -kdflen 16 -pkeyopt_passin pass \ + -pkeyopt hexsalt:aabbcc -pkeyopt N:16384 -pkeyopt r:8 -pkeyopt p:1 + +Derive using the same algorithm, but read key from environment variable MYPASS: + + openssl pkeyutl -kdf scrypt -kdflen 16 -pkeyopt_passin pass:env:MYPASS \ + -pkeyopt hexsalt:aabbcc -pkeyopt N:16384 -pkeyopt r:8 -pkeyopt p:1 + =head1 SEE ALSO L, L, L -- 2.40.0