diff options
Diffstat (limited to 'secure/usr.bin/openssl/man/genrsa.1')
-rw-r--r-- | secure/usr.bin/openssl/man/genrsa.1 | 63 |
1 files changed, 35 insertions, 28 deletions
diff --git a/secure/usr.bin/openssl/man/genrsa.1 b/secure/usr.bin/openssl/man/genrsa.1 index 06b9833fde51..5500dd79dace 100644 --- a/secure/usr.bin/openssl/man/genrsa.1 +++ b/secure/usr.bin/openssl/man/genrsa.1 @@ -129,14 +129,13 @@ .\" ======================================================================== .\" .IX Title "GENRSA 1" -.TH GENRSA 1 "2018-08-14" "1.0.2p" "OpenSSL" +.TH GENRSA 1 "2018-09-11" "1.1.1" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" -openssl\-genrsa, -genrsa \- generate an RSA private key +openssl\-genrsa, genrsa \- generate an RSA private key .SH "SYNOPSIS" .IX Header "SYNOPSIS" \&\fBopenssl\fR \fBgenrsa\fR @@ -157,8 +156,10 @@ genrsa \- generate an RSA private key [\fB\-idea\fR] [\fB\-f4\fR] [\fB\-3\fR] -[\fB\-rand file(s)\fR] +[\fB\-rand file...\fR] +[\fB\-writerand file\fR] [\fB\-engine id\fR] +[\fB\-primes num\fR] [\fBnumbits\fR] .SH "DESCRIPTION" .IX Header "DESCRIPTION" @@ -174,57 +175,63 @@ Output the key to the specified file. If this argument is not specified then standard output is used. .IP "\fB\-passout arg\fR" 4 .IX Item "-passout arg" -the output file password source. For more information about the format of \fBarg\fR -see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1). -.IP "\fB\-aes128|\-aes192|\-aes256|\-aria128|\-aria192|\-aria256|\-camellia128|\-camellia192|\-camellia256|\-des|\-des3|\-idea\fR" 4 -.IX Item "-aes128|-aes192|-aes256|-aria128|-aria192|-aria256|-camellia128|-camellia192|-camellia256|-des|-des3|-idea" +The output file password source. For more information about the format +of \fBarg\fR see the \fB\s-1PASS PHRASE ARGUMENTS\s0\fR section in \fIopenssl\fR\|(1). +.IP "\fB\-aes128\fR, \fB\-aes192\fR, \fB\-aes256\fR, \fB\-aria128\fR, \fB\-aria192\fR, \fB\-aria256\fR, \fB\-camellia128\fR, \fB\-camellia192\fR, \fB\-camellia256\fR, \fB\-des\fR, \fB\-des3\fR, \fB\-idea\fR" 4 +.IX Item "-aes128, -aes192, -aes256, -aria128, -aria192, -aria256, -camellia128, -camellia192, -camellia256, -des, -des3, -idea" These options encrypt the private key with specified cipher before outputting it. If none of these options is specified no encryption is used. If encryption is used a pass phrase is prompted for if it is not supplied via the \fB\-passout\fR argument. .IP "\fB\-F4|\-3\fR" 4 .IX Item "-F4|-3" -the public exponent to use, either 65537 or 3. The default is 65537. -.IP "\fB\-rand file(s)\fR" 4 -.IX Item "-rand file(s)" -a file or files containing random data used to seed the random number -generator, or an \s-1EGD\s0 socket (see \fIRAND_egd\fR\|(3)). +The public exponent to use, either 65537 or 3. The default is 65537. +.IP "\fB\-rand file...\fR" 4 +.IX Item "-rand file..." +A file or files containing random data used to seed the random number +generator. Multiple files can be specified separated by an OS-dependent character. The separator is \fB;\fR for MS-Windows, \fB,\fR for OpenVMS, and \fB:\fR for all others. +.IP "[\fB\-writerand file\fR]" 4 +.IX Item "[-writerand file]" +Writes random data to the specified \fIfile\fR upon exit. +This can be used with a subsequent \fB\-rand\fR flag. .IP "\fB\-engine id\fR" 4 .IX Item "-engine id" -specifying an engine (by its unique \fBid\fR string) will cause \fBgenrsa\fR +Specifying an engine (by its unique \fBid\fR string) will cause \fBgenrsa\fR to attempt to obtain a functional reference to the specified engine, thus initialising it if needed. The engine will then be set as the default for all available algorithms. +.IP "\fB\-primes num\fR" 4 +.IX Item "-primes num" +Specify the number of primes to use while generating the \s-1RSA\s0 key. The \fBnum\fR +parameter must be a positive integer that is greater than 1 and less than 16. +If \fBnum\fR is greater than 2, then the generated key is called a 'multi\-prime' +\&\s-1RSA\s0 key, which is defined in \s-1RFC 8017.\s0 .IP "\fBnumbits\fR" 4 .IX Item "numbits" -the size of the private key to generate in bits. This must be the last option -specified. The default is 2048. +The size of the private key to generate in bits. This must be the last option +specified. The default is 2048 and values less than 512 are not allowed. .SH "NOTES" .IX Header "NOTES" -\&\s-1RSA\s0 private key generation essentially involves the generation of two prime -numbers. When generating a private key various symbols will be output to +\&\s-1RSA\s0 private key generation essentially involves the generation of two or more +prime numbers. When generating a private key various symbols will be output to indicate the progress of the generation. A \fB.\fR represents each number which has passed an initial sieve test, \fB+\fR means a number has passed a single -round of the Miller-Rabin primality test. A newline means that the number has -passed all the prime tests (the actual number depends on the key size). +round of the Miller-Rabin primality test, \fB*\fR means the current prime starts +a regenerating progress due to some failed tests. A newline means that the number +has passed all the prime tests (the actual number depends on the key size). .PP Because key generation is a random process the time taken to generate a key -may vary somewhat. -.SH "BUGS" -.IX Header "BUGS" -A quirk of the prime generation algorithm is that it cannot generate small -primes. Therefore the number of bits should not be less that 64. For typical -private keys this will not matter because for security reasons they will -be much larger (typically 1024 bits). +may vary somewhat. But in general, more primes lead to less generation time +of a key. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fIgendsa\fR\|(1) .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2000\-2017 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy |