From 073f4ed111b0b10dcbd81fc112f9d66e41f40fac Mon Sep 17 00:00:00 2001
From: Karen Arutyunov <karen@codesynthesis.com>
Date: Wed, 17 Nov 2021 17:43:22 +0300
Subject: Use pkeyutl command instead of rsautl starting openssl version 3.0.0

---
 bpkg/repository-signing.cli | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

(limited to 'bpkg/repository-signing.cli')

diff --git a/bpkg/repository-signing.cli b/bpkg/repository-signing.cli
index 1796497..a85ecc0 100644
--- a/bpkg/repository-signing.cli
+++ b/bpkg/repository-signing.cli
@@ -193,11 +193,13 @@ just \cb{--key} as at step 4 (\c{\"SIGN key\"} is the label for the slot
 \c{9c} private key):
 
 \
-bpkg rep-create                                                   \
-  --openssl-option rsautl:-engine --openssl-option rsautl:pkcs11  \
-  --openssl-option rsautl:-keyform --openssl-option rsautl:engine \
+bpkg rep-create                                                     \
+  --openssl-option pkeyutl:-engine --openssl-option pkeyutl:pkcs11  \
+  --openssl-option pkeyutl:-keyform --openssl-option pkeyutl:engine \
   --key \"pkcs11:object=SIGN%20key\" /path/to/repository
 \
 
+Note that for \cb{openssl} versions prior to \cb{3.0.0} \cb{bpkg} uses the
+\cb{rsautl} command instead of \cb{pkeyutl} for the data signing operation.
 ||
 "
-- 
cgit v1.1