aboutsummaryrefslogtreecommitdiff
path: root/openssl/client
diff options
context:
space:
mode:
Diffstat (limited to 'openssl/client')
-rw-r--r--openssl/client/client.cxx2
-rw-r--r--openssl/client/options.cli13
2 files changed, 9 insertions, 6 deletions
diff --git a/openssl/client/client.cxx b/openssl/client/client.cxx
index 2e76f31..72ee18f 100644
--- a/openssl/client/client.cxx
+++ b/openssl/client/client.cxx
@@ -59,7 +59,7 @@ namespace openssl
return p.wait () ? 0 : 1;
}
- if (cmd != "rsautl")
+ if (cmd != "pkeyutl" && cmd != "rsautl")
fail << "openssl-client command expected" <<
info << "run '" << argv[0] << " --help' for more information";
diff --git a/openssl/client/options.cli b/openssl/client/options.cli
index b1d3416..c1f991b 100644
--- a/openssl/client/options.cli
+++ b/openssl/client/options.cli
@@ -19,27 +19,30 @@ namespace openssl
\c{\b{openssl-client --help}\n
\b{openssl-client --version}\n
- \b{openssl-client} rsautl [<options>]}
+ \b{openssl-client} pkeyutl [<options>]}
\h|DESCRIPTION|
- The \cb{rsautl} command is a drop-in replacement for the
- \cb{openssl-rsautl(1)} cryptographic operations. Instead of performing
+ The \cb{pkeyutl} command is a drop-in replacement for the
+ \cb{openssl-pkeyutl(1)} cryptographic operations. Instead of performing
the operations itself, it forwards the request to an OpenSSL key agent
that keeps the private key unlocked for the session.
Currently, data signing with a private key stored in a \cb{PKCS#11}
token is the only supported arrangement. This limits the
- \cb{openssl-rsautl(1)} options and values to the following usage:
+ \cb{openssl-pkeyutl(1)} options and values to the following usage:
\
- $ openssl-client rsautl -sign -keyform engine -engine pkcs11 -inkey pkcs11:...
+ $ openssl-client pkeyutl -sign -keyform engine -engine pkcs11 -inkey pkcs11:...
\
This command reads data from \cb{stdin}, asks
\cb{openssl-agent-pkcs11(1)} to sign it using the specified unlocked
private key, and prints the resulting signature to \cb{stdout}.
+ Note that the \cb{rsautl} command is also accepted for backwards
+ compatibility.
+
The command can be simulated without actually performing any
cryptographic operations. If the \cb{--simulate} option is specified
with the \cb{success} outcome, then the command prints a dummy signature