Added documentation for -iter for PKCS#8
This commit is contained in:
parent
8a6c6bbf21
commit
96fc4b7250
1 changed files with 12 additions and 0 deletions
|
@ -14,6 +14,7 @@ B<openssl> B<pkcs8>
|
|||
[B<-passin arg>]
|
||||
[B<-out filename>]
|
||||
[B<-passout arg>]
|
||||
[B<-iter count>]
|
||||
[B<-noiter>]
|
||||
[B<-nocrypt>]
|
||||
[B<-nooct>]
|
||||
|
@ -76,6 +77,12 @@ filename.
|
|||
the output file password source. For more information about the format of B<arg>
|
||||
see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)|openssl(1)>.
|
||||
|
||||
=item B<-iter count>
|
||||
|
||||
When creating new PKCS#8 containers, use a given number of iterations on the password
|
||||
in deriving the encryption key for the PKCS#8 output. High values increase the time
|
||||
required to brute-force a PKCS#8 container.
|
||||
|
||||
=item B<-nocrypt>
|
||||
|
||||
PKCS#8 keys generated or input are normally PKCS#8 EncryptedPrivateKeyInfo
|
||||
|
@ -224,6 +231,11 @@ Read a DER unencrypted PKCS#8 format private key:
|
|||
Convert a private key from any PKCS#8 format to traditional format:
|
||||
|
||||
openssl pkcs8 -in pk8.pem -out key.pem
|
||||
|
||||
Convert a private key to PKCS#8 format, encrypting with AES-256 and with
|
||||
one million iterations of the password:
|
||||
|
||||
openssl pkcs8 -in raw.pem -topk8 -v2 aes-256-cbc -iter 1000000 -out pk8.pem
|
||||
|
||||
=head1 STANDARDS
|
||||
|
||||
|
|
Loading…
Reference in a new issue