diff --git a/doc/man1/openssl-pkeyutl.pod.in b/doc/man1/openssl-pkeyutl.pod.in index 22ce8c4edf830..e324656674443 100644 --- a/doc/man1/openssl-pkeyutl.pod.in +++ b/doc/man1/openssl-pkeyutl.pod.in @@ -48,6 +48,8 @@ B B This command can be used to perform low-level public key operations using any supported algorithm. +By default the signing operation (see B<-sign> option) is assumed. + =head1 OPTIONS =over 4 @@ -82,7 +84,7 @@ is omitted but the signature algorithm requires one, a default value will be used. For signature algorithms like RSA, DSA and ECDSA, SHA-256 will be the default digest algorithm. For SM2, it will be SM3. At this time, HashEdDSA (the ph or "prehash" variant of EdDSA) is not supported, -so the B<-digest> option cannot be used with EdDSA). +so the B<-digest> option cannot be used with EdDSA. =item B<-out> I @@ -133,22 +135,26 @@ The input is a certificate containing a public key. =item B<-rev> Reverse the order of the input buffer. This is useful for some libraries -(such as CryptoAPI) which represent the buffer in little endian format. +(such as CryptoAPI) which represent the buffer in little-endian format. This cannot be used in conjunction with B<-rawin>. =item B<-sign> -Sign the input data (which must be a hash) and output the signed result. This -requires a private key. +Sign the input data and output the signed result. This requires a private key. +The input data given with the B<-in> option should be a hash value +unless the use of a message digest operation is implied, =item B<-verify> -Verify the input data (which must be a hash) against the signature file and -indicate if the verification succeeded or failed. +Verify the input data against the signature given with the B<-sigfile> option +and indicate if the verification succeeded or failed. +The input data given with the B<-in> option should be a hash value +unless the use of a message digest operation is implied, =item B<-verifyrecover> -Verify the input data (which must be a hash) and output the recovered data. +Verify the input data and output the recovered data. +The input data given with the B<-in> option should be a hash value. =item B<-encrypt>