diff options
| author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2017-08-05 20:08:31 +0200 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-08-07 16:42:53 +0200 |
| commit | 005ad3b20599aa41e0b1f0a9f9dca0e1be6edb25 (patch) | |
| tree | d1997531317f92806f152da5db94f8b4358f5f76 | |
| parent | 666d459a986339479366970241108642779be563 (diff) | |
| download | gnutls-005ad3b20599aa41e0b1f0a9f9dca0e1be6edb25.tar.gz | |
certtool: improved documentation on --provable option
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
| -rw-r--r-- | src/certtool-args.def | 13 |
1 files changed, 11 insertions, 2 deletions
diff --git a/src/certtool-args.def b/src/certtool-args.def index fcb895e829..55382d4554 100644 --- a/src/certtool-args.def +++ b/src/certtool-args.def @@ -224,7 +224,14 @@ flag = { flag = { name = provable; descrip = "Generate a private key or parameters from a seed using a provable method"; - doc = "This will use the FIPS-186-4 algorithms (i.e., Shawe-Taylor) for provable key generation. When specified the private keys or parameters will be generated from a seed, and can be proven to be correctly generated from the seed. You may specify --seed or allow GnuTLS to generate one (recommended). This option can be combined with --generate-privkey or --generate-dh-params."; + doc = "This will use the FIPS-186-4 algorithms (i.e., Shawe-Taylor) for provable key generation. +When specified the private keys or parameters will be generated from a seed, and can be +later validated with --verify-provable-privkey to be correctly generated from the seed. You may +specify --seed or allow GnuTLS to generate one (recommended). This option can be combined with +--generate-privkey or --generate-dh-params. + +That option applies to RSA and DSA keys. On the DSA keys the PQG parameters +are generated using the seed, and on RSA the two primes."; }; flag = { @@ -237,7 +244,9 @@ flag = { name = seed; descrip = "When generating a private key use the given hex-encoded seed"; arg-type = string; - doc = ""; + doc = "The seed acts as a security parameter for the private key, and +thus a seed size which corresponds to the security level of the private key +should be provided (e.g., 256-bits seed)."; }; |