From 005ad3b20599aa41e0b1f0a9f9dca0e1be6edb25 Mon Sep 17 00:00:00 2001 From: Nikos Mavrogiannopoulos Date: Sat, 5 Aug 2017 20:08:31 +0200 Subject: certtool: improved documentation on --provable option Signed-off-by: Nikos Mavrogiannopoulos --- src/certtool-args.def | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/src/certtool-args.def b/src/certtool-args.def index fcb895e829..55382d4554 100644 --- a/src/certtool-args.def +++ b/src/certtool-args.def @@ -224,7 +224,14 @@ flag = { flag = { name = provable; descrip = "Generate a private key or parameters from a seed using a provable method"; - doc = "This will use the FIPS-186-4 algorithms (i.e., Shawe-Taylor) for provable key generation. When specified the private keys or parameters will be generated from a seed, and can be proven to be correctly generated from the seed. You may specify --seed or allow GnuTLS to generate one (recommended). This option can be combined with --generate-privkey or --generate-dh-params."; + doc = "This will use the FIPS-186-4 algorithms (i.e., Shawe-Taylor) for provable key generation. +When specified the private keys or parameters will be generated from a seed, and can be +later validated with --verify-provable-privkey to be correctly generated from the seed. You may +specify --seed or allow GnuTLS to generate one (recommended). This option can be combined with +--generate-privkey or --generate-dh-params. + +That option applies to RSA and DSA keys. On the DSA keys the PQG parameters +are generated using the seed, and on RSA the two primes."; }; flag = { @@ -237,7 +244,9 @@ flag = { name = seed; descrip = "When generating a private key use the given hex-encoded seed"; arg-type = string; - doc = ""; + doc = "The seed acts as a security parameter for the private key, and +thus a seed size which corresponds to the security level of the private key +should be provided (e.g., 256-bits seed)."; }; -- cgit v1.2.1