openssl-pkcs8, pkcs8 - PKCS#8 format private key conversion tool
openssl pkcs8 [-help] [-topk8] [-inform PEM|DER] [-outform PEM|DER] [-in filename] [-passin arg] [-out filename] [-passout arg] [-iter count] [-noiter] [-rand file...] [-writerand file] [-nocrypt] [-traditional] [-v2 alg] [-v2prf alg] [-v1 alg] [-engine id] [-scrypt] [-scrypt_N N] [-scrypt_r r] [-scrypt_p p]
The pkcs8 command processes private keys in PKCS#8 format. It can handle both unencrypted PKCS#8 PrivateKeyInfo format and EncryptedPrivateKeyInfo format with a variety of PKCS#5 (v1.5 and v2.0) and PKCS#12 algorithms.
Print out a usage message.
Normally a PKCS#8 private key is expected on input and a private key will be written to the output file. With the -topk8 option the situation is reversed: it reads a private key and writes a PKCS#8 format key.
This specifies the input format: see "KEY FORMATS" for more details. The default format is PEM.
This specifies the output format: see "KEY FORMATS" for more details. The default format is PEM.
When this option is present and -topk8 is not a traditional format private key is written.
This specifies the input filename to read a key from or standard input if this option is not specified. If the key is encrypted a pass phrase will be prompted for.
The input file password source. For more information about the format of arg see "Pass Phrase Options" in openssl(1).
This specifies the output filename to write a key to or standard output by default. If any encryption options are set then a pass phrase will be prompted for. The output filename should not be the same as the input filename.
The output file password source. For more information about the format of arg see "Pass Phrase Options" in openssl(1).
When creating new PKCS#8 containers, use a given number of