Problems with genpkey

[paulidale]

From openssl-users:

Should these be posted here or as github issues? (May be user error)

1. openssl genpkey -algorithm rsa -outform der -out key.der -quiet
   returns:
   genpkey: Option -quiet needs a value
   But the docs don't indicate that a value is needed.
2. openssl genpkey -algorithm rsa -outform der -out key.der -text
   Docs say that the unencrypted key should be printed, but it isn't.
3. openssl genpkey .... -cipher des3
   returns:
   genpkey: Use -help for summary.
   I tried other values for -cipher but none worked
4. -aes-128-cbc works but is not documented

[paulidale]

1. Confirmed this is a bug
2. This is not a regression against 1.1., the text output is included in the .der file.
3. -cipher isn't a valid option for the genpkey command: use -des3 as documented.
4. 4. It is documented, this is line in the -help output:

-* Cipher to use to encrypt the key

[kgold2]

2. It is surprising that -text appends text to a (binary) der file. All the previous commands sent the text to stdout (openssl pkey, rsa, x509, ...) As a minimum, change the man page "prints ... along with" to "prints ... into". I suggest that a print to stdout is more useful.
3. Perhaps -cipher is not a valid option, but the man page at https://www.openssl.org/docs/manmaster/man1/openssl-genpkey.html says that it is. Maybe it's trying to say that the string 'cipher' should be replaced by the actual cipher? In that case, an example like -des3 would be helpful.
4. -* isn't a commonly used idiom.

[kgold2]

Paul suggested I add version info: This is the latest openssl master, pulled 5 August, running on Linux RHEL 6.7

[richsalz]

Agreed that -* isn't used anywhere except in OpenSSL, but it is used in all programs/manpages where an argument is interpreted as a cipher or digest, etc.

[kgold2]

-* is used in the help, but some man pages gave explicit examples. E.g., genrsa, ec. I just suggest an example, to help newbies who try "-cipher aes" rather than -aes.