Update docs.

=back

=head1 NOTES

The PEM CRL format uses the header and footer lines:

 -----BEGIN X509 CRL-----

 -----END X509 CRL-----

=head1 EXAMPLES

Convert a CRL file from PEM to DER:

These options encrypt the private key with the DES, triple DES, or the 

IDEA ciphers respectively before outputting it. A pass phrase is prompted for.

If none of these options is specified the key is written in plain text. This

means that using the B<rsa> utility to read in an encrypted key with no

means that using the B<dsa> utility to read in an encrypted key with no

encryption option can be used to remove the pass phrase from a key, or by

setting the encryption options it can be use to add or change the pass phrase.

These options can only be used with PEM format output files.

=item B<-pubin>

by default a private key is input file with this option a public key is input

instead.

by default a private key is read from the input file: with this option a

public key is read instead.

=item B<-pubout>

 -----BEGIN DSA PRIVATE KEY-----

 -----END DSA PRIVATE KEY-----

The PEM public key format uses the header and footer lines:

 -----BEGIN PUBLIC KEY-----

 -----END PUBLIC KEY-----

=head1 EXAMPLES

To remove the pass phrase on a DSA private key:

used. For PKCS#12 file parsing only B<-in> and B<-out> need to be used

for PKCS#12 file creation B<-export> and B<-name> are also used.

If none of the B<-clcerts>, B<-cacerts> or B<-nocerts> options are present

then all certificates will be output in the order they appear in the input

PKCS#12 files. There is no guarantee that the first certificate present is

the one corresponding to the private key. Certain software which requires

a private key and certificate and assumes the first certificate in the

file is the one corresponding to the private key: this may not always

be the case. Using the B<-clcerts> option will solve this problem by only

outputing the certificate corresponding to the private key. If the CA

certificates are required then they can be output to a separate file using

the B<-nokeys -cacerts> options to just output CA certificates.

The B<-keypbe> and B<-certpbe> algorithms allow the precise encryption

algorithms for private keys and certificates to be specified. Normally

the defaults are fine but occasionally software can't handle triple DES

algorithms are concerned.

The format of PKCS#8 DSA (and other) private keys is not well documented:

it is hidden away in PKCS#11 v2.01, section 11.9. OpenSSL's DSA private

key format complies with this standard.

it is hidden away in PKCS#11 v2.01, section 11.9. OpenSSL's default DSA

PKCS#8 private key format complies with this standard.

=head1 BUGS

=item B<-pubin>

by default a private key is input file with this option a public key is input

instead.

by default a private key is read from the input file: with this

option a public key is read instead.

=item B<-pubout>

by default a private key is output with this option a public

key will be output instead. This option is automatically set if the input is

a public key.

by default a private key is output: with this option a public

key will be output instead. This option is automatically set if

the input is a public key.

=back

 -----BEGIN RSA PRIVATE KEY-----

 -----END RSA PRIVATE KEY-----

The PEM public key format uses the header and footer lines:

 -----BEGIN PUBLIC KEY-----

 -----END PUBLIC KEY-----

=head1 EXAMPLES

To remove the pass phrase on an RSA private key: