aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--Changelog2
-rw-r--r--config/lacme-accountd.conf4
-rw-r--r--lacme-accountd.1.md11
3 files changed, 9 insertions, 8 deletions
diff --git a/Changelog b/Changelog
index 39df738..a2cd0bb 100644
--- a/Changelog
+++ b/Changelog
@@ -5,6 +5,8 @@ lacme (0.7.1) upstream;
- documentation: suggest to generate private key material with
genpkey(1ssl); also suggest a command to generate an ECDSA key not
just RSA; hint at which key algorithms are supported.
+ - documentation: clarify that "file:/path/to/account.key" can point to
+ a symmetrically-encrypted private key.
-- Guilhem Moulin <guilhem@fripost.org> Wed, 09 Dec 2020 18:23:22 +0100
diff --git a/config/lacme-accountd.conf b/config/lacme-accountd.conf
index 94d2556..7248eb5 100644
--- a/config/lacme-accountd.conf
+++ b/config/lacme-accountd.conf
@@ -1,8 +1,8 @@
# The value of "privkey" specifies the (private) account key to use
# for signing requests. Currently supported values are:
#
-# - file:FILE, to specify an encrypted private key (in PEM format)
-# - gpg:FILE, to specify a gpg-encrypted private key (in PEM format)
+# - file:FILE, for a private key in PEM format (optionally encrypted)
+# - gpg:FILE, for a gpg-encrypted private key
#
#privkey = gpg:/path/to/encrypted/account.key.gpg
#privkey = file:/path/to/account.key
diff --git a/lacme-accountd.1.md b/lacme-accountd.1.md
index 359a6d1..560cfac 100644
--- a/lacme-accountd.1.md
+++ b/lacme-accountd.1.md
@@ -45,15 +45,14 @@ Options
file](#configuration-file)** section below for the configuration
options.
-`--privkey=`*arg*
+`--privkey=`*value*
: Specify the (private) account key to use for signing requests.
- Currently supported *arg*uments are:
+ Currently supported *value*s are:
- * `file:`*FILE*, to specify an encrypted private key (in PEM
- format); and
- * `gpg:`*FILE*, to specify a [`gpg`(1)]-encrypted private key (in
- PEM format).
+ * `file:`*FILE*, for a private key in PEM format (optionally
+ symmetrically encrypted)
+ * `gpg:`*FILE*, for a [`gpg`(1)]-encrypted private key
The [`genpkey`(1ssl)] command can be used to generate a new private
(account) key: