left|rightrsasigkey accepts SSH keys but the key format has to be specified explicitly

The default is now PKCS#1. With the dns: and ssh: prefixes other formats
can be selected.

1 files changed, 9 insertions, 3 deletions

diff --git a/man/ipsec.conf.5.in b/man/ipsec.conf.5.in
index e778ab773..a8933531c 100644
--- a/man/ipsec.conf.5.in
+++ b/man/ipsec.conf.5.in
@@ -756,9 +756,15 @@ None of the kernel backends currently supports opaque or port ranges and uses
 for policy installation instead.
 .TP
 .BR leftrsasigkey " = <raw rsa public key> | <path to public key>"
-the left participant's public key for RSA signature authentication, in RFC 2537
-format using hex (0x prefix) or base64 (0s prefix) encoding. Also accepted is
-the path to a file containing the public key in PEM or DER encoding.
+the left participant's public key for RSA signature authentication, in PKCS#1
+format using hex (0x prefix) or base64 (0s prefix) encoding. With the optional
+.B dns:
+or
+.B ssh:
+prefix in front of 0x or 0s, the public key is expected to be in either
+the RFC 3110 or RFC 4253 public key format, respectively.
+Also accepted is the path to a file containing the public key in PEM or DER
+encoding.
 .TP
 .BR leftsendcert " = never | no | " ifasked " | always | yes"
 Accepted values are