Added manpages for all wolfclu commands

.gitignore

@@ -54,3 +54,4 @@ CLAUDE.md
 /index.txt
 /serial-file-test
 /rand-file-test
+manpages/*.1.gz

Makefile.am

@@ -44,11 +44,48 @@ EXTRA_DIST+= wolfclu.sln
 EXTRA_DIST+= wolfCLU.vcxproj
 EXTRA_DIST+= wolfCLU.vcxproj.filters
 
-man_MANS+= manpages/wolfCLU_benchmark.1
-man_MANS+= manpages/wolfCLU_decrypt.1
-man_MANS+= manpages/wolfCLU_encrypt.1
-man_MANS+= manpages/wolfCLU_hash.1
+if ENABLE_MANPAGES
 man_MANS+= manpages/wolfssl.1
+man_MANS+= manpages/wolfssl-bench.1
+man_MANS+= manpages/wolfssl-decrypt.1
+man_MANS+= manpages/wolfssl-encrypt.1
+man_MANS+= manpages/wolfssl-hash.1
+man_MANS+= manpages/wolfssl-enc.1
+man_MANS+= manpages/wolfssl-ca.1
+man_MANS+= manpages/wolfssl-x509.1
+man_MANS+= manpages/wolfssl-req.1
+man_MANS+= manpages/wolfssl-verify.1
+man_MANS+= manpages/wolfssl-crl.1
+man_MANS+= manpages/wolfssl-genkey.1
+man_MANS+= manpages/wolfssl-pkey.1
+man_MANS+= manpages/wolfssl-rsa.1
+man_MANS+= manpages/wolfssl-ecparam.1
+man_MANS+= manpages/wolfssl-dsaparam.1
+man_MANS+= manpages/wolfssl-dhparam.1
+man_MANS+= manpages/wolfssl-pkcs7.1
+man_MANS+= manpages/wolfssl-pkcs8.1
+man_MANS+= manpages/wolfssl-pkcs12.1
+man_MANS+= manpages/wolfssl-dgst.1
+man_MANS+= manpages/wolfssl-sign_verify.1
+# The keytype and hash-shortcut pages below are .so aliases for
+# wolfssl-sign_verify.1 and wolfssl-hash.1 respectively. .so pages only
+# render once installed under man1/.
+man_MANS+= manpages/wolfssl-ecc.1
+man_MANS+= manpages/wolfssl-ed25519.1
+man_MANS+= manpages/wolfssl-dilithium.1
+man_MANS+= manpages/wolfssl-xmss.1
+man_MANS+= manpages/wolfssl-xmssmt.1
+man_MANS+= manpages/wolfssl-rand.1
+man_MANS+= manpages/wolfssl-base64.1
+man_MANS+= manpages/wolfssl-s_client.1
+man_MANS+= manpages/wolfssl-s_server.1
+man_MANS+= manpages/wolfssl-ocsp.1
+man_MANS+= manpages/wolfssl-md5.1
+man_MANS+= manpages/wolfssl-sha256.1
+man_MANS+= manpages/wolfssl-sha384.1
+man_MANS+= manpages/wolfssl-sha512.1
+man_MANS+= manpages/wolfssl-version.1
+endif
 
 include src/include.am
 include wolfclu/include.am
@@ -84,9 +121,44 @@ TESTS += $(check_SCRIPTS)
 # When tests live in the source tree (no VPATH), those files land in tests/,
 # where EXTRA_DIST+=tests would otherwise sweep them into the tarball and
 # break `make distcheck` via stale VPATH lookups.
+# Generate the compressed manpages into the tarball from their .1 sources,
+# so the .gz copies are never hand-maintained in git. These ship in the release
+# tarball for downstream packaging; they are intentionally not installed
+# (man_MANS installs the .1 files, and distros compress man pages themselves).
+# -n keeps the output byte-reproducible across dist runs (no embedded
+# filename/mtime). Only done if manpages are enabled.
 dist-hook:
 	find $(distdir)/tests -name '*.log' -delete
 	find $(distdir)/tests -name '*.trs' -delete
+# Always strip stale .1.gz from the tarball (local manpages-gz output or a
+# prior dist may have left them in manpages/). Regenerate only when enabled.
+	chmod u+w $(distdir)/manpages 2>/dev/null || true
+	rm -f $(distdir)/manpages/*.1.gz
+if ENABLE_MANPAGES
+	for f in $(distdir)/manpages/*.1; do gzip -nc "$$f" > "$$f.gz"; done
+endif
+
+if ENABLE_MANPAGES
+# On-demand regeneration of the compressed manpages from their .1 sources.
+# Run `make manpages-gz` after editing any .1; thanks to the prerequisite
+# only the pages whose source actually changed are rebuilt. These .gz are
+# gitignored and NOT installed (man_MANS installs the .1 files) -- the
+# release tarball gets its own fresh copies via the dist-hook above, so this
+# target is purely a local convenience (preview/packaging). It is not wired
+# into `all` on purpose: writing into the source tree during a normal build
+# would break `make distcheck`, which builds against a read-only srcdir.
+# -n keeps the output byte-reproducible (no embedded filename/mtime).
+MAN_GZ = $(man_MANS:.1=.1.gz)
+
+.PHONY: manpages-gz
+manpages-gz: $(MAN_GZ)
+
+manpages/%.1.gz: $(srcdir)/manpages/%.1
+	@$(MKDIR_P) manpages
+	gzip -nc "$<" > "$@"
+
+CLEANFILES += $(MAN_GZ)
+endif
 
 test: check
 #DISTCLEANFILES+= wolfssl-config

README.md

@@ -32,16 +32,54 @@ sudo make install
 
 If wolfSSL was recently installed run `sudo ldconfig` to update the linker cache.
 
+#### Build Options
+
+You can customize the build with configure flags:
+
+```
+./configure --disable-manpages    # Skip manpage installation (useful for embedded builds)
+./configure --with-wolfssl=PATH   # Specify wolfSSL installation path
+```
+
 Now, you should be able to use wolfCLU:
 
 ```
 wolfssl -h
 ```
 
-If everything worked, you should see the wolfCLU help message.
+If everything worked, you should see the wolfCLU help message. The manpages are also automatically installed during `make install`, so you can view them immediately:
+
+```
+man wolfssl
+man wolfssl-genkey
+man wolfssl-encrypt
+```
 
 For instuctions on how to build windows, see [here](ide/winvs/README.md).
 
+## Contributing to Documentation
+
+### Manpage Building
+
+Manpages are automatically generated and installed as part of the normal build process (unless disabled with `--disable-manpages`). When you run `make install`, the `.1` source files in the `manpages/` directory are installed to your configured man1 directory (commonly `/usr/local/share/man/man1` or `/usr/share/man/man1`), making them accessible via the `man` command.
+
+For developers actively editing manpage files (`.1` files in the `manpages/` directory), you can test changes locally without running the full build:
+
+```bash
+mkdir -p ~/.local/share/man/man1
+cp manpages/*.1 ~/.local/share/man/man1/
+man wolfssl-base64
+```
+
+Alternatively, generate compressed versions and view them directly (only available if manpages are enabled):
+
+```bash
+make manpages-gz
+man -l manpages/wolfssl-base64.1.gz   # GNU man; on macOS/BSD use man manpages/wolfssl-base64.1
+```
+
+**Important:** Only commit the `.1` source files to the repository. The `.1.gz` compressed versions are generated on-demand during build and distribution—they are gitignored and should never be tracked in git.
+
 ## Examples
 
 ### Key Generation

configure.ac

@@ -80,6 +80,16 @@ then
     AM_CFLAGS="$AM_CFLAGS -DWOLFCLU_NO_FILESYSTEM"
 fi
 
+# Manpages Build
+ENABLED_MANPAGES_DEFAULT=yes
+AC_ARG_ENABLE([manpages],
+    [AS_HELP_STRING([--disable-manpages],[Disable manpage installation (default: enabled)])],
+    [ ENABLED_MANPAGES=$enableval ],
+    [ ENABLED_MANPAGES=$ENABLED_MANPAGES_DEFAULT ]
+    )
+
+AM_CONDITIONAL([ENABLE_MANPAGES], [test "x$ENABLED_MANPAGES" != "xno"])
+
 
 #wolfssl
 AC_MSG_CHECKING([for wolfSSL])

manpages/manual.txt

@@ -1,133 +1,27 @@
 Welcome to the wolfSSL Command Line Utility Manual!
 
-The first thing that will need to be done is a complete download and install of
-wolfSSL. An instructional video of this process can be found here:
+After installing wolfSSL and wolfCLU, man pages are installed automatically
+during "make install" (unless you used --disable-manpages). View them with:
 
-https://www.youtube.com/watch?v=zXRLwW0DIPA
+    man wolfssl
+    man wolfssl-encrypt
+    man wolfssl-genkey
 
-Next view the README.md file. Which says this:
+Each command has a wolfssl-<command> man page in the manpages/ directory.
+See README.md in the wolfCLU root for build options and local testing tips.
 
-To use this feature, please ./configure --enable-pwdbased --enable-opensslextra
-    other features that can be included are:
-        --enable-camellia
-        --enable-blake2
-        --enable-sha512
-        --enable-fortress
+Quick reference:
 
-then run configure, make, and make install from the command line utility root.
+    wolfssl encrypt / decrypt / enc   symmetric encryption
+    wolfssl hash / md5 / sha256       hashing
+    wolfssl bench                     benchmarking
+    wolfssl genkey / req / ca / x509  keys and certificates
+    wolfssl verify / crl / ocsp       chain and revocation checks
 
-The Utility has many tools. Encryption, Decryption, Hashing, Benchmarking, with
-more to come.
+For full option lists, use "wolfssl -h" or the individual man pages.
 
-The man pages provided with the utility also give a brief rundown of how to use
-each tool in the kit.
-
-Manpages are installed automatically during the make process
-
-You will now be able to run a man page by typing "man wolfsslBenchmark" etc.
-manpages are as follows:
-wolfCLU_benchmark
-wolfCLU_encrypt
-wolfCLU_decrypt
-wolfCLU_hash
-wolfCLU_main
-
-ENCRYPTION
-
-    SYNOPSIS
-        wolfssl -encrypt <-algorithm> <-in filename> [-out filename] [-pwd password] [-iv IV] [-key hex] [-inkey filename]
-    DESCRIPTION
-        This command allows data to be encrypted using ciphers and keys based on passwords if not explicitly provided
-    .ALGORITHMS
-        -aes-cbc-[128|192|256]
-            uses AES algorithm with designated key size.
-        -aes-ctr-[128|192|256]
-            uses AES Counter with designated key size. Only available if ./configure settings support
-        -3des-cbc-[056|112|168]
-            uses 3DES algorithm with designated key size.
-        -camellia-cbc-[128|192|256]
-            uses Camellia algorithm with designated key size. Only available if ./configure settings support
-    OPTIONS
-        -in filename/stdin     the input filename, standard input. If file does not exist, it will treat data as stdin
-        -out filename           the output filename, if filename does not exist, it will be created
-        -pwd password           password to derive the key from. prompts if password option is not provided. If used, iv isn't needed
-        -iv IV                  the actual iv to use. If not provided, one is randomly generated. Must be provided in hex
-        -key hex                the actual key to use, supplied as a hex string on the command line. Length must match the algorithm key size. Requires -iv: when an explicit key is supplied, no salt-based key/iv derivation runs and no Salted__ header is written.
-        -inkey filename         read the key from a file. The file may hold either a hex-encoded key (whitespace within the file is ignored) or a raw binary key whose byte length matches the algorithm key size. The argument must name a real file; use -key to pass a hex key on the command line.
-
-DECRYPTION
-
-    SYNOPSIS
-        wolfssl -decrypt <-algorithm> <-in filename> [-out filename] [-pwd password] [-iv IV] [-key hex] [-inkey filename]
-    DESCRIPTION
-        This command allows data to be decrypted using ciphers and keys based on passwords if not explicitly provided
-    ALGORITHMS
-        -aes-cbc-[128|192|256]
-            uses AES algorithm with designated key size.
-        -aes-ctr-[128|192|256]
-            uses AES Counter with designated key size. Only available if ./configure settings support
-        -3des-cbc-[056|112|168]
-            uses 3DES algorithm with designated key size.
-        -camellia-cbc-[128|192|256]
-            uses Camellia algorithm with designated key size. Only available if ./configure settings support
-    OPTIONS
-        -in filename/stdin     the input filename, standard input. If file does not exist, it will treat data as stdin
-        -out filename           the output filename, if filename does not exist, it will be created
-        -pwd password           password to derive the key from. prompts if password option is not provided. If used, iv isn't needed
-        -iv IV                  the actual iv to use. If not provided, one is randomly generated. Must be provided in hex
-        -key hex                the actual key to use, supplied as a hex string on the command line. Length must match the algorithm key size. Requires -iv: when an explicit key is supplied, no salt-based key/iv derivation runs, so the IV must be provided directly.
-        -inkey filename         read the key from a file. The file may hold either a hex-encoded key (whitespace within the file is ignored) or a raw binary key whose byte length matches the algorithm key size. The argument must name a real file; use -key to pass a hex key on the command line.
-
-HASH
-
-    SYNOPSIS
-        wolfssl -hash <-algorithm> <-i filename> [-o filename/stdin] [-s size] [-l length]
-    DESCRIPTION
-        This command hashes either stdin or a file based on the chosen algorithm
-    ALGORITHMS
-        -md5
-        -sha
-        -sha256
-        (NOTE: The following are only available if ./configure supports them)
-        -sha384
-        -sha512
-        -blake2b
-    OPTIONS
-        -in filename/stdin       the input filename, standard input. If file does not exist, it will treat data as stdin
-        -out filename           the output filename, if not provided will print stdout
-        -size size              block size of the function. Usuable only with Blake2b
-        -length length          length of message to hash
-
-BENCHMARK
-
-    SYNOPSIS
-        wolfssl benchmark TESTS [-time time] [-all] [-tests] 
-    DESCRIPTION
-        Tests algorithm functionality and speed
-    TESTS
-        -aes-cbc
-        -aes-ctr*
-        -3des
-        -camellia*
-        -md5
-        -sha
-        -sha256
-        -sha384*
-        -sha512*
-        -blake2b*
-        *(NOTE: Only available through ./configure options)
-    OPTIONS
-        -time <sec> time for each of the tests in seconds
-        -all        runs all available tests
-
-TESTING
-
-    Various tests can also be performed on the toolkit via nistTest.sh and tests.sh
-    to perform these tests, simply change the 'PAT' variable in each one to lead
-    to where you extracted the Utility to.
 AUTHOR
-    wolfSSL, Inc. (info@wolfssl.com)
-    Copyright 2014 wolfSSL Inc.  All rights reserved.
-
-Please report wolfssl any bugs to support@wolfssl.com
+    wolfSSL, Inc. (facts@wolfssl.com)
+    Copyright 2026 wolfSSL Inc.  All rights reserved.
 
+Please report wolfssl bugs to support@wolfssl.com