version 1.107, 2019/07/07 02:04:40 |
version 1.108, 2019/07/08 14:15:12 |
|
|
.Fl des | des3 |
.Fl des | des3 |
.Oc |
.Oc |
.Op Fl in Ar file |
.Op Fl in Ar file |
.Op Fl inform Cm der | pem |
.Op Fl inform Cm der | pem | pvk |
.Op Fl modulus |
.Op Fl modulus |
.Op Fl noout |
.Op Fl noout |
.Op Fl out Ar file |
.Op Fl out Ar file |
.Op Fl outform Cm der | pem |
.Op Fl outform Cm der | pem | pvk |
.Op Fl passin Ar arg |
.Op Fl passin Ar arg |
.Op Fl passout Ar arg |
.Op Fl passout Ar arg |
.Op Fl pubin |
.Op Fl pubin |
.Op Fl pubout |
.Op Fl pubout |
|
.Op Fl pvk-none | pvk-strong | pvk-weak |
.Op Fl text |
.Op Fl text |
.nr nS 0 |
.nr nS 0 |
.Pp |
.Pp |
|
|
The input file to read from, |
The input file to read from, |
or standard input if not specified. |
or standard input if not specified. |
If the key is encrypted, a pass phrase will be prompted for. |
If the key is encrypted, a pass phrase will be prompted for. |
.It Fl inform Cm der | pem |
.It Fl inform Cm der | pem | pvk |
The input format. |
The input format. |
.It Fl modulus |
.It Fl modulus |
Print the value of the public key component of the key. |
Print the value of the public key component of the key. |
|
|
or standard output if not specified. |
or standard output if not specified. |
If any encryption options are set then a pass phrase will be |
If any encryption options are set then a pass phrase will be |
prompted for. |
prompted for. |
.It Fl outform Cm der | pem |
.It Fl outform Cm der | pem | pvk |
The output format. |
The output format. |
.It Fl passin Ar arg |
.It Fl passin Ar arg |
The key password source. |
The key password source. |
|
|
.It Fl pubout |
.It Fl pubout |
Output a public key, not a private key. |
Output a public key, not a private key. |
Automatically set if the input is a public key. |
Automatically set if the input is a public key. |
|
.It Xo |
|
.Fl pvk-none | pvk-strong | pvk-weak |
|
.Xc |
|
Enable or disable PVK encoding. |
|
The default is |
|
.Fl pvk-strong . |
.It Fl text |
.It Fl text |
Print the public/private key in plain text. |
Print the public/private key in plain text. |
.El |
.El |
|
|
.Op Fl CApath Ar directory |
.Op Fl CApath Ar directory |
.Op Fl cert Ar file |
.Op Fl cert Ar file |
.Op Fl dgst Ar alg |
.Op Fl dgst Ar alg |
|
.Op Fl header Ar name value |
.Op Fl host Ar hostname : Ns Ar port |
.Op Fl host Ar hostname : Ns Ar port |
|
.Op Fl ignore_err |
.Op Fl index Ar indexfile |
.Op Fl index Ar indexfile |
.Op Fl issuer Ar file |
.Op Fl issuer Ar file |
.Op Fl ndays Ar days |
.Op Fl ndays Ar days |
|
|
.Op Fl no_cert_verify |
.Op Fl no_cert_verify |
.Op Fl no_certs |
.Op Fl no_certs |
.Op Fl no_chain |
.Op Fl no_chain |
|
.Op Fl no_explicit |
.Op Fl no_intern |
.Op Fl no_intern |
.Op Fl no_nonce |
.Op Fl no_nonce |
.Op Fl no_signature_verify |
.Op Fl no_signature_verify |
|
|
.Op Fl rkey Ar file |
.Op Fl rkey Ar file |
.Op Fl rother Ar file |
.Op Fl rother Ar file |
.Op Fl rsigner Ar file |
.Op Fl rsigner Ar file |
.Op Fl serial Ar number |
.Op Fl serial Ar num |
.Op Fl sign_other Ar file |
.Op Fl sign_other Ar file |
.Op Fl signer Ar file |
.Op Fl signer Ar file |
.Op Fl signkey Ar file |
.Op Fl signkey Ar file |
.Op Fl status_age Ar age |
.Op Fl status_age Ar age |
.Op Fl text |
.Op Fl text |
|
.Op Fl timeout Ar seconds |
.Op Fl trust_other |
.Op Fl trust_other |
.Op Fl url Ar responder_url |
.Op Fl url Ar responder_url |
.Op Fl VAfile Ar file |
.Op Fl VAfile Ar file |
|
|
specifies the HTTP path name to use, or |
specifies the HTTP path name to use, or |
.Pa / |
.Pa / |
by default. |
by default. |
|
.It Fl header Ar name value |
|
Add the header name with the specified value to the OCSP request that is sent |
|
to the responder. |
|
This may be repeated. |
.It Fl issuer Ar file |
.It Fl issuer Ar file |
The current issuer certificate, in PEM format. |
The current issuer certificate, in PEM format. |
Can be used multiple times and must come before any |
Can be used multiple times and must come before any |
|
|
.It Fl no_chain |
.It Fl no_chain |
Do not use certificates in the response as additional untrusted CA |
Do not use certificates in the response as additional untrusted CA |
certificates. |
certificates. |
|
.It Fl no_explicit |
|
Don't check the explicit trust for OCSP signing in the root CA certificate. |
.It Fl no_intern |
.It Fl no_intern |
Ignore certificates contained in the OCSP response |
Ignore certificates contained in the OCSP response |
when searching for the signer's certificate. |
when searching for the signer's certificate. |
|
|
option is not present, then the private key is read from the same file |
option is not present, then the private key is read from the same file |
as the certificate. |
as the certificate. |
If neither option is specified, the OCSP request is not signed. |
If neither option is specified, the OCSP request is not signed. |
|
.It Fl timeout Ar seconds |
|
Connection timeout to the OCSP responder in seconds. |
.It Fl trust_other |
.It Fl trust_other |
The certificates specified by the |
The certificates specified by the |
.Fl verify_other |
.Fl verify_other |
|
|
.It Fl CA Ar file |
.It Fl CA Ar file |
CA certificate corresponding to the revocation information in |
CA certificate corresponding to the revocation information in |
.Ar indexfile . |
.Ar indexfile . |
|
.It Fl ignore_err |
|
Ignore the invalid response. |
.It Fl index Ar indexfile |
.It Fl index Ar indexfile |
.Ar indexfile |
.Ar indexfile |
is a text index file in ca format |
is a text index file in ca format |
|
|
.Fl password |
.Fl password |
is equivalent to |
is equivalent to |
.Fl passout . |
.Fl passout . |
Otherwise, |
Otherwise, |
.Fl password |
.Fl password |
is equivalent to |
is equivalent to |
.Fl passin . |
.Fl passin . |
|
|
.Op Fl aes128 | aes192 | aes256 | des | des3 |
.Op Fl aes128 | aes192 | aes256 | des | des3 |
.Op Fl check |
.Op Fl check |
.Op Fl in Ar file |
.Op Fl in Ar file |
.Op Fl inform Cm der | net | pem |
.Op Fl inform Cm der | net | pem | pvk |
.Op Fl modulus |
.Op Fl modulus |
.Op Fl noout |
.Op Fl noout |
.Op Fl out Ar file |
.Op Fl out Ar file |
.Op Fl outform Cm der | net | pem |
.Op Fl outform Cm der | net | pem | pvk |
.Op Fl passin Ar arg |
.Op Fl passin Ar arg |
.Op Fl passout Ar arg |
.Op Fl passout Ar arg |
.Op Fl pubin |
.Op Fl pubin |
.Op Fl pubout |
.Op Fl pubout |
|
.Op Fl pvk-none | pvk-strong | pvk-weak |
|
.Op Fl RSAPublicKey_in |
|
.Op Fl RSAPublicKey_out |
.Op Fl sgckey |
.Op Fl sgckey |
.Op Fl text |
.Op Fl text |
.nr nS 0 |
.nr nS 0 |
|
|
The input file to read from, |
The input file to read from, |
or standard input if not specified. |
or standard input if not specified. |
If the key is encrypted, a pass phrase will be prompted for. |
If the key is encrypted, a pass phrase will be prompted for. |
.It Fl inform Cm der | net | pem |
.It Fl inform Cm der | net | pem | pvk |
The input format. |
The input format. |
.It Fl noout |
.It Fl noout |
Do not output the encoded version of the key. |
Do not output the encoded version of the key. |
|
|
.It Fl out Ar file |
.It Fl out Ar file |
The output file to write to, |
The output file to write to, |
or standard output if not specified. |
or standard output if not specified. |
.It Fl outform Cm der | net | pem |
.It Fl outform Cm der | net | pem | pvk |
The output format. |
The output format. |
.It Fl passin Ar arg |
.It Fl passin Ar arg |
The key password source. |
The key password source. |
|
|
Output a public key, |
Output a public key, |
not a private key. |
not a private key. |
Automatically set if the input is a public key. |
Automatically set if the input is a public key. |
|
.It Xo |
|
.Fl pvk-none | pvk-strong | pvk-weak |
|
.Xc |
|
Enable or disable PVK encoding. |
|
The default is |
|
.Fl pvk-strong . |
|
.It Fl RSAPublicKey_in , RSAPublicKey_out |
|
Same as |
|
.Fl pubin |
|
and |
|
.Fl pubout |
|
except |
|
.Cm RSAPublicKey |
|
format is used instead. |
.It Fl sgckey |
.It Fl sgckey |
Use the modified NET algorithm used with some versions of Microsoft IIS |
Use the modified NET algorithm used with some versions of Microsoft IIS |
and SGC keys. |
and SGC keys. |
|
|
.Op Fl noindef |
.Op Fl noindef |
.Op Fl nointern |
.Op Fl nointern |
.Op Fl nosigs |
.Op Fl nosigs |
|
.Op Fl nosmimecap |
.Op Fl noverify |
.Op Fl noverify |
.Op Fl out Ar file |
.Op Fl out Ar file |
.Op Fl outform Cm der | pem | smime |
.Op Fl outform Cm der | pem | smime |
|
|
The supplied certificates can still be used as untrusted CAs. |
The supplied certificates can still be used as untrusted CAs. |
.It Fl nosigs |
.It Fl nosigs |
Do not try to verify the signatures on the message. |
Do not try to verify the signatures on the message. |
|
.It Fl nosmimecap |
|
Exclude the list of supported algorithms from signed attributes, |
|
other options such as signing time and content type are still included. |
.It Fl noverify |
.It Fl noverify |
Do not verify the signer's certificate of a signed message. |
Do not verify the signer's certificate of a signed message. |
.It Fl out Ar file |
.It Fl out Ar file |
|
|
.It Cm pem |
.It Cm pem |
Privacy Enhanced Mail (PEM) |
Privacy Enhanced Mail (PEM) |
is base64-encoded. |
is base64-encoded. |
|
.It Cm pvk |
|
Private Key format. |
.It Cm smime |
.It Cm smime |
An SMIME format message. |
An SMIME format message. |
.It Cm txt |
.It Cm txt |