version 1.126, 2020/10/26 11:48:39 |
version 1.127, 2020/11/01 21:32:03 |
|
|
.It Fl binary |
.It Fl binary |
Normally the input message is converted to "canonical" format which is |
Normally the input message is converted to "canonical" format which is |
effectively using CR/LF as end of line, as required by the S/MIME specification. |
effectively using CR/LF as end of line, as required by the S/MIME specification. |
When this option is present no translation occurs. |
When this option is present, no translation occurs. |
This is useful when handling binary data which may not be in MIME format. |
This is useful when handling binary data which may not be in MIME format. |
.It Fl CAfile Ar file |
.It Fl CAfile Ar file |
A file containing trusted CA certificates, used with |
A file containing trusted CA certificates, used with |
|
|
any other cipher supported by |
any other cipher supported by |
.Nm openssl . |
.Nm openssl . |
A pass phrase is prompted for. |
A pass phrase is prompted for. |
If none of these options is specified the key is written in plain text. |
If none of these options are specified, the key is written in plain text. |
This means that using the |
This means that using the |
.Nm ec |
.Nm ec |
utility to read in an encrypted key with no |
utility to read in an encrypted key with no |
|
|
.It Fl in Ar file |
.It Fl in Ar file |
The input file to read a key from, |
The input file to read a key from, |
or standard input if not specified. |
or standard input if not specified. |
If the key is encrypted a pass phrase will be prompted for. |
If the key is encrypted, a pass phrase will be prompted for. |
.It Fl inform Cm der | pem |
.It Fl inform Cm der | pem |
The input format. |
The input format. |
.It Fl noout |
.It Fl noout |
|
|
.It Fl in Ar file |
.It Fl in Ar file |
The input file to read from, |
The input file to read from, |
or standard input if not specified. |
or standard input if not specified. |
If the key is encrypted a pass phrase will be prompted for. |
If the key is encrypted, a pass phrase will be prompted for. |
.It Fl inform Cm der | pem |
.It Fl inform Cm der | pem |
The input format. |
The input format. |
.It Fl noout |
.It Fl noout |
|
|
mode only this option specifies the salt length. |
mode only this option specifies the salt length. |
Two special values are supported: |
Two special values are supported: |
-1 sets the salt length to the digest length. |
-1 sets the salt length to the digest length. |
When signing -2 sets the salt length to the maximum permissible value. |
When signing, -2 sets the salt length to the maximum permissible value. |
When verifying -2 causes the salt length to be automatically determined |
When verifying, -2 causes the salt length to be automatically determined |
based on the PSS block structure. |
based on the PSS block structure. |
.El |
.El |
.Pp |
.Pp |
|
|
.Qq canonical |
.Qq canonical |
format which uses CR/LF as end of line, |
format which uses CR/LF as end of line, |
as required by the S/MIME specification. |
as required by the S/MIME specification. |
When this option is present no translation occurs. |
When this option is present, no translation occurs. |
This is useful when handling binary data which may not be in MIME format. |
This is useful when handling binary data which may not be in MIME format. |
.It Fl CAfile Ar file |
.It Fl CAfile Ar file |
A |
A |
|
|
time stamp token. |
time stamp token. |
Either dotted OID notation or OID names defined |
Either dotted OID notation or OID names defined |
in the config file can be used. |
in the config file can be used. |
If no policy is requested the TSA uses its own default policy. |
If no policy is requested, the TSA uses its own default policy. |
.It Fl text |
.It Fl text |
Output in human-readable text format instead of DER. |
Output in human-readable text format instead of DER. |
.El |
.El |
|
|
should contain one or more CRLs in PEM format. |
should contain one or more CRLs in PEM format. |
.It Fl crl_check |
.It Fl crl_check |
Check end entity certificate validity by attempting to look up a valid CRL. |
Check end entity certificate validity by attempting to look up a valid CRL. |
If a valid CRL cannot be found an error occurs. |
If a valid CRL cannot be found, an error occurs. |
.It Fl crl_check_all |
.It Fl crl_check_all |
Check the validity of all certificates in the chain by attempting |
Check the validity of all certificates in the chain by attempting |
to look up valid CRLs. |
to look up valid CRLs. |
|
|
A trusted certificate is a certificate which has several |
A trusted certificate is a certificate which has several |
additional pieces of information attached to it such as the permitted |
additional pieces of information attached to it such as the permitted |
and prohibited uses of the certificate and an alias. |
and prohibited uses of the certificate and an alias. |
When a certificate is being verified at least one certificate must be trusted. |
When a certificate is being verified, at least one certificate must be trusted. |
By default, a trusted certificate must be stored locally and be a root CA. |
By default, a trusted certificate must be stored locally and be a root CA. |
The following are x509 trust settings options: |
The following are x509 trust settings options: |
.Bl -tag -width "XXXX" |
.Bl -tag -width "XXXX" |