| version 1.126, 2020/10/26 11:48:39 |
version 1.127, 2020/11/01 21:32:03 |
|
|
| .It Fl binary |
.It Fl binary |
| Normally the input message is converted to "canonical" format which is |
Normally the input message is converted to "canonical" format which is |
| effectively using CR/LF as end of line, as required by the S/MIME specification. |
effectively using CR/LF as end of line, as required by the S/MIME specification. |
| When this option is present no translation occurs. |
When this option is present, no translation occurs. |
| This is useful when handling binary data which may not be in MIME format. |
This is useful when handling binary data which may not be in MIME format. |
| .It Fl CAfile Ar file |
.It Fl CAfile Ar file |
| A file containing trusted CA certificates, used with |
A file containing trusted CA certificates, used with |
|
|
| any other cipher supported by |
any other cipher supported by |
| .Nm openssl . |
.Nm openssl . |
| A pass phrase is prompted for. |
A pass phrase is prompted for. |
| If none of these options is specified the key is written in plain text. |
If none of these options are specified, the key is written in plain text. |
| This means that using the |
This means that using the |
| .Nm ec |
.Nm ec |
| utility to read in an encrypted key with no |
utility to read in an encrypted key with no |
|
|
| .It Fl in Ar file |
.It Fl in Ar file |
| The input file to read a key from, |
The input file to read a key from, |
| or standard input if not specified. |
or standard input if not specified. |
| If the key is encrypted a pass phrase will be prompted for. |
If the key is encrypted, a pass phrase will be prompted for. |
| .It Fl inform Cm der | pem |
.It Fl inform Cm der | pem |
| The input format. |
The input format. |
| .It Fl noout |
.It Fl noout |
|
|
| .It Fl in Ar file |
.It Fl in Ar file |
| The input file to read from, |
The input file to read from, |
| or standard input if not specified. |
or standard input if not specified. |
| If the key is encrypted a pass phrase will be prompted for. |
If the key is encrypted, a pass phrase will be prompted for. |
| .It Fl inform Cm der | pem |
.It Fl inform Cm der | pem |
| The input format. |
The input format. |
| .It Fl noout |
.It Fl noout |
|
|
| mode only this option specifies the salt length. |
mode only this option specifies the salt length. |
| Two special values are supported: |
Two special values are supported: |
| -1 sets the salt length to the digest length. |
-1 sets the salt length to the digest length. |
| When signing -2 sets the salt length to the maximum permissible value. |
When signing, -2 sets the salt length to the maximum permissible value. |
| When verifying -2 causes the salt length to be automatically determined |
When verifying, -2 causes the salt length to be automatically determined |
| based on the PSS block structure. |
based on the PSS block structure. |
| .El |
.El |
| .Pp |
.Pp |
|
|
| .Qq canonical |
.Qq canonical |
| format which uses CR/LF as end of line, |
format which uses CR/LF as end of line, |
| as required by the S/MIME specification. |
as required by the S/MIME specification. |
| When this option is present no translation occurs. |
When this option is present, no translation occurs. |
| This is useful when handling binary data which may not be in MIME format. |
This is useful when handling binary data which may not be in MIME format. |
| .It Fl CAfile Ar file |
.It Fl CAfile Ar file |
| A |
A |
|
|
| time stamp token. |
time stamp token. |
| Either dotted OID notation or OID names defined |
Either dotted OID notation or OID names defined |
| in the config file can be used. |
in the config file can be used. |
| If no policy is requested the TSA uses its own default policy. |
If no policy is requested, the TSA uses its own default policy. |
| .It Fl text |
.It Fl text |
| Output in human-readable text format instead of DER. |
Output in human-readable text format instead of DER. |
| .El |
.El |
|
|
| should contain one or more CRLs in PEM format. |
should contain one or more CRLs in PEM format. |
| .It Fl crl_check |
.It Fl crl_check |
| Check end entity certificate validity by attempting to look up a valid CRL. |
Check end entity certificate validity by attempting to look up a valid CRL. |
| If a valid CRL cannot be found an error occurs. |
If a valid CRL cannot be found, an error occurs. |
| .It Fl crl_check_all |
.It Fl crl_check_all |
| Check the validity of all certificates in the chain by attempting |
Check the validity of all certificates in the chain by attempting |
| to look up valid CRLs. |
to look up valid CRLs. |
|
|
| A trusted certificate is a certificate which has several |
A trusted certificate is a certificate which has several |
| additional pieces of information attached to it such as the permitted |
additional pieces of information attached to it such as the permitted |
| and prohibited uses of the certificate and an alias. |
and prohibited uses of the certificate and an alias. |
| When a certificate is being verified at least one certificate must be trusted. |
When a certificate is being verified, at least one certificate must be trusted. |
| By default, a trusted certificate must be stored locally and be a root CA. |
By default, a trusted certificate must be stored locally and be a root CA. |
| The following are x509 trust settings options: |
The following are x509 trust settings options: |
| .Bl -tag -width "XXXX" |
.Bl -tag -width "XXXX" |
![[BACK]](/icons/back.gif){kind=icon}
Return to openssl.1 CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / usr.bin / openssl