version 1.21, 2015/09/11 06:43:05 |
version 1.22, 2015/09/11 14:30:23 |
|
|
EC parameter manipulation and generation. |
EC parameter manipulation and generation. |
.It Cm enc |
.It Cm enc |
Encoding with ciphers. |
Encoding with ciphers. |
.It Cm engine |
|
Engine (loadable module) information and manipulation. |
|
.It Cm errstr |
.It Cm errstr |
Error number to error string conversion. |
Error number to error string conversion. |
.It Cm gendh |
.It Cm gendh |
|
|
.Op Fl crlhours Ar hours |
.Op Fl crlhours Ar hours |
.Op Fl days Ar arg |
.Op Fl days Ar arg |
.Op Fl enddate Ar date |
.Op Fl enddate Ar date |
.Op Fl engine Ar id |
|
.Op Fl extensions Ar section |
.Op Fl extensions Ar section |
.Op Fl extfile Ar section |
.Op Fl extfile Ar section |
.Op Fl gencrl |
.Op Fl gencrl |
|
|
.Op Fl infiles |
.Op Fl infiles |
.Op Fl key Ar keyfile |
.Op Fl key Ar keyfile |
.Op Fl keyfile Ar arg |
.Op Fl keyfile Ar arg |
.Op Fl keyform Ar ENGINE | PEM |
.Op Fl keyform Ar PEM |
.Op Fl md Ar arg |
.Op Fl md Ar arg |
.Op Fl msie_hack |
.Op Fl msie_hack |
.Op Fl name Ar section |
.Op Fl name Ar section |
|
|
This allows the expiry date to be explicitly set. |
This allows the expiry date to be explicitly set. |
The format of the date is YYMMDDHHMMSSZ |
The format of the date is YYMMDDHHMMSSZ |
.Pq the same as an ASN1 UTCTime structure . |
.Pq the same as an ASN1 UTCTime structure . |
.It Fl engine Ar id |
|
Specifying an engine (by its unique |
|
.Ar id |
|
string) will cause |
|
.Nm ca |
|
to attempt to obtain a functional reference to the specified engine, |
|
thus initialising it if needed. |
|
The engine will then be set as the default for all available algorithms. |
|
.It Fl extensions Ar section |
.It Fl extensions Ar section |
The section of the configuration file containing certificate extensions |
The section of the configuration file containing certificate extensions |
to be added when a certificate is issued (defaults to |
to be added when a certificate is issued (defaults to |
|
|
utility) this option should be used with caution. |
utility) this option should be used with caution. |
.It Fl keyfile Ar file |
.It Fl keyfile Ar file |
The private key to sign requests with. |
The private key to sign requests with. |
.It Fl keyform Ar ENGINE | PEM |
.It Fl keyform Ar PEM |
Private key file format. |
Private key file format. |
.It Fl md Ar alg |
.It Fl md Ar alg |
The message digest to use. |
The message digest to use. |
|
|
.Oc |
.Oc |
.Op Fl binary |
.Op Fl binary |
.Op Fl cd |
.Op Fl cd |
.Op Fl engine Ar id |
|
.Op Fl hex |
.Op Fl hex |
.Op Fl hmac Ar key |
.Op Fl hmac Ar key |
.Op Fl keyform Ar ENGINE | PEM |
.Op Fl keyform Ar PEM |
.Op Fl mac Ar algorithm |
.Op Fl mac Ar algorithm |
.Op Fl macopt Ar nm : Ns Ar v |
.Op Fl macopt Ar nm : Ns Ar v |
.Op Fl out Ar file |
.Op Fl out Ar file |
|
|
format output is used. |
format output is used. |
.It Fl d |
.It Fl d |
Print out BIO debugging information. |
Print out BIO debugging information. |
.It Fl engine Ar id |
|
Specifying an engine (by its unique |
|
.Ar id |
|
string) will cause |
|
.Nm dgst |
|
to attempt to obtain a functional reference to the specified engine, |
|
thus initialising it if needed. |
|
The engine will then be set as the default for all available algorithms. |
|
This engine is not used as a source for digest algorithms |
|
unless it is also specified in the configuration file. |
|
.It Fl hex |
.It Fl hex |
Digest is to be output as a hex dump. |
Digest is to be output as a hex dump. |
This is the default case for a |
This is the default case for a |
|
|
.It Fl hmac Ar key |
.It Fl hmac Ar key |
Create a hashed MAC using |
Create a hashed MAC using |
.Ar key . |
.Ar key . |
.It Fl keyform Ar ENGINE | PEM |
.It Fl keyform Ar PEM |
Specifies the key format to sign the digest with. |
Specifies the key format to sign the digest with. |
.It Fl mac Ar algorithm |
.It Fl mac Ar algorithm |
Create a keyed Message Authentication Code (MAC). |
Create a keyed Message Authentication Code (MAC). |
|
|
.Op Fl C |
.Op Fl C |
.Op Fl check |
.Op Fl check |
.Op Fl dsaparam |
.Op Fl dsaparam |
.Op Fl engine Ar id |
|
.Op Fl in Ar file |
.Op Fl in Ar file |
.Op Fl inform Ar DER | PEM |
.Op Fl inform Ar DER | PEM |
.Op Fl noout |
.Op Fl noout |
|
|
Beware that with such DSA-style DH parameters, |
Beware that with such DSA-style DH parameters, |
a fresh DH key should be created for each use to |
a fresh DH key should be created for each use to |
avoid small-subgroup attacks that may be possible otherwise. |
avoid small-subgroup attacks that may be possible otherwise. |
.It Fl engine Ar id |
|
Specifying an engine (by its unique |
|
.Ar id |
|
string) will cause |
|
.Nm dhparam |
|
to attempt to obtain a functional reference to the specified engine, |
|
thus initialising it if needed. |
|
The engine will then be set as the default for all available algorithms. |
|
.It Fl in Ar file |
.It Fl in Ar file |
This specifies the input |
This specifies the input |
.Ar file |
.Ar file |
|
|
.Fl aes128 | aes192 | aes256 | |
.Fl aes128 | aes192 | aes256 | |
.Fl des | des3 |
.Fl des | des3 |
.Oc |
.Oc |
.Op Fl engine Ar id |
|
.Op Fl in Ar file |
.Op Fl in Ar file |
.Op Fl inform Ar DER | PEM |
.Op Fl inform Ar DER | PEM |
.Op Fl modulus |
.Op Fl modulus |
|
|
or by setting the encryption options it can be use to add or change |
or by setting the encryption options it can be use to add or change |
the pass phrase. |
the pass phrase. |
These options can only be used with PEM format output files. |
These options can only be used with PEM format output files. |
.It Fl engine Ar id |
|
Specifying an engine (by its unique |
|
.Ar id |
|
string) will cause |
|
.Nm dsa |
|
to attempt to obtain a functional reference to the specified engine, |
|
thus initialising it if needed. |
|
The engine will then be set as the default for all available algorithms. |
|
.It Fl in Ar file |
.It Fl in Ar file |
This specifies the input |
This specifies the input |
.Ar file |
.Ar file |
|
|
.Nm "openssl dsaparam" |
.Nm "openssl dsaparam" |
.Bk -words |
.Bk -words |
.Op Fl C |
.Op Fl C |
.Op Fl engine Ar id |
|
.Op Fl genkey |
.Op Fl genkey |
.Op Fl in Ar file |
.Op Fl in Ar file |
.Op Fl inform Ar DER | PEM |
.Op Fl inform Ar DER | PEM |
|
|
The parameters can then be loaded by calling the |
The parameters can then be loaded by calling the |
.Cm get_dsa Ns Ar XXX Ns Li () |
.Cm get_dsa Ns Ar XXX Ns Li () |
function. |
function. |
.It Fl engine Ar id |
|
Specifying an engine (by its unique |
|
.Ar id |
|
string) will cause |
|
.Nm dsaparam |
|
to attempt to obtain a functional reference to the specified engine, |
|
thus initialising it if needed. |
|
The engine will then be set as the default for all available algorithms. |
|
.It Fl genkey |
.It Fl genkey |
This option will generate a DSA either using the specified or generated |
This option will generate a DSA either using the specified or generated |
parameters. |
parameters. |
|
|
.Op Fl conv_form Ar arg |
.Op Fl conv_form Ar arg |
.Op Fl des |
.Op Fl des |
.Op Fl des3 |
.Op Fl des3 |
.Op Fl engine Ar id |
|
.Op Fl in Ar file |
.Op Fl in Ar file |
.Op Fl inform Ar DER | PEM |
.Op Fl inform Ar DER | PEM |
.Op Fl noout |
.Op Fl noout |
|
|
or by setting the encryption options |
or by setting the encryption options |
it can be use to add or change the pass phrase. |
it can be use to add or change the pass phrase. |
These options can only be used with PEM format output files. |
These options can only be used with PEM format output files. |
.It Fl engine Ar id |
|
Specifying an engine (by its unique |
|
.Ar id |
|
string) will cause |
|
.Nm ec |
|
to attempt to obtain a functional reference to the specified engine, |
|
thus initialising it if needed. |
|
The engine will then be set as the default for all available algorithms. |
|
.It Fl in Ar file |
.It Fl in Ar file |
This specifies the input filename to read a key from, |
This specifies the input filename to read a key from, |
or standard input if this option is not specified. |
or standard input if this option is not specified. |
|
|
.Op Fl C |
.Op Fl C |
.Op Fl check |
.Op Fl check |
.Op Fl conv_form Ar arg |
.Op Fl conv_form Ar arg |
.Op Fl engine Ar id |
|
.Op Fl genkey |
.Op Fl genkey |
.Op Fl in Ar file |
.Op Fl in Ar file |
.Op Fl inform Ar DER | PEM |
.Op Fl inform Ar DER | PEM |
|
|
and can be enabled by defining the preprocessor macro |
and can be enabled by defining the preprocessor macro |
.Ar OPENSSL_EC_BIN_PT_COMP |
.Ar OPENSSL_EC_BIN_PT_COMP |
at compile time. |
at compile time. |
.It Fl engine Ar id |
|
Specifying an engine (by its unique |
|
.Ar id |
|
string) will cause |
|
.Nm ecparam |
|
to attempt to obtain a functional reference to the specified engine, |
|
thus initialising it if needed. |
|
The engine will then be set as the default for all available algorithms. |
|
.It Fl genkey |
.It Fl genkey |
Generate an EC private key using the specified parameters. |
Generate an EC private key using the specified parameters. |
.It Fl in Ar file |
.It Fl in Ar file |
|
|
.Op Fl base64 |
.Op Fl base64 |
.Op Fl bufsize Ar number |
.Op Fl bufsize Ar number |
.Op Fl debug |
.Op Fl debug |
.Op Fl engine Ar id |
|
.Op Fl in Ar file |
.Op Fl in Ar file |
.Op Fl iv Ar IV |
.Op Fl iv Ar IV |
.Op Fl K Ar key |
.Op Fl K Ar key |
|
|
Debug the BIOs used for I/O. |
Debug the BIOs used for I/O. |
.It Fl e |
.It Fl e |
Encrypt the input data: this is the default. |
Encrypt the input data: this is the default. |
.It Fl engine Ar id |
|
Specifying an engine (by its unique |
|
.Ar id |
|
string) will cause |
|
.Nm enc |
|
to attempt to obtain a functional reference to the specified engine, |
|
thus initialising it if needed. |
|
The engine will then be set as the default for all available algorithms. |
|
.It Fl in Ar file |
.It Fl in Ar file |
The input |
The input |
.Ar file ; |
.Ar file ; |
|
|
.Nm openssl ciphername |
.Nm openssl ciphername |
or |
or |
.Nm openssl enc -ciphername . |
.Nm openssl enc -ciphername . |
But the first form doesn't work with engine-provided ciphers, |
|
because this form is processed before the |
|
configuration file is read and any engines loaded. |
|
.Pp |
.Pp |
Engines which provide entirely new encryption algorithms |
|
should be configured in the configuration file. |
|
Engines, specified on the command line using the |
|
.Fl engine |
|
option, |
|
can only be used for hardware-assisted implementations of ciphers, |
|
supported by |
|
.Nm OpenSSL |
|
core, or by other engines specified in the configuration file. |
|
.Pp |
|
When |
|
.Nm enc |
|
lists supported ciphers, |
|
ciphers provided by engines specified in the configuration files |
|
are listed too. |
|
.Pp |
|
A password will be prompted for to derive the |
A password will be prompted for to derive the |
.Ar key |
.Ar key |
and |
and |
|
|
Therefore it is not possible to use RC2 with a 76-bit key |
Therefore it is not possible to use RC2 with a 76-bit key |
or RC4 with an 84-bit key with this program. |
or RC4 with an 84-bit key with this program. |
.\" |
.\" |
.\" ENGINE |
|
.\" |
|
.Sh ENGINE |
|
.Nm openssl engine |
|
.Op Fl ctv |
|
.Op Fl post Ar cmd |
|
.Op Fl pre Ar cmd |
|
.Op Ar engine ... |
|
.Pp |
|
The |
|
.Nm engine |
|
command provides loadable module information and manipulation |
|
of various engines. |
|
Any options are applied to all engines supplied on the command line, |
|
or all supported engines if none are specified. |
|
.Pp |
|
The options are as follows: |
|
.Bl -tag -width Ds |
|
.It Fl c |
|
For each engine, also list the capabilities. |
|
.It Fl post Ar cmd |
|
Run command |
|
.Ar cmd |
|
against the engine after loading it |
|
(only used if |
|
.Fl t |
|
is also provided). |
|
.It Fl pre Ar cmd |
|
Run command |
|
.Ar cmd |
|
against the engine before any attempts |
|
to load it |
|
(only used if |
|
.Fl t |
|
is also provided). |
|
.It Fl t |
|
For each engine, check that they are really available. |
|
.Fl tt |
|
will display an error trace for unavailable engines. |
|
.It Fl v |
|
Verbose mode. |
|
For each engine, list its 'control commands'. |
|
.Fl vv |
|
will additionally display each command's description. |
|
.Fl vvv |
|
will also add the input flags for each command. |
|
.Fl vvvv |
|
will also show internal input flags. |
|
.El |
|
.\" |
|
.\" ERRSTR |
.\" ERRSTR |
.\" |
.\" |
.Sh ERRSTR |
.Sh ERRSTR |
|
|
.Fl aes128 | aes192 | aes256 | |
.Fl aes128 | aes192 | aes256 | |
.Fl des | des3 |
.Fl des | des3 |
.Oc |
.Oc |
.Op Fl engine Ar id |
|
.Op Fl out Ar file |
.Op Fl out Ar file |
.Op Ar paramfile |
.Op Ar paramfile |
.Ek |
.Ek |
|
|
or the triple DES ciphers, respectively, before outputting it. |
or the triple DES ciphers, respectively, before outputting it. |
A pass phrase is prompted for. |
A pass phrase is prompted for. |
If none of these options are specified, no encryption is used. |
If none of these options are specified, no encryption is used. |
.It Fl engine Ar id |
|
Specifying an engine (by its unique |
|
.Ar id |
|
string) will cause |
|
.Nm gendsa |
|
to attempt to obtain a functional reference to the specified engine, |
|
thus initialising it if needed. |
|
The engine will then be set as the default for all available algorithms. |
|
.It Fl out Ar file |
.It Fl out Ar file |
The output |
The output |
.Ar file . |
.Ar file . |
|
|
.Bk -words |
.Bk -words |
.Op Fl algorithm Ar alg |
.Op Fl algorithm Ar alg |
.Op Ar cipher |
.Op Ar cipher |
.Op Fl engine Ar id |
|
.Op Fl genparam |
.Op Fl genparam |
.Op Fl out Ar file |
.Op Fl out Ar file |
.Op Fl outform Ar DER | PEM |
.Op Fl outform Ar DER | PEM |
|
|
command generates private keys. |
command generates private keys. |
The use of this |
The use of this |
program is encouraged over the algorithm specific utilities |
program is encouraged over the algorithm specific utilities |
because additional algorithm options |
because additional algorithm options can be used. |
and engine-provided algorithms can be used. |
|
.Pp |
.Pp |
The options are as follows: |
The options are as follows: |
.Bl -tag -width Ds |
.Bl -tag -width Ds |
|
|
.Fn EVP_get_cipherbyname |
.Fn EVP_get_cipherbyname |
is acceptable, such as |
is acceptable, such as |
.Cm des3 . |
.Cm des3 . |
.It Fl engine Ar id |
|
Specifying an engine (by its unique |
|
.Ar id |
|
string) will cause |
|
.Nm genpkey |
|
to attempt to obtain a functional reference to the specified engine, |
|
thus initialising it if needed. |
|
The engine will then be set as the default for all available algorithms. |
|
.It Fl genparam |
.It Fl genparam |
Generate a set of parameters instead of a private key. |
Generate a set of parameters instead of a private key. |
If used this option must precede any |
If used this option must precede any |
|
|
.Fl aes128 | aes192 | aes256 | |
.Fl aes128 | aes192 | aes256 | |
.Fl des | des3 |
.Fl des | des3 |
.Oc |
.Oc |
.Op Fl engine Ar id |
|
.Op Fl out Ar file |
.Op Fl out Ar file |
.Op Fl passout Ar arg |
.Op Fl passout Ar arg |
.Op Ar numbits |
.Op Ar numbits |
|
|
if it is not supplied via the |
if it is not supplied via the |
.Fl passout |
.Fl passout |
option. |
option. |
.It Fl engine Ar id |
|
Specifying an engine (by its unique |
|
.Ar id |
|
string) will cause |
|
.Nm genrsa |
|
to attempt to obtain a functional reference to the specified engine, |
|
thus initialising it if needed. |
|
The engine will then be set as the default for all available algorithms. |
|
.It Fl out Ar file |
.It Fl out Ar file |
The output |
The output |
.Ar file . |
.Ar file . |
|
|
.nr nS 1 |
.nr nS 1 |
.Nm "openssl pkcs7" |
.Nm "openssl pkcs7" |
.Bk -words |
.Bk -words |
.Op Fl engine Ar id |
|
.Op Fl in Ar file |
.Op Fl in Ar file |
.Op Fl inform Ar DER | PEM |
.Op Fl inform Ar DER | PEM |
.Op Fl noout |
.Op Fl noout |
|
|
.Pp |
.Pp |
The options are as follows: |
The options are as follows: |
.Bl -tag -width Ds |
.Bl -tag -width Ds |
.It Fl engine Ar id |
|
Specifying an engine (by its unique |
|
.Ar id |
|
string) will cause |
|
.Nm pkcs7 |
|
to attempt to obtain a functional reference to the specified engine, |
|
thus initialising it if needed. |
|
The engine will then be set as the default for all available algorithms. |
|
.It Fl in Ar file |
.It Fl in Ar file |
This specifies the input |
This specifies the input |
.Ar file |
.Ar file |
|
|
.Nm "openssl pkcs8" |
.Nm "openssl pkcs8" |
.Bk -words |
.Bk -words |
.Op Fl embed |
.Op Fl embed |
.Op Fl engine Ar id |
|
.Op Fl in Ar file |
.Op Fl in Ar file |
.Op Fl inform Ar DER | PEM |
.Op Fl inform Ar DER | PEM |
.Op Fl nocrypt |
.Op Fl nocrypt |
|
|
two structures: |
two structures: |
a SEQUENCE containing the parameters and an ASN1 INTEGER containing |
a SEQUENCE containing the parameters and an ASN1 INTEGER containing |
the private key. |
the private key. |
.It Fl engine Ar id |
|
Specifying an engine (by its unique |
|
.Ar id |
|
string) will cause |
|
.Nm pkcs8 |
|
to attempt to obtain a functional reference to the specified engine, |
|
thus initialising it if needed. |
|
The engine will then be set as the default for all available algorithms. |
|
.It Fl in Ar file |
.It Fl in Ar file |
This specifies the input |
This specifies the input |
.Ar file |
.Ar file |
|
|
.Op Fl clcerts |
.Op Fl clcerts |
.Op Fl CSP Ar name |
.Op Fl CSP Ar name |
.Op Fl descert |
.Op Fl descert |
.Op Fl engine Ar id |
|
.Op Fl export |
.Op Fl export |
.Op Fl in Ar file |
.Op Fl in Ar file |
.Op Fl info |
.Op Fl info |
|
|
software. |
software. |
By default, the private key is encrypted using triple DES and the |
By default, the private key is encrypted using triple DES and the |
certificate using 40-bit RC2. |
certificate using 40-bit RC2. |
.It Fl engine Ar id |
|
Specifying an engine (by its unique |
|
.Ar id |
|
string) will cause |
|
.Nm pkcs12 |
|
to attempt to obtain a functional reference to the specified engine, |
|
thus initialising it if needed. |
|
The engine will then be set as the default for all available algorithms. |
|
.It Fl export |
.It Fl export |
This option specifies that a PKCS#12 file will be created rather than |
This option specifies that a PKCS#12 file will be created rather than |
parsed. |
parsed. |
|
|
.Nm "openssl pkey" |
.Nm "openssl pkey" |
.Bk -words |
.Bk -words |
.Op Ar cipher |
.Op Ar cipher |
.Op Fl engine Ar id |
|
.Op Fl in Ar file |
.Op Fl in Ar file |
.Op Fl inform Ar DER | PEM |
.Op Fl inform Ar DER | PEM |
.Op Fl noout |
.Op Fl noout |
|
|
.Fn EVP_get_cipherbyname |
.Fn EVP_get_cipherbyname |
is acceptable, such as |
is acceptable, such as |
.Cm des3 . |
.Cm des3 . |
.It Fl engine Ar id |
|
Specifying an engine (by its unique |
|
.Ar id |
|
string) will cause |
|
.Nm pkey |
|
to attempt to obtain a functional reference to the specified engine, |
|
thus initialising it if needed. |
|
The engine will then be set as the default for all available algorithms. |
|
.It Fl in Ar file |
.It Fl in Ar file |
This specifies the input filename to read a key from, |
This specifies the input filename to read a key from, |
or standard input if this option is not specified. |
or standard input if this option is not specified. |
|
|
.\" |
.\" |
.Sh PKEYPARAM |
.Sh PKEYPARAM |
.Cm openssl pkeyparam |
.Cm openssl pkeyparam |
.Op Fl engine Ar id |
|
.Op Fl in Ar file |
.Op Fl in Ar file |
.Op Fl noout |
.Op Fl noout |
.Op Fl out Ar file |
.Op Fl out Ar file |
|
|
.Pp |
.Pp |
The options are as follows: |
The options are as follows: |
.Bl -tag -width Ds |
.Bl -tag -width Ds |
.It Fl engine Ar id |
|
Specifying an engine (by its unique |
|
.Ar id |
|
string) will cause |
|
.Nm pkeyparam |
|
to attempt to obtain a functional reference to the specified engine, |
|
thus initialising it if needed. |
|
The engine will then be set as the default for all available algorithms. |
|
.It Fl in Ar file |
.It Fl in Ar file |
This specifies the input filename to read parameters from, |
This specifies the input filename to read parameters from, |
or standard input if this option is not specified. |
or standard input if this option is not specified. |
|
|
.Op Fl decrypt |
.Op Fl decrypt |
.Op Fl derive |
.Op Fl derive |
.Op Fl encrypt |
.Op Fl encrypt |
.Op Fl engine Ar id |
|
.Op Fl hexdump |
.Op Fl hexdump |
.Op Fl in Ar file |
.Op Fl in Ar file |
.Op Fl inkey Ar file |
.Op Fl inkey Ar file |
.Op Fl keyform Ar DER | ENGINE | PEM |
.Op Fl keyform Ar DER | PEM |
.Op Fl out Ar file |
.Op Fl out Ar file |
.Op Fl passin Ar arg |
.Op Fl passin Ar arg |
.Op Fl peerform Ar DER | ENGINE | PEM |
.Op Fl peerform Ar DER | PEM |
.Op Fl peerkey Ar file |
.Op Fl peerkey Ar file |
.Op Fl pkeyopt Ar opt : Ns Ar value |
.Op Fl pkeyopt Ar opt : Ns Ar value |
.Op Fl pubin |
.Op Fl pubin |
|
|
Derive a shared secret using the peer key. |
Derive a shared secret using the peer key. |
.It Fl encrypt |
.It Fl encrypt |
Encrypt the input data using a public key. |
Encrypt the input data using a public key. |
.It Fl engine Ar id |
|
Specifying an engine (by its unique |
|
.Ar id |
|
string) will cause |
|
.Nm pkeyutl |
|
to attempt to obtain a functional reference to the specified engine, |
|
thus initialising it if needed. |
|
The engine will then be set as the default for all available algorithms. |
|
.It Fl hexdump |
.It Fl hexdump |
Hex dump the output data. |
Hex dump the output data. |
.It Fl in Ar file |
.It Fl in Ar file |
|
|
.It Fl inkey Ar file |
.It Fl inkey Ar file |
The input key file. |
The input key file. |
By default it should be a private key. |
By default it should be a private key. |
.It Fl keyform Ar DER | ENGINE | PEM |
.It Fl keyform Ar DER | PEM |
The key format DER, ENGINE, or PEM. |
The key format DER or PEM. |
.It Fl out Ar file |
.It Fl out Ar file |
Specify the output filename to write to, |
Specify the output filename to write to, |
or standard output by default. |
or standard output by default. |
|
|
see the |
see the |
.Sx PASS PHRASE ARGUMENTS |
.Sx PASS PHRASE ARGUMENTS |
section above. |
section above. |
.It Fl peerform Ar DER | ENGINE | PEM |
.It Fl peerform Ar DER | PEM |
The peer key format DER, ENGINE, or PEM. |
The peer key format DER or PEM. |
.It Fl peerkey Ar file |
.It Fl peerkey Ar file |
The peer key file, used by key derivation (agreement) operations. |
The peer key file, used by key derivation (agreement) operations. |
.It Fl pkeyopt Ar opt : Ns Ar value |
.It Fl pkeyopt Ar opt : Ns Ar value |
|
|
.nr nS 1 |
.nr nS 1 |
.Nm "openssl rand" |
.Nm "openssl rand" |
.Op Fl base64 |
.Op Fl base64 |
.Op Fl engine Ar id |
|
.Op Fl hex |
.Op Fl hex |
.Op Fl out Ar file |
.Op Fl out Ar file |
.Ar num |
.Ar num |
|
|
Perform |
Perform |
.Em base64 |
.Em base64 |
encoding on the output. |
encoding on the output. |
.It Fl engine Ar id |
|
Specifying an engine (by its unique |
|
.Ar id |
|
string) will cause |
|
.Nm rand |
|
to attempt to obtain a functional reference to the specified engine, |
|
thus initialising it if needed. |
|
The engine will then be set as the default for all available algorithms. |
|
.It Fl hex |
.It Fl hex |
Specify hexadecimal output. |
Specify hexadecimal output. |
.It Fl out Ar file |
.It Fl out Ar file |
|
|
.Op Fl batch |
.Op Fl batch |
.Op Fl config Ar file |
.Op Fl config Ar file |
.Op Fl days Ar n |
.Op Fl days Ar n |
.Op Fl engine Ar id |
|
.Op Fl extensions Ar section |
.Op Fl extensions Ar section |
.Op Fl in Ar file |
.Op Fl in Ar file |
.Op Fl inform Ar DER | PEM |
.Op Fl inform Ar DER | PEM |
|
|
option is being used, this specifies the number of |
option is being used, this specifies the number of |
days to certify the certificate for. |
days to certify the certificate for. |
The default is 30 days. |
The default is 30 days. |
.It Fl engine Ar id |
|
Specifying an engine (by its unique |
|
.Ar id |
|
string) will cause |
|
.Nm req |
|
to attempt to obtain a functional reference to the specified engine, |
|
thus initialising it if needed. |
|
The engine will then be set as the default for all available algorithms. |
|
.It Fl extensions Ar section , Fl reqexts Ar section |
.It Fl extensions Ar section , Fl reqexts Ar section |
These options specify alternative sections to include certificate |
These options specify alternative sections to include certificate |
extensions (if the |
extensions (if the |
|
|
.Fl des | des3 |
.Fl des | des3 |
.Oc |
.Oc |
.Op Fl check |
.Op Fl check |
.Op Fl engine Ar id |
|
.Op Fl in Ar file |
.Op Fl in Ar file |
.Op Fl inform Ar DER | NET | PEM |
.Op Fl inform Ar DER | NET | PEM |
.Op Fl modulus |
.Op Fl modulus |
|
|
These options can only be used with PEM format output files. |
These options can only be used with PEM format output files. |
.It Fl check |
.It Fl check |
This option checks the consistency of an RSA private key. |
This option checks the consistency of an RSA private key. |
.It Fl engine Ar id |
|
Specifying an engine (by its unique |
|
.Ar id |
|
string) will cause |
|
.Nm rsa |
|
to attempt to obtain a functional reference to the specified engine, |
|
thus initialising it if needed. |
|
The engine will then be set as the default for all available algorithms. |
|
.It Fl in Ar file |
.It Fl in Ar file |
This specifies the input |
This specifies the input |
.Ar file |
.Ar file |
|
|
.Op Fl certin |
.Op Fl certin |
.Op Fl decrypt |
.Op Fl decrypt |
.Op Fl encrypt |
.Op Fl encrypt |
.Op Fl engine Ar id |
|
.Op Fl hexdump |
.Op Fl hexdump |
.Op Fl in Ar file |
.Op Fl in Ar file |
.Op Fl inkey Ar file |
.Op Fl inkey Ar file |
|
|
Decrypt the input data using an RSA private key. |
Decrypt the input data using an RSA private key. |
.It Fl encrypt |
.It Fl encrypt |
Encrypt the input data using an RSA public key. |
Encrypt the input data using an RSA public key. |
.It Fl engine Ar id |
|
Specifying an engine (by its unique |
|
.Ar id |
|
string) will cause |
|
.Nm rsautl |
|
to attempt to obtain a functional reference to the specified engine, |
|
thus initialising it if needed. |
|
The engine will then be set as the default for all available algorithms. |
|
.It Fl hexdump |
.It Fl hexdump |
Hex dump the output data. |
Hex dump the output data. |
.It Fl in Ar file |
.It Fl in Ar file |
|
|
.Op Fl crl_check_all |
.Op Fl crl_check_all |
.Op Fl crlf |
.Op Fl crlf |
.Op Fl debug |
.Op Fl debug |
.Op Fl engine Ar id |
|
.Op Fl extended_crl |
.Op Fl extended_crl |
.Op Fl ign_eof |
.Op Fl ign_eof |
.Op Fl ignore_critical |
.Op Fl ignore_critical |
|
|
by some servers. |
by some servers. |
.It Fl debug |
.It Fl debug |
Print extensive debugging information including a hex dump of all traffic. |
Print extensive debugging information including a hex dump of all traffic. |
.It Fl engine Ar id |
|
Specifying an engine (by its unique |
|
.Ar id |
|
string) will cause |
|
.Nm s_client |
|
to attempt to obtain a functional reference to the specified engine, |
|
thus initialising it if needed. |
|
The engine will then be set as the default for all available algorithms. |
|
.It Fl ign_eof |
.It Fl ign_eof |
Inhibit shutting down the connection when end of file is reached in the |
Inhibit shutting down the connection when end of file is reached in the |
input. |
input. |
|
|
.Op Fl debug |
.Op Fl debug |
.Op Fl dhparam Ar file |
.Op Fl dhparam Ar file |
.Op Fl dkey Ar file |
.Op Fl dkey Ar file |
.Op Fl engine Ar id |
|
.Op Fl hack |
.Op Fl hack |
.Op Fl HTTP |
.Op Fl HTTP |
.Op Fl id_prefix Ar arg |
.Op Fl id_prefix Ar arg |
|
|
If this fails, a static set of parameters hard coded into the |
If this fails, a static set of parameters hard coded into the |
.Nm s_server |
.Nm s_server |
program will be used. |
program will be used. |
.It Fl engine Ar id |
|
Specifying an engine (by its unique |
|
.Ar id |
|
string) will cause |
|
.Nm s_server |
|
to attempt to obtain a functional reference to the specified engine, |
|
thus initialising it if needed. |
|
The engine will then be set as the default for all available algorithms. |
|
.It Fl hack |
.It Fl hack |
This option enables a further workaround for some early Netscape |
This option enables a further workaround for some early Netscape |
SSL code |
SSL code |
|
|
.Op Fl crl_check_all |
.Op Fl crl_check_all |
.Op Fl decrypt |
.Op Fl decrypt |
.Op Fl encrypt |
.Op Fl encrypt |
.Op Fl engine Ar id |
|
.Op Fl extended_crl |
.Op Fl extended_crl |
.Op Fl from Ar addr |
.Op Fl from Ar addr |
.Op Fl ignore_critical |
.Op Fl ignore_critical |
|
|
.Op Fl inform Ar DER | PEM | SMIME |
.Op Fl inform Ar DER | PEM | SMIME |
.Op Fl inkey Ar file |
.Op Fl inkey Ar file |
.Op Fl issuer_checks |
.Op Fl issuer_checks |
.Op Fl keyform Ar ENGINE | PEM |
.Op Fl keyform Ar PEM |
.Op Fl md Ar digest |
.Op Fl md Ar digest |
.Op Fl noattr |
.Op Fl noattr |
.Op Fl nocerts |
.Op Fl nocerts |
|
|
and it uses the multipart/signed |
and it uses the multipart/signed |
.Em MIME |
.Em MIME |
content type. |
content type. |
.It Fl engine Ar id |
|
Specifying an engine (by its unique |
|
.Ar id |
|
string) will cause |
|
.Nm smime |
|
to attempt to obtain a functional reference to the specified engine, |
|
thus initialising it if needed. |
|
The engine will then be set as the default for all available algorithms. |
|
.It Xo |
.It Xo |
.Fl from Ar addr , |
.Fl from Ar addr , |
.Fl subject Ar s , |
.Fl subject Ar s , |
|
|
file. |
file. |
When signing, |
When signing, |
this option can be used multiple times to specify successive keys. |
this option can be used multiple times to specify successive keys. |
.It Fl keyform Ar ENGINE | PEM |
.It Fl keyform Ar PEM |
Input private key format. |
Input private key format. |
.It Fl md Ar digest |
.It Fl md Ar digest |
The digest algorithm to use when signing or resigning. |
The digest algorithm to use when signing or resigning. |
|
|
.Op Cm sha1 |
.Op Cm sha1 |
.Op Fl decrypt |
.Op Fl decrypt |
.Op Fl elapsed |
.Op Fl elapsed |
.Op Fl engine Ar id |
|
.Op Fl evp Ar e |
.Op Fl evp Ar e |
.Op Fl mr |
.Op Fl mr |
.Op Fl multi Ar number |
.Op Fl multi Ar number |
|
|
.It Fl decrypt |
.It Fl decrypt |
Time decryption instead of encryption |
Time decryption instead of encryption |
.Pq only EVP . |
.Pq only EVP . |
.It Fl engine Ar id |
|
Specifying an engine (by its unique |
|
.Ar id |
|
string) will cause |
|
.Nm speed |
|
to attempt to obtain a functional reference to the specified engine, |
|
thus initialising it if needed. |
|
The engine will then be set as the default for all available algorithms. |
|
.It Fl elapsed |
.It Fl elapsed |
Measure time in real time instead of CPU user time. |
Measure time in real time instead of CPU user time. |
.It Fl evp Ar e |
.It Fl evp Ar e |
|
|
.Fl reply |
.Fl reply |
.Op Fl chain Ar certs_file.pem |
.Op Fl chain Ar certs_file.pem |
.Op Fl config Ar configfile |
.Op Fl config Ar configfile |
.Op Fl engine Ar id |
|
.Op Fl in Ar response.tsr |
.Op Fl in Ar response.tsr |
.Op Fl inkey Ar private.pem |
.Op Fl inkey Ar private.pem |
.Op Fl out Ar response.tsr |
.Op Fl out Ar response.tsr |
|
|
See |
See |
.Sx TS CONFIGURATION FILE OPTIONS |
.Sx TS CONFIGURATION FILE OPTIONS |
for configurable variables. |
for configurable variables. |
.It Fl engine Ar id |
|
Specifying an engine (by its unique |
|
.Ar id |
|
string) will cause |
|
.Nm ts |
|
to attempt to obtain a functional reference to the specified engine, |
|
thus initialising it if needed. |
|
The engine will then be set as the default for all available algorithms. |
|
.It Fl in Ar response.tsr |
.It Fl in Ar response.tsr |
Specifies a previously created time stamp response or time stamp token, if |
Specifies a previously created time stamp response or time stamp token, if |
.Fl token_in |
.Fl token_in |
|
|
If the file does not exist at the time of response |
If the file does not exist at the time of response |
generation a new file is created with serial number 1. |
generation a new file is created with serial number 1. |
This parameter is mandatory. |
This parameter is mandatory. |
.It Cm crypto_device |
|
Specifies the |
|
.Nm OpenSSL |
|
engine that will be set as the default for |
|
all available algorithms. |
|
.It Cm signer_cert |
.It Cm signer_cert |
TSA signing certificate, in PEM format. |
TSA signing certificate, in PEM format. |
The same as the |
The same as the |
|
|
.Nm "openssl spkac" |
.Nm "openssl spkac" |
.Bk -words |
.Bk -words |
.Op Fl challenge Ar string |
.Op Fl challenge Ar string |
.Op Fl engine Ar id |
|
.Op Fl in Ar file |
.Op Fl in Ar file |
.Op Fl key Ar keyfile |
.Op Fl key Ar keyfile |
.Op Fl noout |
.Op Fl noout |
|
|
.Bl -tag -width Ds |
.Bl -tag -width Ds |
.It Fl challenge Ar string |
.It Fl challenge Ar string |
Specifies the challenge string if an SPKAC is being created. |
Specifies the challenge string if an SPKAC is being created. |
.It Fl engine Ar id |
|
Specifying an engine (by its unique |
|
.Ar id |
|
string) will cause |
|
.Nm spkac |
|
to attempt to obtain a functional reference to the specified engine, |
|
thus initialising it if needed. |
|
The engine will then be set as the default for all available algorithms. |
|
.It Fl in Ar file |
.It Fl in Ar file |
This specifies the input |
This specifies the input |
.Ar file |
.Ar file |
|
|
.Op Fl check_ss_sig |
.Op Fl check_ss_sig |
.Op Fl crl_check |
.Op Fl crl_check |
.Op Fl crl_check_all |
.Op Fl crl_check_all |
.Op Fl engine Ar id |
|
.Op Fl explicit_policy |
.Op Fl explicit_policy |
.Op Fl extended_crl |
.Op Fl extended_crl |
.Op Fl help |
.Op Fl help |
|
|
.It Fl crl_check_all |
.It Fl crl_check_all |
Checks the validity of all certificates in the chain by attempting |
Checks the validity of all certificates in the chain by attempting |
to look up valid CRLs. |
to look up valid CRLs. |
.It Fl engine Ar id |
|
Specifying an engine (by its unique |
|
.Ar id |
|
string) will cause |
|
.Nm verify |
|
to attempt to obtain a functional reference to the specified engine, |
|
thus initialising it if needed. |
|
The engine will then be set as the default for all available algorithms. |
|
.It Fl explicit_policy |
.It Fl explicit_policy |
Set policy variable require-explicit-policy (see RFC 3280 et al). |
Set policy variable require-explicit-policy (see RFC 3280 et al). |
.It Fl extended_crl |
.It Fl extended_crl |
|
|
.Op Fl days Ar arg |
.Op Fl days Ar arg |
.Op Fl email |
.Op Fl email |
.Op Fl enddate |
.Op Fl enddate |
.Op Fl engine Ar id |
|
.Op Fl extensions Ar section |
.Op Fl extensions Ar section |
.Op Fl extfile Ar file |
.Op Fl extfile Ar file |
.Op Fl fingerprint |
.Op Fl fingerprint |
|
|
various sections. |
various sections. |
.Sh X509 INPUT, OUTPUT, AND GENERAL PURPOSE OPTIONS |
.Sh X509 INPUT, OUTPUT, AND GENERAL PURPOSE OPTIONS |
.Bl -tag -width "XXXX" |
.Bl -tag -width "XXXX" |
.It Fl engine Ar id |
|
Specifying an engine (by its unique |
|
.Ar id |
|
string) will cause |
|
.Nm x509 |
|
to attempt to obtain a functional reference to the specified engine, |
|
thus initialising it if needed. |
|
The engine will then be set as the default for all available algorithms. |
|
.It Fl in Ar file |
.It Fl in Ar file |
This specifies the input |
This specifies the input |
.Ar file |
.Ar file |