| version 1.21, 2015/09/11 06:43:05 |
version 1.22, 2015/09/11 14:30:23 |
|
|
| EC parameter manipulation and generation. |
EC parameter manipulation and generation. |
| .It Cm enc |
.It Cm enc |
| Encoding with ciphers. |
Encoding with ciphers. |
| .It Cm engine |
|
| Engine (loadable module) information and manipulation. |
|
| .It Cm errstr |
.It Cm errstr |
| Error number to error string conversion. |
Error number to error string conversion. |
| .It Cm gendh |
.It Cm gendh |
|
|
| .Op Fl crlhours Ar hours |
.Op Fl crlhours Ar hours |
| .Op Fl days Ar arg |
.Op Fl days Ar arg |
| .Op Fl enddate Ar date |
.Op Fl enddate Ar date |
| .Op Fl engine Ar id |
|
| .Op Fl extensions Ar section |
.Op Fl extensions Ar section |
| .Op Fl extfile Ar section |
.Op Fl extfile Ar section |
| .Op Fl gencrl |
.Op Fl gencrl |
|
|
| .Op Fl infiles |
.Op Fl infiles |
| .Op Fl key Ar keyfile |
.Op Fl key Ar keyfile |
| .Op Fl keyfile Ar arg |
.Op Fl keyfile Ar arg |
| .Op Fl keyform Ar ENGINE | PEM |
.Op Fl keyform Ar PEM |
| .Op Fl md Ar arg |
.Op Fl md Ar arg |
| .Op Fl msie_hack |
.Op Fl msie_hack |
| .Op Fl name Ar section |
.Op Fl name Ar section |
|
|
| This allows the expiry date to be explicitly set. |
This allows the expiry date to be explicitly set. |
| The format of the date is YYMMDDHHMMSSZ |
The format of the date is YYMMDDHHMMSSZ |
| .Pq the same as an ASN1 UTCTime structure . |
.Pq the same as an ASN1 UTCTime structure . |
| .It Fl engine Ar id |
|
| Specifying an engine (by its unique |
|
| .Ar id |
|
| string) will cause |
|
| .Nm ca |
|
| to attempt to obtain a functional reference to the specified engine, |
|
| thus initialising it if needed. |
|
| The engine will then be set as the default for all available algorithms. |
|
| .It Fl extensions Ar section |
.It Fl extensions Ar section |
| The section of the configuration file containing certificate extensions |
The section of the configuration file containing certificate extensions |
| to be added when a certificate is issued (defaults to |
to be added when a certificate is issued (defaults to |
|
|
| utility) this option should be used with caution. |
utility) this option should be used with caution. |
| .It Fl keyfile Ar file |
.It Fl keyfile Ar file |
| The private key to sign requests with. |
The private key to sign requests with. |
| .It Fl keyform Ar ENGINE | PEM |
.It Fl keyform Ar PEM |
| Private key file format. |
Private key file format. |
| .It Fl md Ar alg |
.It Fl md Ar alg |
| The message digest to use. |
The message digest to use. |
|
|
| .Oc |
.Oc |
| .Op Fl binary |
.Op Fl binary |
| .Op Fl cd |
.Op Fl cd |
| .Op Fl engine Ar id |
|
| .Op Fl hex |
.Op Fl hex |
| .Op Fl hmac Ar key |
.Op Fl hmac Ar key |
| .Op Fl keyform Ar ENGINE | PEM |
.Op Fl keyform Ar PEM |
| .Op Fl mac Ar algorithm |
.Op Fl mac Ar algorithm |
| .Op Fl macopt Ar nm : Ns Ar v |
.Op Fl macopt Ar nm : Ns Ar v |
| .Op Fl out Ar file |
.Op Fl out Ar file |
|
|
| format output is used. |
format output is used. |
| .It Fl d |
.It Fl d |
| Print out BIO debugging information. |
Print out BIO debugging information. |
| .It Fl engine Ar id |
|
| Specifying an engine (by its unique |
|
| .Ar id |
|
| string) will cause |
|
| .Nm dgst |
|
| to attempt to obtain a functional reference to the specified engine, |
|
| thus initialising it if needed. |
|
| The engine will then be set as the default for all available algorithms. |
|
| This engine is not used as a source for digest algorithms |
|
| unless it is also specified in the configuration file. |
|
| .It Fl hex |
.It Fl hex |
| Digest is to be output as a hex dump. |
Digest is to be output as a hex dump. |
| This is the default case for a |
This is the default case for a |
|
|
| .It Fl hmac Ar key |
.It Fl hmac Ar key |
| Create a hashed MAC using |
Create a hashed MAC using |
| .Ar key . |
.Ar key . |
| .It Fl keyform Ar ENGINE | PEM |
.It Fl keyform Ar PEM |
| Specifies the key format to sign the digest with. |
Specifies the key format to sign the digest with. |
| .It Fl mac Ar algorithm |
.It Fl mac Ar algorithm |
| Create a keyed Message Authentication Code (MAC). |
Create a keyed Message Authentication Code (MAC). |
|
|
| .Op Fl C |
.Op Fl C |
| .Op Fl check |
.Op Fl check |
| .Op Fl dsaparam |
.Op Fl dsaparam |
| .Op Fl engine Ar id |
|
| .Op Fl in Ar file |
.Op Fl in Ar file |
| .Op Fl inform Ar DER | PEM |
.Op Fl inform Ar DER | PEM |
| .Op Fl noout |
.Op Fl noout |
|
|
| Beware that with such DSA-style DH parameters, |
Beware that with such DSA-style DH parameters, |
| a fresh DH key should be created for each use to |
a fresh DH key should be created for each use to |
| avoid small-subgroup attacks that may be possible otherwise. |
avoid small-subgroup attacks that may be possible otherwise. |
| .It Fl engine Ar id |
|
| Specifying an engine (by its unique |
|
| .Ar id |
|
| string) will cause |
|
| .Nm dhparam |
|
| to attempt to obtain a functional reference to the specified engine, |
|
| thus initialising it if needed. |
|
| The engine will then be set as the default for all available algorithms. |
|
| .It Fl in Ar file |
.It Fl in Ar file |
| This specifies the input |
This specifies the input |
| .Ar file |
.Ar file |
|
|
| .Fl aes128 | aes192 | aes256 | |
.Fl aes128 | aes192 | aes256 | |
| .Fl des | des3 |
.Fl des | des3 |
| .Oc |
.Oc |
| .Op Fl engine Ar id |
|
| .Op Fl in Ar file |
.Op Fl in Ar file |
| .Op Fl inform Ar DER | PEM |
.Op Fl inform Ar DER | PEM |
| .Op Fl modulus |
.Op Fl modulus |
|
|
| or by setting the encryption options it can be use to add or change |
or by setting the encryption options it can be use to add or change |
| the pass phrase. |
the pass phrase. |
| These options can only be used with PEM format output files. |
These options can only be used with PEM format output files. |
| .It Fl engine Ar id |
|
| Specifying an engine (by its unique |
|
| .Ar id |
|
| string) will cause |
|
| .Nm dsa |
|
| to attempt to obtain a functional reference to the specified engine, |
|
| thus initialising it if needed. |
|
| The engine will then be set as the default for all available algorithms. |
|
| .It Fl in Ar file |
.It Fl in Ar file |
| This specifies the input |
This specifies the input |
| .Ar file |
.Ar file |
|
|
| .Nm "openssl dsaparam" |
.Nm "openssl dsaparam" |
| .Bk -words |
.Bk -words |
| .Op Fl C |
.Op Fl C |
| .Op Fl engine Ar id |
|
| .Op Fl genkey |
.Op Fl genkey |
| .Op Fl in Ar file |
.Op Fl in Ar file |
| .Op Fl inform Ar DER | PEM |
.Op Fl inform Ar DER | PEM |
|
|
| The parameters can then be loaded by calling the |
The parameters can then be loaded by calling the |
| .Cm get_dsa Ns Ar XXX Ns Li () |
.Cm get_dsa Ns Ar XXX Ns Li () |
| function. |
function. |
| .It Fl engine Ar id |
|
| Specifying an engine (by its unique |
|
| .Ar id |
|
| string) will cause |
|
| .Nm dsaparam |
|
| to attempt to obtain a functional reference to the specified engine, |
|
| thus initialising it if needed. |
|
| The engine will then be set as the default for all available algorithms. |
|
| .It Fl genkey |
.It Fl genkey |
| This option will generate a DSA either using the specified or generated |
This option will generate a DSA either using the specified or generated |
| parameters. |
parameters. |
|
|
| .Op Fl conv_form Ar arg |
.Op Fl conv_form Ar arg |
| .Op Fl des |
.Op Fl des |
| .Op Fl des3 |
.Op Fl des3 |
| .Op Fl engine Ar id |
|
| .Op Fl in Ar file |
.Op Fl in Ar file |
| .Op Fl inform Ar DER | PEM |
.Op Fl inform Ar DER | PEM |
| .Op Fl noout |
.Op Fl noout |
|
|
| or by setting the encryption options |
or by setting the encryption options |
| it can be use to add or change the pass phrase. |
it can be use to add or change the pass phrase. |
| These options can only be used with PEM format output files. |
These options can only be used with PEM format output files. |
| .It Fl engine Ar id |
|
| Specifying an engine (by its unique |
|
| .Ar id |
|
| string) will cause |
|
| .Nm ec |
|
| to attempt to obtain a functional reference to the specified engine, |
|
| thus initialising it if needed. |
|
| The engine will then be set as the default for all available algorithms. |
|
| .It Fl in Ar file |
.It Fl in Ar file |
| This specifies the input filename to read a key from, |
This specifies the input filename to read a key from, |
| or standard input if this option is not specified. |
or standard input if this option is not specified. |
|
|
| .Op Fl C |
.Op Fl C |
| .Op Fl check |
.Op Fl check |
| .Op Fl conv_form Ar arg |
.Op Fl conv_form Ar arg |
| .Op Fl engine Ar id |
|
| .Op Fl genkey |
.Op Fl genkey |
| .Op Fl in Ar file |
.Op Fl in Ar file |
| .Op Fl inform Ar DER | PEM |
.Op Fl inform Ar DER | PEM |
|
|
| and can be enabled by defining the preprocessor macro |
and can be enabled by defining the preprocessor macro |
| .Ar OPENSSL_EC_BIN_PT_COMP |
.Ar OPENSSL_EC_BIN_PT_COMP |
| at compile time. |
at compile time. |
| .It Fl engine Ar id |
|
| Specifying an engine (by its unique |
|
| .Ar id |
|
| string) will cause |
|
| .Nm ecparam |
|
| to attempt to obtain a functional reference to the specified engine, |
|
| thus initialising it if needed. |
|
| The engine will then be set as the default for all available algorithms. |
|
| .It Fl genkey |
.It Fl genkey |
| Generate an EC private key using the specified parameters. |
Generate an EC private key using the specified parameters. |
| .It Fl in Ar file |
.It Fl in Ar file |
|
|
| .Op Fl base64 |
.Op Fl base64 |
| .Op Fl bufsize Ar number |
.Op Fl bufsize Ar number |
| .Op Fl debug |
.Op Fl debug |
| .Op Fl engine Ar id |
|
| .Op Fl in Ar file |
.Op Fl in Ar file |
| .Op Fl iv Ar IV |
.Op Fl iv Ar IV |
| .Op Fl K Ar key |
.Op Fl K Ar key |
|
|
| Debug the BIOs used for I/O. |
Debug the BIOs used for I/O. |
| .It Fl e |
.It Fl e |
| Encrypt the input data: this is the default. |
Encrypt the input data: this is the default. |
| .It Fl engine Ar id |
|
| Specifying an engine (by its unique |
|
| .Ar id |
|
| string) will cause |
|
| .Nm enc |
|
| to attempt to obtain a functional reference to the specified engine, |
|
| thus initialising it if needed. |
|
| The engine will then be set as the default for all available algorithms. |
|
| .It Fl in Ar file |
.It Fl in Ar file |
| The input |
The input |
| .Ar file ; |
.Ar file ; |
|
|
| .Nm openssl ciphername |
.Nm openssl ciphername |
| or |
or |
| .Nm openssl enc -ciphername . |
.Nm openssl enc -ciphername . |
| But the first form doesn't work with engine-provided ciphers, |
|
| because this form is processed before the |
|
| configuration file is read and any engines loaded. |
|
| .Pp |
.Pp |
| Engines which provide entirely new encryption algorithms |
|
| should be configured in the configuration file. |
|
| Engines, specified on the command line using the |
|
| .Fl engine |
|
| option, |
|
| can only be used for hardware-assisted implementations of ciphers, |
|
| supported by |
|
| .Nm OpenSSL |
|
| core, or by other engines specified in the configuration file. |
|
| .Pp |
|
| When |
|
| .Nm enc |
|
| lists supported ciphers, |
|
| ciphers provided by engines specified in the configuration files |
|
| are listed too. |
|
| .Pp |
|
| A password will be prompted for to derive the |
A password will be prompted for to derive the |
| .Ar key |
.Ar key |
| and |
and |
|
|
| Therefore it is not possible to use RC2 with a 76-bit key |
Therefore it is not possible to use RC2 with a 76-bit key |
| or RC4 with an 84-bit key with this program. |
or RC4 with an 84-bit key with this program. |
| .\" |
.\" |
| .\" ENGINE |
|
| .\" |
|
| .Sh ENGINE |
|
| .Nm openssl engine |
|
| .Op Fl ctv |
|
| .Op Fl post Ar cmd |
|
| .Op Fl pre Ar cmd |
|
| .Op Ar engine ... |
|
| .Pp |
|
| The |
|
| .Nm engine |
|
| command provides loadable module information and manipulation |
|
| of various engines. |
|
| Any options are applied to all engines supplied on the command line, |
|
| or all supported engines if none are specified. |
|
| .Pp |
|
| The options are as follows: |
|
| .Bl -tag -width Ds |
|
| .It Fl c |
|
| For each engine, also list the capabilities. |
|
| .It Fl post Ar cmd |
|
| Run command |
|
| .Ar cmd |
|
| against the engine after loading it |
|
| (only used if |
|
| .Fl t |
|
| is also provided). |
|
| .It Fl pre Ar cmd |
|
| Run command |
|
| .Ar cmd |
|
| against the engine before any attempts |
|
| to load it |
|
| (only used if |
|
| .Fl t |
|
| is also provided). |
|
| .It Fl t |
|
| For each engine, check that they are really available. |
|
| .Fl tt |
|
| will display an error trace for unavailable engines. |
|
| .It Fl v |
|
| Verbose mode. |
|
| For each engine, list its 'control commands'. |
|
| .Fl vv |
|
| will additionally display each command's description. |
|
| .Fl vvv |
|
| will also add the input flags for each command. |
|
| .Fl vvvv |
|
| will also show internal input flags. |
|
| .El |
|
| .\" |
|
| .\" ERRSTR |
.\" ERRSTR |
| .\" |
.\" |
| .Sh ERRSTR |
.Sh ERRSTR |
|
|
| .Fl aes128 | aes192 | aes256 | |
.Fl aes128 | aes192 | aes256 | |
| .Fl des | des3 |
.Fl des | des3 |
| .Oc |
.Oc |
| .Op Fl engine Ar id |
|
| .Op Fl out Ar file |
.Op Fl out Ar file |
| .Op Ar paramfile |
.Op Ar paramfile |
| .Ek |
.Ek |
|
|
| or the triple DES ciphers, respectively, before outputting it. |
or the triple DES ciphers, respectively, before outputting it. |
| A pass phrase is prompted for. |
A pass phrase is prompted for. |
| If none of these options are specified, no encryption is used. |
If none of these options are specified, no encryption is used. |
| .It Fl engine Ar id |
|
| Specifying an engine (by its unique |
|
| .Ar id |
|
| string) will cause |
|
| .Nm gendsa |
|
| to attempt to obtain a functional reference to the specified engine, |
|
| thus initialising it if needed. |
|
| The engine will then be set as the default for all available algorithms. |
|
| .It Fl out Ar file |
.It Fl out Ar file |
| The output |
The output |
| .Ar file . |
.Ar file . |
|
|
| .Bk -words |
.Bk -words |
| .Op Fl algorithm Ar alg |
.Op Fl algorithm Ar alg |
| .Op Ar cipher |
.Op Ar cipher |
| .Op Fl engine Ar id |
|
| .Op Fl genparam |
.Op Fl genparam |
| .Op Fl out Ar file |
.Op Fl out Ar file |
| .Op Fl outform Ar DER | PEM |
.Op Fl outform Ar DER | PEM |
|
|
| command generates private keys. |
command generates private keys. |
| The use of this |
The use of this |
| program is encouraged over the algorithm specific utilities |
program is encouraged over the algorithm specific utilities |
| because additional algorithm options |
because additional algorithm options can be used. |
| and engine-provided algorithms can be used. |
|
| .Pp |
.Pp |
| The options are as follows: |
The options are as follows: |
| .Bl -tag -width Ds |
.Bl -tag -width Ds |
|
|
| .Fn EVP_get_cipherbyname |
.Fn EVP_get_cipherbyname |
| is acceptable, such as |
is acceptable, such as |
| .Cm des3 . |
.Cm des3 . |
| .It Fl engine Ar id |
|
| Specifying an engine (by its unique |
|
| .Ar id |
|
| string) will cause |
|
| .Nm genpkey |
|
| to attempt to obtain a functional reference to the specified engine, |
|
| thus initialising it if needed. |
|
| The engine will then be set as the default for all available algorithms. |
|
| .It Fl genparam |
.It Fl genparam |
| Generate a set of parameters instead of a private key. |
Generate a set of parameters instead of a private key. |
| If used this option must precede any |
If used this option must precede any |
|
|
| .Fl aes128 | aes192 | aes256 | |
.Fl aes128 | aes192 | aes256 | |
| .Fl des | des3 |
.Fl des | des3 |
| .Oc |
.Oc |
| .Op Fl engine Ar id |
|
| .Op Fl out Ar file |
.Op Fl out Ar file |
| .Op Fl passout Ar arg |
.Op Fl passout Ar arg |
| .Op Ar numbits |
.Op Ar numbits |
|
|
| if it is not supplied via the |
if it is not supplied via the |
| .Fl passout |
.Fl passout |
| option. |
option. |
| .It Fl engine Ar id |
|
| Specifying an engine (by its unique |
|
| .Ar id |
|
| string) will cause |
|
| .Nm genrsa |
|
| to attempt to obtain a functional reference to the specified engine, |
|
| thus initialising it if needed. |
|
| The engine will then be set as the default for all available algorithms. |
|
| .It Fl out Ar file |
.It Fl out Ar file |
| The output |
The output |
| .Ar file . |
.Ar file . |
|
|
| .nr nS 1 |
.nr nS 1 |
| .Nm "openssl pkcs7" |
.Nm "openssl pkcs7" |
| .Bk -words |
.Bk -words |
| .Op Fl engine Ar id |
|
| .Op Fl in Ar file |
.Op Fl in Ar file |
| .Op Fl inform Ar DER | PEM |
.Op Fl inform Ar DER | PEM |
| .Op Fl noout |
.Op Fl noout |
|
|
| .Pp |
.Pp |
| The options are as follows: |
The options are as follows: |
| .Bl -tag -width Ds |
.Bl -tag -width Ds |
| .It Fl engine Ar id |
|
| Specifying an engine (by its unique |
|
| .Ar id |
|
| string) will cause |
|
| .Nm pkcs7 |
|
| to attempt to obtain a functional reference to the specified engine, |
|
| thus initialising it if needed. |
|
| The engine will then be set as the default for all available algorithms. |
|
| .It Fl in Ar file |
.It Fl in Ar file |
| This specifies the input |
This specifies the input |
| .Ar file |
.Ar file |
|
|
| .Nm "openssl pkcs8" |
.Nm "openssl pkcs8" |
| .Bk -words |
.Bk -words |
| .Op Fl embed |
.Op Fl embed |
| .Op Fl engine Ar id |
|
| .Op Fl in Ar file |
.Op Fl in Ar file |
| .Op Fl inform Ar DER | PEM |
.Op Fl inform Ar DER | PEM |
| .Op Fl nocrypt |
.Op Fl nocrypt |
|
|
| two structures: |
two structures: |
| a SEQUENCE containing the parameters and an ASN1 INTEGER containing |
a SEQUENCE containing the parameters and an ASN1 INTEGER containing |
| the private key. |
the private key. |
| .It Fl engine Ar id |
|
| Specifying an engine (by its unique |
|
| .Ar id |
|
| string) will cause |
|
| .Nm pkcs8 |
|
| to attempt to obtain a functional reference to the specified engine, |
|
| thus initialising it if needed. |
|
| The engine will then be set as the default for all available algorithms. |
|
| .It Fl in Ar file |
.It Fl in Ar file |
| This specifies the input |
This specifies the input |
| .Ar file |
.Ar file |
|
|
| .Op Fl clcerts |
.Op Fl clcerts |
| .Op Fl CSP Ar name |
.Op Fl CSP Ar name |
| .Op Fl descert |
.Op Fl descert |
| .Op Fl engine Ar id |
|
| .Op Fl export |
.Op Fl export |
| .Op Fl in Ar file |
.Op Fl in Ar file |
| .Op Fl info |
.Op Fl info |
|
|
| software. |
software. |
| By default, the private key is encrypted using triple DES and the |
By default, the private key is encrypted using triple DES and the |
| certificate using 40-bit RC2. |
certificate using 40-bit RC2. |
| .It Fl engine Ar id |
|
| Specifying an engine (by its unique |
|
| .Ar id |
|
| string) will cause |
|
| .Nm pkcs12 |
|
| to attempt to obtain a functional reference to the specified engine, |
|
| thus initialising it if needed. |
|
| The engine will then be set as the default for all available algorithms. |
|
| .It Fl export |
.It Fl export |
| This option specifies that a PKCS#12 file will be created rather than |
This option specifies that a PKCS#12 file will be created rather than |
| parsed. |
parsed. |
|
|
| .Nm "openssl pkey" |
.Nm "openssl pkey" |
| .Bk -words |
.Bk -words |
| .Op Ar cipher |
.Op Ar cipher |
| .Op Fl engine Ar id |
|
| .Op Fl in Ar file |
.Op Fl in Ar file |
| .Op Fl inform Ar DER | PEM |
.Op Fl inform Ar DER | PEM |
| .Op Fl noout |
.Op Fl noout |
|
|
| .Fn EVP_get_cipherbyname |
.Fn EVP_get_cipherbyname |
| is acceptable, such as |
is acceptable, such as |
| .Cm des3 . |
.Cm des3 . |
| .It Fl engine Ar id |
|
| Specifying an engine (by its unique |
|
| .Ar id |
|
| string) will cause |
|
| .Nm pkey |
|
| to attempt to obtain a functional reference to the specified engine, |
|
| thus initialising it if needed. |
|
| The engine will then be set as the default for all available algorithms. |
|
| .It Fl in Ar file |
.It Fl in Ar file |
| This specifies the input filename to read a key from, |
This specifies the input filename to read a key from, |
| or standard input if this option is not specified. |
or standard input if this option is not specified. |
|
|
| .\" |
.\" |
| .Sh PKEYPARAM |
.Sh PKEYPARAM |
| .Cm openssl pkeyparam |
.Cm openssl pkeyparam |
| .Op Fl engine Ar id |
|
| .Op Fl in Ar file |
.Op Fl in Ar file |
| .Op Fl noout |
.Op Fl noout |
| .Op Fl out Ar file |
.Op Fl out Ar file |
|
|
| .Pp |
.Pp |
| The options are as follows: |
The options are as follows: |
| .Bl -tag -width Ds |
.Bl -tag -width Ds |
| .It Fl engine Ar id |
|
| Specifying an engine (by its unique |
|
| .Ar id |
|
| string) will cause |
|
| .Nm pkeyparam |
|
| to attempt to obtain a functional reference to the specified engine, |
|
| thus initialising it if needed. |
|
| The engine will then be set as the default for all available algorithms. |
|
| .It Fl in Ar file |
.It Fl in Ar file |
| This specifies the input filename to read parameters from, |
This specifies the input filename to read parameters from, |
| or standard input if this option is not specified. |
or standard input if this option is not specified. |
|
|
| .Op Fl decrypt |
.Op Fl decrypt |
| .Op Fl derive |
.Op Fl derive |
| .Op Fl encrypt |
.Op Fl encrypt |
| .Op Fl engine Ar id |
|
| .Op Fl hexdump |
.Op Fl hexdump |
| .Op Fl in Ar file |
.Op Fl in Ar file |
| .Op Fl inkey Ar file |
.Op Fl inkey Ar file |
| .Op Fl keyform Ar DER | ENGINE | PEM |
.Op Fl keyform Ar DER | PEM |
| .Op Fl out Ar file |
.Op Fl out Ar file |
| .Op Fl passin Ar arg |
.Op Fl passin Ar arg |
| .Op Fl peerform Ar DER | ENGINE | PEM |
.Op Fl peerform Ar DER | PEM |
| .Op Fl peerkey Ar file |
.Op Fl peerkey Ar file |
| .Op Fl pkeyopt Ar opt : Ns Ar value |
.Op Fl pkeyopt Ar opt : Ns Ar value |
| .Op Fl pubin |
.Op Fl pubin |
|
|
| Derive a shared secret using the peer key. |
Derive a shared secret using the peer key. |
| .It Fl encrypt |
.It Fl encrypt |
| Encrypt the input data using a public key. |
Encrypt the input data using a public key. |
| .It Fl engine Ar id |
|
| Specifying an engine (by its unique |
|
| .Ar id |
|
| string) will cause |
|
| .Nm pkeyutl |
|
| to attempt to obtain a functional reference to the specified engine, |
|
| thus initialising it if needed. |
|
| The engine will then be set as the default for all available algorithms. |
|
| .It Fl hexdump |
.It Fl hexdump |
| Hex dump the output data. |
Hex dump the output data. |
| .It Fl in Ar file |
.It Fl in Ar file |
|
|
| .It Fl inkey Ar file |
.It Fl inkey Ar file |
| The input key file. |
The input key file. |
| By default it should be a private key. |
By default it should be a private key. |
| .It Fl keyform Ar DER | ENGINE | PEM |
.It Fl keyform Ar DER | PEM |
| The key format DER, ENGINE, or PEM. |
The key format DER or PEM. |
| .It Fl out Ar file |
.It Fl out Ar file |
| Specify the output filename to write to, |
Specify the output filename to write to, |
| or standard output by default. |
or standard output by default. |
|
|
| see the |
see the |
| .Sx PASS PHRASE ARGUMENTS |
.Sx PASS PHRASE ARGUMENTS |
| section above. |
section above. |
| .It Fl peerform Ar DER | ENGINE | PEM |
.It Fl peerform Ar DER | PEM |
| The peer key format DER, ENGINE, or PEM. |
The peer key format DER or PEM. |
| .It Fl peerkey Ar file |
.It Fl peerkey Ar file |
| The peer key file, used by key derivation (agreement) operations. |
The peer key file, used by key derivation (agreement) operations. |
| .It Fl pkeyopt Ar opt : Ns Ar value |
.It Fl pkeyopt Ar opt : Ns Ar value |
|
|
| .nr nS 1 |
.nr nS 1 |
| .Nm "openssl rand" |
.Nm "openssl rand" |
| .Op Fl base64 |
.Op Fl base64 |
| .Op Fl engine Ar id |
|
| .Op Fl hex |
.Op Fl hex |
| .Op Fl out Ar file |
.Op Fl out Ar file |
| .Ar num |
.Ar num |
|
|
| Perform |
Perform |
| .Em base64 |
.Em base64 |
| encoding on the output. |
encoding on the output. |
| .It Fl engine Ar id |
|
| Specifying an engine (by its unique |
|
| .Ar id |
|
| string) will cause |
|
| .Nm rand |
|
| to attempt to obtain a functional reference to the specified engine, |
|
| thus initialising it if needed. |
|
| The engine will then be set as the default for all available algorithms. |
|
| .It Fl hex |
.It Fl hex |
| Specify hexadecimal output. |
Specify hexadecimal output. |
| .It Fl out Ar file |
.It Fl out Ar file |
|
|
| .Op Fl batch |
.Op Fl batch |
| .Op Fl config Ar file |
.Op Fl config Ar file |
| .Op Fl days Ar n |
.Op Fl days Ar n |
| .Op Fl engine Ar id |
|
| .Op Fl extensions Ar section |
.Op Fl extensions Ar section |
| .Op Fl in Ar file |
.Op Fl in Ar file |
| .Op Fl inform Ar DER | PEM |
.Op Fl inform Ar DER | PEM |
|
|
| option is being used, this specifies the number of |
option is being used, this specifies the number of |
| days to certify the certificate for. |
days to certify the certificate for. |
| The default is 30 days. |
The default is 30 days. |
| .It Fl engine Ar id |
|
| Specifying an engine (by its unique |
|
| .Ar id |
|
| string) will cause |
|
| .Nm req |
|
| to attempt to obtain a functional reference to the specified engine, |
|
| thus initialising it if needed. |
|
| The engine will then be set as the default for all available algorithms. |
|
| .It Fl extensions Ar section , Fl reqexts Ar section |
.It Fl extensions Ar section , Fl reqexts Ar section |
| These options specify alternative sections to include certificate |
These options specify alternative sections to include certificate |
| extensions (if the |
extensions (if the |
|
|
| .Fl des | des3 |
.Fl des | des3 |
| .Oc |
.Oc |
| .Op Fl check |
.Op Fl check |
| .Op Fl engine Ar id |
|
| .Op Fl in Ar file |
.Op Fl in Ar file |
| .Op Fl inform Ar DER | NET | PEM |
.Op Fl inform Ar DER | NET | PEM |
| .Op Fl modulus |
.Op Fl modulus |
|
|
| These options can only be used with PEM format output files. |
These options can only be used with PEM format output files. |
| .It Fl check |
.It Fl check |
| This option checks the consistency of an RSA private key. |
This option checks the consistency of an RSA private key. |
| .It Fl engine Ar id |
|
| Specifying an engine (by its unique |
|
| .Ar id |
|
| string) will cause |
|
| .Nm rsa |
|
| to attempt to obtain a functional reference to the specified engine, |
|
| thus initialising it if needed. |
|
| The engine will then be set as the default for all available algorithms. |
|
| .It Fl in Ar file |
.It Fl in Ar file |
| This specifies the input |
This specifies the input |
| .Ar file |
.Ar file |
|
|
| .Op Fl certin |
.Op Fl certin |
| .Op Fl decrypt |
.Op Fl decrypt |
| .Op Fl encrypt |
.Op Fl encrypt |
| .Op Fl engine Ar id |
|
| .Op Fl hexdump |
.Op Fl hexdump |
| .Op Fl in Ar file |
.Op Fl in Ar file |
| .Op Fl inkey Ar file |
.Op Fl inkey Ar file |
|
|
| Decrypt the input data using an RSA private key. |
Decrypt the input data using an RSA private key. |
| .It Fl encrypt |
.It Fl encrypt |
| Encrypt the input data using an RSA public key. |
Encrypt the input data using an RSA public key. |
| .It Fl engine Ar id |
|
| Specifying an engine (by its unique |
|
| .Ar id |
|
| string) will cause |
|
| .Nm rsautl |
|
| to attempt to obtain a functional reference to the specified engine, |
|
| thus initialising it if needed. |
|
| The engine will then be set as the default for all available algorithms. |
|
| .It Fl hexdump |
.It Fl hexdump |
| Hex dump the output data. |
Hex dump the output data. |
| .It Fl in Ar file |
.It Fl in Ar file |
|
|
| .Op Fl crl_check_all |
.Op Fl crl_check_all |
| .Op Fl crlf |
.Op Fl crlf |
| .Op Fl debug |
.Op Fl debug |
| .Op Fl engine Ar id |
|
| .Op Fl extended_crl |
.Op Fl extended_crl |
| .Op Fl ign_eof |
.Op Fl ign_eof |
| .Op Fl ignore_critical |
.Op Fl ignore_critical |
|
|
| by some servers. |
by some servers. |
| .It Fl debug |
.It Fl debug |
| Print extensive debugging information including a hex dump of all traffic. |
Print extensive debugging information including a hex dump of all traffic. |
| .It Fl engine Ar id |
|
| Specifying an engine (by its unique |
|
| .Ar id |
|
| string) will cause |
|
| .Nm s_client |
|
| to attempt to obtain a functional reference to the specified engine, |
|
| thus initialising it if needed. |
|
| The engine will then be set as the default for all available algorithms. |
|
| .It Fl ign_eof |
.It Fl ign_eof |
| Inhibit shutting down the connection when end of file is reached in the |
Inhibit shutting down the connection when end of file is reached in the |
| input. |
input. |
|
|
| .Op Fl debug |
.Op Fl debug |
| .Op Fl dhparam Ar file |
.Op Fl dhparam Ar file |
| .Op Fl dkey Ar file |
.Op Fl dkey Ar file |
| .Op Fl engine Ar id |
|
| .Op Fl hack |
.Op Fl hack |
| .Op Fl HTTP |
.Op Fl HTTP |
| .Op Fl id_prefix Ar arg |
.Op Fl id_prefix Ar arg |
|
|
| If this fails, a static set of parameters hard coded into the |
If this fails, a static set of parameters hard coded into the |
| .Nm s_server |
.Nm s_server |
| program will be used. |
program will be used. |
| .It Fl engine Ar id |
|
| Specifying an engine (by its unique |
|
| .Ar id |
|
| string) will cause |
|
| .Nm s_server |
|
| to attempt to obtain a functional reference to the specified engine, |
|
| thus initialising it if needed. |
|
| The engine will then be set as the default for all available algorithms. |
|
| .It Fl hack |
.It Fl hack |
| This option enables a further workaround for some early Netscape |
This option enables a further workaround for some early Netscape |
| SSL code |
SSL code |
|
|
| .Op Fl crl_check_all |
.Op Fl crl_check_all |
| .Op Fl decrypt |
.Op Fl decrypt |
| .Op Fl encrypt |
.Op Fl encrypt |
| .Op Fl engine Ar id |
|
| .Op Fl extended_crl |
.Op Fl extended_crl |
| .Op Fl from Ar addr |
.Op Fl from Ar addr |
| .Op Fl ignore_critical |
.Op Fl ignore_critical |
|
|
| .Op Fl inform Ar DER | PEM | SMIME |
.Op Fl inform Ar DER | PEM | SMIME |
| .Op Fl inkey Ar file |
.Op Fl inkey Ar file |
| .Op Fl issuer_checks |
.Op Fl issuer_checks |
| .Op Fl keyform Ar ENGINE | PEM |
.Op Fl keyform Ar PEM |
| .Op Fl md Ar digest |
.Op Fl md Ar digest |
| .Op Fl noattr |
.Op Fl noattr |
| .Op Fl nocerts |
.Op Fl nocerts |
|
|
| and it uses the multipart/signed |
and it uses the multipart/signed |
| .Em MIME |
.Em MIME |
| content type. |
content type. |
| .It Fl engine Ar id |
|
| Specifying an engine (by its unique |
|
| .Ar id |
|
| string) will cause |
|
| .Nm smime |
|
| to attempt to obtain a functional reference to the specified engine, |
|
| thus initialising it if needed. |
|
| The engine will then be set as the default for all available algorithms. |
|
| .It Xo |
.It Xo |
| .Fl from Ar addr , |
.Fl from Ar addr , |
| .Fl subject Ar s , |
.Fl subject Ar s , |
|
|
| file. |
file. |
| When signing, |
When signing, |
| this option can be used multiple times to specify successive keys. |
this option can be used multiple times to specify successive keys. |
| .It Fl keyform Ar ENGINE | PEM |
.It Fl keyform Ar PEM |
| Input private key format. |
Input private key format. |
| .It Fl md Ar digest |
.It Fl md Ar digest |
| The digest algorithm to use when signing or resigning. |
The digest algorithm to use when signing or resigning. |
|
|
| .Op Cm sha1 |
.Op Cm sha1 |
| .Op Fl decrypt |
.Op Fl decrypt |
| .Op Fl elapsed |
.Op Fl elapsed |
| .Op Fl engine Ar id |
|
| .Op Fl evp Ar e |
.Op Fl evp Ar e |
| .Op Fl mr |
.Op Fl mr |
| .Op Fl multi Ar number |
.Op Fl multi Ar number |
|
|
| .It Fl decrypt |
.It Fl decrypt |
| Time decryption instead of encryption |
Time decryption instead of encryption |
| .Pq only EVP . |
.Pq only EVP . |
| .It Fl engine Ar id |
|
| Specifying an engine (by its unique |
|
| .Ar id |
|
| string) will cause |
|
| .Nm speed |
|
| to attempt to obtain a functional reference to the specified engine, |
|
| thus initialising it if needed. |
|
| The engine will then be set as the default for all available algorithms. |
|
| .It Fl elapsed |
.It Fl elapsed |
| Measure time in real time instead of CPU user time. |
Measure time in real time instead of CPU user time. |
| .It Fl evp Ar e |
.It Fl evp Ar e |
|
|
| .Fl reply |
.Fl reply |
| .Op Fl chain Ar certs_file.pem |
.Op Fl chain Ar certs_file.pem |
| .Op Fl config Ar configfile |
.Op Fl config Ar configfile |
| .Op Fl engine Ar id |
|
| .Op Fl in Ar response.tsr |
.Op Fl in Ar response.tsr |
| .Op Fl inkey Ar private.pem |
.Op Fl inkey Ar private.pem |
| .Op Fl out Ar response.tsr |
.Op Fl out Ar response.tsr |
|
|
| See |
See |
| .Sx TS CONFIGURATION FILE OPTIONS |
.Sx TS CONFIGURATION FILE OPTIONS |
| for configurable variables. |
for configurable variables. |
| .It Fl engine Ar id |
|
| Specifying an engine (by its unique |
|
| .Ar id |
|
| string) will cause |
|
| .Nm ts |
|
| to attempt to obtain a functional reference to the specified engine, |
|
| thus initialising it if needed. |
|
| The engine will then be set as the default for all available algorithms. |
|
| .It Fl in Ar response.tsr |
.It Fl in Ar response.tsr |
| Specifies a previously created time stamp response or time stamp token, if |
Specifies a previously created time stamp response or time stamp token, if |
| .Fl token_in |
.Fl token_in |
|
|
| If the file does not exist at the time of response |
If the file does not exist at the time of response |
| generation a new file is created with serial number 1. |
generation a new file is created with serial number 1. |
| This parameter is mandatory. |
This parameter is mandatory. |
| .It Cm crypto_device |
|
| Specifies the |
|
| .Nm OpenSSL |
|
| engine that will be set as the default for |
|
| all available algorithms. |
|
| .It Cm signer_cert |
.It Cm signer_cert |
| TSA signing certificate, in PEM format. |
TSA signing certificate, in PEM format. |
| The same as the |
The same as the |
|
|
| .Nm "openssl spkac" |
.Nm "openssl spkac" |
| .Bk -words |
.Bk -words |
| .Op Fl challenge Ar string |
.Op Fl challenge Ar string |
| .Op Fl engine Ar id |
|
| .Op Fl in Ar file |
.Op Fl in Ar file |
| .Op Fl key Ar keyfile |
.Op Fl key Ar keyfile |
| .Op Fl noout |
.Op Fl noout |
|
|
| .Bl -tag -width Ds |
.Bl -tag -width Ds |
| .It Fl challenge Ar string |
.It Fl challenge Ar string |
| Specifies the challenge string if an SPKAC is being created. |
Specifies the challenge string if an SPKAC is being created. |
| .It Fl engine Ar id |
|
| Specifying an engine (by its unique |
|
| .Ar id |
|
| string) will cause |
|
| .Nm spkac |
|
| to attempt to obtain a functional reference to the specified engine, |
|
| thus initialising it if needed. |
|
| The engine will then be set as the default for all available algorithms. |
|
| .It Fl in Ar file |
.It Fl in Ar file |
| This specifies the input |
This specifies the input |
| .Ar file |
.Ar file |
|
|
| .Op Fl check_ss_sig |
.Op Fl check_ss_sig |
| .Op Fl crl_check |
.Op Fl crl_check |
| .Op Fl crl_check_all |
.Op Fl crl_check_all |
| .Op Fl engine Ar id |
|
| .Op Fl explicit_policy |
.Op Fl explicit_policy |
| .Op Fl extended_crl |
.Op Fl extended_crl |
| .Op Fl help |
.Op Fl help |
|
|
| .It Fl crl_check_all |
.It Fl crl_check_all |
| Checks the validity of all certificates in the chain by attempting |
Checks the validity of all certificates in the chain by attempting |
| to look up valid CRLs. |
to look up valid CRLs. |
| .It Fl engine Ar id |
|
| Specifying an engine (by its unique |
|
| .Ar id |
|
| string) will cause |
|
| .Nm verify |
|
| to attempt to obtain a functional reference to the specified engine, |
|
| thus initialising it if needed. |
|
| The engine will then be set as the default for all available algorithms. |
|
| .It Fl explicit_policy |
.It Fl explicit_policy |
| Set policy variable require-explicit-policy (see RFC 3280 et al). |
Set policy variable require-explicit-policy (see RFC 3280 et al). |
| .It Fl extended_crl |
.It Fl extended_crl |
|
|
| .Op Fl days Ar arg |
.Op Fl days Ar arg |
| .Op Fl email |
.Op Fl email |
| .Op Fl enddate |
.Op Fl enddate |
| .Op Fl engine Ar id |
|
| .Op Fl extensions Ar section |
.Op Fl extensions Ar section |
| .Op Fl extfile Ar file |
.Op Fl extfile Ar file |
| .Op Fl fingerprint |
.Op Fl fingerprint |
|
|
| various sections. |
various sections. |
| .Sh X509 INPUT, OUTPUT, AND GENERAL PURPOSE OPTIONS |
.Sh X509 INPUT, OUTPUT, AND GENERAL PURPOSE OPTIONS |
| .Bl -tag -width "XXXX" |
.Bl -tag -width "XXXX" |
| .It Fl engine Ar id |
|
| Specifying an engine (by its unique |
|
| .Ar id |
|
| string) will cause |
|
| .Nm x509 |
|
| to attempt to obtain a functional reference to the specified engine, |
|
| thus initialising it if needed. |
|
| The engine will then be set as the default for all available algorithms. |
|
| .It Fl in Ar file |
.It Fl in Ar file |
| This specifies the input |
This specifies the input |
| .Ar file |
.Ar file |
![[BACK]](/icons/back.gif){kind=icon}
Return to openssl.1 CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / usr.bin / openssl