Annotation of src/usr.bin/openssl/openssl.1, Revision 1.101
1.101 ! inoguchi 1: .\" $OpenBSD: openssl.1,v 1.100 2019/02/04 11:21:05 tb Exp $
1.1 jsing 2: .\" ====================================================================
3: .\" Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
4: .\"
5: .\" Redistribution and use in source and binary forms, with or without
6: .\" modification, are permitted provided that the following conditions
7: .\" are met:
8: .\"
9: .\" 1. Redistributions of source code must retain the above copyright
10: .\" notice, this list of conditions and the following disclaimer.
11: .\"
12: .\" 2. Redistributions in binary form must reproduce the above copyright
13: .\" notice, this list of conditions and the following disclaimer in
14: .\" the documentation and/or other materials provided with the
15: .\" distribution.
16: .\"
17: .\" 3. All advertising materials mentioning features or use of this
18: .\" software must display the following acknowledgment:
19: .\" "This product includes software developed by the OpenSSL Project
20: .\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
21: .\"
22: .\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
23: .\" endorse or promote products derived from this software without
24: .\" prior written permission. For written permission, please contact
25: .\" openssl-core@openssl.org.
26: .\"
27: .\" 5. Products derived from this software may not be called "OpenSSL"
28: .\" nor may "OpenSSL" appear in their names without prior written
29: .\" permission of the OpenSSL Project.
30: .\"
31: .\" 6. Redistributions of any form whatsoever must retain the following
32: .\" acknowledgment:
33: .\" "This product includes software developed by the OpenSSL Project
34: .\" for use in the OpenSSL Toolkit (http://www.openssl.org/)"
35: .\"
36: .\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
37: .\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
38: .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
39: .\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
40: .\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
41: .\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
42: .\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
43: .\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
44: .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
45: .\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
46: .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
47: .\" OF THE POSSIBILITY OF SUCH DAMAGE.
48: .\" ====================================================================
49: .\"
50: .\" This product includes cryptographic software written by Eric Young
51: .\" (eay@cryptsoft.com). This product includes software written by Tim
52: .\" Hudson (tjh@cryptsoft.com).
53: .\"
54: .\"
55: .\" Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
56: .\" All rights reserved.
57: .\"
58: .\" This package is an SSL implementation written
59: .\" by Eric Young (eay@cryptsoft.com).
60: .\" The implementation was written so as to conform with Netscapes SSL.
61: .\"
62: .\" This library is free for commercial and non-commercial use as long as
63: .\" the following conditions are aheared to. The following conditions
64: .\" apply to all code found in this distribution, be it the RC4, RSA,
65: .\" lhash, DES, etc., code; not just the SSL code. The SSL documentation
66: .\" included with this distribution is covered by the same copyright terms
67: .\" except that the holder is Tim Hudson (tjh@cryptsoft.com).
68: .\"
69: .\" Copyright remains Eric Young's, and as such any Copyright notices in
70: .\" the code are not to be removed.
71: .\" If this package is used in a product, Eric Young should be given attribution
72: .\" as the author of the parts of the library used.
73: .\" This can be in the form of a textual message at program startup or
74: .\" in documentation (online or textual) provided with the package.
75: .\"
76: .\" Redistribution and use in source and binary forms, with or without
77: .\" modification, are permitted provided that the following conditions
78: .\" are met:
79: .\" 1. Redistributions of source code must retain the copyright
80: .\" notice, this list of conditions and the following disclaimer.
81: .\" 2. Redistributions in binary form must reproduce the above copyright
82: .\" notice, this list of conditions and the following disclaimer in the
83: .\" documentation and/or other materials provided with the distribution.
84: .\" 3. All advertising materials mentioning features or use of this software
85: .\" must display the following acknowledgement:
86: .\" "This product includes cryptographic software written by
87: .\" Eric Young (eay@cryptsoft.com)"
88: .\" The word 'cryptographic' can be left out if the rouines from the library
89: .\" being used are not cryptographic related :-).
90: .\" 4. If you include any Windows specific code (or a derivative thereof) from
91: .\" the apps directory (application code) you must include an
92: .\" acknowledgement:
93: .\" "This product includes software written by Tim Hudson
94: .\" (tjh@cryptsoft.com)"
95: .\"
96: .\" THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
97: .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
98: .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
99: .\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
100: .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
101: .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
102: .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
103: .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
104: .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
105: .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
106: .\" SUCH DAMAGE.
107: .\"
108: .\" The licence and distribution terms for any publically available version or
109: .\" derivative of this code cannot be changed. i.e. this code cannot simply be
110: .\" copied and put under another distribution licence
111: .\" [including the GNU Public Licence.]
112: .\"
1.101 ! inoguchi 113: .Dd $Mdocdate: February 4 2019 $
1.1 jsing 114: .Dt OPENSSL 1
115: .Os
116: .Sh NAME
117: .Nm openssl
118: .Nd OpenSSL command line tool
119: .Sh SYNOPSIS
120: .Nm
1.90 schwarze 121: .Ar command
1.1 jsing 122: .Op Ar command_opts
123: .Op Ar command_args
124: .Pp
125: .Nm
1.13 bentley 126: .Cm list-standard-commands |
127: .Cm list-message-digest-commands |
128: .Cm list-cipher-commands |
129: .Cm list-cipher-algorithms |
130: .Cm list-message-digest-algorithms |
1.1 jsing 131: .Cm list-public-key-algorithms
132: .Pp
133: .Nm
1.39 jmc 134: .Cm no- Ns Ar command
1.1 jsing 135: .Sh DESCRIPTION
136: .Nm OpenSSL
1.31 jmc 137: is a cryptography toolkit implementing the
138: Transport Layer Security
1.1 jsing 139: .Pq TLS v1
1.31 jmc 140: network protocol,
141: as well as related cryptography standards.
1.1 jsing 142: .Pp
143: The
144: .Nm
145: program is a command line tool for using the various
146: cryptography functions of
1.39 jmc 147: .Nm openssl Ns 's
1.33 jmc 148: crypto library from the shell.
1.1 jsing 149: .Pp
150: The pseudo-commands
151: .Cm list-standard-commands , list-message-digest-commands ,
152: and
153: .Cm list-cipher-commands
154: output a list
155: .Pq one entry per line
156: of the names of all standard commands, message digest commands,
157: or cipher commands, respectively, that are available in the present
158: .Nm
159: utility.
160: .Pp
161: The pseudo-commands
162: .Cm list-cipher-algorithms
163: and
164: .Cm list-message-digest-algorithms
165: list all cipher and message digest names,
166: one entry per line.
167: Aliases are listed as:
168: .Pp
1.33 jmc 169: .D1 from => to
1.1 jsing 170: .Pp
171: The pseudo-command
172: .Cm list-public-key-algorithms
173: lists all supported public key algorithms.
174: .Pp
175: The pseudo-command
1.39 jmc 176: .Cm no- Ns Ar command
1.1 jsing 177: tests whether a command of the
178: specified name is available.
1.39 jmc 179: If
180: .Ar command
181: does not exist,
1.1 jsing 182: it returns 0
183: and prints
1.39 jmc 184: .Cm no- Ns Ar command ;
1.1 jsing 185: otherwise it returns 1 and prints
1.39 jmc 186: .Ar command .
187: In both cases, the output goes to stdout and nothing is printed to stderr.
1.1 jsing 188: Additional command line arguments are always ignored.
189: Since for each cipher there is a command of the same name,
190: this provides an easy way for shell scripts to test for the
191: availability of ciphers in the
192: .Nm
193: program.
194: .Pp
195: .Sy Note :
1.39 jmc 196: .Cm no- Ns Ar command
1.1 jsing 197: is not able to detect pseudo-commands such as
198: .Cm quit ,
199: .Cm list- Ns Ar ... Ns Cm -commands ,
200: or
1.39 jmc 201: .Cm no- Ns Ar command
1.1 jsing 202: itself.
203: .Sh ASN1PARSE
204: .nr nS 1
205: .Nm "openssl asn1parse"
206: .Op Fl i
207: .Op Fl dlimit Ar number
208: .Op Fl dump
209: .Op Fl genconf Ar file
210: .Op Fl genstr Ar str
211: .Op Fl in Ar file
1.34 jmc 212: .Op Fl inform Cm der | pem | txt
1.1 jsing 213: .Op Fl length Ar number
214: .Op Fl noout
215: .Op Fl offset Ar number
216: .Op Fl oid Ar file
217: .Op Fl out Ar file
218: .Op Fl strparse Ar offset
219: .nr nS 0
220: .Pp
221: The
222: .Nm asn1parse
223: command is a diagnostic utility that can parse ASN.1 structures.
224: It can also be used to extract data from ASN.1 formatted data.
225: .Pp
226: The options are as follows:
227: .Bl -tag -width Ds
228: .It Fl dlimit Ar number
229: Dump the first
230: .Ar number
231: bytes of unknown data in hex form.
232: .It Fl dump
233: Dump unknown data in hex form.
234: .It Fl genconf Ar file , Fl genstr Ar str
235: Generate encoded data based on string
236: .Ar str ,
237: file
238: .Ar file ,
1.34 jmc 239: or both, using the format described in
240: .Xr ASN1_generate_nconf 3 .
1.1 jsing 241: If only
242: .Ar file
243: is present then the string is obtained from the default section
244: using the name
245: .Dq asn1 .
1.84 jmc 246: The encoded data is passed through the ASN.1 parser and printed out as
1.1 jsing 247: though it came from a file;
248: the contents can thus be examined and written to a file using the
249: .Fl out
250: option.
251: .It Fl i
1.34 jmc 252: Indent the output according to the
1.1 jsing 253: .Qq depth
254: of the structures.
255: .It Fl in Ar file
1.41 jmc 256: The input file to read from, or standard input if not specified.
1.34 jmc 257: .It Fl inform Cm der | pem | txt
1.1 jsing 258: The input format.
259: .It Fl length Ar number
1.34 jmc 260: Number of bytes to parse; the default is until end of file.
1.1 jsing 261: .It Fl noout
1.46 jmc 262: Do not output the parsed version of the input file.
1.1 jsing 263: .It Fl offset Ar number
1.34 jmc 264: Starting offset to begin parsing; the default is start of file.
1.1 jsing 265: .It Fl oid Ar file
266: A file containing additional object identifiers
267: .Pq OIDs .
268: If an OID
269: .Pq object identifier
270: is not part of
1.34 jmc 271: .Nm openssl Ns 's
1.1 jsing 272: internal table it will be represented in
273: numerical form
274: .Pq for example 1.2.3.4 .
1.34 jmc 275: .Pp
1.1 jsing 276: Each line consists of three columns:
277: the first column is the OID in numerical format and should be followed by
278: whitespace.
279: The second column is the
1.34 jmc 280: .Qq short name ,
1.1 jsing 281: which is a single word followed by whitespace.
282: The final column is the rest of the line and is the
283: .Qq long name .
284: .Nm asn1parse
285: displays the long name.
1.34 jmc 286: .It Fl out Ar file
287: The DER-encoded output file; the default is no encoded output
288: (useful when combined with
289: .Fl strparse ) .
290: .It Fl strparse Ar offset
291: Parse the content octets of the ASN.1 object starting at
292: .Ar offset .
293: This option can be used multiple times to
294: .Qq drill down
295: into a nested structure.
296: .El
1.1 jsing 297: .Sh CA
298: .nr nS 1
299: .Nm "openssl ca"
300: .Op Fl batch
301: .Op Fl cert Ar file
302: .Op Fl config Ar file
1.91 schwarze 303: .Op Fl create_serial
1.1 jsing 304: .Op Fl crl_CA_compromise Ar time
305: .Op Fl crl_compromise Ar time
306: .Op Fl crl_hold Ar instruction
307: .Op Fl crl_reason Ar reason
308: .Op Fl crldays Ar days
309: .Op Fl crlexts Ar section
310: .Op Fl crlhours Ar hours
311: .Op Fl days Ar arg
312: .Op Fl enddate Ar date
313: .Op Fl extensions Ar section
314: .Op Fl extfile Ar section
315: .Op Fl gencrl
316: .Op Fl in Ar file
317: .Op Fl infiles
1.91 schwarze 318: .Op Fl key Ar password
1.1 jsing 319: .Op Fl keyfile Ar arg
1.91 schwarze 320: .Op Fl keyform Cm pem | der
1.1 jsing 321: .Op Fl md Ar arg
322: .Op Fl msie_hack
1.91 schwarze 323: .Op Fl multivalue\-rdn
1.1 jsing 324: .Op Fl name Ar section
325: .Op Fl noemailDN
326: .Op Fl notext
327: .Op Fl out Ar file
328: .Op Fl outdir Ar dir
329: .Op Fl passin Ar arg
330: .Op Fl policy Ar arg
331: .Op Fl preserveDN
332: .Op Fl revoke Ar file
1.91 schwarze 333: .Op Fl selfsign
1.1 jsing 334: .Op Fl spkac Ar file
335: .Op Fl ss_cert Ar file
336: .Op Fl startdate Ar date
337: .Op Fl status Ar serial
338: .Op Fl subj Ar arg
339: .Op Fl updatedb
1.91 schwarze 340: .Op Fl utf8
1.1 jsing 341: .Op Fl verbose
342: .nr nS 0
343: .Pp
344: The
345: .Nm ca
1.35 jmc 346: command is a minimal certificate authority (CA) application.
1.1 jsing 347: It can be used to sign certificate requests in a variety of forms
1.35 jmc 348: and generate certificate revocation lists (CRLs).
1.1 jsing 349: It also maintains a text database of issued certificates and their status.
350: .Pp
1.35 jmc 351: The options relevant to CAs are as follows:
1.1 jsing 352: .Bl -tag -width "XXXX"
353: .It Fl batch
1.41 jmc 354: Batch mode.
1.1 jsing 355: In this mode no questions will be asked
356: and all certificates will be certified automatically.
357: .It Fl cert Ar file
358: The CA certificate file.
359: .It Fl config Ar file
1.72 jmc 360: Specify an alternative configuration file.
1.91 schwarze 361: .It Fl create_serial
362: If reading the serial from the text file as specified in the
363: configuration fails, create a new random serial to be used as the
364: next serial number.
1.1 jsing 365: .It Fl days Ar arg
366: The number of days to certify the certificate for.
367: .It Fl enddate Ar date
1.41 jmc 368: Set the expiry date.
1.88 jmc 369: The format of the date is [YY]YYMMDDHHMMSSZ,
370: with all four year digits required for dates from 2050 onwards.
1.1 jsing 371: .It Fl extensions Ar section
372: The section of the configuration file containing certificate extensions
373: to be added when a certificate is issued (defaults to
1.35 jmc 374: .Cm x509_extensions
1.1 jsing 375: unless the
376: .Fl extfile
377: option is used).
378: If no extension section is present, a V1 certificate is created.
379: If the extension section is present
380: .Pq even if it is empty ,
381: then a V3 certificate is created.
1.91 schwarze 382: See the
383: .Xr x509v3.cnf 5
384: manual page for details of the extension section format.
1.1 jsing 385: .It Fl extfile Ar file
386: An additional configuration
387: .Ar file
388: to read certificate extensions from
389: (using the default section unless the
390: .Fl extensions
391: option is also used).
392: .It Fl in Ar file
393: An input
394: .Ar file
395: containing a single certificate request to be signed by the CA.
396: .It Fl infiles
397: If present, this should be the last option; all subsequent arguments
398: are assumed to be the names of files containing certificate requests.
1.91 schwarze 399: .It Fl key Ar password
400: The
401: .Fa password
402: used to encrypt the private key.
1.35 jmc 403: Since on some systems the command line arguments are visible,
404: this option should be used with caution.
1.1 jsing 405: .It Fl keyfile Ar file
406: The private key to sign requests with.
1.91 schwarze 407: .It Fl keyform Cm pem | der
1.1 jsing 408: Private key file format.
1.91 schwarze 409: The default is
410: .Cm pem .
1.1 jsing 411: .It Fl md Ar alg
412: The message digest to use.
413: Possible values include
414: .Ar md5
415: and
416: .Ar sha1 .
417: This option also applies to CRLs.
418: .It Fl msie_hack
419: This is a legacy option to make
420: .Nm ca
421: work with very old versions of the IE certificate enrollment control
422: .Qq certenr3 .
423: It used UniversalStrings for almost everything.
424: Since the old control has various security bugs,
425: its use is strongly discouraged.
426: The newer control
427: .Qq Xenroll
428: does not need this option.
1.91 schwarze 429: .It Fl multivalue\-rdn
430: This option causes the
431: .Fl subj
432: argument to be interpreted with full support for multivalued RDNs,
433: for example
434: .Qq "/DC=org/DC=OpenSSL/DC=users/UID=123456+CN=John Doe" .
435: If
436: .Fl multivalue\-rdn
437: is not used, the UID value is set to
438: .Qq "123456+CN=John Doe" .
1.1 jsing 439: .It Fl name Ar section
440: Specifies the configuration file
441: .Ar section
442: to use (overrides
443: .Cm default_ca
444: in the
445: .Cm ca
446: section).
447: .It Fl noemailDN
448: The DN of a certificate can contain the EMAIL field if present in the
1.30 mmcc 449: request DN, however it is good policy just having the email set into
1.1 jsing 450: the
1.35 jmc 451: .Cm altName
1.1 jsing 452: extension of the certificate.
453: When this option is set, the EMAIL field is removed from the certificate's
454: subject and set only in the, eventually present, extensions.
455: The
456: .Ar email_in_dn
457: keyword can be used in the configuration file to enable this behaviour.
458: .It Fl notext
459: Don't output the text form of a certificate to the output file.
460: .It Fl out Ar file
461: The output file to output certificates to.
462: The default is standard output.
1.91 schwarze 463: The certificate details will also be printed out to this file in
464: PEM format, except that
465: .Fl spkac
466: outputs DER format.
1.1 jsing 467: .It Fl outdir Ar directory
468: The
469: .Ar directory
470: to output certificates to.
471: The certificate will be written to a file consisting of the
472: serial number in hex with
473: .Qq .pem
474: appended.
475: .It Fl passin Ar arg
476: The key password source.
477: .It Fl policy Ar arg
1.41 jmc 478: Define the CA
1.1 jsing 479: .Qq policy
480: to use.
1.35 jmc 481: The policy section in the configuration file
482: consists of a set of variables corresponding to certificate DN fields.
483: The values may be one of
484: .Qq match
485: (the value must match the same field in the CA certificate),
486: .Qq supplied
487: (the value must be present), or
488: .Qq optional
489: (the value may be present).
490: Any fields not mentioned in the policy section
491: are silently deleted, unless the
492: .Fl preserveDN
493: option is set,
494: but this can be regarded more of a quirk than intended behaviour.
1.1 jsing 495: .It Fl preserveDN
496: Normally, the DN order of a certificate is the same as the order of the
497: fields in the relevant policy section.
498: When this option is set, the order is the same as the request.
499: This is largely for compatibility with the older IE enrollment control
500: which would only accept certificates if their DNs matched the order of the
501: request.
502: This is not needed for Xenroll.
1.91 schwarze 503: .It Fl selfsign
504: Indicates the issued certificates are to be signed with the key the
505: certificate requests were signed with, given with
506: .Fl keyfile .
507: Certificate requests signed with a different key are ignored.
508: If
509: .Fl gencrl ,
510: .Fl spkac ,
511: or
512: .Fl ss_cert
513: are given,
514: .Fl selfsign
515: is ignored.
516: .Pp
517: A consequence of using
518: .Fl selfsign
519: is that the self-signed certificate appears among the entries in
520: the certificate database (see the configuration option
521: .Cm database )
522: and uses the same serial number counter as all other certificates
523: signed with the self-signed certificate.
1.1 jsing 524: .It Fl spkac Ar file
525: A file containing a single Netscape signed public key and challenge,
526: and additional field values to be signed by the CA.
1.35 jmc 527: This will usually come from the
528: KEYGEN tag in an HTML form to create a new private key.
529: It is, however, possible to create SPKACs using the
530: .Nm spkac
531: utility.
532: .Pp
533: The file should contain the variable SPKAC set to the value of
534: the SPKAC and also the required DN components as name value pairs.
535: If it's necessary to include the same component twice,
536: then it can be preceded by a number and a
537: .Sq \&. .
1.1 jsing 538: .It Fl ss_cert Ar file
539: A single self-signed certificate to be signed by the CA.
540: .It Fl startdate Ar date
1.41 jmc 541: Set the start date.
1.88 jmc 542: The format of the date is [YY]YYMMDDHHMMSSZ,
543: with all four year digits required for dates from 2050 onwards.
1.91 schwarze 544: .It Fl subj Ar arg
545: Supersedes the subject name given in the request.
546: The
547: .Ar arg
548: must be formatted as
549: .Sm off
550: .Pf / Ar type0 Ns = Ar value0 Ns / Ar type 1 Ns = Ar value 1 Ns /
551: .Ar type2 Ns = Ar ... ;
552: .Sm on
553: characters may be escaped by
554: .Sq \e
555: .Pq backslash ,
556: no spaces are skipped.
557: .It Fl utf8
558: Interpret field values read from a terminal or obtained from a
559: configuration file as UTF-8 strings.
560: By default, they are interpreted as ASCII.
1.1 jsing 561: .It Fl verbose
1.41 jmc 562: Print extra details about the operations being performed.
1.1 jsing 563: .El
1.35 jmc 564: .Pp
565: The options relevant to CRLs are as follows:
1.1 jsing 566: .Bl -tag -width "XXXX"
567: .It Fl crl_CA_compromise Ar time
568: This is the same as
569: .Fl crl_compromise ,
570: except the revocation reason is set to CACompromise.
571: .It Fl crl_compromise Ar time
1.41 jmc 572: Set the revocation reason to keyCompromise and the compromise time to
1.1 jsing 573: .Ar time .
574: .Ar time
575: should be in GeneralizedTime format, i.e. YYYYMMDDHHMMSSZ.
576: .It Fl crl_hold Ar instruction
1.41 jmc 577: Set the CRL revocation reason code to certificateHold and the hold
1.1 jsing 578: instruction to
579: .Ar instruction
580: which must be an OID.
581: Although any OID can be used, only holdInstructionNone
582: (the use of which is discouraged by RFC 2459), holdInstructionCallIssuer or
583: holdInstructionReject will normally be used.
584: .It Fl crl_reason Ar reason
585: Revocation reason, where
586: .Ar reason
587: is one of:
588: unspecified, keyCompromise, CACompromise, affiliationChanged, superseded,
589: cessationOfOperation, certificateHold or removeFromCRL.
590: The matching of
591: .Ar reason
592: is case insensitive.
593: Setting any revocation reason will make the CRL v2.
594: In practice, removeFromCRL is not particularly useful because it is only used
595: in delta CRLs which are not currently implemented.
596: .It Fl crldays Ar num
597: The number of days before the next CRL is due.
598: This is the days from now to place in the CRL
1.35 jmc 599: .Cm nextUpdate
1.1 jsing 600: field.
601: .It Fl crlexts Ar section
602: The
603: .Ar section
604: of the configuration file containing CRL extensions to include.
605: If no CRL extension section is present then a V1 CRL is created;
606: if the CRL extension section is present
1.81 jmc 607: (even if it is empty)
1.1 jsing 608: then a V2 CRL is created.
1.81 jmc 609: The CRL extensions specified are CRL extensions and not CRL entry extensions.
610: It should be noted that some software can't handle V2 CRLs.
1.91 schwarze 611: See the
612: .Xr x509v3.cnf 5
613: manual page for details of the extension section format.
1.1 jsing 614: .It Fl crlhours Ar num
615: The number of hours before the next CRL is due.
616: .It Fl gencrl
1.41 jmc 617: Generate a CRL based on information in the index file.
1.1 jsing 618: .It Fl revoke Ar file
619: A
620: .Ar file
621: containing a certificate to revoke.
1.91 schwarze 622: .It Fl status Ar serial
623: Show the status of the certificate with serial number
624: .Ar serial .
625: .It Fl updatedb
626: Update the database index to purge expired certificates.
1.1 jsing 627: .El
628: .Pp
1.35 jmc 629: Many of the options can be set in the
630: .Cm ca
631: section of the configuration file
632: (or in the default section of the configuration file),
633: specified using
634: .Cm default_ca
635: or
636: .Fl name .
637: The options
638: .Cm preserve
639: and
640: .Cm msie_hack
641: are read directly from the
642: .Cm ca
643: section.
1.1 jsing 644: .Pp
645: Many of the configuration file options are identical to command line
646: options.
647: Where the option is present in the configuration file and the command line,
648: the command line value is used.
649: Where an option is described as mandatory, then it must be present in
650: the configuration file or the command line equivalent
651: .Pq if any
652: used.
653: .Bl -tag -width "XXXX"
1.35 jmc 654: .It Cm certificate
1.1 jsing 655: The same as
656: .Fl cert .
657: It gives the file containing the CA certificate.
658: Mandatory.
1.35 jmc 659: .It Cm copy_extensions
1.1 jsing 660: Determines how extensions in certificate requests should be handled.
661: If set to
1.35 jmc 662: .Cm none
1.1 jsing 663: or this option is not present, then extensions are
664: ignored and not copied to the certificate.
665: If set to
1.35 jmc 666: .Cm copy ,
1.1 jsing 667: then any extensions present in the request that are not already present
668: are copied to the certificate.
669: If set to
1.35 jmc 670: .Cm copyall ,
1.1 jsing 671: then all extensions in the request are copied to the certificate:
672: if the extension is already present in the certificate it is deleted first.
1.35 jmc 673: .Pp
674: The
675: .Cm copy_extensions
676: option should be used with caution.
677: If care is not taken, it can be a security risk.
678: For example, if a certificate request contains a
679: .Cm basicConstraints
680: extension with CA:TRUE and the
681: .Cm copy_extensions
682: value is set to
683: .Cm copyall
684: and the user does not spot
1.91 schwarze 685: this when the certificate is displayed, then this will hand the requester
1.35 jmc 686: a valid CA certificate.
687: .Pp
688: This situation can be avoided by setting
689: .Cm copy_extensions
690: to
691: .Cm copy
692: and including
693: .Cm basicConstraints
694: with CA:FALSE in the configuration file.
695: Then if the request contains a
696: .Cm basicConstraints
697: extension, it will be ignored.
1.1 jsing 698: .Pp
699: The main use of this option is to allow a certificate request to supply
700: values for certain extensions such as
1.35 jmc 701: .Cm subjectAltName .
702: .It Cm crl_extensions
1.1 jsing 703: The same as
704: .Fl crlexts .
1.35 jmc 705: .It Cm crlnumber
1.1 jsing 706: A text file containing the next CRL number to use in hex.
707: The CRL number will be inserted in the CRLs only if this file exists.
708: If this file is present, it must contain a valid CRL number.
1.35 jmc 709: .It Cm database
1.1 jsing 710: The text database file to use.
711: Mandatory.
712: This file must be present, though initially it will be empty.
1.35 jmc 713: .It Cm default_crl_hours , default_crl_days
1.1 jsing 714: The same as the
715: .Fl crlhours
716: and
717: .Fl crldays
718: options.
719: These will only be used if neither command line option is present.
720: At least one of these must be present to generate a CRL.
1.35 jmc 721: .It Cm default_days
1.1 jsing 722: The same as the
723: .Fl days
724: option.
725: The number of days to certify a certificate for.
1.35 jmc 726: .It Cm default_enddate
1.1 jsing 727: The same as the
728: .Fl enddate
729: option.
730: Either this option or
1.35 jmc 731: .Cm default_days
1.1 jsing 732: .Pq or the command line equivalents
733: must be present.
1.35 jmc 734: .It Cm default_md
1.1 jsing 735: The same as the
736: .Fl md
737: option.
738: The message digest to use.
739: Mandatory.
1.35 jmc 740: .It Cm default_startdate
1.1 jsing 741: The same as the
742: .Fl startdate
743: option.
744: The start date to certify a certificate for.
745: If not set, the current time is used.
1.35 jmc 746: .It Cm email_in_dn
1.1 jsing 747: The same as
748: .Fl noemailDN .
749: If the EMAIL field is to be removed from the DN of the certificate,
750: simply set this to
751: .Qq no .
752: If not present, the default is to allow for the EMAIL field in the
753: certificate's DN.
1.35 jmc 754: .It Cm msie_hack
1.1 jsing 755: The same as
756: .Fl msie_hack .
1.35 jmc 757: .It Cm name_opt , cert_opt
1.1 jsing 758: These options allow the format used to display the certificate details
759: when asking the user to confirm signing.
760: All the options supported by the
761: .Nm x509
762: utilities'
763: .Fl nameopt
764: and
765: .Fl certopt
766: switches can be used here, except that
1.35 jmc 767: .Cm no_signame
1.1 jsing 768: and
1.35 jmc 769: .Cm no_sigdump
1.1 jsing 770: are permanently set and cannot be disabled
771: (this is because the certificate signature cannot be displayed because
772: the certificate has not been signed at this point).
773: .Pp
774: For convenience, the value
1.35 jmc 775: .Cm ca_default
1.1 jsing 776: is accepted by both to produce a reasonable output.
777: .Pp
778: If neither option is present, the format used in earlier versions of
1.35 jmc 779: .Nm openssl
1.1 jsing 780: is used.
1.81 jmc 781: Use of the old format is strongly discouraged
782: because it only displays fields mentioned in the
1.35 jmc 783: .Cm policy
1.1 jsing 784: section,
785: mishandles multicharacter string types and does not display extensions.
1.35 jmc 786: .It Cm new_certs_dir
1.1 jsing 787: The same as the
788: .Fl outdir
789: command line option.
790: It specifies the directory where new certificates will be placed.
791: Mandatory.
1.35 jmc 792: .It Cm oid_file
1.1 jsing 793: This specifies a file containing additional object identifiers.
794: Each line of the file should consist of the numerical form of the
795: object identifier followed by whitespace, then the short name followed
796: by whitespace and finally the long name.
1.35 jmc 797: .It Cm oid_section
1.1 jsing 798: This specifies a section in the configuration file containing extra
799: object identifiers.
800: Each line should consist of the short name of the object identifier
801: followed by
802: .Sq =
803: and the numerical form.
804: The short and long names are the same when this option is used.
1.35 jmc 805: .It Cm policy
1.1 jsing 806: The same as
807: .Fl policy .
808: Mandatory.
1.35 jmc 809: .It Cm preserve
1.1 jsing 810: The same as
811: .Fl preserveDN .
1.35 jmc 812: .It Cm private_key
1.1 jsing 813: Same as the
814: .Fl keyfile
815: option.
816: The file containing the CA private key.
817: Mandatory.
1.35 jmc 818: .It Cm serial
1.1 jsing 819: A text file containing the next serial number to use in hex.
820: Mandatory.
821: This file must be present and contain a valid serial number.
1.35 jmc 822: .It Cm unique_subject
1.1 jsing 823: If the value
1.35 jmc 824: .Cm yes
1.1 jsing 825: is given, the valid certificate entries in the
826: database must have unique subjects.
827: If the value
1.35 jmc 828: .Cm no
1.1 jsing 829: is given,
830: several valid certificate entries may have the exact same subject.
831: The default value is
1.35 jmc 832: .Cm yes .
833: .It Cm x509_extensions
1.1 jsing 834: The same as
835: .Fl extensions .
836: .El
837: .Sh CIPHERS
838: .Nm openssl ciphers
839: .Op Fl hVv
1.93 schwarze 840: .Op Ar control
1.1 jsing 841: .Pp
842: The
843: .Nm ciphers
1.93 schwarze 844: command converts the
845: .Ar control
846: string from the format documented in
847: .Xr SSL_CTX_set_cipher_list 3
848: into an ordered SSL cipher suite preference list.
849: If no
850: .Ar control
851: string is specified, the
852: .Cm DEFAULT
853: list is printed.
1.1 jsing 854: .Pp
855: The options are as follows:
856: .Bl -tag -width Ds
857: .It Fl h , \&?
858: Print a brief usage message.
859: .It Fl V
1.36 jmc 860: Verbose.
1.92 schwarze 861: List ciphers with cipher suite code in hex format,
862: cipher name, and a complete description of protocol version,
863: key exchange, authentication, encryption, and mac algorithms.
1.36 jmc 864: .It Fl v
1.1 jsing 865: Like
1.36 jmc 866: .Fl V ,
867: but without cipher suite codes.
1.1 jsing 868: .El
869: .Sh CRL
870: .nr nS 1
871: .Nm "openssl crl"
872: .Op Fl CAfile Ar file
873: .Op Fl CApath Ar dir
874: .Op Fl fingerprint
875: .Op Fl hash
876: .Op Fl in Ar file
1.38 jmc 877: .Op Fl inform Cm der | pem
1.1 jsing 878: .Op Fl issuer
879: .Op Fl lastupdate
880: .Op Fl nextupdate
881: .Op Fl noout
882: .Op Fl out Ar file
1.38 jmc 883: .Op Fl outform Cm der | pem
1.1 jsing 884: .Op Fl text
885: .nr nS 0
886: .Pp
887: The
888: .Nm crl
889: command processes CRL files in DER or PEM format.
1.37 jmc 890: .Pp
1.1 jsing 891: The options are as follows:
892: .Bl -tag -width Ds
893: .It Fl CAfile Ar file
894: Verify the signature on a CRL by looking up the issuing certificate in
895: .Ar file .
896: .It Fl CApath Ar directory
897: Verify the signature on a CRL by looking up the issuing certificate in
898: .Ar dir .
899: This directory must be a standard certificate directory,
900: i.e. a hash of each subject name (using
901: .Cm x509 Fl hash )
902: should be linked to each certificate.
903: .It Fl fingerprint
904: Print the CRL fingerprint.
905: .It Fl hash
906: Output a hash of the issuer name.
907: This can be used to look up CRLs in a directory by issuer name.
908: .It Fl in Ar file
1.37 jmc 909: The input file to read from, or standard input if not specified.
1.38 jmc 910: .It Fl inform Cm der | pem
1.37 jmc 911: The input format.
1.1 jsing 912: .It Fl issuer
913: Output the issuer name.
914: .It Fl lastupdate
915: Output the
1.37 jmc 916: .Cm lastUpdate
1.1 jsing 917: field.
918: .It Fl nextupdate
919: Output the
1.37 jmc 920: .Cm nextUpdate
1.1 jsing 921: field.
922: .It Fl noout
1.46 jmc 923: Do not output the encoded version of the CRL.
1.1 jsing 924: .It Fl out Ar file
1.37 jmc 925: The output file to write to, or standard output if not specified.
1.38 jmc 926: .It Fl outform Cm der | pem
1.37 jmc 927: The output format.
1.1 jsing 928: .It Fl text
1.64 jmc 929: Print the CRL in plain text.
1.1 jsing 930: .El
931: .Sh CRL2PKCS7
932: .nr nS 1
933: .Nm "openssl crl2pkcs7"
934: .Op Fl certfile Ar file
935: .Op Fl in Ar file
1.40 jmc 936: .Op Fl inform Cm der | pem
1.1 jsing 937: .Op Fl nocrl
938: .Op Fl out Ar file
1.40 jmc 939: .Op Fl outform Cm der | pem
1.1 jsing 940: .nr nS 0
941: .Pp
942: The
943: .Nm crl2pkcs7
944: command takes an optional CRL and one or more
945: certificates and converts them into a PKCS#7 degenerate
946: .Qq certificates only
947: structure.
948: .Pp
949: The options are as follows:
950: .Bl -tag -width Ds
951: .It Fl certfile Ar file
1.40 jmc 952: Add the certificates in PEM
1.1 jsing 953: .Ar file
1.40 jmc 954: to the PKCS#7 structure.
955: This option can be used more than once
956: to read certificates from multiple files.
1.1 jsing 957: .It Fl in Ar file
1.40 jmc 958: Read the CRL from
959: .Ar file ,
960: or standard input if not specified.
961: .It Fl inform Cm der | pem
1.64 jmc 962: The input format.
1.1 jsing 963: .It Fl nocrl
964: Normally, a CRL is included in the output file.
965: With this option, no CRL is
966: included in the output file and a CRL is not read from the input file.
967: .It Fl out Ar file
1.40 jmc 968: Write the PKCS#7 structure to
969: .Ar file ,
970: or standard output if not specified.
971: .It Fl outform Cm der | pem
1.64 jmc 972: The output format.
1.1 jsing 973: .El
974: .Sh DGST
975: .nr nS 1
976: .Nm "openssl dgst"
1.43 jmc 977: .Op Fl cd
1.1 jsing 978: .Op Fl binary
1.43 jmc 979: .Op Fl Ar digest
1.1 jsing 980: .Op Fl hex
981: .Op Fl hmac Ar key
1.43 jmc 982: .Op Fl keyform Cm pem
1.1 jsing 983: .Op Fl mac Ar algorithm
984: .Op Fl macopt Ar nm : Ns Ar v
985: .Op Fl out Ar file
986: .Op Fl passin Ar arg
987: .Op Fl prverify Ar file
988: .Op Fl sign Ar file
989: .Op Fl signature Ar file
990: .Op Fl sigopt Ar nm : Ns Ar v
991: .Op Fl verify Ar file
992: .Op Ar
993: .nr nS 0
994: .Pp
995: The digest functions output the message digest of a supplied
996: .Ar file
997: or
998: .Ar files
999: in hexadecimal form.
1000: They can also be used for digital signing and verification.
1001: .Pp
1002: The options are as follows:
1003: .Bl -tag -width Ds
1004: .It Fl binary
1005: Output the digest or signature in binary form.
1006: .It Fl c
1.48 jmc 1007: Print the digest in two-digit groups separated by colons.
1.1 jsing 1008: .It Fl d
1.48 jmc 1009: Print BIO debugging information.
1.43 jmc 1010: .It Fl Ar digest
1011: Use the specified message
1012: .Ar digest .
1.98 naddy 1013: The default is SHA256.
1.43 jmc 1014: The available digests can be displayed using
1015: .Nm openssl
1016: .Cm list-message-digest-commands .
1017: The following are equivalent:
1018: .Nm openssl dgst
1.98 naddy 1019: .Fl sha256
1.43 jmc 1020: and
1021: .Nm openssl
1.98 naddy 1022: .Cm sha256 .
1.1 jsing 1023: .It Fl hex
1024: Digest is to be output as a hex dump.
1025: This is the default case for a
1026: .Qq normal
1027: digest as opposed to a digital signature.
1028: .It Fl hmac Ar key
1029: Create a hashed MAC using
1030: .Ar key .
1.43 jmc 1031: .It Fl keyform Cm pem
1.1 jsing 1032: Specifies the key format to sign the digest with.
1033: .It Fl mac Ar algorithm
1034: Create a keyed Message Authentication Code (MAC).
1035: The most popular MAC algorithm is HMAC (hash-based MAC),
1036: but there are other MAC algorithms which are not based on hash.
1037: MAC keys and other options should be set via the
1038: .Fl macopt
1039: parameter.
1040: .It Fl macopt Ar nm : Ns Ar v
1041: Passes options to the MAC algorithm, specified by
1042: .Fl mac .
1043: The following options are supported by HMAC:
1044: .Bl -tag -width Ds
1.43 jmc 1045: .It Cm key : Ns Ar string
1.1 jsing 1046: Specifies the MAC key as an alphanumeric string
1047: (use if the key contain printable characters only).
1048: String length must conform to any restrictions of the MAC algorithm.
1.43 jmc 1049: .It Cm hexkey : Ns Ar string
1.1 jsing 1050: Specifies the MAC key in hexadecimal form (two hex digits per byte).
1051: Key length must conform to any restrictions of the MAC algorithm.
1052: .El
1053: .It Fl out Ar file
1.43 jmc 1054: The output file to write to,
1055: or standard output if not specified.
1.1 jsing 1056: .It Fl passin Ar arg
1057: The key password source.
1058: .It Fl prverify Ar file
1059: Verify the signature using the private key in
1060: .Ar file .
1061: The output is either
1062: .Qq Verification OK
1063: or
1064: .Qq Verification Failure .
1065: .It Fl sign Ar file
1066: Digitally sign the digest using the private key in
1067: .Ar file .
1068: .It Fl signature Ar file
1069: The actual signature to verify.
1070: .It Fl sigopt Ar nm : Ns Ar v
1071: Pass options to the signature algorithm during sign or verify operations.
1072: The names and values of these options are algorithm-specific.
1073: .It Fl verify Ar file
1074: Verify the signature using the public key in
1075: .Ar file .
1076: The output is either
1077: .Qq Verification OK
1078: or
1079: .Qq Verification Failure .
1080: .It Ar
1081: File or files to digest.
1082: If no files are specified then standard input is used.
1083: .El
1084: .Sh DHPARAM
1085: .nr nS 1
1086: .Nm "openssl dhparam"
1087: .Op Fl 2 | 5
1088: .Op Fl C
1089: .Op Fl check
1090: .Op Fl dsaparam
1091: .Op Fl in Ar file
1.44 jmc 1092: .Op Fl inform Cm der | pem
1.1 jsing 1093: .Op Fl noout
1094: .Op Fl out Ar file
1.44 jmc 1095: .Op Fl outform Cm der | pem
1.1 jsing 1096: .Op Fl text
1097: .Op Ar numbits
1098: .nr nS 0
1099: .Pp
1100: The
1101: .Nm dhparam
1102: command is used to manipulate DH parameter files.
1.44 jmc 1103: Only the older PKCS#3 DH is supported,
1104: not the newer X9.42 DH.
1.1 jsing 1105: .Pp
1106: The options are as follows:
1107: .Bl -tag -width Ds
1108: .It Fl 2 , 5
1.44 jmc 1109: The generator to use;
1.1 jsing 1110: 2 is the default.
1111: If present, the input file is ignored and parameters are generated instead.
1112: .It Fl C
1.44 jmc 1113: Convert the parameters into C code.
1.1 jsing 1114: The parameters can then be loaded by calling the
1.44 jmc 1115: .No get_dh Ns Ar numbits
1.1 jsing 1116: function.
1117: .It Fl check
1118: Check the DH parameters.
1119: .It Fl dsaparam
1.44 jmc 1120: Read or create DSA parameters,
1121: converted to DH format on output.
1.1 jsing 1122: Otherwise,
1123: .Qq strong
1124: primes
1125: .Pq such that (p-1)/2 is also prime
1126: will be used for DH parameter generation.
1127: .Pp
1128: DH parameter generation with the
1129: .Fl dsaparam
1130: option is much faster,
1131: and the recommended exponent length is shorter,
1132: which makes DH key exchange more efficient.
1133: Beware that with such DSA-style DH parameters,
1134: a fresh DH key should be created for each use to
1135: avoid small-subgroup attacks that may be possible otherwise.
1136: .It Fl in Ar file
1.44 jmc 1137: The input file to read from,
1138: or standard input if not specified.
1139: .It Fl inform Cm der | pem
1140: The input format.
1.1 jsing 1141: .It Fl noout
1.46 jmc 1142: Do not output the encoded version of the parameters.
1.44 jmc 1143: .It Fl out Ar file
1144: The output file to write to,
1145: or standard output if not specified.
1146: .It Fl outform Cm der | pem
1147: The output format.
1148: .It Fl text
1.64 jmc 1149: Print the DH parameters in plain text.
1.1 jsing 1150: .It Ar numbits
1.44 jmc 1151: Generate a parameter set of size
1.1 jsing 1152: .Ar numbits .
1153: It must be the last option.
1.16 sthen 1154: If not present, a value of 2048 is used.
1.1 jsing 1155: If this value is present, the input file is ignored and
1156: parameters are generated instead.
1157: .El
1158: .Sh DSA
1159: .nr nS 1
1160: .Nm "openssl dsa"
1161: .Oo
1162: .Fl aes128 | aes192 | aes256 |
1163: .Fl des | des3
1164: .Oc
1165: .Op Fl in Ar file
1.45 jmc 1166: .Op Fl inform Cm der | pem
1.1 jsing 1167: .Op Fl modulus
1168: .Op Fl noout
1169: .Op Fl out Ar file
1.45 jmc 1170: .Op Fl outform Cm der | pem
1.1 jsing 1171: .Op Fl passin Ar arg
1172: .Op Fl passout Ar arg
1173: .Op Fl pubin
1174: .Op Fl pubout
1175: .Op Fl text
1176: .nr nS 0
1177: .Pp
1178: The
1179: .Nm dsa
1180: command processes DSA keys.
1181: They can be converted between various forms and their components printed out.
1182: .Pp
1183: .Sy Note :
1184: This command uses the traditional
1185: .Nm SSLeay
1186: compatible format for private key encryption:
1187: newer applications should use the more secure PKCS#8 format using the
1188: .Nm pkcs8
1189: command.
1190: .Pp
1191: The options are as follows:
1192: .Bl -tag -width Ds
1193: .It Xo
1194: .Fl aes128 | aes192 | aes256 |
1195: .Fl des | des3
1196: .Xc
1.45 jmc 1197: Encrypt the private key with the AES, DES, or the triple DES
1.1 jsing 1198: ciphers, respectively, before outputting it.
1199: A pass phrase is prompted for.
1.45 jmc 1200: If none of these options are specified, the key is written in plain text.
1.1 jsing 1201: This means that using the
1202: .Nm dsa
1.45 jmc 1203: utility to read an encrypted key with no encryption option can be used to
1.1 jsing 1204: remove the pass phrase from a key,
1.45 jmc 1205: or by setting the encryption options it can be used to add or change
1.1 jsing 1206: the pass phrase.
1207: These options can only be used with PEM format output files.
1208: .It Fl in Ar file
1.45 jmc 1209: The input file to read from,
1210: or standard input if not specified.
1.1 jsing 1211: If the key is encrypted, a pass phrase will be prompted for.
1.45 jmc 1212: .It Fl inform Cm der | pem
1213: The input format.
1.1 jsing 1214: .It Fl modulus
1.45 jmc 1215: Print the value of the public key component of the key.
1.1 jsing 1216: .It Fl noout
1.46 jmc 1217: Do not output the encoded version of the key.
1.1 jsing 1218: .It Fl out Ar file
1.45 jmc 1219: The output file to write to,
1220: or standard output if not specified.
1.1 jsing 1221: If any encryption options are set then a pass phrase will be
1222: prompted for.
1.45 jmc 1223: .It Fl outform Cm der | pem
1224: The output format.
1.1 jsing 1225: .It Fl passin Ar arg
1226: The key password source.
1227: .It Fl passout Ar arg
1228: The output file password source.
1229: .It Fl pubin
1.60 jmc 1230: Read in a public key, not a private key.
1.1 jsing 1231: .It Fl pubout
1.60 jmc 1232: Output a public key, not a private key.
1233: Automatically set if the input is a public key.
1.1 jsing 1234: .It Fl text
1.64 jmc 1235: Print the public/private key in plain text.
1.1 jsing 1236: .El
1237: .Sh DSAPARAM
1238: .nr nS 1
1239: .Nm "openssl dsaparam"
1240: .Op Fl C
1241: .Op Fl genkey
1242: .Op Fl in Ar file
1.46 jmc 1243: .Op Fl inform Cm der | pem
1.1 jsing 1244: .Op Fl noout
1245: .Op Fl out Ar file
1.46 jmc 1246: .Op Fl outform Cm der | pem
1.1 jsing 1247: .Op Fl text
1248: .Op Ar numbits
1249: .nr nS 0
1250: .Pp
1251: The
1252: .Nm dsaparam
1253: command is used to manipulate or generate DSA parameter files.
1254: .Pp
1255: The options are as follows:
1256: .Bl -tag -width Ds
1257: .It Fl C
1.46 jmc 1258: Convert the parameters into C code.
1.1 jsing 1259: The parameters can then be loaded by calling the
1.46 jmc 1260: .No get_dsa Ns Ar XXX
1.1 jsing 1261: function.
1262: .It Fl genkey
1.46 jmc 1263: Generate a DSA key either using the specified or generated
1.1 jsing 1264: parameters.
1265: .It Fl in Ar file
1.46 jmc 1266: The input file to read from,
1267: or standard input if not specified.
1.1 jsing 1268: If the
1269: .Ar numbits
1.46 jmc 1270: parameter is included, then this option is ignored.
1271: .It Fl inform Cm der | pem
1272: The input format.
1.1 jsing 1273: .It Fl noout
1.46 jmc 1274: Do not output the encoded version of the parameters.
1275: .It Fl out Ar file
1276: The output file to write to,
1277: or standard output if not specified.
1278: .It Fl outform Cm der | pem
1279: The output format.
1280: .It Fl text
1.64 jmc 1281: Print the DSA parameters in plain text.
1.1 jsing 1282: .It Ar numbits
1.46 jmc 1283: Generate a parameter set of size
1.1 jsing 1284: .Ar numbits .
1.46 jmc 1285: If this option is included, the input file is ignored.
1.1 jsing 1286: .El
1287: .Sh EC
1288: .nr nS 1
1289: .Nm "openssl ec"
1290: .Op Fl conv_form Ar arg
1291: .Op Fl des
1292: .Op Fl des3
1293: .Op Fl in Ar file
1.47 jmc 1294: .Op Fl inform Cm der | pem
1.1 jsing 1295: .Op Fl noout
1296: .Op Fl out Ar file
1.47 jmc 1297: .Op Fl outform Cm der | pem
1.1 jsing 1298: .Op Fl param_enc Ar arg
1299: .Op Fl param_out
1300: .Op Fl passin Ar arg
1301: .Op Fl passout Ar arg
1302: .Op Fl pubin
1303: .Op Fl pubout
1304: .Op Fl text
1305: .nr nS 0
1306: .Pp
1307: The
1308: .Nm ec
1309: command processes EC keys.
1310: They can be converted between various
1311: forms and their components printed out.
1.47 jmc 1312: .Nm openssl
1.1 jsing 1313: uses the private key format specified in
1314: .Dq SEC 1: Elliptic Curve Cryptography
1315: .Pq Lk http://www.secg.org/ .
1316: To convert an
1317: EC private key into the PKCS#8 private key format use the
1318: .Nm pkcs8
1319: command.
1320: .Pp
1321: The options are as follows:
1322: .Bl -tag -width Ds
1323: .It Fl conv_form Ar arg
1.47 jmc 1324: Specify how the points on the elliptic curve are converted
1.1 jsing 1325: into octet strings.
1326: Possible values are:
1.95 tb 1327: .Cm compressed ,
1328: .Cm uncompressed
1.47 jmc 1329: (the default),
1.1 jsing 1330: and
1331: .Cm hybrid .
1332: For more information regarding
1.47 jmc 1333: the point conversion forms see the X9.62 standard.
1.1 jsing 1334: Note:
1335: Due to patent issues the
1336: .Cm compressed
1337: option is disabled by default for binary curves
1338: and can be enabled by defining the preprocessor macro
1.47 jmc 1339: .Dv OPENSSL_EC_BIN_PT_COMP
1.1 jsing 1340: at compile time.
1341: .It Fl des | des3
1.47 jmc 1342: Encrypt the private key with DES, triple DES, or
1.1 jsing 1343: any other cipher supported by
1.47 jmc 1344: .Nm openssl .
1.1 jsing 1345: A pass phrase is prompted for.
1346: If none of these options is specified the key is written in plain text.
1347: This means that using the
1348: .Nm ec
1349: utility to read in an encrypted key with no
1350: encryption option can be used to remove the pass phrase from a key,
1351: or by setting the encryption options
1.83 naddy 1352: it can be used to add or change the pass phrase.
1.1 jsing 1353: These options can only be used with PEM format output files.
1354: .It Fl in Ar file
1.47 jmc 1355: The input file to read a key from,
1356: or standard input if not specified.
1.1 jsing 1357: If the key is encrypted a pass phrase will be prompted for.
1.47 jmc 1358: .It Fl inform Cm der | pem
1359: The input format.
1.1 jsing 1360: .It Fl noout
1.47 jmc 1361: Do not output the encoded version of the key.
1.1 jsing 1362: .It Fl out Ar file
1.47 jmc 1363: The output filename to write to,
1364: or standard output if not specified.
1.1 jsing 1365: If any encryption options are set then a pass phrase will be prompted for.
1.47 jmc 1366: .It Fl outform Cm der | pem
1367: The output format.
1.1 jsing 1368: .It Fl param_enc Ar arg
1.47 jmc 1369: Specify how the elliptic curve parameters are encoded.
1.1 jsing 1370: Possible value are:
1371: .Cm named_curve ,
1372: i.e. the EC parameters are specified by an OID; or
1373: .Cm explicit ,
1374: where the EC parameters are explicitly given
1375: (see RFC 3279 for the definition of the EC parameter structures).
1376: The default value is
1377: .Cm named_curve .
1378: Note: the
1379: .Cm implicitlyCA
1380: alternative,
1381: as specified in RFC 3279,
1.47 jmc 1382: is currently not implemented.
1.1 jsing 1383: .It Fl passin Ar arg
1384: The key password source.
1385: .It Fl passout Ar arg
1386: The output file password source.
1387: .It Fl pubin
1.60 jmc 1388: Read in a public key, not a private key.
1.1 jsing 1389: .It Fl pubout
1.60 jmc 1390: Output a public key, not a private key.
1391: Automatically set if the input is a public key.
1.1 jsing 1392: .It Fl text
1.64 jmc 1393: Print the public/private key in plain text.
1.1 jsing 1394: .El
1395: .Sh ECPARAM
1396: .nr nS 1
1397: .Nm "openssl ecparam"
1398: .Op Fl C
1399: .Op Fl check
1400: .Op Fl conv_form Ar arg
1401: .Op Fl genkey
1402: .Op Fl in Ar file
1.48 jmc 1403: .Op Fl inform Cm der | pem
1.1 jsing 1404: .Op Fl list_curves
1405: .Op Fl name Ar arg
1406: .Op Fl no_seed
1407: .Op Fl noout
1408: .Op Fl out Ar file
1.48 jmc 1409: .Op Fl outform Cm der | pem
1.1 jsing 1410: .Op Fl param_enc Ar arg
1411: .Op Fl text
1412: .nr nS 0
1413: .Pp
1.48 jmc 1414: The
1415: .Nm ecparam
1416: command is used to manipulate or generate EC parameter files.
1417: .Nm openssl
1418: is not able to generate new groups so
1419: .Nm ecparam
1420: can only create EC parameters from known (named) curves.
1421: .Pp
1.1 jsing 1422: The options are as follows:
1423: .Bl -tag -width Ds
1424: .It Fl C
1425: Convert the EC parameters into C code.
1426: The parameters can then be loaded by calling the
1.48 jmc 1427: .No get_ec_group_ Ns Ar XXX
1.1 jsing 1428: function.
1429: .It Fl check
1430: Validate the elliptic curve parameters.
1431: .It Fl conv_form Ar arg
1432: Specify how the points on the elliptic curve are converted
1433: into octet strings.
1434: Possible values are:
1.95 tb 1435: .Cm compressed ,
1436: .Cm uncompressed
1.48 jmc 1437: (the default),
1.1 jsing 1438: and
1439: .Cm hybrid .
1440: For more information regarding
1.48 jmc 1441: the point conversion forms see the X9.62 standard.
1.1 jsing 1442: Note:
1443: Due to patent issues the
1444: .Cm compressed
1445: option is disabled by default for binary curves
1446: and can be enabled by defining the preprocessor macro
1.48 jmc 1447: .Dv OPENSSL_EC_BIN_PT_COMP
1.1 jsing 1448: at compile time.
1449: .It Fl genkey
1450: Generate an EC private key using the specified parameters.
1451: .It Fl in Ar file
1.48 jmc 1452: The input file to read from,
1453: or standard input if not specified.
1454: .It Fl inform Cm der | pem
1455: The input format.
1.1 jsing 1456: .It Fl list_curves
1.48 jmc 1457: Print a list of all
1.1 jsing 1458: currently implemented EC parameter names and exit.
1459: .It Fl name Ar arg
1.48 jmc 1460: Use the EC parameters with the specified "short" name.
1.1 jsing 1461: .It Fl no_seed
1.48 jmc 1462: Do not include the seed for the parameter generation
1463: in the ECParameters structure (see RFC 3279).
1.1 jsing 1464: .It Fl noout
1.48 jmc 1465: Do not output the encoded version of the parameters.
1.1 jsing 1466: .It Fl out Ar file
1.48 jmc 1467: The output file to write to,
1468: or standard output if not specified.
1469: .It Fl outform Cm der | pem
1470: The output format.
1.1 jsing 1471: .It Fl param_enc Ar arg
1.48 jmc 1472: Specify how the elliptic curve parameters are encoded.
1.1 jsing 1473: Possible value are:
1474: .Cm named_curve ,
1475: i.e. the EC parameters are specified by an OID, or
1476: .Cm explicit ,
1477: where the EC parameters are explicitly given
1478: (see RFC 3279 for the definition of the EC parameter structures).
1479: The default value is
1480: .Cm named_curve .
1481: Note: the
1482: .Cm implicitlyCA
1483: alternative, as specified in RFC 3279,
1.48 jmc 1484: is currently not implemented.
1.1 jsing 1485: .It Fl text
1.64 jmc 1486: Print the EC parameters in plain text.
1.1 jsing 1487: .El
1488: .Sh ENC
1489: .nr nS 1
1490: .Nm "openssl enc"
1491: .Fl ciphername
1492: .Op Fl AadePp
1493: .Op Fl base64
1494: .Op Fl bufsize Ar number
1495: .Op Fl debug
1496: .Op Fl in Ar file
1.97 jmc 1497: .Op Fl iter Ar iterations
1.1 jsing 1498: .Op Fl iv Ar IV
1499: .Op Fl K Ar key
1500: .Op Fl k Ar password
1501: .Op Fl kfile Ar file
1502: .Op Fl md Ar digest
1503: .Op Fl none
1504: .Op Fl nopad
1505: .Op Fl nosalt
1506: .Op Fl out Ar file
1507: .Op Fl pass Ar arg
1.96 beck 1508: .Op Fl pbkdf2
1.1 jsing 1509: .Op Fl S Ar salt
1510: .Op Fl salt
1511: .nr nS 0
1512: .Pp
1513: The symmetric cipher commands allow data to be encrypted or decrypted
1514: using various block and stream ciphers using keys based on passwords
1515: or explicitly provided.
1516: Base64 encoding or decoding can also be performed either by itself
1517: or in addition to the encryption or decryption.
1.49 jmc 1518: The program can be called either as
1519: .Nm openssl Ar ciphername
1520: or
1521: .Nm openssl enc - Ns Ar ciphername .
1522: .Pp
1523: Some of the ciphers do not have large keys and others have security
1524: implications if not used correctly.
1525: All the block ciphers normally use PKCS#5 padding,
1526: also known as standard block padding.
1527: If padding is disabled, the input data must be a multiple of the cipher
1528: block length.
1.1 jsing 1529: .Pp
1530: The options are as follows:
1531: .Bl -tag -width Ds
1532: .It Fl A
1533: If the
1534: .Fl a
1535: option is set, then base64 process the data on one line.
1536: .It Fl a , base64
1537: Base64 process the data.
1538: This means that if encryption is taking place, the data is base64-encoded
1539: after encryption.
1.49 jmc 1540: If decryption is set, the input data is base64-decoded before
1.1 jsing 1541: being decrypted.
1542: .It Fl bufsize Ar number
1543: Set the buffer size for I/O.
1544: .It Fl d
1545: Decrypt the input data.
1546: .It Fl debug
1547: Debug the BIOs used for I/O.
1548: .It Fl e
1.49 jmc 1549: Encrypt the input data.
1550: This is the default.
1.1 jsing 1551: .It Fl in Ar file
1.49 jmc 1552: The input file to read from,
1.57 jmc 1553: or standard input if not specified.
1.97 jmc 1554: .It Fl iter Ar iterations
1555: Use the pbkdf2 key derivation function, with
1556: .Ar iterations
1557: as the number of iterations.
1.1 jsing 1558: .It Fl iv Ar IV
1559: The actual
1560: .Ar IV
1561: .Pq initialisation vector
1562: to use:
1563: this must be represented as a string comprised only of hex digits.
1564: When only the
1565: .Ar key
1566: is specified using the
1567: .Fl K
1.49 jmc 1568: option,
1569: the IV must explicitly be defined.
1.1 jsing 1570: When a password is being specified using one of the other options,
1.49 jmc 1571: the IV is generated from this password.
1.1 jsing 1572: .It Fl K Ar key
1573: The actual
1574: .Ar key
1575: to use:
1576: this must be represented as a string comprised only of hex digits.
1.49 jmc 1577: If only the key is specified,
1578: the IV must also be specified using the
1.1 jsing 1579: .Fl iv
1580: option.
1581: When both a
1582: .Ar key
1583: and a
1584: .Ar password
1585: are specified, the
1586: .Ar key
1587: given with the
1588: .Fl K
1.49 jmc 1589: option will be used and the IV generated from the password will be taken.
1.1 jsing 1590: It probably does not make much sense to specify both
1591: .Ar key
1592: and
1593: .Ar password .
1594: .It Fl k Ar password
1595: The
1596: .Ar password
1597: to derive the key from.
1598: Superseded by the
1599: .Fl pass
1600: option.
1601: .It Fl kfile Ar file
1602: Read the password to derive the key from the first line of
1603: .Ar file .
1604: Superseded by the
1605: .Fl pass
1606: option.
1607: .It Fl md Ar digest
1608: Use
1609: .Ar digest
1610: to create a key from a pass phrase.
1611: .Ar digest
1612: may be one of
1.49 jmc 1613: .Cm md5
1.1 jsing 1614: or
1.49 jmc 1615: .Cm sha1 .
1.1 jsing 1616: .It Fl none
1617: Use NULL cipher (no encryption or decryption of input).
1618: .It Fl nopad
1619: Disable standard block padding.
1620: .It Fl nosalt
1.49 jmc 1621: Don't use a salt in the key derivation routines.
1.81 jmc 1622: This option should never be used
1.49 jmc 1623: since it makes it possible to perform efficient dictionary
1624: attacks on the password and to attack stream cipher encrypted data.
1.1 jsing 1625: .It Fl out Ar file
1.51 jmc 1626: The output file to write to,
1.57 jmc 1627: or standard output if not specified.
1.1 jsing 1628: .It Fl P
1.49 jmc 1629: Print out the salt, key, and IV used, then immediately exit;
1.1 jsing 1630: don't do any encryption or decryption.
1631: .It Fl p
1.49 jmc 1632: Print out the salt, key, and IV used.
1.1 jsing 1633: .It Fl pass Ar arg
1634: The password source.
1.96 beck 1635: .It Fl pbkdf2
1.97 jmc 1636: Use the pbkdf2 key derivation function, with
1.96 beck 1637: the default of 10000 iterations.
1.1 jsing 1638: .It Fl S Ar salt
1639: The actual
1640: .Ar salt
1641: to use:
1642: this must be represented as a string comprised only of hex digits.
1643: .It Fl salt
1.49 jmc 1644: Use a salt in the key derivation routines (the default).
1645: When the salt is being used
1646: the first eight bytes of the encrypted data are reserved for the salt:
1647: it is randomly generated when encrypting a file and read from the
1648: encrypted file when it is decrypted.
1.1 jsing 1649: .El
1650: .Sh ERRSTR
1651: .Nm openssl errstr
1652: .Op Fl stats
1653: .Ar errno ...
1654: .Pp
1655: The
1656: .Nm errstr
1657: command performs error number to error string conversion,
1658: generating a human-readable string representing the error code
1659: .Ar errno .
1660: The string is obtained through the
1661: .Xr ERR_error_string_n 3
1662: function and has the following format:
1663: .Pp
1664: .Dl error:[error code]:[library name]:[function name]:[reason string]
1665: .Pp
1666: .Bq error code
1667: is an 8-digit hexadecimal number.
1668: The remaining fields
1669: .Bq library name ,
1670: .Bq function name ,
1671: and
1672: .Bq reason string
1673: are all ASCII text.
1674: .Pp
1675: The options are as follows:
1676: .Bl -tag -width Ds
1677: .It Fl stats
1678: Print debugging statistics about various aspects of the hash table.
1679: .El
1680: .Sh GENDSA
1681: .nr nS 1
1682: .Nm "openssl gendsa"
1683: .Oo
1684: .Fl aes128 | aes192 | aes256 |
1.101 ! inoguchi 1685: .Fl camellia128 | camellia192 | camellia256 |
! 1686: .Fl des | des3 |
! 1687: .Fl idea
1.1 jsing 1688: .Oc
1689: .Op Fl out Ar file
1.101 ! inoguchi 1690: .Op Fl passout Ar arg
! 1691: .Ar paramfile
1.1 jsing 1692: .nr nS 0
1693: .Pp
1694: The
1695: .Nm gendsa
1696: command generates a DSA private key from a DSA parameter file
1.51 jmc 1697: (typically generated by the
1.1 jsing 1698: .Nm openssl dsaparam
1699: command).
1.51 jmc 1700: DSA key generation is little more than random number generation so it is
1701: much quicker than,
1702: for example,
1703: RSA key generation.
1.1 jsing 1704: .Pp
1705: The options are as follows:
1706: .Bl -tag -width Ds
1707: .It Xo
1708: .Fl aes128 | aes192 | aes256 |
1.101 ! inoguchi 1709: .Fl camellia128 | camellia192 | camellia256 |
! 1710: .Fl des | des3 |
! 1711: .Fl idea
1.1 jsing 1712: .Xc
1.101 ! inoguchi 1713: Encrypt the private key with the AES, CAMELLIA, DES, triple DES
! 1714: or the IDEA ciphers, respectively, before outputting it.
1.1 jsing 1715: A pass phrase is prompted for.
1716: If none of these options are specified, no encryption is used.
1717: .It Fl out Ar file
1.51 jmc 1718: The output file to write to,
1.57 jmc 1719: or standard output if not specified.
1.101 ! inoguchi 1720: .It Fl passout Ar arg
! 1721: The output file password source.
1.1 jsing 1722: .It Ar paramfile
1.51 jmc 1723: Specify the DSA parameter file to use.
1.1 jsing 1724: The parameters in this file determine the size of the private key.
1725: .El
1726: .Sh GENPKEY
1727: .nr nS 1
1728: .Nm "openssl genpkey"
1729: .Op Fl algorithm Ar alg
1730: .Op Ar cipher
1731: .Op Fl genparam
1732: .Op Fl out Ar file
1.52 jmc 1733: .Op Fl outform Cm der | pem
1.1 jsing 1734: .Op Fl paramfile Ar file
1735: .Op Fl pass Ar arg
1736: .Op Fl pkeyopt Ar opt : Ns Ar value
1737: .Op Fl text
1738: .nr nS 0
1739: .Pp
1740: The
1741: .Nm genpkey
1742: command generates private keys.
1743: The use of this
1744: program is encouraged over the algorithm specific utilities
1.22 bcook 1745: because additional algorithm options can be used.
1.1 jsing 1746: .Pp
1747: The options are as follows:
1748: .Bl -tag -width Ds
1749: .It Fl algorithm Ar alg
1750: The public key algorithm to use,
1751: such as RSA, DSA, or DH.
1.52 jmc 1752: This option must precede any
1.1 jsing 1753: .Fl pkeyopt
1754: options.
1755: The options
1756: .Fl paramfile
1757: and
1758: .Fl algorithm
1759: are mutually exclusive.
1760: .It Ar cipher
1761: Encrypt the private key with the supplied cipher.
1762: Any algorithm name accepted by
1.52 jmc 1763: .Xr EVP_get_cipherbyname 3
1764: is acceptable.
1.1 jsing 1765: .It Fl genparam
1766: Generate a set of parameters instead of a private key.
1.52 jmc 1767: This option must precede any
1.1 jsing 1768: .Fl algorithm ,
1769: .Fl paramfile ,
1770: or
1771: .Fl pkeyopt
1772: options.
1773: .It Fl out Ar file
1.52 jmc 1774: The output file to write to,
1.57 jmc 1775: or standard output if not specified.
1.52 jmc 1776: .It Fl outform Cm der | pem
1777: The output format.
1.1 jsing 1778: .It Fl paramfile Ar file
1.52 jmc 1779: Some public key algorithms generate a private key based on a set of parameters,
1780: which can be supplied using this option.
1.1 jsing 1781: If this option is used the public key
1782: algorithm used is determined by the parameters.
1.52 jmc 1783: This option must precede any
1.1 jsing 1784: .Fl pkeyopt
1785: options.
1786: The options
1787: .Fl paramfile
1788: and
1789: .Fl algorithm
1790: are mutually exclusive.
1791: .It Fl pass Ar arg
1792: The output file password source.
1793: .It Fl pkeyopt Ar opt : Ns Ar value
1794: Set the public key algorithm option
1795: .Ar opt
1796: to
1.52 jmc 1797: .Ar value ,
1798: as follows:
1.1 jsing 1799: .Bl -tag -width Ds -offset indent
1800: .It rsa_keygen_bits : Ns Ar numbits
1801: (RSA)
1802: The number of bits in the generated key.
1.52 jmc 1803: The default is 2048.
1.1 jsing 1804: .It rsa_keygen_pubexp : Ns Ar value
1805: (RSA)
1806: The RSA public exponent value.
1807: This can be a large decimal or hexadecimal value if preceded by 0x.
1.52 jmc 1808: The default is 65537.
1.1 jsing 1809: .It dsa_paramgen_bits : Ns Ar numbits
1810: (DSA)
1811: The number of bits in the generated parameters.
1.52 jmc 1812: The default is 1024.
1.1 jsing 1813: .It dh_paramgen_prime_len : Ns Ar numbits
1814: (DH)
1815: The number of bits in the prime parameter
1816: .Ar p .
1817: .It dh_paramgen_generator : Ns Ar value
1818: (DH)
1819: The value to use for the generator
1820: .Ar g .
1821: .It ec_paramgen_curve : Ns Ar curve
1822: (EC)
1823: The EC curve to use.
1824: .El
1.52 jmc 1825: .It Fl text
1.64 jmc 1826: Print the private/public key in plain text.
1.52 jmc 1827: .El
1.1 jsing 1828: .Sh GENRSA
1829: .nr nS 1
1830: .Nm "openssl genrsa"
1831: .Op Fl 3 | f4
1.53 jmc 1832: .Op Fl aes128 | aes192 | aes256 | des | des3
1.1 jsing 1833: .Op Fl out Ar file
1834: .Op Fl passout Ar arg
1835: .Op Ar numbits
1836: .nr nS 0
1837: .Pp
1838: The
1839: .Nm genrsa
1.53 jmc 1840: command generates an RSA private key,
1841: which essentially involves the generation of two prime numbers.
1842: When generating the key,
1843: various symbols will be output to indicate the progress of the generation.
1844: A
1845: .Sq \&.
1846: represents each number which has passed an initial sieve test;
1847: .Sq +
1848: means a number has passed a single round of the Miller-Rabin primality test.
1849: A newline means that the number has passed all the prime tests
1850: (the actual number depends on the key size).
1.1 jsing 1851: .Pp
1852: The options are as follows:
1853: .Bl -tag -width Ds
1854: .It Fl 3 | f4
1855: The public exponent to use, either 3 or 65537.
1856: The default is 65537.
1.53 jmc 1857: .It Fl aes128 | aes192 | aes256 | des | des3
1858: Encrypt the private key with the AES, DES,
1.1 jsing 1859: or the triple DES ciphers, respectively, before outputting it.
1860: If none of these options are specified, no encryption is used.
1861: If encryption is used, a pass phrase is prompted for,
1862: if it is not supplied via the
1863: .Fl passout
1864: option.
1865: .It Fl out Ar file
1.53 jmc 1866: The output file to write to,
1.57 jmc 1867: or standard output if not specified.
1.1 jsing 1868: .It Fl passout Ar arg
1869: The output file password source.
1870: .It Ar numbits
1871: The size of the private key to generate in bits.
1872: This must be the last option specified.
1873: The default is 2048.
1874: .El
1875: .Sh NSEQ
1876: .Nm openssl nseq
1877: .Op Fl in Ar file
1878: .Op Fl out Ar file
1879: .Op Fl toseq
1880: .Pp
1881: The
1882: .Nm nseq
1.54 jmc 1883: command takes a file containing a Netscape certificate sequence
1884: (an alternative to the standard PKCS#7 format)
1885: and prints out the certificates contained in it,
1886: or takes a file of certificates
1887: and converts it into a Netscape certificate sequence.
1888: .Pp
1.1 jsing 1889: The options are as follows:
1890: .Bl -tag -width Ds
1891: .It Fl in Ar file
1.54 jmc 1892: The input file to read from,
1893: or standard input if not specified.
1.1 jsing 1894: .It Fl out Ar file
1.54 jmc 1895: The output file to write to,
1896: or standard output if not specified.
1.1 jsing 1897: .It Fl toseq
1898: Normally, a Netscape certificate sequence will be input and the output
1899: is the certificates contained in it.
1900: With the
1901: .Fl toseq
1902: option the situation is reversed:
1903: a Netscape certificate sequence is created from a file of certificates.
1904: .El
1905: .Sh OCSP
1906: .nr nS 1
1907: .Nm "openssl ocsp"
1908: .Op Fl CA Ar file
1909: .Op Fl CAfile Ar file
1910: .Op Fl CApath Ar directory
1911: .Op Fl cert Ar file
1912: .Op Fl dgst Ar alg
1.55 jmc 1913: .Op Fl host Ar hostname : Ns Ar port
1.1 jsing 1914: .Op Fl index Ar indexfile
1915: .Op Fl issuer Ar file
1916: .Op Fl ndays Ar days
1917: .Op Fl nmin Ar minutes
1918: .Op Fl no_cert_checks
1919: .Op Fl no_cert_verify
1920: .Op Fl no_certs
1921: .Op Fl no_chain
1922: .Op Fl no_intern
1923: .Op Fl no_nonce
1924: .Op Fl no_signature_verify
1925: .Op Fl nonce
1926: .Op Fl noverify
1927: .Op Fl nrequest Ar number
1928: .Op Fl out Ar file
1929: .Op Fl path Ar path
1930: .Op Fl port Ar portnum
1931: .Op Fl req_text
1932: .Op Fl reqin Ar file
1933: .Op Fl reqout Ar file
1934: .Op Fl resp_key_id
1935: .Op Fl resp_no_certs
1936: .Op Fl resp_text
1937: .Op Fl respin Ar file
1938: .Op Fl respout Ar file
1939: .Op Fl rkey Ar file
1940: .Op Fl rother Ar file
1941: .Op Fl rsigner Ar file
1942: .Op Fl serial Ar number
1943: .Op Fl sign_other Ar file
1944: .Op Fl signer Ar file
1945: .Op Fl signkey Ar file
1946: .Op Fl status_age Ar age
1947: .Op Fl text
1948: .Op Fl trust_other
1949: .Op Fl url Ar responder_url
1950: .Op Fl VAfile Ar file
1951: .Op Fl validity_period Ar nsec
1952: .Op Fl verify_other Ar file
1953: .nr nS 0
1954: .Pp
1.55 jmc 1955: The Online Certificate Status Protocol (OCSP)
1956: enables applications to determine the (revocation) state
1957: of an identified certificate (RFC 2560).
1.1 jsing 1958: .Pp
1959: The
1960: .Nm ocsp
1961: command performs many common OCSP tasks.
1962: It can be used to print out requests and responses,
1963: create requests and send queries to an OCSP responder,
1964: and behave like a mini OCSP server itself.
1965: .Pp
1966: The options are as follows:
1967: .Bl -tag -width Ds
1968: .It Fl CAfile Ar file , Fl CApath Ar directory
1.55 jmc 1969: A file or path containing trusted CA certificates,
1970: used to verify the signature on the OCSP response.
1.1 jsing 1971: .It Fl cert Ar file
1972: Add the certificate
1973: .Ar file
1974: to the request.
1975: The issuer certificate is taken from the previous
1976: .Fl issuer
1977: option, or an error occurs if no issuer certificate is specified.
1978: .It Fl dgst Ar alg
1.55 jmc 1979: Use the digest algorithm
1980: .Ar alg
1981: for certificate identification in the OCSP request.
1.1 jsing 1982: By default SHA-1 is used.
1983: .It Xo
1984: .Fl host Ar hostname : Ns Ar port ,
1985: .Fl path Ar path
1986: .Xc
1.55 jmc 1987: Send
1988: the OCSP request to
1.1 jsing 1989: .Ar hostname
1.55 jmc 1990: on
1.1 jsing 1991: .Ar port .
1992: .Fl path
1993: specifies the HTTP path name to use, or
1.55 jmc 1994: .Pa /
1.1 jsing 1995: by default.
1996: .It Fl issuer Ar file
1.81 jmc 1997: The current issuer certificate, in PEM format.
1998: Can be used multiple times and must come before any
1.1 jsing 1999: .Fl cert
2000: options.
2001: .It Fl no_cert_checks
2002: Don't perform any additional checks on the OCSP response signer's certificate.
2003: That is, do not make any checks to see if the signer's certificate is
2004: authorised to provide the necessary status information:
2005: as a result this option should only be used for testing purposes.
2006: .It Fl no_cert_verify
2007: Don't verify the OCSP response signer's certificate at all.
2008: Since this option allows the OCSP response to be signed by any certificate,
2009: it should only be used for testing purposes.
2010: .It Fl no_certs
1.55 jmc 2011: Don't include any certificates in the signed request.
1.1 jsing 2012: .It Fl no_chain
2013: Do not use certificates in the response as additional untrusted CA
2014: certificates.
2015: .It Fl no_intern
2016: Ignore certificates contained in the OCSP response
2017: when searching for the signer's certificate.
1.55 jmc 2018: The signer's certificate must be specified with either the
1.1 jsing 2019: .Fl verify_other
2020: or
2021: .Fl VAfile
2022: options.
2023: .It Fl no_signature_verify
2024: Don't check the signature on the OCSP response.
2025: Since this option tolerates invalid signatures on OCSP responses,
2026: it will normally only be used for testing purposes.
2027: .It Fl nonce , no_nonce
1.55 jmc 2028: Add an OCSP nonce extension to a request,
2029: or disable an OCSP nonce addition.
1.1 jsing 2030: Normally, if an OCSP request is input using the
2031: .Fl respin
1.55 jmc 2032: option no nonce is added:
1.1 jsing 2033: using the
2034: .Fl nonce
1.55 jmc 2035: option will force the addition of a nonce.
1.1 jsing 2036: If an OCSP request is being created (using the
2037: .Fl cert
2038: and
2039: .Fl serial
2040: options)
1.55 jmc 2041: a nonce is automatically added; specifying
1.1 jsing 2042: .Fl no_nonce
2043: overrides this.
2044: .It Fl noverify
1.55 jmc 2045: Don't attempt to verify the OCSP response signature or the nonce values.
2046: This is normally only be used for debugging
1.1 jsing 2047: since it disables all verification of the responder's certificate.
2048: .It Fl out Ar file
1.55 jmc 2049: Specify the output file to write to,
1.57 jmc 2050: or standard output if not specified.
1.1 jsing 2051: .It Fl req_text , resp_text , text
2052: Print out the text form of the OCSP request, response, or both, respectively.
2053: .It Fl reqin Ar file , Fl respin Ar file
2054: Read an OCSP request or response file from
2055: .Ar file .
2056: These options are ignored
2057: if an OCSP request or response creation is implied by other options
2058: (for example with the
2059: .Fl serial , cert ,
2060: and
2061: .Fl host
2062: options).
2063: .It Fl reqout Ar file , Fl respout Ar file
2064: Write out the DER-encoded certificate request or response to
2065: .Ar file .
2066: .It Fl serial Ar num
2067: Same as the
2068: .Fl cert
2069: option except the certificate with serial number
2070: .Ar num
2071: is added to the request.
2072: The serial number is interpreted as a decimal integer unless preceded by
2073: .Sq 0x .
1.55 jmc 2074: Negative integers can also be specified
2075: by preceding the value with a minus sign.
1.1 jsing 2076: .It Fl sign_other Ar file
2077: Additional certificates to include in the signed request.
2078: .It Fl signer Ar file , Fl signkey Ar file
2079: Sign the OCSP request using the certificate specified in the
2080: .Fl signer
2081: option and the private key specified by the
2082: .Fl signkey
2083: option.
2084: If the
2085: .Fl signkey
2086: option is not present, then the private key is read from the same file
2087: as the certificate.
2088: If neither option is specified, the OCSP request is not signed.
2089: .It Fl trust_other
2090: The certificates specified by the
2091: .Fl verify_other
2092: option should be explicitly trusted and no additional checks will be
2093: performed on them.
2094: This is useful when the complete responder certificate chain is not available
2095: or trusting a root CA is not appropriate.
2096: .It Fl url Ar responder_url
2097: Specify the responder URL.
2098: Both HTTP and HTTPS
2099: .Pq SSL/TLS
2100: URLs can be specified.
2101: .It Fl VAfile Ar file
1.55 jmc 2102: A file containing explicitly trusted responder certificates.
1.1 jsing 2103: Equivalent to the
2104: .Fl verify_other
2105: and
2106: .Fl trust_other
2107: options.
2108: .It Fl validity_period Ar nsec , Fl status_age Ar age
1.55 jmc 2109: The range of times, in seconds, which will be tolerated in an OCSP response.
2110: Each certificate status response includes a notBefore time
2111: and an optional notAfter time.
1.1 jsing 2112: The current time should fall between these two values,
2113: but the interval between the two times may be only a few seconds.
2114: In practice the OCSP responder and clients' clocks may not be precisely
2115: synchronised and so such a check may fail.
2116: To avoid this the
2117: .Fl validity_period
2118: option can be used to specify an acceptable error range in seconds,
1.55 jmc 2119: the default value being 5 minutes.
1.1 jsing 2120: .Pp
1.55 jmc 2121: If the notAfter time is omitted from a response,
2122: it means that new status information is immediately available.
2123: In this case the age of the notBefore field is checked
2124: to see it is not older than
1.1 jsing 2125: .Ar age
2126: seconds old.
2127: By default, this additional check is not performed.
2128: .It Fl verify_other Ar file
1.55 jmc 2129: A file containing additional certificates to search
2130: when attempting to locate the OCSP response signing certificate.
2131: Some responders omit the actual signer's certificate from the response,
2132: so this can be used to supply the necessary certificate.
1.1 jsing 2133: .El
1.55 jmc 2134: .Pp
2135: The options for the OCSP server are as follows:
1.1 jsing 2136: .Bl -tag -width "XXXX"
2137: .It Fl CA Ar file
2138: CA certificate corresponding to the revocation information in
2139: .Ar indexfile .
2140: .It Fl index Ar indexfile
2141: .Ar indexfile
1.55 jmc 2142: is a text index file in ca format
2143: containing certificate revocation information.
1.1 jsing 2144: .Pp
1.55 jmc 2145: If this option is specified,
1.1 jsing 2146: .Nm ocsp
1.55 jmc 2147: is in responder mode, otherwise it is in client mode.
2148: The requests the responder processes can be either specified on
1.1 jsing 2149: the command line (using the
2150: .Fl issuer
2151: and
2152: .Fl serial
2153: options), supplied in a file (using the
2154: .Fl respin
1.55 jmc 2155: option), or via external OCSP clients (if
1.1 jsing 2156: .Ar port
2157: or
2158: .Ar url
2159: is specified).
2160: .Pp
1.55 jmc 2161: If this option is present, then the
1.1 jsing 2162: .Fl CA
2163: and
2164: .Fl rsigner
2165: options must also be present.
2166: .It Fl nmin Ar minutes , Fl ndays Ar days
2167: Number of
2168: .Ar minutes
2169: or
2170: .Ar days
1.55 jmc 2171: when fresh revocation information is available:
2172: used in the nextUpdate field.
2173: If neither option is present,
2174: the nextUpdate field is omitted,
2175: meaning fresh revocation information is immediately available.
1.1 jsing 2176: .It Fl nrequest Ar number
1.55 jmc 2177: Exit after receiving
1.1 jsing 2178: .Ar number
1.55 jmc 2179: requests (the default is unlimited).
1.1 jsing 2180: .It Fl port Ar portnum
2181: Port to listen for OCSP requests on.
1.55 jmc 2182: May also be specified using the
1.1 jsing 2183: .Fl url
2184: option.
2185: .It Fl resp_key_id
2186: Identify the signer certificate using the key ID;
1.55 jmc 2187: the default is to use the subject name.
1.1 jsing 2188: .It Fl resp_no_certs
2189: Don't include any certificates in the OCSP response.
2190: .It Fl rkey Ar file
2191: The private key to sign OCSP responses with;
2192: if not present, the file specified in the
2193: .Fl rsigner
2194: option is used.
2195: .It Fl rother Ar file
2196: Additional certificates to include in the OCSP response.
2197: .It Fl rsigner Ar file
2198: The certificate to sign OCSP responses with.
2199: .El
2200: .Pp
2201: Initially the OCSP responder certificate is located and the signature on
2202: the OCSP request checked using the responder certificate's public key.
2203: Then a normal certificate verify is performed on the OCSP responder certificate
2204: building up a certificate chain in the process.
2205: The locations of the trusted certificates used to build the chain can be
2206: specified by the
2207: .Fl CAfile
2208: and
2209: .Fl CApath
2210: options or they will be looked for in the standard
1.55 jmc 2211: .Nm openssl
2212: certificates directory.
1.1 jsing 2213: .Pp
1.55 jmc 2214: If the initial verify fails, the OCSP verify process halts with an error.
1.1 jsing 2215: Otherwise the issuing CA certificate in the request is compared to the OCSP
2216: responder certificate: if there is a match then the OCSP verify succeeds.
2217: .Pp
2218: Otherwise the OCSP responder certificate's CA is checked against the issuing
2219: CA certificate in the request.
2220: If there is a match and the OCSPSigning extended key usage is present
2221: in the OCSP responder certificate, then the OCSP verify succeeds.
2222: .Pp
2223: Otherwise the root CA of the OCSP responder's CA is checked to see if it
2224: is trusted for OCSP signing.
2225: If it is, the OCSP verify succeeds.
2226: .Pp
2227: If none of these checks is successful, the OCSP verify fails.
2228: What this effectively means is that if the OCSP responder certificate is
2229: authorised directly by the CA it is issuing revocation information about
1.55 jmc 2230: (and it is correctly configured),
1.1 jsing 2231: then verification will succeed.
2232: .Pp
1.55 jmc 2233: If the OCSP responder is a global responder,
2234: which can give details about multiple CAs
2235: and has its own separate certificate chain,
2236: then its root CA can be trusted for OCSP signing.
1.1 jsing 2237: Alternatively, the responder certificate itself can be explicitly trusted
2238: with the
2239: .Fl VAfile
2240: option.
2241: .Sh PASSWD
2242: .nr nS 1
2243: .Nm "openssl passwd"
2244: .Op Fl 1 | apr1 | crypt
2245: .Op Fl in Ar file
2246: .Op Fl noverify
2247: .Op Fl quiet
2248: .Op Fl reverse
2249: .Op Fl salt Ar string
2250: .Op Fl stdin
2251: .Op Fl table
2252: .Op Ar password
2253: .nr nS 0
2254: .Pp
2255: The
2256: .Nm passwd
1.56 jmc 2257: command computes the hash of a password.
1.1 jsing 2258: .Pp
2259: The options are as follows:
2260: .Bl -tag -width Ds
2261: .It Fl 1
2262: Use the MD5 based
2263: .Bx
2264: password algorithm
1.56 jmc 2265: .Qq 1 .
1.1 jsing 2266: .It Fl apr1
2267: Use the
1.56 jmc 2268: .Qq apr1
1.1 jsing 2269: algorithm
1.56 jmc 2270: .Po
2271: Apache variant of the
1.1 jsing 2272: .Bx
1.56 jmc 2273: algorithm
2274: .Pc .
1.1 jsing 2275: .It Fl crypt
2276: Use the
1.56 jmc 2277: .Qq crypt
2278: algorithm (the default).
1.1 jsing 2279: .It Fl in Ar file
2280: Read passwords from
2281: .Ar file .
2282: .It Fl noverify
2283: Don't verify when reading a password from the terminal.
2284: .It Fl quiet
2285: Don't output warnings when passwords given on the command line are truncated.
2286: .It Fl reverse
2287: Switch table columns.
2288: This only makes sense in conjunction with the
2289: .Fl table
2290: option.
2291: .It Fl salt Ar string
1.56 jmc 2292: Use the salt specified by
2293: .Ar string .
1.1 jsing 2294: When reading a password from the terminal, this implies
2295: .Fl noverify .
2296: .It Fl stdin
1.56 jmc 2297: Read passwords from standard input.
1.1 jsing 2298: .It Fl table
2299: In the output list, prepend the cleartext password and a TAB character
2300: to each password hash.
2301: .El
2302: .Sh PKCS7
2303: .nr nS 1
2304: .Nm "openssl pkcs7"
2305: .Op Fl in Ar file
1.57 jmc 2306: .Op Fl inform Cm der | pem
1.1 jsing 2307: .Op Fl noout
2308: .Op Fl out Ar file
1.57 jmc 2309: .Op Fl outform Cm der | pem
1.1 jsing 2310: .Op Fl print_certs
2311: .Op Fl text
2312: .nr nS 0
2313: .Pp
2314: The
2315: .Nm pkcs7
2316: command processes PKCS#7 files in DER or PEM format.
1.57 jmc 2317: The PKCS#7 routines only understand PKCS#7 v 1.5 as specified in RFC 2315.
2318: .Pp
1.1 jsing 2319: The options are as follows:
2320: .Bl -tag -width Ds
2321: .It Fl in Ar file
1.57 jmc 2322: The input file to read from,
2323: or standard input if not specified.
2324: .It Fl inform Cm der | pem
2325: The input format.
1.1 jsing 2326: .It Fl noout
2327: Don't output the encoded version of the PKCS#7 structure
2328: (or certificates if
2329: .Fl print_certs
2330: is set).
2331: .It Fl out Ar file
1.57 jmc 2332: The output to write to,
2333: or standard output if not specified.
2334: .It Fl outform Cm der | pem
2335: The output format.
1.1 jsing 2336: .It Fl print_certs
1.57 jmc 2337: Print any certificates or CRLs contained in the file,
2338: preceded by their subject and issuer names in a one-line format.
1.1 jsing 2339: .It Fl text
1.57 jmc 2340: Print certificate details in full rather than just subject and issuer names.
1.1 jsing 2341: .El
2342: .Sh PKCS8
2343: .nr nS 1
2344: .Nm "openssl pkcs8"
2345: .Op Fl in Ar file
1.58 jmc 2346: .Op Fl inform Cm der | pem
1.1 jsing 2347: .Op Fl nocrypt
2348: .Op Fl noiter
2349: .Op Fl out Ar file
1.58 jmc 2350: .Op Fl outform Cm der | pem
1.1 jsing 2351: .Op Fl passin Ar arg
2352: .Op Fl passout Ar arg
2353: .Op Fl topk8
2354: .Op Fl v1 Ar alg
2355: .Op Fl v2 Ar alg
2356: .nr nS 0
2357: .Pp
2358: The
2359: .Nm pkcs8
1.58 jmc 2360: command processes private keys
2361: (both encrypted and unencrypted)
2362: in PKCS#8 format
2363: with a variety of PKCS#5 (v1.5 and v2.0) and PKCS#12 algorithms.
2364: The default encryption is only 56 bits;
2365: keys encrypted using PKCS#5 v2.0 algorithms and high iteration counts
2366: are more secure.
2367: .Pp
1.1 jsing 2368: The options are as follows:
2369: .Bl -tag -width Ds
2370: .It Fl in Ar file
1.58 jmc 2371: The input file to read from,
2372: or standard input if not specified.
1.1 jsing 2373: If the key is encrypted, a pass phrase will be prompted for.
1.58 jmc 2374: .It Fl inform Cm der | pem
2375: The input format.
1.1 jsing 2376: .It Fl nocrypt
1.58 jmc 2377: Generate an unencrypted PrivateKeyInfo structure.
2378: This option does not encrypt private keys at all
2379: and should only be used when absolutely necessary.
1.1 jsing 2380: .It Fl noiter
2381: Use an iteration count of 1.
2382: See the
2383: .Sx PKCS12
2384: section below for a detailed explanation of this option.
2385: .It Fl out Ar file
1.58 jmc 2386: The output file to write to,
2387: or standard output if none is specified.
1.1 jsing 2388: If any encryption options are set, a pass phrase will be prompted for.
1.58 jmc 2389: .It Fl outform Cm der | pem
2390: The output format.
1.1 jsing 2391: .It Fl passin Ar arg
2392: The key password source.
2393: .It Fl passout Ar arg
2394: The output file password source.
2395: .It Fl topk8
1.58 jmc 2396: Read a traditional format private key and write a PKCS#8 format key.
1.1 jsing 2397: .It Fl v1 Ar alg
1.58 jmc 2398: Specify a PKCS#5 v1.5 or PKCS#12 algorithm to use.
2399: .Pp
2400: .Bl -tag -width "XXXX" -compact
2401: .It PBE-MD5-DES
2402: 56-bit DES.
2403: .It PBE-SHA1-RC2-64 | PBE-MD5-RC2-64 | PBE-SHA1-DES
2404: 64-bit RC2 or 56-bit DES.
2405: .It PBE-SHA1-RC4-128 | PBE-SHA1-RC4-40 | PBE-SHA1-3DES
2406: .It PBE-SHA1-2DES | PBE-SHA1-RC2-128 | PBE-SHA1-RC2-40
2407: PKCS#12 password-based encryption algorithm,
2408: which allow strong encryption algorithms like triple DES or 128-bit RC2.
2409: .El
1.1 jsing 2410: .It Fl v2 Ar alg
1.58 jmc 2411: Use PKCS#5 v2.0 algorithms.
2412: Supports algorithms such as 168-bit triple DES or 128-bit RC2,
2413: however not many implementations support PKCS#5 v2.0 yet
2414: (if using private keys with
2415: .Nm openssl
2416: this doesn't matter).
1.1 jsing 2417: .Pp
2418: .Ar alg
1.58 jmc 2419: is the encryption algorithm to use;
2420: valid values include des, des3, and rc2.
2421: It is recommended that des3 is used.
1.1 jsing 2422: .El
2423: .Sh PKCS12
2424: .nr nS 1
2425: .Nm "openssl pkcs12"
1.59 jmc 2426: .Op Fl aes128 | aes192 | aes256 | des | des3
1.1 jsing 2427: .Op Fl cacerts
2428: .Op Fl CAfile Ar file
2429: .Op Fl caname Ar name
2430: .Op Fl CApath Ar directory
2431: .Op Fl certfile Ar file
2432: .Op Fl certpbe Ar alg
2433: .Op Fl chain
2434: .Op Fl clcerts
2435: .Op Fl CSP Ar name
2436: .Op Fl descert
2437: .Op Fl export
2438: .Op Fl in Ar file
2439: .Op Fl info
2440: .Op Fl inkey Ar file
2441: .Op Fl keyex
2442: .Op Fl keypbe Ar alg
2443: .Op Fl keysig
2444: .Op Fl macalg Ar alg
2445: .Op Fl maciter
2446: .Op Fl name Ar name
2447: .Op Fl nocerts
2448: .Op Fl nodes
2449: .Op Fl noiter
2450: .Op Fl nokeys
2451: .Op Fl nomac
2452: .Op Fl nomaciter
2453: .Op Fl nomacver
2454: .Op Fl noout
2455: .Op Fl out Ar file
2456: .Op Fl passin Ar arg
2457: .Op Fl passout Ar arg
2458: .Op Fl twopass
2459: .nr nS 0
2460: .Pp
2461: The
2462: .Nm pkcs12
2463: command allows PKCS#12 files
2464: .Pq sometimes referred to as PFX files
2465: to be created and parsed.
2466: By default, a PKCS#12 file is parsed;
2467: a PKCS#12 file can be created by using the
2468: .Fl export
1.59 jmc 2469: option.
2470: .Pp
2471: The options for parsing a PKCS12 file are as follows:
1.1 jsing 2472: .Bl -tag -width "XXXX"
1.59 jmc 2473: .It Fl aes128 | aes192 | aes256 | des | des3
2474: Encrypt private keys
2475: using AES, DES, or triple DES, respectively.
1.1 jsing 2476: The default is triple DES.
2477: .It Fl cacerts
2478: Only output CA certificates
2479: .Pq not client certificates .
2480: .It Fl clcerts
2481: Only output client certificates
2482: .Pq not CA certificates .
2483: .It Fl in Ar file
1.59 jmc 2484: The input file to read from,
2485: or standard input if not specified.
1.1 jsing 2486: .It Fl info
2487: Output additional information about the PKCS#12 file structure,
2488: algorithms used, and iteration counts.
2489: .It Fl nocerts
1.59 jmc 2490: Do not output certificates.
1.1 jsing 2491: .It Fl nodes
1.59 jmc 2492: Do not encrypt private keys.
1.1 jsing 2493: .It Fl nokeys
1.59 jmc 2494: Do not output private keys.
1.1 jsing 2495: .It Fl nomacver
1.59 jmc 2496: Do not attempt to verify the integrity MAC before reading the file.
1.1 jsing 2497: .It Fl noout
1.59 jmc 2498: Do not output the keys and certificates to the output file
1.1 jsing 2499: version of the PKCS#12 file.
2500: .It Fl out Ar file
1.59 jmc 2501: The output file to write to,
2502: or standard output if not specified.
1.1 jsing 2503: .It Fl passin Ar arg
2504: The key password source.
2505: .It Fl passout Ar arg
2506: The output file password source.
2507: .It Fl twopass
2508: Prompt for separate integrity and encryption passwords: most software
2509: always assumes these are the same so this option will render such
2510: PKCS#12 files unreadable.
2511: .El
1.59 jmc 2512: .Pp
2513: The options for PKCS12 file creation are as follows:
1.1 jsing 2514: .Bl -tag -width "XXXX"
2515: .It Fl CAfile Ar file
2516: CA storage as a file.
2517: .It Fl CApath Ar directory
2518: CA storage as a directory.
1.59 jmc 2519: The directory must be a standard certificate directory:
1.1 jsing 2520: that is, a hash of each subject name (using
1.59 jmc 2521: .Nm x509 Fl hash )
1.1 jsing 2522: should be linked to each certificate.
2523: .It Fl caname Ar name
1.59 jmc 2524: Specify the
1.1 jsing 2525: .Qq friendly name
2526: for other certificates.
1.59 jmc 2527: May be used multiple times to specify names for all certificates
1.1 jsing 2528: in the order they appear.
2529: .It Fl certfile Ar file
2530: A file to read additional certificates from.
2531: .It Fl certpbe Ar alg , Fl keypbe Ar alg
1.59 jmc 2532: Specify the algorithm used to encrypt the private key and
1.1 jsing 2533: certificates to be selected.
1.59 jmc 2534: Any PKCS#5 v1.5 or PKCS#12 PBE algorithm name can be used.
1.1 jsing 2535: If a cipher name
2536: (as output by the
2537: .Cm list-cipher-algorithms
2538: command) is specified then it
2539: is used with PKCS#5 v2.0.
2540: For interoperability reasons it is advisable to only use PKCS#12 algorithms.
2541: .It Fl chain
1.59 jmc 2542: Include the entire certificate chain of the user certificate.
1.1 jsing 2543: The standard CA store is used for this search.
2544: If the search fails, it is considered a fatal error.
2545: .It Fl CSP Ar name
2546: Write
2547: .Ar name
2548: as a Microsoft CSP name.
2549: .It Fl descert
2550: Encrypt the certificate using triple DES; this may render the PKCS#12
2551: file unreadable by some
2552: .Qq export grade
2553: software.
2554: By default, the private key is encrypted using triple DES and the
2555: certificate using 40-bit RC2.
2556: .It Fl export
1.59 jmc 2557: Create a PKCS#12 file (rather than parsing one).
1.1 jsing 2558: .It Fl in Ar file
1.59 jmc 2559: The input file to read from,
1.81 jmc 2560: or standard input if not specified.
1.1 jsing 2561: The order doesn't matter but one private key and its corresponding
2562: certificate should be present.
2563: If additional certificates are present, they will also be included
2564: in the PKCS#12 file.
2565: .It Fl inkey Ar file
1.59 jmc 2566: File to read a private key from.
1.1 jsing 2567: If not present, a private key must be present in the input file.
2568: .It Fl keyex | keysig
1.59 jmc 2569: Specify whether the private key is to be used for key exchange or just signing.
1.1 jsing 2570: Normally,
2571: .Qq export grade
2572: software will only allow 512-bit RSA keys to be
2573: used for encryption purposes, but arbitrary length keys for signing.
2574: The
2575: .Fl keysig
2576: option marks the key for signing only.
2577: Signing only keys can be used for S/MIME signing, authenticode
1.66 jmc 2578: (ActiveX control signing)
1.59 jmc 2579: and SSL client authentication.
1.1 jsing 2580: .It Fl macalg Ar alg
2581: Specify the MAC digest algorithm.
1.59 jmc 2582: The default is SHA1.
1.1 jsing 2583: .It Fl maciter
1.66 jmc 2584: Included for compatibility only:
1.59 jmc 2585: it used to be needed to use MAC iterations counts
2586: but they are now used by default.
1.1 jsing 2587: .It Fl name Ar name
1.59 jmc 2588: Specify the
1.1 jsing 2589: .Qq friendly name
2590: for the certificate and private key.
2591: This name is typically displayed in list boxes by software importing the file.
2592: .It Fl nomac
2593: Don't attempt to provide the MAC integrity.
2594: .It Fl nomaciter , noiter
1.59 jmc 2595: Affect the iteration counts on the MAC and key algorithms.
1.1 jsing 2596: .Pp
2597: To discourage attacks by using large dictionaries of common passwords,
2598: the algorithm that derives keys from passwords can have an iteration count
2599: applied to it: this causes a certain part of the algorithm to be repeated
2600: and slows it down.
2601: The MAC is used to check the file integrity but since it will normally
2602: have the same password as the keys and certificates it could also be attacked.
2603: By default, both MAC and encryption iteration counts are set to 2048;
2604: using these options the MAC and encryption iteration counts can be set to 1.
2605: Since this reduces the file security you should not use these options
2606: unless you really have to.
2607: Most software supports both MAC and key iteration counts.
2608: .It Fl out Ar file
1.59 jmc 2609: The output file to write to,
2610: or standard output if not specified.
1.1 jsing 2611: .It Fl passin Ar arg
2612: The key password source.
2613: .It Fl passout Ar arg
2614: The output file password source.
2615: .El
2616: .Sh PKEY
2617: .nr nS 1
2618: .Nm "openssl pkey"
2619: .Op Ar cipher
2620: .Op Fl in Ar file
1.60 jmc 2621: .Op Fl inform Cm der | pem
1.1 jsing 2622: .Op Fl noout
2623: .Op Fl out Ar file
1.60 jmc 2624: .Op Fl outform Cm der | pem
1.1 jsing 2625: .Op Fl passin Ar arg
2626: .Op Fl passout Ar arg
2627: .Op Fl pubin
2628: .Op Fl pubout
2629: .Op Fl text
2630: .Op Fl text_pub
2631: .nr nS 0
2632: .Pp
2633: The
2634: .Nm pkey
2635: command processes public or private keys.
2636: They can be converted between various forms
2637: and their components printed out.
2638: .Pp
2639: The options are as follows:
2640: .Bl -tag -width Ds
2641: .It Ar cipher
1.60 jmc 2642: Encrypt the private key with the specified cipher.
1.1 jsing 2643: Any algorithm name accepted by
1.60 jmc 2644: .Xr EVP_get_cipherbyname 3
1.1 jsing 2645: is acceptable, such as
2646: .Cm des3 .
2647: .It Fl in Ar file
1.60 jmc 2648: The input file to read from,
2649: or standard input if not specified.
1.1 jsing 2650: If the key is encrypted a pass phrase will be prompted for.
1.60 jmc 2651: .It Fl inform Cm der | pem
2652: The input format.
1.1 jsing 2653: .It Fl noout
2654: Do not output the encoded version of the key.
2655: .It Fl out Ar file
1.60 jmc 2656: The output file to write to,
2657: or standard output if not specified.
1.1 jsing 2658: If any encryption options are set then a pass phrase
2659: will be prompted for.
1.60 jmc 2660: .It Fl outform Cm der | pem
2661: The output format.
1.1 jsing 2662: .It Fl passin Ar arg
2663: The key password source.
2664: .It Fl passout Ar arg
2665: The output file password source.
2666: .It Fl pubin
1.60 jmc 2667: Read in a public key, not a private key.
1.1 jsing 2668: .It Fl pubout
1.60 jmc 2669: Output a public key, not a private key.
2670: Automatically set if the input is a public key.
1.1 jsing 2671: .It Fl text
1.64 jmc 2672: Print the public/private key in plain text.
1.1 jsing 2673: .It Fl text_pub
2674: Print out only public key components
2675: even if a private key is being processed.
2676: .El
2677: .Sh PKEYPARAM
2678: .Cm openssl pkeyparam
2679: .Op Fl in Ar file
2680: .Op Fl noout
2681: .Op Fl out Ar file
2682: .Op Fl text
2683: .Pp
2684: The
1.61 jmc 2685: .Nm pkeyparam
1.1 jsing 2686: command processes public or private keys.
1.61 jmc 2687: The key type is determined by the PEM headers.
1.1 jsing 2688: .Pp
2689: The options are as follows:
2690: .Bl -tag -width Ds
2691: .It Fl in Ar file
1.61 jmc 2692: The input file to read from,
2693: or standard input if not specified.
1.1 jsing 2694: .It Fl noout
2695: Do not output the encoded version of the parameters.
2696: .It Fl out Ar file
1.61 jmc 2697: The output file to write to,
2698: or standard output if not specified.
1.1 jsing 2699: .It Fl text
1.64 jmc 2700: Print the parameters in plain text.
1.1 jsing 2701: .El
2702: .Sh PKEYUTL
2703: .nr nS 1
2704: .Nm "openssl pkeyutl"
2705: .Op Fl asn1parse
2706: .Op Fl certin
2707: .Op Fl decrypt
2708: .Op Fl derive
2709: .Op Fl encrypt
2710: .Op Fl hexdump
2711: .Op Fl in Ar file
2712: .Op Fl inkey Ar file
1.62 jmc 2713: .Op Fl keyform Cm der | pem
1.1 jsing 2714: .Op Fl out Ar file
2715: .Op Fl passin Ar arg
1.62 jmc 2716: .Op Fl peerform Cm der | pem
1.1 jsing 2717: .Op Fl peerkey Ar file
2718: .Op Fl pkeyopt Ar opt : Ns Ar value
2719: .Op Fl pubin
2720: .Op Fl rev
2721: .Op Fl sigfile Ar file
2722: .Op Fl sign
2723: .Op Fl verify
2724: .Op Fl verifyrecover
2725: .nr nS 0
2726: .Pp
2727: The
2728: .Nm pkeyutl
2729: command can be used to perform public key operations using
2730: any supported algorithm.
2731: .Pp
2732: The options are as follows:
2733: .Bl -tag -width Ds
2734: .It Fl asn1parse
1.84 jmc 2735: ASN.1 parse the output data.
1.1 jsing 2736: This is useful when combined with the
2737: .Fl verifyrecover
1.84 jmc 2738: option when an ASN.1 structure is signed.
1.1 jsing 2739: .It Fl certin
2740: The input is a certificate containing a public key.
2741: .It Fl decrypt
2742: Decrypt the input data using a private key.
2743: .It Fl derive
2744: Derive a shared secret using the peer key.
2745: .It Fl encrypt
2746: Encrypt the input data using a public key.
2747: .It Fl hexdump
2748: Hex dump the output data.
2749: .It Fl in Ar file
1.62 jmc 2750: The input file to read from,
2751: or standard input if not specified.
1.1 jsing 2752: .It Fl inkey Ar file
2753: The input key file.
2754: By default it should be a private key.
1.62 jmc 2755: .It Fl keyform Cm der | pem
2756: The key format.
1.1 jsing 2757: .It Fl out Ar file
1.62 jmc 2758: The output file to write to,
2759: or standard output if not specified.
1.1 jsing 2760: .It Fl passin Ar arg
2761: The key password source.
1.62 jmc 2762: .It Fl peerform Cm der | pem
2763: The peer key format.
1.1 jsing 2764: .It Fl peerkey Ar file
2765: The peer key file, used by key derivation (agreement) operations.
2766: .It Fl pkeyopt Ar opt : Ns Ar value
1.62 jmc 2767: Set the public key algorithm option
2768: .Ar opt
2769: to
2770: .Ar value .
2771: Unless otherwise mentioned, all algorithms support the format
2772: .Ar digest : Ns Ar alg ,
2773: which specifies the digest to use
1.1 jsing 2774: for sign, verify, and verifyrecover operations.
2775: The value
2776: .Ar alg
2777: should represent a digest name as used in the
1.62 jmc 2778: .Xr EVP_get_digestbyname 3
2779: function.
2780: .Pp
1.1 jsing 2781: The RSA algorithm supports the
2782: encrypt, decrypt, sign, verify, and verifyrecover operations in general.
2783: Some padding modes only support some of these
2784: operations however.
2785: .Bl -tag -width Ds
2786: .It rsa_padding_mode : Ns Ar mode
2787: This sets the RSA padding mode.
2788: Acceptable values for
2789: .Ar mode
2790: are
2791: .Cm pkcs1
2792: for PKCS#1 padding;
2793: .Cm none
2794: for no padding;
2795: .Cm oaep
2796: for OAEP mode;
2797: .Cm x931
2798: for X9.31 mode;
2799: and
2800: .Cm pss
2801: for PSS.
2802: .Pp
2803: In PKCS#1 padding if the message digest is not set then the supplied data is
2804: signed or verified directly instead of using a DigestInfo structure.
2805: If a digest is set then a DigestInfo
2806: structure is used and its length
2807: must correspond to the digest type.
2808: For oeap mode only encryption and decryption is supported.
2809: For x931 if the digest type is set it is used to format the block data;
2810: otherwise the first byte is used to specify the X9.31 digest ID.
2811: Sign, verify, and verifyrecover can be performed in this mode.
2812: For pss mode only sign and verify are supported and the digest type must be
2813: specified.
2814: .It rsa_pss_saltlen : Ns Ar len
2815: For pss
2816: mode only this option specifies the salt length.
2817: Two special values are supported:
2818: -1 sets the salt length to the digest length.
2819: When signing -2 sets the salt length to the maximum permissible value.
2820: When verifying -2 causes the salt length to be automatically determined
2821: based on the PSS block structure.
2822: .El
1.62 jmc 2823: .Pp
1.1 jsing 2824: The DSA algorithm supports the sign and verify operations.
2825: Currently there are no additional options other than
2826: .Ar digest .
2827: Only the SHA1 digest can be used and this digest is assumed by default.
1.62 jmc 2828: .Pp
1.1 jsing 2829: The DH algorithm supports the derive operation
2830: and no additional options.
1.62 jmc 2831: .Pp
1.1 jsing 2832: The EC algorithm supports the sign, verify, and derive operations.
2833: The sign and verify operations use ECDSA and derive uses ECDH.
2834: Currently there are no additional options other than
2835: .Ar digest .
2836: Only the SHA1 digest can be used and this digest is assumed by default.
1.62 jmc 2837: .It Fl pubin
2838: The input file is a public key.
2839: .It Fl rev
2840: Reverse the order of the input buffer.
2841: .It Fl sigfile Ar file
2842: Signature file (verify operation only).
2843: .It Fl sign
2844: Sign the input data and output the signed result.
2845: This requires a private key.
2846: .It Fl verify
2847: Verify the input data against the signature file and indicate if the
2848: verification succeeded or failed.
2849: .It Fl verifyrecover
2850: Verify the input data and output the recovered data.
2851: .El
1.1 jsing 2852: .Sh PRIME
2853: .Cm openssl prime
2854: .Op Fl bits Ar n
2855: .Op Fl checks Ar n
2856: .Op Fl generate
2857: .Op Fl hex
2858: .Op Fl safe
2859: .Ar p
2860: .Pp
2861: The
2862: .Nm prime
2863: command is used to generate prime numbers,
2864: or to check numbers for primality.
2865: Results are probabilistic:
2866: they have an exceedingly high likelihood of being correct,
2867: but are not guaranteed.
2868: .Pp
2869: The options are as follows:
2870: .Bl -tag -width Ds
2871: .It Fl bits Ar n
2872: Specify the number of bits in the generated prime number.
2873: Must be used in conjunction with
2874: .Fl generate .
2875: .It Fl checks Ar n
2876: Perform a Miller-Rabin probabilistic primality test with
2877: .Ar n
2878: iterations.
2879: The default is 20.
2880: .It Fl generate
2881: Generate a pseudo-random prime number.
2882: Must be used in conjunction with
2883: .Fl bits .
2884: .It Fl hex
2885: Output in hex format.
2886: .It Fl safe
2887: Generate only
2888: .Qq safe
2889: prime numbers
2890: (i.e. a prime p so that (p-1)/2 is also prime).
2891: .It Ar p
2892: Test if number
2893: .Ar p
2894: is prime.
2895: .El
2896: .Sh RAND
2897: .nr nS 1
2898: .Nm "openssl rand"
2899: .Op Fl base64
2900: .Op Fl hex
2901: .Op Fl out Ar file
2902: .Ar num
2903: .nr nS 0
2904: .Pp
2905: The
2906: .Nm rand
2907: command outputs
2908: .Ar num
2909: pseudo-random bytes.
2910: .Pp
2911: The options are as follows:
2912: .Bl -tag -width Ds
2913: .It Fl base64
1.81 jmc 2914: Perform base64 encoding on the output.
1.1 jsing 2915: .It Fl hex
2916: Specify hexadecimal output.
2917: .It Fl out Ar file
1.63 jmc 2918: The output file to write to,
2919: or standard output if not specified.
1.1 jsing 2920: .El
2921: .Sh REQ
2922: .nr nS 1
2923: .Nm "openssl req"
2924: .Op Fl asn1-kludge
2925: .Op Fl batch
2926: .Op Fl config Ar file
2927: .Op Fl days Ar n
2928: .Op Fl extensions Ar section
2929: .Op Fl in Ar file
1.63 jmc 2930: .Op Fl inform Cm der | pem
1.1 jsing 2931: .Op Fl key Ar keyfile
1.63 jmc 2932: .Op Fl keyform Cm der | pem
1.1 jsing 2933: .Op Fl keyout Ar file
1.28 doug 2934: .Op Fl md4 | md5 | sha1
1.1 jsing 2935: .Op Fl modulus
2936: .Op Fl nameopt Ar option
2937: .Op Fl new
2938: .Op Fl newhdr
2939: .Op Fl newkey Ar arg
2940: .Op Fl no-asn1-kludge
2941: .Op Fl nodes
2942: .Op Fl noout
2943: .Op Fl out Ar file
1.63 jmc 2944: .Op Fl outform Cm der | pem
1.1 jsing 2945: .Op Fl passin Ar arg
2946: .Op Fl passout Ar arg
2947: .Op Fl pubkey
2948: .Op Fl reqexts Ar section
2949: .Op Fl reqopt Ar option
2950: .Op Fl set_serial Ar n
2951: .Op Fl subj Ar arg
2952: .Op Fl subject
2953: .Op Fl text
2954: .Op Fl utf8
2955: .Op Fl verbose
2956: .Op Fl verify
2957: .Op Fl x509
2958: .nr nS 0
2959: .Pp
2960: The
2961: .Nm req
2962: command primarily creates and processes certificate requests
2963: in PKCS#10 format.
2964: It can additionally create self-signed certificates,
2965: for use as root CAs, for example.
2966: .Pp
2967: The options are as follows:
2968: .Bl -tag -width Ds
2969: .It Fl asn1-kludge
1.63 jmc 2970: Produce requests in an invalid format for certain picky CAs.
2971: Very few CAs still require the use of this option.
1.1 jsing 2972: .It Fl batch
2973: Non-interactive mode.
2974: .It Fl config Ar file
1.63 jmc 2975: Specify an alternative configuration file.
1.1 jsing 2976: .It Fl days Ar n
1.63 jmc 2977: Specify the number of days to certify the certificate for.
2978: The default is 30 days.
2979: Used with the
1.1 jsing 2980: .Fl x509
1.63 jmc 2981: option.
1.1 jsing 2982: .It Fl extensions Ar section , Fl reqexts Ar section
1.63 jmc 2983: Specify alternative sections to include certificate
2984: extensions (with
2985: .Fl x509 )
2986: or certificate request extensions,
2987: allowing several different sections to be used in the same configuration file.
1.1 jsing 2988: .It Fl in Ar file
1.63 jmc 2989: The input file to read a request from,
2990: or standard input if not specified.
1.1 jsing 2991: A request is only read if the creation options
2992: .Fl new
2993: and
2994: .Fl newkey
2995: are not specified.
1.63 jmc 2996: .It Fl inform Cm der | pem
2997: The input format.
1.1 jsing 2998: .It Fl key Ar keyfile
1.63 jmc 2999: The file to read the private key from.
1.1 jsing 3000: It also accepts PKCS#8 format private keys for PEM format files.
1.63 jmc 3001: .It Fl keyform Cm der | pem
1.1 jsing 3002: The format of the private key file specified in the
3003: .Fl key
3004: argument.
1.81 jmc 3005: The default is
3006: .Cm pem .
1.1 jsing 3007: .It Fl keyout Ar file
1.63 jmc 3008: The file to write the newly created private key to.
3009: If this option is not specified,
3010: the filename present in the configuration file is used.
1.4 sthen 3011: .It Fl md5 | sha1 | sha256
1.63 jmc 3012: The message digest to sign the request with.
1.1 jsing 3013: This overrides the digest algorithm specified in the configuration file.
3014: .Pp
3015: Some public key algorithms may override this choice.
3016: For instance, DSA signatures always use SHA1.
3017: .It Fl modulus
1.63 jmc 3018: Print the value of the modulus of the public key contained in the request.
1.1 jsing 3019: .It Fl nameopt Ar option , Fl reqopt Ar option
1.63 jmc 3020: Determine how the subject or issuer names are displayed.
1.1 jsing 3021: .Ar option
1.63 jmc 3022: can be a single option or multiple options separated by commas.
1.1 jsing 3023: Alternatively, these options may be used more than once to set multiple options.
3024: See the
3025: .Sx X509
3026: section below for details.
3027: .It Fl new
1.63 jmc 3028: Generate a new certificate request.
3029: The user is prompted for the relevant field values.
1.1 jsing 3030: The actual fields prompted for and their maximum and minimum sizes
3031: are specified in the configuration file and any requested extensions.
3032: .Pp
3033: If the
3034: .Fl key
3035: option is not used, it will generate a new RSA private
3036: key using information specified in the configuration file.
3037: .It Fl newhdr
1.63 jmc 3038: Add the word NEW to the PEM file header and footer lines
1.1 jsing 3039: on the outputed request.
1.63 jmc 3040: Some software and CAs need this.
1.1 jsing 3041: .It Fl newkey Ar arg
1.63 jmc 3042: Create a new certificate request and a new private key.
1.1 jsing 3043: The argument takes one of several forms.
1.63 jmc 3044: .Pp
3045: .No rsa : Ns Ar nbits
3046: generates an RSA key
1.1 jsing 3047: .Ar nbits
3048: in size.
3049: If
3050: .Ar nbits
1.63 jmc 3051: is omitted
3052: the default key size is used.
3053: .Pp
3054: .No dsa : Ns Ar file
3055: generates a DSA key using the parameters in
3056: .Ar file .
3057: .Pp
3058: .No param : Ns Ar file
3059: generates a key using the parameters or certificate in
3060: .Ar file .
3061: .Pp
3062: All other algorithms support the form
3063: .Ar algorithm : Ns Ar file ,
1.1 jsing 3064: where file may be an algorithm parameter file,
3065: created by the
3066: .Cm genpkey -genparam
1.14 jmc 3067: command or an X.509 certificate for a key with appropriate algorithm.
1.63 jmc 3068: .Ar file
3069: can be omitted,
3070: in which case any parameters can be specified via the
1.1 jsing 3071: .Fl pkeyopt
3072: option.
3073: .It Fl no-asn1-kludge
1.63 jmc 3074: Reverse the effect of
1.1 jsing 3075: .Fl asn1-kludge .
3076: .It Fl nodes
1.63 jmc 3077: Do not encrypt the private key.
1.1 jsing 3078: .It Fl noout
1.63 jmc 3079: Do not output the encoded version of the request.
1.1 jsing 3080: .It Fl out Ar file
1.63 jmc 3081: The output file to write to,
1.99 jmc 3082: or standard output if not specified.
1.63 jmc 3083: .It Fl outform Cm der | pem
3084: The output format.
1.1 jsing 3085: .It Fl passin Ar arg
3086: The key password source.
3087: .It Fl passout Ar arg
3088: The output file password source.
3089: .It Fl pubkey
1.63 jmc 3090: Output the public key.
1.1 jsing 3091: .It Fl reqopt Ar option
3092: Customise the output format used with
3093: .Fl text .
3094: The
3095: .Ar option
3096: argument can be a single option or multiple options separated by commas.
1.63 jmc 3097: See also the discussion of
1.1 jsing 3098: .Fl certopt
1.63 jmc 3099: in the
1.1 jsing 3100: .Nm x509
3101: command.
3102: .It Fl set_serial Ar n
3103: Serial number to use when outputting a self-signed certificate.
3104: This may be specified as a decimal value or a hex value if preceded by
3105: .Sq 0x .
3106: It is possible to use negative serial numbers but this is not recommended.
3107: .It Fl subj Ar arg
1.63 jmc 3108: Replaces the subject field of an input request
3109: with the specified data and output the modified request.
3110: .Ar arg
3111: must be formatted as /type0=value0/type1=value1/type2=...;
1.1 jsing 3112: characters may be escaped by
3113: .Sq \e
1.63 jmc 3114: (backslash);
1.1 jsing 3115: no spaces are skipped.
3116: .It Fl subject
1.63 jmc 3117: Print the request subject (or certificate subject if
1.1 jsing 3118: .Fl x509
1.63 jmc 3119: is specified).
1.1 jsing 3120: .It Fl text
1.64 jmc 3121: Print the certificate request in plain text.
1.1 jsing 3122: .It Fl utf8
1.63 jmc 3123: Interpret field values as UTF8 strings, not ASCII.
1.1 jsing 3124: .It Fl verbose
3125: Print extra details about the operations being performed.
3126: .It Fl verify
1.63 jmc 3127: Verify the signature on the request.
1.1 jsing 3128: .It Fl x509
1.63 jmc 3129: Output a self-signed certificate instead of a certificate request.
3130: This is typically used to generate a test certificate or a self-signed root CA.
3131: The extensions added to the certificate (if any)
1.1 jsing 3132: are specified in the configuration file.
3133: Unless specified using the
3134: .Fl set_serial
1.63 jmc 3135: option, 0 is used for the serial number.
1.1 jsing 3136: .El
1.63 jmc 3137: .Pp
1.1 jsing 3138: The configuration options are specified in the
1.63 jmc 3139: .Qq req
1.1 jsing 3140: section of the configuration file.
1.63 jmc 3141: The options available are as follows:
1.1 jsing 3142: .Bl -tag -width "XXXX"
1.63 jmc 3143: .It Cm attributes
3144: The section containing any request attributes: its format
1.1 jsing 3145: is the same as
1.63 jmc 3146: .Cm distinguished_name .
3147: Typically these may contain the challengePassword or unstructuredName types.
3148: They are currently ignored by the
3149: .Nm openssl
1.1 jsing 3150: request signing utilities, but some CAs might want them.
1.63 jmc 3151: .It Cm default_bits
3152: The default key size, in bits.
3153: The default is 2048.
1.1 jsing 3154: It is used if the
3155: .Fl new
1.63 jmc 3156: option is used and can be overridden by using the
1.1 jsing 3157: .Fl newkey
3158: option.
1.63 jmc 3159: .It Cm default_keyfile
3160: The default file to write a private key to,
3161: or standard output if not specified.
3162: It can be overridden by the
1.1 jsing 3163: .Fl keyout
3164: option.
1.63 jmc 3165: .It Cm default_md
3166: The digest algorithm to use.
1.1 jsing 3167: Possible values include
1.63 jmc 3168: .Cm md5 ,
3169: .Cm sha1
1.1 jsing 3170: and
1.63 jmc 3171: .Cm sha256
3172: (the default).
3173: It can be overridden on the command line.
3174: .It Cm distinguished_name
3175: The section containing the distinguished name fields to
1.1 jsing 3176: prompt for when generating a certificate or certificate request.
1.63 jmc 3177: The format is described below.
3178: .It Cm encrypt_key
3179: If set to
3180: .Qq no
3181: and a private key is generated, it is not encrypted.
3182: It is equivalent to the
1.1 jsing 3183: .Fl nodes
1.63 jmc 3184: option.
1.1 jsing 3185: For compatibility,
1.63 jmc 3186: .Cm encrypt_rsa_key
1.1 jsing 3187: is an equivalent option.
1.63 jmc 3188: .It Cm input_password | output_password
3189: The passwords for the input private key file (if present)
3190: and the output private key file (if one will be created).
1.1 jsing 3191: The command line options
3192: .Fl passin
3193: and
3194: .Fl passout
3195: override the configuration file values.
1.63 jmc 3196: .It Cm oid_file
3197: A file containing additional OBJECT IDENTIFIERS.
1.1 jsing 3198: Each line of the file should consist of the numerical form of the
3199: object identifier, followed by whitespace, then the short name followed
3200: by whitespace and finally the long name.
1.63 jmc 3201: .It Cm oid_section
3202: Specify a section in the configuration file containing extra
1.1 jsing 3203: object identifiers.
3204: Each line should consist of the short name of the
3205: object identifier followed by
3206: .Sq =
3207: and the numerical form.
3208: The short and long names are the same when this option is used.
1.63 jmc 3209: .It Cm prompt
3210: If set to
3211: .Qq no ,
3212: it disables prompting of certificate fields
1.1 jsing 3213: and just takes values from the config file directly.
3214: It also changes the expected format of the
1.63 jmc 3215: .Cm distinguished_name
1.1 jsing 3216: and
1.63 jmc 3217: .Cm attributes
1.1 jsing 3218: sections.
1.63 jmc 3219: .It Cm req_extensions
3220: The configuration file section containing a list of
1.1 jsing 3221: extensions to add to the certificate request.
3222: It can be overridden by the
3223: .Fl reqexts
1.63 jmc 3224: option.
3225: .It Cm string_mask
3226: Limit the string types for encoding certain fields.
1.1 jsing 3227: The following values may be used, limiting strings to the indicated types:
3228: .Bl -tag -width "MASK:number"
1.63 jmc 3229: .It Cm utf8only
3230: UTF8String.
1.1 jsing 3231: This is the default, as recommended by PKIX in RFC 2459.
1.63 jmc 3232: .It Cm default
3233: PrintableString, IA5String, T61String, BMPString, UTF8String.
3234: .It Cm pkix
3235: PrintableString, IA5String, BMPString, UTF8String.
3236: Inspired by the PKIX recommendation in RFC 2459 for certificates
3237: generated before 2004, but differs by also permitting IA5String.
3238: .It Cm nombstr
3239: PrintableString, IA5String, T61String, UniversalString.
3240: A workaround for some ancient software that had problems
3241: with the variable-sized BMPString and UTF8String types.
1.1 jsing 3242: .It Cm MASK : Ns Ar number
1.63 jmc 3243: An explicit bitmask of permitted types, where
1.1 jsing 3244: .Ar number
3245: is a C-style hex, decimal, or octal number that's a bit-wise OR of
3246: .Dv B_ASN1_*
3247: values from
3248: .In openssl/asn1.h .
3249: .El
1.63 jmc 3250: .It Cm utf8
3251: If set to
3252: .Qq yes ,
1.72 jmc 3253: field values are interpreted as UTF8 strings.
1.63 jmc 3254: .It Cm x509_extensions
3255: The configuration file section containing a list of
1.1 jsing 3256: extensions to add to a certificate generated when the
3257: .Fl x509
3258: switch is used.
3259: It can be overridden by the
3260: .Fl extensions
1.72 jmc 3261: command line switch.
1.1 jsing 3262: .El
1.63 jmc 3263: .Pp
1.1 jsing 3264: There are two separate formats for the distinguished name and attribute
3265: sections.
3266: If the
3267: .Fl prompt
3268: option is set to
1.63 jmc 3269: .Qq no ,
1.72 jmc 3270: then these sections just consist of field names and values.
3271: If the
1.1 jsing 3272: .Fl prompt
3273: option is absent or not set to
1.63 jmc 3274: .Qq no ,
1.72 jmc 3275: then the file contains field prompting information of the form:
1.1 jsing 3276: .Bd -unfilled -offset indent
3277: fieldName="prompt"
3278: fieldName_default="default field value"
3279: fieldName_min= 2
3280: fieldName_max= 4
3281: .Ed
3282: .Pp
3283: .Qq fieldName
3284: is the field name being used, for example
1.63 jmc 3285: .Cm commonName
3286: (or CN).
1.1 jsing 3287: The
3288: .Qq prompt
3289: string is used to ask the user to enter the relevant details.
3290: If the user enters nothing, the default value is used;
3291: if no default value is present, the field is omitted.
3292: A field can still be omitted if a default value is present,
3293: if the user just enters the
3294: .Sq \&.
3295: character.
3296: .Pp
3297: The number of characters entered must be between the
1.63 jmc 3298: fieldName_min and fieldName_max limits:
1.1 jsing 3299: there may be additional restrictions based on the field being used
3300: (for example
1.63 jmc 3301: .Cm countryName
1.1 jsing 3302: can only ever be two characters long and must fit in a
1.63 jmc 3303: .Cm PrintableString ) .
1.1 jsing 3304: .Pp
3305: Some fields (such as
1.63 jmc 3306: .Cm organizationName )
1.1 jsing 3307: can be used more than once in a DN.
3308: This presents a problem because configuration files will
3309: not recognize the same name occurring twice.
3310: To avoid this problem, if the
1.63 jmc 3311: .Cm fieldName
1.1 jsing 3312: contains some characters followed by a full stop, they will be ignored.
3313: So, for example, a second
1.63 jmc 3314: .Cm organizationName
1.1 jsing 3315: can be input by calling it
3316: .Qq 1.organizationName .
3317: .Pp
3318: The actual permitted field names are any object identifier short or
3319: long names.
3320: These are compiled into
1.63 jmc 3321: .Nm openssl
1.1 jsing 3322: and include the usual values such as
1.63 jmc 3323: .Cm commonName , countryName , localityName , organizationName ,
1.89 jmc 3324: .Cm organizationalUnitName , stateOrProvinceName .
1.1 jsing 3325: Additionally,
1.63 jmc 3326: .Cm emailAddress
1.1 jsing 3327: is included as well as
1.63 jmc 3328: .Cm name , surname , givenName , initials
1.1 jsing 3329: and
1.63 jmc 3330: .Cm dnQualifier .
1.1 jsing 3331: .Pp
3332: Additional object identifiers can be defined with the
1.63 jmc 3333: .Cm oid_file
1.1 jsing 3334: or
1.63 jmc 3335: .Cm oid_section
1.1 jsing 3336: options in the configuration file.
3337: Any additional fields will be treated as though they were a
1.63 jmc 3338: .Cm DirectoryString .
1.1 jsing 3339: .Sh RSA
3340: .nr nS 1
3341: .Nm "openssl rsa"
1.64 jmc 3342: .Op Fl aes128 | aes192 | aes256 | des | des3
1.1 jsing 3343: .Op Fl check
3344: .Op Fl in Ar file
1.64 jmc 3345: .Op Fl inform Cm der | net | pem
1.1 jsing 3346: .Op Fl modulus
3347: .Op Fl noout
3348: .Op Fl out Ar file
1.64 jmc 3349: .Op Fl outform Cm der | net | pem
1.1 jsing 3350: .Op Fl passin Ar arg
3351: .Op Fl passout Ar arg
3352: .Op Fl pubin
3353: .Op Fl pubout
3354: .Op Fl sgckey
3355: .Op Fl text
3356: .nr nS 0
3357: .Pp
3358: The
3359: .Nm rsa
3360: command processes RSA keys.
3361: They can be converted between various forms and their components printed out.
1.64 jmc 3362: .Nm rsa
3363: uses the traditional
1.1 jsing 3364: .Nm SSLeay
3365: compatible format for private key encryption:
3366: newer applications should use the more secure PKCS#8 format using the
3367: .Nm pkcs8
3368: utility.
3369: .Pp
3370: The options are as follows:
3371: .Bl -tag -width Ds
1.64 jmc 3372: .It Fl aes128 | aes192 | aes256 | des | des3
3373: Encrypt the private key with the AES, DES,
1.1 jsing 3374: or the triple DES ciphers, respectively, before outputting it.
3375: A pass phrase is prompted for.
3376: If none of these options are specified, the key is written in plain text.
3377: This means that using the
3378: .Nm rsa
3379: utility to read in an encrypted key with no encryption option can be used
3380: to remove the pass phrase from a key, or by setting the encryption options
3381: it can be used to add or change the pass phrase.
3382: These options can only be used with PEM format output files.
3383: .It Fl check
1.64 jmc 3384: Check the consistency of an RSA private key.
1.1 jsing 3385: .It Fl in Ar file
1.64 jmc 3386: The input file to read from,
3387: or standard input if not specified.
1.1 jsing 3388: If the key is encrypted, a pass phrase will be prompted for.
1.64 jmc 3389: .It Fl inform Cm der | net | pem
3390: The input format.
1.1 jsing 3391: .It Fl noout
1.64 jmc 3392: Do not output the encoded version of the key.
1.1 jsing 3393: .It Fl modulus
1.64 jmc 3394: Print the value of the modulus of the key.
1.1 jsing 3395: .It Fl out Ar file
1.64 jmc 3396: The output file to write to,
3397: or standard output if not specified.
3398: .It Fl outform Cm der | net | pem
3399: The output format.
1.1 jsing 3400: .It Fl passin Ar arg
3401: The key password source.
3402: .It Fl passout Ar arg
3403: The output file password source.
3404: .It Fl pubin
1.64 jmc 3405: Read in a public key,
3406: not a private key.
1.1 jsing 3407: .It Fl pubout
1.64 jmc 3408: Output a public key,
3409: not a private key.
3410: Automatically set if the input is a public key.
1.1 jsing 3411: .It Fl sgckey
1.64 jmc 3412: Use the modified NET algorithm used with some versions of Microsoft IIS
3413: and SGC keys.
1.1 jsing 3414: .It Fl text
1.64 jmc 3415: Print the public/private key components in plain text.
1.1 jsing 3416: .El
3417: .Sh RSAUTL
3418: .nr nS 1
3419: .Nm "openssl rsautl"
3420: .Op Fl asn1parse
3421: .Op Fl certin
3422: .Op Fl decrypt
3423: .Op Fl encrypt
3424: .Op Fl hexdump
3425: .Op Fl in Ar file
3426: .Op Fl inkey Ar file
1.65 jmc 3427: .Op Fl keyform Cm der | pem
1.100 tb 3428: .Op Fl oaep | pkcs | raw | x931
1.1 jsing 3429: .Op Fl out Ar file
1.100 tb 3430: .Op Fl passin Ar arg
1.1 jsing 3431: .Op Fl pubin
1.100 tb 3432: .Op Fl rev
1.1 jsing 3433: .Op Fl sign
3434: .Op Fl verify
3435: .nr nS 0
3436: .Pp
3437: The
3438: .Nm rsautl
3439: command can be used to sign, verify, encrypt and decrypt
3440: data using the RSA algorithm.
3441: .Pp
3442: The options are as follows:
3443: .Bl -tag -width Ds
3444: .It Fl asn1parse
3445: Asn1parse the output data; this is useful when combined with the
3446: .Fl verify
3447: option.
3448: .It Fl certin
3449: The input is a certificate containing an RSA public key.
3450: .It Fl decrypt
3451: Decrypt the input data using an RSA private key.
3452: .It Fl encrypt
3453: Encrypt the input data using an RSA public key.
3454: .It Fl hexdump
3455: Hex dump the output data.
3456: .It Fl in Ar file
1.65 jmc 3457: The input to read from,
3458: or standard input if not specified.
1.1 jsing 3459: .It Fl inkey Ar file
1.65 jmc 3460: The input key file; by default an RSA private key.
3461: .It Fl keyform Cm der | pem
1.85 tb 3462: The private key format.
1.65 jmc 3463: The default is
3464: .Cm pem .
1.100 tb 3465: .It Fl oaep | pkcs | raw | x931
1.1 jsing 3466: The padding to use:
1.100 tb 3467: PKCS#1 OAEP, PKCS#1 v1.5 (the default), no padding, or ANSI X9.31,
3468: respectively.
1.1 jsing 3469: For signatures, only
3470: .Fl pkcs
3471: and
3472: .Fl raw
3473: can be used.
3474: .It Fl out Ar file
1.65 jmc 3475: The output file to write to,
3476: or standard output if not specified.
1.100 tb 3477: .It Fl passin Ar arg
3478: The key password source.
1.1 jsing 3479: .It Fl pubin
3480: The input file is an RSA public key.
1.100 tb 3481: .It Fl rev
3482: Reverse the order of the input buffer.
1.1 jsing 3483: .It Fl sign
3484: Sign the input data and output the signed result.
3485: This requires an RSA private key.
3486: .It Fl verify
3487: Verify the input data and output the recovered data.
3488: .El
3489: .Sh S_CLIENT
3490: .nr nS 1
3491: .Nm "openssl s_client"
3492: .Op Fl 4 | 6
3493: .Op Fl bugs
3494: .Op Fl CAfile Ar file
3495: .Op Fl CApath Ar directory
3496: .Op Fl cert Ar file
3497: .Op Fl check_ss_sig
3498: .Op Fl cipher Ar cipherlist
1.66 jmc 3499: .Op Fl connect Ar host Ns Op : Ns Ar port
1.1 jsing 3500: .Op Fl crl_check
3501: .Op Fl crl_check_all
3502: .Op Fl crlf
3503: .Op Fl debug
3504: .Op Fl extended_crl
1.87 jmc 3505: .Op Fl groups
1.1 jsing 3506: .Op Fl ign_eof
3507: .Op Fl ignore_critical
3508: .Op Fl issuer_checks
3509: .Op Fl key Ar keyfile
3510: .Op Fl msg
3511: .Op Fl nbio
3512: .Op Fl nbio_test
3513: .Op Fl no_ticket
3514: .Op Fl no_tls1
1.6 guenther 3515: .Op Fl no_tls1_1
3516: .Op Fl no_tls1_2
1.1 jsing 3517: .Op Fl pause
3518: .Op Fl policy_check
3519: .Op Fl prexit
1.11 bluhm 3520: .Op Fl proxy Ar host : Ns Ar port
1.1 jsing 3521: .Op Fl psk Ar key
3522: .Op Fl psk_identity Ar identity
3523: .Op Fl quiet
3524: .Op Fl reconnect
1.5 jsing 3525: .Op Fl servername Ar name
1.1 jsing 3526: .Op Fl showcerts
3527: .Op Fl starttls Ar protocol
3528: .Op Fl state
3529: .Op Fl tls1
1.31 jmc 3530: .Op Fl tls1_1
3531: .Op Fl tls1_2
1.1 jsing 3532: .Op Fl tlsextdebug
3533: .Op Fl verify Ar depth
3534: .Op Fl x509_strict
1.19 landry 3535: .Op Fl xmpphost Ar host
1.1 jsing 3536: .nr nS 0
3537: .Pp
3538: The
3539: .Nm s_client
3540: command implements a generic SSL/TLS client which connects
3541: to a remote host using SSL/TLS.
1.66 jmc 3542: .Pp
3543: If a connection is established with an SSL server, any data received
3544: from the server is displayed and any key presses will be sent to the
3545: server.
3546: When used interactively (which means neither
3547: .Fl quiet
3548: nor
3549: .Fl ign_eof
3550: have been given), the session will be renegotiated if the line begins with an
3551: .Cm R ;
3552: if the line begins with a
3553: .Cm Q
3554: or if end of file is reached, the connection will be closed down.
1.1 jsing 3555: .Pp
3556: The options are as follows:
3557: .Bl -tag -width Ds
3558: .It Fl 4
1.66 jmc 3559: Attempt connections using IPv4 only.
1.1 jsing 3560: .It Fl 6
1.66 jmc 3561: Attempt connections using IPv6 only.
1.1 jsing 3562: .It Fl bugs
1.66 jmc 3563: Enable various workarounds for buggy implementations.
1.1 jsing 3564: .It Fl CAfile Ar file
3565: A
3566: .Ar file
3567: containing trusted certificates to use during server authentication
3568: and to use when attempting to build the client certificate chain.
3569: .It Fl CApath Ar directory
3570: The
3571: .Ar directory
3572: to use for server certificate verification.
3573: This directory must be in
3574: .Qq hash format ;
3575: see
3576: .Fl verify
3577: for more information.
3578: These are also used when building the client certificate chain.
3579: .It Fl cert Ar file
3580: The certificate to use, if one is requested by the server.
3581: The default is not to use a certificate.
3582: .It Xo
3583: .Fl check_ss_sig ,
3584: .Fl crl_check ,
3585: .Fl crl_check_all ,
3586: .Fl extended_crl ,
3587: .Fl ignore_critical ,
3588: .Fl issuer_checks ,
3589: .Fl policy_check ,
3590: .Fl x509_strict
3591: .Xc
3592: Set various certificate chain validation options.
3593: See the
1.66 jmc 3594: .Nm verify
1.1 jsing 3595: command for details.
3596: .It Fl cipher Ar cipherlist
1.66 jmc 3597: Modify the cipher list sent by the client.
1.1 jsing 3598: Although the server determines which cipher suite is used, it should take
3599: the first supported cipher in the list sent by the client.
3600: See the
1.66 jmc 3601: .Nm ciphers
3602: command for more information.
3603: .It Fl connect Ar host Ns Op : Ns Ar port
3604: The
1.1 jsing 3605: .Ar host
1.66 jmc 3606: and
1.1 jsing 3607: .Ar port
3608: to connect to.
3609: If not specified, an attempt is made to connect to the local host
3610: on port 4433.
3611: Alternatively, the host and port pair may be separated using a forward-slash
1.66 jmc 3612: character,
3613: which is useful for numeric IPv6 addresses.
1.1 jsing 3614: .It Fl crlf
1.66 jmc 3615: Translate a line feed from the terminal into CR+LF,
3616: as required by some servers.
1.1 jsing 3617: .It Fl debug
1.66 jmc 3618: Print extensive debugging information, including a hex dump of all traffic.
1.87 jmc 3619: .It Fl groups Ar ecgroups
3620: Specify a colon-separated list of permitted EC curve groups.
1.1 jsing 3621: .It Fl ign_eof
1.66 jmc 3622: Inhibit shutting down the connection when end of file is reached in the input.
1.1 jsing 3623: .It Fl key Ar keyfile
3624: The private key to use.
3625: If not specified, the certificate file will be used.
3626: .It Fl msg
3627: Show all protocol messages with hex dump.
3628: .It Fl nbio
1.66 jmc 3629: Turn on non-blocking I/O.
1.1 jsing 3630: .It Fl nbio_test
1.66 jmc 3631: Test non-blocking I/O.
1.31 jmc 3632: .It Fl no_tls1 | no_tls1_1 | no_tls1_2
1.66 jmc 3633: Disable the use of TLS1.0, 1.1, and 1.2, respectively.
1.1 jsing 3634: .It Fl no_ticket
3635: Disable RFC 4507 session ticket support.
3636: .It Fl pause
1.66 jmc 3637: Pause 1 second between each read and write call.
1.1 jsing 3638: .It Fl prexit
3639: Print session information when the program exits.
3640: This will always attempt
3641: to print out information even if the connection fails.
3642: Normally, information will only be printed out once if the connection succeeds.
3643: This option is useful because the cipher in use may be renegotiated
3644: or the connection may fail because a client certificate is required or is
3645: requested only after an attempt is made to access a certain URL.
1.66 jmc 3646: Note that the output produced by this option is not always accurate
3647: because a connection might never have been established.
1.11 bluhm 3648: .It Fl proxy Ar host : Ns Ar port
3649: Use the HTTP proxy at
3650: .Ar host
3651: and
3652: .Ar port .
3653: The connection to the proxy is done in cleartext and the
3654: .Fl connect
3655: argument is given to the proxy.
3656: If not specified, localhost is used as final destination.
3657: After that, switch the connection through the proxy to the destination
3658: to TLS.
1.1 jsing 3659: .It Fl psk Ar key
3660: Use the PSK key
3661: .Ar key
3662: when using a PSK cipher suite.
3663: The key is given as a hexadecimal number without the leading 0x,
3664: for example -psk 1a2b3c4d.
3665: .It Fl psk_identity Ar identity
1.66 jmc 3666: Use the PSK
1.1 jsing 3667: .Ar identity
3668: when using a PSK cipher suite.
3669: .It Fl quiet
3670: Inhibit printing of session and certificate information.
3671: This implicitly turns on
3672: .Fl ign_eof
3673: as well.
3674: .It Fl reconnect
1.66 jmc 3675: Reconnect to the same server 5 times using the same session ID; this can
1.1 jsing 3676: be used as a test that session caching is working.
1.5 jsing 3677: .It Fl servername Ar name
3678: Include the TLS Server Name Indication (SNI) extension in the ClientHello
3679: message, using the specified server
3680: .Ar name .
1.1 jsing 3681: .It Fl showcerts
3682: Display the whole server certificate chain: normally only the server
3683: certificate itself is displayed.
3684: .It Fl starttls Ar protocol
1.66 jmc 3685: Send the protocol-specific messages to switch to TLS for communication.
1.1 jsing 3686: .Ar protocol
3687: is a keyword for the intended protocol.
3688: Currently, the supported keywords are
3689: .Qq ftp ,
3690: .Qq imap ,
3691: .Qq smtp ,
3692: .Qq pop3 ,
3693: and
3694: .Qq xmpp .
3695: .It Fl state
1.66 jmc 3696: Print the SSL session states.
1.31 jmc 3697: .It Fl tls1 | tls1_1 | tls1_2
3698: Permit only TLS1.0, 1.1, or 1.2, respectively.
1.1 jsing 3699: .It Fl tlsextdebug
1.66 jmc 3700: Print a hex dump of any TLS extensions received from the server.
1.1 jsing 3701: .It Fl verify Ar depth
1.66 jmc 3702: Turn on server certificate verification,
3703: with a maximum length of
3704: .Ar depth .
1.1 jsing 3705: Currently the verify operation continues after errors so all the problems
3706: with a certificate chain can be seen.
3707: As a side effect the connection will never fail due to a server
3708: certificate verify failure.
1.19 landry 3709: .It Fl xmpphost Ar hostname
1.66 jmc 3710: When used with
1.19 landry 3711: .Fl starttls Ar xmpp ,
1.66 jmc 3712: specify the host for the "to" attribute of the stream element.
1.19 landry 3713: If this option is not specified then the host specified with
3714: .Fl connect
3715: will be used.
1.1 jsing 3716: .El
3717: .Sh S_SERVER
3718: .nr nS 1
3719: .Nm "openssl s_server"
3720: .Op Fl accept Ar port
3721: .Op Fl bugs
3722: .Op Fl CAfile Ar file
3723: .Op Fl CApath Ar directory
3724: .Op Fl cert Ar file
3725: .Op Fl cipher Ar cipherlist
3726: .Op Fl context Ar id
3727: .Op Fl crl_check
3728: .Op Fl crl_check_all
3729: .Op Fl crlf
3730: .Op Fl dcert Ar file
3731: .Op Fl debug
3732: .Op Fl dhparam Ar file
3733: .Op Fl dkey Ar file
3734: .Op Fl hack
3735: .Op Fl HTTP
3736: .Op Fl id_prefix Ar arg
3737: .Op Fl key Ar keyfile
3738: .Op Fl msg
3739: .Op Fl nbio
3740: .Op Fl nbio_test
3741: .Op Fl no_dhe
3742: .Op Fl no_tls1
1.6 guenther 3743: .Op Fl no_tls1_1
3744: .Op Fl no_tls1_2
1.1 jsing 3745: .Op Fl no_tmp_rsa
3746: .Op Fl nocert
3747: .Op Fl psk Ar key
3748: .Op Fl psk_hint Ar hint
3749: .Op Fl quiet
3750: .Op Fl serverpref
3751: .Op Fl state
3752: .Op Fl tls1
1.31 jmc 3753: .Op Fl tls1_1
3754: .Op Fl tls1_2
1.1 jsing 3755: .Op Fl Verify Ar depth
3756: .Op Fl verify Ar depth
3757: .Op Fl WWW
3758: .Op Fl www
3759: .nr nS 0
3760: .Pp
3761: The
3762: .Nm s_server
3763: command implements a generic SSL/TLS server which listens
3764: for connections on a given port using SSL/TLS.
3765: .Pp
1.67 jmc 3766: If a connection request is established with a client and neither the
3767: .Fl www
3768: nor the
3769: .Fl WWW
3770: option has been used, then any data received
3771: from the client is displayed and any key presses are sent to the client.
3772: Certain single letter commands perform special operations:
3773: .Pp
3774: .Bl -tag -width "XXXX" -compact
3775: .It Ic P
3776: Send plain text, which should cause the client to disconnect.
3777: .It Ic Q
3778: End the current SSL connection and exit.
3779: .It Ic q
3780: End the current SSL connection, but still accept new connections.
3781: .It Ic R
3782: Renegotiate the SSL session and request a client certificate.
3783: .It Ic r
3784: Renegotiate the SSL session.
3785: .It Ic S
3786: Print out some session cache status information.
3787: .El
3788: .Pp
1.1 jsing 3789: The options are as follows:
3790: .Bl -tag -width Ds
3791: .It Fl accept Ar port
1.67 jmc 3792: Listen on TCP
1.1 jsing 3793: .Ar port
1.67 jmc 3794: for connections.
3795: The default is port 4433.
1.1 jsing 3796: .It Fl bugs
1.67 jmc 3797: Enable various workarounds for buggy implementations.
1.1 jsing 3798: .It Fl CAfile Ar file
1.67 jmc 3799: A
3800: .Ar file
3801: containing trusted certificates to use during client authentication
1.1 jsing 3802: and to use when attempting to build the server certificate chain.
3803: The list is also used in the list of acceptable client CAs passed to the
3804: client when a certificate is requested.
3805: .It Fl CApath Ar directory
3806: The
3807: .Ar directory
3808: to use for client certificate verification.
3809: This directory must be in
3810: .Qq hash format ;
3811: see
3812: .Fl verify
3813: for more information.
3814: These are also used when building the server certificate chain.
3815: .It Fl cert Ar file
1.67 jmc 3816: The certificate to use: most server's cipher suites require the use of a
3817: certificate and some require a certificate with a certain public key type.
3818: For example, the DSS cipher suites require a certificate containing a DSS
3819: (DSA) key.
1.1 jsing 3820: If not specified, the file
3821: .Pa server.pem
3822: will be used.
3823: .It Fl cipher Ar cipherlist
1.67 jmc 3824: Modify the cipher list used by the server.
1.1 jsing 3825: This allows the cipher list used by the server to be modified.
3826: When the client sends a list of supported ciphers, the first client cipher
3827: also included in the server list is used.
3828: Because the client specifies the preference order, the order of the server
3829: cipherlist is irrelevant.
3830: See the
1.67 jmc 3831: .Nm ciphers
3832: command for more information.
1.1 jsing 3833: .It Fl context Ar id
1.67 jmc 3834: Set the SSL context ID.
1.1 jsing 3835: It can be given any string value.
3836: .It Fl crl_check , crl_check_all
3837: Check the peer certificate has not been revoked by its CA.
3838: The CRLs are appended to the certificate file.
3839: .Fl crl_check_all
1.67 jmc 3840: checks all CRLs of all CAs in the chain.
1.1 jsing 3841: .It Fl crlf
1.67 jmc 3842: Translate a line feed from the terminal into CR+LF.
1.1 jsing 3843: .It Fl dcert Ar file , Fl dkey Ar file
3844: Specify an additional certificate and private key; these behave in the
3845: same manner as the
3846: .Fl cert
3847: and
3848: .Fl key
3849: options except there is no default if they are not specified
1.67 jmc 3850: (no additional certificate or key is used).
1.1 jsing 3851: By using RSA and DSS certificates and keys,
3852: a server can support clients which only support RSA or DSS cipher suites
3853: by using an appropriate certificate.
3854: .It Fl debug
1.67 jmc 3855: Print extensive debugging information, including a hex dump of all traffic.
1.1 jsing 3856: .It Fl dhparam Ar file
3857: The DH parameter file to use.
3858: The ephemeral DH cipher suites generate keys
3859: using a set of DH parameters.
3860: If not specified, an attempt is made to
3861: load the parameters from the server certificate file.
3862: If this fails, a static set of parameters hard coded into the
3863: .Nm s_server
3864: program will be used.
3865: .It Fl hack
1.67 jmc 3866: Enables a further workaround for some early Netscape SSL code.
1.1 jsing 3867: .It Fl HTTP
1.67 jmc 3868: Emulate a simple web server.
3869: Pages are resolved relative to the current directory.
3870: For example if the URL
1.1 jsing 3871: .Pa https://myhost/page.html
3872: is requested, the file
3873: .Pa ./page.html
3874: will be loaded.
3875: The files loaded are assumed to contain a complete and correct HTTP
3876: response (lines that are part of the HTTP response line and headers
3877: must end with CRLF).
3878: .It Fl id_prefix Ar arg
3879: Generate SSL/TLS session IDs prefixed by
3880: .Ar arg .
3881: This is mostly useful for testing any SSL/TLS code
1.81 jmc 3882: that wish to deal with multiple servers,
3883: when each of which might be generating a unique range of session IDs.
1.1 jsing 3884: .It Fl key Ar keyfile
3885: The private key to use.
3886: If not specified, the certificate file will be used.
3887: .It Fl msg
3888: Show all protocol messages with hex dump.
3889: .It Fl nbio
1.67 jmc 3890: Turn on non-blocking I/O.
1.1 jsing 3891: .It Fl nbio_test
1.67 jmc 3892: Test non-blocking I/O.
1.1 jsing 3893: .It Fl no_dhe
1.67 jmc 3894: Disable ephemeral DH cipher suites.
1.31 jmc 3895: .It Fl no_tls1 | no_tls1_1 | no_tls1_2
1.67 jmc 3896: Disable the use of TLS1.0, 1.1, and 1.2, respectively.
1.1 jsing 3897: .It Fl no_tmp_rsa
1.67 jmc 3898: Disable temporary RSA key generation.
1.1 jsing 3899: .It Fl nocert
1.67 jmc 3900: Do not use a certificate.
1.1 jsing 3901: This restricts the cipher suites available to the anonymous ones
1.67 jmc 3902: (currently just anonymous DH).
1.1 jsing 3903: .It Fl psk Ar key
3904: Use the PSK key
3905: .Ar key
3906: when using a PSK cipher suite.
3907: The key is given as a hexadecimal number without the leading 0x,
3908: for example -psk 1a2b3c4d.
3909: .It Fl psk_hint Ar hint
3910: Use the PSK identity hint
3911: .Ar hint
3912: when using a PSK cipher suite.
3913: .It Fl quiet
3914: Inhibit printing of session and certificate information.
3915: .It Fl serverpref
3916: Use server's cipher preferences.
3917: .It Fl state
1.67 jmc 3918: Print the SSL session states.
1.31 jmc 3919: .It Fl tls1 | tls1_1 | tls1_2
3920: Permit only TLS1.0, 1.1, or 1.2, respectively.
1.1 jsing 3921: .It Fl WWW
1.67 jmc 3922: Emulate a simple web server.
3923: Pages are resolved relative to the current directory.
3924: For example if the URL
1.1 jsing 3925: .Pa https://myhost/page.html
3926: is requested, the file
3927: .Pa ./page.html
3928: will be loaded.
3929: .It Fl www
1.67 jmc 3930: Send a status message to the client when it connects,
3931: including information about the ciphers used and various session parameters.
1.1 jsing 3932: The output is in HTML format so this option will normally be used with a
3933: web browser.
3934: .It Fl Verify Ar depth , Fl verify Ar depth
1.67 jmc 3935: Request a certificate chain from the client,
3936: with a maximum length of
3937: .Ar depth .
3938: With
3939: .Fl Verify ,
3940: the client must supply a certificate or an error occurs;
3941: with
3942: .Fl verify ,
3943: a certificate is requested but the client does not have to send one.
1.1 jsing 3944: .El
3945: .Sh S_TIME
3946: .nr nS 1
3947: .Nm "openssl s_time"
3948: .Op Fl bugs
3949: .Op Fl CAfile Ar file
3950: .Op Fl CApath Ar directory
3951: .Op Fl cert Ar file
3952: .Op Fl cipher Ar cipherlist
1.68 jmc 3953: .Op Fl connect Ar host Ns Op : Ns Ar port
1.1 jsing 3954: .Op Fl key Ar keyfile
3955: .Op Fl nbio
3956: .Op Fl new
1.20 lteo 3957: .Op Fl no_shutdown
1.1 jsing 3958: .Op Fl reuse
3959: .Op Fl time Ar seconds
3960: .Op Fl verify Ar depth
3961: .Op Fl www Ar page
3962: .nr nS 0
3963: .Pp
3964: The
1.68 jmc 3965: .Nm s_time
1.1 jsing 3966: command implements a generic SSL/TLS client which connects to a
3967: remote host using SSL/TLS.
3968: It can request a page from the server and includes
3969: the time to transfer the payload data in its timing measurements.
3970: It measures the number of connections within a given timeframe,
3971: the amount of data transferred
3972: .Pq if any ,
3973: and calculates the average time spent for one connection.
3974: .Pp
3975: The options are as follows:
3976: .Bl -tag -width Ds
3977: .It Fl bugs
1.68 jmc 3978: Enable various workarounds for buggy implementations.
1.1 jsing 3979: .It Fl CAfile Ar file
1.68 jmc 3980: A
3981: .Ar file
3982: containing trusted certificates to use during server authentication
1.1 jsing 3983: and to use when attempting to build the client certificate chain.
3984: .It Fl CApath Ar directory
3985: The directory to use for server certificate verification.
3986: This directory must be in
3987: .Qq hash format ;
3988: see
3989: .Nm verify
3990: for more information.
3991: These are also used when building the client certificate chain.
3992: .It Fl cert Ar file
3993: The certificate to use, if one is requested by the server.
3994: The default is not to use a certificate.
3995: .It Fl cipher Ar cipherlist
1.68 jmc 3996: Modify the cipher list sent by the client.
1.1 jsing 3997: Although the server determines which cipher suite is used,
3998: it should take the first supported cipher in the list sent by the client.
3999: See the
4000: .Nm ciphers
4001: command for more information.
1.68 jmc 4002: .It Fl connect Ar host Ns Op : Ns Ar port
4003: The host and port to connect to.
1.1 jsing 4004: .It Fl key Ar keyfile
4005: The private key to use.
4006: If not specified, the certificate file will be used.
4007: .It Fl nbio
1.68 jmc 4008: Turn on non-blocking I/O.
1.1 jsing 4009: .It Fl new
1.68 jmc 4010: Perform the timing test using a new session ID for each connection.
1.1 jsing 4011: If neither
4012: .Fl new
4013: nor
4014: .Fl reuse
4015: are specified,
4016: they are both on by default and executed in sequence.
1.20 lteo 4017: .It Fl no_shutdown
1.21 jmc 4018: Shut down the connection without sending a
1.68 jmc 4019: .Qq close notify
1.20 lteo 4020: shutdown alert to the server.
1.1 jsing 4021: .It Fl reuse
1.68 jmc 4022: Perform the timing test using the same session ID for each connection.
1.1 jsing 4023: If neither
4024: .Fl new
4025: nor
4026: .Fl reuse
4027: are specified,
4028: they are both on by default and executed in sequence.
4029: .It Fl time Ar seconds
1.68 jmc 4030: Limit
1.1 jsing 4031: .Nm s_time
1.68 jmc 4032: benchmarks to the number of
4033: .Ar seconds .
1.1 jsing 4034: The default is 30 seconds.
4035: .It Fl verify Ar depth
1.68 jmc 4036: Turn on server certificate verification,
4037: with a maximum length of
4038: .Ar depth .
1.1 jsing 4039: Currently the verify operation continues after errors, so all the problems
4040: with a certificate chain can be seen.
4041: As a side effect,
4042: the connection will never fail due to a server certificate verify failure.
4043: .It Fl www Ar page
1.68 jmc 4044: The page to GET from the server.
1.1 jsing 4045: A value of
4046: .Sq /
4047: gets the index.htm[l] page.
4048: If this parameter is not specified,
4049: .Nm s_time
4050: will only perform the handshake to establish SSL connections
4051: but not transfer any payload data.
4052: .El
4053: .Sh SESS_ID
4054: .nr nS 1
4055: .Nm "openssl sess_id"
4056: .Op Fl cert
4057: .Op Fl context Ar ID
4058: .Op Fl in Ar file
1.69 jmc 4059: .Op Fl inform Cm der | pem
1.1 jsing 4060: .Op Fl noout
4061: .Op Fl out Ar file
1.69 jmc 4062: .Op Fl outform Cm der | pem
1.1 jsing 4063: .Op Fl text
4064: .nr nS 0
4065: .Pp
4066: The
4067: .Nm sess_id
4068: program processes the encoded version of the SSL session structure and
4069: optionally prints out SSL session details
1.69 jmc 4070: (for example the SSL session master key)
1.72 jmc 4071: in human-readable format.
1.1 jsing 4072: .Pp
4073: The options are as follows:
4074: .Bl -tag -width Ds
4075: .It Fl cert
4076: If a certificate is present in the session,
4077: it will be output using this option;
4078: if the
4079: .Fl text
4080: option is also present, then it will be printed out in text form.
4081: .It Fl context Ar ID
1.69 jmc 4082: Set the session
1.1 jsing 4083: .Ar ID .
1.69 jmc 4084: The ID can be any string of characters.
1.1 jsing 4085: .It Fl in Ar file
1.69 jmc 4086: The input file to read from,
4087: or standard input if not specified.
4088: .It Fl inform Cm der | pem
4089: The input format.
4090: .Cm der
1.84 jmc 4091: uses an ASN.1 DER-encoded format containing session details.
1.1 jsing 4092: The precise format can vary from one version to the next.
1.69 jmc 4093: .Cm pem
4094: is the default format: it consists of the DER
1.1 jsing 4095: format base64-encoded with additional header and footer lines.
4096: .It Fl noout
1.69 jmc 4097: Do not output the encoded version of the session.
1.1 jsing 4098: .It Fl out Ar file
1.69 jmc 4099: The output file to write to,
4100: or standard output if not specified.
4101: .It Fl outform Cm der | pem
4102: The output format.
1.1 jsing 4103: .It Fl text
1.69 jmc 4104: Print the various public or private key components in plain text,
4105: in addition to the encoded version.
1.1 jsing 4106: .El
4107: .Pp
1.69 jmc 4108: The output of
4109: .Nm sess_id
4110: is composed as follows:
1.1 jsing 4111: .Pp
1.69 jmc 4112: .Bl -tag -width "Verify return code " -offset 3n -compact
4113: .It Protocol
4114: The protocol in use.
4115: .It Cipher
4116: The actual raw SSL or TLS cipher code.
4117: .It Session-ID
4118: The SSL session ID, in hex format.
4119: .It Session-ID-ctx
4120: The session ID context, in hex format.
4121: .It Master-Key
4122: The SSL session master key.
4123: .It Key-Arg
1.1 jsing 4124: The key argument; this is only used in SSL v2.
1.69 jmc 4125: .It Start Time
4126: The session start time.
1.1 jsing 4127: .Ux
4128: format.
1.69 jmc 4129: .It Timeout
4130: The timeout, in seconds.
4131: .It Verify return code
4132: The return code when a certificate is verified.
1.1 jsing 4133: .El
4134: .Pp
4135: Since the SSL session output contains the master key, it is possible to read
4136: the contents of an encrypted session using this information.
4137: Therefore appropriate security precautions
4138: should be taken if the information is being output by a
4139: .Qq real
4140: application.
4141: This is, however, strongly discouraged and should only be used for
4142: debugging purposes.
4143: .Sh SMIME
4144: .nr nS 1
4145: .Nm "openssl smime"
4146: .Oo
4147: .Fl aes128 | aes192 | aes256 | des |
4148: .Fl des3 | rc2-40 | rc2-64 | rc2-128
4149: .Oc
4150: .Op Fl binary
4151: .Op Fl CAfile Ar file
4152: .Op Fl CApath Ar directory
4153: .Op Fl certfile Ar file
4154: .Op Fl check_ss_sig
4155: .Op Fl content Ar file
4156: .Op Fl crl_check
4157: .Op Fl crl_check_all
4158: .Op Fl decrypt
4159: .Op Fl encrypt
4160: .Op Fl extended_crl
4161: .Op Fl from Ar addr
4162: .Op Fl ignore_critical
4163: .Op Fl in Ar file
4164: .Op Fl indef
1.70 jmc 4165: .Op Fl inform Cm der | pem | smime
1.1 jsing 4166: .Op Fl inkey Ar file
4167: .Op Fl issuer_checks
1.70 jmc 4168: .Op Fl keyform Cm pem
1.1 jsing 4169: .Op Fl md Ar digest
4170: .Op Fl noattr
4171: .Op Fl nocerts
4172: .Op Fl nochain
4173: .Op Fl nodetach
4174: .Op Fl noindef
4175: .Op Fl nointern
4176: .Op Fl nosigs
4177: .Op Fl noverify
4178: .Op Fl out Ar file
1.70 jmc 4179: .Op Fl outform Cm der | pem | smime
1.1 jsing 4180: .Op Fl passin Ar arg
4181: .Op Fl pk7out
4182: .Op Fl policy_check
4183: .Op Fl recip Ar file
4184: .Op Fl resign
4185: .Op Fl sign
4186: .Op Fl signer Ar file
4187: .Op Fl stream
4188: .Op Fl subject Ar s
4189: .Op Fl text
4190: .Op Fl to Ar addr
4191: .Op Fl verify
4192: .Op Fl x509_strict
4193: .Op Ar cert.pem ...
4194: .nr nS 0
4195: .Pp
4196: The
4197: .Nm smime
1.70 jmc 4198: command handles S/MIME mail.
4199: It can encrypt, decrypt, sign, and verify S/MIME messages.
4200: .Pp
4201: The MIME message must be sent without any blank lines between the
4202: headers and the output.
4203: Some mail programs will automatically add a blank line.
4204: Piping the mail directly to an MTA is one way to
4205: achieve the correct format.
4206: .Pp
4207: The supplied message to be signed or encrypted must include the necessary
4208: MIME headers or many S/MIME clients won't display it properly (if at all).
4209: Use the
4210: .Fl text
4211: option to automatically add plain text headers.
1.1 jsing 4212: .Pp
1.70 jmc 4213: A
4214: .Qq signed and encrypted
4215: message is one where a signed message is then encrypted.
4216: This can be produced by encrypting an already signed message.
1.1 jsing 4217: .Pp
1.70 jmc 4218: There are a number of operations that can be performed, as follows:
1.1 jsing 4219: .Bl -tag -width "XXXX"
4220: .It Fl decrypt
4221: Decrypt mail using the supplied certificate and private key.
1.70 jmc 4222: The input file is an encrypted mail message in MIME format.
1.1 jsing 4223: The decrypted mail is written to the output file.
4224: .It Fl encrypt
4225: Encrypt mail for the given recipient certificates.
1.70 jmc 4226: The input is the message to be encrypted.
4227: The output file is the encrypted mail, in MIME format.
1.1 jsing 4228: .It Fl pk7out
1.70 jmc 4229: Take an input message and write out a PEM-encoded PKCS#7 structure.
1.1 jsing 4230: .It Fl resign
4231: Resign a message: take an existing message and one or more new signers.
4232: .It Fl sign
4233: Sign mail using the supplied certificate and private key.
1.70 jmc 4234: The input file is the message to be signed.
4235: The signed message, in MIME format, is written to the output file.
1.1 jsing 4236: .It Fl verify
4237: Verify signed mail.
1.70 jmc 4238: The input is a signed mail message and the output is the signed data.
1.1 jsing 4239: Both clear text and opaque signing is supported.
4240: .El
4241: .Pp
1.14 jmc 4242: The remaining options are as follows:
1.1 jsing 4243: .Bl -tag -width "XXXX"
4244: .It Xo
4245: .Fl aes128 | aes192 | aes256 | des |
4246: .Fl des3 | rc2-40 | rc2-64 | rc2-128
4247: .Xc
4248: The encryption algorithm to use.
1.70 jmc 4249: 128-, 192-, or 256-bit AES, DES (56 bits), triple DES (168 bits),
1.1 jsing 4250: or 40-, 64-, or 128-bit RC2, respectively;
4251: if not specified, 40-bit RC2 is
4252: used.
4253: Only used with
4254: .Fl encrypt .
4255: .It Fl binary
4256: Normally, the input message is converted to
4257: .Qq canonical
1.70 jmc 4258: format which uses CR/LF as end of line,
4259: as required by the S/MIME specification.
1.1 jsing 4260: When this option is present no translation occurs.
1.70 jmc 4261: This is useful when handling binary data which may not be in MIME format.
1.1 jsing 4262: .It Fl CAfile Ar file
4263: A
4264: .Ar file
4265: containing trusted CA certificates; only used with
4266: .Fl verify .
4267: .It Fl CApath Ar directory
4268: A
4269: .Ar directory
4270: containing trusted CA certificates; only used with
4271: .Fl verify .
4272: This directory must be a standard certificate directory:
4273: that is, a hash of each subject name (using
4274: .Nm x509 -hash )
4275: should be linked to each certificate.
4276: .It Ar cert.pem ...
4277: One or more certificates of message recipients: used when encrypting
4278: a message.
4279: .It Fl certfile Ar file
4280: Allows additional certificates to be specified.
4281: When signing, these will be included with the message.
4282: When verifying, these will be searched for the signers' certificates.
4283: The certificates should be in PEM format.
4284: .It Xo
4285: .Fl check_ss_sig ,
4286: .Fl crl_check ,
4287: .Fl crl_check_all ,
4288: .Fl extended_crl ,
4289: .Fl ignore_critical ,
4290: .Fl issuer_checks ,
4291: .Fl policy_check ,
4292: .Fl x509_strict
4293: .Xc
4294: Set various certificate chain validation options.
4295: See the
1.70 jmc 4296: .Nm verify
1.1 jsing 4297: command for details.
4298: .It Fl content Ar file
1.70 jmc 4299: A file containing the detached content.
1.1 jsing 4300: This is only useful with the
4301: .Fl verify
1.70 jmc 4302: option,
4303: and only usable if the PKCS#7 structure is using the detached
1.1 jsing 4304: signature form where the content is not included.
1.70 jmc 4305: This option will override any content if the input format is S/MIME
4306: and it uses the multipart/signed MIME content type.
1.1 jsing 4307: .It Xo
4308: .Fl from Ar addr ,
4309: .Fl subject Ar s ,
4310: .Fl to Ar addr
4311: .Xc
4312: The relevant mail headers.
4313: These are included outside the signed
4314: portion of a message so they may be included manually.
1.70 jmc 4315: When signing, many S/MIME
1.1 jsing 4316: mail clients check that the signer's certificate email
4317: address matches the From: address.
4318: .It Fl in Ar file
1.70 jmc 4319: The input file to read from.
1.1 jsing 4320: .It Fl indef
4321: Enable streaming I/O for encoding operations.
4322: This permits single pass processing of data without
4323: the need to hold the entire contents in memory,
4324: potentially supporting very large files.
4325: Streaming is automatically set for S/MIME signing with detached
4326: data if the output format is SMIME;
4327: it is currently off by default for all other operations.
1.70 jmc 4328: .It Fl inform Cm der | pem | smime
4329: The input format.
1.1 jsing 4330: .It Fl inkey Ar file
1.70 jmc 4331: The private key to use when signing or decrypting,
4332: which must match the corresponding certificate.
1.1 jsing 4333: If this option is not specified, the private key must be included
4334: in the certificate file specified with
4335: the
4336: .Fl recip
4337: or
4338: .Fl signer
4339: file.
4340: When signing,
4341: this option can be used multiple times to specify successive keys.
1.70 jmc 4342: .It Fl keyform Cm pem
1.1 jsing 4343: Input private key format.
4344: .It Fl md Ar digest
4345: The digest algorithm to use when signing or resigning.
4346: If not present then the default digest algorithm for the signing key is used
4347: (usually SHA1).
4348: .It Fl noattr
1.70 jmc 4349: Do not include attributes.
1.1 jsing 4350: .It Fl nocerts
1.70 jmc 4351: Do not include the signer's certificate.
1.1 jsing 4352: This will reduce the size of the signed message but the verifier must
4353: have a copy of the signer's certificate available locally (passed using the
4354: .Fl certfile
4355: option, for example).
4356: .It Fl nochain
4357: Do not do chain verification of signers' certificates: that is,
4358: don't use the certificates in the signed message as untrusted CAs.
4359: .It Fl nodetach
4360: When signing a message use opaque signing: this form is more resistant
4361: to translation by mail relays but it cannot be read by mail agents that
1.70 jmc 4362: do not support S/MIME.
4363: Without this option cleartext signing with the MIME type
4364: multipart/signed is used.
1.1 jsing 4365: .It Fl noindef
1.70 jmc 4366: Disable streaming I/O where it would produce an encoding of indefinite length
4367: (currently has no effect).
1.1 jsing 4368: .It Fl nointern
1.70 jmc 4369: Only use certificates specified in the
4370: .Fl certfile .
4371: The supplied certificates can still be used as untrusted CAs.
1.1 jsing 4372: .It Fl nosigs
1.70 jmc 4373: Do not try to verify the signatures on the message.
1.1 jsing 4374: .It Fl noverify
4375: Do not verify the signer's certificate of a signed message.
4376: .It Fl out Ar file
1.70 jmc 4377: The output file to write to.
4378: .It Fl outform Cm der | pem | smime
4379: The output format.
4380: The default is smime, which writes an S/MIME format message.
4381: .Cm pem
1.1 jsing 4382: and
1.70 jmc 4383: .Cm der
4384: change this to write PEM and DER format PKCS#7 structures instead.
1.1 jsing 4385: This currently only affects the output format of the PKCS#7
4386: structure; if no PKCS#7 structure is being output (for example with
4387: .Fl verify
4388: or
4389: .Fl decrypt )
4390: this option has no effect.
4391: .It Fl passin Ar arg
4392: The key password source.
4393: .It Fl recip Ar file
4394: The recipients certificate when decrypting a message.
4395: This certificate
4396: must match one of the recipients of the message or an error occurs.
4397: .It Fl signer Ar file
4398: A signing certificate when signing or resigning a message;
4399: this option can be used multiple times if more than one signer is required.
4400: If a message is being verified, the signer's certificates will be
4401: written to this file if the verification was successful.
4402: .It Fl stream
4403: The same as
4404: .Fl indef .
4405: .It Fl text
1.70 jmc 4406: Add plain text (text/plain) MIME
1.1 jsing 4407: headers to the supplied message if encrypting or signing.
4408: If decrypting or verifying, it strips off text headers:
1.70 jmc 4409: if the decrypted or verified message is not of MIME type text/plain
4410: then an error occurs.
1.1 jsing 4411: .El
4412: .Pp
1.70 jmc 4413: The exit codes for
4414: .Nm smime
4415: are as follows:
1.1 jsing 4416: .Pp
1.70 jmc 4417: .Bl -tag -width "XXXX" -offset 3n -compact
4418: .It 0
1.1 jsing 4419: The operation was completely successful.
1.70 jmc 4420: .It 1
1.1 jsing 4421: An error occurred parsing the command options.
1.70 jmc 4422: .It 2
1.1 jsing 4423: One of the input files could not be read.
1.70 jmc 4424: .It 3
4425: An error occurred creating the file or when reading the message.
4426: .It 4
1.1 jsing 4427: An error occurred decrypting or verifying the message.
1.70 jmc 4428: .It 5
4429: An error occurred writing certificates.
1.1 jsing 4430: .El
4431: .Sh SPEED
4432: .nr nS 1
4433: .Nm "openssl speed"
1.71 jmc 4434: .Op Ar algorithm
1.1 jsing 4435: .Op Fl decrypt
4436: .Op Fl elapsed
1.71 jmc 4437: .Op Fl evp Ar algorithm
1.1 jsing 4438: .Op Fl mr
4439: .Op Fl multi Ar number
4440: .nr nS 0
4441: .Pp
4442: The
4443: .Nm speed
4444: command is used to test the performance of cryptographic algorithms.
4445: .Bl -tag -width "XXXX"
1.71 jmc 4446: .It Ar algorithm
4447: Perform the test using
4448: .Ar algorithm .
4449: The default is to test all algorithms.
1.1 jsing 4450: .It Fl decrypt
1.71 jmc 4451: Time decryption instead of encryption;
4452: must be used with
4453: .Fl evp .
1.1 jsing 4454: .It Fl elapsed
4455: Measure time in real time instead of CPU user time.
1.71 jmc 4456: .It Fl evp Ar algorithm
4457: Perform the test using one of the algorithms accepted by
4458: .Xr EVP_get_cipherbyname 3 .
1.1 jsing 4459: .It Fl mr
4460: Produce machine readable output.
4461: .It Fl multi Ar number
4462: Run
4463: .Ar number
4464: benchmarks in parallel.
4465: .El
1.77 jmc 4466: .Sh SPKAC
4467: .nr nS 1
4468: .Nm "openssl spkac"
4469: .Op Fl challenge Ar string
4470: .Op Fl in Ar file
4471: .Op Fl key Ar keyfile
4472: .Op Fl noout
4473: .Op Fl out Ar file
4474: .Op Fl passin Ar arg
4475: .Op Fl pubkey
4476: .Op Fl spkac Ar spkacname
4477: .Op Fl spksect Ar section
4478: .Op Fl verify
4479: .nr nS 0
4480: .Pp
4481: The
4482: .Nm spkac
4483: command processes signed public key and challenge (SPKAC) files.
4484: It can print out their contents, verify the signature,
4485: and produce its own SPKACs from a supplied private key.
4486: .Pp
4487: The options are as follows:
4488: .Bl -tag -width Ds
4489: .It Fl challenge Ar string
4490: The challenge string, if an SPKAC is being created.
4491: .It Fl in Ar file
4492: The input file to read from,
4493: or standard input if not specified.
4494: Ignored if the
4495: .Fl key
4496: option is used.
4497: .It Fl key Ar keyfile
4498: Create an SPKAC file using the private key in
4499: .Ar keyfile .
4500: The
4501: .Fl in , noout , spksect ,
4502: and
4503: .Fl verify
4504: options are ignored, if present.
4505: .It Fl noout
4506: Do not output the text version of the SPKAC.
4507: .It Fl out Ar file
4508: The output file to write to,
4509: or standard output if not specified.
4510: .It Fl passin Ar arg
4511: The key password source.
4512: .It Fl pubkey
4513: Output the public key of an SPKAC.
4514: .It Fl spkac Ar spkacname
4515: An alternative name for the variable containing the SPKAC.
4516: The default is "SPKAC".
4517: This option affects both generated and input SPKAC files.
4518: .It Fl spksect Ar section
4519: An alternative name for the
4520: .Ar section
4521: containing the SPKAC.
4522: .It Fl verify
4523: Verify the digital signature on the supplied SPKAC.
4524: .El
1.1 jsing 4525: .Sh TS
4526: .nr nS 1
4527: .Nm "openssl ts"
4528: .Fl query
1.29 bcook 4529: .Op Fl md4 | md5 | ripemd160 | sha1
1.1 jsing 4530: .Op Fl cert
4531: .Op Fl config Ar configfile
4532: .Op Fl data Ar file_to_hash
4533: .Op Fl digest Ar digest_bytes
4534: .Op Fl in Ar request.tsq
4535: .Op Fl no_nonce
4536: .Op Fl out Ar request.tsq
4537: .Op Fl policy Ar object_id
4538: .Op Fl text
4539: .nr nS 0
4540: .Pp
4541: .nr nS 1
4542: .Nm "openssl ts"
4543: .Fl reply
4544: .Op Fl chain Ar certs_file.pem
4545: .Op Fl config Ar configfile
4546: .Op Fl in Ar response.tsr
4547: .Op Fl inkey Ar private.pem
4548: .Op Fl out Ar response.tsr
4549: .Op Fl passin Ar arg
4550: .Op Fl policy Ar object_id
4551: .Op Fl queryfile Ar request.tsq
4552: .Op Fl section Ar tsa_section
4553: .Op Fl signer Ar tsa_cert.pem
4554: .Op Fl text
4555: .Op Fl token_in
4556: .Op Fl token_out
4557: .nr nS 0
4558: .Pp
4559: .nr nS 1
4560: .Nm "openssl ts"
4561: .Fl verify
4562: .Op Fl CAfile Ar trusted_certs.pem
4563: .Op Fl CApath Ar trusted_cert_path
4564: .Op Fl data Ar file_to_hash
4565: .Op Fl digest Ar digest_bytes
4566: .Op Fl in Ar response.tsr
4567: .Op Fl queryfile Ar request.tsq
4568: .Op Fl token_in
4569: .Op Fl untrusted Ar cert_file.pem
4570: .nr nS 0
4571: .Pp
4572: The
4573: .Nm ts
4574: command is a basic Time Stamping Authority (TSA) client and server
4575: application as specified in RFC 3161 (Time-Stamp Protocol, TSP).
4576: A TSA can be part of a PKI deployment and its role is to provide long
1.72 jmc 4577: term proof of the existence of specific data.
1.1 jsing 4578: Here is a brief description of the protocol:
4579: .Bl -enum
4580: .It
4581: The TSA client computes a one-way hash value for a data file and sends
4582: the hash to the TSA.
4583: .It
4584: The TSA attaches the current date and time to the received hash value,
4585: signs them and sends the time stamp token back to the client.
4586: By creating this token the TSA certifies the existence of the original
4587: data file at the time of response generation.
4588: .It
4589: The TSA client receives the time stamp token and verifies the
4590: signature on it.
4591: It also checks if the token contains the same hash
4592: value that it had sent to the TSA.
4593: .El
4594: .Pp
4595: There is one DER-encoded protocol data unit defined for transporting a time
4596: stamp request to the TSA and one for sending the time stamp response
4597: back to the client.
4598: The
4599: .Nm ts
4600: command has three main functions:
4601: creating a time stamp request based on a data file;
4602: creating a time stamp response based on a request;
4603: and verifying if a response corresponds
4604: to a particular request or a data file.
4605: .Pp
4606: There is no support for sending the requests/responses automatically
4607: over HTTP or TCP yet as suggested in RFC 3161.
4608: Users must send the requests either by FTP or email.
4609: .Pp
4610: The
4611: .Fl query
4612: switch can be used for creating and printing a time stamp
4613: request with the following options:
4614: .Bl -tag -width Ds
4615: .It Fl cert
1.72 jmc 4616: Expect the TSA to include its signing certificate in the response.
1.1 jsing 4617: .It Fl config Ar configfile
1.72 jmc 4618: Specify an alternative configuration file.
4619: Only the OID section is used.
1.1 jsing 4620: .It Fl data Ar file_to_hash
4621: The data file for which the time stamp request needs to be created.
1.72 jmc 4622: The default is standard input.
1.1 jsing 4623: .It Fl digest Ar digest_bytes
1.72 jmc 4624: Specify the message imprint explicitly without the data file.
1.1 jsing 4625: The imprint must be specified in a hexadecimal format,
4626: two characters per byte,
1.72 jmc 4627: the bytes optionally separated by colons.
1.1 jsing 4628: The number of bytes must match the message digest algorithm in use.
4629: .It Fl in Ar request.tsq
1.72 jmc 4630: A previously created time stamp request in DER
1.1 jsing 4631: format that will be printed into the output file.
1.72 jmc 4632: Useful for examining the content of a request in human-readable format.
1.76 jmc 4633: .It Fl md4 | md5 | ripemd160 | sha | sha1
1.1 jsing 4634: The message digest to apply to the data file.
4635: It supports all the message digest algorithms that are supported by the
4636: .Nm dgst
4637: command.
4638: The default is SHA-1.
4639: .It Fl no_nonce
1.72 jmc 4640: Specify no nonce in the request.
4641: The default, to include a 64-bit long pseudo-random nonce,
4642: is recommended to protect against replay attacks.
1.1 jsing 4643: .It Fl out Ar request.tsq
1.72 jmc 4644: The output file to write to,
4645: or standard output if not specified.
1.1 jsing 4646: .It Fl policy Ar object_id
4647: The policy that the client expects the TSA to use for creating the
4648: time stamp token.
1.72 jmc 4649: Either dotted OID notation or OID names defined
1.1 jsing 4650: in the config file can be used.
1.72 jmc 4651: If no policy is requested the TSA uses its own default policy.
1.1 jsing 4652: .It Fl text
1.72 jmc 4653: Output in human-readable text format instead of DER.
1.1 jsing 4654: .El
4655: .Pp
4656: A time stamp response (TimeStampResp) consists of a response status
4657: and the time stamp token itself (ContentInfo),
4658: if the token generation was successful.
4659: The
4660: .Fl reply
4661: command is for creating a time stamp
4662: response or time stamp token based on a request and printing the
4663: response/token in human-readable format.
4664: If
4665: .Fl token_out
4666: is not specified the output is always a time stamp response (TimeStampResp),
4667: otherwise it is a time stamp token (ContentInfo).
4668: .Bl -tag -width Ds
4669: .It Fl chain Ar certs_file.pem
1.72 jmc 4670: The collection of PEM certificates
1.1 jsing 4671: that will be included in the response
4672: in addition to the signer certificate if the
4673: .Fl cert
4674: option was used for the request.
4675: This file is supposed to contain the certificate chain
4676: for the signer certificate from its issuer upwards.
4677: The
4678: .Fl reply
4679: command does not build a certificate chain automatically.
4680: .It Fl config Ar configfile
1.72 jmc 4681: Specify an alternative configuration file.
1.1 jsing 4682: .It Fl in Ar response.tsr
1.72 jmc 4683: Specify a previously created time stamp response (or time stamp token, if
1.1 jsing 4684: .Fl token_in
1.72 jmc 4685: is also specified)
1.1 jsing 4686: in DER format that will be written to the output file.
4687: This option does not require a request;
4688: it is useful, for example,
1.72 jmc 4689: to examine the content of a response or token
4690: or to extract the time stamp token from a response.
1.1 jsing 4691: If the input is a token and the output is a time stamp response a default
1.72 jmc 4692: .Qq granted
1.1 jsing 4693: status info is added to the token.
4694: .It Fl inkey Ar private.pem
4695: The signer private key of the TSA in PEM format.
4696: Overrides the
4697: .Cm signer_key
4698: config file option.
4699: .It Fl out Ar response.tsr
4700: The response is written to this file.
4701: The format and content of the file depends on other options (see
4702: .Fl text
4703: and
4704: .Fl token_out ) .
4705: The default is stdout.
4706: .It Fl passin Ar arg
4707: The key password source.
4708: .It Fl policy Ar object_id
1.72 jmc 4709: The default policy to use for the response.
4710: Either dotted OID notation or OID names defined
4711: in the config file can be used.
4712: If no policy is requested the TSA uses its own default policy.
1.1 jsing 4713: .It Fl queryfile Ar request.tsq
1.72 jmc 4714: The file containing a DER-encoded time stamp request.
1.1 jsing 4715: .It Fl section Ar tsa_section
1.72 jmc 4716: The config file section containing the settings for response generation.
1.1 jsing 4717: .It Fl signer Ar tsa_cert.pem
1.72 jmc 4718: The PEM signer certificate of the TSA.
1.1 jsing 4719: The TSA signing certificate must have exactly one extended key usage
4720: assigned to it: timeStamping.
4721: The extended key usage must also be critical,
4722: otherwise the certificate is going to be refused.
4723: Overrides the
4724: .Cm signer_cert
4725: variable of the config file.
4726: .It Fl text
1.72 jmc 4727: Output in human-readable text format instead of DER.
1.1 jsing 4728: .It Fl token_in
1.72 jmc 4729: The input is a DER-encoded time stamp token (ContentInfo)
4730: instead of a time stamp response (TimeStampResp).
1.1 jsing 4731: .It Fl token_out
1.72 jmc 4732: The output is a time stamp token (ContentInfo)
4733: instead of a time stamp response (TimeStampResp).
1.1 jsing 4734: .El
4735: .Pp
4736: The
4737: .Fl verify
4738: command is for verifying if a time stamp response or time stamp token
4739: is valid and matches a particular time stamp request or data file.
4740: The
4741: .Fl verify
4742: command does not use the configuration file.
4743: .Bl -tag -width Ds
4744: .It Fl CAfile Ar trusted_certs.pem
1.72 jmc 4745: The file containing a set of trusted self-signed PEM CA certificates.
4746: See
1.1 jsing 4747: .Nm verify
4748: for additional details.
4749: Either this option or
4750: .Fl CApath
4751: must be specified.
4752: .It Fl CApath Ar trusted_cert_path
1.72 jmc 4753: The directory containing the trused CA certificates of the client.
4754: See
1.1 jsing 4755: .Nm verify
4756: for additional details.
4757: Either this option or
4758: .Fl CAfile
4759: must be specified.
4760: .It Fl data Ar file_to_hash
4761: The response or token must be verified against
4762: .Ar file_to_hash .
4763: The file is hashed with the message digest algorithm specified in the token.
4764: The
4765: .Fl digest
4766: and
4767: .Fl queryfile
4768: options must not be specified with this one.
4769: .It Fl digest Ar digest_bytes
4770: The response or token must be verified against the message digest specified
4771: with this option.
4772: The number of bytes must match the message digest algorithm
4773: specified in the token.
4774: The
4775: .Fl data
4776: and
4777: .Fl queryfile
4778: options must not be specified with this one.
4779: .It Fl in Ar response.tsr
4780: The time stamp response that needs to be verified, in DER format.
4781: This option in mandatory.
4782: .It Fl queryfile Ar request.tsq
4783: The original time stamp request, in DER format.
4784: The
4785: .Fl data
4786: and
4787: .Fl digest
4788: options must not be specified with this one.
4789: .It Fl token_in
1.72 jmc 4790: The input is a DER-encoded time stamp token (ContentInfo)
4791: instead of a time stamp response (TimeStampResp).
1.1 jsing 4792: .It Fl untrusted Ar cert_file.pem
1.72 jmc 4793: Additional untrusted PEM certificates which may be needed
4794: when building the certificate chain for the TSA's signing certificate.
1.1 jsing 4795: This file must contain the TSA signing certificate and
4796: all intermediate CA certificates unless the response includes them.
4797: .El
4798: .Pp
1.72 jmc 4799: Options specified on the command line always override
4800: the settings in the config file:
1.1 jsing 4801: .Bl -tag -width Ds
4802: .It Cm tsa Ar section , Cm default_tsa
4803: This is the main section and it specifies the name of another section
4804: that contains all the options for the
4805: .Fl reply
4806: option.
1.72 jmc 4807: This section can be overridden with the
1.1 jsing 4808: .Fl section
4809: command line switch.
4810: .It Cm oid_file
4811: See
4812: .Nm ca
4813: for a description.
4814: .It Cm oid_section
4815: See
4816: .Nm ca
4817: for a description.
4818: .It Cm serial
1.72 jmc 4819: The file containing the hexadecimal serial number of the
1.1 jsing 4820: last time stamp response created.
4821: This number is incremented by 1 for each response.
1.72 jmc 4822: If the file does not exist at the time of response generation
4823: a new file is created with serial number 1.
1.1 jsing 4824: This parameter is mandatory.
4825: .It Cm signer_cert
4826: TSA signing certificate, in PEM format.
4827: The same as the
4828: .Fl signer
4829: command line option.
4830: .It Cm certs
1.72 jmc 4831: A set of PEM-encoded certificates that need to be
1.1 jsing 4832: included in the response.
4833: The same as the
4834: .Fl chain
4835: command line option.
4836: .It Cm signer_key
4837: The private key of the TSA, in PEM format.
4838: The same as the
4839: .Fl inkey
4840: command line option.
4841: .It Cm default_policy
4842: The default policy to use when the request does not mandate any policy.
4843: The same as the
4844: .Fl policy
4845: command line option.
4846: .It Cm other_policies
4847: Comma separated list of policies that are also acceptable by the TSA
4848: and used only if the request explicitly specifies one of them.
4849: .It Cm digests
4850: The list of message digest algorithms that the TSA accepts.
4851: At least one algorithm must be specified.
4852: This parameter is mandatory.
4853: .It Cm accuracy
4854: The accuracy of the time source of the TSA in seconds, milliseconds
4855: and microseconds.
4856: For example, secs:1, millisecs:500, microsecs:100.
4857: If any of the components is missing,
4858: zero is assumed for that field.
4859: .It Cm clock_precision_digits
1.72 jmc 4860: The maximum number of digits, which represent the fraction of seconds,
4861: that need to be included in the time field.
1.1 jsing 4862: The trailing zeroes must be removed from the time,
1.72 jmc 4863: so there might actually be fewer digits
1.1 jsing 4864: or no fraction of seconds at all.
4865: The maximum value is 6;
4866: the default is 0.
4867: .It Cm ordering
4868: If this option is yes,
4869: the responses generated by this TSA can always be ordered,
4870: even if the time difference between two responses is less
4871: than the sum of their accuracies.
4872: The default is no.
4873: .It Cm tsa_name
4874: Set this option to yes if the subject name of the TSA must be included in
4875: the TSA name field of the response.
4876: The default is no.
4877: .It Cm ess_cert_id_chain
4878: The SignedData objects created by the TSA always contain the
4879: certificate identifier of the signing certificate in a signed
4880: attribute (see RFC 2634, Enhanced Security Services).
4881: If this option is set to yes and either the
4882: .Cm certs
4883: variable or the
4884: .Fl chain
4885: option is specified then the certificate identifiers of the chain will also
4886: be included in the SigningCertificate signed attribute.
4887: If this variable is set to no,
4888: only the signing certificate identifier is included.
4889: The default is no.
4890: .El
4891: .Sh VERIFY
4892: .nr nS 1
4893: .Nm "openssl verify"
4894: .Op Fl CAfile Ar file
4895: .Op Fl CApath Ar directory
4896: .Op Fl check_ss_sig
4897: .Op Fl crl_check
4898: .Op Fl crl_check_all
4899: .Op Fl explicit_policy
4900: .Op Fl extended_crl
4901: .Op Fl help
4902: .Op Fl ignore_critical
4903: .Op Fl inhibit_any
4904: .Op Fl inhibit_map
4905: .Op Fl issuer_checks
4906: .Op Fl policy_check
4907: .Op Fl purpose Ar purpose
4908: .Op Fl untrusted Ar file
4909: .Op Fl verbose
4910: .Op Fl x509_strict
4911: .Op Ar certificates
4912: .nr nS 0
4913: .Pp
4914: The
4915: .Nm verify
4916: command verifies certificate chains.
4917: .Pp
4918: The options are as follows:
4919: .Bl -tag -width Ds
4920: .It Fl check_ss_sig
4921: Verify the signature on the self-signed root CA.
4922: This is disabled by default
4923: because it doesn't add any security.
4924: .It Fl CAfile Ar file
4925: A
4926: .Ar file
4927: of trusted certificates.
4928: The
4929: .Ar file
4930: should contain multiple certificates in PEM format, concatenated together.
4931: .It Fl CApath Ar directory
4932: A
4933: .Ar directory
4934: of trusted certificates.
1.76 jmc 4935: The certificates, or symbolic links to them,
4936: should have names of the form
4937: .Ar hash Ns .0 ,
4938: where
4939: .Ar hash
4940: is the hashed certificate subject name
4941: (see the
1.1 jsing 4942: .Fl hash
4943: option of the
4944: .Nm x509
4945: utility).
4946: .It Fl crl_check
1.76 jmc 4947: Check end entity certificate validity by attempting to look up a valid CRL.
1.1 jsing 4948: If a valid CRL cannot be found an error occurs.
4949: .It Fl crl_check_all
1.76 jmc 4950: Check the validity of all certificates in the chain by attempting
1.1 jsing 4951: to look up valid CRLs.
4952: .It Fl explicit_policy
1.76 jmc 4953: Set policy variable require-explicit-policy (RFC 3280).
1.1 jsing 4954: .It Fl extended_crl
4955: Enable extended CRL features such as indirect CRLs and alternate CRL
4956: signing keys.
4957: .It Fl help
1.76 jmc 4958: Print a usage message.
1.1 jsing 4959: .It Fl ignore_critical
1.76 jmc 4960: Ignore critical extensions instead of rejecting the certificate.
1.1 jsing 4961: .It Fl inhibit_any
1.76 jmc 4962: Set policy variable inhibit-any-policy (RFC 3280).
1.1 jsing 4963: .It Fl inhibit_map
1.76 jmc 4964: Set policy variable inhibit-policy-mapping (RFC 3280).
1.1 jsing 4965: .It Fl issuer_checks
1.76 jmc 4966: Print diagnostics relating to searches for the issuer certificate
4967: of the current certificate
4968: showing why each candidate issuer certificate was rejected.
4969: The presence of rejection messages
4970: does not itself imply that anything is wrong:
4971: during the normal verify process several rejections may take place.
1.1 jsing 4972: .It Fl policy_check
1.76 jmc 4973: Enable certificate policy processing.
1.1 jsing 4974: .It Fl purpose Ar purpose
4975: The intended use for the certificate.
4976: Without this option no chain verification will be done.
4977: Currently accepted uses are
1.76 jmc 4978: .Cm sslclient , sslserver ,
4979: .Cm nssslserver , smimesign ,
4980: .Cm smimeencrypt , crlsign ,
4981: .Cm any ,
1.1 jsing 4982: and
1.76 jmc 4983: .Cm ocsphelper .
1.1 jsing 4984: .It Fl untrusted Ar file
4985: A
4986: .Ar file
4987: of untrusted certificates.
4988: The
4989: .Ar file
4990: should contain multiple certificates.
4991: .It Fl verbose
4992: Print extra information about the operations being performed.
4993: .It Fl x509_strict
4994: Disable workarounds for broken certificates which have to be disabled
4995: for strict X.509 compliance.
4996: .It Ar certificates
1.76 jmc 4997: One or more PEM
1.1 jsing 4998: .Ar certificates
4999: to verify.
5000: If no certificate files are included, an attempt is made to read
5001: a certificate from standard input.
1.76 jmc 5002: If the first certificate filename begins with a dash,
5003: use a lone dash to mark the last option.
1.1 jsing 5004: .El
1.76 jmc 5005: .Pp
1.1 jsing 5006: The
5007: .Nm verify
5008: program uses the same functions as the internal SSL and S/MIME verification,
1.76 jmc 5009: with one crucial difference:
5010: wherever possible an attempt is made to continue after an error,
5011: whereas normally the verify operation would halt on the first error.
1.1 jsing 5012: This allows all the problems with a certificate chain to be determined.
5013: .Pp
1.76 jmc 5014: The verify operation consists of a number of separate steps.
1.1 jsing 5015: Firstly a certificate chain is built up starting from the supplied certificate
5016: and ending in the root CA.
5017: It is an error if the whole chain cannot be built up.
5018: The chain is built up by looking up the issuer's certificate of the current
5019: certificate.
5020: If a certificate is found which is its own issuer, it is assumed
5021: to be the root CA.
5022: .Pp
1.76 jmc 5023: All certificates whose subject name matches the issuer name
1.1 jsing 5024: of the current certificate are subject to further tests.
5025: The relevant authority key identifier components of the current certificate
1.76 jmc 5026: (if present) must match the subject key identifier (if present)
5027: and issuer and serial number of the candidate issuer;
5028: in addition the
5029: .Cm keyUsage
5030: extension of the candidate issuer (if present) must permit certificate signing.
1.1 jsing 5031: .Pp
5032: The lookup first looks in the list of untrusted certificates and if no match
5033: is found the remaining lookups are from the trusted certificates.
1.76 jmc 5034: The root CA is always looked up in the trusted certificate list:
5035: if the certificate to verify is a root certificate,
5036: then an exact match must be found in the trusted list.
1.1 jsing 5037: .Pp
5038: The second operation is to check every untrusted certificate's extensions for
5039: consistency with the supplied purpose.
5040: If the
5041: .Fl purpose
5042: option is not included, then no checks are done.
5043: The supplied or
5044: .Qq leaf
5045: certificate must have extensions compatible with the supplied purpose
5046: and all other certificates must also be valid CA certificates.
5047: The precise extensions required are described in more detail in
5048: the
1.76 jmc 5049: .Nm X509
1.1 jsing 5050: section below.
5051: .Pp
5052: The third operation is to check the trust settings on the root CA.
5053: The root CA should be trusted for the supplied purpose.
1.76 jmc 5054: A certificate with no trust settings is considered to be valid for
1.1 jsing 5055: all purposes.
5056: .Pp
5057: The final operation is to check the validity of the certificate chain.
5058: The validity period is checked against the current system time and the
1.76 jmc 5059: .Cm notBefore
1.1 jsing 5060: and
1.76 jmc 5061: .Cm notAfter
1.1 jsing 5062: dates in the certificate.
5063: The certificate signatures are also checked at this point.
5064: .Pp
5065: If all operations complete successfully, the certificate is considered
5066: valid.
5067: If any operation fails then the certificate is not valid.
5068: When a verify operation fails, the output messages can be somewhat cryptic.
5069: The general form of the error message is:
1.76 jmc 5070: .Bd -literal
5071: server.pem: /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test CA (1024-bit)
5072: error 24 at 1 depth lookup:invalid CA certificate
1.1 jsing 5073: .Ed
5074: .Pp
5075: The first line contains the name of the certificate being verified, followed by
5076: the subject name of the certificate.
5077: The second line contains the error number and the depth.
5078: The depth is the number of the certificate being verified when a
5079: problem was detected starting with zero for the certificate being verified
5080: itself, then 1 for the CA that signed the certificate and so on.
5081: Finally a text version of the error number is presented.
5082: .Pp
5083: An exhaustive list of the error codes and messages is shown below; this also
5084: includes the name of the error code as defined in the header file
1.12 bentley 5085: .In openssl/x509_vfy.h .
1.76 jmc 5086: Some of the error codes are defined but never returned: these are described as
1.1 jsing 5087: .Qq unused .
5088: .Bl -tag -width "XXXX"
1.78 jmc 5089: .It 0 X509_V_OK
1.1 jsing 5090: The operation was successful.
1.78 jmc 5091: .It 2 X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT
5092: The issuer certificate of an untrusted certificate could not be found.
5093: .It 3 X509_V_ERR_UNABLE_TO_GET_CRL
1.1 jsing 5094: The CRL of a certificate could not be found.
1.78 jmc 5095: .It 4 X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE
1.1 jsing 5096: The certificate signature could not be decrypted.
1.78 jmc 5097: This means that the actual signature value could not be determined
5098: rather than it not matching the expected value.
1.1 jsing 5099: This is only meaningful for RSA keys.
1.78 jmc 5100: .It 5 X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE
5101: The CRL signature could not be decrypted.
5102: This means that the actual signature value could not be determined
5103: rather than it not matching the expected value.
1.1 jsing 5104: Unused.
1.78 jmc 5105: .It 6 X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY
1.1 jsing 5106: The public key in the certificate
1.76 jmc 5107: .Cm SubjectPublicKeyInfo
1.1 jsing 5108: could not be read.
1.78 jmc 5109: .It 7 X509_V_ERR_CERT_SIGNATURE_FAILURE
1.1 jsing 5110: The signature of the certificate is invalid.
1.78 jmc 5111: .It 8 X509_V_ERR_CRL_SIGNATURE_FAILURE
1.1 jsing 5112: The signature of the certificate is invalid.
1.78 jmc 5113: .It 9 X509_V_ERR_CERT_NOT_YET_VALID
1.1 jsing 5114: The certificate is not yet valid: the
1.76 jmc 5115: .Cm notBefore
1.1 jsing 5116: date is after the current time.
1.78 jmc 5117: .It 10 X509_V_ERR_CERT_HAS_EXPIRED
1.1 jsing 5118: The certificate has expired; that is, the
1.76 jmc 5119: .Cm notAfter
1.1 jsing 5120: date is before the current time.
1.78 jmc 5121: .It 11 X509_V_ERR_CRL_NOT_YET_VALID
1.1 jsing 5122: The CRL is not yet valid.
1.78 jmc 5123: .It 12 X509_V_ERR_CRL_HAS_EXPIRED
1.1 jsing 5124: The CRL has expired.
1.78 jmc 5125: .It 13 X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD
1.1 jsing 5126: The certificate
1.76 jmc 5127: .Cm notBefore
1.1 jsing 5128: field contains an invalid time.
1.78 jmc 5129: .It 14 X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD
1.1 jsing 5130: The certificate
1.76 jmc 5131: .Cm notAfter
1.1 jsing 5132: field contains an invalid time.
1.78 jmc 5133: .It 15 X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD
1.1 jsing 5134: The CRL
1.76 jmc 5135: .Cm lastUpdate
1.1 jsing 5136: field contains an invalid time.
1.78 jmc 5137: .It 16 X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD
1.1 jsing 5138: The CRL
1.76 jmc 5139: .Cm nextUpdate
1.1 jsing 5140: field contains an invalid time.
1.78 jmc 5141: .It 17 X509_V_ERR_OUT_OF_MEM
1.1 jsing 5142: An error occurred trying to allocate memory.
5143: This should never happen.
1.78 jmc 5144: .It 18 X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT
1.1 jsing 5145: The passed certificate is self-signed and the same certificate cannot be
5146: found in the list of trusted certificates.
1.78 jmc 5147: .It 19 X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN
1.1 jsing 5148: The certificate chain could be built up using the untrusted certificates but
5149: the root could not be found locally.
1.78 jmc 5150: .It 20 X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY
1.1 jsing 5151: The issuer certificate of a locally looked up certificate could not be found.
5152: This normally means the list of trusted certificates is not complete.
1.78 jmc 5153: .It 21 X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE
1.1 jsing 5154: No signatures could be verified because the chain contains only one
5155: certificate and it is not self-signed.
1.78 jmc 5156: .It 22 X509_V_ERR_CERT_CHAIN_TOO_LONG
1.1 jsing 5157: The certificate chain length is greater than the supplied maximum depth.
5158: Unused.
1.78 jmc 5159: .It 23 X509_V_ERR_CERT_REVOKED
1.1 jsing 5160: The certificate has been revoked.
1.78 jmc 5161: .It 24 X509_V_ERR_INVALID_CA
1.1 jsing 5162: A CA certificate is invalid.
5163: Either it is not a CA or its extensions are not consistent
5164: with the supplied purpose.
1.78 jmc 5165: .It 25 X509_V_ERR_PATH_LENGTH_EXCEEDED
1.1 jsing 5166: The
1.76 jmc 5167: .Cm basicConstraints
1.1 jsing 5168: pathlength parameter has been exceeded.
1.78 jmc 5169: .It 26 X509_V_ERR_INVALID_PURPOSE
1.1 jsing 5170: The supplied certificate cannot be used for the specified purpose.
1.78 jmc 5171: .It 27 X509_V_ERR_CERT_UNTRUSTED
1.1 jsing 5172: The root CA is not marked as trusted for the specified purpose.
1.78 jmc 5173: .It 28 X509_V_ERR_CERT_REJECTED
1.1 jsing 5174: The root CA is marked to reject the specified purpose.
1.78 jmc 5175: .It 29 X509_V_ERR_SUBJECT_ISSUER_MISMATCH
1.1 jsing 5176: The current candidate issuer certificate was rejected because its subject name
5177: did not match the issuer name of the current certificate.
5178: Only displayed when the
5179: .Fl issuer_checks
5180: option is set.
1.78 jmc 5181: .It 30 X509_V_ERR_AKID_SKID_MISMATCH
1.1 jsing 5182: The current candidate issuer certificate was rejected because its subject key
5183: identifier was present and did not match the authority key identifier current
5184: certificate.
5185: Only displayed when the
5186: .Fl issuer_checks
5187: option is set.
1.78 jmc 5188: .It 31 X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH
1.1 jsing 5189: The current candidate issuer certificate was rejected because its issuer name
5190: and serial number were present and did not match the authority key identifier
5191: of the current certificate.
5192: Only displayed when the
5193: .Fl issuer_checks
5194: option is set.
1.78 jmc 5195: .It 32 X509_V_ERR_KEYUSAGE_NO_CERTSIGN
1.1 jsing 5196: The current candidate issuer certificate was rejected because its
1.76 jmc 5197: .Cm keyUsage
1.1 jsing 5198: extension does not permit certificate signing.
1.78 jmc 5199: .It 50 X509_V_ERR_APPLICATION_VERIFICATION
1.1 jsing 5200: An application specific error.
5201: Unused.
5202: .El
5203: .Sh VERSION
5204: .Nm openssl version
5205: .Op Fl abdfopv
5206: .Pp
5207: The
5208: .Nm version
5209: command is used to print out version information about
1.79 jmc 5210: .Nm openssl .
1.1 jsing 5211: .Pp
5212: The options are as follows:
5213: .Bl -tag -width Ds
5214: .It Fl a
5215: All information: this is the same as setting all the other flags.
5216: .It Fl b
5217: The date the current version of
1.79 jmc 5218: .Nm openssl
1.1 jsing 5219: was built.
5220: .It Fl d
5221: .Ev OPENSSLDIR
5222: setting.
5223: .It Fl f
5224: Compilation flags.
5225: .It Fl o
5226: Option information: various options set when the library was built.
5227: .It Fl p
5228: Platform setting.
5229: .It Fl v
5230: The current
1.79 jmc 5231: .Nm openssl
1.1 jsing 5232: version.
5233: .El
5234: .Sh X509
5235: .nr nS 1
5236: .Nm "openssl x509"
5237: .Op Fl C
5238: .Op Fl addreject Ar arg
5239: .Op Fl addtrust Ar arg
5240: .Op Fl alias
5241: .Op Fl CA Ar file
5242: .Op Fl CAcreateserial
1.80 jmc 5243: .Op Fl CAform Cm der | pem
1.1 jsing 5244: .Op Fl CAkey Ar file
1.80 jmc 5245: .Op Fl CAkeyform Cm der | pem
1.1 jsing 5246: .Op Fl CAserial Ar file
5247: .Op Fl certopt Ar option
5248: .Op Fl checkend Ar arg
5249: .Op Fl clrext
5250: .Op Fl clrreject
5251: .Op Fl clrtrust
5252: .Op Fl dates
5253: .Op Fl days Ar arg
5254: .Op Fl email
5255: .Op Fl enddate
5256: .Op Fl extensions Ar section
5257: .Op Fl extfile Ar file
5258: .Op Fl fingerprint
5259: .Op Fl hash
5260: .Op Fl in Ar file
1.80 jmc 5261: .Op Fl inform Cm der | net | pem
1.1 jsing 5262: .Op Fl issuer
5263: .Op Fl issuer_hash
5264: .Op Fl issuer_hash_old
1.80 jmc 5265: .Op Fl keyform Cm der | pem
1.29 bcook 5266: .Op Fl md5 | sha1
1.1 jsing 5267: .Op Fl modulus
5268: .Op Fl nameopt Ar option
5269: .Op Fl noout
5270: .Op Fl ocsp_uri
5271: .Op Fl ocspid
5272: .Op Fl out Ar file
1.80 jmc 5273: .Op Fl outform Cm der | net | pem
1.1 jsing 5274: .Op Fl passin Ar arg
5275: .Op Fl pubkey
5276: .Op Fl purpose
5277: .Op Fl req
5278: .Op Fl serial
5279: .Op Fl set_serial Ar n
5280: .Op Fl setalias Ar arg
5281: .Op Fl signkey Ar file
5282: .Op Fl startdate
5283: .Op Fl subject
5284: .Op Fl subject_hash
5285: .Op Fl subject_hash_old
5286: .Op Fl text
5287: .Op Fl trustout
5288: .Op Fl x509toreq
5289: .nr nS 0
5290: .Pp
5291: The
5292: .Nm x509
5293: command is a multi-purpose certificate utility.
5294: It can be used to display certificate information, convert certificates to
5295: various forms, sign certificate requests like a
5296: .Qq mini CA ,
5297: or edit certificate trust settings.
5298: .Pp
1.80 jmc 5299: The following are x509 input, output, and general purpose options:
1.1 jsing 5300: .Bl -tag -width "XXXX"
5301: .It Fl in Ar file
1.80 jmc 5302: The input file to read from,
5303: or standard input if not specified.
5304: .It Fl inform Cm der | net | pem
5305: The input format.
1.1 jsing 5306: Normally, the command will expect an X.509 certificate,
5307: but this can change if other options such as
5308: .Fl req
5309: are present.
1.29 bcook 5310: .It Fl md5 | sha1
1.1 jsing 5311: The digest to use.
5312: This affects any signing or display option that uses a message digest,
5313: such as the
5314: .Fl fingerprint , signkey ,
5315: and
5316: .Fl CA
5317: options.
5318: If not specified, MD5 is used.
1.80 jmc 5319: SHA1 is always used with DSA keys.
1.1 jsing 5320: .It Fl out Ar file
1.80 jmc 5321: The output file to write to,
5322: or standard output if none is specified.
5323: .It Fl outform Cm der | net | pem
5324: The output format.
1.1 jsing 5325: .It Fl passin Ar arg
5326: The key password source.
5327: .El
1.80 jmc 5328: .Pp
5329: The following are x509 display options:
1.1 jsing 5330: .Bl -tag -width "XXXX"
5331: .It Fl C
1.80 jmc 5332: Output the certificate in the form of a C source file.
1.1 jsing 5333: .It Fl certopt Ar option
5334: Customise the output format used with
1.80 jmc 5335: .Fl text ,
5336: either using a list of comma-separated options or by specifying
1.1 jsing 5337: .Fl certopt
1.80 jmc 5338: multiple times.
5339: The default behaviour is to print all fields.
5340: The options are as follows:
5341: .Pp
5342: .Bl -tag -width "no_extensions" -offset indent -compact
5343: .It Cm ca_default
5344: Equivalent to
5345: .Cm no_issuer , no_pubkey , no_header ,
5346: .Cm no_version , no_sigdump ,
5347: and
5348: .Cm no_signame .
5349: .It Cm compatible
5350: Equivalent to no output options at all.
5351: .It Cm ext_default
5352: Print unsupported certificate extensions.
5353: .It Cm ext_dump
5354: Hex dump unsupported extensions.
5355: .It Cm ext_error
5356: Print an error message for unsupported certificate extensions.
5357: .It Cm ext_parse
1.84 jmc 5358: ASN.1 parse unsupported extensions.
1.80 jmc 5359: .It Cm no_aux
5360: Do not print certificate trust information.
5361: .It Cm no_extensions
5362: Do not print X509V3 extensions.
5363: .It Cm no_header
5364: Do not print header (Certificate and Data) information.
5365: .It Cm no_issuer
5366: Do not print the issuer name.
5367: .It Cm no_pubkey
5368: Do not print the public key.
5369: .It Cm no_serial
5370: Do not print the serial number.
5371: .It Cm no_sigdump
5372: Do not give a hexadecimal dump of the certificate signature.
5373: .It Cm no_signame
5374: Do not print the signature algorithm used.
5375: .It Cm no_subject
5376: Do not print the subject name.
5377: .It Cm no_validity
5378: Do not print the
5379: .Cm notBefore
5380: and
5381: .Cm notAfter
5382: (validity) fields.
5383: .It Cm no_version
5384: Do not print the version number.
5385: .El
1.1 jsing 5386: .It Fl dates
1.80 jmc 5387: Print the start and expiry date of a certificate.
1.1 jsing 5388: .It Fl email
1.80 jmc 5389: Output the email addresses, if any.
1.1 jsing 5390: .It Fl enddate
1.80 jmc 5391: Print the expiry date of the certificate; that is, the
5392: .Cm notAfter
1.1 jsing 5393: date.
5394: .It Fl fingerprint
1.80 jmc 5395: Print the digest of the DER-encoded version of the whole certificate.
1.1 jsing 5396: .It Fl hash
5397: A synonym for
1.80 jmc 5398: .Fl subject_hash .
1.1 jsing 5399: .It Fl issuer
1.80 jmc 5400: Print the issuer name.
1.1 jsing 5401: .It Fl issuer_hash
1.80 jmc 5402: Print the hash of the certificate issuer name.
1.1 jsing 5403: .It Fl issuer_hash_old
1.80 jmc 5404: Print the hash of the certificate issuer name
5405: using the older algorithm as used by
5406: .Nm openssl
1.1 jsing 5407: versions before 1.0.0.
5408: .It Fl modulus
1.80 jmc 5409: Print the value of the modulus of the public key contained in the certificate.
1.1 jsing 5410: .It Fl nameopt Ar option
1.80 jmc 5411: Customise how the subject or issuer names are displayed,
5412: either using a list of comma-separated options or by specifying
1.1 jsing 5413: .Fl nameopt
1.80 jmc 5414: multiple times.
5415: The default behaviour is to use the
5416: .Cm oneline
5417: format.
5418: The options,
5419: which can be preceded by a dash to turn them off,
5420: are as follows:
5421: .Bl -tag -width "XXXX"
5422: .It Cm align
5423: Align field values for a more readable output.
5424: Only usable with
5425: .Ar sep_multiline .
5426: .It Cm compat
5427: Use the old format,
5428: equivalent to specifying no options at all.
5429: .It Cm dn_rev
5430: Reverse the fields of the DN, as required by RFC 2253.
5431: As a side effect, this also reverses the order of multiple AVAs.
5432: .It Cm dump_all
5433: Dump all fields.
5434: When used with
5435: .Ar dump_der ,
5436: it allows the DER encoding of the structure to be unambiguously determined.
5437: .It Cm dump_der
5438: Any fields that need to be hexdumped are
5439: dumped using the DER encoding of the field.
5440: Otherwise just the content octets will be displayed.
5441: Both options use the RFC 2253 #XXXX... format.
5442: .It Cm dump_nostr
5443: Dump non-character string types
5444: (for example OCTET STRING);
5445: usually, non-character string types are displayed
5446: as though each content octet represents a single character.
5447: .It Cm dump_unknown
5448: Dump any field whose OID is not recognised by
5449: .Nm openssl .
5450: .It Cm esc_2253
5451: Escape the
5452: .Qq special
5453: characters required by RFC 2253 in a field that is
5454: .Dq \& ,+"<>; .
5455: Additionally,
5456: .Sq #
5457: is escaped at the beginning of a string
5458: and a space character at the beginning or end of a string.
5459: .It Cm esc_ctrl
5460: Escape control characters.
5461: That is, those with ASCII values less than 0x20 (space)
5462: and the delete (0x7f) character.
5463: They are escaped using the RFC 2253 \eXX notation (where XX are two hex
5464: digits representing the character value).
5465: .It Cm esc_msb
5466: Escape characters with the MSB set; that is, with ASCII values larger than
5467: 127.
5468: .It Cm multiline
5469: A multiline format.
5470: Equivalent to
5471: .Cm esc_ctrl , esc_msb , sep_multiline ,
5472: .Cm space_eq , lname ,
5473: and
5474: .Cm align .
5475: .It Cm no_type
5476: Do not attempt to interpret multibyte characters.
5477: That is, content octets are merely dumped as though one octet
5478: represents each character.
5479: This is useful for diagnostic purposes
5480: but results in rather odd looking output.
5481: .It Cm nofname , sname , lname , oid
5482: Alter how the field name is displayed:
5483: .Cm nofname
5484: does not display the field at all;
5485: .Cm sname
5486: uses the short name form (CN for
5487: .Cm commonName ,
5488: for example);
5489: .Cm lname
5490: uses the long form.
5491: .Cm oid
5492: represents the OID in numerical form and is useful for diagnostic purpose.
5493: .It Cm oneline
5494: A one line format which is more readable than
5495: .Cm RFC2253 .
5496: Equivalent to
5497: .Cm esc_2253 , esc_ctrl , esc_msb , utf8 ,
5498: .Cm dump_nostr , dump_der , use_quote , sep_comma_plus_spc ,
5499: .Cm space_eq ,
5500: and
5501: .Cm sname .
5502: .It Cm RFC2253
5503: Displays names compatible with RFC 2253.
5504: Equivalent to
5505: .Cm esc_2253 , esc_ctrl ,
5506: .Cm esc_msb , utf8 , dump_nostr , dump_unknown ,
5507: .Cm dump_der , sep_comma_plus , dn_rev ,
5508: and
5509: .Cm sname .
5510: .It Cm sep_comma_plus , sep_comma_plus_space , sep_semi_plus_space , sep_multiline
5511: Determine the field separators:
5512: the first character is between RDNs and the second between multiple AVAs
5513: (multiple AVAs are very rare and their use is discouraged).
5514: The options ending in
5515: .Qq space
5516: additionally place a space after the separator to make it more readable.
5517: .Cm sep_multiline
5518: uses a linefeed character for the RDN separator and a spaced
5519: .Sq +
5520: for the AVA separator,
5521: as well as indenting the fields by four characters.
5522: .It Cm show_type
1.84 jmc 5523: Show the type of the ASN.1 character string.
1.80 jmc 5524: The type precedes the field contents.
5525: For example
5526: .Qq BMPSTRING: Hello World .
5527: .It Cm space_eq
5528: Place spaces round the
5529: .Sq =
5530: character which follows the field name.
5531: .It Cm use_quote
5532: Escape some characters by surrounding the whole string with
5533: .Sq \&"
5534: characters.
5535: Without the option, all escaping is done with the
5536: .Sq \e
5537: character.
5538: .It Cm utf8
5539: Convert all strings to UTF8 format first, as required by RFC 2253.
5540: On a UTF8 compatible terminal,
5541: the use of this option (and not setting
5542: .Cm esc_msb )
5543: may result in the correct display of multibyte characters.
5544: Usually, multibyte characters larger than 0xff
5545: are represented using the format \eUXXXX for 16 bits and \eWXXXXXXXX
5546: for 32 bits,
5547: and any UTF8Strings are converted to their character form first.
5548: .El
1.1 jsing 5549: .It Fl noout
1.80 jmc 5550: Do not output the encoded version of the request.
1.1 jsing 5551: .It Fl ocsp_uri
1.80 jmc 5552: Print the OCSP responder addresses, if any.
1.1 jsing 5553: .It Fl ocspid
5554: Print OCSP hash values for the subject name and public key.
5555: .It Fl pubkey
1.80 jmc 5556: Print the public key.
1.1 jsing 5557: .It Fl serial
1.80 jmc 5558: Print the certificate serial number.
1.1 jsing 5559: .It Fl startdate
1.80 jmc 5560: Print the start date of the certificate; that is, the
5561: .Cm notBefore
1.1 jsing 5562: date.
5563: .It Fl subject
1.80 jmc 5564: Print the subject name.
1.1 jsing 5565: .It Fl subject_hash
1.80 jmc 5566: Print the hash of the certificate subject name.
1.1 jsing 5567: This is used in
1.80 jmc 5568: .Nm openssl
1.1 jsing 5569: to form an index to allow certificates in a directory to be looked up
5570: by subject name.
5571: .It Fl subject_hash_old
1.80 jmc 5572: Print the hash of the certificate subject name
5573: using the older algorithm as used by
5574: .Nm openssl
1.1 jsing 5575: versions before 1.0.0.
5576: .It Fl text
1.80 jmc 5577: Print the full certificate in text form.
1.1 jsing 5578: .El
5579: .Pp
1.80 jmc 5580: A trusted certificate is a certificate which has several
1.1 jsing 5581: additional pieces of information attached to it such as the permitted
1.80 jmc 5582: and prohibited uses of the certificate and an alias.
5583: When a certificate is being verified at least one certificate must be trusted.
5584: By default, a trusted certificate must be stored locally and be a root CA.
5585: The following are x509 trust settings options:
1.1 jsing 5586: .Bl -tag -width "XXXX"
5587: .It Fl addreject Ar arg
1.80 jmc 5588: Add a prohibited use.
5589: Accepts the same values as the
1.1 jsing 5590: .Fl addtrust
5591: option.
5592: .It Fl addtrust Ar arg
1.80 jmc 5593: Add a trusted certificate use.
1.1 jsing 5594: Any object name can be used here, but currently only
1.80 jmc 5595: .Cm clientAuth
5596: (SSL client use),
5597: .Cm serverAuth
5598: (SSL server use),
5599: and
5600: .Cm emailProtection
5601: (S/MIME email) are used.
1.1 jsing 5602: .It Fl alias
1.80 jmc 5603: Output the certificate alias.
1.1 jsing 5604: .It Fl clrreject
1.80 jmc 5605: Clear all the prohibited or rejected uses of the certificate.
1.1 jsing 5606: .It Fl clrtrust
1.80 jmc 5607: Clear all the permitted or trusted uses of the certificate.
1.1 jsing 5608: .It Fl purpose
1.80 jmc 5609: Perform tests on the certificate extensions.
5610: The same code is used when verifying untrusted certificates in chains,
5611: so this section is useful if a chain is rejected by the verify code.
5612: .Pp
5613: The
5614: .Cm basicConstraints
5615: extension CA flag is used to determine whether the
5616: certificate can be used as a CA.
5617: If the CA flag is true, it is a CA;
5618: if the CA flag is false, it is not a CA.
5619: All CAs should have the CA flag set to true.
5620: .Pp
5621: If the
5622: .Cm basicConstraints
5623: extension is absent, then the certificate is
5624: considered to be a possible CA;
5625: other extensions are checked according to the intended use of the certificate.
5626: A warning is given in this case because the certificate should really not
5627: be regarded as a CA.
5628: However it is allowed to be a CA to work around some broken software.
5629: .Pp
5630: If the certificate is a V1 certificate
5631: (and thus has no extensions) and it is self-signed,
5632: it is also assumed to be a CA but a warning is again given.
5633: This is to work around the problem of Verisign roots
5634: which are V1 self-signed certificates.
5635: .Pp
5636: If the
5637: .Cm keyUsage
5638: extension is present, then additional restraints are
5639: made on the uses of the certificate.
5640: A CA certificate must have the
5641: .Cm keyCertSign
5642: bit set if the
5643: .Cm keyUsage
5644: extension is present.
5645: .Pp
5646: The extended key usage extension places additional restrictions on the
5647: certificate uses.
5648: If this extension is present, whether critical or not,
5649: the key can only be used for the purposes specified.
5650: .Pp
5651: A complete description of each test is given below.
5652: The comments about
5653: .Cm basicConstraints
5654: and
5655: .Cm keyUsage
5656: and V1 certificates above apply to all CA certificates.
5657: .Bl -tag -width "XXXX"
5658: .It SSL Client
5659: The extended key usage extension must be absent or include the
5660: web client authentication OID.
5661: .Cm keyUsage
5662: must be absent or it must have the
5663: .Cm digitalSignature
5664: bit set.
5665: The Netscape certificate type must be absent
5666: or it must have the SSL client bit set.
5667: .It SSL Client CA
5668: The extended key usage extension must be absent or include the
5669: web client authentication OID.
5670: The Netscape certificate type must be absent
5671: or it must have the SSL CA bit set:
5672: this is used as a workaround if the
5673: .Cm basicConstraints
5674: extension is absent.
5675: .It SSL Server
5676: The extended key usage extension must be absent or include the
5677: web server authentication and/or one of the SGC OIDs.
5678: .Cm keyUsage
5679: must be absent or it must have the
5680: .Cm digitalSignature
5681: set, the
5682: .Cm keyEncipherment
5683: set, or both bits set.
5684: The Netscape certificate type must be absent or have the SSL server bit set.
5685: .It SSL Server CA
5686: The extended key usage extension must be absent or include the
5687: web server authentication and/or one of the SGC OIDs.
5688: The Netscape certificate type must be absent or the SSL CA bit must be set:
5689: this is used as a workaround if the
5690: .Cm basicConstraints
5691: extension is absent.
5692: .It Netscape SSL Server
5693: For Netscape SSL clients to connect to an SSL server; it must have the
5694: .Cm keyEncipherment
5695: bit set if the
5696: .Cm keyUsage
5697: extension is present.
5698: This isn't always valid because some cipher suites use the key for
5699: digital signing.
5700: Otherwise it is the same as a normal SSL server.
5701: .It Common S/MIME Client Tests
5702: The extended key usage extension must be absent or include the
5703: email protection OID.
5704: The Netscape certificate type must be absent or should have the S/MIME bit set.
5705: If the S/MIME bit is not set in Netscape certificate type, then the SSL
5706: client bit is tolerated as an alternative but a warning is shown:
5707: this is because some Verisign certificates don't set the S/MIME bit.
5708: .It S/MIME Signing
5709: In addition to the common S/MIME client tests, the
5710: .Cm digitalSignature
5711: bit must be set if the
5712: .Cm keyUsage
5713: extension is present.
5714: .It S/MIME Encryption
5715: In addition to the common S/MIME tests, the
5716: .Cm keyEncipherment
5717: bit must be set if the
5718: .Cm keyUsage
5719: extension is present.
5720: .It S/MIME CA
5721: The extended key usage extension must be absent or include the
5722: email protection OID.
5723: The Netscape certificate type must be absent
5724: or must have the S/MIME CA bit set:
5725: this is used as a workaround if the
5726: .Cm basicConstraints
5727: extension is absent.
5728: .It CRL Signing
5729: The
5730: .Cm keyUsage
5731: extension must be absent or it must have the CRL signing bit set.
5732: .It CRL Signing CA
5733: The normal CA tests apply, except the
5734: .Cm basicConstraints
5735: extension must be present.
5736: .El
1.1 jsing 5737: .It Fl setalias Ar arg
1.80 jmc 5738: Set the alias of the certificate,
5739: allowing the certificate to be referred to using a nickname,
5740: such as
1.1 jsing 5741: .Qq Steve's Certificate .
5742: .It Fl trustout
1.80 jmc 5743: Output a trusted certificate
5744: (the default if any trust settings are modified).
1.1 jsing 5745: An ordinary or trusted certificate can be input, but by default an ordinary
5746: certificate is output and any trust settings are discarded.
5747: .El
1.80 jmc 5748: .Pp
1.1 jsing 5749: The
5750: .Nm x509
1.80 jmc 5751: utility can be used to sign certificates and requests:
5752: it can thus behave like a mini CA.
5753: The following are x509 signing options:
1.1 jsing 5754: .Bl -tag -width "XXXX"
5755: .It Fl CA Ar file
1.80 jmc 5756: The CA certificate to be used for signing.
1.1 jsing 5757: When this option is present,
5758: .Nm x509
1.80 jmc 5759: behaves like a mini CA.
1.1 jsing 5760: The input file is signed by the CA using this option;
5761: that is, its issuer name is set to the subject name of the CA and it is
5762: digitally signed using the CA's private key.
5763: .Pp
5764: This option is normally combined with the
5765: .Fl req
5766: option.
5767: Without the
5768: .Fl req
5769: option, the input is a certificate which must be self-signed.
5770: .It Fl CAcreateserial
1.80 jmc 5771: Create the CA serial number file if it does not exist
5772: instead of generating an error.
5773: The file will contain the serial number
1.1 jsing 5774: .Sq 02
5775: and the certificate being signed will have
5776: .Sq 1
5777: as its serial number.
1.80 jmc 5778: .It Fl CAform Cm der | pem
1.1 jsing 5779: The format of the CA certificate file.
5780: The default is
1.80 jmc 5781: .Cm pem .
1.1 jsing 5782: .It Fl CAkey Ar file
1.80 jmc 5783: Set the CA private key to sign a certificate with.
5784: Otherwise it is assumed that the CA private key is present
5785: in the CA certificate file.
5786: .It Fl CAkeyform Cm der | pem
1.1 jsing 5787: The format of the CA private key.
5788: The default is
1.80 jmc 5789: .Cm pem .
1.1 jsing 5790: .It Fl CAserial Ar file
1.80 jmc 5791: Use the serial number in
5792: .Ar file
5793: to sign a certificate.
5794: The file should consist of one line containing an even number of hex digits
1.1 jsing 5795: with the serial number to use.
5796: After each use the serial number is incremented and written out
5797: to the file again.
5798: .Pp
5799: The default filename consists of the CA certificate file base name with
5800: .Pa .srl
5801: appended.
5802: For example, if the CA certificate file is called
5803: .Pa mycacert.pem ,
5804: it expects to find a serial number file called
5805: .Pa mycacert.srl .
5806: .It Fl checkend Ar arg
5807: Check whether the certificate expires in the next
5808: .Ar arg
5809: seconds.
5810: If so, exit with return value 1;
5811: otherwise exit with return value 0.
5812: .It Fl clrext
5813: Delete any extensions from a certificate.
5814: This option is used when a certificate is being created from another
5815: certificate (for example with the
5816: .Fl signkey
5817: or the
5818: .Fl CA
5819: options).
5820: Normally, all extensions are retained.
5821: .It Fl days Ar arg
1.80 jmc 5822: The number of days to make a certificate valid for.
1.1 jsing 5823: The default is 30 days.
5824: .It Fl extensions Ar section
5825: The section to add certificate extensions from.
5826: If this option is not specified, the extensions should either be
1.80 jmc 5827: contained in the unnamed (default) section
5828: or the default section should contain a variable called
1.1 jsing 5829: .Qq extensions
5830: which contains the section to use.
5831: .It Fl extfile Ar file
5832: File containing certificate extensions to use.
5833: If not specified, no extensions are added to the certificate.
1.80 jmc 5834: .It Fl keyform Cm der | pem
5835: The format of the private key file used in the
1.1 jsing 5836: .Fl signkey
5837: option.
5838: .It Fl req
1.80 jmc 5839: Expect a certificate request on input instead of a certificate.
1.1 jsing 5840: .It Fl set_serial Ar n
1.80 jmc 5841: The serial number to use.
1.1 jsing 5842: This option can be used with either the
5843: .Fl signkey
5844: or
5845: .Fl CA
5846: options.
5847: If used in conjunction with the
5848: .Fl CA
5849: option, the serial number file (as specified by the
5850: .Fl CAserial
5851: or
5852: .Fl CAcreateserial
5853: options) is not used.
5854: .Pp
5855: The serial number can be decimal or hex (if preceded by
5856: .Sq 0x ) .
5857: Negative serial numbers can also be specified but their use is not recommended.
5858: .It Fl signkey Ar file
1.80 jmc 5859: Self-sign
5860: .Ar file
5861: using the supplied private key.
1.1 jsing 5862: .Pp
5863: If the input file is a certificate, it sets the issuer name to the
1.80 jmc 5864: subject name (i.e. makes it self-signed),
1.1 jsing 5865: changes the public key to the supplied value,
5866: and changes the start and end dates.
5867: The start date is set to the current time and the end date is set to
5868: a value determined by the
5869: .Fl days
5870: option.
5871: Any certificate extensions are retained unless the
5872: .Fl clrext
5873: option is supplied.
5874: .Pp
5875: If the input is a certificate request, a self-signed certificate
5876: is created using the supplied private key using the subject name in
5877: the request.
5878: .It Fl x509toreq
1.80 jmc 5879: Convert a certificate into a certificate request.
1.1 jsing 5880: The
5881: .Fl signkey
5882: option is used to pass the required private key.
5883: .El
1.38 jmc 5884: .Sh COMMON NOTATION
5885: Several commands share a common syntax,
5886: as detailed below.
5887: .Pp
5888: Password arguments, typically specified using
1.33 jmc 5889: .Fl passin
5890: and
5891: .Fl passout
1.38 jmc 5892: for input and output passwords,
5893: allow passwords to be obtained from a variety of sources.
5894: Both of these options take a single argument, described below.
1.33 jmc 5895: If no password argument is given and a password is required,
5896: then the user is prompted to enter one:
5897: this will typically be read from the current terminal with echoing turned off.
1.38 jmc 5898: .Bl -tag -width "pass:password" -offset indent
5899: .It Cm pass : Ns Ar password
1.33 jmc 5900: The actual password is
5901: .Ar password .
1.38 jmc 5902: Since the password is visible to utilities,
1.33 jmc 5903: this form should only be used where security is not important.
1.38 jmc 5904: .It Cm env : Ns Ar var
1.33 jmc 5905: Obtain the password from the environment variable
5906: .Ar var .
1.38 jmc 5907: Since the environment of other processes is visible,
5908: this option should be used with caution.
5909: .It Cm file : Ns Ar path
1.33 jmc 5910: The first line of
5911: .Ar path
5912: is the password.
5913: If the same
5914: .Ar path
5915: argument is supplied to
5916: .Fl passin
5917: and
5918: .Fl passout ,
5919: then the first line will be used for the input password and the next line
5920: for the output password.
5921: .Ar path
5922: need not refer to a regular file:
5923: it could, for example, refer to a device or named pipe.
1.38 jmc 5924: .It Cm fd : Ns Ar number
1.33 jmc 5925: Read the password from the file descriptor
5926: .Ar number .
1.38 jmc 5927: This can be used to send the data via a pipe, for example.
5928: .It Cm stdin
1.33 jmc 5929: Read the password from standard input.
1.35 jmc 5930: .El
1.38 jmc 5931: .Pp
1.64 jmc 5932: Input/output formats,
1.38 jmc 5933: typically specified using
5934: .Fl inform
5935: and
5936: .Fl outform ,
1.64 jmc 5937: indicate the format being read from or written to.
1.38 jmc 5938: The argument is case insensitive.
5939: .Pp
5940: .Bl -tag -width Ds -offset indent -compact
5941: .It Cm der
5942: Distinguished Encoding Rules (DER)
5943: is a binary format.
1.64 jmc 5944: .It Cm net
5945: Insecure legacy format.
1.38 jmc 5946: .It Cm pem
5947: Privacy Enhanced Mail (PEM)
5948: is base64-encoded.
1.70 jmc 5949: .It Cm smime
5950: An SMIME format message.
1.38 jmc 5951: .It Cm txt
5952: Plain ASCII text.
5953: .El
1.35 jmc 5954: .Sh ENVIRONMENT
5955: The following environment variables affect the execution of
5956: .Nm openssl :
1.38 jmc 5957: .Bl -tag -width "/etc/ssl/openssl.cnf"
1.35 jmc 5958: .It Ev OPENSSL_CONF
5959: The location of the master configuration file.
1.33 jmc 5960: .El
1.1 jsing 5961: .Sh FILES
5962: .Bl -tag -width "/etc/ssl/openssl.cnf" -compact
1.17 sobrado 5963: .It Pa /etc/ssl/
1.1 jsing 5964: Default config directory for
5965: .Nm openssl .
1.17 sobrado 5966: .It Pa /etc/ssl/lib/
1.1 jsing 5967: Unused.
1.17 sobrado 5968: .It Pa /etc/ssl/private/
1.1 jsing 5969: Default private key directory.
1.17 sobrado 5970: .It Pa /etc/ssl/openssl.cnf
1.1 jsing 5971: Default configuration file for
5972: .Nm openssl .
1.17 sobrado 5973: .It Pa /etc/ssl/x509v3.cnf
1.1 jsing 5974: Default configuration file for
5975: .Nm x509
5976: certificates.
5977: .El
5978: .Sh SEE ALSO
1.74 jmc 5979: .Xr acme-client 1 ,
1.26 jmc 5980: .Xr nc 1 ,
1.90 schwarze 5981: .Xr openssl.cnf 5 ,
5982: .Xr x509v3.cnf 5 ,
1.1 jsing 5983: .Xr ssl 8 ,
5984: .Xr starttls 8
5985: .Sh STANDARDS
5986: .Rs
5987: .%A T. Dierks
5988: .%A C. Allen
5989: .%D January 1999
5990: .%R RFC 2246
5991: .%T The TLS Protocol Version 1.0
5992: .Re
5993: .Pp
5994: .Rs
5995: .%A M. Wahl
5996: .%A S. Killie
5997: .%A T. Howes
5998: .%D December 1997
5999: .%R RFC 2253
6000: .%T Lightweight Directory Access Protocol (v3): UTF-8 String Representation of Distinguished Names
6001: .Re
6002: .Pp
6003: .Rs
6004: .%A B. Kaliski
6005: .%D March 1998
6006: .%R RFC 2315
6007: .%T PKCS #7: Cryptographic Message Syntax Version 1.5
6008: .Re
6009: .Pp
6010: .Rs
6011: .%A R. Housley
6012: .%A W. Ford
6013: .%A W. Polk
6014: .%A D. Solo
6015: .%D January 1999
6016: .%R RFC 2459
6017: .%T Internet X.509 Public Key Infrastructure Certificate and CRL Profile
6018: .Re
6019: .Pp
6020: .Rs
6021: .%A M. Myers
6022: .%A R. Ankney
6023: .%A A. Malpani
6024: .%A S. Galperin
6025: .%A C. Adams
6026: .%D June 1999
6027: .%R RFC 2560
6028: .%T X.509 Internet Public Key Infrastructure Online Certificate Status Protocol \(en OCSP
6029: .Re
6030: .Pp
6031: .Rs
6032: .%A R. Housley
6033: .%D June 1999
6034: .%R RFC 2630
6035: .%T Cryptographic Message Syntax
6036: .Re
6037: .Pp
6038: .Rs
6039: .%A P. Chown
6040: .%D June 2002
6041: .%R RFC 3268
1.24 jmc 6042: .%T Advanced Encryption Standard (AES) Ciphersuites for Transport Layer Security (TLS)
1.1 jsing 6043: .Re