Annotation of src/usr.bin/openssl/openssl.1, Revision 1.103
1.103 ! inoguchi 1: .\" $OpenBSD: openssl.1,v 1.102 2019/06/07 05:53:46 jmc Exp $
1.1 jsing 2: .\" ====================================================================
3: .\" Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
4: .\"
5: .\" Redistribution and use in source and binary forms, with or without
6: .\" modification, are permitted provided that the following conditions
7: .\" are met:
8: .\"
9: .\" 1. Redistributions of source code must retain the above copyright
10: .\" notice, this list of conditions and the following disclaimer.
11: .\"
12: .\" 2. Redistributions in binary form must reproduce the above copyright
13: .\" notice, this list of conditions and the following disclaimer in
14: .\" the documentation and/or other materials provided with the
15: .\" distribution.
16: .\"
17: .\" 3. All advertising materials mentioning features or use of this
18: .\" software must display the following acknowledgment:
19: .\" "This product includes software developed by the OpenSSL Project
20: .\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
21: .\"
22: .\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
23: .\" endorse or promote products derived from this software without
24: .\" prior written permission. For written permission, please contact
25: .\" openssl-core@openssl.org.
26: .\"
27: .\" 5. Products derived from this software may not be called "OpenSSL"
28: .\" nor may "OpenSSL" appear in their names without prior written
29: .\" permission of the OpenSSL Project.
30: .\"
31: .\" 6. Redistributions of any form whatsoever must retain the following
32: .\" acknowledgment:
33: .\" "This product includes software developed by the OpenSSL Project
34: .\" for use in the OpenSSL Toolkit (http://www.openssl.org/)"
35: .\"
36: .\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
37: .\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
38: .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
39: .\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
40: .\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
41: .\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
42: .\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
43: .\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
44: .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
45: .\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
46: .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
47: .\" OF THE POSSIBILITY OF SUCH DAMAGE.
48: .\" ====================================================================
49: .\"
50: .\" This product includes cryptographic software written by Eric Young
51: .\" (eay@cryptsoft.com). This product includes software written by Tim
52: .\" Hudson (tjh@cryptsoft.com).
53: .\"
54: .\"
55: .\" Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
56: .\" All rights reserved.
57: .\"
58: .\" This package is an SSL implementation written
59: .\" by Eric Young (eay@cryptsoft.com).
60: .\" The implementation was written so as to conform with Netscapes SSL.
61: .\"
62: .\" This library is free for commercial and non-commercial use as long as
63: .\" the following conditions are aheared to. The following conditions
64: .\" apply to all code found in this distribution, be it the RC4, RSA,
65: .\" lhash, DES, etc., code; not just the SSL code. The SSL documentation
66: .\" included with this distribution is covered by the same copyright terms
67: .\" except that the holder is Tim Hudson (tjh@cryptsoft.com).
68: .\"
69: .\" Copyright remains Eric Young's, and as such any Copyright notices in
70: .\" the code are not to be removed.
71: .\" If this package is used in a product, Eric Young should be given attribution
72: .\" as the author of the parts of the library used.
73: .\" This can be in the form of a textual message at program startup or
74: .\" in documentation (online or textual) provided with the package.
75: .\"
76: .\" Redistribution and use in source and binary forms, with or without
77: .\" modification, are permitted provided that the following conditions
78: .\" are met:
79: .\" 1. Redistributions of source code must retain the copyright
80: .\" notice, this list of conditions and the following disclaimer.
81: .\" 2. Redistributions in binary form must reproduce the above copyright
82: .\" notice, this list of conditions and the following disclaimer in the
83: .\" documentation and/or other materials provided with the distribution.
84: .\" 3. All advertising materials mentioning features or use of this software
85: .\" must display the following acknowledgement:
86: .\" "This product includes cryptographic software written by
87: .\" Eric Young (eay@cryptsoft.com)"
88: .\" The word 'cryptographic' can be left out if the rouines from the library
89: .\" being used are not cryptographic related :-).
90: .\" 4. If you include any Windows specific code (or a derivative thereof) from
91: .\" the apps directory (application code) you must include an
92: .\" acknowledgement:
93: .\" "This product includes software written by Tim Hudson
94: .\" (tjh@cryptsoft.com)"
95: .\"
96: .\" THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
97: .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
98: .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
99: .\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
100: .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
101: .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
102: .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
103: .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
104: .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
105: .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
106: .\" SUCH DAMAGE.
107: .\"
108: .\" The licence and distribution terms for any publically available version or
109: .\" derivative of this code cannot be changed. i.e. this code cannot simply be
110: .\" copied and put under another distribution licence
111: .\" [including the GNU Public Licence.]
112: .\"
1.102 jmc 113: .Dd $Mdocdate: June 7 2019 $
1.1 jsing 114: .Dt OPENSSL 1
115: .Os
116: .Sh NAME
117: .Nm openssl
118: .Nd OpenSSL command line tool
119: .Sh SYNOPSIS
120: .Nm
1.90 schwarze 121: .Ar command
1.1 jsing 122: .Op Ar command_opts
123: .Op Ar command_args
124: .Pp
125: .Nm
1.13 bentley 126: .Cm list-standard-commands |
127: .Cm list-message-digest-commands |
128: .Cm list-cipher-commands |
129: .Cm list-cipher-algorithms |
130: .Cm list-message-digest-algorithms |
1.1 jsing 131: .Cm list-public-key-algorithms
132: .Pp
133: .Nm
1.39 jmc 134: .Cm no- Ns Ar command
1.1 jsing 135: .Sh DESCRIPTION
136: .Nm OpenSSL
1.31 jmc 137: is a cryptography toolkit implementing the
138: Transport Layer Security
1.1 jsing 139: .Pq TLS v1
1.31 jmc 140: network protocol,
141: as well as related cryptography standards.
1.1 jsing 142: .Pp
143: The
144: .Nm
145: program is a command line tool for using the various
146: cryptography functions of
1.39 jmc 147: .Nm openssl Ns 's
1.33 jmc 148: crypto library from the shell.
1.1 jsing 149: .Pp
150: The pseudo-commands
151: .Cm list-standard-commands , list-message-digest-commands ,
152: and
153: .Cm list-cipher-commands
154: output a list
155: .Pq one entry per line
156: of the names of all standard commands, message digest commands,
157: or cipher commands, respectively, that are available in the present
158: .Nm
159: utility.
160: .Pp
161: The pseudo-commands
162: .Cm list-cipher-algorithms
163: and
164: .Cm list-message-digest-algorithms
165: list all cipher and message digest names,
166: one entry per line.
167: Aliases are listed as:
168: .Pp
1.33 jmc 169: .D1 from => to
1.1 jsing 170: .Pp
171: The pseudo-command
172: .Cm list-public-key-algorithms
173: lists all supported public key algorithms.
174: .Pp
175: The pseudo-command
1.39 jmc 176: .Cm no- Ns Ar command
1.1 jsing 177: tests whether a command of the
178: specified name is available.
1.39 jmc 179: If
180: .Ar command
181: does not exist,
1.1 jsing 182: it returns 0
183: and prints
1.39 jmc 184: .Cm no- Ns Ar command ;
1.1 jsing 185: otherwise it returns 1 and prints
1.39 jmc 186: .Ar command .
187: In both cases, the output goes to stdout and nothing is printed to stderr.
1.1 jsing 188: Additional command line arguments are always ignored.
189: Since for each cipher there is a command of the same name,
190: this provides an easy way for shell scripts to test for the
191: availability of ciphers in the
192: .Nm
193: program.
194: .Pp
195: .Sy Note :
1.39 jmc 196: .Cm no- Ns Ar command
1.1 jsing 197: is not able to detect pseudo-commands such as
198: .Cm quit ,
199: .Cm list- Ns Ar ... Ns Cm -commands ,
200: or
1.39 jmc 201: .Cm no- Ns Ar command
1.1 jsing 202: itself.
203: .Sh ASN1PARSE
204: .nr nS 1
205: .Nm "openssl asn1parse"
206: .Op Fl i
207: .Op Fl dlimit Ar number
208: .Op Fl dump
209: .Op Fl genconf Ar file
210: .Op Fl genstr Ar str
211: .Op Fl in Ar file
1.34 jmc 212: .Op Fl inform Cm der | pem | txt
1.1 jsing 213: .Op Fl length Ar number
214: .Op Fl noout
215: .Op Fl offset Ar number
216: .Op Fl oid Ar file
217: .Op Fl out Ar file
218: .Op Fl strparse Ar offset
219: .nr nS 0
220: .Pp
221: The
222: .Nm asn1parse
223: command is a diagnostic utility that can parse ASN.1 structures.
224: It can also be used to extract data from ASN.1 formatted data.
225: .Pp
226: The options are as follows:
227: .Bl -tag -width Ds
228: .It Fl dlimit Ar number
229: Dump the first
230: .Ar number
231: bytes of unknown data in hex form.
232: .It Fl dump
233: Dump unknown data in hex form.
234: .It Fl genconf Ar file , Fl genstr Ar str
235: Generate encoded data based on string
236: .Ar str ,
237: file
238: .Ar file ,
1.34 jmc 239: or both, using the format described in
240: .Xr ASN1_generate_nconf 3 .
1.1 jsing 241: If only
242: .Ar file
243: is present then the string is obtained from the default section
244: using the name
245: .Dq asn1 .
1.84 jmc 246: The encoded data is passed through the ASN.1 parser and printed out as
1.1 jsing 247: though it came from a file;
248: the contents can thus be examined and written to a file using the
249: .Fl out
250: option.
251: .It Fl i
1.34 jmc 252: Indent the output according to the
1.1 jsing 253: .Qq depth
254: of the structures.
255: .It Fl in Ar file
1.41 jmc 256: The input file to read from, or standard input if not specified.
1.34 jmc 257: .It Fl inform Cm der | pem | txt
1.1 jsing 258: The input format.
259: .It Fl length Ar number
1.34 jmc 260: Number of bytes to parse; the default is until end of file.
1.1 jsing 261: .It Fl noout
1.46 jmc 262: Do not output the parsed version of the input file.
1.1 jsing 263: .It Fl offset Ar number
1.34 jmc 264: Starting offset to begin parsing; the default is start of file.
1.1 jsing 265: .It Fl oid Ar file
266: A file containing additional object identifiers
267: .Pq OIDs .
268: If an OID
269: .Pq object identifier
270: is not part of
1.34 jmc 271: .Nm openssl Ns 's
1.1 jsing 272: internal table it will be represented in
273: numerical form
274: .Pq for example 1.2.3.4 .
1.34 jmc 275: .Pp
1.1 jsing 276: Each line consists of three columns:
277: the first column is the OID in numerical format and should be followed by
278: whitespace.
279: The second column is the
1.34 jmc 280: .Qq short name ,
1.1 jsing 281: which is a single word followed by whitespace.
282: The final column is the rest of the line and is the
283: .Qq long name .
284: .Nm asn1parse
285: displays the long name.
1.34 jmc 286: .It Fl out Ar file
287: The DER-encoded output file; the default is no encoded output
288: (useful when combined with
289: .Fl strparse ) .
290: .It Fl strparse Ar offset
291: Parse the content octets of the ASN.1 object starting at
292: .Ar offset .
293: This option can be used multiple times to
294: .Qq drill down
295: into a nested structure.
296: .El
1.1 jsing 297: .Sh CA
298: .nr nS 1
299: .Nm "openssl ca"
300: .Op Fl batch
301: .Op Fl cert Ar file
302: .Op Fl config Ar file
1.91 schwarze 303: .Op Fl create_serial
1.1 jsing 304: .Op Fl crl_CA_compromise Ar time
305: .Op Fl crl_compromise Ar time
306: .Op Fl crl_hold Ar instruction
307: .Op Fl crl_reason Ar reason
308: .Op Fl crldays Ar days
309: .Op Fl crlexts Ar section
310: .Op Fl crlhours Ar hours
1.103 ! inoguchi 311: .Op Fl crlsec Ar seconds
1.1 jsing 312: .Op Fl days Ar arg
313: .Op Fl enddate Ar date
314: .Op Fl extensions Ar section
1.103 ! inoguchi 315: .Op Fl extfile Ar file
1.1 jsing 316: .Op Fl gencrl
317: .Op Fl in Ar file
318: .Op Fl infiles
1.91 schwarze 319: .Op Fl key Ar password
1.103 ! inoguchi 320: .Op Fl keyfile Ar file
1.91 schwarze 321: .Op Fl keyform Cm pem | der
1.103 ! inoguchi 322: .Op Fl md Ar alg
1.1 jsing 323: .Op Fl msie_hack
1.91 schwarze 324: .Op Fl multivalue\-rdn
1.1 jsing 325: .Op Fl name Ar section
326: .Op Fl noemailDN
327: .Op Fl notext
328: .Op Fl out Ar file
1.103 ! inoguchi 329: .Op Fl outdir Ar directory
1.1 jsing 330: .Op Fl passin Ar arg
331: .Op Fl policy Ar arg
332: .Op Fl preserveDN
333: .Op Fl revoke Ar file
1.91 schwarze 334: .Op Fl selfsign
1.103 ! inoguchi 335: .Op Fl sigopt Ar nm:v
1.1 jsing 336: .Op Fl spkac Ar file
337: .Op Fl ss_cert Ar file
338: .Op Fl startdate Ar date
339: .Op Fl status Ar serial
340: .Op Fl subj Ar arg
341: .Op Fl updatedb
1.91 schwarze 342: .Op Fl utf8
1.1 jsing 343: .Op Fl verbose
344: .nr nS 0
345: .Pp
346: The
347: .Nm ca
1.35 jmc 348: command is a minimal certificate authority (CA) application.
1.1 jsing 349: It can be used to sign certificate requests in a variety of forms
1.35 jmc 350: and generate certificate revocation lists (CRLs).
1.1 jsing 351: It also maintains a text database of issued certificates and their status.
352: .Pp
1.35 jmc 353: The options relevant to CAs are as follows:
1.1 jsing 354: .Bl -tag -width "XXXX"
355: .It Fl batch
1.41 jmc 356: Batch mode.
1.1 jsing 357: In this mode no questions will be asked
358: and all certificates will be certified automatically.
359: .It Fl cert Ar file
360: The CA certificate file.
361: .It Fl config Ar file
1.72 jmc 362: Specify an alternative configuration file.
1.91 schwarze 363: .It Fl create_serial
364: If reading the serial from the text file as specified in the
365: configuration fails, create a new random serial to be used as the
366: next serial number.
1.1 jsing 367: .It Fl days Ar arg
368: The number of days to certify the certificate for.
369: .It Fl enddate Ar date
1.41 jmc 370: Set the expiry date.
1.88 jmc 371: The format of the date is [YY]YYMMDDHHMMSSZ,
372: with all four year digits required for dates from 2050 onwards.
1.1 jsing 373: .It Fl extensions Ar section
374: The section of the configuration file containing certificate extensions
375: to be added when a certificate is issued (defaults to
1.35 jmc 376: .Cm x509_extensions
1.1 jsing 377: unless the
378: .Fl extfile
379: option is used).
380: If no extension section is present, a V1 certificate is created.
381: If the extension section is present
382: .Pq even if it is empty ,
383: then a V3 certificate is created.
1.91 schwarze 384: See the
385: .Xr x509v3.cnf 5
386: manual page for details of the extension section format.
1.1 jsing 387: .It Fl extfile Ar file
388: An additional configuration
389: .Ar file
390: to read certificate extensions from
391: (using the default section unless the
392: .Fl extensions
393: option is also used).
394: .It Fl in Ar file
395: An input
396: .Ar file
397: containing a single certificate request to be signed by the CA.
398: .It Fl infiles
399: If present, this should be the last option; all subsequent arguments
400: are assumed to be the names of files containing certificate requests.
1.91 schwarze 401: .It Fl key Ar password
402: The
403: .Fa password
404: used to encrypt the private key.
1.35 jmc 405: Since on some systems the command line arguments are visible,
406: this option should be used with caution.
1.1 jsing 407: .It Fl keyfile Ar file
408: The private key to sign requests with.
1.91 schwarze 409: .It Fl keyform Cm pem | der
1.1 jsing 410: Private key file format.
1.91 schwarze 411: The default is
412: .Cm pem .
1.1 jsing 413: .It Fl md Ar alg
414: The message digest to use.
415: Possible values include
416: .Ar md5
417: and
418: .Ar sha1 .
419: This option also applies to CRLs.
420: .It Fl msie_hack
421: This is a legacy option to make
422: .Nm ca
423: work with very old versions of the IE certificate enrollment control
424: .Qq certenr3 .
425: It used UniversalStrings for almost everything.
426: Since the old control has various security bugs,
427: its use is strongly discouraged.
428: The newer control
429: .Qq Xenroll
430: does not need this option.
1.91 schwarze 431: .It Fl multivalue\-rdn
432: This option causes the
433: .Fl subj
434: argument to be interpreted with full support for multivalued RDNs,
435: for example
436: .Qq "/DC=org/DC=OpenSSL/DC=users/UID=123456+CN=John Doe" .
437: If
438: .Fl multivalue\-rdn
439: is not used, the UID value is set to
440: .Qq "123456+CN=John Doe" .
1.1 jsing 441: .It Fl name Ar section
442: Specifies the configuration file
443: .Ar section
444: to use (overrides
445: .Cm default_ca
446: in the
447: .Cm ca
448: section).
449: .It Fl noemailDN
450: The DN of a certificate can contain the EMAIL field if present in the
1.30 mmcc 451: request DN, however it is good policy just having the email set into
1.1 jsing 452: the
1.35 jmc 453: .Cm altName
1.1 jsing 454: extension of the certificate.
455: When this option is set, the EMAIL field is removed from the certificate's
456: subject and set only in the, eventually present, extensions.
457: The
458: .Ar email_in_dn
459: keyword can be used in the configuration file to enable this behaviour.
460: .It Fl notext
461: Don't output the text form of a certificate to the output file.
462: .It Fl out Ar file
463: The output file to output certificates to.
464: The default is standard output.
1.91 schwarze 465: The certificate details will also be printed out to this file in
466: PEM format, except that
467: .Fl spkac
468: outputs DER format.
1.1 jsing 469: .It Fl outdir Ar directory
470: The
471: .Ar directory
472: to output certificates to.
473: The certificate will be written to a file consisting of the
474: serial number in hex with
475: .Qq .pem
476: appended.
477: .It Fl passin Ar arg
478: The key password source.
479: .It Fl policy Ar arg
1.41 jmc 480: Define the CA
1.1 jsing 481: .Qq policy
482: to use.
1.35 jmc 483: The policy section in the configuration file
484: consists of a set of variables corresponding to certificate DN fields.
485: The values may be one of
486: .Qq match
487: (the value must match the same field in the CA certificate),
488: .Qq supplied
489: (the value must be present), or
490: .Qq optional
491: (the value may be present).
492: Any fields not mentioned in the policy section
493: are silently deleted, unless the
494: .Fl preserveDN
495: option is set,
496: but this can be regarded more of a quirk than intended behaviour.
1.1 jsing 497: .It Fl preserveDN
498: Normally, the DN order of a certificate is the same as the order of the
499: fields in the relevant policy section.
500: When this option is set, the order is the same as the request.
501: This is largely for compatibility with the older IE enrollment control
502: which would only accept certificates if their DNs matched the order of the
503: request.
504: This is not needed for Xenroll.
1.91 schwarze 505: .It Fl selfsign
506: Indicates the issued certificates are to be signed with the key the
507: certificate requests were signed with, given with
508: .Fl keyfile .
509: Certificate requests signed with a different key are ignored.
510: If
511: .Fl gencrl ,
512: .Fl spkac ,
513: or
514: .Fl ss_cert
515: are given,
516: .Fl selfsign
517: is ignored.
518: .Pp
519: A consequence of using
520: .Fl selfsign
521: is that the self-signed certificate appears among the entries in
522: the certificate database (see the configuration option
523: .Cm database )
524: and uses the same serial number counter as all other certificates
525: signed with the self-signed certificate.
1.103 ! inoguchi 526: .It Fl sigopt Ar nm:v
! 527: Pass options to the signature algorithm during sign or certify operations.
! 528: The names and values of these options are algorithm-specific.
1.1 jsing 529: .It Fl spkac Ar file
530: A file containing a single Netscape signed public key and challenge,
531: and additional field values to be signed by the CA.
1.35 jmc 532: This will usually come from the
533: KEYGEN tag in an HTML form to create a new private key.
534: It is, however, possible to create SPKACs using the
535: .Nm spkac
536: utility.
537: .Pp
538: The file should contain the variable SPKAC set to the value of
539: the SPKAC and also the required DN components as name value pairs.
540: If it's necessary to include the same component twice,
541: then it can be preceded by a number and a
542: .Sq \&. .
1.1 jsing 543: .It Fl ss_cert Ar file
544: A single self-signed certificate to be signed by the CA.
545: .It Fl startdate Ar date
1.41 jmc 546: Set the start date.
1.88 jmc 547: The format of the date is [YY]YYMMDDHHMMSSZ,
548: with all four year digits required for dates from 2050 onwards.
1.91 schwarze 549: .It Fl subj Ar arg
550: Supersedes the subject name given in the request.
551: The
552: .Ar arg
553: must be formatted as
554: .Sm off
555: .Pf / Ar type0 Ns = Ar value0 Ns / Ar type 1 Ns = Ar value 1 Ns /
556: .Ar type2 Ns = Ar ... ;
557: .Sm on
558: characters may be escaped by
559: .Sq \e
560: .Pq backslash ,
561: no spaces are skipped.
562: .It Fl utf8
563: Interpret field values read from a terminal or obtained from a
564: configuration file as UTF-8 strings.
565: By default, they are interpreted as ASCII.
1.1 jsing 566: .It Fl verbose
1.41 jmc 567: Print extra details about the operations being performed.
1.1 jsing 568: .El
1.35 jmc 569: .Pp
570: The options relevant to CRLs are as follows:
1.1 jsing 571: .Bl -tag -width "XXXX"
572: .It Fl crl_CA_compromise Ar time
573: This is the same as
574: .Fl crl_compromise ,
575: except the revocation reason is set to CACompromise.
576: .It Fl crl_compromise Ar time
1.41 jmc 577: Set the revocation reason to keyCompromise and the compromise time to
1.1 jsing 578: .Ar time .
579: .Ar time
580: should be in GeneralizedTime format, i.e. YYYYMMDDHHMMSSZ.
581: .It Fl crl_hold Ar instruction
1.41 jmc 582: Set the CRL revocation reason code to certificateHold and the hold
1.1 jsing 583: instruction to
584: .Ar instruction
585: which must be an OID.
586: Although any OID can be used, only holdInstructionNone
587: (the use of which is discouraged by RFC 2459), holdInstructionCallIssuer or
588: holdInstructionReject will normally be used.
589: .It Fl crl_reason Ar reason
590: Revocation reason, where
591: .Ar reason
592: is one of:
593: unspecified, keyCompromise, CACompromise, affiliationChanged, superseded,
594: cessationOfOperation, certificateHold or removeFromCRL.
595: The matching of
596: .Ar reason
597: is case insensitive.
598: Setting any revocation reason will make the CRL v2.
599: In practice, removeFromCRL is not particularly useful because it is only used
600: in delta CRLs which are not currently implemented.
1.103 ! inoguchi 601: .It Fl crldays Ar days
1.1 jsing 602: The number of days before the next CRL is due.
603: This is the days from now to place in the CRL
1.35 jmc 604: .Cm nextUpdate
1.1 jsing 605: field.
606: .It Fl crlexts Ar section
607: The
608: .Ar section
609: of the configuration file containing CRL extensions to include.
610: If no CRL extension section is present then a V1 CRL is created;
611: if the CRL extension section is present
1.81 jmc 612: (even if it is empty)
1.1 jsing 613: then a V2 CRL is created.
1.81 jmc 614: The CRL extensions specified are CRL extensions and not CRL entry extensions.
615: It should be noted that some software can't handle V2 CRLs.
1.91 schwarze 616: See the
617: .Xr x509v3.cnf 5
618: manual page for details of the extension section format.
1.103 ! inoguchi 619: .It Fl crlhours Ar hours
1.1 jsing 620: The number of hours before the next CRL is due.
1.103 ! inoguchi 621: .It Fl crlsec Ar seconds
! 622: The number of seconds before the next CRL is due.
1.1 jsing 623: .It Fl gencrl
1.41 jmc 624: Generate a CRL based on information in the index file.
1.1 jsing 625: .It Fl revoke Ar file
626: A
627: .Ar file
628: containing a certificate to revoke.
1.91 schwarze 629: .It Fl status Ar serial
630: Show the status of the certificate with serial number
631: .Ar serial .
632: .It Fl updatedb
633: Update the database index to purge expired certificates.
1.1 jsing 634: .El
635: .Pp
1.35 jmc 636: Many of the options can be set in the
637: .Cm ca
638: section of the configuration file
639: (or in the default section of the configuration file),
640: specified using
641: .Cm default_ca
642: or
643: .Fl name .
644: The options
645: .Cm preserve
646: and
647: .Cm msie_hack
648: are read directly from the
649: .Cm ca
650: section.
1.1 jsing 651: .Pp
652: Many of the configuration file options are identical to command line
653: options.
654: Where the option is present in the configuration file and the command line,
655: the command line value is used.
656: Where an option is described as mandatory, then it must be present in
657: the configuration file or the command line equivalent
658: .Pq if any
659: used.
660: .Bl -tag -width "XXXX"
1.35 jmc 661: .It Cm certificate
1.1 jsing 662: The same as
663: .Fl cert .
664: It gives the file containing the CA certificate.
665: Mandatory.
1.35 jmc 666: .It Cm copy_extensions
1.1 jsing 667: Determines how extensions in certificate requests should be handled.
668: If set to
1.35 jmc 669: .Cm none
1.1 jsing 670: or this option is not present, then extensions are
671: ignored and not copied to the certificate.
672: If set to
1.35 jmc 673: .Cm copy ,
1.1 jsing 674: then any extensions present in the request that are not already present
675: are copied to the certificate.
676: If set to
1.35 jmc 677: .Cm copyall ,
1.1 jsing 678: then all extensions in the request are copied to the certificate:
679: if the extension is already present in the certificate it is deleted first.
1.35 jmc 680: .Pp
681: The
682: .Cm copy_extensions
683: option should be used with caution.
684: If care is not taken, it can be a security risk.
685: For example, if a certificate request contains a
686: .Cm basicConstraints
687: extension with CA:TRUE and the
688: .Cm copy_extensions
689: value is set to
690: .Cm copyall
691: and the user does not spot
1.91 schwarze 692: this when the certificate is displayed, then this will hand the requester
1.35 jmc 693: a valid CA certificate.
694: .Pp
695: This situation can be avoided by setting
696: .Cm copy_extensions
697: to
698: .Cm copy
699: and including
700: .Cm basicConstraints
701: with CA:FALSE in the configuration file.
702: Then if the request contains a
703: .Cm basicConstraints
704: extension, it will be ignored.
1.1 jsing 705: .Pp
706: The main use of this option is to allow a certificate request to supply
707: values for certain extensions such as
1.35 jmc 708: .Cm subjectAltName .
709: .It Cm crl_extensions
1.1 jsing 710: The same as
711: .Fl crlexts .
1.35 jmc 712: .It Cm crlnumber
1.1 jsing 713: A text file containing the next CRL number to use in hex.
714: The CRL number will be inserted in the CRLs only if this file exists.
715: If this file is present, it must contain a valid CRL number.
1.35 jmc 716: .It Cm database
1.1 jsing 717: The text database file to use.
718: Mandatory.
719: This file must be present, though initially it will be empty.
1.35 jmc 720: .It Cm default_crl_hours , default_crl_days
1.1 jsing 721: The same as the
722: .Fl crlhours
723: and
724: .Fl crldays
725: options.
726: These will only be used if neither command line option is present.
727: At least one of these must be present to generate a CRL.
1.35 jmc 728: .It Cm default_days
1.1 jsing 729: The same as the
730: .Fl days
731: option.
732: The number of days to certify a certificate for.
1.35 jmc 733: .It Cm default_enddate
1.1 jsing 734: The same as the
735: .Fl enddate
736: option.
737: Either this option or
1.35 jmc 738: .Cm default_days
1.1 jsing 739: .Pq or the command line equivalents
740: must be present.
1.35 jmc 741: .It Cm default_md
1.1 jsing 742: The same as the
743: .Fl md
744: option.
745: The message digest to use.
746: Mandatory.
1.35 jmc 747: .It Cm default_startdate
1.1 jsing 748: The same as the
749: .Fl startdate
750: option.
751: The start date to certify a certificate for.
752: If not set, the current time is used.
1.35 jmc 753: .It Cm email_in_dn
1.1 jsing 754: The same as
755: .Fl noemailDN .
756: If the EMAIL field is to be removed from the DN of the certificate,
757: simply set this to
758: .Qq no .
759: If not present, the default is to allow for the EMAIL field in the
760: certificate's DN.
1.35 jmc 761: .It Cm msie_hack
1.1 jsing 762: The same as
763: .Fl msie_hack .
1.35 jmc 764: .It Cm name_opt , cert_opt
1.1 jsing 765: These options allow the format used to display the certificate details
766: when asking the user to confirm signing.
767: All the options supported by the
768: .Nm x509
769: utilities'
770: .Fl nameopt
771: and
772: .Fl certopt
773: switches can be used here, except that
1.35 jmc 774: .Cm no_signame
1.1 jsing 775: and
1.35 jmc 776: .Cm no_sigdump
1.1 jsing 777: are permanently set and cannot be disabled
778: (this is because the certificate signature cannot be displayed because
779: the certificate has not been signed at this point).
780: .Pp
781: For convenience, the value
1.35 jmc 782: .Cm ca_default
1.1 jsing 783: is accepted by both to produce a reasonable output.
784: .Pp
785: If neither option is present, the format used in earlier versions of
1.35 jmc 786: .Nm openssl
1.1 jsing 787: is used.
1.81 jmc 788: Use of the old format is strongly discouraged
789: because it only displays fields mentioned in the
1.35 jmc 790: .Cm policy
1.1 jsing 791: section,
792: mishandles multicharacter string types and does not display extensions.
1.35 jmc 793: .It Cm new_certs_dir
1.1 jsing 794: The same as the
795: .Fl outdir
796: command line option.
797: It specifies the directory where new certificates will be placed.
798: Mandatory.
1.35 jmc 799: .It Cm oid_file
1.1 jsing 800: This specifies a file containing additional object identifiers.
801: Each line of the file should consist of the numerical form of the
802: object identifier followed by whitespace, then the short name followed
803: by whitespace and finally the long name.
1.35 jmc 804: .It Cm oid_section
1.1 jsing 805: This specifies a section in the configuration file containing extra
806: object identifiers.
807: Each line should consist of the short name of the object identifier
808: followed by
809: .Sq =
810: and the numerical form.
811: The short and long names are the same when this option is used.
1.35 jmc 812: .It Cm policy
1.1 jsing 813: The same as
814: .Fl policy .
815: Mandatory.
1.35 jmc 816: .It Cm preserve
1.1 jsing 817: The same as
818: .Fl preserveDN .
1.35 jmc 819: .It Cm private_key
1.1 jsing 820: Same as the
821: .Fl keyfile
822: option.
823: The file containing the CA private key.
824: Mandatory.
1.35 jmc 825: .It Cm serial
1.1 jsing 826: A text file containing the next serial number to use in hex.
827: Mandatory.
828: This file must be present and contain a valid serial number.
1.35 jmc 829: .It Cm unique_subject
1.1 jsing 830: If the value
1.35 jmc 831: .Cm yes
1.1 jsing 832: is given, the valid certificate entries in the
833: database must have unique subjects.
834: If the value
1.35 jmc 835: .Cm no
1.1 jsing 836: is given,
837: several valid certificate entries may have the exact same subject.
838: The default value is
1.35 jmc 839: .Cm yes .
840: .It Cm x509_extensions
1.1 jsing 841: The same as
842: .Fl extensions .
843: .El
844: .Sh CIPHERS
845: .Nm openssl ciphers
846: .Op Fl hVv
1.93 schwarze 847: .Op Ar control
1.1 jsing 848: .Pp
849: The
850: .Nm ciphers
1.93 schwarze 851: command converts the
852: .Ar control
853: string from the format documented in
854: .Xr SSL_CTX_set_cipher_list 3
855: into an ordered SSL cipher suite preference list.
856: If no
857: .Ar control
858: string is specified, the
859: .Cm DEFAULT
860: list is printed.
1.1 jsing 861: .Pp
862: The options are as follows:
863: .Bl -tag -width Ds
864: .It Fl h , \&?
865: Print a brief usage message.
866: .It Fl V
1.36 jmc 867: Verbose.
1.92 schwarze 868: List ciphers with cipher suite code in hex format,
869: cipher name, and a complete description of protocol version,
870: key exchange, authentication, encryption, and mac algorithms.
1.36 jmc 871: .It Fl v
1.1 jsing 872: Like
1.36 jmc 873: .Fl V ,
874: but without cipher suite codes.
1.1 jsing 875: .El
876: .Sh CRL
877: .nr nS 1
878: .Nm "openssl crl"
879: .Op Fl CAfile Ar file
880: .Op Fl CApath Ar dir
881: .Op Fl fingerprint
882: .Op Fl hash
883: .Op Fl in Ar file
1.38 jmc 884: .Op Fl inform Cm der | pem
1.1 jsing 885: .Op Fl issuer
886: .Op Fl lastupdate
887: .Op Fl nextupdate
888: .Op Fl noout
889: .Op Fl out Ar file
1.38 jmc 890: .Op Fl outform Cm der | pem
1.1 jsing 891: .Op Fl text
892: .nr nS 0
893: .Pp
894: The
895: .Nm crl
896: command processes CRL files in DER or PEM format.
1.37 jmc 897: .Pp
1.1 jsing 898: The options are as follows:
899: .Bl -tag -width Ds
900: .It Fl CAfile Ar file
901: Verify the signature on a CRL by looking up the issuing certificate in
902: .Ar file .
903: .It Fl CApath Ar directory
904: Verify the signature on a CRL by looking up the issuing certificate in
905: .Ar dir .
906: This directory must be a standard certificate directory,
907: i.e. a hash of each subject name (using
908: .Cm x509 Fl hash )
909: should be linked to each certificate.
910: .It Fl fingerprint
911: Print the CRL fingerprint.
912: .It Fl hash
913: Output a hash of the issuer name.
914: This can be used to look up CRLs in a directory by issuer name.
915: .It Fl in Ar file
1.37 jmc 916: The input file to read from, or standard input if not specified.
1.38 jmc 917: .It Fl inform Cm der | pem
1.37 jmc 918: The input format.
1.1 jsing 919: .It Fl issuer
920: Output the issuer name.
921: .It Fl lastupdate
922: Output the
1.37 jmc 923: .Cm lastUpdate
1.1 jsing 924: field.
925: .It Fl nextupdate
926: Output the
1.37 jmc 927: .Cm nextUpdate
1.1 jsing 928: field.
929: .It Fl noout
1.46 jmc 930: Do not output the encoded version of the CRL.
1.1 jsing 931: .It Fl out Ar file
1.37 jmc 932: The output file to write to, or standard output if not specified.
1.38 jmc 933: .It Fl outform Cm der | pem
1.37 jmc 934: The output format.
1.1 jsing 935: .It Fl text
1.64 jmc 936: Print the CRL in plain text.
1.1 jsing 937: .El
938: .Sh CRL2PKCS7
939: .nr nS 1
940: .Nm "openssl crl2pkcs7"
941: .Op Fl certfile Ar file
942: .Op Fl in Ar file
1.40 jmc 943: .Op Fl inform Cm der | pem
1.1 jsing 944: .Op Fl nocrl
945: .Op Fl out Ar file
1.40 jmc 946: .Op Fl outform Cm der | pem
1.1 jsing 947: .nr nS 0
948: .Pp
949: The
950: .Nm crl2pkcs7
951: command takes an optional CRL and one or more
952: certificates and converts them into a PKCS#7 degenerate
953: .Qq certificates only
954: structure.
955: .Pp
956: The options are as follows:
957: .Bl -tag -width Ds
958: .It Fl certfile Ar file
1.40 jmc 959: Add the certificates in PEM
1.1 jsing 960: .Ar file
1.40 jmc 961: to the PKCS#7 structure.
962: This option can be used more than once
963: to read certificates from multiple files.
1.1 jsing 964: .It Fl in Ar file
1.40 jmc 965: Read the CRL from
966: .Ar file ,
967: or standard input if not specified.
968: .It Fl inform Cm der | pem
1.64 jmc 969: The input format.
1.1 jsing 970: .It Fl nocrl
971: Normally, a CRL is included in the output file.
972: With this option, no CRL is
973: included in the output file and a CRL is not read from the input file.
974: .It Fl out Ar file
1.40 jmc 975: Write the PKCS#7 structure to
976: .Ar file ,
977: or standard output if not specified.
978: .It Fl outform Cm der | pem
1.64 jmc 979: The output format.
1.1 jsing 980: .El
981: .Sh DGST
982: .nr nS 1
983: .Nm "openssl dgst"
1.43 jmc 984: .Op Fl cd
1.1 jsing 985: .Op Fl binary
1.43 jmc 986: .Op Fl Ar digest
1.1 jsing 987: .Op Fl hex
988: .Op Fl hmac Ar key
1.43 jmc 989: .Op Fl keyform Cm pem
1.1 jsing 990: .Op Fl mac Ar algorithm
991: .Op Fl macopt Ar nm : Ns Ar v
992: .Op Fl out Ar file
993: .Op Fl passin Ar arg
994: .Op Fl prverify Ar file
995: .Op Fl sign Ar file
996: .Op Fl signature Ar file
997: .Op Fl sigopt Ar nm : Ns Ar v
998: .Op Fl verify Ar file
999: .Op Ar
1000: .nr nS 0
1001: .Pp
1002: The digest functions output the message digest of a supplied
1003: .Ar file
1004: or
1005: .Ar files
1006: in hexadecimal form.
1007: They can also be used for digital signing and verification.
1008: .Pp
1009: The options are as follows:
1010: .Bl -tag -width Ds
1011: .It Fl binary
1012: Output the digest or signature in binary form.
1013: .It Fl c
1.48 jmc 1014: Print the digest in two-digit groups separated by colons.
1.1 jsing 1015: .It Fl d
1.48 jmc 1016: Print BIO debugging information.
1.43 jmc 1017: .It Fl Ar digest
1018: Use the specified message
1019: .Ar digest .
1.98 naddy 1020: The default is SHA256.
1.43 jmc 1021: The available digests can be displayed using
1022: .Nm openssl
1023: .Cm list-message-digest-commands .
1024: The following are equivalent:
1025: .Nm openssl dgst
1.98 naddy 1026: .Fl sha256
1.43 jmc 1027: and
1028: .Nm openssl
1.98 naddy 1029: .Cm sha256 .
1.1 jsing 1030: .It Fl hex
1031: Digest is to be output as a hex dump.
1032: This is the default case for a
1033: .Qq normal
1034: digest as opposed to a digital signature.
1035: .It Fl hmac Ar key
1036: Create a hashed MAC using
1037: .Ar key .
1.43 jmc 1038: .It Fl keyform Cm pem
1.1 jsing 1039: Specifies the key format to sign the digest with.
1040: .It Fl mac Ar algorithm
1041: Create a keyed Message Authentication Code (MAC).
1042: The most popular MAC algorithm is HMAC (hash-based MAC),
1043: but there are other MAC algorithms which are not based on hash.
1044: MAC keys and other options should be set via the
1045: .Fl macopt
1046: parameter.
1047: .It Fl macopt Ar nm : Ns Ar v
1048: Passes options to the MAC algorithm, specified by
1049: .Fl mac .
1050: The following options are supported by HMAC:
1051: .Bl -tag -width Ds
1.43 jmc 1052: .It Cm key : Ns Ar string
1.1 jsing 1053: Specifies the MAC key as an alphanumeric string
1054: (use if the key contain printable characters only).
1055: String length must conform to any restrictions of the MAC algorithm.
1.43 jmc 1056: .It Cm hexkey : Ns Ar string
1.1 jsing 1057: Specifies the MAC key in hexadecimal form (two hex digits per byte).
1058: Key length must conform to any restrictions of the MAC algorithm.
1059: .El
1060: .It Fl out Ar file
1.43 jmc 1061: The output file to write to,
1062: or standard output if not specified.
1.1 jsing 1063: .It Fl passin Ar arg
1064: The key password source.
1065: .It Fl prverify Ar file
1066: Verify the signature using the private key in
1067: .Ar file .
1068: The output is either
1069: .Qq Verification OK
1070: or
1071: .Qq Verification Failure .
1072: .It Fl sign Ar file
1073: Digitally sign the digest using the private key in
1074: .Ar file .
1075: .It Fl signature Ar file
1076: The actual signature to verify.
1077: .It Fl sigopt Ar nm : Ns Ar v
1078: Pass options to the signature algorithm during sign or verify operations.
1079: The names and values of these options are algorithm-specific.
1080: .It Fl verify Ar file
1081: Verify the signature using the public key in
1082: .Ar file .
1083: The output is either
1084: .Qq Verification OK
1085: or
1086: .Qq Verification Failure .
1087: .It Ar
1088: File or files to digest.
1089: If no files are specified then standard input is used.
1090: .El
1091: .Sh DHPARAM
1092: .nr nS 1
1093: .Nm "openssl dhparam"
1094: .Op Fl 2 | 5
1095: .Op Fl C
1096: .Op Fl check
1097: .Op Fl dsaparam
1098: .Op Fl in Ar file
1.44 jmc 1099: .Op Fl inform Cm der | pem
1.1 jsing 1100: .Op Fl noout
1101: .Op Fl out Ar file
1.44 jmc 1102: .Op Fl outform Cm der | pem
1.1 jsing 1103: .Op Fl text
1104: .Op Ar numbits
1105: .nr nS 0
1106: .Pp
1107: The
1108: .Nm dhparam
1109: command is used to manipulate DH parameter files.
1.44 jmc 1110: Only the older PKCS#3 DH is supported,
1111: not the newer X9.42 DH.
1.1 jsing 1112: .Pp
1113: The options are as follows:
1114: .Bl -tag -width Ds
1115: .It Fl 2 , 5
1.44 jmc 1116: The generator to use;
1.1 jsing 1117: 2 is the default.
1118: If present, the input file is ignored and parameters are generated instead.
1119: .It Fl C
1.44 jmc 1120: Convert the parameters into C code.
1.1 jsing 1121: The parameters can then be loaded by calling the
1.44 jmc 1122: .No get_dh Ns Ar numbits
1.1 jsing 1123: function.
1124: .It Fl check
1125: Check the DH parameters.
1126: .It Fl dsaparam
1.44 jmc 1127: Read or create DSA parameters,
1128: converted to DH format on output.
1.1 jsing 1129: Otherwise,
1130: .Qq strong
1131: primes
1132: .Pq such that (p-1)/2 is also prime
1133: will be used for DH parameter generation.
1134: .Pp
1135: DH parameter generation with the
1136: .Fl dsaparam
1137: option is much faster,
1138: and the recommended exponent length is shorter,
1139: which makes DH key exchange more efficient.
1140: Beware that with such DSA-style DH parameters,
1141: a fresh DH key should be created for each use to
1142: avoid small-subgroup attacks that may be possible otherwise.
1143: .It Fl in Ar file
1.44 jmc 1144: The input file to read from,
1145: or standard input if not specified.
1146: .It Fl inform Cm der | pem
1147: The input format.
1.1 jsing 1148: .It Fl noout
1.46 jmc 1149: Do not output the encoded version of the parameters.
1.44 jmc 1150: .It Fl out Ar file
1151: The output file to write to,
1152: or standard output if not specified.
1153: .It Fl outform Cm der | pem
1154: The output format.
1155: .It Fl text
1.64 jmc 1156: Print the DH parameters in plain text.
1.1 jsing 1157: .It Ar numbits
1.44 jmc 1158: Generate a parameter set of size
1.1 jsing 1159: .Ar numbits .
1160: It must be the last option.
1.16 sthen 1161: If not present, a value of 2048 is used.
1.1 jsing 1162: If this value is present, the input file is ignored and
1163: parameters are generated instead.
1164: .El
1165: .Sh DSA
1166: .nr nS 1
1167: .Nm "openssl dsa"
1168: .Oo
1169: .Fl aes128 | aes192 | aes256 |
1170: .Fl des | des3
1171: .Oc
1172: .Op Fl in Ar file
1.45 jmc 1173: .Op Fl inform Cm der | pem
1.1 jsing 1174: .Op Fl modulus
1175: .Op Fl noout
1176: .Op Fl out Ar file
1.45 jmc 1177: .Op Fl outform Cm der | pem
1.1 jsing 1178: .Op Fl passin Ar arg
1179: .Op Fl passout Ar arg
1180: .Op Fl pubin
1181: .Op Fl pubout
1182: .Op Fl text
1183: .nr nS 0
1184: .Pp
1185: The
1186: .Nm dsa
1187: command processes DSA keys.
1188: They can be converted between various forms and their components printed out.
1189: .Pp
1190: .Sy Note :
1191: This command uses the traditional
1192: .Nm SSLeay
1193: compatible format for private key encryption:
1194: newer applications should use the more secure PKCS#8 format using the
1195: .Nm pkcs8
1196: command.
1197: .Pp
1198: The options are as follows:
1199: .Bl -tag -width Ds
1200: .It Xo
1201: .Fl aes128 | aes192 | aes256 |
1202: .Fl des | des3
1203: .Xc
1.45 jmc 1204: Encrypt the private key with the AES, DES, or the triple DES
1.1 jsing 1205: ciphers, respectively, before outputting it.
1206: A pass phrase is prompted for.
1.45 jmc 1207: If none of these options are specified, the key is written in plain text.
1.1 jsing 1208: This means that using the
1209: .Nm dsa
1.45 jmc 1210: utility to read an encrypted key with no encryption option can be used to
1.1 jsing 1211: remove the pass phrase from a key,
1.45 jmc 1212: or by setting the encryption options it can be used to add or change
1.1 jsing 1213: the pass phrase.
1214: These options can only be used with PEM format output files.
1215: .It Fl in Ar file
1.45 jmc 1216: The input file to read from,
1217: or standard input if not specified.
1.1 jsing 1218: If the key is encrypted, a pass phrase will be prompted for.
1.45 jmc 1219: .It Fl inform Cm der | pem
1220: The input format.
1.1 jsing 1221: .It Fl modulus
1.45 jmc 1222: Print the value of the public key component of the key.
1.1 jsing 1223: .It Fl noout
1.46 jmc 1224: Do not output the encoded version of the key.
1.1 jsing 1225: .It Fl out Ar file
1.45 jmc 1226: The output file to write to,
1227: or standard output if not specified.
1.1 jsing 1228: If any encryption options are set then a pass phrase will be
1229: prompted for.
1.45 jmc 1230: .It Fl outform Cm der | pem
1231: The output format.
1.1 jsing 1232: .It Fl passin Ar arg
1233: The key password source.
1234: .It Fl passout Ar arg
1235: The output file password source.
1236: .It Fl pubin
1.60 jmc 1237: Read in a public key, not a private key.
1.1 jsing 1238: .It Fl pubout
1.60 jmc 1239: Output a public key, not a private key.
1240: Automatically set if the input is a public key.
1.1 jsing 1241: .It Fl text
1.64 jmc 1242: Print the public/private key in plain text.
1.1 jsing 1243: .El
1244: .Sh DSAPARAM
1245: .nr nS 1
1246: .Nm "openssl dsaparam"
1247: .Op Fl C
1248: .Op Fl genkey
1249: .Op Fl in Ar file
1.46 jmc 1250: .Op Fl inform Cm der | pem
1.1 jsing 1251: .Op Fl noout
1252: .Op Fl out Ar file
1.46 jmc 1253: .Op Fl outform Cm der | pem
1.1 jsing 1254: .Op Fl text
1255: .Op Ar numbits
1256: .nr nS 0
1257: .Pp
1258: The
1259: .Nm dsaparam
1260: command is used to manipulate or generate DSA parameter files.
1261: .Pp
1262: The options are as follows:
1263: .Bl -tag -width Ds
1264: .It Fl C
1.46 jmc 1265: Convert the parameters into C code.
1.1 jsing 1266: The parameters can then be loaded by calling the
1.46 jmc 1267: .No get_dsa Ns Ar XXX
1.1 jsing 1268: function.
1269: .It Fl genkey
1.46 jmc 1270: Generate a DSA key either using the specified or generated
1.1 jsing 1271: parameters.
1272: .It Fl in Ar file
1.46 jmc 1273: The input file to read from,
1274: or standard input if not specified.
1.1 jsing 1275: If the
1276: .Ar numbits
1.46 jmc 1277: parameter is included, then this option is ignored.
1278: .It Fl inform Cm der | pem
1279: The input format.
1.1 jsing 1280: .It Fl noout
1.46 jmc 1281: Do not output the encoded version of the parameters.
1282: .It Fl out Ar file
1283: The output file to write to,
1284: or standard output if not specified.
1285: .It Fl outform Cm der | pem
1286: The output format.
1287: .It Fl text
1.64 jmc 1288: Print the DSA parameters in plain text.
1.1 jsing 1289: .It Ar numbits
1.46 jmc 1290: Generate a parameter set of size
1.1 jsing 1291: .Ar numbits .
1.46 jmc 1292: If this option is included, the input file is ignored.
1.1 jsing 1293: .El
1294: .Sh EC
1295: .nr nS 1
1296: .Nm "openssl ec"
1297: .Op Fl conv_form Ar arg
1298: .Op Fl des
1299: .Op Fl des3
1300: .Op Fl in Ar file
1.47 jmc 1301: .Op Fl inform Cm der | pem
1.1 jsing 1302: .Op Fl noout
1303: .Op Fl out Ar file
1.47 jmc 1304: .Op Fl outform Cm der | pem
1.1 jsing 1305: .Op Fl param_enc Ar arg
1306: .Op Fl param_out
1307: .Op Fl passin Ar arg
1308: .Op Fl passout Ar arg
1309: .Op Fl pubin
1310: .Op Fl pubout
1311: .Op Fl text
1312: .nr nS 0
1313: .Pp
1314: The
1315: .Nm ec
1316: command processes EC keys.
1317: They can be converted between various
1318: forms and their components printed out.
1.47 jmc 1319: .Nm openssl
1.1 jsing 1320: uses the private key format specified in
1321: .Dq SEC 1: Elliptic Curve Cryptography
1322: .Pq Lk http://www.secg.org/ .
1323: To convert an
1324: EC private key into the PKCS#8 private key format use the
1325: .Nm pkcs8
1326: command.
1327: .Pp
1328: The options are as follows:
1329: .Bl -tag -width Ds
1330: .It Fl conv_form Ar arg
1.47 jmc 1331: Specify how the points on the elliptic curve are converted
1.1 jsing 1332: into octet strings.
1333: Possible values are:
1.95 tb 1334: .Cm compressed ,
1335: .Cm uncompressed
1.47 jmc 1336: (the default),
1.1 jsing 1337: and
1338: .Cm hybrid .
1339: For more information regarding
1.47 jmc 1340: the point conversion forms see the X9.62 standard.
1.1 jsing 1341: Note:
1342: Due to patent issues the
1343: .Cm compressed
1344: option is disabled by default for binary curves
1345: and can be enabled by defining the preprocessor macro
1.47 jmc 1346: .Dv OPENSSL_EC_BIN_PT_COMP
1.1 jsing 1347: at compile time.
1348: .It Fl des | des3
1.47 jmc 1349: Encrypt the private key with DES, triple DES, or
1.1 jsing 1350: any other cipher supported by
1.47 jmc 1351: .Nm openssl .
1.1 jsing 1352: A pass phrase is prompted for.
1353: If none of these options is specified the key is written in plain text.
1354: This means that using the
1355: .Nm ec
1356: utility to read in an encrypted key with no
1357: encryption option can be used to remove the pass phrase from a key,
1358: or by setting the encryption options
1.83 naddy 1359: it can be used to add or change the pass phrase.
1.1 jsing 1360: These options can only be used with PEM format output files.
1361: .It Fl in Ar file
1.47 jmc 1362: The input file to read a key from,
1363: or standard input if not specified.
1.1 jsing 1364: If the key is encrypted a pass phrase will be prompted for.
1.47 jmc 1365: .It Fl inform Cm der | pem
1366: The input format.
1.1 jsing 1367: .It Fl noout
1.47 jmc 1368: Do not output the encoded version of the key.
1.1 jsing 1369: .It Fl out Ar file
1.47 jmc 1370: The output filename to write to,
1371: or standard output if not specified.
1.1 jsing 1372: If any encryption options are set then a pass phrase will be prompted for.
1.47 jmc 1373: .It Fl outform Cm der | pem
1374: The output format.
1.1 jsing 1375: .It Fl param_enc Ar arg
1.47 jmc 1376: Specify how the elliptic curve parameters are encoded.
1.1 jsing 1377: Possible value are:
1378: .Cm named_curve ,
1379: i.e. the EC parameters are specified by an OID; or
1380: .Cm explicit ,
1381: where the EC parameters are explicitly given
1382: (see RFC 3279 for the definition of the EC parameter structures).
1383: The default value is
1384: .Cm named_curve .
1385: Note: the
1386: .Cm implicitlyCA
1387: alternative,
1388: as specified in RFC 3279,
1.47 jmc 1389: is currently not implemented.
1.1 jsing 1390: .It Fl passin Ar arg
1391: The key password source.
1392: .It Fl passout Ar arg
1393: The output file password source.
1394: .It Fl pubin
1.60 jmc 1395: Read in a public key, not a private key.
1.1 jsing 1396: .It Fl pubout
1.60 jmc 1397: Output a public key, not a private key.
1398: Automatically set if the input is a public key.
1.1 jsing 1399: .It Fl text
1.64 jmc 1400: Print the public/private key in plain text.
1.1 jsing 1401: .El
1402: .Sh ECPARAM
1403: .nr nS 1
1404: .Nm "openssl ecparam"
1405: .Op Fl C
1406: .Op Fl check
1407: .Op Fl conv_form Ar arg
1408: .Op Fl genkey
1409: .Op Fl in Ar file
1.48 jmc 1410: .Op Fl inform Cm der | pem
1.1 jsing 1411: .Op Fl list_curves
1412: .Op Fl name Ar arg
1413: .Op Fl no_seed
1414: .Op Fl noout
1415: .Op Fl out Ar file
1.48 jmc 1416: .Op Fl outform Cm der | pem
1.1 jsing 1417: .Op Fl param_enc Ar arg
1418: .Op Fl text
1419: .nr nS 0
1420: .Pp
1.48 jmc 1421: The
1422: .Nm ecparam
1423: command is used to manipulate or generate EC parameter files.
1424: .Nm openssl
1425: is not able to generate new groups so
1426: .Nm ecparam
1427: can only create EC parameters from known (named) curves.
1428: .Pp
1.1 jsing 1429: The options are as follows:
1430: .Bl -tag -width Ds
1431: .It Fl C
1432: Convert the EC parameters into C code.
1433: The parameters can then be loaded by calling the
1.48 jmc 1434: .No get_ec_group_ Ns Ar XXX
1.1 jsing 1435: function.
1436: .It Fl check
1437: Validate the elliptic curve parameters.
1438: .It Fl conv_form Ar arg
1439: Specify how the points on the elliptic curve are converted
1440: into octet strings.
1441: Possible values are:
1.95 tb 1442: .Cm compressed ,
1443: .Cm uncompressed
1.48 jmc 1444: (the default),
1.1 jsing 1445: and
1446: .Cm hybrid .
1447: For more information regarding
1.48 jmc 1448: the point conversion forms see the X9.62 standard.
1.1 jsing 1449: Note:
1450: Due to patent issues the
1451: .Cm compressed
1452: option is disabled by default for binary curves
1453: and can be enabled by defining the preprocessor macro
1.48 jmc 1454: .Dv OPENSSL_EC_BIN_PT_COMP
1.1 jsing 1455: at compile time.
1456: .It Fl genkey
1457: Generate an EC private key using the specified parameters.
1458: .It Fl in Ar file
1.48 jmc 1459: The input file to read from,
1460: or standard input if not specified.
1461: .It Fl inform Cm der | pem
1462: The input format.
1.1 jsing 1463: .It Fl list_curves
1.48 jmc 1464: Print a list of all
1.1 jsing 1465: currently implemented EC parameter names and exit.
1466: .It Fl name Ar arg
1.48 jmc 1467: Use the EC parameters with the specified "short" name.
1.1 jsing 1468: .It Fl no_seed
1.48 jmc 1469: Do not include the seed for the parameter generation
1470: in the ECParameters structure (see RFC 3279).
1.1 jsing 1471: .It Fl noout
1.48 jmc 1472: Do not output the encoded version of the parameters.
1.1 jsing 1473: .It Fl out Ar file
1.48 jmc 1474: The output file to write to,
1475: or standard output if not specified.
1476: .It Fl outform Cm der | pem
1477: The output format.
1.1 jsing 1478: .It Fl param_enc Ar arg
1.48 jmc 1479: Specify how the elliptic curve parameters are encoded.
1.1 jsing 1480: Possible value are:
1481: .Cm named_curve ,
1482: i.e. the EC parameters are specified by an OID, or
1483: .Cm explicit ,
1484: where the EC parameters are explicitly given
1485: (see RFC 3279 for the definition of the EC parameter structures).
1486: The default value is
1487: .Cm named_curve .
1488: Note: the
1489: .Cm implicitlyCA
1490: alternative, as specified in RFC 3279,
1.48 jmc 1491: is currently not implemented.
1.1 jsing 1492: .It Fl text
1.64 jmc 1493: Print the EC parameters in plain text.
1.1 jsing 1494: .El
1495: .Sh ENC
1496: .nr nS 1
1497: .Nm "openssl enc"
1498: .Fl ciphername
1499: .Op Fl AadePp
1500: .Op Fl base64
1501: .Op Fl bufsize Ar number
1502: .Op Fl debug
1503: .Op Fl in Ar file
1.97 jmc 1504: .Op Fl iter Ar iterations
1.1 jsing 1505: .Op Fl iv Ar IV
1506: .Op Fl K Ar key
1507: .Op Fl k Ar password
1508: .Op Fl kfile Ar file
1509: .Op Fl md Ar digest
1510: .Op Fl none
1511: .Op Fl nopad
1512: .Op Fl nosalt
1513: .Op Fl out Ar file
1514: .Op Fl pass Ar arg
1.96 beck 1515: .Op Fl pbkdf2
1.1 jsing 1516: .Op Fl S Ar salt
1517: .Op Fl salt
1518: .nr nS 0
1519: .Pp
1520: The symmetric cipher commands allow data to be encrypted or decrypted
1521: using various block and stream ciphers using keys based on passwords
1522: or explicitly provided.
1523: Base64 encoding or decoding can also be performed either by itself
1524: or in addition to the encryption or decryption.
1.49 jmc 1525: The program can be called either as
1526: .Nm openssl Ar ciphername
1527: or
1528: .Nm openssl enc - Ns Ar ciphername .
1529: .Pp
1530: Some of the ciphers do not have large keys and others have security
1531: implications if not used correctly.
1532: All the block ciphers normally use PKCS#5 padding,
1533: also known as standard block padding.
1534: If padding is disabled, the input data must be a multiple of the cipher
1535: block length.
1.1 jsing 1536: .Pp
1537: The options are as follows:
1538: .Bl -tag -width Ds
1539: .It Fl A
1540: If the
1541: .Fl a
1542: option is set, then base64 process the data on one line.
1543: .It Fl a , base64
1544: Base64 process the data.
1545: This means that if encryption is taking place, the data is base64-encoded
1546: after encryption.
1.49 jmc 1547: If decryption is set, the input data is base64-decoded before
1.1 jsing 1548: being decrypted.
1549: .It Fl bufsize Ar number
1550: Set the buffer size for I/O.
1551: .It Fl d
1552: Decrypt the input data.
1553: .It Fl debug
1554: Debug the BIOs used for I/O.
1555: .It Fl e
1.49 jmc 1556: Encrypt the input data.
1557: This is the default.
1.1 jsing 1558: .It Fl in Ar file
1.49 jmc 1559: The input file to read from,
1.57 jmc 1560: or standard input if not specified.
1.97 jmc 1561: .It Fl iter Ar iterations
1562: Use the pbkdf2 key derivation function, with
1563: .Ar iterations
1564: as the number of iterations.
1.1 jsing 1565: .It Fl iv Ar IV
1566: The actual
1567: .Ar IV
1568: .Pq initialisation vector
1569: to use:
1570: this must be represented as a string comprised only of hex digits.
1571: When only the
1572: .Ar key
1573: is specified using the
1574: .Fl K
1.49 jmc 1575: option,
1576: the IV must explicitly be defined.
1.1 jsing 1577: When a password is being specified using one of the other options,
1.49 jmc 1578: the IV is generated from this password.
1.1 jsing 1579: .It Fl K Ar key
1580: The actual
1581: .Ar key
1582: to use:
1583: this must be represented as a string comprised only of hex digits.
1.49 jmc 1584: If only the key is specified,
1585: the IV must also be specified using the
1.1 jsing 1586: .Fl iv
1587: option.
1588: When both a
1589: .Ar key
1590: and a
1591: .Ar password
1592: are specified, the
1593: .Ar key
1594: given with the
1595: .Fl K
1.49 jmc 1596: option will be used and the IV generated from the password will be taken.
1.1 jsing 1597: It probably does not make much sense to specify both
1598: .Ar key
1599: and
1600: .Ar password .
1601: .It Fl k Ar password
1602: The
1603: .Ar password
1604: to derive the key from.
1605: Superseded by the
1606: .Fl pass
1607: option.
1608: .It Fl kfile Ar file
1609: Read the password to derive the key from the first line of
1610: .Ar file .
1611: Superseded by the
1612: .Fl pass
1613: option.
1614: .It Fl md Ar digest
1615: Use
1616: .Ar digest
1617: to create a key from a pass phrase.
1618: .Ar digest
1619: may be one of
1.49 jmc 1620: .Cm md5
1.1 jsing 1621: or
1.49 jmc 1622: .Cm sha1 .
1.1 jsing 1623: .It Fl none
1624: Use NULL cipher (no encryption or decryption of input).
1625: .It Fl nopad
1626: Disable standard block padding.
1627: .It Fl nosalt
1.49 jmc 1628: Don't use a salt in the key derivation routines.
1.81 jmc 1629: This option should never be used
1.49 jmc 1630: since it makes it possible to perform efficient dictionary
1631: attacks on the password and to attack stream cipher encrypted data.
1.1 jsing 1632: .It Fl out Ar file
1.51 jmc 1633: The output file to write to,
1.57 jmc 1634: or standard output if not specified.
1.1 jsing 1635: .It Fl P
1.49 jmc 1636: Print out the salt, key, and IV used, then immediately exit;
1.1 jsing 1637: don't do any encryption or decryption.
1638: .It Fl p
1.49 jmc 1639: Print out the salt, key, and IV used.
1.1 jsing 1640: .It Fl pass Ar arg
1641: The password source.
1.96 beck 1642: .It Fl pbkdf2
1.97 jmc 1643: Use the pbkdf2 key derivation function, with
1.96 beck 1644: the default of 10000 iterations.
1.1 jsing 1645: .It Fl S Ar salt
1646: The actual
1647: .Ar salt
1648: to use:
1649: this must be represented as a string comprised only of hex digits.
1650: .It Fl salt
1.49 jmc 1651: Use a salt in the key derivation routines (the default).
1652: When the salt is being used
1653: the first eight bytes of the encrypted data are reserved for the salt:
1654: it is randomly generated when encrypting a file and read from the
1655: encrypted file when it is decrypted.
1.1 jsing 1656: .El
1657: .Sh ERRSTR
1658: .Nm openssl errstr
1659: .Op Fl stats
1660: .Ar errno ...
1661: .Pp
1662: The
1663: .Nm errstr
1664: command performs error number to error string conversion,
1665: generating a human-readable string representing the error code
1666: .Ar errno .
1667: The string is obtained through the
1668: .Xr ERR_error_string_n 3
1669: function and has the following format:
1670: .Pp
1671: .Dl error:[error code]:[library name]:[function name]:[reason string]
1672: .Pp
1673: .Bq error code
1674: is an 8-digit hexadecimal number.
1675: The remaining fields
1676: .Bq library name ,
1677: .Bq function name ,
1678: and
1679: .Bq reason string
1680: are all ASCII text.
1681: .Pp
1682: The options are as follows:
1683: .Bl -tag -width Ds
1684: .It Fl stats
1685: Print debugging statistics about various aspects of the hash table.
1686: .El
1687: .Sh GENDSA
1688: .nr nS 1
1689: .Nm "openssl gendsa"
1690: .Oo
1.102 jmc 1691: .Fl aes128 | aes192 | aes256 | camellia128 |
1692: .Fl camellia192 | camellia256 | des | des3 | idea
1.1 jsing 1693: .Oc
1694: .Op Fl out Ar file
1.101 inoguchi 1695: .Op Fl passout Ar arg
1696: .Ar paramfile
1.1 jsing 1697: .nr nS 0
1698: .Pp
1699: The
1700: .Nm gendsa
1701: command generates a DSA private key from a DSA parameter file
1.51 jmc 1702: (typically generated by the
1.1 jsing 1703: .Nm openssl dsaparam
1704: command).
1.51 jmc 1705: DSA key generation is little more than random number generation so it is
1706: much quicker than,
1707: for example,
1708: RSA key generation.
1.1 jsing 1709: .Pp
1710: The options are as follows:
1711: .Bl -tag -width Ds
1712: .It Xo
1713: .Fl aes128 | aes192 | aes256 |
1.101 inoguchi 1714: .Fl camellia128 | camellia192 | camellia256 |
1715: .Fl des | des3 |
1716: .Fl idea
1.1 jsing 1717: .Xc
1.101 inoguchi 1718: Encrypt the private key with the AES, CAMELLIA, DES, triple DES
1719: or the IDEA ciphers, respectively, before outputting it.
1.1 jsing 1720: A pass phrase is prompted for.
1721: If none of these options are specified, no encryption is used.
1722: .It Fl out Ar file
1.51 jmc 1723: The output file to write to,
1.57 jmc 1724: or standard output if not specified.
1.101 inoguchi 1725: .It Fl passout Ar arg
1726: The output file password source.
1.1 jsing 1727: .It Ar paramfile
1.51 jmc 1728: Specify the DSA parameter file to use.
1.1 jsing 1729: The parameters in this file determine the size of the private key.
1730: .El
1731: .Sh GENPKEY
1732: .nr nS 1
1733: .Nm "openssl genpkey"
1734: .Op Fl algorithm Ar alg
1735: .Op Ar cipher
1736: .Op Fl genparam
1737: .Op Fl out Ar file
1.52 jmc 1738: .Op Fl outform Cm der | pem
1.1 jsing 1739: .Op Fl paramfile Ar file
1740: .Op Fl pass Ar arg
1741: .Op Fl pkeyopt Ar opt : Ns Ar value
1742: .Op Fl text
1743: .nr nS 0
1744: .Pp
1745: The
1746: .Nm genpkey
1747: command generates private keys.
1748: The use of this
1749: program is encouraged over the algorithm specific utilities
1.22 bcook 1750: because additional algorithm options can be used.
1.1 jsing 1751: .Pp
1752: The options are as follows:
1753: .Bl -tag -width Ds
1754: .It Fl algorithm Ar alg
1755: The public key algorithm to use,
1756: such as RSA, DSA, or DH.
1.52 jmc 1757: This option must precede any
1.1 jsing 1758: .Fl pkeyopt
1759: options.
1760: The options
1761: .Fl paramfile
1762: and
1763: .Fl algorithm
1764: are mutually exclusive.
1765: .It Ar cipher
1766: Encrypt the private key with the supplied cipher.
1767: Any algorithm name accepted by
1.52 jmc 1768: .Xr EVP_get_cipherbyname 3
1769: is acceptable.
1.1 jsing 1770: .It Fl genparam
1771: Generate a set of parameters instead of a private key.
1.52 jmc 1772: This option must precede any
1.1 jsing 1773: .Fl algorithm ,
1774: .Fl paramfile ,
1775: or
1776: .Fl pkeyopt
1777: options.
1778: .It Fl out Ar file
1.52 jmc 1779: The output file to write to,
1.57 jmc 1780: or standard output if not specified.
1.52 jmc 1781: .It Fl outform Cm der | pem
1782: The output format.
1.1 jsing 1783: .It Fl paramfile Ar file
1.52 jmc 1784: Some public key algorithms generate a private key based on a set of parameters,
1785: which can be supplied using this option.
1.1 jsing 1786: If this option is used the public key
1787: algorithm used is determined by the parameters.
1.52 jmc 1788: This option must precede any
1.1 jsing 1789: .Fl pkeyopt
1790: options.
1791: The options
1792: .Fl paramfile
1793: and
1794: .Fl algorithm
1795: are mutually exclusive.
1796: .It Fl pass Ar arg
1797: The output file password source.
1798: .It Fl pkeyopt Ar opt : Ns Ar value
1799: Set the public key algorithm option
1800: .Ar opt
1801: to
1.52 jmc 1802: .Ar value ,
1803: as follows:
1.1 jsing 1804: .Bl -tag -width Ds -offset indent
1805: .It rsa_keygen_bits : Ns Ar numbits
1806: (RSA)
1807: The number of bits in the generated key.
1.52 jmc 1808: The default is 2048.
1.1 jsing 1809: .It rsa_keygen_pubexp : Ns Ar value
1810: (RSA)
1811: The RSA public exponent value.
1812: This can be a large decimal or hexadecimal value if preceded by 0x.
1.52 jmc 1813: The default is 65537.
1.1 jsing 1814: .It dsa_paramgen_bits : Ns Ar numbits
1815: (DSA)
1816: The number of bits in the generated parameters.
1.52 jmc 1817: The default is 1024.
1.1 jsing 1818: .It dh_paramgen_prime_len : Ns Ar numbits
1819: (DH)
1820: The number of bits in the prime parameter
1821: .Ar p .
1822: .It dh_paramgen_generator : Ns Ar value
1823: (DH)
1824: The value to use for the generator
1825: .Ar g .
1826: .It ec_paramgen_curve : Ns Ar curve
1827: (EC)
1828: The EC curve to use.
1829: .El
1.52 jmc 1830: .It Fl text
1.64 jmc 1831: Print the private/public key in plain text.
1.52 jmc 1832: .El
1.1 jsing 1833: .Sh GENRSA
1834: .nr nS 1
1835: .Nm "openssl genrsa"
1836: .Op Fl 3 | f4
1.53 jmc 1837: .Op Fl aes128 | aes192 | aes256 | des | des3
1.1 jsing 1838: .Op Fl out Ar file
1839: .Op Fl passout Ar arg
1840: .Op Ar numbits
1841: .nr nS 0
1842: .Pp
1843: The
1844: .Nm genrsa
1.53 jmc 1845: command generates an RSA private key,
1846: which essentially involves the generation of two prime numbers.
1847: When generating the key,
1848: various symbols will be output to indicate the progress of the generation.
1849: A
1850: .Sq \&.
1851: represents each number which has passed an initial sieve test;
1852: .Sq +
1853: means a number has passed a single round of the Miller-Rabin primality test.
1854: A newline means that the number has passed all the prime tests
1855: (the actual number depends on the key size).
1.1 jsing 1856: .Pp
1857: The options are as follows:
1858: .Bl -tag -width Ds
1859: .It Fl 3 | f4
1860: The public exponent to use, either 3 or 65537.
1861: The default is 65537.
1.53 jmc 1862: .It Fl aes128 | aes192 | aes256 | des | des3
1863: Encrypt the private key with the AES, DES,
1.1 jsing 1864: or the triple DES ciphers, respectively, before outputting it.
1865: If none of these options are specified, no encryption is used.
1866: If encryption is used, a pass phrase is prompted for,
1867: if it is not supplied via the
1868: .Fl passout
1869: option.
1870: .It Fl out Ar file
1.53 jmc 1871: The output file to write to,
1.57 jmc 1872: or standard output if not specified.
1.1 jsing 1873: .It Fl passout Ar arg
1874: The output file password source.
1875: .It Ar numbits
1876: The size of the private key to generate in bits.
1877: This must be the last option specified.
1878: The default is 2048.
1879: .El
1880: .Sh NSEQ
1881: .Nm openssl nseq
1882: .Op Fl in Ar file
1883: .Op Fl out Ar file
1884: .Op Fl toseq
1885: .Pp
1886: The
1887: .Nm nseq
1.54 jmc 1888: command takes a file containing a Netscape certificate sequence
1889: (an alternative to the standard PKCS#7 format)
1890: and prints out the certificates contained in it,
1891: or takes a file of certificates
1892: and converts it into a Netscape certificate sequence.
1893: .Pp
1.1 jsing 1894: The options are as follows:
1895: .Bl -tag -width Ds
1896: .It Fl in Ar file
1.54 jmc 1897: The input file to read from,
1898: or standard input if not specified.
1.1 jsing 1899: .It Fl out Ar file
1.54 jmc 1900: The output file to write to,
1901: or standard output if not specified.
1.1 jsing 1902: .It Fl toseq
1903: Normally, a Netscape certificate sequence will be input and the output
1904: is the certificates contained in it.
1905: With the
1906: .Fl toseq
1907: option the situation is reversed:
1908: a Netscape certificate sequence is created from a file of certificates.
1909: .El
1910: .Sh OCSP
1911: .nr nS 1
1912: .Nm "openssl ocsp"
1913: .Op Fl CA Ar file
1914: .Op Fl CAfile Ar file
1915: .Op Fl CApath Ar directory
1916: .Op Fl cert Ar file
1917: .Op Fl dgst Ar alg
1.55 jmc 1918: .Op Fl host Ar hostname : Ns Ar port
1.1 jsing 1919: .Op Fl index Ar indexfile
1920: .Op Fl issuer Ar file
1921: .Op Fl ndays Ar days
1922: .Op Fl nmin Ar minutes
1923: .Op Fl no_cert_checks
1924: .Op Fl no_cert_verify
1925: .Op Fl no_certs
1926: .Op Fl no_chain
1927: .Op Fl no_intern
1928: .Op Fl no_nonce
1929: .Op Fl no_signature_verify
1930: .Op Fl nonce
1931: .Op Fl noverify
1932: .Op Fl nrequest Ar number
1933: .Op Fl out Ar file
1934: .Op Fl path Ar path
1935: .Op Fl port Ar portnum
1936: .Op Fl req_text
1937: .Op Fl reqin Ar file
1938: .Op Fl reqout Ar file
1939: .Op Fl resp_key_id
1940: .Op Fl resp_no_certs
1941: .Op Fl resp_text
1942: .Op Fl respin Ar file
1943: .Op Fl respout Ar file
1944: .Op Fl rkey Ar file
1945: .Op Fl rother Ar file
1946: .Op Fl rsigner Ar file
1947: .Op Fl serial Ar number
1948: .Op Fl sign_other Ar file
1949: .Op Fl signer Ar file
1950: .Op Fl signkey Ar file
1951: .Op Fl status_age Ar age
1952: .Op Fl text
1953: .Op Fl trust_other
1954: .Op Fl url Ar responder_url
1955: .Op Fl VAfile Ar file
1956: .Op Fl validity_period Ar nsec
1957: .Op Fl verify_other Ar file
1958: .nr nS 0
1959: .Pp
1.55 jmc 1960: The Online Certificate Status Protocol (OCSP)
1961: enables applications to determine the (revocation) state
1962: of an identified certificate (RFC 2560).
1.1 jsing 1963: .Pp
1964: The
1965: .Nm ocsp
1966: command performs many common OCSP tasks.
1967: It can be used to print out requests and responses,
1968: create requests and send queries to an OCSP responder,
1969: and behave like a mini OCSP server itself.
1970: .Pp
1971: The options are as follows:
1972: .Bl -tag -width Ds
1973: .It Fl CAfile Ar file , Fl CApath Ar directory
1.55 jmc 1974: A file or path containing trusted CA certificates,
1975: used to verify the signature on the OCSP response.
1.1 jsing 1976: .It Fl cert Ar file
1977: Add the certificate
1978: .Ar file
1979: to the request.
1980: The issuer certificate is taken from the previous
1981: .Fl issuer
1982: option, or an error occurs if no issuer certificate is specified.
1983: .It Fl dgst Ar alg
1.55 jmc 1984: Use the digest algorithm
1985: .Ar alg
1986: for certificate identification in the OCSP request.
1.1 jsing 1987: By default SHA-1 is used.
1988: .It Xo
1989: .Fl host Ar hostname : Ns Ar port ,
1990: .Fl path Ar path
1991: .Xc
1.55 jmc 1992: Send
1993: the OCSP request to
1.1 jsing 1994: .Ar hostname
1.55 jmc 1995: on
1.1 jsing 1996: .Ar port .
1997: .Fl path
1998: specifies the HTTP path name to use, or
1.55 jmc 1999: .Pa /
1.1 jsing 2000: by default.
2001: .It Fl issuer Ar file
1.81 jmc 2002: The current issuer certificate, in PEM format.
2003: Can be used multiple times and must come before any
1.1 jsing 2004: .Fl cert
2005: options.
2006: .It Fl no_cert_checks
2007: Don't perform any additional checks on the OCSP response signer's certificate.
2008: That is, do not make any checks to see if the signer's certificate is
2009: authorised to provide the necessary status information:
2010: as a result this option should only be used for testing purposes.
2011: .It Fl no_cert_verify
2012: Don't verify the OCSP response signer's certificate at all.
2013: Since this option allows the OCSP response to be signed by any certificate,
2014: it should only be used for testing purposes.
2015: .It Fl no_certs
1.55 jmc 2016: Don't include any certificates in the signed request.
1.1 jsing 2017: .It Fl no_chain
2018: Do not use certificates in the response as additional untrusted CA
2019: certificates.
2020: .It Fl no_intern
2021: Ignore certificates contained in the OCSP response
2022: when searching for the signer's certificate.
1.55 jmc 2023: The signer's certificate must be specified with either the
1.1 jsing 2024: .Fl verify_other
2025: or
2026: .Fl VAfile
2027: options.
2028: .It Fl no_signature_verify
2029: Don't check the signature on the OCSP response.
2030: Since this option tolerates invalid signatures on OCSP responses,
2031: it will normally only be used for testing purposes.
2032: .It Fl nonce , no_nonce
1.55 jmc 2033: Add an OCSP nonce extension to a request,
2034: or disable an OCSP nonce addition.
1.1 jsing 2035: Normally, if an OCSP request is input using the
2036: .Fl respin
1.55 jmc 2037: option no nonce is added:
1.1 jsing 2038: using the
2039: .Fl nonce
1.55 jmc 2040: option will force the addition of a nonce.
1.1 jsing 2041: If an OCSP request is being created (using the
2042: .Fl cert
2043: and
2044: .Fl serial
2045: options)
1.55 jmc 2046: a nonce is automatically added; specifying
1.1 jsing 2047: .Fl no_nonce
2048: overrides this.
2049: .It Fl noverify
1.55 jmc 2050: Don't attempt to verify the OCSP response signature or the nonce values.
2051: This is normally only be used for debugging
1.1 jsing 2052: since it disables all verification of the responder's certificate.
2053: .It Fl out Ar file
1.55 jmc 2054: Specify the output file to write to,
1.57 jmc 2055: or standard output if not specified.
1.1 jsing 2056: .It Fl req_text , resp_text , text
2057: Print out the text form of the OCSP request, response, or both, respectively.
2058: .It Fl reqin Ar file , Fl respin Ar file
2059: Read an OCSP request or response file from
2060: .Ar file .
2061: These options are ignored
2062: if an OCSP request or response creation is implied by other options
2063: (for example with the
2064: .Fl serial , cert ,
2065: and
2066: .Fl host
2067: options).
2068: .It Fl reqout Ar file , Fl respout Ar file
2069: Write out the DER-encoded certificate request or response to
2070: .Ar file .
2071: .It Fl serial Ar num
2072: Same as the
2073: .Fl cert
2074: option except the certificate with serial number
2075: .Ar num
2076: is added to the request.
2077: The serial number is interpreted as a decimal integer unless preceded by
2078: .Sq 0x .
1.55 jmc 2079: Negative integers can also be specified
2080: by preceding the value with a minus sign.
1.1 jsing 2081: .It Fl sign_other Ar file
2082: Additional certificates to include in the signed request.
2083: .It Fl signer Ar file , Fl signkey Ar file
2084: Sign the OCSP request using the certificate specified in the
2085: .Fl signer
2086: option and the private key specified by the
2087: .Fl signkey
2088: option.
2089: If the
2090: .Fl signkey
2091: option is not present, then the private key is read from the same file
2092: as the certificate.
2093: If neither option is specified, the OCSP request is not signed.
2094: .It Fl trust_other
2095: The certificates specified by the
2096: .Fl verify_other
2097: option should be explicitly trusted and no additional checks will be
2098: performed on them.
2099: This is useful when the complete responder certificate chain is not available
2100: or trusting a root CA is not appropriate.
2101: .It Fl url Ar responder_url
2102: Specify the responder URL.
2103: Both HTTP and HTTPS
2104: .Pq SSL/TLS
2105: URLs can be specified.
2106: .It Fl VAfile Ar file
1.55 jmc 2107: A file containing explicitly trusted responder certificates.
1.1 jsing 2108: Equivalent to the
2109: .Fl verify_other
2110: and
2111: .Fl trust_other
2112: options.
2113: .It Fl validity_period Ar nsec , Fl status_age Ar age
1.55 jmc 2114: The range of times, in seconds, which will be tolerated in an OCSP response.
2115: Each certificate status response includes a notBefore time
2116: and an optional notAfter time.
1.1 jsing 2117: The current time should fall between these two values,
2118: but the interval between the two times may be only a few seconds.
2119: In practice the OCSP responder and clients' clocks may not be precisely
2120: synchronised and so such a check may fail.
2121: To avoid this the
2122: .Fl validity_period
2123: option can be used to specify an acceptable error range in seconds,
1.55 jmc 2124: the default value being 5 minutes.
1.1 jsing 2125: .Pp
1.55 jmc 2126: If the notAfter time is omitted from a response,
2127: it means that new status information is immediately available.
2128: In this case the age of the notBefore field is checked
2129: to see it is not older than
1.1 jsing 2130: .Ar age
2131: seconds old.
2132: By default, this additional check is not performed.
2133: .It Fl verify_other Ar file
1.55 jmc 2134: A file containing additional certificates to search
2135: when attempting to locate the OCSP response signing certificate.
2136: Some responders omit the actual signer's certificate from the response,
2137: so this can be used to supply the necessary certificate.
1.1 jsing 2138: .El
1.55 jmc 2139: .Pp
2140: The options for the OCSP server are as follows:
1.1 jsing 2141: .Bl -tag -width "XXXX"
2142: .It Fl CA Ar file
2143: CA certificate corresponding to the revocation information in
2144: .Ar indexfile .
2145: .It Fl index Ar indexfile
2146: .Ar indexfile
1.55 jmc 2147: is a text index file in ca format
2148: containing certificate revocation information.
1.1 jsing 2149: .Pp
1.55 jmc 2150: If this option is specified,
1.1 jsing 2151: .Nm ocsp
1.55 jmc 2152: is in responder mode, otherwise it is in client mode.
2153: The requests the responder processes can be either specified on
1.1 jsing 2154: the command line (using the
2155: .Fl issuer
2156: and
2157: .Fl serial
2158: options), supplied in a file (using the
2159: .Fl respin
1.55 jmc 2160: option), or via external OCSP clients (if
1.1 jsing 2161: .Ar port
2162: or
2163: .Ar url
2164: is specified).
2165: .Pp
1.55 jmc 2166: If this option is present, then the
1.1 jsing 2167: .Fl CA
2168: and
2169: .Fl rsigner
2170: options must also be present.
2171: .It Fl nmin Ar minutes , Fl ndays Ar days
2172: Number of
2173: .Ar minutes
2174: or
2175: .Ar days
1.55 jmc 2176: when fresh revocation information is available:
2177: used in the nextUpdate field.
2178: If neither option is present,
2179: the nextUpdate field is omitted,
2180: meaning fresh revocation information is immediately available.
1.1 jsing 2181: .It Fl nrequest Ar number
1.55 jmc 2182: Exit after receiving
1.1 jsing 2183: .Ar number
1.55 jmc 2184: requests (the default is unlimited).
1.1 jsing 2185: .It Fl port Ar portnum
2186: Port to listen for OCSP requests on.
1.55 jmc 2187: May also be specified using the
1.1 jsing 2188: .Fl url
2189: option.
2190: .It Fl resp_key_id
2191: Identify the signer certificate using the key ID;
1.55 jmc 2192: the default is to use the subject name.
1.1 jsing 2193: .It Fl resp_no_certs
2194: Don't include any certificates in the OCSP response.
2195: .It Fl rkey Ar file
2196: The private key to sign OCSP responses with;
2197: if not present, the file specified in the
2198: .Fl rsigner
2199: option is used.
2200: .It Fl rother Ar file
2201: Additional certificates to include in the OCSP response.
2202: .It Fl rsigner Ar file
2203: The certificate to sign OCSP responses with.
2204: .El
2205: .Pp
2206: Initially the OCSP responder certificate is located and the signature on
2207: the OCSP request checked using the responder certificate's public key.
2208: Then a normal certificate verify is performed on the OCSP responder certificate
2209: building up a certificate chain in the process.
2210: The locations of the trusted certificates used to build the chain can be
2211: specified by the
2212: .Fl CAfile
2213: and
2214: .Fl CApath
2215: options or they will be looked for in the standard
1.55 jmc 2216: .Nm openssl
2217: certificates directory.
1.1 jsing 2218: .Pp
1.55 jmc 2219: If the initial verify fails, the OCSP verify process halts with an error.
1.1 jsing 2220: Otherwise the issuing CA certificate in the request is compared to the OCSP
2221: responder certificate: if there is a match then the OCSP verify succeeds.
2222: .Pp
2223: Otherwise the OCSP responder certificate's CA is checked against the issuing
2224: CA certificate in the request.
2225: If there is a match and the OCSPSigning extended key usage is present
2226: in the OCSP responder certificate, then the OCSP verify succeeds.
2227: .Pp
2228: Otherwise the root CA of the OCSP responder's CA is checked to see if it
2229: is trusted for OCSP signing.
2230: If it is, the OCSP verify succeeds.
2231: .Pp
2232: If none of these checks is successful, the OCSP verify fails.
2233: What this effectively means is that if the OCSP responder certificate is
2234: authorised directly by the CA it is issuing revocation information about
1.55 jmc 2235: (and it is correctly configured),
1.1 jsing 2236: then verification will succeed.
2237: .Pp
1.55 jmc 2238: If the OCSP responder is a global responder,
2239: which can give details about multiple CAs
2240: and has its own separate certificate chain,
2241: then its root CA can be trusted for OCSP signing.
1.1 jsing 2242: Alternatively, the responder certificate itself can be explicitly trusted
2243: with the
2244: .Fl VAfile
2245: option.
2246: .Sh PASSWD
2247: .nr nS 1
2248: .Nm "openssl passwd"
2249: .Op Fl 1 | apr1 | crypt
2250: .Op Fl in Ar file
2251: .Op Fl noverify
2252: .Op Fl quiet
2253: .Op Fl reverse
2254: .Op Fl salt Ar string
2255: .Op Fl stdin
2256: .Op Fl table
2257: .Op Ar password
2258: .nr nS 0
2259: .Pp
2260: The
2261: .Nm passwd
1.56 jmc 2262: command computes the hash of a password.
1.1 jsing 2263: .Pp
2264: The options are as follows:
2265: .Bl -tag -width Ds
2266: .It Fl 1
2267: Use the MD5 based
2268: .Bx
2269: password algorithm
1.56 jmc 2270: .Qq 1 .
1.1 jsing 2271: .It Fl apr1
2272: Use the
1.56 jmc 2273: .Qq apr1
1.1 jsing 2274: algorithm
1.56 jmc 2275: .Po
2276: Apache variant of the
1.1 jsing 2277: .Bx
1.56 jmc 2278: algorithm
2279: .Pc .
1.1 jsing 2280: .It Fl crypt
2281: Use the
1.56 jmc 2282: .Qq crypt
2283: algorithm (the default).
1.1 jsing 2284: .It Fl in Ar file
2285: Read passwords from
2286: .Ar file .
2287: .It Fl noverify
2288: Don't verify when reading a password from the terminal.
2289: .It Fl quiet
2290: Don't output warnings when passwords given on the command line are truncated.
2291: .It Fl reverse
2292: Switch table columns.
2293: This only makes sense in conjunction with the
2294: .Fl table
2295: option.
2296: .It Fl salt Ar string
1.56 jmc 2297: Use the salt specified by
2298: .Ar string .
1.1 jsing 2299: When reading a password from the terminal, this implies
2300: .Fl noverify .
2301: .It Fl stdin
1.56 jmc 2302: Read passwords from standard input.
1.1 jsing 2303: .It Fl table
2304: In the output list, prepend the cleartext password and a TAB character
2305: to each password hash.
2306: .El
2307: .Sh PKCS7
2308: .nr nS 1
2309: .Nm "openssl pkcs7"
2310: .Op Fl in Ar file
1.57 jmc 2311: .Op Fl inform Cm der | pem
1.1 jsing 2312: .Op Fl noout
2313: .Op Fl out Ar file
1.57 jmc 2314: .Op Fl outform Cm der | pem
1.1 jsing 2315: .Op Fl print_certs
2316: .Op Fl text
2317: .nr nS 0
2318: .Pp
2319: The
2320: .Nm pkcs7
2321: command processes PKCS#7 files in DER or PEM format.
1.57 jmc 2322: The PKCS#7 routines only understand PKCS#7 v 1.5 as specified in RFC 2315.
2323: .Pp
1.1 jsing 2324: The options are as follows:
2325: .Bl -tag -width Ds
2326: .It Fl in Ar file
1.57 jmc 2327: The input file to read from,
2328: or standard input if not specified.
2329: .It Fl inform Cm der | pem
2330: The input format.
1.1 jsing 2331: .It Fl noout
2332: Don't output the encoded version of the PKCS#7 structure
2333: (or certificates if
2334: .Fl print_certs
2335: is set).
2336: .It Fl out Ar file
1.57 jmc 2337: The output to write to,
2338: or standard output if not specified.
2339: .It Fl outform Cm der | pem
2340: The output format.
1.1 jsing 2341: .It Fl print_certs
1.57 jmc 2342: Print any certificates or CRLs contained in the file,
2343: preceded by their subject and issuer names in a one-line format.
1.1 jsing 2344: .It Fl text
1.57 jmc 2345: Print certificate details in full rather than just subject and issuer names.
1.1 jsing 2346: .El
2347: .Sh PKCS8
2348: .nr nS 1
2349: .Nm "openssl pkcs8"
2350: .Op Fl in Ar file
1.58 jmc 2351: .Op Fl inform Cm der | pem
1.1 jsing 2352: .Op Fl nocrypt
2353: .Op Fl noiter
2354: .Op Fl out Ar file
1.58 jmc 2355: .Op Fl outform Cm der | pem
1.1 jsing 2356: .Op Fl passin Ar arg
2357: .Op Fl passout Ar arg
2358: .Op Fl topk8
2359: .Op Fl v1 Ar alg
2360: .Op Fl v2 Ar alg
2361: .nr nS 0
2362: .Pp
2363: The
2364: .Nm pkcs8
1.58 jmc 2365: command processes private keys
2366: (both encrypted and unencrypted)
2367: in PKCS#8 format
2368: with a variety of PKCS#5 (v1.5 and v2.0) and PKCS#12 algorithms.
2369: The default encryption is only 56 bits;
2370: keys encrypted using PKCS#5 v2.0 algorithms and high iteration counts
2371: are more secure.
2372: .Pp
1.1 jsing 2373: The options are as follows:
2374: .Bl -tag -width Ds
2375: .It Fl in Ar file
1.58 jmc 2376: The input file to read from,
2377: or standard input if not specified.
1.1 jsing 2378: If the key is encrypted, a pass phrase will be prompted for.
1.58 jmc 2379: .It Fl inform Cm der | pem
2380: The input format.
1.1 jsing 2381: .It Fl nocrypt
1.58 jmc 2382: Generate an unencrypted PrivateKeyInfo structure.
2383: This option does not encrypt private keys at all
2384: and should only be used when absolutely necessary.
1.1 jsing 2385: .It Fl noiter
2386: Use an iteration count of 1.
2387: See the
2388: .Sx PKCS12
2389: section below for a detailed explanation of this option.
2390: .It Fl out Ar file
1.58 jmc 2391: The output file to write to,
2392: or standard output if none is specified.
1.1 jsing 2393: If any encryption options are set, a pass phrase will be prompted for.
1.58 jmc 2394: .It Fl outform Cm der | pem
2395: The output format.
1.1 jsing 2396: .It Fl passin Ar arg
2397: The key password source.
2398: .It Fl passout Ar arg
2399: The output file password source.
2400: .It Fl topk8
1.58 jmc 2401: Read a traditional format private key and write a PKCS#8 format key.
1.1 jsing 2402: .It Fl v1 Ar alg
1.58 jmc 2403: Specify a PKCS#5 v1.5 or PKCS#12 algorithm to use.
2404: .Pp
2405: .Bl -tag -width "XXXX" -compact
2406: .It PBE-MD5-DES
2407: 56-bit DES.
2408: .It PBE-SHA1-RC2-64 | PBE-MD5-RC2-64 | PBE-SHA1-DES
2409: 64-bit RC2 or 56-bit DES.
2410: .It PBE-SHA1-RC4-128 | PBE-SHA1-RC4-40 | PBE-SHA1-3DES
2411: .It PBE-SHA1-2DES | PBE-SHA1-RC2-128 | PBE-SHA1-RC2-40
2412: PKCS#12 password-based encryption algorithm,
2413: which allow strong encryption algorithms like triple DES or 128-bit RC2.
2414: .El
1.1 jsing 2415: .It Fl v2 Ar alg
1.58 jmc 2416: Use PKCS#5 v2.0 algorithms.
2417: Supports algorithms such as 168-bit triple DES or 128-bit RC2,
2418: however not many implementations support PKCS#5 v2.0 yet
2419: (if using private keys with
2420: .Nm openssl
2421: this doesn't matter).
1.1 jsing 2422: .Pp
2423: .Ar alg
1.58 jmc 2424: is the encryption algorithm to use;
2425: valid values include des, des3, and rc2.
2426: It is recommended that des3 is used.
1.1 jsing 2427: .El
2428: .Sh PKCS12
2429: .nr nS 1
2430: .Nm "openssl pkcs12"
1.59 jmc 2431: .Op Fl aes128 | aes192 | aes256 | des | des3
1.1 jsing 2432: .Op Fl cacerts
2433: .Op Fl CAfile Ar file
2434: .Op Fl caname Ar name
2435: .Op Fl CApath Ar directory
2436: .Op Fl certfile Ar file
2437: .Op Fl certpbe Ar alg
2438: .Op Fl chain
2439: .Op Fl clcerts
2440: .Op Fl CSP Ar name
2441: .Op Fl descert
2442: .Op Fl export
2443: .Op Fl in Ar file
2444: .Op Fl info
2445: .Op Fl inkey Ar file
2446: .Op Fl keyex
2447: .Op Fl keypbe Ar alg
2448: .Op Fl keysig
2449: .Op Fl macalg Ar alg
2450: .Op Fl maciter
2451: .Op Fl name Ar name
2452: .Op Fl nocerts
2453: .Op Fl nodes
2454: .Op Fl noiter
2455: .Op Fl nokeys
2456: .Op Fl nomac
2457: .Op Fl nomaciter
2458: .Op Fl nomacver
2459: .Op Fl noout
2460: .Op Fl out Ar file
2461: .Op Fl passin Ar arg
2462: .Op Fl passout Ar arg
2463: .Op Fl twopass
2464: .nr nS 0
2465: .Pp
2466: The
2467: .Nm pkcs12
2468: command allows PKCS#12 files
2469: .Pq sometimes referred to as PFX files
2470: to be created and parsed.
2471: By default, a PKCS#12 file is parsed;
2472: a PKCS#12 file can be created by using the
2473: .Fl export
1.59 jmc 2474: option.
2475: .Pp
2476: The options for parsing a PKCS12 file are as follows:
1.1 jsing 2477: .Bl -tag -width "XXXX"
1.59 jmc 2478: .It Fl aes128 | aes192 | aes256 | des | des3
2479: Encrypt private keys
2480: using AES, DES, or triple DES, respectively.
1.1 jsing 2481: The default is triple DES.
2482: .It Fl cacerts
2483: Only output CA certificates
2484: .Pq not client certificates .
2485: .It Fl clcerts
2486: Only output client certificates
2487: .Pq not CA certificates .
2488: .It Fl in Ar file
1.59 jmc 2489: The input file to read from,
2490: or standard input if not specified.
1.1 jsing 2491: .It Fl info
2492: Output additional information about the PKCS#12 file structure,
2493: algorithms used, and iteration counts.
2494: .It Fl nocerts
1.59 jmc 2495: Do not output certificates.
1.1 jsing 2496: .It Fl nodes
1.59 jmc 2497: Do not encrypt private keys.
1.1 jsing 2498: .It Fl nokeys
1.59 jmc 2499: Do not output private keys.
1.1 jsing 2500: .It Fl nomacver
1.59 jmc 2501: Do not attempt to verify the integrity MAC before reading the file.
1.1 jsing 2502: .It Fl noout
1.59 jmc 2503: Do not output the keys and certificates to the output file
1.1 jsing 2504: version of the PKCS#12 file.
2505: .It Fl out Ar file
1.59 jmc 2506: The output file to write to,
2507: or standard output if not specified.
1.1 jsing 2508: .It Fl passin Ar arg
2509: The key password source.
2510: .It Fl passout Ar arg
2511: The output file password source.
2512: .It Fl twopass
2513: Prompt for separate integrity and encryption passwords: most software
2514: always assumes these are the same so this option will render such
2515: PKCS#12 files unreadable.
2516: .El
1.59 jmc 2517: .Pp
2518: The options for PKCS12 file creation are as follows:
1.1 jsing 2519: .Bl -tag -width "XXXX"
2520: .It Fl CAfile Ar file
2521: CA storage as a file.
2522: .It Fl CApath Ar directory
2523: CA storage as a directory.
1.59 jmc 2524: The directory must be a standard certificate directory:
1.1 jsing 2525: that is, a hash of each subject name (using
1.59 jmc 2526: .Nm x509 Fl hash )
1.1 jsing 2527: should be linked to each certificate.
2528: .It Fl caname Ar name
1.59 jmc 2529: Specify the
1.1 jsing 2530: .Qq friendly name
2531: for other certificates.
1.59 jmc 2532: May be used multiple times to specify names for all certificates
1.1 jsing 2533: in the order they appear.
2534: .It Fl certfile Ar file
2535: A file to read additional certificates from.
2536: .It Fl certpbe Ar alg , Fl keypbe Ar alg
1.59 jmc 2537: Specify the algorithm used to encrypt the private key and
1.1 jsing 2538: certificates to be selected.
1.59 jmc 2539: Any PKCS#5 v1.5 or PKCS#12 PBE algorithm name can be used.
1.1 jsing 2540: If a cipher name
2541: (as output by the
2542: .Cm list-cipher-algorithms
2543: command) is specified then it
2544: is used with PKCS#5 v2.0.
2545: For interoperability reasons it is advisable to only use PKCS#12 algorithms.
2546: .It Fl chain
1.59 jmc 2547: Include the entire certificate chain of the user certificate.
1.1 jsing 2548: The standard CA store is used for this search.
2549: If the search fails, it is considered a fatal error.
2550: .It Fl CSP Ar name
2551: Write
2552: .Ar name
2553: as a Microsoft CSP name.
2554: .It Fl descert
2555: Encrypt the certificate using triple DES; this may render the PKCS#12
2556: file unreadable by some
2557: .Qq export grade
2558: software.
2559: By default, the private key is encrypted using triple DES and the
2560: certificate using 40-bit RC2.
2561: .It Fl export
1.59 jmc 2562: Create a PKCS#12 file (rather than parsing one).
1.1 jsing 2563: .It Fl in Ar file
1.59 jmc 2564: The input file to read from,
1.81 jmc 2565: or standard input if not specified.
1.1 jsing 2566: The order doesn't matter but one private key and its corresponding
2567: certificate should be present.
2568: If additional certificates are present, they will also be included
2569: in the PKCS#12 file.
2570: .It Fl inkey Ar file
1.59 jmc 2571: File to read a private key from.
1.1 jsing 2572: If not present, a private key must be present in the input file.
2573: .It Fl keyex | keysig
1.59 jmc 2574: Specify whether the private key is to be used for key exchange or just signing.
1.1 jsing 2575: Normally,
2576: .Qq export grade
2577: software will only allow 512-bit RSA keys to be
2578: used for encryption purposes, but arbitrary length keys for signing.
2579: The
2580: .Fl keysig
2581: option marks the key for signing only.
2582: Signing only keys can be used for S/MIME signing, authenticode
1.66 jmc 2583: (ActiveX control signing)
1.59 jmc 2584: and SSL client authentication.
1.1 jsing 2585: .It Fl macalg Ar alg
2586: Specify the MAC digest algorithm.
1.59 jmc 2587: The default is SHA1.
1.1 jsing 2588: .It Fl maciter
1.66 jmc 2589: Included for compatibility only:
1.59 jmc 2590: it used to be needed to use MAC iterations counts
2591: but they are now used by default.
1.1 jsing 2592: .It Fl name Ar name
1.59 jmc 2593: Specify the
1.1 jsing 2594: .Qq friendly name
2595: for the certificate and private key.
2596: This name is typically displayed in list boxes by software importing the file.
2597: .It Fl nomac
2598: Don't attempt to provide the MAC integrity.
2599: .It Fl nomaciter , noiter
1.59 jmc 2600: Affect the iteration counts on the MAC and key algorithms.
1.1 jsing 2601: .Pp
2602: To discourage attacks by using large dictionaries of common passwords,
2603: the algorithm that derives keys from passwords can have an iteration count
2604: applied to it: this causes a certain part of the algorithm to be repeated
2605: and slows it down.
2606: The MAC is used to check the file integrity but since it will normally
2607: have the same password as the keys and certificates it could also be attacked.
2608: By default, both MAC and encryption iteration counts are set to 2048;
2609: using these options the MAC and encryption iteration counts can be set to 1.
2610: Since this reduces the file security you should not use these options
2611: unless you really have to.
2612: Most software supports both MAC and key iteration counts.
2613: .It Fl out Ar file
1.59 jmc 2614: The output file to write to,
2615: or standard output if not specified.
1.1 jsing 2616: .It Fl passin Ar arg
2617: The key password source.
2618: .It Fl passout Ar arg
2619: The output file password source.
2620: .El
2621: .Sh PKEY
2622: .nr nS 1
2623: .Nm "openssl pkey"
2624: .Op Ar cipher
2625: .Op Fl in Ar file
1.60 jmc 2626: .Op Fl inform Cm der | pem
1.1 jsing 2627: .Op Fl noout
2628: .Op Fl out Ar file
1.60 jmc 2629: .Op Fl outform Cm der | pem
1.1 jsing 2630: .Op Fl passin Ar arg
2631: .Op Fl passout Ar arg
2632: .Op Fl pubin
2633: .Op Fl pubout
2634: .Op Fl text
2635: .Op Fl text_pub
2636: .nr nS 0
2637: .Pp
2638: The
2639: .Nm pkey
2640: command processes public or private keys.
2641: They can be converted between various forms
2642: and their components printed out.
2643: .Pp
2644: The options are as follows:
2645: .Bl -tag -width Ds
2646: .It Ar cipher
1.60 jmc 2647: Encrypt the private key with the specified cipher.
1.1 jsing 2648: Any algorithm name accepted by
1.60 jmc 2649: .Xr EVP_get_cipherbyname 3
1.1 jsing 2650: is acceptable, such as
2651: .Cm des3 .
2652: .It Fl in Ar file
1.60 jmc 2653: The input file to read from,
2654: or standard input if not specified.
1.1 jsing 2655: If the key is encrypted a pass phrase will be prompted for.
1.60 jmc 2656: .It Fl inform Cm der | pem
2657: The input format.
1.1 jsing 2658: .It Fl noout
2659: Do not output the encoded version of the key.
2660: .It Fl out Ar file
1.60 jmc 2661: The output file to write to,
2662: or standard output if not specified.
1.1 jsing 2663: If any encryption options are set then a pass phrase
2664: will be prompted for.
1.60 jmc 2665: .It Fl outform Cm der | pem
2666: The output format.
1.1 jsing 2667: .It Fl passin Ar arg
2668: The key password source.
2669: .It Fl passout Ar arg
2670: The output file password source.
2671: .It Fl pubin
1.60 jmc 2672: Read in a public key, not a private key.
1.1 jsing 2673: .It Fl pubout
1.60 jmc 2674: Output a public key, not a private key.
2675: Automatically set if the input is a public key.
1.1 jsing 2676: .It Fl text
1.64 jmc 2677: Print the public/private key in plain text.
1.1 jsing 2678: .It Fl text_pub
2679: Print out only public key components
2680: even if a private key is being processed.
2681: .El
2682: .Sh PKEYPARAM
2683: .Cm openssl pkeyparam
2684: .Op Fl in Ar file
2685: .Op Fl noout
2686: .Op Fl out Ar file
2687: .Op Fl text
2688: .Pp
2689: The
1.61 jmc 2690: .Nm pkeyparam
1.1 jsing 2691: command processes public or private keys.
1.61 jmc 2692: The key type is determined by the PEM headers.
1.1 jsing 2693: .Pp
2694: The options are as follows:
2695: .Bl -tag -width Ds
2696: .It Fl in Ar file
1.61 jmc 2697: The input file to read from,
2698: or standard input if not specified.
1.1 jsing 2699: .It Fl noout
2700: Do not output the encoded version of the parameters.
2701: .It Fl out Ar file
1.61 jmc 2702: The output file to write to,
2703: or standard output if not specified.
1.1 jsing 2704: .It Fl text
1.64 jmc 2705: Print the parameters in plain text.
1.1 jsing 2706: .El
2707: .Sh PKEYUTL
2708: .nr nS 1
2709: .Nm "openssl pkeyutl"
2710: .Op Fl asn1parse
2711: .Op Fl certin
2712: .Op Fl decrypt
2713: .Op Fl derive
2714: .Op Fl encrypt
2715: .Op Fl hexdump
2716: .Op Fl in Ar file
2717: .Op Fl inkey Ar file
1.62 jmc 2718: .Op Fl keyform Cm der | pem
1.1 jsing 2719: .Op Fl out Ar file
2720: .Op Fl passin Ar arg
1.62 jmc 2721: .Op Fl peerform Cm der | pem
1.1 jsing 2722: .Op Fl peerkey Ar file
2723: .Op Fl pkeyopt Ar opt : Ns Ar value
2724: .Op Fl pubin
2725: .Op Fl rev
2726: .Op Fl sigfile Ar file
2727: .Op Fl sign
2728: .Op Fl verify
2729: .Op Fl verifyrecover
2730: .nr nS 0
2731: .Pp
2732: The
2733: .Nm pkeyutl
2734: command can be used to perform public key operations using
2735: any supported algorithm.
2736: .Pp
2737: The options are as follows:
2738: .Bl -tag -width Ds
2739: .It Fl asn1parse
1.84 jmc 2740: ASN.1 parse the output data.
1.1 jsing 2741: This is useful when combined with the
2742: .Fl verifyrecover
1.84 jmc 2743: option when an ASN.1 structure is signed.
1.1 jsing 2744: .It Fl certin
2745: The input is a certificate containing a public key.
2746: .It Fl decrypt
2747: Decrypt the input data using a private key.
2748: .It Fl derive
2749: Derive a shared secret using the peer key.
2750: .It Fl encrypt
2751: Encrypt the input data using a public key.
2752: .It Fl hexdump
2753: Hex dump the output data.
2754: .It Fl in Ar file
1.62 jmc 2755: The input file to read from,
2756: or standard input if not specified.
1.1 jsing 2757: .It Fl inkey Ar file
2758: The input key file.
2759: By default it should be a private key.
1.62 jmc 2760: .It Fl keyform Cm der | pem
2761: The key format.
1.1 jsing 2762: .It Fl out Ar file
1.62 jmc 2763: The output file to write to,
2764: or standard output if not specified.
1.1 jsing 2765: .It Fl passin Ar arg
2766: The key password source.
1.62 jmc 2767: .It Fl peerform Cm der | pem
2768: The peer key format.
1.1 jsing 2769: .It Fl peerkey Ar file
2770: The peer key file, used by key derivation (agreement) operations.
2771: .It Fl pkeyopt Ar opt : Ns Ar value
1.62 jmc 2772: Set the public key algorithm option
2773: .Ar opt
2774: to
2775: .Ar value .
2776: Unless otherwise mentioned, all algorithms support the format
2777: .Ar digest : Ns Ar alg ,
2778: which specifies the digest to use
1.1 jsing 2779: for sign, verify, and verifyrecover operations.
2780: The value
2781: .Ar alg
2782: should represent a digest name as used in the
1.62 jmc 2783: .Xr EVP_get_digestbyname 3
2784: function.
2785: .Pp
1.1 jsing 2786: The RSA algorithm supports the
2787: encrypt, decrypt, sign, verify, and verifyrecover operations in general.
2788: Some padding modes only support some of these
2789: operations however.
2790: .Bl -tag -width Ds
2791: .It rsa_padding_mode : Ns Ar mode
2792: This sets the RSA padding mode.
2793: Acceptable values for
2794: .Ar mode
2795: are
2796: .Cm pkcs1
2797: for PKCS#1 padding;
2798: .Cm none
2799: for no padding;
2800: .Cm oaep
2801: for OAEP mode;
2802: .Cm x931
2803: for X9.31 mode;
2804: and
2805: .Cm pss
2806: for PSS.
2807: .Pp
2808: In PKCS#1 padding if the message digest is not set then the supplied data is
2809: signed or verified directly instead of using a DigestInfo structure.
2810: If a digest is set then a DigestInfo
2811: structure is used and its length
2812: must correspond to the digest type.
2813: For oeap mode only encryption and decryption is supported.
2814: For x931 if the digest type is set it is used to format the block data;
2815: otherwise the first byte is used to specify the X9.31 digest ID.
2816: Sign, verify, and verifyrecover can be performed in this mode.
2817: For pss mode only sign and verify are supported and the digest type must be
2818: specified.
2819: .It rsa_pss_saltlen : Ns Ar len
2820: For pss
2821: mode only this option specifies the salt length.
2822: Two special values are supported:
2823: -1 sets the salt length to the digest length.
2824: When signing -2 sets the salt length to the maximum permissible value.
2825: When verifying -2 causes the salt length to be automatically determined
2826: based on the PSS block structure.
2827: .El
1.62 jmc 2828: .Pp
1.1 jsing 2829: The DSA algorithm supports the sign and verify operations.
2830: Currently there are no additional options other than
2831: .Ar digest .
2832: Only the SHA1 digest can be used and this digest is assumed by default.
1.62 jmc 2833: .Pp
1.1 jsing 2834: The DH algorithm supports the derive operation
2835: and no additional options.
1.62 jmc 2836: .Pp
1.1 jsing 2837: The EC algorithm supports the sign, verify, and derive operations.
2838: The sign and verify operations use ECDSA and derive uses ECDH.
2839: Currently there are no additional options other than
2840: .Ar digest .
2841: Only the SHA1 digest can be used and this digest is assumed by default.
1.62 jmc 2842: .It Fl pubin
2843: The input file is a public key.
2844: .It Fl rev
2845: Reverse the order of the input buffer.
2846: .It Fl sigfile Ar file
2847: Signature file (verify operation only).
2848: .It Fl sign
2849: Sign the input data and output the signed result.
2850: This requires a private key.
2851: .It Fl verify
2852: Verify the input data against the signature file and indicate if the
2853: verification succeeded or failed.
2854: .It Fl verifyrecover
2855: Verify the input data and output the recovered data.
2856: .El
1.1 jsing 2857: .Sh PRIME
2858: .Cm openssl prime
2859: .Op Fl bits Ar n
2860: .Op Fl checks Ar n
2861: .Op Fl generate
2862: .Op Fl hex
2863: .Op Fl safe
2864: .Ar p
2865: .Pp
2866: The
2867: .Nm prime
2868: command is used to generate prime numbers,
2869: or to check numbers for primality.
2870: Results are probabilistic:
2871: they have an exceedingly high likelihood of being correct,
2872: but are not guaranteed.
2873: .Pp
2874: The options are as follows:
2875: .Bl -tag -width Ds
2876: .It Fl bits Ar n
2877: Specify the number of bits in the generated prime number.
2878: Must be used in conjunction with
2879: .Fl generate .
2880: .It Fl checks Ar n
2881: Perform a Miller-Rabin probabilistic primality test with
2882: .Ar n
2883: iterations.
2884: The default is 20.
2885: .It Fl generate
2886: Generate a pseudo-random prime number.
2887: Must be used in conjunction with
2888: .Fl bits .
2889: .It Fl hex
2890: Output in hex format.
2891: .It Fl safe
2892: Generate only
2893: .Qq safe
2894: prime numbers
2895: (i.e. a prime p so that (p-1)/2 is also prime).
2896: .It Ar p
2897: Test if number
2898: .Ar p
2899: is prime.
2900: .El
2901: .Sh RAND
2902: .nr nS 1
2903: .Nm "openssl rand"
2904: .Op Fl base64
2905: .Op Fl hex
2906: .Op Fl out Ar file
2907: .Ar num
2908: .nr nS 0
2909: .Pp
2910: The
2911: .Nm rand
2912: command outputs
2913: .Ar num
2914: pseudo-random bytes.
2915: .Pp
2916: The options are as follows:
2917: .Bl -tag -width Ds
2918: .It Fl base64
1.81 jmc 2919: Perform base64 encoding on the output.
1.1 jsing 2920: .It Fl hex
2921: Specify hexadecimal output.
2922: .It Fl out Ar file
1.63 jmc 2923: The output file to write to,
2924: or standard output if not specified.
1.1 jsing 2925: .El
2926: .Sh REQ
2927: .nr nS 1
2928: .Nm "openssl req"
2929: .Op Fl asn1-kludge
2930: .Op Fl batch
2931: .Op Fl config Ar file
2932: .Op Fl days Ar n
2933: .Op Fl extensions Ar section
2934: .Op Fl in Ar file
1.63 jmc 2935: .Op Fl inform Cm der | pem
1.1 jsing 2936: .Op Fl key Ar keyfile
1.63 jmc 2937: .Op Fl keyform Cm der | pem
1.1 jsing 2938: .Op Fl keyout Ar file
1.28 doug 2939: .Op Fl md4 | md5 | sha1
1.1 jsing 2940: .Op Fl modulus
2941: .Op Fl nameopt Ar option
2942: .Op Fl new
2943: .Op Fl newhdr
2944: .Op Fl newkey Ar arg
2945: .Op Fl no-asn1-kludge
2946: .Op Fl nodes
2947: .Op Fl noout
2948: .Op Fl out Ar file
1.63 jmc 2949: .Op Fl outform Cm der | pem
1.1 jsing 2950: .Op Fl passin Ar arg
2951: .Op Fl passout Ar arg
2952: .Op Fl pubkey
2953: .Op Fl reqexts Ar section
2954: .Op Fl reqopt Ar option
2955: .Op Fl set_serial Ar n
2956: .Op Fl subj Ar arg
2957: .Op Fl subject
2958: .Op Fl text
2959: .Op Fl utf8
2960: .Op Fl verbose
2961: .Op Fl verify
2962: .Op Fl x509
2963: .nr nS 0
2964: .Pp
2965: The
2966: .Nm req
2967: command primarily creates and processes certificate requests
2968: in PKCS#10 format.
2969: It can additionally create self-signed certificates,
2970: for use as root CAs, for example.
2971: .Pp
2972: The options are as follows:
2973: .Bl -tag -width Ds
2974: .It Fl asn1-kludge
1.63 jmc 2975: Produce requests in an invalid format for certain picky CAs.
2976: Very few CAs still require the use of this option.
1.1 jsing 2977: .It Fl batch
2978: Non-interactive mode.
2979: .It Fl config Ar file
1.63 jmc 2980: Specify an alternative configuration file.
1.1 jsing 2981: .It Fl days Ar n
1.63 jmc 2982: Specify the number of days to certify the certificate for.
2983: The default is 30 days.
2984: Used with the
1.1 jsing 2985: .Fl x509
1.63 jmc 2986: option.
1.1 jsing 2987: .It Fl extensions Ar section , Fl reqexts Ar section
1.63 jmc 2988: Specify alternative sections to include certificate
2989: extensions (with
2990: .Fl x509 )
2991: or certificate request extensions,
2992: allowing several different sections to be used in the same configuration file.
1.1 jsing 2993: .It Fl in Ar file
1.63 jmc 2994: The input file to read a request from,
2995: or standard input if not specified.
1.1 jsing 2996: A request is only read if the creation options
2997: .Fl new
2998: and
2999: .Fl newkey
3000: are not specified.
1.63 jmc 3001: .It Fl inform Cm der | pem
3002: The input format.
1.1 jsing 3003: .It Fl key Ar keyfile
1.63 jmc 3004: The file to read the private key from.
1.1 jsing 3005: It also accepts PKCS#8 format private keys for PEM format files.
1.63 jmc 3006: .It Fl keyform Cm der | pem
1.1 jsing 3007: The format of the private key file specified in the
3008: .Fl key
3009: argument.
1.81 jmc 3010: The default is
3011: .Cm pem .
1.1 jsing 3012: .It Fl keyout Ar file
1.63 jmc 3013: The file to write the newly created private key to.
3014: If this option is not specified,
3015: the filename present in the configuration file is used.
1.4 sthen 3016: .It Fl md5 | sha1 | sha256
1.63 jmc 3017: The message digest to sign the request with.
1.1 jsing 3018: This overrides the digest algorithm specified in the configuration file.
3019: .Pp
3020: Some public key algorithms may override this choice.
3021: For instance, DSA signatures always use SHA1.
3022: .It Fl modulus
1.63 jmc 3023: Print the value of the modulus of the public key contained in the request.
1.1 jsing 3024: .It Fl nameopt Ar option , Fl reqopt Ar option
1.63 jmc 3025: Determine how the subject or issuer names are displayed.
1.1 jsing 3026: .Ar option
1.63 jmc 3027: can be a single option or multiple options separated by commas.
1.1 jsing 3028: Alternatively, these options may be used more than once to set multiple options.
3029: See the
3030: .Sx X509
3031: section below for details.
3032: .It Fl new
1.63 jmc 3033: Generate a new certificate request.
3034: The user is prompted for the relevant field values.
1.1 jsing 3035: The actual fields prompted for and their maximum and minimum sizes
3036: are specified in the configuration file and any requested extensions.
3037: .Pp
3038: If the
3039: .Fl key
3040: option is not used, it will generate a new RSA private
3041: key using information specified in the configuration file.
3042: .It Fl newhdr
1.63 jmc 3043: Add the word NEW to the PEM file header and footer lines
1.1 jsing 3044: on the outputed request.
1.63 jmc 3045: Some software and CAs need this.
1.1 jsing 3046: .It Fl newkey Ar arg
1.63 jmc 3047: Create a new certificate request and a new private key.
1.1 jsing 3048: The argument takes one of several forms.
1.63 jmc 3049: .Pp
3050: .No rsa : Ns Ar nbits
3051: generates an RSA key
1.1 jsing 3052: .Ar nbits
3053: in size.
3054: If
3055: .Ar nbits
1.63 jmc 3056: is omitted
3057: the default key size is used.
3058: .Pp
3059: .No dsa : Ns Ar file
3060: generates a DSA key using the parameters in
3061: .Ar file .
3062: .Pp
3063: .No param : Ns Ar file
3064: generates a key using the parameters or certificate in
3065: .Ar file .
3066: .Pp
3067: All other algorithms support the form
3068: .Ar algorithm : Ns Ar file ,
1.1 jsing 3069: where file may be an algorithm parameter file,
3070: created by the
3071: .Cm genpkey -genparam
1.14 jmc 3072: command or an X.509 certificate for a key with appropriate algorithm.
1.63 jmc 3073: .Ar file
3074: can be omitted,
3075: in which case any parameters can be specified via the
1.1 jsing 3076: .Fl pkeyopt
3077: option.
3078: .It Fl no-asn1-kludge
1.63 jmc 3079: Reverse the effect of
1.1 jsing 3080: .Fl asn1-kludge .
3081: .It Fl nodes
1.63 jmc 3082: Do not encrypt the private key.
1.1 jsing 3083: .It Fl noout
1.63 jmc 3084: Do not output the encoded version of the request.
1.1 jsing 3085: .It Fl out Ar file
1.63 jmc 3086: The output file to write to,
1.99 jmc 3087: or standard output if not specified.
1.63 jmc 3088: .It Fl outform Cm der | pem
3089: The output format.
1.1 jsing 3090: .It Fl passin Ar arg
3091: The key password source.
3092: .It Fl passout Ar arg
3093: The output file password source.
3094: .It Fl pubkey
1.63 jmc 3095: Output the public key.
1.1 jsing 3096: .It Fl reqopt Ar option
3097: Customise the output format used with
3098: .Fl text .
3099: The
3100: .Ar option
3101: argument can be a single option or multiple options separated by commas.
1.63 jmc 3102: See also the discussion of
1.1 jsing 3103: .Fl certopt
1.63 jmc 3104: in the
1.1 jsing 3105: .Nm x509
3106: command.
3107: .It Fl set_serial Ar n
3108: Serial number to use when outputting a self-signed certificate.
3109: This may be specified as a decimal value or a hex value if preceded by
3110: .Sq 0x .
3111: It is possible to use negative serial numbers but this is not recommended.
3112: .It Fl subj Ar arg
1.63 jmc 3113: Replaces the subject field of an input request
3114: with the specified data and output the modified request.
3115: .Ar arg
3116: must be formatted as /type0=value0/type1=value1/type2=...;
1.1 jsing 3117: characters may be escaped by
3118: .Sq \e
1.63 jmc 3119: (backslash);
1.1 jsing 3120: no spaces are skipped.
3121: .It Fl subject
1.63 jmc 3122: Print the request subject (or certificate subject if
1.1 jsing 3123: .Fl x509
1.63 jmc 3124: is specified).
1.1 jsing 3125: .It Fl text
1.64 jmc 3126: Print the certificate request in plain text.
1.1 jsing 3127: .It Fl utf8
1.63 jmc 3128: Interpret field values as UTF8 strings, not ASCII.
1.1 jsing 3129: .It Fl verbose
3130: Print extra details about the operations being performed.
3131: .It Fl verify
1.63 jmc 3132: Verify the signature on the request.
1.1 jsing 3133: .It Fl x509
1.63 jmc 3134: Output a self-signed certificate instead of a certificate request.
3135: This is typically used to generate a test certificate or a self-signed root CA.
3136: The extensions added to the certificate (if any)
1.1 jsing 3137: are specified in the configuration file.
3138: Unless specified using the
3139: .Fl set_serial
1.63 jmc 3140: option, 0 is used for the serial number.
1.1 jsing 3141: .El
1.63 jmc 3142: .Pp
1.1 jsing 3143: The configuration options are specified in the
1.63 jmc 3144: .Qq req
1.1 jsing 3145: section of the configuration file.
1.63 jmc 3146: The options available are as follows:
1.1 jsing 3147: .Bl -tag -width "XXXX"
1.63 jmc 3148: .It Cm attributes
3149: The section containing any request attributes: its format
1.1 jsing 3150: is the same as
1.63 jmc 3151: .Cm distinguished_name .
3152: Typically these may contain the challengePassword or unstructuredName types.
3153: They are currently ignored by the
3154: .Nm openssl
1.1 jsing 3155: request signing utilities, but some CAs might want them.
1.63 jmc 3156: .It Cm default_bits
3157: The default key size, in bits.
3158: The default is 2048.
1.1 jsing 3159: It is used if the
3160: .Fl new
1.63 jmc 3161: option is used and can be overridden by using the
1.1 jsing 3162: .Fl newkey
3163: option.
1.63 jmc 3164: .It Cm default_keyfile
3165: The default file to write a private key to,
3166: or standard output if not specified.
3167: It can be overridden by the
1.1 jsing 3168: .Fl keyout
3169: option.
1.63 jmc 3170: .It Cm default_md
3171: The digest algorithm to use.
1.1 jsing 3172: Possible values include
1.63 jmc 3173: .Cm md5 ,
3174: .Cm sha1
1.1 jsing 3175: and
1.63 jmc 3176: .Cm sha256
3177: (the default).
3178: It can be overridden on the command line.
3179: .It Cm distinguished_name
3180: The section containing the distinguished name fields to
1.1 jsing 3181: prompt for when generating a certificate or certificate request.
1.63 jmc 3182: The format is described below.
3183: .It Cm encrypt_key
3184: If set to
3185: .Qq no
3186: and a private key is generated, it is not encrypted.
3187: It is equivalent to the
1.1 jsing 3188: .Fl nodes
1.63 jmc 3189: option.
1.1 jsing 3190: For compatibility,
1.63 jmc 3191: .Cm encrypt_rsa_key
1.1 jsing 3192: is an equivalent option.
1.63 jmc 3193: .It Cm input_password | output_password
3194: The passwords for the input private key file (if present)
3195: and the output private key file (if one will be created).
1.1 jsing 3196: The command line options
3197: .Fl passin
3198: and
3199: .Fl passout
3200: override the configuration file values.
1.63 jmc 3201: .It Cm oid_file
3202: A file containing additional OBJECT IDENTIFIERS.
1.1 jsing 3203: Each line of the file should consist of the numerical form of the
3204: object identifier, followed by whitespace, then the short name followed
3205: by whitespace and finally the long name.
1.63 jmc 3206: .It Cm oid_section
3207: Specify a section in the configuration file containing extra
1.1 jsing 3208: object identifiers.
3209: Each line should consist of the short name of the
3210: object identifier followed by
3211: .Sq =
3212: and the numerical form.
3213: The short and long names are the same when this option is used.
1.63 jmc 3214: .It Cm prompt
3215: If set to
3216: .Qq no ,
3217: it disables prompting of certificate fields
1.1 jsing 3218: and just takes values from the config file directly.
3219: It also changes the expected format of the
1.63 jmc 3220: .Cm distinguished_name
1.1 jsing 3221: and
1.63 jmc 3222: .Cm attributes
1.1 jsing 3223: sections.
1.63 jmc 3224: .It Cm req_extensions
3225: The configuration file section containing a list of
1.1 jsing 3226: extensions to add to the certificate request.
3227: It can be overridden by the
3228: .Fl reqexts
1.63 jmc 3229: option.
3230: .It Cm string_mask
3231: Limit the string types for encoding certain fields.
1.1 jsing 3232: The following values may be used, limiting strings to the indicated types:
3233: .Bl -tag -width "MASK:number"
1.63 jmc 3234: .It Cm utf8only
3235: UTF8String.
1.1 jsing 3236: This is the default, as recommended by PKIX in RFC 2459.
1.63 jmc 3237: .It Cm default
3238: PrintableString, IA5String, T61String, BMPString, UTF8String.
3239: .It Cm pkix
3240: PrintableString, IA5String, BMPString, UTF8String.
3241: Inspired by the PKIX recommendation in RFC 2459 for certificates
3242: generated before 2004, but differs by also permitting IA5String.
3243: .It Cm nombstr
3244: PrintableString, IA5String, T61String, UniversalString.
3245: A workaround for some ancient software that had problems
3246: with the variable-sized BMPString and UTF8String types.
1.1 jsing 3247: .It Cm MASK : Ns Ar number
1.63 jmc 3248: An explicit bitmask of permitted types, where
1.1 jsing 3249: .Ar number
3250: is a C-style hex, decimal, or octal number that's a bit-wise OR of
3251: .Dv B_ASN1_*
3252: values from
3253: .In openssl/asn1.h .
3254: .El
1.63 jmc 3255: .It Cm utf8
3256: If set to
3257: .Qq yes ,
1.72 jmc 3258: field values are interpreted as UTF8 strings.
1.63 jmc 3259: .It Cm x509_extensions
3260: The configuration file section containing a list of
1.1 jsing 3261: extensions to add to a certificate generated when the
3262: .Fl x509
3263: switch is used.
3264: It can be overridden by the
3265: .Fl extensions
1.72 jmc 3266: command line switch.
1.1 jsing 3267: .El
1.63 jmc 3268: .Pp
1.1 jsing 3269: There are two separate formats for the distinguished name and attribute
3270: sections.
3271: If the
3272: .Fl prompt
3273: option is set to
1.63 jmc 3274: .Qq no ,
1.72 jmc 3275: then these sections just consist of field names and values.
3276: If the
1.1 jsing 3277: .Fl prompt
3278: option is absent or not set to
1.63 jmc 3279: .Qq no ,
1.72 jmc 3280: then the file contains field prompting information of the form:
1.1 jsing 3281: .Bd -unfilled -offset indent
3282: fieldName="prompt"
3283: fieldName_default="default field value"
3284: fieldName_min= 2
3285: fieldName_max= 4
3286: .Ed
3287: .Pp
3288: .Qq fieldName
3289: is the field name being used, for example
1.63 jmc 3290: .Cm commonName
3291: (or CN).
1.1 jsing 3292: The
3293: .Qq prompt
3294: string is used to ask the user to enter the relevant details.
3295: If the user enters nothing, the default value is used;
3296: if no default value is present, the field is omitted.
3297: A field can still be omitted if a default value is present,
3298: if the user just enters the
3299: .Sq \&.
3300: character.
3301: .Pp
3302: The number of characters entered must be between the
1.63 jmc 3303: fieldName_min and fieldName_max limits:
1.1 jsing 3304: there may be additional restrictions based on the field being used
3305: (for example
1.63 jmc 3306: .Cm countryName
1.1 jsing 3307: can only ever be two characters long and must fit in a
1.63 jmc 3308: .Cm PrintableString ) .
1.1 jsing 3309: .Pp
3310: Some fields (such as
1.63 jmc 3311: .Cm organizationName )
1.1 jsing 3312: can be used more than once in a DN.
3313: This presents a problem because configuration files will
3314: not recognize the same name occurring twice.
3315: To avoid this problem, if the
1.63 jmc 3316: .Cm fieldName
1.1 jsing 3317: contains some characters followed by a full stop, they will be ignored.
3318: So, for example, a second
1.63 jmc 3319: .Cm organizationName
1.1 jsing 3320: can be input by calling it
3321: .Qq 1.organizationName .
3322: .Pp
3323: The actual permitted field names are any object identifier short or
3324: long names.
3325: These are compiled into
1.63 jmc 3326: .Nm openssl
1.1 jsing 3327: and include the usual values such as
1.63 jmc 3328: .Cm commonName , countryName , localityName , organizationName ,
1.89 jmc 3329: .Cm organizationalUnitName , stateOrProvinceName .
1.1 jsing 3330: Additionally,
1.63 jmc 3331: .Cm emailAddress
1.1 jsing 3332: is included as well as
1.63 jmc 3333: .Cm name , surname , givenName , initials
1.1 jsing 3334: and
1.63 jmc 3335: .Cm dnQualifier .
1.1 jsing 3336: .Pp
3337: Additional object identifiers can be defined with the
1.63 jmc 3338: .Cm oid_file
1.1 jsing 3339: or
1.63 jmc 3340: .Cm oid_section
1.1 jsing 3341: options in the configuration file.
3342: Any additional fields will be treated as though they were a
1.63 jmc 3343: .Cm DirectoryString .
1.1 jsing 3344: .Sh RSA
3345: .nr nS 1
3346: .Nm "openssl rsa"
1.64 jmc 3347: .Op Fl aes128 | aes192 | aes256 | des | des3
1.1 jsing 3348: .Op Fl check
3349: .Op Fl in Ar file
1.64 jmc 3350: .Op Fl inform Cm der | net | pem
1.1 jsing 3351: .Op Fl modulus
3352: .Op Fl noout
3353: .Op Fl out Ar file
1.64 jmc 3354: .Op Fl outform Cm der | net | pem
1.1 jsing 3355: .Op Fl passin Ar arg
3356: .Op Fl passout Ar arg
3357: .Op Fl pubin
3358: .Op Fl pubout
3359: .Op Fl sgckey
3360: .Op Fl text
3361: .nr nS 0
3362: .Pp
3363: The
3364: .Nm rsa
3365: command processes RSA keys.
3366: They can be converted between various forms and their components printed out.
1.64 jmc 3367: .Nm rsa
3368: uses the traditional
1.1 jsing 3369: .Nm SSLeay
3370: compatible format for private key encryption:
3371: newer applications should use the more secure PKCS#8 format using the
3372: .Nm pkcs8
3373: utility.
3374: .Pp
3375: The options are as follows:
3376: .Bl -tag -width Ds
1.64 jmc 3377: .It Fl aes128 | aes192 | aes256 | des | des3
3378: Encrypt the private key with the AES, DES,
1.1 jsing 3379: or the triple DES ciphers, respectively, before outputting it.
3380: A pass phrase is prompted for.
3381: If none of these options are specified, the key is written in plain text.
3382: This means that using the
3383: .Nm rsa
3384: utility to read in an encrypted key with no encryption option can be used
3385: to remove the pass phrase from a key, or by setting the encryption options
3386: it can be used to add or change the pass phrase.
3387: These options can only be used with PEM format output files.
3388: .It Fl check
1.64 jmc 3389: Check the consistency of an RSA private key.
1.1 jsing 3390: .It Fl in Ar file
1.64 jmc 3391: The input file to read from,
3392: or standard input if not specified.
1.1 jsing 3393: If the key is encrypted, a pass phrase will be prompted for.
1.64 jmc 3394: .It Fl inform Cm der | net | pem
3395: The input format.
1.1 jsing 3396: .It Fl noout
1.64 jmc 3397: Do not output the encoded version of the key.
1.1 jsing 3398: .It Fl modulus
1.64 jmc 3399: Print the value of the modulus of the key.
1.1 jsing 3400: .It Fl out Ar file
1.64 jmc 3401: The output file to write to,
3402: or standard output if not specified.
3403: .It Fl outform Cm der | net | pem
3404: The output format.
1.1 jsing 3405: .It Fl passin Ar arg
3406: The key password source.
3407: .It Fl passout Ar arg
3408: The output file password source.
3409: .It Fl pubin
1.64 jmc 3410: Read in a public key,
3411: not a private key.
1.1 jsing 3412: .It Fl pubout
1.64 jmc 3413: Output a public key,
3414: not a private key.
3415: Automatically set if the input is a public key.
1.1 jsing 3416: .It Fl sgckey
1.64 jmc 3417: Use the modified NET algorithm used with some versions of Microsoft IIS
3418: and SGC keys.
1.1 jsing 3419: .It Fl text
1.64 jmc 3420: Print the public/private key components in plain text.
1.1 jsing 3421: .El
3422: .Sh RSAUTL
3423: .nr nS 1
3424: .Nm "openssl rsautl"
3425: .Op Fl asn1parse
3426: .Op Fl certin
3427: .Op Fl decrypt
3428: .Op Fl encrypt
3429: .Op Fl hexdump
3430: .Op Fl in Ar file
3431: .Op Fl inkey Ar file
1.65 jmc 3432: .Op Fl keyform Cm der | pem
1.100 tb 3433: .Op Fl oaep | pkcs | raw | x931
1.1 jsing 3434: .Op Fl out Ar file
1.100 tb 3435: .Op Fl passin Ar arg
1.1 jsing 3436: .Op Fl pubin
1.100 tb 3437: .Op Fl rev
1.1 jsing 3438: .Op Fl sign
3439: .Op Fl verify
3440: .nr nS 0
3441: .Pp
3442: The
3443: .Nm rsautl
3444: command can be used to sign, verify, encrypt and decrypt
3445: data using the RSA algorithm.
3446: .Pp
3447: The options are as follows:
3448: .Bl -tag -width Ds
3449: .It Fl asn1parse
3450: Asn1parse the output data; this is useful when combined with the
3451: .Fl verify
3452: option.
3453: .It Fl certin
3454: The input is a certificate containing an RSA public key.
3455: .It Fl decrypt
3456: Decrypt the input data using an RSA private key.
3457: .It Fl encrypt
3458: Encrypt the input data using an RSA public key.
3459: .It Fl hexdump
3460: Hex dump the output data.
3461: .It Fl in Ar file
1.65 jmc 3462: The input to read from,
3463: or standard input if not specified.
1.1 jsing 3464: .It Fl inkey Ar file
1.65 jmc 3465: The input key file; by default an RSA private key.
3466: .It Fl keyform Cm der | pem
1.85 tb 3467: The private key format.
1.65 jmc 3468: The default is
3469: .Cm pem .
1.100 tb 3470: .It Fl oaep | pkcs | raw | x931
1.1 jsing 3471: The padding to use:
1.100 tb 3472: PKCS#1 OAEP, PKCS#1 v1.5 (the default), no padding, or ANSI X9.31,
3473: respectively.
1.1 jsing 3474: For signatures, only
3475: .Fl pkcs
3476: and
3477: .Fl raw
3478: can be used.
3479: .It Fl out Ar file
1.65 jmc 3480: The output file to write to,
3481: or standard output if not specified.
1.100 tb 3482: .It Fl passin Ar arg
3483: The key password source.
1.1 jsing 3484: .It Fl pubin
3485: The input file is an RSA public key.
1.100 tb 3486: .It Fl rev
3487: Reverse the order of the input buffer.
1.1 jsing 3488: .It Fl sign
3489: Sign the input data and output the signed result.
3490: This requires an RSA private key.
3491: .It Fl verify
3492: Verify the input data and output the recovered data.
3493: .El
3494: .Sh S_CLIENT
3495: .nr nS 1
3496: .Nm "openssl s_client"
3497: .Op Fl 4 | 6
3498: .Op Fl bugs
3499: .Op Fl CAfile Ar file
3500: .Op Fl CApath Ar directory
3501: .Op Fl cert Ar file
3502: .Op Fl check_ss_sig
3503: .Op Fl cipher Ar cipherlist
1.66 jmc 3504: .Op Fl connect Ar host Ns Op : Ns Ar port
1.1 jsing 3505: .Op Fl crl_check
3506: .Op Fl crl_check_all
3507: .Op Fl crlf
3508: .Op Fl debug
3509: .Op Fl extended_crl
1.87 jmc 3510: .Op Fl groups
1.1 jsing 3511: .Op Fl ign_eof
3512: .Op Fl ignore_critical
3513: .Op Fl issuer_checks
3514: .Op Fl key Ar keyfile
3515: .Op Fl msg
3516: .Op Fl nbio
3517: .Op Fl nbio_test
3518: .Op Fl no_ticket
3519: .Op Fl no_tls1
1.6 guenther 3520: .Op Fl no_tls1_1
3521: .Op Fl no_tls1_2
1.1 jsing 3522: .Op Fl pause
3523: .Op Fl policy_check
3524: .Op Fl prexit
1.11 bluhm 3525: .Op Fl proxy Ar host : Ns Ar port
1.1 jsing 3526: .Op Fl psk Ar key
3527: .Op Fl psk_identity Ar identity
3528: .Op Fl quiet
3529: .Op Fl reconnect
1.5 jsing 3530: .Op Fl servername Ar name
1.1 jsing 3531: .Op Fl showcerts
3532: .Op Fl starttls Ar protocol
3533: .Op Fl state
3534: .Op Fl tls1
1.31 jmc 3535: .Op Fl tls1_1
3536: .Op Fl tls1_2
1.1 jsing 3537: .Op Fl tlsextdebug
3538: .Op Fl verify Ar depth
3539: .Op Fl x509_strict
1.19 landry 3540: .Op Fl xmpphost Ar host
1.1 jsing 3541: .nr nS 0
3542: .Pp
3543: The
3544: .Nm s_client
3545: command implements a generic SSL/TLS client which connects
3546: to a remote host using SSL/TLS.
1.66 jmc 3547: .Pp
3548: If a connection is established with an SSL server, any data received
3549: from the server is displayed and any key presses will be sent to the
3550: server.
3551: When used interactively (which means neither
3552: .Fl quiet
3553: nor
3554: .Fl ign_eof
3555: have been given), the session will be renegotiated if the line begins with an
3556: .Cm R ;
3557: if the line begins with a
3558: .Cm Q
3559: or if end of file is reached, the connection will be closed down.
1.1 jsing 3560: .Pp
3561: The options are as follows:
3562: .Bl -tag -width Ds
3563: .It Fl 4
1.66 jmc 3564: Attempt connections using IPv4 only.
1.1 jsing 3565: .It Fl 6
1.66 jmc 3566: Attempt connections using IPv6 only.
1.1 jsing 3567: .It Fl bugs
1.66 jmc 3568: Enable various workarounds for buggy implementations.
1.1 jsing 3569: .It Fl CAfile Ar file
3570: A
3571: .Ar file
3572: containing trusted certificates to use during server authentication
3573: and to use when attempting to build the client certificate chain.
3574: .It Fl CApath Ar directory
3575: The
3576: .Ar directory
3577: to use for server certificate verification.
3578: This directory must be in
3579: .Qq hash format ;
3580: see
3581: .Fl verify
3582: for more information.
3583: These are also used when building the client certificate chain.
3584: .It Fl cert Ar file
3585: The certificate to use, if one is requested by the server.
3586: The default is not to use a certificate.
3587: .It Xo
3588: .Fl check_ss_sig ,
3589: .Fl crl_check ,
3590: .Fl crl_check_all ,
3591: .Fl extended_crl ,
3592: .Fl ignore_critical ,
3593: .Fl issuer_checks ,
3594: .Fl policy_check ,
3595: .Fl x509_strict
3596: .Xc
3597: Set various certificate chain validation options.
3598: See the
1.66 jmc 3599: .Nm verify
1.1 jsing 3600: command for details.
3601: .It Fl cipher Ar cipherlist
1.66 jmc 3602: Modify the cipher list sent by the client.
1.1 jsing 3603: Although the server determines which cipher suite is used, it should take
3604: the first supported cipher in the list sent by the client.
3605: See the
1.66 jmc 3606: .Nm ciphers
3607: command for more information.
3608: .It Fl connect Ar host Ns Op : Ns Ar port
3609: The
1.1 jsing 3610: .Ar host
1.66 jmc 3611: and
1.1 jsing 3612: .Ar port
3613: to connect to.
3614: If not specified, an attempt is made to connect to the local host
3615: on port 4433.
3616: Alternatively, the host and port pair may be separated using a forward-slash
1.66 jmc 3617: character,
3618: which is useful for numeric IPv6 addresses.
1.1 jsing 3619: .It Fl crlf
1.66 jmc 3620: Translate a line feed from the terminal into CR+LF,
3621: as required by some servers.
1.1 jsing 3622: .It Fl debug
1.66 jmc 3623: Print extensive debugging information, including a hex dump of all traffic.
1.87 jmc 3624: .It Fl groups Ar ecgroups
3625: Specify a colon-separated list of permitted EC curve groups.
1.1 jsing 3626: .It Fl ign_eof
1.66 jmc 3627: Inhibit shutting down the connection when end of file is reached in the input.
1.1 jsing 3628: .It Fl key Ar keyfile
3629: The private key to use.
3630: If not specified, the certificate file will be used.
3631: .It Fl msg
3632: Show all protocol messages with hex dump.
3633: .It Fl nbio
1.66 jmc 3634: Turn on non-blocking I/O.
1.1 jsing 3635: .It Fl nbio_test
1.66 jmc 3636: Test non-blocking I/O.
1.31 jmc 3637: .It Fl no_tls1 | no_tls1_1 | no_tls1_2
1.66 jmc 3638: Disable the use of TLS1.0, 1.1, and 1.2, respectively.
1.1 jsing 3639: .It Fl no_ticket
3640: Disable RFC 4507 session ticket support.
3641: .It Fl pause
1.66 jmc 3642: Pause 1 second between each read and write call.
1.1 jsing 3643: .It Fl prexit
3644: Print session information when the program exits.
3645: This will always attempt
3646: to print out information even if the connection fails.
3647: Normally, information will only be printed out once if the connection succeeds.
3648: This option is useful because the cipher in use may be renegotiated
3649: or the connection may fail because a client certificate is required or is
3650: requested only after an attempt is made to access a certain URL.
1.66 jmc 3651: Note that the output produced by this option is not always accurate
3652: because a connection might never have been established.
1.11 bluhm 3653: .It Fl proxy Ar host : Ns Ar port
3654: Use the HTTP proxy at
3655: .Ar host
3656: and
3657: .Ar port .
3658: The connection to the proxy is done in cleartext and the
3659: .Fl connect
3660: argument is given to the proxy.
3661: If not specified, localhost is used as final destination.
3662: After that, switch the connection through the proxy to the destination
3663: to TLS.
1.1 jsing 3664: .It Fl psk Ar key
3665: Use the PSK key
3666: .Ar key
3667: when using a PSK cipher suite.
3668: The key is given as a hexadecimal number without the leading 0x,
3669: for example -psk 1a2b3c4d.
3670: .It Fl psk_identity Ar identity
1.66 jmc 3671: Use the PSK
1.1 jsing 3672: .Ar identity
3673: when using a PSK cipher suite.
3674: .It Fl quiet
3675: Inhibit printing of session and certificate information.
3676: This implicitly turns on
3677: .Fl ign_eof
3678: as well.
3679: .It Fl reconnect
1.66 jmc 3680: Reconnect to the same server 5 times using the same session ID; this can
1.1 jsing 3681: be used as a test that session caching is working.
1.5 jsing 3682: .It Fl servername Ar name
3683: Include the TLS Server Name Indication (SNI) extension in the ClientHello
3684: message, using the specified server
3685: .Ar name .
1.1 jsing 3686: .It Fl showcerts
3687: Display the whole server certificate chain: normally only the server
3688: certificate itself is displayed.
3689: .It Fl starttls Ar protocol
1.66 jmc 3690: Send the protocol-specific messages to switch to TLS for communication.
1.1 jsing 3691: .Ar protocol
3692: is a keyword for the intended protocol.
3693: Currently, the supported keywords are
3694: .Qq ftp ,
3695: .Qq imap ,
3696: .Qq smtp ,
3697: .Qq pop3 ,
3698: and
3699: .Qq xmpp .
3700: .It Fl state
1.66 jmc 3701: Print the SSL session states.
1.31 jmc 3702: .It Fl tls1 | tls1_1 | tls1_2
3703: Permit only TLS1.0, 1.1, or 1.2, respectively.
1.1 jsing 3704: .It Fl tlsextdebug
1.66 jmc 3705: Print a hex dump of any TLS extensions received from the server.
1.1 jsing 3706: .It Fl verify Ar depth
1.66 jmc 3707: Turn on server certificate verification,
3708: with a maximum length of
3709: .Ar depth .
1.1 jsing 3710: Currently the verify operation continues after errors so all the problems
3711: with a certificate chain can be seen.
3712: As a side effect the connection will never fail due to a server
3713: certificate verify failure.
1.19 landry 3714: .It Fl xmpphost Ar hostname
1.66 jmc 3715: When used with
1.19 landry 3716: .Fl starttls Ar xmpp ,
1.66 jmc 3717: specify the host for the "to" attribute of the stream element.
1.19 landry 3718: If this option is not specified then the host specified with
3719: .Fl connect
3720: will be used.
1.1 jsing 3721: .El
3722: .Sh S_SERVER
3723: .nr nS 1
3724: .Nm "openssl s_server"
3725: .Op Fl accept Ar port
3726: .Op Fl bugs
3727: .Op Fl CAfile Ar file
3728: .Op Fl CApath Ar directory
3729: .Op Fl cert Ar file
3730: .Op Fl cipher Ar cipherlist
3731: .Op Fl context Ar id
3732: .Op Fl crl_check
3733: .Op Fl crl_check_all
3734: .Op Fl crlf
3735: .Op Fl dcert Ar file
3736: .Op Fl debug
3737: .Op Fl dhparam Ar file
3738: .Op Fl dkey Ar file
3739: .Op Fl hack
3740: .Op Fl HTTP
3741: .Op Fl id_prefix Ar arg
3742: .Op Fl key Ar keyfile
3743: .Op Fl msg
3744: .Op Fl nbio
3745: .Op Fl nbio_test
3746: .Op Fl no_dhe
3747: .Op Fl no_tls1
1.6 guenther 3748: .Op Fl no_tls1_1
3749: .Op Fl no_tls1_2
1.1 jsing 3750: .Op Fl no_tmp_rsa
3751: .Op Fl nocert
3752: .Op Fl psk Ar key
3753: .Op Fl psk_hint Ar hint
3754: .Op Fl quiet
3755: .Op Fl serverpref
3756: .Op Fl state
3757: .Op Fl tls1
1.31 jmc 3758: .Op Fl tls1_1
3759: .Op Fl tls1_2
1.1 jsing 3760: .Op Fl Verify Ar depth
3761: .Op Fl verify Ar depth
3762: .Op Fl WWW
3763: .Op Fl www
3764: .nr nS 0
3765: .Pp
3766: The
3767: .Nm s_server
3768: command implements a generic SSL/TLS server which listens
3769: for connections on a given port using SSL/TLS.
3770: .Pp
1.67 jmc 3771: If a connection request is established with a client and neither the
3772: .Fl www
3773: nor the
3774: .Fl WWW
3775: option has been used, then any data received
3776: from the client is displayed and any key presses are sent to the client.
3777: Certain single letter commands perform special operations:
3778: .Pp
3779: .Bl -tag -width "XXXX" -compact
3780: .It Ic P
3781: Send plain text, which should cause the client to disconnect.
3782: .It Ic Q
3783: End the current SSL connection and exit.
3784: .It Ic q
3785: End the current SSL connection, but still accept new connections.
3786: .It Ic R
3787: Renegotiate the SSL session and request a client certificate.
3788: .It Ic r
3789: Renegotiate the SSL session.
3790: .It Ic S
3791: Print out some session cache status information.
3792: .El
3793: .Pp
1.1 jsing 3794: The options are as follows:
3795: .Bl -tag -width Ds
3796: .It Fl accept Ar port
1.67 jmc 3797: Listen on TCP
1.1 jsing 3798: .Ar port
1.67 jmc 3799: for connections.
3800: The default is port 4433.
1.1 jsing 3801: .It Fl bugs
1.67 jmc 3802: Enable various workarounds for buggy implementations.
1.1 jsing 3803: .It Fl CAfile Ar file
1.67 jmc 3804: A
3805: .Ar file
3806: containing trusted certificates to use during client authentication
1.1 jsing 3807: and to use when attempting to build the server certificate chain.
3808: The list is also used in the list of acceptable client CAs passed to the
3809: client when a certificate is requested.
3810: .It Fl CApath Ar directory
3811: The
3812: .Ar directory
3813: to use for client certificate verification.
3814: This directory must be in
3815: .Qq hash format ;
3816: see
3817: .Fl verify
3818: for more information.
3819: These are also used when building the server certificate chain.
3820: .It Fl cert Ar file
1.67 jmc 3821: The certificate to use: most server's cipher suites require the use of a
3822: certificate and some require a certificate with a certain public key type.
3823: For example, the DSS cipher suites require a certificate containing a DSS
3824: (DSA) key.
1.1 jsing 3825: If not specified, the file
3826: .Pa server.pem
3827: will be used.
3828: .It Fl cipher Ar cipherlist
1.67 jmc 3829: Modify the cipher list used by the server.
1.1 jsing 3830: This allows the cipher list used by the server to be modified.
3831: When the client sends a list of supported ciphers, the first client cipher
3832: also included in the server list is used.
3833: Because the client specifies the preference order, the order of the server
3834: cipherlist is irrelevant.
3835: See the
1.67 jmc 3836: .Nm ciphers
3837: command for more information.
1.1 jsing 3838: .It Fl context Ar id
1.67 jmc 3839: Set the SSL context ID.
1.1 jsing 3840: It can be given any string value.
3841: .It Fl crl_check , crl_check_all
3842: Check the peer certificate has not been revoked by its CA.
3843: The CRLs are appended to the certificate file.
3844: .Fl crl_check_all
1.67 jmc 3845: checks all CRLs of all CAs in the chain.
1.1 jsing 3846: .It Fl crlf
1.67 jmc 3847: Translate a line feed from the terminal into CR+LF.
1.1 jsing 3848: .It Fl dcert Ar file , Fl dkey Ar file
3849: Specify an additional certificate and private key; these behave in the
3850: same manner as the
3851: .Fl cert
3852: and
3853: .Fl key
3854: options except there is no default if they are not specified
1.67 jmc 3855: (no additional certificate or key is used).
1.1 jsing 3856: By using RSA and DSS certificates and keys,
3857: a server can support clients which only support RSA or DSS cipher suites
3858: by using an appropriate certificate.
3859: .It Fl debug
1.67 jmc 3860: Print extensive debugging information, including a hex dump of all traffic.
1.1 jsing 3861: .It Fl dhparam Ar file
3862: The DH parameter file to use.
3863: The ephemeral DH cipher suites generate keys
3864: using a set of DH parameters.
3865: If not specified, an attempt is made to
3866: load the parameters from the server certificate file.
3867: If this fails, a static set of parameters hard coded into the
3868: .Nm s_server
3869: program will be used.
3870: .It Fl hack
1.67 jmc 3871: Enables a further workaround for some early Netscape SSL code.
1.1 jsing 3872: .It Fl HTTP
1.67 jmc 3873: Emulate a simple web server.
3874: Pages are resolved relative to the current directory.
3875: For example if the URL
1.1 jsing 3876: .Pa https://myhost/page.html
3877: is requested, the file
3878: .Pa ./page.html
3879: will be loaded.
3880: The files loaded are assumed to contain a complete and correct HTTP
3881: response (lines that are part of the HTTP response line and headers
3882: must end with CRLF).
3883: .It Fl id_prefix Ar arg
3884: Generate SSL/TLS session IDs prefixed by
3885: .Ar arg .
3886: This is mostly useful for testing any SSL/TLS code
1.81 jmc 3887: that wish to deal with multiple servers,
3888: when each of which might be generating a unique range of session IDs.
1.1 jsing 3889: .It Fl key Ar keyfile
3890: The private key to use.
3891: If not specified, the certificate file will be used.
3892: .It Fl msg
3893: Show all protocol messages with hex dump.
3894: .It Fl nbio
1.67 jmc 3895: Turn on non-blocking I/O.
1.1 jsing 3896: .It Fl nbio_test
1.67 jmc 3897: Test non-blocking I/O.
1.1 jsing 3898: .It Fl no_dhe
1.67 jmc 3899: Disable ephemeral DH cipher suites.
1.31 jmc 3900: .It Fl no_tls1 | no_tls1_1 | no_tls1_2
1.67 jmc 3901: Disable the use of TLS1.0, 1.1, and 1.2, respectively.
1.1 jsing 3902: .It Fl no_tmp_rsa
1.67 jmc 3903: Disable temporary RSA key generation.
1.1 jsing 3904: .It Fl nocert
1.67 jmc 3905: Do not use a certificate.
1.1 jsing 3906: This restricts the cipher suites available to the anonymous ones
1.67 jmc 3907: (currently just anonymous DH).
1.1 jsing 3908: .It Fl psk Ar key
3909: Use the PSK key
3910: .Ar key
3911: when using a PSK cipher suite.
3912: The key is given as a hexadecimal number without the leading 0x,
3913: for example -psk 1a2b3c4d.
3914: .It Fl psk_hint Ar hint
3915: Use the PSK identity hint
3916: .Ar hint
3917: when using a PSK cipher suite.
3918: .It Fl quiet
3919: Inhibit printing of session and certificate information.
3920: .It Fl serverpref
3921: Use server's cipher preferences.
3922: .It Fl state
1.67 jmc 3923: Print the SSL session states.
1.31 jmc 3924: .It Fl tls1 | tls1_1 | tls1_2
3925: Permit only TLS1.0, 1.1, or 1.2, respectively.
1.1 jsing 3926: .It Fl WWW
1.67 jmc 3927: Emulate a simple web server.
3928: Pages are resolved relative to the current directory.
3929: For example if the URL
1.1 jsing 3930: .Pa https://myhost/page.html
3931: is requested, the file
3932: .Pa ./page.html
3933: will be loaded.
3934: .It Fl www
1.67 jmc 3935: Send a status message to the client when it connects,
3936: including information about the ciphers used and various session parameters.
1.1 jsing 3937: The output is in HTML format so this option will normally be used with a
3938: web browser.
3939: .It Fl Verify Ar depth , Fl verify Ar depth
1.67 jmc 3940: Request a certificate chain from the client,
3941: with a maximum length of
3942: .Ar depth .
3943: With
3944: .Fl Verify ,
3945: the client must supply a certificate or an error occurs;
3946: with
3947: .Fl verify ,
3948: a certificate is requested but the client does not have to send one.
1.1 jsing 3949: .El
3950: .Sh S_TIME
3951: .nr nS 1
3952: .Nm "openssl s_time"
3953: .Op Fl bugs
3954: .Op Fl CAfile Ar file
3955: .Op Fl CApath Ar directory
3956: .Op Fl cert Ar file
3957: .Op Fl cipher Ar cipherlist
1.68 jmc 3958: .Op Fl connect Ar host Ns Op : Ns Ar port
1.1 jsing 3959: .Op Fl key Ar keyfile
3960: .Op Fl nbio
3961: .Op Fl new
1.20 lteo 3962: .Op Fl no_shutdown
1.1 jsing 3963: .Op Fl reuse
3964: .Op Fl time Ar seconds
3965: .Op Fl verify Ar depth
3966: .Op Fl www Ar page
3967: .nr nS 0
3968: .Pp
3969: The
1.68 jmc 3970: .Nm s_time
1.1 jsing 3971: command implements a generic SSL/TLS client which connects to a
3972: remote host using SSL/TLS.
3973: It can request a page from the server and includes
3974: the time to transfer the payload data in its timing measurements.
3975: It measures the number of connections within a given timeframe,
3976: the amount of data transferred
3977: .Pq if any ,
3978: and calculates the average time spent for one connection.
3979: .Pp
3980: The options are as follows:
3981: .Bl -tag -width Ds
3982: .It Fl bugs
1.68 jmc 3983: Enable various workarounds for buggy implementations.
1.1 jsing 3984: .It Fl CAfile Ar file
1.68 jmc 3985: A
3986: .Ar file
3987: containing trusted certificates to use during server authentication
1.1 jsing 3988: and to use when attempting to build the client certificate chain.
3989: .It Fl CApath Ar directory
3990: The directory to use for server certificate verification.
3991: This directory must be in
3992: .Qq hash format ;
3993: see
3994: .Nm verify
3995: for more information.
3996: These are also used when building the client certificate chain.
3997: .It Fl cert Ar file
3998: The certificate to use, if one is requested by the server.
3999: The default is not to use a certificate.
4000: .It Fl cipher Ar cipherlist
1.68 jmc 4001: Modify the cipher list sent by the client.
1.1 jsing 4002: Although the server determines which cipher suite is used,
4003: it should take the first supported cipher in the list sent by the client.
4004: See the
4005: .Nm ciphers
4006: command for more information.
1.68 jmc 4007: .It Fl connect Ar host Ns Op : Ns Ar port
4008: The host and port to connect to.
1.1 jsing 4009: .It Fl key Ar keyfile
4010: The private key to use.
4011: If not specified, the certificate file will be used.
4012: .It Fl nbio
1.68 jmc 4013: Turn on non-blocking I/O.
1.1 jsing 4014: .It Fl new
1.68 jmc 4015: Perform the timing test using a new session ID for each connection.
1.1 jsing 4016: If neither
4017: .Fl new
4018: nor
4019: .Fl reuse
4020: are specified,
4021: they are both on by default and executed in sequence.
1.20 lteo 4022: .It Fl no_shutdown
1.21 jmc 4023: Shut down the connection without sending a
1.68 jmc 4024: .Qq close notify
1.20 lteo 4025: shutdown alert to the server.
1.1 jsing 4026: .It Fl reuse
1.68 jmc 4027: Perform the timing test using the same session ID for each connection.
1.1 jsing 4028: If neither
4029: .Fl new
4030: nor
4031: .Fl reuse
4032: are specified,
4033: they are both on by default and executed in sequence.
4034: .It Fl time Ar seconds
1.68 jmc 4035: Limit
1.1 jsing 4036: .Nm s_time
1.68 jmc 4037: benchmarks to the number of
4038: .Ar seconds .
1.1 jsing 4039: The default is 30 seconds.
4040: .It Fl verify Ar depth
1.68 jmc 4041: Turn on server certificate verification,
4042: with a maximum length of
4043: .Ar depth .
1.1 jsing 4044: Currently the verify operation continues after errors, so all the problems
4045: with a certificate chain can be seen.
4046: As a side effect,
4047: the connection will never fail due to a server certificate verify failure.
4048: .It Fl www Ar page
1.68 jmc 4049: The page to GET from the server.
1.1 jsing 4050: A value of
4051: .Sq /
4052: gets the index.htm[l] page.
4053: If this parameter is not specified,
4054: .Nm s_time
4055: will only perform the handshake to establish SSL connections
4056: but not transfer any payload data.
4057: .El
4058: .Sh SESS_ID
4059: .nr nS 1
4060: .Nm "openssl sess_id"
4061: .Op Fl cert
4062: .Op Fl context Ar ID
4063: .Op Fl in Ar file
1.69 jmc 4064: .Op Fl inform Cm der | pem
1.1 jsing 4065: .Op Fl noout
4066: .Op Fl out Ar file
1.69 jmc 4067: .Op Fl outform Cm der | pem
1.1 jsing 4068: .Op Fl text
4069: .nr nS 0
4070: .Pp
4071: The
4072: .Nm sess_id
4073: program processes the encoded version of the SSL session structure and
4074: optionally prints out SSL session details
1.69 jmc 4075: (for example the SSL session master key)
1.72 jmc 4076: in human-readable format.
1.1 jsing 4077: .Pp
4078: The options are as follows:
4079: .Bl -tag -width Ds
4080: .It Fl cert
4081: If a certificate is present in the session,
4082: it will be output using this option;
4083: if the
4084: .Fl text
4085: option is also present, then it will be printed out in text form.
4086: .It Fl context Ar ID
1.69 jmc 4087: Set the session
1.1 jsing 4088: .Ar ID .
1.69 jmc 4089: The ID can be any string of characters.
1.1 jsing 4090: .It Fl in Ar file
1.69 jmc 4091: The input file to read from,
4092: or standard input if not specified.
4093: .It Fl inform Cm der | pem
4094: The input format.
4095: .Cm der
1.84 jmc 4096: uses an ASN.1 DER-encoded format containing session details.
1.1 jsing 4097: The precise format can vary from one version to the next.
1.69 jmc 4098: .Cm pem
4099: is the default format: it consists of the DER
1.1 jsing 4100: format base64-encoded with additional header and footer lines.
4101: .It Fl noout
1.69 jmc 4102: Do not output the encoded version of the session.
1.1 jsing 4103: .It Fl out Ar file
1.69 jmc 4104: The output file to write to,
4105: or standard output if not specified.
4106: .It Fl outform Cm der | pem
4107: The output format.
1.1 jsing 4108: .It Fl text
1.69 jmc 4109: Print the various public or private key components in plain text,
4110: in addition to the encoded version.
1.1 jsing 4111: .El
4112: .Pp
1.69 jmc 4113: The output of
4114: .Nm sess_id
4115: is composed as follows:
1.1 jsing 4116: .Pp
1.69 jmc 4117: .Bl -tag -width "Verify return code " -offset 3n -compact
4118: .It Protocol
4119: The protocol in use.
4120: .It Cipher
4121: The actual raw SSL or TLS cipher code.
4122: .It Session-ID
4123: The SSL session ID, in hex format.
4124: .It Session-ID-ctx
4125: The session ID context, in hex format.
4126: .It Master-Key
4127: The SSL session master key.
4128: .It Key-Arg
1.1 jsing 4129: The key argument; this is only used in SSL v2.
1.69 jmc 4130: .It Start Time
4131: The session start time.
1.1 jsing 4132: .Ux
4133: format.
1.69 jmc 4134: .It Timeout
4135: The timeout, in seconds.
4136: .It Verify return code
4137: The return code when a certificate is verified.
1.1 jsing 4138: .El
4139: .Pp
4140: Since the SSL session output contains the master key, it is possible to read
4141: the contents of an encrypted session using this information.
4142: Therefore appropriate security precautions
4143: should be taken if the information is being output by a
4144: .Qq real
4145: application.
4146: This is, however, strongly discouraged and should only be used for
4147: debugging purposes.
4148: .Sh SMIME
4149: .nr nS 1
4150: .Nm "openssl smime"
4151: .Oo
4152: .Fl aes128 | aes192 | aes256 | des |
4153: .Fl des3 | rc2-40 | rc2-64 | rc2-128
4154: .Oc
4155: .Op Fl binary
4156: .Op Fl CAfile Ar file
4157: .Op Fl CApath Ar directory
4158: .Op Fl certfile Ar file
4159: .Op Fl check_ss_sig
4160: .Op Fl content Ar file
4161: .Op Fl crl_check
4162: .Op Fl crl_check_all
4163: .Op Fl decrypt
4164: .Op Fl encrypt
4165: .Op Fl extended_crl
4166: .Op Fl from Ar addr
4167: .Op Fl ignore_critical
4168: .Op Fl in Ar file
4169: .Op Fl indef
1.70 jmc 4170: .Op Fl inform Cm der | pem | smime
1.1 jsing 4171: .Op Fl inkey Ar file
4172: .Op Fl issuer_checks
1.70 jmc 4173: .Op Fl keyform Cm pem
1.1 jsing 4174: .Op Fl md Ar digest
4175: .Op Fl noattr
4176: .Op Fl nocerts
4177: .Op Fl nochain
4178: .Op Fl nodetach
4179: .Op Fl noindef
4180: .Op Fl nointern
4181: .Op Fl nosigs
4182: .Op Fl noverify
4183: .Op Fl out Ar file
1.70 jmc 4184: .Op Fl outform Cm der | pem | smime
1.1 jsing 4185: .Op Fl passin Ar arg
4186: .Op Fl pk7out
4187: .Op Fl policy_check
4188: .Op Fl recip Ar file
4189: .Op Fl resign
4190: .Op Fl sign
4191: .Op Fl signer Ar file
4192: .Op Fl stream
4193: .Op Fl subject Ar s
4194: .Op Fl text
4195: .Op Fl to Ar addr
4196: .Op Fl verify
4197: .Op Fl x509_strict
4198: .Op Ar cert.pem ...
4199: .nr nS 0
4200: .Pp
4201: The
4202: .Nm smime
1.70 jmc 4203: command handles S/MIME mail.
4204: It can encrypt, decrypt, sign, and verify S/MIME messages.
4205: .Pp
4206: The MIME message must be sent without any blank lines between the
4207: headers and the output.
4208: Some mail programs will automatically add a blank line.
4209: Piping the mail directly to an MTA is one way to
4210: achieve the correct format.
4211: .Pp
4212: The supplied message to be signed or encrypted must include the necessary
4213: MIME headers or many S/MIME clients won't display it properly (if at all).
4214: Use the
4215: .Fl text
4216: option to automatically add plain text headers.
1.1 jsing 4217: .Pp
1.70 jmc 4218: A
4219: .Qq signed and encrypted
4220: message is one where a signed message is then encrypted.
4221: This can be produced by encrypting an already signed message.
1.1 jsing 4222: .Pp
1.70 jmc 4223: There are a number of operations that can be performed, as follows:
1.1 jsing 4224: .Bl -tag -width "XXXX"
4225: .It Fl decrypt
4226: Decrypt mail using the supplied certificate and private key.
1.70 jmc 4227: The input file is an encrypted mail message in MIME format.
1.1 jsing 4228: The decrypted mail is written to the output file.
4229: .It Fl encrypt
4230: Encrypt mail for the given recipient certificates.
1.70 jmc 4231: The input is the message to be encrypted.
4232: The output file is the encrypted mail, in MIME format.
1.1 jsing 4233: .It Fl pk7out
1.70 jmc 4234: Take an input message and write out a PEM-encoded PKCS#7 structure.
1.1 jsing 4235: .It Fl resign
4236: Resign a message: take an existing message and one or more new signers.
4237: .It Fl sign
4238: Sign mail using the supplied certificate and private key.
1.70 jmc 4239: The input file is the message to be signed.
4240: The signed message, in MIME format, is written to the output file.
1.1 jsing 4241: .It Fl verify
4242: Verify signed mail.
1.70 jmc 4243: The input is a signed mail message and the output is the signed data.
1.1 jsing 4244: Both clear text and opaque signing is supported.
4245: .El
4246: .Pp
1.14 jmc 4247: The remaining options are as follows:
1.1 jsing 4248: .Bl -tag -width "XXXX"
4249: .It Xo
4250: .Fl aes128 | aes192 | aes256 | des |
4251: .Fl des3 | rc2-40 | rc2-64 | rc2-128
4252: .Xc
4253: The encryption algorithm to use.
1.70 jmc 4254: 128-, 192-, or 256-bit AES, DES (56 bits), triple DES (168 bits),
1.1 jsing 4255: or 40-, 64-, or 128-bit RC2, respectively;
4256: if not specified, 40-bit RC2 is
4257: used.
4258: Only used with
4259: .Fl encrypt .
4260: .It Fl binary
4261: Normally, the input message is converted to
4262: .Qq canonical
1.70 jmc 4263: format which uses CR/LF as end of line,
4264: as required by the S/MIME specification.
1.1 jsing 4265: When this option is present no translation occurs.
1.70 jmc 4266: This is useful when handling binary data which may not be in MIME format.
1.1 jsing 4267: .It Fl CAfile Ar file
4268: A
4269: .Ar file
4270: containing trusted CA certificates; only used with
4271: .Fl verify .
4272: .It Fl CApath Ar directory
4273: A
4274: .Ar directory
4275: containing trusted CA certificates; only used with
4276: .Fl verify .
4277: This directory must be a standard certificate directory:
4278: that is, a hash of each subject name (using
4279: .Nm x509 -hash )
4280: should be linked to each certificate.
4281: .It Ar cert.pem ...
4282: One or more certificates of message recipients: used when encrypting
4283: a message.
4284: .It Fl certfile Ar file
4285: Allows additional certificates to be specified.
4286: When signing, these will be included with the message.
4287: When verifying, these will be searched for the signers' certificates.
4288: The certificates should be in PEM format.
4289: .It Xo
4290: .Fl check_ss_sig ,
4291: .Fl crl_check ,
4292: .Fl crl_check_all ,
4293: .Fl extended_crl ,
4294: .Fl ignore_critical ,
4295: .Fl issuer_checks ,
4296: .Fl policy_check ,
4297: .Fl x509_strict
4298: .Xc
4299: Set various certificate chain validation options.
4300: See the
1.70 jmc 4301: .Nm verify
1.1 jsing 4302: command for details.
4303: .It Fl content Ar file
1.70 jmc 4304: A file containing the detached content.
1.1 jsing 4305: This is only useful with the
4306: .Fl verify
1.70 jmc 4307: option,
4308: and only usable if the PKCS#7 structure is using the detached
1.1 jsing 4309: signature form where the content is not included.
1.70 jmc 4310: This option will override any content if the input format is S/MIME
4311: and it uses the multipart/signed MIME content type.
1.1 jsing 4312: .It Xo
4313: .Fl from Ar addr ,
4314: .Fl subject Ar s ,
4315: .Fl to Ar addr
4316: .Xc
4317: The relevant mail headers.
4318: These are included outside the signed
4319: portion of a message so they may be included manually.
1.70 jmc 4320: When signing, many S/MIME
1.1 jsing 4321: mail clients check that the signer's certificate email
4322: address matches the From: address.
4323: .It Fl in Ar file
1.70 jmc 4324: The input file to read from.
1.1 jsing 4325: .It Fl indef
4326: Enable streaming I/O for encoding operations.
4327: This permits single pass processing of data without
4328: the need to hold the entire contents in memory,
4329: potentially supporting very large files.
4330: Streaming is automatically set for S/MIME signing with detached
4331: data if the output format is SMIME;
4332: it is currently off by default for all other operations.
1.70 jmc 4333: .It Fl inform Cm der | pem | smime
4334: The input format.
1.1 jsing 4335: .It Fl inkey Ar file
1.70 jmc 4336: The private key to use when signing or decrypting,
4337: which must match the corresponding certificate.
1.1 jsing 4338: If this option is not specified, the private key must be included
4339: in the certificate file specified with
4340: the
4341: .Fl recip
4342: or
4343: .Fl signer
4344: file.
4345: When signing,
4346: this option can be used multiple times to specify successive keys.
1.70 jmc 4347: .It Fl keyform Cm pem
1.1 jsing 4348: Input private key format.
4349: .It Fl md Ar digest
4350: The digest algorithm to use when signing or resigning.
4351: If not present then the default digest algorithm for the signing key is used
4352: (usually SHA1).
4353: .It Fl noattr
1.70 jmc 4354: Do not include attributes.
1.1 jsing 4355: .It Fl nocerts
1.70 jmc 4356: Do not include the signer's certificate.
1.1 jsing 4357: This will reduce the size of the signed message but the verifier must
4358: have a copy of the signer's certificate available locally (passed using the
4359: .Fl certfile
4360: option, for example).
4361: .It Fl nochain
4362: Do not do chain verification of signers' certificates: that is,
4363: don't use the certificates in the signed message as untrusted CAs.
4364: .It Fl nodetach
4365: When signing a message use opaque signing: this form is more resistant
4366: to translation by mail relays but it cannot be read by mail agents that
1.70 jmc 4367: do not support S/MIME.
4368: Without this option cleartext signing with the MIME type
4369: multipart/signed is used.
1.1 jsing 4370: .It Fl noindef
1.70 jmc 4371: Disable streaming I/O where it would produce an encoding of indefinite length
4372: (currently has no effect).
1.1 jsing 4373: .It Fl nointern
1.70 jmc 4374: Only use certificates specified in the
4375: .Fl certfile .
4376: The supplied certificates can still be used as untrusted CAs.
1.1 jsing 4377: .It Fl nosigs
1.70 jmc 4378: Do not try to verify the signatures on the message.
1.1 jsing 4379: .It Fl noverify
4380: Do not verify the signer's certificate of a signed message.
4381: .It Fl out Ar file
1.70 jmc 4382: The output file to write to.
4383: .It Fl outform Cm der | pem | smime
4384: The output format.
4385: The default is smime, which writes an S/MIME format message.
4386: .Cm pem
1.1 jsing 4387: and
1.70 jmc 4388: .Cm der
4389: change this to write PEM and DER format PKCS#7 structures instead.
1.1 jsing 4390: This currently only affects the output format of the PKCS#7
4391: structure; if no PKCS#7 structure is being output (for example with
4392: .Fl verify
4393: or
4394: .Fl decrypt )
4395: this option has no effect.
4396: .It Fl passin Ar arg
4397: The key password source.
4398: .It Fl recip Ar file
4399: The recipients certificate when decrypting a message.
4400: This certificate
4401: must match one of the recipients of the message or an error occurs.
4402: .It Fl signer Ar file
4403: A signing certificate when signing or resigning a message;
4404: this option can be used multiple times if more than one signer is required.
4405: If a message is being verified, the signer's certificates will be
4406: written to this file if the verification was successful.
4407: .It Fl stream
4408: The same as
4409: .Fl indef .
4410: .It Fl text
1.70 jmc 4411: Add plain text (text/plain) MIME
1.1 jsing 4412: headers to the supplied message if encrypting or signing.
4413: If decrypting or verifying, it strips off text headers:
1.70 jmc 4414: if the decrypted or verified message is not of MIME type text/plain
4415: then an error occurs.
1.1 jsing 4416: .El
4417: .Pp
1.70 jmc 4418: The exit codes for
4419: .Nm smime
4420: are as follows:
1.1 jsing 4421: .Pp
1.70 jmc 4422: .Bl -tag -width "XXXX" -offset 3n -compact
4423: .It 0
1.1 jsing 4424: The operation was completely successful.
1.70 jmc 4425: .It 1
1.1 jsing 4426: An error occurred parsing the command options.
1.70 jmc 4427: .It 2
1.1 jsing 4428: One of the input files could not be read.
1.70 jmc 4429: .It 3
4430: An error occurred creating the file or when reading the message.
4431: .It 4
1.1 jsing 4432: An error occurred decrypting or verifying the message.
1.70 jmc 4433: .It 5
4434: An error occurred writing certificates.
1.1 jsing 4435: .El
4436: .Sh SPEED
4437: .nr nS 1
4438: .Nm "openssl speed"
1.71 jmc 4439: .Op Ar algorithm
1.1 jsing 4440: .Op Fl decrypt
4441: .Op Fl elapsed
1.71 jmc 4442: .Op Fl evp Ar algorithm
1.1 jsing 4443: .Op Fl mr
4444: .Op Fl multi Ar number
4445: .nr nS 0
4446: .Pp
4447: The
4448: .Nm speed
4449: command is used to test the performance of cryptographic algorithms.
4450: .Bl -tag -width "XXXX"
1.71 jmc 4451: .It Ar algorithm
4452: Perform the test using
4453: .Ar algorithm .
4454: The default is to test all algorithms.
1.1 jsing 4455: .It Fl decrypt
1.71 jmc 4456: Time decryption instead of encryption;
4457: must be used with
4458: .Fl evp .
1.1 jsing 4459: .It Fl elapsed
4460: Measure time in real time instead of CPU user time.
1.71 jmc 4461: .It Fl evp Ar algorithm
4462: Perform the test using one of the algorithms accepted by
4463: .Xr EVP_get_cipherbyname 3 .
1.1 jsing 4464: .It Fl mr
4465: Produce machine readable output.
4466: .It Fl multi Ar number
4467: Run
4468: .Ar number
4469: benchmarks in parallel.
4470: .El
1.77 jmc 4471: .Sh SPKAC
4472: .nr nS 1
4473: .Nm "openssl spkac"
4474: .Op Fl challenge Ar string
4475: .Op Fl in Ar file
4476: .Op Fl key Ar keyfile
4477: .Op Fl noout
4478: .Op Fl out Ar file
4479: .Op Fl passin Ar arg
4480: .Op Fl pubkey
4481: .Op Fl spkac Ar spkacname
4482: .Op Fl spksect Ar section
4483: .Op Fl verify
4484: .nr nS 0
4485: .Pp
4486: The
4487: .Nm spkac
4488: command processes signed public key and challenge (SPKAC) files.
4489: It can print out their contents, verify the signature,
4490: and produce its own SPKACs from a supplied private key.
4491: .Pp
4492: The options are as follows:
4493: .Bl -tag -width Ds
4494: .It Fl challenge Ar string
4495: The challenge string, if an SPKAC is being created.
4496: .It Fl in Ar file
4497: The input file to read from,
4498: or standard input if not specified.
4499: Ignored if the
4500: .Fl key
4501: option is used.
4502: .It Fl key Ar keyfile
4503: Create an SPKAC file using the private key in
4504: .Ar keyfile .
4505: The
4506: .Fl in , noout , spksect ,
4507: and
4508: .Fl verify
4509: options are ignored, if present.
4510: .It Fl noout
4511: Do not output the text version of the SPKAC.
4512: .It Fl out Ar file
4513: The output file to write to,
4514: or standard output if not specified.
4515: .It Fl passin Ar arg
4516: The key password source.
4517: .It Fl pubkey
4518: Output the public key of an SPKAC.
4519: .It Fl spkac Ar spkacname
4520: An alternative name for the variable containing the SPKAC.
4521: The default is "SPKAC".
4522: This option affects both generated and input SPKAC files.
4523: .It Fl spksect Ar section
4524: An alternative name for the
4525: .Ar section
4526: containing the SPKAC.
4527: .It Fl verify
4528: Verify the digital signature on the supplied SPKAC.
4529: .El
1.1 jsing 4530: .Sh TS
4531: .nr nS 1
4532: .Nm "openssl ts"
4533: .Fl query
1.29 bcook 4534: .Op Fl md4 | md5 | ripemd160 | sha1
1.1 jsing 4535: .Op Fl cert
4536: .Op Fl config Ar configfile
4537: .Op Fl data Ar file_to_hash
4538: .Op Fl digest Ar digest_bytes
4539: .Op Fl in Ar request.tsq
4540: .Op Fl no_nonce
4541: .Op Fl out Ar request.tsq
4542: .Op Fl policy Ar object_id
4543: .Op Fl text
4544: .nr nS 0
4545: .Pp
4546: .nr nS 1
4547: .Nm "openssl ts"
4548: .Fl reply
4549: .Op Fl chain Ar certs_file.pem
4550: .Op Fl config Ar configfile
4551: .Op Fl in Ar response.tsr
4552: .Op Fl inkey Ar private.pem
4553: .Op Fl out Ar response.tsr
4554: .Op Fl passin Ar arg
4555: .Op Fl policy Ar object_id
4556: .Op Fl queryfile Ar request.tsq
4557: .Op Fl section Ar tsa_section
4558: .Op Fl signer Ar tsa_cert.pem
4559: .Op Fl text
4560: .Op Fl token_in
4561: .Op Fl token_out
4562: .nr nS 0
4563: .Pp
4564: .nr nS 1
4565: .Nm "openssl ts"
4566: .Fl verify
4567: .Op Fl CAfile Ar trusted_certs.pem
4568: .Op Fl CApath Ar trusted_cert_path
4569: .Op Fl data Ar file_to_hash
4570: .Op Fl digest Ar digest_bytes
4571: .Op Fl in Ar response.tsr
4572: .Op Fl queryfile Ar request.tsq
4573: .Op Fl token_in
4574: .Op Fl untrusted Ar cert_file.pem
4575: .nr nS 0
4576: .Pp
4577: The
4578: .Nm ts
4579: command is a basic Time Stamping Authority (TSA) client and server
4580: application as specified in RFC 3161 (Time-Stamp Protocol, TSP).
4581: A TSA can be part of a PKI deployment and its role is to provide long
1.72 jmc 4582: term proof of the existence of specific data.
1.1 jsing 4583: Here is a brief description of the protocol:
4584: .Bl -enum
4585: .It
4586: The TSA client computes a one-way hash value for a data file and sends
4587: the hash to the TSA.
4588: .It
4589: The TSA attaches the current date and time to the received hash value,
4590: signs them and sends the time stamp token back to the client.
4591: By creating this token the TSA certifies the existence of the original
4592: data file at the time of response generation.
4593: .It
4594: The TSA client receives the time stamp token and verifies the
4595: signature on it.
4596: It also checks if the token contains the same hash
4597: value that it had sent to the TSA.
4598: .El
4599: .Pp
4600: There is one DER-encoded protocol data unit defined for transporting a time
4601: stamp request to the TSA and one for sending the time stamp response
4602: back to the client.
4603: The
4604: .Nm ts
4605: command has three main functions:
4606: creating a time stamp request based on a data file;
4607: creating a time stamp response based on a request;
4608: and verifying if a response corresponds
4609: to a particular request or a data file.
4610: .Pp
4611: There is no support for sending the requests/responses automatically
4612: over HTTP or TCP yet as suggested in RFC 3161.
4613: Users must send the requests either by FTP or email.
4614: .Pp
4615: The
4616: .Fl query
4617: switch can be used for creating and printing a time stamp
4618: request with the following options:
4619: .Bl -tag -width Ds
4620: .It Fl cert
1.72 jmc 4621: Expect the TSA to include its signing certificate in the response.
1.1 jsing 4622: .It Fl config Ar configfile
1.72 jmc 4623: Specify an alternative configuration file.
4624: Only the OID section is used.
1.1 jsing 4625: .It Fl data Ar file_to_hash
4626: The data file for which the time stamp request needs to be created.
1.72 jmc 4627: The default is standard input.
1.1 jsing 4628: .It Fl digest Ar digest_bytes
1.72 jmc 4629: Specify the message imprint explicitly without the data file.
1.1 jsing 4630: The imprint must be specified in a hexadecimal format,
4631: two characters per byte,
1.72 jmc 4632: the bytes optionally separated by colons.
1.1 jsing 4633: The number of bytes must match the message digest algorithm in use.
4634: .It Fl in Ar request.tsq
1.72 jmc 4635: A previously created time stamp request in DER
1.1 jsing 4636: format that will be printed into the output file.
1.72 jmc 4637: Useful for examining the content of a request in human-readable format.
1.76 jmc 4638: .It Fl md4 | md5 | ripemd160 | sha | sha1
1.1 jsing 4639: The message digest to apply to the data file.
4640: It supports all the message digest algorithms that are supported by the
4641: .Nm dgst
4642: command.
4643: The default is SHA-1.
4644: .It Fl no_nonce
1.72 jmc 4645: Specify no nonce in the request.
4646: The default, to include a 64-bit long pseudo-random nonce,
4647: is recommended to protect against replay attacks.
1.1 jsing 4648: .It Fl out Ar request.tsq
1.72 jmc 4649: The output file to write to,
4650: or standard output if not specified.
1.1 jsing 4651: .It Fl policy Ar object_id
4652: The policy that the client expects the TSA to use for creating the
4653: time stamp token.
1.72 jmc 4654: Either dotted OID notation or OID names defined
1.1 jsing 4655: in the config file can be used.
1.72 jmc 4656: If no policy is requested the TSA uses its own default policy.
1.1 jsing 4657: .It Fl text
1.72 jmc 4658: Output in human-readable text format instead of DER.
1.1 jsing 4659: .El
4660: .Pp
4661: A time stamp response (TimeStampResp) consists of a response status
4662: and the time stamp token itself (ContentInfo),
4663: if the token generation was successful.
4664: The
4665: .Fl reply
4666: command is for creating a time stamp
4667: response or time stamp token based on a request and printing the
4668: response/token in human-readable format.
4669: If
4670: .Fl token_out
4671: is not specified the output is always a time stamp response (TimeStampResp),
4672: otherwise it is a time stamp token (ContentInfo).
4673: .Bl -tag -width Ds
4674: .It Fl chain Ar certs_file.pem
1.72 jmc 4675: The collection of PEM certificates
1.1 jsing 4676: that will be included in the response
4677: in addition to the signer certificate if the
4678: .Fl cert
4679: option was used for the request.
4680: This file is supposed to contain the certificate chain
4681: for the signer certificate from its issuer upwards.
4682: The
4683: .Fl reply
4684: command does not build a certificate chain automatically.
4685: .It Fl config Ar configfile
1.72 jmc 4686: Specify an alternative configuration file.
1.1 jsing 4687: .It Fl in Ar response.tsr
1.72 jmc 4688: Specify a previously created time stamp response (or time stamp token, if
1.1 jsing 4689: .Fl token_in
1.72 jmc 4690: is also specified)
1.1 jsing 4691: in DER format that will be written to the output file.
4692: This option does not require a request;
4693: it is useful, for example,
1.72 jmc 4694: to examine the content of a response or token
4695: or to extract the time stamp token from a response.
1.1 jsing 4696: If the input is a token and the output is a time stamp response a default
1.72 jmc 4697: .Qq granted
1.1 jsing 4698: status info is added to the token.
4699: .It Fl inkey Ar private.pem
4700: The signer private key of the TSA in PEM format.
4701: Overrides the
4702: .Cm signer_key
4703: config file option.
4704: .It Fl out Ar response.tsr
4705: The response is written to this file.
4706: The format and content of the file depends on other options (see
4707: .Fl text
4708: and
4709: .Fl token_out ) .
4710: The default is stdout.
4711: .It Fl passin Ar arg
4712: The key password source.
4713: .It Fl policy Ar object_id
1.72 jmc 4714: The default policy to use for the response.
4715: Either dotted OID notation or OID names defined
4716: in the config file can be used.
4717: If no policy is requested the TSA uses its own default policy.
1.1 jsing 4718: .It Fl queryfile Ar request.tsq
1.72 jmc 4719: The file containing a DER-encoded time stamp request.
1.1 jsing 4720: .It Fl section Ar tsa_section
1.72 jmc 4721: The config file section containing the settings for response generation.
1.1 jsing 4722: .It Fl signer Ar tsa_cert.pem
1.72 jmc 4723: The PEM signer certificate of the TSA.
1.1 jsing 4724: The TSA signing certificate must have exactly one extended key usage
4725: assigned to it: timeStamping.
4726: The extended key usage must also be critical,
4727: otherwise the certificate is going to be refused.
4728: Overrides the
4729: .Cm signer_cert
4730: variable of the config file.
4731: .It Fl text
1.72 jmc 4732: Output in human-readable text format instead of DER.
1.1 jsing 4733: .It Fl token_in
1.72 jmc 4734: The input is a DER-encoded time stamp token (ContentInfo)
4735: instead of a time stamp response (TimeStampResp).
1.1 jsing 4736: .It Fl token_out
1.72 jmc 4737: The output is a time stamp token (ContentInfo)
4738: instead of a time stamp response (TimeStampResp).
1.1 jsing 4739: .El
4740: .Pp
4741: The
4742: .Fl verify
4743: command is for verifying if a time stamp response or time stamp token
4744: is valid and matches a particular time stamp request or data file.
4745: The
4746: .Fl verify
4747: command does not use the configuration file.
4748: .Bl -tag -width Ds
4749: .It Fl CAfile Ar trusted_certs.pem
1.72 jmc 4750: The file containing a set of trusted self-signed PEM CA certificates.
4751: See
1.1 jsing 4752: .Nm verify
4753: for additional details.
4754: Either this option or
4755: .Fl CApath
4756: must be specified.
4757: .It Fl CApath Ar trusted_cert_path
1.72 jmc 4758: The directory containing the trused CA certificates of the client.
4759: See
1.1 jsing 4760: .Nm verify
4761: for additional details.
4762: Either this option or
4763: .Fl CAfile
4764: must be specified.
4765: .It Fl data Ar file_to_hash
4766: The response or token must be verified against
4767: .Ar file_to_hash .
4768: The file is hashed with the message digest algorithm specified in the token.
4769: The
4770: .Fl digest
4771: and
4772: .Fl queryfile
4773: options must not be specified with this one.
4774: .It Fl digest Ar digest_bytes
4775: The response or token must be verified against the message digest specified
4776: with this option.
4777: The number of bytes must match the message digest algorithm
4778: specified in the token.
4779: The
4780: .Fl data
4781: and
4782: .Fl queryfile
4783: options must not be specified with this one.
4784: .It Fl in Ar response.tsr
4785: The time stamp response that needs to be verified, in DER format.
4786: This option in mandatory.
4787: .It Fl queryfile Ar request.tsq
4788: The original time stamp request, in DER format.
4789: The
4790: .Fl data
4791: and
4792: .Fl digest
4793: options must not be specified with this one.
4794: .It Fl token_in
1.72 jmc 4795: The input is a DER-encoded time stamp token (ContentInfo)
4796: instead of a time stamp response (TimeStampResp).
1.1 jsing 4797: .It Fl untrusted Ar cert_file.pem
1.72 jmc 4798: Additional untrusted PEM certificates which may be needed
4799: when building the certificate chain for the TSA's signing certificate.
1.1 jsing 4800: This file must contain the TSA signing certificate and
4801: all intermediate CA certificates unless the response includes them.
4802: .El
4803: .Pp
1.72 jmc 4804: Options specified on the command line always override
4805: the settings in the config file:
1.1 jsing 4806: .Bl -tag -width Ds
4807: .It Cm tsa Ar section , Cm default_tsa
4808: This is the main section and it specifies the name of another section
4809: that contains all the options for the
4810: .Fl reply
4811: option.
1.72 jmc 4812: This section can be overridden with the
1.1 jsing 4813: .Fl section
4814: command line switch.
4815: .It Cm oid_file
4816: See
4817: .Nm ca
4818: for a description.
4819: .It Cm oid_section
4820: See
4821: .Nm ca
4822: for a description.
4823: .It Cm serial
1.72 jmc 4824: The file containing the hexadecimal serial number of the
1.1 jsing 4825: last time stamp response created.
4826: This number is incremented by 1 for each response.
1.72 jmc 4827: If the file does not exist at the time of response generation
4828: a new file is created with serial number 1.
1.1 jsing 4829: This parameter is mandatory.
4830: .It Cm signer_cert
4831: TSA signing certificate, in PEM format.
4832: The same as the
4833: .Fl signer
4834: command line option.
4835: .It Cm certs
1.72 jmc 4836: A set of PEM-encoded certificates that need to be
1.1 jsing 4837: included in the response.
4838: The same as the
4839: .Fl chain
4840: command line option.
4841: .It Cm signer_key
4842: The private key of the TSA, in PEM format.
4843: The same as the
4844: .Fl inkey
4845: command line option.
4846: .It Cm default_policy
4847: The default policy to use when the request does not mandate any policy.
4848: The same as the
4849: .Fl policy
4850: command line option.
4851: .It Cm other_policies
4852: Comma separated list of policies that are also acceptable by the TSA
4853: and used only if the request explicitly specifies one of them.
4854: .It Cm digests
4855: The list of message digest algorithms that the TSA accepts.
4856: At least one algorithm must be specified.
4857: This parameter is mandatory.
4858: .It Cm accuracy
4859: The accuracy of the time source of the TSA in seconds, milliseconds
4860: and microseconds.
4861: For example, secs:1, millisecs:500, microsecs:100.
4862: If any of the components is missing,
4863: zero is assumed for that field.
4864: .It Cm clock_precision_digits
1.72 jmc 4865: The maximum number of digits, which represent the fraction of seconds,
4866: that need to be included in the time field.
1.1 jsing 4867: The trailing zeroes must be removed from the time,
1.72 jmc 4868: so there might actually be fewer digits
1.1 jsing 4869: or no fraction of seconds at all.
4870: The maximum value is 6;
4871: the default is 0.
4872: .It Cm ordering
4873: If this option is yes,
4874: the responses generated by this TSA can always be ordered,
4875: even if the time difference between two responses is less
4876: than the sum of their accuracies.
4877: The default is no.
4878: .It Cm tsa_name
4879: Set this option to yes if the subject name of the TSA must be included in
4880: the TSA name field of the response.
4881: The default is no.
4882: .It Cm ess_cert_id_chain
4883: The SignedData objects created by the TSA always contain the
4884: certificate identifier of the signing certificate in a signed
4885: attribute (see RFC 2634, Enhanced Security Services).
4886: If this option is set to yes and either the
4887: .Cm certs
4888: variable or the
4889: .Fl chain
4890: option is specified then the certificate identifiers of the chain will also
4891: be included in the SigningCertificate signed attribute.
4892: If this variable is set to no,
4893: only the signing certificate identifier is included.
4894: The default is no.
4895: .El
4896: .Sh VERIFY
4897: .nr nS 1
4898: .Nm "openssl verify"
4899: .Op Fl CAfile Ar file
4900: .Op Fl CApath Ar directory
4901: .Op Fl check_ss_sig
4902: .Op Fl crl_check
4903: .Op Fl crl_check_all
4904: .Op Fl explicit_policy
4905: .Op Fl extended_crl
4906: .Op Fl help
4907: .Op Fl ignore_critical
4908: .Op Fl inhibit_any
4909: .Op Fl inhibit_map
4910: .Op Fl issuer_checks
4911: .Op Fl policy_check
4912: .Op Fl purpose Ar purpose
4913: .Op Fl untrusted Ar file
4914: .Op Fl verbose
4915: .Op Fl x509_strict
4916: .Op Ar certificates
4917: .nr nS 0
4918: .Pp
4919: The
4920: .Nm verify
4921: command verifies certificate chains.
4922: .Pp
4923: The options are as follows:
4924: .Bl -tag -width Ds
4925: .It Fl check_ss_sig
4926: Verify the signature on the self-signed root CA.
4927: This is disabled by default
4928: because it doesn't add any security.
4929: .It Fl CAfile Ar file
4930: A
4931: .Ar file
4932: of trusted certificates.
4933: The
4934: .Ar file
4935: should contain multiple certificates in PEM format, concatenated together.
4936: .It Fl CApath Ar directory
4937: A
4938: .Ar directory
4939: of trusted certificates.
1.76 jmc 4940: The certificates, or symbolic links to them,
4941: should have names of the form
4942: .Ar hash Ns .0 ,
4943: where
4944: .Ar hash
4945: is the hashed certificate subject name
4946: (see the
1.1 jsing 4947: .Fl hash
4948: option of the
4949: .Nm x509
4950: utility).
4951: .It Fl crl_check
1.76 jmc 4952: Check end entity certificate validity by attempting to look up a valid CRL.
1.1 jsing 4953: If a valid CRL cannot be found an error occurs.
4954: .It Fl crl_check_all
1.76 jmc 4955: Check the validity of all certificates in the chain by attempting
1.1 jsing 4956: to look up valid CRLs.
4957: .It Fl explicit_policy
1.76 jmc 4958: Set policy variable require-explicit-policy (RFC 3280).
1.1 jsing 4959: .It Fl extended_crl
4960: Enable extended CRL features such as indirect CRLs and alternate CRL
4961: signing keys.
4962: .It Fl help
1.76 jmc 4963: Print a usage message.
1.1 jsing 4964: .It Fl ignore_critical
1.76 jmc 4965: Ignore critical extensions instead of rejecting the certificate.
1.1 jsing 4966: .It Fl inhibit_any
1.76 jmc 4967: Set policy variable inhibit-any-policy (RFC 3280).
1.1 jsing 4968: .It Fl inhibit_map
1.76 jmc 4969: Set policy variable inhibit-policy-mapping (RFC 3280).
1.1 jsing 4970: .It Fl issuer_checks
1.76 jmc 4971: Print diagnostics relating to searches for the issuer certificate
4972: of the current certificate
4973: showing why each candidate issuer certificate was rejected.
4974: The presence of rejection messages
4975: does not itself imply that anything is wrong:
4976: during the normal verify process several rejections may take place.
1.1 jsing 4977: .It Fl policy_check
1.76 jmc 4978: Enable certificate policy processing.
1.1 jsing 4979: .It Fl purpose Ar purpose
4980: The intended use for the certificate.
4981: Without this option no chain verification will be done.
4982: Currently accepted uses are
1.76 jmc 4983: .Cm sslclient , sslserver ,
4984: .Cm nssslserver , smimesign ,
4985: .Cm smimeencrypt , crlsign ,
4986: .Cm any ,
1.1 jsing 4987: and
1.76 jmc 4988: .Cm ocsphelper .
1.1 jsing 4989: .It Fl untrusted Ar file
4990: A
4991: .Ar file
4992: of untrusted certificates.
4993: The
4994: .Ar file
4995: should contain multiple certificates.
4996: .It Fl verbose
4997: Print extra information about the operations being performed.
4998: .It Fl x509_strict
4999: Disable workarounds for broken certificates which have to be disabled
5000: for strict X.509 compliance.
5001: .It Ar certificates
1.76 jmc 5002: One or more PEM
1.1 jsing 5003: .Ar certificates
5004: to verify.
5005: If no certificate files are included, an attempt is made to read
5006: a certificate from standard input.
1.76 jmc 5007: If the first certificate filename begins with a dash,
5008: use a lone dash to mark the last option.
1.1 jsing 5009: .El
1.76 jmc 5010: .Pp
1.1 jsing 5011: The
5012: .Nm verify
5013: program uses the same functions as the internal SSL and S/MIME verification,
1.76 jmc 5014: with one crucial difference:
5015: wherever possible an attempt is made to continue after an error,
5016: whereas normally the verify operation would halt on the first error.
1.1 jsing 5017: This allows all the problems with a certificate chain to be determined.
5018: .Pp
1.76 jmc 5019: The verify operation consists of a number of separate steps.
1.1 jsing 5020: Firstly a certificate chain is built up starting from the supplied certificate
5021: and ending in the root CA.
5022: It is an error if the whole chain cannot be built up.
5023: The chain is built up by looking up the issuer's certificate of the current
5024: certificate.
5025: If a certificate is found which is its own issuer, it is assumed
5026: to be the root CA.
5027: .Pp
1.76 jmc 5028: All certificates whose subject name matches the issuer name
1.1 jsing 5029: of the current certificate are subject to further tests.
5030: The relevant authority key identifier components of the current certificate
1.76 jmc 5031: (if present) must match the subject key identifier (if present)
5032: and issuer and serial number of the candidate issuer;
5033: in addition the
5034: .Cm keyUsage
5035: extension of the candidate issuer (if present) must permit certificate signing.
1.1 jsing 5036: .Pp
5037: The lookup first looks in the list of untrusted certificates and if no match
5038: is found the remaining lookups are from the trusted certificates.
1.76 jmc 5039: The root CA is always looked up in the trusted certificate list:
5040: if the certificate to verify is a root certificate,
5041: then an exact match must be found in the trusted list.
1.1 jsing 5042: .Pp
5043: The second operation is to check every untrusted certificate's extensions for
5044: consistency with the supplied purpose.
5045: If the
5046: .Fl purpose
5047: option is not included, then no checks are done.
5048: The supplied or
5049: .Qq leaf
5050: certificate must have extensions compatible with the supplied purpose
5051: and all other certificates must also be valid CA certificates.
5052: The precise extensions required are described in more detail in
5053: the
1.76 jmc 5054: .Nm X509
1.1 jsing 5055: section below.
5056: .Pp
5057: The third operation is to check the trust settings on the root CA.
5058: The root CA should be trusted for the supplied purpose.
1.76 jmc 5059: A certificate with no trust settings is considered to be valid for
1.1 jsing 5060: all purposes.
5061: .Pp
5062: The final operation is to check the validity of the certificate chain.
5063: The validity period is checked against the current system time and the
1.76 jmc 5064: .Cm notBefore
1.1 jsing 5065: and
1.76 jmc 5066: .Cm notAfter
1.1 jsing 5067: dates in the certificate.
5068: The certificate signatures are also checked at this point.
5069: .Pp
5070: If all operations complete successfully, the certificate is considered
5071: valid.
5072: If any operation fails then the certificate is not valid.
5073: When a verify operation fails, the output messages can be somewhat cryptic.
5074: The general form of the error message is:
1.76 jmc 5075: .Bd -literal
5076: server.pem: /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test CA (1024-bit)
5077: error 24 at 1 depth lookup:invalid CA certificate
1.1 jsing 5078: .Ed
5079: .Pp
5080: The first line contains the name of the certificate being verified, followed by
5081: the subject name of the certificate.
5082: The second line contains the error number and the depth.
5083: The depth is the number of the certificate being verified when a
5084: problem was detected starting with zero for the certificate being verified
5085: itself, then 1 for the CA that signed the certificate and so on.
5086: Finally a text version of the error number is presented.
5087: .Pp
5088: An exhaustive list of the error codes and messages is shown below; this also
5089: includes the name of the error code as defined in the header file
1.12 bentley 5090: .In openssl/x509_vfy.h .
1.76 jmc 5091: Some of the error codes are defined but never returned: these are described as
1.1 jsing 5092: .Qq unused .
5093: .Bl -tag -width "XXXX"
1.78 jmc 5094: .It 0 X509_V_OK
1.1 jsing 5095: The operation was successful.
1.78 jmc 5096: .It 2 X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT
5097: The issuer certificate of an untrusted certificate could not be found.
5098: .It 3 X509_V_ERR_UNABLE_TO_GET_CRL
1.1 jsing 5099: The CRL of a certificate could not be found.
1.78 jmc 5100: .It 4 X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE
1.1 jsing 5101: The certificate signature could not be decrypted.
1.78 jmc 5102: This means that the actual signature value could not be determined
5103: rather than it not matching the expected value.
1.1 jsing 5104: This is only meaningful for RSA keys.
1.78 jmc 5105: .It 5 X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE
5106: The CRL signature could not be decrypted.
5107: This means that the actual signature value could not be determined
5108: rather than it not matching the expected value.
1.1 jsing 5109: Unused.
1.78 jmc 5110: .It 6 X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY
1.1 jsing 5111: The public key in the certificate
1.76 jmc 5112: .Cm SubjectPublicKeyInfo
1.1 jsing 5113: could not be read.
1.78 jmc 5114: .It 7 X509_V_ERR_CERT_SIGNATURE_FAILURE
1.1 jsing 5115: The signature of the certificate is invalid.
1.78 jmc 5116: .It 8 X509_V_ERR_CRL_SIGNATURE_FAILURE
1.1 jsing 5117: The signature of the certificate is invalid.
1.78 jmc 5118: .It 9 X509_V_ERR_CERT_NOT_YET_VALID
1.1 jsing 5119: The certificate is not yet valid: the
1.76 jmc 5120: .Cm notBefore
1.1 jsing 5121: date is after the current time.
1.78 jmc 5122: .It 10 X509_V_ERR_CERT_HAS_EXPIRED
1.1 jsing 5123: The certificate has expired; that is, the
1.76 jmc 5124: .Cm notAfter
1.1 jsing 5125: date is before the current time.
1.78 jmc 5126: .It 11 X509_V_ERR_CRL_NOT_YET_VALID
1.1 jsing 5127: The CRL is not yet valid.
1.78 jmc 5128: .It 12 X509_V_ERR_CRL_HAS_EXPIRED
1.1 jsing 5129: The CRL has expired.
1.78 jmc 5130: .It 13 X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD
1.1 jsing 5131: The certificate
1.76 jmc 5132: .Cm notBefore
1.1 jsing 5133: field contains an invalid time.
1.78 jmc 5134: .It 14 X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD
1.1 jsing 5135: The certificate
1.76 jmc 5136: .Cm notAfter
1.1 jsing 5137: field contains an invalid time.
1.78 jmc 5138: .It 15 X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD
1.1 jsing 5139: The CRL
1.76 jmc 5140: .Cm lastUpdate
1.1 jsing 5141: field contains an invalid time.
1.78 jmc 5142: .It 16 X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD
1.1 jsing 5143: The CRL
1.76 jmc 5144: .Cm nextUpdate
1.1 jsing 5145: field contains an invalid time.
1.78 jmc 5146: .It 17 X509_V_ERR_OUT_OF_MEM
1.1 jsing 5147: An error occurred trying to allocate memory.
5148: This should never happen.
1.78 jmc 5149: .It 18 X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT
1.1 jsing 5150: The passed certificate is self-signed and the same certificate cannot be
5151: found in the list of trusted certificates.
1.78 jmc 5152: .It 19 X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN
1.1 jsing 5153: The certificate chain could be built up using the untrusted certificates but
5154: the root could not be found locally.
1.78 jmc 5155: .It 20 X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY
1.1 jsing 5156: The issuer certificate of a locally looked up certificate could not be found.
5157: This normally means the list of trusted certificates is not complete.
1.78 jmc 5158: .It 21 X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE
1.1 jsing 5159: No signatures could be verified because the chain contains only one
5160: certificate and it is not self-signed.
1.78 jmc 5161: .It 22 X509_V_ERR_CERT_CHAIN_TOO_LONG
1.1 jsing 5162: The certificate chain length is greater than the supplied maximum depth.
5163: Unused.
1.78 jmc 5164: .It 23 X509_V_ERR_CERT_REVOKED
1.1 jsing 5165: The certificate has been revoked.
1.78 jmc 5166: .It 24 X509_V_ERR_INVALID_CA
1.1 jsing 5167: A CA certificate is invalid.
5168: Either it is not a CA or its extensions are not consistent
5169: with the supplied purpose.
1.78 jmc 5170: .It 25 X509_V_ERR_PATH_LENGTH_EXCEEDED
1.1 jsing 5171: The
1.76 jmc 5172: .Cm basicConstraints
1.1 jsing 5173: pathlength parameter has been exceeded.
1.78 jmc 5174: .It 26 X509_V_ERR_INVALID_PURPOSE
1.1 jsing 5175: The supplied certificate cannot be used for the specified purpose.
1.78 jmc 5176: .It 27 X509_V_ERR_CERT_UNTRUSTED
1.1 jsing 5177: The root CA is not marked as trusted for the specified purpose.
1.78 jmc 5178: .It 28 X509_V_ERR_CERT_REJECTED
1.1 jsing 5179: The root CA is marked to reject the specified purpose.
1.78 jmc 5180: .It 29 X509_V_ERR_SUBJECT_ISSUER_MISMATCH
1.1 jsing 5181: The current candidate issuer certificate was rejected because its subject name
5182: did not match the issuer name of the current certificate.
5183: Only displayed when the
5184: .Fl issuer_checks
5185: option is set.
1.78 jmc 5186: .It 30 X509_V_ERR_AKID_SKID_MISMATCH
1.1 jsing 5187: The current candidate issuer certificate was rejected because its subject key
5188: identifier was present and did not match the authority key identifier current
5189: certificate.
5190: Only displayed when the
5191: .Fl issuer_checks
5192: option is set.
1.78 jmc 5193: .It 31 X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH
1.1 jsing 5194: The current candidate issuer certificate was rejected because its issuer name
5195: and serial number were present and did not match the authority key identifier
5196: of the current certificate.
5197: Only displayed when the
5198: .Fl issuer_checks
5199: option is set.
1.78 jmc 5200: .It 32 X509_V_ERR_KEYUSAGE_NO_CERTSIGN
1.1 jsing 5201: The current candidate issuer certificate was rejected because its
1.76 jmc 5202: .Cm keyUsage
1.1 jsing 5203: extension does not permit certificate signing.
1.78 jmc 5204: .It 50 X509_V_ERR_APPLICATION_VERIFICATION
1.1 jsing 5205: An application specific error.
5206: Unused.
5207: .El
5208: .Sh VERSION
5209: .Nm openssl version
5210: .Op Fl abdfopv
5211: .Pp
5212: The
5213: .Nm version
5214: command is used to print out version information about
1.79 jmc 5215: .Nm openssl .
1.1 jsing 5216: .Pp
5217: The options are as follows:
5218: .Bl -tag -width Ds
5219: .It Fl a
5220: All information: this is the same as setting all the other flags.
5221: .It Fl b
5222: The date the current version of
1.79 jmc 5223: .Nm openssl
1.1 jsing 5224: was built.
5225: .It Fl d
5226: .Ev OPENSSLDIR
5227: setting.
5228: .It Fl f
5229: Compilation flags.
5230: .It Fl o
5231: Option information: various options set when the library was built.
5232: .It Fl p
5233: Platform setting.
5234: .It Fl v
5235: The current
1.79 jmc 5236: .Nm openssl
1.1 jsing 5237: version.
5238: .El
5239: .Sh X509
5240: .nr nS 1
5241: .Nm "openssl x509"
5242: .Op Fl C
5243: .Op Fl addreject Ar arg
5244: .Op Fl addtrust Ar arg
5245: .Op Fl alias
5246: .Op Fl CA Ar file
5247: .Op Fl CAcreateserial
1.80 jmc 5248: .Op Fl CAform Cm der | pem
1.1 jsing 5249: .Op Fl CAkey Ar file
1.80 jmc 5250: .Op Fl CAkeyform Cm der | pem
1.1 jsing 5251: .Op Fl CAserial Ar file
5252: .Op Fl certopt Ar option
5253: .Op Fl checkend Ar arg
5254: .Op Fl clrext
5255: .Op Fl clrreject
5256: .Op Fl clrtrust
5257: .Op Fl dates
5258: .Op Fl days Ar arg
5259: .Op Fl email
5260: .Op Fl enddate
5261: .Op Fl extensions Ar section
5262: .Op Fl extfile Ar file
5263: .Op Fl fingerprint
5264: .Op Fl hash
5265: .Op Fl in Ar file
1.80 jmc 5266: .Op Fl inform Cm der | net | pem
1.1 jsing 5267: .Op Fl issuer
5268: .Op Fl issuer_hash
5269: .Op Fl issuer_hash_old
1.80 jmc 5270: .Op Fl keyform Cm der | pem
1.29 bcook 5271: .Op Fl md5 | sha1
1.1 jsing 5272: .Op Fl modulus
5273: .Op Fl nameopt Ar option
5274: .Op Fl noout
5275: .Op Fl ocsp_uri
5276: .Op Fl ocspid
5277: .Op Fl out Ar file
1.80 jmc 5278: .Op Fl outform Cm der | net | pem
1.1 jsing 5279: .Op Fl passin Ar arg
5280: .Op Fl pubkey
5281: .Op Fl purpose
5282: .Op Fl req
5283: .Op Fl serial
5284: .Op Fl set_serial Ar n
5285: .Op Fl setalias Ar arg
5286: .Op Fl signkey Ar file
5287: .Op Fl startdate
5288: .Op Fl subject
5289: .Op Fl subject_hash
5290: .Op Fl subject_hash_old
5291: .Op Fl text
5292: .Op Fl trustout
5293: .Op Fl x509toreq
5294: .nr nS 0
5295: .Pp
5296: The
5297: .Nm x509
5298: command is a multi-purpose certificate utility.
5299: It can be used to display certificate information, convert certificates to
5300: various forms, sign certificate requests like a
5301: .Qq mini CA ,
5302: or edit certificate trust settings.
5303: .Pp
1.80 jmc 5304: The following are x509 input, output, and general purpose options:
1.1 jsing 5305: .Bl -tag -width "XXXX"
5306: .It Fl in Ar file
1.80 jmc 5307: The input file to read from,
5308: or standard input if not specified.
5309: .It Fl inform Cm der | net | pem
5310: The input format.
1.1 jsing 5311: Normally, the command will expect an X.509 certificate,
5312: but this can change if other options such as
5313: .Fl req
5314: are present.
1.29 bcook 5315: .It Fl md5 | sha1
1.1 jsing 5316: The digest to use.
5317: This affects any signing or display option that uses a message digest,
5318: such as the
5319: .Fl fingerprint , signkey ,
5320: and
5321: .Fl CA
5322: options.
5323: If not specified, MD5 is used.
1.80 jmc 5324: SHA1 is always used with DSA keys.
1.1 jsing 5325: .It Fl out Ar file
1.80 jmc 5326: The output file to write to,
5327: or standard output if none is specified.
5328: .It Fl outform Cm der | net | pem
5329: The output format.
1.1 jsing 5330: .It Fl passin Ar arg
5331: The key password source.
5332: .El
1.80 jmc 5333: .Pp
5334: The following are x509 display options:
1.1 jsing 5335: .Bl -tag -width "XXXX"
5336: .It Fl C
1.80 jmc 5337: Output the certificate in the form of a C source file.
1.1 jsing 5338: .It Fl certopt Ar option
5339: Customise the output format used with
1.80 jmc 5340: .Fl text ,
5341: either using a list of comma-separated options or by specifying
1.1 jsing 5342: .Fl certopt
1.80 jmc 5343: multiple times.
5344: The default behaviour is to print all fields.
5345: The options are as follows:
5346: .Pp
5347: .Bl -tag -width "no_extensions" -offset indent -compact
5348: .It Cm ca_default
5349: Equivalent to
5350: .Cm no_issuer , no_pubkey , no_header ,
5351: .Cm no_version , no_sigdump ,
5352: and
5353: .Cm no_signame .
5354: .It Cm compatible
5355: Equivalent to no output options at all.
5356: .It Cm ext_default
5357: Print unsupported certificate extensions.
5358: .It Cm ext_dump
5359: Hex dump unsupported extensions.
5360: .It Cm ext_error
5361: Print an error message for unsupported certificate extensions.
5362: .It Cm ext_parse
1.84 jmc 5363: ASN.1 parse unsupported extensions.
1.80 jmc 5364: .It Cm no_aux
5365: Do not print certificate trust information.
5366: .It Cm no_extensions
5367: Do not print X509V3 extensions.
5368: .It Cm no_header
5369: Do not print header (Certificate and Data) information.
5370: .It Cm no_issuer
5371: Do not print the issuer name.
5372: .It Cm no_pubkey
5373: Do not print the public key.
5374: .It Cm no_serial
5375: Do not print the serial number.
5376: .It Cm no_sigdump
5377: Do not give a hexadecimal dump of the certificate signature.
5378: .It Cm no_signame
5379: Do not print the signature algorithm used.
5380: .It Cm no_subject
5381: Do not print the subject name.
5382: .It Cm no_validity
5383: Do not print the
5384: .Cm notBefore
5385: and
5386: .Cm notAfter
5387: (validity) fields.
5388: .It Cm no_version
5389: Do not print the version number.
5390: .El
1.1 jsing 5391: .It Fl dates
1.80 jmc 5392: Print the start and expiry date of a certificate.
1.1 jsing 5393: .It Fl email
1.80 jmc 5394: Output the email addresses, if any.
1.1 jsing 5395: .It Fl enddate
1.80 jmc 5396: Print the expiry date of the certificate; that is, the
5397: .Cm notAfter
1.1 jsing 5398: date.
5399: .It Fl fingerprint
1.80 jmc 5400: Print the digest of the DER-encoded version of the whole certificate.
1.1 jsing 5401: .It Fl hash
5402: A synonym for
1.80 jmc 5403: .Fl subject_hash .
1.1 jsing 5404: .It Fl issuer
1.80 jmc 5405: Print the issuer name.
1.1 jsing 5406: .It Fl issuer_hash
1.80 jmc 5407: Print the hash of the certificate issuer name.
1.1 jsing 5408: .It Fl issuer_hash_old
1.80 jmc 5409: Print the hash of the certificate issuer name
5410: using the older algorithm as used by
5411: .Nm openssl
1.1 jsing 5412: versions before 1.0.0.
5413: .It Fl modulus
1.80 jmc 5414: Print the value of the modulus of the public key contained in the certificate.
1.1 jsing 5415: .It Fl nameopt Ar option
1.80 jmc 5416: Customise how the subject or issuer names are displayed,
5417: either using a list of comma-separated options or by specifying
1.1 jsing 5418: .Fl nameopt
1.80 jmc 5419: multiple times.
5420: The default behaviour is to use the
5421: .Cm oneline
5422: format.
5423: The options,
5424: which can be preceded by a dash to turn them off,
5425: are as follows:
5426: .Bl -tag -width "XXXX"
5427: .It Cm align
5428: Align field values for a more readable output.
5429: Only usable with
5430: .Ar sep_multiline .
5431: .It Cm compat
5432: Use the old format,
5433: equivalent to specifying no options at all.
5434: .It Cm dn_rev
5435: Reverse the fields of the DN, as required by RFC 2253.
5436: As a side effect, this also reverses the order of multiple AVAs.
5437: .It Cm dump_all
5438: Dump all fields.
5439: When used with
5440: .Ar dump_der ,
5441: it allows the DER encoding of the structure to be unambiguously determined.
5442: .It Cm dump_der
5443: Any fields that need to be hexdumped are
5444: dumped using the DER encoding of the field.
5445: Otherwise just the content octets will be displayed.
5446: Both options use the RFC 2253 #XXXX... format.
5447: .It Cm dump_nostr
5448: Dump non-character string types
5449: (for example OCTET STRING);
5450: usually, non-character string types are displayed
5451: as though each content octet represents a single character.
5452: .It Cm dump_unknown
5453: Dump any field whose OID is not recognised by
5454: .Nm openssl .
5455: .It Cm esc_2253
5456: Escape the
5457: .Qq special
5458: characters required by RFC 2253 in a field that is
5459: .Dq \& ,+"<>; .
5460: Additionally,
5461: .Sq #
5462: is escaped at the beginning of a string
5463: and a space character at the beginning or end of a string.
5464: .It Cm esc_ctrl
5465: Escape control characters.
5466: That is, those with ASCII values less than 0x20 (space)
5467: and the delete (0x7f) character.
5468: They are escaped using the RFC 2253 \eXX notation (where XX are two hex
5469: digits representing the character value).
5470: .It Cm esc_msb
5471: Escape characters with the MSB set; that is, with ASCII values larger than
5472: 127.
5473: .It Cm multiline
5474: A multiline format.
5475: Equivalent to
5476: .Cm esc_ctrl , esc_msb , sep_multiline ,
5477: .Cm space_eq , lname ,
5478: and
5479: .Cm align .
5480: .It Cm no_type
5481: Do not attempt to interpret multibyte characters.
5482: That is, content octets are merely dumped as though one octet
5483: represents each character.
5484: This is useful for diagnostic purposes
5485: but results in rather odd looking output.
5486: .It Cm nofname , sname , lname , oid
5487: Alter how the field name is displayed:
5488: .Cm nofname
5489: does not display the field at all;
5490: .Cm sname
5491: uses the short name form (CN for
5492: .Cm commonName ,
5493: for example);
5494: .Cm lname
5495: uses the long form.
5496: .Cm oid
5497: represents the OID in numerical form and is useful for diagnostic purpose.
5498: .It Cm oneline
5499: A one line format which is more readable than
5500: .Cm RFC2253 .
5501: Equivalent to
5502: .Cm esc_2253 , esc_ctrl , esc_msb , utf8 ,
5503: .Cm dump_nostr , dump_der , use_quote , sep_comma_plus_spc ,
5504: .Cm space_eq ,
5505: and
5506: .Cm sname .
5507: .It Cm RFC2253
5508: Displays names compatible with RFC 2253.
5509: Equivalent to
5510: .Cm esc_2253 , esc_ctrl ,
5511: .Cm esc_msb , utf8 , dump_nostr , dump_unknown ,
5512: .Cm dump_der , sep_comma_plus , dn_rev ,
5513: and
5514: .Cm sname .
5515: .It Cm sep_comma_plus , sep_comma_plus_space , sep_semi_plus_space , sep_multiline
5516: Determine the field separators:
5517: the first character is between RDNs and the second between multiple AVAs
5518: (multiple AVAs are very rare and their use is discouraged).
5519: The options ending in
5520: .Qq space
5521: additionally place a space after the separator to make it more readable.
5522: .Cm sep_multiline
5523: uses a linefeed character for the RDN separator and a spaced
5524: .Sq +
5525: for the AVA separator,
5526: as well as indenting the fields by four characters.
5527: .It Cm show_type
1.84 jmc 5528: Show the type of the ASN.1 character string.
1.80 jmc 5529: The type precedes the field contents.
5530: For example
5531: .Qq BMPSTRING: Hello World .
5532: .It Cm space_eq
5533: Place spaces round the
5534: .Sq =
5535: character which follows the field name.
5536: .It Cm use_quote
5537: Escape some characters by surrounding the whole string with
5538: .Sq \&"
5539: characters.
5540: Without the option, all escaping is done with the
5541: .Sq \e
5542: character.
5543: .It Cm utf8
5544: Convert all strings to UTF8 format first, as required by RFC 2253.
5545: On a UTF8 compatible terminal,
5546: the use of this option (and not setting
5547: .Cm esc_msb )
5548: may result in the correct display of multibyte characters.
5549: Usually, multibyte characters larger than 0xff
5550: are represented using the format \eUXXXX for 16 bits and \eWXXXXXXXX
5551: for 32 bits,
5552: and any UTF8Strings are converted to their character form first.
5553: .El
1.1 jsing 5554: .It Fl noout
1.80 jmc 5555: Do not output the encoded version of the request.
1.1 jsing 5556: .It Fl ocsp_uri
1.80 jmc 5557: Print the OCSP responder addresses, if any.
1.1 jsing 5558: .It Fl ocspid
5559: Print OCSP hash values for the subject name and public key.
5560: .It Fl pubkey
1.80 jmc 5561: Print the public key.
1.1 jsing 5562: .It Fl serial
1.80 jmc 5563: Print the certificate serial number.
1.1 jsing 5564: .It Fl startdate
1.80 jmc 5565: Print the start date of the certificate; that is, the
5566: .Cm notBefore
1.1 jsing 5567: date.
5568: .It Fl subject
1.80 jmc 5569: Print the subject name.
1.1 jsing 5570: .It Fl subject_hash
1.80 jmc 5571: Print the hash of the certificate subject name.
1.1 jsing 5572: This is used in
1.80 jmc 5573: .Nm openssl
1.1 jsing 5574: to form an index to allow certificates in a directory to be looked up
5575: by subject name.
5576: .It Fl subject_hash_old
1.80 jmc 5577: Print the hash of the certificate subject name
5578: using the older algorithm as used by
5579: .Nm openssl
1.1 jsing 5580: versions before 1.0.0.
5581: .It Fl text
1.80 jmc 5582: Print the full certificate in text form.
1.1 jsing 5583: .El
5584: .Pp
1.80 jmc 5585: A trusted certificate is a certificate which has several
1.1 jsing 5586: additional pieces of information attached to it such as the permitted
1.80 jmc 5587: and prohibited uses of the certificate and an alias.
5588: When a certificate is being verified at least one certificate must be trusted.
5589: By default, a trusted certificate must be stored locally and be a root CA.
5590: The following are x509 trust settings options:
1.1 jsing 5591: .Bl -tag -width "XXXX"
5592: .It Fl addreject Ar arg
1.80 jmc 5593: Add a prohibited use.
5594: Accepts the same values as the
1.1 jsing 5595: .Fl addtrust
5596: option.
5597: .It Fl addtrust Ar arg
1.80 jmc 5598: Add a trusted certificate use.
1.1 jsing 5599: Any object name can be used here, but currently only
1.80 jmc 5600: .Cm clientAuth
5601: (SSL client use),
5602: .Cm serverAuth
5603: (SSL server use),
5604: and
5605: .Cm emailProtection
5606: (S/MIME email) are used.
1.1 jsing 5607: .It Fl alias
1.80 jmc 5608: Output the certificate alias.
1.1 jsing 5609: .It Fl clrreject
1.80 jmc 5610: Clear all the prohibited or rejected uses of the certificate.
1.1 jsing 5611: .It Fl clrtrust
1.80 jmc 5612: Clear all the permitted or trusted uses of the certificate.
1.1 jsing 5613: .It Fl purpose
1.80 jmc 5614: Perform tests on the certificate extensions.
5615: The same code is used when verifying untrusted certificates in chains,
5616: so this section is useful if a chain is rejected by the verify code.
5617: .Pp
5618: The
5619: .Cm basicConstraints
5620: extension CA flag is used to determine whether the
5621: certificate can be used as a CA.
5622: If the CA flag is true, it is a CA;
5623: if the CA flag is false, it is not a CA.
5624: All CAs should have the CA flag set to true.
5625: .Pp
5626: If the
5627: .Cm basicConstraints
5628: extension is absent, then the certificate is
5629: considered to be a possible CA;
5630: other extensions are checked according to the intended use of the certificate.
5631: A warning is given in this case because the certificate should really not
5632: be regarded as a CA.
5633: However it is allowed to be a CA to work around some broken software.
5634: .Pp
5635: If the certificate is a V1 certificate
5636: (and thus has no extensions) and it is self-signed,
5637: it is also assumed to be a CA but a warning is again given.
5638: This is to work around the problem of Verisign roots
5639: which are V1 self-signed certificates.
5640: .Pp
5641: If the
5642: .Cm keyUsage
5643: extension is present, then additional restraints are
5644: made on the uses of the certificate.
5645: A CA certificate must have the
5646: .Cm keyCertSign
5647: bit set if the
5648: .Cm keyUsage
5649: extension is present.
5650: .Pp
5651: The extended key usage extension places additional restrictions on the
5652: certificate uses.
5653: If this extension is present, whether critical or not,
5654: the key can only be used for the purposes specified.
5655: .Pp
5656: A complete description of each test is given below.
5657: The comments about
5658: .Cm basicConstraints
5659: and
5660: .Cm keyUsage
5661: and V1 certificates above apply to all CA certificates.
5662: .Bl -tag -width "XXXX"
5663: .It SSL Client
5664: The extended key usage extension must be absent or include the
5665: web client authentication OID.
5666: .Cm keyUsage
5667: must be absent or it must have the
5668: .Cm digitalSignature
5669: bit set.
5670: The Netscape certificate type must be absent
5671: or it must have the SSL client bit set.
5672: .It SSL Client CA
5673: The extended key usage extension must be absent or include the
5674: web client authentication OID.
5675: The Netscape certificate type must be absent
5676: or it must have the SSL CA bit set:
5677: this is used as a workaround if the
5678: .Cm basicConstraints
5679: extension is absent.
5680: .It SSL Server
5681: The extended key usage extension must be absent or include the
5682: web server authentication and/or one of the SGC OIDs.
5683: .Cm keyUsage
5684: must be absent or it must have the
5685: .Cm digitalSignature
5686: set, the
5687: .Cm keyEncipherment
5688: set, or both bits set.
5689: The Netscape certificate type must be absent or have the SSL server bit set.
5690: .It SSL Server CA
5691: The extended key usage extension must be absent or include the
5692: web server authentication and/or one of the SGC OIDs.
5693: The Netscape certificate type must be absent or the SSL CA bit must be set:
5694: this is used as a workaround if the
5695: .Cm basicConstraints
5696: extension is absent.
5697: .It Netscape SSL Server
5698: For Netscape SSL clients to connect to an SSL server; it must have the
5699: .Cm keyEncipherment
5700: bit set if the
5701: .Cm keyUsage
5702: extension is present.
5703: This isn't always valid because some cipher suites use the key for
5704: digital signing.
5705: Otherwise it is the same as a normal SSL server.
5706: .It Common S/MIME Client Tests
5707: The extended key usage extension must be absent or include the
5708: email protection OID.
5709: The Netscape certificate type must be absent or should have the S/MIME bit set.
5710: If the S/MIME bit is not set in Netscape certificate type, then the SSL
5711: client bit is tolerated as an alternative but a warning is shown:
5712: this is because some Verisign certificates don't set the S/MIME bit.
5713: .It S/MIME Signing
5714: In addition to the common S/MIME client tests, the
5715: .Cm digitalSignature
5716: bit must be set if the
5717: .Cm keyUsage
5718: extension is present.
5719: .It S/MIME Encryption
5720: In addition to the common S/MIME tests, the
5721: .Cm keyEncipherment
5722: bit must be set if the
5723: .Cm keyUsage
5724: extension is present.
5725: .It S/MIME CA
5726: The extended key usage extension must be absent or include the
5727: email protection OID.
5728: The Netscape certificate type must be absent
5729: or must have the S/MIME CA bit set:
5730: this is used as a workaround if the
5731: .Cm basicConstraints
5732: extension is absent.
5733: .It CRL Signing
5734: The
5735: .Cm keyUsage
5736: extension must be absent or it must have the CRL signing bit set.
5737: .It CRL Signing CA
5738: The normal CA tests apply, except the
5739: .Cm basicConstraints
5740: extension must be present.
5741: .El
1.1 jsing 5742: .It Fl setalias Ar arg
1.80 jmc 5743: Set the alias of the certificate,
5744: allowing the certificate to be referred to using a nickname,
5745: such as
1.1 jsing 5746: .Qq Steve's Certificate .
5747: .It Fl trustout
1.80 jmc 5748: Output a trusted certificate
5749: (the default if any trust settings are modified).
1.1 jsing 5750: An ordinary or trusted certificate can be input, but by default an ordinary
5751: certificate is output and any trust settings are discarded.
5752: .El
1.80 jmc 5753: .Pp
1.1 jsing 5754: The
5755: .Nm x509
1.80 jmc 5756: utility can be used to sign certificates and requests:
5757: it can thus behave like a mini CA.
5758: The following are x509 signing options:
1.1 jsing 5759: .Bl -tag -width "XXXX"
5760: .It Fl CA Ar file
1.80 jmc 5761: The CA certificate to be used for signing.
1.1 jsing 5762: When this option is present,
5763: .Nm x509
1.80 jmc 5764: behaves like a mini CA.
1.1 jsing 5765: The input file is signed by the CA using this option;
5766: that is, its issuer name is set to the subject name of the CA and it is
5767: digitally signed using the CA's private key.
5768: .Pp
5769: This option is normally combined with the
5770: .Fl req
5771: option.
5772: Without the
5773: .Fl req
5774: option, the input is a certificate which must be self-signed.
5775: .It Fl CAcreateserial
1.80 jmc 5776: Create the CA serial number file if it does not exist
5777: instead of generating an error.
5778: The file will contain the serial number
1.1 jsing 5779: .Sq 02
5780: and the certificate being signed will have
5781: .Sq 1
5782: as its serial number.
1.80 jmc 5783: .It Fl CAform Cm der | pem
1.1 jsing 5784: The format of the CA certificate file.
5785: The default is
1.80 jmc 5786: .Cm pem .
1.1 jsing 5787: .It Fl CAkey Ar file
1.80 jmc 5788: Set the CA private key to sign a certificate with.
5789: Otherwise it is assumed that the CA private key is present
5790: in the CA certificate file.
5791: .It Fl CAkeyform Cm der | pem
1.1 jsing 5792: The format of the CA private key.
5793: The default is
1.80 jmc 5794: .Cm pem .
1.1 jsing 5795: .It Fl CAserial Ar file
1.80 jmc 5796: Use the serial number in
5797: .Ar file
5798: to sign a certificate.
5799: The file should consist of one line containing an even number of hex digits
1.1 jsing 5800: with the serial number to use.
5801: After each use the serial number is incremented and written out
5802: to the file again.
5803: .Pp
5804: The default filename consists of the CA certificate file base name with
5805: .Pa .srl
5806: appended.
5807: For example, if the CA certificate file is called
5808: .Pa mycacert.pem ,
5809: it expects to find a serial number file called
5810: .Pa mycacert.srl .
5811: .It Fl checkend Ar arg
5812: Check whether the certificate expires in the next
5813: .Ar arg
5814: seconds.
5815: If so, exit with return value 1;
5816: otherwise exit with return value 0.
5817: .It Fl clrext
5818: Delete any extensions from a certificate.
5819: This option is used when a certificate is being created from another
5820: certificate (for example with the
5821: .Fl signkey
5822: or the
5823: .Fl CA
5824: options).
5825: Normally, all extensions are retained.
5826: .It Fl days Ar arg
1.80 jmc 5827: The number of days to make a certificate valid for.
1.1 jsing 5828: The default is 30 days.
5829: .It Fl extensions Ar section
5830: The section to add certificate extensions from.
5831: If this option is not specified, the extensions should either be
1.80 jmc 5832: contained in the unnamed (default) section
5833: or the default section should contain a variable called
1.1 jsing 5834: .Qq extensions
5835: which contains the section to use.
5836: .It Fl extfile Ar file
5837: File containing certificate extensions to use.
5838: If not specified, no extensions are added to the certificate.
1.80 jmc 5839: .It Fl keyform Cm der | pem
5840: The format of the private key file used in the
1.1 jsing 5841: .Fl signkey
5842: option.
5843: .It Fl req
1.80 jmc 5844: Expect a certificate request on input instead of a certificate.
1.1 jsing 5845: .It Fl set_serial Ar n
1.80 jmc 5846: The serial number to use.
1.1 jsing 5847: This option can be used with either the
5848: .Fl signkey
5849: or
5850: .Fl CA
5851: options.
5852: If used in conjunction with the
5853: .Fl CA
5854: option, the serial number file (as specified by the
5855: .Fl CAserial
5856: or
5857: .Fl CAcreateserial
5858: options) is not used.
5859: .Pp
5860: The serial number can be decimal or hex (if preceded by
5861: .Sq 0x ) .
5862: Negative serial numbers can also be specified but their use is not recommended.
5863: .It Fl signkey Ar file
1.80 jmc 5864: Self-sign
5865: .Ar file
5866: using the supplied private key.
1.1 jsing 5867: .Pp
5868: If the input file is a certificate, it sets the issuer name to the
1.80 jmc 5869: subject name (i.e. makes it self-signed),
1.1 jsing 5870: changes the public key to the supplied value,
5871: and changes the start and end dates.
5872: The start date is set to the current time and the end date is set to
5873: a value determined by the
5874: .Fl days
5875: option.
5876: Any certificate extensions are retained unless the
5877: .Fl clrext
5878: option is supplied.
5879: .Pp
5880: If the input is a certificate request, a self-signed certificate
5881: is created using the supplied private key using the subject name in
5882: the request.
5883: .It Fl x509toreq
1.80 jmc 5884: Convert a certificate into a certificate request.
1.1 jsing 5885: The
5886: .Fl signkey
5887: option is used to pass the required private key.
5888: .El
1.38 jmc 5889: .Sh COMMON NOTATION
5890: Several commands share a common syntax,
5891: as detailed below.
5892: .Pp
5893: Password arguments, typically specified using
1.33 jmc 5894: .Fl passin
5895: and
5896: .Fl passout
1.38 jmc 5897: for input and output passwords,
5898: allow passwords to be obtained from a variety of sources.
5899: Both of these options take a single argument, described below.
1.33 jmc 5900: If no password argument is given and a password is required,
5901: then the user is prompted to enter one:
5902: this will typically be read from the current terminal with echoing turned off.
1.38 jmc 5903: .Bl -tag -width "pass:password" -offset indent
5904: .It Cm pass : Ns Ar password
1.33 jmc 5905: The actual password is
5906: .Ar password .
1.38 jmc 5907: Since the password is visible to utilities,
1.33 jmc 5908: this form should only be used where security is not important.
1.38 jmc 5909: .It Cm env : Ns Ar var
1.33 jmc 5910: Obtain the password from the environment variable
5911: .Ar var .
1.38 jmc 5912: Since the environment of other processes is visible,
5913: this option should be used with caution.
5914: .It Cm file : Ns Ar path
1.33 jmc 5915: The first line of
5916: .Ar path
5917: is the password.
5918: If the same
5919: .Ar path
5920: argument is supplied to
5921: .Fl passin
5922: and
5923: .Fl passout ,
5924: then the first line will be used for the input password and the next line
5925: for the output password.
5926: .Ar path
5927: need not refer to a regular file:
5928: it could, for example, refer to a device or named pipe.
1.38 jmc 5929: .It Cm fd : Ns Ar number
1.33 jmc 5930: Read the password from the file descriptor
5931: .Ar number .
1.38 jmc 5932: This can be used to send the data via a pipe, for example.
5933: .It Cm stdin
1.33 jmc 5934: Read the password from standard input.
1.35 jmc 5935: .El
1.38 jmc 5936: .Pp
1.64 jmc 5937: Input/output formats,
1.38 jmc 5938: typically specified using
5939: .Fl inform
5940: and
5941: .Fl outform ,
1.64 jmc 5942: indicate the format being read from or written to.
1.38 jmc 5943: The argument is case insensitive.
5944: .Pp
5945: .Bl -tag -width Ds -offset indent -compact
5946: .It Cm der
5947: Distinguished Encoding Rules (DER)
5948: is a binary format.
1.64 jmc 5949: .It Cm net
5950: Insecure legacy format.
1.38 jmc 5951: .It Cm pem
5952: Privacy Enhanced Mail (PEM)
5953: is base64-encoded.
1.70 jmc 5954: .It Cm smime
5955: An SMIME format message.
1.38 jmc 5956: .It Cm txt
5957: Plain ASCII text.
5958: .El
1.35 jmc 5959: .Sh ENVIRONMENT
5960: The following environment variables affect the execution of
5961: .Nm openssl :
1.38 jmc 5962: .Bl -tag -width "/etc/ssl/openssl.cnf"
1.35 jmc 5963: .It Ev OPENSSL_CONF
5964: The location of the master configuration file.
1.33 jmc 5965: .El
1.1 jsing 5966: .Sh FILES
5967: .Bl -tag -width "/etc/ssl/openssl.cnf" -compact
1.17 sobrado 5968: .It Pa /etc/ssl/
1.1 jsing 5969: Default config directory for
5970: .Nm openssl .
1.17 sobrado 5971: .It Pa /etc/ssl/lib/
1.1 jsing 5972: Unused.
1.17 sobrado 5973: .It Pa /etc/ssl/private/
1.1 jsing 5974: Default private key directory.
1.17 sobrado 5975: .It Pa /etc/ssl/openssl.cnf
1.1 jsing 5976: Default configuration file for
5977: .Nm openssl .
1.17 sobrado 5978: .It Pa /etc/ssl/x509v3.cnf
1.1 jsing 5979: Default configuration file for
5980: .Nm x509
5981: certificates.
5982: .El
5983: .Sh SEE ALSO
1.74 jmc 5984: .Xr acme-client 1 ,
1.26 jmc 5985: .Xr nc 1 ,
1.90 schwarze 5986: .Xr openssl.cnf 5 ,
5987: .Xr x509v3.cnf 5 ,
1.1 jsing 5988: .Xr ssl 8 ,
5989: .Xr starttls 8
5990: .Sh STANDARDS
5991: .Rs
5992: .%A T. Dierks
5993: .%A C. Allen
5994: .%D January 1999
5995: .%R RFC 2246
5996: .%T The TLS Protocol Version 1.0
5997: .Re
5998: .Pp
5999: .Rs
6000: .%A M. Wahl
6001: .%A S. Killie
6002: .%A T. Howes
6003: .%D December 1997
6004: .%R RFC 2253
6005: .%T Lightweight Directory Access Protocol (v3): UTF-8 String Representation of Distinguished Names
6006: .Re
6007: .Pp
6008: .Rs
6009: .%A B. Kaliski
6010: .%D March 1998
6011: .%R RFC 2315
6012: .%T PKCS #7: Cryptographic Message Syntax Version 1.5
6013: .Re
6014: .Pp
6015: .Rs
6016: .%A R. Housley
6017: .%A W. Ford
6018: .%A W. Polk
6019: .%A D. Solo
6020: .%D January 1999
6021: .%R RFC 2459
6022: .%T Internet X.509 Public Key Infrastructure Certificate and CRL Profile
6023: .Re
6024: .Pp
6025: .Rs
6026: .%A M. Myers
6027: .%A R. Ankney
6028: .%A A. Malpani
6029: .%A S. Galperin
6030: .%A C. Adams
6031: .%D June 1999
6032: .%R RFC 2560
6033: .%T X.509 Internet Public Key Infrastructure Online Certificate Status Protocol \(en OCSP
6034: .Re
6035: .Pp
6036: .Rs
6037: .%A R. Housley
6038: .%D June 1999
6039: .%R RFC 2630
6040: .%T Cryptographic Message Syntax
6041: .Re
6042: .Pp
6043: .Rs
6044: .%A P. Chown
6045: .%D June 2002
6046: .%R RFC 3268
1.24 jmc 6047: .%T Advanced Encryption Standard (AES) Ciphersuites for Transport Layer Security (TLS)
1.1 jsing 6048: .Re