Annotation of src/usr.bin/openssl/openssl.1, Revision 1.113
1.113 ! inoguchi 1: .\" $OpenBSD: openssl.1,v 1.112 2019/07/16 12:14:30 inoguchi Exp $
1.1 jsing 2: .\" ====================================================================
3: .\" Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
4: .\"
5: .\" Redistribution and use in source and binary forms, with or without
6: .\" modification, are permitted provided that the following conditions
7: .\" are met:
8: .\"
9: .\" 1. Redistributions of source code must retain the above copyright
10: .\" notice, this list of conditions and the following disclaimer.
11: .\"
12: .\" 2. Redistributions in binary form must reproduce the above copyright
13: .\" notice, this list of conditions and the following disclaimer in
14: .\" the documentation and/or other materials provided with the
15: .\" distribution.
16: .\"
17: .\" 3. All advertising materials mentioning features or use of this
18: .\" software must display the following acknowledgment:
19: .\" "This product includes software developed by the OpenSSL Project
20: .\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
21: .\"
22: .\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
23: .\" endorse or promote products derived from this software without
24: .\" prior written permission. For written permission, please contact
25: .\" openssl-core@openssl.org.
26: .\"
27: .\" 5. Products derived from this software may not be called "OpenSSL"
28: .\" nor may "OpenSSL" appear in their names without prior written
29: .\" permission of the OpenSSL Project.
30: .\"
31: .\" 6. Redistributions of any form whatsoever must retain the following
32: .\" acknowledgment:
33: .\" "This product includes software developed by the OpenSSL Project
34: .\" for use in the OpenSSL Toolkit (http://www.openssl.org/)"
35: .\"
36: .\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
37: .\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
38: .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
39: .\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
40: .\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
41: .\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
42: .\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
43: .\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
44: .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
45: .\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
46: .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
47: .\" OF THE POSSIBILITY OF SUCH DAMAGE.
48: .\" ====================================================================
49: .\"
50: .\" This product includes cryptographic software written by Eric Young
51: .\" (eay@cryptsoft.com). This product includes software written by Tim
52: .\" Hudson (tjh@cryptsoft.com).
53: .\"
54: .\"
55: .\" Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
56: .\" All rights reserved.
57: .\"
58: .\" This package is an SSL implementation written
59: .\" by Eric Young (eay@cryptsoft.com).
60: .\" The implementation was written so as to conform with Netscapes SSL.
61: .\"
62: .\" This library is free for commercial and non-commercial use as long as
63: .\" the following conditions are aheared to. The following conditions
64: .\" apply to all code found in this distribution, be it the RC4, RSA,
65: .\" lhash, DES, etc., code; not just the SSL code. The SSL documentation
66: .\" included with this distribution is covered by the same copyright terms
67: .\" except that the holder is Tim Hudson (tjh@cryptsoft.com).
68: .\"
69: .\" Copyright remains Eric Young's, and as such any Copyright notices in
70: .\" the code are not to be removed.
71: .\" If this package is used in a product, Eric Young should be given attribution
72: .\" as the author of the parts of the library used.
73: .\" This can be in the form of a textual message at program startup or
74: .\" in documentation (online or textual) provided with the package.
75: .\"
76: .\" Redistribution and use in source and binary forms, with or without
77: .\" modification, are permitted provided that the following conditions
78: .\" are met:
79: .\" 1. Redistributions of source code must retain the copyright
80: .\" notice, this list of conditions and the following disclaimer.
81: .\" 2. Redistributions in binary form must reproduce the above copyright
82: .\" notice, this list of conditions and the following disclaimer in the
83: .\" documentation and/or other materials provided with the distribution.
84: .\" 3. All advertising materials mentioning features or use of this software
85: .\" must display the following acknowledgement:
86: .\" "This product includes cryptographic software written by
87: .\" Eric Young (eay@cryptsoft.com)"
88: .\" The word 'cryptographic' can be left out if the rouines from the library
89: .\" being used are not cryptographic related :-).
90: .\" 4. If you include any Windows specific code (or a derivative thereof) from
91: .\" the apps directory (application code) you must include an
92: .\" acknowledgement:
93: .\" "This product includes software written by Tim Hudson
94: .\" (tjh@cryptsoft.com)"
95: .\"
96: .\" THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
97: .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
98: .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
99: .\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
100: .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
101: .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
102: .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
103: .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
104: .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
105: .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
106: .\" SUCH DAMAGE.
107: .\"
108: .\" The licence and distribution terms for any publically available version or
109: .\" derivative of this code cannot be changed. i.e. this code cannot simply be
110: .\" copied and put under another distribution licence
111: .\" [including the GNU Public Licence.]
112: .\"
1.113 ! inoguchi 113: .Dd $Mdocdate: July 16 2019 $
1.1 jsing 114: .Dt OPENSSL 1
115: .Os
116: .Sh NAME
117: .Nm openssl
118: .Nd OpenSSL command line tool
119: .Sh SYNOPSIS
120: .Nm
1.90 schwarze 121: .Ar command
1.1 jsing 122: .Op Ar command_opts
123: .Op Ar command_args
124: .Pp
125: .Nm
1.13 bentley 126: .Cm list-standard-commands |
127: .Cm list-message-digest-commands |
128: .Cm list-cipher-commands |
129: .Cm list-cipher-algorithms |
130: .Cm list-message-digest-algorithms |
1.1 jsing 131: .Cm list-public-key-algorithms
132: .Pp
133: .Nm
1.39 jmc 134: .Cm no- Ns Ar command
1.1 jsing 135: .Sh DESCRIPTION
136: .Nm OpenSSL
1.31 jmc 137: is a cryptography toolkit implementing the
138: Transport Layer Security
1.1 jsing 139: .Pq TLS v1
1.31 jmc 140: network protocol,
141: as well as related cryptography standards.
1.1 jsing 142: .Pp
143: The
144: .Nm
145: program is a command line tool for using the various
146: cryptography functions of
1.39 jmc 147: .Nm openssl Ns 's
1.33 jmc 148: crypto library from the shell.
1.1 jsing 149: .Pp
150: The pseudo-commands
151: .Cm list-standard-commands , list-message-digest-commands ,
152: and
153: .Cm list-cipher-commands
154: output a list
155: .Pq one entry per line
156: of the names of all standard commands, message digest commands,
157: or cipher commands, respectively, that are available in the present
158: .Nm
159: utility.
160: .Pp
161: The pseudo-commands
162: .Cm list-cipher-algorithms
163: and
164: .Cm list-message-digest-algorithms
165: list all cipher and message digest names,
166: one entry per line.
167: Aliases are listed as:
168: .Pp
1.33 jmc 169: .D1 from => to
1.1 jsing 170: .Pp
171: The pseudo-command
172: .Cm list-public-key-algorithms
173: lists all supported public key algorithms.
174: .Pp
175: The pseudo-command
1.39 jmc 176: .Cm no- Ns Ar command
1.1 jsing 177: tests whether a command of the
178: specified name is available.
1.39 jmc 179: If
180: .Ar command
181: does not exist,
1.1 jsing 182: it returns 0
183: and prints
1.39 jmc 184: .Cm no- Ns Ar command ;
1.1 jsing 185: otherwise it returns 1 and prints
1.39 jmc 186: .Ar command .
187: In both cases, the output goes to stdout and nothing is printed to stderr.
1.1 jsing 188: Additional command line arguments are always ignored.
189: Since for each cipher there is a command of the same name,
190: this provides an easy way for shell scripts to test for the
191: availability of ciphers in the
192: .Nm
193: program.
194: .Pp
195: .Sy Note :
1.39 jmc 196: .Cm no- Ns Ar command
1.1 jsing 197: is not able to detect pseudo-commands such as
198: .Cm quit ,
199: .Cm list- Ns Ar ... Ns Cm -commands ,
200: or
1.39 jmc 201: .Cm no- Ns Ar command
1.1 jsing 202: itself.
203: .Sh ASN1PARSE
204: .nr nS 1
205: .Nm "openssl asn1parse"
206: .Op Fl i
207: .Op Fl dlimit Ar number
208: .Op Fl dump
209: .Op Fl genconf Ar file
210: .Op Fl genstr Ar str
211: .Op Fl in Ar file
1.34 jmc 212: .Op Fl inform Cm der | pem | txt
1.1 jsing 213: .Op Fl length Ar number
214: .Op Fl noout
215: .Op Fl offset Ar number
216: .Op Fl oid Ar file
217: .Op Fl out Ar file
218: .Op Fl strparse Ar offset
219: .nr nS 0
220: .Pp
221: The
222: .Nm asn1parse
223: command is a diagnostic utility that can parse ASN.1 structures.
224: It can also be used to extract data from ASN.1 formatted data.
225: .Pp
226: The options are as follows:
227: .Bl -tag -width Ds
228: .It Fl dlimit Ar number
229: Dump the first
230: .Ar number
231: bytes of unknown data in hex form.
232: .It Fl dump
233: Dump unknown data in hex form.
234: .It Fl genconf Ar file , Fl genstr Ar str
235: Generate encoded data based on string
236: .Ar str ,
237: file
238: .Ar file ,
1.34 jmc 239: or both, using the format described in
240: .Xr ASN1_generate_nconf 3 .
1.1 jsing 241: If only
242: .Ar file
243: is present then the string is obtained from the default section
244: using the name
245: .Dq asn1 .
1.84 jmc 246: The encoded data is passed through the ASN.1 parser and printed out as
1.1 jsing 247: though it came from a file;
248: the contents can thus be examined and written to a file using the
249: .Fl out
250: option.
251: .It Fl i
1.34 jmc 252: Indent the output according to the
1.1 jsing 253: .Qq depth
254: of the structures.
255: .It Fl in Ar file
1.41 jmc 256: The input file to read from, or standard input if not specified.
1.34 jmc 257: .It Fl inform Cm der | pem | txt
1.1 jsing 258: The input format.
259: .It Fl length Ar number
1.34 jmc 260: Number of bytes to parse; the default is until end of file.
1.1 jsing 261: .It Fl noout
1.46 jmc 262: Do not output the parsed version of the input file.
1.1 jsing 263: .It Fl offset Ar number
1.34 jmc 264: Starting offset to begin parsing; the default is start of file.
1.1 jsing 265: .It Fl oid Ar file
266: A file containing additional object identifiers
267: .Pq OIDs .
268: If an OID
269: .Pq object identifier
270: is not part of
1.34 jmc 271: .Nm openssl Ns 's
1.1 jsing 272: internal table it will be represented in
273: numerical form
274: .Pq for example 1.2.3.4 .
1.34 jmc 275: .Pp
1.1 jsing 276: Each line consists of three columns:
277: the first column is the OID in numerical format and should be followed by
278: whitespace.
279: The second column is the
1.34 jmc 280: .Qq short name ,
1.1 jsing 281: which is a single word followed by whitespace.
282: The final column is the rest of the line and is the
283: .Qq long name .
284: .Nm asn1parse
285: displays the long name.
1.34 jmc 286: .It Fl out Ar file
287: The DER-encoded output file; the default is no encoded output
288: (useful when combined with
289: .Fl strparse ) .
290: .It Fl strparse Ar offset
291: Parse the content octets of the ASN.1 object starting at
292: .Ar offset .
293: This option can be used multiple times to
294: .Qq drill down
295: into a nested structure.
296: .El
1.1 jsing 297: .Sh CA
298: .nr nS 1
299: .Nm "openssl ca"
300: .Op Fl batch
301: .Op Fl cert Ar file
302: .Op Fl config Ar file
1.91 schwarze 303: .Op Fl create_serial
1.1 jsing 304: .Op Fl crl_CA_compromise Ar time
305: .Op Fl crl_compromise Ar time
306: .Op Fl crl_hold Ar instruction
307: .Op Fl crl_reason Ar reason
308: .Op Fl crldays Ar days
309: .Op Fl crlexts Ar section
310: .Op Fl crlhours Ar hours
1.103 inoguchi 311: .Op Fl crlsec Ar seconds
1.1 jsing 312: .Op Fl days Ar arg
313: .Op Fl enddate Ar date
314: .Op Fl extensions Ar section
1.103 inoguchi 315: .Op Fl extfile Ar file
1.1 jsing 316: .Op Fl gencrl
317: .Op Fl in Ar file
318: .Op Fl infiles
1.91 schwarze 319: .Op Fl key Ar password
1.103 inoguchi 320: .Op Fl keyfile Ar file
1.91 schwarze 321: .Op Fl keyform Cm pem | der
1.103 inoguchi 322: .Op Fl md Ar alg
1.1 jsing 323: .Op Fl msie_hack
1.107 inoguchi 324: .Op Fl multivalue-rdn
1.1 jsing 325: .Op Fl name Ar section
326: .Op Fl noemailDN
327: .Op Fl notext
328: .Op Fl out Ar file
1.103 inoguchi 329: .Op Fl outdir Ar directory
1.1 jsing 330: .Op Fl passin Ar arg
331: .Op Fl policy Ar arg
332: .Op Fl preserveDN
333: .Op Fl revoke Ar file
1.91 schwarze 334: .Op Fl selfsign
1.103 inoguchi 335: .Op Fl sigopt Ar nm:v
1.1 jsing 336: .Op Fl spkac Ar file
337: .Op Fl ss_cert Ar file
338: .Op Fl startdate Ar date
339: .Op Fl status Ar serial
340: .Op Fl subj Ar arg
341: .Op Fl updatedb
1.91 schwarze 342: .Op Fl utf8
1.1 jsing 343: .Op Fl verbose
344: .nr nS 0
345: .Pp
346: The
347: .Nm ca
1.35 jmc 348: command is a minimal certificate authority (CA) application.
1.1 jsing 349: It can be used to sign certificate requests in a variety of forms
1.35 jmc 350: and generate certificate revocation lists (CRLs).
1.1 jsing 351: It also maintains a text database of issued certificates and their status.
352: .Pp
1.35 jmc 353: The options relevant to CAs are as follows:
1.1 jsing 354: .Bl -tag -width "XXXX"
355: .It Fl batch
1.41 jmc 356: Batch mode.
1.1 jsing 357: In this mode no questions will be asked
358: and all certificates will be certified automatically.
359: .It Fl cert Ar file
360: The CA certificate file.
361: .It Fl config Ar file
1.72 jmc 362: Specify an alternative configuration file.
1.91 schwarze 363: .It Fl create_serial
364: If reading the serial from the text file as specified in the
365: configuration fails, create a new random serial to be used as the
366: next serial number.
1.1 jsing 367: .It Fl days Ar arg
368: The number of days to certify the certificate for.
369: .It Fl enddate Ar date
1.41 jmc 370: Set the expiry date.
1.88 jmc 371: The format of the date is [YY]YYMMDDHHMMSSZ,
372: with all four year digits required for dates from 2050 onwards.
1.1 jsing 373: .It Fl extensions Ar section
374: The section of the configuration file containing certificate extensions
375: to be added when a certificate is issued (defaults to
1.35 jmc 376: .Cm x509_extensions
1.1 jsing 377: unless the
378: .Fl extfile
379: option is used).
380: If no extension section is present, a V1 certificate is created.
381: If the extension section is present
382: .Pq even if it is empty ,
383: then a V3 certificate is created.
1.91 schwarze 384: See the
385: .Xr x509v3.cnf 5
386: manual page for details of the extension section format.
1.1 jsing 387: .It Fl extfile Ar file
388: An additional configuration
389: .Ar file
390: to read certificate extensions from
391: (using the default section unless the
392: .Fl extensions
393: option is also used).
394: .It Fl in Ar file
395: An input
396: .Ar file
397: containing a single certificate request to be signed by the CA.
398: .It Fl infiles
399: If present, this should be the last option; all subsequent arguments
400: are assumed to be the names of files containing certificate requests.
1.91 schwarze 401: .It Fl key Ar password
402: The
403: .Fa password
404: used to encrypt the private key.
1.35 jmc 405: Since on some systems the command line arguments are visible,
406: this option should be used with caution.
1.1 jsing 407: .It Fl keyfile Ar file
408: The private key to sign requests with.
1.91 schwarze 409: .It Fl keyform Cm pem | der
1.1 jsing 410: Private key file format.
1.91 schwarze 411: The default is
412: .Cm pem .
1.1 jsing 413: .It Fl md Ar alg
414: The message digest to use.
415: Possible values include
416: .Ar md5
417: and
418: .Ar sha1 .
419: This option also applies to CRLs.
420: .It Fl msie_hack
421: This is a legacy option to make
422: .Nm ca
423: work with very old versions of the IE certificate enrollment control
424: .Qq certenr3 .
425: It used UniversalStrings for almost everything.
426: Since the old control has various security bugs,
427: its use is strongly discouraged.
428: The newer control
429: .Qq Xenroll
430: does not need this option.
1.107 inoguchi 431: .It Fl multivalue-rdn
1.91 schwarze 432: This option causes the
433: .Fl subj
434: argument to be interpreted with full support for multivalued RDNs,
435: for example
436: .Qq "/DC=org/DC=OpenSSL/DC=users/UID=123456+CN=John Doe" .
437: If
1.107 inoguchi 438: .Fl multivalue-rdn
1.91 schwarze 439: is not used, the UID value is set to
440: .Qq "123456+CN=John Doe" .
1.1 jsing 441: .It Fl name Ar section
442: Specifies the configuration file
443: .Ar section
444: to use (overrides
445: .Cm default_ca
446: in the
447: .Cm ca
448: section).
449: .It Fl noemailDN
450: The DN of a certificate can contain the EMAIL field if present in the
1.30 mmcc 451: request DN, however it is good policy just having the email set into
1.1 jsing 452: the
1.35 jmc 453: .Cm altName
1.1 jsing 454: extension of the certificate.
455: When this option is set, the EMAIL field is removed from the certificate's
456: subject and set only in the, eventually present, extensions.
457: The
458: .Ar email_in_dn
459: keyword can be used in the configuration file to enable this behaviour.
460: .It Fl notext
461: Don't output the text form of a certificate to the output file.
462: .It Fl out Ar file
463: The output file to output certificates to.
464: The default is standard output.
1.91 schwarze 465: The certificate details will also be printed out to this file in
466: PEM format, except that
467: .Fl spkac
468: outputs DER format.
1.1 jsing 469: .It Fl outdir Ar directory
470: The
471: .Ar directory
472: to output certificates to.
473: The certificate will be written to a file consisting of the
474: serial number in hex with
475: .Qq .pem
476: appended.
477: .It Fl passin Ar arg
478: The key password source.
479: .It Fl policy Ar arg
1.41 jmc 480: Define the CA
1.1 jsing 481: .Qq policy
482: to use.
1.35 jmc 483: The policy section in the configuration file
484: consists of a set of variables corresponding to certificate DN fields.
485: The values may be one of
486: .Qq match
487: (the value must match the same field in the CA certificate),
488: .Qq supplied
489: (the value must be present), or
490: .Qq optional
491: (the value may be present).
492: Any fields not mentioned in the policy section
493: are silently deleted, unless the
494: .Fl preserveDN
495: option is set,
496: but this can be regarded more of a quirk than intended behaviour.
1.1 jsing 497: .It Fl preserveDN
498: Normally, the DN order of a certificate is the same as the order of the
499: fields in the relevant policy section.
500: When this option is set, the order is the same as the request.
501: This is largely for compatibility with the older IE enrollment control
502: which would only accept certificates if their DNs matched the order of the
503: request.
504: This is not needed for Xenroll.
1.91 schwarze 505: .It Fl selfsign
506: Indicates the issued certificates are to be signed with the key the
507: certificate requests were signed with, given with
508: .Fl keyfile .
509: Certificate requests signed with a different key are ignored.
510: If
511: .Fl gencrl ,
512: .Fl spkac ,
513: or
514: .Fl ss_cert
515: are given,
516: .Fl selfsign
517: is ignored.
518: .Pp
519: A consequence of using
520: .Fl selfsign
521: is that the self-signed certificate appears among the entries in
522: the certificate database (see the configuration option
523: .Cm database )
524: and uses the same serial number counter as all other certificates
525: signed with the self-signed certificate.
1.103 inoguchi 526: .It Fl sigopt Ar nm:v
527: Pass options to the signature algorithm during sign or certify operations.
528: The names and values of these options are algorithm-specific.
1.1 jsing 529: .It Fl spkac Ar file
530: A file containing a single Netscape signed public key and challenge,
531: and additional field values to be signed by the CA.
1.35 jmc 532: This will usually come from the
533: KEYGEN tag in an HTML form to create a new private key.
534: It is, however, possible to create SPKACs using the
535: .Nm spkac
536: utility.
537: .Pp
538: The file should contain the variable SPKAC set to the value of
539: the SPKAC and also the required DN components as name value pairs.
540: If it's necessary to include the same component twice,
541: then it can be preceded by a number and a
542: .Sq \&. .
1.1 jsing 543: .It Fl ss_cert Ar file
544: A single self-signed certificate to be signed by the CA.
545: .It Fl startdate Ar date
1.41 jmc 546: Set the start date.
1.88 jmc 547: The format of the date is [YY]YYMMDDHHMMSSZ,
548: with all four year digits required for dates from 2050 onwards.
1.91 schwarze 549: .It Fl subj Ar arg
550: Supersedes the subject name given in the request.
551: The
552: .Ar arg
553: must be formatted as
554: .Sm off
555: .Pf / Ar type0 Ns = Ar value0 Ns / Ar type 1 Ns = Ar value 1 Ns /
556: .Ar type2 Ns = Ar ... ;
557: .Sm on
558: characters may be escaped by
559: .Sq \e
560: .Pq backslash ,
561: no spaces are skipped.
562: .It Fl utf8
563: Interpret field values read from a terminal or obtained from a
564: configuration file as UTF-8 strings.
565: By default, they are interpreted as ASCII.
1.1 jsing 566: .It Fl verbose
1.41 jmc 567: Print extra details about the operations being performed.
1.1 jsing 568: .El
1.35 jmc 569: .Pp
570: The options relevant to CRLs are as follows:
1.1 jsing 571: .Bl -tag -width "XXXX"
572: .It Fl crl_CA_compromise Ar time
573: This is the same as
574: .Fl crl_compromise ,
575: except the revocation reason is set to CACompromise.
576: .It Fl crl_compromise Ar time
1.41 jmc 577: Set the revocation reason to keyCompromise and the compromise time to
1.1 jsing 578: .Ar time .
579: .Ar time
580: should be in GeneralizedTime format, i.e. YYYYMMDDHHMMSSZ.
581: .It Fl crl_hold Ar instruction
1.41 jmc 582: Set the CRL revocation reason code to certificateHold and the hold
1.1 jsing 583: instruction to
584: .Ar instruction
585: which must be an OID.
586: Although any OID can be used, only holdInstructionNone
587: (the use of which is discouraged by RFC 2459), holdInstructionCallIssuer or
588: holdInstructionReject will normally be used.
589: .It Fl crl_reason Ar reason
590: Revocation reason, where
591: .Ar reason
592: is one of:
593: unspecified, keyCompromise, CACompromise, affiliationChanged, superseded,
594: cessationOfOperation, certificateHold or removeFromCRL.
595: The matching of
596: .Ar reason
597: is case insensitive.
598: Setting any revocation reason will make the CRL v2.
599: In practice, removeFromCRL is not particularly useful because it is only used
600: in delta CRLs which are not currently implemented.
1.103 inoguchi 601: .It Fl crldays Ar days
1.1 jsing 602: The number of days before the next CRL is due.
603: This is the days from now to place in the CRL
1.35 jmc 604: .Cm nextUpdate
1.1 jsing 605: field.
606: .It Fl crlexts Ar section
607: The
608: .Ar section
609: of the configuration file containing CRL extensions to include.
610: If no CRL extension section is present then a V1 CRL is created;
611: if the CRL extension section is present
1.81 jmc 612: (even if it is empty)
1.1 jsing 613: then a V2 CRL is created.
1.81 jmc 614: The CRL extensions specified are CRL extensions and not CRL entry extensions.
615: It should be noted that some software can't handle V2 CRLs.
1.91 schwarze 616: See the
617: .Xr x509v3.cnf 5
618: manual page for details of the extension section format.
1.103 inoguchi 619: .It Fl crlhours Ar hours
1.1 jsing 620: The number of hours before the next CRL is due.
1.103 inoguchi 621: .It Fl crlsec Ar seconds
622: The number of seconds before the next CRL is due.
1.1 jsing 623: .It Fl gencrl
1.41 jmc 624: Generate a CRL based on information in the index file.
1.1 jsing 625: .It Fl revoke Ar file
626: A
627: .Ar file
628: containing a certificate to revoke.
1.91 schwarze 629: .It Fl status Ar serial
630: Show the status of the certificate with serial number
631: .Ar serial .
632: .It Fl updatedb
633: Update the database index to purge expired certificates.
1.1 jsing 634: .El
635: .Pp
1.35 jmc 636: Many of the options can be set in the
637: .Cm ca
638: section of the configuration file
639: (or in the default section of the configuration file),
640: specified using
641: .Cm default_ca
642: or
643: .Fl name .
644: The options
645: .Cm preserve
646: and
647: .Cm msie_hack
648: are read directly from the
649: .Cm ca
650: section.
1.1 jsing 651: .Pp
652: Many of the configuration file options are identical to command line
653: options.
654: Where the option is present in the configuration file and the command line,
655: the command line value is used.
656: Where an option is described as mandatory, then it must be present in
657: the configuration file or the command line equivalent
658: .Pq if any
659: used.
660: .Bl -tag -width "XXXX"
1.35 jmc 661: .It Cm certificate
1.1 jsing 662: The same as
663: .Fl cert .
664: It gives the file containing the CA certificate.
665: Mandatory.
1.35 jmc 666: .It Cm copy_extensions
1.1 jsing 667: Determines how extensions in certificate requests should be handled.
668: If set to
1.35 jmc 669: .Cm none
1.1 jsing 670: or this option is not present, then extensions are
671: ignored and not copied to the certificate.
672: If set to
1.35 jmc 673: .Cm copy ,
1.1 jsing 674: then any extensions present in the request that are not already present
675: are copied to the certificate.
676: If set to
1.35 jmc 677: .Cm copyall ,
1.1 jsing 678: then all extensions in the request are copied to the certificate:
679: if the extension is already present in the certificate it is deleted first.
1.35 jmc 680: .Pp
681: The
682: .Cm copy_extensions
683: option should be used with caution.
684: If care is not taken, it can be a security risk.
685: For example, if a certificate request contains a
686: .Cm basicConstraints
687: extension with CA:TRUE and the
688: .Cm copy_extensions
689: value is set to
690: .Cm copyall
691: and the user does not spot
1.91 schwarze 692: this when the certificate is displayed, then this will hand the requester
1.35 jmc 693: a valid CA certificate.
694: .Pp
695: This situation can be avoided by setting
696: .Cm copy_extensions
697: to
698: .Cm copy
699: and including
700: .Cm basicConstraints
701: with CA:FALSE in the configuration file.
702: Then if the request contains a
703: .Cm basicConstraints
704: extension, it will be ignored.
1.1 jsing 705: .Pp
706: The main use of this option is to allow a certificate request to supply
707: values for certain extensions such as
1.35 jmc 708: .Cm subjectAltName .
709: .It Cm crl_extensions
1.1 jsing 710: The same as
711: .Fl crlexts .
1.35 jmc 712: .It Cm crlnumber
1.1 jsing 713: A text file containing the next CRL number to use in hex.
714: The CRL number will be inserted in the CRLs only if this file exists.
715: If this file is present, it must contain a valid CRL number.
1.35 jmc 716: .It Cm database
1.1 jsing 717: The text database file to use.
718: Mandatory.
719: This file must be present, though initially it will be empty.
1.35 jmc 720: .It Cm default_crl_hours , default_crl_days
1.1 jsing 721: The same as the
722: .Fl crlhours
723: and
724: .Fl crldays
725: options.
726: These will only be used if neither command line option is present.
727: At least one of these must be present to generate a CRL.
1.35 jmc 728: .It Cm default_days
1.1 jsing 729: The same as the
730: .Fl days
731: option.
732: The number of days to certify a certificate for.
1.35 jmc 733: .It Cm default_enddate
1.1 jsing 734: The same as the
735: .Fl enddate
736: option.
737: Either this option or
1.35 jmc 738: .Cm default_days
1.1 jsing 739: .Pq or the command line equivalents
740: must be present.
1.35 jmc 741: .It Cm default_md
1.1 jsing 742: The same as the
743: .Fl md
744: option.
745: The message digest to use.
746: Mandatory.
1.35 jmc 747: .It Cm default_startdate
1.1 jsing 748: The same as the
749: .Fl startdate
750: option.
751: The start date to certify a certificate for.
752: If not set, the current time is used.
1.35 jmc 753: .It Cm email_in_dn
1.1 jsing 754: The same as
755: .Fl noemailDN .
756: If the EMAIL field is to be removed from the DN of the certificate,
757: simply set this to
758: .Qq no .
759: If not present, the default is to allow for the EMAIL field in the
760: certificate's DN.
1.35 jmc 761: .It Cm msie_hack
1.1 jsing 762: The same as
763: .Fl msie_hack .
1.35 jmc 764: .It Cm name_opt , cert_opt
1.1 jsing 765: These options allow the format used to display the certificate details
766: when asking the user to confirm signing.
767: All the options supported by the
768: .Nm x509
769: utilities'
770: .Fl nameopt
771: and
772: .Fl certopt
773: switches can be used here, except that
1.35 jmc 774: .Cm no_signame
1.1 jsing 775: and
1.35 jmc 776: .Cm no_sigdump
1.1 jsing 777: are permanently set and cannot be disabled
778: (this is because the certificate signature cannot be displayed because
779: the certificate has not been signed at this point).
780: .Pp
781: For convenience, the value
1.35 jmc 782: .Cm ca_default
1.1 jsing 783: is accepted by both to produce a reasonable output.
784: .Pp
785: If neither option is present, the format used in earlier versions of
1.35 jmc 786: .Nm openssl
1.1 jsing 787: is used.
1.81 jmc 788: Use of the old format is strongly discouraged
789: because it only displays fields mentioned in the
1.35 jmc 790: .Cm policy
1.1 jsing 791: section,
792: mishandles multicharacter string types and does not display extensions.
1.35 jmc 793: .It Cm new_certs_dir
1.1 jsing 794: The same as the
795: .Fl outdir
796: command line option.
797: It specifies the directory where new certificates will be placed.
798: Mandatory.
1.35 jmc 799: .It Cm oid_file
1.1 jsing 800: This specifies a file containing additional object identifiers.
801: Each line of the file should consist of the numerical form of the
802: object identifier followed by whitespace, then the short name followed
803: by whitespace and finally the long name.
1.35 jmc 804: .It Cm oid_section
1.1 jsing 805: This specifies a section in the configuration file containing extra
806: object identifiers.
807: Each line should consist of the short name of the object identifier
808: followed by
809: .Sq =
810: and the numerical form.
811: The short and long names are the same when this option is used.
1.35 jmc 812: .It Cm policy
1.1 jsing 813: The same as
814: .Fl policy .
815: Mandatory.
1.35 jmc 816: .It Cm preserve
1.1 jsing 817: The same as
818: .Fl preserveDN .
1.35 jmc 819: .It Cm private_key
1.1 jsing 820: Same as the
821: .Fl keyfile
822: option.
823: The file containing the CA private key.
824: Mandatory.
1.35 jmc 825: .It Cm serial
1.1 jsing 826: A text file containing the next serial number to use in hex.
827: Mandatory.
828: This file must be present and contain a valid serial number.
1.35 jmc 829: .It Cm unique_subject
1.1 jsing 830: If the value
1.35 jmc 831: .Cm yes
1.1 jsing 832: is given, the valid certificate entries in the
833: database must have unique subjects.
834: If the value
1.35 jmc 835: .Cm no
1.1 jsing 836: is given,
837: several valid certificate entries may have the exact same subject.
838: The default value is
1.35 jmc 839: .Cm yes .
840: .It Cm x509_extensions
1.1 jsing 841: The same as
842: .Fl extensions .
843: .El
844: .Sh CIPHERS
845: .Nm openssl ciphers
846: .Op Fl hVv
1.93 schwarze 847: .Op Ar control
1.1 jsing 848: .Pp
849: The
850: .Nm ciphers
1.93 schwarze 851: command converts the
852: .Ar control
853: string from the format documented in
854: .Xr SSL_CTX_set_cipher_list 3
855: into an ordered SSL cipher suite preference list.
856: If no
857: .Ar control
858: string is specified, the
859: .Cm DEFAULT
860: list is printed.
1.1 jsing 861: .Pp
862: The options are as follows:
863: .Bl -tag -width Ds
864: .It Fl h , \&?
865: Print a brief usage message.
866: .It Fl V
1.36 jmc 867: Verbose.
1.92 schwarze 868: List ciphers with cipher suite code in hex format,
869: cipher name, and a complete description of protocol version,
870: key exchange, authentication, encryption, and mac algorithms.
1.36 jmc 871: .It Fl v
1.1 jsing 872: Like
1.36 jmc 873: .Fl V ,
874: but without cipher suite codes.
1.1 jsing 875: .El
876: .Sh CRL
877: .nr nS 1
878: .Nm "openssl crl"
879: .Op Fl CAfile Ar file
880: .Op Fl CApath Ar dir
1.104 inoguchi 881: .Op Fl crlnumber
1.1 jsing 882: .Op Fl fingerprint
883: .Op Fl hash
1.104 inoguchi 884: .Op Fl hash_old
1.1 jsing 885: .Op Fl in Ar file
1.38 jmc 886: .Op Fl inform Cm der | pem
1.1 jsing 887: .Op Fl issuer
888: .Op Fl lastupdate
1.104 inoguchi 889: .Op Fl nameopt Ar option
1.1 jsing 890: .Op Fl nextupdate
891: .Op Fl noout
892: .Op Fl out Ar file
1.38 jmc 893: .Op Fl outform Cm der | pem
1.1 jsing 894: .Op Fl text
1.104 inoguchi 895: .Op Fl verify
1.1 jsing 896: .nr nS 0
897: .Pp
898: The
899: .Nm crl
900: command processes CRL files in DER or PEM format.
1.37 jmc 901: .Pp
1.1 jsing 902: The options are as follows:
903: .Bl -tag -width Ds
904: .It Fl CAfile Ar file
905: Verify the signature on a CRL by looking up the issuing certificate in
906: .Ar file .
907: .It Fl CApath Ar directory
908: Verify the signature on a CRL by looking up the issuing certificate in
909: .Ar dir .
910: This directory must be a standard certificate directory,
911: i.e. a hash of each subject name (using
912: .Cm x509 Fl hash )
913: should be linked to each certificate.
1.104 inoguchi 914: .It Fl crlnumber
915: Print the CRL number.
1.1 jsing 916: .It Fl fingerprint
917: Print the CRL fingerprint.
918: .It Fl hash
919: Output a hash of the issuer name.
920: This can be used to look up CRLs in a directory by issuer name.
1.104 inoguchi 921: .It Fl hash_old
922: Output an old-style (MD5) hash of the issuer name.
1.1 jsing 923: .It Fl in Ar file
1.37 jmc 924: The input file to read from, or standard input if not specified.
1.38 jmc 925: .It Fl inform Cm der | pem
1.37 jmc 926: The input format.
1.1 jsing 927: .It Fl issuer
928: Output the issuer name.
929: .It Fl lastupdate
930: Output the
1.37 jmc 931: .Cm lastUpdate
1.1 jsing 932: field.
1.104 inoguchi 933: .It Fl nameopt Ar option
934: Specify certificate name options.
1.1 jsing 935: .It Fl nextupdate
936: Output the
1.37 jmc 937: .Cm nextUpdate
1.1 jsing 938: field.
939: .It Fl noout
1.46 jmc 940: Do not output the encoded version of the CRL.
1.1 jsing 941: .It Fl out Ar file
1.37 jmc 942: The output file to write to, or standard output if not specified.
1.38 jmc 943: .It Fl outform Cm der | pem
1.37 jmc 944: The output format.
1.1 jsing 945: .It Fl text
1.64 jmc 946: Print the CRL in plain text.
1.104 inoguchi 947: .It Fl verify
948: Verify the signature on the CRL.
1.1 jsing 949: .El
950: .Sh CRL2PKCS7
951: .nr nS 1
952: .Nm "openssl crl2pkcs7"
953: .Op Fl certfile Ar file
954: .Op Fl in Ar file
1.40 jmc 955: .Op Fl inform Cm der | pem
1.1 jsing 956: .Op Fl nocrl
957: .Op Fl out Ar file
1.40 jmc 958: .Op Fl outform Cm der | pem
1.1 jsing 959: .nr nS 0
960: .Pp
961: The
962: .Nm crl2pkcs7
963: command takes an optional CRL and one or more
964: certificates and converts them into a PKCS#7 degenerate
965: .Qq certificates only
966: structure.
967: .Pp
968: The options are as follows:
969: .Bl -tag -width Ds
970: .It Fl certfile Ar file
1.40 jmc 971: Add the certificates in PEM
1.1 jsing 972: .Ar file
1.40 jmc 973: to the PKCS#7 structure.
974: This option can be used more than once
975: to read certificates from multiple files.
1.1 jsing 976: .It Fl in Ar file
1.40 jmc 977: Read the CRL from
978: .Ar file ,
979: or standard input if not specified.
980: .It Fl inform Cm der | pem
1.64 jmc 981: The input format.
1.1 jsing 982: .It Fl nocrl
983: Normally, a CRL is included in the output file.
984: With this option, no CRL is
985: included in the output file and a CRL is not read from the input file.
986: .It Fl out Ar file
1.40 jmc 987: Write the PKCS#7 structure to
988: .Ar file ,
989: or standard output if not specified.
990: .It Fl outform Cm der | pem
1.64 jmc 991: The output format.
1.1 jsing 992: .El
993: .Sh DGST
994: .nr nS 1
995: .Nm "openssl dgst"
1.105 inoguchi 996: .Op Fl cdr
1.1 jsing 997: .Op Fl binary
1.43 jmc 998: .Op Fl Ar digest
1.1 jsing 999: .Op Fl hex
1000: .Op Fl hmac Ar key
1.43 jmc 1001: .Op Fl keyform Cm pem
1.1 jsing 1002: .Op Fl mac Ar algorithm
1003: .Op Fl macopt Ar nm : Ns Ar v
1004: .Op Fl out Ar file
1005: .Op Fl passin Ar arg
1006: .Op Fl prverify Ar file
1007: .Op Fl sign Ar file
1008: .Op Fl signature Ar file
1009: .Op Fl sigopt Ar nm : Ns Ar v
1010: .Op Fl verify Ar file
1011: .Op Ar
1012: .nr nS 0
1013: .Pp
1014: The digest functions output the message digest of a supplied
1015: .Ar file
1016: or
1017: .Ar files
1018: in hexadecimal form.
1019: They can also be used for digital signing and verification.
1020: .Pp
1021: The options are as follows:
1022: .Bl -tag -width Ds
1023: .It Fl binary
1024: Output the digest or signature in binary form.
1025: .It Fl c
1.48 jmc 1026: Print the digest in two-digit groups separated by colons.
1.1 jsing 1027: .It Fl d
1.48 jmc 1028: Print BIO debugging information.
1.43 jmc 1029: .It Fl Ar digest
1030: Use the specified message
1031: .Ar digest .
1.98 naddy 1032: The default is SHA256.
1.43 jmc 1033: The available digests can be displayed using
1034: .Nm openssl
1035: .Cm list-message-digest-commands .
1036: The following are equivalent:
1037: .Nm openssl dgst
1.98 naddy 1038: .Fl sha256
1.43 jmc 1039: and
1040: .Nm openssl
1.98 naddy 1041: .Cm sha256 .
1.1 jsing 1042: .It Fl hex
1043: Digest is to be output as a hex dump.
1044: This is the default case for a
1045: .Qq normal
1046: digest as opposed to a digital signature.
1047: .It Fl hmac Ar key
1048: Create a hashed MAC using
1049: .Ar key .
1.43 jmc 1050: .It Fl keyform Cm pem
1.1 jsing 1051: Specifies the key format to sign the digest with.
1052: .It Fl mac Ar algorithm
1053: Create a keyed Message Authentication Code (MAC).
1054: The most popular MAC algorithm is HMAC (hash-based MAC),
1055: but there are other MAC algorithms which are not based on hash.
1056: MAC keys and other options should be set via the
1057: .Fl macopt
1058: parameter.
1059: .It Fl macopt Ar nm : Ns Ar v
1060: Passes options to the MAC algorithm, specified by
1061: .Fl mac .
1062: The following options are supported by HMAC:
1063: .Bl -tag -width Ds
1.43 jmc 1064: .It Cm key : Ns Ar string
1.1 jsing 1065: Specifies the MAC key as an alphanumeric string
1066: (use if the key contain printable characters only).
1067: String length must conform to any restrictions of the MAC algorithm.
1.43 jmc 1068: .It Cm hexkey : Ns Ar string
1.1 jsing 1069: Specifies the MAC key in hexadecimal form (two hex digits per byte).
1070: Key length must conform to any restrictions of the MAC algorithm.
1071: .El
1072: .It Fl out Ar file
1.43 jmc 1073: The output file to write to,
1074: or standard output if not specified.
1.1 jsing 1075: .It Fl passin Ar arg
1076: The key password source.
1077: .It Fl prverify Ar file
1078: Verify the signature using the private key in
1079: .Ar file .
1080: The output is either
1081: .Qq Verification OK
1082: or
1083: .Qq Verification Failure .
1.105 inoguchi 1084: .It Fl r
1085: Print the digest in coreutils format.
1.1 jsing 1086: .It Fl sign Ar file
1087: Digitally sign the digest using the private key in
1088: .Ar file .
1089: .It Fl signature Ar file
1090: The actual signature to verify.
1091: .It Fl sigopt Ar nm : Ns Ar v
1092: Pass options to the signature algorithm during sign or verify operations.
1093: The names and values of these options are algorithm-specific.
1094: .It Fl verify Ar file
1095: Verify the signature using the public key in
1096: .Ar file .
1097: The output is either
1098: .Qq Verification OK
1099: or
1100: .Qq Verification Failure .
1101: .It Ar
1102: File or files to digest.
1103: If no files are specified then standard input is used.
1104: .El
1105: .Sh DHPARAM
1106: .nr nS 1
1107: .Nm "openssl dhparam"
1108: .Op Fl 2 | 5
1109: .Op Fl C
1110: .Op Fl check
1111: .Op Fl dsaparam
1112: .Op Fl in Ar file
1.44 jmc 1113: .Op Fl inform Cm der | pem
1.1 jsing 1114: .Op Fl noout
1115: .Op Fl out Ar file
1.44 jmc 1116: .Op Fl outform Cm der | pem
1.1 jsing 1117: .Op Fl text
1118: .Op Ar numbits
1119: .nr nS 0
1120: .Pp
1121: The
1122: .Nm dhparam
1123: command is used to manipulate DH parameter files.
1.44 jmc 1124: Only the older PKCS#3 DH is supported,
1125: not the newer X9.42 DH.
1.1 jsing 1126: .Pp
1127: The options are as follows:
1128: .Bl -tag -width Ds
1129: .It Fl 2 , 5
1.44 jmc 1130: The generator to use;
1.1 jsing 1131: 2 is the default.
1132: If present, the input file is ignored and parameters are generated instead.
1133: .It Fl C
1.44 jmc 1134: Convert the parameters into C code.
1.1 jsing 1135: The parameters can then be loaded by calling the
1.44 jmc 1136: .No get_dh Ns Ar numbits
1.1 jsing 1137: function.
1138: .It Fl check
1139: Check the DH parameters.
1140: .It Fl dsaparam
1.44 jmc 1141: Read or create DSA parameters,
1142: converted to DH format on output.
1.1 jsing 1143: Otherwise,
1144: .Qq strong
1145: primes
1146: .Pq such that (p-1)/2 is also prime
1147: will be used for DH parameter generation.
1148: .Pp
1149: DH parameter generation with the
1150: .Fl dsaparam
1151: option is much faster,
1152: and the recommended exponent length is shorter,
1153: which makes DH key exchange more efficient.
1154: Beware that with such DSA-style DH parameters,
1155: a fresh DH key should be created for each use to
1156: avoid small-subgroup attacks that may be possible otherwise.
1157: .It Fl in Ar file
1.44 jmc 1158: The input file to read from,
1159: or standard input if not specified.
1160: .It Fl inform Cm der | pem
1161: The input format.
1.1 jsing 1162: .It Fl noout
1.46 jmc 1163: Do not output the encoded version of the parameters.
1.44 jmc 1164: .It Fl out Ar file
1165: The output file to write to,
1166: or standard output if not specified.
1167: .It Fl outform Cm der | pem
1168: The output format.
1169: .It Fl text
1.64 jmc 1170: Print the DH parameters in plain text.
1.1 jsing 1171: .It Ar numbits
1.44 jmc 1172: Generate a parameter set of size
1.1 jsing 1173: .Ar numbits .
1174: It must be the last option.
1.16 sthen 1175: If not present, a value of 2048 is used.
1.1 jsing 1176: If this value is present, the input file is ignored and
1177: parameters are generated instead.
1178: .El
1179: .Sh DSA
1180: .nr nS 1
1181: .Nm "openssl dsa"
1182: .Oo
1183: .Fl aes128 | aes192 | aes256 |
1184: .Fl des | des3
1185: .Oc
1186: .Op Fl in Ar file
1.108 inoguchi 1187: .Op Fl inform Cm der | pem | pvk
1.1 jsing 1188: .Op Fl modulus
1189: .Op Fl noout
1190: .Op Fl out Ar file
1.108 inoguchi 1191: .Op Fl outform Cm der | pem | pvk
1.1 jsing 1192: .Op Fl passin Ar arg
1193: .Op Fl passout Ar arg
1194: .Op Fl pubin
1195: .Op Fl pubout
1.108 inoguchi 1196: .Op Fl pvk-none | pvk-strong | pvk-weak
1.1 jsing 1197: .Op Fl text
1198: .nr nS 0
1199: .Pp
1200: The
1201: .Nm dsa
1202: command processes DSA keys.
1203: They can be converted between various forms and their components printed out.
1204: .Pp
1205: .Sy Note :
1206: This command uses the traditional
1207: .Nm SSLeay
1208: compatible format for private key encryption:
1209: newer applications should use the more secure PKCS#8 format using the
1210: .Nm pkcs8
1211: command.
1212: .Pp
1213: The options are as follows:
1214: .Bl -tag -width Ds
1215: .It Xo
1216: .Fl aes128 | aes192 | aes256 |
1217: .Fl des | des3
1218: .Xc
1.45 jmc 1219: Encrypt the private key with the AES, DES, or the triple DES
1.1 jsing 1220: ciphers, respectively, before outputting it.
1221: A pass phrase is prompted for.
1.45 jmc 1222: If none of these options are specified, the key is written in plain text.
1.1 jsing 1223: This means that using the
1224: .Nm dsa
1.45 jmc 1225: utility to read an encrypted key with no encryption option can be used to
1.1 jsing 1226: remove the pass phrase from a key,
1.45 jmc 1227: or by setting the encryption options it can be used to add or change
1.1 jsing 1228: the pass phrase.
1229: These options can only be used with PEM format output files.
1230: .It Fl in Ar file
1.45 jmc 1231: The input file to read from,
1232: or standard input if not specified.
1.1 jsing 1233: If the key is encrypted, a pass phrase will be prompted for.
1.108 inoguchi 1234: .It Fl inform Cm der | pem | pvk
1.45 jmc 1235: The input format.
1.1 jsing 1236: .It Fl modulus
1.45 jmc 1237: Print the value of the public key component of the key.
1.1 jsing 1238: .It Fl noout
1.46 jmc 1239: Do not output the encoded version of the key.
1.1 jsing 1240: .It Fl out Ar file
1.45 jmc 1241: The output file to write to,
1242: or standard output if not specified.
1.1 jsing 1243: If any encryption options are set then a pass phrase will be
1244: prompted for.
1.108 inoguchi 1245: .It Fl outform Cm der | pem | pvk
1.45 jmc 1246: The output format.
1.1 jsing 1247: .It Fl passin Ar arg
1248: The key password source.
1249: .It Fl passout Ar arg
1250: The output file password source.
1251: .It Fl pubin
1.60 jmc 1252: Read in a public key, not a private key.
1.1 jsing 1253: .It Fl pubout
1.60 jmc 1254: Output a public key, not a private key.
1255: Automatically set if the input is a public key.
1.108 inoguchi 1256: .It Xo
1257: .Fl pvk-none | pvk-strong | pvk-weak
1258: .Xc
1259: Enable or disable PVK encoding.
1260: The default is
1261: .Fl pvk-strong .
1.1 jsing 1262: .It Fl text
1.64 jmc 1263: Print the public/private key in plain text.
1.1 jsing 1264: .El
1265: .Sh DSAPARAM
1266: .nr nS 1
1267: .Nm "openssl dsaparam"
1268: .Op Fl C
1269: .Op Fl genkey
1270: .Op Fl in Ar file
1.46 jmc 1271: .Op Fl inform Cm der | pem
1.1 jsing 1272: .Op Fl noout
1273: .Op Fl out Ar file
1.46 jmc 1274: .Op Fl outform Cm der | pem
1.1 jsing 1275: .Op Fl text
1276: .Op Ar numbits
1277: .nr nS 0
1278: .Pp
1279: The
1280: .Nm dsaparam
1281: command is used to manipulate or generate DSA parameter files.
1282: .Pp
1283: The options are as follows:
1284: .Bl -tag -width Ds
1285: .It Fl C
1.46 jmc 1286: Convert the parameters into C code.
1.1 jsing 1287: The parameters can then be loaded by calling the
1.46 jmc 1288: .No get_dsa Ns Ar XXX
1.1 jsing 1289: function.
1290: .It Fl genkey
1.46 jmc 1291: Generate a DSA key either using the specified or generated
1.1 jsing 1292: parameters.
1293: .It Fl in Ar file
1.46 jmc 1294: The input file to read from,
1295: or standard input if not specified.
1.1 jsing 1296: If the
1297: .Ar numbits
1.46 jmc 1298: parameter is included, then this option is ignored.
1299: .It Fl inform Cm der | pem
1300: The input format.
1.1 jsing 1301: .It Fl noout
1.46 jmc 1302: Do not output the encoded version of the parameters.
1303: .It Fl out Ar file
1304: The output file to write to,
1305: or standard output if not specified.
1306: .It Fl outform Cm der | pem
1307: The output format.
1308: .It Fl text
1.64 jmc 1309: Print the DSA parameters in plain text.
1.1 jsing 1310: .It Ar numbits
1.46 jmc 1311: Generate a parameter set of size
1.1 jsing 1312: .Ar numbits .
1.46 jmc 1313: If this option is included, the input file is ignored.
1.1 jsing 1314: .El
1315: .Sh EC
1316: .nr nS 1
1317: .Nm "openssl ec"
1318: .Op Fl conv_form Ar arg
1319: .Op Fl des
1320: .Op Fl des3
1321: .Op Fl in Ar file
1.47 jmc 1322: .Op Fl inform Cm der | pem
1.1 jsing 1323: .Op Fl noout
1324: .Op Fl out Ar file
1.47 jmc 1325: .Op Fl outform Cm der | pem
1.1 jsing 1326: .Op Fl param_enc Ar arg
1327: .Op Fl param_out
1328: .Op Fl passin Ar arg
1329: .Op Fl passout Ar arg
1330: .Op Fl pubin
1331: .Op Fl pubout
1332: .Op Fl text
1333: .nr nS 0
1334: .Pp
1335: The
1336: .Nm ec
1337: command processes EC keys.
1338: They can be converted between various
1339: forms and their components printed out.
1.47 jmc 1340: .Nm openssl
1.1 jsing 1341: uses the private key format specified in
1342: .Dq SEC 1: Elliptic Curve Cryptography
1343: .Pq Lk http://www.secg.org/ .
1344: To convert an
1345: EC private key into the PKCS#8 private key format use the
1346: .Nm pkcs8
1347: command.
1348: .Pp
1349: The options are as follows:
1350: .Bl -tag -width Ds
1351: .It Fl conv_form Ar arg
1.47 jmc 1352: Specify how the points on the elliptic curve are converted
1.1 jsing 1353: into octet strings.
1354: Possible values are:
1.95 tb 1355: .Cm compressed ,
1356: .Cm uncompressed
1.47 jmc 1357: (the default),
1.1 jsing 1358: and
1359: .Cm hybrid .
1360: For more information regarding
1.47 jmc 1361: the point conversion forms see the X9.62 standard.
1.1 jsing 1362: Note:
1363: Due to patent issues the
1364: .Cm compressed
1365: option is disabled by default for binary curves
1366: and can be enabled by defining the preprocessor macro
1.47 jmc 1367: .Dv OPENSSL_EC_BIN_PT_COMP
1.1 jsing 1368: at compile time.
1369: .It Fl des | des3
1.47 jmc 1370: Encrypt the private key with DES, triple DES, or
1.1 jsing 1371: any other cipher supported by
1.47 jmc 1372: .Nm openssl .
1.1 jsing 1373: A pass phrase is prompted for.
1374: If none of these options is specified the key is written in plain text.
1375: This means that using the
1376: .Nm ec
1377: utility to read in an encrypted key with no
1378: encryption option can be used to remove the pass phrase from a key,
1379: or by setting the encryption options
1.83 naddy 1380: it can be used to add or change the pass phrase.
1.1 jsing 1381: These options can only be used with PEM format output files.
1382: .It Fl in Ar file
1.47 jmc 1383: The input file to read a key from,
1384: or standard input if not specified.
1.1 jsing 1385: If the key is encrypted a pass phrase will be prompted for.
1.47 jmc 1386: .It Fl inform Cm der | pem
1387: The input format.
1.1 jsing 1388: .It Fl noout
1.47 jmc 1389: Do not output the encoded version of the key.
1.1 jsing 1390: .It Fl out Ar file
1.47 jmc 1391: The output filename to write to,
1392: or standard output if not specified.
1.1 jsing 1393: If any encryption options are set then a pass phrase will be prompted for.
1.47 jmc 1394: .It Fl outform Cm der | pem
1395: The output format.
1.1 jsing 1396: .It Fl param_enc Ar arg
1.47 jmc 1397: Specify how the elliptic curve parameters are encoded.
1.1 jsing 1398: Possible value are:
1399: .Cm named_curve ,
1400: i.e. the EC parameters are specified by an OID; or
1401: .Cm explicit ,
1402: where the EC parameters are explicitly given
1403: (see RFC 3279 for the definition of the EC parameter structures).
1404: The default value is
1405: .Cm named_curve .
1406: Note: the
1407: .Cm implicitlyCA
1408: alternative,
1409: as specified in RFC 3279,
1.47 jmc 1410: is currently not implemented.
1.106 inoguchi 1411: .It Fl param_out
1412: Print the elliptic curve parameters.
1.1 jsing 1413: .It Fl passin Ar arg
1414: The key password source.
1415: .It Fl passout Ar arg
1416: The output file password source.
1417: .It Fl pubin
1.60 jmc 1418: Read in a public key, not a private key.
1.1 jsing 1419: .It Fl pubout
1.60 jmc 1420: Output a public key, not a private key.
1421: Automatically set if the input is a public key.
1.1 jsing 1422: .It Fl text
1.64 jmc 1423: Print the public/private key in plain text.
1.1 jsing 1424: .El
1425: .Sh ECPARAM
1426: .nr nS 1
1427: .Nm "openssl ecparam"
1428: .Op Fl C
1429: .Op Fl check
1430: .Op Fl conv_form Ar arg
1431: .Op Fl genkey
1432: .Op Fl in Ar file
1.48 jmc 1433: .Op Fl inform Cm der | pem
1.1 jsing 1434: .Op Fl list_curves
1435: .Op Fl name Ar arg
1436: .Op Fl no_seed
1437: .Op Fl noout
1438: .Op Fl out Ar file
1.48 jmc 1439: .Op Fl outform Cm der | pem
1.1 jsing 1440: .Op Fl param_enc Ar arg
1441: .Op Fl text
1442: .nr nS 0
1443: .Pp
1.48 jmc 1444: The
1445: .Nm ecparam
1446: command is used to manipulate or generate EC parameter files.
1447: .Nm openssl
1448: is not able to generate new groups so
1449: .Nm ecparam
1450: can only create EC parameters from known (named) curves.
1451: .Pp
1.1 jsing 1452: The options are as follows:
1453: .Bl -tag -width Ds
1454: .It Fl C
1455: Convert the EC parameters into C code.
1456: The parameters can then be loaded by calling the
1.48 jmc 1457: .No get_ec_group_ Ns Ar XXX
1.1 jsing 1458: function.
1459: .It Fl check
1460: Validate the elliptic curve parameters.
1461: .It Fl conv_form Ar arg
1462: Specify how the points on the elliptic curve are converted
1463: into octet strings.
1464: Possible values are:
1.95 tb 1465: .Cm compressed ,
1466: .Cm uncompressed
1.48 jmc 1467: (the default),
1.1 jsing 1468: and
1469: .Cm hybrid .
1470: For more information regarding
1.48 jmc 1471: the point conversion forms see the X9.62 standard.
1.1 jsing 1472: Note:
1473: Due to patent issues the
1474: .Cm compressed
1475: option is disabled by default for binary curves
1476: and can be enabled by defining the preprocessor macro
1.48 jmc 1477: .Dv OPENSSL_EC_BIN_PT_COMP
1.1 jsing 1478: at compile time.
1479: .It Fl genkey
1480: Generate an EC private key using the specified parameters.
1481: .It Fl in Ar file
1.48 jmc 1482: The input file to read from,
1483: or standard input if not specified.
1484: .It Fl inform Cm der | pem
1485: The input format.
1.1 jsing 1486: .It Fl list_curves
1.48 jmc 1487: Print a list of all
1.1 jsing 1488: currently implemented EC parameter names and exit.
1489: .It Fl name Ar arg
1.48 jmc 1490: Use the EC parameters with the specified "short" name.
1.1 jsing 1491: .It Fl no_seed
1.48 jmc 1492: Do not include the seed for the parameter generation
1493: in the ECParameters structure (see RFC 3279).
1.1 jsing 1494: .It Fl noout
1.48 jmc 1495: Do not output the encoded version of the parameters.
1.1 jsing 1496: .It Fl out Ar file
1.48 jmc 1497: The output file to write to,
1498: or standard output if not specified.
1499: .It Fl outform Cm der | pem
1500: The output format.
1.1 jsing 1501: .It Fl param_enc Ar arg
1.48 jmc 1502: Specify how the elliptic curve parameters are encoded.
1.1 jsing 1503: Possible value are:
1504: .Cm named_curve ,
1505: i.e. the EC parameters are specified by an OID, or
1506: .Cm explicit ,
1507: where the EC parameters are explicitly given
1508: (see RFC 3279 for the definition of the EC parameter structures).
1509: The default value is
1510: .Cm named_curve .
1511: Note: the
1512: .Cm implicitlyCA
1513: alternative, as specified in RFC 3279,
1.48 jmc 1514: is currently not implemented.
1.1 jsing 1515: .It Fl text
1.64 jmc 1516: Print the EC parameters in plain text.
1.1 jsing 1517: .El
1518: .Sh ENC
1519: .nr nS 1
1520: .Nm "openssl enc"
1521: .Fl ciphername
1.106 inoguchi 1522: .Op Fl AadePpv
1.1 jsing 1523: .Op Fl base64
1524: .Op Fl bufsize Ar number
1525: .Op Fl debug
1526: .Op Fl in Ar file
1.97 jmc 1527: .Op Fl iter Ar iterations
1.1 jsing 1528: .Op Fl iv Ar IV
1529: .Op Fl K Ar key
1530: .Op Fl k Ar password
1531: .Op Fl kfile Ar file
1532: .Op Fl md Ar digest
1533: .Op Fl none
1534: .Op Fl nopad
1535: .Op Fl nosalt
1536: .Op Fl out Ar file
1537: .Op Fl pass Ar arg
1.96 beck 1538: .Op Fl pbkdf2
1.1 jsing 1539: .Op Fl S Ar salt
1540: .Op Fl salt
1541: .nr nS 0
1542: .Pp
1543: The symmetric cipher commands allow data to be encrypted or decrypted
1544: using various block and stream ciphers using keys based on passwords
1545: or explicitly provided.
1546: Base64 encoding or decoding can also be performed either by itself
1547: or in addition to the encryption or decryption.
1.49 jmc 1548: The program can be called either as
1549: .Nm openssl Ar ciphername
1550: or
1551: .Nm openssl enc - Ns Ar ciphername .
1552: .Pp
1553: Some of the ciphers do not have large keys and others have security
1554: implications if not used correctly.
1555: All the block ciphers normally use PKCS#5 padding,
1556: also known as standard block padding.
1557: If padding is disabled, the input data must be a multiple of the cipher
1558: block length.
1.1 jsing 1559: .Pp
1560: The options are as follows:
1561: .Bl -tag -width Ds
1562: .It Fl A
1563: If the
1564: .Fl a
1565: option is set, then base64 process the data on one line.
1566: .It Fl a , base64
1567: Base64 process the data.
1568: This means that if encryption is taking place, the data is base64-encoded
1569: after encryption.
1.49 jmc 1570: If decryption is set, the input data is base64-decoded before
1.1 jsing 1571: being decrypted.
1572: .It Fl bufsize Ar number
1573: Set the buffer size for I/O.
1574: .It Fl d
1575: Decrypt the input data.
1576: .It Fl debug
1577: Debug the BIOs used for I/O.
1578: .It Fl e
1.49 jmc 1579: Encrypt the input data.
1580: This is the default.
1.1 jsing 1581: .It Fl in Ar file
1.49 jmc 1582: The input file to read from,
1.57 jmc 1583: or standard input if not specified.
1.97 jmc 1584: .It Fl iter Ar iterations
1585: Use the pbkdf2 key derivation function, with
1586: .Ar iterations
1587: as the number of iterations.
1.1 jsing 1588: .It Fl iv Ar IV
1589: The actual
1590: .Ar IV
1591: .Pq initialisation vector
1592: to use:
1593: this must be represented as a string comprised only of hex digits.
1594: When only the
1595: .Ar key
1596: is specified using the
1597: .Fl K
1.49 jmc 1598: option,
1599: the IV must explicitly be defined.
1.1 jsing 1600: When a password is being specified using one of the other options,
1.49 jmc 1601: the IV is generated from this password.
1.1 jsing 1602: .It Fl K Ar key
1603: The actual
1604: .Ar key
1605: to use:
1606: this must be represented as a string comprised only of hex digits.
1.49 jmc 1607: If only the key is specified,
1608: the IV must also be specified using the
1.1 jsing 1609: .Fl iv
1610: option.
1611: When both a
1612: .Ar key
1613: and a
1614: .Ar password
1615: are specified, the
1616: .Ar key
1617: given with the
1618: .Fl K
1.49 jmc 1619: option will be used and the IV generated from the password will be taken.
1.1 jsing 1620: It probably does not make much sense to specify both
1621: .Ar key
1622: and
1623: .Ar password .
1624: .It Fl k Ar password
1625: The
1626: .Ar password
1627: to derive the key from.
1628: Superseded by the
1629: .Fl pass
1630: option.
1631: .It Fl kfile Ar file
1632: Read the password to derive the key from the first line of
1633: .Ar file .
1634: Superseded by the
1635: .Fl pass
1636: option.
1637: .It Fl md Ar digest
1638: Use
1639: .Ar digest
1640: to create a key from a pass phrase.
1641: .Ar digest
1642: may be one of
1.49 jmc 1643: .Cm md5
1.1 jsing 1644: or
1.49 jmc 1645: .Cm sha1 .
1.1 jsing 1646: .It Fl none
1647: Use NULL cipher (no encryption or decryption of input).
1648: .It Fl nopad
1649: Disable standard block padding.
1650: .It Fl nosalt
1.49 jmc 1651: Don't use a salt in the key derivation routines.
1.81 jmc 1652: This option should never be used
1.49 jmc 1653: since it makes it possible to perform efficient dictionary
1654: attacks on the password and to attack stream cipher encrypted data.
1.1 jsing 1655: .It Fl out Ar file
1.51 jmc 1656: The output file to write to,
1.57 jmc 1657: or standard output if not specified.
1.1 jsing 1658: .It Fl P
1.49 jmc 1659: Print out the salt, key, and IV used, then immediately exit;
1.1 jsing 1660: don't do any encryption or decryption.
1661: .It Fl p
1.49 jmc 1662: Print out the salt, key, and IV used.
1.1 jsing 1663: .It Fl pass Ar arg
1664: The password source.
1.96 beck 1665: .It Fl pbkdf2
1.97 jmc 1666: Use the pbkdf2 key derivation function, with
1.96 beck 1667: the default of 10000 iterations.
1.1 jsing 1668: .It Fl S Ar salt
1669: The actual
1670: .Ar salt
1671: to use:
1672: this must be represented as a string comprised only of hex digits.
1673: .It Fl salt
1.49 jmc 1674: Use a salt in the key derivation routines (the default).
1675: When the salt is being used
1676: the first eight bytes of the encrypted data are reserved for the salt:
1677: it is randomly generated when encrypting a file and read from the
1678: encrypted file when it is decrypted.
1.106 inoguchi 1679: .It Fl v
1680: Print extra details about the processing.
1.1 jsing 1681: .El
1682: .Sh ERRSTR
1683: .Nm openssl errstr
1684: .Op Fl stats
1685: .Ar errno ...
1686: .Pp
1687: The
1688: .Nm errstr
1689: command performs error number to error string conversion,
1690: generating a human-readable string representing the error code
1691: .Ar errno .
1692: The string is obtained through the
1693: .Xr ERR_error_string_n 3
1694: function and has the following format:
1695: .Pp
1696: .Dl error:[error code]:[library name]:[function name]:[reason string]
1697: .Pp
1698: .Bq error code
1699: is an 8-digit hexadecimal number.
1700: The remaining fields
1701: .Bq library name ,
1702: .Bq function name ,
1703: and
1704: .Bq reason string
1705: are all ASCII text.
1706: .Pp
1707: The options are as follows:
1708: .Bl -tag -width Ds
1709: .It Fl stats
1710: Print debugging statistics about various aspects of the hash table.
1711: .El
1712: .Sh GENDSA
1713: .nr nS 1
1714: .Nm "openssl gendsa"
1715: .Oo
1.102 jmc 1716: .Fl aes128 | aes192 | aes256 | camellia128 |
1717: .Fl camellia192 | camellia256 | des | des3 | idea
1.1 jsing 1718: .Oc
1719: .Op Fl out Ar file
1.101 inoguchi 1720: .Op Fl passout Ar arg
1721: .Ar paramfile
1.1 jsing 1722: .nr nS 0
1723: .Pp
1724: The
1725: .Nm gendsa
1726: command generates a DSA private key from a DSA parameter file
1.51 jmc 1727: (typically generated by the
1.1 jsing 1728: .Nm openssl dsaparam
1729: command).
1.51 jmc 1730: DSA key generation is little more than random number generation so it is
1731: much quicker than,
1732: for example,
1733: RSA key generation.
1.1 jsing 1734: .Pp
1735: The options are as follows:
1736: .Bl -tag -width Ds
1737: .It Xo
1738: .Fl aes128 | aes192 | aes256 |
1.101 inoguchi 1739: .Fl camellia128 | camellia192 | camellia256 |
1740: .Fl des | des3 |
1741: .Fl idea
1.1 jsing 1742: .Xc
1.101 inoguchi 1743: Encrypt the private key with the AES, CAMELLIA, DES, triple DES
1744: or the IDEA ciphers, respectively, before outputting it.
1.1 jsing 1745: A pass phrase is prompted for.
1746: If none of these options are specified, no encryption is used.
1747: .It Fl out Ar file
1.51 jmc 1748: The output file to write to,
1.57 jmc 1749: or standard output if not specified.
1.101 inoguchi 1750: .It Fl passout Ar arg
1751: The output file password source.
1.1 jsing 1752: .It Ar paramfile
1.51 jmc 1753: Specify the DSA parameter file to use.
1.1 jsing 1754: The parameters in this file determine the size of the private key.
1755: .El
1756: .Sh GENPKEY
1757: .nr nS 1
1758: .Nm "openssl genpkey"
1759: .Op Fl algorithm Ar alg
1760: .Op Ar cipher
1761: .Op Fl genparam
1762: .Op Fl out Ar file
1.52 jmc 1763: .Op Fl outform Cm der | pem
1.1 jsing 1764: .Op Fl paramfile Ar file
1765: .Op Fl pass Ar arg
1766: .Op Fl pkeyopt Ar opt : Ns Ar value
1767: .Op Fl text
1768: .nr nS 0
1769: .Pp
1770: The
1771: .Nm genpkey
1772: command generates private keys.
1773: The use of this
1774: program is encouraged over the algorithm specific utilities
1.22 bcook 1775: because additional algorithm options can be used.
1.1 jsing 1776: .Pp
1777: The options are as follows:
1778: .Bl -tag -width Ds
1779: .It Fl algorithm Ar alg
1780: The public key algorithm to use,
1781: such as RSA, DSA, or DH.
1.52 jmc 1782: This option must precede any
1.1 jsing 1783: .Fl pkeyopt
1784: options.
1785: The options
1786: .Fl paramfile
1787: and
1788: .Fl algorithm
1789: are mutually exclusive.
1790: .It Ar cipher
1791: Encrypt the private key with the supplied cipher.
1792: Any algorithm name accepted by
1.52 jmc 1793: .Xr EVP_get_cipherbyname 3
1794: is acceptable.
1.1 jsing 1795: .It Fl genparam
1796: Generate a set of parameters instead of a private key.
1.52 jmc 1797: This option must precede any
1.1 jsing 1798: .Fl algorithm ,
1799: .Fl paramfile ,
1800: or
1801: .Fl pkeyopt
1802: options.
1803: .It Fl out Ar file
1.52 jmc 1804: The output file to write to,
1.57 jmc 1805: or standard output if not specified.
1.52 jmc 1806: .It Fl outform Cm der | pem
1807: The output format.
1.1 jsing 1808: .It Fl paramfile Ar file
1.52 jmc 1809: Some public key algorithms generate a private key based on a set of parameters,
1810: which can be supplied using this option.
1.1 jsing 1811: If this option is used the public key
1812: algorithm used is determined by the parameters.
1.52 jmc 1813: This option must precede any
1.1 jsing 1814: .Fl pkeyopt
1815: options.
1816: The options
1817: .Fl paramfile
1818: and
1819: .Fl algorithm
1820: are mutually exclusive.
1821: .It Fl pass Ar arg
1822: The output file password source.
1823: .It Fl pkeyopt Ar opt : Ns Ar value
1824: Set the public key algorithm option
1825: .Ar opt
1826: to
1.52 jmc 1827: .Ar value ,
1828: as follows:
1.1 jsing 1829: .Bl -tag -width Ds -offset indent
1830: .It rsa_keygen_bits : Ns Ar numbits
1831: (RSA)
1832: The number of bits in the generated key.
1.52 jmc 1833: The default is 2048.
1.1 jsing 1834: .It rsa_keygen_pubexp : Ns Ar value
1835: (RSA)
1836: The RSA public exponent value.
1837: This can be a large decimal or hexadecimal value if preceded by 0x.
1.52 jmc 1838: The default is 65537.
1.1 jsing 1839: .It dsa_paramgen_bits : Ns Ar numbits
1840: (DSA)
1841: The number of bits in the generated parameters.
1.52 jmc 1842: The default is 1024.
1.1 jsing 1843: .It dh_paramgen_prime_len : Ns Ar numbits
1844: (DH)
1845: The number of bits in the prime parameter
1846: .Ar p .
1847: .It dh_paramgen_generator : Ns Ar value
1848: (DH)
1849: The value to use for the generator
1850: .Ar g .
1851: .It ec_paramgen_curve : Ns Ar curve
1852: (EC)
1853: The EC curve to use.
1854: .El
1.52 jmc 1855: .It Fl text
1.64 jmc 1856: Print the private/public key in plain text.
1.52 jmc 1857: .El
1.1 jsing 1858: .Sh GENRSA
1859: .nr nS 1
1860: .Nm "openssl genrsa"
1861: .Op Fl 3 | f4
1.109 inoguchi 1862: .Oo
1863: .Fl aes128 | aes192 | aes256 | camellia128 |
1864: .Fl camellia192 | camellia256 | des | des3 | idea
1865: .Oc
1.1 jsing 1866: .Op Fl out Ar file
1867: .Op Fl passout Ar arg
1868: .Op Ar numbits
1869: .nr nS 0
1870: .Pp
1871: The
1872: .Nm genrsa
1.53 jmc 1873: command generates an RSA private key,
1874: which essentially involves the generation of two prime numbers.
1875: When generating the key,
1876: various symbols will be output to indicate the progress of the generation.
1877: A
1878: .Sq \&.
1879: represents each number which has passed an initial sieve test;
1880: .Sq +
1881: means a number has passed a single round of the Miller-Rabin primality test.
1882: A newline means that the number has passed all the prime tests
1883: (the actual number depends on the key size).
1.1 jsing 1884: .Pp
1885: The options are as follows:
1886: .Bl -tag -width Ds
1887: .It Fl 3 | f4
1888: The public exponent to use, either 3 or 65537.
1889: The default is 65537.
1.109 inoguchi 1890: .It Xo
1891: .Fl aes128 | aes192 | aes256 |
1892: .Fl camellia128 | camellia192 | camellia256 |
1893: .Fl des | des3 |
1894: .Fl idea
1895: .Xc
1896: Encrypt the private key with the AES, CAMELLIA, DES, triple DES
1897: or the IDEA ciphers, respectively, before outputting it.
1.1 jsing 1898: If none of these options are specified, no encryption is used.
1899: If encryption is used, a pass phrase is prompted for,
1900: if it is not supplied via the
1901: .Fl passout
1902: option.
1903: .It Fl out Ar file
1.53 jmc 1904: The output file to write to,
1.57 jmc 1905: or standard output if not specified.
1.1 jsing 1906: .It Fl passout Ar arg
1907: The output file password source.
1908: .It Ar numbits
1909: The size of the private key to generate in bits.
1910: This must be the last option specified.
1911: The default is 2048.
1912: .El
1913: .Sh NSEQ
1914: .Nm openssl nseq
1915: .Op Fl in Ar file
1916: .Op Fl out Ar file
1917: .Op Fl toseq
1918: .Pp
1919: The
1920: .Nm nseq
1.54 jmc 1921: command takes a file containing a Netscape certificate sequence
1922: (an alternative to the standard PKCS#7 format)
1923: and prints out the certificates contained in it,
1924: or takes a file of certificates
1925: and converts it into a Netscape certificate sequence.
1926: .Pp
1.1 jsing 1927: The options are as follows:
1928: .Bl -tag -width Ds
1929: .It Fl in Ar file
1.54 jmc 1930: The input file to read from,
1931: or standard input if not specified.
1.1 jsing 1932: .It Fl out Ar file
1.54 jmc 1933: The output file to write to,
1934: or standard output if not specified.
1.1 jsing 1935: .It Fl toseq
1936: Normally, a Netscape certificate sequence will be input and the output
1937: is the certificates contained in it.
1938: With the
1939: .Fl toseq
1940: option the situation is reversed:
1941: a Netscape certificate sequence is created from a file of certificates.
1942: .El
1943: .Sh OCSP
1944: .nr nS 1
1945: .Nm "openssl ocsp"
1946: .Op Fl CA Ar file
1947: .Op Fl CAfile Ar file
1948: .Op Fl CApath Ar directory
1949: .Op Fl cert Ar file
1950: .Op Fl dgst Ar alg
1.108 inoguchi 1951: .Op Fl header Ar name value
1.55 jmc 1952: .Op Fl host Ar hostname : Ns Ar port
1.108 inoguchi 1953: .Op Fl ignore_err
1.1 jsing 1954: .Op Fl index Ar indexfile
1955: .Op Fl issuer Ar file
1956: .Op Fl ndays Ar days
1957: .Op Fl nmin Ar minutes
1958: .Op Fl no_cert_checks
1959: .Op Fl no_cert_verify
1960: .Op Fl no_certs
1961: .Op Fl no_chain
1.108 inoguchi 1962: .Op Fl no_explicit
1.1 jsing 1963: .Op Fl no_intern
1964: .Op Fl no_nonce
1965: .Op Fl no_signature_verify
1966: .Op Fl nonce
1967: .Op Fl noverify
1968: .Op Fl nrequest Ar number
1969: .Op Fl out Ar file
1970: .Op Fl path Ar path
1971: .Op Fl port Ar portnum
1972: .Op Fl req_text
1973: .Op Fl reqin Ar file
1974: .Op Fl reqout Ar file
1975: .Op Fl resp_key_id
1976: .Op Fl resp_no_certs
1977: .Op Fl resp_text
1978: .Op Fl respin Ar file
1979: .Op Fl respout Ar file
1980: .Op Fl rkey Ar file
1981: .Op Fl rother Ar file
1982: .Op Fl rsigner Ar file
1.108 inoguchi 1983: .Op Fl serial Ar num
1.1 jsing 1984: .Op Fl sign_other Ar file
1985: .Op Fl signer Ar file
1986: .Op Fl signkey Ar file
1987: .Op Fl status_age Ar age
1988: .Op Fl text
1.108 inoguchi 1989: .Op Fl timeout Ar seconds
1.1 jsing 1990: .Op Fl trust_other
1991: .Op Fl url Ar responder_url
1992: .Op Fl VAfile Ar file
1993: .Op Fl validity_period Ar nsec
1994: .Op Fl verify_other Ar file
1995: .nr nS 0
1996: .Pp
1.55 jmc 1997: The Online Certificate Status Protocol (OCSP)
1998: enables applications to determine the (revocation) state
1999: of an identified certificate (RFC 2560).
1.1 jsing 2000: .Pp
2001: The
2002: .Nm ocsp
2003: command performs many common OCSP tasks.
2004: It can be used to print out requests and responses,
2005: create requests and send queries to an OCSP responder,
2006: and behave like a mini OCSP server itself.
2007: .Pp
2008: The options are as follows:
2009: .Bl -tag -width Ds
2010: .It Fl CAfile Ar file , Fl CApath Ar directory
1.55 jmc 2011: A file or path containing trusted CA certificates,
2012: used to verify the signature on the OCSP response.
1.1 jsing 2013: .It Fl cert Ar file
2014: Add the certificate
2015: .Ar file
2016: to the request.
2017: The issuer certificate is taken from the previous
2018: .Fl issuer
2019: option, or an error occurs if no issuer certificate is specified.
2020: .It Fl dgst Ar alg
1.55 jmc 2021: Use the digest algorithm
2022: .Ar alg
2023: for certificate identification in the OCSP request.
1.1 jsing 2024: By default SHA-1 is used.
2025: .It Xo
2026: .Fl host Ar hostname : Ns Ar port ,
2027: .Fl path Ar path
2028: .Xc
1.55 jmc 2029: Send
2030: the OCSP request to
1.1 jsing 2031: .Ar hostname
1.55 jmc 2032: on
1.1 jsing 2033: .Ar port .
2034: .Fl path
2035: specifies the HTTP path name to use, or
1.55 jmc 2036: .Pa /
1.1 jsing 2037: by default.
1.108 inoguchi 2038: .It Fl header Ar name value
2039: Add the header name with the specified value to the OCSP request that is sent
2040: to the responder.
2041: This may be repeated.
1.1 jsing 2042: .It Fl issuer Ar file
1.81 jmc 2043: The current issuer certificate, in PEM format.
2044: Can be used multiple times and must come before any
1.1 jsing 2045: .Fl cert
2046: options.
2047: .It Fl no_cert_checks
2048: Don't perform any additional checks on the OCSP response signer's certificate.
2049: That is, do not make any checks to see if the signer's certificate is
2050: authorised to provide the necessary status information:
2051: as a result this option should only be used for testing purposes.
2052: .It Fl no_cert_verify
2053: Don't verify the OCSP response signer's certificate at all.
2054: Since this option allows the OCSP response to be signed by any certificate,
2055: it should only be used for testing purposes.
2056: .It Fl no_certs
1.55 jmc 2057: Don't include any certificates in the signed request.
1.1 jsing 2058: .It Fl no_chain
2059: Do not use certificates in the response as additional untrusted CA
2060: certificates.
1.108 inoguchi 2061: .It Fl no_explicit
2062: Don't check the explicit trust for OCSP signing in the root CA certificate.
1.1 jsing 2063: .It Fl no_intern
2064: Ignore certificates contained in the OCSP response
2065: when searching for the signer's certificate.
1.55 jmc 2066: The signer's certificate must be specified with either the
1.1 jsing 2067: .Fl verify_other
2068: or
2069: .Fl VAfile
2070: options.
2071: .It Fl no_signature_verify
2072: Don't check the signature on the OCSP response.
2073: Since this option tolerates invalid signatures on OCSP responses,
2074: it will normally only be used for testing purposes.
2075: .It Fl nonce , no_nonce
1.55 jmc 2076: Add an OCSP nonce extension to a request,
2077: or disable an OCSP nonce addition.
1.1 jsing 2078: Normally, if an OCSP request is input using the
2079: .Fl respin
1.55 jmc 2080: option no nonce is added:
1.1 jsing 2081: using the
2082: .Fl nonce
1.55 jmc 2083: option will force the addition of a nonce.
1.1 jsing 2084: If an OCSP request is being created (using the
2085: .Fl cert
2086: and
2087: .Fl serial
2088: options)
1.55 jmc 2089: a nonce is automatically added; specifying
1.1 jsing 2090: .Fl no_nonce
2091: overrides this.
2092: .It Fl noverify
1.55 jmc 2093: Don't attempt to verify the OCSP response signature or the nonce values.
2094: This is normally only be used for debugging
1.1 jsing 2095: since it disables all verification of the responder's certificate.
2096: .It Fl out Ar file
1.55 jmc 2097: Specify the output file to write to,
1.57 jmc 2098: or standard output if not specified.
1.1 jsing 2099: .It Fl req_text , resp_text , text
2100: Print out the text form of the OCSP request, response, or both, respectively.
2101: .It Fl reqin Ar file , Fl respin Ar file
2102: Read an OCSP request or response file from
2103: .Ar file .
2104: These options are ignored
2105: if an OCSP request or response creation is implied by other options
2106: (for example with the
2107: .Fl serial , cert ,
2108: and
2109: .Fl host
2110: options).
2111: .It Fl reqout Ar file , Fl respout Ar file
2112: Write out the DER-encoded certificate request or response to
2113: .Ar file .
2114: .It Fl serial Ar num
2115: Same as the
2116: .Fl cert
2117: option except the certificate with serial number
2118: .Ar num
2119: is added to the request.
2120: The serial number is interpreted as a decimal integer unless preceded by
2121: .Sq 0x .
1.55 jmc 2122: Negative integers can also be specified
2123: by preceding the value with a minus sign.
1.1 jsing 2124: .It Fl sign_other Ar file
2125: Additional certificates to include in the signed request.
2126: .It Fl signer Ar file , Fl signkey Ar file
2127: Sign the OCSP request using the certificate specified in the
2128: .Fl signer
2129: option and the private key specified by the
2130: .Fl signkey
2131: option.
2132: If the
2133: .Fl signkey
2134: option is not present, then the private key is read from the same file
2135: as the certificate.
2136: If neither option is specified, the OCSP request is not signed.
1.108 inoguchi 2137: .It Fl timeout Ar seconds
2138: Connection timeout to the OCSP responder in seconds.
1.1 jsing 2139: .It Fl trust_other
2140: The certificates specified by the
2141: .Fl verify_other
2142: option should be explicitly trusted and no additional checks will be
2143: performed on them.
2144: This is useful when the complete responder certificate chain is not available
2145: or trusting a root CA is not appropriate.
2146: .It Fl url Ar responder_url
2147: Specify the responder URL.
2148: Both HTTP and HTTPS
2149: .Pq SSL/TLS
2150: URLs can be specified.
2151: .It Fl VAfile Ar file
1.55 jmc 2152: A file containing explicitly trusted responder certificates.
1.1 jsing 2153: Equivalent to the
2154: .Fl verify_other
2155: and
2156: .Fl trust_other
2157: options.
2158: .It Fl validity_period Ar nsec , Fl status_age Ar age
1.55 jmc 2159: The range of times, in seconds, which will be tolerated in an OCSP response.
2160: Each certificate status response includes a notBefore time
2161: and an optional notAfter time.
1.1 jsing 2162: The current time should fall between these two values,
2163: but the interval between the two times may be only a few seconds.
2164: In practice the OCSP responder and clients' clocks may not be precisely
2165: synchronised and so such a check may fail.
2166: To avoid this the
2167: .Fl validity_period
2168: option can be used to specify an acceptable error range in seconds,
1.55 jmc 2169: the default value being 5 minutes.
1.1 jsing 2170: .Pp
1.55 jmc 2171: If the notAfter time is omitted from a response,
2172: it means that new status information is immediately available.
2173: In this case the age of the notBefore field is checked
2174: to see it is not older than
1.1 jsing 2175: .Ar age
2176: seconds old.
2177: By default, this additional check is not performed.
2178: .It Fl verify_other Ar file
1.55 jmc 2179: A file containing additional certificates to search
2180: when attempting to locate the OCSP response signing certificate.
2181: Some responders omit the actual signer's certificate from the response,
2182: so this can be used to supply the necessary certificate.
1.1 jsing 2183: .El
1.55 jmc 2184: .Pp
2185: The options for the OCSP server are as follows:
1.1 jsing 2186: .Bl -tag -width "XXXX"
2187: .It Fl CA Ar file
2188: CA certificate corresponding to the revocation information in
2189: .Ar indexfile .
1.108 inoguchi 2190: .It Fl ignore_err
2191: Ignore the invalid response.
1.1 jsing 2192: .It Fl index Ar indexfile
2193: .Ar indexfile
1.55 jmc 2194: is a text index file in ca format
2195: containing certificate revocation information.
1.1 jsing 2196: .Pp
1.55 jmc 2197: If this option is specified,
1.1 jsing 2198: .Nm ocsp
1.55 jmc 2199: is in responder mode, otherwise it is in client mode.
2200: The requests the responder processes can be either specified on
1.1 jsing 2201: the command line (using the
2202: .Fl issuer
2203: and
2204: .Fl serial
2205: options), supplied in a file (using the
2206: .Fl respin
1.55 jmc 2207: option), or via external OCSP clients (if
1.1 jsing 2208: .Ar port
2209: or
2210: .Ar url
2211: is specified).
2212: .Pp
1.55 jmc 2213: If this option is present, then the
1.1 jsing 2214: .Fl CA
2215: and
2216: .Fl rsigner
2217: options must also be present.
2218: .It Fl nmin Ar minutes , Fl ndays Ar days
2219: Number of
2220: .Ar minutes
2221: or
2222: .Ar days
1.55 jmc 2223: when fresh revocation information is available:
2224: used in the nextUpdate field.
2225: If neither option is present,
2226: the nextUpdate field is omitted,
2227: meaning fresh revocation information is immediately available.
1.1 jsing 2228: .It Fl nrequest Ar number
1.55 jmc 2229: Exit after receiving
1.1 jsing 2230: .Ar number
1.55 jmc 2231: requests (the default is unlimited).
1.1 jsing 2232: .It Fl port Ar portnum
2233: Port to listen for OCSP requests on.
1.55 jmc 2234: May also be specified using the
1.1 jsing 2235: .Fl url
2236: option.
2237: .It Fl resp_key_id
2238: Identify the signer certificate using the key ID;
1.55 jmc 2239: the default is to use the subject name.
1.1 jsing 2240: .It Fl resp_no_certs
2241: Don't include any certificates in the OCSP response.
2242: .It Fl rkey Ar file
2243: The private key to sign OCSP responses with;
2244: if not present, the file specified in the
2245: .Fl rsigner
2246: option is used.
2247: .It Fl rother Ar file
2248: Additional certificates to include in the OCSP response.
2249: .It Fl rsigner Ar file
2250: The certificate to sign OCSP responses with.
2251: .El
2252: .Pp
2253: Initially the OCSP responder certificate is located and the signature on
2254: the OCSP request checked using the responder certificate's public key.
2255: Then a normal certificate verify is performed on the OCSP responder certificate
2256: building up a certificate chain in the process.
2257: The locations of the trusted certificates used to build the chain can be
2258: specified by the
2259: .Fl CAfile
2260: and
2261: .Fl CApath
2262: options or they will be looked for in the standard
1.55 jmc 2263: .Nm openssl
2264: certificates directory.
1.1 jsing 2265: .Pp
1.55 jmc 2266: If the initial verify fails, the OCSP verify process halts with an error.
1.1 jsing 2267: Otherwise the issuing CA certificate in the request is compared to the OCSP
2268: responder certificate: if there is a match then the OCSP verify succeeds.
2269: .Pp
2270: Otherwise the OCSP responder certificate's CA is checked against the issuing
2271: CA certificate in the request.
2272: If there is a match and the OCSPSigning extended key usage is present
2273: in the OCSP responder certificate, then the OCSP verify succeeds.
2274: .Pp
2275: Otherwise the root CA of the OCSP responder's CA is checked to see if it
2276: is trusted for OCSP signing.
2277: If it is, the OCSP verify succeeds.
2278: .Pp
2279: If none of these checks is successful, the OCSP verify fails.
2280: What this effectively means is that if the OCSP responder certificate is
2281: authorised directly by the CA it is issuing revocation information about
1.55 jmc 2282: (and it is correctly configured),
1.1 jsing 2283: then verification will succeed.
2284: .Pp
1.55 jmc 2285: If the OCSP responder is a global responder,
2286: which can give details about multiple CAs
2287: and has its own separate certificate chain,
2288: then its root CA can be trusted for OCSP signing.
1.1 jsing 2289: Alternatively, the responder certificate itself can be explicitly trusted
2290: with the
2291: .Fl VAfile
2292: option.
2293: .Sh PASSWD
2294: .nr nS 1
2295: .Nm "openssl passwd"
2296: .Op Fl 1 | apr1 | crypt
2297: .Op Fl in Ar file
2298: .Op Fl noverify
2299: .Op Fl quiet
2300: .Op Fl reverse
2301: .Op Fl salt Ar string
2302: .Op Fl stdin
2303: .Op Fl table
2304: .Op Ar password
2305: .nr nS 0
2306: .Pp
2307: The
2308: .Nm passwd
1.56 jmc 2309: command computes the hash of a password.
1.1 jsing 2310: .Pp
2311: The options are as follows:
2312: .Bl -tag -width Ds
2313: .It Fl 1
2314: Use the MD5 based
2315: .Bx
2316: password algorithm
1.56 jmc 2317: .Qq 1 .
1.1 jsing 2318: .It Fl apr1
2319: Use the
1.56 jmc 2320: .Qq apr1
1.1 jsing 2321: algorithm
1.56 jmc 2322: .Po
2323: Apache variant of the
1.1 jsing 2324: .Bx
1.56 jmc 2325: algorithm
2326: .Pc .
1.1 jsing 2327: .It Fl crypt
2328: Use the
1.56 jmc 2329: .Qq crypt
2330: algorithm (the default).
1.1 jsing 2331: .It Fl in Ar file
2332: Read passwords from
2333: .Ar file .
2334: .It Fl noverify
2335: Don't verify when reading a password from the terminal.
2336: .It Fl quiet
2337: Don't output warnings when passwords given on the command line are truncated.
2338: .It Fl reverse
2339: Switch table columns.
2340: This only makes sense in conjunction with the
2341: .Fl table
2342: option.
2343: .It Fl salt Ar string
1.56 jmc 2344: Use the salt specified by
2345: .Ar string .
1.1 jsing 2346: When reading a password from the terminal, this implies
2347: .Fl noverify .
2348: .It Fl stdin
1.56 jmc 2349: Read passwords from standard input.
1.1 jsing 2350: .It Fl table
2351: In the output list, prepend the cleartext password and a TAB character
2352: to each password hash.
2353: .El
2354: .Sh PKCS7
2355: .nr nS 1
2356: .Nm "openssl pkcs7"
2357: .Op Fl in Ar file
1.57 jmc 2358: .Op Fl inform Cm der | pem
1.1 jsing 2359: .Op Fl noout
2360: .Op Fl out Ar file
1.57 jmc 2361: .Op Fl outform Cm der | pem
1.106 inoguchi 2362: .Op Fl print
1.1 jsing 2363: .Op Fl print_certs
2364: .Op Fl text
2365: .nr nS 0
2366: .Pp
2367: The
2368: .Nm pkcs7
2369: command processes PKCS#7 files in DER or PEM format.
1.57 jmc 2370: The PKCS#7 routines only understand PKCS#7 v 1.5 as specified in RFC 2315.
2371: .Pp
1.1 jsing 2372: The options are as follows:
2373: .Bl -tag -width Ds
2374: .It Fl in Ar file
1.57 jmc 2375: The input file to read from,
2376: or standard input if not specified.
2377: .It Fl inform Cm der | pem
2378: The input format.
1.1 jsing 2379: .It Fl noout
2380: Don't output the encoded version of the PKCS#7 structure
2381: (or certificates if
2382: .Fl print_certs
2383: is set).
2384: .It Fl out Ar file
1.57 jmc 2385: The output to write to,
2386: or standard output if not specified.
2387: .It Fl outform Cm der | pem
2388: The output format.
1.106 inoguchi 2389: .It Fl print
2390: Print the ASN.1 representation of PKCS#7 structure.
1.1 jsing 2391: .It Fl print_certs
1.57 jmc 2392: Print any certificates or CRLs contained in the file,
2393: preceded by their subject and issuer names in a one-line format.
1.1 jsing 2394: .It Fl text
1.57 jmc 2395: Print certificate details in full rather than just subject and issuer names.
1.1 jsing 2396: .El
2397: .Sh PKCS8
2398: .nr nS 1
2399: .Nm "openssl pkcs8"
2400: .Op Fl in Ar file
1.58 jmc 2401: .Op Fl inform Cm der | pem
1.1 jsing 2402: .Op Fl nocrypt
2403: .Op Fl noiter
2404: .Op Fl out Ar file
1.58 jmc 2405: .Op Fl outform Cm der | pem
1.1 jsing 2406: .Op Fl passin Ar arg
2407: .Op Fl passout Ar arg
2408: .Op Fl topk8
2409: .Op Fl v1 Ar alg
2410: .Op Fl v2 Ar alg
2411: .nr nS 0
2412: .Pp
2413: The
2414: .Nm pkcs8
1.58 jmc 2415: command processes private keys
2416: (both encrypted and unencrypted)
2417: in PKCS#8 format
2418: with a variety of PKCS#5 (v1.5 and v2.0) and PKCS#12 algorithms.
2419: The default encryption is only 56 bits;
2420: keys encrypted using PKCS#5 v2.0 algorithms and high iteration counts
2421: are more secure.
2422: .Pp
1.1 jsing 2423: The options are as follows:
2424: .Bl -tag -width Ds
2425: .It Fl in Ar file
1.58 jmc 2426: The input file to read from,
2427: or standard input if not specified.
1.1 jsing 2428: If the key is encrypted, a pass phrase will be prompted for.
1.58 jmc 2429: .It Fl inform Cm der | pem
2430: The input format.
1.1 jsing 2431: .It Fl nocrypt
1.58 jmc 2432: Generate an unencrypted PrivateKeyInfo structure.
2433: This option does not encrypt private keys at all
2434: and should only be used when absolutely necessary.
1.1 jsing 2435: .It Fl noiter
2436: Use an iteration count of 1.
2437: See the
2438: .Sx PKCS12
2439: section below for a detailed explanation of this option.
2440: .It Fl out Ar file
1.58 jmc 2441: The output file to write to,
2442: or standard output if none is specified.
1.1 jsing 2443: If any encryption options are set, a pass phrase will be prompted for.
1.58 jmc 2444: .It Fl outform Cm der | pem
2445: The output format.
1.1 jsing 2446: .It Fl passin Ar arg
2447: The key password source.
2448: .It Fl passout Ar arg
2449: The output file password source.
2450: .It Fl topk8
1.58 jmc 2451: Read a traditional format private key and write a PKCS#8 format key.
1.1 jsing 2452: .It Fl v1 Ar alg
1.58 jmc 2453: Specify a PKCS#5 v1.5 or PKCS#12 algorithm to use.
2454: .Pp
2455: .Bl -tag -width "XXXX" -compact
2456: .It PBE-MD5-DES
2457: 56-bit DES.
2458: .It PBE-SHA1-RC2-64 | PBE-MD5-RC2-64 | PBE-SHA1-DES
2459: 64-bit RC2 or 56-bit DES.
2460: .It PBE-SHA1-RC4-128 | PBE-SHA1-RC4-40 | PBE-SHA1-3DES
2461: .It PBE-SHA1-2DES | PBE-SHA1-RC2-128 | PBE-SHA1-RC2-40
2462: PKCS#12 password-based encryption algorithm,
2463: which allow strong encryption algorithms like triple DES or 128-bit RC2.
2464: .El
1.1 jsing 2465: .It Fl v2 Ar alg
1.58 jmc 2466: Use PKCS#5 v2.0 algorithms.
2467: Supports algorithms such as 168-bit triple DES or 128-bit RC2,
2468: however not many implementations support PKCS#5 v2.0 yet
2469: (if using private keys with
2470: .Nm openssl
2471: this doesn't matter).
1.1 jsing 2472: .Pp
2473: .Ar alg
1.58 jmc 2474: is the encryption algorithm to use;
2475: valid values include des, des3, and rc2.
2476: It is recommended that des3 is used.
1.1 jsing 2477: .El
2478: .Sh PKCS12
2479: .nr nS 1
2480: .Nm "openssl pkcs12"
1.107 inoguchi 2481: .Oo
2482: .Fl aes128 | aes192 | aes256 | camellia128 |
2483: .Fl camellia192 | camellia256 | des | des3 | idea
2484: .Oc
1.1 jsing 2485: .Op Fl cacerts
2486: .Op Fl CAfile Ar file
2487: .Op Fl caname Ar name
2488: .Op Fl CApath Ar directory
2489: .Op Fl certfile Ar file
2490: .Op Fl certpbe Ar alg
2491: .Op Fl chain
2492: .Op Fl clcerts
2493: .Op Fl CSP Ar name
2494: .Op Fl descert
2495: .Op Fl export
2496: .Op Fl in Ar file
2497: .Op Fl info
2498: .Op Fl inkey Ar file
2499: .Op Fl keyex
2500: .Op Fl keypbe Ar alg
2501: .Op Fl keysig
1.107 inoguchi 2502: .Op Fl LMK
1.1 jsing 2503: .Op Fl macalg Ar alg
2504: .Op Fl maciter
2505: .Op Fl name Ar name
2506: .Op Fl nocerts
2507: .Op Fl nodes
2508: .Op Fl noiter
2509: .Op Fl nokeys
2510: .Op Fl nomac
2511: .Op Fl nomaciter
2512: .Op Fl nomacver
2513: .Op Fl noout
2514: .Op Fl out Ar file
2515: .Op Fl passin Ar arg
2516: .Op Fl passout Ar arg
1.107 inoguchi 2517: .Op Fl password Ar arg
1.1 jsing 2518: .Op Fl twopass
2519: .nr nS 0
2520: .Pp
2521: The
2522: .Nm pkcs12
2523: command allows PKCS#12 files
2524: .Pq sometimes referred to as PFX files
2525: to be created and parsed.
2526: By default, a PKCS#12 file is parsed;
2527: a PKCS#12 file can be created by using the
2528: .Fl export
1.59 jmc 2529: option.
2530: .Pp
2531: The options for parsing a PKCS12 file are as follows:
1.1 jsing 2532: .Bl -tag -width "XXXX"
1.107 inoguchi 2533: .It Xo
2534: .Fl aes128 | aes192 | aes256 |
2535: .Fl camellia128 | camellia192 | camellia256 |
2536: .Fl des | des3 |
2537: .Fl idea
2538: .Xc
2539: Encrypt private keys using AES, CAMELLIA, DES, triple DES
2540: or the IDEA ciphers, respectively.
1.1 jsing 2541: The default is triple DES.
2542: .It Fl cacerts
2543: Only output CA certificates
2544: .Pq not client certificates .
2545: .It Fl clcerts
2546: Only output client certificates
2547: .Pq not CA certificates .
2548: .It Fl in Ar file
1.59 jmc 2549: The input file to read from,
2550: or standard input if not specified.
1.1 jsing 2551: .It Fl info
2552: Output additional information about the PKCS#12 file structure,
2553: algorithms used, and iteration counts.
2554: .It Fl nocerts
1.59 jmc 2555: Do not output certificates.
1.1 jsing 2556: .It Fl nodes
1.59 jmc 2557: Do not encrypt private keys.
1.1 jsing 2558: .It Fl nokeys
1.59 jmc 2559: Do not output private keys.
1.1 jsing 2560: .It Fl nomacver
1.59 jmc 2561: Do not attempt to verify the integrity MAC before reading the file.
1.1 jsing 2562: .It Fl noout
1.59 jmc 2563: Do not output the keys and certificates to the output file
1.1 jsing 2564: version of the PKCS#12 file.
2565: .It Fl out Ar file
1.59 jmc 2566: The output file to write to,
2567: or standard output if not specified.
1.1 jsing 2568: .It Fl passin Ar arg
2569: The key password source.
2570: .It Fl passout Ar arg
2571: The output file password source.
2572: .It Fl twopass
2573: Prompt for separate integrity and encryption passwords: most software
2574: always assumes these are the same so this option will render such
2575: PKCS#12 files unreadable.
2576: .El
1.59 jmc 2577: .Pp
2578: The options for PKCS12 file creation are as follows:
1.1 jsing 2579: .Bl -tag -width "XXXX"
2580: .It Fl CAfile Ar file
2581: CA storage as a file.
2582: .It Fl CApath Ar directory
2583: CA storage as a directory.
1.59 jmc 2584: The directory must be a standard certificate directory:
1.1 jsing 2585: that is, a hash of each subject name (using
1.59 jmc 2586: .Nm x509 Fl hash )
1.1 jsing 2587: should be linked to each certificate.
2588: .It Fl caname Ar name
1.59 jmc 2589: Specify the
1.1 jsing 2590: .Qq friendly name
2591: for other certificates.
1.59 jmc 2592: May be used multiple times to specify names for all certificates
1.1 jsing 2593: in the order they appear.
2594: .It Fl certfile Ar file
2595: A file to read additional certificates from.
2596: .It Fl certpbe Ar alg , Fl keypbe Ar alg
1.59 jmc 2597: Specify the algorithm used to encrypt the private key and
1.1 jsing 2598: certificates to be selected.
1.59 jmc 2599: Any PKCS#5 v1.5 or PKCS#12 PBE algorithm name can be used.
1.1 jsing 2600: If a cipher name
2601: (as output by the
2602: .Cm list-cipher-algorithms
2603: command) is specified then it
2604: is used with PKCS#5 v2.0.
2605: For interoperability reasons it is advisable to only use PKCS#12 algorithms.
2606: .It Fl chain
1.59 jmc 2607: Include the entire certificate chain of the user certificate.
1.1 jsing 2608: The standard CA store is used for this search.
2609: If the search fails, it is considered a fatal error.
2610: .It Fl CSP Ar name
2611: Write
2612: .Ar name
2613: as a Microsoft CSP name.
2614: .It Fl descert
2615: Encrypt the certificate using triple DES; this may render the PKCS#12
2616: file unreadable by some
2617: .Qq export grade
2618: software.
2619: By default, the private key is encrypted using triple DES and the
2620: certificate using 40-bit RC2.
2621: .It Fl export
1.59 jmc 2622: Create a PKCS#12 file (rather than parsing one).
1.1 jsing 2623: .It Fl in Ar file
1.59 jmc 2624: The input file to read from,
1.81 jmc 2625: or standard input if not specified.
1.1 jsing 2626: The order doesn't matter but one private key and its corresponding
2627: certificate should be present.
2628: If additional certificates are present, they will also be included
2629: in the PKCS#12 file.
2630: .It Fl inkey Ar file
1.59 jmc 2631: File to read a private key from.
1.1 jsing 2632: If not present, a private key must be present in the input file.
2633: .It Fl keyex | keysig
1.59 jmc 2634: Specify whether the private key is to be used for key exchange or just signing.
1.1 jsing 2635: Normally,
2636: .Qq export grade
2637: software will only allow 512-bit RSA keys to be
2638: used for encryption purposes, but arbitrary length keys for signing.
2639: The
2640: .Fl keysig
2641: option marks the key for signing only.
2642: Signing only keys can be used for S/MIME signing, authenticode
1.66 jmc 2643: (ActiveX control signing)
1.59 jmc 2644: and SSL client authentication.
1.107 inoguchi 2645: .It Fl LMK
2646: Add local machine keyset attribute to private key.
1.1 jsing 2647: .It Fl macalg Ar alg
2648: Specify the MAC digest algorithm.
1.59 jmc 2649: The default is SHA1.
1.1 jsing 2650: .It Fl maciter
1.66 jmc 2651: Included for compatibility only:
1.59 jmc 2652: it used to be needed to use MAC iterations counts
2653: but they are now used by default.
1.1 jsing 2654: .It Fl name Ar name
1.59 jmc 2655: Specify the
1.1 jsing 2656: .Qq friendly name
2657: for the certificate and private key.
2658: This name is typically displayed in list boxes by software importing the file.
2659: .It Fl nomac
2660: Don't attempt to provide the MAC integrity.
2661: .It Fl nomaciter , noiter
1.59 jmc 2662: Affect the iteration counts on the MAC and key algorithms.
1.1 jsing 2663: .Pp
2664: To discourage attacks by using large dictionaries of common passwords,
2665: the algorithm that derives keys from passwords can have an iteration count
2666: applied to it: this causes a certain part of the algorithm to be repeated
2667: and slows it down.
2668: The MAC is used to check the file integrity but since it will normally
2669: have the same password as the keys and certificates it could also be attacked.
2670: By default, both MAC and encryption iteration counts are set to 2048;
2671: using these options the MAC and encryption iteration counts can be set to 1.
2672: Since this reduces the file security you should not use these options
2673: unless you really have to.
2674: Most software supports both MAC and key iteration counts.
2675: .It Fl out Ar file
1.59 jmc 2676: The output file to write to,
2677: or standard output if not specified.
1.1 jsing 2678: .It Fl passin Ar arg
2679: The key password source.
2680: .It Fl passout Ar arg
2681: The output file password source.
1.107 inoguchi 2682: .It Fl password Ar arg
2683: With
2684: .Fl export ,
2685: .Fl password
2686: is equivalent to
2687: .Fl passout .
1.108 inoguchi 2688: Otherwise,
1.107 inoguchi 2689: .Fl password
2690: is equivalent to
2691: .Fl passin .
1.1 jsing 2692: .El
2693: .Sh PKEY
2694: .nr nS 1
2695: .Nm "openssl pkey"
2696: .Op Ar cipher
2697: .Op Fl in Ar file
1.60 jmc 2698: .Op Fl inform Cm der | pem
1.1 jsing 2699: .Op Fl noout
2700: .Op Fl out Ar file
1.60 jmc 2701: .Op Fl outform Cm der | pem
1.1 jsing 2702: .Op Fl passin Ar arg
2703: .Op Fl passout Ar arg
2704: .Op Fl pubin
2705: .Op Fl pubout
2706: .Op Fl text
2707: .Op Fl text_pub
2708: .nr nS 0
2709: .Pp
2710: The
2711: .Nm pkey
2712: command processes public or private keys.
2713: They can be converted between various forms
2714: and their components printed out.
2715: .Pp
2716: The options are as follows:
2717: .Bl -tag -width Ds
2718: .It Ar cipher
1.60 jmc 2719: Encrypt the private key with the specified cipher.
1.1 jsing 2720: Any algorithm name accepted by
1.60 jmc 2721: .Xr EVP_get_cipherbyname 3
1.1 jsing 2722: is acceptable, such as
2723: .Cm des3 .
2724: .It Fl in Ar file
1.60 jmc 2725: The input file to read from,
2726: or standard input if not specified.
1.1 jsing 2727: If the key is encrypted a pass phrase will be prompted for.
1.60 jmc 2728: .It Fl inform Cm der | pem
2729: The input format.
1.1 jsing 2730: .It Fl noout
2731: Do not output the encoded version of the key.
2732: .It Fl out Ar file
1.60 jmc 2733: The output file to write to,
2734: or standard output if not specified.
1.1 jsing 2735: If any encryption options are set then a pass phrase
2736: will be prompted for.
1.60 jmc 2737: .It Fl outform Cm der | pem
2738: The output format.
1.1 jsing 2739: .It Fl passin Ar arg
2740: The key password source.
2741: .It Fl passout Ar arg
2742: The output file password source.
2743: .It Fl pubin
1.60 jmc 2744: Read in a public key, not a private key.
1.1 jsing 2745: .It Fl pubout
1.60 jmc 2746: Output a public key, not a private key.
2747: Automatically set if the input is a public key.
1.1 jsing 2748: .It Fl text
1.64 jmc 2749: Print the public/private key in plain text.
1.1 jsing 2750: .It Fl text_pub
2751: Print out only public key components
2752: even if a private key is being processed.
2753: .El
2754: .Sh PKEYPARAM
2755: .Cm openssl pkeyparam
2756: .Op Fl in Ar file
2757: .Op Fl noout
2758: .Op Fl out Ar file
2759: .Op Fl text
2760: .Pp
2761: The
1.61 jmc 2762: .Nm pkeyparam
1.1 jsing 2763: command processes public or private keys.
1.61 jmc 2764: The key type is determined by the PEM headers.
1.1 jsing 2765: .Pp
2766: The options are as follows:
2767: .Bl -tag -width Ds
2768: .It Fl in Ar file
1.61 jmc 2769: The input file to read from,
2770: or standard input if not specified.
1.1 jsing 2771: .It Fl noout
2772: Do not output the encoded version of the parameters.
2773: .It Fl out Ar file
1.61 jmc 2774: The output file to write to,
2775: or standard output if not specified.
1.1 jsing 2776: .It Fl text
1.64 jmc 2777: Print the parameters in plain text.
1.1 jsing 2778: .El
2779: .Sh PKEYUTL
2780: .nr nS 1
2781: .Nm "openssl pkeyutl"
2782: .Op Fl asn1parse
2783: .Op Fl certin
2784: .Op Fl decrypt
2785: .Op Fl derive
2786: .Op Fl encrypt
2787: .Op Fl hexdump
2788: .Op Fl in Ar file
2789: .Op Fl inkey Ar file
1.62 jmc 2790: .Op Fl keyform Cm der | pem
1.1 jsing 2791: .Op Fl out Ar file
2792: .Op Fl passin Ar arg
1.62 jmc 2793: .Op Fl peerform Cm der | pem
1.1 jsing 2794: .Op Fl peerkey Ar file
2795: .Op Fl pkeyopt Ar opt : Ns Ar value
2796: .Op Fl pubin
2797: .Op Fl rev
2798: .Op Fl sigfile Ar file
2799: .Op Fl sign
2800: .Op Fl verify
2801: .Op Fl verifyrecover
2802: .nr nS 0
2803: .Pp
2804: The
2805: .Nm pkeyutl
2806: command can be used to perform public key operations using
2807: any supported algorithm.
2808: .Pp
2809: The options are as follows:
2810: .Bl -tag -width Ds
2811: .It Fl asn1parse
1.84 jmc 2812: ASN.1 parse the output data.
1.1 jsing 2813: This is useful when combined with the
2814: .Fl verifyrecover
1.84 jmc 2815: option when an ASN.1 structure is signed.
1.1 jsing 2816: .It Fl certin
2817: The input is a certificate containing a public key.
2818: .It Fl decrypt
2819: Decrypt the input data using a private key.
2820: .It Fl derive
2821: Derive a shared secret using the peer key.
2822: .It Fl encrypt
2823: Encrypt the input data using a public key.
2824: .It Fl hexdump
2825: Hex dump the output data.
2826: .It Fl in Ar file
1.62 jmc 2827: The input file to read from,
2828: or standard input if not specified.
1.1 jsing 2829: .It Fl inkey Ar file
2830: The input key file.
2831: By default it should be a private key.
1.62 jmc 2832: .It Fl keyform Cm der | pem
2833: The key format.
1.1 jsing 2834: .It Fl out Ar file
1.62 jmc 2835: The output file to write to,
2836: or standard output if not specified.
1.1 jsing 2837: .It Fl passin Ar arg
2838: The key password source.
1.62 jmc 2839: .It Fl peerform Cm der | pem
2840: The peer key format.
1.1 jsing 2841: .It Fl peerkey Ar file
2842: The peer key file, used by key derivation (agreement) operations.
2843: .It Fl pkeyopt Ar opt : Ns Ar value
1.62 jmc 2844: Set the public key algorithm option
2845: .Ar opt
2846: to
2847: .Ar value .
2848: Unless otherwise mentioned, all algorithms support the format
2849: .Ar digest : Ns Ar alg ,
2850: which specifies the digest to use
1.1 jsing 2851: for sign, verify, and verifyrecover operations.
2852: The value
2853: .Ar alg
2854: should represent a digest name as used in the
1.62 jmc 2855: .Xr EVP_get_digestbyname 3
2856: function.
2857: .Pp
1.1 jsing 2858: The RSA algorithm supports the
2859: encrypt, decrypt, sign, verify, and verifyrecover operations in general.
2860: Some padding modes only support some of these
2861: operations however.
2862: .Bl -tag -width Ds
2863: .It rsa_padding_mode : Ns Ar mode
2864: This sets the RSA padding mode.
2865: Acceptable values for
2866: .Ar mode
2867: are
2868: .Cm pkcs1
2869: for PKCS#1 padding;
2870: .Cm none
2871: for no padding;
2872: .Cm oaep
2873: for OAEP mode;
2874: .Cm x931
2875: for X9.31 mode;
2876: and
2877: .Cm pss
2878: for PSS.
2879: .Pp
2880: In PKCS#1 padding if the message digest is not set then the supplied data is
2881: signed or verified directly instead of using a DigestInfo structure.
2882: If a digest is set then a DigestInfo
2883: structure is used and its length
2884: must correspond to the digest type.
2885: For oeap mode only encryption and decryption is supported.
2886: For x931 if the digest type is set it is used to format the block data;
2887: otherwise the first byte is used to specify the X9.31 digest ID.
2888: Sign, verify, and verifyrecover can be performed in this mode.
2889: For pss mode only sign and verify are supported and the digest type must be
2890: specified.
2891: .It rsa_pss_saltlen : Ns Ar len
2892: For pss
2893: mode only this option specifies the salt length.
2894: Two special values are supported:
2895: -1 sets the salt length to the digest length.
2896: When signing -2 sets the salt length to the maximum permissible value.
2897: When verifying -2 causes the salt length to be automatically determined
2898: based on the PSS block structure.
2899: .El
1.62 jmc 2900: .Pp
1.1 jsing 2901: The DSA algorithm supports the sign and verify operations.
2902: Currently there are no additional options other than
2903: .Ar digest .
2904: Only the SHA1 digest can be used and this digest is assumed by default.
1.62 jmc 2905: .Pp
1.1 jsing 2906: The DH algorithm supports the derive operation
2907: and no additional options.
1.62 jmc 2908: .Pp
1.1 jsing 2909: The EC algorithm supports the sign, verify, and derive operations.
2910: The sign and verify operations use ECDSA and derive uses ECDH.
2911: Currently there are no additional options other than
2912: .Ar digest .
2913: Only the SHA1 digest can be used and this digest is assumed by default.
1.62 jmc 2914: .It Fl pubin
2915: The input file is a public key.
2916: .It Fl rev
2917: Reverse the order of the input buffer.
2918: .It Fl sigfile Ar file
2919: Signature file (verify operation only).
2920: .It Fl sign
2921: Sign the input data and output the signed result.
2922: This requires a private key.
2923: .It Fl verify
2924: Verify the input data against the signature file and indicate if the
2925: verification succeeded or failed.
2926: .It Fl verifyrecover
2927: Verify the input data and output the recovered data.
2928: .El
1.1 jsing 2929: .Sh PRIME
2930: .Cm openssl prime
2931: .Op Fl bits Ar n
2932: .Op Fl checks Ar n
2933: .Op Fl generate
2934: .Op Fl hex
2935: .Op Fl safe
2936: .Ar p
2937: .Pp
2938: The
2939: .Nm prime
2940: command is used to generate prime numbers,
2941: or to check numbers for primality.
2942: Results are probabilistic:
2943: they have an exceedingly high likelihood of being correct,
2944: but are not guaranteed.
2945: .Pp
2946: The options are as follows:
2947: .Bl -tag -width Ds
2948: .It Fl bits Ar n
2949: Specify the number of bits in the generated prime number.
2950: Must be used in conjunction with
2951: .Fl generate .
2952: .It Fl checks Ar n
2953: Perform a Miller-Rabin probabilistic primality test with
2954: .Ar n
2955: iterations.
2956: The default is 20.
2957: .It Fl generate
2958: Generate a pseudo-random prime number.
2959: Must be used in conjunction with
2960: .Fl bits .
2961: .It Fl hex
2962: Output in hex format.
2963: .It Fl safe
2964: Generate only
2965: .Qq safe
2966: prime numbers
2967: (i.e. a prime p so that (p-1)/2 is also prime).
2968: .It Ar p
2969: Test if number
2970: .Ar p
2971: is prime.
2972: .El
2973: .Sh RAND
2974: .nr nS 1
2975: .Nm "openssl rand"
2976: .Op Fl base64
2977: .Op Fl hex
2978: .Op Fl out Ar file
2979: .Ar num
2980: .nr nS 0
2981: .Pp
2982: The
2983: .Nm rand
2984: command outputs
2985: .Ar num
2986: pseudo-random bytes.
2987: .Pp
2988: The options are as follows:
2989: .Bl -tag -width Ds
2990: .It Fl base64
1.81 jmc 2991: Perform base64 encoding on the output.
1.1 jsing 2992: .It Fl hex
2993: Specify hexadecimal output.
2994: .It Fl out Ar file
1.63 jmc 2995: The output file to write to,
2996: or standard output if not specified.
1.1 jsing 2997: .El
2998: .Sh REQ
2999: .nr nS 1
3000: .Nm "openssl req"
3001: .Op Fl asn1-kludge
3002: .Op Fl batch
3003: .Op Fl config Ar file
3004: .Op Fl days Ar n
3005: .Op Fl extensions Ar section
3006: .Op Fl in Ar file
1.63 jmc 3007: .Op Fl inform Cm der | pem
1.1 jsing 3008: .Op Fl key Ar keyfile
1.63 jmc 3009: .Op Fl keyform Cm der | pem
1.1 jsing 3010: .Op Fl keyout Ar file
1.28 doug 3011: .Op Fl md4 | md5 | sha1
1.1 jsing 3012: .Op Fl modulus
1.107 inoguchi 3013: .Op Fl multivalue-rdn
1.1 jsing 3014: .Op Fl nameopt Ar option
3015: .Op Fl new
3016: .Op Fl newhdr
3017: .Op Fl newkey Ar arg
3018: .Op Fl no-asn1-kludge
3019: .Op Fl nodes
3020: .Op Fl noout
3021: .Op Fl out Ar file
1.63 jmc 3022: .Op Fl outform Cm der | pem
1.1 jsing 3023: .Op Fl passin Ar arg
3024: .Op Fl passout Ar arg
1.107 inoguchi 3025: .Op Fl pkeyopt Ar opt:value
1.1 jsing 3026: .Op Fl pubkey
3027: .Op Fl reqexts Ar section
3028: .Op Fl reqopt Ar option
3029: .Op Fl set_serial Ar n
1.107 inoguchi 3030: .Op Fl sigopt Ar nm:v
1.1 jsing 3031: .Op Fl subj Ar arg
3032: .Op Fl subject
3033: .Op Fl text
3034: .Op Fl utf8
3035: .Op Fl verbose
3036: .Op Fl verify
3037: .Op Fl x509
3038: .nr nS 0
3039: .Pp
3040: The
3041: .Nm req
3042: command primarily creates and processes certificate requests
3043: in PKCS#10 format.
3044: It can additionally create self-signed certificates,
3045: for use as root CAs, for example.
3046: .Pp
3047: The options are as follows:
3048: .Bl -tag -width Ds
3049: .It Fl asn1-kludge
1.63 jmc 3050: Produce requests in an invalid format for certain picky CAs.
3051: Very few CAs still require the use of this option.
1.1 jsing 3052: .It Fl batch
3053: Non-interactive mode.
3054: .It Fl config Ar file
1.63 jmc 3055: Specify an alternative configuration file.
1.1 jsing 3056: .It Fl days Ar n
1.63 jmc 3057: Specify the number of days to certify the certificate for.
3058: The default is 30 days.
3059: Used with the
1.1 jsing 3060: .Fl x509
1.63 jmc 3061: option.
1.1 jsing 3062: .It Fl extensions Ar section , Fl reqexts Ar section
1.63 jmc 3063: Specify alternative sections to include certificate
3064: extensions (with
3065: .Fl x509 )
3066: or certificate request extensions,
3067: allowing several different sections to be used in the same configuration file.
1.1 jsing 3068: .It Fl in Ar file
1.63 jmc 3069: The input file to read a request from,
3070: or standard input if not specified.
1.1 jsing 3071: A request is only read if the creation options
3072: .Fl new
3073: and
3074: .Fl newkey
3075: are not specified.
1.63 jmc 3076: .It Fl inform Cm der | pem
3077: The input format.
1.1 jsing 3078: .It Fl key Ar keyfile
1.63 jmc 3079: The file to read the private key from.
1.1 jsing 3080: It also accepts PKCS#8 format private keys for PEM format files.
1.63 jmc 3081: .It Fl keyform Cm der | pem
1.1 jsing 3082: The format of the private key file specified in the
3083: .Fl key
3084: argument.
1.81 jmc 3085: The default is
3086: .Cm pem .
1.1 jsing 3087: .It Fl keyout Ar file
1.63 jmc 3088: The file to write the newly created private key to.
3089: If this option is not specified,
3090: the filename present in the configuration file is used.
1.4 sthen 3091: .It Fl md5 | sha1 | sha256
1.63 jmc 3092: The message digest to sign the request with.
1.1 jsing 3093: This overrides the digest algorithm specified in the configuration file.
3094: .Pp
3095: Some public key algorithms may override this choice.
3096: For instance, DSA signatures always use SHA1.
3097: .It Fl modulus
1.63 jmc 3098: Print the value of the modulus of the public key contained in the request.
1.107 inoguchi 3099: .It Fl multivalue-rdn
3100: This option causes the
3101: .Fl subj
3102: argument to be interpreted with full support for multivalued RDNs,
3103: for example
3104: .Qq "/DC=org/DC=OpenSSL/DC=users/UID=123456+CN=John Doe" .
3105: If
3106: .Fl multivalue-rdn
3107: is not used, the UID value is set to
3108: .Qq "123456+CN=John Doe" .
1.1 jsing 3109: .It Fl nameopt Ar option , Fl reqopt Ar option
1.63 jmc 3110: Determine how the subject or issuer names are displayed.
1.1 jsing 3111: .Ar option
1.63 jmc 3112: can be a single option or multiple options separated by commas.
1.1 jsing 3113: Alternatively, these options may be used more than once to set multiple options.
3114: See the
3115: .Sx X509
3116: section below for details.
3117: .It Fl new
1.63 jmc 3118: Generate a new certificate request.
3119: The user is prompted for the relevant field values.
1.1 jsing 3120: The actual fields prompted for and their maximum and minimum sizes
3121: are specified in the configuration file and any requested extensions.
3122: .Pp
3123: If the
3124: .Fl key
3125: option is not used, it will generate a new RSA private
3126: key using information specified in the configuration file.
3127: .It Fl newhdr
1.63 jmc 3128: Add the word NEW to the PEM file header and footer lines
1.112 inoguchi 3129: on the outputted request.
1.63 jmc 3130: Some software and CAs need this.
1.1 jsing 3131: .It Fl newkey Ar arg
1.63 jmc 3132: Create a new certificate request and a new private key.
1.1 jsing 3133: The argument takes one of several forms.
1.63 jmc 3134: .Pp
3135: .No rsa : Ns Ar nbits
3136: generates an RSA key
1.1 jsing 3137: .Ar nbits
3138: in size.
3139: If
3140: .Ar nbits
1.63 jmc 3141: is omitted
3142: the default key size is used.
3143: .Pp
3144: .No dsa : Ns Ar file
3145: generates a DSA key using the parameters in
3146: .Ar file .
3147: .Pp
3148: .No param : Ns Ar file
3149: generates a key using the parameters or certificate in
3150: .Ar file .
3151: .Pp
3152: All other algorithms support the form
3153: .Ar algorithm : Ns Ar file ,
1.1 jsing 3154: where file may be an algorithm parameter file,
3155: created by the
3156: .Cm genpkey -genparam
1.14 jmc 3157: command or an X.509 certificate for a key with appropriate algorithm.
1.63 jmc 3158: .Ar file
3159: can be omitted,
3160: in which case any parameters can be specified via the
1.1 jsing 3161: .Fl pkeyopt
3162: option.
3163: .It Fl no-asn1-kludge
1.63 jmc 3164: Reverse the effect of
1.1 jsing 3165: .Fl asn1-kludge .
3166: .It Fl nodes
1.63 jmc 3167: Do not encrypt the private key.
1.1 jsing 3168: .It Fl noout
1.63 jmc 3169: Do not output the encoded version of the request.
1.1 jsing 3170: .It Fl out Ar file
1.63 jmc 3171: The output file to write to,
1.99 jmc 3172: or standard output if not specified.
1.63 jmc 3173: .It Fl outform Cm der | pem
3174: The output format.
1.1 jsing 3175: .It Fl passin Ar arg
3176: The key password source.
3177: .It Fl passout Ar arg
3178: The output file password source.
1.107 inoguchi 3179: .It Fl pkeyopt Ar opt:value
3180: Set the public key algorithm option
3181: .Ar opt
3182: to
3183: .Ar value .
1.1 jsing 3184: .It Fl pubkey
1.63 jmc 3185: Output the public key.
1.1 jsing 3186: .It Fl reqopt Ar option
3187: Customise the output format used with
3188: .Fl text .
3189: The
3190: .Ar option
3191: argument can be a single option or multiple options separated by commas.
1.63 jmc 3192: See also the discussion of
1.1 jsing 3193: .Fl certopt
1.63 jmc 3194: in the
1.1 jsing 3195: .Nm x509
3196: command.
3197: .It Fl set_serial Ar n
3198: Serial number to use when outputting a self-signed certificate.
3199: This may be specified as a decimal value or a hex value if preceded by
3200: .Sq 0x .
3201: It is possible to use negative serial numbers but this is not recommended.
1.107 inoguchi 3202: .It Fl sigopt Ar nm:v
3203: Pass options to the signature algorithm during sign operation.
3204: The names and values of these options are algorithm-specific.
1.1 jsing 3205: .It Fl subj Ar arg
1.63 jmc 3206: Replaces the subject field of an input request
3207: with the specified data and output the modified request.
3208: .Ar arg
3209: must be formatted as /type0=value0/type1=value1/type2=...;
1.1 jsing 3210: characters may be escaped by
3211: .Sq \e
1.63 jmc 3212: (backslash);
1.1 jsing 3213: no spaces are skipped.
3214: .It Fl subject
1.63 jmc 3215: Print the request subject (or certificate subject if
1.1 jsing 3216: .Fl x509
1.63 jmc 3217: is specified).
1.1 jsing 3218: .It Fl text
1.64 jmc 3219: Print the certificate request in plain text.
1.1 jsing 3220: .It Fl utf8
1.63 jmc 3221: Interpret field values as UTF8 strings, not ASCII.
1.1 jsing 3222: .It Fl verbose
3223: Print extra details about the operations being performed.
3224: .It Fl verify
1.63 jmc 3225: Verify the signature on the request.
1.1 jsing 3226: .It Fl x509
1.63 jmc 3227: Output a self-signed certificate instead of a certificate request.
3228: This is typically used to generate a test certificate or a self-signed root CA.
3229: The extensions added to the certificate (if any)
1.1 jsing 3230: are specified in the configuration file.
3231: Unless specified using the
3232: .Fl set_serial
1.63 jmc 3233: option, 0 is used for the serial number.
1.1 jsing 3234: .El
1.63 jmc 3235: .Pp
1.1 jsing 3236: The configuration options are specified in the
1.63 jmc 3237: .Qq req
1.1 jsing 3238: section of the configuration file.
1.63 jmc 3239: The options available are as follows:
1.1 jsing 3240: .Bl -tag -width "XXXX"
1.63 jmc 3241: .It Cm attributes
3242: The section containing any request attributes: its format
1.1 jsing 3243: is the same as
1.63 jmc 3244: .Cm distinguished_name .
3245: Typically these may contain the challengePassword or unstructuredName types.
3246: They are currently ignored by the
3247: .Nm openssl
1.1 jsing 3248: request signing utilities, but some CAs might want them.
1.63 jmc 3249: .It Cm default_bits
3250: The default key size, in bits.
3251: The default is 2048.
1.1 jsing 3252: It is used if the
3253: .Fl new
1.63 jmc 3254: option is used and can be overridden by using the
1.1 jsing 3255: .Fl newkey
3256: option.
1.63 jmc 3257: .It Cm default_keyfile
3258: The default file to write a private key to,
3259: or standard output if not specified.
3260: It can be overridden by the
1.1 jsing 3261: .Fl keyout
3262: option.
1.63 jmc 3263: .It Cm default_md
3264: The digest algorithm to use.
1.1 jsing 3265: Possible values include
1.63 jmc 3266: .Cm md5 ,
3267: .Cm sha1
1.1 jsing 3268: and
1.63 jmc 3269: .Cm sha256
3270: (the default).
3271: It can be overridden on the command line.
3272: .It Cm distinguished_name
3273: The section containing the distinguished name fields to
1.1 jsing 3274: prompt for when generating a certificate or certificate request.
1.63 jmc 3275: The format is described below.
3276: .It Cm encrypt_key
3277: If set to
3278: .Qq no
3279: and a private key is generated, it is not encrypted.
3280: It is equivalent to the
1.1 jsing 3281: .Fl nodes
1.63 jmc 3282: option.
1.1 jsing 3283: For compatibility,
1.63 jmc 3284: .Cm encrypt_rsa_key
1.1 jsing 3285: is an equivalent option.
1.63 jmc 3286: .It Cm input_password | output_password
3287: The passwords for the input private key file (if present)
3288: and the output private key file (if one will be created).
1.1 jsing 3289: The command line options
3290: .Fl passin
3291: and
3292: .Fl passout
3293: override the configuration file values.
1.63 jmc 3294: .It Cm oid_file
3295: A file containing additional OBJECT IDENTIFIERS.
1.1 jsing 3296: Each line of the file should consist of the numerical form of the
3297: object identifier, followed by whitespace, then the short name followed
3298: by whitespace and finally the long name.
1.63 jmc 3299: .It Cm oid_section
3300: Specify a section in the configuration file containing extra
1.1 jsing 3301: object identifiers.
3302: Each line should consist of the short name of the
3303: object identifier followed by
3304: .Sq =
3305: and the numerical form.
3306: The short and long names are the same when this option is used.
1.63 jmc 3307: .It Cm prompt
3308: If set to
3309: .Qq no ,
3310: it disables prompting of certificate fields
1.1 jsing 3311: and just takes values from the config file directly.
3312: It also changes the expected format of the
1.63 jmc 3313: .Cm distinguished_name
1.1 jsing 3314: and
1.63 jmc 3315: .Cm attributes
1.1 jsing 3316: sections.
1.63 jmc 3317: .It Cm req_extensions
3318: The configuration file section containing a list of
1.1 jsing 3319: extensions to add to the certificate request.
3320: It can be overridden by the
3321: .Fl reqexts
1.63 jmc 3322: option.
3323: .It Cm string_mask
3324: Limit the string types for encoding certain fields.
1.1 jsing 3325: The following values may be used, limiting strings to the indicated types:
3326: .Bl -tag -width "MASK:number"
1.63 jmc 3327: .It Cm utf8only
3328: UTF8String.
1.1 jsing 3329: This is the default, as recommended by PKIX in RFC 2459.
1.63 jmc 3330: .It Cm default
3331: PrintableString, IA5String, T61String, BMPString, UTF8String.
3332: .It Cm pkix
3333: PrintableString, IA5String, BMPString, UTF8String.
3334: Inspired by the PKIX recommendation in RFC 2459 for certificates
3335: generated before 2004, but differs by also permitting IA5String.
3336: .It Cm nombstr
3337: PrintableString, IA5String, T61String, UniversalString.
3338: A workaround for some ancient software that had problems
3339: with the variable-sized BMPString and UTF8String types.
1.1 jsing 3340: .It Cm MASK : Ns Ar number
1.63 jmc 3341: An explicit bitmask of permitted types, where
1.1 jsing 3342: .Ar number
3343: is a C-style hex, decimal, or octal number that's a bit-wise OR of
3344: .Dv B_ASN1_*
3345: values from
3346: .In openssl/asn1.h .
3347: .El
1.63 jmc 3348: .It Cm utf8
3349: If set to
3350: .Qq yes ,
1.72 jmc 3351: field values are interpreted as UTF8 strings.
1.63 jmc 3352: .It Cm x509_extensions
3353: The configuration file section containing a list of
1.1 jsing 3354: extensions to add to a certificate generated when the
3355: .Fl x509
3356: switch is used.
3357: It can be overridden by the
3358: .Fl extensions
1.72 jmc 3359: command line switch.
1.1 jsing 3360: .El
1.63 jmc 3361: .Pp
1.1 jsing 3362: There are two separate formats for the distinguished name and attribute
3363: sections.
3364: If the
3365: .Fl prompt
3366: option is set to
1.63 jmc 3367: .Qq no ,
1.72 jmc 3368: then these sections just consist of field names and values.
3369: If the
1.1 jsing 3370: .Fl prompt
3371: option is absent or not set to
1.63 jmc 3372: .Qq no ,
1.72 jmc 3373: then the file contains field prompting information of the form:
1.1 jsing 3374: .Bd -unfilled -offset indent
3375: fieldName="prompt"
3376: fieldName_default="default field value"
3377: fieldName_min= 2
3378: fieldName_max= 4
3379: .Ed
3380: .Pp
3381: .Qq fieldName
3382: is the field name being used, for example
1.63 jmc 3383: .Cm commonName
3384: (or CN).
1.1 jsing 3385: The
3386: .Qq prompt
3387: string is used to ask the user to enter the relevant details.
3388: If the user enters nothing, the default value is used;
3389: if no default value is present, the field is omitted.
3390: A field can still be omitted if a default value is present,
3391: if the user just enters the
3392: .Sq \&.
3393: character.
3394: .Pp
3395: The number of characters entered must be between the
1.63 jmc 3396: fieldName_min and fieldName_max limits:
1.1 jsing 3397: there may be additional restrictions based on the field being used
3398: (for example
1.63 jmc 3399: .Cm countryName
1.1 jsing 3400: can only ever be two characters long and must fit in a
1.63 jmc 3401: .Cm PrintableString ) .
1.1 jsing 3402: .Pp
3403: Some fields (such as
1.63 jmc 3404: .Cm organizationName )
1.1 jsing 3405: can be used more than once in a DN.
3406: This presents a problem because configuration files will
3407: not recognize the same name occurring twice.
3408: To avoid this problem, if the
1.63 jmc 3409: .Cm fieldName
1.1 jsing 3410: contains some characters followed by a full stop, they will be ignored.
3411: So, for example, a second
1.63 jmc 3412: .Cm organizationName
1.1 jsing 3413: can be input by calling it
3414: .Qq 1.organizationName .
3415: .Pp
3416: The actual permitted field names are any object identifier short or
3417: long names.
3418: These are compiled into
1.63 jmc 3419: .Nm openssl
1.1 jsing 3420: and include the usual values such as
1.63 jmc 3421: .Cm commonName , countryName , localityName , organizationName ,
1.89 jmc 3422: .Cm organizationalUnitName , stateOrProvinceName .
1.1 jsing 3423: Additionally,
1.63 jmc 3424: .Cm emailAddress
1.1 jsing 3425: is included as well as
1.63 jmc 3426: .Cm name , surname , givenName , initials
1.1 jsing 3427: and
1.63 jmc 3428: .Cm dnQualifier .
1.1 jsing 3429: .Pp
3430: Additional object identifiers can be defined with the
1.63 jmc 3431: .Cm oid_file
1.1 jsing 3432: or
1.63 jmc 3433: .Cm oid_section
1.1 jsing 3434: options in the configuration file.
3435: Any additional fields will be treated as though they were a
1.63 jmc 3436: .Cm DirectoryString .
1.1 jsing 3437: .Sh RSA
3438: .nr nS 1
3439: .Nm "openssl rsa"
1.64 jmc 3440: .Op Fl aes128 | aes192 | aes256 | des | des3
1.1 jsing 3441: .Op Fl check
3442: .Op Fl in Ar file
1.108 inoguchi 3443: .Op Fl inform Cm der | net | pem | pvk
1.1 jsing 3444: .Op Fl modulus
3445: .Op Fl noout
3446: .Op Fl out Ar file
1.108 inoguchi 3447: .Op Fl outform Cm der | net | pem | pvk
1.1 jsing 3448: .Op Fl passin Ar arg
3449: .Op Fl passout Ar arg
3450: .Op Fl pubin
3451: .Op Fl pubout
1.108 inoguchi 3452: .Op Fl pvk-none | pvk-strong | pvk-weak
3453: .Op Fl RSAPublicKey_in
3454: .Op Fl RSAPublicKey_out
1.1 jsing 3455: .Op Fl sgckey
3456: .Op Fl text
3457: .nr nS 0
3458: .Pp
3459: The
3460: .Nm rsa
3461: command processes RSA keys.
3462: They can be converted between various forms and their components printed out.
1.64 jmc 3463: .Nm rsa
3464: uses the traditional
1.1 jsing 3465: .Nm SSLeay
3466: compatible format for private key encryption:
3467: newer applications should use the more secure PKCS#8 format using the
3468: .Nm pkcs8
3469: utility.
3470: .Pp
3471: The options are as follows:
3472: .Bl -tag -width Ds
1.64 jmc 3473: .It Fl aes128 | aes192 | aes256 | des | des3
3474: Encrypt the private key with the AES, DES,
1.1 jsing 3475: or the triple DES ciphers, respectively, before outputting it.
3476: A pass phrase is prompted for.
3477: If none of these options are specified, the key is written in plain text.
3478: This means that using the
3479: .Nm rsa
3480: utility to read in an encrypted key with no encryption option can be used
3481: to remove the pass phrase from a key, or by setting the encryption options
3482: it can be used to add or change the pass phrase.
3483: These options can only be used with PEM format output files.
3484: .It Fl check
1.64 jmc 3485: Check the consistency of an RSA private key.
1.1 jsing 3486: .It Fl in Ar file
1.64 jmc 3487: The input file to read from,
3488: or standard input if not specified.
1.1 jsing 3489: If the key is encrypted, a pass phrase will be prompted for.
1.108 inoguchi 3490: .It Fl inform Cm der | net | pem | pvk
1.64 jmc 3491: The input format.
1.1 jsing 3492: .It Fl noout
1.64 jmc 3493: Do not output the encoded version of the key.
1.1 jsing 3494: .It Fl modulus
1.64 jmc 3495: Print the value of the modulus of the key.
1.1 jsing 3496: .It Fl out Ar file
1.64 jmc 3497: The output file to write to,
3498: or standard output if not specified.
1.108 inoguchi 3499: .It Fl outform Cm der | net | pem | pvk
1.64 jmc 3500: The output format.
1.1 jsing 3501: .It Fl passin Ar arg
3502: The key password source.
3503: .It Fl passout Ar arg
3504: The output file password source.
3505: .It Fl pubin
1.64 jmc 3506: Read in a public key,
3507: not a private key.
1.1 jsing 3508: .It Fl pubout
1.64 jmc 3509: Output a public key,
3510: not a private key.
3511: Automatically set if the input is a public key.
1.108 inoguchi 3512: .It Xo
3513: .Fl pvk-none | pvk-strong | pvk-weak
3514: .Xc
3515: Enable or disable PVK encoding.
3516: The default is
3517: .Fl pvk-strong .
3518: .It Fl RSAPublicKey_in , RSAPublicKey_out
3519: Same as
3520: .Fl pubin
3521: and
3522: .Fl pubout
3523: except
3524: .Cm RSAPublicKey
3525: format is used instead.
1.1 jsing 3526: .It Fl sgckey
1.64 jmc 3527: Use the modified NET algorithm used with some versions of Microsoft IIS
3528: and SGC keys.
1.1 jsing 3529: .It Fl text
1.64 jmc 3530: Print the public/private key components in plain text.
1.1 jsing 3531: .El
3532: .Sh RSAUTL
3533: .nr nS 1
3534: .Nm "openssl rsautl"
3535: .Op Fl asn1parse
3536: .Op Fl certin
3537: .Op Fl decrypt
3538: .Op Fl encrypt
3539: .Op Fl hexdump
3540: .Op Fl in Ar file
3541: .Op Fl inkey Ar file
1.65 jmc 3542: .Op Fl keyform Cm der | pem
1.100 tb 3543: .Op Fl oaep | pkcs | raw | x931
1.1 jsing 3544: .Op Fl out Ar file
1.100 tb 3545: .Op Fl passin Ar arg
1.1 jsing 3546: .Op Fl pubin
1.100 tb 3547: .Op Fl rev
1.1 jsing 3548: .Op Fl sign
3549: .Op Fl verify
3550: .nr nS 0
3551: .Pp
3552: The
3553: .Nm rsautl
3554: command can be used to sign, verify, encrypt and decrypt
3555: data using the RSA algorithm.
3556: .Pp
3557: The options are as follows:
3558: .Bl -tag -width Ds
3559: .It Fl asn1parse
3560: Asn1parse the output data; this is useful when combined with the
3561: .Fl verify
3562: option.
3563: .It Fl certin
3564: The input is a certificate containing an RSA public key.
3565: .It Fl decrypt
3566: Decrypt the input data using an RSA private key.
3567: .It Fl encrypt
3568: Encrypt the input data using an RSA public key.
3569: .It Fl hexdump
3570: Hex dump the output data.
3571: .It Fl in Ar file
1.65 jmc 3572: The input to read from,
3573: or standard input if not specified.
1.1 jsing 3574: .It Fl inkey Ar file
1.65 jmc 3575: The input key file; by default an RSA private key.
3576: .It Fl keyform Cm der | pem
1.85 tb 3577: The private key format.
1.65 jmc 3578: The default is
3579: .Cm pem .
1.100 tb 3580: .It Fl oaep | pkcs | raw | x931
1.1 jsing 3581: The padding to use:
1.100 tb 3582: PKCS#1 OAEP, PKCS#1 v1.5 (the default), no padding, or ANSI X9.31,
3583: respectively.
1.1 jsing 3584: For signatures, only
3585: .Fl pkcs
3586: and
3587: .Fl raw
3588: can be used.
3589: .It Fl out Ar file
1.65 jmc 3590: The output file to write to,
3591: or standard output if not specified.
1.100 tb 3592: .It Fl passin Ar arg
3593: The key password source.
1.1 jsing 3594: .It Fl pubin
3595: The input file is an RSA public key.
1.100 tb 3596: .It Fl rev
3597: Reverse the order of the input buffer.
1.1 jsing 3598: .It Fl sign
3599: Sign the input data and output the signed result.
3600: This requires an RSA private key.
3601: .It Fl verify
3602: Verify the input data and output the recovered data.
3603: .El
3604: .Sh S_CLIENT
3605: .nr nS 1
3606: .Nm "openssl s_client"
3607: .Op Fl 4 | 6
1.110 inoguchi 3608: .Op Fl alpn Ar protocols
1.1 jsing 3609: .Op Fl bugs
3610: .Op Fl CAfile Ar file
3611: .Op Fl CApath Ar directory
3612: .Op Fl cert Ar file
1.110 inoguchi 3613: .Op Fl certform Cm der | pem
1.1 jsing 3614: .Op Fl check_ss_sig
3615: .Op Fl cipher Ar cipherlist
1.66 jmc 3616: .Op Fl connect Ar host Ns Op : Ns Ar port
1.1 jsing 3617: .Op Fl crl_check
3618: .Op Fl crl_check_all
3619: .Op Fl crlf
3620: .Op Fl debug
1.110 inoguchi 3621: .Op Fl dtls1
1.1 jsing 3622: .Op Fl extended_crl
1.87 jmc 3623: .Op Fl groups
1.110 inoguchi 3624: .Op Fl host Ar host
1.1 jsing 3625: .Op Fl ign_eof
3626: .Op Fl ignore_critical
3627: .Op Fl issuer_checks
3628: .Op Fl key Ar keyfile
1.110 inoguchi 3629: .Op Fl keyform Cm der | pem
3630: .Op Fl keymatexport Ar label
3631: .Op Fl keymatexportlen Ar len
3632: .Op Fl legacy_server_connect
1.1 jsing 3633: .Op Fl msg
1.110 inoguchi 3634: .Op Fl mtu Ar mtu
1.1 jsing 3635: .Op Fl nbio
3636: .Op Fl nbio_test
1.110 inoguchi 3637: .Op Fl no_comp
3638: .Op Fl no_ign_eof
3639: .Op Fl no_legacy_server_connect
1.1 jsing 3640: .Op Fl no_ticket
3641: .Op Fl no_tls1
1.6 guenther 3642: .Op Fl no_tls1_1
3643: .Op Fl no_tls1_2
1.110 inoguchi 3644: .Op Fl pass Ar arg
1.1 jsing 3645: .Op Fl pause
3646: .Op Fl policy_check
1.110 inoguchi 3647: .Op Fl port Ar port
1.1 jsing 3648: .Op Fl prexit
1.11 bluhm 3649: .Op Fl proxy Ar host : Ns Ar port
1.1 jsing 3650: .Op Fl quiet
3651: .Op Fl reconnect
1.5 jsing 3652: .Op Fl servername Ar name
1.110 inoguchi 3653: .Op Fl serverpref
3654: .Op Fl sess_in Ar file
3655: .Op Fl sess_out Ar file
1.1 jsing 3656: .Op Fl showcerts
3657: .Op Fl starttls Ar protocol
3658: .Op Fl state
1.110 inoguchi 3659: .Op Fl status
3660: .Op Fl timeout
1.1 jsing 3661: .Op Fl tls1
1.31 jmc 3662: .Op Fl tls1_1
3663: .Op Fl tls1_2
1.1 jsing 3664: .Op Fl tlsextdebug
1.110 inoguchi 3665: .Op Fl use_srtp Ar profiles
1.1 jsing 3666: .Op Fl verify Ar depth
1.110 inoguchi 3667: .Op Fl verify_return_error
1.1 jsing 3668: .Op Fl x509_strict
1.19 landry 3669: .Op Fl xmpphost Ar host
1.1 jsing 3670: .nr nS 0
3671: .Pp
3672: The
3673: .Nm s_client
3674: command implements a generic SSL/TLS client which connects
3675: to a remote host using SSL/TLS.
1.66 jmc 3676: .Pp
3677: If a connection is established with an SSL server, any data received
3678: from the server is displayed and any key presses will be sent to the
3679: server.
3680: When used interactively (which means neither
3681: .Fl quiet
3682: nor
3683: .Fl ign_eof
3684: have been given), the session will be renegotiated if the line begins with an
3685: .Cm R ;
3686: if the line begins with a
3687: .Cm Q
3688: or if end of file is reached, the connection will be closed down.
1.1 jsing 3689: .Pp
3690: The options are as follows:
3691: .Bl -tag -width Ds
3692: .It Fl 4
1.66 jmc 3693: Attempt connections using IPv4 only.
1.1 jsing 3694: .It Fl 6
1.66 jmc 3695: Attempt connections using IPv6 only.
1.110 inoguchi 3696: .It Fl alpn Ar protocols
3697: Enable the Application-Layer Protocol Negotiation.
3698: .Ar protocols
3699: is a comma-separated list of protocol names that the client should advertise
3700: support for.
1.1 jsing 3701: .It Fl bugs
1.66 jmc 3702: Enable various workarounds for buggy implementations.
1.1 jsing 3703: .It Fl CAfile Ar file
3704: A
3705: .Ar file
3706: containing trusted certificates to use during server authentication
3707: and to use when attempting to build the client certificate chain.
3708: .It Fl CApath Ar directory
3709: The
3710: .Ar directory
3711: to use for server certificate verification.
3712: This directory must be in
3713: .Qq hash format ;
3714: see
3715: .Fl verify
3716: for more information.
3717: These are also used when building the client certificate chain.
3718: .It Fl cert Ar file
3719: The certificate to use, if one is requested by the server.
3720: The default is not to use a certificate.
1.110 inoguchi 3721: .It Fl certform Cm der | pem
3722: The certificate format.
3723: The default is
3724: .Cm pem .
1.1 jsing 3725: .It Xo
3726: .Fl check_ss_sig ,
3727: .Fl crl_check ,
3728: .Fl crl_check_all ,
3729: .Fl extended_crl ,
3730: .Fl ignore_critical ,
3731: .Fl issuer_checks ,
3732: .Fl policy_check ,
3733: .Fl x509_strict
3734: .Xc
3735: Set various certificate chain validation options.
3736: See the
1.66 jmc 3737: .Nm verify
1.1 jsing 3738: command for details.
3739: .It Fl cipher Ar cipherlist
1.66 jmc 3740: Modify the cipher list sent by the client.
1.1 jsing 3741: Although the server determines which cipher suite is used, it should take
3742: the first supported cipher in the list sent by the client.
3743: See the
1.66 jmc 3744: .Nm ciphers
3745: command for more information.
3746: .It Fl connect Ar host Ns Op : Ns Ar port
3747: The
1.1 jsing 3748: .Ar host
1.66 jmc 3749: and
1.1 jsing 3750: .Ar port
3751: to connect to.
3752: If not specified, an attempt is made to connect to the local host
3753: on port 4433.
3754: Alternatively, the host and port pair may be separated using a forward-slash
1.66 jmc 3755: character,
3756: which is useful for numeric IPv6 addresses.
1.1 jsing 3757: .It Fl crlf
1.66 jmc 3758: Translate a line feed from the terminal into CR+LF,
3759: as required by some servers.
1.1 jsing 3760: .It Fl debug
1.66 jmc 3761: Print extensive debugging information, including a hex dump of all traffic.
1.110 inoguchi 3762: .It Fl dtls1
3763: Permit only DTLS1.0.
1.87 jmc 3764: .It Fl groups Ar ecgroups
3765: Specify a colon-separated list of permitted EC curve groups.
1.110 inoguchi 3766: .It Fl host Ar host
3767: The
3768: .Ar host
3769: to connect to.
3770: The default is localhost.
1.1 jsing 3771: .It Fl ign_eof
1.66 jmc 3772: Inhibit shutting down the connection when end of file is reached in the input.
1.1 jsing 3773: .It Fl key Ar keyfile
3774: The private key to use.
3775: If not specified, the certificate file will be used.
1.110 inoguchi 3776: .It Fl keyform Cm der | pem
3777: The private key format.
3778: The default is
3779: .Cm pem .
3780: .It Fl keymatexport Ar label
3781: Export keying material using label.
3782: .It Fl keymatexportlen Ar len
3783: Export len bytes of keying material (default 20).
3784: .It Fl legacy_server_connect , no_legacy_server_connect
3785: Allow or disallow initial connection to servers that don't support RI.
1.1 jsing 3786: .It Fl msg
3787: Show all protocol messages with hex dump.
1.110 inoguchi 3788: .It Fl mtu Ar mtu
3789: Set the link layer MTU.
1.1 jsing 3790: .It Fl nbio
1.66 jmc 3791: Turn on non-blocking I/O.
1.1 jsing 3792: .It Fl nbio_test
1.66 jmc 3793: Test non-blocking I/O.
1.110 inoguchi 3794: .It Fl no_ign_eof
3795: Shut down the connection when end of file is reached in the input.
3796: Can be used to override the implicit
3797: .Fl ign_eof
3798: after
3799: .Fl quiet .
1.31 jmc 3800: .It Fl no_tls1 | no_tls1_1 | no_tls1_2
1.66 jmc 3801: Disable the use of TLS1.0, 1.1, and 1.2, respectively.
1.1 jsing 3802: .It Fl no_ticket
3803: Disable RFC 4507 session ticket support.
1.110 inoguchi 3804: .It Fl pass Ar arg
3805: The private key password source.
1.1 jsing 3806: .It Fl pause
1.66 jmc 3807: Pause 1 second between each read and write call.
1.110 inoguchi 3808: .It Fl port Ar port
3809: The
3810: .Ar port
3811: to connect to.
3812: The default is 4433.
1.1 jsing 3813: .It Fl prexit
3814: Print session information when the program exits.
3815: This will always attempt
3816: to print out information even if the connection fails.
3817: Normally, information will only be printed out once if the connection succeeds.
3818: This option is useful because the cipher in use may be renegotiated
3819: or the connection may fail because a client certificate is required or is
3820: requested only after an attempt is made to access a certain URL.
1.66 jmc 3821: Note that the output produced by this option is not always accurate
3822: because a connection might never have been established.
1.11 bluhm 3823: .It Fl proxy Ar host : Ns Ar port
3824: Use the HTTP proxy at
3825: .Ar host
3826: and
3827: .Ar port .
3828: The connection to the proxy is done in cleartext and the
3829: .Fl connect
3830: argument is given to the proxy.
3831: If not specified, localhost is used as final destination.
3832: After that, switch the connection through the proxy to the destination
3833: to TLS.
1.1 jsing 3834: .It Fl quiet
3835: Inhibit printing of session and certificate information.
3836: This implicitly turns on
3837: .Fl ign_eof
3838: as well.
3839: .It Fl reconnect
1.66 jmc 3840: Reconnect to the same server 5 times using the same session ID; this can
1.1 jsing 3841: be used as a test that session caching is working.
1.5 jsing 3842: .It Fl servername Ar name
3843: Include the TLS Server Name Indication (SNI) extension in the ClientHello
3844: message, using the specified server
3845: .Ar name .
1.1 jsing 3846: .It Fl showcerts
3847: Display the whole server certificate chain: normally only the server
3848: certificate itself is displayed.
1.110 inoguchi 3849: .It Fl serverpref
3850: Use the server's cipher preferences.
3851: .It Fl sess_in Ar file
3852: Load TLS session from file.
3853: The client will attempt to resume a connection from this session.
3854: .It Fl sess_out Ar file
3855: Output TLS session to file.
1.1 jsing 3856: .It Fl starttls Ar protocol
1.66 jmc 3857: Send the protocol-specific messages to switch to TLS for communication.
1.1 jsing 3858: .Ar protocol
3859: is a keyword for the intended protocol.
3860: Currently, the supported keywords are
3861: .Qq ftp ,
3862: .Qq imap ,
3863: .Qq smtp ,
3864: .Qq pop3 ,
3865: and
3866: .Qq xmpp .
3867: .It Fl state
1.66 jmc 3868: Print the SSL session states.
1.110 inoguchi 3869: .It Fl status
3870: Send a certificate status request to the server (OCSP stapling).
3871: The server response (if any) is printed out.
3872: .It Fl timeout
3873: Enable send/receive timeout on DTLS connections.
1.31 jmc 3874: .It Fl tls1 | tls1_1 | tls1_2
3875: Permit only TLS1.0, 1.1, or 1.2, respectively.
1.1 jsing 3876: .It Fl tlsextdebug
1.66 jmc 3877: Print a hex dump of any TLS extensions received from the server.
1.110 inoguchi 3878: .It Fl use_srtp Ar profiles
3879: Offer SRTP key management with a colon-separated profile list.
1.1 jsing 3880: .It Fl verify Ar depth
1.66 jmc 3881: Turn on server certificate verification,
3882: with a maximum length of
3883: .Ar depth .
1.1 jsing 3884: Currently the verify operation continues after errors so all the problems
3885: with a certificate chain can be seen.
3886: As a side effect the connection will never fail due to a server
3887: certificate verify failure.
1.110 inoguchi 3888: .It Fl verify_return_error
3889: Return verification error.
1.19 landry 3890: .It Fl xmpphost Ar hostname
1.66 jmc 3891: When used with
1.19 landry 3892: .Fl starttls Ar xmpp ,
1.66 jmc 3893: specify the host for the "to" attribute of the stream element.
1.19 landry 3894: If this option is not specified then the host specified with
3895: .Fl connect
3896: will be used.
1.1 jsing 3897: .El
3898: .Sh S_SERVER
3899: .nr nS 1
3900: .Nm "openssl s_server"
3901: .Op Fl accept Ar port
1.111 inoguchi 3902: .Op Fl alpn Ar protocols
1.1 jsing 3903: .Op Fl bugs
3904: .Op Fl CAfile Ar file
3905: .Op Fl CApath Ar directory
3906: .Op Fl cert Ar file
1.111 inoguchi 3907: .Op Fl cert2 Ar file
3908: .Op Fl certform Cm der | pem
1.1 jsing 3909: .Op Fl cipher Ar cipherlist
3910: .Op Fl context Ar id
3911: .Op Fl crl_check
3912: .Op Fl crl_check_all
3913: .Op Fl crlf
3914: .Op Fl dcert Ar file
1.111 inoguchi 3915: .Op Fl dcertform Cm der | pem
1.1 jsing 3916: .Op Fl debug
3917: .Op Fl dhparam Ar file
3918: .Op Fl dkey Ar file
1.111 inoguchi 3919: .Op Fl dkeyform Cm der | pem
3920: .Op Fl dpass Ar arg
3921: .Op Fl dtls1
1.1 jsing 3922: .Op Fl HTTP
3923: .Op Fl id_prefix Ar arg
3924: .Op Fl key Ar keyfile
1.111 inoguchi 3925: .Op Fl key2 Ar keyfile
3926: .Op Fl keyform Cm der | pem
3927: .Op Fl keymatexport Ar label
3928: .Op Fl keymatexportlen Ar len
1.1 jsing 3929: .Op Fl msg
1.111 inoguchi 3930: .Op Fl mtu Ar mtu
3931: .Op Fl named_curve Ar arg
1.1 jsing 3932: .Op Fl nbio
3933: .Op Fl nbio_test
1.111 inoguchi 3934: .Op Fl no_cache
1.1 jsing 3935: .Op Fl no_dhe
1.111 inoguchi 3936: .Op Fl no_ecdhe
3937: .Op Fl no_ticket
1.1 jsing 3938: .Op Fl no_tls1
1.6 guenther 3939: .Op Fl no_tls1_1
3940: .Op Fl no_tls1_2
1.1 jsing 3941: .Op Fl no_tmp_rsa
3942: .Op Fl nocert
1.111 inoguchi 3943: .Op Fl pass Ar arg
1.1 jsing 3944: .Op Fl quiet
1.111 inoguchi 3945: .Op Fl servername Ar name
3946: .Op Fl servername_fatal
1.1 jsing 3947: .Op Fl serverpref
3948: .Op Fl state
1.111 inoguchi 3949: .Op Fl status
3950: .Op Fl status_timeout Ar nsec
3951: .Op Fl status_url Ar url
3952: .Op Fl status_verbose
3953: .Op Fl timeout
1.1 jsing 3954: .Op Fl tls1
1.31 jmc 3955: .Op Fl tls1_1
3956: .Op Fl tls1_2
1.111 inoguchi 3957: .Op Fl tlsextdebug
3958: .Op Fl use_srtp Ar profiles
1.1 jsing 3959: .Op Fl Verify Ar depth
3960: .Op Fl verify Ar depth
1.111 inoguchi 3961: .Op Fl verify_return_error
1.1 jsing 3962: .Op Fl WWW
3963: .Op Fl www
3964: .nr nS 0
3965: .Pp
3966: The
3967: .Nm s_server
3968: command implements a generic SSL/TLS server which listens
3969: for connections on a given port using SSL/TLS.
3970: .Pp
1.67 jmc 3971: If a connection request is established with a client and neither the
3972: .Fl www
3973: nor the
3974: .Fl WWW
3975: option has been used, then any data received
3976: from the client is displayed and any key presses are sent to the client.
3977: Certain single letter commands perform special operations:
3978: .Pp
3979: .Bl -tag -width "XXXX" -compact
3980: .It Ic P
3981: Send plain text, which should cause the client to disconnect.
3982: .It Ic Q
3983: End the current SSL connection and exit.
3984: .It Ic q
3985: End the current SSL connection, but still accept new connections.
3986: .It Ic R
3987: Renegotiate the SSL session and request a client certificate.
3988: .It Ic r
3989: Renegotiate the SSL session.
3990: .It Ic S
3991: Print out some session cache status information.
3992: .El
3993: .Pp
1.1 jsing 3994: The options are as follows:
3995: .Bl -tag -width Ds
1.113 ! inoguchi 3996: .It Fl accept Ar port
1.67 jmc 3997: Listen on TCP
1.1 jsing 3998: .Ar port
1.67 jmc 3999: for connections.
4000: The default is port 4433.
1.111 inoguchi 4001: .It Fl alpn Ar protocols
4002: Enable the Application-Layer Protocol Negotiation.
4003: .Ar protocols
4004: is a comma-separated list of supported protocol names.
1.1 jsing 4005: .It Fl bugs
1.67 jmc 4006: Enable various workarounds for buggy implementations.
1.1 jsing 4007: .It Fl CAfile Ar file
1.67 jmc 4008: A
4009: .Ar file
4010: containing trusted certificates to use during client authentication
1.1 jsing 4011: and to use when attempting to build the server certificate chain.
4012: The list is also used in the list of acceptable client CAs passed to the
4013: client when a certificate is requested.
4014: .It Fl CApath Ar directory
4015: The
4016: .Ar directory
4017: to use for client certificate verification.
4018: This directory must be in
4019: .Qq hash format ;
4020: see
4021: .Fl verify
4022: for more information.
4023: These are also used when building the server certificate chain.
4024: .It Fl cert Ar file
1.67 jmc 4025: The certificate to use: most server's cipher suites require the use of a
4026: certificate and some require a certificate with a certain public key type.
4027: For example, the DSS cipher suites require a certificate containing a DSS
4028: (DSA) key.
1.1 jsing 4029: If not specified, the file
4030: .Pa server.pem
4031: will be used.
1.111 inoguchi 4032: .It Fl cert2 Ar file
4033: The certificate to use for servername.
4034: .It Fl certform Cm der | pem
4035: The certificate format.
4036: The default is
4037: .Cm pem .
1.1 jsing 4038: .It Fl cipher Ar cipherlist
1.67 jmc 4039: Modify the cipher list used by the server.
1.1 jsing 4040: This allows the cipher list used by the server to be modified.
4041: When the client sends a list of supported ciphers, the first client cipher
4042: also included in the server list is used.
4043: Because the client specifies the preference order, the order of the server
4044: cipherlist is irrelevant.
4045: See the
1.67 jmc 4046: .Nm ciphers
4047: command for more information.
1.1 jsing 4048: .It Fl context Ar id
1.67 jmc 4049: Set the SSL context ID.
1.1 jsing 4050: It can be given any string value.
4051: .It Fl crl_check , crl_check_all
4052: Check the peer certificate has not been revoked by its CA.
4053: The CRLs are appended to the certificate file.
4054: .Fl crl_check_all
1.67 jmc 4055: checks all CRLs of all CAs in the chain.
1.1 jsing 4056: .It Fl crlf
1.67 jmc 4057: Translate a line feed from the terminal into CR+LF.
1.1 jsing 4058: .It Fl dcert Ar file , Fl dkey Ar file
4059: Specify an additional certificate and private key; these behave in the
4060: same manner as the
4061: .Fl cert
4062: and
4063: .Fl key
4064: options except there is no default if they are not specified
1.67 jmc 4065: (no additional certificate or key is used).
1.1 jsing 4066: By using RSA and DSS certificates and keys,
4067: a server can support clients which only support RSA or DSS cipher suites
4068: by using an appropriate certificate.
1.111 inoguchi 4069: .It Fl dcertform Cm der | pem , Fl dkeyform Cm der | pem , Fl dpass Ar arg
4070: Additional certificate and private key format, and private key password source,
4071: respectively.
1.1 jsing 4072: .It Fl debug
1.67 jmc 4073: Print extensive debugging information, including a hex dump of all traffic.
1.1 jsing 4074: .It Fl dhparam Ar file
4075: The DH parameter file to use.
4076: The ephemeral DH cipher suites generate keys
4077: using a set of DH parameters.
4078: If not specified, an attempt is made to
4079: load the parameters from the server certificate file.
4080: If this fails, a static set of parameters hard coded into the
4081: .Nm s_server
4082: program will be used.
1.111 inoguchi 4083: .It Fl dtls1
4084: Permit only DTLS1.0.
1.1 jsing 4085: .It Fl HTTP
1.67 jmc 4086: Emulate a simple web server.
4087: Pages are resolved relative to the current directory.
4088: For example if the URL
1.1 jsing 4089: .Pa https://myhost/page.html
4090: is requested, the file
4091: .Pa ./page.html
4092: will be loaded.
4093: The files loaded are assumed to contain a complete and correct HTTP
4094: response (lines that are part of the HTTP response line and headers
4095: must end with CRLF).
4096: .It Fl id_prefix Ar arg
4097: Generate SSL/TLS session IDs prefixed by
4098: .Ar arg .
4099: This is mostly useful for testing any SSL/TLS code
1.81 jmc 4100: that wish to deal with multiple servers,
4101: when each of which might be generating a unique range of session IDs.
1.1 jsing 4102: .It Fl key Ar keyfile
4103: The private key to use.
4104: If not specified, the certificate file will be used.
1.111 inoguchi 4105: .It Fl key2 Ar keyfile
4106: The private key to use for servername.
4107: .It Fl keyform Cm der | pem
4108: The private key format.
4109: The default is
4110: .Cm pem .
4111: .It Fl keymatexport Ar label
4112: Export keying material using label.
4113: .It Fl keymatexportlen Ar len
4114: Export len bytes of keying material (default 20).
1.1 jsing 4115: .It Fl msg
4116: Show all protocol messages with hex dump.
1.111 inoguchi 4117: .It Fl mtu Ar mtu
4118: Set the link layer MTU.
4119: .It Fl named_curve Ar arg
4120: Specify the elliptic curve name to use for ephemeral ECDH keys.
1.1 jsing 4121: .It Fl nbio
1.67 jmc 4122: Turn on non-blocking I/O.
1.1 jsing 4123: .It Fl nbio_test
1.67 jmc 4124: Test non-blocking I/O.
1.111 inoguchi 4125: .It Fl no_cache
4126: Disable session caching.
1.1 jsing 4127: .It Fl no_dhe
1.67 jmc 4128: Disable ephemeral DH cipher suites.
1.111 inoguchi 4129: .It Fl no_ecdhe
4130: Disable ephemeral ECDH cipher suites.
4131: .It Fl no_ticket
4132: Disable RFC 4507 session ticket support.
1.31 jmc 4133: .It Fl no_tls1 | no_tls1_1 | no_tls1_2
1.67 jmc 4134: Disable the use of TLS1.0, 1.1, and 1.2, respectively.
1.1 jsing 4135: .It Fl no_tmp_rsa
1.67 jmc 4136: Disable temporary RSA key generation.
1.1 jsing 4137: .It Fl nocert
1.67 jmc 4138: Do not use a certificate.
1.1 jsing 4139: This restricts the cipher suites available to the anonymous ones
1.67 jmc 4140: (currently just anonymous DH).
1.111 inoguchi 4141: .It Fl pass Ar arg
4142: The private key password source.
1.1 jsing 4143: .It Fl quiet
4144: Inhibit printing of session and certificate information.
1.111 inoguchi 4145: .It Fl servername Ar name
4146: Set the TLS Server Name Indication (SNI) extension with
4147: .Ar name .
4148: .It Fl servername_fatal
4149: Send fatal alert if servername does not match.
4150: The default is warning alert.
1.1 jsing 4151: .It Fl serverpref
4152: Use server's cipher preferences.
4153: .It Fl state
1.67 jmc 4154: Print the SSL session states.
1.111 inoguchi 4155: .It Fl status
4156: Enables certificate status request support (OCSP stapling).
4157: .It Fl status_timeout Ar nsec
4158: Sets the timeout for OCSP response in seconds.
4159: .It Fl status_url Ar url
4160: Sets a fallback responder URL to use if no responder URL is present in the
4161: server certificate.
4162: Without this option, an error is returned if the server certificate does not
4163: contain a responder address.
4164: .It Fl status_verbose
4165: Enables certificate status request support (OCSP stapling) and gives a verbose
4166: printout of the OCSP response.
4167: .It Fl timeout
4168: Enable send/receive timeout on DTLS connections.
1.31 jmc 4169: .It Fl tls1 | tls1_1 | tls1_2
4170: Permit only TLS1.0, 1.1, or 1.2, respectively.
1.111 inoguchi 4171: .It Fl tlsextdebug
4172: Print a hex dump of any TLS extensions received from the server.
4173: .It Fl use_srtp Ar profiles
4174: Offer SRTP key management with a colon-separated profile list.
4175: .It Fl verify_return_error
4176: Return verification error.
1.1 jsing 4177: .It Fl WWW
1.67 jmc 4178: Emulate a simple web server.
4179: Pages are resolved relative to the current directory.
4180: For example if the URL
1.1 jsing 4181: .Pa https://myhost/page.html
4182: is requested, the file
4183: .Pa ./page.html
4184: will be loaded.
4185: .It Fl www
1.67 jmc 4186: Send a status message to the client when it connects,
4187: including information about the ciphers used and various session parameters.
1.1 jsing 4188: The output is in HTML format so this option will normally be used with a
4189: web browser.
4190: .It Fl Verify Ar depth , Fl verify Ar depth
1.67 jmc 4191: Request a certificate chain from the client,
4192: with a maximum length of
4193: .Ar depth .
4194: With
4195: .Fl Verify ,
4196: the client must supply a certificate or an error occurs;
4197: with
4198: .Fl verify ,
4199: a certificate is requested but the client does not have to send one.
1.1 jsing 4200: .El
4201: .Sh S_TIME
4202: .nr nS 1
4203: .Nm "openssl s_time"
4204: .Op Fl bugs
4205: .Op Fl CAfile Ar file
4206: .Op Fl CApath Ar directory
4207: .Op Fl cert Ar file
4208: .Op Fl cipher Ar cipherlist
1.68 jmc 4209: .Op Fl connect Ar host Ns Op : Ns Ar port
1.1 jsing 4210: .Op Fl key Ar keyfile
4211: .Op Fl nbio
4212: .Op Fl new
1.20 lteo 4213: .Op Fl no_shutdown
1.1 jsing 4214: .Op Fl reuse
4215: .Op Fl time Ar seconds
4216: .Op Fl verify Ar depth
4217: .Op Fl www Ar page
4218: .nr nS 0
4219: .Pp
4220: The
1.68 jmc 4221: .Nm s_time
1.1 jsing 4222: command implements a generic SSL/TLS client which connects to a
4223: remote host using SSL/TLS.
4224: It can request a page from the server and includes
4225: the time to transfer the payload data in its timing measurements.
4226: It measures the number of connections within a given timeframe,
4227: the amount of data transferred
4228: .Pq if any ,
4229: and calculates the average time spent for one connection.
4230: .Pp
4231: The options are as follows:
4232: .Bl -tag -width Ds
4233: .It Fl bugs
1.68 jmc 4234: Enable various workarounds for buggy implementations.
1.1 jsing 4235: .It Fl CAfile Ar file
1.68 jmc 4236: A
4237: .Ar file
4238: containing trusted certificates to use during server authentication
1.1 jsing 4239: and to use when attempting to build the client certificate chain.
4240: .It Fl CApath Ar directory
4241: The directory to use for server certificate verification.
4242: This directory must be in
4243: .Qq hash format ;
4244: see
4245: .Nm verify
4246: for more information.
4247: These are also used when building the client certificate chain.
4248: .It Fl cert Ar file
4249: The certificate to use, if one is requested by the server.
4250: The default is not to use a certificate.
4251: .It Fl cipher Ar cipherlist
1.68 jmc 4252: Modify the cipher list sent by the client.
1.1 jsing 4253: Although the server determines which cipher suite is used,
4254: it should take the first supported cipher in the list sent by the client.
4255: See the
4256: .Nm ciphers
4257: command for more information.
1.68 jmc 4258: .It Fl connect Ar host Ns Op : Ns Ar port
4259: The host and port to connect to.
1.1 jsing 4260: .It Fl key Ar keyfile
4261: The private key to use.
4262: If not specified, the certificate file will be used.
4263: .It Fl nbio
1.68 jmc 4264: Turn on non-blocking I/O.
1.1 jsing 4265: .It Fl new
1.68 jmc 4266: Perform the timing test using a new session ID for each connection.
1.1 jsing 4267: If neither
4268: .Fl new
4269: nor
4270: .Fl reuse
4271: are specified,
4272: they are both on by default and executed in sequence.
1.20 lteo 4273: .It Fl no_shutdown
1.21 jmc 4274: Shut down the connection without sending a
1.68 jmc 4275: .Qq close notify
1.20 lteo 4276: shutdown alert to the server.
1.1 jsing 4277: .It Fl reuse
1.68 jmc 4278: Perform the timing test using the same session ID for each connection.
1.1 jsing 4279: If neither
4280: .Fl new
4281: nor
4282: .Fl reuse
4283: are specified,
4284: they are both on by default and executed in sequence.
4285: .It Fl time Ar seconds
1.68 jmc 4286: Limit
1.1 jsing 4287: .Nm s_time
1.68 jmc 4288: benchmarks to the number of
4289: .Ar seconds .
1.1 jsing 4290: The default is 30 seconds.
4291: .It Fl verify Ar depth
1.68 jmc 4292: Turn on server certificate verification,
4293: with a maximum length of
4294: .Ar depth .
1.1 jsing 4295: Currently the verify operation continues after errors, so all the problems
4296: with a certificate chain can be seen.
4297: As a side effect,
4298: the connection will never fail due to a server certificate verify failure.
4299: .It Fl www Ar page
1.68 jmc 4300: The page to GET from the server.
1.1 jsing 4301: A value of
4302: .Sq /
4303: gets the index.htm[l] page.
4304: If this parameter is not specified,
4305: .Nm s_time
4306: will only perform the handshake to establish SSL connections
4307: but not transfer any payload data.
4308: .El
4309: .Sh SESS_ID
4310: .nr nS 1
4311: .Nm "openssl sess_id"
4312: .Op Fl cert
4313: .Op Fl context Ar ID
4314: .Op Fl in Ar file
1.69 jmc 4315: .Op Fl inform Cm der | pem
1.1 jsing 4316: .Op Fl noout
4317: .Op Fl out Ar file
1.69 jmc 4318: .Op Fl outform Cm der | pem
1.1 jsing 4319: .Op Fl text
4320: .nr nS 0
4321: .Pp
4322: The
4323: .Nm sess_id
4324: program processes the encoded version of the SSL session structure and
4325: optionally prints out SSL session details
1.69 jmc 4326: (for example the SSL session master key)
1.72 jmc 4327: in human-readable format.
1.1 jsing 4328: .Pp
4329: The options are as follows:
4330: .Bl -tag -width Ds
4331: .It Fl cert
4332: If a certificate is present in the session,
4333: it will be output using this option;
4334: if the
4335: .Fl text
4336: option is also present, then it will be printed out in text form.
4337: .It Fl context Ar ID
1.69 jmc 4338: Set the session
1.1 jsing 4339: .Ar ID .
1.69 jmc 4340: The ID can be any string of characters.
1.1 jsing 4341: .It Fl in Ar file
1.69 jmc 4342: The input file to read from,
4343: or standard input if not specified.
4344: .It Fl inform Cm der | pem
4345: The input format.
4346: .Cm der
1.84 jmc 4347: uses an ASN.1 DER-encoded format containing session details.
1.1 jsing 4348: The precise format can vary from one version to the next.
1.69 jmc 4349: .Cm pem
4350: is the default format: it consists of the DER
1.1 jsing 4351: format base64-encoded with additional header and footer lines.
4352: .It Fl noout
1.69 jmc 4353: Do not output the encoded version of the session.
1.1 jsing 4354: .It Fl out Ar file
1.69 jmc 4355: The output file to write to,
4356: or standard output if not specified.
4357: .It Fl outform Cm der | pem
4358: The output format.
1.1 jsing 4359: .It Fl text
1.69 jmc 4360: Print the various public or private key components in plain text,
4361: in addition to the encoded version.
1.1 jsing 4362: .El
4363: .Pp
1.69 jmc 4364: The output of
4365: .Nm sess_id
4366: is composed as follows:
1.1 jsing 4367: .Pp
1.69 jmc 4368: .Bl -tag -width "Verify return code " -offset 3n -compact
4369: .It Protocol
4370: The protocol in use.
4371: .It Cipher
4372: The actual raw SSL or TLS cipher code.
4373: .It Session-ID
4374: The SSL session ID, in hex format.
4375: .It Session-ID-ctx
4376: The session ID context, in hex format.
4377: .It Master-Key
4378: The SSL session master key.
4379: .It Key-Arg
1.1 jsing 4380: The key argument; this is only used in SSL v2.
1.69 jmc 4381: .It Start Time
4382: The session start time.
1.1 jsing 4383: .Ux
4384: format.
1.69 jmc 4385: .It Timeout
4386: The timeout, in seconds.
4387: .It Verify return code
4388: The return code when a certificate is verified.
1.1 jsing 4389: .El
4390: .Pp
4391: Since the SSL session output contains the master key, it is possible to read
4392: the contents of an encrypted session using this information.
4393: Therefore appropriate security precautions
4394: should be taken if the information is being output by a
4395: .Qq real
4396: application.
4397: This is, however, strongly discouraged and should only be used for
4398: debugging purposes.
4399: .Sh SMIME
4400: .nr nS 1
4401: .Nm "openssl smime"
4402: .Oo
4403: .Fl aes128 | aes192 | aes256 | des |
4404: .Fl des3 | rc2-40 | rc2-64 | rc2-128
4405: .Oc
4406: .Op Fl binary
4407: .Op Fl CAfile Ar file
4408: .Op Fl CApath Ar directory
4409: .Op Fl certfile Ar file
4410: .Op Fl check_ss_sig
4411: .Op Fl content Ar file
4412: .Op Fl crl_check
4413: .Op Fl crl_check_all
4414: .Op Fl decrypt
4415: .Op Fl encrypt
4416: .Op Fl extended_crl
4417: .Op Fl from Ar addr
4418: .Op Fl ignore_critical
4419: .Op Fl in Ar file
4420: .Op Fl indef
1.70 jmc 4421: .Op Fl inform Cm der | pem | smime
1.1 jsing 4422: .Op Fl inkey Ar file
4423: .Op Fl issuer_checks
1.112 inoguchi 4424: .Op Fl keyform Cm der | pem
1.1 jsing 4425: .Op Fl md Ar digest
4426: .Op Fl noattr
4427: .Op Fl nocerts
4428: .Op Fl nochain
4429: .Op Fl nodetach
4430: .Op Fl noindef
4431: .Op Fl nointern
4432: .Op Fl nosigs
1.108 inoguchi 4433: .Op Fl nosmimecap
1.1 jsing 4434: .Op Fl noverify
4435: .Op Fl out Ar file
1.70 jmc 4436: .Op Fl outform Cm der | pem | smime
1.1 jsing 4437: .Op Fl passin Ar arg
4438: .Op Fl pk7out
4439: .Op Fl policy_check
4440: .Op Fl recip Ar file
4441: .Op Fl resign
4442: .Op Fl sign
4443: .Op Fl signer Ar file
4444: .Op Fl stream
4445: .Op Fl subject Ar s
4446: .Op Fl text
4447: .Op Fl to Ar addr
4448: .Op Fl verify
4449: .Op Fl x509_strict
4450: .Op Ar cert.pem ...
4451: .nr nS 0
4452: .Pp
4453: The
4454: .Nm smime
1.70 jmc 4455: command handles S/MIME mail.
4456: It can encrypt, decrypt, sign, and verify S/MIME messages.
4457: .Pp
4458: The MIME message must be sent without any blank lines between the
4459: headers and the output.
4460: Some mail programs will automatically add a blank line.
4461: Piping the mail directly to an MTA is one way to
4462: achieve the correct format.
4463: .Pp
4464: The supplied message to be signed or encrypted must include the necessary
4465: MIME headers or many S/MIME clients won't display it properly (if at all).
4466: Use the
4467: .Fl text
4468: option to automatically add plain text headers.
1.1 jsing 4469: .Pp
1.70 jmc 4470: A
4471: .Qq signed and encrypted
4472: message is one where a signed message is then encrypted.
4473: This can be produced by encrypting an already signed message.
1.1 jsing 4474: .Pp
1.70 jmc 4475: There are a number of operations that can be performed, as follows:
1.1 jsing 4476: .Bl -tag -width "XXXX"
4477: .It Fl decrypt
4478: Decrypt mail using the supplied certificate and private key.
1.70 jmc 4479: The input file is an encrypted mail message in MIME format.
1.1 jsing 4480: The decrypted mail is written to the output file.
4481: .It Fl encrypt
4482: Encrypt mail for the given recipient certificates.
1.70 jmc 4483: The input is the message to be encrypted.
4484: The output file is the encrypted mail, in MIME format.
1.1 jsing 4485: .It Fl pk7out
1.70 jmc 4486: Take an input message and write out a PEM-encoded PKCS#7 structure.
1.1 jsing 4487: .It Fl resign
4488: Resign a message: take an existing message and one or more new signers.
4489: .It Fl sign
4490: Sign mail using the supplied certificate and private key.
1.70 jmc 4491: The input file is the message to be signed.
4492: The signed message, in MIME format, is written to the output file.
1.1 jsing 4493: .It Fl verify
4494: Verify signed mail.
1.70 jmc 4495: The input is a signed mail message and the output is the signed data.
1.1 jsing 4496: Both clear text and opaque signing is supported.
4497: .El
4498: .Pp
1.14 jmc 4499: The remaining options are as follows:
1.1 jsing 4500: .Bl -tag -width "XXXX"
4501: .It Xo
4502: .Fl aes128 | aes192 | aes256 | des |
4503: .Fl des3 | rc2-40 | rc2-64 | rc2-128
4504: .Xc
4505: The encryption algorithm to use.
1.70 jmc 4506: 128-, 192-, or 256-bit AES, DES (56 bits), triple DES (168 bits),
1.1 jsing 4507: or 40-, 64-, or 128-bit RC2, respectively;
4508: if not specified, 40-bit RC2 is
4509: used.
4510: Only used with
4511: .Fl encrypt .
4512: .It Fl binary
4513: Normally, the input message is converted to
4514: .Qq canonical
1.70 jmc 4515: format which uses CR/LF as end of line,
4516: as required by the S/MIME specification.
1.1 jsing 4517: When this option is present no translation occurs.
1.70 jmc 4518: This is useful when handling binary data which may not be in MIME format.
1.1 jsing 4519: .It Fl CAfile Ar file
4520: A
4521: .Ar file
4522: containing trusted CA certificates; only used with
4523: .Fl verify .
4524: .It Fl CApath Ar directory
4525: A
4526: .Ar directory
4527: containing trusted CA certificates; only used with
4528: .Fl verify .
4529: This directory must be a standard certificate directory:
4530: that is, a hash of each subject name (using
4531: .Nm x509 -hash )
4532: should be linked to each certificate.
4533: .It Ar cert.pem ...
4534: One or more certificates of message recipients: used when encrypting
4535: a message.
4536: .It Fl certfile Ar file
4537: Allows additional certificates to be specified.
4538: When signing, these will be included with the message.
4539: When verifying, these will be searched for the signers' certificates.
4540: The certificates should be in PEM format.
4541: .It Xo
4542: .Fl check_ss_sig ,
4543: .Fl crl_check ,
4544: .Fl crl_check_all ,
4545: .Fl extended_crl ,
4546: .Fl ignore_critical ,
4547: .Fl issuer_checks ,
4548: .Fl policy_check ,
4549: .Fl x509_strict
4550: .Xc
4551: Set various certificate chain validation options.
4552: See the
1.70 jmc 4553: .Nm verify
1.1 jsing 4554: command for details.
4555: .It Fl content Ar file
1.70 jmc 4556: A file containing the detached content.
1.1 jsing 4557: This is only useful with the
4558: .Fl verify
1.70 jmc 4559: option,
4560: and only usable if the PKCS#7 structure is using the detached
1.1 jsing 4561: signature form where the content is not included.
1.70 jmc 4562: This option will override any content if the input format is S/MIME
4563: and it uses the multipart/signed MIME content type.
1.1 jsing 4564: .It Xo
4565: .Fl from Ar addr ,
4566: .Fl subject Ar s ,
4567: .Fl to Ar addr
4568: .Xc
4569: The relevant mail headers.
4570: These are included outside the signed
4571: portion of a message so they may be included manually.
1.70 jmc 4572: When signing, many S/MIME
1.1 jsing 4573: mail clients check that the signer's certificate email
4574: address matches the From: address.
4575: .It Fl in Ar file
1.70 jmc 4576: The input file to read from.
1.1 jsing 4577: .It Fl indef
4578: Enable streaming I/O for encoding operations.
4579: This permits single pass processing of data without
4580: the need to hold the entire contents in memory,
4581: potentially supporting very large files.
4582: Streaming is automatically set for S/MIME signing with detached
4583: data if the output format is SMIME;
4584: it is currently off by default for all other operations.
1.70 jmc 4585: .It Fl inform Cm der | pem | smime
4586: The input format.
1.1 jsing 4587: .It Fl inkey Ar file
1.70 jmc 4588: The private key to use when signing or decrypting,
4589: which must match the corresponding certificate.
1.1 jsing 4590: If this option is not specified, the private key must be included
4591: in the certificate file specified with
4592: the
4593: .Fl recip
4594: or
4595: .Fl signer
4596: file.
4597: When signing,
4598: this option can be used multiple times to specify successive keys.
1.112 inoguchi 4599: .It Fl keyform Cm der | pem
1.1 jsing 4600: Input private key format.
1.112 inoguchi 4601: The default is
4602: .Cm pem .
1.1 jsing 4603: .It Fl md Ar digest
4604: The digest algorithm to use when signing or resigning.
4605: If not present then the default digest algorithm for the signing key is used
4606: (usually SHA1).
4607: .It Fl noattr
1.70 jmc 4608: Do not include attributes.
1.1 jsing 4609: .It Fl nocerts
1.70 jmc 4610: Do not include the signer's certificate.
1.1 jsing 4611: This will reduce the size of the signed message but the verifier must
4612: have a copy of the signer's certificate available locally (passed using the
4613: .Fl certfile
4614: option, for example).
4615: .It Fl nochain
4616: Do not do chain verification of signers' certificates: that is,
4617: don't use the certificates in the signed message as untrusted CAs.
4618: .It Fl nodetach
4619: When signing a message use opaque signing: this form is more resistant
4620: to translation by mail relays but it cannot be read by mail agents that
1.70 jmc 4621: do not support S/MIME.
4622: Without this option cleartext signing with the MIME type
4623: multipart/signed is used.
1.1 jsing 4624: .It Fl noindef
1.70 jmc 4625: Disable streaming I/O where it would produce an encoding of indefinite length
4626: (currently has no effect).
1.1 jsing 4627: .It Fl nointern
1.70 jmc 4628: Only use certificates specified in the
4629: .Fl certfile .
4630: The supplied certificates can still be used as untrusted CAs.
1.1 jsing 4631: .It Fl nosigs
1.70 jmc 4632: Do not try to verify the signatures on the message.
1.108 inoguchi 4633: .It Fl nosmimecap
4634: Exclude the list of supported algorithms from signed attributes,
4635: other options such as signing time and content type are still included.
1.1 jsing 4636: .It Fl noverify
4637: Do not verify the signer's certificate of a signed message.
4638: .It Fl out Ar file
1.70 jmc 4639: The output file to write to.
4640: .It Fl outform Cm der | pem | smime
4641: The output format.
4642: The default is smime, which writes an S/MIME format message.
4643: .Cm pem
1.1 jsing 4644: and
1.70 jmc 4645: .Cm der
4646: change this to write PEM and DER format PKCS#7 structures instead.
1.1 jsing 4647: This currently only affects the output format of the PKCS#7
4648: structure; if no PKCS#7 structure is being output (for example with
4649: .Fl verify
4650: or
4651: .Fl decrypt )
4652: this option has no effect.
4653: .It Fl passin Ar arg
4654: The key password source.
4655: .It Fl recip Ar file
4656: The recipients certificate when decrypting a message.
4657: This certificate
4658: must match one of the recipients of the message or an error occurs.
4659: .It Fl signer Ar file
4660: A signing certificate when signing or resigning a message;
4661: this option can be used multiple times if more than one signer is required.
4662: If a message is being verified, the signer's certificates will be
4663: written to this file if the verification was successful.
4664: .It Fl stream
4665: The same as
4666: .Fl indef .
4667: .It Fl text
1.70 jmc 4668: Add plain text (text/plain) MIME
1.1 jsing 4669: headers to the supplied message if encrypting or signing.
4670: If decrypting or verifying, it strips off text headers:
1.70 jmc 4671: if the decrypted or verified message is not of MIME type text/plain
4672: then an error occurs.
1.1 jsing 4673: .El
4674: .Pp
1.70 jmc 4675: The exit codes for
4676: .Nm smime
4677: are as follows:
1.1 jsing 4678: .Pp
1.70 jmc 4679: .Bl -tag -width "XXXX" -offset 3n -compact
4680: .It 0
1.1 jsing 4681: The operation was completely successful.
1.70 jmc 4682: .It 1
1.1 jsing 4683: An error occurred parsing the command options.
1.70 jmc 4684: .It 2
1.1 jsing 4685: One of the input files could not be read.
1.70 jmc 4686: .It 3
4687: An error occurred creating the file or when reading the message.
4688: .It 4
1.1 jsing 4689: An error occurred decrypting or verifying the message.
1.70 jmc 4690: .It 5
4691: An error occurred writing certificates.
1.1 jsing 4692: .El
4693: .Sh SPEED
4694: .nr nS 1
4695: .Nm "openssl speed"
1.71 jmc 4696: .Op Ar algorithm
1.1 jsing 4697: .Op Fl decrypt
4698: .Op Fl elapsed
1.71 jmc 4699: .Op Fl evp Ar algorithm
1.1 jsing 4700: .Op Fl mr
4701: .Op Fl multi Ar number
4702: .nr nS 0
4703: .Pp
4704: The
4705: .Nm speed
4706: command is used to test the performance of cryptographic algorithms.
4707: .Bl -tag -width "XXXX"
1.71 jmc 4708: .It Ar algorithm
4709: Perform the test using
4710: .Ar algorithm .
4711: The default is to test all algorithms.
1.1 jsing 4712: .It Fl decrypt
1.71 jmc 4713: Time decryption instead of encryption;
4714: must be used with
4715: .Fl evp .
1.1 jsing 4716: .It Fl elapsed
4717: Measure time in real time instead of CPU user time.
1.71 jmc 4718: .It Fl evp Ar algorithm
4719: Perform the test using one of the algorithms accepted by
4720: .Xr EVP_get_cipherbyname 3 .
1.1 jsing 4721: .It Fl mr
4722: Produce machine readable output.
4723: .It Fl multi Ar number
4724: Run
4725: .Ar number
4726: benchmarks in parallel.
4727: .El
1.77 jmc 4728: .Sh SPKAC
4729: .nr nS 1
4730: .Nm "openssl spkac"
4731: .Op Fl challenge Ar string
4732: .Op Fl in Ar file
4733: .Op Fl key Ar keyfile
4734: .Op Fl noout
4735: .Op Fl out Ar file
4736: .Op Fl passin Ar arg
4737: .Op Fl pubkey
4738: .Op Fl spkac Ar spkacname
4739: .Op Fl spksect Ar section
4740: .Op Fl verify
4741: .nr nS 0
4742: .Pp
4743: The
4744: .Nm spkac
4745: command processes signed public key and challenge (SPKAC) files.
4746: It can print out their contents, verify the signature,
4747: and produce its own SPKACs from a supplied private key.
4748: .Pp
4749: The options are as follows:
4750: .Bl -tag -width Ds
4751: .It Fl challenge Ar string
4752: The challenge string, if an SPKAC is being created.
4753: .It Fl in Ar file
4754: The input file to read from,
4755: or standard input if not specified.
4756: Ignored if the
4757: .Fl key
4758: option is used.
4759: .It Fl key Ar keyfile
4760: Create an SPKAC file using the private key in
4761: .Ar keyfile .
4762: The
4763: .Fl in , noout , spksect ,
4764: and
4765: .Fl verify
4766: options are ignored, if present.
4767: .It Fl noout
4768: Do not output the text version of the SPKAC.
4769: .It Fl out Ar file
4770: The output file to write to,
4771: or standard output if not specified.
4772: .It Fl passin Ar arg
4773: The key password source.
4774: .It Fl pubkey
4775: Output the public key of an SPKAC.
4776: .It Fl spkac Ar spkacname
4777: An alternative name for the variable containing the SPKAC.
4778: The default is "SPKAC".
4779: This option affects both generated and input SPKAC files.
4780: .It Fl spksect Ar section
4781: An alternative name for the
4782: .Ar section
4783: containing the SPKAC.
4784: .It Fl verify
4785: Verify the digital signature on the supplied SPKAC.
4786: .El
1.1 jsing 4787: .Sh TS
4788: .nr nS 1
4789: .Nm "openssl ts"
4790: .Fl query
1.29 bcook 4791: .Op Fl md4 | md5 | ripemd160 | sha1
1.1 jsing 4792: .Op Fl cert
4793: .Op Fl config Ar configfile
4794: .Op Fl data Ar file_to_hash
4795: .Op Fl digest Ar digest_bytes
4796: .Op Fl in Ar request.tsq
4797: .Op Fl no_nonce
4798: .Op Fl out Ar request.tsq
4799: .Op Fl policy Ar object_id
4800: .Op Fl text
4801: .nr nS 0
4802: .Pp
4803: .nr nS 1
4804: .Nm "openssl ts"
4805: .Fl reply
4806: .Op Fl chain Ar certs_file.pem
4807: .Op Fl config Ar configfile
4808: .Op Fl in Ar response.tsr
4809: .Op Fl inkey Ar private.pem
4810: .Op Fl out Ar response.tsr
4811: .Op Fl passin Ar arg
4812: .Op Fl policy Ar object_id
4813: .Op Fl queryfile Ar request.tsq
4814: .Op Fl section Ar tsa_section
4815: .Op Fl signer Ar tsa_cert.pem
4816: .Op Fl text
4817: .Op Fl token_in
4818: .Op Fl token_out
4819: .nr nS 0
4820: .Pp
4821: .nr nS 1
4822: .Nm "openssl ts"
4823: .Fl verify
4824: .Op Fl CAfile Ar trusted_certs.pem
4825: .Op Fl CApath Ar trusted_cert_path
4826: .Op Fl data Ar file_to_hash
4827: .Op Fl digest Ar digest_bytes
4828: .Op Fl in Ar response.tsr
4829: .Op Fl queryfile Ar request.tsq
4830: .Op Fl token_in
4831: .Op Fl untrusted Ar cert_file.pem
4832: .nr nS 0
4833: .Pp
4834: The
4835: .Nm ts
4836: command is a basic Time Stamping Authority (TSA) client and server
4837: application as specified in RFC 3161 (Time-Stamp Protocol, TSP).
4838: A TSA can be part of a PKI deployment and its role is to provide long
1.72 jmc 4839: term proof of the existence of specific data.
1.1 jsing 4840: Here is a brief description of the protocol:
4841: .Bl -enum
4842: .It
4843: The TSA client computes a one-way hash value for a data file and sends
4844: the hash to the TSA.
4845: .It
4846: The TSA attaches the current date and time to the received hash value,
4847: signs them and sends the time stamp token back to the client.
4848: By creating this token the TSA certifies the existence of the original
4849: data file at the time of response generation.
4850: .It
4851: The TSA client receives the time stamp token and verifies the
4852: signature on it.
4853: It also checks if the token contains the same hash
4854: value that it had sent to the TSA.
4855: .El
4856: .Pp
4857: There is one DER-encoded protocol data unit defined for transporting a time
4858: stamp request to the TSA and one for sending the time stamp response
4859: back to the client.
4860: The
4861: .Nm ts
4862: command has three main functions:
4863: creating a time stamp request based on a data file;
4864: creating a time stamp response based on a request;
4865: and verifying if a response corresponds
4866: to a particular request or a data file.
4867: .Pp
4868: There is no support for sending the requests/responses automatically
4869: over HTTP or TCP yet as suggested in RFC 3161.
4870: Users must send the requests either by FTP or email.
4871: .Pp
4872: The
4873: .Fl query
4874: switch can be used for creating and printing a time stamp
4875: request with the following options:
4876: .Bl -tag -width Ds
4877: .It Fl cert
1.72 jmc 4878: Expect the TSA to include its signing certificate in the response.
1.1 jsing 4879: .It Fl config Ar configfile
1.72 jmc 4880: Specify an alternative configuration file.
4881: Only the OID section is used.
1.1 jsing 4882: .It Fl data Ar file_to_hash
4883: The data file for which the time stamp request needs to be created.
1.72 jmc 4884: The default is standard input.
1.1 jsing 4885: .It Fl digest Ar digest_bytes
1.72 jmc 4886: Specify the message imprint explicitly without the data file.
1.1 jsing 4887: The imprint must be specified in a hexadecimal format,
4888: two characters per byte,
1.72 jmc 4889: the bytes optionally separated by colons.
1.1 jsing 4890: The number of bytes must match the message digest algorithm in use.
4891: .It Fl in Ar request.tsq
1.72 jmc 4892: A previously created time stamp request in DER
1.1 jsing 4893: format that will be printed into the output file.
1.72 jmc 4894: Useful for examining the content of a request in human-readable format.
1.76 jmc 4895: .It Fl md4 | md5 | ripemd160 | sha | sha1
1.1 jsing 4896: The message digest to apply to the data file.
4897: It supports all the message digest algorithms that are supported by the
4898: .Nm dgst
4899: command.
4900: The default is SHA-1.
4901: .It Fl no_nonce
1.72 jmc 4902: Specify no nonce in the request.
4903: The default, to include a 64-bit long pseudo-random nonce,
4904: is recommended to protect against replay attacks.
1.1 jsing 4905: .It Fl out Ar request.tsq
1.72 jmc 4906: The output file to write to,
4907: or standard output if not specified.
1.1 jsing 4908: .It Fl policy Ar object_id
4909: The policy that the client expects the TSA to use for creating the
4910: time stamp token.
1.72 jmc 4911: Either dotted OID notation or OID names defined
1.1 jsing 4912: in the config file can be used.
1.72 jmc 4913: If no policy is requested the TSA uses its own default policy.
1.1 jsing 4914: .It Fl text
1.72 jmc 4915: Output in human-readable text format instead of DER.
1.1 jsing 4916: .El
4917: .Pp
4918: A time stamp response (TimeStampResp) consists of a response status
4919: and the time stamp token itself (ContentInfo),
4920: if the token generation was successful.
4921: The
4922: .Fl reply
4923: command is for creating a time stamp
4924: response or time stamp token based on a request and printing the
4925: response/token in human-readable format.
4926: If
4927: .Fl token_out
4928: is not specified the output is always a time stamp response (TimeStampResp),
4929: otherwise it is a time stamp token (ContentInfo).
4930: .Bl -tag -width Ds
4931: .It Fl chain Ar certs_file.pem
1.72 jmc 4932: The collection of PEM certificates
1.1 jsing 4933: that will be included in the response
4934: in addition to the signer certificate if the
4935: .Fl cert
4936: option was used for the request.
4937: This file is supposed to contain the certificate chain
4938: for the signer certificate from its issuer upwards.
4939: The
4940: .Fl reply
4941: command does not build a certificate chain automatically.
4942: .It Fl config Ar configfile
1.72 jmc 4943: Specify an alternative configuration file.
1.1 jsing 4944: .It Fl in Ar response.tsr
1.72 jmc 4945: Specify a previously created time stamp response (or time stamp token, if
1.1 jsing 4946: .Fl token_in
1.72 jmc 4947: is also specified)
1.1 jsing 4948: in DER format that will be written to the output file.
4949: This option does not require a request;
4950: it is useful, for example,
1.72 jmc 4951: to examine the content of a response or token
4952: or to extract the time stamp token from a response.
1.1 jsing 4953: If the input is a token and the output is a time stamp response a default
1.72 jmc 4954: .Qq granted
1.1 jsing 4955: status info is added to the token.
4956: .It Fl inkey Ar private.pem
4957: The signer private key of the TSA in PEM format.
4958: Overrides the
4959: .Cm signer_key
4960: config file option.
4961: .It Fl out Ar response.tsr
4962: The response is written to this file.
4963: The format and content of the file depends on other options (see
4964: .Fl text
4965: and
4966: .Fl token_out ) .
4967: The default is stdout.
4968: .It Fl passin Ar arg
4969: The key password source.
4970: .It Fl policy Ar object_id
1.72 jmc 4971: The default policy to use for the response.
4972: Either dotted OID notation or OID names defined
4973: in the config file can be used.
4974: If no policy is requested the TSA uses its own default policy.
1.1 jsing 4975: .It Fl queryfile Ar request.tsq
1.72 jmc 4976: The file containing a DER-encoded time stamp request.
1.1 jsing 4977: .It Fl section Ar tsa_section
1.72 jmc 4978: The config file section containing the settings for response generation.
1.1 jsing 4979: .It Fl signer Ar tsa_cert.pem
1.72 jmc 4980: The PEM signer certificate of the TSA.
1.1 jsing 4981: The TSA signing certificate must have exactly one extended key usage
4982: assigned to it: timeStamping.
4983: The extended key usage must also be critical,
4984: otherwise the certificate is going to be refused.
4985: Overrides the
4986: .Cm signer_cert
4987: variable of the config file.
4988: .It Fl text
1.72 jmc 4989: Output in human-readable text format instead of DER.
1.1 jsing 4990: .It Fl token_in
1.72 jmc 4991: The input is a DER-encoded time stamp token (ContentInfo)
4992: instead of a time stamp response (TimeStampResp).
1.1 jsing 4993: .It Fl token_out
1.72 jmc 4994: The output is a time stamp token (ContentInfo)
4995: instead of a time stamp response (TimeStampResp).
1.1 jsing 4996: .El
4997: .Pp
4998: The
4999: .Fl verify
5000: command is for verifying if a time stamp response or time stamp token
5001: is valid and matches a particular time stamp request or data file.
5002: The
5003: .Fl verify
5004: command does not use the configuration file.
5005: .Bl -tag -width Ds
5006: .It Fl CAfile Ar trusted_certs.pem
1.72 jmc 5007: The file containing a set of trusted self-signed PEM CA certificates.
5008: See
1.1 jsing 5009: .Nm verify
5010: for additional details.
5011: Either this option or
5012: .Fl CApath
5013: must be specified.
5014: .It Fl CApath Ar trusted_cert_path
1.112 inoguchi 5015: The directory containing the trusted CA certificates of the client.
1.72 jmc 5016: See
1.1 jsing 5017: .Nm verify
5018: for additional details.
5019: Either this option or
5020: .Fl CAfile
5021: must be specified.
5022: .It Fl data Ar file_to_hash
5023: The response or token must be verified against
5024: .Ar file_to_hash .
5025: The file is hashed with the message digest algorithm specified in the token.
5026: The
5027: .Fl digest
5028: and
5029: .Fl queryfile
5030: options must not be specified with this one.
5031: .It Fl digest Ar digest_bytes
5032: The response or token must be verified against the message digest specified
5033: with this option.
5034: The number of bytes must match the message digest algorithm
5035: specified in the token.
5036: The
5037: .Fl data
5038: and
5039: .Fl queryfile
5040: options must not be specified with this one.
5041: .It Fl in Ar response.tsr
5042: The time stamp response that needs to be verified, in DER format.
5043: This option in mandatory.
5044: .It Fl queryfile Ar request.tsq
5045: The original time stamp request, in DER format.
5046: The
5047: .Fl data
5048: and
5049: .Fl digest
5050: options must not be specified with this one.
5051: .It Fl token_in
1.72 jmc 5052: The input is a DER-encoded time stamp token (ContentInfo)
5053: instead of a time stamp response (TimeStampResp).
1.1 jsing 5054: .It Fl untrusted Ar cert_file.pem
1.72 jmc 5055: Additional untrusted PEM certificates which may be needed
5056: when building the certificate chain for the TSA's signing certificate.
1.1 jsing 5057: This file must contain the TSA signing certificate and
5058: all intermediate CA certificates unless the response includes them.
5059: .El
5060: .Pp
1.72 jmc 5061: Options specified on the command line always override
5062: the settings in the config file:
1.1 jsing 5063: .Bl -tag -width Ds
5064: .It Cm tsa Ar section , Cm default_tsa
5065: This is the main section and it specifies the name of another section
5066: that contains all the options for the
5067: .Fl reply
5068: option.
1.72 jmc 5069: This section can be overridden with the
1.1 jsing 5070: .Fl section
5071: command line switch.
5072: .It Cm oid_file
5073: See
5074: .Nm ca
5075: for a description.
5076: .It Cm oid_section
5077: See
5078: .Nm ca
5079: for a description.
5080: .It Cm serial
1.72 jmc 5081: The file containing the hexadecimal serial number of the
1.1 jsing 5082: last time stamp response created.
5083: This number is incremented by 1 for each response.
1.72 jmc 5084: If the file does not exist at the time of response generation
5085: a new file is created with serial number 1.
1.1 jsing 5086: This parameter is mandatory.
5087: .It Cm signer_cert
5088: TSA signing certificate, in PEM format.
5089: The same as the
5090: .Fl signer
5091: command line option.
5092: .It Cm certs
1.72 jmc 5093: A set of PEM-encoded certificates that need to be
1.1 jsing 5094: included in the response.
5095: The same as the
5096: .Fl chain
5097: command line option.
5098: .It Cm signer_key
5099: The private key of the TSA, in PEM format.
5100: The same as the
5101: .Fl inkey
5102: command line option.
5103: .It Cm default_policy
5104: The default policy to use when the request does not mandate any policy.
5105: The same as the
5106: .Fl policy
5107: command line option.
5108: .It Cm other_policies
5109: Comma separated list of policies that are also acceptable by the TSA
5110: and used only if the request explicitly specifies one of them.
5111: .It Cm digests
5112: The list of message digest algorithms that the TSA accepts.
5113: At least one algorithm must be specified.
5114: This parameter is mandatory.
5115: .It Cm accuracy
5116: The accuracy of the time source of the TSA in seconds, milliseconds
5117: and microseconds.
5118: For example, secs:1, millisecs:500, microsecs:100.
5119: If any of the components is missing,
5120: zero is assumed for that field.
5121: .It Cm clock_precision_digits
1.72 jmc 5122: The maximum number of digits, which represent the fraction of seconds,
5123: that need to be included in the time field.
1.1 jsing 5124: The trailing zeroes must be removed from the time,
1.72 jmc 5125: so there might actually be fewer digits
1.1 jsing 5126: or no fraction of seconds at all.
5127: The maximum value is 6;
5128: the default is 0.
5129: .It Cm ordering
5130: If this option is yes,
5131: the responses generated by this TSA can always be ordered,
5132: even if the time difference between two responses is less
5133: than the sum of their accuracies.
5134: The default is no.
5135: .It Cm tsa_name
5136: Set this option to yes if the subject name of the TSA must be included in
5137: the TSA name field of the response.
5138: The default is no.
5139: .It Cm ess_cert_id_chain
5140: The SignedData objects created by the TSA always contain the
5141: certificate identifier of the signing certificate in a signed
5142: attribute (see RFC 2634, Enhanced Security Services).
5143: If this option is set to yes and either the
5144: .Cm certs
5145: variable or the
5146: .Fl chain
5147: option is specified then the certificate identifiers of the chain will also
5148: be included in the SigningCertificate signed attribute.
5149: If this variable is set to no,
5150: only the signing certificate identifier is included.
5151: The default is no.
5152: .El
5153: .Sh VERIFY
5154: .nr nS 1
5155: .Nm "openssl verify"
5156: .Op Fl CAfile Ar file
5157: .Op Fl CApath Ar directory
5158: .Op Fl check_ss_sig
1.107 inoguchi 5159: .Op Fl CRLfile Ar file
1.1 jsing 5160: .Op Fl crl_check
5161: .Op Fl crl_check_all
5162: .Op Fl explicit_policy
5163: .Op Fl extended_crl
5164: .Op Fl help
5165: .Op Fl ignore_critical
5166: .Op Fl inhibit_any
5167: .Op Fl inhibit_map
5168: .Op Fl issuer_checks
5169: .Op Fl policy_check
5170: .Op Fl purpose Ar purpose
1.107 inoguchi 5171: .Op Fl trusted Ar file
1.1 jsing 5172: .Op Fl untrusted Ar file
5173: .Op Fl verbose
5174: .Op Fl x509_strict
5175: .Op Ar certificates
5176: .nr nS 0
5177: .Pp
5178: The
5179: .Nm verify
5180: command verifies certificate chains.
5181: .Pp
5182: The options are as follows:
5183: .Bl -tag -width Ds
5184: .It Fl CAfile Ar file
5185: A
5186: .Ar file
5187: of trusted certificates.
5188: The
5189: .Ar file
5190: should contain multiple certificates in PEM format, concatenated together.
5191: .It Fl CApath Ar directory
5192: A
5193: .Ar directory
5194: of trusted certificates.
1.76 jmc 5195: The certificates, or symbolic links to them,
5196: should have names of the form
5197: .Ar hash Ns .0 ,
5198: where
5199: .Ar hash
5200: is the hashed certificate subject name
5201: (see the
1.1 jsing 5202: .Fl hash
5203: option of the
5204: .Nm x509
5205: utility).
1.107 inoguchi 5206: .It Fl check_ss_sig
5207: Verify the signature on the self-signed root CA.
5208: This is disabled by default
5209: because it doesn't add any security.
5210: .It Fl CRLfile Ar file
5211: The
5212: .Ar file
5213: should contain one or more CRLs in PEM format.
1.1 jsing 5214: .It Fl crl_check
1.76 jmc 5215: Check end entity certificate validity by attempting to look up a valid CRL.
1.1 jsing 5216: If a valid CRL cannot be found an error occurs.
5217: .It Fl crl_check_all
1.76 jmc 5218: Check the validity of all certificates in the chain by attempting
1.1 jsing 5219: to look up valid CRLs.
5220: .It Fl explicit_policy
1.76 jmc 5221: Set policy variable require-explicit-policy (RFC 3280).
1.1 jsing 5222: .It Fl extended_crl
5223: Enable extended CRL features such as indirect CRLs and alternate CRL
5224: signing keys.
5225: .It Fl help
1.76 jmc 5226: Print a usage message.
1.1 jsing 5227: .It Fl ignore_critical
1.76 jmc 5228: Ignore critical extensions instead of rejecting the certificate.
1.1 jsing 5229: .It Fl inhibit_any
1.76 jmc 5230: Set policy variable inhibit-any-policy (RFC 3280).
1.1 jsing 5231: .It Fl inhibit_map
1.76 jmc 5232: Set policy variable inhibit-policy-mapping (RFC 3280).
1.1 jsing 5233: .It Fl issuer_checks
1.76 jmc 5234: Print diagnostics relating to searches for the issuer certificate
5235: of the current certificate
5236: showing why each candidate issuer certificate was rejected.
5237: The presence of rejection messages
5238: does not itself imply that anything is wrong:
5239: during the normal verify process several rejections may take place.
1.1 jsing 5240: .It Fl policy_check
1.76 jmc 5241: Enable certificate policy processing.
1.1 jsing 5242: .It Fl purpose Ar purpose
5243: The intended use for the certificate.
5244: Without this option no chain verification will be done.
5245: Currently accepted uses are
1.76 jmc 5246: .Cm sslclient , sslserver ,
5247: .Cm nssslserver , smimesign ,
5248: .Cm smimeencrypt , crlsign ,
5249: .Cm any ,
1.1 jsing 5250: and
1.76 jmc 5251: .Cm ocsphelper .
1.107 inoguchi 5252: .It Fl trusted Ar file
5253: A
5254: .Ar file
5255: of trusted certificates.
5256: The
5257: .Ar file
5258: should contain multiple certificates.
1.1 jsing 5259: .It Fl untrusted Ar file
5260: A
5261: .Ar file
5262: of untrusted certificates.
5263: The
5264: .Ar file
5265: should contain multiple certificates.
5266: .It Fl verbose
5267: Print extra information about the operations being performed.
5268: .It Fl x509_strict
5269: Disable workarounds for broken certificates which have to be disabled
5270: for strict X.509 compliance.
5271: .It Ar certificates
1.76 jmc 5272: One or more PEM
1.1 jsing 5273: .Ar certificates
5274: to verify.
5275: If no certificate files are included, an attempt is made to read
5276: a certificate from standard input.
1.76 jmc 5277: If the first certificate filename begins with a dash,
5278: use a lone dash to mark the last option.
1.1 jsing 5279: .El
1.76 jmc 5280: .Pp
1.1 jsing 5281: The
5282: .Nm verify
5283: program uses the same functions as the internal SSL and S/MIME verification,
1.76 jmc 5284: with one crucial difference:
5285: wherever possible an attempt is made to continue after an error,
5286: whereas normally the verify operation would halt on the first error.
1.1 jsing 5287: This allows all the problems with a certificate chain to be determined.
5288: .Pp
1.76 jmc 5289: The verify operation consists of a number of separate steps.
1.1 jsing 5290: Firstly a certificate chain is built up starting from the supplied certificate
5291: and ending in the root CA.
5292: It is an error if the whole chain cannot be built up.
5293: The chain is built up by looking up the issuer's certificate of the current
5294: certificate.
5295: If a certificate is found which is its own issuer, it is assumed
5296: to be the root CA.
5297: .Pp
1.76 jmc 5298: All certificates whose subject name matches the issuer name
1.1 jsing 5299: of the current certificate are subject to further tests.
5300: The relevant authority key identifier components of the current certificate
1.76 jmc 5301: (if present) must match the subject key identifier (if present)
5302: and issuer and serial number of the candidate issuer;
5303: in addition the
5304: .Cm keyUsage
5305: extension of the candidate issuer (if present) must permit certificate signing.
1.1 jsing 5306: .Pp
5307: The lookup first looks in the list of untrusted certificates and if no match
5308: is found the remaining lookups are from the trusted certificates.
1.76 jmc 5309: The root CA is always looked up in the trusted certificate list:
5310: if the certificate to verify is a root certificate,
5311: then an exact match must be found in the trusted list.
1.1 jsing 5312: .Pp
5313: The second operation is to check every untrusted certificate's extensions for
5314: consistency with the supplied purpose.
5315: If the
5316: .Fl purpose
5317: option is not included, then no checks are done.
5318: The supplied or
5319: .Qq leaf
5320: certificate must have extensions compatible with the supplied purpose
5321: and all other certificates must also be valid CA certificates.
5322: The precise extensions required are described in more detail in
5323: the
1.76 jmc 5324: .Nm X509
1.1 jsing 5325: section below.
5326: .Pp
5327: The third operation is to check the trust settings on the root CA.
5328: The root CA should be trusted for the supplied purpose.
1.76 jmc 5329: A certificate with no trust settings is considered to be valid for
1.1 jsing 5330: all purposes.
5331: .Pp
5332: The final operation is to check the validity of the certificate chain.
5333: The validity period is checked against the current system time and the
1.76 jmc 5334: .Cm notBefore
1.1 jsing 5335: and
1.76 jmc 5336: .Cm notAfter
1.1 jsing 5337: dates in the certificate.
5338: The certificate signatures are also checked at this point.
5339: .Pp
5340: If all operations complete successfully, the certificate is considered
5341: valid.
5342: If any operation fails then the certificate is not valid.
5343: When a verify operation fails, the output messages can be somewhat cryptic.
5344: The general form of the error message is:
1.76 jmc 5345: .Bd -literal
5346: server.pem: /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test CA (1024-bit)
5347: error 24 at 1 depth lookup:invalid CA certificate
1.1 jsing 5348: .Ed
5349: .Pp
5350: The first line contains the name of the certificate being verified, followed by
5351: the subject name of the certificate.
5352: The second line contains the error number and the depth.
5353: The depth is the number of the certificate being verified when a
5354: problem was detected starting with zero for the certificate being verified
5355: itself, then 1 for the CA that signed the certificate and so on.
5356: Finally a text version of the error number is presented.
5357: .Pp
5358: An exhaustive list of the error codes and messages is shown below; this also
5359: includes the name of the error code as defined in the header file
1.12 bentley 5360: .In openssl/x509_vfy.h .
1.76 jmc 5361: Some of the error codes are defined but never returned: these are described as
1.1 jsing 5362: .Qq unused .
5363: .Bl -tag -width "XXXX"
1.78 jmc 5364: .It 0 X509_V_OK
1.1 jsing 5365: The operation was successful.
1.78 jmc 5366: .It 2 X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT
5367: The issuer certificate of an untrusted certificate could not be found.
5368: .It 3 X509_V_ERR_UNABLE_TO_GET_CRL
1.1 jsing 5369: The CRL of a certificate could not be found.
1.78 jmc 5370: .It 4 X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE
1.1 jsing 5371: The certificate signature could not be decrypted.
1.78 jmc 5372: This means that the actual signature value could not be determined
5373: rather than it not matching the expected value.
1.1 jsing 5374: This is only meaningful for RSA keys.
1.78 jmc 5375: .It 5 X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE
5376: The CRL signature could not be decrypted.
5377: This means that the actual signature value could not be determined
5378: rather than it not matching the expected value.
1.1 jsing 5379: Unused.
1.78 jmc 5380: .It 6 X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY
1.1 jsing 5381: The public key in the certificate
1.76 jmc 5382: .Cm SubjectPublicKeyInfo
1.1 jsing 5383: could not be read.
1.78 jmc 5384: .It 7 X509_V_ERR_CERT_SIGNATURE_FAILURE
1.1 jsing 5385: The signature of the certificate is invalid.
1.78 jmc 5386: .It 8 X509_V_ERR_CRL_SIGNATURE_FAILURE
1.1 jsing 5387: The signature of the certificate is invalid.
1.78 jmc 5388: .It 9 X509_V_ERR_CERT_NOT_YET_VALID
1.1 jsing 5389: The certificate is not yet valid: the
1.76 jmc 5390: .Cm notBefore
1.1 jsing 5391: date is after the current time.
1.78 jmc 5392: .It 10 X509_V_ERR_CERT_HAS_EXPIRED
1.1 jsing 5393: The certificate has expired; that is, the
1.76 jmc 5394: .Cm notAfter
1.1 jsing 5395: date is before the current time.
1.78 jmc 5396: .It 11 X509_V_ERR_CRL_NOT_YET_VALID
1.1 jsing 5397: The CRL is not yet valid.
1.78 jmc 5398: .It 12 X509_V_ERR_CRL_HAS_EXPIRED
1.1 jsing 5399: The CRL has expired.
1.78 jmc 5400: .It 13 X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD
1.1 jsing 5401: The certificate
1.76 jmc 5402: .Cm notBefore
1.1 jsing 5403: field contains an invalid time.
1.78 jmc 5404: .It 14 X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD
1.1 jsing 5405: The certificate
1.76 jmc 5406: .Cm notAfter
1.1 jsing 5407: field contains an invalid time.
1.78 jmc 5408: .It 15 X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD
1.1 jsing 5409: The CRL
1.76 jmc 5410: .Cm lastUpdate
1.1 jsing 5411: field contains an invalid time.
1.78 jmc 5412: .It 16 X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD
1.1 jsing 5413: The CRL
1.76 jmc 5414: .Cm nextUpdate
1.1 jsing 5415: field contains an invalid time.
1.78 jmc 5416: .It 17 X509_V_ERR_OUT_OF_MEM
1.1 jsing 5417: An error occurred trying to allocate memory.
5418: This should never happen.
1.78 jmc 5419: .It 18 X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT
1.1 jsing 5420: The passed certificate is self-signed and the same certificate cannot be
5421: found in the list of trusted certificates.
1.78 jmc 5422: .It 19 X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN
1.1 jsing 5423: The certificate chain could be built up using the untrusted certificates but
5424: the root could not be found locally.
1.78 jmc 5425: .It 20 X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY
1.1 jsing 5426: The issuer certificate of a locally looked up certificate could not be found.
5427: This normally means the list of trusted certificates is not complete.
1.78 jmc 5428: .It 21 X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE
1.1 jsing 5429: No signatures could be verified because the chain contains only one
5430: certificate and it is not self-signed.
1.78 jmc 5431: .It 22 X509_V_ERR_CERT_CHAIN_TOO_LONG
1.1 jsing 5432: The certificate chain length is greater than the supplied maximum depth.
5433: Unused.
1.78 jmc 5434: .It 23 X509_V_ERR_CERT_REVOKED
1.1 jsing 5435: The certificate has been revoked.
1.78 jmc 5436: .It 24 X509_V_ERR_INVALID_CA
1.1 jsing 5437: A CA certificate is invalid.
5438: Either it is not a CA or its extensions are not consistent
5439: with the supplied purpose.
1.78 jmc 5440: .It 25 X509_V_ERR_PATH_LENGTH_EXCEEDED
1.1 jsing 5441: The
1.76 jmc 5442: .Cm basicConstraints
1.1 jsing 5443: pathlength parameter has been exceeded.
1.78 jmc 5444: .It 26 X509_V_ERR_INVALID_PURPOSE
1.1 jsing 5445: The supplied certificate cannot be used for the specified purpose.
1.78 jmc 5446: .It 27 X509_V_ERR_CERT_UNTRUSTED
1.1 jsing 5447: The root CA is not marked as trusted for the specified purpose.
1.78 jmc 5448: .It 28 X509_V_ERR_CERT_REJECTED
1.1 jsing 5449: The root CA is marked to reject the specified purpose.
1.78 jmc 5450: .It 29 X509_V_ERR_SUBJECT_ISSUER_MISMATCH
1.1 jsing 5451: The current candidate issuer certificate was rejected because its subject name
5452: did not match the issuer name of the current certificate.
5453: Only displayed when the
5454: .Fl issuer_checks
5455: option is set.
1.78 jmc 5456: .It 30 X509_V_ERR_AKID_SKID_MISMATCH
1.1 jsing 5457: The current candidate issuer certificate was rejected because its subject key
5458: identifier was present and did not match the authority key identifier current
5459: certificate.
5460: Only displayed when the
5461: .Fl issuer_checks
5462: option is set.
1.78 jmc 5463: .It 31 X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH
1.1 jsing 5464: The current candidate issuer certificate was rejected because its issuer name
5465: and serial number were present and did not match the authority key identifier
5466: of the current certificate.
5467: Only displayed when the
5468: .Fl issuer_checks
5469: option is set.
1.78 jmc 5470: .It 32 X509_V_ERR_KEYUSAGE_NO_CERTSIGN
1.1 jsing 5471: The current candidate issuer certificate was rejected because its
1.76 jmc 5472: .Cm keyUsage
1.1 jsing 5473: extension does not permit certificate signing.
1.78 jmc 5474: .It 50 X509_V_ERR_APPLICATION_VERIFICATION
1.1 jsing 5475: An application specific error.
5476: Unused.
5477: .El
5478: .Sh VERSION
5479: .Nm openssl version
5480: .Op Fl abdfopv
5481: .Pp
5482: The
5483: .Nm version
5484: command is used to print out version information about
1.79 jmc 5485: .Nm openssl .
1.1 jsing 5486: .Pp
5487: The options are as follows:
5488: .Bl -tag -width Ds
5489: .It Fl a
5490: All information: this is the same as setting all the other flags.
5491: .It Fl b
5492: The date the current version of
1.79 jmc 5493: .Nm openssl
1.1 jsing 5494: was built.
5495: .It Fl d
5496: .Ev OPENSSLDIR
5497: setting.
5498: .It Fl f
5499: Compilation flags.
5500: .It Fl o
5501: Option information: various options set when the library was built.
5502: .It Fl p
5503: Platform setting.
5504: .It Fl v
5505: The current
1.79 jmc 5506: .Nm openssl
1.1 jsing 5507: version.
5508: .El
5509: .Sh X509
5510: .nr nS 1
5511: .Nm "openssl x509"
5512: .Op Fl C
5513: .Op Fl addreject Ar arg
5514: .Op Fl addtrust Ar arg
5515: .Op Fl alias
5516: .Op Fl CA Ar file
5517: .Op Fl CAcreateserial
1.80 jmc 5518: .Op Fl CAform Cm der | pem
1.1 jsing 5519: .Op Fl CAkey Ar file
1.80 jmc 5520: .Op Fl CAkeyform Cm der | pem
1.1 jsing 5521: .Op Fl CAserial Ar file
5522: .Op Fl certopt Ar option
5523: .Op Fl checkend Ar arg
5524: .Op Fl clrext
5525: .Op Fl clrreject
5526: .Op Fl clrtrust
5527: .Op Fl dates
5528: .Op Fl days Ar arg
5529: .Op Fl email
5530: .Op Fl enddate
5531: .Op Fl extensions Ar section
5532: .Op Fl extfile Ar file
5533: .Op Fl fingerprint
5534: .Op Fl hash
5535: .Op Fl in Ar file
1.80 jmc 5536: .Op Fl inform Cm der | net | pem
1.1 jsing 5537: .Op Fl issuer
5538: .Op Fl issuer_hash
5539: .Op Fl issuer_hash_old
1.80 jmc 5540: .Op Fl keyform Cm der | pem
1.29 bcook 5541: .Op Fl md5 | sha1
1.1 jsing 5542: .Op Fl modulus
5543: .Op Fl nameopt Ar option
1.107 inoguchi 5544: .Op Fl next_serial
1.1 jsing 5545: .Op Fl noout
5546: .Op Fl ocsp_uri
5547: .Op Fl ocspid
5548: .Op Fl out Ar file
1.80 jmc 5549: .Op Fl outform Cm der | net | pem
1.1 jsing 5550: .Op Fl passin Ar arg
5551: .Op Fl pubkey
5552: .Op Fl purpose
5553: .Op Fl req
5554: .Op Fl serial
5555: .Op Fl set_serial Ar n
5556: .Op Fl setalias Ar arg
5557: .Op Fl signkey Ar file
1.107 inoguchi 5558: .Op Fl sigopt Ar nm:v
1.1 jsing 5559: .Op Fl startdate
5560: .Op Fl subject
5561: .Op Fl subject_hash
5562: .Op Fl subject_hash_old
5563: .Op Fl text
5564: .Op Fl trustout
5565: .Op Fl x509toreq
5566: .nr nS 0
5567: .Pp
5568: The
5569: .Nm x509
5570: command is a multi-purpose certificate utility.
5571: It can be used to display certificate information, convert certificates to
5572: various forms, sign certificate requests like a
5573: .Qq mini CA ,
5574: or edit certificate trust settings.
5575: .Pp
1.80 jmc 5576: The following are x509 input, output, and general purpose options:
1.1 jsing 5577: .Bl -tag -width "XXXX"
5578: .It Fl in Ar file
1.80 jmc 5579: The input file to read from,
5580: or standard input if not specified.
5581: .It Fl inform Cm der | net | pem
5582: The input format.
1.1 jsing 5583: Normally, the command will expect an X.509 certificate,
5584: but this can change if other options such as
5585: .Fl req
5586: are present.
1.29 bcook 5587: .It Fl md5 | sha1
1.1 jsing 5588: The digest to use.
5589: This affects any signing or display option that uses a message digest,
5590: such as the
5591: .Fl fingerprint , signkey ,
5592: and
5593: .Fl CA
5594: options.
5595: If not specified, MD5 is used.
1.80 jmc 5596: SHA1 is always used with DSA keys.
1.1 jsing 5597: .It Fl out Ar file
1.80 jmc 5598: The output file to write to,
5599: or standard output if none is specified.
5600: .It Fl outform Cm der | net | pem
5601: The output format.
1.1 jsing 5602: .It Fl passin Ar arg
5603: The key password source.
5604: .El
1.80 jmc 5605: .Pp
5606: The following are x509 display options:
1.1 jsing 5607: .Bl -tag -width "XXXX"
5608: .It Fl C
1.80 jmc 5609: Output the certificate in the form of a C source file.
1.1 jsing 5610: .It Fl certopt Ar option
5611: Customise the output format used with
1.80 jmc 5612: .Fl text ,
5613: either using a list of comma-separated options or by specifying
1.1 jsing 5614: .Fl certopt
1.80 jmc 5615: multiple times.
5616: The default behaviour is to print all fields.
5617: The options are as follows:
5618: .Pp
5619: .Bl -tag -width "no_extensions" -offset indent -compact
5620: .It Cm ca_default
5621: Equivalent to
5622: .Cm no_issuer , no_pubkey , no_header ,
5623: .Cm no_version , no_sigdump ,
5624: and
5625: .Cm no_signame .
5626: .It Cm compatible
5627: Equivalent to no output options at all.
5628: .It Cm ext_default
5629: Print unsupported certificate extensions.
5630: .It Cm ext_dump
5631: Hex dump unsupported extensions.
5632: .It Cm ext_error
5633: Print an error message for unsupported certificate extensions.
5634: .It Cm ext_parse
1.84 jmc 5635: ASN.1 parse unsupported extensions.
1.80 jmc 5636: .It Cm no_aux
5637: Do not print certificate trust information.
5638: .It Cm no_extensions
5639: Do not print X509V3 extensions.
5640: .It Cm no_header
5641: Do not print header (Certificate and Data) information.
5642: .It Cm no_issuer
5643: Do not print the issuer name.
5644: .It Cm no_pubkey
5645: Do not print the public key.
5646: .It Cm no_serial
5647: Do not print the serial number.
5648: .It Cm no_sigdump
5649: Do not give a hexadecimal dump of the certificate signature.
5650: .It Cm no_signame
5651: Do not print the signature algorithm used.
5652: .It Cm no_subject
5653: Do not print the subject name.
5654: .It Cm no_validity
5655: Do not print the
5656: .Cm notBefore
5657: and
5658: .Cm notAfter
5659: (validity) fields.
5660: .It Cm no_version
5661: Do not print the version number.
5662: .El
1.1 jsing 5663: .It Fl dates
1.80 jmc 5664: Print the start and expiry date of a certificate.
1.1 jsing 5665: .It Fl email
1.80 jmc 5666: Output the email addresses, if any.
1.1 jsing 5667: .It Fl enddate
1.80 jmc 5668: Print the expiry date of the certificate; that is, the
5669: .Cm notAfter
1.1 jsing 5670: date.
5671: .It Fl fingerprint
1.80 jmc 5672: Print the digest of the DER-encoded version of the whole certificate.
1.1 jsing 5673: .It Fl hash
5674: A synonym for
1.80 jmc 5675: .Fl subject_hash .
1.1 jsing 5676: .It Fl issuer
1.80 jmc 5677: Print the issuer name.
1.1 jsing 5678: .It Fl issuer_hash
1.80 jmc 5679: Print the hash of the certificate issuer name.
1.1 jsing 5680: .It Fl issuer_hash_old
1.80 jmc 5681: Print the hash of the certificate issuer name
5682: using the older algorithm as used by
5683: .Nm openssl
1.1 jsing 5684: versions before 1.0.0.
5685: .It Fl modulus
1.80 jmc 5686: Print the value of the modulus of the public key contained in the certificate.
1.1 jsing 5687: .It Fl nameopt Ar option
1.80 jmc 5688: Customise how the subject or issuer names are displayed,
5689: either using a list of comma-separated options or by specifying
1.1 jsing 5690: .Fl nameopt
1.80 jmc 5691: multiple times.
5692: The default behaviour is to use the
5693: .Cm oneline
5694: format.
5695: The options,
5696: which can be preceded by a dash to turn them off,
5697: are as follows:
5698: .Bl -tag -width "XXXX"
5699: .It Cm align
5700: Align field values for a more readable output.
5701: Only usable with
5702: .Ar sep_multiline .
5703: .It Cm compat
5704: Use the old format,
5705: equivalent to specifying no options at all.
5706: .It Cm dn_rev
5707: Reverse the fields of the DN, as required by RFC 2253.
5708: As a side effect, this also reverses the order of multiple AVAs.
5709: .It Cm dump_all
5710: Dump all fields.
5711: When used with
5712: .Ar dump_der ,
5713: it allows the DER encoding of the structure to be unambiguously determined.
5714: .It Cm dump_der
5715: Any fields that need to be hexdumped are
5716: dumped using the DER encoding of the field.
5717: Otherwise just the content octets will be displayed.
5718: Both options use the RFC 2253 #XXXX... format.
5719: .It Cm dump_nostr
5720: Dump non-character string types
5721: (for example OCTET STRING);
5722: usually, non-character string types are displayed
5723: as though each content octet represents a single character.
5724: .It Cm dump_unknown
5725: Dump any field whose OID is not recognised by
5726: .Nm openssl .
5727: .It Cm esc_2253
5728: Escape the
5729: .Qq special
5730: characters required by RFC 2253 in a field that is
5731: .Dq \& ,+"<>; .
5732: Additionally,
5733: .Sq #
5734: is escaped at the beginning of a string
5735: and a space character at the beginning or end of a string.
5736: .It Cm esc_ctrl
5737: Escape control characters.
5738: That is, those with ASCII values less than 0x20 (space)
5739: and the delete (0x7f) character.
5740: They are escaped using the RFC 2253 \eXX notation (where XX are two hex
5741: digits representing the character value).
5742: .It Cm esc_msb
5743: Escape characters with the MSB set; that is, with ASCII values larger than
5744: 127.
5745: .It Cm multiline
5746: A multiline format.
5747: Equivalent to
5748: .Cm esc_ctrl , esc_msb , sep_multiline ,
5749: .Cm space_eq , lname ,
5750: and
5751: .Cm align .
5752: .It Cm no_type
5753: Do not attempt to interpret multibyte characters.
5754: That is, content octets are merely dumped as though one octet
5755: represents each character.
5756: This is useful for diagnostic purposes
5757: but results in rather odd looking output.
5758: .It Cm nofname , sname , lname , oid
5759: Alter how the field name is displayed:
5760: .Cm nofname
5761: does not display the field at all;
5762: .Cm sname
5763: uses the short name form (CN for
5764: .Cm commonName ,
5765: for example);
5766: .Cm lname
5767: uses the long form.
5768: .Cm oid
5769: represents the OID in numerical form and is useful for diagnostic purpose.
5770: .It Cm oneline
5771: A one line format which is more readable than
5772: .Cm RFC2253 .
5773: Equivalent to
5774: .Cm esc_2253 , esc_ctrl , esc_msb , utf8 ,
5775: .Cm dump_nostr , dump_der , use_quote , sep_comma_plus_spc ,
5776: .Cm space_eq ,
5777: and
5778: .Cm sname .
5779: .It Cm RFC2253
5780: Displays names compatible with RFC 2253.
5781: Equivalent to
5782: .Cm esc_2253 , esc_ctrl ,
5783: .Cm esc_msb , utf8 , dump_nostr , dump_unknown ,
5784: .Cm dump_der , sep_comma_plus , dn_rev ,
5785: and
5786: .Cm sname .
5787: .It Cm sep_comma_plus , sep_comma_plus_space , sep_semi_plus_space , sep_multiline
5788: Determine the field separators:
5789: the first character is between RDNs and the second between multiple AVAs
5790: (multiple AVAs are very rare and their use is discouraged).
5791: The options ending in
5792: .Qq space
5793: additionally place a space after the separator to make it more readable.
5794: .Cm sep_multiline
5795: uses a linefeed character for the RDN separator and a spaced
5796: .Sq +
5797: for the AVA separator,
5798: as well as indenting the fields by four characters.
5799: .It Cm show_type
1.84 jmc 5800: Show the type of the ASN.1 character string.
1.80 jmc 5801: The type precedes the field contents.
5802: For example
5803: .Qq BMPSTRING: Hello World .
5804: .It Cm space_eq
5805: Place spaces round the
5806: .Sq =
5807: character which follows the field name.
5808: .It Cm use_quote
5809: Escape some characters by surrounding the whole string with
5810: .Sq \&"
5811: characters.
5812: Without the option, all escaping is done with the
5813: .Sq \e
5814: character.
5815: .It Cm utf8
5816: Convert all strings to UTF8 format first, as required by RFC 2253.
5817: On a UTF8 compatible terminal,
5818: the use of this option (and not setting
5819: .Cm esc_msb )
5820: may result in the correct display of multibyte characters.
5821: Usually, multibyte characters larger than 0xff
5822: are represented using the format \eUXXXX for 16 bits and \eWXXXXXXXX
5823: for 32 bits,
5824: and any UTF8Strings are converted to their character form first.
5825: .El
1.107 inoguchi 5826: .It Fl next_serial
5827: Print the next serial number.
1.1 jsing 5828: .It Fl noout
1.80 jmc 5829: Do not output the encoded version of the request.
1.1 jsing 5830: .It Fl ocsp_uri
1.80 jmc 5831: Print the OCSP responder addresses, if any.
1.1 jsing 5832: .It Fl ocspid
5833: Print OCSP hash values for the subject name and public key.
5834: .It Fl pubkey
1.80 jmc 5835: Print the public key.
1.1 jsing 5836: .It Fl serial
1.80 jmc 5837: Print the certificate serial number.
1.107 inoguchi 5838: .It Fl sigopt Ar nm:v
5839: Pass options to the signature algorithm during sign or certify operations.
5840: The names and values of these options are algorithm-specific.
1.1 jsing 5841: .It Fl startdate
1.80 jmc 5842: Print the start date of the certificate; that is, the
5843: .Cm notBefore
1.1 jsing 5844: date.
5845: .It Fl subject
1.80 jmc 5846: Print the subject name.
1.1 jsing 5847: .It Fl subject_hash
1.80 jmc 5848: Print the hash of the certificate subject name.
1.1 jsing 5849: This is used in
1.80 jmc 5850: .Nm openssl
1.1 jsing 5851: to form an index to allow certificates in a directory to be looked up
5852: by subject name.
5853: .It Fl subject_hash_old
1.80 jmc 5854: Print the hash of the certificate subject name
5855: using the older algorithm as used by
5856: .Nm openssl
1.1 jsing 5857: versions before 1.0.0.
5858: .It Fl text
1.80 jmc 5859: Print the full certificate in text form.
1.1 jsing 5860: .El
5861: .Pp
1.80 jmc 5862: A trusted certificate is a certificate which has several
1.1 jsing 5863: additional pieces of information attached to it such as the permitted
1.80 jmc 5864: and prohibited uses of the certificate and an alias.
5865: When a certificate is being verified at least one certificate must be trusted.
5866: By default, a trusted certificate must be stored locally and be a root CA.
5867: The following are x509 trust settings options:
1.1 jsing 5868: .Bl -tag -width "XXXX"
5869: .It Fl addreject Ar arg
1.80 jmc 5870: Add a prohibited use.
5871: Accepts the same values as the
1.1 jsing 5872: .Fl addtrust
5873: option.
5874: .It Fl addtrust Ar arg
1.80 jmc 5875: Add a trusted certificate use.
1.1 jsing 5876: Any object name can be used here, but currently only
1.80 jmc 5877: .Cm clientAuth
5878: (SSL client use),
5879: .Cm serverAuth
5880: (SSL server use),
5881: and
5882: .Cm emailProtection
5883: (S/MIME email) are used.
1.1 jsing 5884: .It Fl alias
1.80 jmc 5885: Output the certificate alias.
1.1 jsing 5886: .It Fl clrreject
1.80 jmc 5887: Clear all the prohibited or rejected uses of the certificate.
1.1 jsing 5888: .It Fl clrtrust
1.80 jmc 5889: Clear all the permitted or trusted uses of the certificate.
1.1 jsing 5890: .It Fl purpose
1.80 jmc 5891: Perform tests on the certificate extensions.
5892: The same code is used when verifying untrusted certificates in chains,
5893: so this section is useful if a chain is rejected by the verify code.
5894: .Pp
5895: The
5896: .Cm basicConstraints
5897: extension CA flag is used to determine whether the
5898: certificate can be used as a CA.
5899: If the CA flag is true, it is a CA;
5900: if the CA flag is false, it is not a CA.
5901: All CAs should have the CA flag set to true.
5902: .Pp
5903: If the
5904: .Cm basicConstraints
5905: extension is absent, then the certificate is
5906: considered to be a possible CA;
5907: other extensions are checked according to the intended use of the certificate.
5908: A warning is given in this case because the certificate should really not
5909: be regarded as a CA.
5910: However it is allowed to be a CA to work around some broken software.
5911: .Pp
5912: If the certificate is a V1 certificate
5913: (and thus has no extensions) and it is self-signed,
5914: it is also assumed to be a CA but a warning is again given.
5915: This is to work around the problem of Verisign roots
5916: which are V1 self-signed certificates.
5917: .Pp
5918: If the
5919: .Cm keyUsage
5920: extension is present, then additional restraints are
5921: made on the uses of the certificate.
5922: A CA certificate must have the
5923: .Cm keyCertSign
5924: bit set if the
5925: .Cm keyUsage
5926: extension is present.
5927: .Pp
5928: The extended key usage extension places additional restrictions on the
5929: certificate uses.
5930: If this extension is present, whether critical or not,
5931: the key can only be used for the purposes specified.
5932: .Pp
5933: A complete description of each test is given below.
5934: The comments about
5935: .Cm basicConstraints
5936: and
5937: .Cm keyUsage
5938: and V1 certificates above apply to all CA certificates.
5939: .Bl -tag -width "XXXX"
5940: .It SSL Client
5941: The extended key usage extension must be absent or include the
5942: web client authentication OID.
5943: .Cm keyUsage
5944: must be absent or it must have the
5945: .Cm digitalSignature
5946: bit set.
5947: The Netscape certificate type must be absent
5948: or it must have the SSL client bit set.
5949: .It SSL Client CA
5950: The extended key usage extension must be absent or include the
5951: web client authentication OID.
5952: The Netscape certificate type must be absent
5953: or it must have the SSL CA bit set:
5954: this is used as a workaround if the
5955: .Cm basicConstraints
5956: extension is absent.
5957: .It SSL Server
5958: The extended key usage extension must be absent or include the
5959: web server authentication and/or one of the SGC OIDs.
5960: .Cm keyUsage
5961: must be absent or it must have the
5962: .Cm digitalSignature
5963: set, the
5964: .Cm keyEncipherment
5965: set, or both bits set.
5966: The Netscape certificate type must be absent or have the SSL server bit set.
5967: .It SSL Server CA
5968: The extended key usage extension must be absent or include the
5969: web server authentication and/or one of the SGC OIDs.
5970: The Netscape certificate type must be absent or the SSL CA bit must be set:
5971: this is used as a workaround if the
5972: .Cm basicConstraints
5973: extension is absent.
5974: .It Netscape SSL Server
5975: For Netscape SSL clients to connect to an SSL server; it must have the
5976: .Cm keyEncipherment
5977: bit set if the
5978: .Cm keyUsage
5979: extension is present.
5980: This isn't always valid because some cipher suites use the key for
5981: digital signing.
5982: Otherwise it is the same as a normal SSL server.
5983: .It Common S/MIME Client Tests
5984: The extended key usage extension must be absent or include the
5985: email protection OID.
5986: The Netscape certificate type must be absent or should have the S/MIME bit set.
5987: If the S/MIME bit is not set in Netscape certificate type, then the SSL
5988: client bit is tolerated as an alternative but a warning is shown:
5989: this is because some Verisign certificates don't set the S/MIME bit.
5990: .It S/MIME Signing
5991: In addition to the common S/MIME client tests, the
5992: .Cm digitalSignature
5993: bit must be set if the
5994: .Cm keyUsage
5995: extension is present.
5996: .It S/MIME Encryption
5997: In addition to the common S/MIME tests, the
5998: .Cm keyEncipherment
5999: bit must be set if the
6000: .Cm keyUsage
6001: extension is present.
6002: .It S/MIME CA
6003: The extended key usage extension must be absent or include the
6004: email protection OID.
6005: The Netscape certificate type must be absent
6006: or must have the S/MIME CA bit set:
6007: this is used as a workaround if the
6008: .Cm basicConstraints
6009: extension is absent.
6010: .It CRL Signing
6011: The
6012: .Cm keyUsage
6013: extension must be absent or it must have the CRL signing bit set.
6014: .It CRL Signing CA
6015: The normal CA tests apply, except the
6016: .Cm basicConstraints
6017: extension must be present.
6018: .El
1.1 jsing 6019: .It Fl setalias Ar arg
1.80 jmc 6020: Set the alias of the certificate,
6021: allowing the certificate to be referred to using a nickname,
6022: such as
1.1 jsing 6023: .Qq Steve's Certificate .
6024: .It Fl trustout
1.80 jmc 6025: Output a trusted certificate
6026: (the default if any trust settings are modified).
1.1 jsing 6027: An ordinary or trusted certificate can be input, but by default an ordinary
6028: certificate is output and any trust settings are discarded.
6029: .El
1.80 jmc 6030: .Pp
1.1 jsing 6031: The
6032: .Nm x509
1.80 jmc 6033: utility can be used to sign certificates and requests:
6034: it can thus behave like a mini CA.
6035: The following are x509 signing options:
1.1 jsing 6036: .Bl -tag -width "XXXX"
6037: .It Fl CA Ar file
1.80 jmc 6038: The CA certificate to be used for signing.
1.1 jsing 6039: When this option is present,
6040: .Nm x509
1.80 jmc 6041: behaves like a mini CA.
1.1 jsing 6042: The input file is signed by the CA using this option;
6043: that is, its issuer name is set to the subject name of the CA and it is
6044: digitally signed using the CA's private key.
6045: .Pp
6046: This option is normally combined with the
6047: .Fl req
6048: option.
6049: Without the
6050: .Fl req
6051: option, the input is a certificate which must be self-signed.
6052: .It Fl CAcreateserial
1.80 jmc 6053: Create the CA serial number file if it does not exist
6054: instead of generating an error.
6055: The file will contain the serial number
1.1 jsing 6056: .Sq 02
6057: and the certificate being signed will have
6058: .Sq 1
6059: as its serial number.
1.80 jmc 6060: .It Fl CAform Cm der | pem
1.1 jsing 6061: The format of the CA certificate file.
6062: The default is
1.80 jmc 6063: .Cm pem .
1.1 jsing 6064: .It Fl CAkey Ar file
1.80 jmc 6065: Set the CA private key to sign a certificate with.
6066: Otherwise it is assumed that the CA private key is present
6067: in the CA certificate file.
6068: .It Fl CAkeyform Cm der | pem
1.1 jsing 6069: The format of the CA private key.
6070: The default is
1.80 jmc 6071: .Cm pem .
1.1 jsing 6072: .It Fl CAserial Ar file
1.80 jmc 6073: Use the serial number in
6074: .Ar file
6075: to sign a certificate.
6076: The file should consist of one line containing an even number of hex digits
1.1 jsing 6077: with the serial number to use.
6078: After each use the serial number is incremented and written out
6079: to the file again.
6080: .Pp
6081: The default filename consists of the CA certificate file base name with
6082: .Pa .srl
6083: appended.
6084: For example, if the CA certificate file is called
6085: .Pa mycacert.pem ,
6086: it expects to find a serial number file called
6087: .Pa mycacert.srl .
6088: .It Fl checkend Ar arg
6089: Check whether the certificate expires in the next
6090: .Ar arg
6091: seconds.
6092: If so, exit with return value 1;
6093: otherwise exit with return value 0.
6094: .It Fl clrext
6095: Delete any extensions from a certificate.
6096: This option is used when a certificate is being created from another
6097: certificate (for example with the
6098: .Fl signkey
6099: or the
6100: .Fl CA
6101: options).
6102: Normally, all extensions are retained.
6103: .It Fl days Ar arg
1.80 jmc 6104: The number of days to make a certificate valid for.
1.1 jsing 6105: The default is 30 days.
6106: .It Fl extensions Ar section
6107: The section to add certificate extensions from.
6108: If this option is not specified, the extensions should either be
1.80 jmc 6109: contained in the unnamed (default) section
6110: or the default section should contain a variable called
1.1 jsing 6111: .Qq extensions
6112: which contains the section to use.
6113: .It Fl extfile Ar file
6114: File containing certificate extensions to use.
6115: If not specified, no extensions are added to the certificate.
1.80 jmc 6116: .It Fl keyform Cm der | pem
6117: The format of the private key file used in the
1.1 jsing 6118: .Fl signkey
6119: option.
6120: .It Fl req
1.80 jmc 6121: Expect a certificate request on input instead of a certificate.
1.1 jsing 6122: .It Fl set_serial Ar n
1.80 jmc 6123: The serial number to use.
1.1 jsing 6124: This option can be used with either the
6125: .Fl signkey
6126: or
6127: .Fl CA
6128: options.
6129: If used in conjunction with the
6130: .Fl CA
6131: option, the serial number file (as specified by the
6132: .Fl CAserial
6133: or
6134: .Fl CAcreateserial
6135: options) is not used.
6136: .Pp
6137: The serial number can be decimal or hex (if preceded by
6138: .Sq 0x ) .
6139: Negative serial numbers can also be specified but their use is not recommended.
6140: .It Fl signkey Ar file
1.80 jmc 6141: Self-sign
6142: .Ar file
6143: using the supplied private key.
1.1 jsing 6144: .Pp
6145: If the input file is a certificate, it sets the issuer name to the
1.80 jmc 6146: subject name (i.e. makes it self-signed),
1.1 jsing 6147: changes the public key to the supplied value,
6148: and changes the start and end dates.
6149: The start date is set to the current time and the end date is set to
6150: a value determined by the
6151: .Fl days
6152: option.
6153: Any certificate extensions are retained unless the
6154: .Fl clrext
6155: option is supplied.
6156: .Pp
6157: If the input is a certificate request, a self-signed certificate
6158: is created using the supplied private key using the subject name in
6159: the request.
6160: .It Fl x509toreq
1.80 jmc 6161: Convert a certificate into a certificate request.
1.1 jsing 6162: The
6163: .Fl signkey
6164: option is used to pass the required private key.
6165: .El
1.38 jmc 6166: .Sh COMMON NOTATION
6167: Several commands share a common syntax,
6168: as detailed below.
6169: .Pp
6170: Password arguments, typically specified using
1.33 jmc 6171: .Fl passin
6172: and
6173: .Fl passout
1.38 jmc 6174: for input and output passwords,
6175: allow passwords to be obtained from a variety of sources.
6176: Both of these options take a single argument, described below.
1.33 jmc 6177: If no password argument is given and a password is required,
6178: then the user is prompted to enter one:
6179: this will typically be read from the current terminal with echoing turned off.
1.38 jmc 6180: .Bl -tag -width "pass:password" -offset indent
6181: .It Cm pass : Ns Ar password
1.33 jmc 6182: The actual password is
6183: .Ar password .
1.38 jmc 6184: Since the password is visible to utilities,
1.33 jmc 6185: this form should only be used where security is not important.
1.38 jmc 6186: .It Cm env : Ns Ar var
1.33 jmc 6187: Obtain the password from the environment variable
6188: .Ar var .
1.38 jmc 6189: Since the environment of other processes is visible,
6190: this option should be used with caution.
6191: .It Cm file : Ns Ar path
1.33 jmc 6192: The first line of
6193: .Ar path
6194: is the password.
6195: If the same
6196: .Ar path
6197: argument is supplied to
6198: .Fl passin
6199: and
6200: .Fl passout ,
6201: then the first line will be used for the input password and the next line
6202: for the output password.
6203: .Ar path
6204: need not refer to a regular file:
6205: it could, for example, refer to a device or named pipe.
1.38 jmc 6206: .It Cm fd : Ns Ar number
1.33 jmc 6207: Read the password from the file descriptor
6208: .Ar number .
1.38 jmc 6209: This can be used to send the data via a pipe, for example.
6210: .It Cm stdin
1.33 jmc 6211: Read the password from standard input.
1.35 jmc 6212: .El
1.38 jmc 6213: .Pp
1.64 jmc 6214: Input/output formats,
1.38 jmc 6215: typically specified using
6216: .Fl inform
6217: and
6218: .Fl outform ,
1.64 jmc 6219: indicate the format being read from or written to.
1.38 jmc 6220: The argument is case insensitive.
6221: .Pp
6222: .Bl -tag -width Ds -offset indent -compact
6223: .It Cm der
6224: Distinguished Encoding Rules (DER)
6225: is a binary format.
1.64 jmc 6226: .It Cm net
6227: Insecure legacy format.
1.38 jmc 6228: .It Cm pem
6229: Privacy Enhanced Mail (PEM)
6230: is base64-encoded.
1.108 inoguchi 6231: .It Cm pvk
6232: Private Key format.
1.70 jmc 6233: .It Cm smime
6234: An SMIME format message.
1.38 jmc 6235: .It Cm txt
6236: Plain ASCII text.
6237: .El
1.35 jmc 6238: .Sh ENVIRONMENT
6239: The following environment variables affect the execution of
6240: .Nm openssl :
1.38 jmc 6241: .Bl -tag -width "/etc/ssl/openssl.cnf"
1.35 jmc 6242: .It Ev OPENSSL_CONF
6243: The location of the master configuration file.
1.33 jmc 6244: .El
1.1 jsing 6245: .Sh FILES
6246: .Bl -tag -width "/etc/ssl/openssl.cnf" -compact
1.17 sobrado 6247: .It Pa /etc/ssl/
1.1 jsing 6248: Default config directory for
6249: .Nm openssl .
1.17 sobrado 6250: .It Pa /etc/ssl/lib/
1.1 jsing 6251: Unused.
1.17 sobrado 6252: .It Pa /etc/ssl/private/
1.1 jsing 6253: Default private key directory.
1.17 sobrado 6254: .It Pa /etc/ssl/openssl.cnf
1.1 jsing 6255: Default configuration file for
6256: .Nm openssl .
1.17 sobrado 6257: .It Pa /etc/ssl/x509v3.cnf
1.1 jsing 6258: Default configuration file for
6259: .Nm x509
6260: certificates.
6261: .El
6262: .Sh SEE ALSO
1.74 jmc 6263: .Xr acme-client 1 ,
1.26 jmc 6264: .Xr nc 1 ,
1.90 schwarze 6265: .Xr openssl.cnf 5 ,
6266: .Xr x509v3.cnf 5 ,
1.1 jsing 6267: .Xr ssl 8 ,
6268: .Xr starttls 8
6269: .Sh STANDARDS
6270: .Rs
6271: .%A T. Dierks
6272: .%A C. Allen
6273: .%D January 1999
6274: .%R RFC 2246
6275: .%T The TLS Protocol Version 1.0
6276: .Re
6277: .Pp
6278: .Rs
6279: .%A M. Wahl
6280: .%A S. Killie
6281: .%A T. Howes
6282: .%D December 1997
6283: .%R RFC 2253
6284: .%T Lightweight Directory Access Protocol (v3): UTF-8 String Representation of Distinguished Names
6285: .Re
6286: .Pp
6287: .Rs
6288: .%A B. Kaliski
6289: .%D March 1998
6290: .%R RFC 2315
6291: .%T PKCS #7: Cryptographic Message Syntax Version 1.5
6292: .Re
6293: .Pp
6294: .Rs
6295: .%A R. Housley
6296: .%A W. Ford
6297: .%A W. Polk
6298: .%A D. Solo
6299: .%D January 1999
6300: .%R RFC 2459
6301: .%T Internet X.509 Public Key Infrastructure Certificate and CRL Profile
6302: .Re
6303: .Pp
6304: .Rs
6305: .%A M. Myers
6306: .%A R. Ankney
6307: .%A A. Malpani
6308: .%A S. Galperin
6309: .%A C. Adams
6310: .%D June 1999
6311: .%R RFC 2560
6312: .%T X.509 Internet Public Key Infrastructure Online Certificate Status Protocol \(en OCSP
6313: .Re
6314: .Pp
6315: .Rs
6316: .%A R. Housley
6317: .%D June 1999
6318: .%R RFC 2630
6319: .%T Cryptographic Message Syntax
6320: .Re
6321: .Pp
6322: .Rs
6323: .%A P. Chown
6324: .%D June 2002
6325: .%R RFC 3268
1.24 jmc 6326: .%T Advanced Encryption Standard (AES) Ciphersuites for Transport Layer Security (TLS)
1.1 jsing 6327: .Re