Annotation of src/usr.bin/openssl/openssl.1, Revision 1.116
1.116 ! inoguchi 1: .\" $OpenBSD: openssl.1,v 1.115 2019/11/19 10:20:10 inoguchi Exp $
1.1 jsing 2: .\" ====================================================================
3: .\" Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
4: .\"
5: .\" Redistribution and use in source and binary forms, with or without
6: .\" modification, are permitted provided that the following conditions
7: .\" are met:
8: .\"
9: .\" 1. Redistributions of source code must retain the above copyright
10: .\" notice, this list of conditions and the following disclaimer.
11: .\"
12: .\" 2. Redistributions in binary form must reproduce the above copyright
13: .\" notice, this list of conditions and the following disclaimer in
14: .\" the documentation and/or other materials provided with the
15: .\" distribution.
16: .\"
17: .\" 3. All advertising materials mentioning features or use of this
18: .\" software must display the following acknowledgment:
19: .\" "This product includes software developed by the OpenSSL Project
20: .\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
21: .\"
22: .\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
23: .\" endorse or promote products derived from this software without
24: .\" prior written permission. For written permission, please contact
25: .\" openssl-core@openssl.org.
26: .\"
27: .\" 5. Products derived from this software may not be called "OpenSSL"
28: .\" nor may "OpenSSL" appear in their names without prior written
29: .\" permission of the OpenSSL Project.
30: .\"
31: .\" 6. Redistributions of any form whatsoever must retain the following
32: .\" acknowledgment:
33: .\" "This product includes software developed by the OpenSSL Project
34: .\" for use in the OpenSSL Toolkit (http://www.openssl.org/)"
35: .\"
36: .\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
37: .\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
38: .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
39: .\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
40: .\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
41: .\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
42: .\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
43: .\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
44: .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
45: .\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
46: .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
47: .\" OF THE POSSIBILITY OF SUCH DAMAGE.
48: .\" ====================================================================
49: .\"
50: .\" This product includes cryptographic software written by Eric Young
51: .\" (eay@cryptsoft.com). This product includes software written by Tim
52: .\" Hudson (tjh@cryptsoft.com).
53: .\"
54: .\"
55: .\" Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
56: .\" All rights reserved.
57: .\"
58: .\" This package is an SSL implementation written
59: .\" by Eric Young (eay@cryptsoft.com).
60: .\" The implementation was written so as to conform with Netscapes SSL.
61: .\"
62: .\" This library is free for commercial and non-commercial use as long as
63: .\" the following conditions are aheared to. The following conditions
64: .\" apply to all code found in this distribution, be it the RC4, RSA,
65: .\" lhash, DES, etc., code; not just the SSL code. The SSL documentation
66: .\" included with this distribution is covered by the same copyright terms
67: .\" except that the holder is Tim Hudson (tjh@cryptsoft.com).
68: .\"
69: .\" Copyright remains Eric Young's, and as such any Copyright notices in
70: .\" the code are not to be removed.
71: .\" If this package is used in a product, Eric Young should be given attribution
72: .\" as the author of the parts of the library used.
73: .\" This can be in the form of a textual message at program startup or
74: .\" in documentation (online or textual) provided with the package.
75: .\"
76: .\" Redistribution and use in source and binary forms, with or without
77: .\" modification, are permitted provided that the following conditions
78: .\" are met:
79: .\" 1. Redistributions of source code must retain the copyright
80: .\" notice, this list of conditions and the following disclaimer.
81: .\" 2. Redistributions in binary form must reproduce the above copyright
82: .\" notice, this list of conditions and the following disclaimer in the
83: .\" documentation and/or other materials provided with the distribution.
84: .\" 3. All advertising materials mentioning features or use of this software
85: .\" must display the following acknowledgement:
86: .\" "This product includes cryptographic software written by
87: .\" Eric Young (eay@cryptsoft.com)"
88: .\" The word 'cryptographic' can be left out if the rouines from the library
89: .\" being used are not cryptographic related :-).
90: .\" 4. If you include any Windows specific code (or a derivative thereof) from
91: .\" the apps directory (application code) you must include an
92: .\" acknowledgement:
93: .\" "This product includes software written by Tim Hudson
94: .\" (tjh@cryptsoft.com)"
95: .\"
96: .\" THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
97: .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
98: .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
99: .\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
100: .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
101: .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
102: .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
103: .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
104: .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
105: .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
106: .\" SUCH DAMAGE.
107: .\"
108: .\" The licence and distribution terms for any publically available version or
109: .\" derivative of this code cannot be changed. i.e. this code cannot simply be
110: .\" copied and put under another distribution licence
111: .\" [including the GNU Public Licence.]
112: .\"
1.116 ! inoguchi 113: .Dd $Mdocdate: November 19 2019 $
1.1 jsing 114: .Dt OPENSSL 1
115: .Os
116: .Sh NAME
117: .Nm openssl
118: .Nd OpenSSL command line tool
119: .Sh SYNOPSIS
120: .Nm
1.90 schwarze 121: .Ar command
1.1 jsing 122: .Op Ar command_opts
123: .Op Ar command_args
124: .Pp
125: .Nm
1.13 bentley 126: .Cm list-standard-commands |
127: .Cm list-message-digest-commands |
128: .Cm list-cipher-commands |
129: .Cm list-cipher-algorithms |
130: .Cm list-message-digest-algorithms |
1.1 jsing 131: .Cm list-public-key-algorithms
132: .Pp
133: .Nm
1.39 jmc 134: .Cm no- Ns Ar command
1.1 jsing 135: .Sh DESCRIPTION
136: .Nm OpenSSL
1.31 jmc 137: is a cryptography toolkit implementing the
138: Transport Layer Security
1.1 jsing 139: .Pq TLS v1
1.31 jmc 140: network protocol,
141: as well as related cryptography standards.
1.1 jsing 142: .Pp
143: The
144: .Nm
145: program is a command line tool for using the various
146: cryptography functions of
1.39 jmc 147: .Nm openssl Ns 's
1.33 jmc 148: crypto library from the shell.
1.1 jsing 149: .Pp
150: The pseudo-commands
151: .Cm list-standard-commands , list-message-digest-commands ,
152: and
153: .Cm list-cipher-commands
154: output a list
155: .Pq one entry per line
156: of the names of all standard commands, message digest commands,
157: or cipher commands, respectively, that are available in the present
158: .Nm
159: utility.
160: .Pp
161: The pseudo-commands
162: .Cm list-cipher-algorithms
163: and
164: .Cm list-message-digest-algorithms
165: list all cipher and message digest names,
166: one entry per line.
167: Aliases are listed as:
168: .Pp
1.33 jmc 169: .D1 from => to
1.1 jsing 170: .Pp
171: The pseudo-command
172: .Cm list-public-key-algorithms
173: lists all supported public key algorithms.
174: .Pp
175: The pseudo-command
1.39 jmc 176: .Cm no- Ns Ar command
1.1 jsing 177: tests whether a command of the
178: specified name is available.
1.39 jmc 179: If
180: .Ar command
181: does not exist,
1.1 jsing 182: it returns 0
183: and prints
1.39 jmc 184: .Cm no- Ns Ar command ;
1.1 jsing 185: otherwise it returns 1 and prints
1.39 jmc 186: .Ar command .
187: In both cases, the output goes to stdout and nothing is printed to stderr.
1.1 jsing 188: Additional command line arguments are always ignored.
189: Since for each cipher there is a command of the same name,
190: this provides an easy way for shell scripts to test for the
191: availability of ciphers in the
192: .Nm
193: program.
194: .Pp
195: .Sy Note :
1.39 jmc 196: .Cm no- Ns Ar command
1.1 jsing 197: is not able to detect pseudo-commands such as
198: .Cm quit ,
199: .Cm list- Ns Ar ... Ns Cm -commands ,
200: or
1.39 jmc 201: .Cm no- Ns Ar command
1.1 jsing 202: itself.
203: .Sh ASN1PARSE
1.114 jmc 204: .Bl -hang -width "openssl asn1parse"
205: .It Nm openssl asn1parse
206: .Bk -words
1.1 jsing 207: .Op Fl i
208: .Op Fl dlimit Ar number
209: .Op Fl dump
210: .Op Fl genconf Ar file
211: .Op Fl genstr Ar str
212: .Op Fl in Ar file
1.34 jmc 213: .Op Fl inform Cm der | pem | txt
1.1 jsing 214: .Op Fl length Ar number
215: .Op Fl noout
216: .Op Fl offset Ar number
217: .Op Fl oid Ar file
218: .Op Fl out Ar file
219: .Op Fl strparse Ar offset
1.114 jmc 220: .Ek
221: .El
1.1 jsing 222: .Pp
223: The
224: .Nm asn1parse
225: command is a diagnostic utility that can parse ASN.1 structures.
226: It can also be used to extract data from ASN.1 formatted data.
227: .Pp
228: The options are as follows:
229: .Bl -tag -width Ds
230: .It Fl dlimit Ar number
231: Dump the first
232: .Ar number
233: bytes of unknown data in hex form.
234: .It Fl dump
235: Dump unknown data in hex form.
236: .It Fl genconf Ar file , Fl genstr Ar str
237: Generate encoded data based on string
238: .Ar str ,
239: file
240: .Ar file ,
1.34 jmc 241: or both, using the format described in
242: .Xr ASN1_generate_nconf 3 .
1.1 jsing 243: If only
244: .Ar file
245: is present then the string is obtained from the default section
246: using the name
247: .Dq asn1 .
1.84 jmc 248: The encoded data is passed through the ASN.1 parser and printed out as
1.1 jsing 249: though it came from a file;
250: the contents can thus be examined and written to a file using the
251: .Fl out
252: option.
253: .It Fl i
1.34 jmc 254: Indent the output according to the
1.1 jsing 255: .Qq depth
256: of the structures.
257: .It Fl in Ar file
1.41 jmc 258: The input file to read from, or standard input if not specified.
1.34 jmc 259: .It Fl inform Cm der | pem | txt
1.1 jsing 260: The input format.
261: .It Fl length Ar number
1.34 jmc 262: Number of bytes to parse; the default is until end of file.
1.1 jsing 263: .It Fl noout
1.46 jmc 264: Do not output the parsed version of the input file.
1.1 jsing 265: .It Fl offset Ar number
1.34 jmc 266: Starting offset to begin parsing; the default is start of file.
1.1 jsing 267: .It Fl oid Ar file
268: A file containing additional object identifiers
269: .Pq OIDs .
270: If an OID
271: .Pq object identifier
272: is not part of
1.34 jmc 273: .Nm openssl Ns 's
1.1 jsing 274: internal table it will be represented in
275: numerical form
276: .Pq for example 1.2.3.4 .
1.34 jmc 277: .Pp
1.1 jsing 278: Each line consists of three columns:
279: the first column is the OID in numerical format and should be followed by
280: whitespace.
281: The second column is the
1.34 jmc 282: .Qq short name ,
1.1 jsing 283: which is a single word followed by whitespace.
284: The final column is the rest of the line and is the
285: .Qq long name .
286: .Nm asn1parse
287: displays the long name.
1.34 jmc 288: .It Fl out Ar file
289: The DER-encoded output file; the default is no encoded output
290: (useful when combined with
291: .Fl strparse ) .
292: .It Fl strparse Ar offset
293: Parse the content octets of the ASN.1 object starting at
294: .Ar offset .
295: This option can be used multiple times to
296: .Qq drill down
297: into a nested structure.
298: .El
1.1 jsing 299: .Sh CA
1.114 jmc 300: .Bl -hang -width "openssl ca"
301: .It Nm openssl ca
302: .Bk -words
1.1 jsing 303: .Op Fl batch
304: .Op Fl cert Ar file
305: .Op Fl config Ar file
1.91 schwarze 306: .Op Fl create_serial
1.1 jsing 307: .Op Fl crl_CA_compromise Ar time
308: .Op Fl crl_compromise Ar time
309: .Op Fl crl_hold Ar instruction
310: .Op Fl crl_reason Ar reason
311: .Op Fl crldays Ar days
312: .Op Fl crlexts Ar section
313: .Op Fl crlhours Ar hours
1.103 inoguchi 314: .Op Fl crlsec Ar seconds
1.1 jsing 315: .Op Fl days Ar arg
316: .Op Fl enddate Ar date
317: .Op Fl extensions Ar section
1.103 inoguchi 318: .Op Fl extfile Ar file
1.1 jsing 319: .Op Fl gencrl
320: .Op Fl in Ar file
321: .Op Fl infiles
1.91 schwarze 322: .Op Fl key Ar password
1.103 inoguchi 323: .Op Fl keyfile Ar file
1.91 schwarze 324: .Op Fl keyform Cm pem | der
1.103 inoguchi 325: .Op Fl md Ar alg
1.1 jsing 326: .Op Fl msie_hack
1.107 inoguchi 327: .Op Fl multivalue-rdn
1.1 jsing 328: .Op Fl name Ar section
329: .Op Fl noemailDN
330: .Op Fl notext
331: .Op Fl out Ar file
1.103 inoguchi 332: .Op Fl outdir Ar directory
1.1 jsing 333: .Op Fl passin Ar arg
334: .Op Fl policy Ar arg
335: .Op Fl preserveDN
336: .Op Fl revoke Ar file
1.91 schwarze 337: .Op Fl selfsign
1.103 inoguchi 338: .Op Fl sigopt Ar nm:v
1.1 jsing 339: .Op Fl spkac Ar file
340: .Op Fl ss_cert Ar file
341: .Op Fl startdate Ar date
342: .Op Fl status Ar serial
343: .Op Fl subj Ar arg
344: .Op Fl updatedb
1.91 schwarze 345: .Op Fl utf8
1.1 jsing 346: .Op Fl verbose
1.114 jmc 347: .Ek
348: .El
1.1 jsing 349: .Pp
350: The
351: .Nm ca
1.35 jmc 352: command is a minimal certificate authority (CA) application.
1.1 jsing 353: It can be used to sign certificate requests in a variety of forms
1.35 jmc 354: and generate certificate revocation lists (CRLs).
1.1 jsing 355: It also maintains a text database of issued certificates and their status.
356: .Pp
1.35 jmc 357: The options relevant to CAs are as follows:
1.1 jsing 358: .Bl -tag -width "XXXX"
359: .It Fl batch
1.41 jmc 360: Batch mode.
1.1 jsing 361: In this mode no questions will be asked
362: and all certificates will be certified automatically.
363: .It Fl cert Ar file
364: The CA certificate file.
365: .It Fl config Ar file
1.72 jmc 366: Specify an alternative configuration file.
1.91 schwarze 367: .It Fl create_serial
368: If reading the serial from the text file as specified in the
369: configuration fails, create a new random serial to be used as the
370: next serial number.
1.1 jsing 371: .It Fl days Ar arg
372: The number of days to certify the certificate for.
373: .It Fl enddate Ar date
1.41 jmc 374: Set the expiry date.
1.88 jmc 375: The format of the date is [YY]YYMMDDHHMMSSZ,
376: with all four year digits required for dates from 2050 onwards.
1.1 jsing 377: .It Fl extensions Ar section
378: The section of the configuration file containing certificate extensions
379: to be added when a certificate is issued (defaults to
1.35 jmc 380: .Cm x509_extensions
1.1 jsing 381: unless the
382: .Fl extfile
383: option is used).
384: If no extension section is present, a V1 certificate is created.
385: If the extension section is present
386: .Pq even if it is empty ,
387: then a V3 certificate is created.
1.91 schwarze 388: See the
389: .Xr x509v3.cnf 5
390: manual page for details of the extension section format.
1.1 jsing 391: .It Fl extfile Ar file
392: An additional configuration
393: .Ar file
394: to read certificate extensions from
395: (using the default section unless the
396: .Fl extensions
397: option is also used).
398: .It Fl in Ar file
399: An input
400: .Ar file
401: containing a single certificate request to be signed by the CA.
402: .It Fl infiles
403: If present, this should be the last option; all subsequent arguments
404: are assumed to be the names of files containing certificate requests.
1.91 schwarze 405: .It Fl key Ar password
406: The
407: .Fa password
408: used to encrypt the private key.
1.35 jmc 409: Since on some systems the command line arguments are visible,
410: this option should be used with caution.
1.1 jsing 411: .It Fl keyfile Ar file
412: The private key to sign requests with.
1.91 schwarze 413: .It Fl keyform Cm pem | der
1.1 jsing 414: Private key file format.
1.91 schwarze 415: The default is
416: .Cm pem .
1.1 jsing 417: .It Fl md Ar alg
418: The message digest to use.
419: Possible values include
420: .Ar md5
421: and
422: .Ar sha1 .
423: This option also applies to CRLs.
424: .It Fl msie_hack
425: This is a legacy option to make
426: .Nm ca
427: work with very old versions of the IE certificate enrollment control
428: .Qq certenr3 .
429: It used UniversalStrings for almost everything.
430: Since the old control has various security bugs,
431: its use is strongly discouraged.
432: The newer control
433: .Qq Xenroll
434: does not need this option.
1.107 inoguchi 435: .It Fl multivalue-rdn
1.91 schwarze 436: This option causes the
437: .Fl subj
438: argument to be interpreted with full support for multivalued RDNs,
439: for example
440: .Qq "/DC=org/DC=OpenSSL/DC=users/UID=123456+CN=John Doe" .
441: If
1.107 inoguchi 442: .Fl multivalue-rdn
1.91 schwarze 443: is not used, the UID value is set to
444: .Qq "123456+CN=John Doe" .
1.1 jsing 445: .It Fl name Ar section
446: Specifies the configuration file
447: .Ar section
448: to use (overrides
449: .Cm default_ca
450: in the
451: .Cm ca
452: section).
453: .It Fl noemailDN
454: The DN of a certificate can contain the EMAIL field if present in the
1.30 mmcc 455: request DN, however it is good policy just having the email set into
1.1 jsing 456: the
1.35 jmc 457: .Cm altName
1.1 jsing 458: extension of the certificate.
459: When this option is set, the EMAIL field is removed from the certificate's
460: subject and set only in the, eventually present, extensions.
461: The
462: .Ar email_in_dn
463: keyword can be used in the configuration file to enable this behaviour.
464: .It Fl notext
465: Don't output the text form of a certificate to the output file.
466: .It Fl out Ar file
467: The output file to output certificates to.
468: The default is standard output.
1.91 schwarze 469: The certificate details will also be printed out to this file in
470: PEM format, except that
471: .Fl spkac
472: outputs DER format.
1.1 jsing 473: .It Fl outdir Ar directory
474: The
475: .Ar directory
476: to output certificates to.
477: The certificate will be written to a file consisting of the
478: serial number in hex with
479: .Qq .pem
480: appended.
481: .It Fl passin Ar arg
482: The key password source.
483: .It Fl policy Ar arg
1.41 jmc 484: Define the CA
1.1 jsing 485: .Qq policy
486: to use.
1.35 jmc 487: The policy section in the configuration file
488: consists of a set of variables corresponding to certificate DN fields.
489: The values may be one of
490: .Qq match
491: (the value must match the same field in the CA certificate),
492: .Qq supplied
493: (the value must be present), or
494: .Qq optional
495: (the value may be present).
496: Any fields not mentioned in the policy section
497: are silently deleted, unless the
498: .Fl preserveDN
499: option is set,
500: but this can be regarded more of a quirk than intended behaviour.
1.1 jsing 501: .It Fl preserveDN
502: Normally, the DN order of a certificate is the same as the order of the
503: fields in the relevant policy section.
504: When this option is set, the order is the same as the request.
505: This is largely for compatibility with the older IE enrollment control
506: which would only accept certificates if their DNs matched the order of the
507: request.
508: This is not needed for Xenroll.
1.91 schwarze 509: .It Fl selfsign
510: Indicates the issued certificates are to be signed with the key the
511: certificate requests were signed with, given with
512: .Fl keyfile .
513: Certificate requests signed with a different key are ignored.
514: If
515: .Fl gencrl ,
516: .Fl spkac ,
517: or
518: .Fl ss_cert
519: are given,
520: .Fl selfsign
521: is ignored.
522: .Pp
523: A consequence of using
524: .Fl selfsign
525: is that the self-signed certificate appears among the entries in
526: the certificate database (see the configuration option
527: .Cm database )
528: and uses the same serial number counter as all other certificates
529: signed with the self-signed certificate.
1.103 inoguchi 530: .It Fl sigopt Ar nm:v
531: Pass options to the signature algorithm during sign or certify operations.
532: The names and values of these options are algorithm-specific.
1.1 jsing 533: .It Fl spkac Ar file
534: A file containing a single Netscape signed public key and challenge,
535: and additional field values to be signed by the CA.
1.35 jmc 536: This will usually come from the
537: KEYGEN tag in an HTML form to create a new private key.
538: It is, however, possible to create SPKACs using the
539: .Nm spkac
540: utility.
541: .Pp
542: The file should contain the variable SPKAC set to the value of
543: the SPKAC and also the required DN components as name value pairs.
544: If it's necessary to include the same component twice,
545: then it can be preceded by a number and a
546: .Sq \&. .
1.1 jsing 547: .It Fl ss_cert Ar file
548: A single self-signed certificate to be signed by the CA.
549: .It Fl startdate Ar date
1.41 jmc 550: Set the start date.
1.88 jmc 551: The format of the date is [YY]YYMMDDHHMMSSZ,
552: with all four year digits required for dates from 2050 onwards.
1.91 schwarze 553: .It Fl subj Ar arg
554: Supersedes the subject name given in the request.
555: The
556: .Ar arg
557: must be formatted as
558: .Sm off
559: .Pf / Ar type0 Ns = Ar value0 Ns / Ar type 1 Ns = Ar value 1 Ns /
560: .Ar type2 Ns = Ar ... ;
561: .Sm on
562: characters may be escaped by
563: .Sq \e
564: .Pq backslash ,
565: no spaces are skipped.
566: .It Fl utf8
567: Interpret field values read from a terminal or obtained from a
568: configuration file as UTF-8 strings.
569: By default, they are interpreted as ASCII.
1.1 jsing 570: .It Fl verbose
1.41 jmc 571: Print extra details about the operations being performed.
1.1 jsing 572: .El
1.35 jmc 573: .Pp
574: The options relevant to CRLs are as follows:
1.1 jsing 575: .Bl -tag -width "XXXX"
576: .It Fl crl_CA_compromise Ar time
577: This is the same as
578: .Fl crl_compromise ,
579: except the revocation reason is set to CACompromise.
580: .It Fl crl_compromise Ar time
1.41 jmc 581: Set the revocation reason to keyCompromise and the compromise time to
1.1 jsing 582: .Ar time .
583: .Ar time
584: should be in GeneralizedTime format, i.e. YYYYMMDDHHMMSSZ.
585: .It Fl crl_hold Ar instruction
1.41 jmc 586: Set the CRL revocation reason code to certificateHold and the hold
1.1 jsing 587: instruction to
588: .Ar instruction
589: which must be an OID.
590: Although any OID can be used, only holdInstructionNone
591: (the use of which is discouraged by RFC 2459), holdInstructionCallIssuer or
592: holdInstructionReject will normally be used.
593: .It Fl crl_reason Ar reason
594: Revocation reason, where
595: .Ar reason
596: is one of:
597: unspecified, keyCompromise, CACompromise, affiliationChanged, superseded,
598: cessationOfOperation, certificateHold or removeFromCRL.
599: The matching of
600: .Ar reason
601: is case insensitive.
602: Setting any revocation reason will make the CRL v2.
603: In practice, removeFromCRL is not particularly useful because it is only used
604: in delta CRLs which are not currently implemented.
1.103 inoguchi 605: .It Fl crldays Ar days
1.1 jsing 606: The number of days before the next CRL is due.
607: This is the days from now to place in the CRL
1.35 jmc 608: .Cm nextUpdate
1.1 jsing 609: field.
610: .It Fl crlexts Ar section
611: The
612: .Ar section
613: of the configuration file containing CRL extensions to include.
614: If no CRL extension section is present then a V1 CRL is created;
615: if the CRL extension section is present
1.81 jmc 616: (even if it is empty)
1.1 jsing 617: then a V2 CRL is created.
1.81 jmc 618: The CRL extensions specified are CRL extensions and not CRL entry extensions.
619: It should be noted that some software can't handle V2 CRLs.
1.91 schwarze 620: See the
621: .Xr x509v3.cnf 5
622: manual page for details of the extension section format.
1.103 inoguchi 623: .It Fl crlhours Ar hours
1.1 jsing 624: The number of hours before the next CRL is due.
1.103 inoguchi 625: .It Fl crlsec Ar seconds
626: The number of seconds before the next CRL is due.
1.1 jsing 627: .It Fl gencrl
1.41 jmc 628: Generate a CRL based on information in the index file.
1.1 jsing 629: .It Fl revoke Ar file
630: A
631: .Ar file
632: containing a certificate to revoke.
1.91 schwarze 633: .It Fl status Ar serial
634: Show the status of the certificate with serial number
635: .Ar serial .
636: .It Fl updatedb
637: Update the database index to purge expired certificates.
1.1 jsing 638: .El
639: .Pp
1.35 jmc 640: Many of the options can be set in the
641: .Cm ca
642: section of the configuration file
643: (or in the default section of the configuration file),
644: specified using
645: .Cm default_ca
646: or
647: .Fl name .
648: The options
649: .Cm preserve
650: and
651: .Cm msie_hack
652: are read directly from the
653: .Cm ca
654: section.
1.1 jsing 655: .Pp
656: Many of the configuration file options are identical to command line
657: options.
658: Where the option is present in the configuration file and the command line,
659: the command line value is used.
660: Where an option is described as mandatory, then it must be present in
661: the configuration file or the command line equivalent
662: .Pq if any
663: used.
664: .Bl -tag -width "XXXX"
1.35 jmc 665: .It Cm certificate
1.1 jsing 666: The same as
667: .Fl cert .
668: It gives the file containing the CA certificate.
669: Mandatory.
1.35 jmc 670: .It Cm copy_extensions
1.1 jsing 671: Determines how extensions in certificate requests should be handled.
672: If set to
1.35 jmc 673: .Cm none
1.1 jsing 674: or this option is not present, then extensions are
675: ignored and not copied to the certificate.
676: If set to
1.35 jmc 677: .Cm copy ,
1.1 jsing 678: then any extensions present in the request that are not already present
679: are copied to the certificate.
680: If set to
1.35 jmc 681: .Cm copyall ,
1.1 jsing 682: then all extensions in the request are copied to the certificate:
683: if the extension is already present in the certificate it is deleted first.
1.35 jmc 684: .Pp
685: The
686: .Cm copy_extensions
687: option should be used with caution.
688: If care is not taken, it can be a security risk.
689: For example, if a certificate request contains a
690: .Cm basicConstraints
691: extension with CA:TRUE and the
692: .Cm copy_extensions
693: value is set to
694: .Cm copyall
695: and the user does not spot
1.91 schwarze 696: this when the certificate is displayed, then this will hand the requester
1.35 jmc 697: a valid CA certificate.
698: .Pp
699: This situation can be avoided by setting
700: .Cm copy_extensions
701: to
702: .Cm copy
703: and including
704: .Cm basicConstraints
705: with CA:FALSE in the configuration file.
706: Then if the request contains a
707: .Cm basicConstraints
708: extension, it will be ignored.
1.1 jsing 709: .Pp
710: The main use of this option is to allow a certificate request to supply
711: values for certain extensions such as
1.35 jmc 712: .Cm subjectAltName .
713: .It Cm crl_extensions
1.1 jsing 714: The same as
715: .Fl crlexts .
1.35 jmc 716: .It Cm crlnumber
1.1 jsing 717: A text file containing the next CRL number to use in hex.
718: The CRL number will be inserted in the CRLs only if this file exists.
719: If this file is present, it must contain a valid CRL number.
1.35 jmc 720: .It Cm database
1.1 jsing 721: The text database file to use.
722: Mandatory.
723: This file must be present, though initially it will be empty.
1.35 jmc 724: .It Cm default_crl_hours , default_crl_days
1.1 jsing 725: The same as the
726: .Fl crlhours
727: and
728: .Fl crldays
729: options.
730: These will only be used if neither command line option is present.
731: At least one of these must be present to generate a CRL.
1.35 jmc 732: .It Cm default_days
1.1 jsing 733: The same as the
734: .Fl days
735: option.
736: The number of days to certify a certificate for.
1.35 jmc 737: .It Cm default_enddate
1.1 jsing 738: The same as the
739: .Fl enddate
740: option.
741: Either this option or
1.35 jmc 742: .Cm default_days
1.1 jsing 743: .Pq or the command line equivalents
744: must be present.
1.35 jmc 745: .It Cm default_md
1.1 jsing 746: The same as the
747: .Fl md
748: option.
749: The message digest to use.
750: Mandatory.
1.35 jmc 751: .It Cm default_startdate
1.1 jsing 752: The same as the
753: .Fl startdate
754: option.
755: The start date to certify a certificate for.
756: If not set, the current time is used.
1.35 jmc 757: .It Cm email_in_dn
1.1 jsing 758: The same as
759: .Fl noemailDN .
760: If the EMAIL field is to be removed from the DN of the certificate,
761: simply set this to
762: .Qq no .
763: If not present, the default is to allow for the EMAIL field in the
764: certificate's DN.
1.35 jmc 765: .It Cm msie_hack
1.1 jsing 766: The same as
767: .Fl msie_hack .
1.35 jmc 768: .It Cm name_opt , cert_opt
1.1 jsing 769: These options allow the format used to display the certificate details
770: when asking the user to confirm signing.
771: All the options supported by the
772: .Nm x509
773: utilities'
774: .Fl nameopt
775: and
776: .Fl certopt
777: switches can be used here, except that
1.35 jmc 778: .Cm no_signame
1.1 jsing 779: and
1.35 jmc 780: .Cm no_sigdump
1.1 jsing 781: are permanently set and cannot be disabled
782: (this is because the certificate signature cannot be displayed because
783: the certificate has not been signed at this point).
784: .Pp
785: For convenience, the value
1.35 jmc 786: .Cm ca_default
1.1 jsing 787: is accepted by both to produce a reasonable output.
788: .Pp
789: If neither option is present, the format used in earlier versions of
1.35 jmc 790: .Nm openssl
1.1 jsing 791: is used.
1.81 jmc 792: Use of the old format is strongly discouraged
793: because it only displays fields mentioned in the
1.35 jmc 794: .Cm policy
1.1 jsing 795: section,
796: mishandles multicharacter string types and does not display extensions.
1.35 jmc 797: .It Cm new_certs_dir
1.1 jsing 798: The same as the
799: .Fl outdir
800: command line option.
801: It specifies the directory where new certificates will be placed.
802: Mandatory.
1.35 jmc 803: .It Cm oid_file
1.1 jsing 804: This specifies a file containing additional object identifiers.
805: Each line of the file should consist of the numerical form of the
806: object identifier followed by whitespace, then the short name followed
807: by whitespace and finally the long name.
1.35 jmc 808: .It Cm oid_section
1.1 jsing 809: This specifies a section in the configuration file containing extra
810: object identifiers.
811: Each line should consist of the short name of the object identifier
812: followed by
813: .Sq =
814: and the numerical form.
815: The short and long names are the same when this option is used.
1.35 jmc 816: .It Cm policy
1.1 jsing 817: The same as
818: .Fl policy .
819: Mandatory.
1.35 jmc 820: .It Cm preserve
1.1 jsing 821: The same as
822: .Fl preserveDN .
1.35 jmc 823: .It Cm private_key
1.1 jsing 824: Same as the
825: .Fl keyfile
826: option.
827: The file containing the CA private key.
828: Mandatory.
1.35 jmc 829: .It Cm serial
1.1 jsing 830: A text file containing the next serial number to use in hex.
831: Mandatory.
832: This file must be present and contain a valid serial number.
1.35 jmc 833: .It Cm unique_subject
1.1 jsing 834: If the value
1.35 jmc 835: .Cm yes
1.1 jsing 836: is given, the valid certificate entries in the
837: database must have unique subjects.
838: If the value
1.35 jmc 839: .Cm no
1.1 jsing 840: is given,
841: several valid certificate entries may have the exact same subject.
842: The default value is
1.35 jmc 843: .Cm yes .
844: .It Cm x509_extensions
1.1 jsing 845: The same as
846: .Fl extensions .
847: .El
848: .Sh CIPHERS
849: .Nm openssl ciphers
850: .Op Fl hVv
1.93 schwarze 851: .Op Ar control
1.1 jsing 852: .Pp
853: The
854: .Nm ciphers
1.93 schwarze 855: command converts the
856: .Ar control
857: string from the format documented in
858: .Xr SSL_CTX_set_cipher_list 3
859: into an ordered SSL cipher suite preference list.
860: If no
861: .Ar control
862: string is specified, the
863: .Cm DEFAULT
864: list is printed.
1.1 jsing 865: .Pp
866: The options are as follows:
867: .Bl -tag -width Ds
868: .It Fl h , \&?
869: Print a brief usage message.
870: .It Fl V
1.36 jmc 871: Verbose.
1.92 schwarze 872: List ciphers with cipher suite code in hex format,
873: cipher name, and a complete description of protocol version,
874: key exchange, authentication, encryption, and mac algorithms.
1.36 jmc 875: .It Fl v
1.1 jsing 876: Like
1.36 jmc 877: .Fl V ,
878: but without cipher suite codes.
1.116 ! inoguchi 879: .El
! 880: .Sh CMS
! 881: .Bl -hang -width "openssl cms"
! 882: .It Nm openssl cms
! 883: .Bk -words
! 884: .Oo
! 885: .Fl aes128 | aes192 | aes256 | camellia128 |
! 886: .Fl camellia192 | camellia256 | des | des3 |
! 887: .Fl rc2-40 | rc2-64 | rc2-128
! 888: .Oc
! 889: .Op Fl CAfile Ar file
! 890: .Op Fl CApath Ar directory
! 891: .Op Fl binary
! 892: .Op Fl certfile Ar file
! 893: .Op Fl certsout Ar file
! 894: .Op Fl cmsout
! 895: .Op Fl compress
! 896: .Op Fl content Ar file
! 897: .Op Fl crlfeol
! 898: .Op Fl data_create
! 899: .Op Fl data_out
! 900: .Op Fl debug_decrypt
! 901: .Op Fl decrypt
! 902: .Op Fl digest_create
! 903: .Op Fl digest_verify
! 904: .Op Fl econtent_type Ar type
! 905: .Op Fl encrypt
! 906: .Op Fl EncryptedData_decrypt
! 907: .Op Fl EncryptedData_encrypt
! 908: .Op Fl from Ar addr
! 909: .Op Fl in Ar file
! 910: .Op Fl inform Cm der | pem | smime
! 911: .Op Fl inkey Ar file
! 912: .Op Fl keyform Cm der | pem
! 913: .Op Fl keyid
! 914: .Op Fl keyopt Ar nm:v
! 915: .Op Fl md Ar digest
! 916: .Op Fl no_attr_verify
! 917: .Op Fl no_content_verify
! 918: .Op Fl no_signer_cert_verify
! 919: .Op Fl noattr
! 920: .Op Fl nocerts
! 921: .Op Fl nodetach
! 922: .Op Fl nointern
! 923: .Op Fl nooldmime
! 924: .Op Fl noout
! 925: .Op Fl nosigs
! 926: .Op Fl nosmimecap
! 927: .Op Fl noverify
! 928: .Op Fl out Ar file
! 929: .Op Fl outform Cm der | pem | smime
! 930: .Op Fl passin Ar src
! 931: .Op Fl print
! 932: .Op Fl pwri_password Ar arg
! 933: .Op Fl rctform Cm der | pem | smime
! 934: .Op Fl receipt_request_all | receipt_request_first
! 935: .Op Fl receipt_request_from Ar addr
! 936: .Op Fl receipt_request_print
! 937: .Op Fl receipt_request_to Ar addr
! 938: .Op Fl recip Ar file
! 939: .Op Fl resign
! 940: .Op Fl secretkey Ar key
! 941: .Op Fl secretkeyid Ar id
! 942: .Op Fl sign
! 943: .Op Fl sign_receipt
! 944: .Op Fl signer Ar file
! 945: .Op Fl stream | indef | noindef
! 946: .Op Fl subject Ar s
! 947: .Op Fl text
! 948: .Op Fl to Ar addr
! 949: .Op Fl uncompress
! 950: .Op Fl verify
! 951: .Op Fl verify_receipt Ar file
! 952: .Op Fl verify_retcode
! 953: .Op Ar cert.pem ...
! 954: .Ek
! 955: .El
! 956: .Pp
! 957: The
! 958: .Nm cms
! 959: command handles S/MIME v3.1 mail.
! 960: It can encrypt, decrypt, sign and verify, compress and uncompress S/MIME
! 961: messages.
! 962: .Pp
! 963: The MIME message must be sent without any blank lines between the headers and
! 964: the output.
! 965: Some mail programs will automatically add a blank line.
! 966: Piping the mail directly to sendmail is one way to achieve the correct format.
! 967: .Pp
! 968: The supplied message to be signed or encrypted must include the necessary MIME
! 969: headers or many S/MIME clients won't display it properly (if at all).
! 970: You can use the
! 971: .Fl text
! 972: option to automatically add plain text headers.
! 973: .Pp
! 974: A "signed and encrypted" message is one where a signed message is then
! 975: encrypted.
! 976: This can be produced by encrypting an already signed message.
! 977: .Pp
! 978: There are various operation options that set the type of operation to be
! 979: performed.
! 980: The meaning of the other options varies according to the operation type.
! 981: .Bl -tag -width "XXXX"
! 982: .It Fl encrypt
! 983: Encrypt mail for the given recipient certificates.
! 984: Input file is the message to be encrypted.
! 985: The output file is the encrypted mail in MIME format.
! 986: The actual CMS type is EnvelopedData.
! 987: Note that no revocation check is done for the recipient cert, so if that
! 988: key has been compromised, others may be able to decrypt the text.
! 989: .It Fl decrypt
! 990: Decrypt mail using the supplied certificate and private key.
! 991: Expects an encrypted mail message in MIME format for the input file.
! 992: The decrypted mail is written to the output file.
! 993: .It Fl sign
! 994: Sign mail using the supplied certificate and private key.
! 995: Input file is the message to be signed.
! 996: The signed message in MIME format is written to the output file.
! 997: .It Fl verify
! 998: Verify signed mail.
! 999: Expects a signed mail message on input and outputs the signed data.
! 1000: Both clear text and opaque signing are supported.
! 1001: .It Fl cmsout
! 1002: Take an input message and write out a PEM encoded CMS structure.
! 1003: .It Fl resign
! 1004: Resign a message.
! 1005: Take an existing message and one or more new signers.
! 1006: This operation uses an existing message digest when adding a new signer.
! 1007: This means that attributes must be present in at least one existing
! 1008: signer using the same message digest or this operation will fail.
! 1009: .It Fl data_create
! 1010: Create a CMS Data type.
! 1011: .It Fl data_out
! 1012: Output a content from the input CMS Data type.
! 1013: .It Fl digest_create
! 1014: Create a CMS DigestedData type.
! 1015: .It Fl digest_verify
! 1016: Verify a CMS DigestedData type and output the content.
! 1017: .It Fl compress
! 1018: Create a CMS CompressedData type.
! 1019: Must be compiled with zlib support for this option to work.
! 1020: .It Fl uncompress
! 1021: Uncompress a CMS CompressedData type and output the content.
! 1022: Must be compiled with zlib support for this option to work.
! 1023: .It Fl EncryptedData_encrypt
! 1024: Encrypt a content using supplied symmetric key and algorithm using a
! 1025: CMS EncryptedData type.
! 1026: .It Fl EncryptedData_decrypt
! 1027: Decrypt a CMS EncryptedData type using supplied symmetric key.
! 1028: .It Fl sign_receipt
! 1029: Generate and output a signed receipt for the supplied message.
! 1030: The input message must contain a signed receipt request.
! 1031: Functionality is otherwise similar to the
! 1032: .Fl sign
! 1033: operation.
! 1034: .It Xo
! 1035: .Fl verify_receipt Ar file
! 1036: .Xc
! 1037: Verify a signed receipt in file.
! 1038: The input message must contain the original receipt request.
! 1039: Functionality is otherwise similar to the
! 1040: .Fl verify
! 1041: operation.
! 1042: .El
! 1043: .Pp
! 1044: The remaining options are as follows:
! 1045: .Bl -tag -width "XXXX"
! 1046: .It Xo
! 1047: .Fl aes128 | aes192 | aes256 | camellia128 |
! 1048: .Fl camellia192 | camellia256 | des | des3 |
! 1049: .Fl rc2-40 | rc2-64 | rc2-128
! 1050: .Xc
! 1051: The encryption algorithm to use.
! 1052: 128-, 192-, or 256-bit AES, 128-, 192-, or 256-bit CAMELLIA,
! 1053: DES (56 bits), triple DES (168 bits),
! 1054: or 40-, 64-, or 128-bit RC2, respectively;
! 1055: if not specified, triple DES is
! 1056: used.
! 1057: Only used with
! 1058: .Fl encrypt
! 1059: and
! 1060: .Fl EncryptedData_encrypt
! 1061: commands.
! 1062: .It Fl binary
! 1063: Normally the input message is converted to "canonical" format which is
! 1064: effectively using CR/LF as end of line, as required by the S/MIME specification.
! 1065: When this option is present no translation occurs.
! 1066: This is useful when handling binary data which may not be in MIME format.
! 1067: .It Fl CAfile Ar file
! 1068: A file containing trusted CA certificates, used with
! 1069: .Fl verify
! 1070: and
! 1071: .Fl verify_receipt .
! 1072: .It Fl CApath Ar directory
! 1073: A directory containing trusted CA certificates, used with
! 1074: .Fl verify
! 1075: and
! 1076: .Fl verify_receipt .
! 1077: This directory must be a standard certificate directory: that is a hash
! 1078: of each subject name (using
! 1079: .Nm x509 Fl hash )
! 1080: should be linked to each certificate.
! 1081: .It Ar cert.pem...
! 1082: One or more certificates of message recipients: used when encrypting a message.
! 1083: .It Fl certfile Ar file
! 1084: Allows additional certificates to be specified.
! 1085: When signing these will be included with the message.
! 1086: When verifying these will be searched for the signer's certificates.
! 1087: The certificates should be in PEM format.
! 1088: .It Fl certsout Ar file
! 1089: A file that any certificates contained in the message are written to.
! 1090: .It Xo
! 1091: .Fl check_ss_sig ,
! 1092: .Fl crl_check ,
! 1093: .Fl crl_check_all ,
! 1094: .Fl extended_crl ,
! 1095: .Fl ignore_critical ,
! 1096: .Fl issuer_checks ,
! 1097: .Fl policy ,
! 1098: .Fl policy_check ,
! 1099: .Fl purpose ,
! 1100: .Fl x509_strict
! 1101: .Xc
! 1102: Set various certificate chain validation options.
! 1103: See the
! 1104: .Nm verify
! 1105: command for details.
! 1106: .It Fl content Ar file
! 1107: A file containing the detached content.
! 1108: This is only useful with the
! 1109: .Fl verify
! 1110: command.
! 1111: This is only usable if the CMS structure is using the detached signature
! 1112: form where the content is not included.
! 1113: This option will override any content if the input format is S/MIME and
! 1114: it uses the multipart/signed MIME content type.
! 1115: .It Fl crlfeol
! 1116: Output a S/MIME message with CR/LF end of line.
! 1117: .It Fl debug_decrypt
! 1118: Set the CMS_DEBUG_DECRYPT flag when decrypting.
! 1119: This option should be used with caution, since this can be used to disable
! 1120: the MMA attack protection and return an error if no recipient can be found.
! 1121: See the
! 1122: .Xr CMS_decrypt 3
! 1123: manual page for details of the flag.
! 1124: .It Xo
! 1125: .Fl from Ar addr ,
! 1126: .Fl subject Ar s ,
! 1127: .Fl to Ar addr
! 1128: .Xc
! 1129: The relevant mail headers.
! 1130: These are included outside the signed portion of a message so they may
! 1131: be included manually.
! 1132: If signing then many S/MIME mail clients check the signer's certificate's
! 1133: email address matches that specified in the From: address.
! 1134: .It Fl econtent_type Ar type
! 1135: Set the encapsulated content type, used with
! 1136: .Fl sign .
! 1137: If not supplied the Data type is used.
! 1138: The type argument can be any valid OID name in either text or numerical format.
! 1139: .It Fl in Ar file
! 1140: The input message to be encrypted or signed or the message to be decrypted or
! 1141: verified.
! 1142: .It Fl inform Cm der | pem | smime
! 1143: The input format for the CMS structure.
! 1144: The default is
! 1145: .Cm smime ,
! 1146: which reads an S/MIME format message.
! 1147: .Cm pem
! 1148: and
! 1149: .Cm der
! 1150: format change this to expect PEM and DER format CMS structures instead.
! 1151: This currently only affects the input format of the CMS structure; if no
! 1152: CMS structure is being input (for example with
! 1153: .Fl encrypt
! 1154: or
! 1155: .Fl sign )
! 1156: this option has no effect.
! 1157: .It Fl inkey Ar file
! 1158: The private key to use when signing or decrypting.
! 1159: This must match the corresponding certificate.
! 1160: If this option is not specified then the private key must be included in
! 1161: the certificate file specified with the
! 1162: .Fl recip
! 1163: or
! 1164: .Fl signer
! 1165: file.
! 1166: When signing this option can be used multiple times to specify successive keys.
! 1167: .It Fl keyform Cm der | pem
! 1168: Input private key format.
! 1169: The default is
! 1170: .Cm pem .
! 1171: .It Fl keyid
! 1172: Use subject key identifier to identify certificates instead of issuer
! 1173: name and serial number.
! 1174: The supplied certificate must include a subject key identifier extension.
! 1175: Supported by
! 1176: .Fl sign
! 1177: and
! 1178: .Fl encrypt
! 1179: operations.
! 1180: .It Fl keyopt Ar nm:v
! 1181: Set customised parameters for the preceding key or certificate
! 1182: for encryption and signing.
! 1183: It can currently be used to set RSA-PSS for signing, RSA-OAEP for
! 1184: encryption or to modify default parameters for ECDH.
! 1185: This option can be used multiple times.
! 1186: .It Fl md Ar digest
! 1187: The digest algorithm to use when signing or resigning.
! 1188: If not present then the default digest algorithm for the signing key
! 1189: will be used (usually SHA1).
! 1190: .It Fl no_attr_verify
! 1191: Do not verify the signer's attribute of a signature.
! 1192: .It Fl no_content_verify
! 1193: Do not verify the content of a signed message.
! 1194: .It Fl no_signer_cert_verify
! 1195: Do not verify the signer's certificate of a signed message.
! 1196: .It Fl noattr
! 1197: Do not include attributes.
! 1198: Normally when a message is signed a set of attributes are included which
! 1199: include the signing time and supported symmetric algorithms.
! 1200: With this option they are not included.
! 1201: .It Fl nocerts
! 1202: Do not include the signer's certificate.
! 1203: This will reduce the size of the signed message but the verifier must
! 1204: have a copy of the signer's certificate available locally (passed using
! 1205: the
! 1206: .Fl certfile
! 1207: option for example).
! 1208: .It Fl nodetach
! 1209: When signing a message use opaque signing.
! 1210: This form is more resistant to translation by mail relays but it cannot be
! 1211: read by mail agents that do not support S/MIME.
! 1212: Without this option cleartext signing with the MIME type multipart/signed is
! 1213: used.
! 1214: .It Fl nointern
! 1215: Only the certificates specified in the
! 1216: .Fl certfile
! 1217: option are used.
! 1218: When verifying a message normally certificates (if any) included in the
! 1219: message are searched for the signing certificate.
! 1220: The supplied certificates can still be used as untrusted CAs however.
! 1221: .It Fl nooldmime
! 1222: Output an old S/MIME content type like "application/x-pkcs7-".
! 1223: .It Fl noout
! 1224: Do not output the parsed CMS structure for the
! 1225: .Fl cmsout
! 1226: operation.
! 1227: This is useful when combined with the
! 1228: .Fl print
! 1229: option or if the syntax of the CMS structure is being checked.
! 1230: .It Fl nosigs
! 1231: Do not try to verify the signatures on the message.
! 1232: .It Fl nosmimecap
! 1233: Exclude the list of supported algorithms from signed attributes; other
! 1234: options such as signing time and content type are still included.
! 1235: .It Fl noverify
! 1236: Do not verify the signer's certificate of a signed message.
! 1237: .It Fl out Ar file
! 1238: The message text that has been decrypted or verified or the output MIME
! 1239: format message that has been signed or verified.
! 1240: .It Fl outform Cm der | pem | smime
! 1241: This specifies the output format for the CMS structure.
! 1242: The default is
! 1243: .Cm smime ,
! 1244: which writes an S/MIME format message.
! 1245: .Cm pem
! 1246: and
! 1247: .Cm der
! 1248: format change this to write PEM and DER format CMS structures instead.
! 1249: This currently only affects the output format of the CMS structure; if
! 1250: no CMS structure is being output (for example with
! 1251: .Fl verify
! 1252: or
! 1253: .Fl decrypt )
! 1254: this option has no effect.
! 1255: .It Fl passin Ar src
! 1256: The private key password source.
! 1257: .It Fl print
! 1258: Print out all fields of the CMS structure for the
! 1259: .Fl cmsout
! 1260: operation.
! 1261: This is mainly useful for testing purposes.
! 1262: .It Fl pwri_password Ar arg
! 1263: Specify PasswordRecipientInfo (PWRI) password to use.
! 1264: Supported by the
! 1265: .Fl encrypt
! 1266: and
! 1267: .Fl decrypt
! 1268: operations.
! 1269: .It Fl rctform Cm der | pem | smime
! 1270: Specify the format for a signed receipt for use with the
! 1271: .Fl receipt_verify
! 1272: operation.
! 1273: The default is
! 1274: .Cm smime .
! 1275: .It Fl receipt_request_all | receipt_request_first
! 1276: Indicate requests should be provided by all recipient or first tier
! 1277: recipients (those mailed directly and not from a mailing list), for the
! 1278: .Fl sign
! 1279: operation to include a signed receipt request.
! 1280: Ignored if
! 1281: .Fl receipt_request_from
! 1282: is included.
! 1283: .It Fl receipt_request_from Ar addr
! 1284: Add an explicit email address where receipts should be supplied.
! 1285: .It Fl receipt_request_print
! 1286: Print out the contents of any signed receipt requests for the
! 1287: .Fl verify
! 1288: operation.
! 1289: .It Fl receipt_request_to Ar addr
! 1290: Add an explicit email address where signed receipts should be sent to.
! 1291: This option must be supplied if a signed receipt is requested.
! 1292: .It Fl recip Ar file
! 1293: When decrypting a message this specifies the recipient's certificate.
! 1294: The certificate must match one of the recipients of the message or an
! 1295: error occurs.
! 1296: When encrypting a message this option may be used multiple times to
! 1297: specify each recipient.
! 1298: This form must be used if customised parameters are required (for example to
! 1299: specify RSA-OAEP).
! 1300: Only certificates carrying RSA, Diffie-Hellman or EC keys are supported
! 1301: by this option.
! 1302: .It Fl secretkey Ar key
! 1303: Specify symmetric key to use.
! 1304: The key must be supplied in hex format and be consistent with the
! 1305: algorithm used.
! 1306: Supported by the
! 1307: .Fl EncryptedData_encrypt ,
! 1308: .Fl EncryptedData_decrypt ,
! 1309: .Fl encrypt
! 1310: and
! 1311: .Fl decrypt
! 1312: operations.
! 1313: When used with
! 1314: .Fl encrypt
! 1315: or
! 1316: .Fl decrypt
! 1317: the supplied key is used to wrap or unwrap the content encryption key
! 1318: using an AES key in the KEKRecipientInfo type.
! 1319: .It Fl secretkeyid Ar id
! 1320: The key identifier for the supplied symmetric key for KEKRecipientInfo type.
! 1321: This option must be present if the
! 1322: .Fl secretkey
! 1323: option is used with
! 1324: .Fl encrypt .
! 1325: With
! 1326: .Fl decrypt
! 1327: operations the id is used to locate the relevant key; if it is not supplied
! 1328: then an attempt is used to decrypt any KEKRecipientInfo structures.
! 1329: .It Fl signer Ar file
! 1330: A signing certificate when signing or resigning a message; this option
! 1331: can be used multiple times if more than one signer is required.
! 1332: If a message is being verified then the signers certificates will be
! 1333: written to this file if the verification was successful.
! 1334: .It Xo
! 1335: .Fl stream |
! 1336: .Fl indef |
! 1337: .Fl noindef
! 1338: .Xc
! 1339: The
! 1340: .Fl stream
! 1341: and
! 1342: .Fl indef
! 1343: options are equivalent and enable streaming I/O for encoding operations.
! 1344: This permits single pass processing of data without the need to hold the
! 1345: entire contents in memory, potentially supporting very large files.
! 1346: Streaming is automatically set for S/MIME signing with detached data if
! 1347: the output format is
! 1348: .Cm smime ;
! 1349: it is currently off by default for all other operations.
! 1350: .Fl noindef
! 1351: disable streaming I/O where it would produce an indefinite length
! 1352: constructed encoding.
! 1353: This option currently has no effect.
! 1354: .It Fl text
! 1355: Add plain text (text/plain) MIME headers to the supplied message if
! 1356: encrypting or signing.
! 1357: If decrypting or verifying it strips off text headers: if the decrypted
! 1358: or verified message is not of MIME type text/plain then an error occurs.
! 1359: .It Fl verify_retcode
! 1360: Set verification error code to exit code to indicate what verification error
! 1361: has occurred.
! 1362: Supported by
! 1363: .Fl verify
! 1364: operation only.
! 1365: Exit code value minus 32 shows verification error code.
! 1366: See
! 1367: .Nm verify
! 1368: command for the list of verification error code.
! 1369: .El
! 1370: .Pp
! 1371: The exit codes for
! 1372: .Nm cms
! 1373: are as follows:
! 1374: .Pp
! 1375: .Bl -tag -width "XXXX" -offset 3n -compact
! 1376: .It 0
! 1377: The operation was completely successful.
! 1378: .It 1
! 1379: An error occurred parsing the command options.
! 1380: .It 2
! 1381: One of the input files could not be read.
! 1382: .It 3
! 1383: An error occurred creating the CMS file or when reading the MIME message.
! 1384: .It 4
! 1385: An error occurred decrypting or verifying the message.
! 1386: .It 5
! 1387: The message was verified correctly but an error occurred writing out the
! 1388: signer's certificates.
! 1389: .It 6
! 1390: An error occurred writing the output file.
! 1391: .It 32+
! 1392: A verify error occurred while
! 1393: .Fl verify_retcode
! 1394: is specified.
1.1 jsing 1395: .El
1396: .Sh CRL
1.114 jmc 1397: .Bl -hang -width "openssl crl"
1398: .It Nm openssl crl
1399: .Bk -words
1.1 jsing 1400: .Op Fl CAfile Ar file
1401: .Op Fl CApath Ar dir
1.104 inoguchi 1402: .Op Fl crlnumber
1.1 jsing 1403: .Op Fl fingerprint
1404: .Op Fl hash
1.104 inoguchi 1405: .Op Fl hash_old
1.1 jsing 1406: .Op Fl in Ar file
1.38 jmc 1407: .Op Fl inform Cm der | pem
1.1 jsing 1408: .Op Fl issuer
1409: .Op Fl lastupdate
1.104 inoguchi 1410: .Op Fl nameopt Ar option
1.1 jsing 1411: .Op Fl nextupdate
1412: .Op Fl noout
1413: .Op Fl out Ar file
1.38 jmc 1414: .Op Fl outform Cm der | pem
1.1 jsing 1415: .Op Fl text
1.104 inoguchi 1416: .Op Fl verify
1.114 jmc 1417: .Ek
1418: .El
1.1 jsing 1419: .Pp
1420: The
1421: .Nm crl
1422: command processes CRL files in DER or PEM format.
1.37 jmc 1423: .Pp
1.1 jsing 1424: The options are as follows:
1425: .Bl -tag -width Ds
1426: .It Fl CAfile Ar file
1427: Verify the signature on a CRL by looking up the issuing certificate in
1428: .Ar file .
1429: .It Fl CApath Ar directory
1430: Verify the signature on a CRL by looking up the issuing certificate in
1431: .Ar dir .
1432: This directory must be a standard certificate directory,
1433: i.e. a hash of each subject name (using
1434: .Cm x509 Fl hash )
1435: should be linked to each certificate.
1.104 inoguchi 1436: .It Fl crlnumber
1437: Print the CRL number.
1.1 jsing 1438: .It Fl fingerprint
1439: Print the CRL fingerprint.
1440: .It Fl hash
1441: Output a hash of the issuer name.
1442: This can be used to look up CRLs in a directory by issuer name.
1.104 inoguchi 1443: .It Fl hash_old
1444: Output an old-style (MD5) hash of the issuer name.
1.1 jsing 1445: .It Fl in Ar file
1.37 jmc 1446: The input file to read from, or standard input if not specified.
1.38 jmc 1447: .It Fl inform Cm der | pem
1.37 jmc 1448: The input format.
1.1 jsing 1449: .It Fl issuer
1450: Output the issuer name.
1451: .It Fl lastupdate
1452: Output the
1.37 jmc 1453: .Cm lastUpdate
1.1 jsing 1454: field.
1.104 inoguchi 1455: .It Fl nameopt Ar option
1456: Specify certificate name options.
1.1 jsing 1457: .It Fl nextupdate
1458: Output the
1.37 jmc 1459: .Cm nextUpdate
1.1 jsing 1460: field.
1461: .It Fl noout
1.46 jmc 1462: Do not output the encoded version of the CRL.
1.1 jsing 1463: .It Fl out Ar file
1.37 jmc 1464: The output file to write to, or standard output if not specified.
1.38 jmc 1465: .It Fl outform Cm der | pem
1.37 jmc 1466: The output format.
1.1 jsing 1467: .It Fl text
1.64 jmc 1468: Print the CRL in plain text.
1.104 inoguchi 1469: .It Fl verify
1470: Verify the signature on the CRL.
1.1 jsing 1471: .El
1472: .Sh CRL2PKCS7
1.114 jmc 1473: .Bl -hang -width "openssl crl2pkcs7"
1474: .It Nm openssl crl2pkcs7
1475: .Bk -words
1.1 jsing 1476: .Op Fl certfile Ar file
1477: .Op Fl in Ar file
1.40 jmc 1478: .Op Fl inform Cm der | pem
1.1 jsing 1479: .Op Fl nocrl
1480: .Op Fl out Ar file
1.40 jmc 1481: .Op Fl outform Cm der | pem
1.114 jmc 1482: .Ek
1483: .El
1.1 jsing 1484: .Pp
1485: The
1486: .Nm crl2pkcs7
1487: command takes an optional CRL and one or more
1488: certificates and converts them into a PKCS#7 degenerate
1489: .Qq certificates only
1490: structure.
1491: .Pp
1492: The options are as follows:
1493: .Bl -tag -width Ds
1494: .It Fl certfile Ar file
1.40 jmc 1495: Add the certificates in PEM
1.1 jsing 1496: .Ar file
1.40 jmc 1497: to the PKCS#7 structure.
1498: This option can be used more than once
1499: to read certificates from multiple files.
1.1 jsing 1500: .It Fl in Ar file
1.40 jmc 1501: Read the CRL from
1502: .Ar file ,
1503: or standard input if not specified.
1504: .It Fl inform Cm der | pem
1.64 jmc 1505: The input format.
1.1 jsing 1506: .It Fl nocrl
1507: Normally, a CRL is included in the output file.
1508: With this option, no CRL is
1509: included in the output file and a CRL is not read from the input file.
1510: .It Fl out Ar file
1.40 jmc 1511: Write the PKCS#7 structure to
1512: .Ar file ,
1513: or standard output if not specified.
1514: .It Fl outform Cm der | pem
1.64 jmc 1515: The output format.
1.1 jsing 1516: .El
1517: .Sh DGST
1.114 jmc 1518: .Bl -hang -width "openssl dgst"
1519: .It Nm openssl dgst
1520: .Bk -words
1.105 inoguchi 1521: .Op Fl cdr
1.1 jsing 1522: .Op Fl binary
1.43 jmc 1523: .Op Fl Ar digest
1.1 jsing 1524: .Op Fl hex
1525: .Op Fl hmac Ar key
1.43 jmc 1526: .Op Fl keyform Cm pem
1.1 jsing 1527: .Op Fl mac Ar algorithm
1528: .Op Fl macopt Ar nm : Ns Ar v
1529: .Op Fl out Ar file
1530: .Op Fl passin Ar arg
1531: .Op Fl prverify Ar file
1532: .Op Fl sign Ar file
1533: .Op Fl signature Ar file
1534: .Op Fl sigopt Ar nm : Ns Ar v
1535: .Op Fl verify Ar file
1536: .Op Ar
1.114 jmc 1537: .Ek
1538: .El
1.1 jsing 1539: .Pp
1540: The digest functions output the message digest of a supplied
1541: .Ar file
1542: or
1543: .Ar files
1544: in hexadecimal form.
1545: They can also be used for digital signing and verification.
1546: .Pp
1547: The options are as follows:
1548: .Bl -tag -width Ds
1549: .It Fl binary
1550: Output the digest or signature in binary form.
1551: .It Fl c
1.48 jmc 1552: Print the digest in two-digit groups separated by colons.
1.1 jsing 1553: .It Fl d
1.48 jmc 1554: Print BIO debugging information.
1.43 jmc 1555: .It Fl Ar digest
1556: Use the specified message
1557: .Ar digest .
1.98 naddy 1558: The default is SHA256.
1.43 jmc 1559: The available digests can be displayed using
1560: .Nm openssl
1561: .Cm list-message-digest-commands .
1562: The following are equivalent:
1563: .Nm openssl dgst
1.98 naddy 1564: .Fl sha256
1.43 jmc 1565: and
1566: .Nm openssl
1.98 naddy 1567: .Cm sha256 .
1.1 jsing 1568: .It Fl hex
1569: Digest is to be output as a hex dump.
1570: This is the default case for a
1571: .Qq normal
1572: digest as opposed to a digital signature.
1573: .It Fl hmac Ar key
1574: Create a hashed MAC using
1575: .Ar key .
1.43 jmc 1576: .It Fl keyform Cm pem
1.1 jsing 1577: Specifies the key format to sign the digest with.
1578: .It Fl mac Ar algorithm
1579: Create a keyed Message Authentication Code (MAC).
1580: The most popular MAC algorithm is HMAC (hash-based MAC),
1581: but there are other MAC algorithms which are not based on hash.
1582: MAC keys and other options should be set via the
1583: .Fl macopt
1584: parameter.
1585: .It Fl macopt Ar nm : Ns Ar v
1586: Passes options to the MAC algorithm, specified by
1587: .Fl mac .
1588: The following options are supported by HMAC:
1589: .Bl -tag -width Ds
1.43 jmc 1590: .It Cm key : Ns Ar string
1.1 jsing 1591: Specifies the MAC key as an alphanumeric string
1592: (use if the key contain printable characters only).
1593: String length must conform to any restrictions of the MAC algorithm.
1.43 jmc 1594: .It Cm hexkey : Ns Ar string
1.1 jsing 1595: Specifies the MAC key in hexadecimal form (two hex digits per byte).
1596: Key length must conform to any restrictions of the MAC algorithm.
1597: .El
1598: .It Fl out Ar file
1.43 jmc 1599: The output file to write to,
1600: or standard output if not specified.
1.1 jsing 1601: .It Fl passin Ar arg
1602: The key password source.
1603: .It Fl prverify Ar file
1604: Verify the signature using the private key in
1605: .Ar file .
1606: The output is either
1607: .Qq Verification OK
1608: or
1609: .Qq Verification Failure .
1.105 inoguchi 1610: .It Fl r
1611: Print the digest in coreutils format.
1.1 jsing 1612: .It Fl sign Ar file
1613: Digitally sign the digest using the private key in
1614: .Ar file .
1615: .It Fl signature Ar file
1616: The actual signature to verify.
1617: .It Fl sigopt Ar nm : Ns Ar v
1618: Pass options to the signature algorithm during sign or verify operations.
1619: The names and values of these options are algorithm-specific.
1620: .It Fl verify Ar file
1621: Verify the signature using the public key in
1622: .Ar file .
1623: The output is either
1624: .Qq Verification OK
1625: or
1626: .Qq Verification Failure .
1627: .It Ar
1628: File or files to digest.
1629: If no files are specified then standard input is used.
1630: .El
1631: .Sh DHPARAM
1.114 jmc 1632: .Bl -hang -width "openssl dhparam"
1633: .It Nm openssl dhparam
1634: .Bk -words
1.1 jsing 1635: .Op Fl 2 | 5
1636: .Op Fl C
1637: .Op Fl check
1638: .Op Fl dsaparam
1639: .Op Fl in Ar file
1.44 jmc 1640: .Op Fl inform Cm der | pem
1.1 jsing 1641: .Op Fl noout
1642: .Op Fl out Ar file
1.44 jmc 1643: .Op Fl outform Cm der | pem
1.1 jsing 1644: .Op Fl text
1645: .Op Ar numbits
1.114 jmc 1646: .Ek
1647: .El
1.1 jsing 1648: .Pp
1649: The
1650: .Nm dhparam
1651: command is used to manipulate DH parameter files.
1.44 jmc 1652: Only the older PKCS#3 DH is supported,
1653: not the newer X9.42 DH.
1.1 jsing 1654: .Pp
1655: The options are as follows:
1656: .Bl -tag -width Ds
1657: .It Fl 2 , 5
1.44 jmc 1658: The generator to use;
1.1 jsing 1659: 2 is the default.
1660: If present, the input file is ignored and parameters are generated instead.
1661: .It Fl C
1.44 jmc 1662: Convert the parameters into C code.
1.1 jsing 1663: The parameters can then be loaded by calling the
1.44 jmc 1664: .No get_dh Ns Ar numbits
1.1 jsing 1665: function.
1666: .It Fl check
1667: Check the DH parameters.
1668: .It Fl dsaparam
1.44 jmc 1669: Read or create DSA parameters,
1670: converted to DH format on output.
1.1 jsing 1671: Otherwise,
1672: .Qq strong
1673: primes
1674: .Pq such that (p-1)/2 is also prime
1675: will be used for DH parameter generation.
1676: .Pp
1677: DH parameter generation with the
1678: .Fl dsaparam
1679: option is much faster,
1680: and the recommended exponent length is shorter,
1681: which makes DH key exchange more efficient.
1682: Beware that with such DSA-style DH parameters,
1683: a fresh DH key should be created for each use to
1684: avoid small-subgroup attacks that may be possible otherwise.
1685: .It Fl in Ar file
1.44 jmc 1686: The input file to read from,
1687: or standard input if not specified.
1688: .It Fl inform Cm der | pem
1689: The input format.
1.1 jsing 1690: .It Fl noout
1.46 jmc 1691: Do not output the encoded version of the parameters.
1.44 jmc 1692: .It Fl out Ar file
1693: The output file to write to,
1694: or standard output if not specified.
1695: .It Fl outform Cm der | pem
1696: The output format.
1697: .It Fl text
1.64 jmc 1698: Print the DH parameters in plain text.
1.1 jsing 1699: .It Ar numbits
1.44 jmc 1700: Generate a parameter set of size
1.1 jsing 1701: .Ar numbits .
1702: It must be the last option.
1.16 sthen 1703: If not present, a value of 2048 is used.
1.1 jsing 1704: If this value is present, the input file is ignored and
1705: parameters are generated instead.
1706: .El
1707: .Sh DSA
1.114 jmc 1708: .Bl -hang -width "openssl dsa"
1709: .It Nm openssl dsa
1710: .Bk -words
1.1 jsing 1711: .Oo
1712: .Fl aes128 | aes192 | aes256 |
1713: .Fl des | des3
1714: .Oc
1715: .Op Fl in Ar file
1.108 inoguchi 1716: .Op Fl inform Cm der | pem | pvk
1.1 jsing 1717: .Op Fl modulus
1718: .Op Fl noout
1719: .Op Fl out Ar file
1.108 inoguchi 1720: .Op Fl outform Cm der | pem | pvk
1.1 jsing 1721: .Op Fl passin Ar arg
1722: .Op Fl passout Ar arg
1723: .Op Fl pubin
1724: .Op Fl pubout
1.108 inoguchi 1725: .Op Fl pvk-none | pvk-strong | pvk-weak
1.1 jsing 1726: .Op Fl text
1.114 jmc 1727: .Ek
1728: .El
1.1 jsing 1729: .Pp
1730: The
1731: .Nm dsa
1732: command processes DSA keys.
1733: They can be converted between various forms and their components printed out.
1734: .Pp
1735: .Sy Note :
1736: This command uses the traditional
1737: .Nm SSLeay
1738: compatible format for private key encryption:
1739: newer applications should use the more secure PKCS#8 format using the
1740: .Nm pkcs8
1741: command.
1742: .Pp
1743: The options are as follows:
1744: .Bl -tag -width Ds
1745: .It Xo
1746: .Fl aes128 | aes192 | aes256 |
1747: .Fl des | des3
1748: .Xc
1.45 jmc 1749: Encrypt the private key with the AES, DES, or the triple DES
1.1 jsing 1750: ciphers, respectively, before outputting it.
1751: A pass phrase is prompted for.
1.45 jmc 1752: If none of these options are specified, the key is written in plain text.
1.1 jsing 1753: This means that using the
1754: .Nm dsa
1.45 jmc 1755: utility to read an encrypted key with no encryption option can be used to
1.1 jsing 1756: remove the pass phrase from a key,
1.45 jmc 1757: or by setting the encryption options it can be used to add or change
1.1 jsing 1758: the pass phrase.
1759: These options can only be used with PEM format output files.
1760: .It Fl in Ar file
1.45 jmc 1761: The input file to read from,
1762: or standard input if not specified.
1.1 jsing 1763: If the key is encrypted, a pass phrase will be prompted for.
1.108 inoguchi 1764: .It Fl inform Cm der | pem | pvk
1.45 jmc 1765: The input format.
1.1 jsing 1766: .It Fl modulus
1.45 jmc 1767: Print the value of the public key component of the key.
1.1 jsing 1768: .It Fl noout
1.46 jmc 1769: Do not output the encoded version of the key.
1.1 jsing 1770: .It Fl out Ar file
1.45 jmc 1771: The output file to write to,
1772: or standard output if not specified.
1.1 jsing 1773: If any encryption options are set then a pass phrase will be
1774: prompted for.
1.108 inoguchi 1775: .It Fl outform Cm der | pem | pvk
1.45 jmc 1776: The output format.
1.1 jsing 1777: .It Fl passin Ar arg
1778: The key password source.
1779: .It Fl passout Ar arg
1780: The output file password source.
1781: .It Fl pubin
1.60 jmc 1782: Read in a public key, not a private key.
1.1 jsing 1783: .It Fl pubout
1.60 jmc 1784: Output a public key, not a private key.
1785: Automatically set if the input is a public key.
1.108 inoguchi 1786: .It Xo
1787: .Fl pvk-none | pvk-strong | pvk-weak
1788: .Xc
1789: Enable or disable PVK encoding.
1790: The default is
1791: .Fl pvk-strong .
1.1 jsing 1792: .It Fl text
1.64 jmc 1793: Print the public/private key in plain text.
1.1 jsing 1794: .El
1795: .Sh DSAPARAM
1.114 jmc 1796: .Bl -hang -width "openssl dsaparam"
1797: .It Nm openssl dsaparam
1798: .Bk -words
1.1 jsing 1799: .Op Fl C
1800: .Op Fl genkey
1801: .Op Fl in Ar file
1.46 jmc 1802: .Op Fl inform Cm der | pem
1.1 jsing 1803: .Op Fl noout
1804: .Op Fl out Ar file
1.46 jmc 1805: .Op Fl outform Cm der | pem
1.1 jsing 1806: .Op Fl text
1807: .Op Ar numbits
1.114 jmc 1808: .Ek
1809: .El
1.1 jsing 1810: .Pp
1811: The
1812: .Nm dsaparam
1813: command is used to manipulate or generate DSA parameter files.
1814: .Pp
1815: The options are as follows:
1816: .Bl -tag -width Ds
1817: .It Fl C
1.46 jmc 1818: Convert the parameters into C code.
1.1 jsing 1819: The parameters can then be loaded by calling the
1.46 jmc 1820: .No get_dsa Ns Ar XXX
1.1 jsing 1821: function.
1822: .It Fl genkey
1.46 jmc 1823: Generate a DSA key either using the specified or generated
1.1 jsing 1824: parameters.
1825: .It Fl in Ar file
1.46 jmc 1826: The input file to read from,
1827: or standard input if not specified.
1.1 jsing 1828: If the
1829: .Ar numbits
1.46 jmc 1830: parameter is included, then this option is ignored.
1831: .It Fl inform Cm der | pem
1832: The input format.
1.1 jsing 1833: .It Fl noout
1.46 jmc 1834: Do not output the encoded version of the parameters.
1835: .It Fl out Ar file
1836: The output file to write to,
1837: or standard output if not specified.
1838: .It Fl outform Cm der | pem
1839: The output format.
1840: .It Fl text
1.64 jmc 1841: Print the DSA parameters in plain text.
1.1 jsing 1842: .It Ar numbits
1.46 jmc 1843: Generate a parameter set of size
1.1 jsing 1844: .Ar numbits .
1.46 jmc 1845: If this option is included, the input file is ignored.
1.1 jsing 1846: .El
1847: .Sh EC
1.114 jmc 1848: .Bl -hang -width "openssl ec"
1849: .It Nm openssl ec
1850: .Bk -words
1.1 jsing 1851: .Op Fl conv_form Ar arg
1852: .Op Fl des
1853: .Op Fl des3
1854: .Op Fl in Ar file
1.47 jmc 1855: .Op Fl inform Cm der | pem
1.1 jsing 1856: .Op Fl noout
1857: .Op Fl out Ar file
1.47 jmc 1858: .Op Fl outform Cm der | pem
1.1 jsing 1859: .Op Fl param_enc Ar arg
1860: .Op Fl param_out
1861: .Op Fl passin Ar arg
1862: .Op Fl passout Ar arg
1863: .Op Fl pubin
1864: .Op Fl pubout
1865: .Op Fl text
1.114 jmc 1866: .Ek
1867: .El
1.1 jsing 1868: .Pp
1869: The
1870: .Nm ec
1871: command processes EC keys.
1872: They can be converted between various
1873: forms and their components printed out.
1.47 jmc 1874: .Nm openssl
1.1 jsing 1875: uses the private key format specified in
1876: .Dq SEC 1: Elliptic Curve Cryptography
1877: .Pq Lk http://www.secg.org/ .
1878: To convert an
1879: EC private key into the PKCS#8 private key format use the
1880: .Nm pkcs8
1881: command.
1882: .Pp
1883: The options are as follows:
1884: .Bl -tag -width Ds
1885: .It Fl conv_form Ar arg
1.47 jmc 1886: Specify how the points on the elliptic curve are converted
1.1 jsing 1887: into octet strings.
1888: Possible values are:
1.95 tb 1889: .Cm compressed ,
1890: .Cm uncompressed
1.47 jmc 1891: (the default),
1.1 jsing 1892: and
1893: .Cm hybrid .
1894: For more information regarding
1.47 jmc 1895: the point conversion forms see the X9.62 standard.
1.1 jsing 1896: Note:
1897: Due to patent issues the
1898: .Cm compressed
1899: option is disabled by default for binary curves
1900: and can be enabled by defining the preprocessor macro
1.47 jmc 1901: .Dv OPENSSL_EC_BIN_PT_COMP
1.1 jsing 1902: at compile time.
1903: .It Fl des | des3
1.47 jmc 1904: Encrypt the private key with DES, triple DES, or
1.1 jsing 1905: any other cipher supported by
1.47 jmc 1906: .Nm openssl .
1.1 jsing 1907: A pass phrase is prompted for.
1908: If none of these options is specified the key is written in plain text.
1909: This means that using the
1910: .Nm ec
1911: utility to read in an encrypted key with no
1912: encryption option can be used to remove the pass phrase from a key,
1913: or by setting the encryption options
1.83 naddy 1914: it can be used to add or change the pass phrase.
1.1 jsing 1915: These options can only be used with PEM format output files.
1916: .It Fl in Ar file
1.47 jmc 1917: The input file to read a key from,
1918: or standard input if not specified.
1.1 jsing 1919: If the key is encrypted a pass phrase will be prompted for.
1.47 jmc 1920: .It Fl inform Cm der | pem
1921: The input format.
1.1 jsing 1922: .It Fl noout
1.47 jmc 1923: Do not output the encoded version of the key.
1.1 jsing 1924: .It Fl out Ar file
1.47 jmc 1925: The output filename to write to,
1926: or standard output if not specified.
1.1 jsing 1927: If any encryption options are set then a pass phrase will be prompted for.
1.47 jmc 1928: .It Fl outform Cm der | pem
1929: The output format.
1.1 jsing 1930: .It Fl param_enc Ar arg
1.47 jmc 1931: Specify how the elliptic curve parameters are encoded.
1.1 jsing 1932: Possible value are:
1933: .Cm named_curve ,
1934: i.e. the EC parameters are specified by an OID; or
1935: .Cm explicit ,
1936: where the EC parameters are explicitly given
1937: (see RFC 3279 for the definition of the EC parameter structures).
1938: The default value is
1939: .Cm named_curve .
1940: Note: the
1941: .Cm implicitlyCA
1942: alternative,
1943: as specified in RFC 3279,
1.47 jmc 1944: is currently not implemented.
1.106 inoguchi 1945: .It Fl param_out
1946: Print the elliptic curve parameters.
1.1 jsing 1947: .It Fl passin Ar arg
1948: The key password source.
1949: .It Fl passout Ar arg
1950: The output file password source.
1951: .It Fl pubin
1.60 jmc 1952: Read in a public key, not a private key.
1.1 jsing 1953: .It Fl pubout
1.60 jmc 1954: Output a public key, not a private key.
1955: Automatically set if the input is a public key.
1.1 jsing 1956: .It Fl text
1.64 jmc 1957: Print the public/private key in plain text.
1.1 jsing 1958: .El
1959: .Sh ECPARAM
1.114 jmc 1960: .Bl -hang -width "openssl ecparam"
1961: .It Nm openssl ecparam
1962: .Bk -words
1.1 jsing 1963: .Op Fl C
1964: .Op Fl check
1965: .Op Fl conv_form Ar arg
1966: .Op Fl genkey
1967: .Op Fl in Ar file
1.48 jmc 1968: .Op Fl inform Cm der | pem
1.1 jsing 1969: .Op Fl list_curves
1970: .Op Fl name Ar arg
1971: .Op Fl no_seed
1972: .Op Fl noout
1973: .Op Fl out Ar file
1.48 jmc 1974: .Op Fl outform Cm der | pem
1.1 jsing 1975: .Op Fl param_enc Ar arg
1976: .Op Fl text
1.114 jmc 1977: .Ek
1978: .El
1.1 jsing 1979: .Pp
1.48 jmc 1980: The
1981: .Nm ecparam
1982: command is used to manipulate or generate EC parameter files.
1983: .Nm openssl
1984: is not able to generate new groups so
1985: .Nm ecparam
1986: can only create EC parameters from known (named) curves.
1987: .Pp
1.1 jsing 1988: The options are as follows:
1989: .Bl -tag -width Ds
1990: .It Fl C
1991: Convert the EC parameters into C code.
1992: The parameters can then be loaded by calling the
1.48 jmc 1993: .No get_ec_group_ Ns Ar XXX
1.1 jsing 1994: function.
1995: .It Fl check
1996: Validate the elliptic curve parameters.
1997: .It Fl conv_form Ar arg
1998: Specify how the points on the elliptic curve are converted
1999: into octet strings.
2000: Possible values are:
1.95 tb 2001: .Cm compressed ,
2002: .Cm uncompressed
1.48 jmc 2003: (the default),
1.1 jsing 2004: and
2005: .Cm hybrid .
2006: For more information regarding
1.48 jmc 2007: the point conversion forms see the X9.62 standard.
1.1 jsing 2008: Note:
2009: Due to patent issues the
2010: .Cm compressed
2011: option is disabled by default for binary curves
2012: and can be enabled by defining the preprocessor macro
1.48 jmc 2013: .Dv OPENSSL_EC_BIN_PT_COMP
1.1 jsing 2014: at compile time.
2015: .It Fl genkey
2016: Generate an EC private key using the specified parameters.
2017: .It Fl in Ar file
1.48 jmc 2018: The input file to read from,
2019: or standard input if not specified.
2020: .It Fl inform Cm der | pem
2021: The input format.
1.1 jsing 2022: .It Fl list_curves
1.48 jmc 2023: Print a list of all
1.1 jsing 2024: currently implemented EC parameter names and exit.
2025: .It Fl name Ar arg
1.48 jmc 2026: Use the EC parameters with the specified "short" name.
1.1 jsing 2027: .It Fl no_seed
1.48 jmc 2028: Do not include the seed for the parameter generation
2029: in the ECParameters structure (see RFC 3279).
1.1 jsing 2030: .It Fl noout
1.48 jmc 2031: Do not output the encoded version of the parameters.
1.1 jsing 2032: .It Fl out Ar file
1.48 jmc 2033: The output file to write to,
2034: or standard output if not specified.
2035: .It Fl outform Cm der | pem
2036: The output format.
1.1 jsing 2037: .It Fl param_enc Ar arg
1.48 jmc 2038: Specify how the elliptic curve parameters are encoded.
1.1 jsing 2039: Possible value are:
2040: .Cm named_curve ,
2041: i.e. the EC parameters are specified by an OID, or
2042: .Cm explicit ,
2043: where the EC parameters are explicitly given
2044: (see RFC 3279 for the definition of the EC parameter structures).
2045: The default value is
2046: .Cm named_curve .
2047: Note: the
2048: .Cm implicitlyCA
2049: alternative, as specified in RFC 3279,
1.48 jmc 2050: is currently not implemented.
1.1 jsing 2051: .It Fl text
1.64 jmc 2052: Print the EC parameters in plain text.
1.1 jsing 2053: .El
2054: .Sh ENC
1.114 jmc 2055: .Bl -hang -width "openssl enc"
2056: .It Nm openssl enc
2057: .Bk -words
1.1 jsing 2058: .Fl ciphername
1.106 inoguchi 2059: .Op Fl AadePpv
1.1 jsing 2060: .Op Fl base64
2061: .Op Fl bufsize Ar number
2062: .Op Fl debug
2063: .Op Fl in Ar file
1.97 jmc 2064: .Op Fl iter Ar iterations
1.1 jsing 2065: .Op Fl iv Ar IV
2066: .Op Fl K Ar key
2067: .Op Fl k Ar password
2068: .Op Fl kfile Ar file
2069: .Op Fl md Ar digest
2070: .Op Fl none
2071: .Op Fl nopad
2072: .Op Fl nosalt
2073: .Op Fl out Ar file
2074: .Op Fl pass Ar arg
1.96 beck 2075: .Op Fl pbkdf2
1.1 jsing 2076: .Op Fl S Ar salt
2077: .Op Fl salt
1.114 jmc 2078: .Ek
2079: .El
1.1 jsing 2080: .Pp
2081: The symmetric cipher commands allow data to be encrypted or decrypted
2082: using various block and stream ciphers using keys based on passwords
2083: or explicitly provided.
2084: Base64 encoding or decoding can also be performed either by itself
2085: or in addition to the encryption or decryption.
1.49 jmc 2086: The program can be called either as
2087: .Nm openssl Ar ciphername
2088: or
2089: .Nm openssl enc - Ns Ar ciphername .
2090: .Pp
2091: Some of the ciphers do not have large keys and others have security
2092: implications if not used correctly.
2093: All the block ciphers normally use PKCS#5 padding,
2094: also known as standard block padding.
2095: If padding is disabled, the input data must be a multiple of the cipher
2096: block length.
1.1 jsing 2097: .Pp
2098: The options are as follows:
2099: .Bl -tag -width Ds
2100: .It Fl A
2101: If the
2102: .Fl a
2103: option is set, then base64 process the data on one line.
2104: .It Fl a , base64
2105: Base64 process the data.
2106: This means that if encryption is taking place, the data is base64-encoded
2107: after encryption.
1.49 jmc 2108: If decryption is set, the input data is base64-decoded before
1.1 jsing 2109: being decrypted.
2110: .It Fl bufsize Ar number
2111: Set the buffer size for I/O.
2112: .It Fl d
2113: Decrypt the input data.
2114: .It Fl debug
2115: Debug the BIOs used for I/O.
2116: .It Fl e
1.49 jmc 2117: Encrypt the input data.
2118: This is the default.
1.1 jsing 2119: .It Fl in Ar file
1.49 jmc 2120: The input file to read from,
1.57 jmc 2121: or standard input if not specified.
1.97 jmc 2122: .It Fl iter Ar iterations
2123: Use the pbkdf2 key derivation function, with
2124: .Ar iterations
2125: as the number of iterations.
1.1 jsing 2126: .It Fl iv Ar IV
2127: The actual
2128: .Ar IV
2129: .Pq initialisation vector
2130: to use:
2131: this must be represented as a string comprised only of hex digits.
2132: When only the
2133: .Ar key
2134: is specified using the
2135: .Fl K
1.49 jmc 2136: option,
2137: the IV must explicitly be defined.
1.1 jsing 2138: When a password is being specified using one of the other options,
1.49 jmc 2139: the IV is generated from this password.
1.1 jsing 2140: .It Fl K Ar key
2141: The actual
2142: .Ar key
2143: to use:
2144: this must be represented as a string comprised only of hex digits.
1.49 jmc 2145: If only the key is specified,
2146: the IV must also be specified using the
1.1 jsing 2147: .Fl iv
2148: option.
2149: When both a
2150: .Ar key
2151: and a
2152: .Ar password
2153: are specified, the
2154: .Ar key
2155: given with the
2156: .Fl K
1.49 jmc 2157: option will be used and the IV generated from the password will be taken.
1.1 jsing 2158: It probably does not make much sense to specify both
2159: .Ar key
2160: and
2161: .Ar password .
2162: .It Fl k Ar password
2163: The
2164: .Ar password
2165: to derive the key from.
2166: Superseded by the
2167: .Fl pass
2168: option.
2169: .It Fl kfile Ar file
2170: Read the password to derive the key from the first line of
2171: .Ar file .
2172: Superseded by the
2173: .Fl pass
2174: option.
2175: .It Fl md Ar digest
2176: Use
2177: .Ar digest
2178: to create a key from a pass phrase.
2179: .Ar digest
2180: may be one of
1.49 jmc 2181: .Cm md5
1.1 jsing 2182: or
1.49 jmc 2183: .Cm sha1 .
1.1 jsing 2184: .It Fl none
2185: Use NULL cipher (no encryption or decryption of input).
2186: .It Fl nopad
2187: Disable standard block padding.
2188: .It Fl nosalt
1.49 jmc 2189: Don't use a salt in the key derivation routines.
1.81 jmc 2190: This option should never be used
1.49 jmc 2191: since it makes it possible to perform efficient dictionary
2192: attacks on the password and to attack stream cipher encrypted data.
1.1 jsing 2193: .It Fl out Ar file
1.51 jmc 2194: The output file to write to,
1.57 jmc 2195: or standard output if not specified.
1.1 jsing 2196: .It Fl P
1.49 jmc 2197: Print out the salt, key, and IV used, then immediately exit;
1.1 jsing 2198: don't do any encryption or decryption.
2199: .It Fl p
1.49 jmc 2200: Print out the salt, key, and IV used.
1.1 jsing 2201: .It Fl pass Ar arg
2202: The password source.
1.96 beck 2203: .It Fl pbkdf2
1.97 jmc 2204: Use the pbkdf2 key derivation function, with
1.96 beck 2205: the default of 10000 iterations.
1.1 jsing 2206: .It Fl S Ar salt
2207: The actual
2208: .Ar salt
2209: to use:
2210: this must be represented as a string comprised only of hex digits.
2211: .It Fl salt
1.49 jmc 2212: Use a salt in the key derivation routines (the default).
2213: When the salt is being used
2214: the first eight bytes of the encrypted data are reserved for the salt:
2215: it is randomly generated when encrypting a file and read from the
2216: encrypted file when it is decrypted.
1.106 inoguchi 2217: .It Fl v
2218: Print extra details about the processing.
1.1 jsing 2219: .El
2220: .Sh ERRSTR
2221: .Nm openssl errstr
2222: .Op Fl stats
2223: .Ar errno ...
2224: .Pp
2225: The
2226: .Nm errstr
2227: command performs error number to error string conversion,
2228: generating a human-readable string representing the error code
2229: .Ar errno .
2230: The string is obtained through the
2231: .Xr ERR_error_string_n 3
2232: function and has the following format:
2233: .Pp
2234: .Dl error:[error code]:[library name]:[function name]:[reason string]
2235: .Pp
2236: .Bq error code
2237: is an 8-digit hexadecimal number.
2238: The remaining fields
2239: .Bq library name ,
2240: .Bq function name ,
2241: and
2242: .Bq reason string
2243: are all ASCII text.
2244: .Pp
2245: The options are as follows:
2246: .Bl -tag -width Ds
2247: .It Fl stats
2248: Print debugging statistics about various aspects of the hash table.
2249: .El
2250: .Sh GENDSA
1.114 jmc 2251: .Bl -hang -width "openssl gendsa"
2252: .It Nm openssl gendsa
2253: .Bk -words
1.1 jsing 2254: .Oo
1.102 jmc 2255: .Fl aes128 | aes192 | aes256 | camellia128 |
2256: .Fl camellia192 | camellia256 | des | des3 | idea
1.1 jsing 2257: .Oc
2258: .Op Fl out Ar file
1.101 inoguchi 2259: .Op Fl passout Ar arg
2260: .Ar paramfile
1.114 jmc 2261: .Ek
2262: .El
1.1 jsing 2263: .Pp
2264: The
2265: .Nm gendsa
2266: command generates a DSA private key from a DSA parameter file
1.51 jmc 2267: (typically generated by the
1.1 jsing 2268: .Nm openssl dsaparam
2269: command).
1.51 jmc 2270: DSA key generation is little more than random number generation so it is
2271: much quicker than,
2272: for example,
2273: RSA key generation.
1.1 jsing 2274: .Pp
2275: The options are as follows:
2276: .Bl -tag -width Ds
2277: .It Xo
2278: .Fl aes128 | aes192 | aes256 |
1.101 inoguchi 2279: .Fl camellia128 | camellia192 | camellia256 |
2280: .Fl des | des3 |
2281: .Fl idea
1.1 jsing 2282: .Xc
1.101 inoguchi 2283: Encrypt the private key with the AES, CAMELLIA, DES, triple DES
2284: or the IDEA ciphers, respectively, before outputting it.
1.1 jsing 2285: A pass phrase is prompted for.
2286: If none of these options are specified, no encryption is used.
2287: .It Fl out Ar file
1.51 jmc 2288: The output file to write to,
1.57 jmc 2289: or standard output if not specified.
1.101 inoguchi 2290: .It Fl passout Ar arg
2291: The output file password source.
1.1 jsing 2292: .It Ar paramfile
1.51 jmc 2293: Specify the DSA parameter file to use.
1.1 jsing 2294: The parameters in this file determine the size of the private key.
2295: .El
2296: .Sh GENPKEY
1.114 jmc 2297: .Bl -hang -width "openssl genpkey"
2298: .It Nm openssl genpkey
2299: .Bk -words
1.1 jsing 2300: .Op Fl algorithm Ar alg
2301: .Op Ar cipher
2302: .Op Fl genparam
2303: .Op Fl out Ar file
1.52 jmc 2304: .Op Fl outform Cm der | pem
1.1 jsing 2305: .Op Fl paramfile Ar file
2306: .Op Fl pass Ar arg
2307: .Op Fl pkeyopt Ar opt : Ns Ar value
2308: .Op Fl text
1.114 jmc 2309: .Ek
2310: .El
1.1 jsing 2311: .Pp
2312: The
2313: .Nm genpkey
2314: command generates private keys.
2315: The use of this
2316: program is encouraged over the algorithm specific utilities
1.22 bcook 2317: because additional algorithm options can be used.
1.1 jsing 2318: .Pp
2319: The options are as follows:
2320: .Bl -tag -width Ds
2321: .It Fl algorithm Ar alg
2322: The public key algorithm to use,
2323: such as RSA, DSA, or DH.
1.52 jmc 2324: This option must precede any
1.1 jsing 2325: .Fl pkeyopt
2326: options.
2327: The options
2328: .Fl paramfile
2329: and
2330: .Fl algorithm
2331: are mutually exclusive.
2332: .It Ar cipher
2333: Encrypt the private key with the supplied cipher.
2334: Any algorithm name accepted by
1.52 jmc 2335: .Xr EVP_get_cipherbyname 3
2336: is acceptable.
1.1 jsing 2337: .It Fl genparam
2338: Generate a set of parameters instead of a private key.
1.52 jmc 2339: This option must precede any
1.1 jsing 2340: .Fl algorithm ,
2341: .Fl paramfile ,
2342: or
2343: .Fl pkeyopt
2344: options.
2345: .It Fl out Ar file
1.52 jmc 2346: The output file to write to,
1.57 jmc 2347: or standard output if not specified.
1.52 jmc 2348: .It Fl outform Cm der | pem
2349: The output format.
1.1 jsing 2350: .It Fl paramfile Ar file
1.52 jmc 2351: Some public key algorithms generate a private key based on a set of parameters,
2352: which can be supplied using this option.
1.1 jsing 2353: If this option is used the public key
2354: algorithm used is determined by the parameters.
1.52 jmc 2355: This option must precede any
1.1 jsing 2356: .Fl pkeyopt
2357: options.
2358: The options
2359: .Fl paramfile
2360: and
2361: .Fl algorithm
2362: are mutually exclusive.
2363: .It Fl pass Ar arg
2364: The output file password source.
2365: .It Fl pkeyopt Ar opt : Ns Ar value
2366: Set the public key algorithm option
2367: .Ar opt
2368: to
1.52 jmc 2369: .Ar value ,
2370: as follows:
1.1 jsing 2371: .Bl -tag -width Ds -offset indent
2372: .It rsa_keygen_bits : Ns Ar numbits
2373: (RSA)
2374: The number of bits in the generated key.
1.52 jmc 2375: The default is 2048.
1.1 jsing 2376: .It rsa_keygen_pubexp : Ns Ar value
2377: (RSA)
2378: The RSA public exponent value.
2379: This can be a large decimal or hexadecimal value if preceded by 0x.
1.52 jmc 2380: The default is 65537.
1.1 jsing 2381: .It dsa_paramgen_bits : Ns Ar numbits
2382: (DSA)
2383: The number of bits in the generated parameters.
1.52 jmc 2384: The default is 1024.
1.1 jsing 2385: .It dh_paramgen_prime_len : Ns Ar numbits
2386: (DH)
2387: The number of bits in the prime parameter
2388: .Ar p .
2389: .It dh_paramgen_generator : Ns Ar value
2390: (DH)
2391: The value to use for the generator
2392: .Ar g .
2393: .It ec_paramgen_curve : Ns Ar curve
2394: (EC)
2395: The EC curve to use.
2396: .El
1.52 jmc 2397: .It Fl text
1.64 jmc 2398: Print the private/public key in plain text.
1.52 jmc 2399: .El
1.1 jsing 2400: .Sh GENRSA
1.114 jmc 2401: .Bl -hang -width "openssl genrsa"
2402: .It Nm openssl genrsa
2403: .Bk -words
1.1 jsing 2404: .Op Fl 3 | f4
1.109 inoguchi 2405: .Oo
2406: .Fl aes128 | aes192 | aes256 | camellia128 |
2407: .Fl camellia192 | camellia256 | des | des3 | idea
2408: .Oc
1.1 jsing 2409: .Op Fl out Ar file
2410: .Op Fl passout Ar arg
2411: .Op Ar numbits
1.114 jmc 2412: .Ek
2413: .El
1.1 jsing 2414: .Pp
2415: The
2416: .Nm genrsa
1.53 jmc 2417: command generates an RSA private key,
2418: which essentially involves the generation of two prime numbers.
2419: When generating the key,
2420: various symbols will be output to indicate the progress of the generation.
2421: A
2422: .Sq \&.
2423: represents each number which has passed an initial sieve test;
2424: .Sq +
2425: means a number has passed a single round of the Miller-Rabin primality test.
2426: A newline means that the number has passed all the prime tests
2427: (the actual number depends on the key size).
1.1 jsing 2428: .Pp
2429: The options are as follows:
2430: .Bl -tag -width Ds
2431: .It Fl 3 | f4
2432: The public exponent to use, either 3 or 65537.
2433: The default is 65537.
1.109 inoguchi 2434: .It Xo
2435: .Fl aes128 | aes192 | aes256 |
2436: .Fl camellia128 | camellia192 | camellia256 |
2437: .Fl des | des3 |
2438: .Fl idea
2439: .Xc
2440: Encrypt the private key with the AES, CAMELLIA, DES, triple DES
2441: or the IDEA ciphers, respectively, before outputting it.
1.1 jsing 2442: If none of these options are specified, no encryption is used.
2443: If encryption is used, a pass phrase is prompted for,
2444: if it is not supplied via the
2445: .Fl passout
2446: option.
2447: .It Fl out Ar file
1.53 jmc 2448: The output file to write to,
1.57 jmc 2449: or standard output if not specified.
1.1 jsing 2450: .It Fl passout Ar arg
2451: The output file password source.
2452: .It Ar numbits
2453: The size of the private key to generate in bits.
2454: This must be the last option specified.
2455: The default is 2048.
2456: .El
2457: .Sh NSEQ
2458: .Nm openssl nseq
2459: .Op Fl in Ar file
2460: .Op Fl out Ar file
2461: .Op Fl toseq
2462: .Pp
2463: The
2464: .Nm nseq
1.54 jmc 2465: command takes a file containing a Netscape certificate sequence
2466: (an alternative to the standard PKCS#7 format)
2467: and prints out the certificates contained in it,
2468: or takes a file of certificates
2469: and converts it into a Netscape certificate sequence.
2470: .Pp
1.1 jsing 2471: The options are as follows:
2472: .Bl -tag -width Ds
2473: .It Fl in Ar file
1.54 jmc 2474: The input file to read from,
2475: or standard input if not specified.
1.1 jsing 2476: .It Fl out Ar file
1.54 jmc 2477: The output file to write to,
2478: or standard output if not specified.
1.1 jsing 2479: .It Fl toseq
2480: Normally, a Netscape certificate sequence will be input and the output
2481: is the certificates contained in it.
2482: With the
2483: .Fl toseq
2484: option the situation is reversed:
2485: a Netscape certificate sequence is created from a file of certificates.
2486: .El
2487: .Sh OCSP
1.114 jmc 2488: .Bl -hang -width "openssl ocsp"
2489: .It Nm openssl ocsp
2490: .Bk -words
1.1 jsing 2491: .Op Fl CA Ar file
2492: .Op Fl CAfile Ar file
2493: .Op Fl CApath Ar directory
2494: .Op Fl cert Ar file
2495: .Op Fl dgst Ar alg
1.108 inoguchi 2496: .Op Fl header Ar name value
1.55 jmc 2497: .Op Fl host Ar hostname : Ns Ar port
1.108 inoguchi 2498: .Op Fl ignore_err
1.1 jsing 2499: .Op Fl index Ar indexfile
2500: .Op Fl issuer Ar file
2501: .Op Fl ndays Ar days
2502: .Op Fl nmin Ar minutes
2503: .Op Fl no_cert_checks
2504: .Op Fl no_cert_verify
2505: .Op Fl no_certs
2506: .Op Fl no_chain
1.108 inoguchi 2507: .Op Fl no_explicit
1.1 jsing 2508: .Op Fl no_intern
2509: .Op Fl no_nonce
2510: .Op Fl no_signature_verify
2511: .Op Fl nonce
2512: .Op Fl noverify
2513: .Op Fl nrequest Ar number
2514: .Op Fl out Ar file
2515: .Op Fl path Ar path
2516: .Op Fl port Ar portnum
2517: .Op Fl req_text
2518: .Op Fl reqin Ar file
2519: .Op Fl reqout Ar file
2520: .Op Fl resp_key_id
2521: .Op Fl resp_no_certs
2522: .Op Fl resp_text
2523: .Op Fl respin Ar file
2524: .Op Fl respout Ar file
2525: .Op Fl rkey Ar file
2526: .Op Fl rother Ar file
2527: .Op Fl rsigner Ar file
1.108 inoguchi 2528: .Op Fl serial Ar num
1.1 jsing 2529: .Op Fl sign_other Ar file
2530: .Op Fl signer Ar file
2531: .Op Fl signkey Ar file
2532: .Op Fl status_age Ar age
2533: .Op Fl text
1.108 inoguchi 2534: .Op Fl timeout Ar seconds
1.1 jsing 2535: .Op Fl trust_other
2536: .Op Fl url Ar responder_url
2537: .Op Fl VAfile Ar file
2538: .Op Fl validity_period Ar nsec
2539: .Op Fl verify_other Ar file
1.114 jmc 2540: .Ek
2541: .El
1.1 jsing 2542: .Pp
1.55 jmc 2543: The Online Certificate Status Protocol (OCSP)
2544: enables applications to determine the (revocation) state
2545: of an identified certificate (RFC 2560).
1.1 jsing 2546: .Pp
2547: The
2548: .Nm ocsp
2549: command performs many common OCSP tasks.
2550: It can be used to print out requests and responses,
2551: create requests and send queries to an OCSP responder,
2552: and behave like a mini OCSP server itself.
2553: .Pp
2554: The options are as follows:
2555: .Bl -tag -width Ds
2556: .It Fl CAfile Ar file , Fl CApath Ar directory
1.55 jmc 2557: A file or path containing trusted CA certificates,
2558: used to verify the signature on the OCSP response.
1.1 jsing 2559: .It Fl cert Ar file
2560: Add the certificate
2561: .Ar file
2562: to the request.
2563: The issuer certificate is taken from the previous
2564: .Fl issuer
2565: option, or an error occurs if no issuer certificate is specified.
2566: .It Fl dgst Ar alg
1.55 jmc 2567: Use the digest algorithm
2568: .Ar alg
2569: for certificate identification in the OCSP request.
1.1 jsing 2570: By default SHA-1 is used.
2571: .It Xo
2572: .Fl host Ar hostname : Ns Ar port ,
2573: .Fl path Ar path
2574: .Xc
1.55 jmc 2575: Send
2576: the OCSP request to
1.1 jsing 2577: .Ar hostname
1.55 jmc 2578: on
1.1 jsing 2579: .Ar port .
2580: .Fl path
2581: specifies the HTTP path name to use, or
1.55 jmc 2582: .Pa /
1.1 jsing 2583: by default.
1.108 inoguchi 2584: .It Fl header Ar name value
2585: Add the header name with the specified value to the OCSP request that is sent
2586: to the responder.
2587: This may be repeated.
1.1 jsing 2588: .It Fl issuer Ar file
1.81 jmc 2589: The current issuer certificate, in PEM format.
2590: Can be used multiple times and must come before any
1.1 jsing 2591: .Fl cert
2592: options.
2593: .It Fl no_cert_checks
2594: Don't perform any additional checks on the OCSP response signer's certificate.
2595: That is, do not make any checks to see if the signer's certificate is
2596: authorised to provide the necessary status information:
2597: as a result this option should only be used for testing purposes.
2598: .It Fl no_cert_verify
2599: Don't verify the OCSP response signer's certificate at all.
2600: Since this option allows the OCSP response to be signed by any certificate,
2601: it should only be used for testing purposes.
2602: .It Fl no_certs
1.55 jmc 2603: Don't include any certificates in the signed request.
1.1 jsing 2604: .It Fl no_chain
2605: Do not use certificates in the response as additional untrusted CA
2606: certificates.
1.108 inoguchi 2607: .It Fl no_explicit
2608: Don't check the explicit trust for OCSP signing in the root CA certificate.
1.1 jsing 2609: .It Fl no_intern
2610: Ignore certificates contained in the OCSP response
2611: when searching for the signer's certificate.
1.55 jmc 2612: The signer's certificate must be specified with either the
1.1 jsing 2613: .Fl verify_other
2614: or
2615: .Fl VAfile
2616: options.
2617: .It Fl no_signature_verify
2618: Don't check the signature on the OCSP response.
2619: Since this option tolerates invalid signatures on OCSP responses,
2620: it will normally only be used for testing purposes.
2621: .It Fl nonce , no_nonce
1.55 jmc 2622: Add an OCSP nonce extension to a request,
2623: or disable an OCSP nonce addition.
1.1 jsing 2624: Normally, if an OCSP request is input using the
2625: .Fl respin
1.55 jmc 2626: option no nonce is added:
1.1 jsing 2627: using the
2628: .Fl nonce
1.55 jmc 2629: option will force the addition of a nonce.
1.1 jsing 2630: If an OCSP request is being created (using the
2631: .Fl cert
2632: and
2633: .Fl serial
2634: options)
1.55 jmc 2635: a nonce is automatically added; specifying
1.1 jsing 2636: .Fl no_nonce
2637: overrides this.
2638: .It Fl noverify
1.55 jmc 2639: Don't attempt to verify the OCSP response signature or the nonce values.
2640: This is normally only be used for debugging
1.1 jsing 2641: since it disables all verification of the responder's certificate.
2642: .It Fl out Ar file
1.55 jmc 2643: Specify the output file to write to,
1.57 jmc 2644: or standard output if not specified.
1.1 jsing 2645: .It Fl req_text , resp_text , text
2646: Print out the text form of the OCSP request, response, or both, respectively.
2647: .It Fl reqin Ar file , Fl respin Ar file
2648: Read an OCSP request or response file from
2649: .Ar file .
2650: These options are ignored
2651: if an OCSP request or response creation is implied by other options
2652: (for example with the
2653: .Fl serial , cert ,
2654: and
2655: .Fl host
2656: options).
2657: .It Fl reqout Ar file , Fl respout Ar file
2658: Write out the DER-encoded certificate request or response to
2659: .Ar file .
2660: .It Fl serial Ar num
2661: Same as the
2662: .Fl cert
2663: option except the certificate with serial number
2664: .Ar num
2665: is added to the request.
2666: The serial number is interpreted as a decimal integer unless preceded by
2667: .Sq 0x .
1.55 jmc 2668: Negative integers can also be specified
2669: by preceding the value with a minus sign.
1.1 jsing 2670: .It Fl sign_other Ar file
2671: Additional certificates to include in the signed request.
2672: .It Fl signer Ar file , Fl signkey Ar file
2673: Sign the OCSP request using the certificate specified in the
2674: .Fl signer
2675: option and the private key specified by the
2676: .Fl signkey
2677: option.
2678: If the
2679: .Fl signkey
2680: option is not present, then the private key is read from the same file
2681: as the certificate.
2682: If neither option is specified, the OCSP request is not signed.
1.108 inoguchi 2683: .It Fl timeout Ar seconds
2684: Connection timeout to the OCSP responder in seconds.
1.1 jsing 2685: .It Fl trust_other
2686: The certificates specified by the
2687: .Fl verify_other
2688: option should be explicitly trusted and no additional checks will be
2689: performed on them.
2690: This is useful when the complete responder certificate chain is not available
2691: or trusting a root CA is not appropriate.
2692: .It Fl url Ar responder_url
2693: Specify the responder URL.
2694: Both HTTP and HTTPS
2695: .Pq SSL/TLS
2696: URLs can be specified.
2697: .It Fl VAfile Ar file
1.55 jmc 2698: A file containing explicitly trusted responder certificates.
1.1 jsing 2699: Equivalent to the
2700: .Fl verify_other
2701: and
2702: .Fl trust_other
2703: options.
2704: .It Fl validity_period Ar nsec , Fl status_age Ar age
1.55 jmc 2705: The range of times, in seconds, which will be tolerated in an OCSP response.
2706: Each certificate status response includes a notBefore time
2707: and an optional notAfter time.
1.1 jsing 2708: The current time should fall between these two values,
2709: but the interval between the two times may be only a few seconds.
2710: In practice the OCSP responder and clients' clocks may not be precisely
2711: synchronised and so such a check may fail.
2712: To avoid this the
2713: .Fl validity_period
2714: option can be used to specify an acceptable error range in seconds,
1.55 jmc 2715: the default value being 5 minutes.
1.1 jsing 2716: .Pp
1.55 jmc 2717: If the notAfter time is omitted from a response,
2718: it means that new status information is immediately available.
2719: In this case the age of the notBefore field is checked
2720: to see it is not older than
1.1 jsing 2721: .Ar age
2722: seconds old.
2723: By default, this additional check is not performed.
2724: .It Fl verify_other Ar file
1.55 jmc 2725: A file containing additional certificates to search
2726: when attempting to locate the OCSP response signing certificate.
2727: Some responders omit the actual signer's certificate from the response,
2728: so this can be used to supply the necessary certificate.
1.1 jsing 2729: .El
1.55 jmc 2730: .Pp
2731: The options for the OCSP server are as follows:
1.1 jsing 2732: .Bl -tag -width "XXXX"
2733: .It Fl CA Ar file
2734: CA certificate corresponding to the revocation information in
2735: .Ar indexfile .
1.108 inoguchi 2736: .It Fl ignore_err
2737: Ignore the invalid response.
1.1 jsing 2738: .It Fl index Ar indexfile
2739: .Ar indexfile
1.55 jmc 2740: is a text index file in ca format
2741: containing certificate revocation information.
1.1 jsing 2742: .Pp
1.55 jmc 2743: If this option is specified,
1.1 jsing 2744: .Nm ocsp
1.55 jmc 2745: is in responder mode, otherwise it is in client mode.
2746: The requests the responder processes can be either specified on
1.1 jsing 2747: the command line (using the
2748: .Fl issuer
2749: and
2750: .Fl serial
2751: options), supplied in a file (using the
2752: .Fl respin
1.55 jmc 2753: option), or via external OCSP clients (if
1.1 jsing 2754: .Ar port
2755: or
2756: .Ar url
2757: is specified).
2758: .Pp
1.55 jmc 2759: If this option is present, then the
1.1 jsing 2760: .Fl CA
2761: and
2762: .Fl rsigner
2763: options must also be present.
2764: .It Fl nmin Ar minutes , Fl ndays Ar days
2765: Number of
2766: .Ar minutes
2767: or
2768: .Ar days
1.55 jmc 2769: when fresh revocation information is available:
2770: used in the nextUpdate field.
2771: If neither option is present,
2772: the nextUpdate field is omitted,
2773: meaning fresh revocation information is immediately available.
1.1 jsing 2774: .It Fl nrequest Ar number
1.55 jmc 2775: Exit after receiving
1.1 jsing 2776: .Ar number
1.55 jmc 2777: requests (the default is unlimited).
1.1 jsing 2778: .It Fl port Ar portnum
2779: Port to listen for OCSP requests on.
1.55 jmc 2780: May also be specified using the
1.1 jsing 2781: .Fl url
2782: option.
2783: .It Fl resp_key_id
2784: Identify the signer certificate using the key ID;
1.55 jmc 2785: the default is to use the subject name.
1.1 jsing 2786: .It Fl resp_no_certs
2787: Don't include any certificates in the OCSP response.
2788: .It Fl rkey Ar file
2789: The private key to sign OCSP responses with;
2790: if not present, the file specified in the
2791: .Fl rsigner
2792: option is used.
2793: .It Fl rother Ar file
2794: Additional certificates to include in the OCSP response.
2795: .It Fl rsigner Ar file
2796: The certificate to sign OCSP responses with.
2797: .El
2798: .Pp
2799: Initially the OCSP responder certificate is located and the signature on
2800: the OCSP request checked using the responder certificate's public key.
2801: Then a normal certificate verify is performed on the OCSP responder certificate
2802: building up a certificate chain in the process.
2803: The locations of the trusted certificates used to build the chain can be
2804: specified by the
2805: .Fl CAfile
2806: and
2807: .Fl CApath
2808: options or they will be looked for in the standard
1.55 jmc 2809: .Nm openssl
2810: certificates directory.
1.1 jsing 2811: .Pp
1.55 jmc 2812: If the initial verify fails, the OCSP verify process halts with an error.
1.1 jsing 2813: Otherwise the issuing CA certificate in the request is compared to the OCSP
2814: responder certificate: if there is a match then the OCSP verify succeeds.
2815: .Pp
2816: Otherwise the OCSP responder certificate's CA is checked against the issuing
2817: CA certificate in the request.
2818: If there is a match and the OCSPSigning extended key usage is present
2819: in the OCSP responder certificate, then the OCSP verify succeeds.
2820: .Pp
2821: Otherwise the root CA of the OCSP responder's CA is checked to see if it
2822: is trusted for OCSP signing.
2823: If it is, the OCSP verify succeeds.
2824: .Pp
2825: If none of these checks is successful, the OCSP verify fails.
2826: What this effectively means is that if the OCSP responder certificate is
2827: authorised directly by the CA it is issuing revocation information about
1.55 jmc 2828: (and it is correctly configured),
1.1 jsing 2829: then verification will succeed.
2830: .Pp
1.55 jmc 2831: If the OCSP responder is a global responder,
2832: which can give details about multiple CAs
2833: and has its own separate certificate chain,
2834: then its root CA can be trusted for OCSP signing.
1.1 jsing 2835: Alternatively, the responder certificate itself can be explicitly trusted
2836: with the
2837: .Fl VAfile
2838: option.
2839: .Sh PASSWD
1.114 jmc 2840: .Bl -hang -width "openssl passwd"
2841: .It Nm openssl passwd
2842: .Bk -words
1.1 jsing 2843: .Op Fl 1 | apr1 | crypt
2844: .Op Fl in Ar file
2845: .Op Fl noverify
2846: .Op Fl quiet
2847: .Op Fl reverse
2848: .Op Fl salt Ar string
2849: .Op Fl stdin
2850: .Op Fl table
2851: .Op Ar password
1.114 jmc 2852: .Ek
2853: .El
1.1 jsing 2854: .Pp
2855: The
2856: .Nm passwd
1.56 jmc 2857: command computes the hash of a password.
1.1 jsing 2858: .Pp
2859: The options are as follows:
2860: .Bl -tag -width Ds
2861: .It Fl 1
2862: Use the MD5 based
2863: .Bx
2864: password algorithm
1.56 jmc 2865: .Qq 1 .
1.1 jsing 2866: .It Fl apr1
2867: Use the
1.56 jmc 2868: .Qq apr1
1.1 jsing 2869: algorithm
1.56 jmc 2870: .Po
2871: Apache variant of the
1.1 jsing 2872: .Bx
1.56 jmc 2873: algorithm
2874: .Pc .
1.1 jsing 2875: .It Fl crypt
2876: Use the
1.56 jmc 2877: .Qq crypt
2878: algorithm (the default).
1.1 jsing 2879: .It Fl in Ar file
2880: Read passwords from
2881: .Ar file .
2882: .It Fl noverify
2883: Don't verify when reading a password from the terminal.
2884: .It Fl quiet
2885: Don't output warnings when passwords given on the command line are truncated.
2886: .It Fl reverse
2887: Switch table columns.
2888: This only makes sense in conjunction with the
2889: .Fl table
2890: option.
2891: .It Fl salt Ar string
1.56 jmc 2892: Use the salt specified by
2893: .Ar string .
1.1 jsing 2894: When reading a password from the terminal, this implies
2895: .Fl noverify .
2896: .It Fl stdin
1.56 jmc 2897: Read passwords from standard input.
1.1 jsing 2898: .It Fl table
2899: In the output list, prepend the cleartext password and a TAB character
2900: to each password hash.
2901: .El
2902: .Sh PKCS7
1.114 jmc 2903: .Bl -hang -width "openssl pkcs7"
2904: .It Nm openssl pkcs7
2905: .Bk -words
1.1 jsing 2906: .Op Fl in Ar file
1.57 jmc 2907: .Op Fl inform Cm der | pem
1.1 jsing 2908: .Op Fl noout
2909: .Op Fl out Ar file
1.57 jmc 2910: .Op Fl outform Cm der | pem
1.106 inoguchi 2911: .Op Fl print
1.1 jsing 2912: .Op Fl print_certs
2913: .Op Fl text
1.114 jmc 2914: .Ek
2915: .El
1.1 jsing 2916: .Pp
2917: The
2918: .Nm pkcs7
2919: command processes PKCS#7 files in DER or PEM format.
1.57 jmc 2920: The PKCS#7 routines only understand PKCS#7 v 1.5 as specified in RFC 2315.
2921: .Pp
1.1 jsing 2922: The options are as follows:
2923: .Bl -tag -width Ds
2924: .It Fl in Ar file
1.57 jmc 2925: The input file to read from,
2926: or standard input if not specified.
2927: .It Fl inform Cm der | pem
2928: The input format.
1.1 jsing 2929: .It Fl noout
2930: Don't output the encoded version of the PKCS#7 structure
2931: (or certificates if
2932: .Fl print_certs
2933: is set).
2934: .It Fl out Ar file
1.57 jmc 2935: The output to write to,
2936: or standard output if not specified.
2937: .It Fl outform Cm der | pem
2938: The output format.
1.106 inoguchi 2939: .It Fl print
2940: Print the ASN.1 representation of PKCS#7 structure.
1.1 jsing 2941: .It Fl print_certs
1.57 jmc 2942: Print any certificates or CRLs contained in the file,
2943: preceded by their subject and issuer names in a one-line format.
1.1 jsing 2944: .It Fl text
1.57 jmc 2945: Print certificate details in full rather than just subject and issuer names.
1.1 jsing 2946: .El
2947: .Sh PKCS8
1.114 jmc 2948: .Bl -hang -width "openssl pkcs8"
2949: .It Nm openssl pkcs8
2950: .Bk -words
1.1 jsing 2951: .Op Fl in Ar file
1.58 jmc 2952: .Op Fl inform Cm der | pem
1.1 jsing 2953: .Op Fl nocrypt
2954: .Op Fl noiter
2955: .Op Fl out Ar file
1.58 jmc 2956: .Op Fl outform Cm der | pem
1.1 jsing 2957: .Op Fl passin Ar arg
2958: .Op Fl passout Ar arg
2959: .Op Fl topk8
2960: .Op Fl v1 Ar alg
2961: .Op Fl v2 Ar alg
1.114 jmc 2962: .Ek
2963: .El
1.1 jsing 2964: .Pp
2965: The
2966: .Nm pkcs8
1.58 jmc 2967: command processes private keys
2968: (both encrypted and unencrypted)
2969: in PKCS#8 format
2970: with a variety of PKCS#5 (v1.5 and v2.0) and PKCS#12 algorithms.
2971: The default encryption is only 56 bits;
2972: keys encrypted using PKCS#5 v2.0 algorithms and high iteration counts
2973: are more secure.
2974: .Pp
1.1 jsing 2975: The options are as follows:
2976: .Bl -tag -width Ds
2977: .It Fl in Ar file
1.58 jmc 2978: The input file to read from,
2979: or standard input if not specified.
1.1 jsing 2980: If the key is encrypted, a pass phrase will be prompted for.
1.58 jmc 2981: .It Fl inform Cm der | pem
2982: The input format.
1.1 jsing 2983: .It Fl nocrypt
1.58 jmc 2984: Generate an unencrypted PrivateKeyInfo structure.
2985: This option does not encrypt private keys at all
2986: and should only be used when absolutely necessary.
1.1 jsing 2987: .It Fl noiter
2988: Use an iteration count of 1.
2989: See the
2990: .Sx PKCS12
2991: section below for a detailed explanation of this option.
2992: .It Fl out Ar file
1.58 jmc 2993: The output file to write to,
2994: or standard output if none is specified.
1.1 jsing 2995: If any encryption options are set, a pass phrase will be prompted for.
1.58 jmc 2996: .It Fl outform Cm der | pem
2997: The output format.
1.1 jsing 2998: .It Fl passin Ar arg
2999: The key password source.
3000: .It Fl passout Ar arg
3001: The output file password source.
3002: .It Fl topk8
1.58 jmc 3003: Read a traditional format private key and write a PKCS#8 format key.
1.1 jsing 3004: .It Fl v1 Ar alg
1.58 jmc 3005: Specify a PKCS#5 v1.5 or PKCS#12 algorithm to use.
3006: .Pp
3007: .Bl -tag -width "XXXX" -compact
3008: .It PBE-MD5-DES
3009: 56-bit DES.
3010: .It PBE-SHA1-RC2-64 | PBE-MD5-RC2-64 | PBE-SHA1-DES
3011: 64-bit RC2 or 56-bit DES.
3012: .It PBE-SHA1-RC4-128 | PBE-SHA1-RC4-40 | PBE-SHA1-3DES
3013: .It PBE-SHA1-2DES | PBE-SHA1-RC2-128 | PBE-SHA1-RC2-40
3014: PKCS#12 password-based encryption algorithm,
3015: which allow strong encryption algorithms like triple DES or 128-bit RC2.
3016: .El
1.1 jsing 3017: .It Fl v2 Ar alg
1.58 jmc 3018: Use PKCS#5 v2.0 algorithms.
3019: Supports algorithms such as 168-bit triple DES or 128-bit RC2,
3020: however not many implementations support PKCS#5 v2.0 yet
3021: (if using private keys with
3022: .Nm openssl
3023: this doesn't matter).
1.1 jsing 3024: .Pp
3025: .Ar alg
1.58 jmc 3026: is the encryption algorithm to use;
3027: valid values include des, des3, and rc2.
3028: It is recommended that des3 is used.
1.1 jsing 3029: .El
3030: .Sh PKCS12
1.114 jmc 3031: .Bl -hang -width "openssl pkcs12"
3032: .It Nm openssl pkcs12
3033: .Bk -words
1.107 inoguchi 3034: .Oo
3035: .Fl aes128 | aes192 | aes256 | camellia128 |
3036: .Fl camellia192 | camellia256 | des | des3 | idea
3037: .Oc
1.1 jsing 3038: .Op Fl cacerts
3039: .Op Fl CAfile Ar file
3040: .Op Fl caname Ar name
3041: .Op Fl CApath Ar directory
3042: .Op Fl certfile Ar file
3043: .Op Fl certpbe Ar alg
3044: .Op Fl chain
3045: .Op Fl clcerts
3046: .Op Fl CSP Ar name
3047: .Op Fl descert
3048: .Op Fl export
3049: .Op Fl in Ar file
3050: .Op Fl info
3051: .Op Fl inkey Ar file
3052: .Op Fl keyex
3053: .Op Fl keypbe Ar alg
3054: .Op Fl keysig
1.107 inoguchi 3055: .Op Fl LMK
1.1 jsing 3056: .Op Fl macalg Ar alg
3057: .Op Fl maciter
3058: .Op Fl name Ar name
3059: .Op Fl nocerts
3060: .Op Fl nodes
3061: .Op Fl noiter
3062: .Op Fl nokeys
3063: .Op Fl nomac
3064: .Op Fl nomaciter
3065: .Op Fl nomacver
3066: .Op Fl noout
3067: .Op Fl out Ar file
3068: .Op Fl passin Ar arg
3069: .Op Fl passout Ar arg
1.107 inoguchi 3070: .Op Fl password Ar arg
1.1 jsing 3071: .Op Fl twopass
1.114 jmc 3072: .Ek
3073: .El
1.1 jsing 3074: .Pp
3075: The
3076: .Nm pkcs12
3077: command allows PKCS#12 files
3078: .Pq sometimes referred to as PFX files
3079: to be created and parsed.
3080: By default, a PKCS#12 file is parsed;
3081: a PKCS#12 file can be created by using the
3082: .Fl export
1.59 jmc 3083: option.
3084: .Pp
3085: The options for parsing a PKCS12 file are as follows:
1.1 jsing 3086: .Bl -tag -width "XXXX"
1.107 inoguchi 3087: .It Xo
3088: .Fl aes128 | aes192 | aes256 |
3089: .Fl camellia128 | camellia192 | camellia256 |
3090: .Fl des | des3 |
3091: .Fl idea
3092: .Xc
3093: Encrypt private keys using AES, CAMELLIA, DES, triple DES
3094: or the IDEA ciphers, respectively.
1.1 jsing 3095: The default is triple DES.
3096: .It Fl cacerts
3097: Only output CA certificates
3098: .Pq not client certificates .
3099: .It Fl clcerts
3100: Only output client certificates
3101: .Pq not CA certificates .
3102: .It Fl in Ar file
1.59 jmc 3103: The input file to read from,
3104: or standard input if not specified.
1.1 jsing 3105: .It Fl info
3106: Output additional information about the PKCS#12 file structure,
3107: algorithms used, and iteration counts.
3108: .It Fl nocerts
1.59 jmc 3109: Do not output certificates.
1.1 jsing 3110: .It Fl nodes
1.59 jmc 3111: Do not encrypt private keys.
1.1 jsing 3112: .It Fl nokeys
1.59 jmc 3113: Do not output private keys.
1.1 jsing 3114: .It Fl nomacver
1.59 jmc 3115: Do not attempt to verify the integrity MAC before reading the file.
1.1 jsing 3116: .It Fl noout
1.59 jmc 3117: Do not output the keys and certificates to the output file
1.1 jsing 3118: version of the PKCS#12 file.
3119: .It Fl out Ar file
1.59 jmc 3120: The output file to write to,
3121: or standard output if not specified.
1.1 jsing 3122: .It Fl passin Ar arg
3123: The key password source.
3124: .It Fl passout Ar arg
3125: The output file password source.
3126: .It Fl twopass
3127: Prompt for separate integrity and encryption passwords: most software
3128: always assumes these are the same so this option will render such
3129: PKCS#12 files unreadable.
3130: .El
1.59 jmc 3131: .Pp
3132: The options for PKCS12 file creation are as follows:
1.1 jsing 3133: .Bl -tag -width "XXXX"
3134: .It Fl CAfile Ar file
3135: CA storage as a file.
3136: .It Fl CApath Ar directory
3137: CA storage as a directory.
1.59 jmc 3138: The directory must be a standard certificate directory:
1.1 jsing 3139: that is, a hash of each subject name (using
1.59 jmc 3140: .Nm x509 Fl hash )
1.1 jsing 3141: should be linked to each certificate.
3142: .It Fl caname Ar name
1.59 jmc 3143: Specify the
1.1 jsing 3144: .Qq friendly name
3145: for other certificates.
1.59 jmc 3146: May be used multiple times to specify names for all certificates
1.1 jsing 3147: in the order they appear.
3148: .It Fl certfile Ar file
3149: A file to read additional certificates from.
3150: .It Fl certpbe Ar alg , Fl keypbe Ar alg
1.59 jmc 3151: Specify the algorithm used to encrypt the private key and
1.1 jsing 3152: certificates to be selected.
1.59 jmc 3153: Any PKCS#5 v1.5 or PKCS#12 PBE algorithm name can be used.
1.1 jsing 3154: If a cipher name
3155: (as output by the
3156: .Cm list-cipher-algorithms
3157: command) is specified then it
3158: is used with PKCS#5 v2.0.
3159: For interoperability reasons it is advisable to only use PKCS#12 algorithms.
3160: .It Fl chain
1.59 jmc 3161: Include the entire certificate chain of the user certificate.
1.1 jsing 3162: The standard CA store is used for this search.
3163: If the search fails, it is considered a fatal error.
3164: .It Fl CSP Ar name
3165: Write
3166: .Ar name
3167: as a Microsoft CSP name.
3168: .It Fl descert
3169: Encrypt the certificate using triple DES; this may render the PKCS#12
3170: file unreadable by some
3171: .Qq export grade
3172: software.
3173: By default, the private key is encrypted using triple DES and the
3174: certificate using 40-bit RC2.
3175: .It Fl export
1.59 jmc 3176: Create a PKCS#12 file (rather than parsing one).
1.1 jsing 3177: .It Fl in Ar file
1.59 jmc 3178: The input file to read from,
1.81 jmc 3179: or standard input if not specified.
1.1 jsing 3180: The order doesn't matter but one private key and its corresponding
3181: certificate should be present.
3182: If additional certificates are present, they will also be included
3183: in the PKCS#12 file.
3184: .It Fl inkey Ar file
1.59 jmc 3185: File to read a private key from.
1.1 jsing 3186: If not present, a private key must be present in the input file.
3187: .It Fl keyex | keysig
1.59 jmc 3188: Specify whether the private key is to be used for key exchange or just signing.
1.1 jsing 3189: Normally,
3190: .Qq export grade
3191: software will only allow 512-bit RSA keys to be
3192: used for encryption purposes, but arbitrary length keys for signing.
3193: The
3194: .Fl keysig
3195: option marks the key for signing only.
3196: Signing only keys can be used for S/MIME signing, authenticode
1.66 jmc 3197: (ActiveX control signing)
1.59 jmc 3198: and SSL client authentication.
1.107 inoguchi 3199: .It Fl LMK
3200: Add local machine keyset attribute to private key.
1.1 jsing 3201: .It Fl macalg Ar alg
3202: Specify the MAC digest algorithm.
1.59 jmc 3203: The default is SHA1.
1.1 jsing 3204: .It Fl maciter
1.66 jmc 3205: Included for compatibility only:
1.59 jmc 3206: it used to be needed to use MAC iterations counts
3207: but they are now used by default.
1.1 jsing 3208: .It Fl name Ar name
1.59 jmc 3209: Specify the
1.1 jsing 3210: .Qq friendly name
3211: for the certificate and private key.
3212: This name is typically displayed in list boxes by software importing the file.
3213: .It Fl nomac
3214: Don't attempt to provide the MAC integrity.
3215: .It Fl nomaciter , noiter
1.59 jmc 3216: Affect the iteration counts on the MAC and key algorithms.
1.1 jsing 3217: .Pp
3218: To discourage attacks by using large dictionaries of common passwords,
3219: the algorithm that derives keys from passwords can have an iteration count
3220: applied to it: this causes a certain part of the algorithm to be repeated
3221: and slows it down.
3222: The MAC is used to check the file integrity but since it will normally
3223: have the same password as the keys and certificates it could also be attacked.
3224: By default, both MAC and encryption iteration counts are set to 2048;
3225: using these options the MAC and encryption iteration counts can be set to 1.
3226: Since this reduces the file security you should not use these options
3227: unless you really have to.
3228: Most software supports both MAC and key iteration counts.
3229: .It Fl out Ar file
1.59 jmc 3230: The output file to write to,
3231: or standard output if not specified.
1.1 jsing 3232: .It Fl passin Ar arg
3233: The key password source.
3234: .It Fl passout Ar arg
3235: The output file password source.
1.107 inoguchi 3236: .It Fl password Ar arg
3237: With
3238: .Fl export ,
3239: .Fl password
3240: is equivalent to
3241: .Fl passout .
1.108 inoguchi 3242: Otherwise,
1.107 inoguchi 3243: .Fl password
3244: is equivalent to
3245: .Fl passin .
1.1 jsing 3246: .El
3247: .Sh PKEY
1.114 jmc 3248: .Bl -hang -width "openssl pkey"
3249: .It Nm openssl pkey
3250: .Bk -words
1.1 jsing 3251: .Op Ar cipher
3252: .Op Fl in Ar file
1.60 jmc 3253: .Op Fl inform Cm der | pem
1.1 jsing 3254: .Op Fl noout
3255: .Op Fl out Ar file
1.60 jmc 3256: .Op Fl outform Cm der | pem
1.1 jsing 3257: .Op Fl passin Ar arg
3258: .Op Fl passout Ar arg
3259: .Op Fl pubin
3260: .Op Fl pubout
3261: .Op Fl text
3262: .Op Fl text_pub
1.114 jmc 3263: .Ek
3264: .El
1.1 jsing 3265: .Pp
3266: The
3267: .Nm pkey
3268: command processes public or private keys.
3269: They can be converted between various forms
3270: and their components printed out.
3271: .Pp
3272: The options are as follows:
3273: .Bl -tag -width Ds
3274: .It Ar cipher
1.60 jmc 3275: Encrypt the private key with the specified cipher.
1.1 jsing 3276: Any algorithm name accepted by
1.60 jmc 3277: .Xr EVP_get_cipherbyname 3
1.1 jsing 3278: is acceptable, such as
3279: .Cm des3 .
3280: .It Fl in Ar file
1.60 jmc 3281: The input file to read from,
3282: or standard input if not specified.
1.1 jsing 3283: If the key is encrypted a pass phrase will be prompted for.
1.60 jmc 3284: .It Fl inform Cm der | pem
3285: The input format.
1.1 jsing 3286: .It Fl noout
3287: Do not output the encoded version of the key.
3288: .It Fl out Ar file
1.60 jmc 3289: The output file to write to,
3290: or standard output if not specified.
1.1 jsing 3291: If any encryption options are set then a pass phrase
3292: will be prompted for.
1.60 jmc 3293: .It Fl outform Cm der | pem
3294: The output format.
1.1 jsing 3295: .It Fl passin Ar arg
3296: The key password source.
3297: .It Fl passout Ar arg
3298: The output file password source.
3299: .It Fl pubin
1.60 jmc 3300: Read in a public key, not a private key.
1.1 jsing 3301: .It Fl pubout
1.60 jmc 3302: Output a public key, not a private key.
3303: Automatically set if the input is a public key.
1.1 jsing 3304: .It Fl text
1.64 jmc 3305: Print the public/private key in plain text.
1.1 jsing 3306: .It Fl text_pub
3307: Print out only public key components
3308: even if a private key is being processed.
3309: .El
3310: .Sh PKEYPARAM
3311: .Cm openssl pkeyparam
3312: .Op Fl in Ar file
3313: .Op Fl noout
3314: .Op Fl out Ar file
3315: .Op Fl text
3316: .Pp
3317: The
1.61 jmc 3318: .Nm pkeyparam
1.1 jsing 3319: command processes public or private keys.
1.61 jmc 3320: The key type is determined by the PEM headers.
1.1 jsing 3321: .Pp
3322: The options are as follows:
3323: .Bl -tag -width Ds
3324: .It Fl in Ar file
1.61 jmc 3325: The input file to read from,
3326: or standard input if not specified.
1.1 jsing 3327: .It Fl noout
3328: Do not output the encoded version of the parameters.
3329: .It Fl out Ar file
1.61 jmc 3330: The output file to write to,
3331: or standard output if not specified.
1.1 jsing 3332: .It Fl text
1.64 jmc 3333: Print the parameters in plain text.
1.1 jsing 3334: .El
3335: .Sh PKEYUTL
1.114 jmc 3336: .Bl -hang -width "openssl pkeyutl"
3337: .It Nm openssl pkeyutl
3338: .Bk -words
1.1 jsing 3339: .Op Fl asn1parse
3340: .Op Fl certin
3341: .Op Fl decrypt
3342: .Op Fl derive
3343: .Op Fl encrypt
3344: .Op Fl hexdump
3345: .Op Fl in Ar file
3346: .Op Fl inkey Ar file
1.62 jmc 3347: .Op Fl keyform Cm der | pem
1.1 jsing 3348: .Op Fl out Ar file
3349: .Op Fl passin Ar arg
1.62 jmc 3350: .Op Fl peerform Cm der | pem
1.1 jsing 3351: .Op Fl peerkey Ar file
3352: .Op Fl pkeyopt Ar opt : Ns Ar value
3353: .Op Fl pubin
3354: .Op Fl rev
3355: .Op Fl sigfile Ar file
3356: .Op Fl sign
3357: .Op Fl verify
3358: .Op Fl verifyrecover
1.114 jmc 3359: .Ek
3360: .El
1.1 jsing 3361: .Pp
3362: The
3363: .Nm pkeyutl
3364: command can be used to perform public key operations using
3365: any supported algorithm.
3366: .Pp
3367: The options are as follows:
3368: .Bl -tag -width Ds
3369: .It Fl asn1parse
1.84 jmc 3370: ASN.1 parse the output data.
1.1 jsing 3371: This is useful when combined with the
3372: .Fl verifyrecover
1.84 jmc 3373: option when an ASN.1 structure is signed.
1.1 jsing 3374: .It Fl certin
3375: The input is a certificate containing a public key.
3376: .It Fl decrypt
3377: Decrypt the input data using a private key.
3378: .It Fl derive
3379: Derive a shared secret using the peer key.
3380: .It Fl encrypt
3381: Encrypt the input data using a public key.
3382: .It Fl hexdump
3383: Hex dump the output data.
3384: .It Fl in Ar file
1.62 jmc 3385: The input file to read from,
3386: or standard input if not specified.
1.1 jsing 3387: .It Fl inkey Ar file
3388: The input key file.
3389: By default it should be a private key.
1.62 jmc 3390: .It Fl keyform Cm der | pem
3391: The key format.
1.1 jsing 3392: .It Fl out Ar file
1.62 jmc 3393: The output file to write to,
3394: or standard output if not specified.
1.1 jsing 3395: .It Fl passin Ar arg
3396: The key password source.
1.62 jmc 3397: .It Fl peerform Cm der | pem
3398: The peer key format.
1.1 jsing 3399: .It Fl peerkey Ar file
3400: The peer key file, used by key derivation (agreement) operations.
3401: .It Fl pkeyopt Ar opt : Ns Ar value
1.62 jmc 3402: Set the public key algorithm option
3403: .Ar opt
3404: to
3405: .Ar value .
3406: Unless otherwise mentioned, all algorithms support the format
3407: .Ar digest : Ns Ar alg ,
3408: which specifies the digest to use
1.1 jsing 3409: for sign, verify, and verifyrecover operations.
3410: The value
3411: .Ar alg
3412: should represent a digest name as used in the
1.62 jmc 3413: .Xr EVP_get_digestbyname 3
3414: function.
3415: .Pp
1.1 jsing 3416: The RSA algorithm supports the
3417: encrypt, decrypt, sign, verify, and verifyrecover operations in general.
3418: Some padding modes only support some of these
3419: operations however.
3420: .Bl -tag -width Ds
3421: .It rsa_padding_mode : Ns Ar mode
3422: This sets the RSA padding mode.
3423: Acceptable values for
3424: .Ar mode
3425: are
3426: .Cm pkcs1
3427: for PKCS#1 padding;
3428: .Cm none
3429: for no padding;
3430: .Cm oaep
3431: for OAEP mode;
3432: .Cm x931
3433: for X9.31 mode;
3434: and
3435: .Cm pss
3436: for PSS.
3437: .Pp
3438: In PKCS#1 padding if the message digest is not set then the supplied data is
3439: signed or verified directly instead of using a DigestInfo structure.
3440: If a digest is set then a DigestInfo
3441: structure is used and its length
3442: must correspond to the digest type.
3443: For oeap mode only encryption and decryption is supported.
3444: For x931 if the digest type is set it is used to format the block data;
3445: otherwise the first byte is used to specify the X9.31 digest ID.
3446: Sign, verify, and verifyrecover can be performed in this mode.
3447: For pss mode only sign and verify are supported and the digest type must be
3448: specified.
3449: .It rsa_pss_saltlen : Ns Ar len
3450: For pss
3451: mode only this option specifies the salt length.
3452: Two special values are supported:
3453: -1 sets the salt length to the digest length.
3454: When signing -2 sets the salt length to the maximum permissible value.
3455: When verifying -2 causes the salt length to be automatically determined
3456: based on the PSS block structure.
3457: .El
1.62 jmc 3458: .Pp
1.1 jsing 3459: The DSA algorithm supports the sign and verify operations.
3460: Currently there are no additional options other than
3461: .Ar digest .
3462: Only the SHA1 digest can be used and this digest is assumed by default.
1.62 jmc 3463: .Pp
1.1 jsing 3464: The DH algorithm supports the derive operation
3465: and no additional options.
1.62 jmc 3466: .Pp
1.1 jsing 3467: The EC algorithm supports the sign, verify, and derive operations.
3468: The sign and verify operations use ECDSA and derive uses ECDH.
3469: Currently there are no additional options other than
3470: .Ar digest .
3471: Only the SHA1 digest can be used and this digest is assumed by default.
1.62 jmc 3472: .It Fl pubin
3473: The input file is a public key.
3474: .It Fl rev
3475: Reverse the order of the input buffer.
3476: .It Fl sigfile Ar file
3477: Signature file (verify operation only).
3478: .It Fl sign
3479: Sign the input data and output the signed result.
3480: This requires a private key.
3481: .It Fl verify
3482: Verify the input data against the signature file and indicate if the
3483: verification succeeded or failed.
3484: .It Fl verifyrecover
3485: Verify the input data and output the recovered data.
3486: .El
1.1 jsing 3487: .Sh PRIME
3488: .Cm openssl prime
3489: .Op Fl bits Ar n
3490: .Op Fl checks Ar n
3491: .Op Fl generate
3492: .Op Fl hex
3493: .Op Fl safe
3494: .Ar p
3495: .Pp
3496: The
3497: .Nm prime
3498: command is used to generate prime numbers,
3499: or to check numbers for primality.
3500: Results are probabilistic:
3501: they have an exceedingly high likelihood of being correct,
3502: but are not guaranteed.
3503: .Pp
3504: The options are as follows:
3505: .Bl -tag -width Ds
3506: .It Fl bits Ar n
3507: Specify the number of bits in the generated prime number.
3508: Must be used in conjunction with
3509: .Fl generate .
3510: .It Fl checks Ar n
3511: Perform a Miller-Rabin probabilistic primality test with
3512: .Ar n
3513: iterations.
3514: The default is 20.
3515: .It Fl generate
3516: Generate a pseudo-random prime number.
3517: Must be used in conjunction with
3518: .Fl bits .
3519: .It Fl hex
3520: Output in hex format.
3521: .It Fl safe
3522: Generate only
3523: .Qq safe
3524: prime numbers
3525: (i.e. a prime p so that (p-1)/2 is also prime).
3526: .It Ar p
3527: Test if number
3528: .Ar p
3529: is prime.
3530: .El
3531: .Sh RAND
1.114 jmc 3532: .Bl -hang -width "openssl rand"
3533: .It Nm openssl rand
3534: .Bk -words
1.1 jsing 3535: .Op Fl base64
3536: .Op Fl hex
3537: .Op Fl out Ar file
3538: .Ar num
1.114 jmc 3539: .Ek
3540: .El
1.1 jsing 3541: .Pp
3542: The
3543: .Nm rand
3544: command outputs
3545: .Ar num
3546: pseudo-random bytes.
3547: .Pp
3548: The options are as follows:
3549: .Bl -tag -width Ds
3550: .It Fl base64
1.81 jmc 3551: Perform base64 encoding on the output.
1.1 jsing 3552: .It Fl hex
3553: Specify hexadecimal output.
3554: .It Fl out Ar file
1.63 jmc 3555: The output file to write to,
3556: or standard output if not specified.
1.1 jsing 3557: .El
3558: .Sh REQ
1.114 jmc 3559: .Bl -hang -width "openssl req"
3560: .It Nm openssl req
3561: .Bk -words
1.115 inoguchi 3562: .Op Fl addext Ar ext
1.1 jsing 3563: .Op Fl asn1-kludge
3564: .Op Fl batch
3565: .Op Fl config Ar file
3566: .Op Fl days Ar n
3567: .Op Fl extensions Ar section
3568: .Op Fl in Ar file
1.63 jmc 3569: .Op Fl inform Cm der | pem
1.1 jsing 3570: .Op Fl key Ar keyfile
1.63 jmc 3571: .Op Fl keyform Cm der | pem
1.1 jsing 3572: .Op Fl keyout Ar file
1.28 doug 3573: .Op Fl md4 | md5 | sha1
1.1 jsing 3574: .Op Fl modulus
1.107 inoguchi 3575: .Op Fl multivalue-rdn
1.1 jsing 3576: .Op Fl nameopt Ar option
3577: .Op Fl new
3578: .Op Fl newhdr
3579: .Op Fl newkey Ar arg
3580: .Op Fl no-asn1-kludge
3581: .Op Fl nodes
3582: .Op Fl noout
3583: .Op Fl out Ar file
1.63 jmc 3584: .Op Fl outform Cm der | pem
1.1 jsing 3585: .Op Fl passin Ar arg
3586: .Op Fl passout Ar arg
1.107 inoguchi 3587: .Op Fl pkeyopt Ar opt:value
1.1 jsing 3588: .Op Fl pubkey
3589: .Op Fl reqexts Ar section
3590: .Op Fl reqopt Ar option
3591: .Op Fl set_serial Ar n
1.107 inoguchi 3592: .Op Fl sigopt Ar nm:v
1.1 jsing 3593: .Op Fl subj Ar arg
3594: .Op Fl subject
3595: .Op Fl text
3596: .Op Fl utf8
3597: .Op Fl verbose
3598: .Op Fl verify
3599: .Op Fl x509
1.114 jmc 3600: .Ek
3601: .El
1.1 jsing 3602: .Pp
3603: The
3604: .Nm req
3605: command primarily creates and processes certificate requests
3606: in PKCS#10 format.
3607: It can additionally create self-signed certificates,
3608: for use as root CAs, for example.
3609: .Pp
3610: The options are as follows:
3611: .Bl -tag -width Ds
1.115 inoguchi 3612: .It Fl addext Ar ext
3613: Add a specific extension to the certificate (if the
3614: .Fl x509
3615: option is present) or certificate request.
3616: The argument must have the form of a key=value pair as it would appear in a
3617: config file.
3618: This option can be given multiple times.
1.1 jsing 3619: .It Fl asn1-kludge
1.63 jmc 3620: Produce requests in an invalid format for certain picky CAs.
3621: Very few CAs still require the use of this option.
1.1 jsing 3622: .It Fl batch
3623: Non-interactive mode.
3624: .It Fl config Ar file
1.63 jmc 3625: Specify an alternative configuration file.
1.1 jsing 3626: .It Fl days Ar n
1.63 jmc 3627: Specify the number of days to certify the certificate for.
3628: The default is 30 days.
3629: Used with the
1.1 jsing 3630: .Fl x509
1.63 jmc 3631: option.
1.1 jsing 3632: .It Fl extensions Ar section , Fl reqexts Ar section
1.63 jmc 3633: Specify alternative sections to include certificate
3634: extensions (with
3635: .Fl x509 )
3636: or certificate request extensions,
3637: allowing several different sections to be used in the same configuration file.
1.1 jsing 3638: .It Fl in Ar file
1.63 jmc 3639: The input file to read a request from,
3640: or standard input if not specified.
1.1 jsing 3641: A request is only read if the creation options
3642: .Fl new
3643: and
3644: .Fl newkey
3645: are not specified.
1.63 jmc 3646: .It Fl inform Cm der | pem
3647: The input format.
1.1 jsing 3648: .It Fl key Ar keyfile
1.63 jmc 3649: The file to read the private key from.
1.1 jsing 3650: It also accepts PKCS#8 format private keys for PEM format files.
1.63 jmc 3651: .It Fl keyform Cm der | pem
1.1 jsing 3652: The format of the private key file specified in the
3653: .Fl key
3654: argument.
1.81 jmc 3655: The default is
3656: .Cm pem .
1.1 jsing 3657: .It Fl keyout Ar file
1.63 jmc 3658: The file to write the newly created private key to.
3659: If this option is not specified,
3660: the filename present in the configuration file is used.
1.4 sthen 3661: .It Fl md5 | sha1 | sha256
1.63 jmc 3662: The message digest to sign the request with.
1.1 jsing 3663: This overrides the digest algorithm specified in the configuration file.
3664: .Pp
3665: Some public key algorithms may override this choice.
3666: For instance, DSA signatures always use SHA1.
3667: .It Fl modulus
1.63 jmc 3668: Print the value of the modulus of the public key contained in the request.
1.107 inoguchi 3669: .It Fl multivalue-rdn
3670: This option causes the
3671: .Fl subj
3672: argument to be interpreted with full support for multivalued RDNs,
3673: for example
3674: .Qq "/DC=org/DC=OpenSSL/DC=users/UID=123456+CN=John Doe" .
3675: If
3676: .Fl multivalue-rdn
3677: is not used, the UID value is set to
3678: .Qq "123456+CN=John Doe" .
1.1 jsing 3679: .It Fl nameopt Ar option , Fl reqopt Ar option
1.63 jmc 3680: Determine how the subject or issuer names are displayed.
1.1 jsing 3681: .Ar option
1.63 jmc 3682: can be a single option or multiple options separated by commas.
1.1 jsing 3683: Alternatively, these options may be used more than once to set multiple options.
3684: See the
3685: .Sx X509
3686: section below for details.
3687: .It Fl new
1.63 jmc 3688: Generate a new certificate request.
3689: The user is prompted for the relevant field values.
1.1 jsing 3690: The actual fields prompted for and their maximum and minimum sizes
3691: are specified in the configuration file and any requested extensions.
3692: .Pp
3693: If the
3694: .Fl key
3695: option is not used, it will generate a new RSA private
3696: key using information specified in the configuration file.
3697: .It Fl newhdr
1.63 jmc 3698: Add the word NEW to the PEM file header and footer lines
1.112 inoguchi 3699: on the outputted request.
1.63 jmc 3700: Some software and CAs need this.
1.1 jsing 3701: .It Fl newkey Ar arg
1.63 jmc 3702: Create a new certificate request and a new private key.
1.1 jsing 3703: The argument takes one of several forms.
1.63 jmc 3704: .Pp
3705: .No rsa : Ns Ar nbits
3706: generates an RSA key
1.1 jsing 3707: .Ar nbits
3708: in size.
3709: If
3710: .Ar nbits
1.63 jmc 3711: is omitted
3712: the default key size is used.
3713: .Pp
3714: .No dsa : Ns Ar file
3715: generates a DSA key using the parameters in
3716: .Ar file .
3717: .Pp
3718: .No param : Ns Ar file
3719: generates a key using the parameters or certificate in
3720: .Ar file .
3721: .Pp
3722: All other algorithms support the form
3723: .Ar algorithm : Ns Ar file ,
1.1 jsing 3724: where file may be an algorithm parameter file,
3725: created by the
3726: .Cm genpkey -genparam
1.14 jmc 3727: command or an X.509 certificate for a key with appropriate algorithm.
1.63 jmc 3728: .Ar file
3729: can be omitted,
3730: in which case any parameters can be specified via the
1.1 jsing 3731: .Fl pkeyopt
3732: option.
3733: .It Fl no-asn1-kludge
1.63 jmc 3734: Reverse the effect of
1.1 jsing 3735: .Fl asn1-kludge .
3736: .It Fl nodes
1.63 jmc 3737: Do not encrypt the private key.
1.1 jsing 3738: .It Fl noout
1.63 jmc 3739: Do not output the encoded version of the request.
1.1 jsing 3740: .It Fl out Ar file
1.63 jmc 3741: The output file to write to,
1.99 jmc 3742: or standard output if not specified.
1.63 jmc 3743: .It Fl outform Cm der | pem
3744: The output format.
1.1 jsing 3745: .It Fl passin Ar arg
3746: The key password source.
3747: .It Fl passout Ar arg
3748: The output file password source.
1.107 inoguchi 3749: .It Fl pkeyopt Ar opt:value
3750: Set the public key algorithm option
3751: .Ar opt
3752: to
3753: .Ar value .
1.1 jsing 3754: .It Fl pubkey
1.63 jmc 3755: Output the public key.
1.1 jsing 3756: .It Fl reqopt Ar option
3757: Customise the output format used with
3758: .Fl text .
3759: The
3760: .Ar option
3761: argument can be a single option or multiple options separated by commas.
1.63 jmc 3762: See also the discussion of
1.1 jsing 3763: .Fl certopt
1.63 jmc 3764: in the
1.1 jsing 3765: .Nm x509
3766: command.
3767: .It Fl set_serial Ar n
3768: Serial number to use when outputting a self-signed certificate.
3769: This may be specified as a decimal value or a hex value if preceded by
3770: .Sq 0x .
3771: It is possible to use negative serial numbers but this is not recommended.
1.107 inoguchi 3772: .It Fl sigopt Ar nm:v
3773: Pass options to the signature algorithm during sign operation.
3774: The names and values of these options are algorithm-specific.
1.1 jsing 3775: .It Fl subj Ar arg
1.63 jmc 3776: Replaces the subject field of an input request
3777: with the specified data and output the modified request.
3778: .Ar arg
3779: must be formatted as /type0=value0/type1=value1/type2=...;
1.1 jsing 3780: characters may be escaped by
3781: .Sq \e
1.63 jmc 3782: (backslash);
1.1 jsing 3783: no spaces are skipped.
3784: .It Fl subject
1.63 jmc 3785: Print the request subject (or certificate subject if
1.1 jsing 3786: .Fl x509
1.63 jmc 3787: is specified).
1.1 jsing 3788: .It Fl text
1.64 jmc 3789: Print the certificate request in plain text.
1.1 jsing 3790: .It Fl utf8
1.63 jmc 3791: Interpret field values as UTF8 strings, not ASCII.
1.1 jsing 3792: .It Fl verbose
3793: Print extra details about the operations being performed.
3794: .It Fl verify
1.63 jmc 3795: Verify the signature on the request.
1.1 jsing 3796: .It Fl x509
1.63 jmc 3797: Output a self-signed certificate instead of a certificate request.
3798: This is typically used to generate a test certificate or a self-signed root CA.
3799: The extensions added to the certificate (if any)
1.1 jsing 3800: are specified in the configuration file.
3801: Unless specified using the
3802: .Fl set_serial
1.63 jmc 3803: option, 0 is used for the serial number.
1.1 jsing 3804: .El
1.63 jmc 3805: .Pp
1.1 jsing 3806: The configuration options are specified in the
1.63 jmc 3807: .Qq req
1.1 jsing 3808: section of the configuration file.
1.63 jmc 3809: The options available are as follows:
1.1 jsing 3810: .Bl -tag -width "XXXX"
1.63 jmc 3811: .It Cm attributes
3812: The section containing any request attributes: its format
1.1 jsing 3813: is the same as
1.63 jmc 3814: .Cm distinguished_name .
3815: Typically these may contain the challengePassword or unstructuredName types.
3816: They are currently ignored by the
3817: .Nm openssl
1.1 jsing 3818: request signing utilities, but some CAs might want them.
1.63 jmc 3819: .It Cm default_bits
3820: The default key size, in bits.
3821: The default is 2048.
1.1 jsing 3822: It is used if the
3823: .Fl new
1.63 jmc 3824: option is used and can be overridden by using the
1.1 jsing 3825: .Fl newkey
3826: option.
1.63 jmc 3827: .It Cm default_keyfile
3828: The default file to write a private key to,
3829: or standard output if not specified.
3830: It can be overridden by the
1.1 jsing 3831: .Fl keyout
3832: option.
1.63 jmc 3833: .It Cm default_md
3834: The digest algorithm to use.
1.1 jsing 3835: Possible values include
1.63 jmc 3836: .Cm md5 ,
3837: .Cm sha1
1.1 jsing 3838: and
1.63 jmc 3839: .Cm sha256
3840: (the default).
3841: It can be overridden on the command line.
3842: .It Cm distinguished_name
3843: The section containing the distinguished name fields to
1.1 jsing 3844: prompt for when generating a certificate or certificate request.
1.63 jmc 3845: The format is described below.
3846: .It Cm encrypt_key
3847: If set to
3848: .Qq no
3849: and a private key is generated, it is not encrypted.
3850: It is equivalent to the
1.1 jsing 3851: .Fl nodes
1.63 jmc 3852: option.
1.1 jsing 3853: For compatibility,
1.63 jmc 3854: .Cm encrypt_rsa_key
1.1 jsing 3855: is an equivalent option.
1.63 jmc 3856: .It Cm input_password | output_password
3857: The passwords for the input private key file (if present)
3858: and the output private key file (if one will be created).
1.1 jsing 3859: The command line options
3860: .Fl passin
3861: and
3862: .Fl passout
3863: override the configuration file values.
1.63 jmc 3864: .It Cm oid_file
3865: A file containing additional OBJECT IDENTIFIERS.
1.1 jsing 3866: Each line of the file should consist of the numerical form of the
3867: object identifier, followed by whitespace, then the short name followed
3868: by whitespace and finally the long name.
1.63 jmc 3869: .It Cm oid_section
3870: Specify a section in the configuration file containing extra
1.1 jsing 3871: object identifiers.
3872: Each line should consist of the short name of the
3873: object identifier followed by
3874: .Sq =
3875: and the numerical form.
3876: The short and long names are the same when this option is used.
1.63 jmc 3877: .It Cm prompt
3878: If set to
3879: .Qq no ,
3880: it disables prompting of certificate fields
1.1 jsing 3881: and just takes values from the config file directly.
3882: It also changes the expected format of the
1.63 jmc 3883: .Cm distinguished_name
1.1 jsing 3884: and
1.63 jmc 3885: .Cm attributes
1.1 jsing 3886: sections.
1.63 jmc 3887: .It Cm req_extensions
3888: The configuration file section containing a list of
1.1 jsing 3889: extensions to add to the certificate request.
3890: It can be overridden by the
3891: .Fl reqexts
1.63 jmc 3892: option.
3893: .It Cm string_mask
3894: Limit the string types for encoding certain fields.
1.1 jsing 3895: The following values may be used, limiting strings to the indicated types:
3896: .Bl -tag -width "MASK:number"
1.63 jmc 3897: .It Cm utf8only
3898: UTF8String.
1.1 jsing 3899: This is the default, as recommended by PKIX in RFC 2459.
1.63 jmc 3900: .It Cm default
3901: PrintableString, IA5String, T61String, BMPString, UTF8String.
3902: .It Cm pkix
3903: PrintableString, IA5String, BMPString, UTF8String.
3904: Inspired by the PKIX recommendation in RFC 2459 for certificates
3905: generated before 2004, but differs by also permitting IA5String.
3906: .It Cm nombstr
3907: PrintableString, IA5String, T61String, UniversalString.
3908: A workaround for some ancient software that had problems
3909: with the variable-sized BMPString and UTF8String types.
1.1 jsing 3910: .It Cm MASK : Ns Ar number
1.63 jmc 3911: An explicit bitmask of permitted types, where
1.1 jsing 3912: .Ar number
3913: is a C-style hex, decimal, or octal number that's a bit-wise OR of
3914: .Dv B_ASN1_*
3915: values from
3916: .In openssl/asn1.h .
3917: .El
1.63 jmc 3918: .It Cm utf8
3919: If set to
3920: .Qq yes ,
1.72 jmc 3921: field values are interpreted as UTF8 strings.
1.63 jmc 3922: .It Cm x509_extensions
3923: The configuration file section containing a list of
1.1 jsing 3924: extensions to add to a certificate generated when the
3925: .Fl x509
3926: switch is used.
3927: It can be overridden by the
3928: .Fl extensions
1.72 jmc 3929: command line switch.
1.1 jsing 3930: .El
1.63 jmc 3931: .Pp
1.1 jsing 3932: There are two separate formats for the distinguished name and attribute
3933: sections.
3934: If the
3935: .Fl prompt
3936: option is set to
1.63 jmc 3937: .Qq no ,
1.72 jmc 3938: then these sections just consist of field names and values.
3939: If the
1.1 jsing 3940: .Fl prompt
3941: option is absent or not set to
1.63 jmc 3942: .Qq no ,
1.72 jmc 3943: then the file contains field prompting information of the form:
1.1 jsing 3944: .Bd -unfilled -offset indent
3945: fieldName="prompt"
3946: fieldName_default="default field value"
3947: fieldName_min= 2
3948: fieldName_max= 4
3949: .Ed
3950: .Pp
3951: .Qq fieldName
3952: is the field name being used, for example
1.63 jmc 3953: .Cm commonName
3954: (or CN).
1.1 jsing 3955: The
3956: .Qq prompt
3957: string is used to ask the user to enter the relevant details.
3958: If the user enters nothing, the default value is used;
3959: if no default value is present, the field is omitted.
3960: A field can still be omitted if a default value is present,
3961: if the user just enters the
3962: .Sq \&.
3963: character.
3964: .Pp
3965: The number of characters entered must be between the
1.63 jmc 3966: fieldName_min and fieldName_max limits:
1.1 jsing 3967: there may be additional restrictions based on the field being used
3968: (for example
1.63 jmc 3969: .Cm countryName
1.1 jsing 3970: can only ever be two characters long and must fit in a
1.63 jmc 3971: .Cm PrintableString ) .
1.1 jsing 3972: .Pp
3973: Some fields (such as
1.63 jmc 3974: .Cm organizationName )
1.1 jsing 3975: can be used more than once in a DN.
3976: This presents a problem because configuration files will
3977: not recognize the same name occurring twice.
3978: To avoid this problem, if the
1.63 jmc 3979: .Cm fieldName
1.1 jsing 3980: contains some characters followed by a full stop, they will be ignored.
3981: So, for example, a second
1.63 jmc 3982: .Cm organizationName
1.1 jsing 3983: can be input by calling it
3984: .Qq 1.organizationName .
3985: .Pp
3986: The actual permitted field names are any object identifier short or
3987: long names.
3988: These are compiled into
1.63 jmc 3989: .Nm openssl
1.1 jsing 3990: and include the usual values such as
1.63 jmc 3991: .Cm commonName , countryName , localityName , organizationName ,
1.89 jmc 3992: .Cm organizationalUnitName , stateOrProvinceName .
1.1 jsing 3993: Additionally,
1.63 jmc 3994: .Cm emailAddress
1.1 jsing 3995: is included as well as
1.63 jmc 3996: .Cm name , surname , givenName , initials
1.1 jsing 3997: and
1.63 jmc 3998: .Cm dnQualifier .
1.1 jsing 3999: .Pp
4000: Additional object identifiers can be defined with the
1.63 jmc 4001: .Cm oid_file
1.1 jsing 4002: or
1.63 jmc 4003: .Cm oid_section
1.1 jsing 4004: options in the configuration file.
4005: Any additional fields will be treated as though they were a
1.63 jmc 4006: .Cm DirectoryString .
1.1 jsing 4007: .Sh RSA
1.114 jmc 4008: .Bl -hang -width "openssl rsa"
4009: .It Nm openssl rsa
4010: .Bk -words
1.64 jmc 4011: .Op Fl aes128 | aes192 | aes256 | des | des3
1.1 jsing 4012: .Op Fl check
4013: .Op Fl in Ar file
1.108 inoguchi 4014: .Op Fl inform Cm der | net | pem | pvk
1.1 jsing 4015: .Op Fl modulus
4016: .Op Fl noout
4017: .Op Fl out Ar file
1.108 inoguchi 4018: .Op Fl outform Cm der | net | pem | pvk
1.1 jsing 4019: .Op Fl passin Ar arg
4020: .Op Fl passout Ar arg
4021: .Op Fl pubin
4022: .Op Fl pubout
1.108 inoguchi 4023: .Op Fl pvk-none | pvk-strong | pvk-weak
4024: .Op Fl RSAPublicKey_in
4025: .Op Fl RSAPublicKey_out
1.1 jsing 4026: .Op Fl sgckey
4027: .Op Fl text
1.114 jmc 4028: .Ek
4029: .El
1.1 jsing 4030: .Pp
4031: The
4032: .Nm rsa
4033: command processes RSA keys.
4034: They can be converted between various forms and their components printed out.
1.64 jmc 4035: .Nm rsa
4036: uses the traditional
1.1 jsing 4037: .Nm SSLeay
4038: compatible format for private key encryption:
4039: newer applications should use the more secure PKCS#8 format using the
4040: .Nm pkcs8
4041: utility.
4042: .Pp
4043: The options are as follows:
4044: .Bl -tag -width Ds
1.64 jmc 4045: .It Fl aes128 | aes192 | aes256 | des | des3
4046: Encrypt the private key with the AES, DES,
1.1 jsing 4047: or the triple DES ciphers, respectively, before outputting it.
4048: A pass phrase is prompted for.
4049: If none of these options are specified, the key is written in plain text.
4050: This means that using the
4051: .Nm rsa
4052: utility to read in an encrypted key with no encryption option can be used
4053: to remove the pass phrase from a key, or by setting the encryption options
4054: it can be used to add or change the pass phrase.
4055: These options can only be used with PEM format output files.
4056: .It Fl check
1.64 jmc 4057: Check the consistency of an RSA private key.
1.1 jsing 4058: .It Fl in Ar file
1.64 jmc 4059: The input file to read from,
4060: or standard input if not specified.
1.1 jsing 4061: If the key is encrypted, a pass phrase will be prompted for.
1.108 inoguchi 4062: .It Fl inform Cm der | net | pem | pvk
1.64 jmc 4063: The input format.
1.1 jsing 4064: .It Fl noout
1.64 jmc 4065: Do not output the encoded version of the key.
1.1 jsing 4066: .It Fl modulus
1.64 jmc 4067: Print the value of the modulus of the key.
1.1 jsing 4068: .It Fl out Ar file
1.64 jmc 4069: The output file to write to,
4070: or standard output if not specified.
1.108 inoguchi 4071: .It Fl outform Cm der | net | pem | pvk
1.64 jmc 4072: The output format.
1.1 jsing 4073: .It Fl passin Ar arg
4074: The key password source.
4075: .It Fl passout Ar arg
4076: The output file password source.
4077: .It Fl pubin
1.64 jmc 4078: Read in a public key,
4079: not a private key.
1.1 jsing 4080: .It Fl pubout
1.64 jmc 4081: Output a public key,
4082: not a private key.
4083: Automatically set if the input is a public key.
1.108 inoguchi 4084: .It Xo
4085: .Fl pvk-none | pvk-strong | pvk-weak
4086: .Xc
4087: Enable or disable PVK encoding.
4088: The default is
4089: .Fl pvk-strong .
4090: .It Fl RSAPublicKey_in , RSAPublicKey_out
4091: Same as
4092: .Fl pubin
4093: and
4094: .Fl pubout
4095: except
4096: .Cm RSAPublicKey
4097: format is used instead.
1.1 jsing 4098: .It Fl sgckey
1.64 jmc 4099: Use the modified NET algorithm used with some versions of Microsoft IIS
4100: and SGC keys.
1.1 jsing 4101: .It Fl text
1.64 jmc 4102: Print the public/private key components in plain text.
1.1 jsing 4103: .El
4104: .Sh RSAUTL
1.114 jmc 4105: .Bl -hang -width "openssl rsautl"
4106: .It Nm openssl rsautl
4107: .Bk -words
1.1 jsing 4108: .Op Fl asn1parse
4109: .Op Fl certin
4110: .Op Fl decrypt
4111: .Op Fl encrypt
4112: .Op Fl hexdump
4113: .Op Fl in Ar file
4114: .Op Fl inkey Ar file
1.65 jmc 4115: .Op Fl keyform Cm der | pem
1.100 tb 4116: .Op Fl oaep | pkcs | raw | x931
1.1 jsing 4117: .Op Fl out Ar file
1.100 tb 4118: .Op Fl passin Ar arg
1.1 jsing 4119: .Op Fl pubin
1.100 tb 4120: .Op Fl rev
1.1 jsing 4121: .Op Fl sign
4122: .Op Fl verify
1.114 jmc 4123: .Ek
4124: .El
1.1 jsing 4125: .Pp
4126: The
4127: .Nm rsautl
4128: command can be used to sign, verify, encrypt and decrypt
4129: data using the RSA algorithm.
4130: .Pp
4131: The options are as follows:
4132: .Bl -tag -width Ds
4133: .It Fl asn1parse
4134: Asn1parse the output data; this is useful when combined with the
4135: .Fl verify
4136: option.
4137: .It Fl certin
4138: The input is a certificate containing an RSA public key.
4139: .It Fl decrypt
4140: Decrypt the input data using an RSA private key.
4141: .It Fl encrypt
4142: Encrypt the input data using an RSA public key.
4143: .It Fl hexdump
4144: Hex dump the output data.
4145: .It Fl in Ar file
1.65 jmc 4146: The input to read from,
4147: or standard input if not specified.
1.1 jsing 4148: .It Fl inkey Ar file
1.65 jmc 4149: The input key file; by default an RSA private key.
4150: .It Fl keyform Cm der | pem
1.85 tb 4151: The private key format.
1.65 jmc 4152: The default is
4153: .Cm pem .
1.100 tb 4154: .It Fl oaep | pkcs | raw | x931
1.1 jsing 4155: The padding to use:
1.100 tb 4156: PKCS#1 OAEP, PKCS#1 v1.5 (the default), no padding, or ANSI X9.31,
4157: respectively.
1.1 jsing 4158: For signatures, only
4159: .Fl pkcs
4160: and
4161: .Fl raw
4162: can be used.
4163: .It Fl out Ar file
1.65 jmc 4164: The output file to write to,
4165: or standard output if not specified.
1.100 tb 4166: .It Fl passin Ar arg
4167: The key password source.
1.1 jsing 4168: .It Fl pubin
4169: The input file is an RSA public key.
1.100 tb 4170: .It Fl rev
4171: Reverse the order of the input buffer.
1.1 jsing 4172: .It Fl sign
4173: Sign the input data and output the signed result.
4174: This requires an RSA private key.
4175: .It Fl verify
4176: Verify the input data and output the recovered data.
4177: .El
4178: .Sh S_CLIENT
1.114 jmc 4179: .Bl -hang -width "openssl s_client"
4180: .It Nm openssl s_client
4181: .Bk -words
1.1 jsing 4182: .Op Fl 4 | 6
1.110 inoguchi 4183: .Op Fl alpn Ar protocols
1.1 jsing 4184: .Op Fl bugs
4185: .Op Fl CAfile Ar file
4186: .Op Fl CApath Ar directory
4187: .Op Fl cert Ar file
1.110 inoguchi 4188: .Op Fl certform Cm der | pem
1.1 jsing 4189: .Op Fl check_ss_sig
4190: .Op Fl cipher Ar cipherlist
1.66 jmc 4191: .Op Fl connect Ar host Ns Op : Ns Ar port
1.1 jsing 4192: .Op Fl crl_check
4193: .Op Fl crl_check_all
4194: .Op Fl crlf
4195: .Op Fl debug
1.110 inoguchi 4196: .Op Fl dtls1
1.1 jsing 4197: .Op Fl extended_crl
1.87 jmc 4198: .Op Fl groups
1.110 inoguchi 4199: .Op Fl host Ar host
1.1 jsing 4200: .Op Fl ign_eof
4201: .Op Fl ignore_critical
4202: .Op Fl issuer_checks
4203: .Op Fl key Ar keyfile
1.110 inoguchi 4204: .Op Fl keyform Cm der | pem
4205: .Op Fl keymatexport Ar label
4206: .Op Fl keymatexportlen Ar len
4207: .Op Fl legacy_server_connect
1.1 jsing 4208: .Op Fl msg
1.110 inoguchi 4209: .Op Fl mtu Ar mtu
1.1 jsing 4210: .Op Fl nbio
4211: .Op Fl nbio_test
1.110 inoguchi 4212: .Op Fl no_comp
4213: .Op Fl no_ign_eof
4214: .Op Fl no_legacy_server_connect
1.1 jsing 4215: .Op Fl no_ticket
4216: .Op Fl no_tls1
1.6 guenther 4217: .Op Fl no_tls1_1
4218: .Op Fl no_tls1_2
1.110 inoguchi 4219: .Op Fl pass Ar arg
1.1 jsing 4220: .Op Fl pause
4221: .Op Fl policy_check
1.110 inoguchi 4222: .Op Fl port Ar port
1.1 jsing 4223: .Op Fl prexit
1.11 bluhm 4224: .Op Fl proxy Ar host : Ns Ar port
1.1 jsing 4225: .Op Fl quiet
4226: .Op Fl reconnect
1.5 jsing 4227: .Op Fl servername Ar name
1.110 inoguchi 4228: .Op Fl serverpref
4229: .Op Fl sess_in Ar file
4230: .Op Fl sess_out Ar file
1.1 jsing 4231: .Op Fl showcerts
4232: .Op Fl starttls Ar protocol
4233: .Op Fl state
1.110 inoguchi 4234: .Op Fl status
4235: .Op Fl timeout
1.1 jsing 4236: .Op Fl tls1
1.31 jmc 4237: .Op Fl tls1_1
4238: .Op Fl tls1_2
1.1 jsing 4239: .Op Fl tlsextdebug
1.110 inoguchi 4240: .Op Fl use_srtp Ar profiles
1.1 jsing 4241: .Op Fl verify Ar depth
1.110 inoguchi 4242: .Op Fl verify_return_error
1.1 jsing 4243: .Op Fl x509_strict
1.19 landry 4244: .Op Fl xmpphost Ar host
1.114 jmc 4245: .Ek
4246: .El
1.1 jsing 4247: .Pp
4248: The
4249: .Nm s_client
4250: command implements a generic SSL/TLS client which connects
4251: to a remote host using SSL/TLS.
1.66 jmc 4252: .Pp
4253: If a connection is established with an SSL server, any data received
4254: from the server is displayed and any key presses will be sent to the
4255: server.
4256: When used interactively (which means neither
4257: .Fl quiet
4258: nor
4259: .Fl ign_eof
4260: have been given), the session will be renegotiated if the line begins with an
4261: .Cm R ;
4262: if the line begins with a
4263: .Cm Q
4264: or if end of file is reached, the connection will be closed down.
1.1 jsing 4265: .Pp
4266: The options are as follows:
4267: .Bl -tag -width Ds
4268: .It Fl 4
1.66 jmc 4269: Attempt connections using IPv4 only.
1.1 jsing 4270: .It Fl 6
1.66 jmc 4271: Attempt connections using IPv6 only.
1.110 inoguchi 4272: .It Fl alpn Ar protocols
4273: Enable the Application-Layer Protocol Negotiation.
4274: .Ar protocols
4275: is a comma-separated list of protocol names that the client should advertise
4276: support for.
1.1 jsing 4277: .It Fl bugs
1.66 jmc 4278: Enable various workarounds for buggy implementations.
1.1 jsing 4279: .It Fl CAfile Ar file
4280: A
4281: .Ar file
4282: containing trusted certificates to use during server authentication
4283: and to use when attempting to build the client certificate chain.
4284: .It Fl CApath Ar directory
4285: The
4286: .Ar directory
4287: to use for server certificate verification.
4288: This directory must be in
4289: .Qq hash format ;
4290: see
4291: .Fl verify
4292: for more information.
4293: These are also used when building the client certificate chain.
4294: .It Fl cert Ar file
4295: The certificate to use, if one is requested by the server.
4296: The default is not to use a certificate.
1.110 inoguchi 4297: .It Fl certform Cm der | pem
4298: The certificate format.
4299: The default is
4300: .Cm pem .
1.1 jsing 4301: .It Xo
4302: .Fl check_ss_sig ,
4303: .Fl crl_check ,
4304: .Fl crl_check_all ,
4305: .Fl extended_crl ,
4306: .Fl ignore_critical ,
4307: .Fl issuer_checks ,
4308: .Fl policy_check ,
4309: .Fl x509_strict
4310: .Xc
4311: Set various certificate chain validation options.
4312: See the
1.66 jmc 4313: .Nm verify
1.1 jsing 4314: command for details.
4315: .It Fl cipher Ar cipherlist
1.66 jmc 4316: Modify the cipher list sent by the client.
1.1 jsing 4317: Although the server determines which cipher suite is used, it should take
4318: the first supported cipher in the list sent by the client.
4319: See the
1.66 jmc 4320: .Nm ciphers
4321: command for more information.
4322: .It Fl connect Ar host Ns Op : Ns Ar port
4323: The
1.1 jsing 4324: .Ar host
1.66 jmc 4325: and
1.1 jsing 4326: .Ar port
4327: to connect to.
4328: If not specified, an attempt is made to connect to the local host
4329: on port 4433.
4330: Alternatively, the host and port pair may be separated using a forward-slash
1.66 jmc 4331: character,
4332: which is useful for numeric IPv6 addresses.
1.1 jsing 4333: .It Fl crlf
1.66 jmc 4334: Translate a line feed from the terminal into CR+LF,
4335: as required by some servers.
1.1 jsing 4336: .It Fl debug
1.66 jmc 4337: Print extensive debugging information, including a hex dump of all traffic.
1.110 inoguchi 4338: .It Fl dtls1
4339: Permit only DTLS1.0.
1.87 jmc 4340: .It Fl groups Ar ecgroups
4341: Specify a colon-separated list of permitted EC curve groups.
1.110 inoguchi 4342: .It Fl host Ar host
4343: The
4344: .Ar host
4345: to connect to.
4346: The default is localhost.
1.1 jsing 4347: .It Fl ign_eof
1.66 jmc 4348: Inhibit shutting down the connection when end of file is reached in the input.
1.1 jsing 4349: .It Fl key Ar keyfile
4350: The private key to use.
4351: If not specified, the certificate file will be used.
1.110 inoguchi 4352: .It Fl keyform Cm der | pem
4353: The private key format.
4354: The default is
4355: .Cm pem .
4356: .It Fl keymatexport Ar label
4357: Export keying material using label.
4358: .It Fl keymatexportlen Ar len
4359: Export len bytes of keying material (default 20).
4360: .It Fl legacy_server_connect , no_legacy_server_connect
4361: Allow or disallow initial connection to servers that don't support RI.
1.1 jsing 4362: .It Fl msg
4363: Show all protocol messages with hex dump.
1.110 inoguchi 4364: .It Fl mtu Ar mtu
4365: Set the link layer MTU.
1.1 jsing 4366: .It Fl nbio
1.66 jmc 4367: Turn on non-blocking I/O.
1.1 jsing 4368: .It Fl nbio_test
1.66 jmc 4369: Test non-blocking I/O.
1.110 inoguchi 4370: .It Fl no_ign_eof
4371: Shut down the connection when end of file is reached in the input.
4372: Can be used to override the implicit
4373: .Fl ign_eof
4374: after
4375: .Fl quiet .
1.31 jmc 4376: .It Fl no_tls1 | no_tls1_1 | no_tls1_2
1.66 jmc 4377: Disable the use of TLS1.0, 1.1, and 1.2, respectively.
1.1 jsing 4378: .It Fl no_ticket
4379: Disable RFC 4507 session ticket support.
1.110 inoguchi 4380: .It Fl pass Ar arg
4381: The private key password source.
1.1 jsing 4382: .It Fl pause
1.66 jmc 4383: Pause 1 second between each read and write call.
1.110 inoguchi 4384: .It Fl port Ar port
4385: The
4386: .Ar port
4387: to connect to.
4388: The default is 4433.
1.1 jsing 4389: .It Fl prexit
4390: Print session information when the program exits.
4391: This will always attempt
4392: to print out information even if the connection fails.
4393: Normally, information will only be printed out once if the connection succeeds.
4394: This option is useful because the cipher in use may be renegotiated
4395: or the connection may fail because a client certificate is required or is
4396: requested only after an attempt is made to access a certain URL.
1.66 jmc 4397: Note that the output produced by this option is not always accurate
4398: because a connection might never have been established.
1.11 bluhm 4399: .It Fl proxy Ar host : Ns Ar port
4400: Use the HTTP proxy at
4401: .Ar host
4402: and
4403: .Ar port .
4404: The connection to the proxy is done in cleartext and the
4405: .Fl connect
4406: argument is given to the proxy.
4407: If not specified, localhost is used as final destination.
4408: After that, switch the connection through the proxy to the destination
4409: to TLS.
1.1 jsing 4410: .It Fl quiet
4411: Inhibit printing of session and certificate information.
4412: This implicitly turns on
4413: .Fl ign_eof
4414: as well.
4415: .It Fl reconnect
1.66 jmc 4416: Reconnect to the same server 5 times using the same session ID; this can
1.1 jsing 4417: be used as a test that session caching is working.
1.5 jsing 4418: .It Fl servername Ar name
4419: Include the TLS Server Name Indication (SNI) extension in the ClientHello
4420: message, using the specified server
4421: .Ar name .
1.1 jsing 4422: .It Fl showcerts
4423: Display the whole server certificate chain: normally only the server
4424: certificate itself is displayed.
1.110 inoguchi 4425: .It Fl serverpref
4426: Use the server's cipher preferences.
4427: .It Fl sess_in Ar file
4428: Load TLS session from file.
4429: The client will attempt to resume a connection from this session.
4430: .It Fl sess_out Ar file
4431: Output TLS session to file.
1.1 jsing 4432: .It Fl starttls Ar protocol
1.66 jmc 4433: Send the protocol-specific messages to switch to TLS for communication.
1.1 jsing 4434: .Ar protocol
4435: is a keyword for the intended protocol.
4436: Currently, the supported keywords are
4437: .Qq ftp ,
4438: .Qq imap ,
4439: .Qq smtp ,
4440: .Qq pop3 ,
4441: and
4442: .Qq xmpp .
4443: .It Fl state
1.66 jmc 4444: Print the SSL session states.
1.110 inoguchi 4445: .It Fl status
4446: Send a certificate status request to the server (OCSP stapling).
4447: The server response (if any) is printed out.
4448: .It Fl timeout
4449: Enable send/receive timeout on DTLS connections.
1.31 jmc 4450: .It Fl tls1 | tls1_1 | tls1_2
4451: Permit only TLS1.0, 1.1, or 1.2, respectively.
1.1 jsing 4452: .It Fl tlsextdebug
1.66 jmc 4453: Print a hex dump of any TLS extensions received from the server.
1.110 inoguchi 4454: .It Fl use_srtp Ar profiles
4455: Offer SRTP key management with a colon-separated profile list.
1.1 jsing 4456: .It Fl verify Ar depth
1.66 jmc 4457: Turn on server certificate verification,
4458: with a maximum length of
4459: .Ar depth .
1.1 jsing 4460: Currently the verify operation continues after errors so all the problems
4461: with a certificate chain can be seen.
4462: As a side effect the connection will never fail due to a server
4463: certificate verify failure.
1.110 inoguchi 4464: .It Fl verify_return_error
4465: Return verification error.
1.19 landry 4466: .It Fl xmpphost Ar hostname
1.66 jmc 4467: When used with
1.19 landry 4468: .Fl starttls Ar xmpp ,
1.66 jmc 4469: specify the host for the "to" attribute of the stream element.
1.19 landry 4470: If this option is not specified then the host specified with
4471: .Fl connect
4472: will be used.
1.1 jsing 4473: .El
4474: .Sh S_SERVER
1.114 jmc 4475: .Bl -hang -width "openssl s_server"
4476: .It Nm openssl s_server
4477: .Bk -words
1.1 jsing 4478: .Op Fl accept Ar port
1.111 inoguchi 4479: .Op Fl alpn Ar protocols
1.1 jsing 4480: .Op Fl bugs
4481: .Op Fl CAfile Ar file
4482: .Op Fl CApath Ar directory
4483: .Op Fl cert Ar file
1.111 inoguchi 4484: .Op Fl cert2 Ar file
4485: .Op Fl certform Cm der | pem
1.1 jsing 4486: .Op Fl cipher Ar cipherlist
4487: .Op Fl context Ar id
4488: .Op Fl crl_check
4489: .Op Fl crl_check_all
4490: .Op Fl crlf
4491: .Op Fl dcert Ar file
1.111 inoguchi 4492: .Op Fl dcertform Cm der | pem
1.1 jsing 4493: .Op Fl debug
4494: .Op Fl dhparam Ar file
4495: .Op Fl dkey Ar file
1.111 inoguchi 4496: .Op Fl dkeyform Cm der | pem
4497: .Op Fl dpass Ar arg
4498: .Op Fl dtls1
1.1 jsing 4499: .Op Fl HTTP
4500: .Op Fl id_prefix Ar arg
4501: .Op Fl key Ar keyfile
1.111 inoguchi 4502: .Op Fl key2 Ar keyfile
4503: .Op Fl keyform Cm der | pem
4504: .Op Fl keymatexport Ar label
4505: .Op Fl keymatexportlen Ar len
1.1 jsing 4506: .Op Fl msg
1.111 inoguchi 4507: .Op Fl mtu Ar mtu
4508: .Op Fl named_curve Ar arg
1.1 jsing 4509: .Op Fl nbio
4510: .Op Fl nbio_test
1.111 inoguchi 4511: .Op Fl no_cache
1.1 jsing 4512: .Op Fl no_dhe
1.111 inoguchi 4513: .Op Fl no_ecdhe
4514: .Op Fl no_ticket
1.1 jsing 4515: .Op Fl no_tls1
1.6 guenther 4516: .Op Fl no_tls1_1
4517: .Op Fl no_tls1_2
1.1 jsing 4518: .Op Fl no_tmp_rsa
4519: .Op Fl nocert
1.111 inoguchi 4520: .Op Fl pass Ar arg
1.1 jsing 4521: .Op Fl quiet
1.111 inoguchi 4522: .Op Fl servername Ar name
4523: .Op Fl servername_fatal
1.1 jsing 4524: .Op Fl serverpref
4525: .Op Fl state
1.111 inoguchi 4526: .Op Fl status
4527: .Op Fl status_timeout Ar nsec
4528: .Op Fl status_url Ar url
4529: .Op Fl status_verbose
4530: .Op Fl timeout
1.1 jsing 4531: .Op Fl tls1
1.31 jmc 4532: .Op Fl tls1_1
4533: .Op Fl tls1_2
1.111 inoguchi 4534: .Op Fl tlsextdebug
4535: .Op Fl use_srtp Ar profiles
1.1 jsing 4536: .Op Fl Verify Ar depth
4537: .Op Fl verify Ar depth
1.111 inoguchi 4538: .Op Fl verify_return_error
1.1 jsing 4539: .Op Fl WWW
4540: .Op Fl www
1.114 jmc 4541: .Ek
4542: .El
1.1 jsing 4543: .Pp
4544: The
4545: .Nm s_server
4546: command implements a generic SSL/TLS server which listens
4547: for connections on a given port using SSL/TLS.
4548: .Pp
1.67 jmc 4549: If a connection request is established with a client and neither the
4550: .Fl www
4551: nor the
4552: .Fl WWW
4553: option has been used, then any data received
4554: from the client is displayed and any key presses are sent to the client.
4555: Certain single letter commands perform special operations:
4556: .Pp
4557: .Bl -tag -width "XXXX" -compact
4558: .It Ic P
4559: Send plain text, which should cause the client to disconnect.
4560: .It Ic Q
4561: End the current SSL connection and exit.
4562: .It Ic q
4563: End the current SSL connection, but still accept new connections.
4564: .It Ic R
4565: Renegotiate the SSL session and request a client certificate.
4566: .It Ic r
4567: Renegotiate the SSL session.
4568: .It Ic S
4569: Print out some session cache status information.
4570: .El
4571: .Pp
1.1 jsing 4572: The options are as follows:
4573: .Bl -tag -width Ds
1.113 inoguchi 4574: .It Fl accept Ar port
1.67 jmc 4575: Listen on TCP
1.1 jsing 4576: .Ar port
1.67 jmc 4577: for connections.
4578: The default is port 4433.
1.111 inoguchi 4579: .It Fl alpn Ar protocols
4580: Enable the Application-Layer Protocol Negotiation.
4581: .Ar protocols
4582: is a comma-separated list of supported protocol names.
1.1 jsing 4583: .It Fl bugs
1.67 jmc 4584: Enable various workarounds for buggy implementations.
1.1 jsing 4585: .It Fl CAfile Ar file
1.67 jmc 4586: A
4587: .Ar file
4588: containing trusted certificates to use during client authentication
1.1 jsing 4589: and to use when attempting to build the server certificate chain.
4590: The list is also used in the list of acceptable client CAs passed to the
4591: client when a certificate is requested.
4592: .It Fl CApath Ar directory
4593: The
4594: .Ar directory
4595: to use for client certificate verification.
4596: This directory must be in
4597: .Qq hash format ;
4598: see
4599: .Fl verify
4600: for more information.
4601: These are also used when building the server certificate chain.
4602: .It Fl cert Ar file
1.67 jmc 4603: The certificate to use: most server's cipher suites require the use of a
4604: certificate and some require a certificate with a certain public key type.
4605: For example, the DSS cipher suites require a certificate containing a DSS
4606: (DSA) key.
1.1 jsing 4607: If not specified, the file
4608: .Pa server.pem
4609: will be used.
1.111 inoguchi 4610: .It Fl cert2 Ar file
4611: The certificate to use for servername.
4612: .It Fl certform Cm der | pem
4613: The certificate format.
4614: The default is
4615: .Cm pem .
1.1 jsing 4616: .It Fl cipher Ar cipherlist
1.67 jmc 4617: Modify the cipher list used by the server.
1.1 jsing 4618: This allows the cipher list used by the server to be modified.
4619: When the client sends a list of supported ciphers, the first client cipher
4620: also included in the server list is used.
4621: Because the client specifies the preference order, the order of the server
4622: cipherlist is irrelevant.
4623: See the
1.67 jmc 4624: .Nm ciphers
4625: command for more information.
1.1 jsing 4626: .It Fl context Ar id
1.67 jmc 4627: Set the SSL context ID.
1.1 jsing 4628: It can be given any string value.
4629: .It Fl crl_check , crl_check_all
4630: Check the peer certificate has not been revoked by its CA.
4631: The CRLs are appended to the certificate file.
4632: .Fl crl_check_all
1.67 jmc 4633: checks all CRLs of all CAs in the chain.
1.1 jsing 4634: .It Fl crlf
1.67 jmc 4635: Translate a line feed from the terminal into CR+LF.
1.1 jsing 4636: .It Fl dcert Ar file , Fl dkey Ar file
4637: Specify an additional certificate and private key; these behave in the
4638: same manner as the
4639: .Fl cert
4640: and
4641: .Fl key
4642: options except there is no default if they are not specified
1.67 jmc 4643: (no additional certificate or key is used).
1.1 jsing 4644: By using RSA and DSS certificates and keys,
4645: a server can support clients which only support RSA or DSS cipher suites
4646: by using an appropriate certificate.
1.111 inoguchi 4647: .It Fl dcertform Cm der | pem , Fl dkeyform Cm der | pem , Fl dpass Ar arg
4648: Additional certificate and private key format, and private key password source,
4649: respectively.
1.1 jsing 4650: .It Fl debug
1.67 jmc 4651: Print extensive debugging information, including a hex dump of all traffic.
1.1 jsing 4652: .It Fl dhparam Ar file
4653: The DH parameter file to use.
4654: The ephemeral DH cipher suites generate keys
4655: using a set of DH parameters.
4656: If not specified, an attempt is made to
4657: load the parameters from the server certificate file.
4658: If this fails, a static set of parameters hard coded into the
4659: .Nm s_server
4660: program will be used.
1.111 inoguchi 4661: .It Fl dtls1
4662: Permit only DTLS1.0.
1.1 jsing 4663: .It Fl HTTP
1.67 jmc 4664: Emulate a simple web server.
4665: Pages are resolved relative to the current directory.
4666: For example if the URL
1.1 jsing 4667: .Pa https://myhost/page.html
4668: is requested, the file
4669: .Pa ./page.html
4670: will be loaded.
4671: The files loaded are assumed to contain a complete and correct HTTP
4672: response (lines that are part of the HTTP response line and headers
4673: must end with CRLF).
4674: .It Fl id_prefix Ar arg
4675: Generate SSL/TLS session IDs prefixed by
4676: .Ar arg .
4677: This is mostly useful for testing any SSL/TLS code
1.81 jmc 4678: that wish to deal with multiple servers,
4679: when each of which might be generating a unique range of session IDs.
1.1 jsing 4680: .It Fl key Ar keyfile
4681: The private key to use.
4682: If not specified, the certificate file will be used.
1.111 inoguchi 4683: .It Fl key2 Ar keyfile
4684: The private key to use for servername.
4685: .It Fl keyform Cm der | pem
4686: The private key format.
4687: The default is
4688: .Cm pem .
4689: .It Fl keymatexport Ar label
4690: Export keying material using label.
4691: .It Fl keymatexportlen Ar len
4692: Export len bytes of keying material (default 20).
1.1 jsing 4693: .It Fl msg
4694: Show all protocol messages with hex dump.
1.111 inoguchi 4695: .It Fl mtu Ar mtu
4696: Set the link layer MTU.
4697: .It Fl named_curve Ar arg
4698: Specify the elliptic curve name to use for ephemeral ECDH keys.
1.1 jsing 4699: .It Fl nbio
1.67 jmc 4700: Turn on non-blocking I/O.
1.1 jsing 4701: .It Fl nbio_test
1.67 jmc 4702: Test non-blocking I/O.
1.111 inoguchi 4703: .It Fl no_cache
4704: Disable session caching.
1.1 jsing 4705: .It Fl no_dhe
1.67 jmc 4706: Disable ephemeral DH cipher suites.
1.111 inoguchi 4707: .It Fl no_ecdhe
4708: Disable ephemeral ECDH cipher suites.
4709: .It Fl no_ticket
4710: Disable RFC 4507 session ticket support.
1.31 jmc 4711: .It Fl no_tls1 | no_tls1_1 | no_tls1_2
1.67 jmc 4712: Disable the use of TLS1.0, 1.1, and 1.2, respectively.
1.1 jsing 4713: .It Fl no_tmp_rsa
1.67 jmc 4714: Disable temporary RSA key generation.
1.1 jsing 4715: .It Fl nocert
1.67 jmc 4716: Do not use a certificate.
1.1 jsing 4717: This restricts the cipher suites available to the anonymous ones
1.67 jmc 4718: (currently just anonymous DH).
1.111 inoguchi 4719: .It Fl pass Ar arg
4720: The private key password source.
1.1 jsing 4721: .It Fl quiet
4722: Inhibit printing of session and certificate information.
1.111 inoguchi 4723: .It Fl servername Ar name
4724: Set the TLS Server Name Indication (SNI) extension with
4725: .Ar name .
4726: .It Fl servername_fatal
4727: Send fatal alert if servername does not match.
4728: The default is warning alert.
1.1 jsing 4729: .It Fl serverpref
4730: Use server's cipher preferences.
4731: .It Fl state
1.67 jmc 4732: Print the SSL session states.
1.111 inoguchi 4733: .It Fl status
4734: Enables certificate status request support (OCSP stapling).
4735: .It Fl status_timeout Ar nsec
4736: Sets the timeout for OCSP response in seconds.
4737: .It Fl status_url Ar url
4738: Sets a fallback responder URL to use if no responder URL is present in the
4739: server certificate.
4740: Without this option, an error is returned if the server certificate does not
4741: contain a responder address.
4742: .It Fl status_verbose
4743: Enables certificate status request support (OCSP stapling) and gives a verbose
4744: printout of the OCSP response.
4745: .It Fl timeout
4746: Enable send/receive timeout on DTLS connections.
1.31 jmc 4747: .It Fl tls1 | tls1_1 | tls1_2
4748: Permit only TLS1.0, 1.1, or 1.2, respectively.
1.111 inoguchi 4749: .It Fl tlsextdebug
4750: Print a hex dump of any TLS extensions received from the server.
4751: .It Fl use_srtp Ar profiles
4752: Offer SRTP key management with a colon-separated profile list.
4753: .It Fl verify_return_error
4754: Return verification error.
1.1 jsing 4755: .It Fl WWW
1.67 jmc 4756: Emulate a simple web server.
4757: Pages are resolved relative to the current directory.
4758: For example if the URL
1.1 jsing 4759: .Pa https://myhost/page.html
4760: is requested, the file
4761: .Pa ./page.html
4762: will be loaded.
4763: .It Fl www
1.67 jmc 4764: Send a status message to the client when it connects,
4765: including information about the ciphers used and various session parameters.
1.1 jsing 4766: The output is in HTML format so this option will normally be used with a
4767: web browser.
4768: .It Fl Verify Ar depth , Fl verify Ar depth
1.67 jmc 4769: Request a certificate chain from the client,
4770: with a maximum length of
4771: .Ar depth .
4772: With
4773: .Fl Verify ,
4774: the client must supply a certificate or an error occurs;
4775: with
4776: .Fl verify ,
4777: a certificate is requested but the client does not have to send one.
1.1 jsing 4778: .El
4779: .Sh S_TIME
1.114 jmc 4780: .Bl -hang -width "openssl s_time"
4781: .It Nm openssl s_time
4782: .Bk -words
1.1 jsing 4783: .Op Fl bugs
4784: .Op Fl CAfile Ar file
4785: .Op Fl CApath Ar directory
4786: .Op Fl cert Ar file
4787: .Op Fl cipher Ar cipherlist
1.68 jmc 4788: .Op Fl connect Ar host Ns Op : Ns Ar port
1.1 jsing 4789: .Op Fl key Ar keyfile
4790: .Op Fl nbio
4791: .Op Fl new
1.20 lteo 4792: .Op Fl no_shutdown
1.1 jsing 4793: .Op Fl reuse
4794: .Op Fl time Ar seconds
4795: .Op Fl verify Ar depth
4796: .Op Fl www Ar page
1.114 jmc 4797: .Ek
4798: .El
1.1 jsing 4799: .Pp
4800: The
1.68 jmc 4801: .Nm s_time
1.1 jsing 4802: command implements a generic SSL/TLS client which connects to a
4803: remote host using SSL/TLS.
4804: It can request a page from the server and includes
4805: the time to transfer the payload data in its timing measurements.
4806: It measures the number of connections within a given timeframe,
4807: the amount of data transferred
4808: .Pq if any ,
4809: and calculates the average time spent for one connection.
4810: .Pp
4811: The options are as follows:
4812: .Bl -tag -width Ds
4813: .It Fl bugs
1.68 jmc 4814: Enable various workarounds for buggy implementations.
1.1 jsing 4815: .It Fl CAfile Ar file
1.68 jmc 4816: A
4817: .Ar file
4818: containing trusted certificates to use during server authentication
1.1 jsing 4819: and to use when attempting to build the client certificate chain.
4820: .It Fl CApath Ar directory
4821: The directory to use for server certificate verification.
4822: This directory must be in
4823: .Qq hash format ;
4824: see
4825: .Nm verify
4826: for more information.
4827: These are also used when building the client certificate chain.
4828: .It Fl cert Ar file
4829: The certificate to use, if one is requested by the server.
4830: The default is not to use a certificate.
4831: .It Fl cipher Ar cipherlist
1.68 jmc 4832: Modify the cipher list sent by the client.
1.1 jsing 4833: Although the server determines which cipher suite is used,
4834: it should take the first supported cipher in the list sent by the client.
4835: See the
4836: .Nm ciphers
4837: command for more information.
1.68 jmc 4838: .It Fl connect Ar host Ns Op : Ns Ar port
4839: The host and port to connect to.
1.1 jsing 4840: .It Fl key Ar keyfile
4841: The private key to use.
4842: If not specified, the certificate file will be used.
4843: .It Fl nbio
1.68 jmc 4844: Turn on non-blocking I/O.
1.1 jsing 4845: .It Fl new
1.68 jmc 4846: Perform the timing test using a new session ID for each connection.
1.1 jsing 4847: If neither
4848: .Fl new
4849: nor
4850: .Fl reuse
4851: are specified,
4852: they are both on by default and executed in sequence.
1.20 lteo 4853: .It Fl no_shutdown
1.21 jmc 4854: Shut down the connection without sending a
1.68 jmc 4855: .Qq close notify
1.20 lteo 4856: shutdown alert to the server.
1.1 jsing 4857: .It Fl reuse
1.68 jmc 4858: Perform the timing test using the same session ID for each connection.
1.1 jsing 4859: If neither
4860: .Fl new
4861: nor
4862: .Fl reuse
4863: are specified,
4864: they are both on by default and executed in sequence.
4865: .It Fl time Ar seconds
1.68 jmc 4866: Limit
1.1 jsing 4867: .Nm s_time
1.68 jmc 4868: benchmarks to the number of
4869: .Ar seconds .
1.1 jsing 4870: The default is 30 seconds.
4871: .It Fl verify Ar depth
1.68 jmc 4872: Turn on server certificate verification,
4873: with a maximum length of
4874: .Ar depth .
1.1 jsing 4875: Currently the verify operation continues after errors, so all the problems
4876: with a certificate chain can be seen.
4877: As a side effect,
4878: the connection will never fail due to a server certificate verify failure.
4879: .It Fl www Ar page
1.68 jmc 4880: The page to GET from the server.
1.1 jsing 4881: A value of
4882: .Sq /
4883: gets the index.htm[l] page.
4884: If this parameter is not specified,
4885: .Nm s_time
4886: will only perform the handshake to establish SSL connections
4887: but not transfer any payload data.
4888: .El
4889: .Sh SESS_ID
1.114 jmc 4890: .Bl -hang -width "openssl sess_id"
4891: .It Nm openssl sess_id
4892: .Bk -words
1.1 jsing 4893: .Op Fl cert
4894: .Op Fl context Ar ID
4895: .Op Fl in Ar file
1.69 jmc 4896: .Op Fl inform Cm der | pem
1.1 jsing 4897: .Op Fl noout
4898: .Op Fl out Ar file
1.69 jmc 4899: .Op Fl outform Cm der | pem
1.1 jsing 4900: .Op Fl text
1.114 jmc 4901: .Ek
4902: .El
1.1 jsing 4903: .Pp
4904: The
4905: .Nm sess_id
4906: program processes the encoded version of the SSL session structure and
4907: optionally prints out SSL session details
1.69 jmc 4908: (for example the SSL session master key)
1.72 jmc 4909: in human-readable format.
1.1 jsing 4910: .Pp
4911: The options are as follows:
4912: .Bl -tag -width Ds
4913: .It Fl cert
4914: If a certificate is present in the session,
4915: it will be output using this option;
4916: if the
4917: .Fl text
4918: option is also present, then it will be printed out in text form.
4919: .It Fl context Ar ID
1.69 jmc 4920: Set the session
1.1 jsing 4921: .Ar ID .
1.69 jmc 4922: The ID can be any string of characters.
1.1 jsing 4923: .It Fl in Ar file
1.69 jmc 4924: The input file to read from,
4925: or standard input if not specified.
4926: .It Fl inform Cm der | pem
4927: The input format.
4928: .Cm der
1.84 jmc 4929: uses an ASN.1 DER-encoded format containing session details.
1.1 jsing 4930: The precise format can vary from one version to the next.
1.69 jmc 4931: .Cm pem
4932: is the default format: it consists of the DER
1.1 jsing 4933: format base64-encoded with additional header and footer lines.
4934: .It Fl noout
1.69 jmc 4935: Do not output the encoded version of the session.
1.1 jsing 4936: .It Fl out Ar file
1.69 jmc 4937: The output file to write to,
4938: or standard output if not specified.
4939: .It Fl outform Cm der | pem
4940: The output format.
1.1 jsing 4941: .It Fl text
1.69 jmc 4942: Print the various public or private key components in plain text,
4943: in addition to the encoded version.
1.1 jsing 4944: .El
4945: .Pp
1.69 jmc 4946: The output of
4947: .Nm sess_id
4948: is composed as follows:
1.1 jsing 4949: .Pp
1.69 jmc 4950: .Bl -tag -width "Verify return code " -offset 3n -compact
4951: .It Protocol
4952: The protocol in use.
4953: .It Cipher
4954: The actual raw SSL or TLS cipher code.
4955: .It Session-ID
4956: The SSL session ID, in hex format.
4957: .It Session-ID-ctx
4958: The session ID context, in hex format.
4959: .It Master-Key
4960: The SSL session master key.
4961: .It Key-Arg
1.1 jsing 4962: The key argument; this is only used in SSL v2.
1.69 jmc 4963: .It Start Time
4964: The session start time.
1.1 jsing 4965: .Ux
4966: format.
1.69 jmc 4967: .It Timeout
4968: The timeout, in seconds.
4969: .It Verify return code
4970: The return code when a certificate is verified.
1.1 jsing 4971: .El
4972: .Pp
4973: Since the SSL session output contains the master key, it is possible to read
4974: the contents of an encrypted session using this information.
4975: Therefore appropriate security precautions
4976: should be taken if the information is being output by a
4977: .Qq real
4978: application.
4979: This is, however, strongly discouraged and should only be used for
4980: debugging purposes.
4981: .Sh SMIME
1.114 jmc 4982: .Bl -hang -width "openssl smime"
4983: .It Nm openssl smime
4984: .Bk -words
1.1 jsing 4985: .Oo
4986: .Fl aes128 | aes192 | aes256 | des |
4987: .Fl des3 | rc2-40 | rc2-64 | rc2-128
4988: .Oc
4989: .Op Fl binary
4990: .Op Fl CAfile Ar file
4991: .Op Fl CApath Ar directory
4992: .Op Fl certfile Ar file
4993: .Op Fl check_ss_sig
4994: .Op Fl content Ar file
4995: .Op Fl crl_check
4996: .Op Fl crl_check_all
4997: .Op Fl decrypt
4998: .Op Fl encrypt
4999: .Op Fl extended_crl
5000: .Op Fl from Ar addr
5001: .Op Fl ignore_critical
5002: .Op Fl in Ar file
5003: .Op Fl indef
1.70 jmc 5004: .Op Fl inform Cm der | pem | smime
1.1 jsing 5005: .Op Fl inkey Ar file
5006: .Op Fl issuer_checks
1.112 inoguchi 5007: .Op Fl keyform Cm der | pem
1.1 jsing 5008: .Op Fl md Ar digest
5009: .Op Fl noattr
5010: .Op Fl nocerts
5011: .Op Fl nochain
5012: .Op Fl nodetach
5013: .Op Fl noindef
5014: .Op Fl nointern
5015: .Op Fl nosigs
1.108 inoguchi 5016: .Op Fl nosmimecap
1.1 jsing 5017: .Op Fl noverify
5018: .Op Fl out Ar file
1.70 jmc 5019: .Op Fl outform Cm der | pem | smime
1.1 jsing 5020: .Op Fl passin Ar arg
5021: .Op Fl pk7out
5022: .Op Fl policy_check
5023: .Op Fl recip Ar file
5024: .Op Fl resign
5025: .Op Fl sign
5026: .Op Fl signer Ar file
5027: .Op Fl stream
5028: .Op Fl subject Ar s
5029: .Op Fl text
5030: .Op Fl to Ar addr
5031: .Op Fl verify
5032: .Op Fl x509_strict
5033: .Op Ar cert.pem ...
1.114 jmc 5034: .Ek
5035: .El
1.1 jsing 5036: .Pp
5037: The
5038: .Nm smime
1.70 jmc 5039: command handles S/MIME mail.
5040: It can encrypt, decrypt, sign, and verify S/MIME messages.
5041: .Pp
5042: The MIME message must be sent without any blank lines between the
5043: headers and the output.
5044: Some mail programs will automatically add a blank line.
5045: Piping the mail directly to an MTA is one way to
5046: achieve the correct format.
5047: .Pp
5048: The supplied message to be signed or encrypted must include the necessary
5049: MIME headers or many S/MIME clients won't display it properly (if at all).
5050: Use the
5051: .Fl text
5052: option to automatically add plain text headers.
1.1 jsing 5053: .Pp
1.70 jmc 5054: A
5055: .Qq signed and encrypted
5056: message is one where a signed message is then encrypted.
5057: This can be produced by encrypting an already signed message.
1.1 jsing 5058: .Pp
1.70 jmc 5059: There are a number of operations that can be performed, as follows:
1.1 jsing 5060: .Bl -tag -width "XXXX"
5061: .It Fl decrypt
5062: Decrypt mail using the supplied certificate and private key.
1.70 jmc 5063: The input file is an encrypted mail message in MIME format.
1.1 jsing 5064: The decrypted mail is written to the output file.
5065: .It Fl encrypt
5066: Encrypt mail for the given recipient certificates.
1.70 jmc 5067: The input is the message to be encrypted.
5068: The output file is the encrypted mail, in MIME format.
1.1 jsing 5069: .It Fl pk7out
1.70 jmc 5070: Take an input message and write out a PEM-encoded PKCS#7 structure.
1.1 jsing 5071: .It Fl resign
5072: Resign a message: take an existing message and one or more new signers.
5073: .It Fl sign
5074: Sign mail using the supplied certificate and private key.
1.70 jmc 5075: The input file is the message to be signed.
5076: The signed message, in MIME format, is written to the output file.
1.1 jsing 5077: .It Fl verify
5078: Verify signed mail.
1.70 jmc 5079: The input is a signed mail message and the output is the signed data.
1.1 jsing 5080: Both clear text and opaque signing is supported.
5081: .El
5082: .Pp
1.14 jmc 5083: The remaining options are as follows:
1.1 jsing 5084: .Bl -tag -width "XXXX"
5085: .It Xo
5086: .Fl aes128 | aes192 | aes256 | des |
5087: .Fl des3 | rc2-40 | rc2-64 | rc2-128
5088: .Xc
5089: The encryption algorithm to use.
1.70 jmc 5090: 128-, 192-, or 256-bit AES, DES (56 bits), triple DES (168 bits),
1.1 jsing 5091: or 40-, 64-, or 128-bit RC2, respectively;
5092: if not specified, 40-bit RC2 is
5093: used.
5094: Only used with
5095: .Fl encrypt .
5096: .It Fl binary
5097: Normally, the input message is converted to
5098: .Qq canonical
1.70 jmc 5099: format which uses CR/LF as end of line,
5100: as required by the S/MIME specification.
1.1 jsing 5101: When this option is present no translation occurs.
1.70 jmc 5102: This is useful when handling binary data which may not be in MIME format.
1.1 jsing 5103: .It Fl CAfile Ar file
5104: A
5105: .Ar file
5106: containing trusted CA certificates; only used with
5107: .Fl verify .
5108: .It Fl CApath Ar directory
5109: A
5110: .Ar directory
5111: containing trusted CA certificates; only used with
5112: .Fl verify .
5113: This directory must be a standard certificate directory:
5114: that is, a hash of each subject name (using
5115: .Nm x509 -hash )
5116: should be linked to each certificate.
5117: .It Ar cert.pem ...
5118: One or more certificates of message recipients: used when encrypting
5119: a message.
5120: .It Fl certfile Ar file
5121: Allows additional certificates to be specified.
5122: When signing, these will be included with the message.
5123: When verifying, these will be searched for the signers' certificates.
5124: The certificates should be in PEM format.
5125: .It Xo
5126: .Fl check_ss_sig ,
5127: .Fl crl_check ,
5128: .Fl crl_check_all ,
5129: .Fl extended_crl ,
5130: .Fl ignore_critical ,
5131: .Fl issuer_checks ,
5132: .Fl policy_check ,
5133: .Fl x509_strict
5134: .Xc
5135: Set various certificate chain validation options.
5136: See the
1.70 jmc 5137: .Nm verify
1.1 jsing 5138: command for details.
5139: .It Fl content Ar file
1.70 jmc 5140: A file containing the detached content.
1.1 jsing 5141: This is only useful with the
5142: .Fl verify
1.70 jmc 5143: option,
5144: and only usable if the PKCS#7 structure is using the detached
1.1 jsing 5145: signature form where the content is not included.
1.70 jmc 5146: This option will override any content if the input format is S/MIME
5147: and it uses the multipart/signed MIME content type.
1.1 jsing 5148: .It Xo
5149: .Fl from Ar addr ,
5150: .Fl subject Ar s ,
5151: .Fl to Ar addr
5152: .Xc
5153: The relevant mail headers.
5154: These are included outside the signed
5155: portion of a message so they may be included manually.
1.70 jmc 5156: When signing, many S/MIME
1.1 jsing 5157: mail clients check that the signer's certificate email
5158: address matches the From: address.
5159: .It Fl in Ar file
1.70 jmc 5160: The input file to read from.
1.1 jsing 5161: .It Fl indef
5162: Enable streaming I/O for encoding operations.
5163: This permits single pass processing of data without
5164: the need to hold the entire contents in memory,
5165: potentially supporting very large files.
5166: Streaming is automatically set for S/MIME signing with detached
5167: data if the output format is SMIME;
5168: it is currently off by default for all other operations.
1.70 jmc 5169: .It Fl inform Cm der | pem | smime
5170: The input format.
1.1 jsing 5171: .It Fl inkey Ar file
1.70 jmc 5172: The private key to use when signing or decrypting,
5173: which must match the corresponding certificate.
1.1 jsing 5174: If this option is not specified, the private key must be included
5175: in the certificate file specified with
5176: the
5177: .Fl recip
5178: or
5179: .Fl signer
5180: file.
5181: When signing,
5182: this option can be used multiple times to specify successive keys.
1.112 inoguchi 5183: .It Fl keyform Cm der | pem
1.1 jsing 5184: Input private key format.
1.112 inoguchi 5185: The default is
5186: .Cm pem .
1.1 jsing 5187: .It Fl md Ar digest
5188: The digest algorithm to use when signing or resigning.
5189: If not present then the default digest algorithm for the signing key is used
5190: (usually SHA1).
5191: .It Fl noattr
1.70 jmc 5192: Do not include attributes.
1.1 jsing 5193: .It Fl nocerts
1.70 jmc 5194: Do not include the signer's certificate.
1.1 jsing 5195: This will reduce the size of the signed message but the verifier must
5196: have a copy of the signer's certificate available locally (passed using the
5197: .Fl certfile
5198: option, for example).
5199: .It Fl nochain
5200: Do not do chain verification of signers' certificates: that is,
5201: don't use the certificates in the signed message as untrusted CAs.
5202: .It Fl nodetach
5203: When signing a message use opaque signing: this form is more resistant
5204: to translation by mail relays but it cannot be read by mail agents that
1.70 jmc 5205: do not support S/MIME.
5206: Without this option cleartext signing with the MIME type
5207: multipart/signed is used.
1.1 jsing 5208: .It Fl noindef
1.70 jmc 5209: Disable streaming I/O where it would produce an encoding of indefinite length
5210: (currently has no effect).
1.1 jsing 5211: .It Fl nointern
1.70 jmc 5212: Only use certificates specified in the
5213: .Fl certfile .
5214: The supplied certificates can still be used as untrusted CAs.
1.1 jsing 5215: .It Fl nosigs
1.70 jmc 5216: Do not try to verify the signatures on the message.
1.108 inoguchi 5217: .It Fl nosmimecap
5218: Exclude the list of supported algorithms from signed attributes,
5219: other options such as signing time and content type are still included.
1.1 jsing 5220: .It Fl noverify
5221: Do not verify the signer's certificate of a signed message.
5222: .It Fl out Ar file
1.70 jmc 5223: The output file to write to.
5224: .It Fl outform Cm der | pem | smime
5225: The output format.
5226: The default is smime, which writes an S/MIME format message.
5227: .Cm pem
1.1 jsing 5228: and
1.70 jmc 5229: .Cm der
5230: change this to write PEM and DER format PKCS#7 structures instead.
1.1 jsing 5231: This currently only affects the output format of the PKCS#7
5232: structure; if no PKCS#7 structure is being output (for example with
5233: .Fl verify
5234: or
5235: .Fl decrypt )
5236: this option has no effect.
5237: .It Fl passin Ar arg
5238: The key password source.
5239: .It Fl recip Ar file
5240: The recipients certificate when decrypting a message.
5241: This certificate
5242: must match one of the recipients of the message or an error occurs.
5243: .It Fl signer Ar file
5244: A signing certificate when signing or resigning a message;
5245: this option can be used multiple times if more than one signer is required.
5246: If a message is being verified, the signer's certificates will be
5247: written to this file if the verification was successful.
5248: .It Fl stream
5249: The same as
5250: .Fl indef .
5251: .It Fl text
1.70 jmc 5252: Add plain text (text/plain) MIME
1.1 jsing 5253: headers to the supplied message if encrypting or signing.
5254: If decrypting or verifying, it strips off text headers:
1.70 jmc 5255: if the decrypted or verified message is not of MIME type text/plain
5256: then an error occurs.
1.1 jsing 5257: .El
5258: .Pp
1.70 jmc 5259: The exit codes for
5260: .Nm smime
5261: are as follows:
1.1 jsing 5262: .Pp
1.70 jmc 5263: .Bl -tag -width "XXXX" -offset 3n -compact
5264: .It 0
1.1 jsing 5265: The operation was completely successful.
1.70 jmc 5266: .It 1
1.1 jsing 5267: An error occurred parsing the command options.
1.70 jmc 5268: .It 2
1.1 jsing 5269: One of the input files could not be read.
1.70 jmc 5270: .It 3
5271: An error occurred creating the file or when reading the message.
5272: .It 4
1.1 jsing 5273: An error occurred decrypting or verifying the message.
1.70 jmc 5274: .It 5
5275: An error occurred writing certificates.
1.1 jsing 5276: .El
5277: .Sh SPEED
1.114 jmc 5278: .Bl -hang -width "openssl speed"
5279: .It Nm openssl speed
5280: .Bk -words
1.71 jmc 5281: .Op Ar algorithm
1.1 jsing 5282: .Op Fl decrypt
5283: .Op Fl elapsed
1.71 jmc 5284: .Op Fl evp Ar algorithm
1.1 jsing 5285: .Op Fl mr
5286: .Op Fl multi Ar number
1.114 jmc 5287: .Ek
5288: .El
1.1 jsing 5289: .Pp
5290: The
5291: .Nm speed
5292: command is used to test the performance of cryptographic algorithms.
5293: .Bl -tag -width "XXXX"
1.71 jmc 5294: .It Ar algorithm
5295: Perform the test using
5296: .Ar algorithm .
5297: The default is to test all algorithms.
1.1 jsing 5298: .It Fl decrypt
1.71 jmc 5299: Time decryption instead of encryption;
5300: must be used with
5301: .Fl evp .
1.1 jsing 5302: .It Fl elapsed
5303: Measure time in real time instead of CPU user time.
1.71 jmc 5304: .It Fl evp Ar algorithm
5305: Perform the test using one of the algorithms accepted by
5306: .Xr EVP_get_cipherbyname 3 .
1.1 jsing 5307: .It Fl mr
5308: Produce machine readable output.
5309: .It Fl multi Ar number
5310: Run
5311: .Ar number
5312: benchmarks in parallel.
5313: .El
1.77 jmc 5314: .Sh SPKAC
1.114 jmc 5315: .Bl -hang -width "openssl spkac"
5316: .It Nm openssl spkac
5317: .Bk -words
1.77 jmc 5318: .Op Fl challenge Ar string
5319: .Op Fl in Ar file
5320: .Op Fl key Ar keyfile
5321: .Op Fl noout
5322: .Op Fl out Ar file
5323: .Op Fl passin Ar arg
5324: .Op Fl pubkey
5325: .Op Fl spkac Ar spkacname
5326: .Op Fl spksect Ar section
5327: .Op Fl verify
1.114 jmc 5328: .Ek
5329: .El
1.77 jmc 5330: .Pp
5331: The
5332: .Nm spkac
5333: command processes signed public key and challenge (SPKAC) files.
5334: It can print out their contents, verify the signature,
5335: and produce its own SPKACs from a supplied private key.
5336: .Pp
5337: The options are as follows:
5338: .Bl -tag -width Ds
5339: .It Fl challenge Ar string
5340: The challenge string, if an SPKAC is being created.
5341: .It Fl in Ar file
5342: The input file to read from,
5343: or standard input if not specified.
5344: Ignored if the
5345: .Fl key
5346: option is used.
5347: .It Fl key Ar keyfile
5348: Create an SPKAC file using the private key in
5349: .Ar keyfile .
5350: The
5351: .Fl in , noout , spksect ,
5352: and
5353: .Fl verify
5354: options are ignored, if present.
5355: .It Fl noout
5356: Do not output the text version of the SPKAC.
5357: .It Fl out Ar file
5358: The output file to write to,
5359: or standard output if not specified.
5360: .It Fl passin Ar arg
5361: The key password source.
5362: .It Fl pubkey
5363: Output the public key of an SPKAC.
5364: .It Fl spkac Ar spkacname
5365: An alternative name for the variable containing the SPKAC.
5366: The default is "SPKAC".
5367: This option affects both generated and input SPKAC files.
5368: .It Fl spksect Ar section
5369: An alternative name for the
5370: .Ar section
5371: containing the SPKAC.
5372: .It Fl verify
5373: Verify the digital signature on the supplied SPKAC.
5374: .El
1.1 jsing 5375: .Sh TS
1.114 jmc 5376: .Bk -words
5377: .Bl -hang -width "openssl ts"
5378: .It Nm openssl ts
1.1 jsing 5379: .Fl query
1.29 bcook 5380: .Op Fl md4 | md5 | ripemd160 | sha1
1.1 jsing 5381: .Op Fl cert
5382: .Op Fl config Ar configfile
5383: .Op Fl data Ar file_to_hash
5384: .Op Fl digest Ar digest_bytes
5385: .Op Fl in Ar request.tsq
5386: .Op Fl no_nonce
5387: .Op Fl out Ar request.tsq
5388: .Op Fl policy Ar object_id
5389: .Op Fl text
1.114 jmc 5390: .It Nm openssl ts
1.1 jsing 5391: .Fl reply
5392: .Op Fl chain Ar certs_file.pem
5393: .Op Fl config Ar configfile
5394: .Op Fl in Ar response.tsr
5395: .Op Fl inkey Ar private.pem
5396: .Op Fl out Ar response.tsr
5397: .Op Fl passin Ar arg
5398: .Op Fl policy Ar object_id
5399: .Op Fl queryfile Ar request.tsq
5400: .Op Fl section Ar tsa_section
5401: .Op Fl signer Ar tsa_cert.pem
5402: .Op Fl text
5403: .Op Fl token_in
5404: .Op Fl token_out
1.114 jmc 5405: .It Nm openssl ts
1.1 jsing 5406: .Fl verify
5407: .Op Fl CAfile Ar trusted_certs.pem
5408: .Op Fl CApath Ar trusted_cert_path
5409: .Op Fl data Ar file_to_hash
5410: .Op Fl digest Ar digest_bytes
5411: .Op Fl in Ar response.tsr
5412: .Op Fl queryfile Ar request.tsq
5413: .Op Fl token_in
5414: .Op Fl untrusted Ar cert_file.pem
1.114 jmc 5415: .El
5416: .Ek
1.1 jsing 5417: .Pp
5418: The
5419: .Nm ts
5420: command is a basic Time Stamping Authority (TSA) client and server
5421: application as specified in RFC 3161 (Time-Stamp Protocol, TSP).
5422: A TSA can be part of a PKI deployment and its role is to provide long
1.72 jmc 5423: term proof of the existence of specific data.
1.1 jsing 5424: Here is a brief description of the protocol:
5425: .Bl -enum
5426: .It
5427: The TSA client computes a one-way hash value for a data file and sends
5428: the hash to the TSA.
5429: .It
5430: The TSA attaches the current date and time to the received hash value,
5431: signs them and sends the time stamp token back to the client.
5432: By creating this token the TSA certifies the existence of the original
5433: data file at the time of response generation.
5434: .It
5435: The TSA client receives the time stamp token and verifies the
5436: signature on it.
5437: It also checks if the token contains the same hash
5438: value that it had sent to the TSA.
5439: .El
5440: .Pp
5441: There is one DER-encoded protocol data unit defined for transporting a time
5442: stamp request to the TSA and one for sending the time stamp response
5443: back to the client.
5444: The
5445: .Nm ts
5446: command has three main functions:
5447: creating a time stamp request based on a data file;
5448: creating a time stamp response based on a request;
5449: and verifying if a response corresponds
5450: to a particular request or a data file.
5451: .Pp
5452: There is no support for sending the requests/responses automatically
5453: over HTTP or TCP yet as suggested in RFC 3161.
5454: Users must send the requests either by FTP or email.
5455: .Pp
5456: The
5457: .Fl query
5458: switch can be used for creating and printing a time stamp
5459: request with the following options:
5460: .Bl -tag -width Ds
5461: .It Fl cert
1.72 jmc 5462: Expect the TSA to include its signing certificate in the response.
1.1 jsing 5463: .It Fl config Ar configfile
1.72 jmc 5464: Specify an alternative configuration file.
5465: Only the OID section is used.
1.1 jsing 5466: .It Fl data Ar file_to_hash
5467: The data file for which the time stamp request needs to be created.
1.72 jmc 5468: The default is standard input.
1.1 jsing 5469: .It Fl digest Ar digest_bytes
1.72 jmc 5470: Specify the message imprint explicitly without the data file.
1.1 jsing 5471: The imprint must be specified in a hexadecimal format,
5472: two characters per byte,
1.72 jmc 5473: the bytes optionally separated by colons.
1.1 jsing 5474: The number of bytes must match the message digest algorithm in use.
5475: .It Fl in Ar request.tsq
1.72 jmc 5476: A previously created time stamp request in DER
1.1 jsing 5477: format that will be printed into the output file.
1.72 jmc 5478: Useful for examining the content of a request in human-readable format.
1.76 jmc 5479: .It Fl md4 | md5 | ripemd160 | sha | sha1
1.1 jsing 5480: The message digest to apply to the data file.
5481: It supports all the message digest algorithms that are supported by the
5482: .Nm dgst
5483: command.
5484: The default is SHA-1.
5485: .It Fl no_nonce
1.72 jmc 5486: Specify no nonce in the request.
5487: The default, to include a 64-bit long pseudo-random nonce,
5488: is recommended to protect against replay attacks.
1.1 jsing 5489: .It Fl out Ar request.tsq
1.72 jmc 5490: The output file to write to,
5491: or standard output if not specified.
1.1 jsing 5492: .It Fl policy Ar object_id
5493: The policy that the client expects the TSA to use for creating the
5494: time stamp token.
1.72 jmc 5495: Either dotted OID notation or OID names defined
1.1 jsing 5496: in the config file can be used.
1.72 jmc 5497: If no policy is requested the TSA uses its own default policy.
1.1 jsing 5498: .It Fl text
1.72 jmc 5499: Output in human-readable text format instead of DER.
1.1 jsing 5500: .El
5501: .Pp
5502: A time stamp response (TimeStampResp) consists of a response status
5503: and the time stamp token itself (ContentInfo),
5504: if the token generation was successful.
5505: The
5506: .Fl reply
5507: command is for creating a time stamp
5508: response or time stamp token based on a request and printing the
5509: response/token in human-readable format.
5510: If
5511: .Fl token_out
5512: is not specified the output is always a time stamp response (TimeStampResp),
5513: otherwise it is a time stamp token (ContentInfo).
5514: .Bl -tag -width Ds
5515: .It Fl chain Ar certs_file.pem
1.72 jmc 5516: The collection of PEM certificates
1.1 jsing 5517: that will be included in the response
5518: in addition to the signer certificate if the
5519: .Fl cert
5520: option was used for the request.
5521: This file is supposed to contain the certificate chain
5522: for the signer certificate from its issuer upwards.
5523: The
5524: .Fl reply
5525: command does not build a certificate chain automatically.
5526: .It Fl config Ar configfile
1.72 jmc 5527: Specify an alternative configuration file.
1.1 jsing 5528: .It Fl in Ar response.tsr
1.72 jmc 5529: Specify a previously created time stamp response (or time stamp token, if
1.1 jsing 5530: .Fl token_in
1.72 jmc 5531: is also specified)
1.1 jsing 5532: in DER format that will be written to the output file.
5533: This option does not require a request;
5534: it is useful, for example,
1.72 jmc 5535: to examine the content of a response or token
5536: or to extract the time stamp token from a response.
1.1 jsing 5537: If the input is a token and the output is a time stamp response a default
1.72 jmc 5538: .Qq granted
1.1 jsing 5539: status info is added to the token.
5540: .It Fl inkey Ar private.pem
5541: The signer private key of the TSA in PEM format.
5542: Overrides the
5543: .Cm signer_key
5544: config file option.
5545: .It Fl out Ar response.tsr
5546: The response is written to this file.
5547: The format and content of the file depends on other options (see
5548: .Fl text
5549: and
5550: .Fl token_out ) .
5551: The default is stdout.
5552: .It Fl passin Ar arg
5553: The key password source.
5554: .It Fl policy Ar object_id
1.72 jmc 5555: The default policy to use for the response.
5556: Either dotted OID notation or OID names defined
5557: in the config file can be used.
5558: If no policy is requested the TSA uses its own default policy.
1.1 jsing 5559: .It Fl queryfile Ar request.tsq
1.72 jmc 5560: The file containing a DER-encoded time stamp request.
1.1 jsing 5561: .It Fl section Ar tsa_section
1.72 jmc 5562: The config file section containing the settings for response generation.
1.1 jsing 5563: .It Fl signer Ar tsa_cert.pem
1.72 jmc 5564: The PEM signer certificate of the TSA.
1.1 jsing 5565: The TSA signing certificate must have exactly one extended key usage
5566: assigned to it: timeStamping.
5567: The extended key usage must also be critical,
5568: otherwise the certificate is going to be refused.
5569: Overrides the
5570: .Cm signer_cert
5571: variable of the config file.
5572: .It Fl text
1.72 jmc 5573: Output in human-readable text format instead of DER.
1.1 jsing 5574: .It Fl token_in
1.72 jmc 5575: The input is a DER-encoded time stamp token (ContentInfo)
5576: instead of a time stamp response (TimeStampResp).
1.1 jsing 5577: .It Fl token_out
1.72 jmc 5578: The output is a time stamp token (ContentInfo)
5579: instead of a time stamp response (TimeStampResp).
1.1 jsing 5580: .El
5581: .Pp
5582: The
5583: .Fl verify
5584: command is for verifying if a time stamp response or time stamp token
5585: is valid and matches a particular time stamp request or data file.
5586: The
5587: .Fl verify
5588: command does not use the configuration file.
5589: .Bl -tag -width Ds
5590: .It Fl CAfile Ar trusted_certs.pem
1.72 jmc 5591: The file containing a set of trusted self-signed PEM CA certificates.
5592: See
1.1 jsing 5593: .Nm verify
5594: for additional details.
5595: Either this option or
5596: .Fl CApath
5597: must be specified.
5598: .It Fl CApath Ar trusted_cert_path
1.112 inoguchi 5599: The directory containing the trusted CA certificates of the client.
1.72 jmc 5600: See
1.1 jsing 5601: .Nm verify
5602: for additional details.
5603: Either this option or
5604: .Fl CAfile
5605: must be specified.
5606: .It Fl data Ar file_to_hash
5607: The response or token must be verified against
5608: .Ar file_to_hash .
5609: The file is hashed with the message digest algorithm specified in the token.
5610: The
5611: .Fl digest
5612: and
5613: .Fl queryfile
5614: options must not be specified with this one.
5615: .It Fl digest Ar digest_bytes
5616: The response or token must be verified against the message digest specified
5617: with this option.
5618: The number of bytes must match the message digest algorithm
5619: specified in the token.
5620: The
5621: .Fl data
5622: and
5623: .Fl queryfile
5624: options must not be specified with this one.
5625: .It Fl in Ar response.tsr
5626: The time stamp response that needs to be verified, in DER format.
5627: This option in mandatory.
5628: .It Fl queryfile Ar request.tsq
5629: The original time stamp request, in DER format.
5630: The
5631: .Fl data
5632: and
5633: .Fl digest
5634: options must not be specified with this one.
5635: .It Fl token_in
1.72 jmc 5636: The input is a DER-encoded time stamp token (ContentInfo)
5637: instead of a time stamp response (TimeStampResp).
1.1 jsing 5638: .It Fl untrusted Ar cert_file.pem
1.72 jmc 5639: Additional untrusted PEM certificates which may be needed
5640: when building the certificate chain for the TSA's signing certificate.
1.1 jsing 5641: This file must contain the TSA signing certificate and
5642: all intermediate CA certificates unless the response includes them.
5643: .El
5644: .Pp
1.72 jmc 5645: Options specified on the command line always override
5646: the settings in the config file:
1.1 jsing 5647: .Bl -tag -width Ds
5648: .It Cm tsa Ar section , Cm default_tsa
5649: This is the main section and it specifies the name of another section
5650: that contains all the options for the
5651: .Fl reply
5652: option.
1.72 jmc 5653: This section can be overridden with the
1.1 jsing 5654: .Fl section
5655: command line switch.
5656: .It Cm oid_file
5657: See
5658: .Nm ca
5659: for a description.
5660: .It Cm oid_section
5661: See
5662: .Nm ca
5663: for a description.
5664: .It Cm serial
1.72 jmc 5665: The file containing the hexadecimal serial number of the
1.1 jsing 5666: last time stamp response created.
5667: This number is incremented by 1 for each response.
1.72 jmc 5668: If the file does not exist at the time of response generation
5669: a new file is created with serial number 1.
1.1 jsing 5670: This parameter is mandatory.
5671: .It Cm signer_cert
5672: TSA signing certificate, in PEM format.
5673: The same as the
5674: .Fl signer
5675: command line option.
5676: .It Cm certs
1.72 jmc 5677: A set of PEM-encoded certificates that need to be
1.1 jsing 5678: included in the response.
5679: The same as the
5680: .Fl chain
5681: command line option.
5682: .It Cm signer_key
5683: The private key of the TSA, in PEM format.
5684: The same as the
5685: .Fl inkey
5686: command line option.
5687: .It Cm default_policy
5688: The default policy to use when the request does not mandate any policy.
5689: The same as the
5690: .Fl policy
5691: command line option.
5692: .It Cm other_policies
5693: Comma separated list of policies that are also acceptable by the TSA
5694: and used only if the request explicitly specifies one of them.
5695: .It Cm digests
5696: The list of message digest algorithms that the TSA accepts.
5697: At least one algorithm must be specified.
5698: This parameter is mandatory.
5699: .It Cm accuracy
5700: The accuracy of the time source of the TSA in seconds, milliseconds
5701: and microseconds.
5702: For example, secs:1, millisecs:500, microsecs:100.
5703: If any of the components is missing,
5704: zero is assumed for that field.
5705: .It Cm clock_precision_digits
1.72 jmc 5706: The maximum number of digits, which represent the fraction of seconds,
5707: that need to be included in the time field.
1.1 jsing 5708: The trailing zeroes must be removed from the time,
1.72 jmc 5709: so there might actually be fewer digits
1.1 jsing 5710: or no fraction of seconds at all.
5711: The maximum value is 6;
5712: the default is 0.
5713: .It Cm ordering
5714: If this option is yes,
5715: the responses generated by this TSA can always be ordered,
5716: even if the time difference between two responses is less
5717: than the sum of their accuracies.
5718: The default is no.
5719: .It Cm tsa_name
5720: Set this option to yes if the subject name of the TSA must be included in
5721: the TSA name field of the response.
5722: The default is no.
5723: .It Cm ess_cert_id_chain
5724: The SignedData objects created by the TSA always contain the
5725: certificate identifier of the signing certificate in a signed
5726: attribute (see RFC 2634, Enhanced Security Services).
5727: If this option is set to yes and either the
5728: .Cm certs
5729: variable or the
5730: .Fl chain
5731: option is specified then the certificate identifiers of the chain will also
5732: be included in the SigningCertificate signed attribute.
5733: If this variable is set to no,
5734: only the signing certificate identifier is included.
5735: The default is no.
5736: .El
5737: .Sh VERIFY
1.114 jmc 5738: .Bl -hang -width "openssl verify"
5739: .It Nm openssl verify
5740: .Bk -words
1.1 jsing 5741: .Op Fl CAfile Ar file
5742: .Op Fl CApath Ar directory
5743: .Op Fl check_ss_sig
1.107 inoguchi 5744: .Op Fl CRLfile Ar file
1.1 jsing 5745: .Op Fl crl_check
5746: .Op Fl crl_check_all
5747: .Op Fl explicit_policy
5748: .Op Fl extended_crl
5749: .Op Fl help
5750: .Op Fl ignore_critical
5751: .Op Fl inhibit_any
5752: .Op Fl inhibit_map
5753: .Op Fl issuer_checks
5754: .Op Fl policy_check
5755: .Op Fl purpose Ar purpose
1.107 inoguchi 5756: .Op Fl trusted Ar file
1.1 jsing 5757: .Op Fl untrusted Ar file
5758: .Op Fl verbose
5759: .Op Fl x509_strict
5760: .Op Ar certificates
1.114 jmc 5761: .Ek
5762: .El
1.1 jsing 5763: .Pp
5764: The
5765: .Nm verify
5766: command verifies certificate chains.
5767: .Pp
5768: The options are as follows:
5769: .Bl -tag -width Ds
5770: .It Fl CAfile Ar file
5771: A
5772: .Ar file
5773: of trusted certificates.
5774: The
5775: .Ar file
5776: should contain multiple certificates in PEM format, concatenated together.
5777: .It Fl CApath Ar directory
5778: A
5779: .Ar directory
5780: of trusted certificates.
1.76 jmc 5781: The certificates, or symbolic links to them,
5782: should have names of the form
5783: .Ar hash Ns .0 ,
5784: where
5785: .Ar hash
5786: is the hashed certificate subject name
5787: (see the
1.1 jsing 5788: .Fl hash
5789: option of the
5790: .Nm x509
5791: utility).
1.107 inoguchi 5792: .It Fl check_ss_sig
5793: Verify the signature on the self-signed root CA.
5794: This is disabled by default
5795: because it doesn't add any security.
5796: .It Fl CRLfile Ar file
5797: The
5798: .Ar file
5799: should contain one or more CRLs in PEM format.
1.1 jsing 5800: .It Fl crl_check
1.76 jmc 5801: Check end entity certificate validity by attempting to look up a valid CRL.
1.1 jsing 5802: If a valid CRL cannot be found an error occurs.
5803: .It Fl crl_check_all
1.76 jmc 5804: Check the validity of all certificates in the chain by attempting
1.1 jsing 5805: to look up valid CRLs.
5806: .It Fl explicit_policy
1.76 jmc 5807: Set policy variable require-explicit-policy (RFC 3280).
1.1 jsing 5808: .It Fl extended_crl
5809: Enable extended CRL features such as indirect CRLs and alternate CRL
5810: signing keys.
5811: .It Fl help
1.76 jmc 5812: Print a usage message.
1.1 jsing 5813: .It Fl ignore_critical
1.76 jmc 5814: Ignore critical extensions instead of rejecting the certificate.
1.1 jsing 5815: .It Fl inhibit_any
1.76 jmc 5816: Set policy variable inhibit-any-policy (RFC 3280).
1.1 jsing 5817: .It Fl inhibit_map
1.76 jmc 5818: Set policy variable inhibit-policy-mapping (RFC 3280).
1.1 jsing 5819: .It Fl issuer_checks
1.76 jmc 5820: Print diagnostics relating to searches for the issuer certificate
5821: of the current certificate
5822: showing why each candidate issuer certificate was rejected.
5823: The presence of rejection messages
5824: does not itself imply that anything is wrong:
5825: during the normal verify process several rejections may take place.
1.1 jsing 5826: .It Fl policy_check
1.76 jmc 5827: Enable certificate policy processing.
1.1 jsing 5828: .It Fl purpose Ar purpose
5829: The intended use for the certificate.
5830: Without this option no chain verification will be done.
5831: Currently accepted uses are
1.76 jmc 5832: .Cm sslclient , sslserver ,
5833: .Cm nssslserver , smimesign ,
5834: .Cm smimeencrypt , crlsign ,
5835: .Cm any ,
1.1 jsing 5836: and
1.76 jmc 5837: .Cm ocsphelper .
1.107 inoguchi 5838: .It Fl trusted Ar file
5839: A
5840: .Ar file
5841: of trusted certificates.
5842: The
5843: .Ar file
5844: should contain multiple certificates.
1.1 jsing 5845: .It Fl untrusted Ar file
5846: A
5847: .Ar file
5848: of untrusted certificates.
5849: The
5850: .Ar file
5851: should contain multiple certificates.
5852: .It Fl verbose
5853: Print extra information about the operations being performed.
5854: .It Fl x509_strict
5855: Disable workarounds for broken certificates which have to be disabled
5856: for strict X.509 compliance.
5857: .It Ar certificates
1.76 jmc 5858: One or more PEM
1.1 jsing 5859: .Ar certificates
5860: to verify.
5861: If no certificate files are included, an attempt is made to read
5862: a certificate from standard input.
1.76 jmc 5863: If the first certificate filename begins with a dash,
5864: use a lone dash to mark the last option.
1.1 jsing 5865: .El
1.76 jmc 5866: .Pp
1.1 jsing 5867: The
5868: .Nm verify
5869: program uses the same functions as the internal SSL and S/MIME verification,
1.76 jmc 5870: with one crucial difference:
5871: wherever possible an attempt is made to continue after an error,
5872: whereas normally the verify operation would halt on the first error.
1.1 jsing 5873: This allows all the problems with a certificate chain to be determined.
5874: .Pp
1.76 jmc 5875: The verify operation consists of a number of separate steps.
1.1 jsing 5876: Firstly a certificate chain is built up starting from the supplied certificate
5877: and ending in the root CA.
5878: It is an error if the whole chain cannot be built up.
5879: The chain is built up by looking up the issuer's certificate of the current
5880: certificate.
5881: If a certificate is found which is its own issuer, it is assumed
5882: to be the root CA.
5883: .Pp
1.76 jmc 5884: All certificates whose subject name matches the issuer name
1.1 jsing 5885: of the current certificate are subject to further tests.
5886: The relevant authority key identifier components of the current certificate
1.76 jmc 5887: (if present) must match the subject key identifier (if present)
5888: and issuer and serial number of the candidate issuer;
5889: in addition the
5890: .Cm keyUsage
5891: extension of the candidate issuer (if present) must permit certificate signing.
1.1 jsing 5892: .Pp
5893: The lookup first looks in the list of untrusted certificates and if no match
5894: is found the remaining lookups are from the trusted certificates.
1.76 jmc 5895: The root CA is always looked up in the trusted certificate list:
5896: if the certificate to verify is a root certificate,
5897: then an exact match must be found in the trusted list.
1.1 jsing 5898: .Pp
5899: The second operation is to check every untrusted certificate's extensions for
5900: consistency with the supplied purpose.
5901: If the
5902: .Fl purpose
5903: option is not included, then no checks are done.
5904: The supplied or
5905: .Qq leaf
5906: certificate must have extensions compatible with the supplied purpose
5907: and all other certificates must also be valid CA certificates.
5908: The precise extensions required are described in more detail in
5909: the
1.76 jmc 5910: .Nm X509
1.1 jsing 5911: section below.
5912: .Pp
5913: The third operation is to check the trust settings on the root CA.
5914: The root CA should be trusted for the supplied purpose.
1.76 jmc 5915: A certificate with no trust settings is considered to be valid for
1.1 jsing 5916: all purposes.
5917: .Pp
5918: The final operation is to check the validity of the certificate chain.
5919: The validity period is checked against the current system time and the
1.76 jmc 5920: .Cm notBefore
1.1 jsing 5921: and
1.76 jmc 5922: .Cm notAfter
1.1 jsing 5923: dates in the certificate.
5924: The certificate signatures are also checked at this point.
5925: .Pp
5926: If all operations complete successfully, the certificate is considered
5927: valid.
5928: If any operation fails then the certificate is not valid.
5929: When a verify operation fails, the output messages can be somewhat cryptic.
5930: The general form of the error message is:
1.76 jmc 5931: .Bd -literal
5932: server.pem: /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test CA (1024-bit)
5933: error 24 at 1 depth lookup:invalid CA certificate
1.1 jsing 5934: .Ed
5935: .Pp
5936: The first line contains the name of the certificate being verified, followed by
5937: the subject name of the certificate.
5938: The second line contains the error number and the depth.
5939: The depth is the number of the certificate being verified when a
5940: problem was detected starting with zero for the certificate being verified
5941: itself, then 1 for the CA that signed the certificate and so on.
5942: Finally a text version of the error number is presented.
5943: .Pp
5944: An exhaustive list of the error codes and messages is shown below; this also
5945: includes the name of the error code as defined in the header file
1.12 bentley 5946: .In openssl/x509_vfy.h .
1.76 jmc 5947: Some of the error codes are defined but never returned: these are described as
1.1 jsing 5948: .Qq unused .
5949: .Bl -tag -width "XXXX"
1.78 jmc 5950: .It 0 X509_V_OK
1.1 jsing 5951: The operation was successful.
1.78 jmc 5952: .It 2 X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT
5953: The issuer certificate of an untrusted certificate could not be found.
5954: .It 3 X509_V_ERR_UNABLE_TO_GET_CRL
1.1 jsing 5955: The CRL of a certificate could not be found.
1.78 jmc 5956: .It 4 X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE
1.1 jsing 5957: The certificate signature could not be decrypted.
1.78 jmc 5958: This means that the actual signature value could not be determined
5959: rather than it not matching the expected value.
1.1 jsing 5960: This is only meaningful for RSA keys.
1.78 jmc 5961: .It 5 X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE
5962: The CRL signature could not be decrypted.
5963: This means that the actual signature value could not be determined
5964: rather than it not matching the expected value.
1.1 jsing 5965: Unused.
1.78 jmc 5966: .It 6 X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY
1.1 jsing 5967: The public key in the certificate
1.76 jmc 5968: .Cm SubjectPublicKeyInfo
1.1 jsing 5969: could not be read.
1.78 jmc 5970: .It 7 X509_V_ERR_CERT_SIGNATURE_FAILURE
1.1 jsing 5971: The signature of the certificate is invalid.
1.78 jmc 5972: .It 8 X509_V_ERR_CRL_SIGNATURE_FAILURE
1.1 jsing 5973: The signature of the certificate is invalid.
1.78 jmc 5974: .It 9 X509_V_ERR_CERT_NOT_YET_VALID
1.1 jsing 5975: The certificate is not yet valid: the
1.76 jmc 5976: .Cm notBefore
1.1 jsing 5977: date is after the current time.
1.78 jmc 5978: .It 10 X509_V_ERR_CERT_HAS_EXPIRED
1.1 jsing 5979: The certificate has expired; that is, the
1.76 jmc 5980: .Cm notAfter
1.1 jsing 5981: date is before the current time.
1.78 jmc 5982: .It 11 X509_V_ERR_CRL_NOT_YET_VALID
1.1 jsing 5983: The CRL is not yet valid.
1.78 jmc 5984: .It 12 X509_V_ERR_CRL_HAS_EXPIRED
1.1 jsing 5985: The CRL has expired.
1.78 jmc 5986: .It 13 X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD
1.1 jsing 5987: The certificate
1.76 jmc 5988: .Cm notBefore
1.1 jsing 5989: field contains an invalid time.
1.78 jmc 5990: .It 14 X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD
1.1 jsing 5991: The certificate
1.76 jmc 5992: .Cm notAfter
1.1 jsing 5993: field contains an invalid time.
1.78 jmc 5994: .It 15 X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD
1.1 jsing 5995: The CRL
1.76 jmc 5996: .Cm lastUpdate
1.1 jsing 5997: field contains an invalid time.
1.78 jmc 5998: .It 16 X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD
1.1 jsing 5999: The CRL
1.76 jmc 6000: .Cm nextUpdate
1.1 jsing 6001: field contains an invalid time.
1.78 jmc 6002: .It 17 X509_V_ERR_OUT_OF_MEM
1.1 jsing 6003: An error occurred trying to allocate memory.
6004: This should never happen.
1.78 jmc 6005: .It 18 X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT
1.1 jsing 6006: The passed certificate is self-signed and the same certificate cannot be
6007: found in the list of trusted certificates.
1.78 jmc 6008: .It 19 X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN
1.1 jsing 6009: The certificate chain could be built up using the untrusted certificates but
6010: the root could not be found locally.
1.78 jmc 6011: .It 20 X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY
1.1 jsing 6012: The issuer certificate of a locally looked up certificate could not be found.
6013: This normally means the list of trusted certificates is not complete.
1.78 jmc 6014: .It 21 X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE
1.1 jsing 6015: No signatures could be verified because the chain contains only one
6016: certificate and it is not self-signed.
1.78 jmc 6017: .It 22 X509_V_ERR_CERT_CHAIN_TOO_LONG
1.1 jsing 6018: The certificate chain length is greater than the supplied maximum depth.
6019: Unused.
1.78 jmc 6020: .It 23 X509_V_ERR_CERT_REVOKED
1.1 jsing 6021: The certificate has been revoked.
1.78 jmc 6022: .It 24 X509_V_ERR_INVALID_CA
1.1 jsing 6023: A CA certificate is invalid.
6024: Either it is not a CA or its extensions are not consistent
6025: with the supplied purpose.
1.78 jmc 6026: .It 25 X509_V_ERR_PATH_LENGTH_EXCEEDED
1.1 jsing 6027: The
1.76 jmc 6028: .Cm basicConstraints
1.1 jsing 6029: pathlength parameter has been exceeded.
1.78 jmc 6030: .It 26 X509_V_ERR_INVALID_PURPOSE
1.1 jsing 6031: The supplied certificate cannot be used for the specified purpose.
1.78 jmc 6032: .It 27 X509_V_ERR_CERT_UNTRUSTED
1.1 jsing 6033: The root CA is not marked as trusted for the specified purpose.
1.78 jmc 6034: .It 28 X509_V_ERR_CERT_REJECTED
1.1 jsing 6035: The root CA is marked to reject the specified purpose.
1.78 jmc 6036: .It 29 X509_V_ERR_SUBJECT_ISSUER_MISMATCH
1.1 jsing 6037: The current candidate issuer certificate was rejected because its subject name
6038: did not match the issuer name of the current certificate.
6039: Only displayed when the
6040: .Fl issuer_checks
6041: option is set.
1.78 jmc 6042: .It 30 X509_V_ERR_AKID_SKID_MISMATCH
1.1 jsing 6043: The current candidate issuer certificate was rejected because its subject key
6044: identifier was present and did not match the authority key identifier current
6045: certificate.
6046: Only displayed when the
6047: .Fl issuer_checks
6048: option is set.
1.78 jmc 6049: .It 31 X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH
1.1 jsing 6050: The current candidate issuer certificate was rejected because its issuer name
6051: and serial number were present and did not match the authority key identifier
6052: of the current certificate.
6053: Only displayed when the
6054: .Fl issuer_checks
6055: option is set.
1.78 jmc 6056: .It 32 X509_V_ERR_KEYUSAGE_NO_CERTSIGN
1.1 jsing 6057: The current candidate issuer certificate was rejected because its
1.76 jmc 6058: .Cm keyUsage
1.1 jsing 6059: extension does not permit certificate signing.
1.78 jmc 6060: .It 50 X509_V_ERR_APPLICATION_VERIFICATION
1.1 jsing 6061: An application specific error.
6062: Unused.
6063: .El
6064: .Sh VERSION
6065: .Nm openssl version
6066: .Op Fl abdfopv
6067: .Pp
6068: The
6069: .Nm version
6070: command is used to print out version information about
1.79 jmc 6071: .Nm openssl .
1.1 jsing 6072: .Pp
6073: The options are as follows:
6074: .Bl -tag -width Ds
6075: .It Fl a
6076: All information: this is the same as setting all the other flags.
6077: .It Fl b
6078: The date the current version of
1.79 jmc 6079: .Nm openssl
1.1 jsing 6080: was built.
6081: .It Fl d
6082: .Ev OPENSSLDIR
6083: setting.
6084: .It Fl f
6085: Compilation flags.
6086: .It Fl o
6087: Option information: various options set when the library was built.
6088: .It Fl p
6089: Platform setting.
6090: .It Fl v
6091: The current
1.79 jmc 6092: .Nm openssl
1.1 jsing 6093: version.
6094: .El
6095: .Sh X509
1.114 jmc 6096: .Bl -hang -width "openssl x509"
6097: .It Nm openssl x509
6098: .Bk -words
1.1 jsing 6099: .Op Fl C
6100: .Op Fl addreject Ar arg
6101: .Op Fl addtrust Ar arg
6102: .Op Fl alias
6103: .Op Fl CA Ar file
6104: .Op Fl CAcreateserial
1.80 jmc 6105: .Op Fl CAform Cm der | pem
1.1 jsing 6106: .Op Fl CAkey Ar file
1.80 jmc 6107: .Op Fl CAkeyform Cm der | pem
1.1 jsing 6108: .Op Fl CAserial Ar file
6109: .Op Fl certopt Ar option
6110: .Op Fl checkend Ar arg
6111: .Op Fl clrext
6112: .Op Fl clrreject
6113: .Op Fl clrtrust
6114: .Op Fl dates
6115: .Op Fl days Ar arg
6116: .Op Fl email
6117: .Op Fl enddate
6118: .Op Fl extensions Ar section
6119: .Op Fl extfile Ar file
6120: .Op Fl fingerprint
6121: .Op Fl hash
6122: .Op Fl in Ar file
1.80 jmc 6123: .Op Fl inform Cm der | net | pem
1.1 jsing 6124: .Op Fl issuer
6125: .Op Fl issuer_hash
6126: .Op Fl issuer_hash_old
1.80 jmc 6127: .Op Fl keyform Cm der | pem
1.29 bcook 6128: .Op Fl md5 | sha1
1.1 jsing 6129: .Op Fl modulus
6130: .Op Fl nameopt Ar option
1.107 inoguchi 6131: .Op Fl next_serial
1.1 jsing 6132: .Op Fl noout
6133: .Op Fl ocsp_uri
6134: .Op Fl ocspid
6135: .Op Fl out Ar file
1.80 jmc 6136: .Op Fl outform Cm der | net | pem
1.1 jsing 6137: .Op Fl passin Ar arg
6138: .Op Fl pubkey
6139: .Op Fl purpose
6140: .Op Fl req
6141: .Op Fl serial
6142: .Op Fl set_serial Ar n
6143: .Op Fl setalias Ar arg
6144: .Op Fl signkey Ar file
1.107 inoguchi 6145: .Op Fl sigopt Ar nm:v
1.1 jsing 6146: .Op Fl startdate
6147: .Op Fl subject
6148: .Op Fl subject_hash
6149: .Op Fl subject_hash_old
6150: .Op Fl text
6151: .Op Fl trustout
6152: .Op Fl x509toreq
1.114 jmc 6153: .Ek
6154: .El
1.1 jsing 6155: .Pp
6156: The
6157: .Nm x509
6158: command is a multi-purpose certificate utility.
6159: It can be used to display certificate information, convert certificates to
6160: various forms, sign certificate requests like a
6161: .Qq mini CA ,
6162: or edit certificate trust settings.
6163: .Pp
1.80 jmc 6164: The following are x509 input, output, and general purpose options:
1.1 jsing 6165: .Bl -tag -width "XXXX"
6166: .It Fl in Ar file
1.80 jmc 6167: The input file to read from,
6168: or standard input if not specified.
6169: .It Fl inform Cm der | net | pem
6170: The input format.
1.1 jsing 6171: Normally, the command will expect an X.509 certificate,
6172: but this can change if other options such as
6173: .Fl req
6174: are present.
1.29 bcook 6175: .It Fl md5 | sha1
1.1 jsing 6176: The digest to use.
6177: This affects any signing or display option that uses a message digest,
6178: such as the
6179: .Fl fingerprint , signkey ,
6180: and
6181: .Fl CA
6182: options.
6183: If not specified, MD5 is used.
1.80 jmc 6184: SHA1 is always used with DSA keys.
1.1 jsing 6185: .It Fl out Ar file
1.80 jmc 6186: The output file to write to,
6187: or standard output if none is specified.
6188: .It Fl outform Cm der | net | pem
6189: The output format.
1.1 jsing 6190: .It Fl passin Ar arg
6191: The key password source.
6192: .El
1.80 jmc 6193: .Pp
6194: The following are x509 display options:
1.1 jsing 6195: .Bl -tag -width "XXXX"
6196: .It Fl C
1.80 jmc 6197: Output the certificate in the form of a C source file.
1.1 jsing 6198: .It Fl certopt Ar option
6199: Customise the output format used with
1.80 jmc 6200: .Fl text ,
6201: either using a list of comma-separated options or by specifying
1.1 jsing 6202: .Fl certopt
1.80 jmc 6203: multiple times.
6204: The default behaviour is to print all fields.
6205: The options are as follows:
6206: .Pp
6207: .Bl -tag -width "no_extensions" -offset indent -compact
6208: .It Cm ca_default
6209: Equivalent to
6210: .Cm no_issuer , no_pubkey , no_header ,
6211: .Cm no_version , no_sigdump ,
6212: and
6213: .Cm no_signame .
6214: .It Cm compatible
6215: Equivalent to no output options at all.
6216: .It Cm ext_default
6217: Print unsupported certificate extensions.
6218: .It Cm ext_dump
6219: Hex dump unsupported extensions.
6220: .It Cm ext_error
6221: Print an error message for unsupported certificate extensions.
6222: .It Cm ext_parse
1.84 jmc 6223: ASN.1 parse unsupported extensions.
1.80 jmc 6224: .It Cm no_aux
6225: Do not print certificate trust information.
6226: .It Cm no_extensions
6227: Do not print X509V3 extensions.
6228: .It Cm no_header
6229: Do not print header (Certificate and Data) information.
6230: .It Cm no_issuer
6231: Do not print the issuer name.
6232: .It Cm no_pubkey
6233: Do not print the public key.
6234: .It Cm no_serial
6235: Do not print the serial number.
6236: .It Cm no_sigdump
6237: Do not give a hexadecimal dump of the certificate signature.
6238: .It Cm no_signame
6239: Do not print the signature algorithm used.
6240: .It Cm no_subject
6241: Do not print the subject name.
6242: .It Cm no_validity
6243: Do not print the
6244: .Cm notBefore
6245: and
6246: .Cm notAfter
6247: (validity) fields.
6248: .It Cm no_version
6249: Do not print the version number.
6250: .El
1.1 jsing 6251: .It Fl dates
1.80 jmc 6252: Print the start and expiry date of a certificate.
1.1 jsing 6253: .It Fl email
1.80 jmc 6254: Output the email addresses, if any.
1.1 jsing 6255: .It Fl enddate
1.80 jmc 6256: Print the expiry date of the certificate; that is, the
6257: .Cm notAfter
1.1 jsing 6258: date.
6259: .It Fl fingerprint
1.80 jmc 6260: Print the digest of the DER-encoded version of the whole certificate.
1.1 jsing 6261: .It Fl hash
6262: A synonym for
1.80 jmc 6263: .Fl subject_hash .
1.1 jsing 6264: .It Fl issuer
1.80 jmc 6265: Print the issuer name.
1.1 jsing 6266: .It Fl issuer_hash
1.80 jmc 6267: Print the hash of the certificate issuer name.
1.1 jsing 6268: .It Fl issuer_hash_old
1.80 jmc 6269: Print the hash of the certificate issuer name
6270: using the older algorithm as used by
6271: .Nm openssl
1.1 jsing 6272: versions before 1.0.0.
6273: .It Fl modulus
1.80 jmc 6274: Print the value of the modulus of the public key contained in the certificate.
1.1 jsing 6275: .It Fl nameopt Ar option
1.80 jmc 6276: Customise how the subject or issuer names are displayed,
6277: either using a list of comma-separated options or by specifying
1.1 jsing 6278: .Fl nameopt
1.80 jmc 6279: multiple times.
6280: The default behaviour is to use the
6281: .Cm oneline
6282: format.
6283: The options,
6284: which can be preceded by a dash to turn them off,
6285: are as follows:
6286: .Bl -tag -width "XXXX"
6287: .It Cm align
6288: Align field values for a more readable output.
6289: Only usable with
6290: .Ar sep_multiline .
6291: .It Cm compat
6292: Use the old format,
6293: equivalent to specifying no options at all.
6294: .It Cm dn_rev
6295: Reverse the fields of the DN, as required by RFC 2253.
6296: As a side effect, this also reverses the order of multiple AVAs.
6297: .It Cm dump_all
6298: Dump all fields.
6299: When used with
6300: .Ar dump_der ,
6301: it allows the DER encoding of the structure to be unambiguously determined.
6302: .It Cm dump_der
6303: Any fields that need to be hexdumped are
6304: dumped using the DER encoding of the field.
6305: Otherwise just the content octets will be displayed.
6306: Both options use the RFC 2253 #XXXX... format.
6307: .It Cm dump_nostr
6308: Dump non-character string types
6309: (for example OCTET STRING);
6310: usually, non-character string types are displayed
6311: as though each content octet represents a single character.
6312: .It Cm dump_unknown
6313: Dump any field whose OID is not recognised by
6314: .Nm openssl .
6315: .It Cm esc_2253
6316: Escape the
6317: .Qq special
6318: characters required by RFC 2253 in a field that is
6319: .Dq \& ,+"<>; .
6320: Additionally,
6321: .Sq #
6322: is escaped at the beginning of a string
6323: and a space character at the beginning or end of a string.
6324: .It Cm esc_ctrl
6325: Escape control characters.
6326: That is, those with ASCII values less than 0x20 (space)
6327: and the delete (0x7f) character.
6328: They are escaped using the RFC 2253 \eXX notation (where XX are two hex
6329: digits representing the character value).
6330: .It Cm esc_msb
6331: Escape characters with the MSB set; that is, with ASCII values larger than
6332: 127.
6333: .It Cm multiline
6334: A multiline format.
6335: Equivalent to
6336: .Cm esc_ctrl , esc_msb , sep_multiline ,
6337: .Cm space_eq , lname ,
6338: and
6339: .Cm align .
6340: .It Cm no_type
6341: Do not attempt to interpret multibyte characters.
6342: That is, content octets are merely dumped as though one octet
6343: represents each character.
6344: This is useful for diagnostic purposes
6345: but results in rather odd looking output.
6346: .It Cm nofname , sname , lname , oid
6347: Alter how the field name is displayed:
6348: .Cm nofname
6349: does not display the field at all;
6350: .Cm sname
6351: uses the short name form (CN for
6352: .Cm commonName ,
6353: for example);
6354: .Cm lname
6355: uses the long form.
6356: .Cm oid
6357: represents the OID in numerical form and is useful for diagnostic purpose.
6358: .It Cm oneline
6359: A one line format which is more readable than
6360: .Cm RFC2253 .
6361: Equivalent to
6362: .Cm esc_2253 , esc_ctrl , esc_msb , utf8 ,
6363: .Cm dump_nostr , dump_der , use_quote , sep_comma_plus_spc ,
6364: .Cm space_eq ,
6365: and
6366: .Cm sname .
6367: .It Cm RFC2253
6368: Displays names compatible with RFC 2253.
6369: Equivalent to
6370: .Cm esc_2253 , esc_ctrl ,
6371: .Cm esc_msb , utf8 , dump_nostr , dump_unknown ,
6372: .Cm dump_der , sep_comma_plus , dn_rev ,
6373: and
6374: .Cm sname .
6375: .It Cm sep_comma_plus , sep_comma_plus_space , sep_semi_plus_space , sep_multiline
6376: Determine the field separators:
6377: the first character is between RDNs and the second between multiple AVAs
6378: (multiple AVAs are very rare and their use is discouraged).
6379: The options ending in
6380: .Qq space
6381: additionally place a space after the separator to make it more readable.
6382: .Cm sep_multiline
6383: uses a linefeed character for the RDN separator and a spaced
6384: .Sq +
6385: for the AVA separator,
6386: as well as indenting the fields by four characters.
6387: .It Cm show_type
1.84 jmc 6388: Show the type of the ASN.1 character string.
1.80 jmc 6389: The type precedes the field contents.
6390: For example
6391: .Qq BMPSTRING: Hello World .
6392: .It Cm space_eq
6393: Place spaces round the
6394: .Sq =
6395: character which follows the field name.
6396: .It Cm use_quote
6397: Escape some characters by surrounding the whole string with
6398: .Sq \&"
6399: characters.
6400: Without the option, all escaping is done with the
6401: .Sq \e
6402: character.
6403: .It Cm utf8
6404: Convert all strings to UTF8 format first, as required by RFC 2253.
6405: On a UTF8 compatible terminal,
6406: the use of this option (and not setting
6407: .Cm esc_msb )
6408: may result in the correct display of multibyte characters.
6409: Usually, multibyte characters larger than 0xff
6410: are represented using the format \eUXXXX for 16 bits and \eWXXXXXXXX
6411: for 32 bits,
6412: and any UTF8Strings are converted to their character form first.
6413: .El
1.107 inoguchi 6414: .It Fl next_serial
6415: Print the next serial number.
1.1 jsing 6416: .It Fl noout
1.80 jmc 6417: Do not output the encoded version of the request.
1.1 jsing 6418: .It Fl ocsp_uri
1.80 jmc 6419: Print the OCSP responder addresses, if any.
1.1 jsing 6420: .It Fl ocspid
6421: Print OCSP hash values for the subject name and public key.
6422: .It Fl pubkey
1.80 jmc 6423: Print the public key.
1.1 jsing 6424: .It Fl serial
1.80 jmc 6425: Print the certificate serial number.
1.107 inoguchi 6426: .It Fl sigopt Ar nm:v
6427: Pass options to the signature algorithm during sign or certify operations.
6428: The names and values of these options are algorithm-specific.
1.1 jsing 6429: .It Fl startdate
1.80 jmc 6430: Print the start date of the certificate; that is, the
6431: .Cm notBefore
1.1 jsing 6432: date.
6433: .It Fl subject
1.80 jmc 6434: Print the subject name.
1.1 jsing 6435: .It Fl subject_hash
1.80 jmc 6436: Print the hash of the certificate subject name.
1.1 jsing 6437: This is used in
1.80 jmc 6438: .Nm openssl
1.1 jsing 6439: to form an index to allow certificates in a directory to be looked up
6440: by subject name.
6441: .It Fl subject_hash_old
1.80 jmc 6442: Print the hash of the certificate subject name
6443: using the older algorithm as used by
6444: .Nm openssl
1.1 jsing 6445: versions before 1.0.0.
6446: .It Fl text
1.80 jmc 6447: Print the full certificate in text form.
1.1 jsing 6448: .El
6449: .Pp
1.80 jmc 6450: A trusted certificate is a certificate which has several
1.1 jsing 6451: additional pieces of information attached to it such as the permitted
1.80 jmc 6452: and prohibited uses of the certificate and an alias.
6453: When a certificate is being verified at least one certificate must be trusted.
6454: By default, a trusted certificate must be stored locally and be a root CA.
6455: The following are x509 trust settings options:
1.1 jsing 6456: .Bl -tag -width "XXXX"
6457: .It Fl addreject Ar arg
1.80 jmc 6458: Add a prohibited use.
6459: Accepts the same values as the
1.1 jsing 6460: .Fl addtrust
6461: option.
6462: .It Fl addtrust Ar arg
1.80 jmc 6463: Add a trusted certificate use.
1.1 jsing 6464: Any object name can be used here, but currently only
1.80 jmc 6465: .Cm clientAuth
6466: (SSL client use),
6467: .Cm serverAuth
6468: (SSL server use),
6469: and
6470: .Cm emailProtection
6471: (S/MIME email) are used.
1.1 jsing 6472: .It Fl alias
1.80 jmc 6473: Output the certificate alias.
1.1 jsing 6474: .It Fl clrreject
1.80 jmc 6475: Clear all the prohibited or rejected uses of the certificate.
1.1 jsing 6476: .It Fl clrtrust
1.80 jmc 6477: Clear all the permitted or trusted uses of the certificate.
1.1 jsing 6478: .It Fl purpose
1.80 jmc 6479: Perform tests on the certificate extensions.
6480: The same code is used when verifying untrusted certificates in chains,
6481: so this section is useful if a chain is rejected by the verify code.
6482: .Pp
6483: The
6484: .Cm basicConstraints
6485: extension CA flag is used to determine whether the
6486: certificate can be used as a CA.
6487: If the CA flag is true, it is a CA;
6488: if the CA flag is false, it is not a CA.
6489: All CAs should have the CA flag set to true.
6490: .Pp
6491: If the
6492: .Cm basicConstraints
6493: extension is absent, then the certificate is
6494: considered to be a possible CA;
6495: other extensions are checked according to the intended use of the certificate.
6496: A warning is given in this case because the certificate should really not
6497: be regarded as a CA.
6498: However it is allowed to be a CA to work around some broken software.
6499: .Pp
6500: If the certificate is a V1 certificate
6501: (and thus has no extensions) and it is self-signed,
6502: it is also assumed to be a CA but a warning is again given.
6503: This is to work around the problem of Verisign roots
6504: which are V1 self-signed certificates.
6505: .Pp
6506: If the
6507: .Cm keyUsage
6508: extension is present, then additional restraints are
6509: made on the uses of the certificate.
6510: A CA certificate must have the
6511: .Cm keyCertSign
6512: bit set if the
6513: .Cm keyUsage
6514: extension is present.
6515: .Pp
6516: The extended key usage extension places additional restrictions on the
6517: certificate uses.
6518: If this extension is present, whether critical or not,
6519: the key can only be used for the purposes specified.
6520: .Pp
6521: A complete description of each test is given below.
6522: The comments about
6523: .Cm basicConstraints
6524: and
6525: .Cm keyUsage
6526: and V1 certificates above apply to all CA certificates.
6527: .Bl -tag -width "XXXX"
6528: .It SSL Client
6529: The extended key usage extension must be absent or include the
6530: web client authentication OID.
6531: .Cm keyUsage
6532: must be absent or it must have the
6533: .Cm digitalSignature
6534: bit set.
6535: The Netscape certificate type must be absent
6536: or it must have the SSL client bit set.
6537: .It SSL Client CA
6538: The extended key usage extension must be absent or include the
6539: web client authentication OID.
6540: The Netscape certificate type must be absent
6541: or it must have the SSL CA bit set:
6542: this is used as a workaround if the
6543: .Cm basicConstraints
6544: extension is absent.
6545: .It SSL Server
6546: The extended key usage extension must be absent or include the
6547: web server authentication and/or one of the SGC OIDs.
6548: .Cm keyUsage
6549: must be absent or it must have the
6550: .Cm digitalSignature
6551: set, the
6552: .Cm keyEncipherment
6553: set, or both bits set.
6554: The Netscape certificate type must be absent or have the SSL server bit set.
6555: .It SSL Server CA
6556: The extended key usage extension must be absent or include the
6557: web server authentication and/or one of the SGC OIDs.
6558: The Netscape certificate type must be absent or the SSL CA bit must be set:
6559: this is used as a workaround if the
6560: .Cm basicConstraints
6561: extension is absent.
6562: .It Netscape SSL Server
6563: For Netscape SSL clients to connect to an SSL server; it must have the
6564: .Cm keyEncipherment
6565: bit set if the
6566: .Cm keyUsage
6567: extension is present.
6568: This isn't always valid because some cipher suites use the key for
6569: digital signing.
6570: Otherwise it is the same as a normal SSL server.
6571: .It Common S/MIME Client Tests
6572: The extended key usage extension must be absent or include the
6573: email protection OID.
6574: The Netscape certificate type must be absent or should have the S/MIME bit set.
6575: If the S/MIME bit is not set in Netscape certificate type, then the SSL
6576: client bit is tolerated as an alternative but a warning is shown:
6577: this is because some Verisign certificates don't set the S/MIME bit.
6578: .It S/MIME Signing
6579: In addition to the common S/MIME client tests, the
6580: .Cm digitalSignature
6581: bit must be set if the
6582: .Cm keyUsage
6583: extension is present.
6584: .It S/MIME Encryption
6585: In addition to the common S/MIME tests, the
6586: .Cm keyEncipherment
6587: bit must be set if the
6588: .Cm keyUsage
6589: extension is present.
6590: .It S/MIME CA
6591: The extended key usage extension must be absent or include the
6592: email protection OID.
6593: The Netscape certificate type must be absent
6594: or must have the S/MIME CA bit set:
6595: this is used as a workaround if the
6596: .Cm basicConstraints
6597: extension is absent.
6598: .It CRL Signing
6599: The
6600: .Cm keyUsage
6601: extension must be absent or it must have the CRL signing bit set.
6602: .It CRL Signing CA
6603: The normal CA tests apply, except the
6604: .Cm basicConstraints
6605: extension must be present.
6606: .El
1.1 jsing 6607: .It Fl setalias Ar arg
1.80 jmc 6608: Set the alias of the certificate,
6609: allowing the certificate to be referred to using a nickname,
6610: such as
1.1 jsing 6611: .Qq Steve's Certificate .
6612: .It Fl trustout
1.80 jmc 6613: Output a trusted certificate
6614: (the default if any trust settings are modified).
1.1 jsing 6615: An ordinary or trusted certificate can be input, but by default an ordinary
6616: certificate is output and any trust settings are discarded.
6617: .El
1.80 jmc 6618: .Pp
1.1 jsing 6619: The
6620: .Nm x509
1.80 jmc 6621: utility can be used to sign certificates and requests:
6622: it can thus behave like a mini CA.
6623: The following are x509 signing options:
1.1 jsing 6624: .Bl -tag -width "XXXX"
6625: .It Fl CA Ar file
1.80 jmc 6626: The CA certificate to be used for signing.
1.1 jsing 6627: When this option is present,
6628: .Nm x509
1.80 jmc 6629: behaves like a mini CA.
1.1 jsing 6630: The input file is signed by the CA using this option;
6631: that is, its issuer name is set to the subject name of the CA and it is
6632: digitally signed using the CA's private key.
6633: .Pp
6634: This option is normally combined with the
6635: .Fl req
6636: option.
6637: Without the
6638: .Fl req
6639: option, the input is a certificate which must be self-signed.
6640: .It Fl CAcreateserial
1.80 jmc 6641: Create the CA serial number file if it does not exist
6642: instead of generating an error.
6643: The file will contain the serial number
1.1 jsing 6644: .Sq 02
6645: and the certificate being signed will have
6646: .Sq 1
6647: as its serial number.
1.80 jmc 6648: .It Fl CAform Cm der | pem
1.1 jsing 6649: The format of the CA certificate file.
6650: The default is
1.80 jmc 6651: .Cm pem .
1.1 jsing 6652: .It Fl CAkey Ar file
1.80 jmc 6653: Set the CA private key to sign a certificate with.
6654: Otherwise it is assumed that the CA private key is present
6655: in the CA certificate file.
6656: .It Fl CAkeyform Cm der | pem
1.1 jsing 6657: The format of the CA private key.
6658: The default is
1.80 jmc 6659: .Cm pem .
1.1 jsing 6660: .It Fl CAserial Ar file
1.80 jmc 6661: Use the serial number in
6662: .Ar file
6663: to sign a certificate.
6664: The file should consist of one line containing an even number of hex digits
1.1 jsing 6665: with the serial number to use.
6666: After each use the serial number is incremented and written out
6667: to the file again.
6668: .Pp
6669: The default filename consists of the CA certificate file base name with
6670: .Pa .srl
6671: appended.
6672: For example, if the CA certificate file is called
6673: .Pa mycacert.pem ,
6674: it expects to find a serial number file called
6675: .Pa mycacert.srl .
6676: .It Fl checkend Ar arg
6677: Check whether the certificate expires in the next
6678: .Ar arg
6679: seconds.
6680: If so, exit with return value 1;
6681: otherwise exit with return value 0.
6682: .It Fl clrext
6683: Delete any extensions from a certificate.
6684: This option is used when a certificate is being created from another
6685: certificate (for example with the
6686: .Fl signkey
6687: or the
6688: .Fl CA
6689: options).
6690: Normally, all extensions are retained.
6691: .It Fl days Ar arg
1.80 jmc 6692: The number of days to make a certificate valid for.
1.1 jsing 6693: The default is 30 days.
6694: .It Fl extensions Ar section
6695: The section to add certificate extensions from.
6696: If this option is not specified, the extensions should either be
1.80 jmc 6697: contained in the unnamed (default) section
6698: or the default section should contain a variable called
1.1 jsing 6699: .Qq extensions
6700: which contains the section to use.
6701: .It Fl extfile Ar file
6702: File containing certificate extensions to use.
6703: If not specified, no extensions are added to the certificate.
1.80 jmc 6704: .It Fl keyform Cm der | pem
6705: The format of the private key file used in the
1.1 jsing 6706: .Fl signkey
6707: option.
6708: .It Fl req
1.80 jmc 6709: Expect a certificate request on input instead of a certificate.
1.1 jsing 6710: .It Fl set_serial Ar n
1.80 jmc 6711: The serial number to use.
1.1 jsing 6712: This option can be used with either the
6713: .Fl signkey
6714: or
6715: .Fl CA
6716: options.
6717: If used in conjunction with the
6718: .Fl CA
6719: option, the serial number file (as specified by the
6720: .Fl CAserial
6721: or
6722: .Fl CAcreateserial
6723: options) is not used.
6724: .Pp
6725: The serial number can be decimal or hex (if preceded by
6726: .Sq 0x ) .
6727: Negative serial numbers can also be specified but their use is not recommended.
6728: .It Fl signkey Ar file
1.80 jmc 6729: Self-sign
6730: .Ar file
6731: using the supplied private key.
1.1 jsing 6732: .Pp
6733: If the input file is a certificate, it sets the issuer name to the
1.80 jmc 6734: subject name (i.e. makes it self-signed),
1.1 jsing 6735: changes the public key to the supplied value,
6736: and changes the start and end dates.
6737: The start date is set to the current time and the end date is set to
6738: a value determined by the
6739: .Fl days
6740: option.
6741: Any certificate extensions are retained unless the
6742: .Fl clrext
6743: option is supplied.
6744: .Pp
6745: If the input is a certificate request, a self-signed certificate
6746: is created using the supplied private key using the subject name in
6747: the request.
6748: .It Fl x509toreq
1.80 jmc 6749: Convert a certificate into a certificate request.
1.1 jsing 6750: The
6751: .Fl signkey
6752: option is used to pass the required private key.
6753: .El
1.38 jmc 6754: .Sh COMMON NOTATION
6755: Several commands share a common syntax,
6756: as detailed below.
6757: .Pp
6758: Password arguments, typically specified using
1.33 jmc 6759: .Fl passin
6760: and
6761: .Fl passout
1.38 jmc 6762: for input and output passwords,
6763: allow passwords to be obtained from a variety of sources.
6764: Both of these options take a single argument, described below.
1.33 jmc 6765: If no password argument is given and a password is required,
6766: then the user is prompted to enter one:
6767: this will typically be read from the current terminal with echoing turned off.
1.38 jmc 6768: .Bl -tag -width "pass:password" -offset indent
6769: .It Cm pass : Ns Ar password
1.33 jmc 6770: The actual password is
6771: .Ar password .
1.38 jmc 6772: Since the password is visible to utilities,
1.33 jmc 6773: this form should only be used where security is not important.
1.38 jmc 6774: .It Cm env : Ns Ar var
1.33 jmc 6775: Obtain the password from the environment variable
6776: .Ar var .
1.38 jmc 6777: Since the environment of other processes is visible,
6778: this option should be used with caution.
6779: .It Cm file : Ns Ar path
1.33 jmc 6780: The first line of
6781: .Ar path
6782: is the password.
6783: If the same
6784: .Ar path
6785: argument is supplied to
6786: .Fl passin
6787: and
6788: .Fl passout ,
6789: then the first line will be used for the input password and the next line
6790: for the output password.
6791: .Ar path
6792: need not refer to a regular file:
6793: it could, for example, refer to a device or named pipe.
1.38 jmc 6794: .It Cm fd : Ns Ar number
1.33 jmc 6795: Read the password from the file descriptor
6796: .Ar number .
1.38 jmc 6797: This can be used to send the data via a pipe, for example.
6798: .It Cm stdin
1.33 jmc 6799: Read the password from standard input.
1.35 jmc 6800: .El
1.38 jmc 6801: .Pp
1.64 jmc 6802: Input/output formats,
1.38 jmc 6803: typically specified using
6804: .Fl inform
6805: and
6806: .Fl outform ,
1.64 jmc 6807: indicate the format being read from or written to.
1.38 jmc 6808: The argument is case insensitive.
6809: .Pp
6810: .Bl -tag -width Ds -offset indent -compact
6811: .It Cm der
6812: Distinguished Encoding Rules (DER)
6813: is a binary format.
1.64 jmc 6814: .It Cm net
6815: Insecure legacy format.
1.38 jmc 6816: .It Cm pem
6817: Privacy Enhanced Mail (PEM)
6818: is base64-encoded.
1.108 inoguchi 6819: .It Cm pvk
6820: Private Key format.
1.70 jmc 6821: .It Cm smime
6822: An SMIME format message.
1.38 jmc 6823: .It Cm txt
6824: Plain ASCII text.
6825: .El
1.35 jmc 6826: .Sh ENVIRONMENT
6827: The following environment variables affect the execution of
6828: .Nm openssl :
1.38 jmc 6829: .Bl -tag -width "/etc/ssl/openssl.cnf"
1.35 jmc 6830: .It Ev OPENSSL_CONF
6831: The location of the master configuration file.
1.33 jmc 6832: .El
1.1 jsing 6833: .Sh FILES
6834: .Bl -tag -width "/etc/ssl/openssl.cnf" -compact
1.17 sobrado 6835: .It Pa /etc/ssl/
1.1 jsing 6836: Default config directory for
6837: .Nm openssl .
1.17 sobrado 6838: .It Pa /etc/ssl/lib/
1.1 jsing 6839: Unused.
1.17 sobrado 6840: .It Pa /etc/ssl/private/
1.1 jsing 6841: Default private key directory.
1.17 sobrado 6842: .It Pa /etc/ssl/openssl.cnf
1.1 jsing 6843: Default configuration file for
6844: .Nm openssl .
1.17 sobrado 6845: .It Pa /etc/ssl/x509v3.cnf
1.1 jsing 6846: Default configuration file for
6847: .Nm x509
6848: certificates.
6849: .El
6850: .Sh SEE ALSO
1.74 jmc 6851: .Xr acme-client 1 ,
1.26 jmc 6852: .Xr nc 1 ,
1.90 schwarze 6853: .Xr openssl.cnf 5 ,
6854: .Xr x509v3.cnf 5 ,
1.1 jsing 6855: .Xr ssl 8 ,
6856: .Xr starttls 8
6857: .Sh STANDARDS
6858: .Rs
6859: .%A T. Dierks
6860: .%A C. Allen
6861: .%D January 1999
6862: .%R RFC 2246
6863: .%T The TLS Protocol Version 1.0
6864: .Re
6865: .Pp
6866: .Rs
6867: .%A M. Wahl
6868: .%A S. Killie
6869: .%A T. Howes
6870: .%D December 1997
6871: .%R RFC 2253
6872: .%T Lightweight Directory Access Protocol (v3): UTF-8 String Representation of Distinguished Names
6873: .Re
6874: .Pp
6875: .Rs
6876: .%A B. Kaliski
6877: .%D March 1998
6878: .%R RFC 2315
6879: .%T PKCS #7: Cryptographic Message Syntax Version 1.5
6880: .Re
6881: .Pp
6882: .Rs
6883: .%A R. Housley
6884: .%A W. Ford
6885: .%A W. Polk
6886: .%A D. Solo
6887: .%D January 1999
6888: .%R RFC 2459
6889: .%T Internet X.509 Public Key Infrastructure Certificate and CRL Profile
6890: .Re
6891: .Pp
6892: .Rs
6893: .%A M. Myers
6894: .%A R. Ankney
6895: .%A A. Malpani
6896: .%A S. Galperin
6897: .%A C. Adams
6898: .%D June 1999
6899: .%R RFC 2560
6900: .%T X.509 Internet Public Key Infrastructure Online Certificate Status Protocol \(en OCSP
6901: .Re
6902: .Pp
6903: .Rs
6904: .%A R. Housley
6905: .%D June 1999
6906: .%R RFC 2630
6907: .%T Cryptographic Message Syntax
6908: .Re
6909: .Pp
6910: .Rs
6911: .%A P. Chown
6912: .%D June 2002
6913: .%R RFC 3268
1.24 jmc 6914: .%T Advanced Encryption Standard (AES) Ciphersuites for Transport Layer Security (TLS)
1.1 jsing 6915: .Re