Annotation of src/usr.bin/openssl/openssl.1, Revision 1.122
1.122 ! inoguchi 1: .\" $OpenBSD: openssl.1,v 1.121 2020/04/25 19:18:40 schwarze Exp $
1.1 jsing 2: .\" ====================================================================
3: .\" Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
4: .\"
5: .\" Redistribution and use in source and binary forms, with or without
6: .\" modification, are permitted provided that the following conditions
7: .\" are met:
8: .\"
9: .\" 1. Redistributions of source code must retain the above copyright
10: .\" notice, this list of conditions and the following disclaimer.
11: .\"
12: .\" 2. Redistributions in binary form must reproduce the above copyright
13: .\" notice, this list of conditions and the following disclaimer in
14: .\" the documentation and/or other materials provided with the
15: .\" distribution.
16: .\"
17: .\" 3. All advertising materials mentioning features or use of this
18: .\" software must display the following acknowledgment:
19: .\" "This product includes software developed by the OpenSSL Project
20: .\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
21: .\"
22: .\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
23: .\" endorse or promote products derived from this software without
24: .\" prior written permission. For written permission, please contact
25: .\" openssl-core@openssl.org.
26: .\"
27: .\" 5. Products derived from this software may not be called "OpenSSL"
28: .\" nor may "OpenSSL" appear in their names without prior written
29: .\" permission of the OpenSSL Project.
30: .\"
31: .\" 6. Redistributions of any form whatsoever must retain the following
32: .\" acknowledgment:
33: .\" "This product includes software developed by the OpenSSL Project
34: .\" for use in the OpenSSL Toolkit (http://www.openssl.org/)"
35: .\"
36: .\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
37: .\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
38: .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
39: .\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
40: .\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
41: .\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
42: .\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
43: .\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
44: .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
45: .\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
46: .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
47: .\" OF THE POSSIBILITY OF SUCH DAMAGE.
48: .\" ====================================================================
49: .\"
50: .\" This product includes cryptographic software written by Eric Young
51: .\" (eay@cryptsoft.com). This product includes software written by Tim
52: .\" Hudson (tjh@cryptsoft.com).
53: .\"
54: .\"
55: .\" Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
56: .\" All rights reserved.
57: .\"
58: .\" This package is an SSL implementation written
59: .\" by Eric Young (eay@cryptsoft.com).
60: .\" The implementation was written so as to conform with Netscapes SSL.
61: .\"
62: .\" This library is free for commercial and non-commercial use as long as
63: .\" the following conditions are aheared to. The following conditions
64: .\" apply to all code found in this distribution, be it the RC4, RSA,
65: .\" lhash, DES, etc., code; not just the SSL code. The SSL documentation
66: .\" included with this distribution is covered by the same copyright terms
67: .\" except that the holder is Tim Hudson (tjh@cryptsoft.com).
68: .\"
69: .\" Copyright remains Eric Young's, and as such any Copyright notices in
70: .\" the code are not to be removed.
71: .\" If this package is used in a product, Eric Young should be given attribution
72: .\" as the author of the parts of the library used.
73: .\" This can be in the form of a textual message at program startup or
74: .\" in documentation (online or textual) provided with the package.
75: .\"
76: .\" Redistribution and use in source and binary forms, with or without
77: .\" modification, are permitted provided that the following conditions
78: .\" are met:
79: .\" 1. Redistributions of source code must retain the copyright
80: .\" notice, this list of conditions and the following disclaimer.
81: .\" 2. Redistributions in binary form must reproduce the above copyright
82: .\" notice, this list of conditions and the following disclaimer in the
83: .\" documentation and/or other materials provided with the distribution.
84: .\" 3. All advertising materials mentioning features or use of this software
85: .\" must display the following acknowledgement:
86: .\" "This product includes cryptographic software written by
87: .\" Eric Young (eay@cryptsoft.com)"
88: .\" The word 'cryptographic' can be left out if the rouines from the library
89: .\" being used are not cryptographic related :-).
90: .\" 4. If you include any Windows specific code (or a derivative thereof) from
91: .\" the apps directory (application code) you must include an
92: .\" acknowledgement:
93: .\" "This product includes software written by Tim Hudson
94: .\" (tjh@cryptsoft.com)"
95: .\"
96: .\" THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
97: .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
98: .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
99: .\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
100: .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
101: .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
102: .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
103: .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
104: .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
105: .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
106: .\" SUCH DAMAGE.
107: .\"
108: .\" The licence and distribution terms for any publically available version or
109: .\" derivative of this code cannot be changed. i.e. this code cannot simply be
110: .\" copied and put under another distribution licence
111: .\" [including the GNU Public Licence.]
112: .\"
1.122 ! inoguchi 113: .Dd $Mdocdate: April 25 2020 $
1.1 jsing 114: .Dt OPENSSL 1
115: .Os
116: .Sh NAME
117: .Nm openssl
118: .Nd OpenSSL command line tool
119: .Sh SYNOPSIS
120: .Nm
1.90 schwarze 121: .Ar command
1.1 jsing 122: .Op Ar command_opts
123: .Op Ar command_args
124: .Pp
125: .Nm
1.13 bentley 126: .Cm list-standard-commands |
127: .Cm list-message-digest-commands |
128: .Cm list-cipher-commands |
129: .Cm list-cipher-algorithms |
130: .Cm list-message-digest-algorithms |
1.1 jsing 131: .Cm list-public-key-algorithms
132: .Pp
133: .Nm
1.39 jmc 134: .Cm no- Ns Ar command
1.1 jsing 135: .Sh DESCRIPTION
136: .Nm OpenSSL
1.31 jmc 137: is a cryptography toolkit implementing the
138: Transport Layer Security
1.1 jsing 139: .Pq TLS v1
1.31 jmc 140: network protocol,
141: as well as related cryptography standards.
1.1 jsing 142: .Pp
143: The
144: .Nm
145: program is a command line tool for using the various
146: cryptography functions of
1.39 jmc 147: .Nm openssl Ns 's
1.33 jmc 148: crypto library from the shell.
1.1 jsing 149: .Pp
150: The pseudo-commands
151: .Cm list-standard-commands , list-message-digest-commands ,
152: and
153: .Cm list-cipher-commands
154: output a list
155: .Pq one entry per line
156: of the names of all standard commands, message digest commands,
157: or cipher commands, respectively, that are available in the present
158: .Nm
159: utility.
160: .Pp
161: The pseudo-commands
162: .Cm list-cipher-algorithms
163: and
164: .Cm list-message-digest-algorithms
165: list all cipher and message digest names,
166: one entry per line.
167: Aliases are listed as:
168: .Pp
1.33 jmc 169: .D1 from => to
1.1 jsing 170: .Pp
171: The pseudo-command
172: .Cm list-public-key-algorithms
173: lists all supported public key algorithms.
174: .Pp
175: The pseudo-command
1.39 jmc 176: .Cm no- Ns Ar command
1.1 jsing 177: tests whether a command of the
178: specified name is available.
1.39 jmc 179: If
180: .Ar command
181: does not exist,
1.1 jsing 182: it returns 0
183: and prints
1.39 jmc 184: .Cm no- Ns Ar command ;
1.1 jsing 185: otherwise it returns 1 and prints
1.39 jmc 186: .Ar command .
187: In both cases, the output goes to stdout and nothing is printed to stderr.
1.1 jsing 188: Additional command line arguments are always ignored.
189: Since for each cipher there is a command of the same name,
190: this provides an easy way for shell scripts to test for the
191: availability of ciphers in the
192: .Nm
193: program.
194: .Pp
195: .Sy Note :
1.39 jmc 196: .Cm no- Ns Ar command
1.1 jsing 197: is not able to detect pseudo-commands such as
198: .Cm quit ,
199: .Cm list- Ns Ar ... Ns Cm -commands ,
200: or
1.39 jmc 201: .Cm no- Ns Ar command
1.1 jsing 202: itself.
1.120 kn 203: .Tg asn1parse
1.1 jsing 204: .Sh ASN1PARSE
1.114 jmc 205: .Bl -hang -width "openssl asn1parse"
206: .It Nm openssl asn1parse
207: .Bk -words
1.1 jsing 208: .Op Fl i
209: .Op Fl dlimit Ar number
210: .Op Fl dump
211: .Op Fl genconf Ar file
212: .Op Fl genstr Ar str
213: .Op Fl in Ar file
1.34 jmc 214: .Op Fl inform Cm der | pem | txt
1.1 jsing 215: .Op Fl length Ar number
216: .Op Fl noout
217: .Op Fl offset Ar number
218: .Op Fl oid Ar file
219: .Op Fl out Ar file
220: .Op Fl strparse Ar offset
1.114 jmc 221: .Ek
222: .El
1.1 jsing 223: .Pp
224: The
225: .Nm asn1parse
226: command is a diagnostic utility that can parse ASN.1 structures.
227: It can also be used to extract data from ASN.1 formatted data.
228: .Pp
229: The options are as follows:
230: .Bl -tag -width Ds
231: .It Fl dlimit Ar number
232: Dump the first
233: .Ar number
234: bytes of unknown data in hex form.
235: .It Fl dump
236: Dump unknown data in hex form.
237: .It Fl genconf Ar file , Fl genstr Ar str
238: Generate encoded data based on string
239: .Ar str ,
240: file
241: .Ar file ,
1.34 jmc 242: or both, using the format described in
243: .Xr ASN1_generate_nconf 3 .
1.1 jsing 244: If only
245: .Ar file
246: is present then the string is obtained from the default section
247: using the name
248: .Dq asn1 .
1.84 jmc 249: The encoded data is passed through the ASN.1 parser and printed out as
1.1 jsing 250: though it came from a file;
251: the contents can thus be examined and written to a file using the
252: .Fl out
253: option.
254: .It Fl i
1.34 jmc 255: Indent the output according to the
1.1 jsing 256: .Qq depth
257: of the structures.
258: .It Fl in Ar file
1.41 jmc 259: The input file to read from, or standard input if not specified.
1.34 jmc 260: .It Fl inform Cm der | pem | txt
1.1 jsing 261: The input format.
262: .It Fl length Ar number
1.34 jmc 263: Number of bytes to parse; the default is until end of file.
1.1 jsing 264: .It Fl noout
1.46 jmc 265: Do not output the parsed version of the input file.
1.1 jsing 266: .It Fl offset Ar number
1.34 jmc 267: Starting offset to begin parsing; the default is start of file.
1.1 jsing 268: .It Fl oid Ar file
269: A file containing additional object identifiers
270: .Pq OIDs .
271: If an OID
272: .Pq object identifier
273: is not part of
1.34 jmc 274: .Nm openssl Ns 's
1.1 jsing 275: internal table it will be represented in
276: numerical form
277: .Pq for example 1.2.3.4 .
1.34 jmc 278: .Pp
1.1 jsing 279: Each line consists of three columns:
280: the first column is the OID in numerical format and should be followed by
281: whitespace.
282: The second column is the
1.34 jmc 283: .Qq short name ,
1.1 jsing 284: which is a single word followed by whitespace.
285: The final column is the rest of the line and is the
286: .Qq long name .
287: .Nm asn1parse
288: displays the long name.
1.34 jmc 289: .It Fl out Ar file
290: The DER-encoded output file; the default is no encoded output
291: (useful when combined with
292: .Fl strparse ) .
293: .It Fl strparse Ar offset
294: Parse the content octets of the ASN.1 object starting at
295: .Ar offset .
296: This option can be used multiple times to
297: .Qq drill down
298: into a nested structure.
299: .El
1.120 kn 300: .Tg ca
1.1 jsing 301: .Sh CA
1.114 jmc 302: .Bl -hang -width "openssl ca"
303: .It Nm openssl ca
304: .Bk -words
1.1 jsing 305: .Op Fl batch
306: .Op Fl cert Ar file
307: .Op Fl config Ar file
1.91 schwarze 308: .Op Fl create_serial
1.1 jsing 309: .Op Fl crl_CA_compromise Ar time
310: .Op Fl crl_compromise Ar time
311: .Op Fl crl_hold Ar instruction
312: .Op Fl crl_reason Ar reason
313: .Op Fl crldays Ar days
314: .Op Fl crlexts Ar section
315: .Op Fl crlhours Ar hours
1.103 inoguchi 316: .Op Fl crlsec Ar seconds
1.1 jsing 317: .Op Fl days Ar arg
318: .Op Fl enddate Ar date
319: .Op Fl extensions Ar section
1.103 inoguchi 320: .Op Fl extfile Ar file
1.1 jsing 321: .Op Fl gencrl
322: .Op Fl in Ar file
323: .Op Fl infiles
1.91 schwarze 324: .Op Fl key Ar password
1.103 inoguchi 325: .Op Fl keyfile Ar file
1.91 schwarze 326: .Op Fl keyform Cm pem | der
1.103 inoguchi 327: .Op Fl md Ar alg
1.1 jsing 328: .Op Fl msie_hack
1.107 inoguchi 329: .Op Fl multivalue-rdn
1.1 jsing 330: .Op Fl name Ar section
331: .Op Fl noemailDN
332: .Op Fl notext
333: .Op Fl out Ar file
1.103 inoguchi 334: .Op Fl outdir Ar directory
1.1 jsing 335: .Op Fl passin Ar arg
336: .Op Fl policy Ar arg
337: .Op Fl preserveDN
338: .Op Fl revoke Ar file
1.91 schwarze 339: .Op Fl selfsign
1.103 inoguchi 340: .Op Fl sigopt Ar nm:v
1.1 jsing 341: .Op Fl spkac Ar file
342: .Op Fl ss_cert Ar file
343: .Op Fl startdate Ar date
344: .Op Fl status Ar serial
345: .Op Fl subj Ar arg
346: .Op Fl updatedb
1.91 schwarze 347: .Op Fl utf8
1.1 jsing 348: .Op Fl verbose
1.114 jmc 349: .Ek
350: .El
1.1 jsing 351: .Pp
352: The
353: .Nm ca
1.35 jmc 354: command is a minimal certificate authority (CA) application.
1.1 jsing 355: It can be used to sign certificate requests in a variety of forms
1.35 jmc 356: and generate certificate revocation lists (CRLs).
1.1 jsing 357: It also maintains a text database of issued certificates and their status.
358: .Pp
1.35 jmc 359: The options relevant to CAs are as follows:
1.1 jsing 360: .Bl -tag -width "XXXX"
361: .It Fl batch
1.41 jmc 362: Batch mode.
1.1 jsing 363: In this mode no questions will be asked
364: and all certificates will be certified automatically.
365: .It Fl cert Ar file
366: The CA certificate file.
367: .It Fl config Ar file
1.72 jmc 368: Specify an alternative configuration file.
1.91 schwarze 369: .It Fl create_serial
370: If reading the serial from the text file as specified in the
371: configuration fails, create a new random serial to be used as the
372: next serial number.
1.1 jsing 373: .It Fl days Ar arg
374: The number of days to certify the certificate for.
375: .It Fl enddate Ar date
1.41 jmc 376: Set the expiry date.
1.88 jmc 377: The format of the date is [YY]YYMMDDHHMMSSZ,
378: with all four year digits required for dates from 2050 onwards.
1.1 jsing 379: .It Fl extensions Ar section
380: The section of the configuration file containing certificate extensions
381: to be added when a certificate is issued (defaults to
1.35 jmc 382: .Cm x509_extensions
1.1 jsing 383: unless the
384: .Fl extfile
385: option is used).
386: If no extension section is present, a V1 certificate is created.
387: If the extension section is present
388: .Pq even if it is empty ,
389: then a V3 certificate is created.
1.91 schwarze 390: See the
391: .Xr x509v3.cnf 5
392: manual page for details of the extension section format.
1.1 jsing 393: .It Fl extfile Ar file
394: An additional configuration
395: .Ar file
396: to read certificate extensions from
397: (using the default section unless the
398: .Fl extensions
399: option is also used).
400: .It Fl in Ar file
401: An input
402: .Ar file
403: containing a single certificate request to be signed by the CA.
404: .It Fl infiles
405: If present, this should be the last option; all subsequent arguments
406: are assumed to be the names of files containing certificate requests.
1.91 schwarze 407: .It Fl key Ar password
408: The
409: .Fa password
410: used to encrypt the private key.
1.35 jmc 411: Since on some systems the command line arguments are visible,
412: this option should be used with caution.
1.1 jsing 413: .It Fl keyfile Ar file
414: The private key to sign requests with.
1.91 schwarze 415: .It Fl keyform Cm pem | der
1.1 jsing 416: Private key file format.
1.91 schwarze 417: The default is
418: .Cm pem .
1.1 jsing 419: .It Fl md Ar alg
420: The message digest to use.
421: Possible values include
422: .Ar md5
423: and
424: .Ar sha1 .
425: This option also applies to CRLs.
426: .It Fl msie_hack
427: This is a legacy option to make
428: .Nm ca
429: work with very old versions of the IE certificate enrollment control
430: .Qq certenr3 .
431: It used UniversalStrings for almost everything.
432: Since the old control has various security bugs,
433: its use is strongly discouraged.
434: The newer control
435: .Qq Xenroll
436: does not need this option.
1.107 inoguchi 437: .It Fl multivalue-rdn
1.91 schwarze 438: This option causes the
439: .Fl subj
440: argument to be interpreted with full support for multivalued RDNs,
441: for example
442: .Qq "/DC=org/DC=OpenSSL/DC=users/UID=123456+CN=John Doe" .
443: If
1.107 inoguchi 444: .Fl multivalue-rdn
1.91 schwarze 445: is not used, the UID value is set to
446: .Qq "123456+CN=John Doe" .
1.1 jsing 447: .It Fl name Ar section
448: Specifies the configuration file
449: .Ar section
450: to use (overrides
451: .Cm default_ca
452: in the
453: .Cm ca
454: section).
455: .It Fl noemailDN
456: The DN of a certificate can contain the EMAIL field if present in the
1.30 mmcc 457: request DN, however it is good policy just having the email set into
1.1 jsing 458: the
1.35 jmc 459: .Cm altName
1.1 jsing 460: extension of the certificate.
461: When this option is set, the EMAIL field is removed from the certificate's
462: subject and set only in the, eventually present, extensions.
463: The
464: .Ar email_in_dn
465: keyword can be used in the configuration file to enable this behaviour.
466: .It Fl notext
467: Don't output the text form of a certificate to the output file.
468: .It Fl out Ar file
469: The output file to output certificates to.
470: The default is standard output.
1.91 schwarze 471: The certificate details will also be printed out to this file in
472: PEM format, except that
473: .Fl spkac
474: outputs DER format.
1.1 jsing 475: .It Fl outdir Ar directory
476: The
477: .Ar directory
478: to output certificates to.
479: The certificate will be written to a file consisting of the
480: serial number in hex with
481: .Qq .pem
482: appended.
483: .It Fl passin Ar arg
484: The key password source.
485: .It Fl policy Ar arg
1.41 jmc 486: Define the CA
1.1 jsing 487: .Qq policy
488: to use.
1.35 jmc 489: The policy section in the configuration file
490: consists of a set of variables corresponding to certificate DN fields.
491: The values may be one of
492: .Qq match
493: (the value must match the same field in the CA certificate),
494: .Qq supplied
495: (the value must be present), or
496: .Qq optional
497: (the value may be present).
498: Any fields not mentioned in the policy section
499: are silently deleted, unless the
500: .Fl preserveDN
501: option is set,
502: but this can be regarded more of a quirk than intended behaviour.
1.1 jsing 503: .It Fl preserveDN
504: Normally, the DN order of a certificate is the same as the order of the
505: fields in the relevant policy section.
506: When this option is set, the order is the same as the request.
507: This is largely for compatibility with the older IE enrollment control
508: which would only accept certificates if their DNs matched the order of the
509: request.
510: This is not needed for Xenroll.
1.91 schwarze 511: .It Fl selfsign
512: Indicates the issued certificates are to be signed with the key the
513: certificate requests were signed with, given with
514: .Fl keyfile .
515: Certificate requests signed with a different key are ignored.
516: If
517: .Fl gencrl ,
518: .Fl spkac ,
519: or
520: .Fl ss_cert
521: are given,
522: .Fl selfsign
523: is ignored.
524: .Pp
525: A consequence of using
526: .Fl selfsign
527: is that the self-signed certificate appears among the entries in
528: the certificate database (see the configuration option
529: .Cm database )
530: and uses the same serial number counter as all other certificates
531: signed with the self-signed certificate.
1.103 inoguchi 532: .It Fl sigopt Ar nm:v
533: Pass options to the signature algorithm during sign or certify operations.
534: The names and values of these options are algorithm-specific.
1.1 jsing 535: .It Fl spkac Ar file
536: A file containing a single Netscape signed public key and challenge,
537: and additional field values to be signed by the CA.
1.35 jmc 538: This will usually come from the
539: KEYGEN tag in an HTML form to create a new private key.
540: It is, however, possible to create SPKACs using the
541: .Nm spkac
542: utility.
543: .Pp
544: The file should contain the variable SPKAC set to the value of
545: the SPKAC and also the required DN components as name value pairs.
546: If it's necessary to include the same component twice,
547: then it can be preceded by a number and a
548: .Sq \&. .
1.1 jsing 549: .It Fl ss_cert Ar file
550: A single self-signed certificate to be signed by the CA.
551: .It Fl startdate Ar date
1.41 jmc 552: Set the start date.
1.88 jmc 553: The format of the date is [YY]YYMMDDHHMMSSZ,
554: with all four year digits required for dates from 2050 onwards.
1.91 schwarze 555: .It Fl subj Ar arg
556: Supersedes the subject name given in the request.
557: The
558: .Ar arg
559: must be formatted as
560: .Sm off
561: .Pf / Ar type0 Ns = Ar value0 Ns / Ar type 1 Ns = Ar value 1 Ns /
562: .Ar type2 Ns = Ar ... ;
563: .Sm on
564: characters may be escaped by
565: .Sq \e
566: .Pq backslash ,
567: no spaces are skipped.
568: .It Fl utf8
569: Interpret field values read from a terminal or obtained from a
570: configuration file as UTF-8 strings.
571: By default, they are interpreted as ASCII.
1.1 jsing 572: .It Fl verbose
1.41 jmc 573: Print extra details about the operations being performed.
1.1 jsing 574: .El
1.35 jmc 575: .Pp
576: The options relevant to CRLs are as follows:
1.1 jsing 577: .Bl -tag -width "XXXX"
578: .It Fl crl_CA_compromise Ar time
579: This is the same as
580: .Fl crl_compromise ,
581: except the revocation reason is set to CACompromise.
582: .It Fl crl_compromise Ar time
1.41 jmc 583: Set the revocation reason to keyCompromise and the compromise time to
1.1 jsing 584: .Ar time .
585: .Ar time
586: should be in GeneralizedTime format, i.e. YYYYMMDDHHMMSSZ.
587: .It Fl crl_hold Ar instruction
1.41 jmc 588: Set the CRL revocation reason code to certificateHold and the hold
1.1 jsing 589: instruction to
590: .Ar instruction
591: which must be an OID.
592: Although any OID can be used, only holdInstructionNone
593: (the use of which is discouraged by RFC 2459), holdInstructionCallIssuer or
594: holdInstructionReject will normally be used.
595: .It Fl crl_reason Ar reason
596: Revocation reason, where
597: .Ar reason
598: is one of:
599: unspecified, keyCompromise, CACompromise, affiliationChanged, superseded,
600: cessationOfOperation, certificateHold or removeFromCRL.
601: The matching of
602: .Ar reason
603: is case insensitive.
604: Setting any revocation reason will make the CRL v2.
605: In practice, removeFromCRL is not particularly useful because it is only used
606: in delta CRLs which are not currently implemented.
1.103 inoguchi 607: .It Fl crldays Ar days
1.1 jsing 608: The number of days before the next CRL is due.
609: This is the days from now to place in the CRL
1.35 jmc 610: .Cm nextUpdate
1.1 jsing 611: field.
612: .It Fl crlexts Ar section
613: The
614: .Ar section
615: of the configuration file containing CRL extensions to include.
616: If no CRL extension section is present then a V1 CRL is created;
617: if the CRL extension section is present
1.81 jmc 618: (even if it is empty)
1.1 jsing 619: then a V2 CRL is created.
1.81 jmc 620: The CRL extensions specified are CRL extensions and not CRL entry extensions.
621: It should be noted that some software can't handle V2 CRLs.
1.91 schwarze 622: See the
623: .Xr x509v3.cnf 5
624: manual page for details of the extension section format.
1.103 inoguchi 625: .It Fl crlhours Ar hours
1.1 jsing 626: The number of hours before the next CRL is due.
1.103 inoguchi 627: .It Fl crlsec Ar seconds
628: The number of seconds before the next CRL is due.
1.1 jsing 629: .It Fl gencrl
1.41 jmc 630: Generate a CRL based on information in the index file.
1.1 jsing 631: .It Fl revoke Ar file
632: A
633: .Ar file
634: containing a certificate to revoke.
1.91 schwarze 635: .It Fl status Ar serial
636: Show the status of the certificate with serial number
637: .Ar serial .
638: .It Fl updatedb
639: Update the database index to purge expired certificates.
1.1 jsing 640: .El
641: .Pp
1.35 jmc 642: Many of the options can be set in the
643: .Cm ca
644: section of the configuration file
645: (or in the default section of the configuration file),
646: specified using
647: .Cm default_ca
648: or
649: .Fl name .
650: The options
651: .Cm preserve
652: and
653: .Cm msie_hack
654: are read directly from the
655: .Cm ca
656: section.
1.1 jsing 657: .Pp
658: Many of the configuration file options are identical to command line
659: options.
660: Where the option is present in the configuration file and the command line,
661: the command line value is used.
662: Where an option is described as mandatory, then it must be present in
663: the configuration file or the command line equivalent
664: .Pq if any
665: used.
666: .Bl -tag -width "XXXX"
1.35 jmc 667: .It Cm certificate
1.1 jsing 668: The same as
669: .Fl cert .
670: It gives the file containing the CA certificate.
671: Mandatory.
1.35 jmc 672: .It Cm copy_extensions
1.1 jsing 673: Determines how extensions in certificate requests should be handled.
674: If set to
1.35 jmc 675: .Cm none
1.1 jsing 676: or this option is not present, then extensions are
677: ignored and not copied to the certificate.
678: If set to
1.35 jmc 679: .Cm copy ,
1.1 jsing 680: then any extensions present in the request that are not already present
681: are copied to the certificate.
682: If set to
1.35 jmc 683: .Cm copyall ,
1.1 jsing 684: then all extensions in the request are copied to the certificate:
685: if the extension is already present in the certificate it is deleted first.
1.35 jmc 686: .Pp
687: The
688: .Cm copy_extensions
689: option should be used with caution.
690: If care is not taken, it can be a security risk.
691: For example, if a certificate request contains a
692: .Cm basicConstraints
693: extension with CA:TRUE and the
694: .Cm copy_extensions
695: value is set to
696: .Cm copyall
697: and the user does not spot
1.91 schwarze 698: this when the certificate is displayed, then this will hand the requester
1.35 jmc 699: a valid CA certificate.
700: .Pp
701: This situation can be avoided by setting
702: .Cm copy_extensions
703: to
704: .Cm copy
705: and including
706: .Cm basicConstraints
707: with CA:FALSE in the configuration file.
708: Then if the request contains a
709: .Cm basicConstraints
710: extension, it will be ignored.
1.1 jsing 711: .Pp
712: The main use of this option is to allow a certificate request to supply
713: values for certain extensions such as
1.35 jmc 714: .Cm subjectAltName .
715: .It Cm crl_extensions
1.1 jsing 716: The same as
717: .Fl crlexts .
1.35 jmc 718: .It Cm crlnumber
1.1 jsing 719: A text file containing the next CRL number to use in hex.
720: The CRL number will be inserted in the CRLs only if this file exists.
721: If this file is present, it must contain a valid CRL number.
1.35 jmc 722: .It Cm database
1.1 jsing 723: The text database file to use.
724: Mandatory.
725: This file must be present, though initially it will be empty.
1.35 jmc 726: .It Cm default_crl_hours , default_crl_days
1.1 jsing 727: The same as the
728: .Fl crlhours
729: and
730: .Fl crldays
731: options.
732: These will only be used if neither command line option is present.
733: At least one of these must be present to generate a CRL.
1.35 jmc 734: .It Cm default_days
1.1 jsing 735: The same as the
736: .Fl days
737: option.
738: The number of days to certify a certificate for.
1.35 jmc 739: .It Cm default_enddate
1.1 jsing 740: The same as the
741: .Fl enddate
742: option.
743: Either this option or
1.35 jmc 744: .Cm default_days
1.1 jsing 745: .Pq or the command line equivalents
746: must be present.
1.35 jmc 747: .It Cm default_md
1.1 jsing 748: The same as the
749: .Fl md
750: option.
751: The message digest to use.
752: Mandatory.
1.35 jmc 753: .It Cm default_startdate
1.1 jsing 754: The same as the
755: .Fl startdate
756: option.
757: The start date to certify a certificate for.
758: If not set, the current time is used.
1.35 jmc 759: .It Cm email_in_dn
1.1 jsing 760: The same as
761: .Fl noemailDN .
762: If the EMAIL field is to be removed from the DN of the certificate,
763: simply set this to
764: .Qq no .
765: If not present, the default is to allow for the EMAIL field in the
766: certificate's DN.
1.35 jmc 767: .It Cm msie_hack
1.1 jsing 768: The same as
769: .Fl msie_hack .
1.35 jmc 770: .It Cm name_opt , cert_opt
1.1 jsing 771: These options allow the format used to display the certificate details
772: when asking the user to confirm signing.
773: All the options supported by the
774: .Nm x509
775: utilities'
776: .Fl nameopt
777: and
778: .Fl certopt
779: switches can be used here, except that
1.35 jmc 780: .Cm no_signame
1.1 jsing 781: and
1.35 jmc 782: .Cm no_sigdump
1.1 jsing 783: are permanently set and cannot be disabled
784: (this is because the certificate signature cannot be displayed because
785: the certificate has not been signed at this point).
786: .Pp
787: For convenience, the value
1.35 jmc 788: .Cm ca_default
1.1 jsing 789: is accepted by both to produce a reasonable output.
790: .Pp
791: If neither option is present, the format used in earlier versions of
1.35 jmc 792: .Nm openssl
1.1 jsing 793: is used.
1.81 jmc 794: Use of the old format is strongly discouraged
795: because it only displays fields mentioned in the
1.35 jmc 796: .Cm policy
1.1 jsing 797: section,
798: mishandles multicharacter string types and does not display extensions.
1.35 jmc 799: .It Cm new_certs_dir
1.1 jsing 800: The same as the
801: .Fl outdir
802: command line option.
803: It specifies the directory where new certificates will be placed.
804: Mandatory.
1.35 jmc 805: .It Cm oid_file
1.1 jsing 806: This specifies a file containing additional object identifiers.
807: Each line of the file should consist of the numerical form of the
808: object identifier followed by whitespace, then the short name followed
809: by whitespace and finally the long name.
1.35 jmc 810: .It Cm oid_section
1.1 jsing 811: This specifies a section in the configuration file containing extra
812: object identifiers.
813: Each line should consist of the short name of the object identifier
814: followed by
815: .Sq =
816: and the numerical form.
817: The short and long names are the same when this option is used.
1.35 jmc 818: .It Cm policy
1.1 jsing 819: The same as
820: .Fl policy .
821: Mandatory.
1.35 jmc 822: .It Cm preserve
1.1 jsing 823: The same as
824: .Fl preserveDN .
1.35 jmc 825: .It Cm private_key
1.1 jsing 826: Same as the
827: .Fl keyfile
828: option.
829: The file containing the CA private key.
830: Mandatory.
1.35 jmc 831: .It Cm serial
1.1 jsing 832: A text file containing the next serial number to use in hex.
833: Mandatory.
834: This file must be present and contain a valid serial number.
1.35 jmc 835: .It Cm unique_subject
1.1 jsing 836: If the value
1.35 jmc 837: .Cm yes
1.1 jsing 838: is given, the valid certificate entries in the
839: database must have unique subjects.
840: If the value
1.35 jmc 841: .Cm no
1.1 jsing 842: is given,
843: several valid certificate entries may have the exact same subject.
844: The default value is
1.35 jmc 845: .Cm yes .
846: .It Cm x509_extensions
1.1 jsing 847: The same as
848: .Fl extensions .
849: .El
1.120 kn 850: .Tg ciphers
1.1 jsing 851: .Sh CIPHERS
852: .Nm openssl ciphers
853: .Op Fl hVv
1.93 schwarze 854: .Op Ar control
1.1 jsing 855: .Pp
856: The
857: .Nm ciphers
1.93 schwarze 858: command converts the
859: .Ar control
860: string from the format documented in
861: .Xr SSL_CTX_set_cipher_list 3
862: into an ordered SSL cipher suite preference list.
863: If no
864: .Ar control
865: string is specified, the
866: .Cm DEFAULT
867: list is printed.
1.1 jsing 868: .Pp
869: The options are as follows:
870: .Bl -tag -width Ds
871: .It Fl h , \&?
872: Print a brief usage message.
873: .It Fl V
1.36 jmc 874: Verbose.
1.92 schwarze 875: List ciphers with cipher suite code in hex format,
876: cipher name, and a complete description of protocol version,
877: key exchange, authentication, encryption, and mac algorithms.
1.36 jmc 878: .It Fl v
1.1 jsing 879: Like
1.36 jmc 880: .Fl V ,
881: but without cipher suite codes.
1.116 inoguchi 882: .El
1.120 kn 883: .Tg cms
1.116 inoguchi 884: .Sh CMS
885: .Bl -hang -width "openssl cms"
886: .It Nm openssl cms
887: .Bk -words
888: .Oo
889: .Fl aes128 | aes192 | aes256 | camellia128 |
890: .Fl camellia192 | camellia256 | des | des3 |
891: .Fl rc2-40 | rc2-64 | rc2-128
892: .Oc
893: .Op Fl CAfile Ar file
894: .Op Fl CApath Ar directory
895: .Op Fl binary
896: .Op Fl certfile Ar file
897: .Op Fl certsout Ar file
898: .Op Fl cmsout
899: .Op Fl compress
900: .Op Fl content Ar file
901: .Op Fl crlfeol
902: .Op Fl data_create
903: .Op Fl data_out
904: .Op Fl debug_decrypt
905: .Op Fl decrypt
906: .Op Fl digest_create
907: .Op Fl digest_verify
908: .Op Fl econtent_type Ar type
909: .Op Fl encrypt
910: .Op Fl EncryptedData_decrypt
911: .Op Fl EncryptedData_encrypt
912: .Op Fl from Ar addr
913: .Op Fl in Ar file
914: .Op Fl inform Cm der | pem | smime
915: .Op Fl inkey Ar file
916: .Op Fl keyform Cm der | pem
917: .Op Fl keyid
918: .Op Fl keyopt Ar nm:v
919: .Op Fl md Ar digest
920: .Op Fl no_attr_verify
921: .Op Fl no_content_verify
922: .Op Fl no_signer_cert_verify
923: .Op Fl noattr
924: .Op Fl nocerts
925: .Op Fl nodetach
926: .Op Fl nointern
927: .Op Fl nooldmime
928: .Op Fl noout
929: .Op Fl nosigs
930: .Op Fl nosmimecap
931: .Op Fl noverify
932: .Op Fl out Ar file
933: .Op Fl outform Cm der | pem | smime
934: .Op Fl passin Ar src
935: .Op Fl print
936: .Op Fl pwri_password Ar arg
937: .Op Fl rctform Cm der | pem | smime
938: .Op Fl receipt_request_all | receipt_request_first
939: .Op Fl receipt_request_from Ar addr
940: .Op Fl receipt_request_print
941: .Op Fl receipt_request_to Ar addr
942: .Op Fl recip Ar file
943: .Op Fl resign
944: .Op Fl secretkey Ar key
945: .Op Fl secretkeyid Ar id
946: .Op Fl sign
947: .Op Fl sign_receipt
948: .Op Fl signer Ar file
949: .Op Fl stream | indef | noindef
950: .Op Fl subject Ar s
951: .Op Fl text
952: .Op Fl to Ar addr
953: .Op Fl uncompress
954: .Op Fl verify
955: .Op Fl verify_receipt Ar file
956: .Op Fl verify_retcode
957: .Op Ar cert.pem ...
958: .Ek
959: .El
960: .Pp
961: The
962: .Nm cms
963: command handles S/MIME v3.1 mail.
964: It can encrypt, decrypt, sign and verify, compress and uncompress S/MIME
965: messages.
966: .Pp
967: The MIME message must be sent without any blank lines between the headers and
968: the output.
969: Some mail programs will automatically add a blank line.
970: Piping the mail directly to sendmail is one way to achieve the correct format.
971: .Pp
972: The supplied message to be signed or encrypted must include the necessary MIME
973: headers or many S/MIME clients won't display it properly (if at all).
974: You can use the
975: .Fl text
976: option to automatically add plain text headers.
977: .Pp
978: A "signed and encrypted" message is one where a signed message is then
979: encrypted.
980: This can be produced by encrypting an already signed message.
981: .Pp
982: There are various operation options that set the type of operation to be
983: performed.
984: The meaning of the other options varies according to the operation type.
985: .Bl -tag -width "XXXX"
986: .It Fl encrypt
987: Encrypt mail for the given recipient certificates.
988: Input file is the message to be encrypted.
989: The output file is the encrypted mail in MIME format.
990: The actual CMS type is EnvelopedData.
991: Note that no revocation check is done for the recipient cert, so if that
992: key has been compromised, others may be able to decrypt the text.
993: .It Fl decrypt
994: Decrypt mail using the supplied certificate and private key.
995: Expects an encrypted mail message in MIME format for the input file.
996: The decrypted mail is written to the output file.
997: .It Fl sign
998: Sign mail using the supplied certificate and private key.
999: Input file is the message to be signed.
1000: The signed message in MIME format is written to the output file.
1001: .It Fl verify
1002: Verify signed mail.
1003: Expects a signed mail message on input and outputs the signed data.
1004: Both clear text and opaque signing are supported.
1005: .It Fl cmsout
1006: Take an input message and write out a PEM encoded CMS structure.
1007: .It Fl resign
1008: Resign a message.
1009: Take an existing message and one or more new signers.
1010: This operation uses an existing message digest when adding a new signer.
1011: This means that attributes must be present in at least one existing
1012: signer using the same message digest or this operation will fail.
1013: .It Fl data_create
1014: Create a CMS Data type.
1015: .It Fl data_out
1016: Output a content from the input CMS Data type.
1017: .It Fl digest_create
1018: Create a CMS DigestedData type.
1019: .It Fl digest_verify
1020: Verify a CMS DigestedData type and output the content.
1021: .It Fl compress
1022: Create a CMS CompressedData type.
1023: Must be compiled with zlib support for this option to work.
1024: .It Fl uncompress
1025: Uncompress a CMS CompressedData type and output the content.
1026: Must be compiled with zlib support for this option to work.
1027: .It Fl EncryptedData_encrypt
1028: Encrypt a content using supplied symmetric key and algorithm using a
1029: CMS EncryptedData type.
1030: .It Fl EncryptedData_decrypt
1031: Decrypt a CMS EncryptedData type using supplied symmetric key.
1032: .It Fl sign_receipt
1033: Generate and output a signed receipt for the supplied message.
1034: The input message must contain a signed receipt request.
1035: Functionality is otherwise similar to the
1036: .Fl sign
1037: operation.
1038: .It Xo
1039: .Fl verify_receipt Ar file
1040: .Xc
1041: Verify a signed receipt in file.
1042: The input message must contain the original receipt request.
1043: Functionality is otherwise similar to the
1044: .Fl verify
1045: operation.
1046: .El
1047: .Pp
1048: The remaining options are as follows:
1049: .Bl -tag -width "XXXX"
1050: .It Xo
1051: .Fl aes128 | aes192 | aes256 | camellia128 |
1052: .Fl camellia192 | camellia256 | des | des3 |
1053: .Fl rc2-40 | rc2-64 | rc2-128
1054: .Xc
1055: The encryption algorithm to use.
1056: 128-, 192-, or 256-bit AES, 128-, 192-, or 256-bit CAMELLIA,
1057: DES (56 bits), triple DES (168 bits),
1058: or 40-, 64-, or 128-bit RC2, respectively;
1059: if not specified, triple DES is
1060: used.
1061: Only used with
1062: .Fl encrypt
1063: and
1064: .Fl EncryptedData_encrypt
1065: commands.
1066: .It Fl binary
1067: Normally the input message is converted to "canonical" format which is
1068: effectively using CR/LF as end of line, as required by the S/MIME specification.
1069: When this option is present no translation occurs.
1070: This is useful when handling binary data which may not be in MIME format.
1071: .It Fl CAfile Ar file
1072: A file containing trusted CA certificates, used with
1073: .Fl verify
1074: and
1075: .Fl verify_receipt .
1076: .It Fl CApath Ar directory
1077: A directory containing trusted CA certificates, used with
1078: .Fl verify
1079: and
1080: .Fl verify_receipt .
1081: This directory must be a standard certificate directory: that is a hash
1082: of each subject name (using
1083: .Nm x509 Fl hash )
1084: should be linked to each certificate.
1085: .It Ar cert.pem...
1086: One or more certificates of message recipients: used when encrypting a message.
1087: .It Fl certfile Ar file
1088: Allows additional certificates to be specified.
1089: When signing these will be included with the message.
1090: When verifying these will be searched for the signer's certificates.
1091: The certificates should be in PEM format.
1092: .It Fl certsout Ar file
1093: A file that any certificates contained in the message are written to.
1094: .It Xo
1095: .Fl check_ss_sig ,
1096: .Fl crl_check ,
1097: .Fl crl_check_all ,
1098: .Fl extended_crl ,
1099: .Fl ignore_critical ,
1100: .Fl issuer_checks ,
1101: .Fl policy ,
1102: .Fl policy_check ,
1103: .Fl purpose ,
1104: .Fl x509_strict
1105: .Xc
1106: Set various certificate chain validation options.
1107: See the
1108: .Nm verify
1109: command for details.
1110: .It Fl content Ar file
1111: A file containing the detached content.
1112: This is only useful with the
1113: .Fl verify
1114: command.
1115: This is only usable if the CMS structure is using the detached signature
1116: form where the content is not included.
1117: This option will override any content if the input format is S/MIME and
1118: it uses the multipart/signed MIME content type.
1119: .It Fl crlfeol
1120: Output a S/MIME message with CR/LF end of line.
1121: .It Fl debug_decrypt
1122: Set the CMS_DEBUG_DECRYPT flag when decrypting.
1123: This option should be used with caution, since this can be used to disable
1124: the MMA attack protection and return an error if no recipient can be found.
1125: See the
1126: .Xr CMS_decrypt 3
1127: manual page for details of the flag.
1128: .It Xo
1129: .Fl from Ar addr ,
1130: .Fl subject Ar s ,
1131: .Fl to Ar addr
1132: .Xc
1133: The relevant mail headers.
1134: These are included outside the signed portion of a message so they may
1135: be included manually.
1136: If signing then many S/MIME mail clients check the signer's certificate's
1137: email address matches that specified in the From: address.
1138: .It Fl econtent_type Ar type
1139: Set the encapsulated content type, used with
1140: .Fl sign .
1141: If not supplied the Data type is used.
1142: The type argument can be any valid OID name in either text or numerical format.
1143: .It Fl in Ar file
1144: The input message to be encrypted or signed or the message to be decrypted or
1145: verified.
1146: .It Fl inform Cm der | pem | smime
1147: The input format for the CMS structure.
1148: The default is
1149: .Cm smime ,
1150: which reads an S/MIME format message.
1151: .Cm pem
1152: and
1153: .Cm der
1154: format change this to expect PEM and DER format CMS structures instead.
1155: This currently only affects the input format of the CMS structure; if no
1156: CMS structure is being input (for example with
1157: .Fl encrypt
1158: or
1159: .Fl sign )
1160: this option has no effect.
1161: .It Fl inkey Ar file
1162: The private key to use when signing or decrypting.
1163: This must match the corresponding certificate.
1164: If this option is not specified then the private key must be included in
1165: the certificate file specified with the
1166: .Fl recip
1167: or
1168: .Fl signer
1169: file.
1170: When signing this option can be used multiple times to specify successive keys.
1171: .It Fl keyform Cm der | pem
1172: Input private key format.
1173: The default is
1174: .Cm pem .
1175: .It Fl keyid
1176: Use subject key identifier to identify certificates instead of issuer
1177: name and serial number.
1178: The supplied certificate must include a subject key identifier extension.
1179: Supported by
1180: .Fl sign
1181: and
1182: .Fl encrypt
1183: operations.
1184: .It Fl keyopt Ar nm:v
1185: Set customised parameters for the preceding key or certificate
1186: for encryption and signing.
1187: It can currently be used to set RSA-PSS for signing, RSA-OAEP for
1188: encryption or to modify default parameters for ECDH.
1189: This option can be used multiple times.
1190: .It Fl md Ar digest
1191: The digest algorithm to use when signing or resigning.
1192: If not present then the default digest algorithm for the signing key
1193: will be used (usually SHA1).
1194: .It Fl no_attr_verify
1195: Do not verify the signer's attribute of a signature.
1196: .It Fl no_content_verify
1197: Do not verify the content of a signed message.
1198: .It Fl no_signer_cert_verify
1199: Do not verify the signer's certificate of a signed message.
1200: .It Fl noattr
1201: Do not include attributes.
1202: Normally when a message is signed a set of attributes are included which
1203: include the signing time and supported symmetric algorithms.
1204: With this option they are not included.
1205: .It Fl nocerts
1206: Do not include the signer's certificate.
1207: This will reduce the size of the signed message but the verifier must
1208: have a copy of the signer's certificate available locally (passed using
1209: the
1210: .Fl certfile
1211: option for example).
1212: .It Fl nodetach
1213: When signing a message use opaque signing.
1214: This form is more resistant to translation by mail relays but it cannot be
1215: read by mail agents that do not support S/MIME.
1216: Without this option cleartext signing with the MIME type multipart/signed is
1217: used.
1218: .It Fl nointern
1219: Only the certificates specified in the
1220: .Fl certfile
1221: option are used.
1222: When verifying a message normally certificates (if any) included in the
1223: message are searched for the signing certificate.
1224: The supplied certificates can still be used as untrusted CAs however.
1225: .It Fl nooldmime
1226: Output an old S/MIME content type like "application/x-pkcs7-".
1227: .It Fl noout
1228: Do not output the parsed CMS structure for the
1229: .Fl cmsout
1230: operation.
1231: This is useful when combined with the
1232: .Fl print
1233: option or if the syntax of the CMS structure is being checked.
1234: .It Fl nosigs
1235: Do not try to verify the signatures on the message.
1236: .It Fl nosmimecap
1237: Exclude the list of supported algorithms from signed attributes; other
1238: options such as signing time and content type are still included.
1239: .It Fl noverify
1240: Do not verify the signer's certificate of a signed message.
1241: .It Fl out Ar file
1242: The message text that has been decrypted or verified or the output MIME
1243: format message that has been signed or verified.
1244: .It Fl outform Cm der | pem | smime
1245: This specifies the output format for the CMS structure.
1246: The default is
1247: .Cm smime ,
1248: which writes an S/MIME format message.
1249: .Cm pem
1250: and
1251: .Cm der
1252: format change this to write PEM and DER format CMS structures instead.
1253: This currently only affects the output format of the CMS structure; if
1254: no CMS structure is being output (for example with
1255: .Fl verify
1256: or
1257: .Fl decrypt )
1258: this option has no effect.
1259: .It Fl passin Ar src
1260: The private key password source.
1261: .It Fl print
1262: Print out all fields of the CMS structure for the
1263: .Fl cmsout
1264: operation.
1265: This is mainly useful for testing purposes.
1266: .It Fl pwri_password Ar arg
1267: Specify PasswordRecipientInfo (PWRI) password to use.
1268: Supported by the
1269: .Fl encrypt
1270: and
1271: .Fl decrypt
1272: operations.
1273: .It Fl rctform Cm der | pem | smime
1274: Specify the format for a signed receipt for use with the
1275: .Fl receipt_verify
1276: operation.
1277: The default is
1278: .Cm smime .
1279: .It Fl receipt_request_all | receipt_request_first
1280: Indicate requests should be provided by all recipient or first tier
1281: recipients (those mailed directly and not from a mailing list), for the
1282: .Fl sign
1283: operation to include a signed receipt request.
1284: Ignored if
1285: .Fl receipt_request_from
1286: is included.
1287: .It Fl receipt_request_from Ar addr
1288: Add an explicit email address where receipts should be supplied.
1289: .It Fl receipt_request_print
1290: Print out the contents of any signed receipt requests for the
1291: .Fl verify
1292: operation.
1293: .It Fl receipt_request_to Ar addr
1294: Add an explicit email address where signed receipts should be sent to.
1295: This option must be supplied if a signed receipt is requested.
1296: .It Fl recip Ar file
1297: When decrypting a message this specifies the recipient's certificate.
1298: The certificate must match one of the recipients of the message or an
1299: error occurs.
1300: When encrypting a message this option may be used multiple times to
1301: specify each recipient.
1302: This form must be used if customised parameters are required (for example to
1303: specify RSA-OAEP).
1304: Only certificates carrying RSA, Diffie-Hellman or EC keys are supported
1305: by this option.
1306: .It Fl secretkey Ar key
1307: Specify symmetric key to use.
1308: The key must be supplied in hex format and be consistent with the
1309: algorithm used.
1310: Supported by the
1311: .Fl EncryptedData_encrypt ,
1312: .Fl EncryptedData_decrypt ,
1313: .Fl encrypt
1314: and
1315: .Fl decrypt
1316: operations.
1317: When used with
1318: .Fl encrypt
1319: or
1320: .Fl decrypt
1321: the supplied key is used to wrap or unwrap the content encryption key
1322: using an AES key in the KEKRecipientInfo type.
1323: .It Fl secretkeyid Ar id
1324: The key identifier for the supplied symmetric key for KEKRecipientInfo type.
1325: This option must be present if the
1326: .Fl secretkey
1327: option is used with
1328: .Fl encrypt .
1329: With
1330: .Fl decrypt
1331: operations the id is used to locate the relevant key; if it is not supplied
1332: then an attempt is used to decrypt any KEKRecipientInfo structures.
1333: .It Fl signer Ar file
1334: A signing certificate when signing or resigning a message; this option
1335: can be used multiple times if more than one signer is required.
1336: If a message is being verified then the signers certificates will be
1337: written to this file if the verification was successful.
1338: .It Xo
1339: .Fl stream |
1340: .Fl indef |
1341: .Fl noindef
1342: .Xc
1343: The
1344: .Fl stream
1345: and
1346: .Fl indef
1347: options are equivalent and enable streaming I/O for encoding operations.
1348: This permits single pass processing of data without the need to hold the
1349: entire contents in memory, potentially supporting very large files.
1350: Streaming is automatically set for S/MIME signing with detached data if
1351: the output format is
1352: .Cm smime ;
1353: it is currently off by default for all other operations.
1354: .Fl noindef
1355: disable streaming I/O where it would produce an indefinite length
1356: constructed encoding.
1357: This option currently has no effect.
1358: .It Fl text
1359: Add plain text (text/plain) MIME headers to the supplied message if
1360: encrypting or signing.
1361: If decrypting or verifying it strips off text headers: if the decrypted
1362: or verified message is not of MIME type text/plain then an error occurs.
1363: .It Fl verify_retcode
1364: Set verification error code to exit code to indicate what verification error
1365: has occurred.
1366: Supported by
1367: .Fl verify
1368: operation only.
1369: Exit code value minus 32 shows verification error code.
1370: See
1371: .Nm verify
1372: command for the list of verification error code.
1373: .El
1374: .Pp
1375: The exit codes for
1376: .Nm cms
1377: are as follows:
1378: .Pp
1379: .Bl -tag -width "XXXX" -offset 3n -compact
1380: .It 0
1381: The operation was completely successful.
1382: .It 1
1383: An error occurred parsing the command options.
1384: .It 2
1385: One of the input files could not be read.
1386: .It 3
1387: An error occurred creating the CMS file or when reading the MIME message.
1388: .It 4
1389: An error occurred decrypting or verifying the message.
1390: .It 5
1391: The message was verified correctly but an error occurred writing out the
1392: signer's certificates.
1393: .It 6
1394: An error occurred writing the output file.
1395: .It 32+
1396: A verify error occurred while
1397: .Fl verify_retcode
1398: is specified.
1.1 jsing 1399: .El
1.120 kn 1400: .Tg crl
1.1 jsing 1401: .Sh CRL
1.114 jmc 1402: .Bl -hang -width "openssl crl"
1403: .It Nm openssl crl
1404: .Bk -words
1.1 jsing 1405: .Op Fl CAfile Ar file
1406: .Op Fl CApath Ar dir
1.104 inoguchi 1407: .Op Fl crlnumber
1.1 jsing 1408: .Op Fl fingerprint
1409: .Op Fl hash
1.104 inoguchi 1410: .Op Fl hash_old
1.1 jsing 1411: .Op Fl in Ar file
1.38 jmc 1412: .Op Fl inform Cm der | pem
1.1 jsing 1413: .Op Fl issuer
1414: .Op Fl lastupdate
1.104 inoguchi 1415: .Op Fl nameopt Ar option
1.1 jsing 1416: .Op Fl nextupdate
1417: .Op Fl noout
1418: .Op Fl out Ar file
1.38 jmc 1419: .Op Fl outform Cm der | pem
1.1 jsing 1420: .Op Fl text
1.104 inoguchi 1421: .Op Fl verify
1.114 jmc 1422: .Ek
1423: .El
1.1 jsing 1424: .Pp
1425: The
1426: .Nm crl
1427: command processes CRL files in DER or PEM format.
1.37 jmc 1428: .Pp
1.1 jsing 1429: The options are as follows:
1430: .Bl -tag -width Ds
1431: .It Fl CAfile Ar file
1432: Verify the signature on a CRL by looking up the issuing certificate in
1433: .Ar file .
1434: .It Fl CApath Ar directory
1435: Verify the signature on a CRL by looking up the issuing certificate in
1436: .Ar dir .
1437: This directory must be a standard certificate directory,
1438: i.e. a hash of each subject name (using
1439: .Cm x509 Fl hash )
1440: should be linked to each certificate.
1.104 inoguchi 1441: .It Fl crlnumber
1442: Print the CRL number.
1.1 jsing 1443: .It Fl fingerprint
1444: Print the CRL fingerprint.
1445: .It Fl hash
1446: Output a hash of the issuer name.
1447: This can be used to look up CRLs in a directory by issuer name.
1.104 inoguchi 1448: .It Fl hash_old
1449: Output an old-style (MD5) hash of the issuer name.
1.1 jsing 1450: .It Fl in Ar file
1.37 jmc 1451: The input file to read from, or standard input if not specified.
1.38 jmc 1452: .It Fl inform Cm der | pem
1.37 jmc 1453: The input format.
1.1 jsing 1454: .It Fl issuer
1455: Output the issuer name.
1456: .It Fl lastupdate
1457: Output the
1.37 jmc 1458: .Cm lastUpdate
1.1 jsing 1459: field.
1.104 inoguchi 1460: .It Fl nameopt Ar option
1461: Specify certificate name options.
1.1 jsing 1462: .It Fl nextupdate
1463: Output the
1.37 jmc 1464: .Cm nextUpdate
1.1 jsing 1465: field.
1466: .It Fl noout
1.46 jmc 1467: Do not output the encoded version of the CRL.
1.1 jsing 1468: .It Fl out Ar file
1.37 jmc 1469: The output file to write to, or standard output if not specified.
1.38 jmc 1470: .It Fl outform Cm der | pem
1.37 jmc 1471: The output format.
1.1 jsing 1472: .It Fl text
1.64 jmc 1473: Print the CRL in plain text.
1.104 inoguchi 1474: .It Fl verify
1475: Verify the signature on the CRL.
1.1 jsing 1476: .El
1.120 kn 1477: .Tg crl2pkcs7
1.1 jsing 1478: .Sh CRL2PKCS7
1.114 jmc 1479: .Bl -hang -width "openssl crl2pkcs7"
1480: .It Nm openssl crl2pkcs7
1481: .Bk -words
1.1 jsing 1482: .Op Fl certfile Ar file
1483: .Op Fl in Ar file
1.40 jmc 1484: .Op Fl inform Cm der | pem
1.1 jsing 1485: .Op Fl nocrl
1486: .Op Fl out Ar file
1.40 jmc 1487: .Op Fl outform Cm der | pem
1.114 jmc 1488: .Ek
1489: .El
1.1 jsing 1490: .Pp
1491: The
1492: .Nm crl2pkcs7
1493: command takes an optional CRL and one or more
1494: certificates and converts them into a PKCS#7 degenerate
1495: .Qq certificates only
1496: structure.
1497: .Pp
1498: The options are as follows:
1499: .Bl -tag -width Ds
1500: .It Fl certfile Ar file
1.40 jmc 1501: Add the certificates in PEM
1.1 jsing 1502: .Ar file
1.40 jmc 1503: to the PKCS#7 structure.
1504: This option can be used more than once
1505: to read certificates from multiple files.
1.1 jsing 1506: .It Fl in Ar file
1.40 jmc 1507: Read the CRL from
1508: .Ar file ,
1509: or standard input if not specified.
1510: .It Fl inform Cm der | pem
1.64 jmc 1511: The input format.
1.1 jsing 1512: .It Fl nocrl
1513: Normally, a CRL is included in the output file.
1514: With this option, no CRL is
1515: included in the output file and a CRL is not read from the input file.
1516: .It Fl out Ar file
1.40 jmc 1517: Write the PKCS#7 structure to
1518: .Ar file ,
1519: or standard output if not specified.
1520: .It Fl outform Cm der | pem
1.64 jmc 1521: The output format.
1.1 jsing 1522: .El
1.120 kn 1523: .Tg dgst
1.1 jsing 1524: .Sh DGST
1.114 jmc 1525: .Bl -hang -width "openssl dgst"
1526: .It Nm openssl dgst
1527: .Bk -words
1.105 inoguchi 1528: .Op Fl cdr
1.1 jsing 1529: .Op Fl binary
1.43 jmc 1530: .Op Fl Ar digest
1.1 jsing 1531: .Op Fl hex
1532: .Op Fl hmac Ar key
1.43 jmc 1533: .Op Fl keyform Cm pem
1.1 jsing 1534: .Op Fl mac Ar algorithm
1535: .Op Fl macopt Ar nm : Ns Ar v
1536: .Op Fl out Ar file
1537: .Op Fl passin Ar arg
1538: .Op Fl prverify Ar file
1539: .Op Fl sign Ar file
1540: .Op Fl signature Ar file
1541: .Op Fl sigopt Ar nm : Ns Ar v
1542: .Op Fl verify Ar file
1543: .Op Ar
1.114 jmc 1544: .Ek
1545: .El
1.1 jsing 1546: .Pp
1547: The digest functions output the message digest of a supplied
1548: .Ar file
1549: or
1550: .Ar files
1551: in hexadecimal form.
1552: They can also be used for digital signing and verification.
1553: .Pp
1554: The options are as follows:
1555: .Bl -tag -width Ds
1556: .It Fl binary
1557: Output the digest or signature in binary form.
1558: .It Fl c
1.48 jmc 1559: Print the digest in two-digit groups separated by colons.
1.1 jsing 1560: .It Fl d
1.48 jmc 1561: Print BIO debugging information.
1.43 jmc 1562: .It Fl Ar digest
1563: Use the specified message
1564: .Ar digest .
1.98 naddy 1565: The default is SHA256.
1.43 jmc 1566: The available digests can be displayed using
1567: .Nm openssl
1568: .Cm list-message-digest-commands .
1569: The following are equivalent:
1570: .Nm openssl dgst
1.98 naddy 1571: .Fl sha256
1.43 jmc 1572: and
1573: .Nm openssl
1.98 naddy 1574: .Cm sha256 .
1.1 jsing 1575: .It Fl hex
1576: Digest is to be output as a hex dump.
1577: This is the default case for a
1578: .Qq normal
1579: digest as opposed to a digital signature.
1580: .It Fl hmac Ar key
1581: Create a hashed MAC using
1582: .Ar key .
1.43 jmc 1583: .It Fl keyform Cm pem
1.1 jsing 1584: Specifies the key format to sign the digest with.
1585: .It Fl mac Ar algorithm
1586: Create a keyed Message Authentication Code (MAC).
1587: The most popular MAC algorithm is HMAC (hash-based MAC),
1588: but there are other MAC algorithms which are not based on hash.
1589: MAC keys and other options should be set via the
1590: .Fl macopt
1591: parameter.
1592: .It Fl macopt Ar nm : Ns Ar v
1593: Passes options to the MAC algorithm, specified by
1594: .Fl mac .
1595: The following options are supported by HMAC:
1596: .Bl -tag -width Ds
1.43 jmc 1597: .It Cm key : Ns Ar string
1.1 jsing 1598: Specifies the MAC key as an alphanumeric string
1599: (use if the key contain printable characters only).
1600: String length must conform to any restrictions of the MAC algorithm.
1.43 jmc 1601: .It Cm hexkey : Ns Ar string
1.1 jsing 1602: Specifies the MAC key in hexadecimal form (two hex digits per byte).
1603: Key length must conform to any restrictions of the MAC algorithm.
1604: .El
1605: .It Fl out Ar file
1.43 jmc 1606: The output file to write to,
1607: or standard output if not specified.
1.1 jsing 1608: .It Fl passin Ar arg
1609: The key password source.
1610: .It Fl prverify Ar file
1611: Verify the signature using the private key in
1612: .Ar file .
1613: The output is either
1614: .Qq Verification OK
1615: or
1616: .Qq Verification Failure .
1.105 inoguchi 1617: .It Fl r
1618: Print the digest in coreutils format.
1.1 jsing 1619: .It Fl sign Ar file
1620: Digitally sign the digest using the private key in
1621: .Ar file .
1622: .It Fl signature Ar file
1623: The actual signature to verify.
1624: .It Fl sigopt Ar nm : Ns Ar v
1625: Pass options to the signature algorithm during sign or verify operations.
1626: The names and values of these options are algorithm-specific.
1627: .It Fl verify Ar file
1628: Verify the signature using the public key in
1629: .Ar file .
1630: The output is either
1631: .Qq Verification OK
1632: or
1633: .Qq Verification Failure .
1634: .It Ar
1635: File or files to digest.
1636: If no files are specified then standard input is used.
1637: .El
1.120 kn 1638: .Tg dhparam
1.1 jsing 1639: .Sh DHPARAM
1.114 jmc 1640: .Bl -hang -width "openssl dhparam"
1641: .It Nm openssl dhparam
1642: .Bk -words
1.1 jsing 1643: .Op Fl 2 | 5
1644: .Op Fl C
1645: .Op Fl check
1646: .Op Fl dsaparam
1647: .Op Fl in Ar file
1.44 jmc 1648: .Op Fl inform Cm der | pem
1.1 jsing 1649: .Op Fl noout
1650: .Op Fl out Ar file
1.44 jmc 1651: .Op Fl outform Cm der | pem
1.1 jsing 1652: .Op Fl text
1653: .Op Ar numbits
1.114 jmc 1654: .Ek
1655: .El
1.1 jsing 1656: .Pp
1657: The
1658: .Nm dhparam
1659: command is used to manipulate DH parameter files.
1.44 jmc 1660: Only the older PKCS#3 DH is supported,
1661: not the newer X9.42 DH.
1.1 jsing 1662: .Pp
1663: The options are as follows:
1664: .Bl -tag -width Ds
1665: .It Fl 2 , 5
1.44 jmc 1666: The generator to use;
1.1 jsing 1667: 2 is the default.
1668: If present, the input file is ignored and parameters are generated instead.
1669: .It Fl C
1.44 jmc 1670: Convert the parameters into C code.
1.1 jsing 1671: The parameters can then be loaded by calling the
1.44 jmc 1672: .No get_dh Ns Ar numbits
1.1 jsing 1673: function.
1674: .It Fl check
1675: Check the DH parameters.
1676: .It Fl dsaparam
1.44 jmc 1677: Read or create DSA parameters,
1678: converted to DH format on output.
1.1 jsing 1679: Otherwise,
1680: .Qq strong
1681: primes
1682: .Pq such that (p-1)/2 is also prime
1683: will be used for DH parameter generation.
1684: .Pp
1685: DH parameter generation with the
1686: .Fl dsaparam
1687: option is much faster,
1688: and the recommended exponent length is shorter,
1689: which makes DH key exchange more efficient.
1690: Beware that with such DSA-style DH parameters,
1691: a fresh DH key should be created for each use to
1692: avoid small-subgroup attacks that may be possible otherwise.
1693: .It Fl in Ar file
1.44 jmc 1694: The input file to read from,
1695: or standard input if not specified.
1696: .It Fl inform Cm der | pem
1697: The input format.
1.1 jsing 1698: .It Fl noout
1.46 jmc 1699: Do not output the encoded version of the parameters.
1.44 jmc 1700: .It Fl out Ar file
1701: The output file to write to,
1702: or standard output if not specified.
1703: .It Fl outform Cm der | pem
1704: The output format.
1705: .It Fl text
1.64 jmc 1706: Print the DH parameters in plain text.
1.1 jsing 1707: .It Ar numbits
1.44 jmc 1708: Generate a parameter set of size
1.1 jsing 1709: .Ar numbits .
1710: It must be the last option.
1.16 sthen 1711: If not present, a value of 2048 is used.
1.1 jsing 1712: If this value is present, the input file is ignored and
1713: parameters are generated instead.
1714: .El
1.120 kn 1715: .Tg dsa
1.1 jsing 1716: .Sh DSA
1.114 jmc 1717: .Bl -hang -width "openssl dsa"
1718: .It Nm openssl dsa
1719: .Bk -words
1.1 jsing 1720: .Oo
1721: .Fl aes128 | aes192 | aes256 |
1722: .Fl des | des3
1723: .Oc
1724: .Op Fl in Ar file
1.108 inoguchi 1725: .Op Fl inform Cm der | pem | pvk
1.1 jsing 1726: .Op Fl modulus
1727: .Op Fl noout
1728: .Op Fl out Ar file
1.108 inoguchi 1729: .Op Fl outform Cm der | pem | pvk
1.1 jsing 1730: .Op Fl passin Ar arg
1731: .Op Fl passout Ar arg
1732: .Op Fl pubin
1733: .Op Fl pubout
1.108 inoguchi 1734: .Op Fl pvk-none | pvk-strong | pvk-weak
1.1 jsing 1735: .Op Fl text
1.114 jmc 1736: .Ek
1737: .El
1.1 jsing 1738: .Pp
1739: The
1740: .Nm dsa
1741: command processes DSA keys.
1742: They can be converted between various forms and their components printed out.
1743: .Pp
1744: .Sy Note :
1745: This command uses the traditional
1746: .Nm SSLeay
1747: compatible format for private key encryption:
1748: newer applications should use the more secure PKCS#8 format using the
1749: .Nm pkcs8
1750: command.
1751: .Pp
1752: The options are as follows:
1753: .Bl -tag -width Ds
1754: .It Xo
1755: .Fl aes128 | aes192 | aes256 |
1756: .Fl des | des3
1757: .Xc
1.45 jmc 1758: Encrypt the private key with the AES, DES, or the triple DES
1.1 jsing 1759: ciphers, respectively, before outputting it.
1760: A pass phrase is prompted for.
1.45 jmc 1761: If none of these options are specified, the key is written in plain text.
1.1 jsing 1762: This means that using the
1763: .Nm dsa
1.45 jmc 1764: utility to read an encrypted key with no encryption option can be used to
1.1 jsing 1765: remove the pass phrase from a key,
1.45 jmc 1766: or by setting the encryption options it can be used to add or change
1.1 jsing 1767: the pass phrase.
1768: These options can only be used with PEM format output files.
1769: .It Fl in Ar file
1.45 jmc 1770: The input file to read from,
1771: or standard input if not specified.
1.1 jsing 1772: If the key is encrypted, a pass phrase will be prompted for.
1.108 inoguchi 1773: .It Fl inform Cm der | pem | pvk
1.45 jmc 1774: The input format.
1.1 jsing 1775: .It Fl modulus
1.45 jmc 1776: Print the value of the public key component of the key.
1.1 jsing 1777: .It Fl noout
1.46 jmc 1778: Do not output the encoded version of the key.
1.1 jsing 1779: .It Fl out Ar file
1.45 jmc 1780: The output file to write to,
1781: or standard output if not specified.
1.1 jsing 1782: If any encryption options are set then a pass phrase will be
1783: prompted for.
1.108 inoguchi 1784: .It Fl outform Cm der | pem | pvk
1.45 jmc 1785: The output format.
1.1 jsing 1786: .It Fl passin Ar arg
1787: The key password source.
1788: .It Fl passout Ar arg
1789: The output file password source.
1790: .It Fl pubin
1.60 jmc 1791: Read in a public key, not a private key.
1.1 jsing 1792: .It Fl pubout
1.60 jmc 1793: Output a public key, not a private key.
1794: Automatically set if the input is a public key.
1.108 inoguchi 1795: .It Xo
1796: .Fl pvk-none | pvk-strong | pvk-weak
1797: .Xc
1798: Enable or disable PVK encoding.
1799: The default is
1800: .Fl pvk-strong .
1.1 jsing 1801: .It Fl text
1.64 jmc 1802: Print the public/private key in plain text.
1.1 jsing 1803: .El
1.120 kn 1804: .Tg dsaparam
1.1 jsing 1805: .Sh DSAPARAM
1.114 jmc 1806: .Bl -hang -width "openssl dsaparam"
1807: .It Nm openssl dsaparam
1808: .Bk -words
1.1 jsing 1809: .Op Fl C
1810: .Op Fl genkey
1811: .Op Fl in Ar file
1.46 jmc 1812: .Op Fl inform Cm der | pem
1.1 jsing 1813: .Op Fl noout
1814: .Op Fl out Ar file
1.46 jmc 1815: .Op Fl outform Cm der | pem
1.1 jsing 1816: .Op Fl text
1817: .Op Ar numbits
1.114 jmc 1818: .Ek
1819: .El
1.1 jsing 1820: .Pp
1821: The
1822: .Nm dsaparam
1823: command is used to manipulate or generate DSA parameter files.
1824: .Pp
1825: The options are as follows:
1826: .Bl -tag -width Ds
1827: .It Fl C
1.46 jmc 1828: Convert the parameters into C code.
1.1 jsing 1829: The parameters can then be loaded by calling the
1.46 jmc 1830: .No get_dsa Ns Ar XXX
1.1 jsing 1831: function.
1832: .It Fl genkey
1.46 jmc 1833: Generate a DSA key either using the specified or generated
1.1 jsing 1834: parameters.
1835: .It Fl in Ar file
1.46 jmc 1836: The input file to read from,
1837: or standard input if not specified.
1.1 jsing 1838: If the
1839: .Ar numbits
1.46 jmc 1840: parameter is included, then this option is ignored.
1841: .It Fl inform Cm der | pem
1842: The input format.
1.1 jsing 1843: .It Fl noout
1.46 jmc 1844: Do not output the encoded version of the parameters.
1845: .It Fl out Ar file
1846: The output file to write to,
1847: or standard output if not specified.
1848: .It Fl outform Cm der | pem
1849: The output format.
1850: .It Fl text
1.64 jmc 1851: Print the DSA parameters in plain text.
1.1 jsing 1852: .It Ar numbits
1.46 jmc 1853: Generate a parameter set of size
1.1 jsing 1854: .Ar numbits .
1.46 jmc 1855: If this option is included, the input file is ignored.
1.1 jsing 1856: .El
1.120 kn 1857: .Tg ec
1.1 jsing 1858: .Sh EC
1.114 jmc 1859: .Bl -hang -width "openssl ec"
1860: .It Nm openssl ec
1861: .Bk -words
1.1 jsing 1862: .Op Fl conv_form Ar arg
1863: .Op Fl des
1864: .Op Fl des3
1865: .Op Fl in Ar file
1.47 jmc 1866: .Op Fl inform Cm der | pem
1.1 jsing 1867: .Op Fl noout
1868: .Op Fl out Ar file
1.47 jmc 1869: .Op Fl outform Cm der | pem
1.1 jsing 1870: .Op Fl param_enc Ar arg
1871: .Op Fl param_out
1872: .Op Fl passin Ar arg
1873: .Op Fl passout Ar arg
1874: .Op Fl pubin
1875: .Op Fl pubout
1876: .Op Fl text
1.114 jmc 1877: .Ek
1878: .El
1.1 jsing 1879: .Pp
1880: The
1881: .Nm ec
1882: command processes EC keys.
1883: They can be converted between various
1884: forms and their components printed out.
1.47 jmc 1885: .Nm openssl
1.1 jsing 1886: uses the private key format specified in
1887: .Dq SEC 1: Elliptic Curve Cryptography
1888: .Pq Lk http://www.secg.org/ .
1889: To convert an
1890: EC private key into the PKCS#8 private key format use the
1891: .Nm pkcs8
1892: command.
1893: .Pp
1894: The options are as follows:
1895: .Bl -tag -width Ds
1896: .It Fl conv_form Ar arg
1.47 jmc 1897: Specify how the points on the elliptic curve are converted
1.1 jsing 1898: into octet strings.
1899: Possible values are:
1.95 tb 1900: .Cm compressed ,
1901: .Cm uncompressed
1.47 jmc 1902: (the default),
1.1 jsing 1903: and
1904: .Cm hybrid .
1905: For more information regarding
1.47 jmc 1906: the point conversion forms see the X9.62 standard.
1.1 jsing 1907: Note:
1908: Due to patent issues the
1909: .Cm compressed
1910: option is disabled by default for binary curves
1911: and can be enabled by defining the preprocessor macro
1.47 jmc 1912: .Dv OPENSSL_EC_BIN_PT_COMP
1.1 jsing 1913: at compile time.
1914: .It Fl des | des3
1.47 jmc 1915: Encrypt the private key with DES, triple DES, or
1.1 jsing 1916: any other cipher supported by
1.47 jmc 1917: .Nm openssl .
1.1 jsing 1918: A pass phrase is prompted for.
1919: If none of these options is specified the key is written in plain text.
1920: This means that using the
1921: .Nm ec
1922: utility to read in an encrypted key with no
1923: encryption option can be used to remove the pass phrase from a key,
1924: or by setting the encryption options
1.83 naddy 1925: it can be used to add or change the pass phrase.
1.1 jsing 1926: These options can only be used with PEM format output files.
1927: .It Fl in Ar file
1.47 jmc 1928: The input file to read a key from,
1929: or standard input if not specified.
1.1 jsing 1930: If the key is encrypted a pass phrase will be prompted for.
1.47 jmc 1931: .It Fl inform Cm der | pem
1932: The input format.
1.1 jsing 1933: .It Fl noout
1.47 jmc 1934: Do not output the encoded version of the key.
1.1 jsing 1935: .It Fl out Ar file
1.47 jmc 1936: The output filename to write to,
1937: or standard output if not specified.
1.1 jsing 1938: If any encryption options are set then a pass phrase will be prompted for.
1.47 jmc 1939: .It Fl outform Cm der | pem
1940: The output format.
1.1 jsing 1941: .It Fl param_enc Ar arg
1.47 jmc 1942: Specify how the elliptic curve parameters are encoded.
1.1 jsing 1943: Possible value are:
1944: .Cm named_curve ,
1945: i.e. the EC parameters are specified by an OID; or
1946: .Cm explicit ,
1947: where the EC parameters are explicitly given
1948: (see RFC 3279 for the definition of the EC parameter structures).
1949: The default value is
1950: .Cm named_curve .
1951: Note: the
1952: .Cm implicitlyCA
1953: alternative,
1954: as specified in RFC 3279,
1.47 jmc 1955: is currently not implemented.
1.106 inoguchi 1956: .It Fl param_out
1957: Print the elliptic curve parameters.
1.1 jsing 1958: .It Fl passin Ar arg
1959: The key password source.
1960: .It Fl passout Ar arg
1961: The output file password source.
1962: .It Fl pubin
1.60 jmc 1963: Read in a public key, not a private key.
1.1 jsing 1964: .It Fl pubout
1.60 jmc 1965: Output a public key, not a private key.
1966: Automatically set if the input is a public key.
1.1 jsing 1967: .It Fl text
1.64 jmc 1968: Print the public/private key in plain text.
1.1 jsing 1969: .El
1.120 kn 1970: .Tg ecparam
1.1 jsing 1971: .Sh ECPARAM
1.114 jmc 1972: .Bl -hang -width "openssl ecparam"
1973: .It Nm openssl ecparam
1974: .Bk -words
1.1 jsing 1975: .Op Fl C
1976: .Op Fl check
1977: .Op Fl conv_form Ar arg
1978: .Op Fl genkey
1979: .Op Fl in Ar file
1.48 jmc 1980: .Op Fl inform Cm der | pem
1.1 jsing 1981: .Op Fl list_curves
1982: .Op Fl name Ar arg
1983: .Op Fl no_seed
1984: .Op Fl noout
1985: .Op Fl out Ar file
1.48 jmc 1986: .Op Fl outform Cm der | pem
1.1 jsing 1987: .Op Fl param_enc Ar arg
1988: .Op Fl text
1.114 jmc 1989: .Ek
1990: .El
1.1 jsing 1991: .Pp
1.48 jmc 1992: The
1993: .Nm ecparam
1994: command is used to manipulate or generate EC parameter files.
1995: .Nm openssl
1996: is not able to generate new groups so
1997: .Nm ecparam
1998: can only create EC parameters from known (named) curves.
1999: .Pp
1.1 jsing 2000: The options are as follows:
2001: .Bl -tag -width Ds
2002: .It Fl C
2003: Convert the EC parameters into C code.
2004: The parameters can then be loaded by calling the
1.48 jmc 2005: .No get_ec_group_ Ns Ar XXX
1.1 jsing 2006: function.
2007: .It Fl check
2008: Validate the elliptic curve parameters.
2009: .It Fl conv_form Ar arg
2010: Specify how the points on the elliptic curve are converted
2011: into octet strings.
2012: Possible values are:
1.95 tb 2013: .Cm compressed ,
2014: .Cm uncompressed
1.48 jmc 2015: (the default),
1.1 jsing 2016: and
2017: .Cm hybrid .
2018: For more information regarding
1.48 jmc 2019: the point conversion forms see the X9.62 standard.
1.1 jsing 2020: Note:
2021: Due to patent issues the
2022: .Cm compressed
2023: option is disabled by default for binary curves
2024: and can be enabled by defining the preprocessor macro
1.48 jmc 2025: .Dv OPENSSL_EC_BIN_PT_COMP
1.1 jsing 2026: at compile time.
2027: .It Fl genkey
2028: Generate an EC private key using the specified parameters.
2029: .It Fl in Ar file
1.48 jmc 2030: The input file to read from,
2031: or standard input if not specified.
2032: .It Fl inform Cm der | pem
2033: The input format.
1.1 jsing 2034: .It Fl list_curves
1.48 jmc 2035: Print a list of all
1.1 jsing 2036: currently implemented EC parameter names and exit.
2037: .It Fl name Ar arg
1.48 jmc 2038: Use the EC parameters with the specified "short" name.
1.1 jsing 2039: .It Fl no_seed
1.48 jmc 2040: Do not include the seed for the parameter generation
2041: in the ECParameters structure (see RFC 3279).
1.1 jsing 2042: .It Fl noout
1.48 jmc 2043: Do not output the encoded version of the parameters.
1.1 jsing 2044: .It Fl out Ar file
1.48 jmc 2045: The output file to write to,
2046: or standard output if not specified.
2047: .It Fl outform Cm der | pem
2048: The output format.
1.1 jsing 2049: .It Fl param_enc Ar arg
1.48 jmc 2050: Specify how the elliptic curve parameters are encoded.
1.1 jsing 2051: Possible value are:
2052: .Cm named_curve ,
2053: i.e. the EC parameters are specified by an OID, or
2054: .Cm explicit ,
2055: where the EC parameters are explicitly given
2056: (see RFC 3279 for the definition of the EC parameter structures).
2057: The default value is
2058: .Cm named_curve .
2059: Note: the
2060: .Cm implicitlyCA
2061: alternative, as specified in RFC 3279,
1.48 jmc 2062: is currently not implemented.
1.1 jsing 2063: .It Fl text
1.64 jmc 2064: Print the EC parameters in plain text.
1.1 jsing 2065: .El
1.120 kn 2066: .Tg enc
1.1 jsing 2067: .Sh ENC
1.114 jmc 2068: .Bl -hang -width "openssl enc"
2069: .It Nm openssl enc
2070: .Bk -words
1.1 jsing 2071: .Fl ciphername
1.106 inoguchi 2072: .Op Fl AadePpv
1.1 jsing 2073: .Op Fl base64
2074: .Op Fl bufsize Ar number
2075: .Op Fl debug
2076: .Op Fl in Ar file
1.97 jmc 2077: .Op Fl iter Ar iterations
1.1 jsing 2078: .Op Fl iv Ar IV
2079: .Op Fl K Ar key
2080: .Op Fl k Ar password
2081: .Op Fl kfile Ar file
2082: .Op Fl md Ar digest
2083: .Op Fl none
2084: .Op Fl nopad
2085: .Op Fl nosalt
2086: .Op Fl out Ar file
2087: .Op Fl pass Ar arg
1.96 beck 2088: .Op Fl pbkdf2
1.1 jsing 2089: .Op Fl S Ar salt
2090: .Op Fl salt
1.114 jmc 2091: .Ek
2092: .El
1.1 jsing 2093: .Pp
2094: The symmetric cipher commands allow data to be encrypted or decrypted
2095: using various block and stream ciphers using keys based on passwords
2096: or explicitly provided.
2097: Base64 encoding or decoding can also be performed either by itself
2098: or in addition to the encryption or decryption.
1.49 jmc 2099: The program can be called either as
2100: .Nm openssl Ar ciphername
2101: or
2102: .Nm openssl enc - Ns Ar ciphername .
2103: .Pp
2104: Some of the ciphers do not have large keys and others have security
2105: implications if not used correctly.
2106: All the block ciphers normally use PKCS#5 padding,
2107: also known as standard block padding.
2108: If padding is disabled, the input data must be a multiple of the cipher
2109: block length.
1.1 jsing 2110: .Pp
2111: The options are as follows:
2112: .Bl -tag -width Ds
2113: .It Fl A
2114: If the
2115: .Fl a
2116: option is set, then base64 process the data on one line.
2117: .It Fl a , base64
2118: Base64 process the data.
2119: This means that if encryption is taking place, the data is base64-encoded
2120: after encryption.
1.49 jmc 2121: If decryption is set, the input data is base64-decoded before
1.1 jsing 2122: being decrypted.
2123: .It Fl bufsize Ar number
2124: Set the buffer size for I/O.
2125: .It Fl d
2126: Decrypt the input data.
2127: .It Fl debug
2128: Debug the BIOs used for I/O.
2129: .It Fl e
1.49 jmc 2130: Encrypt the input data.
2131: This is the default.
1.1 jsing 2132: .It Fl in Ar file
1.49 jmc 2133: The input file to read from,
1.57 jmc 2134: or standard input if not specified.
1.97 jmc 2135: .It Fl iter Ar iterations
2136: Use the pbkdf2 key derivation function, with
2137: .Ar iterations
2138: as the number of iterations.
1.1 jsing 2139: .It Fl iv Ar IV
2140: The actual
2141: .Ar IV
2142: .Pq initialisation vector
2143: to use:
2144: this must be represented as a string comprised only of hex digits.
2145: When only the
2146: .Ar key
2147: is specified using the
2148: .Fl K
1.49 jmc 2149: option,
2150: the IV must explicitly be defined.
1.1 jsing 2151: When a password is being specified using one of the other options,
1.49 jmc 2152: the IV is generated from this password.
1.1 jsing 2153: .It Fl K Ar key
2154: The actual
2155: .Ar key
2156: to use:
2157: this must be represented as a string comprised only of hex digits.
1.49 jmc 2158: If only the key is specified,
2159: the IV must also be specified using the
1.1 jsing 2160: .Fl iv
2161: option.
2162: When both a
2163: .Ar key
2164: and a
2165: .Ar password
2166: are specified, the
2167: .Ar key
2168: given with the
2169: .Fl K
1.49 jmc 2170: option will be used and the IV generated from the password will be taken.
1.1 jsing 2171: It probably does not make much sense to specify both
2172: .Ar key
2173: and
2174: .Ar password .
2175: .It Fl k Ar password
2176: The
2177: .Ar password
2178: to derive the key from.
2179: Superseded by the
2180: .Fl pass
2181: option.
2182: .It Fl kfile Ar file
2183: Read the password to derive the key from the first line of
2184: .Ar file .
2185: Superseded by the
2186: .Fl pass
2187: option.
2188: .It Fl md Ar digest
2189: Use
2190: .Ar digest
2191: to create a key from a pass phrase.
1.118 sthen 2192: Currently, the default value is
1.117 tb 2193: .Cm sha256 .
1.1 jsing 2194: .It Fl none
2195: Use NULL cipher (no encryption or decryption of input).
2196: .It Fl nopad
2197: Disable standard block padding.
2198: .It Fl nosalt
1.49 jmc 2199: Don't use a salt in the key derivation routines.
1.81 jmc 2200: This option should never be used
1.49 jmc 2201: since it makes it possible to perform efficient dictionary
2202: attacks on the password and to attack stream cipher encrypted data.
1.1 jsing 2203: .It Fl out Ar file
1.51 jmc 2204: The output file to write to,
1.57 jmc 2205: or standard output if not specified.
1.1 jsing 2206: .It Fl P
1.49 jmc 2207: Print out the salt, key, and IV used, then immediately exit;
1.1 jsing 2208: don't do any encryption or decryption.
2209: .It Fl p
1.49 jmc 2210: Print out the salt, key, and IV used.
1.1 jsing 2211: .It Fl pass Ar arg
2212: The password source.
1.96 beck 2213: .It Fl pbkdf2
1.97 jmc 2214: Use the pbkdf2 key derivation function, with
1.96 beck 2215: the default of 10000 iterations.
1.1 jsing 2216: .It Fl S Ar salt
2217: The actual
2218: .Ar salt
2219: to use:
2220: this must be represented as a string comprised only of hex digits.
2221: .It Fl salt
1.49 jmc 2222: Use a salt in the key derivation routines (the default).
2223: When the salt is being used
2224: the first eight bytes of the encrypted data are reserved for the salt:
2225: it is randomly generated when encrypting a file and read from the
2226: encrypted file when it is decrypted.
1.106 inoguchi 2227: .It Fl v
2228: Print extra details about the processing.
1.1 jsing 2229: .El
1.120 kn 2230: .Tg errstr
1.1 jsing 2231: .Sh ERRSTR
2232: .Nm openssl errstr
2233: .Op Fl stats
2234: .Ar errno ...
2235: .Pp
2236: The
2237: .Nm errstr
2238: command performs error number to error string conversion,
2239: generating a human-readable string representing the error code
2240: .Ar errno .
2241: The string is obtained through the
2242: .Xr ERR_error_string_n 3
2243: function and has the following format:
2244: .Pp
2245: .Dl error:[error code]:[library name]:[function name]:[reason string]
2246: .Pp
2247: .Bq error code
2248: is an 8-digit hexadecimal number.
2249: The remaining fields
2250: .Bq library name ,
2251: .Bq function name ,
2252: and
2253: .Bq reason string
2254: are all ASCII text.
2255: .Pp
2256: The options are as follows:
2257: .Bl -tag -width Ds
2258: .It Fl stats
2259: Print debugging statistics about various aspects of the hash table.
2260: .El
1.120 kn 2261: .Tg gendsa
1.1 jsing 2262: .Sh GENDSA
1.114 jmc 2263: .Bl -hang -width "openssl gendsa"
2264: .It Nm openssl gendsa
2265: .Bk -words
1.1 jsing 2266: .Oo
1.102 jmc 2267: .Fl aes128 | aes192 | aes256 | camellia128 |
2268: .Fl camellia192 | camellia256 | des | des3 | idea
1.1 jsing 2269: .Oc
2270: .Op Fl out Ar file
1.101 inoguchi 2271: .Op Fl passout Ar arg
2272: .Ar paramfile
1.114 jmc 2273: .Ek
2274: .El
1.1 jsing 2275: .Pp
2276: The
2277: .Nm gendsa
2278: command generates a DSA private key from a DSA parameter file
1.51 jmc 2279: (typically generated by the
1.1 jsing 2280: .Nm openssl dsaparam
2281: command).
1.51 jmc 2282: DSA key generation is little more than random number generation so it is
2283: much quicker than,
2284: for example,
2285: RSA key generation.
1.1 jsing 2286: .Pp
2287: The options are as follows:
2288: .Bl -tag -width Ds
2289: .It Xo
2290: .Fl aes128 | aes192 | aes256 |
1.101 inoguchi 2291: .Fl camellia128 | camellia192 | camellia256 |
2292: .Fl des | des3 |
2293: .Fl idea
1.1 jsing 2294: .Xc
1.101 inoguchi 2295: Encrypt the private key with the AES, CAMELLIA, DES, triple DES
2296: or the IDEA ciphers, respectively, before outputting it.
1.1 jsing 2297: A pass phrase is prompted for.
2298: If none of these options are specified, no encryption is used.
2299: .It Fl out Ar file
1.51 jmc 2300: The output file to write to,
1.57 jmc 2301: or standard output if not specified.
1.101 inoguchi 2302: .It Fl passout Ar arg
2303: The output file password source.
1.1 jsing 2304: .It Ar paramfile
1.51 jmc 2305: Specify the DSA parameter file to use.
1.1 jsing 2306: The parameters in this file determine the size of the private key.
2307: .El
1.120 kn 2308: .Tg genpkey
1.1 jsing 2309: .Sh GENPKEY
1.114 jmc 2310: .Bl -hang -width "openssl genpkey"
2311: .It Nm openssl genpkey
2312: .Bk -words
1.1 jsing 2313: .Op Fl algorithm Ar alg
2314: .Op Ar cipher
2315: .Op Fl genparam
2316: .Op Fl out Ar file
1.52 jmc 2317: .Op Fl outform Cm der | pem
1.1 jsing 2318: .Op Fl paramfile Ar file
2319: .Op Fl pass Ar arg
2320: .Op Fl pkeyopt Ar opt : Ns Ar value
2321: .Op Fl text
1.114 jmc 2322: .Ek
2323: .El
1.1 jsing 2324: .Pp
2325: The
2326: .Nm genpkey
2327: command generates private keys.
2328: The use of this
2329: program is encouraged over the algorithm specific utilities
1.22 bcook 2330: because additional algorithm options can be used.
1.1 jsing 2331: .Pp
2332: The options are as follows:
2333: .Bl -tag -width Ds
2334: .It Fl algorithm Ar alg
2335: The public key algorithm to use,
2336: such as RSA, DSA, or DH.
1.52 jmc 2337: This option must precede any
1.1 jsing 2338: .Fl pkeyopt
2339: options.
2340: The options
2341: .Fl paramfile
2342: and
2343: .Fl algorithm
2344: are mutually exclusive.
2345: .It Ar cipher
2346: Encrypt the private key with the supplied cipher.
2347: Any algorithm name accepted by
1.52 jmc 2348: .Xr EVP_get_cipherbyname 3
2349: is acceptable.
1.1 jsing 2350: .It Fl genparam
2351: Generate a set of parameters instead of a private key.
1.52 jmc 2352: This option must precede any
1.1 jsing 2353: .Fl algorithm ,
2354: .Fl paramfile ,
2355: or
2356: .Fl pkeyopt
2357: options.
2358: .It Fl out Ar file
1.52 jmc 2359: The output file to write to,
1.57 jmc 2360: or standard output if not specified.
1.52 jmc 2361: .It Fl outform Cm der | pem
2362: The output format.
1.1 jsing 2363: .It Fl paramfile Ar file
1.52 jmc 2364: Some public key algorithms generate a private key based on a set of parameters,
2365: which can be supplied using this option.
1.1 jsing 2366: If this option is used the public key
2367: algorithm used is determined by the parameters.
1.52 jmc 2368: This option must precede any
1.1 jsing 2369: .Fl pkeyopt
2370: options.
2371: The options
2372: .Fl paramfile
2373: and
2374: .Fl algorithm
2375: are mutually exclusive.
2376: .It Fl pass Ar arg
2377: The output file password source.
2378: .It Fl pkeyopt Ar opt : Ns Ar value
2379: Set the public key algorithm option
2380: .Ar opt
2381: to
1.52 jmc 2382: .Ar value ,
2383: as follows:
1.1 jsing 2384: .Bl -tag -width Ds -offset indent
2385: .It rsa_keygen_bits : Ns Ar numbits
2386: (RSA)
2387: The number of bits in the generated key.
1.52 jmc 2388: The default is 2048.
1.1 jsing 2389: .It rsa_keygen_pubexp : Ns Ar value
2390: (RSA)
2391: The RSA public exponent value.
2392: This can be a large decimal or hexadecimal value if preceded by 0x.
1.52 jmc 2393: The default is 65537.
1.1 jsing 2394: .It dsa_paramgen_bits : Ns Ar numbits
2395: (DSA)
2396: The number of bits in the generated parameters.
1.52 jmc 2397: The default is 1024.
1.1 jsing 2398: .It dh_paramgen_prime_len : Ns Ar numbits
2399: (DH)
2400: The number of bits in the prime parameter
2401: .Ar p .
2402: .It dh_paramgen_generator : Ns Ar value
2403: (DH)
2404: The value to use for the generator
2405: .Ar g .
2406: .It ec_paramgen_curve : Ns Ar curve
2407: (EC)
1.121 schwarze 2408: The elliptic curve to use.
1.1 jsing 2409: .El
1.52 jmc 2410: .It Fl text
1.64 jmc 2411: Print the private/public key in plain text.
1.52 jmc 2412: .El
1.120 kn 2413: .Tg genrsa
1.1 jsing 2414: .Sh GENRSA
1.114 jmc 2415: .Bl -hang -width "openssl genrsa"
2416: .It Nm openssl genrsa
2417: .Bk -words
1.1 jsing 2418: .Op Fl 3 | f4
1.109 inoguchi 2419: .Oo
2420: .Fl aes128 | aes192 | aes256 | camellia128 |
2421: .Fl camellia192 | camellia256 | des | des3 | idea
2422: .Oc
1.1 jsing 2423: .Op Fl out Ar file
2424: .Op Fl passout Ar arg
2425: .Op Ar numbits
1.114 jmc 2426: .Ek
2427: .El
1.1 jsing 2428: .Pp
2429: The
2430: .Nm genrsa
1.53 jmc 2431: command generates an RSA private key,
2432: which essentially involves the generation of two prime numbers.
2433: When generating the key,
2434: various symbols will be output to indicate the progress of the generation.
2435: A
2436: .Sq \&.
2437: represents each number which has passed an initial sieve test;
2438: .Sq +
2439: means a number has passed a single round of the Miller-Rabin primality test.
2440: A newline means that the number has passed all the prime tests
2441: (the actual number depends on the key size).
1.1 jsing 2442: .Pp
2443: The options are as follows:
2444: .Bl -tag -width Ds
2445: .It Fl 3 | f4
2446: The public exponent to use, either 3 or 65537.
2447: The default is 65537.
1.109 inoguchi 2448: .It Xo
2449: .Fl aes128 | aes192 | aes256 |
2450: .Fl camellia128 | camellia192 | camellia256 |
2451: .Fl des | des3 |
2452: .Fl idea
2453: .Xc
2454: Encrypt the private key with the AES, CAMELLIA, DES, triple DES
2455: or the IDEA ciphers, respectively, before outputting it.
1.1 jsing 2456: If none of these options are specified, no encryption is used.
2457: If encryption is used, a pass phrase is prompted for,
2458: if it is not supplied via the
2459: .Fl passout
2460: option.
2461: .It Fl out Ar file
1.53 jmc 2462: The output file to write to,
1.57 jmc 2463: or standard output if not specified.
1.1 jsing 2464: .It Fl passout Ar arg
2465: The output file password source.
2466: .It Ar numbits
2467: The size of the private key to generate in bits.
2468: This must be the last option specified.
2469: The default is 2048.
2470: .El
1.120 kn 2471: .Tg nseq
1.1 jsing 2472: .Sh NSEQ
2473: .Nm openssl nseq
2474: .Op Fl in Ar file
2475: .Op Fl out Ar file
2476: .Op Fl toseq
2477: .Pp
2478: The
2479: .Nm nseq
1.54 jmc 2480: command takes a file containing a Netscape certificate sequence
2481: (an alternative to the standard PKCS#7 format)
2482: and prints out the certificates contained in it,
2483: or takes a file of certificates
2484: and converts it into a Netscape certificate sequence.
2485: .Pp
1.1 jsing 2486: The options are as follows:
2487: .Bl -tag -width Ds
2488: .It Fl in Ar file
1.54 jmc 2489: The input file to read from,
2490: or standard input if not specified.
1.1 jsing 2491: .It Fl out Ar file
1.54 jmc 2492: The output file to write to,
2493: or standard output if not specified.
1.1 jsing 2494: .It Fl toseq
2495: Normally, a Netscape certificate sequence will be input and the output
2496: is the certificates contained in it.
2497: With the
2498: .Fl toseq
2499: option the situation is reversed:
2500: a Netscape certificate sequence is created from a file of certificates.
2501: .El
1.120 kn 2502: .Tg ocsp
1.1 jsing 2503: .Sh OCSP
1.114 jmc 2504: .Bl -hang -width "openssl ocsp"
2505: .It Nm openssl ocsp
2506: .Bk -words
1.1 jsing 2507: .Op Fl CA Ar file
2508: .Op Fl CAfile Ar file
2509: .Op Fl CApath Ar directory
2510: .Op Fl cert Ar file
2511: .Op Fl dgst Ar alg
1.108 inoguchi 2512: .Op Fl header Ar name value
1.55 jmc 2513: .Op Fl host Ar hostname : Ns Ar port
1.108 inoguchi 2514: .Op Fl ignore_err
1.1 jsing 2515: .Op Fl index Ar indexfile
2516: .Op Fl issuer Ar file
2517: .Op Fl ndays Ar days
2518: .Op Fl nmin Ar minutes
2519: .Op Fl no_cert_checks
2520: .Op Fl no_cert_verify
2521: .Op Fl no_certs
2522: .Op Fl no_chain
1.108 inoguchi 2523: .Op Fl no_explicit
1.1 jsing 2524: .Op Fl no_intern
2525: .Op Fl no_nonce
2526: .Op Fl no_signature_verify
2527: .Op Fl nonce
2528: .Op Fl noverify
2529: .Op Fl nrequest Ar number
2530: .Op Fl out Ar file
2531: .Op Fl path Ar path
2532: .Op Fl port Ar portnum
2533: .Op Fl req_text
2534: .Op Fl reqin Ar file
2535: .Op Fl reqout Ar file
2536: .Op Fl resp_key_id
2537: .Op Fl resp_no_certs
2538: .Op Fl resp_text
2539: .Op Fl respin Ar file
2540: .Op Fl respout Ar file
2541: .Op Fl rkey Ar file
2542: .Op Fl rother Ar file
2543: .Op Fl rsigner Ar file
1.108 inoguchi 2544: .Op Fl serial Ar num
1.1 jsing 2545: .Op Fl sign_other Ar file
2546: .Op Fl signer Ar file
2547: .Op Fl signkey Ar file
2548: .Op Fl status_age Ar age
2549: .Op Fl text
1.108 inoguchi 2550: .Op Fl timeout Ar seconds
1.1 jsing 2551: .Op Fl trust_other
2552: .Op Fl url Ar responder_url
2553: .Op Fl VAfile Ar file
2554: .Op Fl validity_period Ar nsec
2555: .Op Fl verify_other Ar file
1.114 jmc 2556: .Ek
2557: .El
1.1 jsing 2558: .Pp
1.55 jmc 2559: The Online Certificate Status Protocol (OCSP)
2560: enables applications to determine the (revocation) state
2561: of an identified certificate (RFC 2560).
1.1 jsing 2562: .Pp
2563: The
2564: .Nm ocsp
2565: command performs many common OCSP tasks.
2566: It can be used to print out requests and responses,
2567: create requests and send queries to an OCSP responder,
2568: and behave like a mini OCSP server itself.
2569: .Pp
2570: The options are as follows:
2571: .Bl -tag -width Ds
2572: .It Fl CAfile Ar file , Fl CApath Ar directory
1.55 jmc 2573: A file or path containing trusted CA certificates,
2574: used to verify the signature on the OCSP response.
1.1 jsing 2575: .It Fl cert Ar file
2576: Add the certificate
2577: .Ar file
2578: to the request.
2579: The issuer certificate is taken from the previous
2580: .Fl issuer
2581: option, or an error occurs if no issuer certificate is specified.
2582: .It Fl dgst Ar alg
1.55 jmc 2583: Use the digest algorithm
2584: .Ar alg
2585: for certificate identification in the OCSP request.
1.1 jsing 2586: By default SHA-1 is used.
2587: .It Xo
2588: .Fl host Ar hostname : Ns Ar port ,
2589: .Fl path Ar path
2590: .Xc
1.55 jmc 2591: Send
2592: the OCSP request to
1.1 jsing 2593: .Ar hostname
1.55 jmc 2594: on
1.1 jsing 2595: .Ar port .
2596: .Fl path
2597: specifies the HTTP path name to use, or
1.55 jmc 2598: .Pa /
1.1 jsing 2599: by default.
1.108 inoguchi 2600: .It Fl header Ar name value
2601: Add the header name with the specified value to the OCSP request that is sent
2602: to the responder.
2603: This may be repeated.
1.1 jsing 2604: .It Fl issuer Ar file
1.81 jmc 2605: The current issuer certificate, in PEM format.
2606: Can be used multiple times and must come before any
1.1 jsing 2607: .Fl cert
2608: options.
2609: .It Fl no_cert_checks
2610: Don't perform any additional checks on the OCSP response signer's certificate.
2611: That is, do not make any checks to see if the signer's certificate is
2612: authorised to provide the necessary status information:
2613: as a result this option should only be used for testing purposes.
2614: .It Fl no_cert_verify
2615: Don't verify the OCSP response signer's certificate at all.
2616: Since this option allows the OCSP response to be signed by any certificate,
2617: it should only be used for testing purposes.
2618: .It Fl no_certs
1.55 jmc 2619: Don't include any certificates in the signed request.
1.1 jsing 2620: .It Fl no_chain
2621: Do not use certificates in the response as additional untrusted CA
2622: certificates.
1.108 inoguchi 2623: .It Fl no_explicit
2624: Don't check the explicit trust for OCSP signing in the root CA certificate.
1.1 jsing 2625: .It Fl no_intern
2626: Ignore certificates contained in the OCSP response
2627: when searching for the signer's certificate.
1.55 jmc 2628: The signer's certificate must be specified with either the
1.1 jsing 2629: .Fl verify_other
2630: or
2631: .Fl VAfile
2632: options.
2633: .It Fl no_signature_verify
2634: Don't check the signature on the OCSP response.
2635: Since this option tolerates invalid signatures on OCSP responses,
2636: it will normally only be used for testing purposes.
2637: .It Fl nonce , no_nonce
1.55 jmc 2638: Add an OCSP nonce extension to a request,
2639: or disable an OCSP nonce addition.
1.1 jsing 2640: Normally, if an OCSP request is input using the
2641: .Fl respin
1.55 jmc 2642: option no nonce is added:
1.1 jsing 2643: using the
2644: .Fl nonce
1.55 jmc 2645: option will force the addition of a nonce.
1.1 jsing 2646: If an OCSP request is being created (using the
2647: .Fl cert
2648: and
2649: .Fl serial
2650: options)
1.55 jmc 2651: a nonce is automatically added; specifying
1.1 jsing 2652: .Fl no_nonce
2653: overrides this.
2654: .It Fl noverify
1.55 jmc 2655: Don't attempt to verify the OCSP response signature or the nonce values.
2656: This is normally only be used for debugging
1.1 jsing 2657: since it disables all verification of the responder's certificate.
2658: .It Fl out Ar file
1.55 jmc 2659: Specify the output file to write to,
1.57 jmc 2660: or standard output if not specified.
1.1 jsing 2661: .It Fl req_text , resp_text , text
2662: Print out the text form of the OCSP request, response, or both, respectively.
2663: .It Fl reqin Ar file , Fl respin Ar file
2664: Read an OCSP request or response file from
2665: .Ar file .
2666: These options are ignored
2667: if an OCSP request or response creation is implied by other options
2668: (for example with the
2669: .Fl serial , cert ,
2670: and
2671: .Fl host
2672: options).
2673: .It Fl reqout Ar file , Fl respout Ar file
2674: Write out the DER-encoded certificate request or response to
2675: .Ar file .
2676: .It Fl serial Ar num
2677: Same as the
2678: .Fl cert
2679: option except the certificate with serial number
2680: .Ar num
2681: is added to the request.
2682: The serial number is interpreted as a decimal integer unless preceded by
2683: .Sq 0x .
1.55 jmc 2684: Negative integers can also be specified
2685: by preceding the value with a minus sign.
1.1 jsing 2686: .It Fl sign_other Ar file
2687: Additional certificates to include in the signed request.
2688: .It Fl signer Ar file , Fl signkey Ar file
2689: Sign the OCSP request using the certificate specified in the
2690: .Fl signer
2691: option and the private key specified by the
2692: .Fl signkey
2693: option.
2694: If the
2695: .Fl signkey
2696: option is not present, then the private key is read from the same file
2697: as the certificate.
2698: If neither option is specified, the OCSP request is not signed.
1.108 inoguchi 2699: .It Fl timeout Ar seconds
2700: Connection timeout to the OCSP responder in seconds.
1.1 jsing 2701: .It Fl trust_other
2702: The certificates specified by the
2703: .Fl verify_other
2704: option should be explicitly trusted and no additional checks will be
2705: performed on them.
2706: This is useful when the complete responder certificate chain is not available
2707: or trusting a root CA is not appropriate.
2708: .It Fl url Ar responder_url
2709: Specify the responder URL.
2710: Both HTTP and HTTPS
2711: .Pq SSL/TLS
2712: URLs can be specified.
2713: .It Fl VAfile Ar file
1.55 jmc 2714: A file containing explicitly trusted responder certificates.
1.1 jsing 2715: Equivalent to the
2716: .Fl verify_other
2717: and
2718: .Fl trust_other
2719: options.
2720: .It Fl validity_period Ar nsec , Fl status_age Ar age
1.55 jmc 2721: The range of times, in seconds, which will be tolerated in an OCSP response.
2722: Each certificate status response includes a notBefore time
2723: and an optional notAfter time.
1.1 jsing 2724: The current time should fall between these two values,
2725: but the interval between the two times may be only a few seconds.
2726: In practice the OCSP responder and clients' clocks may not be precisely
2727: synchronised and so such a check may fail.
2728: To avoid this the
2729: .Fl validity_period
2730: option can be used to specify an acceptable error range in seconds,
1.55 jmc 2731: the default value being 5 minutes.
1.1 jsing 2732: .Pp
1.55 jmc 2733: If the notAfter time is omitted from a response,
2734: it means that new status information is immediately available.
2735: In this case the age of the notBefore field is checked
2736: to see it is not older than
1.1 jsing 2737: .Ar age
2738: seconds old.
2739: By default, this additional check is not performed.
2740: .It Fl verify_other Ar file
1.55 jmc 2741: A file containing additional certificates to search
2742: when attempting to locate the OCSP response signing certificate.
2743: Some responders omit the actual signer's certificate from the response,
2744: so this can be used to supply the necessary certificate.
1.1 jsing 2745: .El
1.55 jmc 2746: .Pp
2747: The options for the OCSP server are as follows:
1.1 jsing 2748: .Bl -tag -width "XXXX"
2749: .It Fl CA Ar file
2750: CA certificate corresponding to the revocation information in
2751: .Ar indexfile .
1.108 inoguchi 2752: .It Fl ignore_err
2753: Ignore the invalid response.
1.1 jsing 2754: .It Fl index Ar indexfile
2755: .Ar indexfile
1.55 jmc 2756: is a text index file in ca format
2757: containing certificate revocation information.
1.1 jsing 2758: .Pp
1.55 jmc 2759: If this option is specified,
1.1 jsing 2760: .Nm ocsp
1.55 jmc 2761: is in responder mode, otherwise it is in client mode.
2762: The requests the responder processes can be either specified on
1.1 jsing 2763: the command line (using the
2764: .Fl issuer
2765: and
2766: .Fl serial
2767: options), supplied in a file (using the
2768: .Fl respin
1.55 jmc 2769: option), or via external OCSP clients (if
1.1 jsing 2770: .Ar port
2771: or
2772: .Ar url
2773: is specified).
2774: .Pp
1.55 jmc 2775: If this option is present, then the
1.1 jsing 2776: .Fl CA
2777: and
2778: .Fl rsigner
2779: options must also be present.
2780: .It Fl nmin Ar minutes , Fl ndays Ar days
2781: Number of
2782: .Ar minutes
2783: or
2784: .Ar days
1.55 jmc 2785: when fresh revocation information is available:
2786: used in the nextUpdate field.
2787: If neither option is present,
2788: the nextUpdate field is omitted,
2789: meaning fresh revocation information is immediately available.
1.1 jsing 2790: .It Fl nrequest Ar number
1.55 jmc 2791: Exit after receiving
1.1 jsing 2792: .Ar number
1.55 jmc 2793: requests (the default is unlimited).
1.1 jsing 2794: .It Fl port Ar portnum
2795: Port to listen for OCSP requests on.
1.55 jmc 2796: May also be specified using the
1.1 jsing 2797: .Fl url
2798: option.
2799: .It Fl resp_key_id
2800: Identify the signer certificate using the key ID;
1.55 jmc 2801: the default is to use the subject name.
1.1 jsing 2802: .It Fl resp_no_certs
2803: Don't include any certificates in the OCSP response.
2804: .It Fl rkey Ar file
2805: The private key to sign OCSP responses with;
2806: if not present, the file specified in the
2807: .Fl rsigner
2808: option is used.
2809: .It Fl rother Ar file
2810: Additional certificates to include in the OCSP response.
2811: .It Fl rsigner Ar file
2812: The certificate to sign OCSP responses with.
2813: .El
2814: .Pp
2815: Initially the OCSP responder certificate is located and the signature on
2816: the OCSP request checked using the responder certificate's public key.
2817: Then a normal certificate verify is performed on the OCSP responder certificate
2818: building up a certificate chain in the process.
2819: The locations of the trusted certificates used to build the chain can be
2820: specified by the
2821: .Fl CAfile
2822: and
2823: .Fl CApath
2824: options or they will be looked for in the standard
1.55 jmc 2825: .Nm openssl
2826: certificates directory.
1.1 jsing 2827: .Pp
1.55 jmc 2828: If the initial verify fails, the OCSP verify process halts with an error.
1.1 jsing 2829: Otherwise the issuing CA certificate in the request is compared to the OCSP
2830: responder certificate: if there is a match then the OCSP verify succeeds.
2831: .Pp
2832: Otherwise the OCSP responder certificate's CA is checked against the issuing
2833: CA certificate in the request.
2834: If there is a match and the OCSPSigning extended key usage is present
2835: in the OCSP responder certificate, then the OCSP verify succeeds.
2836: .Pp
2837: Otherwise the root CA of the OCSP responder's CA is checked to see if it
2838: is trusted for OCSP signing.
2839: If it is, the OCSP verify succeeds.
2840: .Pp
2841: If none of these checks is successful, the OCSP verify fails.
2842: What this effectively means is that if the OCSP responder certificate is
2843: authorised directly by the CA it is issuing revocation information about
1.55 jmc 2844: (and it is correctly configured),
1.1 jsing 2845: then verification will succeed.
2846: .Pp
1.55 jmc 2847: If the OCSP responder is a global responder,
2848: which can give details about multiple CAs
2849: and has its own separate certificate chain,
2850: then its root CA can be trusted for OCSP signing.
1.1 jsing 2851: Alternatively, the responder certificate itself can be explicitly trusted
2852: with the
2853: .Fl VAfile
2854: option.
1.120 kn 2855: .Tg passwd
1.1 jsing 2856: .Sh PASSWD
1.114 jmc 2857: .Bl -hang -width "openssl passwd"
2858: .It Nm openssl passwd
2859: .Bk -words
1.1 jsing 2860: .Op Fl 1 | apr1 | crypt
2861: .Op Fl in Ar file
2862: .Op Fl noverify
2863: .Op Fl quiet
2864: .Op Fl reverse
2865: .Op Fl salt Ar string
2866: .Op Fl stdin
2867: .Op Fl table
2868: .Op Ar password
1.114 jmc 2869: .Ek
2870: .El
1.1 jsing 2871: .Pp
2872: The
2873: .Nm passwd
1.56 jmc 2874: command computes the hash of a password.
1.1 jsing 2875: .Pp
2876: The options are as follows:
2877: .Bl -tag -width Ds
2878: .It Fl 1
2879: Use the MD5 based
2880: .Bx
2881: password algorithm
1.56 jmc 2882: .Qq 1 .
1.1 jsing 2883: .It Fl apr1
2884: Use the
1.56 jmc 2885: .Qq apr1
1.1 jsing 2886: algorithm
1.56 jmc 2887: .Po
2888: Apache variant of the
1.1 jsing 2889: .Bx
1.56 jmc 2890: algorithm
2891: .Pc .
1.1 jsing 2892: .It Fl crypt
2893: Use the
1.56 jmc 2894: .Qq crypt
2895: algorithm (the default).
1.1 jsing 2896: .It Fl in Ar file
2897: Read passwords from
2898: .Ar file .
2899: .It Fl noverify
2900: Don't verify when reading a password from the terminal.
2901: .It Fl quiet
2902: Don't output warnings when passwords given on the command line are truncated.
2903: .It Fl reverse
2904: Switch table columns.
2905: This only makes sense in conjunction with the
2906: .Fl table
2907: option.
2908: .It Fl salt Ar string
1.56 jmc 2909: Use the salt specified by
2910: .Ar string .
1.1 jsing 2911: When reading a password from the terminal, this implies
2912: .Fl noverify .
2913: .It Fl stdin
1.56 jmc 2914: Read passwords from standard input.
1.1 jsing 2915: .It Fl table
2916: In the output list, prepend the cleartext password and a TAB character
2917: to each password hash.
2918: .El
1.120 kn 2919: .Tg pkcs7
1.1 jsing 2920: .Sh PKCS7
1.114 jmc 2921: .Bl -hang -width "openssl pkcs7"
2922: .It Nm openssl pkcs7
2923: .Bk -words
1.1 jsing 2924: .Op Fl in Ar file
1.57 jmc 2925: .Op Fl inform Cm der | pem
1.1 jsing 2926: .Op Fl noout
2927: .Op Fl out Ar file
1.57 jmc 2928: .Op Fl outform Cm der | pem
1.106 inoguchi 2929: .Op Fl print
1.1 jsing 2930: .Op Fl print_certs
2931: .Op Fl text
1.114 jmc 2932: .Ek
2933: .El
1.1 jsing 2934: .Pp
2935: The
2936: .Nm pkcs7
2937: command processes PKCS#7 files in DER or PEM format.
1.57 jmc 2938: The PKCS#7 routines only understand PKCS#7 v 1.5 as specified in RFC 2315.
2939: .Pp
1.1 jsing 2940: The options are as follows:
2941: .Bl -tag -width Ds
2942: .It Fl in Ar file
1.57 jmc 2943: The input file to read from,
2944: or standard input if not specified.
2945: .It Fl inform Cm der | pem
2946: The input format.
1.1 jsing 2947: .It Fl noout
2948: Don't output the encoded version of the PKCS#7 structure
2949: (or certificates if
2950: .Fl print_certs
2951: is set).
2952: .It Fl out Ar file
1.57 jmc 2953: The output to write to,
2954: or standard output if not specified.
2955: .It Fl outform Cm der | pem
2956: The output format.
1.106 inoguchi 2957: .It Fl print
2958: Print the ASN.1 representation of PKCS#7 structure.
1.1 jsing 2959: .It Fl print_certs
1.57 jmc 2960: Print any certificates or CRLs contained in the file,
2961: preceded by their subject and issuer names in a one-line format.
1.1 jsing 2962: .It Fl text
1.57 jmc 2963: Print certificate details in full rather than just subject and issuer names.
1.1 jsing 2964: .El
1.120 kn 2965: .Tg pkcs8
1.1 jsing 2966: .Sh PKCS8
1.114 jmc 2967: .Bl -hang -width "openssl pkcs8"
2968: .It Nm openssl pkcs8
2969: .Bk -words
1.1 jsing 2970: .Op Fl in Ar file
1.58 jmc 2971: .Op Fl inform Cm der | pem
1.1 jsing 2972: .Op Fl nocrypt
2973: .Op Fl noiter
2974: .Op Fl out Ar file
1.58 jmc 2975: .Op Fl outform Cm der | pem
1.1 jsing 2976: .Op Fl passin Ar arg
2977: .Op Fl passout Ar arg
2978: .Op Fl topk8
2979: .Op Fl v1 Ar alg
2980: .Op Fl v2 Ar alg
1.114 jmc 2981: .Ek
2982: .El
1.1 jsing 2983: .Pp
2984: The
2985: .Nm pkcs8
1.58 jmc 2986: command processes private keys
2987: (both encrypted and unencrypted)
2988: in PKCS#8 format
2989: with a variety of PKCS#5 (v1.5 and v2.0) and PKCS#12 algorithms.
2990: The default encryption is only 56 bits;
2991: keys encrypted using PKCS#5 v2.0 algorithms and high iteration counts
2992: are more secure.
2993: .Pp
1.1 jsing 2994: The options are as follows:
2995: .Bl -tag -width Ds
2996: .It Fl in Ar file
1.58 jmc 2997: The input file to read from,
2998: or standard input if not specified.
1.1 jsing 2999: If the key is encrypted, a pass phrase will be prompted for.
1.58 jmc 3000: .It Fl inform Cm der | pem
3001: The input format.
1.1 jsing 3002: .It Fl nocrypt
1.58 jmc 3003: Generate an unencrypted PrivateKeyInfo structure.
3004: This option does not encrypt private keys at all
3005: and should only be used when absolutely necessary.
1.1 jsing 3006: .It Fl noiter
3007: Use an iteration count of 1.
3008: See the
3009: .Sx PKCS12
3010: section below for a detailed explanation of this option.
3011: .It Fl out Ar file
1.58 jmc 3012: The output file to write to,
3013: or standard output if none is specified.
1.1 jsing 3014: If any encryption options are set, a pass phrase will be prompted for.
1.58 jmc 3015: .It Fl outform Cm der | pem
3016: The output format.
1.1 jsing 3017: .It Fl passin Ar arg
3018: The key password source.
3019: .It Fl passout Ar arg
3020: The output file password source.
3021: .It Fl topk8
1.58 jmc 3022: Read a traditional format private key and write a PKCS#8 format key.
1.1 jsing 3023: .It Fl v1 Ar alg
1.58 jmc 3024: Specify a PKCS#5 v1.5 or PKCS#12 algorithm to use.
3025: .Pp
3026: .Bl -tag -width "XXXX" -compact
3027: .It PBE-MD5-DES
3028: 56-bit DES.
3029: .It PBE-SHA1-RC2-64 | PBE-MD5-RC2-64 | PBE-SHA1-DES
3030: 64-bit RC2 or 56-bit DES.
3031: .It PBE-SHA1-RC4-128 | PBE-SHA1-RC4-40 | PBE-SHA1-3DES
3032: .It PBE-SHA1-2DES | PBE-SHA1-RC2-128 | PBE-SHA1-RC2-40
3033: PKCS#12 password-based encryption algorithm,
3034: which allow strong encryption algorithms like triple DES or 128-bit RC2.
3035: .El
1.1 jsing 3036: .It Fl v2 Ar alg
1.58 jmc 3037: Use PKCS#5 v2.0 algorithms.
3038: Supports algorithms such as 168-bit triple DES or 128-bit RC2,
3039: however not many implementations support PKCS#5 v2.0 yet
3040: (if using private keys with
3041: .Nm openssl
3042: this doesn't matter).
1.1 jsing 3043: .Pp
3044: .Ar alg
1.58 jmc 3045: is the encryption algorithm to use;
3046: valid values include des, des3, and rc2.
3047: It is recommended that des3 is used.
1.1 jsing 3048: .El
1.120 kn 3049: .Tg pkcs12
1.1 jsing 3050: .Sh PKCS12
1.114 jmc 3051: .Bl -hang -width "openssl pkcs12"
3052: .It Nm openssl pkcs12
3053: .Bk -words
1.107 inoguchi 3054: .Oo
3055: .Fl aes128 | aes192 | aes256 | camellia128 |
3056: .Fl camellia192 | camellia256 | des | des3 | idea
3057: .Oc
1.1 jsing 3058: .Op Fl cacerts
3059: .Op Fl CAfile Ar file
3060: .Op Fl caname Ar name
3061: .Op Fl CApath Ar directory
3062: .Op Fl certfile Ar file
3063: .Op Fl certpbe Ar alg
3064: .Op Fl chain
3065: .Op Fl clcerts
3066: .Op Fl CSP Ar name
3067: .Op Fl descert
3068: .Op Fl export
3069: .Op Fl in Ar file
3070: .Op Fl info
3071: .Op Fl inkey Ar file
3072: .Op Fl keyex
3073: .Op Fl keypbe Ar alg
3074: .Op Fl keysig
1.107 inoguchi 3075: .Op Fl LMK
1.1 jsing 3076: .Op Fl macalg Ar alg
3077: .Op Fl maciter
3078: .Op Fl name Ar name
3079: .Op Fl nocerts
3080: .Op Fl nodes
3081: .Op Fl noiter
3082: .Op Fl nokeys
3083: .Op Fl nomac
3084: .Op Fl nomaciter
3085: .Op Fl nomacver
3086: .Op Fl noout
3087: .Op Fl out Ar file
3088: .Op Fl passin Ar arg
3089: .Op Fl passout Ar arg
1.107 inoguchi 3090: .Op Fl password Ar arg
1.1 jsing 3091: .Op Fl twopass
1.114 jmc 3092: .Ek
3093: .El
1.1 jsing 3094: .Pp
3095: The
3096: .Nm pkcs12
3097: command allows PKCS#12 files
3098: .Pq sometimes referred to as PFX files
3099: to be created and parsed.
3100: By default, a PKCS#12 file is parsed;
3101: a PKCS#12 file can be created by using the
3102: .Fl export
1.59 jmc 3103: option.
3104: .Pp
3105: The options for parsing a PKCS12 file are as follows:
1.1 jsing 3106: .Bl -tag -width "XXXX"
1.107 inoguchi 3107: .It Xo
3108: .Fl aes128 | aes192 | aes256 |
3109: .Fl camellia128 | camellia192 | camellia256 |
3110: .Fl des | des3 |
3111: .Fl idea
3112: .Xc
3113: Encrypt private keys using AES, CAMELLIA, DES, triple DES
3114: or the IDEA ciphers, respectively.
1.1 jsing 3115: The default is triple DES.
3116: .It Fl cacerts
3117: Only output CA certificates
3118: .Pq not client certificates .
3119: .It Fl clcerts
3120: Only output client certificates
3121: .Pq not CA certificates .
3122: .It Fl in Ar file
1.59 jmc 3123: The input file to read from,
3124: or standard input if not specified.
1.1 jsing 3125: .It Fl info
3126: Output additional information about the PKCS#12 file structure,
3127: algorithms used, and iteration counts.
3128: .It Fl nocerts
1.59 jmc 3129: Do not output certificates.
1.1 jsing 3130: .It Fl nodes
1.59 jmc 3131: Do not encrypt private keys.
1.1 jsing 3132: .It Fl nokeys
1.59 jmc 3133: Do not output private keys.
1.1 jsing 3134: .It Fl nomacver
1.59 jmc 3135: Do not attempt to verify the integrity MAC before reading the file.
1.1 jsing 3136: .It Fl noout
1.59 jmc 3137: Do not output the keys and certificates to the output file
1.1 jsing 3138: version of the PKCS#12 file.
3139: .It Fl out Ar file
1.59 jmc 3140: The output file to write to,
3141: or standard output if not specified.
1.1 jsing 3142: .It Fl passin Ar arg
3143: The key password source.
3144: .It Fl passout Ar arg
3145: The output file password source.
3146: .It Fl twopass
3147: Prompt for separate integrity and encryption passwords: most software
3148: always assumes these are the same so this option will render such
3149: PKCS#12 files unreadable.
3150: .El
1.59 jmc 3151: .Pp
3152: The options for PKCS12 file creation are as follows:
1.1 jsing 3153: .Bl -tag -width "XXXX"
3154: .It Fl CAfile Ar file
3155: CA storage as a file.
3156: .It Fl CApath Ar directory
3157: CA storage as a directory.
1.59 jmc 3158: The directory must be a standard certificate directory:
1.1 jsing 3159: that is, a hash of each subject name (using
1.59 jmc 3160: .Nm x509 Fl hash )
1.1 jsing 3161: should be linked to each certificate.
3162: .It Fl caname Ar name
1.59 jmc 3163: Specify the
1.1 jsing 3164: .Qq friendly name
3165: for other certificates.
1.59 jmc 3166: May be used multiple times to specify names for all certificates
1.1 jsing 3167: in the order they appear.
3168: .It Fl certfile Ar file
3169: A file to read additional certificates from.
3170: .It Fl certpbe Ar alg , Fl keypbe Ar alg
1.59 jmc 3171: Specify the algorithm used to encrypt the private key and
1.1 jsing 3172: certificates to be selected.
1.59 jmc 3173: Any PKCS#5 v1.5 or PKCS#12 PBE algorithm name can be used.
1.1 jsing 3174: If a cipher name
3175: (as output by the
3176: .Cm list-cipher-algorithms
3177: command) is specified then it
3178: is used with PKCS#5 v2.0.
3179: For interoperability reasons it is advisable to only use PKCS#12 algorithms.
3180: .It Fl chain
1.59 jmc 3181: Include the entire certificate chain of the user certificate.
1.1 jsing 3182: The standard CA store is used for this search.
3183: If the search fails, it is considered a fatal error.
3184: .It Fl CSP Ar name
3185: Write
3186: .Ar name
3187: as a Microsoft CSP name.
3188: .It Fl descert
3189: Encrypt the certificate using triple DES; this may render the PKCS#12
3190: file unreadable by some
3191: .Qq export grade
3192: software.
3193: By default, the private key is encrypted using triple DES and the
3194: certificate using 40-bit RC2.
3195: .It Fl export
1.59 jmc 3196: Create a PKCS#12 file (rather than parsing one).
1.1 jsing 3197: .It Fl in Ar file
1.59 jmc 3198: The input file to read from,
1.81 jmc 3199: or standard input if not specified.
1.1 jsing 3200: The order doesn't matter but one private key and its corresponding
3201: certificate should be present.
3202: If additional certificates are present, they will also be included
3203: in the PKCS#12 file.
3204: .It Fl inkey Ar file
1.59 jmc 3205: File to read a private key from.
1.1 jsing 3206: If not present, a private key must be present in the input file.
3207: .It Fl keyex | keysig
1.59 jmc 3208: Specify whether the private key is to be used for key exchange or just signing.
1.1 jsing 3209: Normally,
3210: .Qq export grade
3211: software will only allow 512-bit RSA keys to be
3212: used for encryption purposes, but arbitrary length keys for signing.
3213: The
3214: .Fl keysig
3215: option marks the key for signing only.
3216: Signing only keys can be used for S/MIME signing, authenticode
1.66 jmc 3217: (ActiveX control signing)
1.59 jmc 3218: and SSL client authentication.
1.107 inoguchi 3219: .It Fl LMK
3220: Add local machine keyset attribute to private key.
1.1 jsing 3221: .It Fl macalg Ar alg
3222: Specify the MAC digest algorithm.
1.59 jmc 3223: The default is SHA1.
1.1 jsing 3224: .It Fl maciter
1.66 jmc 3225: Included for compatibility only:
1.59 jmc 3226: it used to be needed to use MAC iterations counts
3227: but they are now used by default.
1.1 jsing 3228: .It Fl name Ar name
1.59 jmc 3229: Specify the
1.1 jsing 3230: .Qq friendly name
3231: for the certificate and private key.
3232: This name is typically displayed in list boxes by software importing the file.
3233: .It Fl nomac
3234: Don't attempt to provide the MAC integrity.
3235: .It Fl nomaciter , noiter
1.59 jmc 3236: Affect the iteration counts on the MAC and key algorithms.
1.1 jsing 3237: .Pp
3238: To discourage attacks by using large dictionaries of common passwords,
3239: the algorithm that derives keys from passwords can have an iteration count
3240: applied to it: this causes a certain part of the algorithm to be repeated
3241: and slows it down.
3242: The MAC is used to check the file integrity but since it will normally
3243: have the same password as the keys and certificates it could also be attacked.
3244: By default, both MAC and encryption iteration counts are set to 2048;
3245: using these options the MAC and encryption iteration counts can be set to 1.
3246: Since this reduces the file security you should not use these options
3247: unless you really have to.
3248: Most software supports both MAC and key iteration counts.
3249: .It Fl out Ar file
1.59 jmc 3250: The output file to write to,
3251: or standard output if not specified.
1.1 jsing 3252: .It Fl passin Ar arg
3253: The key password source.
3254: .It Fl passout Ar arg
3255: The output file password source.
1.107 inoguchi 3256: .It Fl password Ar arg
3257: With
3258: .Fl export ,
3259: .Fl password
3260: is equivalent to
3261: .Fl passout .
1.108 inoguchi 3262: Otherwise,
1.107 inoguchi 3263: .Fl password
3264: is equivalent to
3265: .Fl passin .
1.1 jsing 3266: .El
1.120 kn 3267: .Tg pkey
1.1 jsing 3268: .Sh PKEY
1.114 jmc 3269: .Bl -hang -width "openssl pkey"
3270: .It Nm openssl pkey
3271: .Bk -words
1.1 jsing 3272: .Op Ar cipher
3273: .Op Fl in Ar file
1.60 jmc 3274: .Op Fl inform Cm der | pem
1.1 jsing 3275: .Op Fl noout
3276: .Op Fl out Ar file
1.60 jmc 3277: .Op Fl outform Cm der | pem
1.1 jsing 3278: .Op Fl passin Ar arg
3279: .Op Fl passout Ar arg
3280: .Op Fl pubin
3281: .Op Fl pubout
3282: .Op Fl text
3283: .Op Fl text_pub
1.114 jmc 3284: .Ek
3285: .El
1.1 jsing 3286: .Pp
3287: The
3288: .Nm pkey
3289: command processes public or private keys.
3290: They can be converted between various forms
3291: and their components printed out.
3292: .Pp
3293: The options are as follows:
3294: .Bl -tag -width Ds
3295: .It Ar cipher
1.60 jmc 3296: Encrypt the private key with the specified cipher.
1.1 jsing 3297: Any algorithm name accepted by
1.60 jmc 3298: .Xr EVP_get_cipherbyname 3
1.1 jsing 3299: is acceptable, such as
3300: .Cm des3 .
3301: .It Fl in Ar file
1.60 jmc 3302: The input file to read from,
3303: or standard input if not specified.
1.1 jsing 3304: If the key is encrypted a pass phrase will be prompted for.
1.60 jmc 3305: .It Fl inform Cm der | pem
3306: The input format.
1.1 jsing 3307: .It Fl noout
3308: Do not output the encoded version of the key.
3309: .It Fl out Ar file
1.60 jmc 3310: The output file to write to,
3311: or standard output if not specified.
1.1 jsing 3312: If any encryption options are set then a pass phrase
3313: will be prompted for.
1.60 jmc 3314: .It Fl outform Cm der | pem
3315: The output format.
1.1 jsing 3316: .It Fl passin Ar arg
3317: The key password source.
3318: .It Fl passout Ar arg
3319: The output file password source.
3320: .It Fl pubin
1.60 jmc 3321: Read in a public key, not a private key.
1.1 jsing 3322: .It Fl pubout
1.60 jmc 3323: Output a public key, not a private key.
3324: Automatically set if the input is a public key.
1.1 jsing 3325: .It Fl text
1.64 jmc 3326: Print the public/private key in plain text.
1.1 jsing 3327: .It Fl text_pub
3328: Print out only public key components
3329: even if a private key is being processed.
3330: .El
1.120 kn 3331: .Tg pkeyparam
1.1 jsing 3332: .Sh PKEYPARAM
3333: .Cm openssl pkeyparam
3334: .Op Fl in Ar file
3335: .Op Fl noout
3336: .Op Fl out Ar file
3337: .Op Fl text
3338: .Pp
3339: The
1.61 jmc 3340: .Nm pkeyparam
1.1 jsing 3341: command processes public or private keys.
1.61 jmc 3342: The key type is determined by the PEM headers.
1.1 jsing 3343: .Pp
3344: The options are as follows:
3345: .Bl -tag -width Ds
3346: .It Fl in Ar file
1.61 jmc 3347: The input file to read from,
3348: or standard input if not specified.
1.1 jsing 3349: .It Fl noout
3350: Do not output the encoded version of the parameters.
3351: .It Fl out Ar file
1.61 jmc 3352: The output file to write to,
3353: or standard output if not specified.
1.1 jsing 3354: .It Fl text
1.64 jmc 3355: Print the parameters in plain text.
1.1 jsing 3356: .El
1.120 kn 3357: .Tg pkeyutl
1.1 jsing 3358: .Sh PKEYUTL
1.114 jmc 3359: .Bl -hang -width "openssl pkeyutl"
3360: .It Nm openssl pkeyutl
3361: .Bk -words
1.1 jsing 3362: .Op Fl asn1parse
3363: .Op Fl certin
3364: .Op Fl decrypt
3365: .Op Fl derive
3366: .Op Fl encrypt
3367: .Op Fl hexdump
3368: .Op Fl in Ar file
3369: .Op Fl inkey Ar file
1.62 jmc 3370: .Op Fl keyform Cm der | pem
1.1 jsing 3371: .Op Fl out Ar file
3372: .Op Fl passin Ar arg
1.62 jmc 3373: .Op Fl peerform Cm der | pem
1.1 jsing 3374: .Op Fl peerkey Ar file
3375: .Op Fl pkeyopt Ar opt : Ns Ar value
3376: .Op Fl pubin
3377: .Op Fl rev
3378: .Op Fl sigfile Ar file
3379: .Op Fl sign
3380: .Op Fl verify
3381: .Op Fl verifyrecover
1.114 jmc 3382: .Ek
3383: .El
1.1 jsing 3384: .Pp
3385: The
3386: .Nm pkeyutl
3387: command can be used to perform public key operations using
3388: any supported algorithm.
3389: .Pp
3390: The options are as follows:
3391: .Bl -tag -width Ds
3392: .It Fl asn1parse
1.84 jmc 3393: ASN.1 parse the output data.
1.1 jsing 3394: This is useful when combined with the
3395: .Fl verifyrecover
1.84 jmc 3396: option when an ASN.1 structure is signed.
1.1 jsing 3397: .It Fl certin
3398: The input is a certificate containing a public key.
3399: .It Fl decrypt
3400: Decrypt the input data using a private key.
3401: .It Fl derive
3402: Derive a shared secret using the peer key.
3403: .It Fl encrypt
3404: Encrypt the input data using a public key.
3405: .It Fl hexdump
3406: Hex dump the output data.
3407: .It Fl in Ar file
1.62 jmc 3408: The input file to read from,
3409: or standard input if not specified.
1.1 jsing 3410: .It Fl inkey Ar file
3411: The input key file.
3412: By default it should be a private key.
1.62 jmc 3413: .It Fl keyform Cm der | pem
3414: The key format.
1.1 jsing 3415: .It Fl out Ar file
1.62 jmc 3416: The output file to write to,
3417: or standard output if not specified.
1.1 jsing 3418: .It Fl passin Ar arg
3419: The key password source.
1.62 jmc 3420: .It Fl peerform Cm der | pem
3421: The peer key format.
1.1 jsing 3422: .It Fl peerkey Ar file
3423: The peer key file, used by key derivation (agreement) operations.
3424: .It Fl pkeyopt Ar opt : Ns Ar value
1.62 jmc 3425: Set the public key algorithm option
3426: .Ar opt
3427: to
3428: .Ar value .
3429: Unless otherwise mentioned, all algorithms support the format
3430: .Ar digest : Ns Ar alg ,
3431: which specifies the digest to use
1.1 jsing 3432: for sign, verify, and verifyrecover operations.
3433: The value
3434: .Ar alg
3435: should represent a digest name as used in the
1.62 jmc 3436: .Xr EVP_get_digestbyname 3
3437: function.
3438: .Pp
1.1 jsing 3439: The RSA algorithm supports the
3440: encrypt, decrypt, sign, verify, and verifyrecover operations in general.
3441: Some padding modes only support some of these
3442: operations however.
3443: .Bl -tag -width Ds
3444: .It rsa_padding_mode : Ns Ar mode
3445: This sets the RSA padding mode.
3446: Acceptable values for
3447: .Ar mode
3448: are
3449: .Cm pkcs1
3450: for PKCS#1 padding;
3451: .Cm none
3452: for no padding;
3453: .Cm oaep
3454: for OAEP mode;
3455: .Cm x931
3456: for X9.31 mode;
3457: and
3458: .Cm pss
3459: for PSS.
3460: .Pp
3461: In PKCS#1 padding if the message digest is not set then the supplied data is
3462: signed or verified directly instead of using a DigestInfo structure.
3463: If a digest is set then a DigestInfo
3464: structure is used and its length
3465: must correspond to the digest type.
3466: For oeap mode only encryption and decryption is supported.
3467: For x931 if the digest type is set it is used to format the block data;
3468: otherwise the first byte is used to specify the X9.31 digest ID.
3469: Sign, verify, and verifyrecover can be performed in this mode.
3470: For pss mode only sign and verify are supported and the digest type must be
3471: specified.
3472: .It rsa_pss_saltlen : Ns Ar len
3473: For pss
3474: mode only this option specifies the salt length.
3475: Two special values are supported:
3476: -1 sets the salt length to the digest length.
3477: When signing -2 sets the salt length to the maximum permissible value.
3478: When verifying -2 causes the salt length to be automatically determined
3479: based on the PSS block structure.
3480: .El
1.62 jmc 3481: .Pp
1.1 jsing 3482: The DSA algorithm supports the sign and verify operations.
3483: Currently there are no additional options other than
3484: .Ar digest .
3485: Only the SHA1 digest can be used and this digest is assumed by default.
1.62 jmc 3486: .Pp
1.1 jsing 3487: The DH algorithm supports the derive operation
3488: and no additional options.
1.62 jmc 3489: .Pp
1.1 jsing 3490: The EC algorithm supports the sign, verify, and derive operations.
3491: The sign and verify operations use ECDSA and derive uses ECDH.
3492: Currently there are no additional options other than
3493: .Ar digest .
3494: Only the SHA1 digest can be used and this digest is assumed by default.
1.62 jmc 3495: .It Fl pubin
3496: The input file is a public key.
3497: .It Fl rev
3498: Reverse the order of the input buffer.
3499: .It Fl sigfile Ar file
3500: Signature file (verify operation only).
3501: .It Fl sign
3502: Sign the input data and output the signed result.
3503: This requires a private key.
3504: .It Fl verify
3505: Verify the input data against the signature file and indicate if the
3506: verification succeeded or failed.
3507: .It Fl verifyrecover
3508: Verify the input data and output the recovered data.
3509: .El
1.120 kn 3510: .Tg prime
1.1 jsing 3511: .Sh PRIME
3512: .Cm openssl prime
3513: .Op Fl bits Ar n
3514: .Op Fl checks Ar n
3515: .Op Fl generate
3516: .Op Fl hex
3517: .Op Fl safe
3518: .Ar p
3519: .Pp
3520: The
3521: .Nm prime
3522: command is used to generate prime numbers,
3523: or to check numbers for primality.
3524: Results are probabilistic:
3525: they have an exceedingly high likelihood of being correct,
3526: but are not guaranteed.
3527: .Pp
3528: The options are as follows:
3529: .Bl -tag -width Ds
3530: .It Fl bits Ar n
3531: Specify the number of bits in the generated prime number.
3532: Must be used in conjunction with
3533: .Fl generate .
3534: .It Fl checks Ar n
3535: Perform a Miller-Rabin probabilistic primality test with
3536: .Ar n
3537: iterations.
3538: The default is 20.
3539: .It Fl generate
3540: Generate a pseudo-random prime number.
3541: Must be used in conjunction with
3542: .Fl bits .
3543: .It Fl hex
3544: Output in hex format.
3545: .It Fl safe
3546: Generate only
3547: .Qq safe
3548: prime numbers
3549: (i.e. a prime p so that (p-1)/2 is also prime).
3550: .It Ar p
3551: Test if number
3552: .Ar p
3553: is prime.
3554: .El
1.120 kn 3555: .Tg rand
1.1 jsing 3556: .Sh RAND
1.114 jmc 3557: .Bl -hang -width "openssl rand"
3558: .It Nm openssl rand
3559: .Bk -words
1.1 jsing 3560: .Op Fl base64
3561: .Op Fl hex
3562: .Op Fl out Ar file
3563: .Ar num
1.114 jmc 3564: .Ek
3565: .El
1.1 jsing 3566: .Pp
3567: The
3568: .Nm rand
3569: command outputs
3570: .Ar num
3571: pseudo-random bytes.
3572: .Pp
3573: The options are as follows:
3574: .Bl -tag -width Ds
3575: .It Fl base64
1.81 jmc 3576: Perform base64 encoding on the output.
1.1 jsing 3577: .It Fl hex
3578: Specify hexadecimal output.
3579: .It Fl out Ar file
1.63 jmc 3580: The output file to write to,
3581: or standard output if not specified.
1.1 jsing 3582: .El
1.120 kn 3583: .Tg req
1.1 jsing 3584: .Sh REQ
1.114 jmc 3585: .Bl -hang -width "openssl req"
3586: .It Nm openssl req
3587: .Bk -words
1.115 inoguchi 3588: .Op Fl addext Ar ext
1.1 jsing 3589: .Op Fl asn1-kludge
3590: .Op Fl batch
3591: .Op Fl config Ar file
3592: .Op Fl days Ar n
3593: .Op Fl extensions Ar section
3594: .Op Fl in Ar file
1.63 jmc 3595: .Op Fl inform Cm der | pem
1.1 jsing 3596: .Op Fl key Ar keyfile
1.63 jmc 3597: .Op Fl keyform Cm der | pem
1.1 jsing 3598: .Op Fl keyout Ar file
1.28 doug 3599: .Op Fl md4 | md5 | sha1
1.1 jsing 3600: .Op Fl modulus
1.107 inoguchi 3601: .Op Fl multivalue-rdn
1.1 jsing 3602: .Op Fl nameopt Ar option
3603: .Op Fl new
3604: .Op Fl newhdr
3605: .Op Fl newkey Ar arg
3606: .Op Fl no-asn1-kludge
3607: .Op Fl nodes
3608: .Op Fl noout
3609: .Op Fl out Ar file
1.63 jmc 3610: .Op Fl outform Cm der | pem
1.1 jsing 3611: .Op Fl passin Ar arg
3612: .Op Fl passout Ar arg
1.107 inoguchi 3613: .Op Fl pkeyopt Ar opt:value
1.1 jsing 3614: .Op Fl pubkey
3615: .Op Fl reqexts Ar section
3616: .Op Fl reqopt Ar option
3617: .Op Fl set_serial Ar n
1.107 inoguchi 3618: .Op Fl sigopt Ar nm:v
1.1 jsing 3619: .Op Fl subj Ar arg
3620: .Op Fl subject
3621: .Op Fl text
3622: .Op Fl utf8
3623: .Op Fl verbose
3624: .Op Fl verify
3625: .Op Fl x509
1.114 jmc 3626: .Ek
3627: .El
1.1 jsing 3628: .Pp
3629: The
3630: .Nm req
3631: command primarily creates and processes certificate requests
3632: in PKCS#10 format.
3633: It can additionally create self-signed certificates,
3634: for use as root CAs, for example.
3635: .Pp
3636: The options are as follows:
3637: .Bl -tag -width Ds
1.115 inoguchi 3638: .It Fl addext Ar ext
3639: Add a specific extension to the certificate (if the
3640: .Fl x509
3641: option is present) or certificate request.
3642: The argument must have the form of a key=value pair as it would appear in a
3643: config file.
3644: This option can be given multiple times.
1.1 jsing 3645: .It Fl asn1-kludge
1.63 jmc 3646: Produce requests in an invalid format for certain picky CAs.
3647: Very few CAs still require the use of this option.
1.1 jsing 3648: .It Fl batch
3649: Non-interactive mode.
3650: .It Fl config Ar file
1.63 jmc 3651: Specify an alternative configuration file.
1.1 jsing 3652: .It Fl days Ar n
1.63 jmc 3653: Specify the number of days to certify the certificate for.
3654: The default is 30 days.
3655: Used with the
1.1 jsing 3656: .Fl x509
1.63 jmc 3657: option.
1.1 jsing 3658: .It Fl extensions Ar section , Fl reqexts Ar section
1.63 jmc 3659: Specify alternative sections to include certificate
3660: extensions (with
3661: .Fl x509 )
3662: or certificate request extensions,
3663: allowing several different sections to be used in the same configuration file.
1.1 jsing 3664: .It Fl in Ar file
1.63 jmc 3665: The input file to read a request from,
3666: or standard input if not specified.
1.1 jsing 3667: A request is only read if the creation options
3668: .Fl new
3669: and
3670: .Fl newkey
3671: are not specified.
1.63 jmc 3672: .It Fl inform Cm der | pem
3673: The input format.
1.1 jsing 3674: .It Fl key Ar keyfile
1.63 jmc 3675: The file to read the private key from.
1.1 jsing 3676: It also accepts PKCS#8 format private keys for PEM format files.
1.63 jmc 3677: .It Fl keyform Cm der | pem
1.1 jsing 3678: The format of the private key file specified in the
3679: .Fl key
3680: argument.
1.81 jmc 3681: The default is
3682: .Cm pem .
1.1 jsing 3683: .It Fl keyout Ar file
1.63 jmc 3684: The file to write the newly created private key to.
3685: If this option is not specified,
3686: the filename present in the configuration file is used.
1.4 sthen 3687: .It Fl md5 | sha1 | sha256
1.63 jmc 3688: The message digest to sign the request with.
1.1 jsing 3689: This overrides the digest algorithm specified in the configuration file.
3690: .Pp
3691: Some public key algorithms may override this choice.
3692: For instance, DSA signatures always use SHA1.
3693: .It Fl modulus
1.63 jmc 3694: Print the value of the modulus of the public key contained in the request.
1.107 inoguchi 3695: .It Fl multivalue-rdn
3696: This option causes the
3697: .Fl subj
3698: argument to be interpreted with full support for multivalued RDNs,
3699: for example
3700: .Qq "/DC=org/DC=OpenSSL/DC=users/UID=123456+CN=John Doe" .
3701: If
3702: .Fl multivalue-rdn
3703: is not used, the UID value is set to
3704: .Qq "123456+CN=John Doe" .
1.1 jsing 3705: .It Fl nameopt Ar option , Fl reqopt Ar option
1.63 jmc 3706: Determine how the subject or issuer names are displayed.
1.1 jsing 3707: .Ar option
1.63 jmc 3708: can be a single option or multiple options separated by commas.
1.1 jsing 3709: Alternatively, these options may be used more than once to set multiple options.
3710: See the
3711: .Sx X509
3712: section below for details.
3713: .It Fl new
1.63 jmc 3714: Generate a new certificate request.
3715: The user is prompted for the relevant field values.
1.1 jsing 3716: The actual fields prompted for and their maximum and minimum sizes
3717: are specified in the configuration file and any requested extensions.
3718: .Pp
3719: If the
3720: .Fl key
3721: option is not used, it will generate a new RSA private
3722: key using information specified in the configuration file.
3723: .It Fl newhdr
1.63 jmc 3724: Add the word NEW to the PEM file header and footer lines
1.112 inoguchi 3725: on the outputted request.
1.63 jmc 3726: Some software and CAs need this.
1.1 jsing 3727: .It Fl newkey Ar arg
1.63 jmc 3728: Create a new certificate request and a new private key.
1.1 jsing 3729: The argument takes one of several forms.
1.63 jmc 3730: .Pp
3731: .No rsa : Ns Ar nbits
3732: generates an RSA key
1.1 jsing 3733: .Ar nbits
3734: in size.
3735: If
3736: .Ar nbits
1.63 jmc 3737: is omitted
3738: the default key size is used.
3739: .Pp
3740: .No dsa : Ns Ar file
3741: generates a DSA key using the parameters in
3742: .Ar file .
3743: .Pp
3744: .No param : Ns Ar file
3745: generates a key using the parameters or certificate in
3746: .Ar file .
3747: .Pp
3748: All other algorithms support the form
3749: .Ar algorithm : Ns Ar file ,
1.1 jsing 3750: where file may be an algorithm parameter file,
3751: created by the
3752: .Cm genpkey -genparam
1.14 jmc 3753: command or an X.509 certificate for a key with appropriate algorithm.
1.63 jmc 3754: .Ar file
3755: can be omitted,
3756: in which case any parameters can be specified via the
1.1 jsing 3757: .Fl pkeyopt
3758: option.
3759: .It Fl no-asn1-kludge
1.63 jmc 3760: Reverse the effect of
1.1 jsing 3761: .Fl asn1-kludge .
3762: .It Fl nodes
1.63 jmc 3763: Do not encrypt the private key.
1.1 jsing 3764: .It Fl noout
1.63 jmc 3765: Do not output the encoded version of the request.
1.1 jsing 3766: .It Fl out Ar file
1.63 jmc 3767: The output file to write to,
1.99 jmc 3768: or standard output if not specified.
1.63 jmc 3769: .It Fl outform Cm der | pem
3770: The output format.
1.1 jsing 3771: .It Fl passin Ar arg
3772: The key password source.
3773: .It Fl passout Ar arg
3774: The output file password source.
1.107 inoguchi 3775: .It Fl pkeyopt Ar opt:value
3776: Set the public key algorithm option
3777: .Ar opt
3778: to
3779: .Ar value .
1.1 jsing 3780: .It Fl pubkey
1.63 jmc 3781: Output the public key.
1.1 jsing 3782: .It Fl reqopt Ar option
3783: Customise the output format used with
3784: .Fl text .
3785: The
3786: .Ar option
3787: argument can be a single option or multiple options separated by commas.
1.63 jmc 3788: See also the discussion of
1.1 jsing 3789: .Fl certopt
1.63 jmc 3790: in the
1.1 jsing 3791: .Nm x509
3792: command.
3793: .It Fl set_serial Ar n
3794: Serial number to use when outputting a self-signed certificate.
3795: This may be specified as a decimal value or a hex value if preceded by
3796: .Sq 0x .
3797: It is possible to use negative serial numbers but this is not recommended.
1.107 inoguchi 3798: .It Fl sigopt Ar nm:v
3799: Pass options to the signature algorithm during sign operation.
3800: The names and values of these options are algorithm-specific.
1.1 jsing 3801: .It Fl subj Ar arg
1.63 jmc 3802: Replaces the subject field of an input request
3803: with the specified data and output the modified request.
3804: .Ar arg
3805: must be formatted as /type0=value0/type1=value1/type2=...;
1.1 jsing 3806: characters may be escaped by
3807: .Sq \e
1.63 jmc 3808: (backslash);
1.1 jsing 3809: no spaces are skipped.
3810: .It Fl subject
1.63 jmc 3811: Print the request subject (or certificate subject if
1.1 jsing 3812: .Fl x509
1.63 jmc 3813: is specified).
1.1 jsing 3814: .It Fl text
1.64 jmc 3815: Print the certificate request in plain text.
1.1 jsing 3816: .It Fl utf8
1.63 jmc 3817: Interpret field values as UTF8 strings, not ASCII.
1.1 jsing 3818: .It Fl verbose
3819: Print extra details about the operations being performed.
3820: .It Fl verify
1.63 jmc 3821: Verify the signature on the request.
1.1 jsing 3822: .It Fl x509
1.63 jmc 3823: Output a self-signed certificate instead of a certificate request.
3824: This is typically used to generate a test certificate or a self-signed root CA.
3825: The extensions added to the certificate (if any)
1.1 jsing 3826: are specified in the configuration file.
3827: Unless specified using the
3828: .Fl set_serial
1.63 jmc 3829: option, 0 is used for the serial number.
1.1 jsing 3830: .El
1.63 jmc 3831: .Pp
1.1 jsing 3832: The configuration options are specified in the
1.63 jmc 3833: .Qq req
1.1 jsing 3834: section of the configuration file.
1.63 jmc 3835: The options available are as follows:
1.1 jsing 3836: .Bl -tag -width "XXXX"
1.63 jmc 3837: .It Cm attributes
3838: The section containing any request attributes: its format
1.1 jsing 3839: is the same as
1.63 jmc 3840: .Cm distinguished_name .
3841: Typically these may contain the challengePassword or unstructuredName types.
3842: They are currently ignored by the
3843: .Nm openssl
1.1 jsing 3844: request signing utilities, but some CAs might want them.
1.63 jmc 3845: .It Cm default_bits
3846: The default key size, in bits.
3847: The default is 2048.
1.1 jsing 3848: It is used if the
3849: .Fl new
1.63 jmc 3850: option is used and can be overridden by using the
1.1 jsing 3851: .Fl newkey
3852: option.
1.63 jmc 3853: .It Cm default_keyfile
3854: The default file to write a private key to,
3855: or standard output if not specified.
3856: It can be overridden by the
1.1 jsing 3857: .Fl keyout
3858: option.
1.63 jmc 3859: .It Cm default_md
3860: The digest algorithm to use.
1.1 jsing 3861: Possible values include
1.63 jmc 3862: .Cm md5 ,
3863: .Cm sha1
1.1 jsing 3864: and
1.63 jmc 3865: .Cm sha256
3866: (the default).
3867: It can be overridden on the command line.
3868: .It Cm distinguished_name
3869: The section containing the distinguished name fields to
1.1 jsing 3870: prompt for when generating a certificate or certificate request.
1.63 jmc 3871: The format is described below.
3872: .It Cm encrypt_key
3873: If set to
3874: .Qq no
3875: and a private key is generated, it is not encrypted.
3876: It is equivalent to the
1.1 jsing 3877: .Fl nodes
1.63 jmc 3878: option.
1.1 jsing 3879: For compatibility,
1.63 jmc 3880: .Cm encrypt_rsa_key
1.1 jsing 3881: is an equivalent option.
1.63 jmc 3882: .It Cm input_password | output_password
3883: The passwords for the input private key file (if present)
3884: and the output private key file (if one will be created).
1.1 jsing 3885: The command line options
3886: .Fl passin
3887: and
3888: .Fl passout
3889: override the configuration file values.
1.63 jmc 3890: .It Cm oid_file
3891: A file containing additional OBJECT IDENTIFIERS.
1.1 jsing 3892: Each line of the file should consist of the numerical form of the
3893: object identifier, followed by whitespace, then the short name followed
3894: by whitespace and finally the long name.
1.63 jmc 3895: .It Cm oid_section
3896: Specify a section in the configuration file containing extra
1.1 jsing 3897: object identifiers.
3898: Each line should consist of the short name of the
3899: object identifier followed by
3900: .Sq =
3901: and the numerical form.
3902: The short and long names are the same when this option is used.
1.63 jmc 3903: .It Cm prompt
3904: If set to
3905: .Qq no ,
3906: it disables prompting of certificate fields
1.1 jsing 3907: and just takes values from the config file directly.
3908: It also changes the expected format of the
1.63 jmc 3909: .Cm distinguished_name
1.1 jsing 3910: and
1.63 jmc 3911: .Cm attributes
1.1 jsing 3912: sections.
1.63 jmc 3913: .It Cm req_extensions
3914: The configuration file section containing a list of
1.1 jsing 3915: extensions to add to the certificate request.
3916: It can be overridden by the
3917: .Fl reqexts
1.63 jmc 3918: option.
3919: .It Cm string_mask
3920: Limit the string types for encoding certain fields.
1.1 jsing 3921: The following values may be used, limiting strings to the indicated types:
3922: .Bl -tag -width "MASK:number"
1.63 jmc 3923: .It Cm utf8only
3924: UTF8String.
1.1 jsing 3925: This is the default, as recommended by PKIX in RFC 2459.
1.63 jmc 3926: .It Cm default
3927: PrintableString, IA5String, T61String, BMPString, UTF8String.
3928: .It Cm pkix
3929: PrintableString, IA5String, BMPString, UTF8String.
3930: Inspired by the PKIX recommendation in RFC 2459 for certificates
3931: generated before 2004, but differs by also permitting IA5String.
3932: .It Cm nombstr
3933: PrintableString, IA5String, T61String, UniversalString.
3934: A workaround for some ancient software that had problems
3935: with the variable-sized BMPString and UTF8String types.
1.1 jsing 3936: .It Cm MASK : Ns Ar number
1.63 jmc 3937: An explicit bitmask of permitted types, where
1.1 jsing 3938: .Ar number
3939: is a C-style hex, decimal, or octal number that's a bit-wise OR of
3940: .Dv B_ASN1_*
3941: values from
3942: .In openssl/asn1.h .
3943: .El
1.63 jmc 3944: .It Cm utf8
3945: If set to
3946: .Qq yes ,
1.72 jmc 3947: field values are interpreted as UTF8 strings.
1.63 jmc 3948: .It Cm x509_extensions
3949: The configuration file section containing a list of
1.1 jsing 3950: extensions to add to a certificate generated when the
3951: .Fl x509
3952: switch is used.
3953: It can be overridden by the
3954: .Fl extensions
1.72 jmc 3955: command line switch.
1.1 jsing 3956: .El
1.63 jmc 3957: .Pp
1.1 jsing 3958: There are two separate formats for the distinguished name and attribute
3959: sections.
3960: If the
3961: .Fl prompt
3962: option is set to
1.63 jmc 3963: .Qq no ,
1.72 jmc 3964: then these sections just consist of field names and values.
3965: If the
1.1 jsing 3966: .Fl prompt
3967: option is absent or not set to
1.63 jmc 3968: .Qq no ,
1.72 jmc 3969: then the file contains field prompting information of the form:
1.1 jsing 3970: .Bd -unfilled -offset indent
3971: fieldName="prompt"
3972: fieldName_default="default field value"
3973: fieldName_min= 2
3974: fieldName_max= 4
3975: .Ed
3976: .Pp
3977: .Qq fieldName
3978: is the field name being used, for example
1.63 jmc 3979: .Cm commonName
3980: (or CN).
1.1 jsing 3981: The
3982: .Qq prompt
3983: string is used to ask the user to enter the relevant details.
3984: If the user enters nothing, the default value is used;
3985: if no default value is present, the field is omitted.
3986: A field can still be omitted if a default value is present,
3987: if the user just enters the
3988: .Sq \&.
3989: character.
3990: .Pp
3991: The number of characters entered must be between the
1.63 jmc 3992: fieldName_min and fieldName_max limits:
1.1 jsing 3993: there may be additional restrictions based on the field being used
3994: (for example
1.63 jmc 3995: .Cm countryName
1.1 jsing 3996: can only ever be two characters long and must fit in a
1.63 jmc 3997: .Cm PrintableString ) .
1.1 jsing 3998: .Pp
3999: Some fields (such as
1.63 jmc 4000: .Cm organizationName )
1.1 jsing 4001: can be used more than once in a DN.
4002: This presents a problem because configuration files will
4003: not recognize the same name occurring twice.
4004: To avoid this problem, if the
1.63 jmc 4005: .Cm fieldName
1.1 jsing 4006: contains some characters followed by a full stop, they will be ignored.
4007: So, for example, a second
1.63 jmc 4008: .Cm organizationName
1.1 jsing 4009: can be input by calling it
4010: .Qq 1.organizationName .
4011: .Pp
4012: The actual permitted field names are any object identifier short or
4013: long names.
4014: These are compiled into
1.63 jmc 4015: .Nm openssl
1.1 jsing 4016: and include the usual values such as
1.63 jmc 4017: .Cm commonName , countryName , localityName , organizationName ,
1.89 jmc 4018: .Cm organizationalUnitName , stateOrProvinceName .
1.1 jsing 4019: Additionally,
1.63 jmc 4020: .Cm emailAddress
1.1 jsing 4021: is included as well as
1.63 jmc 4022: .Cm name , surname , givenName , initials
1.1 jsing 4023: and
1.63 jmc 4024: .Cm dnQualifier .
1.1 jsing 4025: .Pp
4026: Additional object identifiers can be defined with the
1.63 jmc 4027: .Cm oid_file
1.1 jsing 4028: or
1.63 jmc 4029: .Cm oid_section
1.1 jsing 4030: options in the configuration file.
4031: Any additional fields will be treated as though they were a
1.63 jmc 4032: .Cm DirectoryString .
1.120 kn 4033: .Tg rsa
1.1 jsing 4034: .Sh RSA
1.114 jmc 4035: .Bl -hang -width "openssl rsa"
4036: .It Nm openssl rsa
4037: .Bk -words
1.64 jmc 4038: .Op Fl aes128 | aes192 | aes256 | des | des3
1.1 jsing 4039: .Op Fl check
4040: .Op Fl in Ar file
1.108 inoguchi 4041: .Op Fl inform Cm der | net | pem | pvk
1.1 jsing 4042: .Op Fl modulus
4043: .Op Fl noout
4044: .Op Fl out Ar file
1.108 inoguchi 4045: .Op Fl outform Cm der | net | pem | pvk
1.1 jsing 4046: .Op Fl passin Ar arg
4047: .Op Fl passout Ar arg
4048: .Op Fl pubin
4049: .Op Fl pubout
1.108 inoguchi 4050: .Op Fl pvk-none | pvk-strong | pvk-weak
4051: .Op Fl RSAPublicKey_in
4052: .Op Fl RSAPublicKey_out
1.1 jsing 4053: .Op Fl sgckey
4054: .Op Fl text
1.114 jmc 4055: .Ek
4056: .El
1.1 jsing 4057: .Pp
4058: The
4059: .Nm rsa
4060: command processes RSA keys.
4061: They can be converted between various forms and their components printed out.
1.64 jmc 4062: .Nm rsa
4063: uses the traditional
1.1 jsing 4064: .Nm SSLeay
4065: compatible format for private key encryption:
4066: newer applications should use the more secure PKCS#8 format using the
4067: .Nm pkcs8
4068: utility.
4069: .Pp
4070: The options are as follows:
4071: .Bl -tag -width Ds
1.64 jmc 4072: .It Fl aes128 | aes192 | aes256 | des | des3
4073: Encrypt the private key with the AES, DES,
1.1 jsing 4074: or the triple DES ciphers, respectively, before outputting it.
4075: A pass phrase is prompted for.
4076: If none of these options are specified, the key is written in plain text.
4077: This means that using the
4078: .Nm rsa
4079: utility to read in an encrypted key with no encryption option can be used
4080: to remove the pass phrase from a key, or by setting the encryption options
4081: it can be used to add or change the pass phrase.
4082: These options can only be used with PEM format output files.
4083: .It Fl check
1.64 jmc 4084: Check the consistency of an RSA private key.
1.1 jsing 4085: .It Fl in Ar file
1.64 jmc 4086: The input file to read from,
4087: or standard input if not specified.
1.1 jsing 4088: If the key is encrypted, a pass phrase will be prompted for.
1.108 inoguchi 4089: .It Fl inform Cm der | net | pem | pvk
1.64 jmc 4090: The input format.
1.1 jsing 4091: .It Fl noout
1.64 jmc 4092: Do not output the encoded version of the key.
1.1 jsing 4093: .It Fl modulus
1.64 jmc 4094: Print the value of the modulus of the key.
1.1 jsing 4095: .It Fl out Ar file
1.64 jmc 4096: The output file to write to,
4097: or standard output if not specified.
1.108 inoguchi 4098: .It Fl outform Cm der | net | pem | pvk
1.64 jmc 4099: The output format.
1.1 jsing 4100: .It Fl passin Ar arg
4101: The key password source.
4102: .It Fl passout Ar arg
4103: The output file password source.
4104: .It Fl pubin
1.64 jmc 4105: Read in a public key,
4106: not a private key.
1.1 jsing 4107: .It Fl pubout
1.64 jmc 4108: Output a public key,
4109: not a private key.
4110: Automatically set if the input is a public key.
1.108 inoguchi 4111: .It Xo
4112: .Fl pvk-none | pvk-strong | pvk-weak
4113: .Xc
4114: Enable or disable PVK encoding.
4115: The default is
4116: .Fl pvk-strong .
4117: .It Fl RSAPublicKey_in , RSAPublicKey_out
4118: Same as
4119: .Fl pubin
4120: and
4121: .Fl pubout
4122: except
4123: .Cm RSAPublicKey
4124: format is used instead.
1.1 jsing 4125: .It Fl sgckey
1.64 jmc 4126: Use the modified NET algorithm used with some versions of Microsoft IIS
4127: and SGC keys.
1.1 jsing 4128: .It Fl text
1.64 jmc 4129: Print the public/private key components in plain text.
1.1 jsing 4130: .El
1.120 kn 4131: .Tg rsautl
1.1 jsing 4132: .Sh RSAUTL
1.114 jmc 4133: .Bl -hang -width "openssl rsautl"
4134: .It Nm openssl rsautl
4135: .Bk -words
1.1 jsing 4136: .Op Fl asn1parse
4137: .Op Fl certin
4138: .Op Fl decrypt
4139: .Op Fl encrypt
4140: .Op Fl hexdump
4141: .Op Fl in Ar file
4142: .Op Fl inkey Ar file
1.65 jmc 4143: .Op Fl keyform Cm der | pem
1.100 tb 4144: .Op Fl oaep | pkcs | raw | x931
1.1 jsing 4145: .Op Fl out Ar file
1.100 tb 4146: .Op Fl passin Ar arg
1.1 jsing 4147: .Op Fl pubin
1.100 tb 4148: .Op Fl rev
1.1 jsing 4149: .Op Fl sign
4150: .Op Fl verify
1.114 jmc 4151: .Ek
4152: .El
1.1 jsing 4153: .Pp
4154: The
4155: .Nm rsautl
4156: command can be used to sign, verify, encrypt and decrypt
4157: data using the RSA algorithm.
4158: .Pp
4159: The options are as follows:
4160: .Bl -tag -width Ds
4161: .It Fl asn1parse
4162: Asn1parse the output data; this is useful when combined with the
4163: .Fl verify
4164: option.
4165: .It Fl certin
4166: The input is a certificate containing an RSA public key.
4167: .It Fl decrypt
4168: Decrypt the input data using an RSA private key.
4169: .It Fl encrypt
4170: Encrypt the input data using an RSA public key.
4171: .It Fl hexdump
4172: Hex dump the output data.
4173: .It Fl in Ar file
1.65 jmc 4174: The input to read from,
4175: or standard input if not specified.
1.1 jsing 4176: .It Fl inkey Ar file
1.65 jmc 4177: The input key file; by default an RSA private key.
4178: .It Fl keyform Cm der | pem
1.85 tb 4179: The private key format.
1.65 jmc 4180: The default is
4181: .Cm pem .
1.100 tb 4182: .It Fl oaep | pkcs | raw | x931
1.1 jsing 4183: The padding to use:
1.100 tb 4184: PKCS#1 OAEP, PKCS#1 v1.5 (the default), no padding, or ANSI X9.31,
4185: respectively.
1.1 jsing 4186: For signatures, only
4187: .Fl pkcs
4188: and
4189: .Fl raw
4190: can be used.
4191: .It Fl out Ar file
1.65 jmc 4192: The output file to write to,
4193: or standard output if not specified.
1.100 tb 4194: .It Fl passin Ar arg
4195: The key password source.
1.1 jsing 4196: .It Fl pubin
4197: The input file is an RSA public key.
1.100 tb 4198: .It Fl rev
4199: Reverse the order of the input buffer.
1.1 jsing 4200: .It Fl sign
4201: Sign the input data and output the signed result.
4202: This requires an RSA private key.
4203: .It Fl verify
4204: Verify the input data and output the recovered data.
4205: .El
1.120 kn 4206: .Tg s_client
1.1 jsing 4207: .Sh S_CLIENT
1.114 jmc 4208: .Bl -hang -width "openssl s_client"
4209: .It Nm openssl s_client
4210: .Bk -words
1.1 jsing 4211: .Op Fl 4 | 6
1.110 inoguchi 4212: .Op Fl alpn Ar protocols
1.1 jsing 4213: .Op Fl bugs
4214: .Op Fl CAfile Ar file
4215: .Op Fl CApath Ar directory
4216: .Op Fl cert Ar file
1.110 inoguchi 4217: .Op Fl certform Cm der | pem
1.1 jsing 4218: .Op Fl check_ss_sig
4219: .Op Fl cipher Ar cipherlist
1.66 jmc 4220: .Op Fl connect Ar host Ns Op : Ns Ar port
1.1 jsing 4221: .Op Fl crl_check
4222: .Op Fl crl_check_all
4223: .Op Fl crlf
4224: .Op Fl debug
1.110 inoguchi 4225: .Op Fl dtls1
1.1 jsing 4226: .Op Fl extended_crl
1.121 schwarze 4227: .Op Fl groups Ar list
1.110 inoguchi 4228: .Op Fl host Ar host
1.1 jsing 4229: .Op Fl ign_eof
4230: .Op Fl ignore_critical
4231: .Op Fl issuer_checks
4232: .Op Fl key Ar keyfile
1.110 inoguchi 4233: .Op Fl keyform Cm der | pem
4234: .Op Fl keymatexport Ar label
4235: .Op Fl keymatexportlen Ar len
4236: .Op Fl legacy_server_connect
1.1 jsing 4237: .Op Fl msg
1.110 inoguchi 4238: .Op Fl mtu Ar mtu
1.1 jsing 4239: .Op Fl nbio
4240: .Op Fl nbio_test
1.110 inoguchi 4241: .Op Fl no_comp
4242: .Op Fl no_ign_eof
4243: .Op Fl no_legacy_server_connect
1.1 jsing 4244: .Op Fl no_ticket
4245: .Op Fl no_tls1
1.6 guenther 4246: .Op Fl no_tls1_1
4247: .Op Fl no_tls1_2
1.119 jsing 4248: .Op Fl no_tls1_3
1.110 inoguchi 4249: .Op Fl pass Ar arg
1.1 jsing 4250: .Op Fl pause
4251: .Op Fl policy_check
1.110 inoguchi 4252: .Op Fl port Ar port
1.1 jsing 4253: .Op Fl prexit
1.11 bluhm 4254: .Op Fl proxy Ar host : Ns Ar port
1.1 jsing 4255: .Op Fl quiet
4256: .Op Fl reconnect
1.5 jsing 4257: .Op Fl servername Ar name
1.110 inoguchi 4258: .Op Fl serverpref
4259: .Op Fl sess_in Ar file
4260: .Op Fl sess_out Ar file
1.1 jsing 4261: .Op Fl showcerts
4262: .Op Fl starttls Ar protocol
4263: .Op Fl state
1.110 inoguchi 4264: .Op Fl status
4265: .Op Fl timeout
1.1 jsing 4266: .Op Fl tls1
1.31 jmc 4267: .Op Fl tls1_1
4268: .Op Fl tls1_2
1.119 jsing 4269: .Op Fl tls1_3
1.1 jsing 4270: .Op Fl tlsextdebug
1.110 inoguchi 4271: .Op Fl use_srtp Ar profiles
1.1 jsing 4272: .Op Fl verify Ar depth
1.110 inoguchi 4273: .Op Fl verify_return_error
1.1 jsing 4274: .Op Fl x509_strict
1.19 landry 4275: .Op Fl xmpphost Ar host
1.114 jmc 4276: .Ek
4277: .El
1.1 jsing 4278: .Pp
4279: The
4280: .Nm s_client
4281: command implements a generic SSL/TLS client which connects
4282: to a remote host using SSL/TLS.
1.66 jmc 4283: .Pp
4284: If a connection is established with an SSL server, any data received
4285: from the server is displayed and any key presses will be sent to the
4286: server.
4287: When used interactively (which means neither
4288: .Fl quiet
4289: nor
4290: .Fl ign_eof
4291: have been given), the session will be renegotiated if the line begins with an
4292: .Cm R ;
4293: if the line begins with a
4294: .Cm Q
4295: or if end of file is reached, the connection will be closed down.
1.1 jsing 4296: .Pp
4297: The options are as follows:
4298: .Bl -tag -width Ds
4299: .It Fl 4
1.66 jmc 4300: Attempt connections using IPv4 only.
1.1 jsing 4301: .It Fl 6
1.66 jmc 4302: Attempt connections using IPv6 only.
1.110 inoguchi 4303: .It Fl alpn Ar protocols
4304: Enable the Application-Layer Protocol Negotiation.
4305: .Ar protocols
4306: is a comma-separated list of protocol names that the client should advertise
4307: support for.
1.1 jsing 4308: .It Fl bugs
1.66 jmc 4309: Enable various workarounds for buggy implementations.
1.1 jsing 4310: .It Fl CAfile Ar file
4311: A
4312: .Ar file
4313: containing trusted certificates to use during server authentication
4314: and to use when attempting to build the client certificate chain.
4315: .It Fl CApath Ar directory
4316: The
4317: .Ar directory
4318: to use for server certificate verification.
4319: This directory must be in
4320: .Qq hash format ;
4321: see
4322: .Fl verify
4323: for more information.
4324: These are also used when building the client certificate chain.
4325: .It Fl cert Ar file
4326: The certificate to use, if one is requested by the server.
4327: The default is not to use a certificate.
1.110 inoguchi 4328: .It Fl certform Cm der | pem
4329: The certificate format.
4330: The default is
4331: .Cm pem .
1.1 jsing 4332: .It Xo
4333: .Fl check_ss_sig ,
4334: .Fl crl_check ,
4335: .Fl crl_check_all ,
4336: .Fl extended_crl ,
4337: .Fl ignore_critical ,
4338: .Fl issuer_checks ,
4339: .Fl policy_check ,
4340: .Fl x509_strict
4341: .Xc
4342: Set various certificate chain validation options.
4343: See the
1.66 jmc 4344: .Nm verify
1.1 jsing 4345: command for details.
4346: .It Fl cipher Ar cipherlist
1.66 jmc 4347: Modify the cipher list sent by the client.
1.1 jsing 4348: Although the server determines which cipher suite is used, it should take
4349: the first supported cipher in the list sent by the client.
4350: See the
1.66 jmc 4351: .Nm ciphers
4352: command for more information.
4353: .It Fl connect Ar host Ns Op : Ns Ar port
4354: The
1.1 jsing 4355: .Ar host
1.66 jmc 4356: and
1.1 jsing 4357: .Ar port
4358: to connect to.
4359: If not specified, an attempt is made to connect to the local host
4360: on port 4433.
4361: Alternatively, the host and port pair may be separated using a forward-slash
1.66 jmc 4362: character,
4363: which is useful for numeric IPv6 addresses.
1.1 jsing 4364: .It Fl crlf
1.66 jmc 4365: Translate a line feed from the terminal into CR+LF,
4366: as required by some servers.
1.1 jsing 4367: .It Fl debug
1.66 jmc 4368: Print extensive debugging information, including a hex dump of all traffic.
1.110 inoguchi 4369: .It Fl dtls1
4370: Permit only DTLS1.0.
1.121 schwarze 4371: .It Fl groups Ar list
4372: Set the supported elliptic curve groups to the colon separated
4373: .Ar list
4374: of group NIDs or names as documented in
4375: .Xr SSL_CTX_set1_groups_list 3 .
1.110 inoguchi 4376: .It Fl host Ar host
4377: The
4378: .Ar host
4379: to connect to.
4380: The default is localhost.
1.1 jsing 4381: .It Fl ign_eof
1.66 jmc 4382: Inhibit shutting down the connection when end of file is reached in the input.
1.1 jsing 4383: .It Fl key Ar keyfile
4384: The private key to use.
4385: If not specified, the certificate file will be used.
1.110 inoguchi 4386: .It Fl keyform Cm der | pem
4387: The private key format.
4388: The default is
4389: .Cm pem .
4390: .It Fl keymatexport Ar label
4391: Export keying material using label.
4392: .It Fl keymatexportlen Ar len
4393: Export len bytes of keying material (default 20).
4394: .It Fl legacy_server_connect , no_legacy_server_connect
4395: Allow or disallow initial connection to servers that don't support RI.
1.1 jsing 4396: .It Fl msg
4397: Show all protocol messages with hex dump.
1.110 inoguchi 4398: .It Fl mtu Ar mtu
4399: Set the link layer MTU.
1.1 jsing 4400: .It Fl nbio
1.66 jmc 4401: Turn on non-blocking I/O.
1.1 jsing 4402: .It Fl nbio_test
1.66 jmc 4403: Test non-blocking I/O.
1.110 inoguchi 4404: .It Fl no_ign_eof
4405: Shut down the connection when end of file is reached in the input.
4406: Can be used to override the implicit
4407: .Fl ign_eof
4408: after
4409: .Fl quiet .
1.119 jsing 4410: .It Fl no_tls1 | no_tls1_1 | no_tls1_2 | no_tls1_3
4411: Disable the use of TLS1.0, 1.1, 1.2 and 1.3 respectively.
1.1 jsing 4412: .It Fl no_ticket
4413: Disable RFC 4507 session ticket support.
1.110 inoguchi 4414: .It Fl pass Ar arg
4415: The private key password source.
1.1 jsing 4416: .It Fl pause
1.66 jmc 4417: Pause 1 second between each read and write call.
1.110 inoguchi 4418: .It Fl port Ar port
4419: The
4420: .Ar port
4421: to connect to.
4422: The default is 4433.
1.1 jsing 4423: .It Fl prexit
4424: Print session information when the program exits.
4425: This will always attempt
4426: to print out information even if the connection fails.
4427: Normally, information will only be printed out once if the connection succeeds.
4428: This option is useful because the cipher in use may be renegotiated
4429: or the connection may fail because a client certificate is required or is
4430: requested only after an attempt is made to access a certain URL.
1.66 jmc 4431: Note that the output produced by this option is not always accurate
4432: because a connection might never have been established.
1.11 bluhm 4433: .It Fl proxy Ar host : Ns Ar port
4434: Use the HTTP proxy at
4435: .Ar host
4436: and
4437: .Ar port .
4438: The connection to the proxy is done in cleartext and the
4439: .Fl connect
4440: argument is given to the proxy.
4441: If not specified, localhost is used as final destination.
4442: After that, switch the connection through the proxy to the destination
4443: to TLS.
1.1 jsing 4444: .It Fl quiet
4445: Inhibit printing of session and certificate information.
4446: This implicitly turns on
4447: .Fl ign_eof
4448: as well.
4449: .It Fl reconnect
1.66 jmc 4450: Reconnect to the same server 5 times using the same session ID; this can
1.1 jsing 4451: be used as a test that session caching is working.
1.5 jsing 4452: .It Fl servername Ar name
4453: Include the TLS Server Name Indication (SNI) extension in the ClientHello
4454: message, using the specified server
4455: .Ar name .
1.1 jsing 4456: .It Fl showcerts
4457: Display the whole server certificate chain: normally only the server
4458: certificate itself is displayed.
1.110 inoguchi 4459: .It Fl serverpref
4460: Use the server's cipher preferences.
4461: .It Fl sess_in Ar file
4462: Load TLS session from file.
4463: The client will attempt to resume a connection from this session.
4464: .It Fl sess_out Ar file
4465: Output TLS session to file.
1.1 jsing 4466: .It Fl starttls Ar protocol
1.66 jmc 4467: Send the protocol-specific messages to switch to TLS for communication.
1.1 jsing 4468: .Ar protocol
4469: is a keyword for the intended protocol.
4470: Currently, the supported keywords are
4471: .Qq ftp ,
4472: .Qq imap ,
4473: .Qq smtp ,
4474: .Qq pop3 ,
4475: and
4476: .Qq xmpp .
4477: .It Fl state
1.66 jmc 4478: Print the SSL session states.
1.110 inoguchi 4479: .It Fl status
4480: Send a certificate status request to the server (OCSP stapling).
4481: The server response (if any) is printed out.
4482: .It Fl timeout
4483: Enable send/receive timeout on DTLS connections.
1.119 jsing 4484: .It Fl tls1 | tls1_1 | tls1_2 | tls1_3
4485: Permit only TLS1.0, 1.1, 1.2 or 1.3 respectively.
1.1 jsing 4486: .It Fl tlsextdebug
1.66 jmc 4487: Print a hex dump of any TLS extensions received from the server.
1.110 inoguchi 4488: .It Fl use_srtp Ar profiles
4489: Offer SRTP key management with a colon-separated profile list.
1.1 jsing 4490: .It Fl verify Ar depth
1.66 jmc 4491: Turn on server certificate verification,
4492: with a maximum length of
4493: .Ar depth .
1.1 jsing 4494: Currently the verify operation continues after errors so all the problems
4495: with a certificate chain can be seen.
4496: As a side effect the connection will never fail due to a server
4497: certificate verify failure.
1.110 inoguchi 4498: .It Fl verify_return_error
4499: Return verification error.
1.19 landry 4500: .It Fl xmpphost Ar hostname
1.66 jmc 4501: When used with
1.19 landry 4502: .Fl starttls Ar xmpp ,
1.66 jmc 4503: specify the host for the "to" attribute of the stream element.
1.19 landry 4504: If this option is not specified then the host specified with
4505: .Fl connect
4506: will be used.
1.1 jsing 4507: .El
1.120 kn 4508: .Tg s_server
1.1 jsing 4509: .Sh S_SERVER
1.114 jmc 4510: .Bl -hang -width "openssl s_server"
4511: .It Nm openssl s_server
4512: .Bk -words
1.1 jsing 4513: .Op Fl accept Ar port
1.111 inoguchi 4514: .Op Fl alpn Ar protocols
1.1 jsing 4515: .Op Fl bugs
4516: .Op Fl CAfile Ar file
4517: .Op Fl CApath Ar directory
4518: .Op Fl cert Ar file
1.111 inoguchi 4519: .Op Fl cert2 Ar file
4520: .Op Fl certform Cm der | pem
1.1 jsing 4521: .Op Fl cipher Ar cipherlist
4522: .Op Fl context Ar id
4523: .Op Fl crl_check
4524: .Op Fl crl_check_all
4525: .Op Fl crlf
4526: .Op Fl dcert Ar file
1.111 inoguchi 4527: .Op Fl dcertform Cm der | pem
1.1 jsing 4528: .Op Fl debug
4529: .Op Fl dhparam Ar file
4530: .Op Fl dkey Ar file
1.111 inoguchi 4531: .Op Fl dkeyform Cm der | pem
4532: .Op Fl dpass Ar arg
4533: .Op Fl dtls1
1.121 schwarze 4534: .Op Fl groups Ar list
1.1 jsing 4535: .Op Fl HTTP
4536: .Op Fl id_prefix Ar arg
4537: .Op Fl key Ar keyfile
1.111 inoguchi 4538: .Op Fl key2 Ar keyfile
4539: .Op Fl keyform Cm der | pem
4540: .Op Fl keymatexport Ar label
4541: .Op Fl keymatexportlen Ar len
1.1 jsing 4542: .Op Fl msg
1.111 inoguchi 4543: .Op Fl mtu Ar mtu
4544: .Op Fl named_curve Ar arg
1.1 jsing 4545: .Op Fl nbio
4546: .Op Fl nbio_test
1.111 inoguchi 4547: .Op Fl no_cache
1.1 jsing 4548: .Op Fl no_dhe
1.111 inoguchi 4549: .Op Fl no_ecdhe
4550: .Op Fl no_ticket
1.1 jsing 4551: .Op Fl no_tls1
1.6 guenther 4552: .Op Fl no_tls1_1
4553: .Op Fl no_tls1_2
1.122 ! inoguchi 4554: .Op Fl no_tls1_3
1.1 jsing 4555: .Op Fl no_tmp_rsa
4556: .Op Fl nocert
1.111 inoguchi 4557: .Op Fl pass Ar arg
1.1 jsing 4558: .Op Fl quiet
1.111 inoguchi 4559: .Op Fl servername Ar name
4560: .Op Fl servername_fatal
1.1 jsing 4561: .Op Fl serverpref
4562: .Op Fl state
1.111 inoguchi 4563: .Op Fl status
4564: .Op Fl status_timeout Ar nsec
4565: .Op Fl status_url Ar url
4566: .Op Fl status_verbose
4567: .Op Fl timeout
1.1 jsing 4568: .Op Fl tls1
1.31 jmc 4569: .Op Fl tls1_1
4570: .Op Fl tls1_2
1.122 ! inoguchi 4571: .Op Fl tls1_3
1.111 inoguchi 4572: .Op Fl tlsextdebug
4573: .Op Fl use_srtp Ar profiles
1.1 jsing 4574: .Op Fl Verify Ar depth
4575: .Op Fl verify Ar depth
1.111 inoguchi 4576: .Op Fl verify_return_error
1.1 jsing 4577: .Op Fl WWW
4578: .Op Fl www
1.114 jmc 4579: .Ek
4580: .El
1.1 jsing 4581: .Pp
4582: The
4583: .Nm s_server
4584: command implements a generic SSL/TLS server which listens
4585: for connections on a given port using SSL/TLS.
4586: .Pp
1.67 jmc 4587: If a connection request is established with a client and neither the
4588: .Fl www
4589: nor the
4590: .Fl WWW
4591: option has been used, then any data received
4592: from the client is displayed and any key presses are sent to the client.
4593: Certain single letter commands perform special operations:
4594: .Pp
4595: .Bl -tag -width "XXXX" -compact
4596: .It Ic P
4597: Send plain text, which should cause the client to disconnect.
4598: .It Ic Q
4599: End the current SSL connection and exit.
4600: .It Ic q
4601: End the current SSL connection, but still accept new connections.
4602: .It Ic R
4603: Renegotiate the SSL session and request a client certificate.
4604: .It Ic r
4605: Renegotiate the SSL session.
4606: .It Ic S
4607: Print out some session cache status information.
4608: .El
4609: .Pp
1.1 jsing 4610: The options are as follows:
4611: .Bl -tag -width Ds
1.113 inoguchi 4612: .It Fl accept Ar port
1.67 jmc 4613: Listen on TCP
1.1 jsing 4614: .Ar port
1.67 jmc 4615: for connections.
4616: The default is port 4433.
1.111 inoguchi 4617: .It Fl alpn Ar protocols
4618: Enable the Application-Layer Protocol Negotiation.
4619: .Ar protocols
4620: is a comma-separated list of supported protocol names.
1.1 jsing 4621: .It Fl bugs
1.67 jmc 4622: Enable various workarounds for buggy implementations.
1.1 jsing 4623: .It Fl CAfile Ar file
1.67 jmc 4624: A
4625: .Ar file
4626: containing trusted certificates to use during client authentication
1.1 jsing 4627: and to use when attempting to build the server certificate chain.
4628: The list is also used in the list of acceptable client CAs passed to the
4629: client when a certificate is requested.
4630: .It Fl CApath Ar directory
4631: The
4632: .Ar directory
4633: to use for client certificate verification.
4634: This directory must be in
4635: .Qq hash format ;
4636: see
4637: .Fl verify
4638: for more information.
4639: These are also used when building the server certificate chain.
4640: .It Fl cert Ar file
1.67 jmc 4641: The certificate to use: most server's cipher suites require the use of a
4642: certificate and some require a certificate with a certain public key type.
4643: For example, the DSS cipher suites require a certificate containing a DSS
4644: (DSA) key.
1.1 jsing 4645: If not specified, the file
4646: .Pa server.pem
4647: will be used.
1.111 inoguchi 4648: .It Fl cert2 Ar file
4649: The certificate to use for servername.
4650: .It Fl certform Cm der | pem
4651: The certificate format.
4652: The default is
4653: .Cm pem .
1.1 jsing 4654: .It Fl cipher Ar cipherlist
1.67 jmc 4655: Modify the cipher list used by the server.
1.1 jsing 4656: This allows the cipher list used by the server to be modified.
4657: When the client sends a list of supported ciphers, the first client cipher
4658: also included in the server list is used.
4659: Because the client specifies the preference order, the order of the server
4660: cipherlist is irrelevant.
4661: See the
1.67 jmc 4662: .Nm ciphers
4663: command for more information.
1.1 jsing 4664: .It Fl context Ar id
1.67 jmc 4665: Set the SSL context ID.
1.1 jsing 4666: It can be given any string value.
4667: .It Fl crl_check , crl_check_all
4668: Check the peer certificate has not been revoked by its CA.
4669: The CRLs are appended to the certificate file.
4670: .Fl crl_check_all
1.67 jmc 4671: checks all CRLs of all CAs in the chain.
1.1 jsing 4672: .It Fl crlf
1.67 jmc 4673: Translate a line feed from the terminal into CR+LF.
1.1 jsing 4674: .It Fl dcert Ar file , Fl dkey Ar file
4675: Specify an additional certificate and private key; these behave in the
4676: same manner as the
4677: .Fl cert
4678: and
4679: .Fl key
4680: options except there is no default if they are not specified
1.67 jmc 4681: (no additional certificate or key is used).
1.1 jsing 4682: By using RSA and DSS certificates and keys,
4683: a server can support clients which only support RSA or DSS cipher suites
4684: by using an appropriate certificate.
1.111 inoguchi 4685: .It Fl dcertform Cm der | pem , Fl dkeyform Cm der | pem , Fl dpass Ar arg
4686: Additional certificate and private key format, and private key password source,
4687: respectively.
1.1 jsing 4688: .It Fl debug
1.67 jmc 4689: Print extensive debugging information, including a hex dump of all traffic.
1.1 jsing 4690: .It Fl dhparam Ar file
4691: The DH parameter file to use.
4692: The ephemeral DH cipher suites generate keys
4693: using a set of DH parameters.
4694: If not specified, an attempt is made to
4695: load the parameters from the server certificate file.
4696: If this fails, a static set of parameters hard coded into the
4697: .Nm s_server
4698: program will be used.
1.111 inoguchi 4699: .It Fl dtls1
4700: Permit only DTLS1.0.
1.121 schwarze 4701: .It Fl groups Ar list
4702: Set the supported elliptic curve groups to the colon separated
4703: .Ar list
4704: of group NIDs or names as documented in
4705: .Xr SSL_CTX_set1_groups_list 3 .
1.1 jsing 4706: .It Fl HTTP
1.67 jmc 4707: Emulate a simple web server.
4708: Pages are resolved relative to the current directory.
4709: For example if the URL
1.1 jsing 4710: .Pa https://myhost/page.html
4711: is requested, the file
4712: .Pa ./page.html
4713: will be loaded.
4714: The files loaded are assumed to contain a complete and correct HTTP
4715: response (lines that are part of the HTTP response line and headers
4716: must end with CRLF).
4717: .It Fl id_prefix Ar arg
4718: Generate SSL/TLS session IDs prefixed by
4719: .Ar arg .
4720: This is mostly useful for testing any SSL/TLS code
1.81 jmc 4721: that wish to deal with multiple servers,
4722: when each of which might be generating a unique range of session IDs.
1.1 jsing 4723: .It Fl key Ar keyfile
4724: The private key to use.
4725: If not specified, the certificate file will be used.
1.111 inoguchi 4726: .It Fl key2 Ar keyfile
4727: The private key to use for servername.
4728: .It Fl keyform Cm der | pem
4729: The private key format.
4730: The default is
4731: .Cm pem .
4732: .It Fl keymatexport Ar label
4733: Export keying material using label.
4734: .It Fl keymatexportlen Ar len
4735: Export len bytes of keying material (default 20).
1.1 jsing 4736: .It Fl msg
4737: Show all protocol messages with hex dump.
1.111 inoguchi 4738: .It Fl mtu Ar mtu
4739: Set the link layer MTU.
4740: .It Fl named_curve Ar arg
4741: Specify the elliptic curve name to use for ephemeral ECDH keys.
1.121 schwarze 4742: This option is deprecated; use
4743: .Fl groups
4744: instead.
1.1 jsing 4745: .It Fl nbio
1.67 jmc 4746: Turn on non-blocking I/O.
1.1 jsing 4747: .It Fl nbio_test
1.67 jmc 4748: Test non-blocking I/O.
1.111 inoguchi 4749: .It Fl no_cache
4750: Disable session caching.
1.1 jsing 4751: .It Fl no_dhe
1.67 jmc 4752: Disable ephemeral DH cipher suites.
1.111 inoguchi 4753: .It Fl no_ecdhe
4754: Disable ephemeral ECDH cipher suites.
4755: .It Fl no_ticket
4756: Disable RFC 4507 session ticket support.
1.122 ! inoguchi 4757: .It Fl no_tls1 | no_tls1_1 | no_tls1_2 | no_tls1_3
! 4758: Disable the use of TLS1.0, 1.1, 1.2, and 1.3, respectively.
1.1 jsing 4759: .It Fl no_tmp_rsa
1.67 jmc 4760: Disable temporary RSA key generation.
1.1 jsing 4761: .It Fl nocert
1.67 jmc 4762: Do not use a certificate.
1.1 jsing 4763: This restricts the cipher suites available to the anonymous ones
1.67 jmc 4764: (currently just anonymous DH).
1.111 inoguchi 4765: .It Fl pass Ar arg
4766: The private key password source.
1.1 jsing 4767: .It Fl quiet
4768: Inhibit printing of session and certificate information.
1.111 inoguchi 4769: .It Fl servername Ar name
4770: Set the TLS Server Name Indication (SNI) extension with
4771: .Ar name .
4772: .It Fl servername_fatal
4773: Send fatal alert if servername does not match.
4774: The default is warning alert.
1.1 jsing 4775: .It Fl serverpref
4776: Use server's cipher preferences.
4777: .It Fl state
1.67 jmc 4778: Print the SSL session states.
1.111 inoguchi 4779: .It Fl status
4780: Enables certificate status request support (OCSP stapling).
4781: .It Fl status_timeout Ar nsec
4782: Sets the timeout for OCSP response in seconds.
4783: .It Fl status_url Ar url
4784: Sets a fallback responder URL to use if no responder URL is present in the
4785: server certificate.
4786: Without this option, an error is returned if the server certificate does not
4787: contain a responder address.
4788: .It Fl status_verbose
4789: Enables certificate status request support (OCSP stapling) and gives a verbose
4790: printout of the OCSP response.
4791: .It Fl timeout
4792: Enable send/receive timeout on DTLS connections.
1.122 ! inoguchi 4793: .It Fl tls1 | tls1_1 | tls1_2 | tls1_3
! 4794: Permit only TLS1.0, 1.1, 1.2, or 1.3, respectively.
1.111 inoguchi 4795: .It Fl tlsextdebug
4796: Print a hex dump of any TLS extensions received from the server.
4797: .It Fl use_srtp Ar profiles
4798: Offer SRTP key management with a colon-separated profile list.
4799: .It Fl verify_return_error
4800: Return verification error.
1.1 jsing 4801: .It Fl WWW
1.67 jmc 4802: Emulate a simple web server.
4803: Pages are resolved relative to the current directory.
4804: For example if the URL
1.1 jsing 4805: .Pa https://myhost/page.html
4806: is requested, the file
4807: .Pa ./page.html
4808: will be loaded.
4809: .It Fl www
1.67 jmc 4810: Send a status message to the client when it connects,
4811: including information about the ciphers used and various session parameters.
1.1 jsing 4812: The output is in HTML format so this option will normally be used with a
4813: web browser.
4814: .It Fl Verify Ar depth , Fl verify Ar depth
1.67 jmc 4815: Request a certificate chain from the client,
4816: with a maximum length of
4817: .Ar depth .
4818: With
4819: .Fl Verify ,
4820: the client must supply a certificate or an error occurs;
4821: with
4822: .Fl verify ,
4823: a certificate is requested but the client does not have to send one.
1.1 jsing 4824: .El
1.120 kn 4825: .Tg s_time
1.1 jsing 4826: .Sh S_TIME
1.114 jmc 4827: .Bl -hang -width "openssl s_time"
4828: .It Nm openssl s_time
4829: .Bk -words
1.1 jsing 4830: .Op Fl bugs
4831: .Op Fl CAfile Ar file
4832: .Op Fl CApath Ar directory
4833: .Op Fl cert Ar file
4834: .Op Fl cipher Ar cipherlist
1.68 jmc 4835: .Op Fl connect Ar host Ns Op : Ns Ar port
1.1 jsing 4836: .Op Fl key Ar keyfile
4837: .Op Fl nbio
4838: .Op Fl new
1.20 lteo 4839: .Op Fl no_shutdown
1.1 jsing 4840: .Op Fl reuse
4841: .Op Fl time Ar seconds
4842: .Op Fl verify Ar depth
4843: .Op Fl www Ar page
1.114 jmc 4844: .Ek
4845: .El
1.1 jsing 4846: .Pp
4847: The
1.68 jmc 4848: .Nm s_time
1.1 jsing 4849: command implements a generic SSL/TLS client which connects to a
4850: remote host using SSL/TLS.
4851: It can request a page from the server and includes
4852: the time to transfer the payload data in its timing measurements.
4853: It measures the number of connections within a given timeframe,
4854: the amount of data transferred
4855: .Pq if any ,
4856: and calculates the average time spent for one connection.
4857: .Pp
4858: The options are as follows:
4859: .Bl -tag -width Ds
4860: .It Fl bugs
1.68 jmc 4861: Enable various workarounds for buggy implementations.
1.1 jsing 4862: .It Fl CAfile Ar file
1.68 jmc 4863: A
4864: .Ar file
4865: containing trusted certificates to use during server authentication
1.1 jsing 4866: and to use when attempting to build the client certificate chain.
4867: .It Fl CApath Ar directory
4868: The directory to use for server certificate verification.
4869: This directory must be in
4870: .Qq hash format ;
4871: see
4872: .Nm verify
4873: for more information.
4874: These are also used when building the client certificate chain.
4875: .It Fl cert Ar file
4876: The certificate to use, if one is requested by the server.
4877: The default is not to use a certificate.
4878: .It Fl cipher Ar cipherlist
1.68 jmc 4879: Modify the cipher list sent by the client.
1.1 jsing 4880: Although the server determines which cipher suite is used,
4881: it should take the first supported cipher in the list sent by the client.
4882: See the
4883: .Nm ciphers
4884: command for more information.
1.68 jmc 4885: .It Fl connect Ar host Ns Op : Ns Ar port
4886: The host and port to connect to.
1.1 jsing 4887: .It Fl key Ar keyfile
4888: The private key to use.
4889: If not specified, the certificate file will be used.
4890: .It Fl nbio
1.68 jmc 4891: Turn on non-blocking I/O.
1.1 jsing 4892: .It Fl new
1.68 jmc 4893: Perform the timing test using a new session ID for each connection.
1.1 jsing 4894: If neither
4895: .Fl new
4896: nor
4897: .Fl reuse
4898: are specified,
4899: they are both on by default and executed in sequence.
1.20 lteo 4900: .It Fl no_shutdown
1.21 jmc 4901: Shut down the connection without sending a
1.68 jmc 4902: .Qq close notify
1.20 lteo 4903: shutdown alert to the server.
1.1 jsing 4904: .It Fl reuse
1.68 jmc 4905: Perform the timing test using the same session ID for each connection.
1.1 jsing 4906: If neither
4907: .Fl new
4908: nor
4909: .Fl reuse
4910: are specified,
4911: they are both on by default and executed in sequence.
4912: .It Fl time Ar seconds
1.68 jmc 4913: Limit
1.1 jsing 4914: .Nm s_time
1.68 jmc 4915: benchmarks to the number of
4916: .Ar seconds .
1.1 jsing 4917: The default is 30 seconds.
4918: .It Fl verify Ar depth
1.68 jmc 4919: Turn on server certificate verification,
4920: with a maximum length of
4921: .Ar depth .
1.1 jsing 4922: Currently the verify operation continues after errors, so all the problems
4923: with a certificate chain can be seen.
4924: As a side effect,
4925: the connection will never fail due to a server certificate verify failure.
4926: .It Fl www Ar page
1.68 jmc 4927: The page to GET from the server.
1.1 jsing 4928: A value of
4929: .Sq /
4930: gets the index.htm[l] page.
4931: If this parameter is not specified,
4932: .Nm s_time
4933: will only perform the handshake to establish SSL connections
4934: but not transfer any payload data.
4935: .El
1.120 kn 4936: .Tg sess_id
1.1 jsing 4937: .Sh SESS_ID
1.114 jmc 4938: .Bl -hang -width "openssl sess_id"
4939: .It Nm openssl sess_id
4940: .Bk -words
1.1 jsing 4941: .Op Fl cert
4942: .Op Fl context Ar ID
4943: .Op Fl in Ar file
1.69 jmc 4944: .Op Fl inform Cm der | pem
1.1 jsing 4945: .Op Fl noout
4946: .Op Fl out Ar file
1.69 jmc 4947: .Op Fl outform Cm der | pem
1.1 jsing 4948: .Op Fl text
1.114 jmc 4949: .Ek
4950: .El
1.1 jsing 4951: .Pp
4952: The
4953: .Nm sess_id
4954: program processes the encoded version of the SSL session structure and
4955: optionally prints out SSL session details
1.69 jmc 4956: (for example the SSL session master key)
1.72 jmc 4957: in human-readable format.
1.1 jsing 4958: .Pp
4959: The options are as follows:
4960: .Bl -tag -width Ds
4961: .It Fl cert
4962: If a certificate is present in the session,
4963: it will be output using this option;
4964: if the
4965: .Fl text
4966: option is also present, then it will be printed out in text form.
4967: .It Fl context Ar ID
1.69 jmc 4968: Set the session
1.1 jsing 4969: .Ar ID .
1.69 jmc 4970: The ID can be any string of characters.
1.1 jsing 4971: .It Fl in Ar file
1.69 jmc 4972: The input file to read from,
4973: or standard input if not specified.
4974: .It Fl inform Cm der | pem
4975: The input format.
4976: .Cm der
1.84 jmc 4977: uses an ASN.1 DER-encoded format containing session details.
1.1 jsing 4978: The precise format can vary from one version to the next.
1.69 jmc 4979: .Cm pem
4980: is the default format: it consists of the DER
1.1 jsing 4981: format base64-encoded with additional header and footer lines.
4982: .It Fl noout
1.69 jmc 4983: Do not output the encoded version of the session.
1.1 jsing 4984: .It Fl out Ar file
1.69 jmc 4985: The output file to write to,
4986: or standard output if not specified.
4987: .It Fl outform Cm der | pem
4988: The output format.
1.1 jsing 4989: .It Fl text
1.69 jmc 4990: Print the various public or private key components in plain text,
4991: in addition to the encoded version.
1.1 jsing 4992: .El
4993: .Pp
1.69 jmc 4994: The output of
4995: .Nm sess_id
4996: is composed as follows:
1.1 jsing 4997: .Pp
1.69 jmc 4998: .Bl -tag -width "Verify return code " -offset 3n -compact
4999: .It Protocol
5000: The protocol in use.
5001: .It Cipher
5002: The actual raw SSL or TLS cipher code.
5003: .It Session-ID
5004: The SSL session ID, in hex format.
5005: .It Session-ID-ctx
5006: The session ID context, in hex format.
5007: .It Master-Key
5008: The SSL session master key.
5009: .It Key-Arg
1.1 jsing 5010: The key argument; this is only used in SSL v2.
1.69 jmc 5011: .It Start Time
5012: The session start time.
1.1 jsing 5013: .Ux
5014: format.
1.69 jmc 5015: .It Timeout
5016: The timeout, in seconds.
5017: .It Verify return code
5018: The return code when a certificate is verified.
1.1 jsing 5019: .El
5020: .Pp
5021: Since the SSL session output contains the master key, it is possible to read
5022: the contents of an encrypted session using this information.
5023: Therefore appropriate security precautions
5024: should be taken if the information is being output by a
5025: .Qq real
5026: application.
5027: This is, however, strongly discouraged and should only be used for
5028: debugging purposes.
1.120 kn 5029: .Tg smime
1.1 jsing 5030: .Sh SMIME
1.114 jmc 5031: .Bl -hang -width "openssl smime"
5032: .It Nm openssl smime
5033: .Bk -words
1.1 jsing 5034: .Oo
5035: .Fl aes128 | aes192 | aes256 | des |
5036: .Fl des3 | rc2-40 | rc2-64 | rc2-128
5037: .Oc
5038: .Op Fl binary
5039: .Op Fl CAfile Ar file
5040: .Op Fl CApath Ar directory
5041: .Op Fl certfile Ar file
5042: .Op Fl check_ss_sig
5043: .Op Fl content Ar file
5044: .Op Fl crl_check
5045: .Op Fl crl_check_all
5046: .Op Fl decrypt
5047: .Op Fl encrypt
5048: .Op Fl extended_crl
5049: .Op Fl from Ar addr
5050: .Op Fl ignore_critical
5051: .Op Fl in Ar file
5052: .Op Fl indef
1.70 jmc 5053: .Op Fl inform Cm der | pem | smime
1.1 jsing 5054: .Op Fl inkey Ar file
5055: .Op Fl issuer_checks
1.112 inoguchi 5056: .Op Fl keyform Cm der | pem
1.1 jsing 5057: .Op Fl md Ar digest
5058: .Op Fl noattr
5059: .Op Fl nocerts
5060: .Op Fl nochain
5061: .Op Fl nodetach
5062: .Op Fl noindef
5063: .Op Fl nointern
5064: .Op Fl nosigs
1.108 inoguchi 5065: .Op Fl nosmimecap
1.1 jsing 5066: .Op Fl noverify
5067: .Op Fl out Ar file
1.70 jmc 5068: .Op Fl outform Cm der | pem | smime
1.1 jsing 5069: .Op Fl passin Ar arg
5070: .Op Fl pk7out
5071: .Op Fl policy_check
5072: .Op Fl recip Ar file
5073: .Op Fl resign
5074: .Op Fl sign
5075: .Op Fl signer Ar file
5076: .Op Fl stream
5077: .Op Fl subject Ar s
5078: .Op Fl text
5079: .Op Fl to Ar addr
5080: .Op Fl verify
5081: .Op Fl x509_strict
5082: .Op Ar cert.pem ...
1.114 jmc 5083: .Ek
5084: .El
1.1 jsing 5085: .Pp
5086: The
5087: .Nm smime
1.70 jmc 5088: command handles S/MIME mail.
5089: It can encrypt, decrypt, sign, and verify S/MIME messages.
5090: .Pp
5091: The MIME message must be sent without any blank lines between the
5092: headers and the output.
5093: Some mail programs will automatically add a blank line.
5094: Piping the mail directly to an MTA is one way to
5095: achieve the correct format.
5096: .Pp
5097: The supplied message to be signed or encrypted must include the necessary
5098: MIME headers or many S/MIME clients won't display it properly (if at all).
5099: Use the
5100: .Fl text
5101: option to automatically add plain text headers.
1.1 jsing 5102: .Pp
1.70 jmc 5103: A
5104: .Qq signed and encrypted
5105: message is one where a signed message is then encrypted.
5106: This can be produced by encrypting an already signed message.
1.1 jsing 5107: .Pp
1.70 jmc 5108: There are a number of operations that can be performed, as follows:
1.1 jsing 5109: .Bl -tag -width "XXXX"
5110: .It Fl decrypt
5111: Decrypt mail using the supplied certificate and private key.
1.70 jmc 5112: The input file is an encrypted mail message in MIME format.
1.1 jsing 5113: The decrypted mail is written to the output file.
5114: .It Fl encrypt
5115: Encrypt mail for the given recipient certificates.
1.70 jmc 5116: The input is the message to be encrypted.
5117: The output file is the encrypted mail, in MIME format.
1.1 jsing 5118: .It Fl pk7out
1.70 jmc 5119: Take an input message and write out a PEM-encoded PKCS#7 structure.
1.1 jsing 5120: .It Fl resign
5121: Resign a message: take an existing message and one or more new signers.
5122: .It Fl sign
5123: Sign mail using the supplied certificate and private key.
1.70 jmc 5124: The input file is the message to be signed.
5125: The signed message, in MIME format, is written to the output file.
1.1 jsing 5126: .It Fl verify
5127: Verify signed mail.
1.70 jmc 5128: The input is a signed mail message and the output is the signed data.
1.1 jsing 5129: Both clear text and opaque signing is supported.
5130: .El
5131: .Pp
1.14 jmc 5132: The remaining options are as follows:
1.1 jsing 5133: .Bl -tag -width "XXXX"
5134: .It Xo
5135: .Fl aes128 | aes192 | aes256 | des |
5136: .Fl des3 | rc2-40 | rc2-64 | rc2-128
5137: .Xc
5138: The encryption algorithm to use.
1.70 jmc 5139: 128-, 192-, or 256-bit AES, DES (56 bits), triple DES (168 bits),
1.1 jsing 5140: or 40-, 64-, or 128-bit RC2, respectively;
5141: if not specified, 40-bit RC2 is
5142: used.
5143: Only used with
5144: .Fl encrypt .
5145: .It Fl binary
5146: Normally, the input message is converted to
5147: .Qq canonical
1.70 jmc 5148: format which uses CR/LF as end of line,
5149: as required by the S/MIME specification.
1.1 jsing 5150: When this option is present no translation occurs.
1.70 jmc 5151: This is useful when handling binary data which may not be in MIME format.
1.1 jsing 5152: .It Fl CAfile Ar file
5153: A
5154: .Ar file
5155: containing trusted CA certificates; only used with
5156: .Fl verify .
5157: .It Fl CApath Ar directory
5158: A
5159: .Ar directory
5160: containing trusted CA certificates; only used with
5161: .Fl verify .
5162: This directory must be a standard certificate directory:
5163: that is, a hash of each subject name (using
5164: .Nm x509 -hash )
5165: should be linked to each certificate.
5166: .It Ar cert.pem ...
5167: One or more certificates of message recipients: used when encrypting
5168: a message.
5169: .It Fl certfile Ar file
5170: Allows additional certificates to be specified.
5171: When signing, these will be included with the message.
5172: When verifying, these will be searched for the signers' certificates.
5173: The certificates should be in PEM format.
5174: .It Xo
5175: .Fl check_ss_sig ,
5176: .Fl crl_check ,
5177: .Fl crl_check_all ,
5178: .Fl extended_crl ,
5179: .Fl ignore_critical ,
5180: .Fl issuer_checks ,
5181: .Fl policy_check ,
5182: .Fl x509_strict
5183: .Xc
5184: Set various certificate chain validation options.
5185: See the
1.70 jmc 5186: .Nm verify
1.1 jsing 5187: command for details.
5188: .It Fl content Ar file
1.70 jmc 5189: A file containing the detached content.
1.1 jsing 5190: This is only useful with the
5191: .Fl verify
1.70 jmc 5192: option,
5193: and only usable if the PKCS#7 structure is using the detached
1.1 jsing 5194: signature form where the content is not included.
1.70 jmc 5195: This option will override any content if the input format is S/MIME
5196: and it uses the multipart/signed MIME content type.
1.1 jsing 5197: .It Xo
5198: .Fl from Ar addr ,
5199: .Fl subject Ar s ,
5200: .Fl to Ar addr
5201: .Xc
5202: The relevant mail headers.
5203: These are included outside the signed
5204: portion of a message so they may be included manually.
1.70 jmc 5205: When signing, many S/MIME
1.1 jsing 5206: mail clients check that the signer's certificate email
5207: address matches the From: address.
5208: .It Fl in Ar file
1.70 jmc 5209: The input file to read from.
1.1 jsing 5210: .It Fl indef
5211: Enable streaming I/O for encoding operations.
5212: This permits single pass processing of data without
5213: the need to hold the entire contents in memory,
5214: potentially supporting very large files.
5215: Streaming is automatically set for S/MIME signing with detached
5216: data if the output format is SMIME;
5217: it is currently off by default for all other operations.
1.70 jmc 5218: .It Fl inform Cm der | pem | smime
5219: The input format.
1.1 jsing 5220: .It Fl inkey Ar file
1.70 jmc 5221: The private key to use when signing or decrypting,
5222: which must match the corresponding certificate.
1.1 jsing 5223: If this option is not specified, the private key must be included
5224: in the certificate file specified with
5225: the
5226: .Fl recip
5227: or
5228: .Fl signer
5229: file.
5230: When signing,
5231: this option can be used multiple times to specify successive keys.
1.112 inoguchi 5232: .It Fl keyform Cm der | pem
1.1 jsing 5233: Input private key format.
1.112 inoguchi 5234: The default is
5235: .Cm pem .
1.1 jsing 5236: .It Fl md Ar digest
5237: The digest algorithm to use when signing or resigning.
5238: If not present then the default digest algorithm for the signing key is used
5239: (usually SHA1).
5240: .It Fl noattr
1.70 jmc 5241: Do not include attributes.
1.1 jsing 5242: .It Fl nocerts
1.70 jmc 5243: Do not include the signer's certificate.
1.1 jsing 5244: This will reduce the size of the signed message but the verifier must
5245: have a copy of the signer's certificate available locally (passed using the
5246: .Fl certfile
5247: option, for example).
5248: .It Fl nochain
5249: Do not do chain verification of signers' certificates: that is,
5250: don't use the certificates in the signed message as untrusted CAs.
5251: .It Fl nodetach
5252: When signing a message use opaque signing: this form is more resistant
5253: to translation by mail relays but it cannot be read by mail agents that
1.70 jmc 5254: do not support S/MIME.
5255: Without this option cleartext signing with the MIME type
5256: multipart/signed is used.
1.1 jsing 5257: .It Fl noindef
1.70 jmc 5258: Disable streaming I/O where it would produce an encoding of indefinite length
5259: (currently has no effect).
1.1 jsing 5260: .It Fl nointern
1.70 jmc 5261: Only use certificates specified in the
5262: .Fl certfile .
5263: The supplied certificates can still be used as untrusted CAs.
1.1 jsing 5264: .It Fl nosigs
1.70 jmc 5265: Do not try to verify the signatures on the message.
1.108 inoguchi 5266: .It Fl nosmimecap
5267: Exclude the list of supported algorithms from signed attributes,
5268: other options such as signing time and content type are still included.
1.1 jsing 5269: .It Fl noverify
5270: Do not verify the signer's certificate of a signed message.
5271: .It Fl out Ar file
1.70 jmc 5272: The output file to write to.
5273: .It Fl outform Cm der | pem | smime
5274: The output format.
5275: The default is smime, which writes an S/MIME format message.
5276: .Cm pem
1.1 jsing 5277: and
1.70 jmc 5278: .Cm der
5279: change this to write PEM and DER format PKCS#7 structures instead.
1.1 jsing 5280: This currently only affects the output format of the PKCS#7
5281: structure; if no PKCS#7 structure is being output (for example with
5282: .Fl verify
5283: or
5284: .Fl decrypt )
5285: this option has no effect.
5286: .It Fl passin Ar arg
5287: The key password source.
5288: .It Fl recip Ar file
5289: The recipients certificate when decrypting a message.
5290: This certificate
5291: must match one of the recipients of the message or an error occurs.
5292: .It Fl signer Ar file
5293: A signing certificate when signing or resigning a message;
5294: this option can be used multiple times if more than one signer is required.
5295: If a message is being verified, the signer's certificates will be
5296: written to this file if the verification was successful.
5297: .It Fl stream
5298: The same as
5299: .Fl indef .
5300: .It Fl text
1.70 jmc 5301: Add plain text (text/plain) MIME
1.1 jsing 5302: headers to the supplied message if encrypting or signing.
5303: If decrypting or verifying, it strips off text headers:
1.70 jmc 5304: if the decrypted or verified message is not of MIME type text/plain
5305: then an error occurs.
1.1 jsing 5306: .El
5307: .Pp
1.70 jmc 5308: The exit codes for
5309: .Nm smime
5310: are as follows:
1.1 jsing 5311: .Pp
1.70 jmc 5312: .Bl -tag -width "XXXX" -offset 3n -compact
5313: .It 0
1.1 jsing 5314: The operation was completely successful.
1.70 jmc 5315: .It 1
1.1 jsing 5316: An error occurred parsing the command options.
1.70 jmc 5317: .It 2
1.1 jsing 5318: One of the input files could not be read.
1.70 jmc 5319: .It 3
5320: An error occurred creating the file or when reading the message.
5321: .It 4
1.1 jsing 5322: An error occurred decrypting or verifying the message.
1.70 jmc 5323: .It 5
5324: An error occurred writing certificates.
1.1 jsing 5325: .El
1.120 kn 5326: .Tg speed
1.1 jsing 5327: .Sh SPEED
1.114 jmc 5328: .Bl -hang -width "openssl speed"
5329: .It Nm openssl speed
5330: .Bk -words
1.71 jmc 5331: .Op Ar algorithm
1.1 jsing 5332: .Op Fl decrypt
5333: .Op Fl elapsed
1.71 jmc 5334: .Op Fl evp Ar algorithm
1.1 jsing 5335: .Op Fl mr
5336: .Op Fl multi Ar number
1.114 jmc 5337: .Ek
5338: .El
1.1 jsing 5339: .Pp
5340: The
5341: .Nm speed
5342: command is used to test the performance of cryptographic algorithms.
5343: .Bl -tag -width "XXXX"
1.71 jmc 5344: .It Ar algorithm
5345: Perform the test using
5346: .Ar algorithm .
5347: The default is to test all algorithms.
1.1 jsing 5348: .It Fl decrypt
1.71 jmc 5349: Time decryption instead of encryption;
5350: must be used with
5351: .Fl evp .
1.1 jsing 5352: .It Fl elapsed
5353: Measure time in real time instead of CPU user time.
1.71 jmc 5354: .It Fl evp Ar algorithm
5355: Perform the test using one of the algorithms accepted by
5356: .Xr EVP_get_cipherbyname 3 .
1.1 jsing 5357: .It Fl mr
5358: Produce machine readable output.
5359: .It Fl multi Ar number
5360: Run
5361: .Ar number
5362: benchmarks in parallel.
5363: .El
1.120 kn 5364: .Tg spkac
1.77 jmc 5365: .Sh SPKAC
1.114 jmc 5366: .Bl -hang -width "openssl spkac"
5367: .It Nm openssl spkac
5368: .Bk -words
1.77 jmc 5369: .Op Fl challenge Ar string
5370: .Op Fl in Ar file
5371: .Op Fl key Ar keyfile
5372: .Op Fl noout
5373: .Op Fl out Ar file
5374: .Op Fl passin Ar arg
5375: .Op Fl pubkey
5376: .Op Fl spkac Ar spkacname
5377: .Op Fl spksect Ar section
5378: .Op Fl verify
1.114 jmc 5379: .Ek
5380: .El
1.77 jmc 5381: .Pp
5382: The
5383: .Nm spkac
5384: command processes signed public key and challenge (SPKAC) files.
5385: It can print out their contents, verify the signature,
5386: and produce its own SPKACs from a supplied private key.
5387: .Pp
5388: The options are as follows:
5389: .Bl -tag -width Ds
5390: .It Fl challenge Ar string
5391: The challenge string, if an SPKAC is being created.
5392: .It Fl in Ar file
5393: The input file to read from,
5394: or standard input if not specified.
5395: Ignored if the
5396: .Fl key
5397: option is used.
5398: .It Fl key Ar keyfile
5399: Create an SPKAC file using the private key in
5400: .Ar keyfile .
5401: The
5402: .Fl in , noout , spksect ,
5403: and
5404: .Fl verify
5405: options are ignored, if present.
5406: .It Fl noout
5407: Do not output the text version of the SPKAC.
5408: .It Fl out Ar file
5409: The output file to write to,
5410: or standard output if not specified.
5411: .It Fl passin Ar arg
5412: The key password source.
5413: .It Fl pubkey
5414: Output the public key of an SPKAC.
5415: .It Fl spkac Ar spkacname
5416: An alternative name for the variable containing the SPKAC.
5417: The default is "SPKAC".
5418: This option affects both generated and input SPKAC files.
5419: .It Fl spksect Ar section
5420: An alternative name for the
5421: .Ar section
5422: containing the SPKAC.
5423: .It Fl verify
5424: Verify the digital signature on the supplied SPKAC.
5425: .El
1.120 kn 5426: .Tg ts
1.1 jsing 5427: .Sh TS
1.114 jmc 5428: .Bk -words
5429: .Bl -hang -width "openssl ts"
5430: .It Nm openssl ts
1.1 jsing 5431: .Fl query
1.29 bcook 5432: .Op Fl md4 | md5 | ripemd160 | sha1
1.1 jsing 5433: .Op Fl cert
5434: .Op Fl config Ar configfile
5435: .Op Fl data Ar file_to_hash
5436: .Op Fl digest Ar digest_bytes
5437: .Op Fl in Ar request.tsq
5438: .Op Fl no_nonce
5439: .Op Fl out Ar request.tsq
5440: .Op Fl policy Ar object_id
5441: .Op Fl text
1.114 jmc 5442: .It Nm openssl ts
1.1 jsing 5443: .Fl reply
5444: .Op Fl chain Ar certs_file.pem
5445: .Op Fl config Ar configfile
5446: .Op Fl in Ar response.tsr
5447: .Op Fl inkey Ar private.pem
5448: .Op Fl out Ar response.tsr
5449: .Op Fl passin Ar arg
5450: .Op Fl policy Ar object_id
5451: .Op Fl queryfile Ar request.tsq
5452: .Op Fl section Ar tsa_section
5453: .Op Fl signer Ar tsa_cert.pem
5454: .Op Fl text
5455: .Op Fl token_in
5456: .Op Fl token_out
1.114 jmc 5457: .It Nm openssl ts
1.1 jsing 5458: .Fl verify
5459: .Op Fl CAfile Ar trusted_certs.pem
5460: .Op Fl CApath Ar trusted_cert_path
5461: .Op Fl data Ar file_to_hash
5462: .Op Fl digest Ar digest_bytes
5463: .Op Fl in Ar response.tsr
5464: .Op Fl queryfile Ar request.tsq
5465: .Op Fl token_in
5466: .Op Fl untrusted Ar cert_file.pem
1.114 jmc 5467: .El
5468: .Ek
1.1 jsing 5469: .Pp
5470: The
5471: .Nm ts
5472: command is a basic Time Stamping Authority (TSA) client and server
5473: application as specified in RFC 3161 (Time-Stamp Protocol, TSP).
5474: A TSA can be part of a PKI deployment and its role is to provide long
1.72 jmc 5475: term proof of the existence of specific data.
1.1 jsing 5476: Here is a brief description of the protocol:
5477: .Bl -enum
5478: .It
5479: The TSA client computes a one-way hash value for a data file and sends
5480: the hash to the TSA.
5481: .It
5482: The TSA attaches the current date and time to the received hash value,
5483: signs them and sends the time stamp token back to the client.
5484: By creating this token the TSA certifies the existence of the original
5485: data file at the time of response generation.
5486: .It
5487: The TSA client receives the time stamp token and verifies the
5488: signature on it.
5489: It also checks if the token contains the same hash
5490: value that it had sent to the TSA.
5491: .El
5492: .Pp
5493: There is one DER-encoded protocol data unit defined for transporting a time
5494: stamp request to the TSA and one for sending the time stamp response
5495: back to the client.
5496: The
5497: .Nm ts
5498: command has three main functions:
5499: creating a time stamp request based on a data file;
5500: creating a time stamp response based on a request;
5501: and verifying if a response corresponds
5502: to a particular request or a data file.
5503: .Pp
5504: There is no support for sending the requests/responses automatically
5505: over HTTP or TCP yet as suggested in RFC 3161.
5506: Users must send the requests either by FTP or email.
5507: .Pp
5508: The
5509: .Fl query
5510: switch can be used for creating and printing a time stamp
5511: request with the following options:
5512: .Bl -tag -width Ds
5513: .It Fl cert
1.72 jmc 5514: Expect the TSA to include its signing certificate in the response.
1.1 jsing 5515: .It Fl config Ar configfile
1.72 jmc 5516: Specify an alternative configuration file.
5517: Only the OID section is used.
1.1 jsing 5518: .It Fl data Ar file_to_hash
5519: The data file for which the time stamp request needs to be created.
1.72 jmc 5520: The default is standard input.
1.1 jsing 5521: .It Fl digest Ar digest_bytes
1.72 jmc 5522: Specify the message imprint explicitly without the data file.
1.1 jsing 5523: The imprint must be specified in a hexadecimal format,
5524: two characters per byte,
1.72 jmc 5525: the bytes optionally separated by colons.
1.1 jsing 5526: The number of bytes must match the message digest algorithm in use.
5527: .It Fl in Ar request.tsq
1.72 jmc 5528: A previously created time stamp request in DER
1.1 jsing 5529: format that will be printed into the output file.
1.72 jmc 5530: Useful for examining the content of a request in human-readable format.
1.76 jmc 5531: .It Fl md4 | md5 | ripemd160 | sha | sha1
1.1 jsing 5532: The message digest to apply to the data file.
5533: It supports all the message digest algorithms that are supported by the
5534: .Nm dgst
5535: command.
5536: The default is SHA-1.
5537: .It Fl no_nonce
1.72 jmc 5538: Specify no nonce in the request.
5539: The default, to include a 64-bit long pseudo-random nonce,
5540: is recommended to protect against replay attacks.
1.1 jsing 5541: .It Fl out Ar request.tsq
1.72 jmc 5542: The output file to write to,
5543: or standard output if not specified.
1.1 jsing 5544: .It Fl policy Ar object_id
5545: The policy that the client expects the TSA to use for creating the
5546: time stamp token.
1.72 jmc 5547: Either dotted OID notation or OID names defined
1.1 jsing 5548: in the config file can be used.
1.72 jmc 5549: If no policy is requested the TSA uses its own default policy.
1.1 jsing 5550: .It Fl text
1.72 jmc 5551: Output in human-readable text format instead of DER.
1.1 jsing 5552: .El
5553: .Pp
5554: A time stamp response (TimeStampResp) consists of a response status
5555: and the time stamp token itself (ContentInfo),
5556: if the token generation was successful.
5557: The
5558: .Fl reply
5559: command is for creating a time stamp
5560: response or time stamp token based on a request and printing the
5561: response/token in human-readable format.
5562: If
5563: .Fl token_out
5564: is not specified the output is always a time stamp response (TimeStampResp),
5565: otherwise it is a time stamp token (ContentInfo).
5566: .Bl -tag -width Ds
5567: .It Fl chain Ar certs_file.pem
1.72 jmc 5568: The collection of PEM certificates
1.1 jsing 5569: that will be included in the response
5570: in addition to the signer certificate if the
5571: .Fl cert
5572: option was used for the request.
5573: This file is supposed to contain the certificate chain
5574: for the signer certificate from its issuer upwards.
5575: The
5576: .Fl reply
5577: command does not build a certificate chain automatically.
5578: .It Fl config Ar configfile
1.72 jmc 5579: Specify an alternative configuration file.
1.1 jsing 5580: .It Fl in Ar response.tsr
1.72 jmc 5581: Specify a previously created time stamp response (or time stamp token, if
1.1 jsing 5582: .Fl token_in
1.72 jmc 5583: is also specified)
1.1 jsing 5584: in DER format that will be written to the output file.
5585: This option does not require a request;
5586: it is useful, for example,
1.72 jmc 5587: to examine the content of a response or token
5588: or to extract the time stamp token from a response.
1.1 jsing 5589: If the input is a token and the output is a time stamp response a default
1.72 jmc 5590: .Qq granted
1.1 jsing 5591: status info is added to the token.
5592: .It Fl inkey Ar private.pem
5593: The signer private key of the TSA in PEM format.
5594: Overrides the
5595: .Cm signer_key
5596: config file option.
5597: .It Fl out Ar response.tsr
5598: The response is written to this file.
5599: The format and content of the file depends on other options (see
5600: .Fl text
5601: and
5602: .Fl token_out ) .
5603: The default is stdout.
5604: .It Fl passin Ar arg
5605: The key password source.
5606: .It Fl policy Ar object_id
1.72 jmc 5607: The default policy to use for the response.
5608: Either dotted OID notation or OID names defined
5609: in the config file can be used.
5610: If no policy is requested the TSA uses its own default policy.
1.1 jsing 5611: .It Fl queryfile Ar request.tsq
1.72 jmc 5612: The file containing a DER-encoded time stamp request.
1.1 jsing 5613: .It Fl section Ar tsa_section
1.72 jmc 5614: The config file section containing the settings for response generation.
1.1 jsing 5615: .It Fl signer Ar tsa_cert.pem
1.72 jmc 5616: The PEM signer certificate of the TSA.
1.1 jsing 5617: The TSA signing certificate must have exactly one extended key usage
5618: assigned to it: timeStamping.
5619: The extended key usage must also be critical,
5620: otherwise the certificate is going to be refused.
5621: Overrides the
5622: .Cm signer_cert
5623: variable of the config file.
5624: .It Fl text
1.72 jmc 5625: Output in human-readable text format instead of DER.
1.1 jsing 5626: .It Fl token_in
1.72 jmc 5627: The input is a DER-encoded time stamp token (ContentInfo)
5628: instead of a time stamp response (TimeStampResp).
1.1 jsing 5629: .It Fl token_out
1.72 jmc 5630: The output is a time stamp token (ContentInfo)
5631: instead of a time stamp response (TimeStampResp).
1.1 jsing 5632: .El
5633: .Pp
5634: The
5635: .Fl verify
5636: command is for verifying if a time stamp response or time stamp token
5637: is valid and matches a particular time stamp request or data file.
5638: The
5639: .Fl verify
5640: command does not use the configuration file.
5641: .Bl -tag -width Ds
5642: .It Fl CAfile Ar trusted_certs.pem
1.72 jmc 5643: The file containing a set of trusted self-signed PEM CA certificates.
5644: See
1.1 jsing 5645: .Nm verify
5646: for additional details.
5647: Either this option or
5648: .Fl CApath
5649: must be specified.
5650: .It Fl CApath Ar trusted_cert_path
1.112 inoguchi 5651: The directory containing the trusted CA certificates of the client.
1.72 jmc 5652: See
1.1 jsing 5653: .Nm verify
5654: for additional details.
5655: Either this option or
5656: .Fl CAfile
5657: must be specified.
5658: .It Fl data Ar file_to_hash
5659: The response or token must be verified against
5660: .Ar file_to_hash .
5661: The file is hashed with the message digest algorithm specified in the token.
5662: The
5663: .Fl digest
5664: and
5665: .Fl queryfile
5666: options must not be specified with this one.
5667: .It Fl digest Ar digest_bytes
5668: The response or token must be verified against the message digest specified
5669: with this option.
5670: The number of bytes must match the message digest algorithm
5671: specified in the token.
5672: The
5673: .Fl data
5674: and
5675: .Fl queryfile
5676: options must not be specified with this one.
5677: .It Fl in Ar response.tsr
5678: The time stamp response that needs to be verified, in DER format.
5679: This option in mandatory.
5680: .It Fl queryfile Ar request.tsq
5681: The original time stamp request, in DER format.
5682: The
5683: .Fl data
5684: and
5685: .Fl digest
5686: options must not be specified with this one.
5687: .It Fl token_in
1.72 jmc 5688: The input is a DER-encoded time stamp token (ContentInfo)
5689: instead of a time stamp response (TimeStampResp).
1.1 jsing 5690: .It Fl untrusted Ar cert_file.pem
1.72 jmc 5691: Additional untrusted PEM certificates which may be needed
5692: when building the certificate chain for the TSA's signing certificate.
1.1 jsing 5693: This file must contain the TSA signing certificate and
5694: all intermediate CA certificates unless the response includes them.
5695: .El
5696: .Pp
1.72 jmc 5697: Options specified on the command line always override
5698: the settings in the config file:
1.1 jsing 5699: .Bl -tag -width Ds
5700: .It Cm tsa Ar section , Cm default_tsa
5701: This is the main section and it specifies the name of another section
5702: that contains all the options for the
5703: .Fl reply
5704: option.
1.72 jmc 5705: This section can be overridden with the
1.1 jsing 5706: .Fl section
5707: command line switch.
5708: .It Cm oid_file
5709: See
5710: .Nm ca
5711: for a description.
5712: .It Cm oid_section
5713: See
5714: .Nm ca
5715: for a description.
5716: .It Cm serial
1.72 jmc 5717: The file containing the hexadecimal serial number of the
1.1 jsing 5718: last time stamp response created.
5719: This number is incremented by 1 for each response.
1.72 jmc 5720: If the file does not exist at the time of response generation
5721: a new file is created with serial number 1.
1.1 jsing 5722: This parameter is mandatory.
5723: .It Cm signer_cert
5724: TSA signing certificate, in PEM format.
5725: The same as the
5726: .Fl signer
5727: command line option.
5728: .It Cm certs
1.72 jmc 5729: A set of PEM-encoded certificates that need to be
1.1 jsing 5730: included in the response.
5731: The same as the
5732: .Fl chain
5733: command line option.
5734: .It Cm signer_key
5735: The private key of the TSA, in PEM format.
5736: The same as the
5737: .Fl inkey
5738: command line option.
5739: .It Cm default_policy
5740: The default policy to use when the request does not mandate any policy.
5741: The same as the
5742: .Fl policy
5743: command line option.
5744: .It Cm other_policies
5745: Comma separated list of policies that are also acceptable by the TSA
5746: and used only if the request explicitly specifies one of them.
5747: .It Cm digests
5748: The list of message digest algorithms that the TSA accepts.
5749: At least one algorithm must be specified.
5750: This parameter is mandatory.
5751: .It Cm accuracy
5752: The accuracy of the time source of the TSA in seconds, milliseconds
5753: and microseconds.
5754: For example, secs:1, millisecs:500, microsecs:100.
5755: If any of the components is missing,
5756: zero is assumed for that field.
5757: .It Cm clock_precision_digits
1.72 jmc 5758: The maximum number of digits, which represent the fraction of seconds,
5759: that need to be included in the time field.
1.1 jsing 5760: The trailing zeroes must be removed from the time,
1.72 jmc 5761: so there might actually be fewer digits
1.1 jsing 5762: or no fraction of seconds at all.
5763: The maximum value is 6;
5764: the default is 0.
5765: .It Cm ordering
5766: If this option is yes,
5767: the responses generated by this TSA can always be ordered,
5768: even if the time difference between two responses is less
5769: than the sum of their accuracies.
5770: The default is no.
5771: .It Cm tsa_name
5772: Set this option to yes if the subject name of the TSA must be included in
5773: the TSA name field of the response.
5774: The default is no.
5775: .It Cm ess_cert_id_chain
5776: The SignedData objects created by the TSA always contain the
5777: certificate identifier of the signing certificate in a signed
5778: attribute (see RFC 2634, Enhanced Security Services).
5779: If this option is set to yes and either the
5780: .Cm certs
5781: variable or the
5782: .Fl chain
5783: option is specified then the certificate identifiers of the chain will also
5784: be included in the SigningCertificate signed attribute.
5785: If this variable is set to no,
5786: only the signing certificate identifier is included.
5787: The default is no.
5788: .El
1.120 kn 5789: .Tg verify
1.1 jsing 5790: .Sh VERIFY
1.114 jmc 5791: .Bl -hang -width "openssl verify"
5792: .It Nm openssl verify
5793: .Bk -words
1.1 jsing 5794: .Op Fl CAfile Ar file
5795: .Op Fl CApath Ar directory
5796: .Op Fl check_ss_sig
1.107 inoguchi 5797: .Op Fl CRLfile Ar file
1.1 jsing 5798: .Op Fl crl_check
5799: .Op Fl crl_check_all
5800: .Op Fl explicit_policy
5801: .Op Fl extended_crl
5802: .Op Fl help
5803: .Op Fl ignore_critical
5804: .Op Fl inhibit_any
5805: .Op Fl inhibit_map
5806: .Op Fl issuer_checks
5807: .Op Fl policy_check
5808: .Op Fl purpose Ar purpose
1.107 inoguchi 5809: .Op Fl trusted Ar file
1.1 jsing 5810: .Op Fl untrusted Ar file
5811: .Op Fl verbose
5812: .Op Fl x509_strict
5813: .Op Ar certificates
1.114 jmc 5814: .Ek
5815: .El
1.1 jsing 5816: .Pp
5817: The
5818: .Nm verify
5819: command verifies certificate chains.
5820: .Pp
5821: The options are as follows:
5822: .Bl -tag -width Ds
5823: .It Fl CAfile Ar file
5824: A
5825: .Ar file
5826: of trusted certificates.
5827: The
5828: .Ar file
5829: should contain multiple certificates in PEM format, concatenated together.
5830: .It Fl CApath Ar directory
5831: A
5832: .Ar directory
5833: of trusted certificates.
1.76 jmc 5834: The certificates, or symbolic links to them,
5835: should have names of the form
5836: .Ar hash Ns .0 ,
5837: where
5838: .Ar hash
5839: is the hashed certificate subject name
5840: (see the
1.1 jsing 5841: .Fl hash
5842: option of the
5843: .Nm x509
5844: utility).
1.107 inoguchi 5845: .It Fl check_ss_sig
5846: Verify the signature on the self-signed root CA.
5847: This is disabled by default
5848: because it doesn't add any security.
5849: .It Fl CRLfile Ar file
5850: The
5851: .Ar file
5852: should contain one or more CRLs in PEM format.
1.1 jsing 5853: .It Fl crl_check
1.76 jmc 5854: Check end entity certificate validity by attempting to look up a valid CRL.
1.1 jsing 5855: If a valid CRL cannot be found an error occurs.
5856: .It Fl crl_check_all
1.76 jmc 5857: Check the validity of all certificates in the chain by attempting
1.1 jsing 5858: to look up valid CRLs.
5859: .It Fl explicit_policy
1.76 jmc 5860: Set policy variable require-explicit-policy (RFC 3280).
1.1 jsing 5861: .It Fl extended_crl
5862: Enable extended CRL features such as indirect CRLs and alternate CRL
5863: signing keys.
5864: .It Fl help
1.76 jmc 5865: Print a usage message.
1.1 jsing 5866: .It Fl ignore_critical
1.76 jmc 5867: Ignore critical extensions instead of rejecting the certificate.
1.1 jsing 5868: .It Fl inhibit_any
1.76 jmc 5869: Set policy variable inhibit-any-policy (RFC 3280).
1.1 jsing 5870: .It Fl inhibit_map
1.76 jmc 5871: Set policy variable inhibit-policy-mapping (RFC 3280).
1.1 jsing 5872: .It Fl issuer_checks
1.76 jmc 5873: Print diagnostics relating to searches for the issuer certificate
5874: of the current certificate
5875: showing why each candidate issuer certificate was rejected.
5876: The presence of rejection messages
5877: does not itself imply that anything is wrong:
5878: during the normal verify process several rejections may take place.
1.1 jsing 5879: .It Fl policy_check
1.76 jmc 5880: Enable certificate policy processing.
1.1 jsing 5881: .It Fl purpose Ar purpose
5882: The intended use for the certificate.
5883: Without this option no chain verification will be done.
5884: Currently accepted uses are
1.76 jmc 5885: .Cm sslclient , sslserver ,
5886: .Cm nssslserver , smimesign ,
5887: .Cm smimeencrypt , crlsign ,
5888: .Cm any ,
1.1 jsing 5889: and
1.76 jmc 5890: .Cm ocsphelper .
1.107 inoguchi 5891: .It Fl trusted Ar file
5892: A
5893: .Ar file
5894: of trusted certificates.
5895: The
5896: .Ar file
5897: should contain multiple certificates.
1.1 jsing 5898: .It Fl untrusted Ar file
5899: A
5900: .Ar file
5901: of untrusted certificates.
5902: The
5903: .Ar file
5904: should contain multiple certificates.
5905: .It Fl verbose
5906: Print extra information about the operations being performed.
5907: .It Fl x509_strict
5908: Disable workarounds for broken certificates which have to be disabled
5909: for strict X.509 compliance.
5910: .It Ar certificates
1.76 jmc 5911: One or more PEM
1.1 jsing 5912: .Ar certificates
5913: to verify.
5914: If no certificate files are included, an attempt is made to read
5915: a certificate from standard input.
1.76 jmc 5916: If the first certificate filename begins with a dash,
5917: use a lone dash to mark the last option.
1.1 jsing 5918: .El
1.76 jmc 5919: .Pp
1.1 jsing 5920: The
5921: .Nm verify
5922: program uses the same functions as the internal SSL and S/MIME verification,
1.76 jmc 5923: with one crucial difference:
5924: wherever possible an attempt is made to continue after an error,
5925: whereas normally the verify operation would halt on the first error.
1.1 jsing 5926: This allows all the problems with a certificate chain to be determined.
5927: .Pp
1.76 jmc 5928: The verify operation consists of a number of separate steps.
1.1 jsing 5929: Firstly a certificate chain is built up starting from the supplied certificate
5930: and ending in the root CA.
5931: It is an error if the whole chain cannot be built up.
5932: The chain is built up by looking up the issuer's certificate of the current
5933: certificate.
5934: If a certificate is found which is its own issuer, it is assumed
5935: to be the root CA.
5936: .Pp
1.76 jmc 5937: All certificates whose subject name matches the issuer name
1.1 jsing 5938: of the current certificate are subject to further tests.
5939: The relevant authority key identifier components of the current certificate
1.76 jmc 5940: (if present) must match the subject key identifier (if present)
5941: and issuer and serial number of the candidate issuer;
5942: in addition the
5943: .Cm keyUsage
5944: extension of the candidate issuer (if present) must permit certificate signing.
1.1 jsing 5945: .Pp
5946: The lookup first looks in the list of untrusted certificates and if no match
5947: is found the remaining lookups are from the trusted certificates.
1.76 jmc 5948: The root CA is always looked up in the trusted certificate list:
5949: if the certificate to verify is a root certificate,
5950: then an exact match must be found in the trusted list.
1.1 jsing 5951: .Pp
5952: The second operation is to check every untrusted certificate's extensions for
5953: consistency with the supplied purpose.
5954: If the
5955: .Fl purpose
5956: option is not included, then no checks are done.
5957: The supplied or
5958: .Qq leaf
5959: certificate must have extensions compatible with the supplied purpose
5960: and all other certificates must also be valid CA certificates.
5961: The precise extensions required are described in more detail in
5962: the
1.76 jmc 5963: .Nm X509
1.1 jsing 5964: section below.
5965: .Pp
5966: The third operation is to check the trust settings on the root CA.
5967: The root CA should be trusted for the supplied purpose.
1.76 jmc 5968: A certificate with no trust settings is considered to be valid for
1.1 jsing 5969: all purposes.
5970: .Pp
5971: The final operation is to check the validity of the certificate chain.
5972: The validity period is checked against the current system time and the
1.76 jmc 5973: .Cm notBefore
1.1 jsing 5974: and
1.76 jmc 5975: .Cm notAfter
1.1 jsing 5976: dates in the certificate.
5977: The certificate signatures are also checked at this point.
5978: .Pp
5979: If all operations complete successfully, the certificate is considered
5980: valid.
5981: If any operation fails then the certificate is not valid.
5982: When a verify operation fails, the output messages can be somewhat cryptic.
5983: The general form of the error message is:
1.76 jmc 5984: .Bd -literal
5985: server.pem: /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test CA (1024-bit)
5986: error 24 at 1 depth lookup:invalid CA certificate
1.1 jsing 5987: .Ed
5988: .Pp
5989: The first line contains the name of the certificate being verified, followed by
5990: the subject name of the certificate.
5991: The second line contains the error number and the depth.
5992: The depth is the number of the certificate being verified when a
5993: problem was detected starting with zero for the certificate being verified
5994: itself, then 1 for the CA that signed the certificate and so on.
5995: Finally a text version of the error number is presented.
5996: .Pp
5997: An exhaustive list of the error codes and messages is shown below; this also
5998: includes the name of the error code as defined in the header file
1.12 bentley 5999: .In openssl/x509_vfy.h .
1.76 jmc 6000: Some of the error codes are defined but never returned: these are described as
1.1 jsing 6001: .Qq unused .
6002: .Bl -tag -width "XXXX"
1.78 jmc 6003: .It 0 X509_V_OK
1.1 jsing 6004: The operation was successful.
1.78 jmc 6005: .It 2 X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT
6006: The issuer certificate of an untrusted certificate could not be found.
6007: .It 3 X509_V_ERR_UNABLE_TO_GET_CRL
1.1 jsing 6008: The CRL of a certificate could not be found.
1.78 jmc 6009: .It 4 X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE
1.1 jsing 6010: The certificate signature could not be decrypted.
1.78 jmc 6011: This means that the actual signature value could not be determined
6012: rather than it not matching the expected value.
1.1 jsing 6013: This is only meaningful for RSA keys.
1.78 jmc 6014: .It 5 X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE
6015: The CRL signature could not be decrypted.
6016: This means that the actual signature value could not be determined
6017: rather than it not matching the expected value.
1.1 jsing 6018: Unused.
1.78 jmc 6019: .It 6 X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY
1.1 jsing 6020: The public key in the certificate
1.76 jmc 6021: .Cm SubjectPublicKeyInfo
1.1 jsing 6022: could not be read.
1.78 jmc 6023: .It 7 X509_V_ERR_CERT_SIGNATURE_FAILURE
1.1 jsing 6024: The signature of the certificate is invalid.
1.78 jmc 6025: .It 8 X509_V_ERR_CRL_SIGNATURE_FAILURE
1.1 jsing 6026: The signature of the certificate is invalid.
1.78 jmc 6027: .It 9 X509_V_ERR_CERT_NOT_YET_VALID
1.1 jsing 6028: The certificate is not yet valid: the
1.76 jmc 6029: .Cm notBefore
1.1 jsing 6030: date is after the current time.
1.78 jmc 6031: .It 10 X509_V_ERR_CERT_HAS_EXPIRED
1.1 jsing 6032: The certificate has expired; that is, the
1.76 jmc 6033: .Cm notAfter
1.1 jsing 6034: date is before the current time.
1.78 jmc 6035: .It 11 X509_V_ERR_CRL_NOT_YET_VALID
1.1 jsing 6036: The CRL is not yet valid.
1.78 jmc 6037: .It 12 X509_V_ERR_CRL_HAS_EXPIRED
1.1 jsing 6038: The CRL has expired.
1.78 jmc 6039: .It 13 X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD
1.1 jsing 6040: The certificate
1.76 jmc 6041: .Cm notBefore
1.1 jsing 6042: field contains an invalid time.
1.78 jmc 6043: .It 14 X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD
1.1 jsing 6044: The certificate
1.76 jmc 6045: .Cm notAfter
1.1 jsing 6046: field contains an invalid time.
1.78 jmc 6047: .It 15 X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD
1.1 jsing 6048: The CRL
1.76 jmc 6049: .Cm lastUpdate
1.1 jsing 6050: field contains an invalid time.
1.78 jmc 6051: .It 16 X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD
1.1 jsing 6052: The CRL
1.76 jmc 6053: .Cm nextUpdate
1.1 jsing 6054: field contains an invalid time.
1.78 jmc 6055: .It 17 X509_V_ERR_OUT_OF_MEM
1.1 jsing 6056: An error occurred trying to allocate memory.
6057: This should never happen.
1.78 jmc 6058: .It 18 X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT
1.1 jsing 6059: The passed certificate is self-signed and the same certificate cannot be
6060: found in the list of trusted certificates.
1.78 jmc 6061: .It 19 X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN
1.1 jsing 6062: The certificate chain could be built up using the untrusted certificates but
6063: the root could not be found locally.
1.78 jmc 6064: .It 20 X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY
1.1 jsing 6065: The issuer certificate of a locally looked up certificate could not be found.
6066: This normally means the list of trusted certificates is not complete.
1.78 jmc 6067: .It 21 X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE
1.1 jsing 6068: No signatures could be verified because the chain contains only one
6069: certificate and it is not self-signed.
1.78 jmc 6070: .It 22 X509_V_ERR_CERT_CHAIN_TOO_LONG
1.1 jsing 6071: The certificate chain length is greater than the supplied maximum depth.
6072: Unused.
1.78 jmc 6073: .It 23 X509_V_ERR_CERT_REVOKED
1.1 jsing 6074: The certificate has been revoked.
1.78 jmc 6075: .It 24 X509_V_ERR_INVALID_CA
1.1 jsing 6076: A CA certificate is invalid.
6077: Either it is not a CA or its extensions are not consistent
6078: with the supplied purpose.
1.78 jmc 6079: .It 25 X509_V_ERR_PATH_LENGTH_EXCEEDED
1.1 jsing 6080: The
1.76 jmc 6081: .Cm basicConstraints
1.1 jsing 6082: pathlength parameter has been exceeded.
1.78 jmc 6083: .It 26 X509_V_ERR_INVALID_PURPOSE
1.1 jsing 6084: The supplied certificate cannot be used for the specified purpose.
1.78 jmc 6085: .It 27 X509_V_ERR_CERT_UNTRUSTED
1.1 jsing 6086: The root CA is not marked as trusted for the specified purpose.
1.78 jmc 6087: .It 28 X509_V_ERR_CERT_REJECTED
1.1 jsing 6088: The root CA is marked to reject the specified purpose.
1.78 jmc 6089: .It 29 X509_V_ERR_SUBJECT_ISSUER_MISMATCH
1.1 jsing 6090: The current candidate issuer certificate was rejected because its subject name
6091: did not match the issuer name of the current certificate.
6092: Only displayed when the
6093: .Fl issuer_checks
6094: option is set.
1.78 jmc 6095: .It 30 X509_V_ERR_AKID_SKID_MISMATCH
1.1 jsing 6096: The current candidate issuer certificate was rejected because its subject key
6097: identifier was present and did not match the authority key identifier current
6098: certificate.
6099: Only displayed when the
6100: .Fl issuer_checks
6101: option is set.
1.78 jmc 6102: .It 31 X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH
1.1 jsing 6103: The current candidate issuer certificate was rejected because its issuer name
6104: and serial number were present and did not match the authority key identifier
6105: of the current certificate.
6106: Only displayed when the
6107: .Fl issuer_checks
6108: option is set.
1.78 jmc 6109: .It 32 X509_V_ERR_KEYUSAGE_NO_CERTSIGN
1.1 jsing 6110: The current candidate issuer certificate was rejected because its
1.76 jmc 6111: .Cm keyUsage
1.1 jsing 6112: extension does not permit certificate signing.
1.78 jmc 6113: .It 50 X509_V_ERR_APPLICATION_VERIFICATION
1.1 jsing 6114: An application specific error.
6115: Unused.
6116: .El
1.120 kn 6117: .Tg version
1.1 jsing 6118: .Sh VERSION
6119: .Nm openssl version
6120: .Op Fl abdfopv
6121: .Pp
6122: The
6123: .Nm version
6124: command is used to print out version information about
1.79 jmc 6125: .Nm openssl .
1.1 jsing 6126: .Pp
6127: The options are as follows:
6128: .Bl -tag -width Ds
6129: .It Fl a
6130: All information: this is the same as setting all the other flags.
6131: .It Fl b
6132: The date the current version of
1.79 jmc 6133: .Nm openssl
1.1 jsing 6134: was built.
6135: .It Fl d
6136: .Ev OPENSSLDIR
6137: setting.
6138: .It Fl f
6139: Compilation flags.
6140: .It Fl o
6141: Option information: various options set when the library was built.
6142: .It Fl p
6143: Platform setting.
6144: .It Fl v
6145: The current
1.79 jmc 6146: .Nm openssl
1.1 jsing 6147: version.
6148: .El
1.120 kn 6149: .Tg x509
1.1 jsing 6150: .Sh X509
1.114 jmc 6151: .Bl -hang -width "openssl x509"
6152: .It Nm openssl x509
6153: .Bk -words
1.1 jsing 6154: .Op Fl C
6155: .Op Fl addreject Ar arg
6156: .Op Fl addtrust Ar arg
6157: .Op Fl alias
6158: .Op Fl CA Ar file
6159: .Op Fl CAcreateserial
1.80 jmc 6160: .Op Fl CAform Cm der | pem
1.1 jsing 6161: .Op Fl CAkey Ar file
1.80 jmc 6162: .Op Fl CAkeyform Cm der | pem
1.1 jsing 6163: .Op Fl CAserial Ar file
6164: .Op Fl certopt Ar option
6165: .Op Fl checkend Ar arg
6166: .Op Fl clrext
6167: .Op Fl clrreject
6168: .Op Fl clrtrust
6169: .Op Fl dates
6170: .Op Fl days Ar arg
6171: .Op Fl email
6172: .Op Fl enddate
6173: .Op Fl extensions Ar section
6174: .Op Fl extfile Ar file
6175: .Op Fl fingerprint
6176: .Op Fl hash
6177: .Op Fl in Ar file
1.80 jmc 6178: .Op Fl inform Cm der | net | pem
1.1 jsing 6179: .Op Fl issuer
6180: .Op Fl issuer_hash
6181: .Op Fl issuer_hash_old
1.80 jmc 6182: .Op Fl keyform Cm der | pem
1.29 bcook 6183: .Op Fl md5 | sha1
1.1 jsing 6184: .Op Fl modulus
6185: .Op Fl nameopt Ar option
1.107 inoguchi 6186: .Op Fl next_serial
1.1 jsing 6187: .Op Fl noout
6188: .Op Fl ocsp_uri
6189: .Op Fl ocspid
6190: .Op Fl out Ar file
1.80 jmc 6191: .Op Fl outform Cm der | net | pem
1.1 jsing 6192: .Op Fl passin Ar arg
6193: .Op Fl pubkey
6194: .Op Fl purpose
6195: .Op Fl req
6196: .Op Fl serial
6197: .Op Fl set_serial Ar n
6198: .Op Fl setalias Ar arg
6199: .Op Fl signkey Ar file
1.107 inoguchi 6200: .Op Fl sigopt Ar nm:v
1.1 jsing 6201: .Op Fl startdate
6202: .Op Fl subject
6203: .Op Fl subject_hash
6204: .Op Fl subject_hash_old
6205: .Op Fl text
6206: .Op Fl trustout
6207: .Op Fl x509toreq
1.114 jmc 6208: .Ek
6209: .El
1.1 jsing 6210: .Pp
6211: The
6212: .Nm x509
6213: command is a multi-purpose certificate utility.
6214: It can be used to display certificate information, convert certificates to
6215: various forms, sign certificate requests like a
6216: .Qq mini CA ,
6217: or edit certificate trust settings.
6218: .Pp
1.80 jmc 6219: The following are x509 input, output, and general purpose options:
1.1 jsing 6220: .Bl -tag -width "XXXX"
6221: .It Fl in Ar file
1.80 jmc 6222: The input file to read from,
6223: or standard input if not specified.
6224: .It Fl inform Cm der | net | pem
6225: The input format.
1.1 jsing 6226: Normally, the command will expect an X.509 certificate,
6227: but this can change if other options such as
6228: .Fl req
6229: are present.
1.29 bcook 6230: .It Fl md5 | sha1
1.1 jsing 6231: The digest to use.
6232: This affects any signing or display option that uses a message digest,
6233: such as the
6234: .Fl fingerprint , signkey ,
6235: and
6236: .Fl CA
6237: options.
6238: If not specified, MD5 is used.
1.80 jmc 6239: SHA1 is always used with DSA keys.
1.1 jsing 6240: .It Fl out Ar file
1.80 jmc 6241: The output file to write to,
6242: or standard output if none is specified.
6243: .It Fl outform Cm der | net | pem
6244: The output format.
1.1 jsing 6245: .It Fl passin Ar arg
6246: The key password source.
6247: .El
1.80 jmc 6248: .Pp
6249: The following are x509 display options:
1.1 jsing 6250: .Bl -tag -width "XXXX"
6251: .It Fl C
1.80 jmc 6252: Output the certificate in the form of a C source file.
1.1 jsing 6253: .It Fl certopt Ar option
6254: Customise the output format used with
1.80 jmc 6255: .Fl text ,
6256: either using a list of comma-separated options or by specifying
1.1 jsing 6257: .Fl certopt
1.80 jmc 6258: multiple times.
6259: The default behaviour is to print all fields.
6260: The options are as follows:
6261: .Pp
6262: .Bl -tag -width "no_extensions" -offset indent -compact
6263: .It Cm ca_default
6264: Equivalent to
6265: .Cm no_issuer , no_pubkey , no_header ,
6266: .Cm no_version , no_sigdump ,
6267: and
6268: .Cm no_signame .
6269: .It Cm compatible
6270: Equivalent to no output options at all.
6271: .It Cm ext_default
6272: Print unsupported certificate extensions.
6273: .It Cm ext_dump
6274: Hex dump unsupported extensions.
6275: .It Cm ext_error
6276: Print an error message for unsupported certificate extensions.
6277: .It Cm ext_parse
1.84 jmc 6278: ASN.1 parse unsupported extensions.
1.80 jmc 6279: .It Cm no_aux
6280: Do not print certificate trust information.
6281: .It Cm no_extensions
6282: Do not print X509V3 extensions.
6283: .It Cm no_header
6284: Do not print header (Certificate and Data) information.
6285: .It Cm no_issuer
6286: Do not print the issuer name.
6287: .It Cm no_pubkey
6288: Do not print the public key.
6289: .It Cm no_serial
6290: Do not print the serial number.
6291: .It Cm no_sigdump
6292: Do not give a hexadecimal dump of the certificate signature.
6293: .It Cm no_signame
6294: Do not print the signature algorithm used.
6295: .It Cm no_subject
6296: Do not print the subject name.
6297: .It Cm no_validity
6298: Do not print the
6299: .Cm notBefore
6300: and
6301: .Cm notAfter
6302: (validity) fields.
6303: .It Cm no_version
6304: Do not print the version number.
6305: .El
1.1 jsing 6306: .It Fl dates
1.80 jmc 6307: Print the start and expiry date of a certificate.
1.1 jsing 6308: .It Fl email
1.80 jmc 6309: Output the email addresses, if any.
1.1 jsing 6310: .It Fl enddate
1.80 jmc 6311: Print the expiry date of the certificate; that is, the
6312: .Cm notAfter
1.1 jsing 6313: date.
6314: .It Fl fingerprint
1.80 jmc 6315: Print the digest of the DER-encoded version of the whole certificate.
1.1 jsing 6316: .It Fl hash
6317: A synonym for
1.80 jmc 6318: .Fl subject_hash .
1.1 jsing 6319: .It Fl issuer
1.80 jmc 6320: Print the issuer name.
1.1 jsing 6321: .It Fl issuer_hash
1.80 jmc 6322: Print the hash of the certificate issuer name.
1.1 jsing 6323: .It Fl issuer_hash_old
1.80 jmc 6324: Print the hash of the certificate issuer name
6325: using the older algorithm as used by
6326: .Nm openssl
1.1 jsing 6327: versions before 1.0.0.
6328: .It Fl modulus
1.80 jmc 6329: Print the value of the modulus of the public key contained in the certificate.
1.1 jsing 6330: .It Fl nameopt Ar option
1.80 jmc 6331: Customise how the subject or issuer names are displayed,
6332: either using a list of comma-separated options or by specifying
1.1 jsing 6333: .Fl nameopt
1.80 jmc 6334: multiple times.
6335: The default behaviour is to use the
6336: .Cm oneline
6337: format.
6338: The options,
6339: which can be preceded by a dash to turn them off,
6340: are as follows:
6341: .Bl -tag -width "XXXX"
6342: .It Cm align
6343: Align field values for a more readable output.
6344: Only usable with
6345: .Ar sep_multiline .
6346: .It Cm compat
6347: Use the old format,
6348: equivalent to specifying no options at all.
6349: .It Cm dn_rev
6350: Reverse the fields of the DN, as required by RFC 2253.
6351: As a side effect, this also reverses the order of multiple AVAs.
6352: .It Cm dump_all
6353: Dump all fields.
6354: When used with
6355: .Ar dump_der ,
6356: it allows the DER encoding of the structure to be unambiguously determined.
6357: .It Cm dump_der
6358: Any fields that need to be hexdumped are
6359: dumped using the DER encoding of the field.
6360: Otherwise just the content octets will be displayed.
6361: Both options use the RFC 2253 #XXXX... format.
6362: .It Cm dump_nostr
6363: Dump non-character string types
6364: (for example OCTET STRING);
6365: usually, non-character string types are displayed
6366: as though each content octet represents a single character.
6367: .It Cm dump_unknown
6368: Dump any field whose OID is not recognised by
6369: .Nm openssl .
6370: .It Cm esc_2253
6371: Escape the
6372: .Qq special
6373: characters required by RFC 2253 in a field that is
6374: .Dq \& ,+"<>; .
6375: Additionally,
6376: .Sq #
6377: is escaped at the beginning of a string
6378: and a space character at the beginning or end of a string.
6379: .It Cm esc_ctrl
6380: Escape control characters.
6381: That is, those with ASCII values less than 0x20 (space)
6382: and the delete (0x7f) character.
6383: They are escaped using the RFC 2253 \eXX notation (where XX are two hex
6384: digits representing the character value).
6385: .It Cm esc_msb
6386: Escape characters with the MSB set; that is, with ASCII values larger than
6387: 127.
6388: .It Cm multiline
6389: A multiline format.
6390: Equivalent to
6391: .Cm esc_ctrl , esc_msb , sep_multiline ,
6392: .Cm space_eq , lname ,
6393: and
6394: .Cm align .
6395: .It Cm no_type
6396: Do not attempt to interpret multibyte characters.
6397: That is, content octets are merely dumped as though one octet
6398: represents each character.
6399: This is useful for diagnostic purposes
6400: but results in rather odd looking output.
6401: .It Cm nofname , sname , lname , oid
6402: Alter how the field name is displayed:
6403: .Cm nofname
6404: does not display the field at all;
6405: .Cm sname
6406: uses the short name form (CN for
6407: .Cm commonName ,
6408: for example);
6409: .Cm lname
6410: uses the long form.
6411: .Cm oid
6412: represents the OID in numerical form and is useful for diagnostic purpose.
6413: .It Cm oneline
6414: A one line format which is more readable than
6415: .Cm RFC2253 .
6416: Equivalent to
6417: .Cm esc_2253 , esc_ctrl , esc_msb , utf8 ,
6418: .Cm dump_nostr , dump_der , use_quote , sep_comma_plus_spc ,
6419: .Cm space_eq ,
6420: and
6421: .Cm sname .
6422: .It Cm RFC2253
6423: Displays names compatible with RFC 2253.
6424: Equivalent to
6425: .Cm esc_2253 , esc_ctrl ,
6426: .Cm esc_msb , utf8 , dump_nostr , dump_unknown ,
6427: .Cm dump_der , sep_comma_plus , dn_rev ,
6428: and
6429: .Cm sname .
6430: .It Cm sep_comma_plus , sep_comma_plus_space , sep_semi_plus_space , sep_multiline
6431: Determine the field separators:
6432: the first character is between RDNs and the second between multiple AVAs
6433: (multiple AVAs are very rare and their use is discouraged).
6434: The options ending in
6435: .Qq space
6436: additionally place a space after the separator to make it more readable.
6437: .Cm sep_multiline
6438: uses a linefeed character for the RDN separator and a spaced
6439: .Sq +
6440: for the AVA separator,
6441: as well as indenting the fields by four characters.
6442: .It Cm show_type
1.84 jmc 6443: Show the type of the ASN.1 character string.
1.80 jmc 6444: The type precedes the field contents.
6445: For example
6446: .Qq BMPSTRING: Hello World .
6447: .It Cm space_eq
6448: Place spaces round the
6449: .Sq =
6450: character which follows the field name.
6451: .It Cm use_quote
6452: Escape some characters by surrounding the whole string with
6453: .Sq \&"
6454: characters.
6455: Without the option, all escaping is done with the
6456: .Sq \e
6457: character.
6458: .It Cm utf8
6459: Convert all strings to UTF8 format first, as required by RFC 2253.
6460: On a UTF8 compatible terminal,
6461: the use of this option (and not setting
6462: .Cm esc_msb )
6463: may result in the correct display of multibyte characters.
6464: Usually, multibyte characters larger than 0xff
6465: are represented using the format \eUXXXX for 16 bits and \eWXXXXXXXX
6466: for 32 bits,
6467: and any UTF8Strings are converted to their character form first.
6468: .El
1.107 inoguchi 6469: .It Fl next_serial
6470: Print the next serial number.
1.1 jsing 6471: .It Fl noout
1.80 jmc 6472: Do not output the encoded version of the request.
1.1 jsing 6473: .It Fl ocsp_uri
1.80 jmc 6474: Print the OCSP responder addresses, if any.
1.1 jsing 6475: .It Fl ocspid
6476: Print OCSP hash values for the subject name and public key.
6477: .It Fl pubkey
1.80 jmc 6478: Print the public key.
1.1 jsing 6479: .It Fl serial
1.80 jmc 6480: Print the certificate serial number.
1.107 inoguchi 6481: .It Fl sigopt Ar nm:v
6482: Pass options to the signature algorithm during sign or certify operations.
6483: The names and values of these options are algorithm-specific.
1.1 jsing 6484: .It Fl startdate
1.80 jmc 6485: Print the start date of the certificate; that is, the
6486: .Cm notBefore
1.1 jsing 6487: date.
6488: .It Fl subject
1.80 jmc 6489: Print the subject name.
1.1 jsing 6490: .It Fl subject_hash
1.80 jmc 6491: Print the hash of the certificate subject name.
1.1 jsing 6492: This is used in
1.80 jmc 6493: .Nm openssl
1.1 jsing 6494: to form an index to allow certificates in a directory to be looked up
6495: by subject name.
6496: .It Fl subject_hash_old
1.80 jmc 6497: Print the hash of the certificate subject name
6498: using the older algorithm as used by
6499: .Nm openssl
1.1 jsing 6500: versions before 1.0.0.
6501: .It Fl text
1.80 jmc 6502: Print the full certificate in text form.
1.1 jsing 6503: .El
6504: .Pp
1.80 jmc 6505: A trusted certificate is a certificate which has several
1.1 jsing 6506: additional pieces of information attached to it such as the permitted
1.80 jmc 6507: and prohibited uses of the certificate and an alias.
6508: When a certificate is being verified at least one certificate must be trusted.
6509: By default, a trusted certificate must be stored locally and be a root CA.
6510: The following are x509 trust settings options:
1.1 jsing 6511: .Bl -tag -width "XXXX"
6512: .It Fl addreject Ar arg
1.80 jmc 6513: Add a prohibited use.
6514: Accepts the same values as the
1.1 jsing 6515: .Fl addtrust
6516: option.
6517: .It Fl addtrust Ar arg
1.80 jmc 6518: Add a trusted certificate use.
1.1 jsing 6519: Any object name can be used here, but currently only
1.80 jmc 6520: .Cm clientAuth
6521: (SSL client use),
6522: .Cm serverAuth
6523: (SSL server use),
6524: and
6525: .Cm emailProtection
6526: (S/MIME email) are used.
1.1 jsing 6527: .It Fl alias
1.80 jmc 6528: Output the certificate alias.
1.1 jsing 6529: .It Fl clrreject
1.80 jmc 6530: Clear all the prohibited or rejected uses of the certificate.
1.1 jsing 6531: .It Fl clrtrust
1.80 jmc 6532: Clear all the permitted or trusted uses of the certificate.
1.1 jsing 6533: .It Fl purpose
1.80 jmc 6534: Perform tests on the certificate extensions.
6535: The same code is used when verifying untrusted certificates in chains,
6536: so this section is useful if a chain is rejected by the verify code.
6537: .Pp
6538: The
6539: .Cm basicConstraints
6540: extension CA flag is used to determine whether the
6541: certificate can be used as a CA.
6542: If the CA flag is true, it is a CA;
6543: if the CA flag is false, it is not a CA.
6544: All CAs should have the CA flag set to true.
6545: .Pp
6546: If the
6547: .Cm basicConstraints
6548: extension is absent, then the certificate is
6549: considered to be a possible CA;
6550: other extensions are checked according to the intended use of the certificate.
6551: A warning is given in this case because the certificate should really not
6552: be regarded as a CA.
6553: However it is allowed to be a CA to work around some broken software.
6554: .Pp
6555: If the certificate is a V1 certificate
6556: (and thus has no extensions) and it is self-signed,
6557: it is also assumed to be a CA but a warning is again given.
6558: This is to work around the problem of Verisign roots
6559: which are V1 self-signed certificates.
6560: .Pp
6561: If the
6562: .Cm keyUsage
6563: extension is present, then additional restraints are
6564: made on the uses of the certificate.
6565: A CA certificate must have the
6566: .Cm keyCertSign
6567: bit set if the
6568: .Cm keyUsage
6569: extension is present.
6570: .Pp
6571: The extended key usage extension places additional restrictions on the
6572: certificate uses.
6573: If this extension is present, whether critical or not,
6574: the key can only be used for the purposes specified.
6575: .Pp
6576: A complete description of each test is given below.
6577: The comments about
6578: .Cm basicConstraints
6579: and
6580: .Cm keyUsage
6581: and V1 certificates above apply to all CA certificates.
6582: .Bl -tag -width "XXXX"
6583: .It SSL Client
6584: The extended key usage extension must be absent or include the
6585: web client authentication OID.
6586: .Cm keyUsage
6587: must be absent or it must have the
6588: .Cm digitalSignature
6589: bit set.
6590: The Netscape certificate type must be absent
6591: or it must have the SSL client bit set.
6592: .It SSL Client CA
6593: The extended key usage extension must be absent or include the
6594: web client authentication OID.
6595: The Netscape certificate type must be absent
6596: or it must have the SSL CA bit set:
6597: this is used as a workaround if the
6598: .Cm basicConstraints
6599: extension is absent.
6600: .It SSL Server
6601: The extended key usage extension must be absent or include the
6602: web server authentication and/or one of the SGC OIDs.
6603: .Cm keyUsage
6604: must be absent or it must have the
6605: .Cm digitalSignature
6606: set, the
6607: .Cm keyEncipherment
6608: set, or both bits set.
6609: The Netscape certificate type must be absent or have the SSL server bit set.
6610: .It SSL Server CA
6611: The extended key usage extension must be absent or include the
6612: web server authentication and/or one of the SGC OIDs.
6613: The Netscape certificate type must be absent or the SSL CA bit must be set:
6614: this is used as a workaround if the
6615: .Cm basicConstraints
6616: extension is absent.
6617: .It Netscape SSL Server
6618: For Netscape SSL clients to connect to an SSL server; it must have the
6619: .Cm keyEncipherment
6620: bit set if the
6621: .Cm keyUsage
6622: extension is present.
6623: This isn't always valid because some cipher suites use the key for
6624: digital signing.
6625: Otherwise it is the same as a normal SSL server.
6626: .It Common S/MIME Client Tests
6627: The extended key usage extension must be absent or include the
6628: email protection OID.
6629: The Netscape certificate type must be absent or should have the S/MIME bit set.
6630: If the S/MIME bit is not set in Netscape certificate type, then the SSL
6631: client bit is tolerated as an alternative but a warning is shown:
6632: this is because some Verisign certificates don't set the S/MIME bit.
6633: .It S/MIME Signing
6634: In addition to the common S/MIME client tests, the
6635: .Cm digitalSignature
6636: bit must be set if the
6637: .Cm keyUsage
6638: extension is present.
6639: .It S/MIME Encryption
6640: In addition to the common S/MIME tests, the
6641: .Cm keyEncipherment
6642: bit must be set if the
6643: .Cm keyUsage
6644: extension is present.
6645: .It S/MIME CA
6646: The extended key usage extension must be absent or include the
6647: email protection OID.
6648: The Netscape certificate type must be absent
6649: or must have the S/MIME CA bit set:
6650: this is used as a workaround if the
6651: .Cm basicConstraints
6652: extension is absent.
6653: .It CRL Signing
6654: The
6655: .Cm keyUsage
6656: extension must be absent or it must have the CRL signing bit set.
6657: .It CRL Signing CA
6658: The normal CA tests apply, except the
6659: .Cm basicConstraints
6660: extension must be present.
6661: .El
1.1 jsing 6662: .It Fl setalias Ar arg
1.80 jmc 6663: Set the alias of the certificate,
6664: allowing the certificate to be referred to using a nickname,
6665: such as
1.1 jsing 6666: .Qq Steve's Certificate .
6667: .It Fl trustout
1.80 jmc 6668: Output a trusted certificate
6669: (the default if any trust settings are modified).
1.1 jsing 6670: An ordinary or trusted certificate can be input, but by default an ordinary
6671: certificate is output and any trust settings are discarded.
6672: .El
1.80 jmc 6673: .Pp
1.1 jsing 6674: The
6675: .Nm x509
1.80 jmc 6676: utility can be used to sign certificates and requests:
6677: it can thus behave like a mini CA.
6678: The following are x509 signing options:
1.1 jsing 6679: .Bl -tag -width "XXXX"
6680: .It Fl CA Ar file
1.80 jmc 6681: The CA certificate to be used for signing.
1.1 jsing 6682: When this option is present,
6683: .Nm x509
1.80 jmc 6684: behaves like a mini CA.
1.1 jsing 6685: The input file is signed by the CA using this option;
6686: that is, its issuer name is set to the subject name of the CA and it is
6687: digitally signed using the CA's private key.
6688: .Pp
6689: This option is normally combined with the
6690: .Fl req
6691: option.
6692: Without the
6693: .Fl req
6694: option, the input is a certificate which must be self-signed.
6695: .It Fl CAcreateserial
1.80 jmc 6696: Create the CA serial number file if it does not exist
6697: instead of generating an error.
6698: The file will contain the serial number
1.1 jsing 6699: .Sq 02
6700: and the certificate being signed will have
6701: .Sq 1
6702: as its serial number.
1.80 jmc 6703: .It Fl CAform Cm der | pem
1.1 jsing 6704: The format of the CA certificate file.
6705: The default is
1.80 jmc 6706: .Cm pem .
1.1 jsing 6707: .It Fl CAkey Ar file
1.80 jmc 6708: Set the CA private key to sign a certificate with.
6709: Otherwise it is assumed that the CA private key is present
6710: in the CA certificate file.
6711: .It Fl CAkeyform Cm der | pem
1.1 jsing 6712: The format of the CA private key.
6713: The default is
1.80 jmc 6714: .Cm pem .
1.1 jsing 6715: .It Fl CAserial Ar file
1.80 jmc 6716: Use the serial number in
6717: .Ar file
6718: to sign a certificate.
6719: The file should consist of one line containing an even number of hex digits
1.1 jsing 6720: with the serial number to use.
6721: After each use the serial number is incremented and written out
6722: to the file again.
6723: .Pp
6724: The default filename consists of the CA certificate file base name with
6725: .Pa .srl
6726: appended.
6727: For example, if the CA certificate file is called
6728: .Pa mycacert.pem ,
6729: it expects to find a serial number file called
6730: .Pa mycacert.srl .
6731: .It Fl checkend Ar arg
6732: Check whether the certificate expires in the next
6733: .Ar arg
6734: seconds.
6735: If so, exit with return value 1;
6736: otherwise exit with return value 0.
6737: .It Fl clrext
6738: Delete any extensions from a certificate.
6739: This option is used when a certificate is being created from another
6740: certificate (for example with the
6741: .Fl signkey
6742: or the
6743: .Fl CA
6744: options).
6745: Normally, all extensions are retained.
6746: .It Fl days Ar arg
1.80 jmc 6747: The number of days to make a certificate valid for.
1.1 jsing 6748: The default is 30 days.
6749: .It Fl extensions Ar section
6750: The section to add certificate extensions from.
6751: If this option is not specified, the extensions should either be
1.80 jmc 6752: contained in the unnamed (default) section
6753: or the default section should contain a variable called
1.1 jsing 6754: .Qq extensions
6755: which contains the section to use.
6756: .It Fl extfile Ar file
6757: File containing certificate extensions to use.
6758: If not specified, no extensions are added to the certificate.
1.80 jmc 6759: .It Fl keyform Cm der | pem
6760: The format of the private key file used in the
1.1 jsing 6761: .Fl signkey
6762: option.
6763: .It Fl req
1.80 jmc 6764: Expect a certificate request on input instead of a certificate.
1.1 jsing 6765: .It Fl set_serial Ar n
1.80 jmc 6766: The serial number to use.
1.1 jsing 6767: This option can be used with either the
6768: .Fl signkey
6769: or
6770: .Fl CA
6771: options.
6772: If used in conjunction with the
6773: .Fl CA
6774: option, the serial number file (as specified by the
6775: .Fl CAserial
6776: or
6777: .Fl CAcreateserial
6778: options) is not used.
6779: .Pp
6780: The serial number can be decimal or hex (if preceded by
6781: .Sq 0x ) .
6782: Negative serial numbers can also be specified but their use is not recommended.
6783: .It Fl signkey Ar file
1.80 jmc 6784: Self-sign
6785: .Ar file
6786: using the supplied private key.
1.1 jsing 6787: .Pp
6788: If the input file is a certificate, it sets the issuer name to the
1.80 jmc 6789: subject name (i.e. makes it self-signed),
1.1 jsing 6790: changes the public key to the supplied value,
6791: and changes the start and end dates.
6792: The start date is set to the current time and the end date is set to
6793: a value determined by the
6794: .Fl days
6795: option.
6796: Any certificate extensions are retained unless the
6797: .Fl clrext
6798: option is supplied.
6799: .Pp
6800: If the input is a certificate request, a self-signed certificate
6801: is created using the supplied private key using the subject name in
6802: the request.
6803: .It Fl x509toreq
1.80 jmc 6804: Convert a certificate into a certificate request.
1.1 jsing 6805: The
6806: .Fl signkey
6807: option is used to pass the required private key.
6808: .El
1.38 jmc 6809: .Sh COMMON NOTATION
6810: Several commands share a common syntax,
6811: as detailed below.
6812: .Pp
6813: Password arguments, typically specified using
1.33 jmc 6814: .Fl passin
6815: and
6816: .Fl passout
1.38 jmc 6817: for input and output passwords,
6818: allow passwords to be obtained from a variety of sources.
6819: Both of these options take a single argument, described below.
1.33 jmc 6820: If no password argument is given and a password is required,
6821: then the user is prompted to enter one:
6822: this will typically be read from the current terminal with echoing turned off.
1.38 jmc 6823: .Bl -tag -width "pass:password" -offset indent
6824: .It Cm pass : Ns Ar password
1.33 jmc 6825: The actual password is
6826: .Ar password .
1.38 jmc 6827: Since the password is visible to utilities,
1.33 jmc 6828: this form should only be used where security is not important.
1.38 jmc 6829: .It Cm env : Ns Ar var
1.33 jmc 6830: Obtain the password from the environment variable
6831: .Ar var .
1.38 jmc 6832: Since the environment of other processes is visible,
6833: this option should be used with caution.
6834: .It Cm file : Ns Ar path
1.33 jmc 6835: The first line of
6836: .Ar path
6837: is the password.
6838: If the same
6839: .Ar path
6840: argument is supplied to
6841: .Fl passin
6842: and
6843: .Fl passout ,
6844: then the first line will be used for the input password and the next line
6845: for the output password.
6846: .Ar path
6847: need not refer to a regular file:
6848: it could, for example, refer to a device or named pipe.
1.38 jmc 6849: .It Cm fd : Ns Ar number
1.33 jmc 6850: Read the password from the file descriptor
6851: .Ar number .
1.38 jmc 6852: This can be used to send the data via a pipe, for example.
6853: .It Cm stdin
1.33 jmc 6854: Read the password from standard input.
1.35 jmc 6855: .El
1.38 jmc 6856: .Pp
1.64 jmc 6857: Input/output formats,
1.38 jmc 6858: typically specified using
6859: .Fl inform
6860: and
6861: .Fl outform ,
1.64 jmc 6862: indicate the format being read from or written to.
1.38 jmc 6863: The argument is case insensitive.
6864: .Pp
6865: .Bl -tag -width Ds -offset indent -compact
6866: .It Cm der
6867: Distinguished Encoding Rules (DER)
6868: is a binary format.
1.64 jmc 6869: .It Cm net
6870: Insecure legacy format.
1.38 jmc 6871: .It Cm pem
6872: Privacy Enhanced Mail (PEM)
6873: is base64-encoded.
1.108 inoguchi 6874: .It Cm pvk
6875: Private Key format.
1.70 jmc 6876: .It Cm smime
6877: An SMIME format message.
1.38 jmc 6878: .It Cm txt
6879: Plain ASCII text.
6880: .El
1.35 jmc 6881: .Sh ENVIRONMENT
6882: The following environment variables affect the execution of
6883: .Nm openssl :
1.38 jmc 6884: .Bl -tag -width "/etc/ssl/openssl.cnf"
1.35 jmc 6885: .It Ev OPENSSL_CONF
6886: The location of the master configuration file.
1.33 jmc 6887: .El
1.1 jsing 6888: .Sh FILES
6889: .Bl -tag -width "/etc/ssl/openssl.cnf" -compact
1.17 sobrado 6890: .It Pa /etc/ssl/
1.1 jsing 6891: Default config directory for
6892: .Nm openssl .
1.17 sobrado 6893: .It Pa /etc/ssl/lib/
1.1 jsing 6894: Unused.
1.17 sobrado 6895: .It Pa /etc/ssl/private/
1.1 jsing 6896: Default private key directory.
1.17 sobrado 6897: .It Pa /etc/ssl/openssl.cnf
1.1 jsing 6898: Default configuration file for
6899: .Nm openssl .
1.17 sobrado 6900: .It Pa /etc/ssl/x509v3.cnf
1.1 jsing 6901: Default configuration file for
6902: .Nm x509
6903: certificates.
6904: .El
6905: .Sh SEE ALSO
1.74 jmc 6906: .Xr acme-client 1 ,
1.26 jmc 6907: .Xr nc 1 ,
1.90 schwarze 6908: .Xr openssl.cnf 5 ,
6909: .Xr x509v3.cnf 5 ,
1.1 jsing 6910: .Xr ssl 8 ,
6911: .Xr starttls 8
6912: .Sh STANDARDS
6913: .Rs
6914: .%A T. Dierks
6915: .%A C. Allen
6916: .%D January 1999
6917: .%R RFC 2246
6918: .%T The TLS Protocol Version 1.0
6919: .Re
6920: .Pp
6921: .Rs
6922: .%A M. Wahl
6923: .%A S. Killie
6924: .%A T. Howes
6925: .%D December 1997
6926: .%R RFC 2253
6927: .%T Lightweight Directory Access Protocol (v3): UTF-8 String Representation of Distinguished Names
6928: .Re
6929: .Pp
6930: .Rs
6931: .%A B. Kaliski
6932: .%D March 1998
6933: .%R RFC 2315
6934: .%T PKCS #7: Cryptographic Message Syntax Version 1.5
6935: .Re
6936: .Pp
6937: .Rs
6938: .%A R. Housley
6939: .%A W. Ford
6940: .%A W. Polk
6941: .%A D. Solo
6942: .%D January 1999
6943: .%R RFC 2459
6944: .%T Internet X.509 Public Key Infrastructure Certificate and CRL Profile
6945: .Re
6946: .Pp
6947: .Rs
6948: .%A M. Myers
6949: .%A R. Ankney
6950: .%A A. Malpani
6951: .%A S. Galperin
6952: .%A C. Adams
6953: .%D June 1999
6954: .%R RFC 2560
6955: .%T X.509 Internet Public Key Infrastructure Online Certificate Status Protocol \(en OCSP
6956: .Re
6957: .Pp
6958: .Rs
6959: .%A R. Housley
6960: .%D June 1999
6961: .%R RFC 2630
6962: .%T Cryptographic Message Syntax
6963: .Re
6964: .Pp
6965: .Rs
6966: .%A P. Chown
6967: .%D June 2002
6968: .%R RFC 3268
1.24 jmc 6969: .%T Advanced Encryption Standard (AES) Ciphersuites for Transport Layer Security (TLS)
1.1 jsing 6970: .Re