Annotation of src/usr.bin/openssl/openssl.1, Revision 1.127
1.127 ! jmc 1: .\" $OpenBSD: openssl.1,v 1.126 2020/10/26 11:48:39 tb Exp $
1.1 jsing 2: .\" ====================================================================
3: .\" Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
4: .\"
5: .\" Redistribution and use in source and binary forms, with or without
6: .\" modification, are permitted provided that the following conditions
7: .\" are met:
8: .\"
9: .\" 1. Redistributions of source code must retain the above copyright
10: .\" notice, this list of conditions and the following disclaimer.
11: .\"
12: .\" 2. Redistributions in binary form must reproduce the above copyright
13: .\" notice, this list of conditions and the following disclaimer in
14: .\" the documentation and/or other materials provided with the
15: .\" distribution.
16: .\"
17: .\" 3. All advertising materials mentioning features or use of this
18: .\" software must display the following acknowledgment:
19: .\" "This product includes software developed by the OpenSSL Project
20: .\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
21: .\"
22: .\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
23: .\" endorse or promote products derived from this software without
24: .\" prior written permission. For written permission, please contact
25: .\" openssl-core@openssl.org.
26: .\"
27: .\" 5. Products derived from this software may not be called "OpenSSL"
28: .\" nor may "OpenSSL" appear in their names without prior written
29: .\" permission of the OpenSSL Project.
30: .\"
31: .\" 6. Redistributions of any form whatsoever must retain the following
32: .\" acknowledgment:
33: .\" "This product includes software developed by the OpenSSL Project
34: .\" for use in the OpenSSL Toolkit (http://www.openssl.org/)"
35: .\"
36: .\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
37: .\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
38: .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
39: .\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
40: .\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
41: .\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
42: .\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
43: .\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
44: .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
45: .\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
46: .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
47: .\" OF THE POSSIBILITY OF SUCH DAMAGE.
48: .\" ====================================================================
49: .\"
50: .\" This product includes cryptographic software written by Eric Young
51: .\" (eay@cryptsoft.com). This product includes software written by Tim
52: .\" Hudson (tjh@cryptsoft.com).
53: .\"
54: .\"
55: .\" Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
56: .\" All rights reserved.
57: .\"
58: .\" This package is an SSL implementation written
59: .\" by Eric Young (eay@cryptsoft.com).
60: .\" The implementation was written so as to conform with Netscapes SSL.
61: .\"
62: .\" This library is free for commercial and non-commercial use as long as
63: .\" the following conditions are aheared to. The following conditions
64: .\" apply to all code found in this distribution, be it the RC4, RSA,
65: .\" lhash, DES, etc., code; not just the SSL code. The SSL documentation
66: .\" included with this distribution is covered by the same copyright terms
67: .\" except that the holder is Tim Hudson (tjh@cryptsoft.com).
68: .\"
69: .\" Copyright remains Eric Young's, and as such any Copyright notices in
70: .\" the code are not to be removed.
71: .\" If this package is used in a product, Eric Young should be given attribution
72: .\" as the author of the parts of the library used.
73: .\" This can be in the form of a textual message at program startup or
74: .\" in documentation (online or textual) provided with the package.
75: .\"
76: .\" Redistribution and use in source and binary forms, with or without
77: .\" modification, are permitted provided that the following conditions
78: .\" are met:
79: .\" 1. Redistributions of source code must retain the copyright
80: .\" notice, this list of conditions and the following disclaimer.
81: .\" 2. Redistributions in binary form must reproduce the above copyright
82: .\" notice, this list of conditions and the following disclaimer in the
83: .\" documentation and/or other materials provided with the distribution.
84: .\" 3. All advertising materials mentioning features or use of this software
85: .\" must display the following acknowledgement:
86: .\" "This product includes cryptographic software written by
87: .\" Eric Young (eay@cryptsoft.com)"
88: .\" The word 'cryptographic' can be left out if the rouines from the library
89: .\" being used are not cryptographic related :-).
90: .\" 4. If you include any Windows specific code (or a derivative thereof) from
91: .\" the apps directory (application code) you must include an
92: .\" acknowledgement:
93: .\" "This product includes software written by Tim Hudson
94: .\" (tjh@cryptsoft.com)"
95: .\"
96: .\" THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
97: .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
98: .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
99: .\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
100: .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
101: .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
102: .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
103: .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
104: .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
105: .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
106: .\" SUCH DAMAGE.
107: .\"
108: .\" The licence and distribution terms for any publically available version or
109: .\" derivative of this code cannot be changed. i.e. this code cannot simply be
110: .\" copied and put under another distribution licence
111: .\" [including the GNU Public Licence.]
112: .\"
1.127 ! jmc 113: .Dd $Mdocdate: October 26 2020 $
1.1 jsing 114: .Dt OPENSSL 1
115: .Os
116: .Sh NAME
117: .Nm openssl
118: .Nd OpenSSL command line tool
119: .Sh SYNOPSIS
120: .Nm
1.90 schwarze 121: .Ar command
1.1 jsing 122: .Op Ar command_opts
123: .Op Ar command_args
124: .Pp
125: .Nm
1.13 bentley 126: .Cm list-standard-commands |
127: .Cm list-message-digest-commands |
128: .Cm list-cipher-commands |
129: .Cm list-cipher-algorithms |
130: .Cm list-message-digest-algorithms |
1.1 jsing 131: .Cm list-public-key-algorithms
132: .Pp
133: .Nm
1.39 jmc 134: .Cm no- Ns Ar command
1.1 jsing 135: .Sh DESCRIPTION
136: .Nm OpenSSL
1.31 jmc 137: is a cryptography toolkit implementing the
138: Transport Layer Security
1.1 jsing 139: .Pq TLS v1
1.31 jmc 140: network protocol,
141: as well as related cryptography standards.
1.1 jsing 142: .Pp
143: The
144: .Nm
145: program is a command line tool for using the various
146: cryptography functions of
1.39 jmc 147: .Nm openssl Ns 's
1.33 jmc 148: crypto library from the shell.
1.1 jsing 149: .Pp
150: The pseudo-commands
151: .Cm list-standard-commands , list-message-digest-commands ,
152: and
153: .Cm list-cipher-commands
154: output a list
155: .Pq one entry per line
156: of the names of all standard commands, message digest commands,
157: or cipher commands, respectively, that are available in the present
158: .Nm
159: utility.
160: .Pp
161: The pseudo-commands
162: .Cm list-cipher-algorithms
163: and
164: .Cm list-message-digest-algorithms
165: list all cipher and message digest names,
166: one entry per line.
167: Aliases are listed as:
168: .Pp
1.33 jmc 169: .D1 from => to
1.1 jsing 170: .Pp
171: The pseudo-command
172: .Cm list-public-key-algorithms
173: lists all supported public key algorithms.
174: .Pp
175: The pseudo-command
1.39 jmc 176: .Cm no- Ns Ar command
1.1 jsing 177: tests whether a command of the
178: specified name is available.
1.39 jmc 179: If
180: .Ar command
181: does not exist,
1.1 jsing 182: it returns 0
183: and prints
1.39 jmc 184: .Cm no- Ns Ar command ;
1.1 jsing 185: otherwise it returns 1 and prints
1.39 jmc 186: .Ar command .
187: In both cases, the output goes to stdout and nothing is printed to stderr.
1.1 jsing 188: Additional command line arguments are always ignored.
189: Since for each cipher there is a command of the same name,
190: this provides an easy way for shell scripts to test for the
191: availability of ciphers in the
192: .Nm
193: program.
194: .Pp
195: .Sy Note :
1.39 jmc 196: .Cm no- Ns Ar command
1.1 jsing 197: is not able to detect pseudo-commands such as
198: .Cm quit ,
199: .Cm list- Ns Ar ... Ns Cm -commands ,
200: or
1.39 jmc 201: .Cm no- Ns Ar command
1.1 jsing 202: itself.
1.120 kn 203: .Tg asn1parse
1.1 jsing 204: .Sh ASN1PARSE
1.114 jmc 205: .Bl -hang -width "openssl asn1parse"
206: .It Nm openssl asn1parse
207: .Bk -words
1.1 jsing 208: .Op Fl i
209: .Op Fl dlimit Ar number
210: .Op Fl dump
211: .Op Fl genconf Ar file
212: .Op Fl genstr Ar str
213: .Op Fl in Ar file
1.34 jmc 214: .Op Fl inform Cm der | pem | txt
1.1 jsing 215: .Op Fl length Ar number
216: .Op Fl noout
217: .Op Fl offset Ar number
218: .Op Fl oid Ar file
219: .Op Fl out Ar file
220: .Op Fl strparse Ar offset
1.114 jmc 221: .Ek
222: .El
1.1 jsing 223: .Pp
224: The
225: .Nm asn1parse
226: command is a diagnostic utility that can parse ASN.1 structures.
227: It can also be used to extract data from ASN.1 formatted data.
228: .Pp
229: The options are as follows:
230: .Bl -tag -width Ds
231: .It Fl dlimit Ar number
232: Dump the first
233: .Ar number
234: bytes of unknown data in hex form.
235: .It Fl dump
236: Dump unknown data in hex form.
237: .It Fl genconf Ar file , Fl genstr Ar str
238: Generate encoded data based on string
239: .Ar str ,
240: file
241: .Ar file ,
1.34 jmc 242: or both, using the format described in
243: .Xr ASN1_generate_nconf 3 .
1.1 jsing 244: If only
245: .Ar file
246: is present then the string is obtained from the default section
247: using the name
248: .Dq asn1 .
1.84 jmc 249: The encoded data is passed through the ASN.1 parser and printed out as
1.1 jsing 250: though it came from a file;
251: the contents can thus be examined and written to a file using the
252: .Fl out
253: option.
254: .It Fl i
1.34 jmc 255: Indent the output according to the
1.1 jsing 256: .Qq depth
257: of the structures.
258: .It Fl in Ar file
1.41 jmc 259: The input file to read from, or standard input if not specified.
1.34 jmc 260: .It Fl inform Cm der | pem | txt
1.1 jsing 261: The input format.
262: .It Fl length Ar number
1.34 jmc 263: Number of bytes to parse; the default is until end of file.
1.1 jsing 264: .It Fl noout
1.46 jmc 265: Do not output the parsed version of the input file.
1.1 jsing 266: .It Fl offset Ar number
1.34 jmc 267: Starting offset to begin parsing; the default is start of file.
1.1 jsing 268: .It Fl oid Ar file
269: A file containing additional object identifiers
270: .Pq OIDs .
271: If an OID
272: .Pq object identifier
273: is not part of
1.34 jmc 274: .Nm openssl Ns 's
1.1 jsing 275: internal table it will be represented in
276: numerical form
277: .Pq for example 1.2.3.4 .
1.34 jmc 278: .Pp
1.1 jsing 279: Each line consists of three columns:
280: the first column is the OID in numerical format and should be followed by
281: whitespace.
282: The second column is the
1.34 jmc 283: .Qq short name ,
1.1 jsing 284: which is a single word followed by whitespace.
285: The final column is the rest of the line and is the
286: .Qq long name .
287: .Nm asn1parse
288: displays the long name.
1.34 jmc 289: .It Fl out Ar file
290: The DER-encoded output file; the default is no encoded output
291: (useful when combined with
292: .Fl strparse ) .
293: .It Fl strparse Ar offset
294: Parse the content octets of the ASN.1 object starting at
295: .Ar offset .
296: This option can be used multiple times to
297: .Qq drill down
298: into a nested structure.
299: .El
1.120 kn 300: .Tg ca
1.1 jsing 301: .Sh CA
1.114 jmc 302: .Bl -hang -width "openssl ca"
303: .It Nm openssl ca
304: .Bk -words
1.1 jsing 305: .Op Fl batch
306: .Op Fl cert Ar file
307: .Op Fl config Ar file
1.91 schwarze 308: .Op Fl create_serial
1.1 jsing 309: .Op Fl crl_CA_compromise Ar time
310: .Op Fl crl_compromise Ar time
311: .Op Fl crl_hold Ar instruction
312: .Op Fl crl_reason Ar reason
313: .Op Fl crldays Ar days
314: .Op Fl crlexts Ar section
315: .Op Fl crlhours Ar hours
1.103 inoguchi 316: .Op Fl crlsec Ar seconds
1.1 jsing 317: .Op Fl days Ar arg
318: .Op Fl enddate Ar date
319: .Op Fl extensions Ar section
1.103 inoguchi 320: .Op Fl extfile Ar file
1.1 jsing 321: .Op Fl gencrl
322: .Op Fl in Ar file
323: .Op Fl infiles
1.91 schwarze 324: .Op Fl key Ar password
1.103 inoguchi 325: .Op Fl keyfile Ar file
1.91 schwarze 326: .Op Fl keyform Cm pem | der
1.103 inoguchi 327: .Op Fl md Ar alg
1.1 jsing 328: .Op Fl msie_hack
1.107 inoguchi 329: .Op Fl multivalue-rdn
1.1 jsing 330: .Op Fl name Ar section
331: .Op Fl noemailDN
332: .Op Fl notext
333: .Op Fl out Ar file
1.103 inoguchi 334: .Op Fl outdir Ar directory
1.1 jsing 335: .Op Fl passin Ar arg
336: .Op Fl policy Ar arg
337: .Op Fl preserveDN
338: .Op Fl revoke Ar file
1.91 schwarze 339: .Op Fl selfsign
1.103 inoguchi 340: .Op Fl sigopt Ar nm:v
1.1 jsing 341: .Op Fl spkac Ar file
342: .Op Fl ss_cert Ar file
343: .Op Fl startdate Ar date
344: .Op Fl status Ar serial
345: .Op Fl subj Ar arg
346: .Op Fl updatedb
1.91 schwarze 347: .Op Fl utf8
1.1 jsing 348: .Op Fl verbose
1.114 jmc 349: .Ek
350: .El
1.1 jsing 351: .Pp
352: The
353: .Nm ca
1.35 jmc 354: command is a minimal certificate authority (CA) application.
1.1 jsing 355: It can be used to sign certificate requests in a variety of forms
1.35 jmc 356: and generate certificate revocation lists (CRLs).
1.1 jsing 357: It also maintains a text database of issued certificates and their status.
358: .Pp
1.35 jmc 359: The options relevant to CAs are as follows:
1.1 jsing 360: .Bl -tag -width "XXXX"
361: .It Fl batch
1.41 jmc 362: Batch mode.
1.1 jsing 363: In this mode no questions will be asked
364: and all certificates will be certified automatically.
365: .It Fl cert Ar file
366: The CA certificate file.
367: .It Fl config Ar file
1.72 jmc 368: Specify an alternative configuration file.
1.91 schwarze 369: .It Fl create_serial
370: If reading the serial from the text file as specified in the
371: configuration fails, create a new random serial to be used as the
372: next serial number.
1.1 jsing 373: .It Fl days Ar arg
374: The number of days to certify the certificate for.
375: .It Fl enddate Ar date
1.41 jmc 376: Set the expiry date.
1.88 jmc 377: The format of the date is [YY]YYMMDDHHMMSSZ,
378: with all four year digits required for dates from 2050 onwards.
1.1 jsing 379: .It Fl extensions Ar section
380: The section of the configuration file containing certificate extensions
381: to be added when a certificate is issued (defaults to
1.35 jmc 382: .Cm x509_extensions
1.1 jsing 383: unless the
384: .Fl extfile
385: option is used).
386: If no extension section is present, a V1 certificate is created.
387: If the extension section is present
388: .Pq even if it is empty ,
389: then a V3 certificate is created.
1.91 schwarze 390: See the
391: .Xr x509v3.cnf 5
392: manual page for details of the extension section format.
1.1 jsing 393: .It Fl extfile Ar file
394: An additional configuration
395: .Ar file
396: to read certificate extensions from
397: (using the default section unless the
398: .Fl extensions
399: option is also used).
400: .It Fl in Ar file
401: An input
402: .Ar file
403: containing a single certificate request to be signed by the CA.
404: .It Fl infiles
405: If present, this should be the last option; all subsequent arguments
406: are assumed to be the names of files containing certificate requests.
1.91 schwarze 407: .It Fl key Ar password
408: The
409: .Fa password
410: used to encrypt the private key.
1.35 jmc 411: Since on some systems the command line arguments are visible,
412: this option should be used with caution.
1.1 jsing 413: .It Fl keyfile Ar file
414: The private key to sign requests with.
1.91 schwarze 415: .It Fl keyform Cm pem | der
1.1 jsing 416: Private key file format.
1.91 schwarze 417: The default is
418: .Cm pem .
1.1 jsing 419: .It Fl md Ar alg
420: The message digest to use.
421: Possible values include
422: .Ar md5
423: and
424: .Ar sha1 .
425: This option also applies to CRLs.
426: .It Fl msie_hack
427: This is a legacy option to make
428: .Nm ca
429: work with very old versions of the IE certificate enrollment control
430: .Qq certenr3 .
431: It used UniversalStrings for almost everything.
432: Since the old control has various security bugs,
433: its use is strongly discouraged.
434: The newer control
435: .Qq Xenroll
436: does not need this option.
1.107 inoguchi 437: .It Fl multivalue-rdn
1.91 schwarze 438: This option causes the
439: .Fl subj
440: argument to be interpreted with full support for multivalued RDNs,
441: for example
442: .Qq "/DC=org/DC=OpenSSL/DC=users/UID=123456+CN=John Doe" .
443: If
1.107 inoguchi 444: .Fl multivalue-rdn
1.91 schwarze 445: is not used, the UID value is set to
446: .Qq "123456+CN=John Doe" .
1.1 jsing 447: .It Fl name Ar section
448: Specifies the configuration file
449: .Ar section
450: to use (overrides
451: .Cm default_ca
452: in the
453: .Cm ca
454: section).
455: .It Fl noemailDN
456: The DN of a certificate can contain the EMAIL field if present in the
1.30 mmcc 457: request DN, however it is good policy just having the email set into
1.1 jsing 458: the
1.35 jmc 459: .Cm altName
1.1 jsing 460: extension of the certificate.
461: When this option is set, the EMAIL field is removed from the certificate's
462: subject and set only in the, eventually present, extensions.
463: The
464: .Ar email_in_dn
465: keyword can be used in the configuration file to enable this behaviour.
466: .It Fl notext
467: Don't output the text form of a certificate to the output file.
468: .It Fl out Ar file
469: The output file to output certificates to.
470: The default is standard output.
1.91 schwarze 471: The certificate details will also be printed out to this file in
472: PEM format, except that
473: .Fl spkac
474: outputs DER format.
1.1 jsing 475: .It Fl outdir Ar directory
476: The
477: .Ar directory
478: to output certificates to.
479: The certificate will be written to a file consisting of the
480: serial number in hex with
481: .Qq .pem
482: appended.
483: .It Fl passin Ar arg
484: The key password source.
485: .It Fl policy Ar arg
1.41 jmc 486: Define the CA
1.1 jsing 487: .Qq policy
488: to use.
1.35 jmc 489: The policy section in the configuration file
490: consists of a set of variables corresponding to certificate DN fields.
491: The values may be one of
492: .Qq match
493: (the value must match the same field in the CA certificate),
494: .Qq supplied
495: (the value must be present), or
496: .Qq optional
497: (the value may be present).
498: Any fields not mentioned in the policy section
499: are silently deleted, unless the
500: .Fl preserveDN
501: option is set,
502: but this can be regarded more of a quirk than intended behaviour.
1.1 jsing 503: .It Fl preserveDN
504: Normally, the DN order of a certificate is the same as the order of the
505: fields in the relevant policy section.
506: When this option is set, the order is the same as the request.
507: This is largely for compatibility with the older IE enrollment control
508: which would only accept certificates if their DNs matched the order of the
509: request.
510: This is not needed for Xenroll.
1.91 schwarze 511: .It Fl selfsign
512: Indicates the issued certificates are to be signed with the key the
513: certificate requests were signed with, given with
514: .Fl keyfile .
515: Certificate requests signed with a different key are ignored.
516: If
517: .Fl gencrl ,
518: .Fl spkac ,
519: or
520: .Fl ss_cert
521: are given,
522: .Fl selfsign
523: is ignored.
524: .Pp
525: A consequence of using
526: .Fl selfsign
527: is that the self-signed certificate appears among the entries in
528: the certificate database (see the configuration option
529: .Cm database )
530: and uses the same serial number counter as all other certificates
531: signed with the self-signed certificate.
1.103 inoguchi 532: .It Fl sigopt Ar nm:v
533: Pass options to the signature algorithm during sign or certify operations.
534: The names and values of these options are algorithm-specific.
1.1 jsing 535: .It Fl spkac Ar file
536: A file containing a single Netscape signed public key and challenge,
537: and additional field values to be signed by the CA.
1.35 jmc 538: This will usually come from the
539: KEYGEN tag in an HTML form to create a new private key.
540: It is, however, possible to create SPKACs using the
541: .Nm spkac
542: utility.
543: .Pp
544: The file should contain the variable SPKAC set to the value of
545: the SPKAC and also the required DN components as name value pairs.
546: If it's necessary to include the same component twice,
547: then it can be preceded by a number and a
548: .Sq \&. .
1.1 jsing 549: .It Fl ss_cert Ar file
550: A single self-signed certificate to be signed by the CA.
551: .It Fl startdate Ar date
1.41 jmc 552: Set the start date.
1.88 jmc 553: The format of the date is [YY]YYMMDDHHMMSSZ,
554: with all four year digits required for dates from 2050 onwards.
1.91 schwarze 555: .It Fl subj Ar arg
556: Supersedes the subject name given in the request.
557: The
558: .Ar arg
559: must be formatted as
560: .Sm off
561: .Pf / Ar type0 Ns = Ar value0 Ns / Ar type 1 Ns = Ar value 1 Ns /
562: .Ar type2 Ns = Ar ... ;
563: .Sm on
564: characters may be escaped by
565: .Sq \e
566: .Pq backslash ,
567: no spaces are skipped.
568: .It Fl utf8
569: Interpret field values read from a terminal or obtained from a
570: configuration file as UTF-8 strings.
571: By default, they are interpreted as ASCII.
1.1 jsing 572: .It Fl verbose
1.41 jmc 573: Print extra details about the operations being performed.
1.1 jsing 574: .El
1.35 jmc 575: .Pp
576: The options relevant to CRLs are as follows:
1.1 jsing 577: .Bl -tag -width "XXXX"
578: .It Fl crl_CA_compromise Ar time
579: This is the same as
580: .Fl crl_compromise ,
581: except the revocation reason is set to CACompromise.
582: .It Fl crl_compromise Ar time
1.41 jmc 583: Set the revocation reason to keyCompromise and the compromise time to
1.1 jsing 584: .Ar time .
585: .Ar time
586: should be in GeneralizedTime format, i.e. YYYYMMDDHHMMSSZ.
587: .It Fl crl_hold Ar instruction
1.41 jmc 588: Set the CRL revocation reason code to certificateHold and the hold
1.1 jsing 589: instruction to
590: .Ar instruction
591: which must be an OID.
592: Although any OID can be used, only holdInstructionNone
593: (the use of which is discouraged by RFC 2459), holdInstructionCallIssuer or
594: holdInstructionReject will normally be used.
595: .It Fl crl_reason Ar reason
596: Revocation reason, where
597: .Ar reason
598: is one of:
599: unspecified, keyCompromise, CACompromise, affiliationChanged, superseded,
600: cessationOfOperation, certificateHold or removeFromCRL.
601: The matching of
602: .Ar reason
603: is case insensitive.
604: Setting any revocation reason will make the CRL v2.
605: In practice, removeFromCRL is not particularly useful because it is only used
606: in delta CRLs which are not currently implemented.
1.103 inoguchi 607: .It Fl crldays Ar days
1.1 jsing 608: The number of days before the next CRL is due.
609: This is the days from now to place in the CRL
1.35 jmc 610: .Cm nextUpdate
1.1 jsing 611: field.
612: .It Fl crlexts Ar section
613: The
614: .Ar section
615: of the configuration file containing CRL extensions to include.
616: If no CRL extension section is present then a V1 CRL is created;
617: if the CRL extension section is present
1.81 jmc 618: (even if it is empty)
1.1 jsing 619: then a V2 CRL is created.
1.81 jmc 620: The CRL extensions specified are CRL extensions and not CRL entry extensions.
621: It should be noted that some software can't handle V2 CRLs.
1.91 schwarze 622: See the
623: .Xr x509v3.cnf 5
624: manual page for details of the extension section format.
1.103 inoguchi 625: .It Fl crlhours Ar hours
1.1 jsing 626: The number of hours before the next CRL is due.
1.103 inoguchi 627: .It Fl crlsec Ar seconds
628: The number of seconds before the next CRL is due.
1.1 jsing 629: .It Fl gencrl
1.41 jmc 630: Generate a CRL based on information in the index file.
1.1 jsing 631: .It Fl revoke Ar file
632: A
633: .Ar file
634: containing a certificate to revoke.
1.91 schwarze 635: .It Fl status Ar serial
636: Show the status of the certificate with serial number
637: .Ar serial .
638: .It Fl updatedb
639: Update the database index to purge expired certificates.
1.1 jsing 640: .El
641: .Pp
1.35 jmc 642: Many of the options can be set in the
643: .Cm ca
644: section of the configuration file
645: (or in the default section of the configuration file),
646: specified using
647: .Cm default_ca
648: or
649: .Fl name .
650: The options
651: .Cm preserve
652: and
653: .Cm msie_hack
654: are read directly from the
655: .Cm ca
656: section.
1.1 jsing 657: .Pp
658: Many of the configuration file options are identical to command line
659: options.
660: Where the option is present in the configuration file and the command line,
661: the command line value is used.
662: Where an option is described as mandatory, then it must be present in
663: the configuration file or the command line equivalent
664: .Pq if any
665: used.
666: .Bl -tag -width "XXXX"
1.35 jmc 667: .It Cm certificate
1.1 jsing 668: The same as
669: .Fl cert .
670: It gives the file containing the CA certificate.
671: Mandatory.
1.35 jmc 672: .It Cm copy_extensions
1.1 jsing 673: Determines how extensions in certificate requests should be handled.
674: If set to
1.35 jmc 675: .Cm none
1.1 jsing 676: or this option is not present, then extensions are
677: ignored and not copied to the certificate.
678: If set to
1.35 jmc 679: .Cm copy ,
1.1 jsing 680: then any extensions present in the request that are not already present
681: are copied to the certificate.
682: If set to
1.35 jmc 683: .Cm copyall ,
1.1 jsing 684: then all extensions in the request are copied to the certificate:
685: if the extension is already present in the certificate it is deleted first.
1.35 jmc 686: .Pp
687: The
688: .Cm copy_extensions
689: option should be used with caution.
690: If care is not taken, it can be a security risk.
691: For example, if a certificate request contains a
692: .Cm basicConstraints
693: extension with CA:TRUE and the
694: .Cm copy_extensions
695: value is set to
696: .Cm copyall
697: and the user does not spot
1.91 schwarze 698: this when the certificate is displayed, then this will hand the requester
1.35 jmc 699: a valid CA certificate.
700: .Pp
701: This situation can be avoided by setting
702: .Cm copy_extensions
703: to
704: .Cm copy
705: and including
706: .Cm basicConstraints
707: with CA:FALSE in the configuration file.
708: Then if the request contains a
709: .Cm basicConstraints
710: extension, it will be ignored.
1.1 jsing 711: .Pp
712: The main use of this option is to allow a certificate request to supply
713: values for certain extensions such as
1.35 jmc 714: .Cm subjectAltName .
715: .It Cm crl_extensions
1.1 jsing 716: The same as
717: .Fl crlexts .
1.35 jmc 718: .It Cm crlnumber
1.1 jsing 719: A text file containing the next CRL number to use in hex.
720: The CRL number will be inserted in the CRLs only if this file exists.
721: If this file is present, it must contain a valid CRL number.
1.35 jmc 722: .It Cm database
1.1 jsing 723: The text database file to use.
724: Mandatory.
725: This file must be present, though initially it will be empty.
1.35 jmc 726: .It Cm default_crl_hours , default_crl_days
1.1 jsing 727: The same as the
728: .Fl crlhours
729: and
730: .Fl crldays
731: options.
732: These will only be used if neither command line option is present.
733: At least one of these must be present to generate a CRL.
1.35 jmc 734: .It Cm default_days
1.1 jsing 735: The same as the
736: .Fl days
737: option.
738: The number of days to certify a certificate for.
1.35 jmc 739: .It Cm default_enddate
1.1 jsing 740: The same as the
741: .Fl enddate
742: option.
743: Either this option or
1.35 jmc 744: .Cm default_days
1.1 jsing 745: .Pq or the command line equivalents
746: must be present.
1.35 jmc 747: .It Cm default_md
1.1 jsing 748: The same as the
749: .Fl md
750: option.
751: The message digest to use.
752: Mandatory.
1.35 jmc 753: .It Cm default_startdate
1.1 jsing 754: The same as the
755: .Fl startdate
756: option.
757: The start date to certify a certificate for.
758: If not set, the current time is used.
1.35 jmc 759: .It Cm email_in_dn
1.1 jsing 760: The same as
761: .Fl noemailDN .
762: If the EMAIL field is to be removed from the DN of the certificate,
763: simply set this to
764: .Qq no .
765: If not present, the default is to allow for the EMAIL field in the
766: certificate's DN.
1.35 jmc 767: .It Cm msie_hack
1.1 jsing 768: The same as
769: .Fl msie_hack .
1.35 jmc 770: .It Cm name_opt , cert_opt
1.1 jsing 771: These options allow the format used to display the certificate details
772: when asking the user to confirm signing.
773: All the options supported by the
774: .Nm x509
775: utilities'
776: .Fl nameopt
777: and
778: .Fl certopt
779: switches can be used here, except that
1.35 jmc 780: .Cm no_signame
1.1 jsing 781: and
1.35 jmc 782: .Cm no_sigdump
1.1 jsing 783: are permanently set and cannot be disabled
784: (this is because the certificate signature cannot be displayed because
785: the certificate has not been signed at this point).
786: .Pp
787: For convenience, the value
1.35 jmc 788: .Cm ca_default
1.1 jsing 789: is accepted by both to produce a reasonable output.
790: .Pp
791: If neither option is present, the format used in earlier versions of
1.35 jmc 792: .Nm openssl
1.1 jsing 793: is used.
1.81 jmc 794: Use of the old format is strongly discouraged
795: because it only displays fields mentioned in the
1.35 jmc 796: .Cm policy
1.1 jsing 797: section,
798: mishandles multicharacter string types and does not display extensions.
1.35 jmc 799: .It Cm new_certs_dir
1.1 jsing 800: The same as the
801: .Fl outdir
802: command line option.
803: It specifies the directory where new certificates will be placed.
804: Mandatory.
1.35 jmc 805: .It Cm oid_file
1.1 jsing 806: This specifies a file containing additional object identifiers.
807: Each line of the file should consist of the numerical form of the
808: object identifier followed by whitespace, then the short name followed
809: by whitespace and finally the long name.
1.35 jmc 810: .It Cm oid_section
1.1 jsing 811: This specifies a section in the configuration file containing extra
812: object identifiers.
813: Each line should consist of the short name of the object identifier
814: followed by
815: .Sq =
816: and the numerical form.
817: The short and long names are the same when this option is used.
1.35 jmc 818: .It Cm policy
1.1 jsing 819: The same as
820: .Fl policy .
821: Mandatory.
1.35 jmc 822: .It Cm preserve
1.1 jsing 823: The same as
824: .Fl preserveDN .
1.35 jmc 825: .It Cm private_key
1.1 jsing 826: Same as the
827: .Fl keyfile
828: option.
829: The file containing the CA private key.
830: Mandatory.
1.35 jmc 831: .It Cm serial
1.1 jsing 832: A text file containing the next serial number to use in hex.
833: Mandatory.
834: This file must be present and contain a valid serial number.
1.35 jmc 835: .It Cm unique_subject
1.1 jsing 836: If the value
1.35 jmc 837: .Cm yes
1.1 jsing 838: is given, the valid certificate entries in the
839: database must have unique subjects.
840: If the value
1.35 jmc 841: .Cm no
1.1 jsing 842: is given,
843: several valid certificate entries may have the exact same subject.
844: The default value is
1.35 jmc 845: .Cm yes .
846: .It Cm x509_extensions
1.1 jsing 847: The same as
848: .Fl extensions .
1.123 inoguchi 849: .El
850: .Tg certhash
851: .Sh CERTHASH
852: .Bl -hang -width "openssl certhash"
853: .It Nm openssl certhash
854: .Bk -words
855: .Op Fl nv
856: .Ar dir ...
857: .Ek
858: .El
859: .Pp
860: The
861: .Nm certhash
862: command calculates a hash value of
863: .Qq .pem
864: file in the specified directory list and creates symbolic links for each file,
865: where the name of the link is the hash value.
866: See the
867: .Xr SSL_CTX_load_verify_locations 3
868: manual page for how hash links are used.
869: .Pp
870: The links created are of the form
871: .Qq HHHHHHHH.D ,
872: where each
873: .Sq H
874: is a hexadecimal character and
875: .Sq D
876: is a single decimal digit.
877: The hashes for CRLs look similar, except the letter
878: .Sq r
879: appears after the period, like this:
880: .Qq HHHHHHHH.rD .
881: When processing a directory,
882: .Nm certhash
883: will first remove all links that have a name in that syntax and invalid
884: reference.
885: .Pp
886: Multiple objects may have the same hash; they will be indicated by
887: incrementing the
888: .Sq D
889: value.
890: Duplicates are found by comparing the full SHA256 fingerprint.
891: A warning will be displayed if a duplicate is found.
892: .Pp
893: A warning will also be displayed if there are files that cannot be parsed as
894: either a certificate or a CRL.
895: .Pp
896: The options are as follows:
897: .Bl -tag -width Ds
898: .It Fl n
899: Perform a dry-run, and do not make any changes.
900: .It Fl v
901: Print extra details about the processing.
902: .It Ar dir ...
903: Specify the directories to process.
1.1 jsing 904: .El
1.120 kn 905: .Tg ciphers
1.1 jsing 906: .Sh CIPHERS
907: .Nm openssl ciphers
908: .Op Fl hVv
1.93 schwarze 909: .Op Ar control
1.1 jsing 910: .Pp
911: The
912: .Nm ciphers
1.93 schwarze 913: command converts the
914: .Ar control
915: string from the format documented in
916: .Xr SSL_CTX_set_cipher_list 3
917: into an ordered SSL cipher suite preference list.
918: If no
919: .Ar control
920: string is specified, the
921: .Cm DEFAULT
922: list is printed.
1.1 jsing 923: .Pp
924: The options are as follows:
925: .Bl -tag -width Ds
926: .It Fl h , \&?
927: Print a brief usage message.
928: .It Fl V
1.36 jmc 929: Verbose.
1.92 schwarze 930: List ciphers with cipher suite code in hex format,
931: cipher name, and a complete description of protocol version,
932: key exchange, authentication, encryption, and mac algorithms.
1.36 jmc 933: .It Fl v
1.1 jsing 934: Like
1.36 jmc 935: .Fl V ,
936: but without cipher suite codes.
1.116 inoguchi 937: .El
1.120 kn 938: .Tg cms
1.116 inoguchi 939: .Sh CMS
940: .Bl -hang -width "openssl cms"
941: .It Nm openssl cms
942: .Bk -words
943: .Oo
944: .Fl aes128 | aes192 | aes256 | camellia128 |
945: .Fl camellia192 | camellia256 | des | des3 |
946: .Fl rc2-40 | rc2-64 | rc2-128
947: .Oc
948: .Op Fl CAfile Ar file
949: .Op Fl CApath Ar directory
950: .Op Fl binary
951: .Op Fl certfile Ar file
952: .Op Fl certsout Ar file
953: .Op Fl cmsout
954: .Op Fl compress
955: .Op Fl content Ar file
956: .Op Fl crlfeol
957: .Op Fl data_create
958: .Op Fl data_out
959: .Op Fl debug_decrypt
960: .Op Fl decrypt
961: .Op Fl digest_create
962: .Op Fl digest_verify
963: .Op Fl econtent_type Ar type
964: .Op Fl encrypt
965: .Op Fl EncryptedData_decrypt
966: .Op Fl EncryptedData_encrypt
967: .Op Fl from Ar addr
968: .Op Fl in Ar file
969: .Op Fl inform Cm der | pem | smime
970: .Op Fl inkey Ar file
971: .Op Fl keyform Cm der | pem
972: .Op Fl keyid
973: .Op Fl keyopt Ar nm:v
974: .Op Fl md Ar digest
975: .Op Fl no_attr_verify
976: .Op Fl no_content_verify
977: .Op Fl no_signer_cert_verify
978: .Op Fl noattr
979: .Op Fl nocerts
980: .Op Fl nodetach
981: .Op Fl nointern
982: .Op Fl nooldmime
983: .Op Fl noout
984: .Op Fl nosigs
985: .Op Fl nosmimecap
986: .Op Fl noverify
987: .Op Fl out Ar file
988: .Op Fl outform Cm der | pem | smime
989: .Op Fl passin Ar src
990: .Op Fl print
991: .Op Fl pwri_password Ar arg
992: .Op Fl rctform Cm der | pem | smime
993: .Op Fl receipt_request_all | receipt_request_first
994: .Op Fl receipt_request_from Ar addr
995: .Op Fl receipt_request_print
996: .Op Fl receipt_request_to Ar addr
997: .Op Fl recip Ar file
998: .Op Fl resign
999: .Op Fl secretkey Ar key
1000: .Op Fl secretkeyid Ar id
1001: .Op Fl sign
1002: .Op Fl sign_receipt
1003: .Op Fl signer Ar file
1004: .Op Fl stream | indef | noindef
1005: .Op Fl subject Ar s
1006: .Op Fl text
1007: .Op Fl to Ar addr
1008: .Op Fl uncompress
1009: .Op Fl verify
1010: .Op Fl verify_receipt Ar file
1011: .Op Fl verify_retcode
1012: .Op Ar cert.pem ...
1013: .Ek
1014: .El
1015: .Pp
1016: The
1017: .Nm cms
1018: command handles S/MIME v3.1 mail.
1019: It can encrypt, decrypt, sign and verify, compress and uncompress S/MIME
1020: messages.
1021: .Pp
1022: The MIME message must be sent without any blank lines between the headers and
1023: the output.
1024: Some mail programs will automatically add a blank line.
1025: Piping the mail directly to sendmail is one way to achieve the correct format.
1026: .Pp
1027: The supplied message to be signed or encrypted must include the necessary MIME
1028: headers or many S/MIME clients won't display it properly (if at all).
1029: You can use the
1030: .Fl text
1031: option to automatically add plain text headers.
1032: .Pp
1033: A "signed and encrypted" message is one where a signed message is then
1034: encrypted.
1035: This can be produced by encrypting an already signed message.
1036: .Pp
1037: There are various operation options that set the type of operation to be
1038: performed.
1039: The meaning of the other options varies according to the operation type.
1040: .Bl -tag -width "XXXX"
1041: .It Fl encrypt
1042: Encrypt mail for the given recipient certificates.
1043: Input file is the message to be encrypted.
1044: The output file is the encrypted mail in MIME format.
1045: The actual CMS type is EnvelopedData.
1046: Note that no revocation check is done for the recipient cert, so if that
1047: key has been compromised, others may be able to decrypt the text.
1048: .It Fl decrypt
1049: Decrypt mail using the supplied certificate and private key.
1050: Expects an encrypted mail message in MIME format for the input file.
1051: The decrypted mail is written to the output file.
1052: .It Fl sign
1053: Sign mail using the supplied certificate and private key.
1054: Input file is the message to be signed.
1055: The signed message in MIME format is written to the output file.
1056: .It Fl verify
1057: Verify signed mail.
1058: Expects a signed mail message on input and outputs the signed data.
1059: Both clear text and opaque signing are supported.
1060: .It Fl cmsout
1061: Take an input message and write out a PEM encoded CMS structure.
1062: .It Fl resign
1063: Resign a message.
1064: Take an existing message and one or more new signers.
1065: This operation uses an existing message digest when adding a new signer.
1066: This means that attributes must be present in at least one existing
1067: signer using the same message digest or this operation will fail.
1068: .It Fl data_create
1069: Create a CMS Data type.
1070: .It Fl data_out
1071: Output a content from the input CMS Data type.
1072: .It Fl digest_create
1073: Create a CMS DigestedData type.
1074: .It Fl digest_verify
1075: Verify a CMS DigestedData type and output the content.
1076: .It Fl compress
1077: Create a CMS CompressedData type.
1078: Must be compiled with zlib support for this option to work.
1079: .It Fl uncompress
1080: Uncompress a CMS CompressedData type and output the content.
1081: Must be compiled with zlib support for this option to work.
1082: .It Fl EncryptedData_encrypt
1083: Encrypt a content using supplied symmetric key and algorithm using a
1084: CMS EncryptedData type.
1085: .It Fl EncryptedData_decrypt
1086: Decrypt a CMS EncryptedData type using supplied symmetric key.
1087: .It Fl sign_receipt
1088: Generate and output a signed receipt for the supplied message.
1089: The input message must contain a signed receipt request.
1090: Functionality is otherwise similar to the
1091: .Fl sign
1092: operation.
1093: .It Xo
1094: .Fl verify_receipt Ar file
1095: .Xc
1096: Verify a signed receipt in file.
1097: The input message must contain the original receipt request.
1098: Functionality is otherwise similar to the
1099: .Fl verify
1100: operation.
1101: .El
1102: .Pp
1103: The remaining options are as follows:
1104: .Bl -tag -width "XXXX"
1105: .It Xo
1106: .Fl aes128 | aes192 | aes256 | camellia128 |
1107: .Fl camellia192 | camellia256 | des | des3 |
1108: .Fl rc2-40 | rc2-64 | rc2-128
1109: .Xc
1110: The encryption algorithm to use.
1111: 128-, 192-, or 256-bit AES, 128-, 192-, or 256-bit CAMELLIA,
1112: DES (56 bits), triple DES (168 bits),
1113: or 40-, 64-, or 128-bit RC2, respectively;
1114: if not specified, triple DES is
1115: used.
1116: Only used with
1117: .Fl encrypt
1118: and
1119: .Fl EncryptedData_encrypt
1120: commands.
1121: .It Fl binary
1122: Normally the input message is converted to "canonical" format which is
1123: effectively using CR/LF as end of line, as required by the S/MIME specification.
1.127 ! jmc 1124: When this option is present, no translation occurs.
1.116 inoguchi 1125: This is useful when handling binary data which may not be in MIME format.
1126: .It Fl CAfile Ar file
1127: A file containing trusted CA certificates, used with
1128: .Fl verify
1129: and
1130: .Fl verify_receipt .
1131: .It Fl CApath Ar directory
1132: A directory containing trusted CA certificates, used with
1133: .Fl verify
1134: and
1135: .Fl verify_receipt .
1136: This directory must be a standard certificate directory: that is a hash
1137: of each subject name (using
1138: .Nm x509 Fl hash )
1139: should be linked to each certificate.
1.124 inoguchi 1140: .It Ar cert.pem ...
1.116 inoguchi 1141: One or more certificates of message recipients: used when encrypting a message.
1142: .It Fl certfile Ar file
1143: Allows additional certificates to be specified.
1144: When signing these will be included with the message.
1145: When verifying these will be searched for the signer's certificates.
1146: The certificates should be in PEM format.
1147: .It Fl certsout Ar file
1148: A file that any certificates contained in the message are written to.
1149: .It Xo
1150: .Fl check_ss_sig ,
1151: .Fl crl_check ,
1152: .Fl crl_check_all ,
1153: .Fl extended_crl ,
1154: .Fl ignore_critical ,
1155: .Fl issuer_checks ,
1156: .Fl policy ,
1157: .Fl policy_check ,
1158: .Fl purpose ,
1159: .Fl x509_strict
1160: .Xc
1161: Set various certificate chain validation options.
1162: See the
1163: .Nm verify
1164: command for details.
1165: .It Fl content Ar file
1166: A file containing the detached content.
1167: This is only useful with the
1168: .Fl verify
1169: command.
1170: This is only usable if the CMS structure is using the detached signature
1171: form where the content is not included.
1172: This option will override any content if the input format is S/MIME and
1173: it uses the multipart/signed MIME content type.
1174: .It Fl crlfeol
1175: Output a S/MIME message with CR/LF end of line.
1176: .It Fl debug_decrypt
1177: Set the CMS_DEBUG_DECRYPT flag when decrypting.
1178: This option should be used with caution, since this can be used to disable
1179: the MMA attack protection and return an error if no recipient can be found.
1180: See the
1181: .Xr CMS_decrypt 3
1182: manual page for details of the flag.
1183: .It Xo
1184: .Fl from Ar addr ,
1185: .Fl subject Ar s ,
1186: .Fl to Ar addr
1187: .Xc
1188: The relevant mail headers.
1189: These are included outside the signed portion of a message so they may
1190: be included manually.
1191: If signing then many S/MIME mail clients check the signer's certificate's
1192: email address matches that specified in the From: address.
1193: .It Fl econtent_type Ar type
1194: Set the encapsulated content type, used with
1195: .Fl sign .
1196: If not supplied the Data type is used.
1197: The type argument can be any valid OID name in either text or numerical format.
1198: .It Fl in Ar file
1199: The input message to be encrypted or signed or the message to be decrypted or
1200: verified.
1201: .It Fl inform Cm der | pem | smime
1202: The input format for the CMS structure.
1203: The default is
1204: .Cm smime ,
1205: which reads an S/MIME format message.
1206: .Cm pem
1207: and
1208: .Cm der
1209: format change this to expect PEM and DER format CMS structures instead.
1210: This currently only affects the input format of the CMS structure; if no
1211: CMS structure is being input (for example with
1212: .Fl encrypt
1213: or
1214: .Fl sign )
1215: this option has no effect.
1216: .It Fl inkey Ar file
1217: The private key to use when signing or decrypting.
1218: This must match the corresponding certificate.
1219: If this option is not specified then the private key must be included in
1220: the certificate file specified with the
1221: .Fl recip
1222: or
1223: .Fl signer
1224: file.
1225: When signing this option can be used multiple times to specify successive keys.
1226: .It Fl keyform Cm der | pem
1227: Input private key format.
1228: The default is
1229: .Cm pem .
1230: .It Fl keyid
1231: Use subject key identifier to identify certificates instead of issuer
1232: name and serial number.
1233: The supplied certificate must include a subject key identifier extension.
1234: Supported by
1235: .Fl sign
1236: and
1237: .Fl encrypt
1238: operations.
1239: .It Fl keyopt Ar nm:v
1240: Set customised parameters for the preceding key or certificate
1241: for encryption and signing.
1242: It can currently be used to set RSA-PSS for signing, RSA-OAEP for
1243: encryption or to modify default parameters for ECDH.
1244: This option can be used multiple times.
1245: .It Fl md Ar digest
1246: The digest algorithm to use when signing or resigning.
1247: If not present then the default digest algorithm for the signing key
1248: will be used (usually SHA1).
1249: .It Fl no_attr_verify
1250: Do not verify the signer's attribute of a signature.
1251: .It Fl no_content_verify
1252: Do not verify the content of a signed message.
1253: .It Fl no_signer_cert_verify
1254: Do not verify the signer's certificate of a signed message.
1255: .It Fl noattr
1256: Do not include attributes.
1257: Normally when a message is signed a set of attributes are included which
1258: include the signing time and supported symmetric algorithms.
1259: With this option they are not included.
1260: .It Fl nocerts
1261: Do not include the signer's certificate.
1262: This will reduce the size of the signed message but the verifier must
1263: have a copy of the signer's certificate available locally (passed using
1264: the
1265: .Fl certfile
1266: option for example).
1267: .It Fl nodetach
1268: When signing a message use opaque signing.
1269: This form is more resistant to translation by mail relays but it cannot be
1270: read by mail agents that do not support S/MIME.
1271: Without this option cleartext signing with the MIME type multipart/signed is
1272: used.
1273: .It Fl nointern
1274: Only the certificates specified in the
1275: .Fl certfile
1276: option are used.
1277: When verifying a message normally certificates (if any) included in the
1278: message are searched for the signing certificate.
1279: The supplied certificates can still be used as untrusted CAs however.
1280: .It Fl nooldmime
1281: Output an old S/MIME content type like "application/x-pkcs7-".
1282: .It Fl noout
1283: Do not output the parsed CMS structure for the
1284: .Fl cmsout
1285: operation.
1286: This is useful when combined with the
1287: .Fl print
1288: option or if the syntax of the CMS structure is being checked.
1289: .It Fl nosigs
1290: Do not try to verify the signatures on the message.
1291: .It Fl nosmimecap
1292: Exclude the list of supported algorithms from signed attributes; other
1293: options such as signing time and content type are still included.
1294: .It Fl noverify
1295: Do not verify the signer's certificate of a signed message.
1296: .It Fl out Ar file
1297: The message text that has been decrypted or verified or the output MIME
1298: format message that has been signed or verified.
1299: .It Fl outform Cm der | pem | smime
1300: This specifies the output format for the CMS structure.
1301: The default is
1302: .Cm smime ,
1303: which writes an S/MIME format message.
1304: .Cm pem
1305: and
1306: .Cm der
1307: format change this to write PEM and DER format CMS structures instead.
1308: This currently only affects the output format of the CMS structure; if
1309: no CMS structure is being output (for example with
1310: .Fl verify
1311: or
1312: .Fl decrypt )
1313: this option has no effect.
1314: .It Fl passin Ar src
1315: The private key password source.
1316: .It Fl print
1317: Print out all fields of the CMS structure for the
1318: .Fl cmsout
1319: operation.
1320: This is mainly useful for testing purposes.
1321: .It Fl pwri_password Ar arg
1322: Specify PasswordRecipientInfo (PWRI) password to use.
1323: Supported by the
1324: .Fl encrypt
1325: and
1326: .Fl decrypt
1327: operations.
1328: .It Fl rctform Cm der | pem | smime
1329: Specify the format for a signed receipt for use with the
1330: .Fl receipt_verify
1331: operation.
1332: The default is
1333: .Cm smime .
1334: .It Fl receipt_request_all | receipt_request_first
1335: Indicate requests should be provided by all recipient or first tier
1336: recipients (those mailed directly and not from a mailing list), for the
1337: .Fl sign
1338: operation to include a signed receipt request.
1339: Ignored if
1340: .Fl receipt_request_from
1341: is included.
1342: .It Fl receipt_request_from Ar addr
1343: Add an explicit email address where receipts should be supplied.
1344: .It Fl receipt_request_print
1345: Print out the contents of any signed receipt requests for the
1346: .Fl verify
1347: operation.
1348: .It Fl receipt_request_to Ar addr
1349: Add an explicit email address where signed receipts should be sent to.
1350: This option must be supplied if a signed receipt is requested.
1351: .It Fl recip Ar file
1352: When decrypting a message this specifies the recipient's certificate.
1353: The certificate must match one of the recipients of the message or an
1354: error occurs.
1355: When encrypting a message this option may be used multiple times to
1356: specify each recipient.
1357: This form must be used if customised parameters are required (for example to
1358: specify RSA-OAEP).
1359: Only certificates carrying RSA, Diffie-Hellman or EC keys are supported
1360: by this option.
1361: .It Fl secretkey Ar key
1362: Specify symmetric key to use.
1363: The key must be supplied in hex format and be consistent with the
1364: algorithm used.
1365: Supported by the
1366: .Fl EncryptedData_encrypt ,
1367: .Fl EncryptedData_decrypt ,
1368: .Fl encrypt
1369: and
1370: .Fl decrypt
1371: operations.
1372: When used with
1373: .Fl encrypt
1374: or
1375: .Fl decrypt
1376: the supplied key is used to wrap or unwrap the content encryption key
1377: using an AES key in the KEKRecipientInfo type.
1378: .It Fl secretkeyid Ar id
1379: The key identifier for the supplied symmetric key for KEKRecipientInfo type.
1380: This option must be present if the
1381: .Fl secretkey
1382: option is used with
1383: .Fl encrypt .
1384: With
1385: .Fl decrypt
1386: operations the id is used to locate the relevant key; if it is not supplied
1387: then an attempt is used to decrypt any KEKRecipientInfo structures.
1388: .It Fl signer Ar file
1389: A signing certificate when signing or resigning a message; this option
1390: can be used multiple times if more than one signer is required.
1391: If a message is being verified then the signers certificates will be
1392: written to this file if the verification was successful.
1393: .It Xo
1394: .Fl stream |
1395: .Fl indef |
1396: .Fl noindef
1397: .Xc
1398: The
1399: .Fl stream
1400: and
1401: .Fl indef
1402: options are equivalent and enable streaming I/O for encoding operations.
1403: This permits single pass processing of data without the need to hold the
1404: entire contents in memory, potentially supporting very large files.
1405: Streaming is automatically set for S/MIME signing with detached data if
1406: the output format is
1407: .Cm smime ;
1408: it is currently off by default for all other operations.
1409: .Fl noindef
1410: disable streaming I/O where it would produce an indefinite length
1411: constructed encoding.
1412: This option currently has no effect.
1413: .It Fl text
1414: Add plain text (text/plain) MIME headers to the supplied message if
1415: encrypting or signing.
1416: If decrypting or verifying it strips off text headers: if the decrypted
1417: or verified message is not of MIME type text/plain then an error occurs.
1418: .It Fl verify_retcode
1419: Set verification error code to exit code to indicate what verification error
1420: has occurred.
1421: Supported by
1422: .Fl verify
1423: operation only.
1424: Exit code value minus 32 shows verification error code.
1425: See
1426: .Nm verify
1427: command for the list of verification error code.
1428: .El
1429: .Pp
1430: The exit codes for
1431: .Nm cms
1432: are as follows:
1433: .Pp
1434: .Bl -tag -width "XXXX" -offset 3n -compact
1435: .It 0
1436: The operation was completely successful.
1437: .It 1
1438: An error occurred parsing the command options.
1439: .It 2
1440: One of the input files could not be read.
1441: .It 3
1442: An error occurred creating the CMS file or when reading the MIME message.
1443: .It 4
1444: An error occurred decrypting or verifying the message.
1445: .It 5
1446: The message was verified correctly but an error occurred writing out the
1447: signer's certificates.
1448: .It 6
1449: An error occurred writing the output file.
1450: .It 32+
1451: A verify error occurred while
1452: .Fl verify_retcode
1453: is specified.
1.1 jsing 1454: .El
1.120 kn 1455: .Tg crl
1.1 jsing 1456: .Sh CRL
1.114 jmc 1457: .Bl -hang -width "openssl crl"
1458: .It Nm openssl crl
1459: .Bk -words
1.1 jsing 1460: .Op Fl CAfile Ar file
1461: .Op Fl CApath Ar dir
1.104 inoguchi 1462: .Op Fl crlnumber
1.1 jsing 1463: .Op Fl fingerprint
1464: .Op Fl hash
1.104 inoguchi 1465: .Op Fl hash_old
1.1 jsing 1466: .Op Fl in Ar file
1.38 jmc 1467: .Op Fl inform Cm der | pem
1.1 jsing 1468: .Op Fl issuer
1469: .Op Fl lastupdate
1.104 inoguchi 1470: .Op Fl nameopt Ar option
1.1 jsing 1471: .Op Fl nextupdate
1472: .Op Fl noout
1473: .Op Fl out Ar file
1.38 jmc 1474: .Op Fl outform Cm der | pem
1.1 jsing 1475: .Op Fl text
1.104 inoguchi 1476: .Op Fl verify
1.114 jmc 1477: .Ek
1478: .El
1.1 jsing 1479: .Pp
1480: The
1481: .Nm crl
1482: command processes CRL files in DER or PEM format.
1.37 jmc 1483: .Pp
1.1 jsing 1484: The options are as follows:
1485: .Bl -tag -width Ds
1486: .It Fl CAfile Ar file
1487: Verify the signature on a CRL by looking up the issuing certificate in
1488: .Ar file .
1489: .It Fl CApath Ar directory
1490: Verify the signature on a CRL by looking up the issuing certificate in
1491: .Ar dir .
1492: This directory must be a standard certificate directory,
1493: i.e. a hash of each subject name (using
1494: .Cm x509 Fl hash )
1495: should be linked to each certificate.
1.104 inoguchi 1496: .It Fl crlnumber
1497: Print the CRL number.
1.1 jsing 1498: .It Fl fingerprint
1499: Print the CRL fingerprint.
1500: .It Fl hash
1501: Output a hash of the issuer name.
1502: This can be used to look up CRLs in a directory by issuer name.
1.104 inoguchi 1503: .It Fl hash_old
1504: Output an old-style (MD5) hash of the issuer name.
1.1 jsing 1505: .It Fl in Ar file
1.37 jmc 1506: The input file to read from, or standard input if not specified.
1.38 jmc 1507: .It Fl inform Cm der | pem
1.37 jmc 1508: The input format.
1.1 jsing 1509: .It Fl issuer
1510: Output the issuer name.
1511: .It Fl lastupdate
1512: Output the
1.37 jmc 1513: .Cm lastUpdate
1.1 jsing 1514: field.
1.104 inoguchi 1515: .It Fl nameopt Ar option
1516: Specify certificate name options.
1.1 jsing 1517: .It Fl nextupdate
1518: Output the
1.37 jmc 1519: .Cm nextUpdate
1.1 jsing 1520: field.
1521: .It Fl noout
1.46 jmc 1522: Do not output the encoded version of the CRL.
1.1 jsing 1523: .It Fl out Ar file
1.37 jmc 1524: The output file to write to, or standard output if not specified.
1.38 jmc 1525: .It Fl outform Cm der | pem
1.37 jmc 1526: The output format.
1.1 jsing 1527: .It Fl text
1.64 jmc 1528: Print the CRL in plain text.
1.104 inoguchi 1529: .It Fl verify
1530: Verify the signature on the CRL.
1.1 jsing 1531: .El
1.120 kn 1532: .Tg crl2pkcs7
1.1 jsing 1533: .Sh CRL2PKCS7
1.114 jmc 1534: .Bl -hang -width "openssl crl2pkcs7"
1535: .It Nm openssl crl2pkcs7
1536: .Bk -words
1.1 jsing 1537: .Op Fl certfile Ar file
1538: .Op Fl in Ar file
1.40 jmc 1539: .Op Fl inform Cm der | pem
1.1 jsing 1540: .Op Fl nocrl
1541: .Op Fl out Ar file
1.40 jmc 1542: .Op Fl outform Cm der | pem
1.114 jmc 1543: .Ek
1544: .El
1.1 jsing 1545: .Pp
1546: The
1547: .Nm crl2pkcs7
1548: command takes an optional CRL and one or more
1549: certificates and converts them into a PKCS#7 degenerate
1550: .Qq certificates only
1551: structure.
1552: .Pp
1553: The options are as follows:
1554: .Bl -tag -width Ds
1555: .It Fl certfile Ar file
1.40 jmc 1556: Add the certificates in PEM
1.1 jsing 1557: .Ar file
1.40 jmc 1558: to the PKCS#7 structure.
1559: This option can be used more than once
1560: to read certificates from multiple files.
1.1 jsing 1561: .It Fl in Ar file
1.40 jmc 1562: Read the CRL from
1563: .Ar file ,
1564: or standard input if not specified.
1565: .It Fl inform Cm der | pem
1.64 jmc 1566: The input format.
1.1 jsing 1567: .It Fl nocrl
1568: Normally, a CRL is included in the output file.
1569: With this option, no CRL is
1570: included in the output file and a CRL is not read from the input file.
1571: .It Fl out Ar file
1.40 jmc 1572: Write the PKCS#7 structure to
1573: .Ar file ,
1574: or standard output if not specified.
1575: .It Fl outform Cm der | pem
1.64 jmc 1576: The output format.
1.1 jsing 1577: .El
1.120 kn 1578: .Tg dgst
1.1 jsing 1579: .Sh DGST
1.114 jmc 1580: .Bl -hang -width "openssl dgst"
1581: .It Nm openssl dgst
1582: .Bk -words
1.105 inoguchi 1583: .Op Fl cdr
1.1 jsing 1584: .Op Fl binary
1.43 jmc 1585: .Op Fl Ar digest
1.1 jsing 1586: .Op Fl hex
1587: .Op Fl hmac Ar key
1.43 jmc 1588: .Op Fl keyform Cm pem
1.1 jsing 1589: .Op Fl mac Ar algorithm
1590: .Op Fl macopt Ar nm : Ns Ar v
1591: .Op Fl out Ar file
1592: .Op Fl passin Ar arg
1593: .Op Fl prverify Ar file
1594: .Op Fl sign Ar file
1595: .Op Fl signature Ar file
1596: .Op Fl sigopt Ar nm : Ns Ar v
1597: .Op Fl verify Ar file
1598: .Op Ar
1.114 jmc 1599: .Ek
1600: .El
1.1 jsing 1601: .Pp
1602: The digest functions output the message digest of a supplied
1603: .Ar file
1604: or
1605: .Ar files
1606: in hexadecimal form.
1607: They can also be used for digital signing and verification.
1608: .Pp
1609: The options are as follows:
1610: .Bl -tag -width Ds
1611: .It Fl binary
1612: Output the digest or signature in binary form.
1613: .It Fl c
1.48 jmc 1614: Print the digest in two-digit groups separated by colons.
1.1 jsing 1615: .It Fl d
1.48 jmc 1616: Print BIO debugging information.
1.43 jmc 1617: .It Fl Ar digest
1618: Use the specified message
1619: .Ar digest .
1.98 naddy 1620: The default is SHA256.
1.43 jmc 1621: The available digests can be displayed using
1622: .Nm openssl
1623: .Cm list-message-digest-commands .
1624: The following are equivalent:
1625: .Nm openssl dgst
1.98 naddy 1626: .Fl sha256
1.43 jmc 1627: and
1628: .Nm openssl
1.98 naddy 1629: .Cm sha256 .
1.1 jsing 1630: .It Fl hex
1631: Digest is to be output as a hex dump.
1632: This is the default case for a
1633: .Qq normal
1634: digest as opposed to a digital signature.
1635: .It Fl hmac Ar key
1636: Create a hashed MAC using
1637: .Ar key .
1.43 jmc 1638: .It Fl keyform Cm pem
1.1 jsing 1639: Specifies the key format to sign the digest with.
1640: .It Fl mac Ar algorithm
1641: Create a keyed Message Authentication Code (MAC).
1642: The most popular MAC algorithm is HMAC (hash-based MAC),
1643: but there are other MAC algorithms which are not based on hash.
1644: MAC keys and other options should be set via the
1645: .Fl macopt
1646: parameter.
1647: .It Fl macopt Ar nm : Ns Ar v
1648: Passes options to the MAC algorithm, specified by
1649: .Fl mac .
1650: The following options are supported by HMAC:
1651: .Bl -tag -width Ds
1.43 jmc 1652: .It Cm key : Ns Ar string
1.1 jsing 1653: Specifies the MAC key as an alphanumeric string
1654: (use if the key contain printable characters only).
1655: String length must conform to any restrictions of the MAC algorithm.
1.43 jmc 1656: .It Cm hexkey : Ns Ar string
1.1 jsing 1657: Specifies the MAC key in hexadecimal form (two hex digits per byte).
1658: Key length must conform to any restrictions of the MAC algorithm.
1659: .El
1660: .It Fl out Ar file
1.43 jmc 1661: The output file to write to,
1662: or standard output if not specified.
1.1 jsing 1663: .It Fl passin Ar arg
1664: The key password source.
1665: .It Fl prverify Ar file
1666: Verify the signature using the private key in
1667: .Ar file .
1668: The output is either
1669: .Qq Verification OK
1670: or
1671: .Qq Verification Failure .
1.105 inoguchi 1672: .It Fl r
1673: Print the digest in coreutils format.
1.1 jsing 1674: .It Fl sign Ar file
1675: Digitally sign the digest using the private key in
1676: .Ar file .
1677: .It Fl signature Ar file
1678: The actual signature to verify.
1679: .It Fl sigopt Ar nm : Ns Ar v
1680: Pass options to the signature algorithm during sign or verify operations.
1681: The names and values of these options are algorithm-specific.
1682: .It Fl verify Ar file
1683: Verify the signature using the public key in
1684: .Ar file .
1685: The output is either
1686: .Qq Verification OK
1687: or
1688: .Qq Verification Failure .
1689: .It Ar
1690: File or files to digest.
1691: If no files are specified then standard input is used.
1692: .El
1.120 kn 1693: .Tg dhparam
1.1 jsing 1694: .Sh DHPARAM
1.114 jmc 1695: .Bl -hang -width "openssl dhparam"
1696: .It Nm openssl dhparam
1697: .Bk -words
1.1 jsing 1698: .Op Fl 2 | 5
1699: .Op Fl C
1700: .Op Fl check
1701: .Op Fl dsaparam
1702: .Op Fl in Ar file
1.44 jmc 1703: .Op Fl inform Cm der | pem
1.1 jsing 1704: .Op Fl noout
1705: .Op Fl out Ar file
1.44 jmc 1706: .Op Fl outform Cm der | pem
1.1 jsing 1707: .Op Fl text
1708: .Op Ar numbits
1.114 jmc 1709: .Ek
1710: .El
1.1 jsing 1711: .Pp
1712: The
1713: .Nm dhparam
1714: command is used to manipulate DH parameter files.
1.44 jmc 1715: Only the older PKCS#3 DH is supported,
1716: not the newer X9.42 DH.
1.1 jsing 1717: .Pp
1718: The options are as follows:
1719: .Bl -tag -width Ds
1720: .It Fl 2 , 5
1.44 jmc 1721: The generator to use;
1.1 jsing 1722: 2 is the default.
1723: If present, the input file is ignored and parameters are generated instead.
1724: .It Fl C
1.44 jmc 1725: Convert the parameters into C code.
1.1 jsing 1726: The parameters can then be loaded by calling the
1.44 jmc 1727: .No get_dh Ns Ar numbits
1.1 jsing 1728: function.
1729: .It Fl check
1730: Check the DH parameters.
1731: .It Fl dsaparam
1.44 jmc 1732: Read or create DSA parameters,
1733: converted to DH format on output.
1.1 jsing 1734: Otherwise,
1735: .Qq strong
1736: primes
1737: .Pq such that (p-1)/2 is also prime
1738: will be used for DH parameter generation.
1739: .Pp
1740: DH parameter generation with the
1741: .Fl dsaparam
1742: option is much faster,
1743: and the recommended exponent length is shorter,
1744: which makes DH key exchange more efficient.
1745: Beware that with such DSA-style DH parameters,
1746: a fresh DH key should be created for each use to
1747: avoid small-subgroup attacks that may be possible otherwise.
1748: .It Fl in Ar file
1.44 jmc 1749: The input file to read from,
1750: or standard input if not specified.
1751: .It Fl inform Cm der | pem
1752: The input format.
1.1 jsing 1753: .It Fl noout
1.46 jmc 1754: Do not output the encoded version of the parameters.
1.44 jmc 1755: .It Fl out Ar file
1756: The output file to write to,
1757: or standard output if not specified.
1758: .It Fl outform Cm der | pem
1759: The output format.
1760: .It Fl text
1.64 jmc 1761: Print the DH parameters in plain text.
1.1 jsing 1762: .It Ar numbits
1.44 jmc 1763: Generate a parameter set of size
1.1 jsing 1764: .Ar numbits .
1765: It must be the last option.
1.16 sthen 1766: If not present, a value of 2048 is used.
1.1 jsing 1767: If this value is present, the input file is ignored and
1768: parameters are generated instead.
1769: .El
1.120 kn 1770: .Tg dsa
1.1 jsing 1771: .Sh DSA
1.114 jmc 1772: .Bl -hang -width "openssl dsa"
1773: .It Nm openssl dsa
1774: .Bk -words
1.1 jsing 1775: .Oo
1776: .Fl aes128 | aes192 | aes256 |
1777: .Fl des | des3
1778: .Oc
1779: .Op Fl in Ar file
1.108 inoguchi 1780: .Op Fl inform Cm der | pem | pvk
1.1 jsing 1781: .Op Fl modulus
1782: .Op Fl noout
1783: .Op Fl out Ar file
1.108 inoguchi 1784: .Op Fl outform Cm der | pem | pvk
1.1 jsing 1785: .Op Fl passin Ar arg
1786: .Op Fl passout Ar arg
1787: .Op Fl pubin
1788: .Op Fl pubout
1.108 inoguchi 1789: .Op Fl pvk-none | pvk-strong | pvk-weak
1.1 jsing 1790: .Op Fl text
1.114 jmc 1791: .Ek
1792: .El
1.1 jsing 1793: .Pp
1794: The
1795: .Nm dsa
1796: command processes DSA keys.
1797: They can be converted between various forms and their components printed out.
1798: .Pp
1799: .Sy Note :
1800: This command uses the traditional
1801: .Nm SSLeay
1802: compatible format for private key encryption:
1803: newer applications should use the more secure PKCS#8 format using the
1804: .Nm pkcs8
1805: command.
1806: .Pp
1807: The options are as follows:
1808: .Bl -tag -width Ds
1809: .It Xo
1810: .Fl aes128 | aes192 | aes256 |
1811: .Fl des | des3
1812: .Xc
1.45 jmc 1813: Encrypt the private key with the AES, DES, or the triple DES
1.1 jsing 1814: ciphers, respectively, before outputting it.
1815: A pass phrase is prompted for.
1.45 jmc 1816: If none of these options are specified, the key is written in plain text.
1.1 jsing 1817: This means that using the
1818: .Nm dsa
1.45 jmc 1819: utility to read an encrypted key with no encryption option can be used to
1.1 jsing 1820: remove the pass phrase from a key,
1.45 jmc 1821: or by setting the encryption options it can be used to add or change
1.1 jsing 1822: the pass phrase.
1823: These options can only be used with PEM format output files.
1824: .It Fl in Ar file
1.45 jmc 1825: The input file to read from,
1826: or standard input if not specified.
1.1 jsing 1827: If the key is encrypted, a pass phrase will be prompted for.
1.108 inoguchi 1828: .It Fl inform Cm der | pem | pvk
1.45 jmc 1829: The input format.
1.1 jsing 1830: .It Fl modulus
1.45 jmc 1831: Print the value of the public key component of the key.
1.1 jsing 1832: .It Fl noout
1.46 jmc 1833: Do not output the encoded version of the key.
1.1 jsing 1834: .It Fl out Ar file
1.45 jmc 1835: The output file to write to,
1836: or standard output if not specified.
1.1 jsing 1837: If any encryption options are set then a pass phrase will be
1838: prompted for.
1.108 inoguchi 1839: .It Fl outform Cm der | pem | pvk
1.45 jmc 1840: The output format.
1.1 jsing 1841: .It Fl passin Ar arg
1842: The key password source.
1843: .It Fl passout Ar arg
1844: The output file password source.
1845: .It Fl pubin
1.60 jmc 1846: Read in a public key, not a private key.
1.1 jsing 1847: .It Fl pubout
1.60 jmc 1848: Output a public key, not a private key.
1849: Automatically set if the input is a public key.
1.108 inoguchi 1850: .It Xo
1851: .Fl pvk-none | pvk-strong | pvk-weak
1852: .Xc
1853: Enable or disable PVK encoding.
1854: The default is
1855: .Fl pvk-strong .
1.1 jsing 1856: .It Fl text
1.64 jmc 1857: Print the public/private key in plain text.
1.1 jsing 1858: .El
1.120 kn 1859: .Tg dsaparam
1.1 jsing 1860: .Sh DSAPARAM
1.114 jmc 1861: .Bl -hang -width "openssl dsaparam"
1862: .It Nm openssl dsaparam
1863: .Bk -words
1.1 jsing 1864: .Op Fl C
1865: .Op Fl genkey
1866: .Op Fl in Ar file
1.46 jmc 1867: .Op Fl inform Cm der | pem
1.1 jsing 1868: .Op Fl noout
1869: .Op Fl out Ar file
1.46 jmc 1870: .Op Fl outform Cm der | pem
1.1 jsing 1871: .Op Fl text
1872: .Op Ar numbits
1.114 jmc 1873: .Ek
1874: .El
1.1 jsing 1875: .Pp
1876: The
1877: .Nm dsaparam
1878: command is used to manipulate or generate DSA parameter files.
1879: .Pp
1880: The options are as follows:
1881: .Bl -tag -width Ds
1882: .It Fl C
1.46 jmc 1883: Convert the parameters into C code.
1.1 jsing 1884: The parameters can then be loaded by calling the
1.46 jmc 1885: .No get_dsa Ns Ar XXX
1.1 jsing 1886: function.
1887: .It Fl genkey
1.46 jmc 1888: Generate a DSA key either using the specified or generated
1.1 jsing 1889: parameters.
1890: .It Fl in Ar file
1.46 jmc 1891: The input file to read from,
1892: or standard input if not specified.
1.1 jsing 1893: If the
1894: .Ar numbits
1.46 jmc 1895: parameter is included, then this option is ignored.
1896: .It Fl inform Cm der | pem
1897: The input format.
1.1 jsing 1898: .It Fl noout
1.46 jmc 1899: Do not output the encoded version of the parameters.
1900: .It Fl out Ar file
1901: The output file to write to,
1902: or standard output if not specified.
1903: .It Fl outform Cm der | pem
1904: The output format.
1905: .It Fl text
1.64 jmc 1906: Print the DSA parameters in plain text.
1.1 jsing 1907: .It Ar numbits
1.46 jmc 1908: Generate a parameter set of size
1.1 jsing 1909: .Ar numbits .
1.46 jmc 1910: If this option is included, the input file is ignored.
1.1 jsing 1911: .El
1.120 kn 1912: .Tg ec
1.1 jsing 1913: .Sh EC
1.114 jmc 1914: .Bl -hang -width "openssl ec"
1915: .It Nm openssl ec
1916: .Bk -words
1.1 jsing 1917: .Op Fl conv_form Ar arg
1918: .Op Fl des
1919: .Op Fl des3
1920: .Op Fl in Ar file
1.47 jmc 1921: .Op Fl inform Cm der | pem
1.1 jsing 1922: .Op Fl noout
1923: .Op Fl out Ar file
1.47 jmc 1924: .Op Fl outform Cm der | pem
1.1 jsing 1925: .Op Fl param_enc Ar arg
1926: .Op Fl param_out
1927: .Op Fl passin Ar arg
1928: .Op Fl passout Ar arg
1929: .Op Fl pubin
1930: .Op Fl pubout
1931: .Op Fl text
1.114 jmc 1932: .Ek
1933: .El
1.1 jsing 1934: .Pp
1935: The
1936: .Nm ec
1937: command processes EC keys.
1938: They can be converted between various
1939: forms and their components printed out.
1.47 jmc 1940: .Nm openssl
1.1 jsing 1941: uses the private key format specified in
1942: .Dq SEC 1: Elliptic Curve Cryptography
1943: .Pq Lk http://www.secg.org/ .
1944: To convert an
1945: EC private key into the PKCS#8 private key format use the
1946: .Nm pkcs8
1947: command.
1948: .Pp
1949: The options are as follows:
1950: .Bl -tag -width Ds
1951: .It Fl conv_form Ar arg
1.47 jmc 1952: Specify how the points on the elliptic curve are converted
1.1 jsing 1953: into octet strings.
1954: Possible values are:
1.95 tb 1955: .Cm compressed ,
1956: .Cm uncompressed
1.47 jmc 1957: (the default),
1.1 jsing 1958: and
1959: .Cm hybrid .
1960: For more information regarding
1.47 jmc 1961: the point conversion forms see the X9.62 standard.
1.1 jsing 1962: Note:
1963: Due to patent issues the
1964: .Cm compressed
1965: option is disabled by default for binary curves
1966: and can be enabled by defining the preprocessor macro
1.47 jmc 1967: .Dv OPENSSL_EC_BIN_PT_COMP
1.1 jsing 1968: at compile time.
1969: .It Fl des | des3
1.47 jmc 1970: Encrypt the private key with DES, triple DES, or
1.1 jsing 1971: any other cipher supported by
1.47 jmc 1972: .Nm openssl .
1.1 jsing 1973: A pass phrase is prompted for.
1.127 ! jmc 1974: If none of these options are specified, the key is written in plain text.
1.1 jsing 1975: This means that using the
1976: .Nm ec
1977: utility to read in an encrypted key with no
1978: encryption option can be used to remove the pass phrase from a key,
1979: or by setting the encryption options
1.83 naddy 1980: it can be used to add or change the pass phrase.
1.1 jsing 1981: These options can only be used with PEM format output files.
1982: .It Fl in Ar file
1.47 jmc 1983: The input file to read a key from,
1984: or standard input if not specified.
1.127 ! jmc 1985: If the key is encrypted, a pass phrase will be prompted for.
1.47 jmc 1986: .It Fl inform Cm der | pem
1987: The input format.
1.1 jsing 1988: .It Fl noout
1.47 jmc 1989: Do not output the encoded version of the key.
1.1 jsing 1990: .It Fl out Ar file
1.47 jmc 1991: The output filename to write to,
1992: or standard output if not specified.
1.1 jsing 1993: If any encryption options are set then a pass phrase will be prompted for.
1.47 jmc 1994: .It Fl outform Cm der | pem
1995: The output format.
1.1 jsing 1996: .It Fl param_enc Ar arg
1.47 jmc 1997: Specify how the elliptic curve parameters are encoded.
1.1 jsing 1998: Possible value are:
1999: .Cm named_curve ,
2000: i.e. the EC parameters are specified by an OID; or
2001: .Cm explicit ,
2002: where the EC parameters are explicitly given
2003: (see RFC 3279 for the definition of the EC parameter structures).
2004: The default value is
2005: .Cm named_curve .
2006: Note: the
2007: .Cm implicitlyCA
2008: alternative,
2009: as specified in RFC 3279,
1.47 jmc 2010: is currently not implemented.
1.106 inoguchi 2011: .It Fl param_out
2012: Print the elliptic curve parameters.
1.1 jsing 2013: .It Fl passin Ar arg
2014: The key password source.
2015: .It Fl passout Ar arg
2016: The output file password source.
2017: .It Fl pubin
1.60 jmc 2018: Read in a public key, not a private key.
1.1 jsing 2019: .It Fl pubout
1.60 jmc 2020: Output a public key, not a private key.
2021: Automatically set if the input is a public key.
1.1 jsing 2022: .It Fl text
1.64 jmc 2023: Print the public/private key in plain text.
1.1 jsing 2024: .El
1.120 kn 2025: .Tg ecparam
1.1 jsing 2026: .Sh ECPARAM
1.114 jmc 2027: .Bl -hang -width "openssl ecparam"
2028: .It Nm openssl ecparam
2029: .Bk -words
1.1 jsing 2030: .Op Fl C
2031: .Op Fl check
2032: .Op Fl conv_form Ar arg
2033: .Op Fl genkey
2034: .Op Fl in Ar file
1.48 jmc 2035: .Op Fl inform Cm der | pem
1.1 jsing 2036: .Op Fl list_curves
2037: .Op Fl name Ar arg
2038: .Op Fl no_seed
2039: .Op Fl noout
2040: .Op Fl out Ar file
1.48 jmc 2041: .Op Fl outform Cm der | pem
1.1 jsing 2042: .Op Fl param_enc Ar arg
2043: .Op Fl text
1.114 jmc 2044: .Ek
2045: .El
1.1 jsing 2046: .Pp
1.48 jmc 2047: The
2048: .Nm ecparam
2049: command is used to manipulate or generate EC parameter files.
2050: .Nm openssl
2051: is not able to generate new groups so
2052: .Nm ecparam
2053: can only create EC parameters from known (named) curves.
2054: .Pp
1.1 jsing 2055: The options are as follows:
2056: .Bl -tag -width Ds
2057: .It Fl C
2058: Convert the EC parameters into C code.
2059: The parameters can then be loaded by calling the
1.48 jmc 2060: .No get_ec_group_ Ns Ar XXX
1.1 jsing 2061: function.
2062: .It Fl check
2063: Validate the elliptic curve parameters.
2064: .It Fl conv_form Ar arg
2065: Specify how the points on the elliptic curve are converted
2066: into octet strings.
2067: Possible values are:
1.95 tb 2068: .Cm compressed ,
2069: .Cm uncompressed
1.48 jmc 2070: (the default),
1.1 jsing 2071: and
2072: .Cm hybrid .
2073: For more information regarding
1.48 jmc 2074: the point conversion forms see the X9.62 standard.
1.1 jsing 2075: Note:
2076: Due to patent issues the
2077: .Cm compressed
2078: option is disabled by default for binary curves
2079: and can be enabled by defining the preprocessor macro
1.48 jmc 2080: .Dv OPENSSL_EC_BIN_PT_COMP
1.1 jsing 2081: at compile time.
2082: .It Fl genkey
2083: Generate an EC private key using the specified parameters.
2084: .It Fl in Ar file
1.48 jmc 2085: The input file to read from,
2086: or standard input if not specified.
2087: .It Fl inform Cm der | pem
2088: The input format.
1.1 jsing 2089: .It Fl list_curves
1.48 jmc 2090: Print a list of all
1.1 jsing 2091: currently implemented EC parameter names and exit.
2092: .It Fl name Ar arg
1.48 jmc 2093: Use the EC parameters with the specified "short" name.
1.1 jsing 2094: .It Fl no_seed
1.48 jmc 2095: Do not include the seed for the parameter generation
2096: in the ECParameters structure (see RFC 3279).
1.1 jsing 2097: .It Fl noout
1.48 jmc 2098: Do not output the encoded version of the parameters.
1.1 jsing 2099: .It Fl out Ar file
1.48 jmc 2100: The output file to write to,
2101: or standard output if not specified.
2102: .It Fl outform Cm der | pem
2103: The output format.
1.1 jsing 2104: .It Fl param_enc Ar arg
1.48 jmc 2105: Specify how the elliptic curve parameters are encoded.
1.1 jsing 2106: Possible value are:
2107: .Cm named_curve ,
2108: i.e. the EC parameters are specified by an OID, or
2109: .Cm explicit ,
2110: where the EC parameters are explicitly given
2111: (see RFC 3279 for the definition of the EC parameter structures).
2112: The default value is
2113: .Cm named_curve .
2114: Note: the
2115: .Cm implicitlyCA
2116: alternative, as specified in RFC 3279,
1.48 jmc 2117: is currently not implemented.
1.1 jsing 2118: .It Fl text
1.64 jmc 2119: Print the EC parameters in plain text.
1.1 jsing 2120: .El
1.120 kn 2121: .Tg enc
1.1 jsing 2122: .Sh ENC
1.114 jmc 2123: .Bl -hang -width "openssl enc"
2124: .It Nm openssl enc
2125: .Bk -words
1.1 jsing 2126: .Fl ciphername
1.106 inoguchi 2127: .Op Fl AadePpv
1.1 jsing 2128: .Op Fl base64
2129: .Op Fl bufsize Ar number
2130: .Op Fl debug
2131: .Op Fl in Ar file
1.97 jmc 2132: .Op Fl iter Ar iterations
1.1 jsing 2133: .Op Fl iv Ar IV
2134: .Op Fl K Ar key
2135: .Op Fl k Ar password
2136: .Op Fl kfile Ar file
2137: .Op Fl md Ar digest
2138: .Op Fl none
2139: .Op Fl nopad
2140: .Op Fl nosalt
2141: .Op Fl out Ar file
2142: .Op Fl pass Ar arg
1.96 beck 2143: .Op Fl pbkdf2
1.1 jsing 2144: .Op Fl S Ar salt
2145: .Op Fl salt
1.114 jmc 2146: .Ek
2147: .El
1.1 jsing 2148: .Pp
2149: The symmetric cipher commands allow data to be encrypted or decrypted
2150: using various block and stream ciphers using keys based on passwords
2151: or explicitly provided.
2152: Base64 encoding or decoding can also be performed either by itself
2153: or in addition to the encryption or decryption.
1.49 jmc 2154: The program can be called either as
2155: .Nm openssl Ar ciphername
2156: or
2157: .Nm openssl enc - Ns Ar ciphername .
2158: .Pp
2159: Some of the ciphers do not have large keys and others have security
2160: implications if not used correctly.
2161: All the block ciphers normally use PKCS#5 padding,
2162: also known as standard block padding.
2163: If padding is disabled, the input data must be a multiple of the cipher
2164: block length.
1.1 jsing 2165: .Pp
2166: The options are as follows:
2167: .Bl -tag -width Ds
2168: .It Fl A
2169: If the
2170: .Fl a
2171: option is set, then base64 process the data on one line.
2172: .It Fl a , base64
2173: Base64 process the data.
2174: This means that if encryption is taking place, the data is base64-encoded
2175: after encryption.
1.49 jmc 2176: If decryption is set, the input data is base64-decoded before
1.1 jsing 2177: being decrypted.
2178: .It Fl bufsize Ar number
2179: Set the buffer size for I/O.
2180: .It Fl d
2181: Decrypt the input data.
2182: .It Fl debug
2183: Debug the BIOs used for I/O.
2184: .It Fl e
1.49 jmc 2185: Encrypt the input data.
2186: This is the default.
1.1 jsing 2187: .It Fl in Ar file
1.49 jmc 2188: The input file to read from,
1.57 jmc 2189: or standard input if not specified.
1.97 jmc 2190: .It Fl iter Ar iterations
2191: Use the pbkdf2 key derivation function, with
2192: .Ar iterations
2193: as the number of iterations.
1.1 jsing 2194: .It Fl iv Ar IV
2195: The actual
2196: .Ar IV
2197: .Pq initialisation vector
2198: to use:
2199: this must be represented as a string comprised only of hex digits.
2200: When only the
2201: .Ar key
2202: is specified using the
2203: .Fl K
1.49 jmc 2204: option,
2205: the IV must explicitly be defined.
1.1 jsing 2206: When a password is being specified using one of the other options,
1.49 jmc 2207: the IV is generated from this password.
1.1 jsing 2208: .It Fl K Ar key
2209: The actual
2210: .Ar key
2211: to use:
2212: this must be represented as a string comprised only of hex digits.
1.49 jmc 2213: If only the key is specified,
2214: the IV must also be specified using the
1.1 jsing 2215: .Fl iv
2216: option.
2217: When both a
2218: .Ar key
2219: and a
2220: .Ar password
2221: are specified, the
2222: .Ar key
2223: given with the
2224: .Fl K
1.49 jmc 2225: option will be used and the IV generated from the password will be taken.
1.1 jsing 2226: It probably does not make much sense to specify both
2227: .Ar key
2228: and
2229: .Ar password .
2230: .It Fl k Ar password
2231: The
2232: .Ar password
2233: to derive the key from.
2234: Superseded by the
2235: .Fl pass
2236: option.
2237: .It Fl kfile Ar file
2238: Read the password to derive the key from the first line of
2239: .Ar file .
2240: Superseded by the
2241: .Fl pass
2242: option.
2243: .It Fl md Ar digest
2244: Use
2245: .Ar digest
2246: to create a key from a pass phrase.
1.118 sthen 2247: Currently, the default value is
1.117 tb 2248: .Cm sha256 .
1.1 jsing 2249: .It Fl none
2250: Use NULL cipher (no encryption or decryption of input).
2251: .It Fl nopad
2252: Disable standard block padding.
2253: .It Fl nosalt
1.49 jmc 2254: Don't use a salt in the key derivation routines.
1.81 jmc 2255: This option should never be used
1.49 jmc 2256: since it makes it possible to perform efficient dictionary
2257: attacks on the password and to attack stream cipher encrypted data.
1.1 jsing 2258: .It Fl out Ar file
1.51 jmc 2259: The output file to write to,
1.57 jmc 2260: or standard output if not specified.
1.1 jsing 2261: .It Fl P
1.49 jmc 2262: Print out the salt, key, and IV used, then immediately exit;
1.1 jsing 2263: don't do any encryption or decryption.
2264: .It Fl p
1.49 jmc 2265: Print out the salt, key, and IV used.
1.1 jsing 2266: .It Fl pass Ar arg
2267: The password source.
1.96 beck 2268: .It Fl pbkdf2
1.97 jmc 2269: Use the pbkdf2 key derivation function, with
1.96 beck 2270: the default of 10000 iterations.
1.1 jsing 2271: .It Fl S Ar salt
2272: The actual
2273: .Ar salt
2274: to use:
2275: this must be represented as a string comprised only of hex digits.
2276: .It Fl salt
1.49 jmc 2277: Use a salt in the key derivation routines (the default).
2278: When the salt is being used
2279: the first eight bytes of the encrypted data are reserved for the salt:
2280: it is randomly generated when encrypting a file and read from the
2281: encrypted file when it is decrypted.
1.106 inoguchi 2282: .It Fl v
2283: Print extra details about the processing.
1.1 jsing 2284: .El
1.120 kn 2285: .Tg errstr
1.1 jsing 2286: .Sh ERRSTR
2287: .Nm openssl errstr
2288: .Op Fl stats
2289: .Ar errno ...
2290: .Pp
2291: The
2292: .Nm errstr
2293: command performs error number to error string conversion,
2294: generating a human-readable string representing the error code
2295: .Ar errno .
2296: The string is obtained through the
2297: .Xr ERR_error_string_n 3
2298: function and has the following format:
2299: .Pp
2300: .Dl error:[error code]:[library name]:[function name]:[reason string]
2301: .Pp
2302: .Bq error code
2303: is an 8-digit hexadecimal number.
2304: The remaining fields
2305: .Bq library name ,
2306: .Bq function name ,
2307: and
2308: .Bq reason string
2309: are all ASCII text.
2310: .Pp
2311: The options are as follows:
2312: .Bl -tag -width Ds
2313: .It Fl stats
2314: Print debugging statistics about various aspects of the hash table.
2315: .El
1.120 kn 2316: .Tg gendsa
1.1 jsing 2317: .Sh GENDSA
1.114 jmc 2318: .Bl -hang -width "openssl gendsa"
2319: .It Nm openssl gendsa
2320: .Bk -words
1.1 jsing 2321: .Oo
1.102 jmc 2322: .Fl aes128 | aes192 | aes256 | camellia128 |
2323: .Fl camellia192 | camellia256 | des | des3 | idea
1.1 jsing 2324: .Oc
2325: .Op Fl out Ar file
1.101 inoguchi 2326: .Op Fl passout Ar arg
2327: .Ar paramfile
1.114 jmc 2328: .Ek
2329: .El
1.1 jsing 2330: .Pp
2331: The
2332: .Nm gendsa
2333: command generates a DSA private key from a DSA parameter file
1.51 jmc 2334: (typically generated by the
1.1 jsing 2335: .Nm openssl dsaparam
2336: command).
1.51 jmc 2337: DSA key generation is little more than random number generation so it is
2338: much quicker than,
2339: for example,
2340: RSA key generation.
1.1 jsing 2341: .Pp
2342: The options are as follows:
2343: .Bl -tag -width Ds
2344: .It Xo
2345: .Fl aes128 | aes192 | aes256 |
1.101 inoguchi 2346: .Fl camellia128 | camellia192 | camellia256 |
2347: .Fl des | des3 |
2348: .Fl idea
1.1 jsing 2349: .Xc
1.101 inoguchi 2350: Encrypt the private key with the AES, CAMELLIA, DES, triple DES
2351: or the IDEA ciphers, respectively, before outputting it.
1.1 jsing 2352: A pass phrase is prompted for.
2353: If none of these options are specified, no encryption is used.
2354: .It Fl out Ar file
1.51 jmc 2355: The output file to write to,
1.57 jmc 2356: or standard output if not specified.
1.101 inoguchi 2357: .It Fl passout Ar arg
2358: The output file password source.
1.1 jsing 2359: .It Ar paramfile
1.51 jmc 2360: Specify the DSA parameter file to use.
1.1 jsing 2361: The parameters in this file determine the size of the private key.
2362: .El
1.120 kn 2363: .Tg genpkey
1.1 jsing 2364: .Sh GENPKEY
1.114 jmc 2365: .Bl -hang -width "openssl genpkey"
2366: .It Nm openssl genpkey
2367: .Bk -words
1.1 jsing 2368: .Op Fl algorithm Ar alg
2369: .Op Ar cipher
2370: .Op Fl genparam
2371: .Op Fl out Ar file
1.52 jmc 2372: .Op Fl outform Cm der | pem
1.1 jsing 2373: .Op Fl paramfile Ar file
2374: .Op Fl pass Ar arg
2375: .Op Fl pkeyopt Ar opt : Ns Ar value
2376: .Op Fl text
1.114 jmc 2377: .Ek
2378: .El
1.1 jsing 2379: .Pp
2380: The
2381: .Nm genpkey
2382: command generates private keys.
2383: The use of this
2384: program is encouraged over the algorithm specific utilities
1.22 bcook 2385: because additional algorithm options can be used.
1.1 jsing 2386: .Pp
2387: The options are as follows:
2388: .Bl -tag -width Ds
2389: .It Fl algorithm Ar alg
2390: The public key algorithm to use,
2391: such as RSA, DSA, or DH.
1.52 jmc 2392: This option must precede any
1.1 jsing 2393: .Fl pkeyopt
2394: options.
2395: The options
2396: .Fl paramfile
2397: and
2398: .Fl algorithm
2399: are mutually exclusive.
2400: .It Ar cipher
2401: Encrypt the private key with the supplied cipher.
2402: Any algorithm name accepted by
1.52 jmc 2403: .Xr EVP_get_cipherbyname 3
2404: is acceptable.
1.1 jsing 2405: .It Fl genparam
2406: Generate a set of parameters instead of a private key.
1.52 jmc 2407: This option must precede any
1.1 jsing 2408: .Fl algorithm ,
2409: .Fl paramfile ,
2410: or
2411: .Fl pkeyopt
2412: options.
2413: .It Fl out Ar file
1.52 jmc 2414: The output file to write to,
1.57 jmc 2415: or standard output if not specified.
1.52 jmc 2416: .It Fl outform Cm der | pem
2417: The output format.
1.1 jsing 2418: .It Fl paramfile Ar file
1.52 jmc 2419: Some public key algorithms generate a private key based on a set of parameters,
2420: which can be supplied using this option.
1.1 jsing 2421: If this option is used the public key
2422: algorithm used is determined by the parameters.
1.52 jmc 2423: This option must precede any
1.1 jsing 2424: .Fl pkeyopt
2425: options.
2426: The options
2427: .Fl paramfile
2428: and
2429: .Fl algorithm
2430: are mutually exclusive.
2431: .It Fl pass Ar arg
2432: The output file password source.
2433: .It Fl pkeyopt Ar opt : Ns Ar value
2434: Set the public key algorithm option
2435: .Ar opt
2436: to
1.52 jmc 2437: .Ar value ,
2438: as follows:
1.1 jsing 2439: .Bl -tag -width Ds -offset indent
2440: .It rsa_keygen_bits : Ns Ar numbits
2441: (RSA)
2442: The number of bits in the generated key.
1.52 jmc 2443: The default is 2048.
1.1 jsing 2444: .It rsa_keygen_pubexp : Ns Ar value
2445: (RSA)
2446: The RSA public exponent value.
2447: This can be a large decimal or hexadecimal value if preceded by 0x.
1.52 jmc 2448: The default is 65537.
1.1 jsing 2449: .It dsa_paramgen_bits : Ns Ar numbits
2450: (DSA)
2451: The number of bits in the generated parameters.
1.52 jmc 2452: The default is 1024.
1.1 jsing 2453: .It dh_paramgen_prime_len : Ns Ar numbits
2454: (DH)
2455: The number of bits in the prime parameter
2456: .Ar p .
2457: .It dh_paramgen_generator : Ns Ar value
2458: (DH)
2459: The value to use for the generator
2460: .Ar g .
2461: .It ec_paramgen_curve : Ns Ar curve
2462: (EC)
1.121 schwarze 2463: The elliptic curve to use.
1.1 jsing 2464: .El
1.52 jmc 2465: .It Fl text
1.64 jmc 2466: Print the private/public key in plain text.
1.52 jmc 2467: .El
1.120 kn 2468: .Tg genrsa
1.1 jsing 2469: .Sh GENRSA
1.114 jmc 2470: .Bl -hang -width "openssl genrsa"
2471: .It Nm openssl genrsa
2472: .Bk -words
1.1 jsing 2473: .Op Fl 3 | f4
1.109 inoguchi 2474: .Oo
2475: .Fl aes128 | aes192 | aes256 | camellia128 |
2476: .Fl camellia192 | camellia256 | des | des3 | idea
2477: .Oc
1.1 jsing 2478: .Op Fl out Ar file
2479: .Op Fl passout Ar arg
2480: .Op Ar numbits
1.114 jmc 2481: .Ek
2482: .El
1.1 jsing 2483: .Pp
2484: The
2485: .Nm genrsa
1.53 jmc 2486: command generates an RSA private key,
2487: which essentially involves the generation of two prime numbers.
2488: When generating the key,
2489: various symbols will be output to indicate the progress of the generation.
2490: A
2491: .Sq \&.
2492: represents each number which has passed an initial sieve test;
2493: .Sq +
2494: means a number has passed a single round of the Miller-Rabin primality test.
2495: A newline means that the number has passed all the prime tests
2496: (the actual number depends on the key size).
1.1 jsing 2497: .Pp
2498: The options are as follows:
2499: .Bl -tag -width Ds
2500: .It Fl 3 | f4
2501: The public exponent to use, either 3 or 65537.
2502: The default is 65537.
1.109 inoguchi 2503: .It Xo
2504: .Fl aes128 | aes192 | aes256 |
2505: .Fl camellia128 | camellia192 | camellia256 |
2506: .Fl des | des3 |
2507: .Fl idea
2508: .Xc
2509: Encrypt the private key with the AES, CAMELLIA, DES, triple DES
2510: or the IDEA ciphers, respectively, before outputting it.
1.1 jsing 2511: If none of these options are specified, no encryption is used.
2512: If encryption is used, a pass phrase is prompted for,
2513: if it is not supplied via the
2514: .Fl passout
2515: option.
2516: .It Fl out Ar file
1.53 jmc 2517: The output file to write to,
1.57 jmc 2518: or standard output if not specified.
1.1 jsing 2519: .It Fl passout Ar arg
2520: The output file password source.
2521: .It Ar numbits
2522: The size of the private key to generate in bits.
2523: This must be the last option specified.
2524: The default is 2048.
2525: .El
1.120 kn 2526: .Tg nseq
1.1 jsing 2527: .Sh NSEQ
2528: .Nm openssl nseq
2529: .Op Fl in Ar file
2530: .Op Fl out Ar file
2531: .Op Fl toseq
2532: .Pp
2533: The
2534: .Nm nseq
1.54 jmc 2535: command takes a file containing a Netscape certificate sequence
2536: (an alternative to the standard PKCS#7 format)
2537: and prints out the certificates contained in it,
2538: or takes a file of certificates
2539: and converts it into a Netscape certificate sequence.
2540: .Pp
1.1 jsing 2541: The options are as follows:
2542: .Bl -tag -width Ds
2543: .It Fl in Ar file
1.54 jmc 2544: The input file to read from,
2545: or standard input if not specified.
1.1 jsing 2546: .It Fl out Ar file
1.54 jmc 2547: The output file to write to,
2548: or standard output if not specified.
1.1 jsing 2549: .It Fl toseq
2550: Normally, a Netscape certificate sequence will be input and the output
2551: is the certificates contained in it.
2552: With the
2553: .Fl toseq
2554: option the situation is reversed:
2555: a Netscape certificate sequence is created from a file of certificates.
2556: .El
1.120 kn 2557: .Tg ocsp
1.1 jsing 2558: .Sh OCSP
1.114 jmc 2559: .Bl -hang -width "openssl ocsp"
2560: .It Nm openssl ocsp
2561: .Bk -words
1.1 jsing 2562: .Op Fl CA Ar file
2563: .Op Fl CAfile Ar file
2564: .Op Fl CApath Ar directory
2565: .Op Fl cert Ar file
2566: .Op Fl dgst Ar alg
1.108 inoguchi 2567: .Op Fl header Ar name value
1.55 jmc 2568: .Op Fl host Ar hostname : Ns Ar port
1.108 inoguchi 2569: .Op Fl ignore_err
1.1 jsing 2570: .Op Fl index Ar indexfile
2571: .Op Fl issuer Ar file
2572: .Op Fl ndays Ar days
2573: .Op Fl nmin Ar minutes
2574: .Op Fl no_cert_checks
2575: .Op Fl no_cert_verify
2576: .Op Fl no_certs
2577: .Op Fl no_chain
1.108 inoguchi 2578: .Op Fl no_explicit
1.1 jsing 2579: .Op Fl no_intern
2580: .Op Fl no_nonce
2581: .Op Fl no_signature_verify
2582: .Op Fl nonce
2583: .Op Fl noverify
2584: .Op Fl nrequest Ar number
2585: .Op Fl out Ar file
2586: .Op Fl path Ar path
2587: .Op Fl port Ar portnum
2588: .Op Fl req_text
2589: .Op Fl reqin Ar file
2590: .Op Fl reqout Ar file
2591: .Op Fl resp_key_id
2592: .Op Fl resp_no_certs
2593: .Op Fl resp_text
2594: .Op Fl respin Ar file
2595: .Op Fl respout Ar file
2596: .Op Fl rkey Ar file
2597: .Op Fl rother Ar file
2598: .Op Fl rsigner Ar file
1.108 inoguchi 2599: .Op Fl serial Ar num
1.1 jsing 2600: .Op Fl sign_other Ar file
2601: .Op Fl signer Ar file
2602: .Op Fl signkey Ar file
2603: .Op Fl status_age Ar age
2604: .Op Fl text
1.108 inoguchi 2605: .Op Fl timeout Ar seconds
1.1 jsing 2606: .Op Fl trust_other
2607: .Op Fl url Ar responder_url
2608: .Op Fl VAfile Ar file
2609: .Op Fl validity_period Ar nsec
2610: .Op Fl verify_other Ar file
1.114 jmc 2611: .Ek
2612: .El
1.1 jsing 2613: .Pp
1.55 jmc 2614: The Online Certificate Status Protocol (OCSP)
2615: enables applications to determine the (revocation) state
2616: of an identified certificate (RFC 2560).
1.1 jsing 2617: .Pp
2618: The
2619: .Nm ocsp
2620: command performs many common OCSP tasks.
2621: It can be used to print out requests and responses,
2622: create requests and send queries to an OCSP responder,
2623: and behave like a mini OCSP server itself.
2624: .Pp
2625: The options are as follows:
2626: .Bl -tag -width Ds
2627: .It Fl CAfile Ar file , Fl CApath Ar directory
1.55 jmc 2628: A file or path containing trusted CA certificates,
2629: used to verify the signature on the OCSP response.
1.1 jsing 2630: .It Fl cert Ar file
2631: Add the certificate
2632: .Ar file
2633: to the request.
2634: The issuer certificate is taken from the previous
2635: .Fl issuer
2636: option, or an error occurs if no issuer certificate is specified.
2637: .It Fl dgst Ar alg
1.55 jmc 2638: Use the digest algorithm
2639: .Ar alg
2640: for certificate identification in the OCSP request.
1.125 inoguchi 2641: By default SHA1 is used.
1.1 jsing 2642: .It Xo
2643: .Fl host Ar hostname : Ns Ar port ,
2644: .Fl path Ar path
2645: .Xc
1.55 jmc 2646: Send
2647: the OCSP request to
1.1 jsing 2648: .Ar hostname
1.55 jmc 2649: on
1.1 jsing 2650: .Ar port .
2651: .Fl path
2652: specifies the HTTP path name to use, or
1.55 jmc 2653: .Pa /
1.1 jsing 2654: by default.
1.108 inoguchi 2655: .It Fl header Ar name value
2656: Add the header name with the specified value to the OCSP request that is sent
2657: to the responder.
2658: This may be repeated.
1.1 jsing 2659: .It Fl issuer Ar file
1.81 jmc 2660: The current issuer certificate, in PEM format.
2661: Can be used multiple times and must come before any
1.1 jsing 2662: .Fl cert
2663: options.
2664: .It Fl no_cert_checks
2665: Don't perform any additional checks on the OCSP response signer's certificate.
2666: That is, do not make any checks to see if the signer's certificate is
2667: authorised to provide the necessary status information:
2668: as a result this option should only be used for testing purposes.
2669: .It Fl no_cert_verify
2670: Don't verify the OCSP response signer's certificate at all.
2671: Since this option allows the OCSP response to be signed by any certificate,
2672: it should only be used for testing purposes.
2673: .It Fl no_certs
1.55 jmc 2674: Don't include any certificates in the signed request.
1.1 jsing 2675: .It Fl no_chain
2676: Do not use certificates in the response as additional untrusted CA
2677: certificates.
1.108 inoguchi 2678: .It Fl no_explicit
2679: Don't check the explicit trust for OCSP signing in the root CA certificate.
1.1 jsing 2680: .It Fl no_intern
2681: Ignore certificates contained in the OCSP response
2682: when searching for the signer's certificate.
1.55 jmc 2683: The signer's certificate must be specified with either the
1.1 jsing 2684: .Fl verify_other
2685: or
2686: .Fl VAfile
2687: options.
2688: .It Fl no_signature_verify
2689: Don't check the signature on the OCSP response.
2690: Since this option tolerates invalid signatures on OCSP responses,
2691: it will normally only be used for testing purposes.
2692: .It Fl nonce , no_nonce
1.55 jmc 2693: Add an OCSP nonce extension to a request,
2694: or disable an OCSP nonce addition.
1.1 jsing 2695: Normally, if an OCSP request is input using the
2696: .Fl respin
1.55 jmc 2697: option no nonce is added:
1.1 jsing 2698: using the
2699: .Fl nonce
1.55 jmc 2700: option will force the addition of a nonce.
1.1 jsing 2701: If an OCSP request is being created (using the
2702: .Fl cert
2703: and
2704: .Fl serial
2705: options)
1.55 jmc 2706: a nonce is automatically added; specifying
1.1 jsing 2707: .Fl no_nonce
2708: overrides this.
2709: .It Fl noverify
1.55 jmc 2710: Don't attempt to verify the OCSP response signature or the nonce values.
2711: This is normally only be used for debugging
1.1 jsing 2712: since it disables all verification of the responder's certificate.
2713: .It Fl out Ar file
1.55 jmc 2714: Specify the output file to write to,
1.57 jmc 2715: or standard output if not specified.
1.1 jsing 2716: .It Fl req_text , resp_text , text
2717: Print out the text form of the OCSP request, response, or both, respectively.
2718: .It Fl reqin Ar file , Fl respin Ar file
2719: Read an OCSP request or response file from
2720: .Ar file .
2721: These options are ignored
2722: if an OCSP request or response creation is implied by other options
2723: (for example with the
2724: .Fl serial , cert ,
2725: and
2726: .Fl host
2727: options).
2728: .It Fl reqout Ar file , Fl respout Ar file
2729: Write out the DER-encoded certificate request or response to
2730: .Ar file .
2731: .It Fl serial Ar num
2732: Same as the
2733: .Fl cert
2734: option except the certificate with serial number
2735: .Ar num
2736: is added to the request.
2737: The serial number is interpreted as a decimal integer unless preceded by
2738: .Sq 0x .
1.55 jmc 2739: Negative integers can also be specified
2740: by preceding the value with a minus sign.
1.1 jsing 2741: .It Fl sign_other Ar file
2742: Additional certificates to include in the signed request.
2743: .It Fl signer Ar file , Fl signkey Ar file
2744: Sign the OCSP request using the certificate specified in the
2745: .Fl signer
2746: option and the private key specified by the
2747: .Fl signkey
2748: option.
2749: If the
2750: .Fl signkey
2751: option is not present, then the private key is read from the same file
2752: as the certificate.
2753: If neither option is specified, the OCSP request is not signed.
1.108 inoguchi 2754: .It Fl timeout Ar seconds
2755: Connection timeout to the OCSP responder in seconds.
1.1 jsing 2756: .It Fl trust_other
2757: The certificates specified by the
2758: .Fl verify_other
2759: option should be explicitly trusted and no additional checks will be
2760: performed on them.
2761: This is useful when the complete responder certificate chain is not available
2762: or trusting a root CA is not appropriate.
2763: .It Fl url Ar responder_url
2764: Specify the responder URL.
2765: Both HTTP and HTTPS
2766: .Pq SSL/TLS
2767: URLs can be specified.
2768: .It Fl VAfile Ar file
1.55 jmc 2769: A file containing explicitly trusted responder certificates.
1.1 jsing 2770: Equivalent to the
2771: .Fl verify_other
2772: and
2773: .Fl trust_other
2774: options.
2775: .It Fl validity_period Ar nsec , Fl status_age Ar age
1.55 jmc 2776: The range of times, in seconds, which will be tolerated in an OCSP response.
2777: Each certificate status response includes a notBefore time
2778: and an optional notAfter time.
1.1 jsing 2779: The current time should fall between these two values,
2780: but the interval between the two times may be only a few seconds.
2781: In practice the OCSP responder and clients' clocks may not be precisely
2782: synchronised and so such a check may fail.
2783: To avoid this the
2784: .Fl validity_period
2785: option can be used to specify an acceptable error range in seconds,
1.55 jmc 2786: the default value being 5 minutes.
1.1 jsing 2787: .Pp
1.55 jmc 2788: If the notAfter time is omitted from a response,
2789: it means that new status information is immediately available.
2790: In this case the age of the notBefore field is checked
2791: to see it is not older than
1.1 jsing 2792: .Ar age
2793: seconds old.
2794: By default, this additional check is not performed.
2795: .It Fl verify_other Ar file
1.55 jmc 2796: A file containing additional certificates to search
2797: when attempting to locate the OCSP response signing certificate.
2798: Some responders omit the actual signer's certificate from the response,
2799: so this can be used to supply the necessary certificate.
1.1 jsing 2800: .El
1.55 jmc 2801: .Pp
2802: The options for the OCSP server are as follows:
1.1 jsing 2803: .Bl -tag -width "XXXX"
2804: .It Fl CA Ar file
2805: CA certificate corresponding to the revocation information in
2806: .Ar indexfile .
1.108 inoguchi 2807: .It Fl ignore_err
2808: Ignore the invalid response.
1.1 jsing 2809: .It Fl index Ar indexfile
2810: .Ar indexfile
1.55 jmc 2811: is a text index file in ca format
2812: containing certificate revocation information.
1.1 jsing 2813: .Pp
1.55 jmc 2814: If this option is specified,
1.1 jsing 2815: .Nm ocsp
1.55 jmc 2816: is in responder mode, otherwise it is in client mode.
2817: The requests the responder processes can be either specified on
1.1 jsing 2818: the command line (using the
2819: .Fl issuer
2820: and
2821: .Fl serial
2822: options), supplied in a file (using the
2823: .Fl respin
1.55 jmc 2824: option), or via external OCSP clients (if
1.1 jsing 2825: .Ar port
2826: or
2827: .Ar url
2828: is specified).
2829: .Pp
1.55 jmc 2830: If this option is present, then the
1.1 jsing 2831: .Fl CA
2832: and
2833: .Fl rsigner
2834: options must also be present.
2835: .It Fl nmin Ar minutes , Fl ndays Ar days
2836: Number of
2837: .Ar minutes
2838: or
2839: .Ar days
1.55 jmc 2840: when fresh revocation information is available:
2841: used in the nextUpdate field.
2842: If neither option is present,
2843: the nextUpdate field is omitted,
2844: meaning fresh revocation information is immediately available.
1.1 jsing 2845: .It Fl nrequest Ar number
1.55 jmc 2846: Exit after receiving
1.1 jsing 2847: .Ar number
1.55 jmc 2848: requests (the default is unlimited).
1.1 jsing 2849: .It Fl port Ar portnum
2850: Port to listen for OCSP requests on.
1.55 jmc 2851: May also be specified using the
1.1 jsing 2852: .Fl url
2853: option.
2854: .It Fl resp_key_id
2855: Identify the signer certificate using the key ID;
1.55 jmc 2856: the default is to use the subject name.
1.1 jsing 2857: .It Fl resp_no_certs
2858: Don't include any certificates in the OCSP response.
2859: .It Fl rkey Ar file
2860: The private key to sign OCSP responses with;
2861: if not present, the file specified in the
2862: .Fl rsigner
2863: option is used.
2864: .It Fl rother Ar file
2865: Additional certificates to include in the OCSP response.
2866: .It Fl rsigner Ar file
2867: The certificate to sign OCSP responses with.
2868: .El
2869: .Pp
2870: Initially the OCSP responder certificate is located and the signature on
2871: the OCSP request checked using the responder certificate's public key.
2872: Then a normal certificate verify is performed on the OCSP responder certificate
2873: building up a certificate chain in the process.
2874: The locations of the trusted certificates used to build the chain can be
2875: specified by the
2876: .Fl CAfile
2877: and
2878: .Fl CApath
2879: options or they will be looked for in the standard
1.55 jmc 2880: .Nm openssl
2881: certificates directory.
1.1 jsing 2882: .Pp
1.55 jmc 2883: If the initial verify fails, the OCSP verify process halts with an error.
1.1 jsing 2884: Otherwise the issuing CA certificate in the request is compared to the OCSP
2885: responder certificate: if there is a match then the OCSP verify succeeds.
2886: .Pp
2887: Otherwise the OCSP responder certificate's CA is checked against the issuing
2888: CA certificate in the request.
2889: If there is a match and the OCSPSigning extended key usage is present
2890: in the OCSP responder certificate, then the OCSP verify succeeds.
2891: .Pp
2892: Otherwise the root CA of the OCSP responder's CA is checked to see if it
2893: is trusted for OCSP signing.
2894: If it is, the OCSP verify succeeds.
2895: .Pp
2896: If none of these checks is successful, the OCSP verify fails.
2897: What this effectively means is that if the OCSP responder certificate is
2898: authorised directly by the CA it is issuing revocation information about
1.55 jmc 2899: (and it is correctly configured),
1.1 jsing 2900: then verification will succeed.
2901: .Pp
1.55 jmc 2902: If the OCSP responder is a global responder,
2903: which can give details about multiple CAs
2904: and has its own separate certificate chain,
2905: then its root CA can be trusted for OCSP signing.
1.1 jsing 2906: Alternatively, the responder certificate itself can be explicitly trusted
2907: with the
2908: .Fl VAfile
2909: option.
1.120 kn 2910: .Tg passwd
1.1 jsing 2911: .Sh PASSWD
1.114 jmc 2912: .Bl -hang -width "openssl passwd"
2913: .It Nm openssl passwd
2914: .Bk -words
1.1 jsing 2915: .Op Fl 1 | apr1 | crypt
2916: .Op Fl in Ar file
2917: .Op Fl noverify
2918: .Op Fl quiet
2919: .Op Fl reverse
2920: .Op Fl salt Ar string
2921: .Op Fl stdin
2922: .Op Fl table
2923: .Op Ar password
1.114 jmc 2924: .Ek
2925: .El
1.1 jsing 2926: .Pp
2927: The
2928: .Nm passwd
1.56 jmc 2929: command computes the hash of a password.
1.1 jsing 2930: .Pp
2931: The options are as follows:
2932: .Bl -tag -width Ds
2933: .It Fl 1
2934: Use the MD5 based
2935: .Bx
2936: password algorithm
1.56 jmc 2937: .Qq 1 .
1.1 jsing 2938: .It Fl apr1
2939: Use the
1.56 jmc 2940: .Qq apr1
1.1 jsing 2941: algorithm
1.56 jmc 2942: .Po
2943: Apache variant of the
1.1 jsing 2944: .Bx
1.56 jmc 2945: algorithm
2946: .Pc .
1.1 jsing 2947: .It Fl crypt
2948: Use the
1.56 jmc 2949: .Qq crypt
2950: algorithm (the default).
1.1 jsing 2951: .It Fl in Ar file
2952: Read passwords from
2953: .Ar file .
2954: .It Fl noverify
2955: Don't verify when reading a password from the terminal.
2956: .It Fl quiet
2957: Don't output warnings when passwords given on the command line are truncated.
2958: .It Fl reverse
2959: Switch table columns.
2960: This only makes sense in conjunction with the
2961: .Fl table
2962: option.
2963: .It Fl salt Ar string
1.56 jmc 2964: Use the salt specified by
2965: .Ar string .
1.1 jsing 2966: When reading a password from the terminal, this implies
2967: .Fl noverify .
2968: .It Fl stdin
1.56 jmc 2969: Read passwords from standard input.
1.1 jsing 2970: .It Fl table
2971: In the output list, prepend the cleartext password and a TAB character
2972: to each password hash.
2973: .El
1.120 kn 2974: .Tg pkcs7
1.1 jsing 2975: .Sh PKCS7
1.114 jmc 2976: .Bl -hang -width "openssl pkcs7"
2977: .It Nm openssl pkcs7
2978: .Bk -words
1.1 jsing 2979: .Op Fl in Ar file
1.57 jmc 2980: .Op Fl inform Cm der | pem
1.1 jsing 2981: .Op Fl noout
2982: .Op Fl out Ar file
1.57 jmc 2983: .Op Fl outform Cm der | pem
1.106 inoguchi 2984: .Op Fl print
1.1 jsing 2985: .Op Fl print_certs
2986: .Op Fl text
1.114 jmc 2987: .Ek
2988: .El
1.1 jsing 2989: .Pp
2990: The
2991: .Nm pkcs7
2992: command processes PKCS#7 files in DER or PEM format.
1.57 jmc 2993: The PKCS#7 routines only understand PKCS#7 v 1.5 as specified in RFC 2315.
2994: .Pp
1.1 jsing 2995: The options are as follows:
2996: .Bl -tag -width Ds
2997: .It Fl in Ar file
1.57 jmc 2998: The input file to read from,
2999: or standard input if not specified.
3000: .It Fl inform Cm der | pem
3001: The input format.
1.1 jsing 3002: .It Fl noout
3003: Don't output the encoded version of the PKCS#7 structure
3004: (or certificates if
3005: .Fl print_certs
3006: is set).
3007: .It Fl out Ar file
1.57 jmc 3008: The output to write to,
3009: or standard output if not specified.
3010: .It Fl outform Cm der | pem
3011: The output format.
1.106 inoguchi 3012: .It Fl print
3013: Print the ASN.1 representation of PKCS#7 structure.
1.1 jsing 3014: .It Fl print_certs
1.57 jmc 3015: Print any certificates or CRLs contained in the file,
3016: preceded by their subject and issuer names in a one-line format.
1.1 jsing 3017: .It Fl text
1.57 jmc 3018: Print certificate details in full rather than just subject and issuer names.
1.1 jsing 3019: .El
1.120 kn 3020: .Tg pkcs8
1.1 jsing 3021: .Sh PKCS8
1.114 jmc 3022: .Bl -hang -width "openssl pkcs8"
3023: .It Nm openssl pkcs8
3024: .Bk -words
1.1 jsing 3025: .Op Fl in Ar file
1.58 jmc 3026: .Op Fl inform Cm der | pem
1.1 jsing 3027: .Op Fl nocrypt
3028: .Op Fl noiter
3029: .Op Fl out Ar file
1.58 jmc 3030: .Op Fl outform Cm der | pem
1.1 jsing 3031: .Op Fl passin Ar arg
3032: .Op Fl passout Ar arg
3033: .Op Fl topk8
3034: .Op Fl v1 Ar alg
3035: .Op Fl v2 Ar alg
1.114 jmc 3036: .Ek
3037: .El
1.1 jsing 3038: .Pp
3039: The
3040: .Nm pkcs8
1.58 jmc 3041: command processes private keys
3042: (both encrypted and unencrypted)
3043: in PKCS#8 format
3044: with a variety of PKCS#5 (v1.5 and v2.0) and PKCS#12 algorithms.
3045: The default encryption is only 56 bits;
3046: keys encrypted using PKCS#5 v2.0 algorithms and high iteration counts
3047: are more secure.
3048: .Pp
1.1 jsing 3049: The options are as follows:
3050: .Bl -tag -width Ds
3051: .It Fl in Ar file
1.58 jmc 3052: The input file to read from,
3053: or standard input if not specified.
1.1 jsing 3054: If the key is encrypted, a pass phrase will be prompted for.
1.58 jmc 3055: .It Fl inform Cm der | pem
3056: The input format.
1.1 jsing 3057: .It Fl nocrypt
1.58 jmc 3058: Generate an unencrypted PrivateKeyInfo structure.
3059: This option does not encrypt private keys at all
3060: and should only be used when absolutely necessary.
1.1 jsing 3061: .It Fl noiter
3062: Use an iteration count of 1.
3063: See the
3064: .Sx PKCS12
3065: section below for a detailed explanation of this option.
3066: .It Fl out Ar file
1.58 jmc 3067: The output file to write to,
3068: or standard output if none is specified.
1.1 jsing 3069: If any encryption options are set, a pass phrase will be prompted for.
1.58 jmc 3070: .It Fl outform Cm der | pem
3071: The output format.
1.1 jsing 3072: .It Fl passin Ar arg
3073: The key password source.
3074: .It Fl passout Ar arg
3075: The output file password source.
3076: .It Fl topk8
1.58 jmc 3077: Read a traditional format private key and write a PKCS#8 format key.
1.1 jsing 3078: .It Fl v1 Ar alg
1.58 jmc 3079: Specify a PKCS#5 v1.5 or PKCS#12 algorithm to use.
3080: .Pp
3081: .Bl -tag -width "XXXX" -compact
3082: .It PBE-MD5-DES
3083: 56-bit DES.
3084: .It PBE-SHA1-RC2-64 | PBE-MD5-RC2-64 | PBE-SHA1-DES
3085: 64-bit RC2 or 56-bit DES.
3086: .It PBE-SHA1-RC4-128 | PBE-SHA1-RC4-40 | PBE-SHA1-3DES
3087: .It PBE-SHA1-2DES | PBE-SHA1-RC2-128 | PBE-SHA1-RC2-40
3088: PKCS#12 password-based encryption algorithm,
3089: which allow strong encryption algorithms like triple DES or 128-bit RC2.
3090: .El
1.1 jsing 3091: .It Fl v2 Ar alg
1.58 jmc 3092: Use PKCS#5 v2.0 algorithms.
3093: Supports algorithms such as 168-bit triple DES or 128-bit RC2,
3094: however not many implementations support PKCS#5 v2.0 yet
3095: (if using private keys with
3096: .Nm openssl
3097: this doesn't matter).
1.1 jsing 3098: .Pp
3099: .Ar alg
1.58 jmc 3100: is the encryption algorithm to use;
3101: valid values include des, des3, and rc2.
3102: It is recommended that des3 is used.
1.1 jsing 3103: .El
1.120 kn 3104: .Tg pkcs12
1.1 jsing 3105: .Sh PKCS12
1.114 jmc 3106: .Bl -hang -width "openssl pkcs12"
3107: .It Nm openssl pkcs12
3108: .Bk -words
1.107 inoguchi 3109: .Oo
3110: .Fl aes128 | aes192 | aes256 | camellia128 |
3111: .Fl camellia192 | camellia256 | des | des3 | idea
3112: .Oc
1.1 jsing 3113: .Op Fl cacerts
3114: .Op Fl CAfile Ar file
3115: .Op Fl caname Ar name
3116: .Op Fl CApath Ar directory
3117: .Op Fl certfile Ar file
3118: .Op Fl certpbe Ar alg
3119: .Op Fl chain
3120: .Op Fl clcerts
3121: .Op Fl CSP Ar name
3122: .Op Fl descert
3123: .Op Fl export
3124: .Op Fl in Ar file
3125: .Op Fl info
3126: .Op Fl inkey Ar file
3127: .Op Fl keyex
3128: .Op Fl keypbe Ar alg
3129: .Op Fl keysig
1.107 inoguchi 3130: .Op Fl LMK
1.1 jsing 3131: .Op Fl macalg Ar alg
3132: .Op Fl maciter
3133: .Op Fl name Ar name
3134: .Op Fl nocerts
3135: .Op Fl nodes
3136: .Op Fl noiter
3137: .Op Fl nokeys
3138: .Op Fl nomac
3139: .Op Fl nomaciter
3140: .Op Fl nomacver
3141: .Op Fl noout
3142: .Op Fl out Ar file
3143: .Op Fl passin Ar arg
3144: .Op Fl passout Ar arg
1.107 inoguchi 3145: .Op Fl password Ar arg
1.1 jsing 3146: .Op Fl twopass
1.114 jmc 3147: .Ek
3148: .El
1.1 jsing 3149: .Pp
3150: The
3151: .Nm pkcs12
3152: command allows PKCS#12 files
3153: .Pq sometimes referred to as PFX files
3154: to be created and parsed.
3155: By default, a PKCS#12 file is parsed;
3156: a PKCS#12 file can be created by using the
3157: .Fl export
1.59 jmc 3158: option.
3159: .Pp
3160: The options for parsing a PKCS12 file are as follows:
1.1 jsing 3161: .Bl -tag -width "XXXX"
1.107 inoguchi 3162: .It Xo
3163: .Fl aes128 | aes192 | aes256 |
3164: .Fl camellia128 | camellia192 | camellia256 |
3165: .Fl des | des3 |
3166: .Fl idea
3167: .Xc
3168: Encrypt private keys using AES, CAMELLIA, DES, triple DES
3169: or the IDEA ciphers, respectively.
1.1 jsing 3170: The default is triple DES.
3171: .It Fl cacerts
3172: Only output CA certificates
3173: .Pq not client certificates .
3174: .It Fl clcerts
3175: Only output client certificates
3176: .Pq not CA certificates .
3177: .It Fl in Ar file
1.59 jmc 3178: The input file to read from,
3179: or standard input if not specified.
1.1 jsing 3180: .It Fl info
3181: Output additional information about the PKCS#12 file structure,
3182: algorithms used, and iteration counts.
3183: .It Fl nocerts
1.59 jmc 3184: Do not output certificates.
1.1 jsing 3185: .It Fl nodes
1.59 jmc 3186: Do not encrypt private keys.
1.1 jsing 3187: .It Fl nokeys
1.59 jmc 3188: Do not output private keys.
1.1 jsing 3189: .It Fl nomacver
1.59 jmc 3190: Do not attempt to verify the integrity MAC before reading the file.
1.1 jsing 3191: .It Fl noout
1.59 jmc 3192: Do not output the keys and certificates to the output file
1.1 jsing 3193: version of the PKCS#12 file.
3194: .It Fl out Ar file
1.59 jmc 3195: The output file to write to,
3196: or standard output if not specified.
1.1 jsing 3197: .It Fl passin Ar arg
3198: The key password source.
3199: .It Fl passout Ar arg
3200: The output file password source.
3201: .It Fl twopass
3202: Prompt for separate integrity and encryption passwords: most software
3203: always assumes these are the same so this option will render such
3204: PKCS#12 files unreadable.
3205: .El
1.59 jmc 3206: .Pp
3207: The options for PKCS12 file creation are as follows:
1.1 jsing 3208: .Bl -tag -width "XXXX"
3209: .It Fl CAfile Ar file
3210: CA storage as a file.
3211: .It Fl CApath Ar directory
3212: CA storage as a directory.
1.59 jmc 3213: The directory must be a standard certificate directory:
1.1 jsing 3214: that is, a hash of each subject name (using
1.59 jmc 3215: .Nm x509 Fl hash )
1.1 jsing 3216: should be linked to each certificate.
3217: .It Fl caname Ar name
1.59 jmc 3218: Specify the
1.1 jsing 3219: .Qq friendly name
3220: for other certificates.
1.59 jmc 3221: May be used multiple times to specify names for all certificates
1.1 jsing 3222: in the order they appear.
3223: .It Fl certfile Ar file
3224: A file to read additional certificates from.
3225: .It Fl certpbe Ar alg , Fl keypbe Ar alg
1.59 jmc 3226: Specify the algorithm used to encrypt the private key and
1.1 jsing 3227: certificates to be selected.
1.59 jmc 3228: Any PKCS#5 v1.5 or PKCS#12 PBE algorithm name can be used.
1.1 jsing 3229: If a cipher name
3230: (as output by the
3231: .Cm list-cipher-algorithms
3232: command) is specified then it
3233: is used with PKCS#5 v2.0.
3234: For interoperability reasons it is advisable to only use PKCS#12 algorithms.
3235: .It Fl chain
1.59 jmc 3236: Include the entire certificate chain of the user certificate.
1.1 jsing 3237: The standard CA store is used for this search.
3238: If the search fails, it is considered a fatal error.
3239: .It Fl CSP Ar name
3240: Write
3241: .Ar name
3242: as a Microsoft CSP name.
3243: .It Fl descert
3244: Encrypt the certificate using triple DES; this may render the PKCS#12
3245: file unreadable by some
3246: .Qq export grade
3247: software.
3248: By default, the private key is encrypted using triple DES and the
3249: certificate using 40-bit RC2.
3250: .It Fl export
1.59 jmc 3251: Create a PKCS#12 file (rather than parsing one).
1.1 jsing 3252: .It Fl in Ar file
1.59 jmc 3253: The input file to read from,
1.81 jmc 3254: or standard input if not specified.
1.1 jsing 3255: The order doesn't matter but one private key and its corresponding
3256: certificate should be present.
3257: If additional certificates are present, they will also be included
3258: in the PKCS#12 file.
3259: .It Fl inkey Ar file
1.59 jmc 3260: File to read a private key from.
1.1 jsing 3261: If not present, a private key must be present in the input file.
3262: .It Fl keyex | keysig
1.59 jmc 3263: Specify whether the private key is to be used for key exchange or just signing.
1.1 jsing 3264: Normally,
3265: .Qq export grade
3266: software will only allow 512-bit RSA keys to be
3267: used for encryption purposes, but arbitrary length keys for signing.
3268: The
3269: .Fl keysig
3270: option marks the key for signing only.
3271: Signing only keys can be used for S/MIME signing, authenticode
1.66 jmc 3272: (ActiveX control signing)
1.59 jmc 3273: and SSL client authentication.
1.107 inoguchi 3274: .It Fl LMK
3275: Add local machine keyset attribute to private key.
1.1 jsing 3276: .It Fl macalg Ar alg
3277: Specify the MAC digest algorithm.
1.59 jmc 3278: The default is SHA1.
1.1 jsing 3279: .It Fl maciter
1.66 jmc 3280: Included for compatibility only:
1.59 jmc 3281: it used to be needed to use MAC iterations counts
3282: but they are now used by default.
1.1 jsing 3283: .It Fl name Ar name
1.59 jmc 3284: Specify the
1.1 jsing 3285: .Qq friendly name
3286: for the certificate and private key.
3287: This name is typically displayed in list boxes by software importing the file.
3288: .It Fl nomac
3289: Don't attempt to provide the MAC integrity.
3290: .It Fl nomaciter , noiter
1.59 jmc 3291: Affect the iteration counts on the MAC and key algorithms.
1.1 jsing 3292: .Pp
3293: To discourage attacks by using large dictionaries of common passwords,
3294: the algorithm that derives keys from passwords can have an iteration count
3295: applied to it: this causes a certain part of the algorithm to be repeated
3296: and slows it down.
3297: The MAC is used to check the file integrity but since it will normally
3298: have the same password as the keys and certificates it could also be attacked.
3299: By default, both MAC and encryption iteration counts are set to 2048;
3300: using these options the MAC and encryption iteration counts can be set to 1.
3301: Since this reduces the file security you should not use these options
3302: unless you really have to.
3303: Most software supports both MAC and key iteration counts.
3304: .It Fl out Ar file
1.59 jmc 3305: The output file to write to,
3306: or standard output if not specified.
1.1 jsing 3307: .It Fl passin Ar arg
3308: The key password source.
3309: .It Fl passout Ar arg
3310: The output file password source.
1.107 inoguchi 3311: .It Fl password Ar arg
3312: With
3313: .Fl export ,
3314: .Fl password
3315: is equivalent to
3316: .Fl passout .
1.108 inoguchi 3317: Otherwise,
1.107 inoguchi 3318: .Fl password
3319: is equivalent to
3320: .Fl passin .
1.1 jsing 3321: .El
1.120 kn 3322: .Tg pkey
1.1 jsing 3323: .Sh PKEY
1.114 jmc 3324: .Bl -hang -width "openssl pkey"
3325: .It Nm openssl pkey
3326: .Bk -words
1.1 jsing 3327: .Op Ar cipher
3328: .Op Fl in Ar file
1.60 jmc 3329: .Op Fl inform Cm der | pem
1.1 jsing 3330: .Op Fl noout
3331: .Op Fl out Ar file
1.60 jmc 3332: .Op Fl outform Cm der | pem
1.1 jsing 3333: .Op Fl passin Ar arg
3334: .Op Fl passout Ar arg
3335: .Op Fl pubin
3336: .Op Fl pubout
3337: .Op Fl text
3338: .Op Fl text_pub
1.114 jmc 3339: .Ek
3340: .El
1.1 jsing 3341: .Pp
3342: The
3343: .Nm pkey
3344: command processes public or private keys.
3345: They can be converted between various forms
3346: and their components printed out.
3347: .Pp
3348: The options are as follows:
3349: .Bl -tag -width Ds
3350: .It Ar cipher
1.60 jmc 3351: Encrypt the private key with the specified cipher.
1.1 jsing 3352: Any algorithm name accepted by
1.60 jmc 3353: .Xr EVP_get_cipherbyname 3
1.1 jsing 3354: is acceptable, such as
3355: .Cm des3 .
3356: .It Fl in Ar file
1.60 jmc 3357: The input file to read from,
3358: or standard input if not specified.
1.127 ! jmc 3359: If the key is encrypted, a pass phrase will be prompted for.
1.60 jmc 3360: .It Fl inform Cm der | pem
3361: The input format.
1.1 jsing 3362: .It Fl noout
3363: Do not output the encoded version of the key.
3364: .It Fl out Ar file
1.60 jmc 3365: The output file to write to,
3366: or standard output if not specified.
1.1 jsing 3367: If any encryption options are set then a pass phrase
3368: will be prompted for.
1.60 jmc 3369: .It Fl outform Cm der | pem
3370: The output format.
1.1 jsing 3371: .It Fl passin Ar arg
3372: The key password source.
3373: .It Fl passout Ar arg
3374: The output file password source.
3375: .It Fl pubin
1.60 jmc 3376: Read in a public key, not a private key.
1.1 jsing 3377: .It Fl pubout
1.60 jmc 3378: Output a public key, not a private key.
3379: Automatically set if the input is a public key.
1.1 jsing 3380: .It Fl text
1.64 jmc 3381: Print the public/private key in plain text.
1.1 jsing 3382: .It Fl text_pub
3383: Print out only public key components
3384: even if a private key is being processed.
3385: .El
1.120 kn 3386: .Tg pkeyparam
1.1 jsing 3387: .Sh PKEYPARAM
3388: .Cm openssl pkeyparam
3389: .Op Fl in Ar file
3390: .Op Fl noout
3391: .Op Fl out Ar file
3392: .Op Fl text
3393: .Pp
3394: The
1.61 jmc 3395: .Nm pkeyparam
1.1 jsing 3396: command processes public or private keys.
1.61 jmc 3397: The key type is determined by the PEM headers.
1.1 jsing 3398: .Pp
3399: The options are as follows:
3400: .Bl -tag -width Ds
3401: .It Fl in Ar file
1.61 jmc 3402: The input file to read from,
3403: or standard input if not specified.
1.1 jsing 3404: .It Fl noout
3405: Do not output the encoded version of the parameters.
3406: .It Fl out Ar file
1.61 jmc 3407: The output file to write to,
3408: or standard output if not specified.
1.1 jsing 3409: .It Fl text
1.64 jmc 3410: Print the parameters in plain text.
1.1 jsing 3411: .El
1.120 kn 3412: .Tg pkeyutl
1.1 jsing 3413: .Sh PKEYUTL
1.114 jmc 3414: .Bl -hang -width "openssl pkeyutl"
3415: .It Nm openssl pkeyutl
3416: .Bk -words
1.1 jsing 3417: .Op Fl asn1parse
3418: .Op Fl certin
3419: .Op Fl decrypt
3420: .Op Fl derive
3421: .Op Fl encrypt
3422: .Op Fl hexdump
3423: .Op Fl in Ar file
3424: .Op Fl inkey Ar file
1.62 jmc 3425: .Op Fl keyform Cm der | pem
1.1 jsing 3426: .Op Fl out Ar file
3427: .Op Fl passin Ar arg
1.62 jmc 3428: .Op Fl peerform Cm der | pem
1.1 jsing 3429: .Op Fl peerkey Ar file
3430: .Op Fl pkeyopt Ar opt : Ns Ar value
3431: .Op Fl pubin
3432: .Op Fl rev
3433: .Op Fl sigfile Ar file
3434: .Op Fl sign
3435: .Op Fl verify
3436: .Op Fl verifyrecover
1.114 jmc 3437: .Ek
3438: .El
1.1 jsing 3439: .Pp
3440: The
3441: .Nm pkeyutl
3442: command can be used to perform public key operations using
3443: any supported algorithm.
3444: .Pp
3445: The options are as follows:
3446: .Bl -tag -width Ds
3447: .It Fl asn1parse
1.84 jmc 3448: ASN.1 parse the output data.
1.1 jsing 3449: This is useful when combined with the
3450: .Fl verifyrecover
1.84 jmc 3451: option when an ASN.1 structure is signed.
1.1 jsing 3452: .It Fl certin
3453: The input is a certificate containing a public key.
3454: .It Fl decrypt
3455: Decrypt the input data using a private key.
3456: .It Fl derive
3457: Derive a shared secret using the peer key.
3458: .It Fl encrypt
3459: Encrypt the input data using a public key.
3460: .It Fl hexdump
3461: Hex dump the output data.
3462: .It Fl in Ar file
1.62 jmc 3463: The input file to read from,
3464: or standard input if not specified.
1.1 jsing 3465: .It Fl inkey Ar file
3466: The input key file.
3467: By default it should be a private key.
1.62 jmc 3468: .It Fl keyform Cm der | pem
3469: The key format.
1.1 jsing 3470: .It Fl out Ar file
1.62 jmc 3471: The output file to write to,
3472: or standard output if not specified.
1.1 jsing 3473: .It Fl passin Ar arg
3474: The key password source.
1.62 jmc 3475: .It Fl peerform Cm der | pem
3476: The peer key format.
1.1 jsing 3477: .It Fl peerkey Ar file
3478: The peer key file, used by key derivation (agreement) operations.
3479: .It Fl pkeyopt Ar opt : Ns Ar value
1.62 jmc 3480: Set the public key algorithm option
3481: .Ar opt
3482: to
3483: .Ar value .
3484: Unless otherwise mentioned, all algorithms support the format
3485: .Ar digest : Ns Ar alg ,
3486: which specifies the digest to use
1.1 jsing 3487: for sign, verify, and verifyrecover operations.
3488: The value
3489: .Ar alg
3490: should represent a digest name as used in the
1.62 jmc 3491: .Xr EVP_get_digestbyname 3
3492: function.
3493: .Pp
1.1 jsing 3494: The RSA algorithm supports the
3495: encrypt, decrypt, sign, verify, and verifyrecover operations in general.
3496: Some padding modes only support some of these
3497: operations however.
3498: .Bl -tag -width Ds
3499: .It rsa_padding_mode : Ns Ar mode
3500: This sets the RSA padding mode.
3501: Acceptable values for
3502: .Ar mode
3503: are
3504: .Cm pkcs1
3505: for PKCS#1 padding;
3506: .Cm none
3507: for no padding;
3508: .Cm oaep
3509: for OAEP mode;
3510: .Cm x931
3511: for X9.31 mode;
3512: and
3513: .Cm pss
3514: for PSS.
3515: .Pp
3516: In PKCS#1 padding if the message digest is not set then the supplied data is
3517: signed or verified directly instead of using a DigestInfo structure.
3518: If a digest is set then a DigestInfo
3519: structure is used and its length
3520: must correspond to the digest type.
3521: For oeap mode only encryption and decryption is supported.
3522: For x931 if the digest type is set it is used to format the block data;
3523: otherwise the first byte is used to specify the X9.31 digest ID.
3524: Sign, verify, and verifyrecover can be performed in this mode.
3525: For pss mode only sign and verify are supported and the digest type must be
3526: specified.
3527: .It rsa_pss_saltlen : Ns Ar len
3528: For pss
3529: mode only this option specifies the salt length.
3530: Two special values are supported:
3531: -1 sets the salt length to the digest length.
1.127 ! jmc 3532: When signing, -2 sets the salt length to the maximum permissible value.
! 3533: When verifying, -2 causes the salt length to be automatically determined
1.1 jsing 3534: based on the PSS block structure.
3535: .El
1.62 jmc 3536: .Pp
1.1 jsing 3537: The DSA algorithm supports the sign and verify operations.
3538: Currently there are no additional options other than
3539: .Ar digest .
3540: Only the SHA1 digest can be used and this digest is assumed by default.
1.62 jmc 3541: .Pp
1.1 jsing 3542: The DH algorithm supports the derive operation
3543: and no additional options.
1.62 jmc 3544: .Pp
1.1 jsing 3545: The EC algorithm supports the sign, verify, and derive operations.
3546: The sign and verify operations use ECDSA and derive uses ECDH.
3547: Currently there are no additional options other than
3548: .Ar digest .
3549: Only the SHA1 digest can be used and this digest is assumed by default.
1.62 jmc 3550: .It Fl pubin
3551: The input file is a public key.
3552: .It Fl rev
3553: Reverse the order of the input buffer.
3554: .It Fl sigfile Ar file
3555: Signature file (verify operation only).
3556: .It Fl sign
3557: Sign the input data and output the signed result.
3558: This requires a private key.
3559: .It Fl verify
3560: Verify the input data against the signature file and indicate if the
3561: verification succeeded or failed.
3562: .It Fl verifyrecover
3563: Verify the input data and output the recovered data.
3564: .El
1.120 kn 3565: .Tg prime
1.1 jsing 3566: .Sh PRIME
3567: .Cm openssl prime
3568: .Op Fl bits Ar n
3569: .Op Fl checks Ar n
3570: .Op Fl generate
3571: .Op Fl hex
3572: .Op Fl safe
3573: .Ar p
3574: .Pp
3575: The
3576: .Nm prime
3577: command is used to generate prime numbers,
3578: or to check numbers for primality.
3579: Results are probabilistic:
3580: they have an exceedingly high likelihood of being correct,
3581: but are not guaranteed.
3582: .Pp
3583: The options are as follows:
3584: .Bl -tag -width Ds
3585: .It Fl bits Ar n
3586: Specify the number of bits in the generated prime number.
3587: Must be used in conjunction with
3588: .Fl generate .
3589: .It Fl checks Ar n
3590: Perform a Miller-Rabin probabilistic primality test with
3591: .Ar n
3592: iterations.
3593: The default is 20.
3594: .It Fl generate
3595: Generate a pseudo-random prime number.
3596: Must be used in conjunction with
3597: .Fl bits .
3598: .It Fl hex
3599: Output in hex format.
3600: .It Fl safe
3601: Generate only
3602: .Qq safe
3603: prime numbers
3604: (i.e. a prime p so that (p-1)/2 is also prime).
3605: .It Ar p
3606: Test if number
3607: .Ar p
3608: is prime.
3609: .El
1.120 kn 3610: .Tg rand
1.1 jsing 3611: .Sh RAND
1.114 jmc 3612: .Bl -hang -width "openssl rand"
3613: .It Nm openssl rand
3614: .Bk -words
1.1 jsing 3615: .Op Fl base64
3616: .Op Fl hex
3617: .Op Fl out Ar file
3618: .Ar num
1.114 jmc 3619: .Ek
3620: .El
1.1 jsing 3621: .Pp
3622: The
3623: .Nm rand
3624: command outputs
3625: .Ar num
3626: pseudo-random bytes.
3627: .Pp
3628: The options are as follows:
3629: .Bl -tag -width Ds
3630: .It Fl base64
1.81 jmc 3631: Perform base64 encoding on the output.
1.1 jsing 3632: .It Fl hex
3633: Specify hexadecimal output.
3634: .It Fl out Ar file
1.63 jmc 3635: The output file to write to,
3636: or standard output if not specified.
1.1 jsing 3637: .El
1.120 kn 3638: .Tg req
1.1 jsing 3639: .Sh REQ
1.114 jmc 3640: .Bl -hang -width "openssl req"
3641: .It Nm openssl req
3642: .Bk -words
1.115 inoguchi 3643: .Op Fl addext Ar ext
1.1 jsing 3644: .Op Fl asn1-kludge
3645: .Op Fl batch
3646: .Op Fl config Ar file
3647: .Op Fl days Ar n
3648: .Op Fl extensions Ar section
3649: .Op Fl in Ar file
1.63 jmc 3650: .Op Fl inform Cm der | pem
1.1 jsing 3651: .Op Fl key Ar keyfile
1.63 jmc 3652: .Op Fl keyform Cm der | pem
1.1 jsing 3653: .Op Fl keyout Ar file
1.28 doug 3654: .Op Fl md4 | md5 | sha1
1.1 jsing 3655: .Op Fl modulus
1.107 inoguchi 3656: .Op Fl multivalue-rdn
1.1 jsing 3657: .Op Fl nameopt Ar option
3658: .Op Fl new
3659: .Op Fl newhdr
3660: .Op Fl newkey Ar arg
3661: .Op Fl no-asn1-kludge
3662: .Op Fl nodes
3663: .Op Fl noout
3664: .Op Fl out Ar file
1.63 jmc 3665: .Op Fl outform Cm der | pem
1.1 jsing 3666: .Op Fl passin Ar arg
3667: .Op Fl passout Ar arg
1.107 inoguchi 3668: .Op Fl pkeyopt Ar opt:value
1.1 jsing 3669: .Op Fl pubkey
3670: .Op Fl reqexts Ar section
3671: .Op Fl reqopt Ar option
3672: .Op Fl set_serial Ar n
1.107 inoguchi 3673: .Op Fl sigopt Ar nm:v
1.1 jsing 3674: .Op Fl subj Ar arg
3675: .Op Fl subject
3676: .Op Fl text
3677: .Op Fl utf8
3678: .Op Fl verbose
3679: .Op Fl verify
3680: .Op Fl x509
1.114 jmc 3681: .Ek
3682: .El
1.1 jsing 3683: .Pp
3684: The
3685: .Nm req
3686: command primarily creates and processes certificate requests
3687: in PKCS#10 format.
3688: It can additionally create self-signed certificates,
3689: for use as root CAs, for example.
3690: .Pp
3691: The options are as follows:
3692: .Bl -tag -width Ds
1.115 inoguchi 3693: .It Fl addext Ar ext
3694: Add a specific extension to the certificate (if the
3695: .Fl x509
3696: option is present) or certificate request.
3697: The argument must have the form of a key=value pair as it would appear in a
3698: config file.
3699: This option can be given multiple times.
1.1 jsing 3700: .It Fl asn1-kludge
1.63 jmc 3701: Produce requests in an invalid format for certain picky CAs.
3702: Very few CAs still require the use of this option.
1.1 jsing 3703: .It Fl batch
3704: Non-interactive mode.
3705: .It Fl config Ar file
1.63 jmc 3706: Specify an alternative configuration file.
1.1 jsing 3707: .It Fl days Ar n
1.63 jmc 3708: Specify the number of days to certify the certificate for.
3709: The default is 30 days.
3710: Used with the
1.1 jsing 3711: .Fl x509
1.63 jmc 3712: option.
1.1 jsing 3713: .It Fl extensions Ar section , Fl reqexts Ar section
1.63 jmc 3714: Specify alternative sections to include certificate
3715: extensions (with
3716: .Fl x509 )
3717: or certificate request extensions,
3718: allowing several different sections to be used in the same configuration file.
1.1 jsing 3719: .It Fl in Ar file
1.63 jmc 3720: The input file to read a request from,
3721: or standard input if not specified.
1.1 jsing 3722: A request is only read if the creation options
3723: .Fl new
3724: and
3725: .Fl newkey
3726: are not specified.
1.63 jmc 3727: .It Fl inform Cm der | pem
3728: The input format.
1.1 jsing 3729: .It Fl key Ar keyfile
1.63 jmc 3730: The file to read the private key from.
1.1 jsing 3731: It also accepts PKCS#8 format private keys for PEM format files.
1.63 jmc 3732: .It Fl keyform Cm der | pem
1.1 jsing 3733: The format of the private key file specified in the
3734: .Fl key
3735: argument.
1.81 jmc 3736: The default is
3737: .Cm pem .
1.1 jsing 3738: .It Fl keyout Ar file
1.63 jmc 3739: The file to write the newly created private key to.
3740: If this option is not specified,
3741: the filename present in the configuration file is used.
1.4 sthen 3742: .It Fl md5 | sha1 | sha256
1.63 jmc 3743: The message digest to sign the request with.
1.1 jsing 3744: This overrides the digest algorithm specified in the configuration file.
3745: .Pp
3746: Some public key algorithms may override this choice.
3747: For instance, DSA signatures always use SHA1.
3748: .It Fl modulus
1.63 jmc 3749: Print the value of the modulus of the public key contained in the request.
1.107 inoguchi 3750: .It Fl multivalue-rdn
3751: This option causes the
3752: .Fl subj
3753: argument to be interpreted with full support for multivalued RDNs,
3754: for example
3755: .Qq "/DC=org/DC=OpenSSL/DC=users/UID=123456+CN=John Doe" .
3756: If
3757: .Fl multivalue-rdn
3758: is not used, the UID value is set to
3759: .Qq "123456+CN=John Doe" .
1.1 jsing 3760: .It Fl nameopt Ar option , Fl reqopt Ar option
1.63 jmc 3761: Determine how the subject or issuer names are displayed.
1.1 jsing 3762: .Ar option
1.63 jmc 3763: can be a single option or multiple options separated by commas.
1.1 jsing 3764: Alternatively, these options may be used more than once to set multiple options.
3765: See the
3766: .Sx X509
3767: section below for details.
3768: .It Fl new
1.63 jmc 3769: Generate a new certificate request.
3770: The user is prompted for the relevant field values.
1.1 jsing 3771: The actual fields prompted for and their maximum and minimum sizes
3772: are specified in the configuration file and any requested extensions.
3773: .Pp
3774: If the
3775: .Fl key
3776: option is not used, it will generate a new RSA private
3777: key using information specified in the configuration file.
3778: .It Fl newhdr
1.63 jmc 3779: Add the word NEW to the PEM file header and footer lines
1.112 inoguchi 3780: on the outputted request.
1.63 jmc 3781: Some software and CAs need this.
1.1 jsing 3782: .It Fl newkey Ar arg
1.63 jmc 3783: Create a new certificate request and a new private key.
1.1 jsing 3784: The argument takes one of several forms.
1.63 jmc 3785: .Pp
3786: .No rsa : Ns Ar nbits
3787: generates an RSA key
1.1 jsing 3788: .Ar nbits
3789: in size.
3790: If
3791: .Ar nbits
1.63 jmc 3792: is omitted
3793: the default key size is used.
3794: .Pp
3795: .No dsa : Ns Ar file
3796: generates a DSA key using the parameters in
3797: .Ar file .
3798: .Pp
3799: .No param : Ns Ar file
3800: generates a key using the parameters or certificate in
3801: .Ar file .
3802: .Pp
3803: All other algorithms support the form
3804: .Ar algorithm : Ns Ar file ,
1.1 jsing 3805: where file may be an algorithm parameter file,
3806: created by the
3807: .Cm genpkey -genparam
1.14 jmc 3808: command or an X.509 certificate for a key with appropriate algorithm.
1.63 jmc 3809: .Ar file
3810: can be omitted,
3811: in which case any parameters can be specified via the
1.1 jsing 3812: .Fl pkeyopt
3813: option.
3814: .It Fl no-asn1-kludge
1.63 jmc 3815: Reverse the effect of
1.1 jsing 3816: .Fl asn1-kludge .
3817: .It Fl nodes
1.63 jmc 3818: Do not encrypt the private key.
1.1 jsing 3819: .It Fl noout
1.63 jmc 3820: Do not output the encoded version of the request.
1.1 jsing 3821: .It Fl out Ar file
1.63 jmc 3822: The output file to write to,
1.99 jmc 3823: or standard output if not specified.
1.63 jmc 3824: .It Fl outform Cm der | pem
3825: The output format.
1.1 jsing 3826: .It Fl passin Ar arg
3827: The key password source.
3828: .It Fl passout Ar arg
3829: The output file password source.
1.107 inoguchi 3830: .It Fl pkeyopt Ar opt:value
3831: Set the public key algorithm option
3832: .Ar opt
3833: to
3834: .Ar value .
1.1 jsing 3835: .It Fl pubkey
1.63 jmc 3836: Output the public key.
1.1 jsing 3837: .It Fl reqopt Ar option
3838: Customise the output format used with
3839: .Fl text .
3840: The
3841: .Ar option
3842: argument can be a single option or multiple options separated by commas.
1.63 jmc 3843: See also the discussion of
1.1 jsing 3844: .Fl certopt
1.63 jmc 3845: in the
1.1 jsing 3846: .Nm x509
3847: command.
3848: .It Fl set_serial Ar n
3849: Serial number to use when outputting a self-signed certificate.
3850: This may be specified as a decimal value or a hex value if preceded by
3851: .Sq 0x .
3852: It is possible to use negative serial numbers but this is not recommended.
1.107 inoguchi 3853: .It Fl sigopt Ar nm:v
3854: Pass options to the signature algorithm during sign operation.
3855: The names and values of these options are algorithm-specific.
1.1 jsing 3856: .It Fl subj Ar arg
1.63 jmc 3857: Replaces the subject field of an input request
3858: with the specified data and output the modified request.
3859: .Ar arg
3860: must be formatted as /type0=value0/type1=value1/type2=...;
1.1 jsing 3861: characters may be escaped by
3862: .Sq \e
1.63 jmc 3863: (backslash);
1.1 jsing 3864: no spaces are skipped.
3865: .It Fl subject
1.63 jmc 3866: Print the request subject (or certificate subject if
1.1 jsing 3867: .Fl x509
1.63 jmc 3868: is specified).
1.1 jsing 3869: .It Fl text
1.64 jmc 3870: Print the certificate request in plain text.
1.1 jsing 3871: .It Fl utf8
1.63 jmc 3872: Interpret field values as UTF8 strings, not ASCII.
1.1 jsing 3873: .It Fl verbose
3874: Print extra details about the operations being performed.
3875: .It Fl verify
1.63 jmc 3876: Verify the signature on the request.
1.1 jsing 3877: .It Fl x509
1.63 jmc 3878: Output a self-signed certificate instead of a certificate request.
3879: This is typically used to generate a test certificate or a self-signed root CA.
3880: The extensions added to the certificate (if any)
1.1 jsing 3881: are specified in the configuration file.
3882: Unless specified using the
3883: .Fl set_serial
1.63 jmc 3884: option, 0 is used for the serial number.
1.1 jsing 3885: .El
1.63 jmc 3886: .Pp
1.1 jsing 3887: The configuration options are specified in the
1.63 jmc 3888: .Qq req
1.1 jsing 3889: section of the configuration file.
1.63 jmc 3890: The options available are as follows:
1.1 jsing 3891: .Bl -tag -width "XXXX"
1.63 jmc 3892: .It Cm attributes
3893: The section containing any request attributes: its format
1.1 jsing 3894: is the same as
1.63 jmc 3895: .Cm distinguished_name .
3896: Typically these may contain the challengePassword or unstructuredName types.
3897: They are currently ignored by the
3898: .Nm openssl
1.1 jsing 3899: request signing utilities, but some CAs might want them.
1.63 jmc 3900: .It Cm default_bits
3901: The default key size, in bits.
3902: The default is 2048.
1.1 jsing 3903: It is used if the
3904: .Fl new
1.63 jmc 3905: option is used and can be overridden by using the
1.1 jsing 3906: .Fl newkey
3907: option.
1.63 jmc 3908: .It Cm default_keyfile
3909: The default file to write a private key to,
3910: or standard output if not specified.
3911: It can be overridden by the
1.1 jsing 3912: .Fl keyout
3913: option.
1.63 jmc 3914: .It Cm default_md
3915: The digest algorithm to use.
1.1 jsing 3916: Possible values include
1.63 jmc 3917: .Cm md5 ,
3918: .Cm sha1
1.1 jsing 3919: and
1.63 jmc 3920: .Cm sha256
3921: (the default).
3922: It can be overridden on the command line.
3923: .It Cm distinguished_name
3924: The section containing the distinguished name fields to
1.1 jsing 3925: prompt for when generating a certificate or certificate request.
1.63 jmc 3926: The format is described below.
3927: .It Cm encrypt_key
3928: If set to
3929: .Qq no
3930: and a private key is generated, it is not encrypted.
3931: It is equivalent to the
1.1 jsing 3932: .Fl nodes
1.63 jmc 3933: option.
1.1 jsing 3934: For compatibility,
1.63 jmc 3935: .Cm encrypt_rsa_key
1.1 jsing 3936: is an equivalent option.
1.63 jmc 3937: .It Cm input_password | output_password
3938: The passwords for the input private key file (if present)
3939: and the output private key file (if one will be created).
1.1 jsing 3940: The command line options
3941: .Fl passin
3942: and
3943: .Fl passout
3944: override the configuration file values.
1.63 jmc 3945: .It Cm oid_file
3946: A file containing additional OBJECT IDENTIFIERS.
1.1 jsing 3947: Each line of the file should consist of the numerical form of the
3948: object identifier, followed by whitespace, then the short name followed
3949: by whitespace and finally the long name.
1.63 jmc 3950: .It Cm oid_section
3951: Specify a section in the configuration file containing extra
1.1 jsing 3952: object identifiers.
3953: Each line should consist of the short name of the
3954: object identifier followed by
3955: .Sq =
3956: and the numerical form.
3957: The short and long names are the same when this option is used.
1.63 jmc 3958: .It Cm prompt
3959: If set to
3960: .Qq no ,
3961: it disables prompting of certificate fields
1.1 jsing 3962: and just takes values from the config file directly.
3963: It also changes the expected format of the
1.63 jmc 3964: .Cm distinguished_name
1.1 jsing 3965: and
1.63 jmc 3966: .Cm attributes
1.1 jsing 3967: sections.
1.63 jmc 3968: .It Cm req_extensions
3969: The configuration file section containing a list of
1.1 jsing 3970: extensions to add to the certificate request.
3971: It can be overridden by the
3972: .Fl reqexts
1.63 jmc 3973: option.
3974: .It Cm string_mask
3975: Limit the string types for encoding certain fields.
1.1 jsing 3976: The following values may be used, limiting strings to the indicated types:
3977: .Bl -tag -width "MASK:number"
1.63 jmc 3978: .It Cm utf8only
3979: UTF8String.
1.1 jsing 3980: This is the default, as recommended by PKIX in RFC 2459.
1.63 jmc 3981: .It Cm default
3982: PrintableString, IA5String, T61String, BMPString, UTF8String.
3983: .It Cm pkix
3984: PrintableString, IA5String, BMPString, UTF8String.
3985: Inspired by the PKIX recommendation in RFC 2459 for certificates
3986: generated before 2004, but differs by also permitting IA5String.
3987: .It Cm nombstr
3988: PrintableString, IA5String, T61String, UniversalString.
3989: A workaround for some ancient software that had problems
3990: with the variable-sized BMPString and UTF8String types.
1.1 jsing 3991: .It Cm MASK : Ns Ar number
1.63 jmc 3992: An explicit bitmask of permitted types, where
1.1 jsing 3993: .Ar number
3994: is a C-style hex, decimal, or octal number that's a bit-wise OR of
3995: .Dv B_ASN1_*
3996: values from
3997: .In openssl/asn1.h .
3998: .El
1.63 jmc 3999: .It Cm utf8
4000: If set to
4001: .Qq yes ,
1.72 jmc 4002: field values are interpreted as UTF8 strings.
1.63 jmc 4003: .It Cm x509_extensions
4004: The configuration file section containing a list of
1.1 jsing 4005: extensions to add to a certificate generated when the
4006: .Fl x509
4007: switch is used.
4008: It can be overridden by the
4009: .Fl extensions
1.72 jmc 4010: command line switch.
1.1 jsing 4011: .El
1.63 jmc 4012: .Pp
1.1 jsing 4013: There are two separate formats for the distinguished name and attribute
4014: sections.
4015: If the
4016: .Fl prompt
4017: option is set to
1.63 jmc 4018: .Qq no ,
1.72 jmc 4019: then these sections just consist of field names and values.
4020: If the
1.1 jsing 4021: .Fl prompt
4022: option is absent or not set to
1.63 jmc 4023: .Qq no ,
1.72 jmc 4024: then the file contains field prompting information of the form:
1.1 jsing 4025: .Bd -unfilled -offset indent
4026: fieldName="prompt"
4027: fieldName_default="default field value"
4028: fieldName_min= 2
4029: fieldName_max= 4
4030: .Ed
4031: .Pp
4032: .Qq fieldName
4033: is the field name being used, for example
1.63 jmc 4034: .Cm commonName
4035: (or CN).
1.1 jsing 4036: The
4037: .Qq prompt
4038: string is used to ask the user to enter the relevant details.
4039: If the user enters nothing, the default value is used;
4040: if no default value is present, the field is omitted.
4041: A field can still be omitted if a default value is present,
4042: if the user just enters the
4043: .Sq \&.
4044: character.
4045: .Pp
4046: The number of characters entered must be between the
1.63 jmc 4047: fieldName_min and fieldName_max limits:
1.1 jsing 4048: there may be additional restrictions based on the field being used
4049: (for example
1.63 jmc 4050: .Cm countryName
1.1 jsing 4051: can only ever be two characters long and must fit in a
1.63 jmc 4052: .Cm PrintableString ) .
1.1 jsing 4053: .Pp
4054: Some fields (such as
1.63 jmc 4055: .Cm organizationName )
1.1 jsing 4056: can be used more than once in a DN.
4057: This presents a problem because configuration files will
4058: not recognize the same name occurring twice.
4059: To avoid this problem, if the
1.63 jmc 4060: .Cm fieldName
1.1 jsing 4061: contains some characters followed by a full stop, they will be ignored.
4062: So, for example, a second
1.63 jmc 4063: .Cm organizationName
1.1 jsing 4064: can be input by calling it
4065: .Qq 1.organizationName .
4066: .Pp
4067: The actual permitted field names are any object identifier short or
4068: long names.
4069: These are compiled into
1.63 jmc 4070: .Nm openssl
1.1 jsing 4071: and include the usual values such as
1.63 jmc 4072: .Cm commonName , countryName , localityName , organizationName ,
1.89 jmc 4073: .Cm organizationalUnitName , stateOrProvinceName .
1.1 jsing 4074: Additionally,
1.63 jmc 4075: .Cm emailAddress
1.1 jsing 4076: is included as well as
1.63 jmc 4077: .Cm name , surname , givenName , initials
1.1 jsing 4078: and
1.63 jmc 4079: .Cm dnQualifier .
1.1 jsing 4080: .Pp
4081: Additional object identifiers can be defined with the
1.63 jmc 4082: .Cm oid_file
1.1 jsing 4083: or
1.63 jmc 4084: .Cm oid_section
1.1 jsing 4085: options in the configuration file.
4086: Any additional fields will be treated as though they were a
1.63 jmc 4087: .Cm DirectoryString .
1.120 kn 4088: .Tg rsa
1.1 jsing 4089: .Sh RSA
1.114 jmc 4090: .Bl -hang -width "openssl rsa"
4091: .It Nm openssl rsa
4092: .Bk -words
1.64 jmc 4093: .Op Fl aes128 | aes192 | aes256 | des | des3
1.1 jsing 4094: .Op Fl check
4095: .Op Fl in Ar file
1.108 inoguchi 4096: .Op Fl inform Cm der | net | pem | pvk
1.1 jsing 4097: .Op Fl modulus
4098: .Op Fl noout
4099: .Op Fl out Ar file
1.108 inoguchi 4100: .Op Fl outform Cm der | net | pem | pvk
1.1 jsing 4101: .Op Fl passin Ar arg
4102: .Op Fl passout Ar arg
4103: .Op Fl pubin
4104: .Op Fl pubout
1.108 inoguchi 4105: .Op Fl pvk-none | pvk-strong | pvk-weak
4106: .Op Fl RSAPublicKey_in
4107: .Op Fl RSAPublicKey_out
1.1 jsing 4108: .Op Fl sgckey
4109: .Op Fl text
1.114 jmc 4110: .Ek
4111: .El
1.1 jsing 4112: .Pp
4113: The
4114: .Nm rsa
4115: command processes RSA keys.
4116: They can be converted between various forms and their components printed out.
1.64 jmc 4117: .Nm rsa
4118: uses the traditional
1.1 jsing 4119: .Nm SSLeay
4120: compatible format for private key encryption:
4121: newer applications should use the more secure PKCS#8 format using the
4122: .Nm pkcs8
4123: utility.
4124: .Pp
4125: The options are as follows:
4126: .Bl -tag -width Ds
1.64 jmc 4127: .It Fl aes128 | aes192 | aes256 | des | des3
4128: Encrypt the private key with the AES, DES,
1.1 jsing 4129: or the triple DES ciphers, respectively, before outputting it.
4130: A pass phrase is prompted for.
4131: If none of these options are specified, the key is written in plain text.
4132: This means that using the
4133: .Nm rsa
4134: utility to read in an encrypted key with no encryption option can be used
4135: to remove the pass phrase from a key, or by setting the encryption options
4136: it can be used to add or change the pass phrase.
4137: These options can only be used with PEM format output files.
4138: .It Fl check
1.64 jmc 4139: Check the consistency of an RSA private key.
1.1 jsing 4140: .It Fl in Ar file
1.64 jmc 4141: The input file to read from,
4142: or standard input if not specified.
1.1 jsing 4143: If the key is encrypted, a pass phrase will be prompted for.
1.108 inoguchi 4144: .It Fl inform Cm der | net | pem | pvk
1.64 jmc 4145: The input format.
1.1 jsing 4146: .It Fl noout
1.64 jmc 4147: Do not output the encoded version of the key.
1.1 jsing 4148: .It Fl modulus
1.64 jmc 4149: Print the value of the modulus of the key.
1.1 jsing 4150: .It Fl out Ar file
1.64 jmc 4151: The output file to write to,
4152: or standard output if not specified.
1.108 inoguchi 4153: .It Fl outform Cm der | net | pem | pvk
1.64 jmc 4154: The output format.
1.1 jsing 4155: .It Fl passin Ar arg
4156: The key password source.
4157: .It Fl passout Ar arg
4158: The output file password source.
4159: .It Fl pubin
1.64 jmc 4160: Read in a public key,
4161: not a private key.
1.1 jsing 4162: .It Fl pubout
1.64 jmc 4163: Output a public key,
4164: not a private key.
4165: Automatically set if the input is a public key.
1.108 inoguchi 4166: .It Xo
4167: .Fl pvk-none | pvk-strong | pvk-weak
4168: .Xc
4169: Enable or disable PVK encoding.
4170: The default is
4171: .Fl pvk-strong .
4172: .It Fl RSAPublicKey_in , RSAPublicKey_out
4173: Same as
4174: .Fl pubin
4175: and
4176: .Fl pubout
4177: except
4178: .Cm RSAPublicKey
4179: format is used instead.
1.1 jsing 4180: .It Fl sgckey
1.64 jmc 4181: Use the modified NET algorithm used with some versions of Microsoft IIS
4182: and SGC keys.
1.1 jsing 4183: .It Fl text
1.64 jmc 4184: Print the public/private key components in plain text.
1.1 jsing 4185: .El
1.120 kn 4186: .Tg rsautl
1.1 jsing 4187: .Sh RSAUTL
1.114 jmc 4188: .Bl -hang -width "openssl rsautl"
4189: .It Nm openssl rsautl
4190: .Bk -words
1.1 jsing 4191: .Op Fl asn1parse
4192: .Op Fl certin
4193: .Op Fl decrypt
4194: .Op Fl encrypt
4195: .Op Fl hexdump
4196: .Op Fl in Ar file
4197: .Op Fl inkey Ar file
1.65 jmc 4198: .Op Fl keyform Cm der | pem
1.100 tb 4199: .Op Fl oaep | pkcs | raw | x931
1.1 jsing 4200: .Op Fl out Ar file
1.100 tb 4201: .Op Fl passin Ar arg
1.1 jsing 4202: .Op Fl pubin
1.100 tb 4203: .Op Fl rev
1.1 jsing 4204: .Op Fl sign
4205: .Op Fl verify
1.114 jmc 4206: .Ek
4207: .El
1.1 jsing 4208: .Pp
4209: The
4210: .Nm rsautl
4211: command can be used to sign, verify, encrypt and decrypt
4212: data using the RSA algorithm.
4213: .Pp
4214: The options are as follows:
4215: .Bl -tag -width Ds
4216: .It Fl asn1parse
4217: Asn1parse the output data; this is useful when combined with the
4218: .Fl verify
4219: option.
4220: .It Fl certin
4221: The input is a certificate containing an RSA public key.
4222: .It Fl decrypt
4223: Decrypt the input data using an RSA private key.
4224: .It Fl encrypt
4225: Encrypt the input data using an RSA public key.
4226: .It Fl hexdump
4227: Hex dump the output data.
4228: .It Fl in Ar file
1.65 jmc 4229: The input to read from,
4230: or standard input if not specified.
1.1 jsing 4231: .It Fl inkey Ar file
1.65 jmc 4232: The input key file; by default an RSA private key.
4233: .It Fl keyform Cm der | pem
1.85 tb 4234: The private key format.
1.65 jmc 4235: The default is
4236: .Cm pem .
1.100 tb 4237: .It Fl oaep | pkcs | raw | x931
1.1 jsing 4238: The padding to use:
1.100 tb 4239: PKCS#1 OAEP, PKCS#1 v1.5 (the default), no padding, or ANSI X9.31,
4240: respectively.
1.1 jsing 4241: For signatures, only
4242: .Fl pkcs
4243: and
4244: .Fl raw
4245: can be used.
4246: .It Fl out Ar file
1.65 jmc 4247: The output file to write to,
4248: or standard output if not specified.
1.100 tb 4249: .It Fl passin Ar arg
4250: The key password source.
1.1 jsing 4251: .It Fl pubin
4252: The input file is an RSA public key.
1.100 tb 4253: .It Fl rev
4254: Reverse the order of the input buffer.
1.1 jsing 4255: .It Fl sign
4256: Sign the input data and output the signed result.
4257: This requires an RSA private key.
4258: .It Fl verify
4259: Verify the input data and output the recovered data.
4260: .El
1.120 kn 4261: .Tg s_client
1.1 jsing 4262: .Sh S_CLIENT
1.114 jmc 4263: .Bl -hang -width "openssl s_client"
4264: .It Nm openssl s_client
4265: .Bk -words
1.1 jsing 4266: .Op Fl 4 | 6
1.110 inoguchi 4267: .Op Fl alpn Ar protocols
1.1 jsing 4268: .Op Fl bugs
4269: .Op Fl CAfile Ar file
4270: .Op Fl CApath Ar directory
4271: .Op Fl cert Ar file
1.110 inoguchi 4272: .Op Fl certform Cm der | pem
1.1 jsing 4273: .Op Fl check_ss_sig
4274: .Op Fl cipher Ar cipherlist
1.66 jmc 4275: .Op Fl connect Ar host Ns Op : Ns Ar port
1.1 jsing 4276: .Op Fl crl_check
4277: .Op Fl crl_check_all
4278: .Op Fl crlf
4279: .Op Fl debug
1.110 inoguchi 4280: .Op Fl dtls1
1.1 jsing 4281: .Op Fl extended_crl
1.121 schwarze 4282: .Op Fl groups Ar list
1.110 inoguchi 4283: .Op Fl host Ar host
1.1 jsing 4284: .Op Fl ign_eof
4285: .Op Fl ignore_critical
4286: .Op Fl issuer_checks
4287: .Op Fl key Ar keyfile
1.110 inoguchi 4288: .Op Fl keyform Cm der | pem
4289: .Op Fl keymatexport Ar label
4290: .Op Fl keymatexportlen Ar len
4291: .Op Fl legacy_server_connect
1.1 jsing 4292: .Op Fl msg
1.110 inoguchi 4293: .Op Fl mtu Ar mtu
1.1 jsing 4294: .Op Fl nbio
4295: .Op Fl nbio_test
1.110 inoguchi 4296: .Op Fl no_comp
4297: .Op Fl no_ign_eof
4298: .Op Fl no_legacy_server_connect
1.1 jsing 4299: .Op Fl no_ticket
4300: .Op Fl no_tls1
1.6 guenther 4301: .Op Fl no_tls1_1
4302: .Op Fl no_tls1_2
1.119 jsing 4303: .Op Fl no_tls1_3
1.110 inoguchi 4304: .Op Fl pass Ar arg
1.1 jsing 4305: .Op Fl pause
4306: .Op Fl policy_check
1.110 inoguchi 4307: .Op Fl port Ar port
1.1 jsing 4308: .Op Fl prexit
1.11 bluhm 4309: .Op Fl proxy Ar host : Ns Ar port
1.1 jsing 4310: .Op Fl quiet
4311: .Op Fl reconnect
1.5 jsing 4312: .Op Fl servername Ar name
1.110 inoguchi 4313: .Op Fl serverpref
4314: .Op Fl sess_in Ar file
4315: .Op Fl sess_out Ar file
1.1 jsing 4316: .Op Fl showcerts
4317: .Op Fl starttls Ar protocol
4318: .Op Fl state
1.110 inoguchi 4319: .Op Fl status
4320: .Op Fl timeout
1.1 jsing 4321: .Op Fl tls1
1.31 jmc 4322: .Op Fl tls1_1
4323: .Op Fl tls1_2
1.119 jsing 4324: .Op Fl tls1_3
1.1 jsing 4325: .Op Fl tlsextdebug
1.110 inoguchi 4326: .Op Fl use_srtp Ar profiles
1.1 jsing 4327: .Op Fl verify Ar depth
1.110 inoguchi 4328: .Op Fl verify_return_error
1.1 jsing 4329: .Op Fl x509_strict
1.19 landry 4330: .Op Fl xmpphost Ar host
1.114 jmc 4331: .Ek
4332: .El
1.1 jsing 4333: .Pp
4334: The
4335: .Nm s_client
4336: command implements a generic SSL/TLS client which connects
4337: to a remote host using SSL/TLS.
1.66 jmc 4338: .Pp
4339: If a connection is established with an SSL server, any data received
4340: from the server is displayed and any key presses will be sent to the
4341: server.
4342: When used interactively (which means neither
4343: .Fl quiet
4344: nor
4345: .Fl ign_eof
4346: have been given), the session will be renegotiated if the line begins with an
4347: .Cm R ;
4348: if the line begins with a
4349: .Cm Q
4350: or if end of file is reached, the connection will be closed down.
1.1 jsing 4351: .Pp
4352: The options are as follows:
4353: .Bl -tag -width Ds
4354: .It Fl 4
1.66 jmc 4355: Attempt connections using IPv4 only.
1.1 jsing 4356: .It Fl 6
1.66 jmc 4357: Attempt connections using IPv6 only.
1.110 inoguchi 4358: .It Fl alpn Ar protocols
4359: Enable the Application-Layer Protocol Negotiation.
4360: .Ar protocols
4361: is a comma-separated list of protocol names that the client should advertise
4362: support for.
1.1 jsing 4363: .It Fl bugs
1.66 jmc 4364: Enable various workarounds for buggy implementations.
1.1 jsing 4365: .It Fl CAfile Ar file
4366: A
4367: .Ar file
4368: containing trusted certificates to use during server authentication
4369: and to use when attempting to build the client certificate chain.
4370: .It Fl CApath Ar directory
4371: The
4372: .Ar directory
4373: to use for server certificate verification.
4374: This directory must be in
4375: .Qq hash format ;
4376: see
4377: .Fl verify
4378: for more information.
4379: These are also used when building the client certificate chain.
4380: .It Fl cert Ar file
4381: The certificate to use, if one is requested by the server.
4382: The default is not to use a certificate.
1.110 inoguchi 4383: .It Fl certform Cm der | pem
4384: The certificate format.
4385: The default is
4386: .Cm pem .
1.1 jsing 4387: .It Xo
4388: .Fl check_ss_sig ,
4389: .Fl crl_check ,
4390: .Fl crl_check_all ,
4391: .Fl extended_crl ,
4392: .Fl ignore_critical ,
4393: .Fl issuer_checks ,
4394: .Fl policy_check ,
4395: .Fl x509_strict
4396: .Xc
4397: Set various certificate chain validation options.
4398: See the
1.66 jmc 4399: .Nm verify
1.1 jsing 4400: command for details.
4401: .It Fl cipher Ar cipherlist
1.66 jmc 4402: Modify the cipher list sent by the client.
1.1 jsing 4403: Although the server determines which cipher suite is used, it should take
4404: the first supported cipher in the list sent by the client.
4405: See the
1.66 jmc 4406: .Nm ciphers
4407: command for more information.
4408: .It Fl connect Ar host Ns Op : Ns Ar port
4409: The
1.1 jsing 4410: .Ar host
1.66 jmc 4411: and
1.1 jsing 4412: .Ar port
4413: to connect to.
4414: If not specified, an attempt is made to connect to the local host
4415: on port 4433.
4416: Alternatively, the host and port pair may be separated using a forward-slash
1.66 jmc 4417: character,
4418: which is useful for numeric IPv6 addresses.
1.1 jsing 4419: .It Fl crlf
1.66 jmc 4420: Translate a line feed from the terminal into CR+LF,
4421: as required by some servers.
1.1 jsing 4422: .It Fl debug
1.66 jmc 4423: Print extensive debugging information, including a hex dump of all traffic.
1.110 inoguchi 4424: .It Fl dtls1
4425: Permit only DTLS1.0.
1.121 schwarze 4426: .It Fl groups Ar list
4427: Set the supported elliptic curve groups to the colon separated
4428: .Ar list
4429: of group NIDs or names as documented in
4430: .Xr SSL_CTX_set1_groups_list 3 .
1.110 inoguchi 4431: .It Fl host Ar host
4432: The
4433: .Ar host
4434: to connect to.
4435: The default is localhost.
1.1 jsing 4436: .It Fl ign_eof
1.66 jmc 4437: Inhibit shutting down the connection when end of file is reached in the input.
1.1 jsing 4438: .It Fl key Ar keyfile
4439: The private key to use.
4440: If not specified, the certificate file will be used.
1.110 inoguchi 4441: .It Fl keyform Cm der | pem
4442: The private key format.
4443: The default is
4444: .Cm pem .
4445: .It Fl keymatexport Ar label
4446: Export keying material using label.
4447: .It Fl keymatexportlen Ar len
4448: Export len bytes of keying material (default 20).
4449: .It Fl legacy_server_connect , no_legacy_server_connect
4450: Allow or disallow initial connection to servers that don't support RI.
1.1 jsing 4451: .It Fl msg
4452: Show all protocol messages with hex dump.
1.110 inoguchi 4453: .It Fl mtu Ar mtu
4454: Set the link layer MTU.
1.1 jsing 4455: .It Fl nbio
1.66 jmc 4456: Turn on non-blocking I/O.
1.1 jsing 4457: .It Fl nbio_test
1.66 jmc 4458: Test non-blocking I/O.
1.110 inoguchi 4459: .It Fl no_ign_eof
4460: Shut down the connection when end of file is reached in the input.
4461: Can be used to override the implicit
4462: .Fl ign_eof
4463: after
4464: .Fl quiet .
1.119 jsing 4465: .It Fl no_tls1 | no_tls1_1 | no_tls1_2 | no_tls1_3
4466: Disable the use of TLS1.0, 1.1, 1.2 and 1.3 respectively.
1.1 jsing 4467: .It Fl no_ticket
4468: Disable RFC 4507 session ticket support.
1.110 inoguchi 4469: .It Fl pass Ar arg
4470: The private key password source.
1.1 jsing 4471: .It Fl pause
1.66 jmc 4472: Pause 1 second between each read and write call.
1.110 inoguchi 4473: .It Fl port Ar port
4474: The
4475: .Ar port
4476: to connect to.
4477: The default is 4433.
1.1 jsing 4478: .It Fl prexit
4479: Print session information when the program exits.
4480: This will always attempt
4481: to print out information even if the connection fails.
4482: Normally, information will only be printed out once if the connection succeeds.
4483: This option is useful because the cipher in use may be renegotiated
4484: or the connection may fail because a client certificate is required or is
4485: requested only after an attempt is made to access a certain URL.
1.66 jmc 4486: Note that the output produced by this option is not always accurate
4487: because a connection might never have been established.
1.11 bluhm 4488: .It Fl proxy Ar host : Ns Ar port
4489: Use the HTTP proxy at
4490: .Ar host
4491: and
4492: .Ar port .
4493: The connection to the proxy is done in cleartext and the
4494: .Fl connect
4495: argument is given to the proxy.
4496: If not specified, localhost is used as final destination.
4497: After that, switch the connection through the proxy to the destination
4498: to TLS.
1.1 jsing 4499: .It Fl quiet
4500: Inhibit printing of session and certificate information.
4501: This implicitly turns on
4502: .Fl ign_eof
4503: as well.
4504: .It Fl reconnect
1.66 jmc 4505: Reconnect to the same server 5 times using the same session ID; this can
1.1 jsing 4506: be used as a test that session caching is working.
1.5 jsing 4507: .It Fl servername Ar name
4508: Include the TLS Server Name Indication (SNI) extension in the ClientHello
4509: message, using the specified server
4510: .Ar name .
1.1 jsing 4511: .It Fl showcerts
4512: Display the whole server certificate chain: normally only the server
4513: certificate itself is displayed.
1.110 inoguchi 4514: .It Fl serverpref
4515: Use the server's cipher preferences.
4516: .It Fl sess_in Ar file
4517: Load TLS session from file.
4518: The client will attempt to resume a connection from this session.
4519: .It Fl sess_out Ar file
4520: Output TLS session to file.
1.1 jsing 4521: .It Fl starttls Ar protocol
1.66 jmc 4522: Send the protocol-specific messages to switch to TLS for communication.
1.1 jsing 4523: .Ar protocol
4524: is a keyword for the intended protocol.
4525: Currently, the supported keywords are
4526: .Qq ftp ,
4527: .Qq imap ,
4528: .Qq smtp ,
4529: .Qq pop3 ,
4530: and
4531: .Qq xmpp .
4532: .It Fl state
1.66 jmc 4533: Print the SSL session states.
1.110 inoguchi 4534: .It Fl status
4535: Send a certificate status request to the server (OCSP stapling).
4536: The server response (if any) is printed out.
4537: .It Fl timeout
4538: Enable send/receive timeout on DTLS connections.
1.119 jsing 4539: .It Fl tls1 | tls1_1 | tls1_2 | tls1_3
4540: Permit only TLS1.0, 1.1, 1.2 or 1.3 respectively.
1.1 jsing 4541: .It Fl tlsextdebug
1.66 jmc 4542: Print a hex dump of any TLS extensions received from the server.
1.110 inoguchi 4543: .It Fl use_srtp Ar profiles
4544: Offer SRTP key management with a colon-separated profile list.
1.1 jsing 4545: .It Fl verify Ar depth
1.66 jmc 4546: Turn on server certificate verification,
4547: with a maximum length of
4548: .Ar depth .
1.1 jsing 4549: Currently the verify operation continues after errors so all the problems
4550: with a certificate chain can be seen.
4551: As a side effect the connection will never fail due to a server
4552: certificate verify failure.
1.110 inoguchi 4553: .It Fl verify_return_error
4554: Return verification error.
1.19 landry 4555: .It Fl xmpphost Ar hostname
1.66 jmc 4556: When used with
1.19 landry 4557: .Fl starttls Ar xmpp ,
1.66 jmc 4558: specify the host for the "to" attribute of the stream element.
1.19 landry 4559: If this option is not specified then the host specified with
4560: .Fl connect
4561: will be used.
1.1 jsing 4562: .El
1.120 kn 4563: .Tg s_server
1.1 jsing 4564: .Sh S_SERVER
1.114 jmc 4565: .Bl -hang -width "openssl s_server"
4566: .It Nm openssl s_server
4567: .Bk -words
1.1 jsing 4568: .Op Fl accept Ar port
1.111 inoguchi 4569: .Op Fl alpn Ar protocols
1.1 jsing 4570: .Op Fl bugs
4571: .Op Fl CAfile Ar file
4572: .Op Fl CApath Ar directory
4573: .Op Fl cert Ar file
1.111 inoguchi 4574: .Op Fl cert2 Ar file
4575: .Op Fl certform Cm der | pem
1.1 jsing 4576: .Op Fl cipher Ar cipherlist
4577: .Op Fl context Ar id
4578: .Op Fl crl_check
4579: .Op Fl crl_check_all
4580: .Op Fl crlf
4581: .Op Fl dcert Ar file
1.111 inoguchi 4582: .Op Fl dcertform Cm der | pem
1.1 jsing 4583: .Op Fl debug
4584: .Op Fl dhparam Ar file
4585: .Op Fl dkey Ar file
1.111 inoguchi 4586: .Op Fl dkeyform Cm der | pem
4587: .Op Fl dpass Ar arg
4588: .Op Fl dtls1
1.121 schwarze 4589: .Op Fl groups Ar list
1.1 jsing 4590: .Op Fl HTTP
4591: .Op Fl id_prefix Ar arg
4592: .Op Fl key Ar keyfile
1.111 inoguchi 4593: .Op Fl key2 Ar keyfile
4594: .Op Fl keyform Cm der | pem
4595: .Op Fl keymatexport Ar label
4596: .Op Fl keymatexportlen Ar len
1.1 jsing 4597: .Op Fl msg
1.111 inoguchi 4598: .Op Fl mtu Ar mtu
4599: .Op Fl named_curve Ar arg
1.1 jsing 4600: .Op Fl nbio
4601: .Op Fl nbio_test
1.111 inoguchi 4602: .Op Fl no_cache
1.1 jsing 4603: .Op Fl no_dhe
1.111 inoguchi 4604: .Op Fl no_ecdhe
4605: .Op Fl no_ticket
1.1 jsing 4606: .Op Fl no_tls1
1.6 guenther 4607: .Op Fl no_tls1_1
4608: .Op Fl no_tls1_2
1.122 inoguchi 4609: .Op Fl no_tls1_3
1.1 jsing 4610: .Op Fl no_tmp_rsa
4611: .Op Fl nocert
1.111 inoguchi 4612: .Op Fl pass Ar arg
1.1 jsing 4613: .Op Fl quiet
1.111 inoguchi 4614: .Op Fl servername Ar name
4615: .Op Fl servername_fatal
1.1 jsing 4616: .Op Fl serverpref
4617: .Op Fl state
1.111 inoguchi 4618: .Op Fl status
4619: .Op Fl status_timeout Ar nsec
4620: .Op Fl status_url Ar url
4621: .Op Fl status_verbose
4622: .Op Fl timeout
1.1 jsing 4623: .Op Fl tls1
1.31 jmc 4624: .Op Fl tls1_1
4625: .Op Fl tls1_2
1.122 inoguchi 4626: .Op Fl tls1_3
1.111 inoguchi 4627: .Op Fl tlsextdebug
4628: .Op Fl use_srtp Ar profiles
1.1 jsing 4629: .Op Fl Verify Ar depth
4630: .Op Fl verify Ar depth
1.111 inoguchi 4631: .Op Fl verify_return_error
1.1 jsing 4632: .Op Fl WWW
4633: .Op Fl www
1.114 jmc 4634: .Ek
4635: .El
1.1 jsing 4636: .Pp
4637: The
4638: .Nm s_server
4639: command implements a generic SSL/TLS server which listens
4640: for connections on a given port using SSL/TLS.
4641: .Pp
1.67 jmc 4642: If a connection request is established with a client and neither the
4643: .Fl www
4644: nor the
4645: .Fl WWW
4646: option has been used, then any data received
4647: from the client is displayed and any key presses are sent to the client.
4648: Certain single letter commands perform special operations:
4649: .Pp
4650: .Bl -tag -width "XXXX" -compact
4651: .It Ic P
4652: Send plain text, which should cause the client to disconnect.
4653: .It Ic Q
4654: End the current SSL connection and exit.
4655: .It Ic q
4656: End the current SSL connection, but still accept new connections.
4657: .It Ic R
4658: Renegotiate the SSL session and request a client certificate.
4659: .It Ic r
4660: Renegotiate the SSL session.
4661: .It Ic S
4662: Print out some session cache status information.
4663: .El
4664: .Pp
1.1 jsing 4665: The options are as follows:
4666: .Bl -tag -width Ds
1.113 inoguchi 4667: .It Fl accept Ar port
1.67 jmc 4668: Listen on TCP
1.1 jsing 4669: .Ar port
1.67 jmc 4670: for connections.
4671: The default is port 4433.
1.111 inoguchi 4672: .It Fl alpn Ar protocols
4673: Enable the Application-Layer Protocol Negotiation.
4674: .Ar protocols
4675: is a comma-separated list of supported protocol names.
1.1 jsing 4676: .It Fl bugs
1.67 jmc 4677: Enable various workarounds for buggy implementations.
1.1 jsing 4678: .It Fl CAfile Ar file
1.67 jmc 4679: A
4680: .Ar file
4681: containing trusted certificates to use during client authentication
1.1 jsing 4682: and to use when attempting to build the server certificate chain.
4683: The list is also used in the list of acceptable client CAs passed to the
4684: client when a certificate is requested.
4685: .It Fl CApath Ar directory
4686: The
4687: .Ar directory
4688: to use for client certificate verification.
4689: This directory must be in
4690: .Qq hash format ;
4691: see
4692: .Fl verify
4693: for more information.
4694: These are also used when building the server certificate chain.
4695: .It Fl cert Ar file
1.67 jmc 4696: The certificate to use: most server's cipher suites require the use of a
4697: certificate and some require a certificate with a certain public key type.
4698: For example, the DSS cipher suites require a certificate containing a DSS
4699: (DSA) key.
1.1 jsing 4700: If not specified, the file
4701: .Pa server.pem
4702: will be used.
1.111 inoguchi 4703: .It Fl cert2 Ar file
4704: The certificate to use for servername.
4705: .It Fl certform Cm der | pem
4706: The certificate format.
4707: The default is
4708: .Cm pem .
1.1 jsing 4709: .It Fl cipher Ar cipherlist
1.67 jmc 4710: Modify the cipher list used by the server.
1.1 jsing 4711: This allows the cipher list used by the server to be modified.
4712: When the client sends a list of supported ciphers, the first client cipher
4713: also included in the server list is used.
4714: Because the client specifies the preference order, the order of the server
4715: cipherlist is irrelevant.
4716: See the
1.67 jmc 4717: .Nm ciphers
4718: command for more information.
1.1 jsing 4719: .It Fl context Ar id
1.67 jmc 4720: Set the SSL context ID.
1.1 jsing 4721: It can be given any string value.
4722: .It Fl crl_check , crl_check_all
4723: Check the peer certificate has not been revoked by its CA.
4724: The CRLs are appended to the certificate file.
4725: .Fl crl_check_all
1.67 jmc 4726: checks all CRLs of all CAs in the chain.
1.1 jsing 4727: .It Fl crlf
1.67 jmc 4728: Translate a line feed from the terminal into CR+LF.
1.1 jsing 4729: .It Fl dcert Ar file , Fl dkey Ar file
4730: Specify an additional certificate and private key; these behave in the
4731: same manner as the
4732: .Fl cert
4733: and
4734: .Fl key
4735: options except there is no default if they are not specified
1.67 jmc 4736: (no additional certificate or key is used).
1.1 jsing 4737: By using RSA and DSS certificates and keys,
4738: a server can support clients which only support RSA or DSS cipher suites
4739: by using an appropriate certificate.
1.111 inoguchi 4740: .It Fl dcertform Cm der | pem , Fl dkeyform Cm der | pem , Fl dpass Ar arg
4741: Additional certificate and private key format, and private key password source,
4742: respectively.
1.1 jsing 4743: .It Fl debug
1.67 jmc 4744: Print extensive debugging information, including a hex dump of all traffic.
1.1 jsing 4745: .It Fl dhparam Ar file
4746: The DH parameter file to use.
4747: The ephemeral DH cipher suites generate keys
4748: using a set of DH parameters.
4749: If not specified, an attempt is made to
4750: load the parameters from the server certificate file.
4751: If this fails, a static set of parameters hard coded into the
4752: .Nm s_server
4753: program will be used.
1.111 inoguchi 4754: .It Fl dtls1
4755: Permit only DTLS1.0.
1.121 schwarze 4756: .It Fl groups Ar list
4757: Set the supported elliptic curve groups to the colon separated
4758: .Ar list
4759: of group NIDs or names as documented in
4760: .Xr SSL_CTX_set1_groups_list 3 .
1.1 jsing 4761: .It Fl HTTP
1.67 jmc 4762: Emulate a simple web server.
4763: Pages are resolved relative to the current directory.
4764: For example if the URL
1.1 jsing 4765: .Pa https://myhost/page.html
4766: is requested, the file
4767: .Pa ./page.html
4768: will be loaded.
4769: The files loaded are assumed to contain a complete and correct HTTP
4770: response (lines that are part of the HTTP response line and headers
4771: must end with CRLF).
4772: .It Fl id_prefix Ar arg
4773: Generate SSL/TLS session IDs prefixed by
4774: .Ar arg .
4775: This is mostly useful for testing any SSL/TLS code
1.81 jmc 4776: that wish to deal with multiple servers,
4777: when each of which might be generating a unique range of session IDs.
1.1 jsing 4778: .It Fl key Ar keyfile
4779: The private key to use.
4780: If not specified, the certificate file will be used.
1.111 inoguchi 4781: .It Fl key2 Ar keyfile
4782: The private key to use for servername.
4783: .It Fl keyform Cm der | pem
4784: The private key format.
4785: The default is
4786: .Cm pem .
4787: .It Fl keymatexport Ar label
4788: Export keying material using label.
4789: .It Fl keymatexportlen Ar len
4790: Export len bytes of keying material (default 20).
1.1 jsing 4791: .It Fl msg
4792: Show all protocol messages with hex dump.
1.111 inoguchi 4793: .It Fl mtu Ar mtu
4794: Set the link layer MTU.
4795: .It Fl named_curve Ar arg
4796: Specify the elliptic curve name to use for ephemeral ECDH keys.
1.121 schwarze 4797: This option is deprecated; use
4798: .Fl groups
4799: instead.
1.1 jsing 4800: .It Fl nbio
1.67 jmc 4801: Turn on non-blocking I/O.
1.1 jsing 4802: .It Fl nbio_test
1.67 jmc 4803: Test non-blocking I/O.
1.111 inoguchi 4804: .It Fl no_cache
4805: Disable session caching.
1.1 jsing 4806: .It Fl no_dhe
1.67 jmc 4807: Disable ephemeral DH cipher suites.
1.111 inoguchi 4808: .It Fl no_ecdhe
4809: Disable ephemeral ECDH cipher suites.
4810: .It Fl no_ticket
4811: Disable RFC 4507 session ticket support.
1.122 inoguchi 4812: .It Fl no_tls1 | no_tls1_1 | no_tls1_2 | no_tls1_3
4813: Disable the use of TLS1.0, 1.1, 1.2, and 1.3, respectively.
1.1 jsing 4814: .It Fl no_tmp_rsa
1.67 jmc 4815: Disable temporary RSA key generation.
1.1 jsing 4816: .It Fl nocert
1.67 jmc 4817: Do not use a certificate.
1.1 jsing 4818: This restricts the cipher suites available to the anonymous ones
1.67 jmc 4819: (currently just anonymous DH).
1.111 inoguchi 4820: .It Fl pass Ar arg
4821: The private key password source.
1.1 jsing 4822: .It Fl quiet
4823: Inhibit printing of session and certificate information.
1.111 inoguchi 4824: .It Fl servername Ar name
4825: Set the TLS Server Name Indication (SNI) extension with
4826: .Ar name .
4827: .It Fl servername_fatal
4828: Send fatal alert if servername does not match.
4829: The default is warning alert.
1.1 jsing 4830: .It Fl serverpref
4831: Use server's cipher preferences.
4832: .It Fl state
1.67 jmc 4833: Print the SSL session states.
1.111 inoguchi 4834: .It Fl status
4835: Enables certificate status request support (OCSP stapling).
4836: .It Fl status_timeout Ar nsec
4837: Sets the timeout for OCSP response in seconds.
4838: .It Fl status_url Ar url
4839: Sets a fallback responder URL to use if no responder URL is present in the
4840: server certificate.
4841: Without this option, an error is returned if the server certificate does not
4842: contain a responder address.
4843: .It Fl status_verbose
4844: Enables certificate status request support (OCSP stapling) and gives a verbose
4845: printout of the OCSP response.
4846: .It Fl timeout
4847: Enable send/receive timeout on DTLS connections.
1.122 inoguchi 4848: .It Fl tls1 | tls1_1 | tls1_2 | tls1_3
4849: Permit only TLS1.0, 1.1, 1.2, or 1.3, respectively.
1.111 inoguchi 4850: .It Fl tlsextdebug
4851: Print a hex dump of any TLS extensions received from the server.
4852: .It Fl use_srtp Ar profiles
4853: Offer SRTP key management with a colon-separated profile list.
4854: .It Fl verify_return_error
4855: Return verification error.
1.1 jsing 4856: .It Fl WWW
1.67 jmc 4857: Emulate a simple web server.
4858: Pages are resolved relative to the current directory.
4859: For example if the URL
1.1 jsing 4860: .Pa https://myhost/page.html
4861: is requested, the file
4862: .Pa ./page.html
4863: will be loaded.
4864: .It Fl www
1.67 jmc 4865: Send a status message to the client when it connects,
4866: including information about the ciphers used and various session parameters.
1.1 jsing 4867: The output is in HTML format so this option will normally be used with a
4868: web browser.
4869: .It Fl Verify Ar depth , Fl verify Ar depth
1.67 jmc 4870: Request a certificate chain from the client,
4871: with a maximum length of
4872: .Ar depth .
4873: With
4874: .Fl Verify ,
4875: the client must supply a certificate or an error occurs;
4876: with
4877: .Fl verify ,
4878: a certificate is requested but the client does not have to send one.
1.1 jsing 4879: .El
1.120 kn 4880: .Tg s_time
1.1 jsing 4881: .Sh S_TIME
1.114 jmc 4882: .Bl -hang -width "openssl s_time"
4883: .It Nm openssl s_time
4884: .Bk -words
1.1 jsing 4885: .Op Fl bugs
4886: .Op Fl CAfile Ar file
4887: .Op Fl CApath Ar directory
4888: .Op Fl cert Ar file
4889: .Op Fl cipher Ar cipherlist
1.68 jmc 4890: .Op Fl connect Ar host Ns Op : Ns Ar port
1.1 jsing 4891: .Op Fl key Ar keyfile
4892: .Op Fl nbio
4893: .Op Fl new
1.20 lteo 4894: .Op Fl no_shutdown
1.1 jsing 4895: .Op Fl reuse
4896: .Op Fl time Ar seconds
4897: .Op Fl verify Ar depth
4898: .Op Fl www Ar page
1.114 jmc 4899: .Ek
4900: .El
1.1 jsing 4901: .Pp
4902: The
1.68 jmc 4903: .Nm s_time
1.1 jsing 4904: command implements a generic SSL/TLS client which connects to a
4905: remote host using SSL/TLS.
4906: It can request a page from the server and includes
4907: the time to transfer the payload data in its timing measurements.
4908: It measures the number of connections within a given timeframe,
4909: the amount of data transferred
4910: .Pq if any ,
4911: and calculates the average time spent for one connection.
4912: .Pp
4913: The options are as follows:
4914: .Bl -tag -width Ds
4915: .It Fl bugs
1.68 jmc 4916: Enable various workarounds for buggy implementations.
1.1 jsing 4917: .It Fl CAfile Ar file
1.68 jmc 4918: A
4919: .Ar file
4920: containing trusted certificates to use during server authentication
1.1 jsing 4921: and to use when attempting to build the client certificate chain.
4922: .It Fl CApath Ar directory
4923: The directory to use for server certificate verification.
4924: This directory must be in
4925: .Qq hash format ;
4926: see
4927: .Nm verify
4928: for more information.
4929: These are also used when building the client certificate chain.
4930: .It Fl cert Ar file
4931: The certificate to use, if one is requested by the server.
4932: The default is not to use a certificate.
4933: .It Fl cipher Ar cipherlist
1.68 jmc 4934: Modify the cipher list sent by the client.
1.1 jsing 4935: Although the server determines which cipher suite is used,
4936: it should take the first supported cipher in the list sent by the client.
4937: See the
4938: .Nm ciphers
4939: command for more information.
1.68 jmc 4940: .It Fl connect Ar host Ns Op : Ns Ar port
4941: The host and port to connect to.
1.1 jsing 4942: .It Fl key Ar keyfile
4943: The private key to use.
4944: If not specified, the certificate file will be used.
4945: .It Fl nbio
1.68 jmc 4946: Turn on non-blocking I/O.
1.1 jsing 4947: .It Fl new
1.68 jmc 4948: Perform the timing test using a new session ID for each connection.
1.1 jsing 4949: If neither
4950: .Fl new
4951: nor
4952: .Fl reuse
4953: are specified,
4954: they are both on by default and executed in sequence.
1.20 lteo 4955: .It Fl no_shutdown
1.21 jmc 4956: Shut down the connection without sending a
1.68 jmc 4957: .Qq close notify
1.20 lteo 4958: shutdown alert to the server.
1.1 jsing 4959: .It Fl reuse
1.68 jmc 4960: Perform the timing test using the same session ID for each connection.
1.1 jsing 4961: If neither
4962: .Fl new
4963: nor
4964: .Fl reuse
4965: are specified,
4966: they are both on by default and executed in sequence.
4967: .It Fl time Ar seconds
1.68 jmc 4968: Limit
1.1 jsing 4969: .Nm s_time
1.68 jmc 4970: benchmarks to the number of
4971: .Ar seconds .
1.1 jsing 4972: The default is 30 seconds.
4973: .It Fl verify Ar depth
1.68 jmc 4974: Turn on server certificate verification,
4975: with a maximum length of
4976: .Ar depth .
1.1 jsing 4977: Currently the verify operation continues after errors, so all the problems
4978: with a certificate chain can be seen.
4979: As a side effect,
4980: the connection will never fail due to a server certificate verify failure.
4981: .It Fl www Ar page
1.68 jmc 4982: The page to GET from the server.
1.1 jsing 4983: A value of
4984: .Sq /
4985: gets the index.htm[l] page.
4986: If this parameter is not specified,
4987: .Nm s_time
4988: will only perform the handshake to establish SSL connections
4989: but not transfer any payload data.
4990: .El
1.120 kn 4991: .Tg sess_id
1.1 jsing 4992: .Sh SESS_ID
1.114 jmc 4993: .Bl -hang -width "openssl sess_id"
4994: .It Nm openssl sess_id
4995: .Bk -words
1.1 jsing 4996: .Op Fl cert
4997: .Op Fl context Ar ID
4998: .Op Fl in Ar file
1.69 jmc 4999: .Op Fl inform Cm der | pem
1.1 jsing 5000: .Op Fl noout
5001: .Op Fl out Ar file
1.69 jmc 5002: .Op Fl outform Cm der | pem
1.1 jsing 5003: .Op Fl text
1.114 jmc 5004: .Ek
5005: .El
1.1 jsing 5006: .Pp
5007: The
5008: .Nm sess_id
5009: program processes the encoded version of the SSL session structure and
5010: optionally prints out SSL session details
1.69 jmc 5011: (for example the SSL session master key)
1.72 jmc 5012: in human-readable format.
1.1 jsing 5013: .Pp
5014: The options are as follows:
5015: .Bl -tag -width Ds
5016: .It Fl cert
5017: If a certificate is present in the session,
5018: it will be output using this option;
5019: if the
5020: .Fl text
5021: option is also present, then it will be printed out in text form.
5022: .It Fl context Ar ID
1.69 jmc 5023: Set the session
1.1 jsing 5024: .Ar ID .
1.69 jmc 5025: The ID can be any string of characters.
1.1 jsing 5026: .It Fl in Ar file
1.69 jmc 5027: The input file to read from,
5028: or standard input if not specified.
5029: .It Fl inform Cm der | pem
5030: The input format.
5031: .Cm der
1.84 jmc 5032: uses an ASN.1 DER-encoded format containing session details.
1.1 jsing 5033: The precise format can vary from one version to the next.
1.69 jmc 5034: .Cm pem
5035: is the default format: it consists of the DER
1.1 jsing 5036: format base64-encoded with additional header and footer lines.
5037: .It Fl noout
1.69 jmc 5038: Do not output the encoded version of the session.
1.1 jsing 5039: .It Fl out Ar file
1.69 jmc 5040: The output file to write to,
5041: or standard output if not specified.
5042: .It Fl outform Cm der | pem
5043: The output format.
1.1 jsing 5044: .It Fl text
1.69 jmc 5045: Print the various public or private key components in plain text,
5046: in addition to the encoded version.
1.1 jsing 5047: .El
5048: .Pp
1.69 jmc 5049: The output of
5050: .Nm sess_id
5051: is composed as follows:
1.1 jsing 5052: .Pp
1.69 jmc 5053: .Bl -tag -width "Verify return code " -offset 3n -compact
5054: .It Protocol
5055: The protocol in use.
5056: .It Cipher
5057: The actual raw SSL or TLS cipher code.
5058: .It Session-ID
5059: The SSL session ID, in hex format.
5060: .It Session-ID-ctx
5061: The session ID context, in hex format.
5062: .It Master-Key
5063: The SSL session master key.
5064: .It Key-Arg
1.1 jsing 5065: The key argument; this is only used in SSL v2.
1.69 jmc 5066: .It Start Time
5067: The session start time.
1.1 jsing 5068: .Ux
5069: format.
1.69 jmc 5070: .It Timeout
5071: The timeout, in seconds.
5072: .It Verify return code
5073: The return code when a certificate is verified.
1.1 jsing 5074: .El
5075: .Pp
5076: Since the SSL session output contains the master key, it is possible to read
5077: the contents of an encrypted session using this information.
5078: Therefore appropriate security precautions
5079: should be taken if the information is being output by a
5080: .Qq real
5081: application.
5082: This is, however, strongly discouraged and should only be used for
5083: debugging purposes.
1.120 kn 5084: .Tg smime
1.1 jsing 5085: .Sh SMIME
1.114 jmc 5086: .Bl -hang -width "openssl smime"
5087: .It Nm openssl smime
5088: .Bk -words
1.1 jsing 5089: .Oo
5090: .Fl aes128 | aes192 | aes256 | des |
5091: .Fl des3 | rc2-40 | rc2-64 | rc2-128
5092: .Oc
5093: .Op Fl binary
5094: .Op Fl CAfile Ar file
5095: .Op Fl CApath Ar directory
5096: .Op Fl certfile Ar file
5097: .Op Fl check_ss_sig
5098: .Op Fl content Ar file
5099: .Op Fl crl_check
5100: .Op Fl crl_check_all
5101: .Op Fl decrypt
5102: .Op Fl encrypt
5103: .Op Fl extended_crl
5104: .Op Fl from Ar addr
5105: .Op Fl ignore_critical
5106: .Op Fl in Ar file
5107: .Op Fl indef
1.70 jmc 5108: .Op Fl inform Cm der | pem | smime
1.1 jsing 5109: .Op Fl inkey Ar file
5110: .Op Fl issuer_checks
1.112 inoguchi 5111: .Op Fl keyform Cm der | pem
1.1 jsing 5112: .Op Fl md Ar digest
5113: .Op Fl noattr
5114: .Op Fl nocerts
5115: .Op Fl nochain
5116: .Op Fl nodetach
5117: .Op Fl noindef
5118: .Op Fl nointern
5119: .Op Fl nosigs
1.108 inoguchi 5120: .Op Fl nosmimecap
1.1 jsing 5121: .Op Fl noverify
5122: .Op Fl out Ar file
1.70 jmc 5123: .Op Fl outform Cm der | pem | smime
1.1 jsing 5124: .Op Fl passin Ar arg
5125: .Op Fl pk7out
5126: .Op Fl policy_check
5127: .Op Fl recip Ar file
5128: .Op Fl resign
5129: .Op Fl sign
5130: .Op Fl signer Ar file
5131: .Op Fl stream
5132: .Op Fl subject Ar s
5133: .Op Fl text
5134: .Op Fl to Ar addr
5135: .Op Fl verify
5136: .Op Fl x509_strict
5137: .Op Ar cert.pem ...
1.114 jmc 5138: .Ek
5139: .El
1.1 jsing 5140: .Pp
5141: The
5142: .Nm smime
1.70 jmc 5143: command handles S/MIME mail.
5144: It can encrypt, decrypt, sign, and verify S/MIME messages.
5145: .Pp
5146: The MIME message must be sent without any blank lines between the
5147: headers and the output.
5148: Some mail programs will automatically add a blank line.
5149: Piping the mail directly to an MTA is one way to
5150: achieve the correct format.
5151: .Pp
5152: The supplied message to be signed or encrypted must include the necessary
5153: MIME headers or many S/MIME clients won't display it properly (if at all).
5154: Use the
5155: .Fl text
5156: option to automatically add plain text headers.
1.1 jsing 5157: .Pp
1.70 jmc 5158: A
5159: .Qq signed and encrypted
5160: message is one where a signed message is then encrypted.
5161: This can be produced by encrypting an already signed message.
1.1 jsing 5162: .Pp
1.70 jmc 5163: There are a number of operations that can be performed, as follows:
1.1 jsing 5164: .Bl -tag -width "XXXX"
5165: .It Fl decrypt
5166: Decrypt mail using the supplied certificate and private key.
1.70 jmc 5167: The input file is an encrypted mail message in MIME format.
1.1 jsing 5168: The decrypted mail is written to the output file.
5169: .It Fl encrypt
5170: Encrypt mail for the given recipient certificates.
1.70 jmc 5171: The input is the message to be encrypted.
5172: The output file is the encrypted mail, in MIME format.
1.1 jsing 5173: .It Fl pk7out
1.70 jmc 5174: Take an input message and write out a PEM-encoded PKCS#7 structure.
1.1 jsing 5175: .It Fl resign
5176: Resign a message: take an existing message and one or more new signers.
5177: .It Fl sign
5178: Sign mail using the supplied certificate and private key.
1.70 jmc 5179: The input file is the message to be signed.
5180: The signed message, in MIME format, is written to the output file.
1.1 jsing 5181: .It Fl verify
5182: Verify signed mail.
1.70 jmc 5183: The input is a signed mail message and the output is the signed data.
1.1 jsing 5184: Both clear text and opaque signing is supported.
5185: .El
5186: .Pp
1.14 jmc 5187: The remaining options are as follows:
1.1 jsing 5188: .Bl -tag -width "XXXX"
5189: .It Xo
5190: .Fl aes128 | aes192 | aes256 | des |
5191: .Fl des3 | rc2-40 | rc2-64 | rc2-128
5192: .Xc
5193: The encryption algorithm to use.
1.70 jmc 5194: 128-, 192-, or 256-bit AES, DES (56 bits), triple DES (168 bits),
1.1 jsing 5195: or 40-, 64-, or 128-bit RC2, respectively;
5196: if not specified, 40-bit RC2 is
5197: used.
5198: Only used with
5199: .Fl encrypt .
5200: .It Fl binary
5201: Normally, the input message is converted to
5202: .Qq canonical
1.70 jmc 5203: format which uses CR/LF as end of line,
5204: as required by the S/MIME specification.
1.127 ! jmc 5205: When this option is present, no translation occurs.
1.70 jmc 5206: This is useful when handling binary data which may not be in MIME format.
1.1 jsing 5207: .It Fl CAfile Ar file
5208: A
5209: .Ar file
5210: containing trusted CA certificates; only used with
5211: .Fl verify .
5212: .It Fl CApath Ar directory
5213: A
5214: .Ar directory
5215: containing trusted CA certificates; only used with
5216: .Fl verify .
5217: This directory must be a standard certificate directory:
5218: that is, a hash of each subject name (using
5219: .Nm x509 -hash )
5220: should be linked to each certificate.
5221: .It Ar cert.pem ...
5222: One or more certificates of message recipients: used when encrypting
5223: a message.
5224: .It Fl certfile Ar file
5225: Allows additional certificates to be specified.
5226: When signing, these will be included with the message.
5227: When verifying, these will be searched for the signers' certificates.
5228: The certificates should be in PEM format.
5229: .It Xo
5230: .Fl check_ss_sig ,
5231: .Fl crl_check ,
5232: .Fl crl_check_all ,
5233: .Fl extended_crl ,
5234: .Fl ignore_critical ,
5235: .Fl issuer_checks ,
5236: .Fl policy_check ,
5237: .Fl x509_strict
5238: .Xc
5239: Set various certificate chain validation options.
5240: See the
1.70 jmc 5241: .Nm verify
1.1 jsing 5242: command for details.
5243: .It Fl content Ar file
1.70 jmc 5244: A file containing the detached content.
1.1 jsing 5245: This is only useful with the
5246: .Fl verify
1.70 jmc 5247: option,
5248: and only usable if the PKCS#7 structure is using the detached
1.1 jsing 5249: signature form where the content is not included.
1.70 jmc 5250: This option will override any content if the input format is S/MIME
5251: and it uses the multipart/signed MIME content type.
1.1 jsing 5252: .It Xo
5253: .Fl from Ar addr ,
5254: .Fl subject Ar s ,
5255: .Fl to Ar addr
5256: .Xc
5257: The relevant mail headers.
5258: These are included outside the signed
5259: portion of a message so they may be included manually.
1.70 jmc 5260: When signing, many S/MIME
1.1 jsing 5261: mail clients check that the signer's certificate email
5262: address matches the From: address.
5263: .It Fl in Ar file
1.70 jmc 5264: The input file to read from.
1.1 jsing 5265: .It Fl indef
5266: Enable streaming I/O for encoding operations.
5267: This permits single pass processing of data without
5268: the need to hold the entire contents in memory,
5269: potentially supporting very large files.
5270: Streaming is automatically set for S/MIME signing with detached
5271: data if the output format is SMIME;
5272: it is currently off by default for all other operations.
1.70 jmc 5273: .It Fl inform Cm der | pem | smime
5274: The input format.
1.1 jsing 5275: .It Fl inkey Ar file
1.70 jmc 5276: The private key to use when signing or decrypting,
5277: which must match the corresponding certificate.
1.1 jsing 5278: If this option is not specified, the private key must be included
5279: in the certificate file specified with
5280: the
5281: .Fl recip
5282: or
5283: .Fl signer
5284: file.
5285: When signing,
5286: this option can be used multiple times to specify successive keys.
1.112 inoguchi 5287: .It Fl keyform Cm der | pem
1.1 jsing 5288: Input private key format.
1.112 inoguchi 5289: The default is
5290: .Cm pem .
1.1 jsing 5291: .It Fl md Ar digest
5292: The digest algorithm to use when signing or resigning.
5293: If not present then the default digest algorithm for the signing key is used
5294: (usually SHA1).
5295: .It Fl noattr
1.70 jmc 5296: Do not include attributes.
1.1 jsing 5297: .It Fl nocerts
1.70 jmc 5298: Do not include the signer's certificate.
1.1 jsing 5299: This will reduce the size of the signed message but the verifier must
5300: have a copy of the signer's certificate available locally (passed using the
5301: .Fl certfile
5302: option, for example).
5303: .It Fl nochain
5304: Do not do chain verification of signers' certificates: that is,
5305: don't use the certificates in the signed message as untrusted CAs.
5306: .It Fl nodetach
5307: When signing a message use opaque signing: this form is more resistant
5308: to translation by mail relays but it cannot be read by mail agents that
1.70 jmc 5309: do not support S/MIME.
5310: Without this option cleartext signing with the MIME type
5311: multipart/signed is used.
1.1 jsing 5312: .It Fl noindef
1.70 jmc 5313: Disable streaming I/O where it would produce an encoding of indefinite length
5314: (currently has no effect).
1.1 jsing 5315: .It Fl nointern
1.70 jmc 5316: Only use certificates specified in the
5317: .Fl certfile .
5318: The supplied certificates can still be used as untrusted CAs.
1.1 jsing 5319: .It Fl nosigs
1.70 jmc 5320: Do not try to verify the signatures on the message.
1.108 inoguchi 5321: .It Fl nosmimecap
5322: Exclude the list of supported algorithms from signed attributes,
5323: other options such as signing time and content type are still included.
1.1 jsing 5324: .It Fl noverify
5325: Do not verify the signer's certificate of a signed message.
5326: .It Fl out Ar file
1.70 jmc 5327: The output file to write to.
5328: .It Fl outform Cm der | pem | smime
5329: The output format.
5330: The default is smime, which writes an S/MIME format message.
5331: .Cm pem
1.1 jsing 5332: and
1.70 jmc 5333: .Cm der
5334: change this to write PEM and DER format PKCS#7 structures instead.
1.1 jsing 5335: This currently only affects the output format of the PKCS#7
5336: structure; if no PKCS#7 structure is being output (for example with
5337: .Fl verify
5338: or
5339: .Fl decrypt )
5340: this option has no effect.
5341: .It Fl passin Ar arg
5342: The key password source.
5343: .It Fl recip Ar file
5344: The recipients certificate when decrypting a message.
5345: This certificate
5346: must match one of the recipients of the message or an error occurs.
5347: .It Fl signer Ar file
5348: A signing certificate when signing or resigning a message;
5349: this option can be used multiple times if more than one signer is required.
5350: If a message is being verified, the signer's certificates will be
5351: written to this file if the verification was successful.
5352: .It Fl stream
5353: The same as
5354: .Fl indef .
5355: .It Fl text
1.70 jmc 5356: Add plain text (text/plain) MIME
1.1 jsing 5357: headers to the supplied message if encrypting or signing.
5358: If decrypting or verifying, it strips off text headers:
1.70 jmc 5359: if the decrypted or verified message is not of MIME type text/plain
5360: then an error occurs.
1.1 jsing 5361: .El
5362: .Pp
1.70 jmc 5363: The exit codes for
5364: .Nm smime
5365: are as follows:
1.1 jsing 5366: .Pp
1.70 jmc 5367: .Bl -tag -width "XXXX" -offset 3n -compact
5368: .It 0
1.1 jsing 5369: The operation was completely successful.
1.70 jmc 5370: .It 1
1.1 jsing 5371: An error occurred parsing the command options.
1.70 jmc 5372: .It 2
1.1 jsing 5373: One of the input files could not be read.
1.70 jmc 5374: .It 3
5375: An error occurred creating the file or when reading the message.
5376: .It 4
1.1 jsing 5377: An error occurred decrypting or verifying the message.
1.70 jmc 5378: .It 5
5379: An error occurred writing certificates.
1.1 jsing 5380: .El
1.120 kn 5381: .Tg speed
1.1 jsing 5382: .Sh SPEED
1.114 jmc 5383: .Bl -hang -width "openssl speed"
5384: .It Nm openssl speed
5385: .Bk -words
1.71 jmc 5386: .Op Ar algorithm
1.1 jsing 5387: .Op Fl decrypt
5388: .Op Fl elapsed
1.71 jmc 5389: .Op Fl evp Ar algorithm
1.1 jsing 5390: .Op Fl mr
5391: .Op Fl multi Ar number
1.114 jmc 5392: .Ek
5393: .El
1.1 jsing 5394: .Pp
5395: The
5396: .Nm speed
5397: command is used to test the performance of cryptographic algorithms.
5398: .Bl -tag -width "XXXX"
1.71 jmc 5399: .It Ar algorithm
5400: Perform the test using
5401: .Ar algorithm .
5402: The default is to test all algorithms.
1.1 jsing 5403: .It Fl decrypt
1.71 jmc 5404: Time decryption instead of encryption;
5405: must be used with
5406: .Fl evp .
1.1 jsing 5407: .It Fl elapsed
5408: Measure time in real time instead of CPU user time.
1.71 jmc 5409: .It Fl evp Ar algorithm
5410: Perform the test using one of the algorithms accepted by
5411: .Xr EVP_get_cipherbyname 3 .
1.1 jsing 5412: .It Fl mr
5413: Produce machine readable output.
5414: .It Fl multi Ar number
5415: Run
5416: .Ar number
5417: benchmarks in parallel.
5418: .El
1.120 kn 5419: .Tg spkac
1.77 jmc 5420: .Sh SPKAC
1.114 jmc 5421: .Bl -hang -width "openssl spkac"
5422: .It Nm openssl spkac
5423: .Bk -words
1.77 jmc 5424: .Op Fl challenge Ar string
5425: .Op Fl in Ar file
5426: .Op Fl key Ar keyfile
5427: .Op Fl noout
5428: .Op Fl out Ar file
5429: .Op Fl passin Ar arg
5430: .Op Fl pubkey
5431: .Op Fl spkac Ar spkacname
5432: .Op Fl spksect Ar section
5433: .Op Fl verify
1.114 jmc 5434: .Ek
5435: .El
1.77 jmc 5436: .Pp
5437: The
5438: .Nm spkac
5439: command processes signed public key and challenge (SPKAC) files.
5440: It can print out their contents, verify the signature,
5441: and produce its own SPKACs from a supplied private key.
5442: .Pp
5443: The options are as follows:
5444: .Bl -tag -width Ds
5445: .It Fl challenge Ar string
5446: The challenge string, if an SPKAC is being created.
5447: .It Fl in Ar file
5448: The input file to read from,
5449: or standard input if not specified.
5450: Ignored if the
5451: .Fl key
5452: option is used.
5453: .It Fl key Ar keyfile
5454: Create an SPKAC file using the private key in
5455: .Ar keyfile .
5456: The
5457: .Fl in , noout , spksect ,
5458: and
5459: .Fl verify
5460: options are ignored, if present.
5461: .It Fl noout
5462: Do not output the text version of the SPKAC.
5463: .It Fl out Ar file
5464: The output file to write to,
5465: or standard output if not specified.
5466: .It Fl passin Ar arg
5467: The key password source.
5468: .It Fl pubkey
5469: Output the public key of an SPKAC.
5470: .It Fl spkac Ar spkacname
5471: An alternative name for the variable containing the SPKAC.
5472: The default is "SPKAC".
5473: This option affects both generated and input SPKAC files.
5474: .It Fl spksect Ar section
5475: An alternative name for the
5476: .Ar section
5477: containing the SPKAC.
5478: .It Fl verify
5479: Verify the digital signature on the supplied SPKAC.
5480: .El
1.120 kn 5481: .Tg ts
1.1 jsing 5482: .Sh TS
1.114 jmc 5483: .Bk -words
5484: .Bl -hang -width "openssl ts"
5485: .It Nm openssl ts
1.1 jsing 5486: .Fl query
1.29 bcook 5487: .Op Fl md4 | md5 | ripemd160 | sha1
1.1 jsing 5488: .Op Fl cert
5489: .Op Fl config Ar configfile
5490: .Op Fl data Ar file_to_hash
5491: .Op Fl digest Ar digest_bytes
5492: .Op Fl in Ar request.tsq
5493: .Op Fl no_nonce
5494: .Op Fl out Ar request.tsq
5495: .Op Fl policy Ar object_id
5496: .Op Fl text
1.114 jmc 5497: .It Nm openssl ts
1.1 jsing 5498: .Fl reply
5499: .Op Fl chain Ar certs_file.pem
5500: .Op Fl config Ar configfile
5501: .Op Fl in Ar response.tsr
5502: .Op Fl inkey Ar private.pem
5503: .Op Fl out Ar response.tsr
5504: .Op Fl passin Ar arg
5505: .Op Fl policy Ar object_id
5506: .Op Fl queryfile Ar request.tsq
5507: .Op Fl section Ar tsa_section
5508: .Op Fl signer Ar tsa_cert.pem
5509: .Op Fl text
5510: .Op Fl token_in
5511: .Op Fl token_out
1.114 jmc 5512: .It Nm openssl ts
1.1 jsing 5513: .Fl verify
5514: .Op Fl CAfile Ar trusted_certs.pem
5515: .Op Fl CApath Ar trusted_cert_path
5516: .Op Fl data Ar file_to_hash
5517: .Op Fl digest Ar digest_bytes
5518: .Op Fl in Ar response.tsr
5519: .Op Fl queryfile Ar request.tsq
5520: .Op Fl token_in
5521: .Op Fl untrusted Ar cert_file.pem
1.114 jmc 5522: .El
5523: .Ek
1.1 jsing 5524: .Pp
5525: The
5526: .Nm ts
5527: command is a basic Time Stamping Authority (TSA) client and server
5528: application as specified in RFC 3161 (Time-Stamp Protocol, TSP).
5529: A TSA can be part of a PKI deployment and its role is to provide long
1.72 jmc 5530: term proof of the existence of specific data.
1.1 jsing 5531: Here is a brief description of the protocol:
5532: .Bl -enum
5533: .It
5534: The TSA client computes a one-way hash value for a data file and sends
5535: the hash to the TSA.
5536: .It
5537: The TSA attaches the current date and time to the received hash value,
5538: signs them and sends the time stamp token back to the client.
5539: By creating this token the TSA certifies the existence of the original
5540: data file at the time of response generation.
5541: .It
5542: The TSA client receives the time stamp token and verifies the
5543: signature on it.
5544: It also checks if the token contains the same hash
5545: value that it had sent to the TSA.
5546: .El
5547: .Pp
5548: There is one DER-encoded protocol data unit defined for transporting a time
5549: stamp request to the TSA and one for sending the time stamp response
5550: back to the client.
5551: The
5552: .Nm ts
5553: command has three main functions:
5554: creating a time stamp request based on a data file;
5555: creating a time stamp response based on a request;
5556: and verifying if a response corresponds
5557: to a particular request or a data file.
5558: .Pp
5559: There is no support for sending the requests/responses automatically
5560: over HTTP or TCP yet as suggested in RFC 3161.
5561: Users must send the requests either by FTP or email.
5562: .Pp
5563: The
5564: .Fl query
5565: switch can be used for creating and printing a time stamp
5566: request with the following options:
5567: .Bl -tag -width Ds
5568: .It Fl cert
1.72 jmc 5569: Expect the TSA to include its signing certificate in the response.
1.1 jsing 5570: .It Fl config Ar configfile
1.72 jmc 5571: Specify an alternative configuration file.
5572: Only the OID section is used.
1.1 jsing 5573: .It Fl data Ar file_to_hash
5574: The data file for which the time stamp request needs to be created.
1.72 jmc 5575: The default is standard input.
1.1 jsing 5576: .It Fl digest Ar digest_bytes
1.72 jmc 5577: Specify the message imprint explicitly without the data file.
1.1 jsing 5578: The imprint must be specified in a hexadecimal format,
5579: two characters per byte,
1.72 jmc 5580: the bytes optionally separated by colons.
1.1 jsing 5581: The number of bytes must match the message digest algorithm in use.
5582: .It Fl in Ar request.tsq
1.72 jmc 5583: A previously created time stamp request in DER
1.1 jsing 5584: format that will be printed into the output file.
1.72 jmc 5585: Useful for examining the content of a request in human-readable format.
1.76 jmc 5586: .It Fl md4 | md5 | ripemd160 | sha | sha1
1.1 jsing 5587: The message digest to apply to the data file.
5588: It supports all the message digest algorithms that are supported by the
5589: .Nm dgst
5590: command.
1.125 inoguchi 5591: The default is SHA1.
1.1 jsing 5592: .It Fl no_nonce
1.72 jmc 5593: Specify no nonce in the request.
5594: The default, to include a 64-bit long pseudo-random nonce,
5595: is recommended to protect against replay attacks.
1.1 jsing 5596: .It Fl out Ar request.tsq
1.72 jmc 5597: The output file to write to,
5598: or standard output if not specified.
1.1 jsing 5599: .It Fl policy Ar object_id
5600: The policy that the client expects the TSA to use for creating the
5601: time stamp token.
1.72 jmc 5602: Either dotted OID notation or OID names defined
1.1 jsing 5603: in the config file can be used.
1.127 ! jmc 5604: If no policy is requested, the TSA uses its own default policy.
1.1 jsing 5605: .It Fl text
1.72 jmc 5606: Output in human-readable text format instead of DER.
1.1 jsing 5607: .El
5608: .Pp
5609: A time stamp response (TimeStampResp) consists of a response status
5610: and the time stamp token itself (ContentInfo),
5611: if the token generation was successful.
5612: The
5613: .Fl reply
5614: command is for creating a time stamp
5615: response or time stamp token based on a request and printing the
5616: response/token in human-readable format.
5617: If
5618: .Fl token_out
5619: is not specified the output is always a time stamp response (TimeStampResp),
5620: otherwise it is a time stamp token (ContentInfo).
5621: .Bl -tag -width Ds
5622: .It Fl chain Ar certs_file.pem
1.72 jmc 5623: The collection of PEM certificates
1.1 jsing 5624: that will be included in the response
5625: in addition to the signer certificate if the
5626: .Fl cert
5627: option was used for the request.
5628: This file is supposed to contain the certificate chain
5629: for the signer certificate from its issuer upwards.
5630: The
5631: .Fl reply
5632: command does not build a certificate chain automatically.
5633: .It Fl config Ar configfile
1.72 jmc 5634: Specify an alternative configuration file.
1.1 jsing 5635: .It Fl in Ar response.tsr
1.72 jmc 5636: Specify a previously created time stamp response (or time stamp token, if
1.1 jsing 5637: .Fl token_in
1.72 jmc 5638: is also specified)
1.1 jsing 5639: in DER format that will be written to the output file.
5640: This option does not require a request;
5641: it is useful, for example,
1.72 jmc 5642: to examine the content of a response or token
5643: or to extract the time stamp token from a response.
1.1 jsing 5644: If the input is a token and the output is a time stamp response a default
1.72 jmc 5645: .Qq granted
1.1 jsing 5646: status info is added to the token.
5647: .It Fl inkey Ar private.pem
5648: The signer private key of the TSA in PEM format.
5649: Overrides the
5650: .Cm signer_key
5651: config file option.
5652: .It Fl out Ar response.tsr
5653: The response is written to this file.
5654: The format and content of the file depends on other options (see
5655: .Fl text
5656: and
5657: .Fl token_out ) .
5658: The default is stdout.
5659: .It Fl passin Ar arg
5660: The key password source.
5661: .It Fl policy Ar object_id
1.72 jmc 5662: The default policy to use for the response.
5663: Either dotted OID notation or OID names defined
5664: in the config file can be used.
5665: If no policy is requested the TSA uses its own default policy.
1.1 jsing 5666: .It Fl queryfile Ar request.tsq
1.72 jmc 5667: The file containing a DER-encoded time stamp request.
1.1 jsing 5668: .It Fl section Ar tsa_section
1.72 jmc 5669: The config file section containing the settings for response generation.
1.1 jsing 5670: .It Fl signer Ar tsa_cert.pem
1.72 jmc 5671: The PEM signer certificate of the TSA.
1.1 jsing 5672: The TSA signing certificate must have exactly one extended key usage
5673: assigned to it: timeStamping.
5674: The extended key usage must also be critical,
5675: otherwise the certificate is going to be refused.
5676: Overrides the
5677: .Cm signer_cert
5678: variable of the config file.
5679: .It Fl text
1.72 jmc 5680: Output in human-readable text format instead of DER.
1.1 jsing 5681: .It Fl token_in
1.72 jmc 5682: The input is a DER-encoded time stamp token (ContentInfo)
5683: instead of a time stamp response (TimeStampResp).
1.1 jsing 5684: .It Fl token_out
1.72 jmc 5685: The output is a time stamp token (ContentInfo)
5686: instead of a time stamp response (TimeStampResp).
1.1 jsing 5687: .El
5688: .Pp
5689: The
5690: .Fl verify
5691: command is for verifying if a time stamp response or time stamp token
5692: is valid and matches a particular time stamp request or data file.
5693: The
5694: .Fl verify
5695: command does not use the configuration file.
5696: .Bl -tag -width Ds
5697: .It Fl CAfile Ar trusted_certs.pem
1.72 jmc 5698: The file containing a set of trusted self-signed PEM CA certificates.
5699: See
1.1 jsing 5700: .Nm verify
5701: for additional details.
5702: Either this option or
5703: .Fl CApath
5704: must be specified.
5705: .It Fl CApath Ar trusted_cert_path
1.112 inoguchi 5706: The directory containing the trusted CA certificates of the client.
1.72 jmc 5707: See
1.1 jsing 5708: .Nm verify
5709: for additional details.
5710: Either this option or
5711: .Fl CAfile
5712: must be specified.
5713: .It Fl data Ar file_to_hash
5714: The response or token must be verified against
5715: .Ar file_to_hash .
5716: The file is hashed with the message digest algorithm specified in the token.
5717: The
5718: .Fl digest
5719: and
5720: .Fl queryfile
5721: options must not be specified with this one.
5722: .It Fl digest Ar digest_bytes
5723: The response or token must be verified against the message digest specified
5724: with this option.
5725: The number of bytes must match the message digest algorithm
5726: specified in the token.
5727: The
5728: .Fl data
5729: and
5730: .Fl queryfile
5731: options must not be specified with this one.
5732: .It Fl in Ar response.tsr
5733: The time stamp response that needs to be verified, in DER format.
5734: This option in mandatory.
5735: .It Fl queryfile Ar request.tsq
5736: The original time stamp request, in DER format.
5737: The
5738: .Fl data
5739: and
5740: .Fl digest
5741: options must not be specified with this one.
5742: .It Fl token_in
1.72 jmc 5743: The input is a DER-encoded time stamp token (ContentInfo)
5744: instead of a time stamp response (TimeStampResp).
1.1 jsing 5745: .It Fl untrusted Ar cert_file.pem
1.72 jmc 5746: Additional untrusted PEM certificates which may be needed
5747: when building the certificate chain for the TSA's signing certificate.
1.1 jsing 5748: This file must contain the TSA signing certificate and
5749: all intermediate CA certificates unless the response includes them.
5750: .El
5751: .Pp
1.72 jmc 5752: Options specified on the command line always override
5753: the settings in the config file:
1.1 jsing 5754: .Bl -tag -width Ds
5755: .It Cm tsa Ar section , Cm default_tsa
5756: This is the main section and it specifies the name of another section
5757: that contains all the options for the
5758: .Fl reply
5759: option.
1.72 jmc 5760: This section can be overridden with the
1.1 jsing 5761: .Fl section
5762: command line switch.
5763: .It Cm oid_file
5764: See
5765: .Nm ca
5766: for a description.
5767: .It Cm oid_section
5768: See
5769: .Nm ca
5770: for a description.
5771: .It Cm serial
1.72 jmc 5772: The file containing the hexadecimal serial number of the
1.1 jsing 5773: last time stamp response created.
5774: This number is incremented by 1 for each response.
1.72 jmc 5775: If the file does not exist at the time of response generation
5776: a new file is created with serial number 1.
1.1 jsing 5777: This parameter is mandatory.
5778: .It Cm signer_cert
5779: TSA signing certificate, in PEM format.
5780: The same as the
5781: .Fl signer
5782: command line option.
5783: .It Cm certs
1.72 jmc 5784: A set of PEM-encoded certificates that need to be
1.1 jsing 5785: included in the response.
5786: The same as the
5787: .Fl chain
5788: command line option.
5789: .It Cm signer_key
5790: The private key of the TSA, in PEM format.
5791: The same as the
5792: .Fl inkey
5793: command line option.
5794: .It Cm default_policy
5795: The default policy to use when the request does not mandate any policy.
5796: The same as the
5797: .Fl policy
5798: command line option.
5799: .It Cm other_policies
5800: Comma separated list of policies that are also acceptable by the TSA
5801: and used only if the request explicitly specifies one of them.
5802: .It Cm digests
5803: The list of message digest algorithms that the TSA accepts.
5804: At least one algorithm must be specified.
5805: This parameter is mandatory.
5806: .It Cm accuracy
5807: The accuracy of the time source of the TSA in seconds, milliseconds
5808: and microseconds.
5809: For example, secs:1, millisecs:500, microsecs:100.
5810: If any of the components is missing,
5811: zero is assumed for that field.
5812: .It Cm clock_precision_digits
1.72 jmc 5813: The maximum number of digits, which represent the fraction of seconds,
5814: that need to be included in the time field.
1.1 jsing 5815: The trailing zeroes must be removed from the time,
1.72 jmc 5816: so there might actually be fewer digits
1.1 jsing 5817: or no fraction of seconds at all.
5818: The maximum value is 6;
5819: the default is 0.
5820: .It Cm ordering
5821: If this option is yes,
5822: the responses generated by this TSA can always be ordered,
5823: even if the time difference between two responses is less
5824: than the sum of their accuracies.
5825: The default is no.
5826: .It Cm tsa_name
5827: Set this option to yes if the subject name of the TSA must be included in
5828: the TSA name field of the response.
5829: The default is no.
5830: .It Cm ess_cert_id_chain
5831: The SignedData objects created by the TSA always contain the
5832: certificate identifier of the signing certificate in a signed
5833: attribute (see RFC 2634, Enhanced Security Services).
5834: If this option is set to yes and either the
5835: .Cm certs
5836: variable or the
5837: .Fl chain
5838: option is specified then the certificate identifiers of the chain will also
5839: be included in the SigningCertificate signed attribute.
5840: If this variable is set to no,
5841: only the signing certificate identifier is included.
5842: The default is no.
5843: .El
1.120 kn 5844: .Tg verify
1.1 jsing 5845: .Sh VERIFY
1.114 jmc 5846: .Bl -hang -width "openssl verify"
5847: .It Nm openssl verify
5848: .Bk -words
1.1 jsing 5849: .Op Fl CAfile Ar file
5850: .Op Fl CApath Ar directory
5851: .Op Fl check_ss_sig
1.107 inoguchi 5852: .Op Fl CRLfile Ar file
1.1 jsing 5853: .Op Fl crl_check
5854: .Op Fl crl_check_all
5855: .Op Fl explicit_policy
5856: .Op Fl extended_crl
5857: .Op Fl help
5858: .Op Fl ignore_critical
5859: .Op Fl inhibit_any
5860: .Op Fl inhibit_map
5861: .Op Fl issuer_checks
1.126 tb 5862: .Op Fl legacy_verify
1.1 jsing 5863: .Op Fl policy_check
5864: .Op Fl purpose Ar purpose
1.107 inoguchi 5865: .Op Fl trusted Ar file
1.1 jsing 5866: .Op Fl untrusted Ar file
5867: .Op Fl verbose
5868: .Op Fl x509_strict
5869: .Op Ar certificates
1.114 jmc 5870: .Ek
5871: .El
1.1 jsing 5872: .Pp
5873: The
5874: .Nm verify
5875: command verifies certificate chains.
5876: .Pp
5877: The options are as follows:
5878: .Bl -tag -width Ds
5879: .It Fl CAfile Ar file
5880: A
5881: .Ar file
5882: of trusted certificates.
5883: The
5884: .Ar file
5885: should contain multiple certificates in PEM format, concatenated together.
5886: .It Fl CApath Ar directory
5887: A
5888: .Ar directory
5889: of trusted certificates.
1.76 jmc 5890: The certificates, or symbolic links to them,
5891: should have names of the form
5892: .Ar hash Ns .0 ,
5893: where
5894: .Ar hash
5895: is the hashed certificate subject name
5896: (see the
1.1 jsing 5897: .Fl hash
5898: option of the
5899: .Nm x509
5900: utility).
1.107 inoguchi 5901: .It Fl check_ss_sig
5902: Verify the signature on the self-signed root CA.
5903: This is disabled by default
5904: because it doesn't add any security.
5905: .It Fl CRLfile Ar file
5906: The
5907: .Ar file
5908: should contain one or more CRLs in PEM format.
1.1 jsing 5909: .It Fl crl_check
1.76 jmc 5910: Check end entity certificate validity by attempting to look up a valid CRL.
1.127 ! jmc 5911: If a valid CRL cannot be found, an error occurs.
1.1 jsing 5912: .It Fl crl_check_all
1.76 jmc 5913: Check the validity of all certificates in the chain by attempting
1.1 jsing 5914: to look up valid CRLs.
5915: .It Fl explicit_policy
1.76 jmc 5916: Set policy variable require-explicit-policy (RFC 3280).
1.1 jsing 5917: .It Fl extended_crl
5918: Enable extended CRL features such as indirect CRLs and alternate CRL
5919: signing keys.
5920: .It Fl help
1.76 jmc 5921: Print a usage message.
1.1 jsing 5922: .It Fl ignore_critical
1.76 jmc 5923: Ignore critical extensions instead of rejecting the certificate.
1.1 jsing 5924: .It Fl inhibit_any
1.76 jmc 5925: Set policy variable inhibit-any-policy (RFC 3280).
1.1 jsing 5926: .It Fl inhibit_map
1.76 jmc 5927: Set policy variable inhibit-policy-mapping (RFC 3280).
1.1 jsing 5928: .It Fl issuer_checks
1.76 jmc 5929: Print diagnostics relating to searches for the issuer certificate
5930: of the current certificate
5931: showing why each candidate issuer certificate was rejected.
5932: The presence of rejection messages
5933: does not itself imply that anything is wrong:
5934: during the normal verify process several rejections may take place.
1.126 tb 5935: .It Fl legacy_verify
5936: Use the legacy X.509 certificate chain verification code.
1.1 jsing 5937: .It Fl policy_check
1.76 jmc 5938: Enable certificate policy processing.
1.1 jsing 5939: .It Fl purpose Ar purpose
5940: The intended use for the certificate.
5941: Without this option no chain verification will be done.
5942: Currently accepted uses are
1.76 jmc 5943: .Cm sslclient , sslserver ,
5944: .Cm nssslserver , smimesign ,
5945: .Cm smimeencrypt , crlsign ,
5946: .Cm any ,
1.1 jsing 5947: and
1.76 jmc 5948: .Cm ocsphelper .
1.107 inoguchi 5949: .It Fl trusted Ar file
5950: A
5951: .Ar file
5952: of trusted certificates.
5953: The
5954: .Ar file
5955: should contain multiple certificates.
1.1 jsing 5956: .It Fl untrusted Ar file
5957: A
5958: .Ar file
5959: of untrusted certificates.
5960: The
5961: .Ar file
5962: should contain multiple certificates.
5963: .It Fl verbose
5964: Print extra information about the operations being performed.
5965: .It Fl x509_strict
5966: Disable workarounds for broken certificates which have to be disabled
5967: for strict X.509 compliance.
5968: .It Ar certificates
1.76 jmc 5969: One or more PEM
1.1 jsing 5970: .Ar certificates
5971: to verify.
5972: If no certificate files are included, an attempt is made to read
5973: a certificate from standard input.
1.76 jmc 5974: If the first certificate filename begins with a dash,
5975: use a lone dash to mark the last option.
1.1 jsing 5976: .El
1.76 jmc 5977: .Pp
1.1 jsing 5978: The
5979: .Nm verify
5980: program uses the same functions as the internal SSL and S/MIME verification,
1.76 jmc 5981: with one crucial difference:
5982: wherever possible an attempt is made to continue after an error,
5983: whereas normally the verify operation would halt on the first error.
1.1 jsing 5984: This allows all the problems with a certificate chain to be determined.
5985: .Pp
1.76 jmc 5986: The verify operation consists of a number of separate steps.
1.1 jsing 5987: Firstly a certificate chain is built up starting from the supplied certificate
5988: and ending in the root CA.
5989: It is an error if the whole chain cannot be built up.
5990: The chain is built up by looking up the issuer's certificate of the current
5991: certificate.
5992: If a certificate is found which is its own issuer, it is assumed
5993: to be the root CA.
5994: .Pp
1.76 jmc 5995: All certificates whose subject name matches the issuer name
1.1 jsing 5996: of the current certificate are subject to further tests.
5997: The relevant authority key identifier components of the current certificate
1.76 jmc 5998: (if present) must match the subject key identifier (if present)
5999: and issuer and serial number of the candidate issuer;
6000: in addition the
6001: .Cm keyUsage
6002: extension of the candidate issuer (if present) must permit certificate signing.
1.1 jsing 6003: .Pp
6004: The lookup first looks in the list of untrusted certificates and if no match
6005: is found the remaining lookups are from the trusted certificates.
1.76 jmc 6006: The root CA is always looked up in the trusted certificate list:
6007: if the certificate to verify is a root certificate,
6008: then an exact match must be found in the trusted list.
1.1 jsing 6009: .Pp
6010: The second operation is to check every untrusted certificate's extensions for
6011: consistency with the supplied purpose.
6012: If the
6013: .Fl purpose
6014: option is not included, then no checks are done.
6015: The supplied or
6016: .Qq leaf
6017: certificate must have extensions compatible with the supplied purpose
6018: and all other certificates must also be valid CA certificates.
6019: The precise extensions required are described in more detail in
6020: the
1.76 jmc 6021: .Nm X509
1.1 jsing 6022: section below.
6023: .Pp
6024: The third operation is to check the trust settings on the root CA.
6025: The root CA should be trusted for the supplied purpose.
1.76 jmc 6026: A certificate with no trust settings is considered to be valid for
1.1 jsing 6027: all purposes.
6028: .Pp
6029: The final operation is to check the validity of the certificate chain.
6030: The validity period is checked against the current system time and the
1.76 jmc 6031: .Cm notBefore
1.1 jsing 6032: and
1.76 jmc 6033: .Cm notAfter
1.1 jsing 6034: dates in the certificate.
6035: The certificate signatures are also checked at this point.
6036: .Pp
6037: If all operations complete successfully, the certificate is considered
6038: valid.
6039: If any operation fails then the certificate is not valid.
6040: When a verify operation fails, the output messages can be somewhat cryptic.
6041: The general form of the error message is:
1.76 jmc 6042: .Bd -literal
6043: server.pem: /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test CA (1024-bit)
6044: error 24 at 1 depth lookup:invalid CA certificate
1.1 jsing 6045: .Ed
6046: .Pp
6047: The first line contains the name of the certificate being verified, followed by
6048: the subject name of the certificate.
6049: The second line contains the error number and the depth.
6050: The depth is the number of the certificate being verified when a
6051: problem was detected starting with zero for the certificate being verified
6052: itself, then 1 for the CA that signed the certificate and so on.
6053: Finally a text version of the error number is presented.
6054: .Pp
6055: An exhaustive list of the error codes and messages is shown below; this also
6056: includes the name of the error code as defined in the header file
1.12 bentley 6057: .In openssl/x509_vfy.h .
1.76 jmc 6058: Some of the error codes are defined but never returned: these are described as
1.1 jsing 6059: .Qq unused .
6060: .Bl -tag -width "XXXX"
1.78 jmc 6061: .It 0 X509_V_OK
1.1 jsing 6062: The operation was successful.
1.78 jmc 6063: .It 2 X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT
6064: The issuer certificate of an untrusted certificate could not be found.
6065: .It 3 X509_V_ERR_UNABLE_TO_GET_CRL
1.1 jsing 6066: The CRL of a certificate could not be found.
1.78 jmc 6067: .It 4 X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE
1.1 jsing 6068: The certificate signature could not be decrypted.
1.78 jmc 6069: This means that the actual signature value could not be determined
6070: rather than it not matching the expected value.
1.1 jsing 6071: This is only meaningful for RSA keys.
1.78 jmc 6072: .It 5 X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE
6073: The CRL signature could not be decrypted.
6074: This means that the actual signature value could not be determined
6075: rather than it not matching the expected value.
1.1 jsing 6076: Unused.
1.78 jmc 6077: .It 6 X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY
1.1 jsing 6078: The public key in the certificate
1.76 jmc 6079: .Cm SubjectPublicKeyInfo
1.1 jsing 6080: could not be read.
1.78 jmc 6081: .It 7 X509_V_ERR_CERT_SIGNATURE_FAILURE
1.1 jsing 6082: The signature of the certificate is invalid.
1.78 jmc 6083: .It 8 X509_V_ERR_CRL_SIGNATURE_FAILURE
1.1 jsing 6084: The signature of the certificate is invalid.
1.78 jmc 6085: .It 9 X509_V_ERR_CERT_NOT_YET_VALID
1.1 jsing 6086: The certificate is not yet valid: the
1.76 jmc 6087: .Cm notBefore
1.1 jsing 6088: date is after the current time.
1.78 jmc 6089: .It 10 X509_V_ERR_CERT_HAS_EXPIRED
1.1 jsing 6090: The certificate has expired; that is, the
1.76 jmc 6091: .Cm notAfter
1.1 jsing 6092: date is before the current time.
1.78 jmc 6093: .It 11 X509_V_ERR_CRL_NOT_YET_VALID
1.1 jsing 6094: The CRL is not yet valid.
1.78 jmc 6095: .It 12 X509_V_ERR_CRL_HAS_EXPIRED
1.1 jsing 6096: The CRL has expired.
1.78 jmc 6097: .It 13 X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD
1.1 jsing 6098: The certificate
1.76 jmc 6099: .Cm notBefore
1.1 jsing 6100: field contains an invalid time.
1.78 jmc 6101: .It 14 X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD
1.1 jsing 6102: The certificate
1.76 jmc 6103: .Cm notAfter
1.1 jsing 6104: field contains an invalid time.
1.78 jmc 6105: .It 15 X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD
1.1 jsing 6106: The CRL
1.76 jmc 6107: .Cm lastUpdate
1.1 jsing 6108: field contains an invalid time.
1.78 jmc 6109: .It 16 X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD
1.1 jsing 6110: The CRL
1.76 jmc 6111: .Cm nextUpdate
1.1 jsing 6112: field contains an invalid time.
1.78 jmc 6113: .It 17 X509_V_ERR_OUT_OF_MEM
1.1 jsing 6114: An error occurred trying to allocate memory.
6115: This should never happen.
1.78 jmc 6116: .It 18 X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT
1.1 jsing 6117: The passed certificate is self-signed and the same certificate cannot be
6118: found in the list of trusted certificates.
1.78 jmc 6119: .It 19 X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN
1.1 jsing 6120: The certificate chain could be built up using the untrusted certificates but
6121: the root could not be found locally.
1.78 jmc 6122: .It 20 X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY
1.1 jsing 6123: The issuer certificate of a locally looked up certificate could not be found.
6124: This normally means the list of trusted certificates is not complete.
1.78 jmc 6125: .It 21 X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE
1.1 jsing 6126: No signatures could be verified because the chain contains only one
6127: certificate and it is not self-signed.
1.78 jmc 6128: .It 22 X509_V_ERR_CERT_CHAIN_TOO_LONG
1.1 jsing 6129: The certificate chain length is greater than the supplied maximum depth.
6130: Unused.
1.78 jmc 6131: .It 23 X509_V_ERR_CERT_REVOKED
1.1 jsing 6132: The certificate has been revoked.
1.78 jmc 6133: .It 24 X509_V_ERR_INVALID_CA
1.1 jsing 6134: A CA certificate is invalid.
6135: Either it is not a CA or its extensions are not consistent
6136: with the supplied purpose.
1.78 jmc 6137: .It 25 X509_V_ERR_PATH_LENGTH_EXCEEDED
1.1 jsing 6138: The
1.76 jmc 6139: .Cm basicConstraints
1.1 jsing 6140: pathlength parameter has been exceeded.
1.78 jmc 6141: .It 26 X509_V_ERR_INVALID_PURPOSE
1.1 jsing 6142: The supplied certificate cannot be used for the specified purpose.
1.78 jmc 6143: .It 27 X509_V_ERR_CERT_UNTRUSTED
1.1 jsing 6144: The root CA is not marked as trusted for the specified purpose.
1.78 jmc 6145: .It 28 X509_V_ERR_CERT_REJECTED
1.1 jsing 6146: The root CA is marked to reject the specified purpose.
1.78 jmc 6147: .It 29 X509_V_ERR_SUBJECT_ISSUER_MISMATCH
1.1 jsing 6148: The current candidate issuer certificate was rejected because its subject name
6149: did not match the issuer name of the current certificate.
6150: Only displayed when the
6151: .Fl issuer_checks
6152: option is set.
1.78 jmc 6153: .It 30 X509_V_ERR_AKID_SKID_MISMATCH
1.1 jsing 6154: The current candidate issuer certificate was rejected because its subject key
6155: identifier was present and did not match the authority key identifier current
6156: certificate.
6157: Only displayed when the
6158: .Fl issuer_checks
6159: option is set.
1.78 jmc 6160: .It 31 X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH
1.1 jsing 6161: The current candidate issuer certificate was rejected because its issuer name
6162: and serial number were present and did not match the authority key identifier
6163: of the current certificate.
6164: Only displayed when the
6165: .Fl issuer_checks
6166: option is set.
1.78 jmc 6167: .It 32 X509_V_ERR_KEYUSAGE_NO_CERTSIGN
1.1 jsing 6168: The current candidate issuer certificate was rejected because its
1.76 jmc 6169: .Cm keyUsage
1.1 jsing 6170: extension does not permit certificate signing.
1.78 jmc 6171: .It 50 X509_V_ERR_APPLICATION_VERIFICATION
1.1 jsing 6172: An application specific error.
6173: Unused.
6174: .El
1.120 kn 6175: .Tg version
1.1 jsing 6176: .Sh VERSION
6177: .Nm openssl version
6178: .Op Fl abdfopv
6179: .Pp
6180: The
6181: .Nm version
6182: command is used to print out version information about
1.79 jmc 6183: .Nm openssl .
1.1 jsing 6184: .Pp
6185: The options are as follows:
6186: .Bl -tag -width Ds
6187: .It Fl a
6188: All information: this is the same as setting all the other flags.
6189: .It Fl b
6190: The date the current version of
1.79 jmc 6191: .Nm openssl
1.1 jsing 6192: was built.
6193: .It Fl d
6194: .Ev OPENSSLDIR
6195: setting.
6196: .It Fl f
6197: Compilation flags.
6198: .It Fl o
6199: Option information: various options set when the library was built.
6200: .It Fl p
6201: Platform setting.
6202: .It Fl v
6203: The current
1.79 jmc 6204: .Nm openssl
1.1 jsing 6205: version.
6206: .El
1.120 kn 6207: .Tg x509
1.1 jsing 6208: .Sh X509
1.114 jmc 6209: .Bl -hang -width "openssl x509"
6210: .It Nm openssl x509
6211: .Bk -words
1.1 jsing 6212: .Op Fl C
6213: .Op Fl addreject Ar arg
6214: .Op Fl addtrust Ar arg
6215: .Op Fl alias
6216: .Op Fl CA Ar file
6217: .Op Fl CAcreateserial
1.80 jmc 6218: .Op Fl CAform Cm der | pem
1.1 jsing 6219: .Op Fl CAkey Ar file
1.80 jmc 6220: .Op Fl CAkeyform Cm der | pem
1.1 jsing 6221: .Op Fl CAserial Ar file
6222: .Op Fl certopt Ar option
6223: .Op Fl checkend Ar arg
6224: .Op Fl clrext
6225: .Op Fl clrreject
6226: .Op Fl clrtrust
6227: .Op Fl dates
6228: .Op Fl days Ar arg
6229: .Op Fl email
6230: .Op Fl enddate
6231: .Op Fl extensions Ar section
6232: .Op Fl extfile Ar file
6233: .Op Fl fingerprint
6234: .Op Fl hash
6235: .Op Fl in Ar file
1.80 jmc 6236: .Op Fl inform Cm der | net | pem
1.1 jsing 6237: .Op Fl issuer
6238: .Op Fl issuer_hash
6239: .Op Fl issuer_hash_old
1.80 jmc 6240: .Op Fl keyform Cm der | pem
1.29 bcook 6241: .Op Fl md5 | sha1
1.1 jsing 6242: .Op Fl modulus
6243: .Op Fl nameopt Ar option
1.107 inoguchi 6244: .Op Fl next_serial
1.1 jsing 6245: .Op Fl noout
6246: .Op Fl ocsp_uri
6247: .Op Fl ocspid
6248: .Op Fl out Ar file
1.80 jmc 6249: .Op Fl outform Cm der | net | pem
1.1 jsing 6250: .Op Fl passin Ar arg
6251: .Op Fl pubkey
6252: .Op Fl purpose
6253: .Op Fl req
6254: .Op Fl serial
6255: .Op Fl set_serial Ar n
6256: .Op Fl setalias Ar arg
6257: .Op Fl signkey Ar file
1.107 inoguchi 6258: .Op Fl sigopt Ar nm:v
1.1 jsing 6259: .Op Fl startdate
6260: .Op Fl subject
6261: .Op Fl subject_hash
6262: .Op Fl subject_hash_old
6263: .Op Fl text
6264: .Op Fl trustout
6265: .Op Fl x509toreq
1.114 jmc 6266: .Ek
6267: .El
1.1 jsing 6268: .Pp
6269: The
6270: .Nm x509
6271: command is a multi-purpose certificate utility.
6272: It can be used to display certificate information, convert certificates to
6273: various forms, sign certificate requests like a
6274: .Qq mini CA ,
6275: or edit certificate trust settings.
6276: .Pp
1.80 jmc 6277: The following are x509 input, output, and general purpose options:
1.1 jsing 6278: .Bl -tag -width "XXXX"
6279: .It Fl in Ar file
1.80 jmc 6280: The input file to read from,
6281: or standard input if not specified.
6282: .It Fl inform Cm der | net | pem
6283: The input format.
1.1 jsing 6284: Normally, the command will expect an X.509 certificate,
6285: but this can change if other options such as
6286: .Fl req
6287: are present.
1.29 bcook 6288: .It Fl md5 | sha1
1.1 jsing 6289: The digest to use.
6290: This affects any signing or display option that uses a message digest,
6291: such as the
6292: .Fl fingerprint , signkey ,
6293: and
6294: .Fl CA
6295: options.
6296: If not specified, MD5 is used.
1.80 jmc 6297: SHA1 is always used with DSA keys.
1.1 jsing 6298: .It Fl out Ar file
1.80 jmc 6299: The output file to write to,
6300: or standard output if none is specified.
6301: .It Fl outform Cm der | net | pem
6302: The output format.
1.1 jsing 6303: .It Fl passin Ar arg
6304: The key password source.
6305: .El
1.80 jmc 6306: .Pp
6307: The following are x509 display options:
1.1 jsing 6308: .Bl -tag -width "XXXX"
6309: .It Fl C
1.80 jmc 6310: Output the certificate in the form of a C source file.
1.1 jsing 6311: .It Fl certopt Ar option
6312: Customise the output format used with
1.80 jmc 6313: .Fl text ,
6314: either using a list of comma-separated options or by specifying
1.1 jsing 6315: .Fl certopt
1.80 jmc 6316: multiple times.
6317: The default behaviour is to print all fields.
6318: The options are as follows:
6319: .Pp
6320: .Bl -tag -width "no_extensions" -offset indent -compact
6321: .It Cm ca_default
6322: Equivalent to
6323: .Cm no_issuer , no_pubkey , no_header ,
6324: .Cm no_version , no_sigdump ,
6325: and
6326: .Cm no_signame .
6327: .It Cm compatible
6328: Equivalent to no output options at all.
6329: .It Cm ext_default
6330: Print unsupported certificate extensions.
6331: .It Cm ext_dump
6332: Hex dump unsupported extensions.
6333: .It Cm ext_error
6334: Print an error message for unsupported certificate extensions.
6335: .It Cm ext_parse
1.84 jmc 6336: ASN.1 parse unsupported extensions.
1.80 jmc 6337: .It Cm no_aux
6338: Do not print certificate trust information.
6339: .It Cm no_extensions
6340: Do not print X509V3 extensions.
6341: .It Cm no_header
6342: Do not print header (Certificate and Data) information.
6343: .It Cm no_issuer
6344: Do not print the issuer name.
6345: .It Cm no_pubkey
6346: Do not print the public key.
6347: .It Cm no_serial
6348: Do not print the serial number.
6349: .It Cm no_sigdump
6350: Do not give a hexadecimal dump of the certificate signature.
6351: .It Cm no_signame
6352: Do not print the signature algorithm used.
6353: .It Cm no_subject
6354: Do not print the subject name.
6355: .It Cm no_validity
6356: Do not print the
6357: .Cm notBefore
6358: and
6359: .Cm notAfter
6360: (validity) fields.
6361: .It Cm no_version
6362: Do not print the version number.
6363: .El
1.1 jsing 6364: .It Fl dates
1.80 jmc 6365: Print the start and expiry date of a certificate.
1.1 jsing 6366: .It Fl email
1.80 jmc 6367: Output the email addresses, if any.
1.1 jsing 6368: .It Fl enddate
1.80 jmc 6369: Print the expiry date of the certificate; that is, the
6370: .Cm notAfter
1.1 jsing 6371: date.
6372: .It Fl fingerprint
1.80 jmc 6373: Print the digest of the DER-encoded version of the whole certificate.
1.1 jsing 6374: .It Fl hash
6375: A synonym for
1.80 jmc 6376: .Fl subject_hash .
1.1 jsing 6377: .It Fl issuer
1.80 jmc 6378: Print the issuer name.
1.1 jsing 6379: .It Fl issuer_hash
1.80 jmc 6380: Print the hash of the certificate issuer name.
1.1 jsing 6381: .It Fl issuer_hash_old
1.80 jmc 6382: Print the hash of the certificate issuer name
6383: using the older algorithm as used by
6384: .Nm openssl
1.1 jsing 6385: versions before 1.0.0.
6386: .It Fl modulus
1.80 jmc 6387: Print the value of the modulus of the public key contained in the certificate.
1.1 jsing 6388: .It Fl nameopt Ar option
1.80 jmc 6389: Customise how the subject or issuer names are displayed,
6390: either using a list of comma-separated options or by specifying
1.1 jsing 6391: .Fl nameopt
1.80 jmc 6392: multiple times.
6393: The default behaviour is to use the
6394: .Cm oneline
6395: format.
6396: The options,
6397: which can be preceded by a dash to turn them off,
6398: are as follows:
6399: .Bl -tag -width "XXXX"
6400: .It Cm align
6401: Align field values for a more readable output.
6402: Only usable with
6403: .Ar sep_multiline .
6404: .It Cm compat
6405: Use the old format,
6406: equivalent to specifying no options at all.
6407: .It Cm dn_rev
6408: Reverse the fields of the DN, as required by RFC 2253.
6409: As a side effect, this also reverses the order of multiple AVAs.
6410: .It Cm dump_all
6411: Dump all fields.
6412: When used with
6413: .Ar dump_der ,
6414: it allows the DER encoding of the structure to be unambiguously determined.
6415: .It Cm dump_der
6416: Any fields that need to be hexdumped are
6417: dumped using the DER encoding of the field.
6418: Otherwise just the content octets will be displayed.
6419: Both options use the RFC 2253 #XXXX... format.
6420: .It Cm dump_nostr
6421: Dump non-character string types
6422: (for example OCTET STRING);
6423: usually, non-character string types are displayed
6424: as though each content octet represents a single character.
6425: .It Cm dump_unknown
6426: Dump any field whose OID is not recognised by
6427: .Nm openssl .
6428: .It Cm esc_2253
6429: Escape the
6430: .Qq special
6431: characters required by RFC 2253 in a field that is
6432: .Dq \& ,+"<>; .
6433: Additionally,
6434: .Sq #
6435: is escaped at the beginning of a string
6436: and a space character at the beginning or end of a string.
6437: .It Cm esc_ctrl
6438: Escape control characters.
6439: That is, those with ASCII values less than 0x20 (space)
6440: and the delete (0x7f) character.
6441: They are escaped using the RFC 2253 \eXX notation (where XX are two hex
6442: digits representing the character value).
6443: .It Cm esc_msb
6444: Escape characters with the MSB set; that is, with ASCII values larger than
6445: 127.
6446: .It Cm multiline
6447: A multiline format.
6448: Equivalent to
6449: .Cm esc_ctrl , esc_msb , sep_multiline ,
6450: .Cm space_eq , lname ,
6451: and
6452: .Cm align .
6453: .It Cm no_type
6454: Do not attempt to interpret multibyte characters.
6455: That is, content octets are merely dumped as though one octet
6456: represents each character.
6457: This is useful for diagnostic purposes
6458: but results in rather odd looking output.
6459: .It Cm nofname , sname , lname , oid
6460: Alter how the field name is displayed:
6461: .Cm nofname
6462: does not display the field at all;
6463: .Cm sname
6464: uses the short name form (CN for
6465: .Cm commonName ,
6466: for example);
6467: .Cm lname
6468: uses the long form.
6469: .Cm oid
6470: represents the OID in numerical form and is useful for diagnostic purpose.
6471: .It Cm oneline
6472: A one line format which is more readable than
6473: .Cm RFC2253 .
6474: Equivalent to
6475: .Cm esc_2253 , esc_ctrl , esc_msb , utf8 ,
6476: .Cm dump_nostr , dump_der , use_quote , sep_comma_plus_spc ,
6477: .Cm space_eq ,
6478: and
6479: .Cm sname .
6480: .It Cm RFC2253
6481: Displays names compatible with RFC 2253.
6482: Equivalent to
6483: .Cm esc_2253 , esc_ctrl ,
6484: .Cm esc_msb , utf8 , dump_nostr , dump_unknown ,
6485: .Cm dump_der , sep_comma_plus , dn_rev ,
6486: and
6487: .Cm sname .
6488: .It Cm sep_comma_plus , sep_comma_plus_space , sep_semi_plus_space , sep_multiline
6489: Determine the field separators:
6490: the first character is between RDNs and the second between multiple AVAs
6491: (multiple AVAs are very rare and their use is discouraged).
6492: The options ending in
6493: .Qq space
6494: additionally place a space after the separator to make it more readable.
6495: .Cm sep_multiline
6496: uses a linefeed character for the RDN separator and a spaced
6497: .Sq +
6498: for the AVA separator,
6499: as well as indenting the fields by four characters.
6500: .It Cm show_type
1.84 jmc 6501: Show the type of the ASN.1 character string.
1.80 jmc 6502: The type precedes the field contents.
6503: For example
6504: .Qq BMPSTRING: Hello World .
6505: .It Cm space_eq
6506: Place spaces round the
6507: .Sq =
6508: character which follows the field name.
6509: .It Cm use_quote
6510: Escape some characters by surrounding the whole string with
6511: .Sq \&"
6512: characters.
6513: Without the option, all escaping is done with the
6514: .Sq \e
6515: character.
6516: .It Cm utf8
6517: Convert all strings to UTF8 format first, as required by RFC 2253.
6518: On a UTF8 compatible terminal,
6519: the use of this option (and not setting
6520: .Cm esc_msb )
6521: may result in the correct display of multibyte characters.
6522: Usually, multibyte characters larger than 0xff
6523: are represented using the format \eUXXXX for 16 bits and \eWXXXXXXXX
6524: for 32 bits,
6525: and any UTF8Strings are converted to their character form first.
6526: .El
1.107 inoguchi 6527: .It Fl next_serial
6528: Print the next serial number.
1.1 jsing 6529: .It Fl noout
1.80 jmc 6530: Do not output the encoded version of the request.
1.1 jsing 6531: .It Fl ocsp_uri
1.80 jmc 6532: Print the OCSP responder addresses, if any.
1.1 jsing 6533: .It Fl ocspid
6534: Print OCSP hash values for the subject name and public key.
6535: .It Fl pubkey
1.80 jmc 6536: Print the public key.
1.1 jsing 6537: .It Fl serial
1.80 jmc 6538: Print the certificate serial number.
1.107 inoguchi 6539: .It Fl sigopt Ar nm:v
6540: Pass options to the signature algorithm during sign or certify operations.
6541: The names and values of these options are algorithm-specific.
1.1 jsing 6542: .It Fl startdate
1.80 jmc 6543: Print the start date of the certificate; that is, the
6544: .Cm notBefore
1.1 jsing 6545: date.
6546: .It Fl subject
1.80 jmc 6547: Print the subject name.
1.1 jsing 6548: .It Fl subject_hash
1.80 jmc 6549: Print the hash of the certificate subject name.
1.1 jsing 6550: This is used in
1.80 jmc 6551: .Nm openssl
1.1 jsing 6552: to form an index to allow certificates in a directory to be looked up
6553: by subject name.
6554: .It Fl subject_hash_old
1.80 jmc 6555: Print the hash of the certificate subject name
6556: using the older algorithm as used by
6557: .Nm openssl
1.1 jsing 6558: versions before 1.0.0.
6559: .It Fl text
1.80 jmc 6560: Print the full certificate in text form.
1.1 jsing 6561: .El
6562: .Pp
1.80 jmc 6563: A trusted certificate is a certificate which has several
1.1 jsing 6564: additional pieces of information attached to it such as the permitted
1.80 jmc 6565: and prohibited uses of the certificate and an alias.
1.127 ! jmc 6566: When a certificate is being verified, at least one certificate must be trusted.
1.80 jmc 6567: By default, a trusted certificate must be stored locally and be a root CA.
6568: The following are x509 trust settings options:
1.1 jsing 6569: .Bl -tag -width "XXXX"
6570: .It Fl addreject Ar arg
1.80 jmc 6571: Add a prohibited use.
6572: Accepts the same values as the
1.1 jsing 6573: .Fl addtrust
6574: option.
6575: .It Fl addtrust Ar arg
1.80 jmc 6576: Add a trusted certificate use.
1.1 jsing 6577: Any object name can be used here, but currently only
1.80 jmc 6578: .Cm clientAuth
6579: (SSL client use),
6580: .Cm serverAuth
6581: (SSL server use),
6582: and
6583: .Cm emailProtection
6584: (S/MIME email) are used.
1.1 jsing 6585: .It Fl alias
1.80 jmc 6586: Output the certificate alias.
1.1 jsing 6587: .It Fl clrreject
1.80 jmc 6588: Clear all the prohibited or rejected uses of the certificate.
1.1 jsing 6589: .It Fl clrtrust
1.80 jmc 6590: Clear all the permitted or trusted uses of the certificate.
1.1 jsing 6591: .It Fl purpose
1.80 jmc 6592: Perform tests on the certificate extensions.
6593: The same code is used when verifying untrusted certificates in chains,
6594: so this section is useful if a chain is rejected by the verify code.
6595: .Pp
6596: The
6597: .Cm basicConstraints
6598: extension CA flag is used to determine whether the
6599: certificate can be used as a CA.
6600: If the CA flag is true, it is a CA;
6601: if the CA flag is false, it is not a CA.
6602: All CAs should have the CA flag set to true.
6603: .Pp
6604: If the
6605: .Cm basicConstraints
6606: extension is absent, then the certificate is
6607: considered to be a possible CA;
6608: other extensions are checked according to the intended use of the certificate.
6609: A warning is given in this case because the certificate should really not
6610: be regarded as a CA.
6611: However it is allowed to be a CA to work around some broken software.
6612: .Pp
6613: If the certificate is a V1 certificate
6614: (and thus has no extensions) and it is self-signed,
6615: it is also assumed to be a CA but a warning is again given.
6616: This is to work around the problem of Verisign roots
6617: which are V1 self-signed certificates.
6618: .Pp
6619: If the
6620: .Cm keyUsage
6621: extension is present, then additional restraints are
6622: made on the uses of the certificate.
6623: A CA certificate must have the
6624: .Cm keyCertSign
6625: bit set if the
6626: .Cm keyUsage
6627: extension is present.
6628: .Pp
6629: The extended key usage extension places additional restrictions on the
6630: certificate uses.
6631: If this extension is present, whether critical or not,
6632: the key can only be used for the purposes specified.
6633: .Pp
6634: A complete description of each test is given below.
6635: The comments about
6636: .Cm basicConstraints
6637: and
6638: .Cm keyUsage
6639: and V1 certificates above apply to all CA certificates.
6640: .Bl -tag -width "XXXX"
6641: .It SSL Client
6642: The extended key usage extension must be absent or include the
6643: web client authentication OID.
6644: .Cm keyUsage
6645: must be absent or it must have the
6646: .Cm digitalSignature
6647: bit set.
6648: The Netscape certificate type must be absent
6649: or it must have the SSL client bit set.
6650: .It SSL Client CA
6651: The extended key usage extension must be absent or include the
6652: web client authentication OID.
6653: The Netscape certificate type must be absent
6654: or it must have the SSL CA bit set:
6655: this is used as a workaround if the
6656: .Cm basicConstraints
6657: extension is absent.
6658: .It SSL Server
6659: The extended key usage extension must be absent or include the
6660: web server authentication and/or one of the SGC OIDs.
6661: .Cm keyUsage
6662: must be absent or it must have the
6663: .Cm digitalSignature
6664: set, the
6665: .Cm keyEncipherment
6666: set, or both bits set.
6667: The Netscape certificate type must be absent or have the SSL server bit set.
6668: .It SSL Server CA
6669: The extended key usage extension must be absent or include the
6670: web server authentication and/or one of the SGC OIDs.
6671: The Netscape certificate type must be absent or the SSL CA bit must be set:
6672: this is used as a workaround if the
6673: .Cm basicConstraints
6674: extension is absent.
6675: .It Netscape SSL Server
6676: For Netscape SSL clients to connect to an SSL server; it must have the
6677: .Cm keyEncipherment
6678: bit set if the
6679: .Cm keyUsage
6680: extension is present.
6681: This isn't always valid because some cipher suites use the key for
6682: digital signing.
6683: Otherwise it is the same as a normal SSL server.
6684: .It Common S/MIME Client Tests
6685: The extended key usage extension must be absent or include the
6686: email protection OID.
6687: The Netscape certificate type must be absent or should have the S/MIME bit set.
6688: If the S/MIME bit is not set in Netscape certificate type, then the SSL
6689: client bit is tolerated as an alternative but a warning is shown:
6690: this is because some Verisign certificates don't set the S/MIME bit.
6691: .It S/MIME Signing
6692: In addition to the common S/MIME client tests, the
6693: .Cm digitalSignature
6694: bit must be set if the
6695: .Cm keyUsage
6696: extension is present.
6697: .It S/MIME Encryption
6698: In addition to the common S/MIME tests, the
6699: .Cm keyEncipherment
6700: bit must be set if the
6701: .Cm keyUsage
6702: extension is present.
6703: .It S/MIME CA
6704: The extended key usage extension must be absent or include the
6705: email protection OID.
6706: The Netscape certificate type must be absent
6707: or must have the S/MIME CA bit set:
6708: this is used as a workaround if the
6709: .Cm basicConstraints
6710: extension is absent.
6711: .It CRL Signing
6712: The
6713: .Cm keyUsage
6714: extension must be absent or it must have the CRL signing bit set.
6715: .It CRL Signing CA
6716: The normal CA tests apply, except the
6717: .Cm basicConstraints
6718: extension must be present.
6719: .El
1.1 jsing 6720: .It Fl setalias Ar arg
1.80 jmc 6721: Set the alias of the certificate,
6722: allowing the certificate to be referred to using a nickname,
6723: such as
1.1 jsing 6724: .Qq Steve's Certificate .
6725: .It Fl trustout
1.80 jmc 6726: Output a trusted certificate
6727: (the default if any trust settings are modified).
1.1 jsing 6728: An ordinary or trusted certificate can be input, but by default an ordinary
6729: certificate is output and any trust settings are discarded.
6730: .El
1.80 jmc 6731: .Pp
1.1 jsing 6732: The
6733: .Nm x509
1.80 jmc 6734: utility can be used to sign certificates and requests:
6735: it can thus behave like a mini CA.
6736: The following are x509 signing options:
1.1 jsing 6737: .Bl -tag -width "XXXX"
6738: .It Fl CA Ar file
1.80 jmc 6739: The CA certificate to be used for signing.
1.1 jsing 6740: When this option is present,
6741: .Nm x509
1.80 jmc 6742: behaves like a mini CA.
1.1 jsing 6743: The input file is signed by the CA using this option;
6744: that is, its issuer name is set to the subject name of the CA and it is
6745: digitally signed using the CA's private key.
6746: .Pp
6747: This option is normally combined with the
6748: .Fl req
6749: option.
6750: Without the
6751: .Fl req
6752: option, the input is a certificate which must be self-signed.
6753: .It Fl CAcreateserial
1.80 jmc 6754: Create the CA serial number file if it does not exist
6755: instead of generating an error.
6756: The file will contain the serial number
1.1 jsing 6757: .Sq 02
6758: and the certificate being signed will have
6759: .Sq 1
6760: as its serial number.
1.80 jmc 6761: .It Fl CAform Cm der | pem
1.1 jsing 6762: The format of the CA certificate file.
6763: The default is
1.80 jmc 6764: .Cm pem .
1.1 jsing 6765: .It Fl CAkey Ar file
1.80 jmc 6766: Set the CA private key to sign a certificate with.
6767: Otherwise it is assumed that the CA private key is present
6768: in the CA certificate file.
6769: .It Fl CAkeyform Cm der | pem
1.1 jsing 6770: The format of the CA private key.
6771: The default is
1.80 jmc 6772: .Cm pem .
1.1 jsing 6773: .It Fl CAserial Ar file
1.80 jmc 6774: Use the serial number in
6775: .Ar file
6776: to sign a certificate.
6777: The file should consist of one line containing an even number of hex digits
1.1 jsing 6778: with the serial number to use.
6779: After each use the serial number is incremented and written out
6780: to the file again.
6781: .Pp
6782: The default filename consists of the CA certificate file base name with
6783: .Pa .srl
6784: appended.
6785: For example, if the CA certificate file is called
6786: .Pa mycacert.pem ,
6787: it expects to find a serial number file called
6788: .Pa mycacert.srl .
6789: .It Fl checkend Ar arg
6790: Check whether the certificate expires in the next
6791: .Ar arg
6792: seconds.
6793: If so, exit with return value 1;
6794: otherwise exit with return value 0.
6795: .It Fl clrext
6796: Delete any extensions from a certificate.
6797: This option is used when a certificate is being created from another
6798: certificate (for example with the
6799: .Fl signkey
6800: or the
6801: .Fl CA
6802: options).
6803: Normally, all extensions are retained.
6804: .It Fl days Ar arg
1.80 jmc 6805: The number of days to make a certificate valid for.
1.1 jsing 6806: The default is 30 days.
6807: .It Fl extensions Ar section
6808: The section to add certificate extensions from.
6809: If this option is not specified, the extensions should either be
1.80 jmc 6810: contained in the unnamed (default) section
6811: or the default section should contain a variable called
1.1 jsing 6812: .Qq extensions
6813: which contains the section to use.
6814: .It Fl extfile Ar file
6815: File containing certificate extensions to use.
6816: If not specified, no extensions are added to the certificate.
1.80 jmc 6817: .It Fl keyform Cm der | pem
6818: The format of the private key file used in the
1.1 jsing 6819: .Fl signkey
6820: option.
6821: .It Fl req
1.80 jmc 6822: Expect a certificate request on input instead of a certificate.
1.1 jsing 6823: .It Fl set_serial Ar n
1.80 jmc 6824: The serial number to use.
1.1 jsing 6825: This option can be used with either the
6826: .Fl signkey
6827: or
6828: .Fl CA
6829: options.
6830: If used in conjunction with the
6831: .Fl CA
6832: option, the serial number file (as specified by the
6833: .Fl CAserial
6834: or
6835: .Fl CAcreateserial
6836: options) is not used.
6837: .Pp
6838: The serial number can be decimal or hex (if preceded by
6839: .Sq 0x ) .
6840: Negative serial numbers can also be specified but their use is not recommended.
6841: .It Fl signkey Ar file
1.80 jmc 6842: Self-sign
6843: .Ar file
6844: using the supplied private key.
1.1 jsing 6845: .Pp
6846: If the input file is a certificate, it sets the issuer name to the
1.80 jmc 6847: subject name (i.e. makes it self-signed),
1.1 jsing 6848: changes the public key to the supplied value,
6849: and changes the start and end dates.
6850: The start date is set to the current time and the end date is set to
6851: a value determined by the
6852: .Fl days
6853: option.
6854: Any certificate extensions are retained unless the
6855: .Fl clrext
6856: option is supplied.
6857: .Pp
6858: If the input is a certificate request, a self-signed certificate
6859: is created using the supplied private key using the subject name in
6860: the request.
6861: .It Fl x509toreq
1.80 jmc 6862: Convert a certificate into a certificate request.
1.1 jsing 6863: The
6864: .Fl signkey
6865: option is used to pass the required private key.
6866: .El
1.38 jmc 6867: .Sh COMMON NOTATION
6868: Several commands share a common syntax,
6869: as detailed below.
6870: .Pp
6871: Password arguments, typically specified using
1.33 jmc 6872: .Fl passin
6873: and
6874: .Fl passout
1.38 jmc 6875: for input and output passwords,
6876: allow passwords to be obtained from a variety of sources.
6877: Both of these options take a single argument, described below.
1.33 jmc 6878: If no password argument is given and a password is required,
6879: then the user is prompted to enter one:
6880: this will typically be read from the current terminal with echoing turned off.
1.38 jmc 6881: .Bl -tag -width "pass:password" -offset indent
6882: .It Cm pass : Ns Ar password
1.33 jmc 6883: The actual password is
6884: .Ar password .
1.38 jmc 6885: Since the password is visible to utilities,
1.33 jmc 6886: this form should only be used where security is not important.
1.38 jmc 6887: .It Cm env : Ns Ar var
1.33 jmc 6888: Obtain the password from the environment variable
6889: .Ar var .
1.38 jmc 6890: Since the environment of other processes is visible,
6891: this option should be used with caution.
6892: .It Cm file : Ns Ar path
1.33 jmc 6893: The first line of
6894: .Ar path
6895: is the password.
6896: If the same
6897: .Ar path
6898: argument is supplied to
6899: .Fl passin
6900: and
6901: .Fl passout ,
6902: then the first line will be used for the input password and the next line
6903: for the output password.
6904: .Ar path
6905: need not refer to a regular file:
6906: it could, for example, refer to a device or named pipe.
1.38 jmc 6907: .It Cm fd : Ns Ar number
1.33 jmc 6908: Read the password from the file descriptor
6909: .Ar number .
1.38 jmc 6910: This can be used to send the data via a pipe, for example.
6911: .It Cm stdin
1.33 jmc 6912: Read the password from standard input.
1.35 jmc 6913: .El
1.38 jmc 6914: .Pp
1.64 jmc 6915: Input/output formats,
1.38 jmc 6916: typically specified using
6917: .Fl inform
6918: and
6919: .Fl outform ,
1.64 jmc 6920: indicate the format being read from or written to.
1.38 jmc 6921: The argument is case insensitive.
6922: .Pp
6923: .Bl -tag -width Ds -offset indent -compact
6924: .It Cm der
6925: Distinguished Encoding Rules (DER)
6926: is a binary format.
1.64 jmc 6927: .It Cm net
6928: Insecure legacy format.
1.38 jmc 6929: .It Cm pem
6930: Privacy Enhanced Mail (PEM)
6931: is base64-encoded.
1.108 inoguchi 6932: .It Cm pvk
6933: Private Key format.
1.70 jmc 6934: .It Cm smime
6935: An SMIME format message.
1.38 jmc 6936: .It Cm txt
6937: Plain ASCII text.
6938: .El
1.35 jmc 6939: .Sh ENVIRONMENT
6940: The following environment variables affect the execution of
6941: .Nm openssl :
1.38 jmc 6942: .Bl -tag -width "/etc/ssl/openssl.cnf"
1.35 jmc 6943: .It Ev OPENSSL_CONF
6944: The location of the master configuration file.
1.33 jmc 6945: .El
1.1 jsing 6946: .Sh FILES
6947: .Bl -tag -width "/etc/ssl/openssl.cnf" -compact
1.17 sobrado 6948: .It Pa /etc/ssl/
1.1 jsing 6949: Default config directory for
6950: .Nm openssl .
1.17 sobrado 6951: .It Pa /etc/ssl/lib/
1.1 jsing 6952: Unused.
1.17 sobrado 6953: .It Pa /etc/ssl/private/
1.1 jsing 6954: Default private key directory.
1.17 sobrado 6955: .It Pa /etc/ssl/openssl.cnf
1.1 jsing 6956: Default configuration file for
6957: .Nm openssl .
1.17 sobrado 6958: .It Pa /etc/ssl/x509v3.cnf
1.1 jsing 6959: Default configuration file for
6960: .Nm x509
6961: certificates.
6962: .El
6963: .Sh SEE ALSO
1.74 jmc 6964: .Xr acme-client 1 ,
1.26 jmc 6965: .Xr nc 1 ,
1.90 schwarze 6966: .Xr openssl.cnf 5 ,
6967: .Xr x509v3.cnf 5 ,
1.1 jsing 6968: .Xr ssl 8 ,
6969: .Xr starttls 8
6970: .Sh STANDARDS
6971: .Rs
6972: .%A T. Dierks
6973: .%A C. Allen
6974: .%D January 1999
6975: .%R RFC 2246
6976: .%T The TLS Protocol Version 1.0
6977: .Re
6978: .Pp
6979: .Rs
6980: .%A M. Wahl
6981: .%A S. Killie
6982: .%A T. Howes
6983: .%D December 1997
6984: .%R RFC 2253
6985: .%T Lightweight Directory Access Protocol (v3): UTF-8 String Representation of Distinguished Names
6986: .Re
6987: .Pp
6988: .Rs
6989: .%A B. Kaliski
6990: .%D March 1998
6991: .%R RFC 2315
6992: .%T PKCS #7: Cryptographic Message Syntax Version 1.5
6993: .Re
6994: .Pp
6995: .Rs
6996: .%A R. Housley
6997: .%A W. Ford
6998: .%A W. Polk
6999: .%A D. Solo
7000: .%D January 1999
7001: .%R RFC 2459
7002: .%T Internet X.509 Public Key Infrastructure Certificate and CRL Profile
7003: .Re
7004: .Pp
7005: .Rs
7006: .%A M. Myers
7007: .%A R. Ankney
7008: .%A A. Malpani
7009: .%A S. Galperin
7010: .%A C. Adams
7011: .%D June 1999
7012: .%R RFC 2560
7013: .%T X.509 Internet Public Key Infrastructure Online Certificate Status Protocol \(en OCSP
7014: .Re
7015: .Pp
7016: .Rs
7017: .%A R. Housley
7018: .%D June 1999
7019: .%R RFC 2630
7020: .%T Cryptographic Message Syntax
7021: .Re
7022: .Pp
7023: .Rs
7024: .%A P. Chown
7025: .%D June 2002
7026: .%R RFC 3268
1.24 jmc 7027: .%T Advanced Encryption Standard (AES) Ciphersuites for Transport Layer Security (TLS)
1.1 jsing 7028: .Re