Annotation of src/usr.bin/openssl/openssl.1, Revision 1.136
1.136 ! jsg 1: .\" $OpenBSD: openssl.1,v 1.135 2022/01/10 12:19:26 tb Exp $
1.1 jsing 2: .\" ====================================================================
3: .\" Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
4: .\"
5: .\" Redistribution and use in source and binary forms, with or without
6: .\" modification, are permitted provided that the following conditions
7: .\" are met:
8: .\"
9: .\" 1. Redistributions of source code must retain the above copyright
10: .\" notice, this list of conditions and the following disclaimer.
11: .\"
12: .\" 2. Redistributions in binary form must reproduce the above copyright
13: .\" notice, this list of conditions and the following disclaimer in
14: .\" the documentation and/or other materials provided with the
15: .\" distribution.
16: .\"
17: .\" 3. All advertising materials mentioning features or use of this
18: .\" software must display the following acknowledgment:
19: .\" "This product includes software developed by the OpenSSL Project
20: .\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
21: .\"
22: .\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
23: .\" endorse or promote products derived from this software without
24: .\" prior written permission. For written permission, please contact
25: .\" openssl-core@openssl.org.
26: .\"
27: .\" 5. Products derived from this software may not be called "OpenSSL"
28: .\" nor may "OpenSSL" appear in their names without prior written
29: .\" permission of the OpenSSL Project.
30: .\"
31: .\" 6. Redistributions of any form whatsoever must retain the following
32: .\" acknowledgment:
33: .\" "This product includes software developed by the OpenSSL Project
34: .\" for use in the OpenSSL Toolkit (http://www.openssl.org/)"
35: .\"
36: .\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
37: .\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
38: .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
39: .\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
40: .\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
41: .\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
42: .\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
43: .\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
44: .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
45: .\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
46: .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
47: .\" OF THE POSSIBILITY OF SUCH DAMAGE.
48: .\" ====================================================================
49: .\"
50: .\" This product includes cryptographic software written by Eric Young
51: .\" (eay@cryptsoft.com). This product includes software written by Tim
52: .\" Hudson (tjh@cryptsoft.com).
53: .\"
54: .\"
55: .\" Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
56: .\" All rights reserved.
57: .\"
58: .\" This package is an SSL implementation written
59: .\" by Eric Young (eay@cryptsoft.com).
60: .\" The implementation was written so as to conform with Netscapes SSL.
61: .\"
62: .\" This library is free for commercial and non-commercial use as long as
63: .\" the following conditions are aheared to. The following conditions
64: .\" apply to all code found in this distribution, be it the RC4, RSA,
65: .\" lhash, DES, etc., code; not just the SSL code. The SSL documentation
66: .\" included with this distribution is covered by the same copyright terms
67: .\" except that the holder is Tim Hudson (tjh@cryptsoft.com).
68: .\"
69: .\" Copyright remains Eric Young's, and as such any Copyright notices in
70: .\" the code are not to be removed.
71: .\" If this package is used in a product, Eric Young should be given attribution
72: .\" as the author of the parts of the library used.
73: .\" This can be in the form of a textual message at program startup or
74: .\" in documentation (online or textual) provided with the package.
75: .\"
76: .\" Redistribution and use in source and binary forms, with or without
77: .\" modification, are permitted provided that the following conditions
78: .\" are met:
79: .\" 1. Redistributions of source code must retain the copyright
80: .\" notice, this list of conditions and the following disclaimer.
81: .\" 2. Redistributions in binary form must reproduce the above copyright
82: .\" notice, this list of conditions and the following disclaimer in the
83: .\" documentation and/or other materials provided with the distribution.
84: .\" 3. All advertising materials mentioning features or use of this software
85: .\" must display the following acknowledgement:
86: .\" "This product includes cryptographic software written by
87: .\" Eric Young (eay@cryptsoft.com)"
88: .\" The word 'cryptographic' can be left out if the rouines from the library
89: .\" being used are not cryptographic related :-).
90: .\" 4. If you include any Windows specific code (or a derivative thereof) from
91: .\" the apps directory (application code) you must include an
92: .\" acknowledgement:
93: .\" "This product includes software written by Tim Hudson
94: .\" (tjh@cryptsoft.com)"
95: .\"
96: .\" THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
97: .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
98: .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
99: .\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
100: .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
101: .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
102: .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
103: .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
104: .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
105: .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
106: .\" SUCH DAMAGE.
107: .\"
108: .\" The licence and distribution terms for any publically available version or
109: .\" derivative of this code cannot be changed. i.e. this code cannot simply be
110: .\" copied and put under another distribution licence
111: .\" [including the GNU Public Licence.]
112: .\"
1.136 ! jsg 113: .Dd $Mdocdate: January 10 2022 $
1.1 jsing 114: .Dt OPENSSL 1
115: .Os
116: .Sh NAME
117: .Nm openssl
118: .Nd OpenSSL command line tool
119: .Sh SYNOPSIS
120: .Nm
1.90 schwarze 121: .Ar command
1.1 jsing 122: .Op Ar command_opts
123: .Op Ar command_args
124: .Pp
125: .Nm
1.13 bentley 126: .Cm list-standard-commands |
127: .Cm list-message-digest-commands |
128: .Cm list-cipher-commands |
129: .Cm list-cipher-algorithms |
130: .Cm list-message-digest-algorithms |
1.1 jsing 131: .Cm list-public-key-algorithms
132: .Pp
133: .Nm
1.39 jmc 134: .Cm no- Ns Ar command
1.1 jsing 135: .Sh DESCRIPTION
136: .Nm OpenSSL
1.31 jmc 137: is a cryptography toolkit implementing the
138: Transport Layer Security
1.1 jsing 139: .Pq TLS v1
1.31 jmc 140: network protocol,
141: as well as related cryptography standards.
1.1 jsing 142: .Pp
143: The
144: .Nm
145: program is a command line tool for using the various
146: cryptography functions of
1.39 jmc 147: .Nm openssl Ns 's
1.33 jmc 148: crypto library from the shell.
1.1 jsing 149: .Pp
150: The pseudo-commands
151: .Cm list-standard-commands , list-message-digest-commands ,
152: and
153: .Cm list-cipher-commands
154: output a list
155: .Pq one entry per line
156: of the names of all standard commands, message digest commands,
157: or cipher commands, respectively, that are available in the present
158: .Nm
159: utility.
160: .Pp
161: The pseudo-commands
162: .Cm list-cipher-algorithms
163: and
164: .Cm list-message-digest-algorithms
165: list all cipher and message digest names,
166: one entry per line.
167: Aliases are listed as:
168: .Pp
1.33 jmc 169: .D1 from => to
1.1 jsing 170: .Pp
171: The pseudo-command
172: .Cm list-public-key-algorithms
173: lists all supported public key algorithms.
174: .Pp
175: The pseudo-command
1.39 jmc 176: .Cm no- Ns Ar command
1.1 jsing 177: tests whether a command of the
178: specified name is available.
1.39 jmc 179: If
180: .Ar command
181: does not exist,
1.1 jsing 182: it returns 0
183: and prints
1.39 jmc 184: .Cm no- Ns Ar command ;
1.1 jsing 185: otherwise it returns 1 and prints
1.39 jmc 186: .Ar command .
187: In both cases, the output goes to stdout and nothing is printed to stderr.
1.1 jsing 188: Additional command line arguments are always ignored.
189: Since for each cipher there is a command of the same name,
190: this provides an easy way for shell scripts to test for the
191: availability of ciphers in the
192: .Nm
193: program.
194: .Pp
195: .Sy Note :
1.39 jmc 196: .Cm no- Ns Ar command
1.1 jsing 197: is not able to detect pseudo-commands such as
198: .Cm quit ,
199: .Cm list- Ns Ar ... Ns Cm -commands ,
200: or
1.39 jmc 201: .Cm no- Ns Ar command
1.1 jsing 202: itself.
1.120 kn 203: .Tg asn1parse
1.1 jsing 204: .Sh ASN1PARSE
1.114 jmc 205: .Bl -hang -width "openssl asn1parse"
206: .It Nm openssl asn1parse
207: .Bk -words
1.1 jsing 208: .Op Fl i
209: .Op Fl dlimit Ar number
210: .Op Fl dump
211: .Op Fl genconf Ar file
212: .Op Fl genstr Ar str
213: .Op Fl in Ar file
1.34 jmc 214: .Op Fl inform Cm der | pem | txt
1.1 jsing 215: .Op Fl length Ar number
216: .Op Fl noout
217: .Op Fl offset Ar number
218: .Op Fl oid Ar file
219: .Op Fl out Ar file
220: .Op Fl strparse Ar offset
1.114 jmc 221: .Ek
222: .El
1.1 jsing 223: .Pp
224: The
225: .Nm asn1parse
226: command is a diagnostic utility that can parse ASN.1 structures.
227: It can also be used to extract data from ASN.1 formatted data.
228: .Pp
229: The options are as follows:
230: .Bl -tag -width Ds
231: .It Fl dlimit Ar number
232: Dump the first
233: .Ar number
234: bytes of unknown data in hex form.
235: .It Fl dump
236: Dump unknown data in hex form.
237: .It Fl genconf Ar file , Fl genstr Ar str
238: Generate encoded data based on string
239: .Ar str ,
240: file
241: .Ar file ,
1.34 jmc 242: or both, using the format described in
243: .Xr ASN1_generate_nconf 3 .
1.1 jsing 244: If only
245: .Ar file
246: is present then the string is obtained from the default section
247: using the name
248: .Dq asn1 .
1.84 jmc 249: The encoded data is passed through the ASN.1 parser and printed out as
1.1 jsing 250: though it came from a file;
251: the contents can thus be examined and written to a file using the
252: .Fl out
253: option.
254: .It Fl i
1.34 jmc 255: Indent the output according to the
1.1 jsing 256: .Qq depth
257: of the structures.
258: .It Fl in Ar file
1.41 jmc 259: The input file to read from, or standard input if not specified.
1.34 jmc 260: .It Fl inform Cm der | pem | txt
1.1 jsing 261: The input format.
262: .It Fl length Ar number
1.34 jmc 263: Number of bytes to parse; the default is until end of file.
1.1 jsing 264: .It Fl noout
1.46 jmc 265: Do not output the parsed version of the input file.
1.1 jsing 266: .It Fl offset Ar number
1.34 jmc 267: Starting offset to begin parsing; the default is start of file.
1.1 jsing 268: .It Fl oid Ar file
269: A file containing additional object identifiers
270: .Pq OIDs .
271: If an OID
272: .Pq object identifier
273: is not part of
1.34 jmc 274: .Nm openssl Ns 's
1.1 jsing 275: internal table it will be represented in
276: numerical form
277: .Pq for example 1.2.3.4 .
1.34 jmc 278: .Pp
1.1 jsing 279: Each line consists of three columns:
280: the first column is the OID in numerical format and should be followed by
281: whitespace.
282: The second column is the
1.34 jmc 283: .Qq short name ,
1.1 jsing 284: which is a single word followed by whitespace.
285: The final column is the rest of the line and is the
286: .Qq long name .
287: .Nm asn1parse
288: displays the long name.
1.34 jmc 289: .It Fl out Ar file
290: The DER-encoded output file; the default is no encoded output
291: (useful when combined with
292: .Fl strparse ) .
293: .It Fl strparse Ar offset
294: Parse the content octets of the ASN.1 object starting at
295: .Ar offset .
296: This option can be used multiple times to
297: .Qq drill down
298: into a nested structure.
299: .El
1.120 kn 300: .Tg ca
1.1 jsing 301: .Sh CA
1.114 jmc 302: .Bl -hang -width "openssl ca"
303: .It Nm openssl ca
304: .Bk -words
1.1 jsing 305: .Op Fl batch
306: .Op Fl cert Ar file
307: .Op Fl config Ar file
1.91 schwarze 308: .Op Fl create_serial
1.1 jsing 309: .Op Fl crl_CA_compromise Ar time
310: .Op Fl crl_compromise Ar time
311: .Op Fl crl_hold Ar instruction
312: .Op Fl crl_reason Ar reason
313: .Op Fl crldays Ar days
314: .Op Fl crlexts Ar section
315: .Op Fl crlhours Ar hours
1.103 inoguchi 316: .Op Fl crlsec Ar seconds
1.1 jsing 317: .Op Fl days Ar arg
318: .Op Fl enddate Ar date
319: .Op Fl extensions Ar section
1.103 inoguchi 320: .Op Fl extfile Ar file
1.1 jsing 321: .Op Fl gencrl
322: .Op Fl in Ar file
323: .Op Fl infiles
1.91 schwarze 324: .Op Fl key Ar password
1.103 inoguchi 325: .Op Fl keyfile Ar file
1.91 schwarze 326: .Op Fl keyform Cm pem | der
1.103 inoguchi 327: .Op Fl md Ar alg
1.1 jsing 328: .Op Fl msie_hack
1.107 inoguchi 329: .Op Fl multivalue-rdn
1.1 jsing 330: .Op Fl name Ar section
331: .Op Fl noemailDN
332: .Op Fl notext
333: .Op Fl out Ar file
1.103 inoguchi 334: .Op Fl outdir Ar directory
1.1 jsing 335: .Op Fl passin Ar arg
336: .Op Fl policy Ar arg
337: .Op Fl preserveDN
338: .Op Fl revoke Ar file
1.91 schwarze 339: .Op Fl selfsign
1.103 inoguchi 340: .Op Fl sigopt Ar nm:v
1.1 jsing 341: .Op Fl spkac Ar file
342: .Op Fl ss_cert Ar file
343: .Op Fl startdate Ar date
344: .Op Fl status Ar serial
345: .Op Fl subj Ar arg
346: .Op Fl updatedb
1.91 schwarze 347: .Op Fl utf8
1.1 jsing 348: .Op Fl verbose
1.114 jmc 349: .Ek
350: .El
1.1 jsing 351: .Pp
352: The
353: .Nm ca
1.35 jmc 354: command is a minimal certificate authority (CA) application.
1.1 jsing 355: It can be used to sign certificate requests in a variety of forms
1.35 jmc 356: and generate certificate revocation lists (CRLs).
1.1 jsing 357: It also maintains a text database of issued certificates and their status.
358: .Pp
1.35 jmc 359: The options relevant to CAs are as follows:
1.1 jsing 360: .Bl -tag -width "XXXX"
361: .It Fl batch
1.41 jmc 362: Batch mode.
1.1 jsing 363: In this mode no questions will be asked
364: and all certificates will be certified automatically.
365: .It Fl cert Ar file
366: The CA certificate file.
367: .It Fl config Ar file
1.72 jmc 368: Specify an alternative configuration file.
1.91 schwarze 369: .It Fl create_serial
370: If reading the serial from the text file as specified in the
371: configuration fails, create a new random serial to be used as the
372: next serial number.
1.1 jsing 373: .It Fl days Ar arg
374: The number of days to certify the certificate for.
375: .It Fl enddate Ar date
1.41 jmc 376: Set the expiry date.
1.88 jmc 377: The format of the date is [YY]YYMMDDHHMMSSZ,
378: with all four year digits required for dates from 2050 onwards.
1.1 jsing 379: .It Fl extensions Ar section
380: The section of the configuration file containing certificate extensions
381: to be added when a certificate is issued (defaults to
1.35 jmc 382: .Cm x509_extensions
1.1 jsing 383: unless the
384: .Fl extfile
385: option is used).
386: If no extension section is present, a V1 certificate is created.
387: If the extension section is present
388: .Pq even if it is empty ,
389: then a V3 certificate is created.
1.91 schwarze 390: See the
391: .Xr x509v3.cnf 5
392: manual page for details of the extension section format.
1.1 jsing 393: .It Fl extfile Ar file
394: An additional configuration
395: .Ar file
396: to read certificate extensions from
397: (using the default section unless the
398: .Fl extensions
399: option is also used).
400: .It Fl in Ar file
401: An input
402: .Ar file
403: containing a single certificate request to be signed by the CA.
404: .It Fl infiles
405: If present, this should be the last option; all subsequent arguments
406: are assumed to be the names of files containing certificate requests.
1.91 schwarze 407: .It Fl key Ar password
408: The
409: .Fa password
410: used to encrypt the private key.
1.35 jmc 411: Since on some systems the command line arguments are visible,
412: this option should be used with caution.
1.1 jsing 413: .It Fl keyfile Ar file
414: The private key to sign requests with.
1.91 schwarze 415: .It Fl keyform Cm pem | der
1.1 jsing 416: Private key file format.
1.91 schwarze 417: The default is
418: .Cm pem .
1.1 jsing 419: .It Fl md Ar alg
420: The message digest to use.
421: Possible values include
422: .Ar md5
423: and
424: .Ar sha1 .
425: This option also applies to CRLs.
426: .It Fl msie_hack
427: This is a legacy option to make
428: .Nm ca
429: work with very old versions of the IE certificate enrollment control
430: .Qq certenr3 .
431: It used UniversalStrings for almost everything.
432: Since the old control has various security bugs,
433: its use is strongly discouraged.
434: The newer control
435: .Qq Xenroll
436: does not need this option.
1.107 inoguchi 437: .It Fl multivalue-rdn
1.91 schwarze 438: This option causes the
439: .Fl subj
440: argument to be interpreted with full support for multivalued RDNs,
441: for example
442: .Qq "/DC=org/DC=OpenSSL/DC=users/UID=123456+CN=John Doe" .
443: If
1.107 inoguchi 444: .Fl multivalue-rdn
1.91 schwarze 445: is not used, the UID value is set to
446: .Qq "123456+CN=John Doe" .
1.1 jsing 447: .It Fl name Ar section
448: Specifies the configuration file
449: .Ar section
450: to use (overrides
451: .Cm default_ca
452: in the
453: .Cm ca
454: section).
455: .It Fl noemailDN
456: The DN of a certificate can contain the EMAIL field if present in the
1.30 mmcc 457: request DN, however it is good policy just having the email set into
1.1 jsing 458: the
1.35 jmc 459: .Cm altName
1.1 jsing 460: extension of the certificate.
461: When this option is set, the EMAIL field is removed from the certificate's
462: subject and set only in the, eventually present, extensions.
463: The
464: .Ar email_in_dn
465: keyword can be used in the configuration file to enable this behaviour.
466: .It Fl notext
467: Don't output the text form of a certificate to the output file.
468: .It Fl out Ar file
469: The output file to output certificates to.
470: The default is standard output.
1.91 schwarze 471: The certificate details will also be printed out to this file in
472: PEM format, except that
473: .Fl spkac
474: outputs DER format.
1.1 jsing 475: .It Fl outdir Ar directory
476: The
477: .Ar directory
478: to output certificates to.
479: The certificate will be written to a file consisting of the
480: serial number in hex with
481: .Qq .pem
482: appended.
483: .It Fl passin Ar arg
484: The key password source.
485: .It Fl policy Ar arg
1.41 jmc 486: Define the CA
1.1 jsing 487: .Qq policy
488: to use.
1.35 jmc 489: The policy section in the configuration file
490: consists of a set of variables corresponding to certificate DN fields.
491: The values may be one of
492: .Qq match
493: (the value must match the same field in the CA certificate),
494: .Qq supplied
495: (the value must be present), or
496: .Qq optional
497: (the value may be present).
498: Any fields not mentioned in the policy section
499: are silently deleted, unless the
500: .Fl preserveDN
501: option is set,
502: but this can be regarded more of a quirk than intended behaviour.
1.1 jsing 503: .It Fl preserveDN
504: Normally, the DN order of a certificate is the same as the order of the
505: fields in the relevant policy section.
506: When this option is set, the order is the same as the request.
507: This is largely for compatibility with the older IE enrollment control
508: which would only accept certificates if their DNs matched the order of the
509: request.
510: This is not needed for Xenroll.
1.91 schwarze 511: .It Fl selfsign
512: Indicates the issued certificates are to be signed with the key the
513: certificate requests were signed with, given with
514: .Fl keyfile .
515: Certificate requests signed with a different key are ignored.
516: If
517: .Fl gencrl ,
518: .Fl spkac ,
519: or
520: .Fl ss_cert
521: are given,
522: .Fl selfsign
523: is ignored.
524: .Pp
525: A consequence of using
526: .Fl selfsign
527: is that the self-signed certificate appears among the entries in
528: the certificate database (see the configuration option
529: .Cm database )
530: and uses the same serial number counter as all other certificates
531: signed with the self-signed certificate.
1.103 inoguchi 532: .It Fl sigopt Ar nm:v
533: Pass options to the signature algorithm during sign or certify operations.
534: The names and values of these options are algorithm-specific.
1.1 jsing 535: .It Fl spkac Ar file
536: A file containing a single Netscape signed public key and challenge,
537: and additional field values to be signed by the CA.
1.35 jmc 538: This will usually come from the
539: KEYGEN tag in an HTML form to create a new private key.
540: It is, however, possible to create SPKACs using the
541: .Nm spkac
542: utility.
543: .Pp
544: The file should contain the variable SPKAC set to the value of
545: the SPKAC and also the required DN components as name value pairs.
546: If it's necessary to include the same component twice,
547: then it can be preceded by a number and a
548: .Sq \&. .
1.1 jsing 549: .It Fl ss_cert Ar file
550: A single self-signed certificate to be signed by the CA.
551: .It Fl startdate Ar date
1.41 jmc 552: Set the start date.
1.88 jmc 553: The format of the date is [YY]YYMMDDHHMMSSZ,
554: with all four year digits required for dates from 2050 onwards.
1.91 schwarze 555: .It Fl subj Ar arg
556: Supersedes the subject name given in the request.
557: The
558: .Ar arg
559: must be formatted as
560: .Sm off
561: .Pf / Ar type0 Ns = Ar value0 Ns / Ar type 1 Ns = Ar value 1 Ns /
562: .Ar type2 Ns = Ar ... ;
563: .Sm on
564: characters may be escaped by
565: .Sq \e
566: .Pq backslash ,
567: no spaces are skipped.
568: .It Fl utf8
569: Interpret field values read from a terminal or obtained from a
570: configuration file as UTF-8 strings.
571: By default, they are interpreted as ASCII.
1.1 jsing 572: .It Fl verbose
1.41 jmc 573: Print extra details about the operations being performed.
1.1 jsing 574: .El
1.35 jmc 575: .Pp
576: The options relevant to CRLs are as follows:
1.1 jsing 577: .Bl -tag -width "XXXX"
578: .It Fl crl_CA_compromise Ar time
579: This is the same as
580: .Fl crl_compromise ,
581: except the revocation reason is set to CACompromise.
582: .It Fl crl_compromise Ar time
1.41 jmc 583: Set the revocation reason to keyCompromise and the compromise time to
1.1 jsing 584: .Ar time .
585: .Ar time
586: should be in GeneralizedTime format, i.e. YYYYMMDDHHMMSSZ.
587: .It Fl crl_hold Ar instruction
1.41 jmc 588: Set the CRL revocation reason code to certificateHold and the hold
1.1 jsing 589: instruction to
590: .Ar instruction
591: which must be an OID.
592: Although any OID can be used, only holdInstructionNone
593: (the use of which is discouraged by RFC 2459), holdInstructionCallIssuer or
594: holdInstructionReject will normally be used.
595: .It Fl crl_reason Ar reason
596: Revocation reason, where
597: .Ar reason
598: is one of:
599: unspecified, keyCompromise, CACompromise, affiliationChanged, superseded,
600: cessationOfOperation, certificateHold or removeFromCRL.
601: The matching of
602: .Ar reason
603: is case insensitive.
604: Setting any revocation reason will make the CRL v2.
605: In practice, removeFromCRL is not particularly useful because it is only used
606: in delta CRLs which are not currently implemented.
1.103 inoguchi 607: .It Fl crldays Ar days
1.1 jsing 608: The number of days before the next CRL is due.
609: This is the days from now to place in the CRL
1.35 jmc 610: .Cm nextUpdate
1.1 jsing 611: field.
612: .It Fl crlexts Ar section
613: The
614: .Ar section
615: of the configuration file containing CRL extensions to include.
616: If no CRL extension section is present then a V1 CRL is created;
617: if the CRL extension section is present
1.81 jmc 618: (even if it is empty)
1.1 jsing 619: then a V2 CRL is created.
1.81 jmc 620: The CRL extensions specified are CRL extensions and not CRL entry extensions.
621: It should be noted that some software can't handle V2 CRLs.
1.91 schwarze 622: See the
623: .Xr x509v3.cnf 5
624: manual page for details of the extension section format.
1.103 inoguchi 625: .It Fl crlhours Ar hours
1.1 jsing 626: The number of hours before the next CRL is due.
1.103 inoguchi 627: .It Fl crlsec Ar seconds
628: The number of seconds before the next CRL is due.
1.1 jsing 629: .It Fl gencrl
1.41 jmc 630: Generate a CRL based on information in the index file.
1.1 jsing 631: .It Fl revoke Ar file
632: A
633: .Ar file
634: containing a certificate to revoke.
1.91 schwarze 635: .It Fl status Ar serial
636: Show the status of the certificate with serial number
637: .Ar serial .
638: .It Fl updatedb
639: Update the database index to purge expired certificates.
1.1 jsing 640: .El
641: .Pp
1.35 jmc 642: Many of the options can be set in the
643: .Cm ca
644: section of the configuration file
645: (or in the default section of the configuration file),
646: specified using
647: .Cm default_ca
648: or
649: .Fl name .
650: The options
651: .Cm preserve
652: and
653: .Cm msie_hack
654: are read directly from the
655: .Cm ca
656: section.
1.1 jsing 657: .Pp
658: Many of the configuration file options are identical to command line
659: options.
660: Where the option is present in the configuration file and the command line,
661: the command line value is used.
662: Where an option is described as mandatory, then it must be present in
663: the configuration file or the command line equivalent
664: .Pq if any
665: used.
666: .Bl -tag -width "XXXX"
1.35 jmc 667: .It Cm certificate
1.1 jsing 668: The same as
669: .Fl cert .
670: It gives the file containing the CA certificate.
671: Mandatory.
1.35 jmc 672: .It Cm copy_extensions
1.1 jsing 673: Determines how extensions in certificate requests should be handled.
674: If set to
1.35 jmc 675: .Cm none
1.1 jsing 676: or this option is not present, then extensions are
677: ignored and not copied to the certificate.
678: If set to
1.35 jmc 679: .Cm copy ,
1.1 jsing 680: then any extensions present in the request that are not already present
681: are copied to the certificate.
682: If set to
1.35 jmc 683: .Cm copyall ,
1.1 jsing 684: then all extensions in the request are copied to the certificate:
685: if the extension is already present in the certificate it is deleted first.
1.35 jmc 686: .Pp
687: The
688: .Cm copy_extensions
689: option should be used with caution.
690: If care is not taken, it can be a security risk.
691: For example, if a certificate request contains a
692: .Cm basicConstraints
693: extension with CA:TRUE and the
694: .Cm copy_extensions
695: value is set to
696: .Cm copyall
697: and the user does not spot
1.91 schwarze 698: this when the certificate is displayed, then this will hand the requester
1.35 jmc 699: a valid CA certificate.
700: .Pp
701: This situation can be avoided by setting
702: .Cm copy_extensions
703: to
704: .Cm copy
705: and including
706: .Cm basicConstraints
707: with CA:FALSE in the configuration file.
708: Then if the request contains a
709: .Cm basicConstraints
710: extension, it will be ignored.
1.1 jsing 711: .Pp
712: The main use of this option is to allow a certificate request to supply
713: values for certain extensions such as
1.35 jmc 714: .Cm subjectAltName .
715: .It Cm crl_extensions
1.1 jsing 716: The same as
717: .Fl crlexts .
1.35 jmc 718: .It Cm crlnumber
1.1 jsing 719: A text file containing the next CRL number to use in hex.
720: The CRL number will be inserted in the CRLs only if this file exists.
721: If this file is present, it must contain a valid CRL number.
1.35 jmc 722: .It Cm database
1.1 jsing 723: The text database file to use.
724: Mandatory.
725: This file must be present, though initially it will be empty.
1.35 jmc 726: .It Cm default_crl_hours , default_crl_days
1.1 jsing 727: The same as the
728: .Fl crlhours
729: and
730: .Fl crldays
731: options.
732: These will only be used if neither command line option is present.
733: At least one of these must be present to generate a CRL.
1.35 jmc 734: .It Cm default_days
1.1 jsing 735: The same as the
736: .Fl days
737: option.
738: The number of days to certify a certificate for.
1.35 jmc 739: .It Cm default_enddate
1.1 jsing 740: The same as the
741: .Fl enddate
742: option.
743: Either this option or
1.35 jmc 744: .Cm default_days
1.1 jsing 745: .Pq or the command line equivalents
746: must be present.
1.35 jmc 747: .It Cm default_md
1.1 jsing 748: The same as the
749: .Fl md
750: option.
751: The message digest to use.
752: Mandatory.
1.35 jmc 753: .It Cm default_startdate
1.1 jsing 754: The same as the
755: .Fl startdate
756: option.
757: The start date to certify a certificate for.
758: If not set, the current time is used.
1.35 jmc 759: .It Cm email_in_dn
1.1 jsing 760: The same as
761: .Fl noemailDN .
762: If the EMAIL field is to be removed from the DN of the certificate,
763: simply set this to
764: .Qq no .
765: If not present, the default is to allow for the EMAIL field in the
766: certificate's DN.
1.35 jmc 767: .It Cm msie_hack
1.1 jsing 768: The same as
769: .Fl msie_hack .
1.35 jmc 770: .It Cm name_opt , cert_opt
1.1 jsing 771: These options allow the format used to display the certificate details
772: when asking the user to confirm signing.
773: All the options supported by the
774: .Nm x509
775: utilities'
776: .Fl nameopt
777: and
778: .Fl certopt
779: switches can be used here, except that
1.35 jmc 780: .Cm no_signame
1.1 jsing 781: and
1.35 jmc 782: .Cm no_sigdump
1.1 jsing 783: are permanently set and cannot be disabled
784: (this is because the certificate signature cannot be displayed because
785: the certificate has not been signed at this point).
786: .Pp
787: For convenience, the value
1.35 jmc 788: .Cm ca_default
1.1 jsing 789: is accepted by both to produce a reasonable output.
790: .Pp
791: If neither option is present, the format used in earlier versions of
1.35 jmc 792: .Nm openssl
1.1 jsing 793: is used.
1.81 jmc 794: Use of the old format is strongly discouraged
795: because it only displays fields mentioned in the
1.35 jmc 796: .Cm policy
1.1 jsing 797: section,
798: mishandles multicharacter string types and does not display extensions.
1.35 jmc 799: .It Cm new_certs_dir
1.1 jsing 800: The same as the
801: .Fl outdir
802: command line option.
803: It specifies the directory where new certificates will be placed.
804: Mandatory.
1.35 jmc 805: .It Cm oid_file
1.1 jsing 806: This specifies a file containing additional object identifiers.
807: Each line of the file should consist of the numerical form of the
808: object identifier followed by whitespace, then the short name followed
809: by whitespace and finally the long name.
1.35 jmc 810: .It Cm oid_section
1.1 jsing 811: This specifies a section in the configuration file containing extra
812: object identifiers.
813: Each line should consist of the short name of the object identifier
814: followed by
815: .Sq =
816: and the numerical form.
817: The short and long names are the same when this option is used.
1.35 jmc 818: .It Cm policy
1.1 jsing 819: The same as
820: .Fl policy .
821: Mandatory.
1.35 jmc 822: .It Cm preserve
1.1 jsing 823: The same as
824: .Fl preserveDN .
1.35 jmc 825: .It Cm private_key
1.1 jsing 826: Same as the
827: .Fl keyfile
828: option.
829: The file containing the CA private key.
830: Mandatory.
1.35 jmc 831: .It Cm serial
1.1 jsing 832: A text file containing the next serial number to use in hex.
833: Mandatory.
834: This file must be present and contain a valid serial number.
1.35 jmc 835: .It Cm unique_subject
1.1 jsing 836: If the value
1.35 jmc 837: .Cm yes
1.1 jsing 838: is given, the valid certificate entries in the
839: database must have unique subjects.
840: If the value
1.35 jmc 841: .Cm no
1.1 jsing 842: is given,
843: several valid certificate entries may have the exact same subject.
844: The default value is
1.35 jmc 845: .Cm yes .
1.131 inoguchi 846: .Pp
847: Note that it is valid in some circumstances for certificates to be created
1.132 jmc 848: without any subject.
849: In cases where there are multiple certificates without
1.131 inoguchi 850: subjects this does not count as a duplicate.
1.35 jmc 851: .It Cm x509_extensions
1.1 jsing 852: The same as
853: .Fl extensions .
1.123 inoguchi 854: .El
855: .Tg certhash
856: .Sh CERTHASH
857: .Bl -hang -width "openssl certhash"
858: .It Nm openssl certhash
859: .Bk -words
860: .Op Fl nv
861: .Ar dir ...
862: .Ek
863: .El
864: .Pp
865: The
866: .Nm certhash
867: command calculates a hash value of
868: .Qq .pem
869: file in the specified directory list and creates symbolic links for each file,
870: where the name of the link is the hash value.
871: See the
872: .Xr SSL_CTX_load_verify_locations 3
873: manual page for how hash links are used.
874: .Pp
875: The links created are of the form
876: .Qq HHHHHHHH.D ,
877: where each
878: .Sq H
879: is a hexadecimal character and
880: .Sq D
881: is a single decimal digit.
882: The hashes for CRLs look similar, except the letter
883: .Sq r
884: appears after the period, like this:
885: .Qq HHHHHHHH.rD .
886: When processing a directory,
887: .Nm certhash
888: will first remove all links that have a name in that syntax and invalid
889: reference.
890: .Pp
891: Multiple objects may have the same hash; they will be indicated by
892: incrementing the
893: .Sq D
894: value.
895: Duplicates are found by comparing the full SHA256 fingerprint.
896: A warning will be displayed if a duplicate is found.
897: .Pp
898: A warning will also be displayed if there are files that cannot be parsed as
899: either a certificate or a CRL.
900: .Pp
901: The options are as follows:
902: .Bl -tag -width Ds
903: .It Fl n
904: Perform a dry-run, and do not make any changes.
905: .It Fl v
906: Print extra details about the processing.
907: .It Ar dir ...
908: Specify the directories to process.
1.1 jsing 909: .El
1.120 kn 910: .Tg ciphers
1.1 jsing 911: .Sh CIPHERS
912: .Nm openssl ciphers
913: .Op Fl hVv
1.93 schwarze 914: .Op Ar control
1.1 jsing 915: .Pp
916: The
917: .Nm ciphers
1.93 schwarze 918: command converts the
919: .Ar control
920: string from the format documented in
921: .Xr SSL_CTX_set_cipher_list 3
922: into an ordered SSL cipher suite preference list.
923: If no
924: .Ar control
925: string is specified, the
926: .Cm DEFAULT
927: list is printed.
1.1 jsing 928: .Pp
929: The options are as follows:
930: .Bl -tag -width Ds
931: .It Fl h , \&?
932: Print a brief usage message.
933: .It Fl V
1.36 jmc 934: Verbose.
1.92 schwarze 935: List ciphers with cipher suite code in hex format,
936: cipher name, and a complete description of protocol version,
937: key exchange, authentication, encryption, and mac algorithms.
1.36 jmc 938: .It Fl v
1.1 jsing 939: Like
1.36 jmc 940: .Fl V ,
941: but without cipher suite codes.
1.116 inoguchi 942: .El
1.120 kn 943: .Tg cms
1.116 inoguchi 944: .Sh CMS
945: .Bl -hang -width "openssl cms"
946: .It Nm openssl cms
947: .Bk -words
948: .Oo
949: .Fl aes128 | aes192 | aes256 | camellia128 |
950: .Fl camellia192 | camellia256 | des | des3 |
951: .Fl rc2-40 | rc2-64 | rc2-128
952: .Oc
953: .Op Fl CAfile Ar file
954: .Op Fl CApath Ar directory
955: .Op Fl binary
956: .Op Fl certfile Ar file
957: .Op Fl certsout Ar file
958: .Op Fl cmsout
959: .Op Fl compress
960: .Op Fl content Ar file
961: .Op Fl crlfeol
962: .Op Fl data_create
963: .Op Fl data_out
964: .Op Fl debug_decrypt
965: .Op Fl decrypt
966: .Op Fl digest_create
967: .Op Fl digest_verify
968: .Op Fl econtent_type Ar type
969: .Op Fl encrypt
970: .Op Fl EncryptedData_decrypt
971: .Op Fl EncryptedData_encrypt
972: .Op Fl from Ar addr
973: .Op Fl in Ar file
974: .Op Fl inform Cm der | pem | smime
975: .Op Fl inkey Ar file
976: .Op Fl keyform Cm der | pem
977: .Op Fl keyid
978: .Op Fl keyopt Ar nm:v
979: .Op Fl md Ar digest
980: .Op Fl no_attr_verify
981: .Op Fl no_content_verify
982: .Op Fl no_signer_cert_verify
983: .Op Fl noattr
984: .Op Fl nocerts
985: .Op Fl nodetach
986: .Op Fl nointern
987: .Op Fl nooldmime
988: .Op Fl noout
989: .Op Fl nosigs
990: .Op Fl nosmimecap
991: .Op Fl noverify
992: .Op Fl out Ar file
993: .Op Fl outform Cm der | pem | smime
994: .Op Fl passin Ar src
995: .Op Fl print
996: .Op Fl pwri_password Ar arg
997: .Op Fl rctform Cm der | pem | smime
998: .Op Fl receipt_request_all | receipt_request_first
999: .Op Fl receipt_request_from Ar addr
1000: .Op Fl receipt_request_print
1001: .Op Fl receipt_request_to Ar addr
1002: .Op Fl recip Ar file
1003: .Op Fl resign
1004: .Op Fl secretkey Ar key
1005: .Op Fl secretkeyid Ar id
1006: .Op Fl sign
1007: .Op Fl sign_receipt
1008: .Op Fl signer Ar file
1009: .Op Fl stream | indef | noindef
1010: .Op Fl subject Ar s
1011: .Op Fl text
1012: .Op Fl to Ar addr
1013: .Op Fl uncompress
1014: .Op Fl verify
1015: .Op Fl verify_receipt Ar file
1016: .Op Fl verify_retcode
1017: .Op Ar cert.pem ...
1018: .Ek
1019: .El
1020: .Pp
1021: The
1022: .Nm cms
1023: command handles S/MIME v3.1 mail.
1024: It can encrypt, decrypt, sign and verify, compress and uncompress S/MIME
1025: messages.
1026: .Pp
1027: The MIME message must be sent without any blank lines between the headers and
1028: the output.
1029: Some mail programs will automatically add a blank line.
1030: Piping the mail directly to sendmail is one way to achieve the correct format.
1031: .Pp
1032: The supplied message to be signed or encrypted must include the necessary MIME
1033: headers or many S/MIME clients won't display it properly (if at all).
1034: You can use the
1035: .Fl text
1036: option to automatically add plain text headers.
1037: .Pp
1038: A "signed and encrypted" message is one where a signed message is then
1039: encrypted.
1040: This can be produced by encrypting an already signed message.
1041: .Pp
1042: There are various operation options that set the type of operation to be
1043: performed.
1044: The meaning of the other options varies according to the operation type.
1045: .Bl -tag -width "XXXX"
1046: .It Fl encrypt
1047: Encrypt mail for the given recipient certificates.
1048: Input file is the message to be encrypted.
1049: The output file is the encrypted mail in MIME format.
1050: The actual CMS type is EnvelopedData.
1051: Note that no revocation check is done for the recipient cert, so if that
1052: key has been compromised, others may be able to decrypt the text.
1053: .It Fl decrypt
1054: Decrypt mail using the supplied certificate and private key.
1055: Expects an encrypted mail message in MIME format for the input file.
1056: The decrypted mail is written to the output file.
1057: .It Fl sign
1058: Sign mail using the supplied certificate and private key.
1059: Input file is the message to be signed.
1060: The signed message in MIME format is written to the output file.
1061: .It Fl verify
1062: Verify signed mail.
1063: Expects a signed mail message on input and outputs the signed data.
1064: Both clear text and opaque signing are supported.
1065: .It Fl cmsout
1066: Take an input message and write out a PEM encoded CMS structure.
1067: .It Fl resign
1068: Resign a message.
1069: Take an existing message and one or more new signers.
1070: This operation uses an existing message digest when adding a new signer.
1071: This means that attributes must be present in at least one existing
1072: signer using the same message digest or this operation will fail.
1073: .It Fl data_create
1074: Create a CMS Data type.
1075: .It Fl data_out
1076: Output a content from the input CMS Data type.
1077: .It Fl digest_create
1078: Create a CMS DigestedData type.
1079: .It Fl digest_verify
1080: Verify a CMS DigestedData type and output the content.
1081: .It Fl compress
1082: Create a CMS CompressedData type.
1083: Must be compiled with zlib support for this option to work.
1084: .It Fl uncompress
1085: Uncompress a CMS CompressedData type and output the content.
1086: Must be compiled with zlib support for this option to work.
1087: .It Fl EncryptedData_encrypt
1088: Encrypt a content using supplied symmetric key and algorithm using a
1089: CMS EncryptedData type.
1090: .It Fl EncryptedData_decrypt
1091: Decrypt a CMS EncryptedData type using supplied symmetric key.
1092: .It Fl sign_receipt
1093: Generate and output a signed receipt for the supplied message.
1094: The input message must contain a signed receipt request.
1095: Functionality is otherwise similar to the
1096: .Fl sign
1097: operation.
1098: .It Xo
1099: .Fl verify_receipt Ar file
1100: .Xc
1101: Verify a signed receipt in file.
1102: The input message must contain the original receipt request.
1103: Functionality is otherwise similar to the
1104: .Fl verify
1105: operation.
1106: .El
1107: .Pp
1108: The remaining options are as follows:
1109: .Bl -tag -width "XXXX"
1110: .It Xo
1111: .Fl aes128 | aes192 | aes256 | camellia128 |
1112: .Fl camellia192 | camellia256 | des | des3 |
1113: .Fl rc2-40 | rc2-64 | rc2-128
1114: .Xc
1115: The encryption algorithm to use.
1116: 128-, 192-, or 256-bit AES, 128-, 192-, or 256-bit CAMELLIA,
1117: DES (56 bits), triple DES (168 bits),
1118: or 40-, 64-, or 128-bit RC2, respectively;
1119: if not specified, triple DES is
1120: used.
1121: Only used with
1122: .Fl encrypt
1123: and
1124: .Fl EncryptedData_encrypt
1125: commands.
1126: .It Fl binary
1127: Normally the input message is converted to "canonical" format which is
1128: effectively using CR/LF as end of line, as required by the S/MIME specification.
1.127 jmc 1129: When this option is present, no translation occurs.
1.116 inoguchi 1130: This is useful when handling binary data which may not be in MIME format.
1131: .It Fl CAfile Ar file
1132: A file containing trusted CA certificates, used with
1133: .Fl verify
1134: and
1135: .Fl verify_receipt .
1136: .It Fl CApath Ar directory
1137: A directory containing trusted CA certificates, used with
1138: .Fl verify
1139: and
1140: .Fl verify_receipt .
1141: This directory must be a standard certificate directory: that is a hash
1142: of each subject name (using
1143: .Nm x509 Fl hash )
1144: should be linked to each certificate.
1.124 inoguchi 1145: .It Ar cert.pem ...
1.116 inoguchi 1146: One or more certificates of message recipients: used when encrypting a message.
1147: .It Fl certfile Ar file
1148: Allows additional certificates to be specified.
1149: When signing these will be included with the message.
1150: When verifying these will be searched for the signer's certificates.
1151: The certificates should be in PEM format.
1152: .It Fl certsout Ar file
1153: A file that any certificates contained in the message are written to.
1154: .It Xo
1155: .Fl check_ss_sig ,
1156: .Fl crl_check ,
1157: .Fl crl_check_all ,
1158: .Fl extended_crl ,
1159: .Fl ignore_critical ,
1160: .Fl issuer_checks ,
1161: .Fl policy ,
1162: .Fl policy_check ,
1163: .Fl purpose ,
1164: .Fl x509_strict
1165: .Xc
1166: Set various certificate chain validation options.
1167: See the
1168: .Nm verify
1169: command for details.
1170: .It Fl content Ar file
1171: A file containing the detached content.
1172: This is only useful with the
1173: .Fl verify
1174: command.
1175: This is only usable if the CMS structure is using the detached signature
1176: form where the content is not included.
1177: This option will override any content if the input format is S/MIME and
1178: it uses the multipart/signed MIME content type.
1179: .It Fl crlfeol
1180: Output a S/MIME message with CR/LF end of line.
1181: .It Fl debug_decrypt
1182: Set the CMS_DEBUG_DECRYPT flag when decrypting.
1183: This option should be used with caution, since this can be used to disable
1184: the MMA attack protection and return an error if no recipient can be found.
1185: See the
1186: .Xr CMS_decrypt 3
1187: manual page for details of the flag.
1188: .It Xo
1189: .Fl from Ar addr ,
1190: .Fl subject Ar s ,
1191: .Fl to Ar addr
1192: .Xc
1193: The relevant mail headers.
1194: These are included outside the signed portion of a message so they may
1195: be included manually.
1196: If signing then many S/MIME mail clients check the signer's certificate's
1197: email address matches that specified in the From: address.
1198: .It Fl econtent_type Ar type
1199: Set the encapsulated content type, used with
1200: .Fl sign .
1201: If not supplied the Data type is used.
1202: The type argument can be any valid OID name in either text or numerical format.
1203: .It Fl in Ar file
1204: The input message to be encrypted or signed or the message to be decrypted or
1205: verified.
1206: .It Fl inform Cm der | pem | smime
1207: The input format for the CMS structure.
1208: The default is
1209: .Cm smime ,
1210: which reads an S/MIME format message.
1211: .Cm pem
1212: and
1213: .Cm der
1214: format change this to expect PEM and DER format CMS structures instead.
1215: This currently only affects the input format of the CMS structure; if no
1216: CMS structure is being input (for example with
1217: .Fl encrypt
1218: or
1219: .Fl sign )
1220: this option has no effect.
1221: .It Fl inkey Ar file
1222: The private key to use when signing or decrypting.
1223: This must match the corresponding certificate.
1224: If this option is not specified then the private key must be included in
1225: the certificate file specified with the
1226: .Fl recip
1227: or
1228: .Fl signer
1229: file.
1230: When signing this option can be used multiple times to specify successive keys.
1231: .It Fl keyform Cm der | pem
1232: Input private key format.
1233: The default is
1234: .Cm pem .
1235: .It Fl keyid
1236: Use subject key identifier to identify certificates instead of issuer
1237: name and serial number.
1238: The supplied certificate must include a subject key identifier extension.
1239: Supported by
1240: .Fl sign
1241: and
1242: .Fl encrypt
1243: operations.
1244: .It Fl keyopt Ar nm:v
1245: Set customised parameters for the preceding key or certificate
1246: for encryption and signing.
1247: It can currently be used to set RSA-PSS for signing, RSA-OAEP for
1248: encryption or to modify default parameters for ECDH.
1249: This option can be used multiple times.
1250: .It Fl md Ar digest
1251: The digest algorithm to use when signing or resigning.
1252: If not present then the default digest algorithm for the signing key
1253: will be used (usually SHA1).
1254: .It Fl no_attr_verify
1255: Do not verify the signer's attribute of a signature.
1256: .It Fl no_content_verify
1257: Do not verify the content of a signed message.
1258: .It Fl no_signer_cert_verify
1259: Do not verify the signer's certificate of a signed message.
1260: .It Fl noattr
1261: Do not include attributes.
1262: Normally when a message is signed a set of attributes are included which
1263: include the signing time and supported symmetric algorithms.
1264: With this option they are not included.
1265: .It Fl nocerts
1266: Do not include the signer's certificate.
1267: This will reduce the size of the signed message but the verifier must
1268: have a copy of the signer's certificate available locally (passed using
1269: the
1270: .Fl certfile
1271: option for example).
1272: .It Fl nodetach
1273: When signing a message use opaque signing.
1274: This form is more resistant to translation by mail relays but it cannot be
1275: read by mail agents that do not support S/MIME.
1276: Without this option cleartext signing with the MIME type multipart/signed is
1277: used.
1278: .It Fl nointern
1279: Only the certificates specified in the
1280: .Fl certfile
1281: option are used.
1282: When verifying a message normally certificates (if any) included in the
1283: message are searched for the signing certificate.
1284: The supplied certificates can still be used as untrusted CAs however.
1285: .It Fl nooldmime
1286: Output an old S/MIME content type like "application/x-pkcs7-".
1287: .It Fl noout
1288: Do not output the parsed CMS structure for the
1289: .Fl cmsout
1290: operation.
1291: This is useful when combined with the
1292: .Fl print
1293: option or if the syntax of the CMS structure is being checked.
1294: .It Fl nosigs
1295: Do not try to verify the signatures on the message.
1296: .It Fl nosmimecap
1297: Exclude the list of supported algorithms from signed attributes; other
1298: options such as signing time and content type are still included.
1299: .It Fl noverify
1300: Do not verify the signer's certificate of a signed message.
1301: .It Fl out Ar file
1302: The message text that has been decrypted or verified or the output MIME
1303: format message that has been signed or verified.
1304: .It Fl outform Cm der | pem | smime
1305: This specifies the output format for the CMS structure.
1306: The default is
1307: .Cm smime ,
1308: which writes an S/MIME format message.
1309: .Cm pem
1310: and
1311: .Cm der
1312: format change this to write PEM and DER format CMS structures instead.
1313: This currently only affects the output format of the CMS structure; if
1314: no CMS structure is being output (for example with
1315: .Fl verify
1316: or
1317: .Fl decrypt )
1318: this option has no effect.
1319: .It Fl passin Ar src
1320: The private key password source.
1321: .It Fl print
1322: Print out all fields of the CMS structure for the
1323: .Fl cmsout
1324: operation.
1325: This is mainly useful for testing purposes.
1326: .It Fl pwri_password Ar arg
1327: Specify PasswordRecipientInfo (PWRI) password to use.
1328: Supported by the
1329: .Fl encrypt
1330: and
1331: .Fl decrypt
1332: operations.
1333: .It Fl rctform Cm der | pem | smime
1334: Specify the format for a signed receipt for use with the
1335: .Fl receipt_verify
1336: operation.
1337: The default is
1338: .Cm smime .
1339: .It Fl receipt_request_all | receipt_request_first
1340: Indicate requests should be provided by all recipient or first tier
1341: recipients (those mailed directly and not from a mailing list), for the
1342: .Fl sign
1343: operation to include a signed receipt request.
1344: Ignored if
1345: .Fl receipt_request_from
1346: is included.
1347: .It Fl receipt_request_from Ar addr
1348: Add an explicit email address where receipts should be supplied.
1349: .It Fl receipt_request_print
1350: Print out the contents of any signed receipt requests for the
1351: .Fl verify
1352: operation.
1353: .It Fl receipt_request_to Ar addr
1354: Add an explicit email address where signed receipts should be sent to.
1355: This option must be supplied if a signed receipt is requested.
1356: .It Fl recip Ar file
1357: When decrypting a message this specifies the recipient's certificate.
1358: The certificate must match one of the recipients of the message or an
1359: error occurs.
1360: When encrypting a message this option may be used multiple times to
1361: specify each recipient.
1362: This form must be used if customised parameters are required (for example to
1363: specify RSA-OAEP).
1364: Only certificates carrying RSA, Diffie-Hellman or EC keys are supported
1365: by this option.
1366: .It Fl secretkey Ar key
1367: Specify symmetric key to use.
1368: The key must be supplied in hex format and be consistent with the
1369: algorithm used.
1370: Supported by the
1371: .Fl EncryptedData_encrypt ,
1372: .Fl EncryptedData_decrypt ,
1373: .Fl encrypt
1374: and
1375: .Fl decrypt
1376: operations.
1377: When used with
1378: .Fl encrypt
1379: or
1380: .Fl decrypt
1381: the supplied key is used to wrap or unwrap the content encryption key
1382: using an AES key in the KEKRecipientInfo type.
1383: .It Fl secretkeyid Ar id
1384: The key identifier for the supplied symmetric key for KEKRecipientInfo type.
1385: This option must be present if the
1386: .Fl secretkey
1387: option is used with
1388: .Fl encrypt .
1389: With
1390: .Fl decrypt
1391: operations the id is used to locate the relevant key; if it is not supplied
1392: then an attempt is used to decrypt any KEKRecipientInfo structures.
1393: .It Fl signer Ar file
1394: A signing certificate when signing or resigning a message; this option
1395: can be used multiple times if more than one signer is required.
1396: If a message is being verified then the signers certificates will be
1397: written to this file if the verification was successful.
1398: .It Xo
1399: .Fl stream |
1400: .Fl indef |
1401: .Fl noindef
1402: .Xc
1403: The
1404: .Fl stream
1405: and
1406: .Fl indef
1407: options are equivalent and enable streaming I/O for encoding operations.
1408: This permits single pass processing of data without the need to hold the
1409: entire contents in memory, potentially supporting very large files.
1410: Streaming is automatically set for S/MIME signing with detached data if
1411: the output format is
1412: .Cm smime ;
1413: it is currently off by default for all other operations.
1414: .Fl noindef
1415: disable streaming I/O where it would produce an indefinite length
1416: constructed encoding.
1417: This option currently has no effect.
1418: .It Fl text
1419: Add plain text (text/plain) MIME headers to the supplied message if
1420: encrypting or signing.
1421: If decrypting or verifying it strips off text headers: if the decrypted
1422: or verified message is not of MIME type text/plain then an error occurs.
1423: .It Fl verify_retcode
1424: Set verification error code to exit code to indicate what verification error
1425: has occurred.
1426: Supported by
1427: .Fl verify
1428: operation only.
1429: Exit code value minus 32 shows verification error code.
1430: See
1431: .Nm verify
1432: command for the list of verification error code.
1433: .El
1434: .Pp
1435: The exit codes for
1436: .Nm cms
1437: are as follows:
1438: .Pp
1439: .Bl -tag -width "XXXX" -offset 3n -compact
1440: .It 0
1441: The operation was completely successful.
1442: .It 1
1443: An error occurred parsing the command options.
1444: .It 2
1445: One of the input files could not be read.
1446: .It 3
1447: An error occurred creating the CMS file or when reading the MIME message.
1448: .It 4
1449: An error occurred decrypting or verifying the message.
1450: .It 5
1451: The message was verified correctly but an error occurred writing out the
1452: signer's certificates.
1453: .It 6
1454: An error occurred writing the output file.
1455: .It 32+
1456: A verify error occurred while
1457: .Fl verify_retcode
1458: is specified.
1.1 jsing 1459: .El
1.120 kn 1460: .Tg crl
1.1 jsing 1461: .Sh CRL
1.114 jmc 1462: .Bl -hang -width "openssl crl"
1463: .It Nm openssl crl
1464: .Bk -words
1.1 jsing 1465: .Op Fl CAfile Ar file
1466: .Op Fl CApath Ar dir
1.104 inoguchi 1467: .Op Fl crlnumber
1.1 jsing 1468: .Op Fl fingerprint
1469: .Op Fl hash
1.104 inoguchi 1470: .Op Fl hash_old
1.1 jsing 1471: .Op Fl in Ar file
1.38 jmc 1472: .Op Fl inform Cm der | pem
1.1 jsing 1473: .Op Fl issuer
1474: .Op Fl lastupdate
1.104 inoguchi 1475: .Op Fl nameopt Ar option
1.1 jsing 1476: .Op Fl nextupdate
1477: .Op Fl noout
1478: .Op Fl out Ar file
1.38 jmc 1479: .Op Fl outform Cm der | pem
1.1 jsing 1480: .Op Fl text
1.104 inoguchi 1481: .Op Fl verify
1.114 jmc 1482: .Ek
1483: .El
1.1 jsing 1484: .Pp
1485: The
1486: .Nm crl
1487: command processes CRL files in DER or PEM format.
1.37 jmc 1488: .Pp
1.1 jsing 1489: The options are as follows:
1490: .Bl -tag -width Ds
1491: .It Fl CAfile Ar file
1492: Verify the signature on a CRL by looking up the issuing certificate in
1493: .Ar file .
1494: .It Fl CApath Ar directory
1495: Verify the signature on a CRL by looking up the issuing certificate in
1496: .Ar dir .
1497: This directory must be a standard certificate directory,
1498: i.e. a hash of each subject name (using
1499: .Cm x509 Fl hash )
1500: should be linked to each certificate.
1.104 inoguchi 1501: .It Fl crlnumber
1502: Print the CRL number.
1.1 jsing 1503: .It Fl fingerprint
1504: Print the CRL fingerprint.
1505: .It Fl hash
1506: Output a hash of the issuer name.
1507: This can be used to look up CRLs in a directory by issuer name.
1.104 inoguchi 1508: .It Fl hash_old
1509: Output an old-style (MD5) hash of the issuer name.
1.1 jsing 1510: .It Fl in Ar file
1.37 jmc 1511: The input file to read from, or standard input if not specified.
1.38 jmc 1512: .It Fl inform Cm der | pem
1.37 jmc 1513: The input format.
1.1 jsing 1514: .It Fl issuer
1515: Output the issuer name.
1516: .It Fl lastupdate
1517: Output the
1.37 jmc 1518: .Cm lastUpdate
1.1 jsing 1519: field.
1.104 inoguchi 1520: .It Fl nameopt Ar option
1521: Specify certificate name options.
1.1 jsing 1522: .It Fl nextupdate
1523: Output the
1.37 jmc 1524: .Cm nextUpdate
1.1 jsing 1525: field.
1526: .It Fl noout
1.46 jmc 1527: Do not output the encoded version of the CRL.
1.1 jsing 1528: .It Fl out Ar file
1.37 jmc 1529: The output file to write to, or standard output if not specified.
1.38 jmc 1530: .It Fl outform Cm der | pem
1.37 jmc 1531: The output format.
1.1 jsing 1532: .It Fl text
1.64 jmc 1533: Print the CRL in plain text.
1.104 inoguchi 1534: .It Fl verify
1535: Verify the signature on the CRL.
1.1 jsing 1536: .El
1.120 kn 1537: .Tg crl2pkcs7
1.1 jsing 1538: .Sh CRL2PKCS7
1.114 jmc 1539: .Bl -hang -width "openssl crl2pkcs7"
1540: .It Nm openssl crl2pkcs7
1541: .Bk -words
1.1 jsing 1542: .Op Fl certfile Ar file
1543: .Op Fl in Ar file
1.40 jmc 1544: .Op Fl inform Cm der | pem
1.1 jsing 1545: .Op Fl nocrl
1546: .Op Fl out Ar file
1.40 jmc 1547: .Op Fl outform Cm der | pem
1.114 jmc 1548: .Ek
1549: .El
1.1 jsing 1550: .Pp
1551: The
1552: .Nm crl2pkcs7
1553: command takes an optional CRL and one or more
1554: certificates and converts them into a PKCS#7 degenerate
1555: .Qq certificates only
1556: structure.
1557: .Pp
1558: The options are as follows:
1559: .Bl -tag -width Ds
1560: .It Fl certfile Ar file
1.40 jmc 1561: Add the certificates in PEM
1.1 jsing 1562: .Ar file
1.40 jmc 1563: to the PKCS#7 structure.
1564: This option can be used more than once
1565: to read certificates from multiple files.
1.1 jsing 1566: .It Fl in Ar file
1.40 jmc 1567: Read the CRL from
1568: .Ar file ,
1569: or standard input if not specified.
1570: .It Fl inform Cm der | pem
1.64 jmc 1571: The input format.
1.1 jsing 1572: .It Fl nocrl
1573: Normally, a CRL is included in the output file.
1574: With this option, no CRL is
1575: included in the output file and a CRL is not read from the input file.
1576: .It Fl out Ar file
1.40 jmc 1577: Write the PKCS#7 structure to
1578: .Ar file ,
1579: or standard output if not specified.
1580: .It Fl outform Cm der | pem
1.64 jmc 1581: The output format.
1.1 jsing 1582: .El
1.120 kn 1583: .Tg dgst
1.1 jsing 1584: .Sh DGST
1.114 jmc 1585: .Bl -hang -width "openssl dgst"
1586: .It Nm openssl dgst
1587: .Bk -words
1.105 inoguchi 1588: .Op Fl cdr
1.1 jsing 1589: .Op Fl binary
1.43 jmc 1590: .Op Fl Ar digest
1.1 jsing 1591: .Op Fl hex
1592: .Op Fl hmac Ar key
1.43 jmc 1593: .Op Fl keyform Cm pem
1.1 jsing 1594: .Op Fl mac Ar algorithm
1595: .Op Fl macopt Ar nm : Ns Ar v
1596: .Op Fl out Ar file
1597: .Op Fl passin Ar arg
1598: .Op Fl prverify Ar file
1599: .Op Fl sign Ar file
1600: .Op Fl signature Ar file
1601: .Op Fl sigopt Ar nm : Ns Ar v
1602: .Op Fl verify Ar file
1603: .Op Ar
1.114 jmc 1604: .Ek
1605: .El
1.1 jsing 1606: .Pp
1607: The digest functions output the message digest of a supplied
1608: .Ar file
1609: or
1610: .Ar files
1611: in hexadecimal form.
1612: They can also be used for digital signing and verification.
1613: .Pp
1614: The options are as follows:
1615: .Bl -tag -width Ds
1616: .It Fl binary
1617: Output the digest or signature in binary form.
1618: .It Fl c
1.48 jmc 1619: Print the digest in two-digit groups separated by colons.
1.1 jsing 1620: .It Fl d
1.48 jmc 1621: Print BIO debugging information.
1.43 jmc 1622: .It Fl Ar digest
1623: Use the specified message
1624: .Ar digest .
1.98 naddy 1625: The default is SHA256.
1.43 jmc 1626: The available digests can be displayed using
1627: .Nm openssl
1628: .Cm list-message-digest-commands .
1629: The following are equivalent:
1630: .Nm openssl dgst
1.98 naddy 1631: .Fl sha256
1.43 jmc 1632: and
1633: .Nm openssl
1.98 naddy 1634: .Cm sha256 .
1.1 jsing 1635: .It Fl hex
1636: Digest is to be output as a hex dump.
1637: This is the default case for a
1638: .Qq normal
1639: digest as opposed to a digital signature.
1640: .It Fl hmac Ar key
1641: Create a hashed MAC using
1642: .Ar key .
1.43 jmc 1643: .It Fl keyform Cm pem
1.1 jsing 1644: Specifies the key format to sign the digest with.
1645: .It Fl mac Ar algorithm
1646: Create a keyed Message Authentication Code (MAC).
1647: The most popular MAC algorithm is HMAC (hash-based MAC),
1648: but there are other MAC algorithms which are not based on hash.
1649: MAC keys and other options should be set via the
1650: .Fl macopt
1651: parameter.
1652: .It Fl macopt Ar nm : Ns Ar v
1653: Passes options to the MAC algorithm, specified by
1654: .Fl mac .
1655: The following options are supported by HMAC:
1656: .Bl -tag -width Ds
1.43 jmc 1657: .It Cm key : Ns Ar string
1.1 jsing 1658: Specifies the MAC key as an alphanumeric string
1659: (use if the key contain printable characters only).
1660: String length must conform to any restrictions of the MAC algorithm.
1.43 jmc 1661: .It Cm hexkey : Ns Ar string
1.1 jsing 1662: Specifies the MAC key in hexadecimal form (two hex digits per byte).
1663: Key length must conform to any restrictions of the MAC algorithm.
1664: .El
1665: .It Fl out Ar file
1.43 jmc 1666: The output file to write to,
1667: or standard output if not specified.
1.1 jsing 1668: .It Fl passin Ar arg
1669: The key password source.
1670: .It Fl prverify Ar file
1671: Verify the signature using the private key in
1672: .Ar file .
1673: The output is either
1674: .Qq Verification OK
1675: or
1676: .Qq Verification Failure .
1.105 inoguchi 1677: .It Fl r
1678: Print the digest in coreutils format.
1.1 jsing 1679: .It Fl sign Ar file
1680: Digitally sign the digest using the private key in
1681: .Ar file .
1682: .It Fl signature Ar file
1683: The actual signature to verify.
1684: .It Fl sigopt Ar nm : Ns Ar v
1685: Pass options to the signature algorithm during sign or verify operations.
1686: The names and values of these options are algorithm-specific.
1687: .It Fl verify Ar file
1688: Verify the signature using the public key in
1689: .Ar file .
1690: The output is either
1691: .Qq Verification OK
1692: or
1693: .Qq Verification Failure .
1694: .It Ar
1695: File or files to digest.
1696: If no files are specified then standard input is used.
1697: .El
1.120 kn 1698: .Tg dhparam
1.1 jsing 1699: .Sh DHPARAM
1.114 jmc 1700: .Bl -hang -width "openssl dhparam"
1701: .It Nm openssl dhparam
1702: .Bk -words
1.1 jsing 1703: .Op Fl 2 | 5
1704: .Op Fl C
1705: .Op Fl check
1706: .Op Fl dsaparam
1707: .Op Fl in Ar file
1.44 jmc 1708: .Op Fl inform Cm der | pem
1.1 jsing 1709: .Op Fl noout
1710: .Op Fl out Ar file
1.44 jmc 1711: .Op Fl outform Cm der | pem
1.1 jsing 1712: .Op Fl text
1713: .Op Ar numbits
1.114 jmc 1714: .Ek
1715: .El
1.1 jsing 1716: .Pp
1717: The
1718: .Nm dhparam
1719: command is used to manipulate DH parameter files.
1.44 jmc 1720: Only the older PKCS#3 DH is supported,
1721: not the newer X9.42 DH.
1.1 jsing 1722: .Pp
1723: The options are as follows:
1724: .Bl -tag -width Ds
1725: .It Fl 2 , 5
1.44 jmc 1726: The generator to use;
1.1 jsing 1727: 2 is the default.
1728: If present, the input file is ignored and parameters are generated instead.
1729: .It Fl C
1.44 jmc 1730: Convert the parameters into C code.
1.1 jsing 1731: The parameters can then be loaded by calling the
1.44 jmc 1732: .No get_dh Ns Ar numbits
1.1 jsing 1733: function.
1734: .It Fl check
1735: Check the DH parameters.
1736: .It Fl dsaparam
1.44 jmc 1737: Read or create DSA parameters,
1738: converted to DH format on output.
1.1 jsing 1739: Otherwise,
1740: .Qq strong
1741: primes
1742: .Pq such that (p-1)/2 is also prime
1743: will be used for DH parameter generation.
1744: .Pp
1745: DH parameter generation with the
1746: .Fl dsaparam
1747: option is much faster,
1748: and the recommended exponent length is shorter,
1749: which makes DH key exchange more efficient.
1750: Beware that with such DSA-style DH parameters,
1751: a fresh DH key should be created for each use to
1752: avoid small-subgroup attacks that may be possible otherwise.
1753: .It Fl in Ar file
1.44 jmc 1754: The input file to read from,
1755: or standard input if not specified.
1756: .It Fl inform Cm der | pem
1757: The input format.
1.1 jsing 1758: .It Fl noout
1.46 jmc 1759: Do not output the encoded version of the parameters.
1.44 jmc 1760: .It Fl out Ar file
1761: The output file to write to,
1762: or standard output if not specified.
1763: .It Fl outform Cm der | pem
1764: The output format.
1765: .It Fl text
1.64 jmc 1766: Print the DH parameters in plain text.
1.1 jsing 1767: .It Ar numbits
1.44 jmc 1768: Generate a parameter set of size
1.1 jsing 1769: .Ar numbits .
1770: It must be the last option.
1.16 sthen 1771: If not present, a value of 2048 is used.
1.1 jsing 1772: If this value is present, the input file is ignored and
1773: parameters are generated instead.
1774: .El
1.120 kn 1775: .Tg dsa
1.1 jsing 1776: .Sh DSA
1.114 jmc 1777: .Bl -hang -width "openssl dsa"
1778: .It Nm openssl dsa
1779: .Bk -words
1.1 jsing 1780: .Oo
1781: .Fl aes128 | aes192 | aes256 |
1782: .Fl des | des3
1783: .Oc
1784: .Op Fl in Ar file
1.108 inoguchi 1785: .Op Fl inform Cm der | pem | pvk
1.1 jsing 1786: .Op Fl modulus
1787: .Op Fl noout
1788: .Op Fl out Ar file
1.108 inoguchi 1789: .Op Fl outform Cm der | pem | pvk
1.1 jsing 1790: .Op Fl passin Ar arg
1791: .Op Fl passout Ar arg
1792: .Op Fl pubin
1793: .Op Fl pubout
1.108 inoguchi 1794: .Op Fl pvk-none | pvk-strong | pvk-weak
1.1 jsing 1795: .Op Fl text
1.114 jmc 1796: .Ek
1797: .El
1.1 jsing 1798: .Pp
1799: The
1800: .Nm dsa
1801: command processes DSA keys.
1802: They can be converted between various forms and their components printed out.
1803: .Pp
1804: .Sy Note :
1805: This command uses the traditional
1806: .Nm SSLeay
1807: compatible format for private key encryption:
1808: newer applications should use the more secure PKCS#8 format using the
1809: .Nm pkcs8
1810: command.
1811: .Pp
1812: The options are as follows:
1813: .Bl -tag -width Ds
1814: .It Xo
1815: .Fl aes128 | aes192 | aes256 |
1816: .Fl des | des3
1817: .Xc
1.45 jmc 1818: Encrypt the private key with the AES, DES, or the triple DES
1.1 jsing 1819: ciphers, respectively, before outputting it.
1820: A pass phrase is prompted for.
1.45 jmc 1821: If none of these options are specified, the key is written in plain text.
1.1 jsing 1822: This means that using the
1823: .Nm dsa
1.45 jmc 1824: utility to read an encrypted key with no encryption option can be used to
1.1 jsing 1825: remove the pass phrase from a key,
1.45 jmc 1826: or by setting the encryption options it can be used to add or change
1.1 jsing 1827: the pass phrase.
1828: These options can only be used with PEM format output files.
1829: .It Fl in Ar file
1.45 jmc 1830: The input file to read from,
1831: or standard input if not specified.
1.1 jsing 1832: If the key is encrypted, a pass phrase will be prompted for.
1.108 inoguchi 1833: .It Fl inform Cm der | pem | pvk
1.45 jmc 1834: The input format.
1.1 jsing 1835: .It Fl modulus
1.45 jmc 1836: Print the value of the public key component of the key.
1.1 jsing 1837: .It Fl noout
1.46 jmc 1838: Do not output the encoded version of the key.
1.1 jsing 1839: .It Fl out Ar file
1.45 jmc 1840: The output file to write to,
1841: or standard output if not specified.
1.1 jsing 1842: If any encryption options are set then a pass phrase will be
1843: prompted for.
1.108 inoguchi 1844: .It Fl outform Cm der | pem | pvk
1.45 jmc 1845: The output format.
1.1 jsing 1846: .It Fl passin Ar arg
1847: The key password source.
1848: .It Fl passout Ar arg
1849: The output file password source.
1850: .It Fl pubin
1.60 jmc 1851: Read in a public key, not a private key.
1.1 jsing 1852: .It Fl pubout
1.60 jmc 1853: Output a public key, not a private key.
1854: Automatically set if the input is a public key.
1.108 inoguchi 1855: .It Xo
1856: .Fl pvk-none | pvk-strong | pvk-weak
1857: .Xc
1858: Enable or disable PVK encoding.
1859: The default is
1860: .Fl pvk-strong .
1.1 jsing 1861: .It Fl text
1.64 jmc 1862: Print the public/private key in plain text.
1.1 jsing 1863: .El
1.120 kn 1864: .Tg dsaparam
1.1 jsing 1865: .Sh DSAPARAM
1.114 jmc 1866: .Bl -hang -width "openssl dsaparam"
1867: .It Nm openssl dsaparam
1868: .Bk -words
1.1 jsing 1869: .Op Fl C
1870: .Op Fl genkey
1871: .Op Fl in Ar file
1.46 jmc 1872: .Op Fl inform Cm der | pem
1.1 jsing 1873: .Op Fl noout
1874: .Op Fl out Ar file
1.46 jmc 1875: .Op Fl outform Cm der | pem
1.1 jsing 1876: .Op Fl text
1877: .Op Ar numbits
1.114 jmc 1878: .Ek
1879: .El
1.1 jsing 1880: .Pp
1881: The
1882: .Nm dsaparam
1883: command is used to manipulate or generate DSA parameter files.
1884: .Pp
1885: The options are as follows:
1886: .Bl -tag -width Ds
1887: .It Fl C
1.46 jmc 1888: Convert the parameters into C code.
1.1 jsing 1889: The parameters can then be loaded by calling the
1.46 jmc 1890: .No get_dsa Ns Ar XXX
1.1 jsing 1891: function.
1892: .It Fl genkey
1.46 jmc 1893: Generate a DSA key either using the specified or generated
1.1 jsing 1894: parameters.
1895: .It Fl in Ar file
1.46 jmc 1896: The input file to read from,
1897: or standard input if not specified.
1.1 jsing 1898: If the
1899: .Ar numbits
1.46 jmc 1900: parameter is included, then this option is ignored.
1901: .It Fl inform Cm der | pem
1902: The input format.
1.1 jsing 1903: .It Fl noout
1.46 jmc 1904: Do not output the encoded version of the parameters.
1905: .It Fl out Ar file
1906: The output file to write to,
1907: or standard output if not specified.
1908: .It Fl outform Cm der | pem
1909: The output format.
1910: .It Fl text
1.64 jmc 1911: Print the DSA parameters in plain text.
1.1 jsing 1912: .It Ar numbits
1.46 jmc 1913: Generate a parameter set of size
1.1 jsing 1914: .Ar numbits .
1.46 jmc 1915: If this option is included, the input file is ignored.
1.1 jsing 1916: .El
1.120 kn 1917: .Tg ec
1.1 jsing 1918: .Sh EC
1.114 jmc 1919: .Bl -hang -width "openssl ec"
1920: .It Nm openssl ec
1921: .Bk -words
1.1 jsing 1922: .Op Fl conv_form Ar arg
1923: .Op Fl des
1924: .Op Fl des3
1925: .Op Fl in Ar file
1.47 jmc 1926: .Op Fl inform Cm der | pem
1.1 jsing 1927: .Op Fl noout
1928: .Op Fl out Ar file
1.47 jmc 1929: .Op Fl outform Cm der | pem
1.1 jsing 1930: .Op Fl param_enc Ar arg
1931: .Op Fl param_out
1932: .Op Fl passin Ar arg
1933: .Op Fl passout Ar arg
1934: .Op Fl pubin
1935: .Op Fl pubout
1936: .Op Fl text
1.114 jmc 1937: .Ek
1938: .El
1.1 jsing 1939: .Pp
1940: The
1941: .Nm ec
1942: command processes EC keys.
1943: They can be converted between various
1944: forms and their components printed out.
1.47 jmc 1945: .Nm openssl
1.1 jsing 1946: uses the private key format specified in
1947: .Dq SEC 1: Elliptic Curve Cryptography
1.136 ! jsg 1948: .Pq Lk https://www.secg.org/ .
1.1 jsing 1949: To convert an
1950: EC private key into the PKCS#8 private key format use the
1951: .Nm pkcs8
1952: command.
1953: .Pp
1954: The options are as follows:
1955: .Bl -tag -width Ds
1956: .It Fl conv_form Ar arg
1.47 jmc 1957: Specify how the points on the elliptic curve are converted
1.1 jsing 1958: into octet strings.
1959: Possible values are:
1.95 tb 1960: .Cm compressed ,
1961: .Cm uncompressed
1.47 jmc 1962: (the default),
1.1 jsing 1963: and
1964: .Cm hybrid .
1965: For more information regarding
1.47 jmc 1966: the point conversion forms see the X9.62 standard.
1.1 jsing 1967: Note:
1968: Due to patent issues the
1969: .Cm compressed
1970: option is disabled by default for binary curves
1971: and can be enabled by defining the preprocessor macro
1.47 jmc 1972: .Dv OPENSSL_EC_BIN_PT_COMP
1.1 jsing 1973: at compile time.
1974: .It Fl des | des3
1.47 jmc 1975: Encrypt the private key with DES, triple DES, or
1.1 jsing 1976: any other cipher supported by
1.47 jmc 1977: .Nm openssl .
1.1 jsing 1978: A pass phrase is prompted for.
1.127 jmc 1979: If none of these options are specified, the key is written in plain text.
1.1 jsing 1980: This means that using the
1981: .Nm ec
1982: utility to read in an encrypted key with no
1983: encryption option can be used to remove the pass phrase from a key,
1984: or by setting the encryption options
1.83 naddy 1985: it can be used to add or change the pass phrase.
1.1 jsing 1986: These options can only be used with PEM format output files.
1987: .It Fl in Ar file
1.47 jmc 1988: The input file to read a key from,
1989: or standard input if not specified.
1.127 jmc 1990: If the key is encrypted, a pass phrase will be prompted for.
1.47 jmc 1991: .It Fl inform Cm der | pem
1992: The input format.
1.1 jsing 1993: .It Fl noout
1.47 jmc 1994: Do not output the encoded version of the key.
1.1 jsing 1995: .It Fl out Ar file
1.47 jmc 1996: The output filename to write to,
1997: or standard output if not specified.
1.1 jsing 1998: If any encryption options are set then a pass phrase will be prompted for.
1.47 jmc 1999: .It Fl outform Cm der | pem
2000: The output format.
1.1 jsing 2001: .It Fl param_enc Ar arg
1.47 jmc 2002: Specify how the elliptic curve parameters are encoded.
1.1 jsing 2003: Possible value are:
2004: .Cm named_curve ,
2005: i.e. the EC parameters are specified by an OID; or
2006: .Cm explicit ,
2007: where the EC parameters are explicitly given
2008: (see RFC 3279 for the definition of the EC parameter structures).
2009: The default value is
2010: .Cm named_curve .
2011: Note: the
2012: .Cm implicitlyCA
2013: alternative,
2014: as specified in RFC 3279,
1.47 jmc 2015: is currently not implemented.
1.106 inoguchi 2016: .It Fl param_out
2017: Print the elliptic curve parameters.
1.1 jsing 2018: .It Fl passin Ar arg
2019: The key password source.
2020: .It Fl passout Ar arg
2021: The output file password source.
2022: .It Fl pubin
1.60 jmc 2023: Read in a public key, not a private key.
1.1 jsing 2024: .It Fl pubout
1.60 jmc 2025: Output a public key, not a private key.
2026: Automatically set if the input is a public key.
1.1 jsing 2027: .It Fl text
1.64 jmc 2028: Print the public/private key in plain text.
1.1 jsing 2029: .El
1.120 kn 2030: .Tg ecparam
1.1 jsing 2031: .Sh ECPARAM
1.114 jmc 2032: .Bl -hang -width "openssl ecparam"
2033: .It Nm openssl ecparam
2034: .Bk -words
1.1 jsing 2035: .Op Fl C
2036: .Op Fl check
2037: .Op Fl conv_form Ar arg
2038: .Op Fl genkey
2039: .Op Fl in Ar file
1.48 jmc 2040: .Op Fl inform Cm der | pem
1.1 jsing 2041: .Op Fl list_curves
2042: .Op Fl name Ar arg
2043: .Op Fl no_seed
2044: .Op Fl noout
2045: .Op Fl out Ar file
1.48 jmc 2046: .Op Fl outform Cm der | pem
1.1 jsing 2047: .Op Fl param_enc Ar arg
2048: .Op Fl text
1.114 jmc 2049: .Ek
2050: .El
1.1 jsing 2051: .Pp
1.48 jmc 2052: The
2053: .Nm ecparam
2054: command is used to manipulate or generate EC parameter files.
2055: .Nm openssl
2056: is not able to generate new groups so
2057: .Nm ecparam
2058: can only create EC parameters from known (named) curves.
2059: .Pp
1.1 jsing 2060: The options are as follows:
2061: .Bl -tag -width Ds
2062: .It Fl C
2063: Convert the EC parameters into C code.
2064: The parameters can then be loaded by calling the
1.48 jmc 2065: .No get_ec_group_ Ns Ar XXX
1.1 jsing 2066: function.
2067: .It Fl check
2068: Validate the elliptic curve parameters.
2069: .It Fl conv_form Ar arg
2070: Specify how the points on the elliptic curve are converted
2071: into octet strings.
2072: Possible values are:
1.95 tb 2073: .Cm compressed ,
2074: .Cm uncompressed
1.48 jmc 2075: (the default),
1.1 jsing 2076: and
2077: .Cm hybrid .
2078: For more information regarding
1.48 jmc 2079: the point conversion forms see the X9.62 standard.
1.1 jsing 2080: Note:
2081: Due to patent issues the
2082: .Cm compressed
2083: option is disabled by default for binary curves
2084: and can be enabled by defining the preprocessor macro
1.48 jmc 2085: .Dv OPENSSL_EC_BIN_PT_COMP
1.1 jsing 2086: at compile time.
2087: .It Fl genkey
2088: Generate an EC private key using the specified parameters.
2089: .It Fl in Ar file
1.48 jmc 2090: The input file to read from,
2091: or standard input if not specified.
2092: .It Fl inform Cm der | pem
2093: The input format.
1.1 jsing 2094: .It Fl list_curves
1.48 jmc 2095: Print a list of all
1.1 jsing 2096: currently implemented EC parameter names and exit.
2097: .It Fl name Ar arg
1.48 jmc 2098: Use the EC parameters with the specified "short" name.
1.1 jsing 2099: .It Fl no_seed
1.48 jmc 2100: Do not include the seed for the parameter generation
2101: in the ECParameters structure (see RFC 3279).
1.1 jsing 2102: .It Fl noout
1.48 jmc 2103: Do not output the encoded version of the parameters.
1.1 jsing 2104: .It Fl out Ar file
1.48 jmc 2105: The output file to write to,
2106: or standard output if not specified.
2107: .It Fl outform Cm der | pem
2108: The output format.
1.1 jsing 2109: .It Fl param_enc Ar arg
1.48 jmc 2110: Specify how the elliptic curve parameters are encoded.
1.1 jsing 2111: Possible value are:
2112: .Cm named_curve ,
2113: i.e. the EC parameters are specified by an OID, or
2114: .Cm explicit ,
2115: where the EC parameters are explicitly given
2116: (see RFC 3279 for the definition of the EC parameter structures).
2117: The default value is
2118: .Cm named_curve .
2119: Note: the
2120: .Cm implicitlyCA
2121: alternative, as specified in RFC 3279,
1.48 jmc 2122: is currently not implemented.
1.1 jsing 2123: .It Fl text
1.64 jmc 2124: Print the EC parameters in plain text.
1.1 jsing 2125: .El
1.120 kn 2126: .Tg enc
1.1 jsing 2127: .Sh ENC
1.114 jmc 2128: .Bl -hang -width "openssl enc"
2129: .It Nm openssl enc
2130: .Bk -words
1.1 jsing 2131: .Fl ciphername
1.106 inoguchi 2132: .Op Fl AadePpv
1.1 jsing 2133: .Op Fl base64
2134: .Op Fl bufsize Ar number
2135: .Op Fl debug
2136: .Op Fl in Ar file
1.97 jmc 2137: .Op Fl iter Ar iterations
1.1 jsing 2138: .Op Fl iv Ar IV
2139: .Op Fl K Ar key
2140: .Op Fl k Ar password
2141: .Op Fl kfile Ar file
2142: .Op Fl md Ar digest
2143: .Op Fl none
2144: .Op Fl nopad
2145: .Op Fl nosalt
2146: .Op Fl out Ar file
2147: .Op Fl pass Ar arg
1.96 beck 2148: .Op Fl pbkdf2
1.1 jsing 2149: .Op Fl S Ar salt
2150: .Op Fl salt
1.114 jmc 2151: .Ek
2152: .El
1.1 jsing 2153: .Pp
2154: The symmetric cipher commands allow data to be encrypted or decrypted
2155: using various block and stream ciphers using keys based on passwords
2156: or explicitly provided.
2157: Base64 encoding or decoding can also be performed either by itself
2158: or in addition to the encryption or decryption.
1.49 jmc 2159: The program can be called either as
2160: .Nm openssl Ar ciphername
2161: or
2162: .Nm openssl enc - Ns Ar ciphername .
2163: .Pp
2164: Some of the ciphers do not have large keys and others have security
2165: implications if not used correctly.
2166: All the block ciphers normally use PKCS#5 padding,
2167: also known as standard block padding.
2168: If padding is disabled, the input data must be a multiple of the cipher
2169: block length.
1.1 jsing 2170: .Pp
2171: The options are as follows:
2172: .Bl -tag -width Ds
2173: .It Fl A
2174: If the
2175: .Fl a
2176: option is set, then base64 process the data on one line.
2177: .It Fl a , base64
2178: Base64 process the data.
2179: This means that if encryption is taking place, the data is base64-encoded
2180: after encryption.
1.49 jmc 2181: If decryption is set, the input data is base64-decoded before
1.1 jsing 2182: being decrypted.
2183: .It Fl bufsize Ar number
2184: Set the buffer size for I/O.
2185: .It Fl d
2186: Decrypt the input data.
2187: .It Fl debug
2188: Debug the BIOs used for I/O.
2189: .It Fl e
1.49 jmc 2190: Encrypt the input data.
2191: This is the default.
1.1 jsing 2192: .It Fl in Ar file
1.49 jmc 2193: The input file to read from,
1.57 jmc 2194: or standard input if not specified.
1.97 jmc 2195: .It Fl iter Ar iterations
2196: Use the pbkdf2 key derivation function, with
2197: .Ar iterations
2198: as the number of iterations.
1.1 jsing 2199: .It Fl iv Ar IV
2200: The actual
2201: .Ar IV
2202: .Pq initialisation vector
2203: to use:
2204: this must be represented as a string comprised only of hex digits.
2205: When only the
2206: .Ar key
2207: is specified using the
2208: .Fl K
1.49 jmc 2209: option,
2210: the IV must explicitly be defined.
1.1 jsing 2211: When a password is being specified using one of the other options,
1.49 jmc 2212: the IV is generated from this password.
1.1 jsing 2213: .It Fl K Ar key
2214: The actual
2215: .Ar key
2216: to use:
2217: this must be represented as a string comprised only of hex digits.
1.49 jmc 2218: If only the key is specified,
2219: the IV must also be specified using the
1.1 jsing 2220: .Fl iv
2221: option.
2222: When both a
2223: .Ar key
2224: and a
2225: .Ar password
2226: are specified, the
2227: .Ar key
2228: given with the
2229: .Fl K
1.49 jmc 2230: option will be used and the IV generated from the password will be taken.
1.1 jsing 2231: It probably does not make much sense to specify both
2232: .Ar key
2233: and
2234: .Ar password .
2235: .It Fl k Ar password
2236: The
2237: .Ar password
2238: to derive the key from.
2239: Superseded by the
2240: .Fl pass
2241: option.
2242: .It Fl kfile Ar file
2243: Read the password to derive the key from the first line of
2244: .Ar file .
2245: Superseded by the
2246: .Fl pass
2247: option.
2248: .It Fl md Ar digest
2249: Use
2250: .Ar digest
2251: to create a key from a pass phrase.
1.118 sthen 2252: Currently, the default value is
1.117 tb 2253: .Cm sha256 .
1.1 jsing 2254: .It Fl none
2255: Use NULL cipher (no encryption or decryption of input).
2256: .It Fl nopad
2257: Disable standard block padding.
2258: .It Fl nosalt
1.49 jmc 2259: Don't use a salt in the key derivation routines.
1.81 jmc 2260: This option should never be used
1.49 jmc 2261: since it makes it possible to perform efficient dictionary
2262: attacks on the password and to attack stream cipher encrypted data.
1.1 jsing 2263: .It Fl out Ar file
1.51 jmc 2264: The output file to write to,
1.57 jmc 2265: or standard output if not specified.
1.1 jsing 2266: .It Fl P
1.49 jmc 2267: Print out the salt, key, and IV used, then immediately exit;
1.1 jsing 2268: don't do any encryption or decryption.
2269: .It Fl p
1.49 jmc 2270: Print out the salt, key, and IV used.
1.1 jsing 2271: .It Fl pass Ar arg
2272: The password source.
1.96 beck 2273: .It Fl pbkdf2
1.97 jmc 2274: Use the pbkdf2 key derivation function, with
1.96 beck 2275: the default of 10000 iterations.
1.1 jsing 2276: .It Fl S Ar salt
2277: The actual
2278: .Ar salt
2279: to use:
2280: this must be represented as a string comprised only of hex digits.
2281: .It Fl salt
1.49 jmc 2282: Use a salt in the key derivation routines (the default).
2283: When the salt is being used
2284: the first eight bytes of the encrypted data are reserved for the salt:
2285: it is randomly generated when encrypting a file and read from the
2286: encrypted file when it is decrypted.
1.106 inoguchi 2287: .It Fl v
2288: Print extra details about the processing.
1.1 jsing 2289: .El
1.120 kn 2290: .Tg errstr
1.1 jsing 2291: .Sh ERRSTR
2292: .Nm openssl errstr
2293: .Op Fl stats
2294: .Ar errno ...
2295: .Pp
2296: The
2297: .Nm errstr
2298: command performs error number to error string conversion,
2299: generating a human-readable string representing the error code
2300: .Ar errno .
2301: The string is obtained through the
2302: .Xr ERR_error_string_n 3
2303: function and has the following format:
2304: .Pp
2305: .Dl error:[error code]:[library name]:[function name]:[reason string]
2306: .Pp
2307: .Bq error code
2308: is an 8-digit hexadecimal number.
2309: The remaining fields
2310: .Bq library name ,
2311: .Bq function name ,
2312: and
2313: .Bq reason string
2314: are all ASCII text.
2315: .Pp
2316: The options are as follows:
2317: .Bl -tag -width Ds
2318: .It Fl stats
2319: Print debugging statistics about various aspects of the hash table.
2320: .El
1.120 kn 2321: .Tg gendsa
1.1 jsing 2322: .Sh GENDSA
1.114 jmc 2323: .Bl -hang -width "openssl gendsa"
2324: .It Nm openssl gendsa
2325: .Bk -words
1.1 jsing 2326: .Oo
1.102 jmc 2327: .Fl aes128 | aes192 | aes256 | camellia128 |
2328: .Fl camellia192 | camellia256 | des | des3 | idea
1.1 jsing 2329: .Oc
2330: .Op Fl out Ar file
1.101 inoguchi 2331: .Op Fl passout Ar arg
2332: .Ar paramfile
1.114 jmc 2333: .Ek
2334: .El
1.1 jsing 2335: .Pp
2336: The
2337: .Nm gendsa
2338: command generates a DSA private key from a DSA parameter file
1.51 jmc 2339: (typically generated by the
1.1 jsing 2340: .Nm openssl dsaparam
2341: command).
1.51 jmc 2342: DSA key generation is little more than random number generation so it is
2343: much quicker than,
2344: for example,
2345: RSA key generation.
1.1 jsing 2346: .Pp
2347: The options are as follows:
2348: .Bl -tag -width Ds
2349: .It Xo
2350: .Fl aes128 | aes192 | aes256 |
1.101 inoguchi 2351: .Fl camellia128 | camellia192 | camellia256 |
2352: .Fl des | des3 |
2353: .Fl idea
1.1 jsing 2354: .Xc
1.101 inoguchi 2355: Encrypt the private key with the AES, CAMELLIA, DES, triple DES
2356: or the IDEA ciphers, respectively, before outputting it.
1.1 jsing 2357: A pass phrase is prompted for.
2358: If none of these options are specified, no encryption is used.
2359: .It Fl out Ar file
1.51 jmc 2360: The output file to write to,
1.57 jmc 2361: or standard output if not specified.
1.101 inoguchi 2362: .It Fl passout Ar arg
2363: The output file password source.
1.1 jsing 2364: .It Ar paramfile
1.51 jmc 2365: Specify the DSA parameter file to use.
1.1 jsing 2366: The parameters in this file determine the size of the private key.
2367: .El
1.120 kn 2368: .Tg genpkey
1.1 jsing 2369: .Sh GENPKEY
1.114 jmc 2370: .Bl -hang -width "openssl genpkey"
2371: .It Nm openssl genpkey
2372: .Bk -words
1.1 jsing 2373: .Op Fl algorithm Ar alg
2374: .Op Ar cipher
2375: .Op Fl genparam
2376: .Op Fl out Ar file
1.52 jmc 2377: .Op Fl outform Cm der | pem
1.1 jsing 2378: .Op Fl paramfile Ar file
2379: .Op Fl pass Ar arg
2380: .Op Fl pkeyopt Ar opt : Ns Ar value
2381: .Op Fl text
1.114 jmc 2382: .Ek
2383: .El
1.1 jsing 2384: .Pp
2385: The
2386: .Nm genpkey
2387: command generates private keys.
2388: The use of this
2389: program is encouraged over the algorithm specific utilities
1.22 bcook 2390: because additional algorithm options can be used.
1.1 jsing 2391: .Pp
2392: The options are as follows:
2393: .Bl -tag -width Ds
2394: .It Fl algorithm Ar alg
2395: The public key algorithm to use,
2396: such as RSA, DSA, or DH.
1.52 jmc 2397: This option must precede any
1.1 jsing 2398: .Fl pkeyopt
2399: options.
2400: The options
2401: .Fl paramfile
2402: and
2403: .Fl algorithm
2404: are mutually exclusive.
2405: .It Ar cipher
2406: Encrypt the private key with the supplied cipher.
2407: Any algorithm name accepted by
1.52 jmc 2408: .Xr EVP_get_cipherbyname 3
2409: is acceptable.
1.1 jsing 2410: .It Fl genparam
2411: Generate a set of parameters instead of a private key.
1.52 jmc 2412: This option must precede any
1.1 jsing 2413: .Fl algorithm ,
2414: .Fl paramfile ,
2415: or
2416: .Fl pkeyopt
2417: options.
2418: .It Fl out Ar file
1.52 jmc 2419: The output file to write to,
1.57 jmc 2420: or standard output if not specified.
1.52 jmc 2421: .It Fl outform Cm der | pem
2422: The output format.
1.1 jsing 2423: .It Fl paramfile Ar file
1.52 jmc 2424: Some public key algorithms generate a private key based on a set of parameters,
2425: which can be supplied using this option.
1.1 jsing 2426: If this option is used the public key
2427: algorithm used is determined by the parameters.
1.52 jmc 2428: This option must precede any
1.1 jsing 2429: .Fl pkeyopt
2430: options.
2431: The options
2432: .Fl paramfile
2433: and
2434: .Fl algorithm
2435: are mutually exclusive.
2436: .It Fl pass Ar arg
2437: The output file password source.
2438: .It Fl pkeyopt Ar opt : Ns Ar value
2439: Set the public key algorithm option
2440: .Ar opt
2441: to
1.52 jmc 2442: .Ar value ,
2443: as follows:
1.1 jsing 2444: .Bl -tag -width Ds -offset indent
2445: .It rsa_keygen_bits : Ns Ar numbits
2446: (RSA)
2447: The number of bits in the generated key.
1.52 jmc 2448: The default is 2048.
1.1 jsing 2449: .It rsa_keygen_pubexp : Ns Ar value
2450: (RSA)
2451: The RSA public exponent value.
2452: This can be a large decimal or hexadecimal value if preceded by 0x.
1.52 jmc 2453: The default is 65537.
1.1 jsing 2454: .It dsa_paramgen_bits : Ns Ar numbits
2455: (DSA)
2456: The number of bits in the generated parameters.
1.52 jmc 2457: The default is 1024.
1.1 jsing 2458: .It dh_paramgen_prime_len : Ns Ar numbits
2459: (DH)
2460: The number of bits in the prime parameter
2461: .Ar p .
2462: .It dh_paramgen_generator : Ns Ar value
2463: (DH)
2464: The value to use for the generator
2465: .Ar g .
2466: .It ec_paramgen_curve : Ns Ar curve
2467: (EC)
1.121 schwarze 2468: The elliptic curve to use.
1.1 jsing 2469: .El
1.52 jmc 2470: .It Fl text
1.64 jmc 2471: Print the private/public key in plain text.
1.52 jmc 2472: .El
1.120 kn 2473: .Tg genrsa
1.1 jsing 2474: .Sh GENRSA
1.114 jmc 2475: .Bl -hang -width "openssl genrsa"
2476: .It Nm openssl genrsa
2477: .Bk -words
1.1 jsing 2478: .Op Fl 3 | f4
1.109 inoguchi 2479: .Oo
2480: .Fl aes128 | aes192 | aes256 | camellia128 |
2481: .Fl camellia192 | camellia256 | des | des3 | idea
2482: .Oc
1.1 jsing 2483: .Op Fl out Ar file
2484: .Op Fl passout Ar arg
2485: .Op Ar numbits
1.114 jmc 2486: .Ek
2487: .El
1.1 jsing 2488: .Pp
2489: The
2490: .Nm genrsa
1.53 jmc 2491: command generates an RSA private key,
2492: which essentially involves the generation of two prime numbers.
2493: When generating the key,
2494: various symbols will be output to indicate the progress of the generation.
2495: A
2496: .Sq \&.
2497: represents each number which has passed an initial sieve test;
2498: .Sq +
1.128 tb 2499: means a number has passed a single round of the Miller-Rabin primality test;
2500: .Sq *
2501: means the number has failed primality testing
2502: and needs to be generated afresh.
1.53 jmc 2503: A newline means that the number has passed all the prime tests
2504: (the actual number depends on the key size).
1.1 jsing 2505: .Pp
2506: The options are as follows:
2507: .Bl -tag -width Ds
2508: .It Fl 3 | f4
2509: The public exponent to use, either 3 or 65537.
2510: The default is 65537.
1.109 inoguchi 2511: .It Xo
2512: .Fl aes128 | aes192 | aes256 |
2513: .Fl camellia128 | camellia192 | camellia256 |
2514: .Fl des | des3 |
2515: .Fl idea
2516: .Xc
2517: Encrypt the private key with the AES, CAMELLIA, DES, triple DES
2518: or the IDEA ciphers, respectively, before outputting it.
1.1 jsing 2519: If none of these options are specified, no encryption is used.
2520: If encryption is used, a pass phrase is prompted for,
2521: if it is not supplied via the
2522: .Fl passout
2523: option.
2524: .It Fl out Ar file
1.53 jmc 2525: The output file to write to,
1.57 jmc 2526: or standard output if not specified.
1.1 jsing 2527: .It Fl passout Ar arg
2528: The output file password source.
2529: .It Ar numbits
2530: The size of the private key to generate in bits.
2531: This must be the last option specified.
2532: The default is 2048.
2533: .El
1.120 kn 2534: .Tg nseq
1.1 jsing 2535: .Sh NSEQ
2536: .Nm openssl nseq
2537: .Op Fl in Ar file
2538: .Op Fl out Ar file
2539: .Op Fl toseq
2540: .Pp
2541: The
2542: .Nm nseq
1.54 jmc 2543: command takes a file containing a Netscape certificate sequence
2544: (an alternative to the standard PKCS#7 format)
2545: and prints out the certificates contained in it,
2546: or takes a file of certificates
2547: and converts it into a Netscape certificate sequence.
2548: .Pp
1.1 jsing 2549: The options are as follows:
2550: .Bl -tag -width Ds
2551: .It Fl in Ar file
1.54 jmc 2552: The input file to read from,
2553: or standard input if not specified.
1.1 jsing 2554: .It Fl out Ar file
1.54 jmc 2555: The output file to write to,
2556: or standard output if not specified.
1.1 jsing 2557: .It Fl toseq
2558: Normally, a Netscape certificate sequence will be input and the output
2559: is the certificates contained in it.
2560: With the
2561: .Fl toseq
2562: option the situation is reversed:
2563: a Netscape certificate sequence is created from a file of certificates.
2564: .El
1.120 kn 2565: .Tg ocsp
1.1 jsing 2566: .Sh OCSP
1.114 jmc 2567: .Bl -hang -width "openssl ocsp"
2568: .It Nm openssl ocsp
2569: .Bk -words
1.1 jsing 2570: .Op Fl CA Ar file
2571: .Op Fl CAfile Ar file
2572: .Op Fl CApath Ar directory
2573: .Op Fl cert Ar file
2574: .Op Fl dgst Ar alg
1.108 inoguchi 2575: .Op Fl header Ar name value
1.55 jmc 2576: .Op Fl host Ar hostname : Ns Ar port
1.108 inoguchi 2577: .Op Fl ignore_err
1.1 jsing 2578: .Op Fl index Ar indexfile
2579: .Op Fl issuer Ar file
2580: .Op Fl ndays Ar days
2581: .Op Fl nmin Ar minutes
2582: .Op Fl no_cert_checks
2583: .Op Fl no_cert_verify
2584: .Op Fl no_certs
2585: .Op Fl no_chain
1.108 inoguchi 2586: .Op Fl no_explicit
1.1 jsing 2587: .Op Fl no_intern
2588: .Op Fl no_nonce
2589: .Op Fl no_signature_verify
2590: .Op Fl nonce
2591: .Op Fl noverify
2592: .Op Fl nrequest Ar number
2593: .Op Fl out Ar file
2594: .Op Fl path Ar path
2595: .Op Fl port Ar portnum
2596: .Op Fl req_text
2597: .Op Fl reqin Ar file
2598: .Op Fl reqout Ar file
2599: .Op Fl resp_key_id
2600: .Op Fl resp_no_certs
2601: .Op Fl resp_text
2602: .Op Fl respin Ar file
2603: .Op Fl respout Ar file
2604: .Op Fl rkey Ar file
2605: .Op Fl rother Ar file
2606: .Op Fl rsigner Ar file
1.108 inoguchi 2607: .Op Fl serial Ar num
1.1 jsing 2608: .Op Fl sign_other Ar file
2609: .Op Fl signer Ar file
2610: .Op Fl signkey Ar file
2611: .Op Fl status_age Ar age
2612: .Op Fl text
1.108 inoguchi 2613: .Op Fl timeout Ar seconds
1.1 jsing 2614: .Op Fl trust_other
2615: .Op Fl url Ar responder_url
2616: .Op Fl VAfile Ar file
2617: .Op Fl validity_period Ar nsec
2618: .Op Fl verify_other Ar file
1.114 jmc 2619: .Ek
2620: .El
1.1 jsing 2621: .Pp
1.55 jmc 2622: The Online Certificate Status Protocol (OCSP)
2623: enables applications to determine the (revocation) state
2624: of an identified certificate (RFC 2560).
1.1 jsing 2625: .Pp
2626: The
2627: .Nm ocsp
2628: command performs many common OCSP tasks.
2629: It can be used to print out requests and responses,
2630: create requests and send queries to an OCSP responder,
2631: and behave like a mini OCSP server itself.
2632: .Pp
2633: The options are as follows:
2634: .Bl -tag -width Ds
2635: .It Fl CAfile Ar file , Fl CApath Ar directory
1.55 jmc 2636: A file or path containing trusted CA certificates,
2637: used to verify the signature on the OCSP response.
1.1 jsing 2638: .It Fl cert Ar file
2639: Add the certificate
2640: .Ar file
2641: to the request.
2642: The issuer certificate is taken from the previous
2643: .Fl issuer
2644: option, or an error occurs if no issuer certificate is specified.
2645: .It Fl dgst Ar alg
1.55 jmc 2646: Use the digest algorithm
2647: .Ar alg
2648: for certificate identification in the OCSP request.
1.125 inoguchi 2649: By default SHA1 is used.
1.1 jsing 2650: .It Xo
2651: .Fl host Ar hostname : Ns Ar port ,
2652: .Fl path Ar path
2653: .Xc
1.55 jmc 2654: Send
2655: the OCSP request to
1.1 jsing 2656: .Ar hostname
1.55 jmc 2657: on
1.1 jsing 2658: .Ar port .
2659: .Fl path
2660: specifies the HTTP path name to use, or
1.55 jmc 2661: .Pa /
1.1 jsing 2662: by default.
1.108 inoguchi 2663: .It Fl header Ar name value
2664: Add the header name with the specified value to the OCSP request that is sent
2665: to the responder.
2666: This may be repeated.
1.1 jsing 2667: .It Fl issuer Ar file
1.81 jmc 2668: The current issuer certificate, in PEM format.
2669: Can be used multiple times and must come before any
1.1 jsing 2670: .Fl cert
2671: options.
2672: .It Fl no_cert_checks
2673: Don't perform any additional checks on the OCSP response signer's certificate.
2674: That is, do not make any checks to see if the signer's certificate is
2675: authorised to provide the necessary status information:
2676: as a result this option should only be used for testing purposes.
2677: .It Fl no_cert_verify
2678: Don't verify the OCSP response signer's certificate at all.
2679: Since this option allows the OCSP response to be signed by any certificate,
2680: it should only be used for testing purposes.
2681: .It Fl no_certs
1.55 jmc 2682: Don't include any certificates in the signed request.
1.1 jsing 2683: .It Fl no_chain
2684: Do not use certificates in the response as additional untrusted CA
2685: certificates.
1.108 inoguchi 2686: .It Fl no_explicit
2687: Don't check the explicit trust for OCSP signing in the root CA certificate.
1.1 jsing 2688: .It Fl no_intern
2689: Ignore certificates contained in the OCSP response
2690: when searching for the signer's certificate.
1.55 jmc 2691: The signer's certificate must be specified with either the
1.1 jsing 2692: .Fl verify_other
2693: or
2694: .Fl VAfile
2695: options.
2696: .It Fl no_signature_verify
2697: Don't check the signature on the OCSP response.
2698: Since this option tolerates invalid signatures on OCSP responses,
2699: it will normally only be used for testing purposes.
2700: .It Fl nonce , no_nonce
1.55 jmc 2701: Add an OCSP nonce extension to a request,
2702: or disable an OCSP nonce addition.
1.1 jsing 2703: Normally, if an OCSP request is input using the
2704: .Fl respin
1.55 jmc 2705: option no nonce is added:
1.1 jsing 2706: using the
2707: .Fl nonce
1.55 jmc 2708: option will force the addition of a nonce.
1.1 jsing 2709: If an OCSP request is being created (using the
2710: .Fl cert
2711: and
2712: .Fl serial
2713: options)
1.55 jmc 2714: a nonce is automatically added; specifying
1.1 jsing 2715: .Fl no_nonce
2716: overrides this.
2717: .It Fl noverify
1.55 jmc 2718: Don't attempt to verify the OCSP response signature or the nonce values.
2719: This is normally only be used for debugging
1.1 jsing 2720: since it disables all verification of the responder's certificate.
2721: .It Fl out Ar file
1.55 jmc 2722: Specify the output file to write to,
1.57 jmc 2723: or standard output if not specified.
1.1 jsing 2724: .It Fl req_text , resp_text , text
2725: Print out the text form of the OCSP request, response, or both, respectively.
2726: .It Fl reqin Ar file , Fl respin Ar file
2727: Read an OCSP request or response file from
2728: .Ar file .
2729: These options are ignored
2730: if an OCSP request or response creation is implied by other options
2731: (for example with the
2732: .Fl serial , cert ,
2733: and
2734: .Fl host
2735: options).
2736: .It Fl reqout Ar file , Fl respout Ar file
2737: Write out the DER-encoded certificate request or response to
2738: .Ar file .
2739: .It Fl serial Ar num
2740: Same as the
2741: .Fl cert
2742: option except the certificate with serial number
2743: .Ar num
2744: is added to the request.
2745: The serial number is interpreted as a decimal integer unless preceded by
2746: .Sq 0x .
1.55 jmc 2747: Negative integers can also be specified
2748: by preceding the value with a minus sign.
1.1 jsing 2749: .It Fl sign_other Ar file
2750: Additional certificates to include in the signed request.
2751: .It Fl signer Ar file , Fl signkey Ar file
2752: Sign the OCSP request using the certificate specified in the
2753: .Fl signer
2754: option and the private key specified by the
2755: .Fl signkey
2756: option.
2757: If the
2758: .Fl signkey
2759: option is not present, then the private key is read from the same file
2760: as the certificate.
2761: If neither option is specified, the OCSP request is not signed.
1.108 inoguchi 2762: .It Fl timeout Ar seconds
2763: Connection timeout to the OCSP responder in seconds.
1.1 jsing 2764: .It Fl trust_other
2765: The certificates specified by the
2766: .Fl verify_other
2767: option should be explicitly trusted and no additional checks will be
2768: performed on them.
2769: This is useful when the complete responder certificate chain is not available
2770: or trusting a root CA is not appropriate.
2771: .It Fl url Ar responder_url
2772: Specify the responder URL.
2773: Both HTTP and HTTPS
2774: .Pq SSL/TLS
2775: URLs can be specified.
2776: .It Fl VAfile Ar file
1.55 jmc 2777: A file containing explicitly trusted responder certificates.
1.1 jsing 2778: Equivalent to the
2779: .Fl verify_other
2780: and
2781: .Fl trust_other
2782: options.
2783: .It Fl validity_period Ar nsec , Fl status_age Ar age
1.55 jmc 2784: The range of times, in seconds, which will be tolerated in an OCSP response.
2785: Each certificate status response includes a notBefore time
2786: and an optional notAfter time.
1.1 jsing 2787: The current time should fall between these two values,
2788: but the interval between the two times may be only a few seconds.
2789: In practice the OCSP responder and clients' clocks may not be precisely
2790: synchronised and so such a check may fail.
2791: To avoid this the
2792: .Fl validity_period
2793: option can be used to specify an acceptable error range in seconds,
1.55 jmc 2794: the default value being 5 minutes.
1.1 jsing 2795: .Pp
1.55 jmc 2796: If the notAfter time is omitted from a response,
2797: it means that new status information is immediately available.
2798: In this case the age of the notBefore field is checked
2799: to see it is not older than
1.1 jsing 2800: .Ar age
2801: seconds old.
2802: By default, this additional check is not performed.
2803: .It Fl verify_other Ar file
1.55 jmc 2804: A file containing additional certificates to search
2805: when attempting to locate the OCSP response signing certificate.
2806: Some responders omit the actual signer's certificate from the response,
2807: so this can be used to supply the necessary certificate.
1.1 jsing 2808: .El
1.55 jmc 2809: .Pp
2810: The options for the OCSP server are as follows:
1.1 jsing 2811: .Bl -tag -width "XXXX"
2812: .It Fl CA Ar file
2813: CA certificate corresponding to the revocation information in
2814: .Ar indexfile .
1.108 inoguchi 2815: .It Fl ignore_err
2816: Ignore the invalid response.
1.1 jsing 2817: .It Fl index Ar indexfile
2818: .Ar indexfile
1.55 jmc 2819: is a text index file in ca format
2820: containing certificate revocation information.
1.1 jsing 2821: .Pp
1.55 jmc 2822: If this option is specified,
1.1 jsing 2823: .Nm ocsp
1.55 jmc 2824: is in responder mode, otherwise it is in client mode.
2825: The requests the responder processes can be either specified on
1.1 jsing 2826: the command line (using the
2827: .Fl issuer
2828: and
2829: .Fl serial
2830: options), supplied in a file (using the
2831: .Fl respin
1.55 jmc 2832: option), or via external OCSP clients (if
1.1 jsing 2833: .Ar port
2834: or
2835: .Ar url
2836: is specified).
2837: .Pp
1.55 jmc 2838: If this option is present, then the
1.1 jsing 2839: .Fl CA
2840: and
2841: .Fl rsigner
2842: options must also be present.
2843: .It Fl nmin Ar minutes , Fl ndays Ar days
2844: Number of
2845: .Ar minutes
2846: or
2847: .Ar days
1.55 jmc 2848: when fresh revocation information is available:
2849: used in the nextUpdate field.
2850: If neither option is present,
2851: the nextUpdate field is omitted,
2852: meaning fresh revocation information is immediately available.
1.1 jsing 2853: .It Fl nrequest Ar number
1.55 jmc 2854: Exit after receiving
1.1 jsing 2855: .Ar number
1.55 jmc 2856: requests (the default is unlimited).
1.1 jsing 2857: .It Fl port Ar portnum
2858: Port to listen for OCSP requests on.
1.55 jmc 2859: May also be specified using the
1.1 jsing 2860: .Fl url
2861: option.
2862: .It Fl resp_key_id
2863: Identify the signer certificate using the key ID;
1.55 jmc 2864: the default is to use the subject name.
1.1 jsing 2865: .It Fl resp_no_certs
2866: Don't include any certificates in the OCSP response.
2867: .It Fl rkey Ar file
2868: The private key to sign OCSP responses with;
2869: if not present, the file specified in the
2870: .Fl rsigner
2871: option is used.
2872: .It Fl rother Ar file
2873: Additional certificates to include in the OCSP response.
2874: .It Fl rsigner Ar file
2875: The certificate to sign OCSP responses with.
2876: .El
2877: .Pp
2878: Initially the OCSP responder certificate is located and the signature on
2879: the OCSP request checked using the responder certificate's public key.
2880: Then a normal certificate verify is performed on the OCSP responder certificate
2881: building up a certificate chain in the process.
2882: The locations of the trusted certificates used to build the chain can be
2883: specified by the
2884: .Fl CAfile
2885: and
2886: .Fl CApath
2887: options or they will be looked for in the standard
1.55 jmc 2888: .Nm openssl
2889: certificates directory.
1.1 jsing 2890: .Pp
1.55 jmc 2891: If the initial verify fails, the OCSP verify process halts with an error.
1.1 jsing 2892: Otherwise the issuing CA certificate in the request is compared to the OCSP
2893: responder certificate: if there is a match then the OCSP verify succeeds.
2894: .Pp
2895: Otherwise the OCSP responder certificate's CA is checked against the issuing
2896: CA certificate in the request.
2897: If there is a match and the OCSPSigning extended key usage is present
2898: in the OCSP responder certificate, then the OCSP verify succeeds.
2899: .Pp
2900: Otherwise the root CA of the OCSP responder's CA is checked to see if it
2901: is trusted for OCSP signing.
2902: If it is, the OCSP verify succeeds.
2903: .Pp
2904: If none of these checks is successful, the OCSP verify fails.
2905: What this effectively means is that if the OCSP responder certificate is
2906: authorised directly by the CA it is issuing revocation information about
1.55 jmc 2907: (and it is correctly configured),
1.1 jsing 2908: then verification will succeed.
2909: .Pp
1.55 jmc 2910: If the OCSP responder is a global responder,
2911: which can give details about multiple CAs
2912: and has its own separate certificate chain,
2913: then its root CA can be trusted for OCSP signing.
1.1 jsing 2914: Alternatively, the responder certificate itself can be explicitly trusted
2915: with the
2916: .Fl VAfile
2917: option.
1.120 kn 2918: .Tg passwd
1.1 jsing 2919: .Sh PASSWD
1.114 jmc 2920: .Bl -hang -width "openssl passwd"
2921: .It Nm openssl passwd
2922: .Bk -words
1.1 jsing 2923: .Op Fl 1 | apr1 | crypt
2924: .Op Fl in Ar file
2925: .Op Fl noverify
2926: .Op Fl quiet
2927: .Op Fl reverse
2928: .Op Fl salt Ar string
2929: .Op Fl stdin
2930: .Op Fl table
2931: .Op Ar password
1.114 jmc 2932: .Ek
2933: .El
1.1 jsing 2934: .Pp
2935: The
2936: .Nm passwd
1.56 jmc 2937: command computes the hash of a password.
1.1 jsing 2938: .Pp
2939: The options are as follows:
2940: .Bl -tag -width Ds
2941: .It Fl 1
2942: Use the MD5 based
2943: .Bx
2944: password algorithm
1.56 jmc 2945: .Qq 1 .
1.1 jsing 2946: .It Fl apr1
2947: Use the
1.56 jmc 2948: .Qq apr1
1.1 jsing 2949: algorithm
1.56 jmc 2950: .Po
2951: Apache variant of the
1.1 jsing 2952: .Bx
1.56 jmc 2953: algorithm
2954: .Pc .
1.1 jsing 2955: .It Fl crypt
2956: Use the
1.56 jmc 2957: .Qq crypt
2958: algorithm (the default).
1.1 jsing 2959: .It Fl in Ar file
2960: Read passwords from
2961: .Ar file .
2962: .It Fl noverify
2963: Don't verify when reading a password from the terminal.
2964: .It Fl quiet
2965: Don't output warnings when passwords given on the command line are truncated.
2966: .It Fl reverse
2967: Switch table columns.
2968: This only makes sense in conjunction with the
2969: .Fl table
2970: option.
2971: .It Fl salt Ar string
1.56 jmc 2972: Use the salt specified by
2973: .Ar string .
1.1 jsing 2974: When reading a password from the terminal, this implies
2975: .Fl noverify .
2976: .It Fl stdin
1.56 jmc 2977: Read passwords from standard input.
1.1 jsing 2978: .It Fl table
2979: In the output list, prepend the cleartext password and a TAB character
2980: to each password hash.
2981: .El
1.120 kn 2982: .Tg pkcs7
1.1 jsing 2983: .Sh PKCS7
1.114 jmc 2984: .Bl -hang -width "openssl pkcs7"
2985: .It Nm openssl pkcs7
2986: .Bk -words
1.1 jsing 2987: .Op Fl in Ar file
1.57 jmc 2988: .Op Fl inform Cm der | pem
1.1 jsing 2989: .Op Fl noout
2990: .Op Fl out Ar file
1.57 jmc 2991: .Op Fl outform Cm der | pem
1.106 inoguchi 2992: .Op Fl print
1.1 jsing 2993: .Op Fl print_certs
2994: .Op Fl text
1.114 jmc 2995: .Ek
2996: .El
1.1 jsing 2997: .Pp
2998: The
2999: .Nm pkcs7
3000: command processes PKCS#7 files in DER or PEM format.
1.57 jmc 3001: The PKCS#7 routines only understand PKCS#7 v 1.5 as specified in RFC 2315.
3002: .Pp
1.1 jsing 3003: The options are as follows:
3004: .Bl -tag -width Ds
3005: .It Fl in Ar file
1.57 jmc 3006: The input file to read from,
3007: or standard input if not specified.
3008: .It Fl inform Cm der | pem
3009: The input format.
1.1 jsing 3010: .It Fl noout
3011: Don't output the encoded version of the PKCS#7 structure
3012: (or certificates if
3013: .Fl print_certs
3014: is set).
3015: .It Fl out Ar file
1.57 jmc 3016: The output to write to,
3017: or standard output if not specified.
3018: .It Fl outform Cm der | pem
3019: The output format.
1.106 inoguchi 3020: .It Fl print
3021: Print the ASN.1 representation of PKCS#7 structure.
1.1 jsing 3022: .It Fl print_certs
1.57 jmc 3023: Print any certificates or CRLs contained in the file,
3024: preceded by their subject and issuer names in a one-line format.
1.1 jsing 3025: .It Fl text
1.57 jmc 3026: Print certificate details in full rather than just subject and issuer names.
1.1 jsing 3027: .El
1.120 kn 3028: .Tg pkcs8
1.1 jsing 3029: .Sh PKCS8
1.114 jmc 3030: .Bl -hang -width "openssl pkcs8"
3031: .It Nm openssl pkcs8
3032: .Bk -words
1.1 jsing 3033: .Op Fl in Ar file
1.58 jmc 3034: .Op Fl inform Cm der | pem
1.1 jsing 3035: .Op Fl nocrypt
3036: .Op Fl noiter
3037: .Op Fl out Ar file
1.58 jmc 3038: .Op Fl outform Cm der | pem
1.1 jsing 3039: .Op Fl passin Ar arg
3040: .Op Fl passout Ar arg
3041: .Op Fl topk8
3042: .Op Fl v1 Ar alg
3043: .Op Fl v2 Ar alg
1.114 jmc 3044: .Ek
3045: .El
1.1 jsing 3046: .Pp
3047: The
3048: .Nm pkcs8
1.58 jmc 3049: command processes private keys
3050: (both encrypted and unencrypted)
3051: in PKCS#8 format
3052: with a variety of PKCS#5 (v1.5 and v2.0) and PKCS#12 algorithms.
3053: The default encryption is only 56 bits;
3054: keys encrypted using PKCS#5 v2.0 algorithms and high iteration counts
3055: are more secure.
3056: .Pp
1.1 jsing 3057: The options are as follows:
3058: .Bl -tag -width Ds
3059: .It Fl in Ar file
1.58 jmc 3060: The input file to read from,
3061: or standard input if not specified.
1.1 jsing 3062: If the key is encrypted, a pass phrase will be prompted for.
1.58 jmc 3063: .It Fl inform Cm der | pem
3064: The input format.
1.1 jsing 3065: .It Fl nocrypt
1.58 jmc 3066: Generate an unencrypted PrivateKeyInfo structure.
3067: This option does not encrypt private keys at all
3068: and should only be used when absolutely necessary.
1.1 jsing 3069: .It Fl noiter
3070: Use an iteration count of 1.
3071: See the
3072: .Sx PKCS12
3073: section below for a detailed explanation of this option.
3074: .It Fl out Ar file
1.58 jmc 3075: The output file to write to,
3076: or standard output if none is specified.
1.1 jsing 3077: If any encryption options are set, a pass phrase will be prompted for.
1.58 jmc 3078: .It Fl outform Cm der | pem
3079: The output format.
1.1 jsing 3080: .It Fl passin Ar arg
3081: The key password source.
3082: .It Fl passout Ar arg
3083: The output file password source.
3084: .It Fl topk8
1.58 jmc 3085: Read a traditional format private key and write a PKCS#8 format key.
1.1 jsing 3086: .It Fl v1 Ar alg
1.58 jmc 3087: Specify a PKCS#5 v1.5 or PKCS#12 algorithm to use.
3088: .Pp
3089: .Bl -tag -width "XXXX" -compact
3090: .It PBE-MD5-DES
3091: 56-bit DES.
3092: .It PBE-SHA1-RC2-64 | PBE-MD5-RC2-64 | PBE-SHA1-DES
3093: 64-bit RC2 or 56-bit DES.
3094: .It PBE-SHA1-RC4-128 | PBE-SHA1-RC4-40 | PBE-SHA1-3DES
3095: .It PBE-SHA1-2DES | PBE-SHA1-RC2-128 | PBE-SHA1-RC2-40
3096: PKCS#12 password-based encryption algorithm,
3097: which allow strong encryption algorithms like triple DES or 128-bit RC2.
3098: .El
1.1 jsing 3099: .It Fl v2 Ar alg
1.58 jmc 3100: Use PKCS#5 v2.0 algorithms.
3101: Supports algorithms such as 168-bit triple DES or 128-bit RC2,
3102: however not many implementations support PKCS#5 v2.0 yet
3103: (if using private keys with
3104: .Nm openssl
3105: this doesn't matter).
1.1 jsing 3106: .Pp
3107: .Ar alg
1.58 jmc 3108: is the encryption algorithm to use;
3109: valid values include des, des3, and rc2.
3110: It is recommended that des3 is used.
1.1 jsing 3111: .El
1.120 kn 3112: .Tg pkcs12
1.1 jsing 3113: .Sh PKCS12
1.114 jmc 3114: .Bl -hang -width "openssl pkcs12"
3115: .It Nm openssl pkcs12
3116: .Bk -words
1.107 inoguchi 3117: .Oo
3118: .Fl aes128 | aes192 | aes256 | camellia128 |
3119: .Fl camellia192 | camellia256 | des | des3 | idea
3120: .Oc
1.1 jsing 3121: .Op Fl cacerts
3122: .Op Fl CAfile Ar file
3123: .Op Fl caname Ar name
3124: .Op Fl CApath Ar directory
3125: .Op Fl certfile Ar file
3126: .Op Fl certpbe Ar alg
3127: .Op Fl chain
3128: .Op Fl clcerts
3129: .Op Fl CSP Ar name
3130: .Op Fl descert
3131: .Op Fl export
3132: .Op Fl in Ar file
3133: .Op Fl info
3134: .Op Fl inkey Ar file
3135: .Op Fl keyex
3136: .Op Fl keypbe Ar alg
3137: .Op Fl keysig
1.107 inoguchi 3138: .Op Fl LMK
1.1 jsing 3139: .Op Fl macalg Ar alg
3140: .Op Fl maciter
3141: .Op Fl name Ar name
3142: .Op Fl nocerts
3143: .Op Fl nodes
3144: .Op Fl noiter
3145: .Op Fl nokeys
3146: .Op Fl nomac
3147: .Op Fl nomaciter
3148: .Op Fl nomacver
3149: .Op Fl noout
3150: .Op Fl out Ar file
3151: .Op Fl passin Ar arg
3152: .Op Fl passout Ar arg
1.107 inoguchi 3153: .Op Fl password Ar arg
1.1 jsing 3154: .Op Fl twopass
1.114 jmc 3155: .Ek
3156: .El
1.1 jsing 3157: .Pp
3158: The
3159: .Nm pkcs12
3160: command allows PKCS#12 files
3161: .Pq sometimes referred to as PFX files
3162: to be created and parsed.
3163: By default, a PKCS#12 file is parsed;
3164: a PKCS#12 file can be created by using the
3165: .Fl export
1.59 jmc 3166: option.
3167: .Pp
3168: The options for parsing a PKCS12 file are as follows:
1.1 jsing 3169: .Bl -tag -width "XXXX"
1.107 inoguchi 3170: .It Xo
3171: .Fl aes128 | aes192 | aes256 |
3172: .Fl camellia128 | camellia192 | camellia256 |
3173: .Fl des | des3 |
3174: .Fl idea
3175: .Xc
3176: Encrypt private keys using AES, CAMELLIA, DES, triple DES
3177: or the IDEA ciphers, respectively.
1.1 jsing 3178: The default is triple DES.
3179: .It Fl cacerts
3180: Only output CA certificates
3181: .Pq not client certificates .
3182: .It Fl clcerts
3183: Only output client certificates
3184: .Pq not CA certificates .
3185: .It Fl in Ar file
1.59 jmc 3186: The input file to read from,
3187: or standard input if not specified.
1.1 jsing 3188: .It Fl info
3189: Output additional information about the PKCS#12 file structure,
3190: algorithms used, and iteration counts.
3191: .It Fl nocerts
1.59 jmc 3192: Do not output certificates.
1.1 jsing 3193: .It Fl nodes
1.59 jmc 3194: Do not encrypt private keys.
1.1 jsing 3195: .It Fl nokeys
1.59 jmc 3196: Do not output private keys.
1.1 jsing 3197: .It Fl nomacver
1.59 jmc 3198: Do not attempt to verify the integrity MAC before reading the file.
1.1 jsing 3199: .It Fl noout
1.59 jmc 3200: Do not output the keys and certificates to the output file
1.1 jsing 3201: version of the PKCS#12 file.
3202: .It Fl out Ar file
1.59 jmc 3203: The output file to write to,
3204: or standard output if not specified.
1.1 jsing 3205: .It Fl passin Ar arg
3206: The key password source.
3207: .It Fl passout Ar arg
3208: The output file password source.
3209: .It Fl twopass
3210: Prompt for separate integrity and encryption passwords: most software
3211: always assumes these are the same so this option will render such
3212: PKCS#12 files unreadable.
3213: .El
1.59 jmc 3214: .Pp
3215: The options for PKCS12 file creation are as follows:
1.1 jsing 3216: .Bl -tag -width "XXXX"
3217: .It Fl CAfile Ar file
3218: CA storage as a file.
3219: .It Fl CApath Ar directory
3220: CA storage as a directory.
1.59 jmc 3221: The directory must be a standard certificate directory:
1.1 jsing 3222: that is, a hash of each subject name (using
1.59 jmc 3223: .Nm x509 Fl hash )
1.1 jsing 3224: should be linked to each certificate.
3225: .It Fl caname Ar name
1.59 jmc 3226: Specify the
1.1 jsing 3227: .Qq friendly name
3228: for other certificates.
1.59 jmc 3229: May be used multiple times to specify names for all certificates
1.1 jsing 3230: in the order they appear.
3231: .It Fl certfile Ar file
3232: A file to read additional certificates from.
3233: .It Fl certpbe Ar alg , Fl keypbe Ar alg
1.59 jmc 3234: Specify the algorithm used to encrypt the private key and
1.1 jsing 3235: certificates to be selected.
1.59 jmc 3236: Any PKCS#5 v1.5 or PKCS#12 PBE algorithm name can be used.
1.1 jsing 3237: If a cipher name
3238: (as output by the
3239: .Cm list-cipher-algorithms
3240: command) is specified then it
3241: is used with PKCS#5 v2.0.
3242: For interoperability reasons it is advisable to only use PKCS#12 algorithms.
3243: .It Fl chain
1.59 jmc 3244: Include the entire certificate chain of the user certificate.
1.1 jsing 3245: The standard CA store is used for this search.
3246: If the search fails, it is considered a fatal error.
3247: .It Fl CSP Ar name
3248: Write
3249: .Ar name
3250: as a Microsoft CSP name.
3251: .It Fl descert
3252: Encrypt the certificate using triple DES; this may render the PKCS#12
3253: file unreadable by some
3254: .Qq export grade
3255: software.
3256: By default, the private key is encrypted using triple DES and the
3257: certificate using 40-bit RC2.
3258: .It Fl export
1.59 jmc 3259: Create a PKCS#12 file (rather than parsing one).
1.1 jsing 3260: .It Fl in Ar file
1.59 jmc 3261: The input file to read from,
1.81 jmc 3262: or standard input if not specified.
1.1 jsing 3263: The order doesn't matter but one private key and its corresponding
3264: certificate should be present.
3265: If additional certificates are present, they will also be included
3266: in the PKCS#12 file.
3267: .It Fl inkey Ar file
1.59 jmc 3268: File to read a private key from.
1.1 jsing 3269: If not present, a private key must be present in the input file.
3270: .It Fl keyex | keysig
1.59 jmc 3271: Specify whether the private key is to be used for key exchange or just signing.
1.1 jsing 3272: Normally,
3273: .Qq export grade
3274: software will only allow 512-bit RSA keys to be
3275: used for encryption purposes, but arbitrary length keys for signing.
3276: The
3277: .Fl keysig
3278: option marks the key for signing only.
3279: Signing only keys can be used for S/MIME signing, authenticode
1.66 jmc 3280: (ActiveX control signing)
1.59 jmc 3281: and SSL client authentication.
1.107 inoguchi 3282: .It Fl LMK
3283: Add local machine keyset attribute to private key.
1.1 jsing 3284: .It Fl macalg Ar alg
3285: Specify the MAC digest algorithm.
1.59 jmc 3286: The default is SHA1.
1.1 jsing 3287: .It Fl maciter
1.66 jmc 3288: Included for compatibility only:
1.59 jmc 3289: it used to be needed to use MAC iterations counts
3290: but they are now used by default.
1.1 jsing 3291: .It Fl name Ar name
1.59 jmc 3292: Specify the
1.1 jsing 3293: .Qq friendly name
3294: for the certificate and private key.
3295: This name is typically displayed in list boxes by software importing the file.
3296: .It Fl nomac
3297: Don't attempt to provide the MAC integrity.
3298: .It Fl nomaciter , noiter
1.59 jmc 3299: Affect the iteration counts on the MAC and key algorithms.
1.1 jsing 3300: .Pp
3301: To discourage attacks by using large dictionaries of common passwords,
3302: the algorithm that derives keys from passwords can have an iteration count
3303: applied to it: this causes a certain part of the algorithm to be repeated
3304: and slows it down.
3305: The MAC is used to check the file integrity but since it will normally
3306: have the same password as the keys and certificates it could also be attacked.
3307: By default, both MAC and encryption iteration counts are set to 2048;
3308: using these options the MAC and encryption iteration counts can be set to 1.
3309: Since this reduces the file security you should not use these options
3310: unless you really have to.
3311: Most software supports both MAC and key iteration counts.
3312: .It Fl out Ar file
1.59 jmc 3313: The output file to write to,
3314: or standard output if not specified.
1.1 jsing 3315: .It Fl passin Ar arg
3316: The key password source.
3317: .It Fl passout Ar arg
3318: The output file password source.
1.107 inoguchi 3319: .It Fl password Ar arg
3320: With
3321: .Fl export ,
3322: .Fl password
3323: is equivalent to
3324: .Fl passout .
1.108 inoguchi 3325: Otherwise,
1.107 inoguchi 3326: .Fl password
3327: is equivalent to
3328: .Fl passin .
1.1 jsing 3329: .El
1.120 kn 3330: .Tg pkey
1.1 jsing 3331: .Sh PKEY
1.114 jmc 3332: .Bl -hang -width "openssl pkey"
3333: .It Nm openssl pkey
3334: .Bk -words
1.135 tb 3335: .Op Fl check
1.1 jsing 3336: .Op Ar cipher
3337: .Op Fl in Ar file
1.60 jmc 3338: .Op Fl inform Cm der | pem
1.1 jsing 3339: .Op Fl noout
3340: .Op Fl out Ar file
1.60 jmc 3341: .Op Fl outform Cm der | pem
1.1 jsing 3342: .Op Fl passin Ar arg
3343: .Op Fl passout Ar arg
1.135 tb 3344: .Op Fl pubcheck
1.1 jsing 3345: .Op Fl pubin
3346: .Op Fl pubout
3347: .Op Fl text
3348: .Op Fl text_pub
1.114 jmc 3349: .Ek
3350: .El
1.1 jsing 3351: .Pp
3352: The
3353: .Nm pkey
3354: command processes public or private keys.
3355: They can be converted between various forms
3356: and their components printed out.
3357: .Pp
3358: The options are as follows:
3359: .Bl -tag -width Ds
1.135 tb 3360: .It Fl check
3361: Check the validity of a key pair.
1.1 jsing 3362: .It Ar cipher
1.60 jmc 3363: Encrypt the private key with the specified cipher.
1.1 jsing 3364: Any algorithm name accepted by
1.60 jmc 3365: .Xr EVP_get_cipherbyname 3
1.1 jsing 3366: is acceptable, such as
3367: .Cm des3 .
3368: .It Fl in Ar file
1.60 jmc 3369: The input file to read from,
3370: or standard input if not specified.
1.127 jmc 3371: If the key is encrypted, a pass phrase will be prompted for.
1.60 jmc 3372: .It Fl inform Cm der | pem
3373: The input format.
1.1 jsing 3374: .It Fl noout
3375: Do not output the encoded version of the key.
3376: .It Fl out Ar file
1.60 jmc 3377: The output file to write to,
3378: or standard output if not specified.
1.1 jsing 3379: If any encryption options are set then a pass phrase
3380: will be prompted for.
1.60 jmc 3381: .It Fl outform Cm der | pem
3382: The output format.
1.1 jsing 3383: .It Fl passin Ar arg
3384: The key password source.
3385: .It Fl passout Ar arg
3386: The output file password source.
1.135 tb 3387: .It Fl pubcheck
3388: Check the validity of a public key
3389: or the public component of a key pair.
1.1 jsing 3390: .It Fl pubin
1.60 jmc 3391: Read in a public key, not a private key.
1.1 jsing 3392: .It Fl pubout
1.60 jmc 3393: Output a public key, not a private key.
3394: Automatically set if the input is a public key.
1.1 jsing 3395: .It Fl text
1.64 jmc 3396: Print the public/private key in plain text.
1.1 jsing 3397: .It Fl text_pub
3398: Print out only public key components
3399: even if a private key is being processed.
3400: .El
1.120 kn 3401: .Tg pkeyparam
1.1 jsing 3402: .Sh PKEYPARAM
3403: .Cm openssl pkeyparam
1.135 tb 3404: .Op Fl check
1.1 jsing 3405: .Op Fl in Ar file
3406: .Op Fl noout
3407: .Op Fl out Ar file
3408: .Op Fl text
3409: .Pp
3410: The
1.61 jmc 3411: .Nm pkeyparam
1.1 jsing 3412: command processes public or private keys.
1.61 jmc 3413: The key type is determined by the PEM headers.
1.1 jsing 3414: .Pp
3415: The options are as follows:
3416: .Bl -tag -width Ds
1.135 tb 3417: .It Fl check
3418: check the correctness of parameters.
1.1 jsing 3419: .It Fl in Ar file
1.61 jmc 3420: The input file to read from,
3421: or standard input if not specified.
1.1 jsing 3422: .It Fl noout
3423: Do not output the encoded version of the parameters.
3424: .It Fl out Ar file
1.61 jmc 3425: The output file to write to,
3426: or standard output if not specified.
1.1 jsing 3427: .It Fl text
1.64 jmc 3428: Print the parameters in plain text.
1.1 jsing 3429: .El
1.120 kn 3430: .Tg pkeyutl
1.1 jsing 3431: .Sh PKEYUTL
1.114 jmc 3432: .Bl -hang -width "openssl pkeyutl"
3433: .It Nm openssl pkeyutl
3434: .Bk -words
1.1 jsing 3435: .Op Fl asn1parse
3436: .Op Fl certin
3437: .Op Fl decrypt
3438: .Op Fl derive
3439: .Op Fl encrypt
3440: .Op Fl hexdump
3441: .Op Fl in Ar file
3442: .Op Fl inkey Ar file
1.62 jmc 3443: .Op Fl keyform Cm der | pem
1.1 jsing 3444: .Op Fl out Ar file
3445: .Op Fl passin Ar arg
1.62 jmc 3446: .Op Fl peerform Cm der | pem
1.1 jsing 3447: .Op Fl peerkey Ar file
3448: .Op Fl pkeyopt Ar opt : Ns Ar value
3449: .Op Fl pubin
3450: .Op Fl rev
3451: .Op Fl sigfile Ar file
3452: .Op Fl sign
3453: .Op Fl verify
3454: .Op Fl verifyrecover
1.114 jmc 3455: .Ek
3456: .El
1.1 jsing 3457: .Pp
3458: The
3459: .Nm pkeyutl
3460: command can be used to perform public key operations using
3461: any supported algorithm.
3462: .Pp
3463: The options are as follows:
3464: .Bl -tag -width Ds
3465: .It Fl asn1parse
1.84 jmc 3466: ASN.1 parse the output data.
1.1 jsing 3467: This is useful when combined with the
3468: .Fl verifyrecover
1.84 jmc 3469: option when an ASN.1 structure is signed.
1.1 jsing 3470: .It Fl certin
3471: The input is a certificate containing a public key.
3472: .It Fl decrypt
3473: Decrypt the input data using a private key.
3474: .It Fl derive
3475: Derive a shared secret using the peer key.
3476: .It Fl encrypt
3477: Encrypt the input data using a public key.
3478: .It Fl hexdump
3479: Hex dump the output data.
3480: .It Fl in Ar file
1.62 jmc 3481: The input file to read from,
3482: or standard input if not specified.
1.1 jsing 3483: .It Fl inkey Ar file
3484: The input key file.
3485: By default it should be a private key.
1.62 jmc 3486: .It Fl keyform Cm der | pem
3487: The key format.
1.1 jsing 3488: .It Fl out Ar file
1.62 jmc 3489: The output file to write to,
3490: or standard output if not specified.
1.1 jsing 3491: .It Fl passin Ar arg
3492: The key password source.
1.62 jmc 3493: .It Fl peerform Cm der | pem
3494: The peer key format.
1.1 jsing 3495: .It Fl peerkey Ar file
3496: The peer key file, used by key derivation (agreement) operations.
3497: .It Fl pkeyopt Ar opt : Ns Ar value
1.62 jmc 3498: Set the public key algorithm option
3499: .Ar opt
3500: to
3501: .Ar value .
3502: Unless otherwise mentioned, all algorithms support the format
3503: .Ar digest : Ns Ar alg ,
3504: which specifies the digest to use
1.1 jsing 3505: for sign, verify, and verifyrecover operations.
3506: The value
3507: .Ar alg
3508: should represent a digest name as used in the
1.62 jmc 3509: .Xr EVP_get_digestbyname 3
3510: function.
3511: .Pp
1.1 jsing 3512: The RSA algorithm supports the
3513: encrypt, decrypt, sign, verify, and verifyrecover operations in general.
3514: Some padding modes only support some of these
3515: operations however.
3516: .Bl -tag -width Ds
3517: .It rsa_padding_mode : Ns Ar mode
3518: This sets the RSA padding mode.
3519: Acceptable values for
3520: .Ar mode
3521: are
3522: .Cm pkcs1
3523: for PKCS#1 padding;
3524: .Cm none
3525: for no padding;
3526: .Cm oaep
3527: for OAEP mode;
3528: .Cm x931
3529: for X9.31 mode;
3530: and
3531: .Cm pss
3532: for PSS.
3533: .Pp
3534: In PKCS#1 padding if the message digest is not set then the supplied data is
3535: signed or verified directly instead of using a DigestInfo structure.
3536: If a digest is set then a DigestInfo
3537: structure is used and its length
3538: must correspond to the digest type.
3539: For oeap mode only encryption and decryption is supported.
3540: For x931 if the digest type is set it is used to format the block data;
3541: otherwise the first byte is used to specify the X9.31 digest ID.
3542: Sign, verify, and verifyrecover can be performed in this mode.
3543: For pss mode only sign and verify are supported and the digest type must be
3544: specified.
3545: .It rsa_pss_saltlen : Ns Ar len
3546: For pss
3547: mode only this option specifies the salt length.
3548: Two special values are supported:
3549: -1 sets the salt length to the digest length.
1.127 jmc 3550: When signing, -2 sets the salt length to the maximum permissible value.
3551: When verifying, -2 causes the salt length to be automatically determined
1.1 jsing 3552: based on the PSS block structure.
3553: .El
1.62 jmc 3554: .Pp
1.1 jsing 3555: The DSA algorithm supports the sign and verify operations.
3556: Currently there are no additional options other than
3557: .Ar digest .
3558: Only the SHA1 digest can be used and this digest is assumed by default.
1.62 jmc 3559: .Pp
1.1 jsing 3560: The DH algorithm supports the derive operation
3561: and no additional options.
1.62 jmc 3562: .Pp
1.1 jsing 3563: The EC algorithm supports the sign, verify, and derive operations.
3564: The sign and verify operations use ECDSA and derive uses ECDH.
3565: Currently there are no additional options other than
3566: .Ar digest .
3567: Only the SHA1 digest can be used and this digest is assumed by default.
1.62 jmc 3568: .It Fl pubin
3569: The input file is a public key.
3570: .It Fl rev
3571: Reverse the order of the input buffer.
3572: .It Fl sigfile Ar file
3573: Signature file (verify operation only).
3574: .It Fl sign
3575: Sign the input data and output the signed result.
3576: This requires a private key.
3577: .It Fl verify
3578: Verify the input data against the signature file and indicate if the
3579: verification succeeded or failed.
3580: .It Fl verifyrecover
3581: Verify the input data and output the recovered data.
3582: .El
1.120 kn 3583: .Tg prime
1.1 jsing 3584: .Sh PRIME
3585: .Cm openssl prime
3586: .Op Fl bits Ar n
3587: .Op Fl checks Ar n
3588: .Op Fl generate
3589: .Op Fl hex
3590: .Op Fl safe
3591: .Ar p
3592: .Pp
3593: The
3594: .Nm prime
3595: command is used to generate prime numbers,
3596: or to check numbers for primality.
3597: Results are probabilistic:
3598: they have an exceedingly high likelihood of being correct,
3599: but are not guaranteed.
3600: .Pp
3601: The options are as follows:
3602: .Bl -tag -width Ds
3603: .It Fl bits Ar n
3604: Specify the number of bits in the generated prime number.
3605: Must be used in conjunction with
3606: .Fl generate .
3607: .It Fl checks Ar n
3608: Perform a Miller-Rabin probabilistic primality test with
3609: .Ar n
3610: iterations.
3611: The default is 20.
3612: .It Fl generate
3613: Generate a pseudo-random prime number.
3614: Must be used in conjunction with
3615: .Fl bits .
3616: .It Fl hex
3617: Output in hex format.
3618: .It Fl safe
3619: Generate only
3620: .Qq safe
3621: prime numbers
3622: (i.e. a prime p so that (p-1)/2 is also prime).
3623: .It Ar p
3624: Test if number
3625: .Ar p
3626: is prime.
3627: .El
1.120 kn 3628: .Tg rand
1.1 jsing 3629: .Sh RAND
1.114 jmc 3630: .Bl -hang -width "openssl rand"
3631: .It Nm openssl rand
3632: .Bk -words
1.1 jsing 3633: .Op Fl base64
3634: .Op Fl hex
3635: .Op Fl out Ar file
3636: .Ar num
1.114 jmc 3637: .Ek
3638: .El
1.1 jsing 3639: .Pp
3640: The
3641: .Nm rand
3642: command outputs
3643: .Ar num
3644: pseudo-random bytes.
3645: .Pp
3646: The options are as follows:
3647: .Bl -tag -width Ds
3648: .It Fl base64
1.81 jmc 3649: Perform base64 encoding on the output.
1.1 jsing 3650: .It Fl hex
3651: Specify hexadecimal output.
3652: .It Fl out Ar file
1.63 jmc 3653: The output file to write to,
3654: or standard output if not specified.
1.1 jsing 3655: .El
1.120 kn 3656: .Tg req
1.1 jsing 3657: .Sh REQ
1.114 jmc 3658: .Bl -hang -width "openssl req"
3659: .It Nm openssl req
3660: .Bk -words
1.115 inoguchi 3661: .Op Fl addext Ar ext
1.1 jsing 3662: .Op Fl batch
3663: .Op Fl config Ar file
3664: .Op Fl days Ar n
3665: .Op Fl extensions Ar section
3666: .Op Fl in Ar file
1.63 jmc 3667: .Op Fl inform Cm der | pem
1.1 jsing 3668: .Op Fl key Ar keyfile
1.63 jmc 3669: .Op Fl keyform Cm der | pem
1.1 jsing 3670: .Op Fl keyout Ar file
1.28 doug 3671: .Op Fl md4 | md5 | sha1
1.1 jsing 3672: .Op Fl modulus
1.107 inoguchi 3673: .Op Fl multivalue-rdn
1.1 jsing 3674: .Op Fl nameopt Ar option
3675: .Op Fl new
3676: .Op Fl newhdr
3677: .Op Fl newkey Ar arg
3678: .Op Fl nodes
3679: .Op Fl noout
3680: .Op Fl out Ar file
1.63 jmc 3681: .Op Fl outform Cm der | pem
1.1 jsing 3682: .Op Fl passin Ar arg
3683: .Op Fl passout Ar arg
1.107 inoguchi 3684: .Op Fl pkeyopt Ar opt:value
1.1 jsing 3685: .Op Fl pubkey
3686: .Op Fl reqexts Ar section
3687: .Op Fl reqopt Ar option
3688: .Op Fl set_serial Ar n
1.107 inoguchi 3689: .Op Fl sigopt Ar nm:v
1.1 jsing 3690: .Op Fl subj Ar arg
3691: .Op Fl subject
3692: .Op Fl text
3693: .Op Fl utf8
3694: .Op Fl verbose
3695: .Op Fl verify
3696: .Op Fl x509
1.114 jmc 3697: .Ek
3698: .El
1.1 jsing 3699: .Pp
3700: The
3701: .Nm req
3702: command primarily creates and processes certificate requests
3703: in PKCS#10 format.
3704: It can additionally create self-signed certificates,
3705: for use as root CAs, for example.
3706: .Pp
3707: The options are as follows:
3708: .Bl -tag -width Ds
1.115 inoguchi 3709: .It Fl addext Ar ext
3710: Add a specific extension to the certificate (if the
3711: .Fl x509
3712: option is present) or certificate request.
3713: The argument must have the form of a key=value pair as it would appear in a
3714: config file.
3715: This option can be given multiple times.
1.1 jsing 3716: .It Fl batch
3717: Non-interactive mode.
3718: .It Fl config Ar file
1.63 jmc 3719: Specify an alternative configuration file.
1.1 jsing 3720: .It Fl days Ar n
1.63 jmc 3721: Specify the number of days to certify the certificate for.
3722: The default is 30 days.
3723: Used with the
1.1 jsing 3724: .Fl x509
1.63 jmc 3725: option.
1.1 jsing 3726: .It Fl extensions Ar section , Fl reqexts Ar section
1.63 jmc 3727: Specify alternative sections to include certificate
3728: extensions (with
3729: .Fl x509 )
3730: or certificate request extensions,
3731: allowing several different sections to be used in the same configuration file.
1.1 jsing 3732: .It Fl in Ar file
1.63 jmc 3733: The input file to read a request from,
3734: or standard input if not specified.
1.1 jsing 3735: A request is only read if the creation options
3736: .Fl new
3737: and
3738: .Fl newkey
3739: are not specified.
1.63 jmc 3740: .It Fl inform Cm der | pem
3741: The input format.
1.1 jsing 3742: .It Fl key Ar keyfile
1.63 jmc 3743: The file to read the private key from.
1.1 jsing 3744: It also accepts PKCS#8 format private keys for PEM format files.
1.63 jmc 3745: .It Fl keyform Cm der | pem
1.1 jsing 3746: The format of the private key file specified in the
3747: .Fl key
3748: argument.
1.81 jmc 3749: The default is
3750: .Cm pem .
1.1 jsing 3751: .It Fl keyout Ar file
1.63 jmc 3752: The file to write the newly created private key to.
3753: If this option is not specified,
3754: the filename present in the configuration file is used.
1.4 sthen 3755: .It Fl md5 | sha1 | sha256
1.63 jmc 3756: The message digest to sign the request with.
1.1 jsing 3757: This overrides the digest algorithm specified in the configuration file.
3758: .Pp
3759: Some public key algorithms may override this choice.
3760: For instance, DSA signatures always use SHA1.
3761: .It Fl modulus
1.63 jmc 3762: Print the value of the modulus of the public key contained in the request.
1.107 inoguchi 3763: .It Fl multivalue-rdn
3764: This option causes the
3765: .Fl subj
3766: argument to be interpreted with full support for multivalued RDNs,
3767: for example
3768: .Qq "/DC=org/DC=OpenSSL/DC=users/UID=123456+CN=John Doe" .
3769: If
3770: .Fl multivalue-rdn
3771: is not used, the UID value is set to
3772: .Qq "123456+CN=John Doe" .
1.1 jsing 3773: .It Fl nameopt Ar option , Fl reqopt Ar option
1.63 jmc 3774: Determine how the subject or issuer names are displayed.
1.1 jsing 3775: .Ar option
1.63 jmc 3776: can be a single option or multiple options separated by commas.
1.1 jsing 3777: Alternatively, these options may be used more than once to set multiple options.
3778: See the
3779: .Sx X509
3780: section below for details.
3781: .It Fl new
1.63 jmc 3782: Generate a new certificate request.
3783: The user is prompted for the relevant field values.
1.1 jsing 3784: The actual fields prompted for and their maximum and minimum sizes
3785: are specified in the configuration file and any requested extensions.
3786: .Pp
3787: If the
3788: .Fl key
3789: option is not used, it will generate a new RSA private
3790: key using information specified in the configuration file.
3791: .It Fl newhdr
1.63 jmc 3792: Add the word NEW to the PEM file header and footer lines
1.112 inoguchi 3793: on the outputted request.
1.63 jmc 3794: Some software and CAs need this.
1.1 jsing 3795: .It Fl newkey Ar arg
1.63 jmc 3796: Create a new certificate request and a new private key.
1.1 jsing 3797: The argument takes one of several forms.
1.63 jmc 3798: .Pp
3799: .No rsa : Ns Ar nbits
3800: generates an RSA key
1.1 jsing 3801: .Ar nbits
3802: in size.
3803: If
3804: .Ar nbits
1.63 jmc 3805: is omitted
3806: the default key size is used.
3807: .Pp
3808: .No dsa : Ns Ar file
3809: generates a DSA key using the parameters in
3810: .Ar file .
3811: .Pp
3812: .No param : Ns Ar file
3813: generates a key using the parameters or certificate in
3814: .Ar file .
3815: .Pp
3816: All other algorithms support the form
3817: .Ar algorithm : Ns Ar file ,
1.1 jsing 3818: where file may be an algorithm parameter file,
3819: created by the
3820: .Cm genpkey -genparam
1.14 jmc 3821: command or an X.509 certificate for a key with appropriate algorithm.
1.63 jmc 3822: .Ar file
3823: can be omitted,
3824: in which case any parameters can be specified via the
1.1 jsing 3825: .Fl pkeyopt
3826: option.
3827: .It Fl nodes
1.63 jmc 3828: Do not encrypt the private key.
1.1 jsing 3829: .It Fl noout
1.63 jmc 3830: Do not output the encoded version of the request.
1.1 jsing 3831: .It Fl out Ar file
1.63 jmc 3832: The output file to write to,
1.99 jmc 3833: or standard output if not specified.
1.63 jmc 3834: .It Fl outform Cm der | pem
3835: The output format.
1.1 jsing 3836: .It Fl passin Ar arg
3837: The key password source.
3838: .It Fl passout Ar arg
3839: The output file password source.
1.107 inoguchi 3840: .It Fl pkeyopt Ar opt:value
3841: Set the public key algorithm option
3842: .Ar opt
3843: to
3844: .Ar value .
1.1 jsing 3845: .It Fl pubkey
1.63 jmc 3846: Output the public key.
1.1 jsing 3847: .It Fl reqopt Ar option
3848: Customise the output format used with
3849: .Fl text .
3850: The
3851: .Ar option
3852: argument can be a single option or multiple options separated by commas.
1.63 jmc 3853: See also the discussion of
1.1 jsing 3854: .Fl certopt
1.63 jmc 3855: in the
1.1 jsing 3856: .Nm x509
3857: command.
3858: .It Fl set_serial Ar n
3859: Serial number to use when outputting a self-signed certificate.
3860: This may be specified as a decimal value or a hex value if preceded by
3861: .Sq 0x .
3862: It is possible to use negative serial numbers but this is not recommended.
1.107 inoguchi 3863: .It Fl sigopt Ar nm:v
3864: Pass options to the signature algorithm during sign operation.
3865: The names and values of these options are algorithm-specific.
1.1 jsing 3866: .It Fl subj Ar arg
1.63 jmc 3867: Replaces the subject field of an input request
3868: with the specified data and output the modified request.
3869: .Ar arg
3870: must be formatted as /type0=value0/type1=value1/type2=...;
1.1 jsing 3871: characters may be escaped by
3872: .Sq \e
1.63 jmc 3873: (backslash);
1.1 jsing 3874: no spaces are skipped.
3875: .It Fl subject
1.63 jmc 3876: Print the request subject (or certificate subject if
1.1 jsing 3877: .Fl x509
1.63 jmc 3878: is specified).
1.1 jsing 3879: .It Fl text
1.64 jmc 3880: Print the certificate request in plain text.
1.1 jsing 3881: .It Fl utf8
1.63 jmc 3882: Interpret field values as UTF8 strings, not ASCII.
1.1 jsing 3883: .It Fl verbose
3884: Print extra details about the operations being performed.
3885: .It Fl verify
1.63 jmc 3886: Verify the signature on the request.
1.1 jsing 3887: .It Fl x509
1.63 jmc 3888: Output a self-signed certificate instead of a certificate request.
3889: This is typically used to generate a test certificate or a self-signed root CA.
3890: The extensions added to the certificate (if any)
1.1 jsing 3891: are specified in the configuration file.
3892: Unless specified using the
3893: .Fl set_serial
1.63 jmc 3894: option, 0 is used for the serial number.
1.1 jsing 3895: .El
1.63 jmc 3896: .Pp
1.1 jsing 3897: The configuration options are specified in the
1.63 jmc 3898: .Qq req
1.1 jsing 3899: section of the configuration file.
1.63 jmc 3900: The options available are as follows:
1.1 jsing 3901: .Bl -tag -width "XXXX"
1.63 jmc 3902: .It Cm attributes
3903: The section containing any request attributes: its format
1.1 jsing 3904: is the same as
1.63 jmc 3905: .Cm distinguished_name .
3906: Typically these may contain the challengePassword or unstructuredName types.
3907: They are currently ignored by the
3908: .Nm openssl
1.1 jsing 3909: request signing utilities, but some CAs might want them.
1.63 jmc 3910: .It Cm default_bits
3911: The default key size, in bits.
3912: The default is 2048.
1.1 jsing 3913: It is used if the
3914: .Fl new
1.63 jmc 3915: option is used and can be overridden by using the
1.1 jsing 3916: .Fl newkey
3917: option.
1.63 jmc 3918: .It Cm default_keyfile
3919: The default file to write a private key to,
3920: or standard output if not specified.
3921: It can be overridden by the
1.1 jsing 3922: .Fl keyout
3923: option.
1.63 jmc 3924: .It Cm default_md
3925: The digest algorithm to use.
1.1 jsing 3926: Possible values include
1.63 jmc 3927: .Cm md5 ,
3928: .Cm sha1
1.1 jsing 3929: and
1.63 jmc 3930: .Cm sha256
3931: (the default).
3932: It can be overridden on the command line.
3933: .It Cm distinguished_name
3934: The section containing the distinguished name fields to
1.1 jsing 3935: prompt for when generating a certificate or certificate request.
1.63 jmc 3936: The format is described below.
3937: .It Cm encrypt_key
3938: If set to
3939: .Qq no
3940: and a private key is generated, it is not encrypted.
3941: It is equivalent to the
1.1 jsing 3942: .Fl nodes
1.63 jmc 3943: option.
1.1 jsing 3944: For compatibility,
1.63 jmc 3945: .Cm encrypt_rsa_key
1.1 jsing 3946: is an equivalent option.
1.63 jmc 3947: .It Cm input_password | output_password
3948: The passwords for the input private key file (if present)
3949: and the output private key file (if one will be created).
1.1 jsing 3950: The command line options
3951: .Fl passin
3952: and
3953: .Fl passout
3954: override the configuration file values.
1.63 jmc 3955: .It Cm oid_file
3956: A file containing additional OBJECT IDENTIFIERS.
1.1 jsing 3957: Each line of the file should consist of the numerical form of the
3958: object identifier, followed by whitespace, then the short name followed
3959: by whitespace and finally the long name.
1.63 jmc 3960: .It Cm oid_section
3961: Specify a section in the configuration file containing extra
1.1 jsing 3962: object identifiers.
3963: Each line should consist of the short name of the
3964: object identifier followed by
3965: .Sq =
3966: and the numerical form.
3967: The short and long names are the same when this option is used.
1.63 jmc 3968: .It Cm prompt
3969: If set to
3970: .Qq no ,
3971: it disables prompting of certificate fields
1.1 jsing 3972: and just takes values from the config file directly.
3973: It also changes the expected format of the
1.63 jmc 3974: .Cm distinguished_name
1.1 jsing 3975: and
1.63 jmc 3976: .Cm attributes
1.1 jsing 3977: sections.
1.63 jmc 3978: .It Cm req_extensions
3979: The configuration file section containing a list of
1.1 jsing 3980: extensions to add to the certificate request.
3981: It can be overridden by the
3982: .Fl reqexts
1.63 jmc 3983: option.
3984: .It Cm string_mask
3985: Limit the string types for encoding certain fields.
1.1 jsing 3986: The following values may be used, limiting strings to the indicated types:
3987: .Bl -tag -width "MASK:number"
1.63 jmc 3988: .It Cm utf8only
3989: UTF8String.
1.1 jsing 3990: This is the default, as recommended by PKIX in RFC 2459.
1.63 jmc 3991: .It Cm default
3992: PrintableString, IA5String, T61String, BMPString, UTF8String.
3993: .It Cm pkix
3994: PrintableString, IA5String, BMPString, UTF8String.
3995: Inspired by the PKIX recommendation in RFC 2459 for certificates
3996: generated before 2004, but differs by also permitting IA5String.
3997: .It Cm nombstr
3998: PrintableString, IA5String, T61String, UniversalString.
3999: A workaround for some ancient software that had problems
4000: with the variable-sized BMPString and UTF8String types.
1.1 jsing 4001: .It Cm MASK : Ns Ar number
1.63 jmc 4002: An explicit bitmask of permitted types, where
1.1 jsing 4003: .Ar number
4004: is a C-style hex, decimal, or octal number that's a bit-wise OR of
4005: .Dv B_ASN1_*
4006: values from
4007: .In openssl/asn1.h .
4008: .El
1.63 jmc 4009: .It Cm utf8
4010: If set to
4011: .Qq yes ,
1.72 jmc 4012: field values are interpreted as UTF8 strings.
1.63 jmc 4013: .It Cm x509_extensions
4014: The configuration file section containing a list of
1.1 jsing 4015: extensions to add to a certificate generated when the
4016: .Fl x509
4017: switch is used.
4018: It can be overridden by the
4019: .Fl extensions
1.72 jmc 4020: command line switch.
1.1 jsing 4021: .El
1.63 jmc 4022: .Pp
1.1 jsing 4023: There are two separate formats for the distinguished name and attribute
4024: sections.
4025: If the
4026: .Fl prompt
4027: option is set to
1.63 jmc 4028: .Qq no ,
1.72 jmc 4029: then these sections just consist of field names and values.
4030: If the
1.1 jsing 4031: .Fl prompt
4032: option is absent or not set to
1.63 jmc 4033: .Qq no ,
1.72 jmc 4034: then the file contains field prompting information of the form:
1.1 jsing 4035: .Bd -unfilled -offset indent
4036: fieldName="prompt"
4037: fieldName_default="default field value"
4038: fieldName_min= 2
4039: fieldName_max= 4
4040: .Ed
4041: .Pp
4042: .Qq fieldName
4043: is the field name being used, for example
1.63 jmc 4044: .Cm commonName
4045: (or CN).
1.1 jsing 4046: The
4047: .Qq prompt
4048: string is used to ask the user to enter the relevant details.
4049: If the user enters nothing, the default value is used;
4050: if no default value is present, the field is omitted.
4051: A field can still be omitted if a default value is present,
4052: if the user just enters the
4053: .Sq \&.
4054: character.
4055: .Pp
4056: The number of characters entered must be between the
1.63 jmc 4057: fieldName_min and fieldName_max limits:
1.1 jsing 4058: there may be additional restrictions based on the field being used
4059: (for example
1.63 jmc 4060: .Cm countryName
1.1 jsing 4061: can only ever be two characters long and must fit in a
1.63 jmc 4062: .Cm PrintableString ) .
1.1 jsing 4063: .Pp
4064: Some fields (such as
1.63 jmc 4065: .Cm organizationName )
1.1 jsing 4066: can be used more than once in a DN.
4067: This presents a problem because configuration files will
4068: not recognize the same name occurring twice.
4069: To avoid this problem, if the
1.63 jmc 4070: .Cm fieldName
1.1 jsing 4071: contains some characters followed by a full stop, they will be ignored.
4072: So, for example, a second
1.63 jmc 4073: .Cm organizationName
1.1 jsing 4074: can be input by calling it
4075: .Qq 1.organizationName .
4076: .Pp
4077: The actual permitted field names are any object identifier short or
4078: long names.
4079: These are compiled into
1.63 jmc 4080: .Nm openssl
1.1 jsing 4081: and include the usual values such as
1.63 jmc 4082: .Cm commonName , countryName , localityName , organizationName ,
1.89 jmc 4083: .Cm organizationalUnitName , stateOrProvinceName .
1.1 jsing 4084: Additionally,
1.63 jmc 4085: .Cm emailAddress
1.1 jsing 4086: is included as well as
1.63 jmc 4087: .Cm name , surname , givenName , initials
1.1 jsing 4088: and
1.63 jmc 4089: .Cm dnQualifier .
1.1 jsing 4090: .Pp
4091: Additional object identifiers can be defined with the
1.63 jmc 4092: .Cm oid_file
1.1 jsing 4093: or
1.63 jmc 4094: .Cm oid_section
1.1 jsing 4095: options in the configuration file.
4096: Any additional fields will be treated as though they were a
1.63 jmc 4097: .Cm DirectoryString .
1.120 kn 4098: .Tg rsa
1.1 jsing 4099: .Sh RSA
1.114 jmc 4100: .Bl -hang -width "openssl rsa"
4101: .It Nm openssl rsa
4102: .Bk -words
1.64 jmc 4103: .Op Fl aes128 | aes192 | aes256 | des | des3
1.1 jsing 4104: .Op Fl check
4105: .Op Fl in Ar file
1.108 inoguchi 4106: .Op Fl inform Cm der | net | pem | pvk
1.1 jsing 4107: .Op Fl modulus
4108: .Op Fl noout
4109: .Op Fl out Ar file
1.108 inoguchi 4110: .Op Fl outform Cm der | net | pem | pvk
1.1 jsing 4111: .Op Fl passin Ar arg
4112: .Op Fl passout Ar arg
4113: .Op Fl pubin
4114: .Op Fl pubout
1.108 inoguchi 4115: .Op Fl pvk-none | pvk-strong | pvk-weak
4116: .Op Fl RSAPublicKey_in
4117: .Op Fl RSAPublicKey_out
1.1 jsing 4118: .Op Fl text
1.114 jmc 4119: .Ek
4120: .El
1.1 jsing 4121: .Pp
4122: The
4123: .Nm rsa
4124: command processes RSA keys.
4125: They can be converted between various forms and their components printed out.
1.64 jmc 4126: .Nm rsa
4127: uses the traditional
1.1 jsing 4128: .Nm SSLeay
4129: compatible format for private key encryption:
4130: newer applications should use the more secure PKCS#8 format using the
4131: .Nm pkcs8
4132: utility.
4133: .Pp
4134: The options are as follows:
4135: .Bl -tag -width Ds
1.64 jmc 4136: .It Fl aes128 | aes192 | aes256 | des | des3
4137: Encrypt the private key with the AES, DES,
1.1 jsing 4138: or the triple DES ciphers, respectively, before outputting it.
4139: A pass phrase is prompted for.
4140: If none of these options are specified, the key is written in plain text.
4141: This means that using the
4142: .Nm rsa
4143: utility to read in an encrypted key with no encryption option can be used
4144: to remove the pass phrase from a key, or by setting the encryption options
4145: it can be used to add or change the pass phrase.
4146: These options can only be used with PEM format output files.
4147: .It Fl check
1.64 jmc 4148: Check the consistency of an RSA private key.
1.1 jsing 4149: .It Fl in Ar file
1.64 jmc 4150: The input file to read from,
4151: or standard input if not specified.
1.1 jsing 4152: If the key is encrypted, a pass phrase will be prompted for.
1.108 inoguchi 4153: .It Fl inform Cm der | net | pem | pvk
1.64 jmc 4154: The input format.
1.1 jsing 4155: .It Fl noout
1.64 jmc 4156: Do not output the encoded version of the key.
1.1 jsing 4157: .It Fl modulus
1.64 jmc 4158: Print the value of the modulus of the key.
1.1 jsing 4159: .It Fl out Ar file
1.64 jmc 4160: The output file to write to,
4161: or standard output if not specified.
1.108 inoguchi 4162: .It Fl outform Cm der | net | pem | pvk
1.64 jmc 4163: The output format.
1.1 jsing 4164: .It Fl passin Ar arg
4165: The key password source.
4166: .It Fl passout Ar arg
4167: The output file password source.
4168: .It Fl pubin
1.64 jmc 4169: Read in a public key,
4170: not a private key.
1.1 jsing 4171: .It Fl pubout
1.64 jmc 4172: Output a public key,
4173: not a private key.
4174: Automatically set if the input is a public key.
1.108 inoguchi 4175: .It Xo
4176: .Fl pvk-none | pvk-strong | pvk-weak
4177: .Xc
4178: Enable or disable PVK encoding.
4179: The default is
4180: .Fl pvk-strong .
4181: .It Fl RSAPublicKey_in , RSAPublicKey_out
4182: Same as
4183: .Fl pubin
4184: and
4185: .Fl pubout
4186: except
4187: .Cm RSAPublicKey
4188: format is used instead.
1.1 jsing 4189: .It Fl text
1.64 jmc 4190: Print the public/private key components in plain text.
1.1 jsing 4191: .El
1.120 kn 4192: .Tg rsautl
1.1 jsing 4193: .Sh RSAUTL
1.114 jmc 4194: .Bl -hang -width "openssl rsautl"
4195: .It Nm openssl rsautl
4196: .Bk -words
1.1 jsing 4197: .Op Fl asn1parse
4198: .Op Fl certin
4199: .Op Fl decrypt
4200: .Op Fl encrypt
4201: .Op Fl hexdump
4202: .Op Fl in Ar file
4203: .Op Fl inkey Ar file
1.65 jmc 4204: .Op Fl keyform Cm der | pem
1.100 tb 4205: .Op Fl oaep | pkcs | raw | x931
1.1 jsing 4206: .Op Fl out Ar file
1.100 tb 4207: .Op Fl passin Ar arg
1.1 jsing 4208: .Op Fl pubin
1.100 tb 4209: .Op Fl rev
1.1 jsing 4210: .Op Fl sign
4211: .Op Fl verify
1.114 jmc 4212: .Ek
4213: .El
1.1 jsing 4214: .Pp
4215: The
4216: .Nm rsautl
4217: command can be used to sign, verify, encrypt and decrypt
4218: data using the RSA algorithm.
4219: .Pp
4220: The options are as follows:
4221: .Bl -tag -width Ds
4222: .It Fl asn1parse
4223: Asn1parse the output data; this is useful when combined with the
4224: .Fl verify
4225: option.
4226: .It Fl certin
4227: The input is a certificate containing an RSA public key.
4228: .It Fl decrypt
4229: Decrypt the input data using an RSA private key.
4230: .It Fl encrypt
4231: Encrypt the input data using an RSA public key.
4232: .It Fl hexdump
4233: Hex dump the output data.
4234: .It Fl in Ar file
1.65 jmc 4235: The input to read from,
4236: or standard input if not specified.
1.1 jsing 4237: .It Fl inkey Ar file
1.65 jmc 4238: The input key file; by default an RSA private key.
4239: .It Fl keyform Cm der | pem
1.85 tb 4240: The private key format.
1.65 jmc 4241: The default is
4242: .Cm pem .
1.100 tb 4243: .It Fl oaep | pkcs | raw | x931
1.1 jsing 4244: The padding to use:
1.100 tb 4245: PKCS#1 OAEP, PKCS#1 v1.5 (the default), no padding, or ANSI X9.31,
4246: respectively.
1.1 jsing 4247: For signatures, only
4248: .Fl pkcs
4249: and
4250: .Fl raw
4251: can be used.
4252: .It Fl out Ar file
1.65 jmc 4253: The output file to write to,
4254: or standard output if not specified.
1.100 tb 4255: .It Fl passin Ar arg
4256: The key password source.
1.1 jsing 4257: .It Fl pubin
4258: The input file is an RSA public key.
1.100 tb 4259: .It Fl rev
4260: Reverse the order of the input buffer.
1.1 jsing 4261: .It Fl sign
4262: Sign the input data and output the signed result.
4263: This requires an RSA private key.
4264: .It Fl verify
4265: Verify the input data and output the recovered data.
4266: .El
1.120 kn 4267: .Tg s_client
1.1 jsing 4268: .Sh S_CLIENT
1.114 jmc 4269: .Bl -hang -width "openssl s_client"
4270: .It Nm openssl s_client
4271: .Bk -words
1.1 jsing 4272: .Op Fl 4 | 6
1.110 inoguchi 4273: .Op Fl alpn Ar protocols
1.1 jsing 4274: .Op Fl bugs
4275: .Op Fl CAfile Ar file
4276: .Op Fl CApath Ar directory
4277: .Op Fl cert Ar file
1.110 inoguchi 4278: .Op Fl certform Cm der | pem
1.1 jsing 4279: .Op Fl check_ss_sig
4280: .Op Fl cipher Ar cipherlist
1.66 jmc 4281: .Op Fl connect Ar host Ns Op : Ns Ar port
1.1 jsing 4282: .Op Fl crl_check
4283: .Op Fl crl_check_all
4284: .Op Fl crlf
4285: .Op Fl debug
1.129 jsing 4286: .Op Fl dtls
1.110 inoguchi 4287: .Op Fl dtls1
1.129 jsing 4288: .Op Fl dtls1_2
1.1 jsing 4289: .Op Fl extended_crl
1.121 schwarze 4290: .Op Fl groups Ar list
1.110 inoguchi 4291: .Op Fl host Ar host
1.1 jsing 4292: .Op Fl ign_eof
4293: .Op Fl ignore_critical
4294: .Op Fl issuer_checks
4295: .Op Fl key Ar keyfile
1.110 inoguchi 4296: .Op Fl keyform Cm der | pem
4297: .Op Fl keymatexport Ar label
4298: .Op Fl keymatexportlen Ar len
4299: .Op Fl legacy_server_connect
1.1 jsing 4300: .Op Fl msg
1.110 inoguchi 4301: .Op Fl mtu Ar mtu
1.1 jsing 4302: .Op Fl nbio
4303: .Op Fl nbio_test
1.110 inoguchi 4304: .Op Fl no_comp
4305: .Op Fl no_ign_eof
4306: .Op Fl no_legacy_server_connect
1.1 jsing 4307: .Op Fl no_ticket
4308: .Op Fl no_tls1
1.6 guenther 4309: .Op Fl no_tls1_1
4310: .Op Fl no_tls1_2
1.119 jsing 4311: .Op Fl no_tls1_3
1.110 inoguchi 4312: .Op Fl pass Ar arg
1.1 jsing 4313: .Op Fl pause
4314: .Op Fl policy_check
1.110 inoguchi 4315: .Op Fl port Ar port
1.1 jsing 4316: .Op Fl prexit
1.11 bluhm 4317: .Op Fl proxy Ar host : Ns Ar port
1.1 jsing 4318: .Op Fl quiet
4319: .Op Fl reconnect
1.5 jsing 4320: .Op Fl servername Ar name
1.110 inoguchi 4321: .Op Fl serverpref
4322: .Op Fl sess_in Ar file
4323: .Op Fl sess_out Ar file
1.1 jsing 4324: .Op Fl showcerts
4325: .Op Fl starttls Ar protocol
4326: .Op Fl state
1.110 inoguchi 4327: .Op Fl status
4328: .Op Fl timeout
1.1 jsing 4329: .Op Fl tls1
1.31 jmc 4330: .Op Fl tls1_1
4331: .Op Fl tls1_2
1.119 jsing 4332: .Op Fl tls1_3
1.1 jsing 4333: .Op Fl tlsextdebug
1.110 inoguchi 4334: .Op Fl use_srtp Ar profiles
1.1 jsing 4335: .Op Fl verify Ar depth
1.110 inoguchi 4336: .Op Fl verify_return_error
1.1 jsing 4337: .Op Fl x509_strict
1.19 landry 4338: .Op Fl xmpphost Ar host
1.114 jmc 4339: .Ek
4340: .El
1.1 jsing 4341: .Pp
4342: The
4343: .Nm s_client
4344: command implements a generic SSL/TLS client which connects
4345: to a remote host using SSL/TLS.
1.66 jmc 4346: .Pp
4347: If a connection is established with an SSL server, any data received
4348: from the server is displayed and any key presses will be sent to the
4349: server.
4350: When used interactively (which means neither
4351: .Fl quiet
4352: nor
4353: .Fl ign_eof
4354: have been given), the session will be renegotiated if the line begins with an
4355: .Cm R ;
4356: if the line begins with a
4357: .Cm Q
4358: or if end of file is reached, the connection will be closed down.
1.1 jsing 4359: .Pp
4360: The options are as follows:
4361: .Bl -tag -width Ds
4362: .It Fl 4
1.66 jmc 4363: Attempt connections using IPv4 only.
1.1 jsing 4364: .It Fl 6
1.66 jmc 4365: Attempt connections using IPv6 only.
1.110 inoguchi 4366: .It Fl alpn Ar protocols
4367: Enable the Application-Layer Protocol Negotiation.
4368: .Ar protocols
4369: is a comma-separated list of protocol names that the client should advertise
4370: support for.
1.1 jsing 4371: .It Fl bugs
1.66 jmc 4372: Enable various workarounds for buggy implementations.
1.1 jsing 4373: .It Fl CAfile Ar file
4374: A
4375: .Ar file
4376: containing trusted certificates to use during server authentication
4377: and to use when attempting to build the client certificate chain.
4378: .It Fl CApath Ar directory
4379: The
4380: .Ar directory
4381: to use for server certificate verification.
4382: This directory must be in
4383: .Qq hash format ;
4384: see
4385: .Fl verify
4386: for more information.
4387: These are also used when building the client certificate chain.
4388: .It Fl cert Ar file
4389: The certificate to use, if one is requested by the server.
4390: The default is not to use a certificate.
1.110 inoguchi 4391: .It Fl certform Cm der | pem
4392: The certificate format.
4393: The default is
4394: .Cm pem .
1.1 jsing 4395: .It Xo
4396: .Fl check_ss_sig ,
4397: .Fl crl_check ,
4398: .Fl crl_check_all ,
4399: .Fl extended_crl ,
4400: .Fl ignore_critical ,
4401: .Fl issuer_checks ,
4402: .Fl policy_check ,
4403: .Fl x509_strict
4404: .Xc
4405: Set various certificate chain validation options.
4406: See the
1.66 jmc 4407: .Nm verify
1.1 jsing 4408: command for details.
4409: .It Fl cipher Ar cipherlist
1.66 jmc 4410: Modify the cipher list sent by the client.
1.1 jsing 4411: Although the server determines which cipher suite is used, it should take
4412: the first supported cipher in the list sent by the client.
4413: See the
1.66 jmc 4414: .Nm ciphers
4415: command for more information.
4416: .It Fl connect Ar host Ns Op : Ns Ar port
4417: The
1.1 jsing 4418: .Ar host
1.66 jmc 4419: and
1.1 jsing 4420: .Ar port
4421: to connect to.
4422: If not specified, an attempt is made to connect to the local host
4423: on port 4433.
4424: Alternatively, the host and port pair may be separated using a forward-slash
1.66 jmc 4425: character,
4426: which is useful for numeric IPv6 addresses.
1.1 jsing 4427: .It Fl crlf
1.66 jmc 4428: Translate a line feed from the terminal into CR+LF,
4429: as required by some servers.
1.1 jsing 4430: .It Fl debug
1.66 jmc 4431: Print extensive debugging information, including a hex dump of all traffic.
1.129 jsing 4432: .It Fl dtls
4433: Permit any version of DTLS.
1.110 inoguchi 4434: .It Fl dtls1
4435: Permit only DTLS1.0.
1.129 jsing 4436: .It Fl dtls1_2
4437: Permit only DTLS1.2.
1.121 schwarze 4438: .It Fl groups Ar list
4439: Set the supported elliptic curve groups to the colon separated
4440: .Ar list
4441: of group NIDs or names as documented in
4442: .Xr SSL_CTX_set1_groups_list 3 .
1.110 inoguchi 4443: .It Fl host Ar host
4444: The
4445: .Ar host
4446: to connect to.
4447: The default is localhost.
1.1 jsing 4448: .It Fl ign_eof
1.66 jmc 4449: Inhibit shutting down the connection when end of file is reached in the input.
1.1 jsing 4450: .It Fl key Ar keyfile
4451: The private key to use.
4452: If not specified, the certificate file will be used.
1.110 inoguchi 4453: .It Fl keyform Cm der | pem
4454: The private key format.
4455: The default is
4456: .Cm pem .
4457: .It Fl keymatexport Ar label
4458: Export keying material using label.
4459: .It Fl keymatexportlen Ar len
4460: Export len bytes of keying material (default 20).
4461: .It Fl legacy_server_connect , no_legacy_server_connect
4462: Allow or disallow initial connection to servers that don't support RI.
1.1 jsing 4463: .It Fl msg
4464: Show all protocol messages with hex dump.
1.110 inoguchi 4465: .It Fl mtu Ar mtu
4466: Set the link layer MTU.
1.1 jsing 4467: .It Fl nbio
1.66 jmc 4468: Turn on non-blocking I/O.
1.1 jsing 4469: .It Fl nbio_test
1.66 jmc 4470: Test non-blocking I/O.
1.110 inoguchi 4471: .It Fl no_ign_eof
4472: Shut down the connection when end of file is reached in the input.
4473: Can be used to override the implicit
4474: .Fl ign_eof
4475: after
4476: .Fl quiet .
1.119 jsing 4477: .It Fl no_tls1 | no_tls1_1 | no_tls1_2 | no_tls1_3
4478: Disable the use of TLS1.0, 1.1, 1.2 and 1.3 respectively.
1.1 jsing 4479: .It Fl no_ticket
4480: Disable RFC 4507 session ticket support.
1.110 inoguchi 4481: .It Fl pass Ar arg
4482: The private key password source.
1.1 jsing 4483: .It Fl pause
1.66 jmc 4484: Pause 1 second between each read and write call.
1.110 inoguchi 4485: .It Fl port Ar port
4486: The
4487: .Ar port
4488: to connect to.
4489: The default is 4433.
1.1 jsing 4490: .It Fl prexit
4491: Print session information when the program exits.
4492: This will always attempt
4493: to print out information even if the connection fails.
4494: Normally, information will only be printed out once if the connection succeeds.
4495: This option is useful because the cipher in use may be renegotiated
4496: or the connection may fail because a client certificate is required or is
4497: requested only after an attempt is made to access a certain URL.
1.66 jmc 4498: Note that the output produced by this option is not always accurate
4499: because a connection might never have been established.
1.11 bluhm 4500: .It Fl proxy Ar host : Ns Ar port
4501: Use the HTTP proxy at
4502: .Ar host
4503: and
4504: .Ar port .
4505: The connection to the proxy is done in cleartext and the
4506: .Fl connect
4507: argument is given to the proxy.
4508: If not specified, localhost is used as final destination.
4509: After that, switch the connection through the proxy to the destination
4510: to TLS.
1.1 jsing 4511: .It Fl quiet
4512: Inhibit printing of session and certificate information.
4513: This implicitly turns on
4514: .Fl ign_eof
4515: as well.
4516: .It Fl reconnect
1.66 jmc 4517: Reconnect to the same server 5 times using the same session ID; this can
1.1 jsing 4518: be used as a test that session caching is working.
1.5 jsing 4519: .It Fl servername Ar name
4520: Include the TLS Server Name Indication (SNI) extension in the ClientHello
4521: message, using the specified server
4522: .Ar name .
1.1 jsing 4523: .It Fl showcerts
4524: Display the whole server certificate chain: normally only the server
4525: certificate itself is displayed.
1.110 inoguchi 4526: .It Fl serverpref
4527: Use the server's cipher preferences.
4528: .It Fl sess_in Ar file
4529: Load TLS session from file.
4530: The client will attempt to resume a connection from this session.
4531: .It Fl sess_out Ar file
4532: Output TLS session to file.
1.1 jsing 4533: .It Fl starttls Ar protocol
1.66 jmc 4534: Send the protocol-specific messages to switch to TLS for communication.
1.1 jsing 4535: .Ar protocol
4536: is a keyword for the intended protocol.
4537: Currently, the supported keywords are
4538: .Qq ftp ,
4539: .Qq imap ,
4540: .Qq smtp ,
4541: .Qq pop3 ,
4542: and
4543: .Qq xmpp .
4544: .It Fl state
1.66 jmc 4545: Print the SSL session states.
1.110 inoguchi 4546: .It Fl status
4547: Send a certificate status request to the server (OCSP stapling).
4548: The server response (if any) is printed out.
4549: .It Fl timeout
4550: Enable send/receive timeout on DTLS connections.
1.119 jsing 4551: .It Fl tls1 | tls1_1 | tls1_2 | tls1_3
4552: Permit only TLS1.0, 1.1, 1.2 or 1.3 respectively.
1.1 jsing 4553: .It Fl tlsextdebug
1.66 jmc 4554: Print a hex dump of any TLS extensions received from the server.
1.110 inoguchi 4555: .It Fl use_srtp Ar profiles
4556: Offer SRTP key management with a colon-separated profile list.
1.1 jsing 4557: .It Fl verify Ar depth
1.66 jmc 4558: Turn on server certificate verification,
4559: with a maximum length of
4560: .Ar depth .
1.1 jsing 4561: Currently the verify operation continues after errors so all the problems
4562: with a certificate chain can be seen.
4563: As a side effect the connection will never fail due to a server
4564: certificate verify failure.
1.110 inoguchi 4565: .It Fl verify_return_error
4566: Return verification error.
1.19 landry 4567: .It Fl xmpphost Ar hostname
1.66 jmc 4568: When used with
1.19 landry 4569: .Fl starttls Ar xmpp ,
1.66 jmc 4570: specify the host for the "to" attribute of the stream element.
1.19 landry 4571: If this option is not specified then the host specified with
4572: .Fl connect
4573: will be used.
1.1 jsing 4574: .El
1.120 kn 4575: .Tg s_server
1.1 jsing 4576: .Sh S_SERVER
1.114 jmc 4577: .Bl -hang -width "openssl s_server"
4578: .It Nm openssl s_server
4579: .Bk -words
1.1 jsing 4580: .Op Fl accept Ar port
1.111 inoguchi 4581: .Op Fl alpn Ar protocols
1.1 jsing 4582: .Op Fl bugs
4583: .Op Fl CAfile Ar file
4584: .Op Fl CApath Ar directory
4585: .Op Fl cert Ar file
1.111 inoguchi 4586: .Op Fl cert2 Ar file
4587: .Op Fl certform Cm der | pem
1.1 jsing 4588: .Op Fl cipher Ar cipherlist
4589: .Op Fl context Ar id
4590: .Op Fl crl_check
4591: .Op Fl crl_check_all
4592: .Op Fl crlf
4593: .Op Fl dcert Ar file
1.111 inoguchi 4594: .Op Fl dcertform Cm der | pem
1.1 jsing 4595: .Op Fl debug
4596: .Op Fl dhparam Ar file
4597: .Op Fl dkey Ar file
1.111 inoguchi 4598: .Op Fl dkeyform Cm der | pem
4599: .Op Fl dpass Ar arg
1.129 jsing 4600: .Op Fl dtls
1.111 inoguchi 4601: .Op Fl dtls1
1.129 jsing 4602: .Op Fl dtls1_2
1.121 schwarze 4603: .Op Fl groups Ar list
1.1 jsing 4604: .Op Fl HTTP
4605: .Op Fl id_prefix Ar arg
4606: .Op Fl key Ar keyfile
1.111 inoguchi 4607: .Op Fl key2 Ar keyfile
4608: .Op Fl keyform Cm der | pem
4609: .Op Fl keymatexport Ar label
4610: .Op Fl keymatexportlen Ar len
1.1 jsing 4611: .Op Fl msg
1.111 inoguchi 4612: .Op Fl mtu Ar mtu
1.130 tb 4613: .Op Fl naccept Ar num
1.111 inoguchi 4614: .Op Fl named_curve Ar arg
1.1 jsing 4615: .Op Fl nbio
4616: .Op Fl nbio_test
1.111 inoguchi 4617: .Op Fl no_cache
1.1 jsing 4618: .Op Fl no_dhe
1.111 inoguchi 4619: .Op Fl no_ecdhe
4620: .Op Fl no_ticket
1.1 jsing 4621: .Op Fl no_tls1
1.6 guenther 4622: .Op Fl no_tls1_1
4623: .Op Fl no_tls1_2
1.122 inoguchi 4624: .Op Fl no_tls1_3
1.1 jsing 4625: .Op Fl no_tmp_rsa
4626: .Op Fl nocert
1.111 inoguchi 4627: .Op Fl pass Ar arg
1.1 jsing 4628: .Op Fl quiet
1.111 inoguchi 4629: .Op Fl servername Ar name
4630: .Op Fl servername_fatal
1.1 jsing 4631: .Op Fl serverpref
4632: .Op Fl state
1.111 inoguchi 4633: .Op Fl status
4634: .Op Fl status_timeout Ar nsec
4635: .Op Fl status_url Ar url
4636: .Op Fl status_verbose
4637: .Op Fl timeout
1.1 jsing 4638: .Op Fl tls1
1.31 jmc 4639: .Op Fl tls1_1
4640: .Op Fl tls1_2
1.122 inoguchi 4641: .Op Fl tls1_3
1.111 inoguchi 4642: .Op Fl tlsextdebug
4643: .Op Fl use_srtp Ar profiles
1.1 jsing 4644: .Op Fl Verify Ar depth
4645: .Op Fl verify Ar depth
1.111 inoguchi 4646: .Op Fl verify_return_error
1.1 jsing 4647: .Op Fl WWW
4648: .Op Fl www
1.114 jmc 4649: .Ek
4650: .El
1.1 jsing 4651: .Pp
4652: The
4653: .Nm s_server
4654: command implements a generic SSL/TLS server which listens
4655: for connections on a given port using SSL/TLS.
4656: .Pp
1.67 jmc 4657: If a connection request is established with a client and neither the
4658: .Fl www
4659: nor the
4660: .Fl WWW
4661: option has been used, then any data received
4662: from the client is displayed and any key presses are sent to the client.
4663: Certain single letter commands perform special operations:
4664: .Pp
4665: .Bl -tag -width "XXXX" -compact
4666: .It Ic P
4667: Send plain text, which should cause the client to disconnect.
4668: .It Ic Q
4669: End the current SSL connection and exit.
4670: .It Ic q
4671: End the current SSL connection, but still accept new connections.
4672: .It Ic R
4673: Renegotiate the SSL session and request a client certificate.
4674: .It Ic r
4675: Renegotiate the SSL session.
4676: .It Ic S
4677: Print out some session cache status information.
4678: .El
4679: .Pp
1.1 jsing 4680: The options are as follows:
4681: .Bl -tag -width Ds
1.113 inoguchi 4682: .It Fl accept Ar port
1.67 jmc 4683: Listen on TCP
1.1 jsing 4684: .Ar port
1.67 jmc 4685: for connections.
4686: The default is port 4433.
1.111 inoguchi 4687: .It Fl alpn Ar protocols
4688: Enable the Application-Layer Protocol Negotiation.
4689: .Ar protocols
4690: is a comma-separated list of supported protocol names.
1.1 jsing 4691: .It Fl bugs
1.67 jmc 4692: Enable various workarounds for buggy implementations.
1.1 jsing 4693: .It Fl CAfile Ar file
1.67 jmc 4694: A
4695: .Ar file
4696: containing trusted certificates to use during client authentication
1.1 jsing 4697: and to use when attempting to build the server certificate chain.
4698: The list is also used in the list of acceptable client CAs passed to the
4699: client when a certificate is requested.
4700: .It Fl CApath Ar directory
4701: The
4702: .Ar directory
4703: to use for client certificate verification.
4704: This directory must be in
4705: .Qq hash format ;
4706: see
4707: .Fl verify
4708: for more information.
4709: These are also used when building the server certificate chain.
4710: .It Fl cert Ar file
1.67 jmc 4711: The certificate to use: most server's cipher suites require the use of a
4712: certificate and some require a certificate with a certain public key type.
4713: For example, the DSS cipher suites require a certificate containing a DSS
4714: (DSA) key.
1.1 jsing 4715: If not specified, the file
4716: .Pa server.pem
4717: will be used.
1.111 inoguchi 4718: .It Fl cert2 Ar file
4719: The certificate to use for servername.
4720: .It Fl certform Cm der | pem
4721: The certificate format.
4722: The default is
4723: .Cm pem .
1.1 jsing 4724: .It Fl cipher Ar cipherlist
1.67 jmc 4725: Modify the cipher list used by the server.
1.1 jsing 4726: This allows the cipher list used by the server to be modified.
4727: When the client sends a list of supported ciphers, the first client cipher
4728: also included in the server list is used.
4729: Because the client specifies the preference order, the order of the server
4730: cipherlist is irrelevant.
4731: See the
1.67 jmc 4732: .Nm ciphers
4733: command for more information.
1.1 jsing 4734: .It Fl context Ar id
1.67 jmc 4735: Set the SSL context ID.
1.1 jsing 4736: It can be given any string value.
4737: .It Fl crl_check , crl_check_all
4738: Check the peer certificate has not been revoked by its CA.
4739: The CRLs are appended to the certificate file.
4740: .Fl crl_check_all
1.67 jmc 4741: checks all CRLs of all CAs in the chain.
1.1 jsing 4742: .It Fl crlf
1.67 jmc 4743: Translate a line feed from the terminal into CR+LF.
1.1 jsing 4744: .It Fl dcert Ar file , Fl dkey Ar file
4745: Specify an additional certificate and private key; these behave in the
4746: same manner as the
4747: .Fl cert
4748: and
4749: .Fl key
4750: options except there is no default if they are not specified
1.67 jmc 4751: (no additional certificate or key is used).
1.1 jsing 4752: By using RSA and DSS certificates and keys,
4753: a server can support clients which only support RSA or DSS cipher suites
4754: by using an appropriate certificate.
1.111 inoguchi 4755: .It Fl dcertform Cm der | pem , Fl dkeyform Cm der | pem , Fl dpass Ar arg
4756: Additional certificate and private key format, and private key password source,
4757: respectively.
1.1 jsing 4758: .It Fl debug
1.67 jmc 4759: Print extensive debugging information, including a hex dump of all traffic.
1.1 jsing 4760: .It Fl dhparam Ar file
4761: The DH parameter file to use.
4762: The ephemeral DH cipher suites generate keys
4763: using a set of DH parameters.
4764: If not specified, an attempt is made to
4765: load the parameters from the server certificate file.
4766: If this fails, a static set of parameters hard coded into the
4767: .Nm s_server
4768: program will be used.
1.129 jsing 4769: .It Fl dtls
4770: Permit any version of DTLS.
1.111 inoguchi 4771: .It Fl dtls1
4772: Permit only DTLS1.0.
1.129 jsing 4773: .It Fl dtls1_2
4774: Permit only DTLS1.2.
1.121 schwarze 4775: .It Fl groups Ar list
4776: Set the supported elliptic curve groups to the colon separated
4777: .Ar list
4778: of group NIDs or names as documented in
4779: .Xr SSL_CTX_set1_groups_list 3 .
1.1 jsing 4780: .It Fl HTTP
1.67 jmc 4781: Emulate a simple web server.
4782: Pages are resolved relative to the current directory.
4783: For example if the URL
1.1 jsing 4784: .Pa https://myhost/page.html
4785: is requested, the file
4786: .Pa ./page.html
4787: will be loaded.
4788: The files loaded are assumed to contain a complete and correct HTTP
4789: response (lines that are part of the HTTP response line and headers
4790: must end with CRLF).
4791: .It Fl id_prefix Ar arg
4792: Generate SSL/TLS session IDs prefixed by
4793: .Ar arg .
4794: This is mostly useful for testing any SSL/TLS code
1.81 jmc 4795: that wish to deal with multiple servers,
4796: when each of which might be generating a unique range of session IDs.
1.1 jsing 4797: .It Fl key Ar keyfile
4798: The private key to use.
4799: If not specified, the certificate file will be used.
1.111 inoguchi 4800: .It Fl key2 Ar keyfile
4801: The private key to use for servername.
4802: .It Fl keyform Cm der | pem
4803: The private key format.
4804: The default is
4805: .Cm pem .
4806: .It Fl keymatexport Ar label
4807: Export keying material using label.
4808: .It Fl keymatexportlen Ar len
4809: Export len bytes of keying material (default 20).
1.1 jsing 4810: .It Fl msg
4811: Show all protocol messages with hex dump.
1.111 inoguchi 4812: .It Fl mtu Ar mtu
4813: Set the link layer MTU.
1.130 tb 4814: .It Fl naccept Ar num
4815: Terminate server after
4816: .Ar num
4817: connections.
1.111 inoguchi 4818: .It Fl named_curve Ar arg
4819: Specify the elliptic curve name to use for ephemeral ECDH keys.
1.121 schwarze 4820: This option is deprecated; use
4821: .Fl groups
4822: instead.
1.1 jsing 4823: .It Fl nbio
1.67 jmc 4824: Turn on non-blocking I/O.
1.1 jsing 4825: .It Fl nbio_test
1.67 jmc 4826: Test non-blocking I/O.
1.111 inoguchi 4827: .It Fl no_cache
4828: Disable session caching.
1.1 jsing 4829: .It Fl no_dhe
1.67 jmc 4830: Disable ephemeral DH cipher suites.
1.111 inoguchi 4831: .It Fl no_ecdhe
4832: Disable ephemeral ECDH cipher suites.
4833: .It Fl no_ticket
4834: Disable RFC 4507 session ticket support.
1.122 inoguchi 4835: .It Fl no_tls1 | no_tls1_1 | no_tls1_2 | no_tls1_3
4836: Disable the use of TLS1.0, 1.1, 1.2, and 1.3, respectively.
1.1 jsing 4837: .It Fl no_tmp_rsa
1.67 jmc 4838: Disable temporary RSA key generation.
1.1 jsing 4839: .It Fl nocert
1.67 jmc 4840: Do not use a certificate.
1.1 jsing 4841: This restricts the cipher suites available to the anonymous ones
1.67 jmc 4842: (currently just anonymous DH).
1.111 inoguchi 4843: .It Fl pass Ar arg
4844: The private key password source.
1.1 jsing 4845: .It Fl quiet
4846: Inhibit printing of session and certificate information.
1.111 inoguchi 4847: .It Fl servername Ar name
4848: Set the TLS Server Name Indication (SNI) extension with
4849: .Ar name .
4850: .It Fl servername_fatal
4851: Send fatal alert if servername does not match.
4852: The default is warning alert.
1.1 jsing 4853: .It Fl serverpref
4854: Use server's cipher preferences.
4855: .It Fl state
1.67 jmc 4856: Print the SSL session states.
1.111 inoguchi 4857: .It Fl status
4858: Enables certificate status request support (OCSP stapling).
4859: .It Fl status_timeout Ar nsec
4860: Sets the timeout for OCSP response in seconds.
4861: .It Fl status_url Ar url
4862: Sets a fallback responder URL to use if no responder URL is present in the
4863: server certificate.
4864: Without this option, an error is returned if the server certificate does not
4865: contain a responder address.
4866: .It Fl status_verbose
4867: Enables certificate status request support (OCSP stapling) and gives a verbose
4868: printout of the OCSP response.
4869: .It Fl timeout
4870: Enable send/receive timeout on DTLS connections.
1.122 inoguchi 4871: .It Fl tls1 | tls1_1 | tls1_2 | tls1_3
4872: Permit only TLS1.0, 1.1, 1.2, or 1.3, respectively.
1.111 inoguchi 4873: .It Fl tlsextdebug
4874: Print a hex dump of any TLS extensions received from the server.
4875: .It Fl use_srtp Ar profiles
4876: Offer SRTP key management with a colon-separated profile list.
4877: .It Fl verify_return_error
4878: Return verification error.
1.1 jsing 4879: .It Fl WWW
1.67 jmc 4880: Emulate a simple web server.
4881: Pages are resolved relative to the current directory.
4882: For example if the URL
1.1 jsing 4883: .Pa https://myhost/page.html
4884: is requested, the file
4885: .Pa ./page.html
4886: will be loaded.
4887: .It Fl www
1.67 jmc 4888: Send a status message to the client when it connects,
4889: including information about the ciphers used and various session parameters.
1.1 jsing 4890: The output is in HTML format so this option will normally be used with a
4891: web browser.
4892: .It Fl Verify Ar depth , Fl verify Ar depth
1.67 jmc 4893: Request a certificate chain from the client,
4894: with a maximum length of
4895: .Ar depth .
4896: With
4897: .Fl Verify ,
4898: the client must supply a certificate or an error occurs;
4899: with
4900: .Fl verify ,
4901: a certificate is requested but the client does not have to send one.
1.1 jsing 4902: .El
1.120 kn 4903: .Tg s_time
1.1 jsing 4904: .Sh S_TIME
1.114 jmc 4905: .Bl -hang -width "openssl s_time"
4906: .It Nm openssl s_time
4907: .Bk -words
1.1 jsing 4908: .Op Fl bugs
4909: .Op Fl CAfile Ar file
4910: .Op Fl CApath Ar directory
4911: .Op Fl cert Ar file
4912: .Op Fl cipher Ar cipherlist
1.68 jmc 4913: .Op Fl connect Ar host Ns Op : Ns Ar port
1.1 jsing 4914: .Op Fl key Ar keyfile
4915: .Op Fl nbio
4916: .Op Fl new
1.20 lteo 4917: .Op Fl no_shutdown
1.1 jsing 4918: .Op Fl reuse
4919: .Op Fl time Ar seconds
4920: .Op Fl verify Ar depth
4921: .Op Fl www Ar page
1.114 jmc 4922: .Ek
4923: .El
1.1 jsing 4924: .Pp
4925: The
1.68 jmc 4926: .Nm s_time
1.1 jsing 4927: command implements a generic SSL/TLS client which connects to a
4928: remote host using SSL/TLS.
4929: It can request a page from the server and includes
4930: the time to transfer the payload data in its timing measurements.
4931: It measures the number of connections within a given timeframe,
4932: the amount of data transferred
4933: .Pq if any ,
4934: and calculates the average time spent for one connection.
4935: .Pp
4936: The options are as follows:
4937: .Bl -tag -width Ds
4938: .It Fl bugs
1.68 jmc 4939: Enable various workarounds for buggy implementations.
1.1 jsing 4940: .It Fl CAfile Ar file
1.68 jmc 4941: A
4942: .Ar file
4943: containing trusted certificates to use during server authentication
1.1 jsing 4944: and to use when attempting to build the client certificate chain.
4945: .It Fl CApath Ar directory
4946: The directory to use for server certificate verification.
4947: This directory must be in
4948: .Qq hash format ;
4949: see
4950: .Nm verify
4951: for more information.
4952: These are also used when building the client certificate chain.
4953: .It Fl cert Ar file
4954: The certificate to use, if one is requested by the server.
4955: The default is not to use a certificate.
4956: .It Fl cipher Ar cipherlist
1.68 jmc 4957: Modify the cipher list sent by the client.
1.1 jsing 4958: Although the server determines which cipher suite is used,
4959: it should take the first supported cipher in the list sent by the client.
4960: See the
4961: .Nm ciphers
4962: command for more information.
1.68 jmc 4963: .It Fl connect Ar host Ns Op : Ns Ar port
4964: The host and port to connect to.
1.1 jsing 4965: .It Fl key Ar keyfile
4966: The private key to use.
4967: If not specified, the certificate file will be used.
4968: .It Fl nbio
1.68 jmc 4969: Turn on non-blocking I/O.
1.1 jsing 4970: .It Fl new
1.68 jmc 4971: Perform the timing test using a new session ID for each connection.
1.1 jsing 4972: If neither
4973: .Fl new
4974: nor
4975: .Fl reuse
4976: are specified,
4977: they are both on by default and executed in sequence.
1.20 lteo 4978: .It Fl no_shutdown
1.21 jmc 4979: Shut down the connection without sending a
1.68 jmc 4980: .Qq close notify
1.20 lteo 4981: shutdown alert to the server.
1.1 jsing 4982: .It Fl reuse
1.68 jmc 4983: Perform the timing test using the same session ID for each connection.
1.1 jsing 4984: If neither
4985: .Fl new
4986: nor
4987: .Fl reuse
4988: are specified,
4989: they are both on by default and executed in sequence.
4990: .It Fl time Ar seconds
1.68 jmc 4991: Limit
1.1 jsing 4992: .Nm s_time
1.68 jmc 4993: benchmarks to the number of
4994: .Ar seconds .
1.1 jsing 4995: The default is 30 seconds.
4996: .It Fl verify Ar depth
1.68 jmc 4997: Turn on server certificate verification,
4998: with a maximum length of
4999: .Ar depth .
1.1 jsing 5000: Currently the verify operation continues after errors, so all the problems
5001: with a certificate chain can be seen.
5002: As a side effect,
5003: the connection will never fail due to a server certificate verify failure.
5004: .It Fl www Ar page
1.68 jmc 5005: The page to GET from the server.
1.1 jsing 5006: A value of
5007: .Sq /
5008: gets the index.htm[l] page.
5009: If this parameter is not specified,
5010: .Nm s_time
5011: will only perform the handshake to establish SSL connections
5012: but not transfer any payload data.
5013: .El
1.120 kn 5014: .Tg sess_id
1.1 jsing 5015: .Sh SESS_ID
1.114 jmc 5016: .Bl -hang -width "openssl sess_id"
5017: .It Nm openssl sess_id
5018: .Bk -words
1.1 jsing 5019: .Op Fl cert
5020: .Op Fl context Ar ID
5021: .Op Fl in Ar file
1.69 jmc 5022: .Op Fl inform Cm der | pem
1.1 jsing 5023: .Op Fl noout
5024: .Op Fl out Ar file
1.69 jmc 5025: .Op Fl outform Cm der | pem
1.1 jsing 5026: .Op Fl text
1.114 jmc 5027: .Ek
5028: .El
1.1 jsing 5029: .Pp
5030: The
5031: .Nm sess_id
5032: program processes the encoded version of the SSL session structure and
5033: optionally prints out SSL session details
1.69 jmc 5034: (for example the SSL session master key)
1.72 jmc 5035: in human-readable format.
1.1 jsing 5036: .Pp
5037: The options are as follows:
5038: .Bl -tag -width Ds
5039: .It Fl cert
5040: If a certificate is present in the session,
5041: it will be output using this option;
5042: if the
5043: .Fl text
5044: option is also present, then it will be printed out in text form.
5045: .It Fl context Ar ID
1.69 jmc 5046: Set the session
1.1 jsing 5047: .Ar ID .
1.69 jmc 5048: The ID can be any string of characters.
1.1 jsing 5049: .It Fl in Ar file
1.69 jmc 5050: The input file to read from,
5051: or standard input if not specified.
5052: .It Fl inform Cm der | pem
5053: The input format.
5054: .Cm der
1.84 jmc 5055: uses an ASN.1 DER-encoded format containing session details.
1.1 jsing 5056: The precise format can vary from one version to the next.
1.69 jmc 5057: .Cm pem
5058: is the default format: it consists of the DER
1.1 jsing 5059: format base64-encoded with additional header and footer lines.
5060: .It Fl noout
1.69 jmc 5061: Do not output the encoded version of the session.
1.1 jsing 5062: .It Fl out Ar file
1.69 jmc 5063: The output file to write to,
5064: or standard output if not specified.
5065: .It Fl outform Cm der | pem
5066: The output format.
1.1 jsing 5067: .It Fl text
1.69 jmc 5068: Print the various public or private key components in plain text,
5069: in addition to the encoded version.
1.1 jsing 5070: .El
5071: .Pp
1.69 jmc 5072: The output of
5073: .Nm sess_id
5074: is composed as follows:
1.1 jsing 5075: .Pp
1.69 jmc 5076: .Bl -tag -width "Verify return code " -offset 3n -compact
5077: .It Protocol
5078: The protocol in use.
5079: .It Cipher
5080: The actual raw SSL or TLS cipher code.
5081: .It Session-ID
5082: The SSL session ID, in hex format.
5083: .It Session-ID-ctx
5084: The session ID context, in hex format.
5085: .It Master-Key
5086: The SSL session master key.
5087: .It Key-Arg
1.1 jsing 5088: The key argument; this is only used in SSL v2.
1.69 jmc 5089: .It Start Time
5090: The session start time.
1.1 jsing 5091: .Ux
5092: format.
1.69 jmc 5093: .It Timeout
5094: The timeout, in seconds.
5095: .It Verify return code
5096: The return code when a certificate is verified.
1.1 jsing 5097: .El
5098: .Pp
5099: Since the SSL session output contains the master key, it is possible to read
5100: the contents of an encrypted session using this information.
5101: Therefore appropriate security precautions
5102: should be taken if the information is being output by a
5103: .Qq real
5104: application.
5105: This is, however, strongly discouraged and should only be used for
5106: debugging purposes.
1.120 kn 5107: .Tg smime
1.1 jsing 5108: .Sh SMIME
1.114 jmc 5109: .Bl -hang -width "openssl smime"
5110: .It Nm openssl smime
5111: .Bk -words
1.1 jsing 5112: .Oo
5113: .Fl aes128 | aes192 | aes256 | des |
5114: .Fl des3 | rc2-40 | rc2-64 | rc2-128
5115: .Oc
5116: .Op Fl binary
5117: .Op Fl CAfile Ar file
5118: .Op Fl CApath Ar directory
5119: .Op Fl certfile Ar file
5120: .Op Fl check_ss_sig
5121: .Op Fl content Ar file
5122: .Op Fl crl_check
5123: .Op Fl crl_check_all
5124: .Op Fl decrypt
5125: .Op Fl encrypt
5126: .Op Fl extended_crl
5127: .Op Fl from Ar addr
5128: .Op Fl ignore_critical
5129: .Op Fl in Ar file
5130: .Op Fl indef
1.70 jmc 5131: .Op Fl inform Cm der | pem | smime
1.1 jsing 5132: .Op Fl inkey Ar file
5133: .Op Fl issuer_checks
1.112 inoguchi 5134: .Op Fl keyform Cm der | pem
1.1 jsing 5135: .Op Fl md Ar digest
5136: .Op Fl noattr
5137: .Op Fl nocerts
5138: .Op Fl nochain
5139: .Op Fl nodetach
5140: .Op Fl noindef
5141: .Op Fl nointern
5142: .Op Fl nosigs
1.108 inoguchi 5143: .Op Fl nosmimecap
1.1 jsing 5144: .Op Fl noverify
5145: .Op Fl out Ar file
1.70 jmc 5146: .Op Fl outform Cm der | pem | smime
1.1 jsing 5147: .Op Fl passin Ar arg
5148: .Op Fl pk7out
5149: .Op Fl policy_check
5150: .Op Fl recip Ar file
5151: .Op Fl resign
5152: .Op Fl sign
5153: .Op Fl signer Ar file
5154: .Op Fl stream
5155: .Op Fl subject Ar s
5156: .Op Fl text
5157: .Op Fl to Ar addr
5158: .Op Fl verify
5159: .Op Fl x509_strict
5160: .Op Ar cert.pem ...
1.114 jmc 5161: .Ek
5162: .El
1.1 jsing 5163: .Pp
5164: The
5165: .Nm smime
1.70 jmc 5166: command handles S/MIME mail.
5167: It can encrypt, decrypt, sign, and verify S/MIME messages.
5168: .Pp
5169: The MIME message must be sent without any blank lines between the
5170: headers and the output.
5171: Some mail programs will automatically add a blank line.
5172: Piping the mail directly to an MTA is one way to
5173: achieve the correct format.
5174: .Pp
5175: The supplied message to be signed or encrypted must include the necessary
5176: MIME headers or many S/MIME clients won't display it properly (if at all).
5177: Use the
5178: .Fl text
5179: option to automatically add plain text headers.
1.1 jsing 5180: .Pp
1.70 jmc 5181: A
5182: .Qq signed and encrypted
5183: message is one where a signed message is then encrypted.
5184: This can be produced by encrypting an already signed message.
1.1 jsing 5185: .Pp
1.70 jmc 5186: There are a number of operations that can be performed, as follows:
1.1 jsing 5187: .Bl -tag -width "XXXX"
5188: .It Fl decrypt
5189: Decrypt mail using the supplied certificate and private key.
1.70 jmc 5190: The input file is an encrypted mail message in MIME format.
1.1 jsing 5191: The decrypted mail is written to the output file.
5192: .It Fl encrypt
5193: Encrypt mail for the given recipient certificates.
1.70 jmc 5194: The input is the message to be encrypted.
5195: The output file is the encrypted mail, in MIME format.
1.1 jsing 5196: .It Fl pk7out
1.70 jmc 5197: Take an input message and write out a PEM-encoded PKCS#7 structure.
1.1 jsing 5198: .It Fl resign
5199: Resign a message: take an existing message and one or more new signers.
5200: .It Fl sign
5201: Sign mail using the supplied certificate and private key.
1.70 jmc 5202: The input file is the message to be signed.
5203: The signed message, in MIME format, is written to the output file.
1.1 jsing 5204: .It Fl verify
5205: Verify signed mail.
1.70 jmc 5206: The input is a signed mail message and the output is the signed data.
1.1 jsing 5207: Both clear text and opaque signing is supported.
5208: .El
5209: .Pp
1.14 jmc 5210: The remaining options are as follows:
1.1 jsing 5211: .Bl -tag -width "XXXX"
5212: .It Xo
5213: .Fl aes128 | aes192 | aes256 | des |
5214: .Fl des3 | rc2-40 | rc2-64 | rc2-128
5215: .Xc
5216: The encryption algorithm to use.
1.70 jmc 5217: 128-, 192-, or 256-bit AES, DES (56 bits), triple DES (168 bits),
1.1 jsing 5218: or 40-, 64-, or 128-bit RC2, respectively;
5219: if not specified, 40-bit RC2 is
5220: used.
5221: Only used with
5222: .Fl encrypt .
5223: .It Fl binary
5224: Normally, the input message is converted to
5225: .Qq canonical
1.70 jmc 5226: format which uses CR/LF as end of line,
5227: as required by the S/MIME specification.
1.127 jmc 5228: When this option is present, no translation occurs.
1.70 jmc 5229: This is useful when handling binary data which may not be in MIME format.
1.1 jsing 5230: .It Fl CAfile Ar file
5231: A
5232: .Ar file
5233: containing trusted CA certificates; only used with
5234: .Fl verify .
5235: .It Fl CApath Ar directory
5236: A
5237: .Ar directory
5238: containing trusted CA certificates; only used with
5239: .Fl verify .
5240: This directory must be a standard certificate directory:
5241: that is, a hash of each subject name (using
5242: .Nm x509 -hash )
5243: should be linked to each certificate.
5244: .It Ar cert.pem ...
5245: One or more certificates of message recipients: used when encrypting
5246: a message.
5247: .It Fl certfile Ar file
5248: Allows additional certificates to be specified.
5249: When signing, these will be included with the message.
5250: When verifying, these will be searched for the signers' certificates.
5251: The certificates should be in PEM format.
5252: .It Xo
5253: .Fl check_ss_sig ,
5254: .Fl crl_check ,
5255: .Fl crl_check_all ,
5256: .Fl extended_crl ,
5257: .Fl ignore_critical ,
5258: .Fl issuer_checks ,
5259: .Fl policy_check ,
5260: .Fl x509_strict
5261: .Xc
5262: Set various certificate chain validation options.
5263: See the
1.70 jmc 5264: .Nm verify
1.1 jsing 5265: command for details.
5266: .It Fl content Ar file
1.70 jmc 5267: A file containing the detached content.
1.1 jsing 5268: This is only useful with the
5269: .Fl verify
1.70 jmc 5270: option,
5271: and only usable if the PKCS#7 structure is using the detached
1.1 jsing 5272: signature form where the content is not included.
1.70 jmc 5273: This option will override any content if the input format is S/MIME
5274: and it uses the multipart/signed MIME content type.
1.1 jsing 5275: .It Xo
5276: .Fl from Ar addr ,
5277: .Fl subject Ar s ,
5278: .Fl to Ar addr
5279: .Xc
5280: The relevant mail headers.
5281: These are included outside the signed
5282: portion of a message so they may be included manually.
1.70 jmc 5283: When signing, many S/MIME
1.1 jsing 5284: mail clients check that the signer's certificate email
5285: address matches the From: address.
5286: .It Fl in Ar file
1.70 jmc 5287: The input file to read from.
1.1 jsing 5288: .It Fl indef
5289: Enable streaming I/O for encoding operations.
5290: This permits single pass processing of data without
5291: the need to hold the entire contents in memory,
5292: potentially supporting very large files.
5293: Streaming is automatically set for S/MIME signing with detached
5294: data if the output format is SMIME;
5295: it is currently off by default for all other operations.
1.70 jmc 5296: .It Fl inform Cm der | pem | smime
5297: The input format.
1.1 jsing 5298: .It Fl inkey Ar file
1.70 jmc 5299: The private key to use when signing or decrypting,
5300: which must match the corresponding certificate.
1.1 jsing 5301: If this option is not specified, the private key must be included
5302: in the certificate file specified with
5303: the
5304: .Fl recip
5305: or
5306: .Fl signer
5307: file.
5308: When signing,
5309: this option can be used multiple times to specify successive keys.
1.112 inoguchi 5310: .It Fl keyform Cm der | pem
1.1 jsing 5311: Input private key format.
1.112 inoguchi 5312: The default is
5313: .Cm pem .
1.1 jsing 5314: .It Fl md Ar digest
5315: The digest algorithm to use when signing or resigning.
5316: If not present then the default digest algorithm for the signing key is used
5317: (usually SHA1).
5318: .It Fl noattr
1.70 jmc 5319: Do not include attributes.
1.1 jsing 5320: .It Fl nocerts
1.70 jmc 5321: Do not include the signer's certificate.
1.1 jsing 5322: This will reduce the size of the signed message but the verifier must
5323: have a copy of the signer's certificate available locally (passed using the
5324: .Fl certfile
5325: option, for example).
5326: .It Fl nochain
5327: Do not do chain verification of signers' certificates: that is,
5328: don't use the certificates in the signed message as untrusted CAs.
5329: .It Fl nodetach
5330: When signing a message use opaque signing: this form is more resistant
5331: to translation by mail relays but it cannot be read by mail agents that
1.70 jmc 5332: do not support S/MIME.
5333: Without this option cleartext signing with the MIME type
5334: multipart/signed is used.
1.1 jsing 5335: .It Fl noindef
1.70 jmc 5336: Disable streaming I/O where it would produce an encoding of indefinite length
5337: (currently has no effect).
1.1 jsing 5338: .It Fl nointern
1.70 jmc 5339: Only use certificates specified in the
5340: .Fl certfile .
5341: The supplied certificates can still be used as untrusted CAs.
1.1 jsing 5342: .It Fl nosigs
1.70 jmc 5343: Do not try to verify the signatures on the message.
1.108 inoguchi 5344: .It Fl nosmimecap
5345: Exclude the list of supported algorithms from signed attributes,
5346: other options such as signing time and content type are still included.
1.1 jsing 5347: .It Fl noverify
5348: Do not verify the signer's certificate of a signed message.
5349: .It Fl out Ar file
1.70 jmc 5350: The output file to write to.
5351: .It Fl outform Cm der | pem | smime
5352: The output format.
5353: The default is smime, which writes an S/MIME format message.
5354: .Cm pem
1.1 jsing 5355: and
1.70 jmc 5356: .Cm der
5357: change this to write PEM and DER format PKCS#7 structures instead.
1.1 jsing 5358: This currently only affects the output format of the PKCS#7
5359: structure; if no PKCS#7 structure is being output (for example with
5360: .Fl verify
5361: or
5362: .Fl decrypt )
5363: this option has no effect.
5364: .It Fl passin Ar arg
5365: The key password source.
5366: .It Fl recip Ar file
5367: The recipients certificate when decrypting a message.
5368: This certificate
5369: must match one of the recipients of the message or an error occurs.
5370: .It Fl signer Ar file
5371: A signing certificate when signing or resigning a message;
5372: this option can be used multiple times if more than one signer is required.
5373: If a message is being verified, the signer's certificates will be
5374: written to this file if the verification was successful.
5375: .It Fl stream
5376: The same as
5377: .Fl indef .
5378: .It Fl text
1.70 jmc 5379: Add plain text (text/plain) MIME
1.1 jsing 5380: headers to the supplied message if encrypting or signing.
5381: If decrypting or verifying, it strips off text headers:
1.70 jmc 5382: if the decrypted or verified message is not of MIME type text/plain
5383: then an error occurs.
1.1 jsing 5384: .El
5385: .Pp
1.70 jmc 5386: The exit codes for
5387: .Nm smime
5388: are as follows:
1.1 jsing 5389: .Pp
1.70 jmc 5390: .Bl -tag -width "XXXX" -offset 3n -compact
5391: .It 0
1.1 jsing 5392: The operation was completely successful.
1.70 jmc 5393: .It 1
1.1 jsing 5394: An error occurred parsing the command options.
1.70 jmc 5395: .It 2
1.1 jsing 5396: One of the input files could not be read.
1.70 jmc 5397: .It 3
5398: An error occurred creating the file or when reading the message.
5399: .It 4
1.1 jsing 5400: An error occurred decrypting or verifying the message.
1.70 jmc 5401: .It 5
5402: An error occurred writing certificates.
1.1 jsing 5403: .El
1.120 kn 5404: .Tg speed
1.1 jsing 5405: .Sh SPEED
1.114 jmc 5406: .Bl -hang -width "openssl speed"
5407: .It Nm openssl speed
5408: .Bk -words
1.71 jmc 5409: .Op Ar algorithm
1.1 jsing 5410: .Op Fl decrypt
5411: .Op Fl elapsed
1.71 jmc 5412: .Op Fl evp Ar algorithm
1.1 jsing 5413: .Op Fl mr
5414: .Op Fl multi Ar number
1.114 jmc 5415: .Ek
5416: .El
1.1 jsing 5417: .Pp
5418: The
5419: .Nm speed
5420: command is used to test the performance of cryptographic algorithms.
5421: .Bl -tag -width "XXXX"
1.71 jmc 5422: .It Ar algorithm
5423: Perform the test using
5424: .Ar algorithm .
5425: The default is to test all algorithms.
1.1 jsing 5426: .It Fl decrypt
1.71 jmc 5427: Time decryption instead of encryption;
5428: must be used with
5429: .Fl evp .
1.1 jsing 5430: .It Fl elapsed
5431: Measure time in real time instead of CPU user time.
1.71 jmc 5432: .It Fl evp Ar algorithm
5433: Perform the test using one of the algorithms accepted by
5434: .Xr EVP_get_cipherbyname 3 .
1.1 jsing 5435: .It Fl mr
5436: Produce machine readable output.
5437: .It Fl multi Ar number
5438: Run
5439: .Ar number
5440: benchmarks in parallel.
5441: .El
1.120 kn 5442: .Tg spkac
1.77 jmc 5443: .Sh SPKAC
1.114 jmc 5444: .Bl -hang -width "openssl spkac"
5445: .It Nm openssl spkac
5446: .Bk -words
1.77 jmc 5447: .Op Fl challenge Ar string
5448: .Op Fl in Ar file
5449: .Op Fl key Ar keyfile
5450: .Op Fl noout
5451: .Op Fl out Ar file
5452: .Op Fl passin Ar arg
5453: .Op Fl pubkey
5454: .Op Fl spkac Ar spkacname
5455: .Op Fl spksect Ar section
5456: .Op Fl verify
1.114 jmc 5457: .Ek
5458: .El
1.77 jmc 5459: .Pp
5460: The
5461: .Nm spkac
5462: command processes signed public key and challenge (SPKAC) files.
5463: It can print out their contents, verify the signature,
5464: and produce its own SPKACs from a supplied private key.
5465: .Pp
5466: The options are as follows:
5467: .Bl -tag -width Ds
5468: .It Fl challenge Ar string
5469: The challenge string, if an SPKAC is being created.
5470: .It Fl in Ar file
5471: The input file to read from,
5472: or standard input if not specified.
5473: Ignored if the
5474: .Fl key
5475: option is used.
5476: .It Fl key Ar keyfile
5477: Create an SPKAC file using the private key in
5478: .Ar keyfile .
5479: The
5480: .Fl in , noout , spksect ,
5481: and
5482: .Fl verify
5483: options are ignored, if present.
5484: .It Fl noout
5485: Do not output the text version of the SPKAC.
5486: .It Fl out Ar file
5487: The output file to write to,
5488: or standard output if not specified.
5489: .It Fl passin Ar arg
5490: The key password source.
5491: .It Fl pubkey
5492: Output the public key of an SPKAC.
5493: .It Fl spkac Ar spkacname
5494: An alternative name for the variable containing the SPKAC.
5495: The default is "SPKAC".
5496: This option affects both generated and input SPKAC files.
5497: .It Fl spksect Ar section
5498: An alternative name for the
5499: .Ar section
5500: containing the SPKAC.
5501: .It Fl verify
5502: Verify the digital signature on the supplied SPKAC.
5503: .El
1.120 kn 5504: .Tg ts
1.1 jsing 5505: .Sh TS
1.114 jmc 5506: .Bk -words
5507: .Bl -hang -width "openssl ts"
5508: .It Nm openssl ts
1.1 jsing 5509: .Fl query
1.29 bcook 5510: .Op Fl md4 | md5 | ripemd160 | sha1
1.1 jsing 5511: .Op Fl cert
5512: .Op Fl config Ar configfile
5513: .Op Fl data Ar file_to_hash
5514: .Op Fl digest Ar digest_bytes
5515: .Op Fl in Ar request.tsq
5516: .Op Fl no_nonce
5517: .Op Fl out Ar request.tsq
5518: .Op Fl policy Ar object_id
5519: .Op Fl text
1.114 jmc 5520: .It Nm openssl ts
1.1 jsing 5521: .Fl reply
5522: .Op Fl chain Ar certs_file.pem
5523: .Op Fl config Ar configfile
5524: .Op Fl in Ar response.tsr
5525: .Op Fl inkey Ar private.pem
5526: .Op Fl out Ar response.tsr
5527: .Op Fl passin Ar arg
5528: .Op Fl policy Ar object_id
5529: .Op Fl queryfile Ar request.tsq
5530: .Op Fl section Ar tsa_section
5531: .Op Fl signer Ar tsa_cert.pem
5532: .Op Fl text
5533: .Op Fl token_in
5534: .Op Fl token_out
1.114 jmc 5535: .It Nm openssl ts
1.1 jsing 5536: .Fl verify
5537: .Op Fl CAfile Ar trusted_certs.pem
5538: .Op Fl CApath Ar trusted_cert_path
5539: .Op Fl data Ar file_to_hash
5540: .Op Fl digest Ar digest_bytes
5541: .Op Fl in Ar response.tsr
5542: .Op Fl queryfile Ar request.tsq
5543: .Op Fl token_in
5544: .Op Fl untrusted Ar cert_file.pem
1.114 jmc 5545: .El
5546: .Ek
1.1 jsing 5547: .Pp
5548: The
5549: .Nm ts
5550: command is a basic Time Stamping Authority (TSA) client and server
5551: application as specified in RFC 3161 (Time-Stamp Protocol, TSP).
5552: A TSA can be part of a PKI deployment and its role is to provide long
1.72 jmc 5553: term proof of the existence of specific data.
1.1 jsing 5554: Here is a brief description of the protocol:
5555: .Bl -enum
5556: .It
5557: The TSA client computes a one-way hash value for a data file and sends
5558: the hash to the TSA.
5559: .It
5560: The TSA attaches the current date and time to the received hash value,
5561: signs them and sends the time stamp token back to the client.
5562: By creating this token the TSA certifies the existence of the original
5563: data file at the time of response generation.
5564: .It
5565: The TSA client receives the time stamp token and verifies the
5566: signature on it.
5567: It also checks if the token contains the same hash
5568: value that it had sent to the TSA.
5569: .El
5570: .Pp
5571: There is one DER-encoded protocol data unit defined for transporting a time
5572: stamp request to the TSA and one for sending the time stamp response
5573: back to the client.
5574: The
5575: .Nm ts
5576: command has three main functions:
5577: creating a time stamp request based on a data file;
5578: creating a time stamp response based on a request;
5579: and verifying if a response corresponds
5580: to a particular request or a data file.
5581: .Pp
5582: There is no support for sending the requests/responses automatically
5583: over HTTP or TCP yet as suggested in RFC 3161.
5584: Users must send the requests either by FTP or email.
5585: .Pp
5586: The
5587: .Fl query
5588: switch can be used for creating and printing a time stamp
5589: request with the following options:
5590: .Bl -tag -width Ds
5591: .It Fl cert
1.72 jmc 5592: Expect the TSA to include its signing certificate in the response.
1.1 jsing 5593: .It Fl config Ar configfile
1.72 jmc 5594: Specify an alternative configuration file.
5595: Only the OID section is used.
1.1 jsing 5596: .It Fl data Ar file_to_hash
5597: The data file for which the time stamp request needs to be created.
1.72 jmc 5598: The default is standard input.
1.1 jsing 5599: .It Fl digest Ar digest_bytes
1.72 jmc 5600: Specify the message imprint explicitly without the data file.
1.1 jsing 5601: The imprint must be specified in a hexadecimal format,
5602: two characters per byte,
1.72 jmc 5603: the bytes optionally separated by colons.
1.1 jsing 5604: The number of bytes must match the message digest algorithm in use.
5605: .It Fl in Ar request.tsq
1.72 jmc 5606: A previously created time stamp request in DER
1.1 jsing 5607: format that will be printed into the output file.
1.72 jmc 5608: Useful for examining the content of a request in human-readable format.
1.76 jmc 5609: .It Fl md4 | md5 | ripemd160 | sha | sha1
1.1 jsing 5610: The message digest to apply to the data file.
5611: It supports all the message digest algorithms that are supported by the
5612: .Nm dgst
5613: command.
1.125 inoguchi 5614: The default is SHA1.
1.1 jsing 5615: .It Fl no_nonce
1.72 jmc 5616: Specify no nonce in the request.
5617: The default, to include a 64-bit long pseudo-random nonce,
5618: is recommended to protect against replay attacks.
1.1 jsing 5619: .It Fl out Ar request.tsq
1.72 jmc 5620: The output file to write to,
5621: or standard output if not specified.
1.1 jsing 5622: .It Fl policy Ar object_id
5623: The policy that the client expects the TSA to use for creating the
5624: time stamp token.
1.72 jmc 5625: Either dotted OID notation or OID names defined
1.1 jsing 5626: in the config file can be used.
1.127 jmc 5627: If no policy is requested, the TSA uses its own default policy.
1.1 jsing 5628: .It Fl text
1.72 jmc 5629: Output in human-readable text format instead of DER.
1.1 jsing 5630: .El
5631: .Pp
5632: A time stamp response (TimeStampResp) consists of a response status
5633: and the time stamp token itself (ContentInfo),
5634: if the token generation was successful.
5635: The
5636: .Fl reply
5637: command is for creating a time stamp
5638: response or time stamp token based on a request and printing the
5639: response/token in human-readable format.
5640: If
5641: .Fl token_out
5642: is not specified the output is always a time stamp response (TimeStampResp),
5643: otherwise it is a time stamp token (ContentInfo).
5644: .Bl -tag -width Ds
5645: .It Fl chain Ar certs_file.pem
1.72 jmc 5646: The collection of PEM certificates
1.1 jsing 5647: that will be included in the response
5648: in addition to the signer certificate if the
5649: .Fl cert
5650: option was used for the request.
5651: This file is supposed to contain the certificate chain
5652: for the signer certificate from its issuer upwards.
5653: The
5654: .Fl reply
5655: command does not build a certificate chain automatically.
5656: .It Fl config Ar configfile
1.72 jmc 5657: Specify an alternative configuration file.
1.1 jsing 5658: .It Fl in Ar response.tsr
1.72 jmc 5659: Specify a previously created time stamp response (or time stamp token, if
1.1 jsing 5660: .Fl token_in
1.72 jmc 5661: is also specified)
1.1 jsing 5662: in DER format that will be written to the output file.
5663: This option does not require a request;
5664: it is useful, for example,
1.72 jmc 5665: to examine the content of a response or token
5666: or to extract the time stamp token from a response.
1.1 jsing 5667: If the input is a token and the output is a time stamp response a default
1.72 jmc 5668: .Qq granted
1.1 jsing 5669: status info is added to the token.
5670: .It Fl inkey Ar private.pem
5671: The signer private key of the TSA in PEM format.
5672: Overrides the
5673: .Cm signer_key
5674: config file option.
5675: .It Fl out Ar response.tsr
5676: The response is written to this file.
5677: The format and content of the file depends on other options (see
5678: .Fl text
5679: and
5680: .Fl token_out ) .
5681: The default is stdout.
5682: .It Fl passin Ar arg
5683: The key password source.
5684: .It Fl policy Ar object_id
1.72 jmc 5685: The default policy to use for the response.
5686: Either dotted OID notation or OID names defined
5687: in the config file can be used.
5688: If no policy is requested the TSA uses its own default policy.
1.1 jsing 5689: .It Fl queryfile Ar request.tsq
1.72 jmc 5690: The file containing a DER-encoded time stamp request.
1.1 jsing 5691: .It Fl section Ar tsa_section
1.72 jmc 5692: The config file section containing the settings for response generation.
1.1 jsing 5693: .It Fl signer Ar tsa_cert.pem
1.72 jmc 5694: The PEM signer certificate of the TSA.
1.1 jsing 5695: The TSA signing certificate must have exactly one extended key usage
5696: assigned to it: timeStamping.
5697: The extended key usage must also be critical,
5698: otherwise the certificate is going to be refused.
5699: Overrides the
5700: .Cm signer_cert
5701: variable of the config file.
5702: .It Fl text
1.72 jmc 5703: Output in human-readable text format instead of DER.
1.1 jsing 5704: .It Fl token_in
1.72 jmc 5705: The input is a DER-encoded time stamp token (ContentInfo)
5706: instead of a time stamp response (TimeStampResp).
1.1 jsing 5707: .It Fl token_out
1.72 jmc 5708: The output is a time stamp token (ContentInfo)
5709: instead of a time stamp response (TimeStampResp).
1.1 jsing 5710: .El
5711: .Pp
5712: The
5713: .Fl verify
5714: command is for verifying if a time stamp response or time stamp token
5715: is valid and matches a particular time stamp request or data file.
5716: The
5717: .Fl verify
5718: command does not use the configuration file.
5719: .Bl -tag -width Ds
5720: .It Fl CAfile Ar trusted_certs.pem
1.72 jmc 5721: The file containing a set of trusted self-signed PEM CA certificates.
5722: See
1.1 jsing 5723: .Nm verify
5724: for additional details.
5725: Either this option or
5726: .Fl CApath
5727: must be specified.
5728: .It Fl CApath Ar trusted_cert_path
1.112 inoguchi 5729: The directory containing the trusted CA certificates of the client.
1.72 jmc 5730: See
1.1 jsing 5731: .Nm verify
5732: for additional details.
5733: Either this option or
5734: .Fl CAfile
5735: must be specified.
5736: .It Fl data Ar file_to_hash
5737: The response or token must be verified against
5738: .Ar file_to_hash .
5739: The file is hashed with the message digest algorithm specified in the token.
5740: The
5741: .Fl digest
5742: and
5743: .Fl queryfile
5744: options must not be specified with this one.
5745: .It Fl digest Ar digest_bytes
5746: The response or token must be verified against the message digest specified
5747: with this option.
5748: The number of bytes must match the message digest algorithm
5749: specified in the token.
5750: The
5751: .Fl data
5752: and
5753: .Fl queryfile
5754: options must not be specified with this one.
5755: .It Fl in Ar response.tsr
5756: The time stamp response that needs to be verified, in DER format.
5757: This option in mandatory.
5758: .It Fl queryfile Ar request.tsq
5759: The original time stamp request, in DER format.
5760: The
5761: .Fl data
5762: and
5763: .Fl digest
5764: options must not be specified with this one.
5765: .It Fl token_in
1.72 jmc 5766: The input is a DER-encoded time stamp token (ContentInfo)
5767: instead of a time stamp response (TimeStampResp).
1.1 jsing 5768: .It Fl untrusted Ar cert_file.pem
1.72 jmc 5769: Additional untrusted PEM certificates which may be needed
5770: when building the certificate chain for the TSA's signing certificate.
1.1 jsing 5771: This file must contain the TSA signing certificate and
5772: all intermediate CA certificates unless the response includes them.
5773: .El
5774: .Pp
1.72 jmc 5775: Options specified on the command line always override
5776: the settings in the config file:
1.1 jsing 5777: .Bl -tag -width Ds
5778: .It Cm tsa Ar section , Cm default_tsa
5779: This is the main section and it specifies the name of another section
5780: that contains all the options for the
5781: .Fl reply
5782: option.
1.72 jmc 5783: This section can be overridden with the
1.1 jsing 5784: .Fl section
5785: command line switch.
5786: .It Cm oid_file
5787: See
5788: .Nm ca
5789: for a description.
5790: .It Cm oid_section
5791: See
5792: .Nm ca
5793: for a description.
5794: .It Cm serial
1.72 jmc 5795: The file containing the hexadecimal serial number of the
1.1 jsing 5796: last time stamp response created.
5797: This number is incremented by 1 for each response.
1.72 jmc 5798: If the file does not exist at the time of response generation
5799: a new file is created with serial number 1.
1.1 jsing 5800: This parameter is mandatory.
5801: .It Cm signer_cert
5802: TSA signing certificate, in PEM format.
5803: The same as the
5804: .Fl signer
5805: command line option.
5806: .It Cm certs
1.72 jmc 5807: A set of PEM-encoded certificates that need to be
1.1 jsing 5808: included in the response.
5809: The same as the
5810: .Fl chain
5811: command line option.
5812: .It Cm signer_key
5813: The private key of the TSA, in PEM format.
5814: The same as the
5815: .Fl inkey
5816: command line option.
5817: .It Cm default_policy
5818: The default policy to use when the request does not mandate any policy.
5819: The same as the
5820: .Fl policy
5821: command line option.
5822: .It Cm other_policies
5823: Comma separated list of policies that are also acceptable by the TSA
5824: and used only if the request explicitly specifies one of them.
5825: .It Cm digests
5826: The list of message digest algorithms that the TSA accepts.
5827: At least one algorithm must be specified.
5828: This parameter is mandatory.
5829: .It Cm accuracy
5830: The accuracy of the time source of the TSA in seconds, milliseconds
5831: and microseconds.
5832: For example, secs:1, millisecs:500, microsecs:100.
5833: If any of the components is missing,
5834: zero is assumed for that field.
5835: .It Cm clock_precision_digits
1.72 jmc 5836: The maximum number of digits, which represent the fraction of seconds,
5837: that need to be included in the time field.
1.1 jsing 5838: The trailing zeroes must be removed from the time,
1.72 jmc 5839: so there might actually be fewer digits
1.1 jsing 5840: or no fraction of seconds at all.
5841: The maximum value is 6;
5842: the default is 0.
5843: .It Cm ordering
5844: If this option is yes,
5845: the responses generated by this TSA can always be ordered,
5846: even if the time difference between two responses is less
5847: than the sum of their accuracies.
5848: The default is no.
5849: .It Cm tsa_name
5850: Set this option to yes if the subject name of the TSA must be included in
5851: the TSA name field of the response.
5852: The default is no.
5853: .It Cm ess_cert_id_chain
5854: The SignedData objects created by the TSA always contain the
5855: certificate identifier of the signing certificate in a signed
5856: attribute (see RFC 2634, Enhanced Security Services).
5857: If this option is set to yes and either the
5858: .Cm certs
5859: variable or the
5860: .Fl chain
5861: option is specified then the certificate identifiers of the chain will also
5862: be included in the SigningCertificate signed attribute.
5863: If this variable is set to no,
5864: only the signing certificate identifier is included.
5865: The default is no.
5866: .El
1.120 kn 5867: .Tg verify
1.1 jsing 5868: .Sh VERIFY
1.114 jmc 5869: .Bl -hang -width "openssl verify"
5870: .It Nm openssl verify
5871: .Bk -words
1.1 jsing 5872: .Op Fl CAfile Ar file
5873: .Op Fl CApath Ar directory
5874: .Op Fl check_ss_sig
1.107 inoguchi 5875: .Op Fl CRLfile Ar file
1.1 jsing 5876: .Op Fl crl_check
5877: .Op Fl crl_check_all
5878: .Op Fl explicit_policy
5879: .Op Fl extended_crl
5880: .Op Fl help
5881: .Op Fl ignore_critical
5882: .Op Fl inhibit_any
5883: .Op Fl inhibit_map
5884: .Op Fl issuer_checks
1.126 tb 5885: .Op Fl legacy_verify
1.1 jsing 5886: .Op Fl policy_check
5887: .Op Fl purpose Ar purpose
1.107 inoguchi 5888: .Op Fl trusted Ar file
1.1 jsing 5889: .Op Fl untrusted Ar file
5890: .Op Fl verbose
5891: .Op Fl x509_strict
5892: .Op Ar certificates
1.114 jmc 5893: .Ek
5894: .El
1.1 jsing 5895: .Pp
5896: The
5897: .Nm verify
5898: command verifies certificate chains.
5899: .Pp
5900: The options are as follows:
5901: .Bl -tag -width Ds
5902: .It Fl CAfile Ar file
5903: A
5904: .Ar file
5905: of trusted certificates.
5906: The
5907: .Ar file
5908: should contain multiple certificates in PEM format, concatenated together.
5909: .It Fl CApath Ar directory
5910: A
5911: .Ar directory
5912: of trusted certificates.
1.76 jmc 5913: The certificates, or symbolic links to them,
5914: should have names of the form
5915: .Ar hash Ns .0 ,
5916: where
5917: .Ar hash
5918: is the hashed certificate subject name
5919: (see the
1.1 jsing 5920: .Fl hash
5921: option of the
5922: .Nm x509
5923: utility).
1.107 inoguchi 5924: .It Fl check_ss_sig
5925: Verify the signature on the self-signed root CA.
5926: This is disabled by default
5927: because it doesn't add any security.
5928: .It Fl CRLfile Ar file
5929: The
5930: .Ar file
5931: should contain one or more CRLs in PEM format.
1.1 jsing 5932: .It Fl crl_check
1.76 jmc 5933: Check end entity certificate validity by attempting to look up a valid CRL.
1.127 jmc 5934: If a valid CRL cannot be found, an error occurs.
1.1 jsing 5935: .It Fl crl_check_all
1.76 jmc 5936: Check the validity of all certificates in the chain by attempting
1.1 jsing 5937: to look up valid CRLs.
5938: .It Fl explicit_policy
1.76 jmc 5939: Set policy variable require-explicit-policy (RFC 3280).
1.1 jsing 5940: .It Fl extended_crl
5941: Enable extended CRL features such as indirect CRLs and alternate CRL
5942: signing keys.
5943: .It Fl help
1.76 jmc 5944: Print a usage message.
1.1 jsing 5945: .It Fl ignore_critical
1.76 jmc 5946: Ignore critical extensions instead of rejecting the certificate.
1.1 jsing 5947: .It Fl inhibit_any
1.76 jmc 5948: Set policy variable inhibit-any-policy (RFC 3280).
1.1 jsing 5949: .It Fl inhibit_map
1.76 jmc 5950: Set policy variable inhibit-policy-mapping (RFC 3280).
1.1 jsing 5951: .It Fl issuer_checks
1.76 jmc 5952: Print diagnostics relating to searches for the issuer certificate
5953: of the current certificate
5954: showing why each candidate issuer certificate was rejected.
5955: The presence of rejection messages
5956: does not itself imply that anything is wrong:
5957: during the normal verify process several rejections may take place.
1.126 tb 5958: .It Fl legacy_verify
5959: Use the legacy X.509 certificate chain verification code.
1.1 jsing 5960: .It Fl policy_check
1.76 jmc 5961: Enable certificate policy processing.
1.1 jsing 5962: .It Fl purpose Ar purpose
5963: The intended use for the certificate.
5964: Without this option no chain verification will be done.
5965: Currently accepted uses are
1.76 jmc 5966: .Cm sslclient , sslserver ,
5967: .Cm nssslserver , smimesign ,
5968: .Cm smimeencrypt , crlsign ,
5969: .Cm any ,
1.1 jsing 5970: and
1.76 jmc 5971: .Cm ocsphelper .
1.107 inoguchi 5972: .It Fl trusted Ar file
5973: A
5974: .Ar file
5975: of trusted certificates.
5976: The
5977: .Ar file
5978: should contain multiple certificates.
1.1 jsing 5979: .It Fl untrusted Ar file
5980: A
5981: .Ar file
5982: of untrusted certificates.
5983: The
5984: .Ar file
5985: should contain multiple certificates.
5986: .It Fl verbose
5987: Print extra information about the operations being performed.
5988: .It Fl x509_strict
5989: Disable workarounds for broken certificates which have to be disabled
5990: for strict X.509 compliance.
5991: .It Ar certificates
1.76 jmc 5992: One or more PEM
1.1 jsing 5993: .Ar certificates
5994: to verify.
5995: If no certificate files are included, an attempt is made to read
5996: a certificate from standard input.
1.76 jmc 5997: If the first certificate filename begins with a dash,
5998: use a lone dash to mark the last option.
1.1 jsing 5999: .El
1.76 jmc 6000: .Pp
1.1 jsing 6001: The
6002: .Nm verify
6003: program uses the same functions as the internal SSL and S/MIME verification,
1.76 jmc 6004: with one crucial difference:
6005: wherever possible an attempt is made to continue after an error,
6006: whereas normally the verify operation would halt on the first error.
1.1 jsing 6007: This allows all the problems with a certificate chain to be determined.
6008: .Pp
1.76 jmc 6009: The verify operation consists of a number of separate steps.
1.1 jsing 6010: Firstly a certificate chain is built up starting from the supplied certificate
6011: and ending in the root CA.
6012: It is an error if the whole chain cannot be built up.
6013: The chain is built up by looking up the issuer's certificate of the current
6014: certificate.
6015: If a certificate is found which is its own issuer, it is assumed
6016: to be the root CA.
6017: .Pp
1.76 jmc 6018: All certificates whose subject name matches the issuer name
1.1 jsing 6019: of the current certificate are subject to further tests.
6020: The relevant authority key identifier components of the current certificate
1.76 jmc 6021: (if present) must match the subject key identifier (if present)
6022: and issuer and serial number of the candidate issuer;
6023: in addition the
6024: .Cm keyUsage
6025: extension of the candidate issuer (if present) must permit certificate signing.
1.1 jsing 6026: .Pp
6027: The lookup first looks in the list of untrusted certificates and if no match
6028: is found the remaining lookups are from the trusted certificates.
1.76 jmc 6029: The root CA is always looked up in the trusted certificate list:
6030: if the certificate to verify is a root certificate,
6031: then an exact match must be found in the trusted list.
1.1 jsing 6032: .Pp
6033: The second operation is to check every untrusted certificate's extensions for
6034: consistency with the supplied purpose.
6035: If the
6036: .Fl purpose
6037: option is not included, then no checks are done.
6038: The supplied or
6039: .Qq leaf
6040: certificate must have extensions compatible with the supplied purpose
6041: and all other certificates must also be valid CA certificates.
6042: The precise extensions required are described in more detail in
6043: the
1.76 jmc 6044: .Nm X509
1.1 jsing 6045: section below.
6046: .Pp
6047: The third operation is to check the trust settings on the root CA.
6048: The root CA should be trusted for the supplied purpose.
1.76 jmc 6049: A certificate with no trust settings is considered to be valid for
1.1 jsing 6050: all purposes.
6051: .Pp
6052: The final operation is to check the validity of the certificate chain.
6053: The validity period is checked against the current system time and the
1.76 jmc 6054: .Cm notBefore
1.1 jsing 6055: and
1.76 jmc 6056: .Cm notAfter
1.1 jsing 6057: dates in the certificate.
6058: The certificate signatures are also checked at this point.
6059: .Pp
6060: If all operations complete successfully, the certificate is considered
6061: valid.
6062: If any operation fails then the certificate is not valid.
6063: When a verify operation fails, the output messages can be somewhat cryptic.
6064: The general form of the error message is:
1.76 jmc 6065: .Bd -literal
6066: server.pem: /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test CA (1024-bit)
6067: error 24 at 1 depth lookup:invalid CA certificate
1.1 jsing 6068: .Ed
6069: .Pp
6070: The first line contains the name of the certificate being verified, followed by
6071: the subject name of the certificate.
6072: The second line contains the error number and the depth.
6073: The depth is the number of the certificate being verified when a
6074: problem was detected starting with zero for the certificate being verified
6075: itself, then 1 for the CA that signed the certificate and so on.
6076: Finally a text version of the error number is presented.
6077: .Pp
6078: An exhaustive list of the error codes and messages is shown below; this also
6079: includes the name of the error code as defined in the header file
1.12 bentley 6080: .In openssl/x509_vfy.h .
1.76 jmc 6081: Some of the error codes are defined but never returned: these are described as
1.1 jsing 6082: .Qq unused .
6083: .Bl -tag -width "XXXX"
1.78 jmc 6084: .It 0 X509_V_OK
1.1 jsing 6085: The operation was successful.
1.78 jmc 6086: .It 2 X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT
6087: The issuer certificate of an untrusted certificate could not be found.
6088: .It 3 X509_V_ERR_UNABLE_TO_GET_CRL
1.1 jsing 6089: The CRL of a certificate could not be found.
1.78 jmc 6090: .It 4 X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE
1.1 jsing 6091: The certificate signature could not be decrypted.
1.78 jmc 6092: This means that the actual signature value could not be determined
6093: rather than it not matching the expected value.
1.1 jsing 6094: This is only meaningful for RSA keys.
1.78 jmc 6095: .It 5 X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE
6096: The CRL signature could not be decrypted.
6097: This means that the actual signature value could not be determined
6098: rather than it not matching the expected value.
1.1 jsing 6099: Unused.
1.78 jmc 6100: .It 6 X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY
1.1 jsing 6101: The public key in the certificate
1.76 jmc 6102: .Cm SubjectPublicKeyInfo
1.1 jsing 6103: could not be read.
1.78 jmc 6104: .It 7 X509_V_ERR_CERT_SIGNATURE_FAILURE
1.1 jsing 6105: The signature of the certificate is invalid.
1.78 jmc 6106: .It 8 X509_V_ERR_CRL_SIGNATURE_FAILURE
1.1 jsing 6107: The signature of the certificate is invalid.
1.78 jmc 6108: .It 9 X509_V_ERR_CERT_NOT_YET_VALID
1.1 jsing 6109: The certificate is not yet valid: the
1.76 jmc 6110: .Cm notBefore
1.1 jsing 6111: date is after the current time.
1.78 jmc 6112: .It 10 X509_V_ERR_CERT_HAS_EXPIRED
1.1 jsing 6113: The certificate has expired; that is, the
1.76 jmc 6114: .Cm notAfter
1.1 jsing 6115: date is before the current time.
1.78 jmc 6116: .It 11 X509_V_ERR_CRL_NOT_YET_VALID
1.1 jsing 6117: The CRL is not yet valid.
1.78 jmc 6118: .It 12 X509_V_ERR_CRL_HAS_EXPIRED
1.1 jsing 6119: The CRL has expired.
1.78 jmc 6120: .It 13 X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD
1.1 jsing 6121: The certificate
1.76 jmc 6122: .Cm notBefore
1.1 jsing 6123: field contains an invalid time.
1.78 jmc 6124: .It 14 X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD
1.1 jsing 6125: The certificate
1.76 jmc 6126: .Cm notAfter
1.1 jsing 6127: field contains an invalid time.
1.78 jmc 6128: .It 15 X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD
1.1 jsing 6129: The CRL
1.76 jmc 6130: .Cm lastUpdate
1.1 jsing 6131: field contains an invalid time.
1.78 jmc 6132: .It 16 X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD
1.1 jsing 6133: The CRL
1.76 jmc 6134: .Cm nextUpdate
1.1 jsing 6135: field contains an invalid time.
1.78 jmc 6136: .It 17 X509_V_ERR_OUT_OF_MEM
1.1 jsing 6137: An error occurred trying to allocate memory.
6138: This should never happen.
1.78 jmc 6139: .It 18 X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT
1.1 jsing 6140: The passed certificate is self-signed and the same certificate cannot be
6141: found in the list of trusted certificates.
1.78 jmc 6142: .It 19 X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN
1.1 jsing 6143: The certificate chain could be built up using the untrusted certificates but
6144: the root could not be found locally.
1.78 jmc 6145: .It 20 X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY
1.1 jsing 6146: The issuer certificate of a locally looked up certificate could not be found.
6147: This normally means the list of trusted certificates is not complete.
1.78 jmc 6148: .It 21 X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE
1.1 jsing 6149: No signatures could be verified because the chain contains only one
6150: certificate and it is not self-signed.
1.78 jmc 6151: .It 22 X509_V_ERR_CERT_CHAIN_TOO_LONG
1.1 jsing 6152: The certificate chain length is greater than the supplied maximum depth.
6153: Unused.
1.78 jmc 6154: .It 23 X509_V_ERR_CERT_REVOKED
1.1 jsing 6155: The certificate has been revoked.
1.78 jmc 6156: .It 24 X509_V_ERR_INVALID_CA
1.1 jsing 6157: A CA certificate is invalid.
6158: Either it is not a CA or its extensions are not consistent
6159: with the supplied purpose.
1.78 jmc 6160: .It 25 X509_V_ERR_PATH_LENGTH_EXCEEDED
1.1 jsing 6161: The
1.76 jmc 6162: .Cm basicConstraints
1.1 jsing 6163: pathlength parameter has been exceeded.
1.78 jmc 6164: .It 26 X509_V_ERR_INVALID_PURPOSE
1.1 jsing 6165: The supplied certificate cannot be used for the specified purpose.
1.78 jmc 6166: .It 27 X509_V_ERR_CERT_UNTRUSTED
1.1 jsing 6167: The root CA is not marked as trusted for the specified purpose.
1.78 jmc 6168: .It 28 X509_V_ERR_CERT_REJECTED
1.1 jsing 6169: The root CA is marked to reject the specified purpose.
1.78 jmc 6170: .It 29 X509_V_ERR_SUBJECT_ISSUER_MISMATCH
1.1 jsing 6171: The current candidate issuer certificate was rejected because its subject name
6172: did not match the issuer name of the current certificate.
6173: Only displayed when the
6174: .Fl issuer_checks
6175: option is set.
1.78 jmc 6176: .It 30 X509_V_ERR_AKID_SKID_MISMATCH
1.1 jsing 6177: The current candidate issuer certificate was rejected because its subject key
6178: identifier was present and did not match the authority key identifier current
6179: certificate.
6180: Only displayed when the
6181: .Fl issuer_checks
6182: option is set.
1.78 jmc 6183: .It 31 X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH
1.1 jsing 6184: The current candidate issuer certificate was rejected because its issuer name
6185: and serial number were present and did not match the authority key identifier
6186: of the current certificate.
6187: Only displayed when the
6188: .Fl issuer_checks
6189: option is set.
1.78 jmc 6190: .It 32 X509_V_ERR_KEYUSAGE_NO_CERTSIGN
1.1 jsing 6191: The current candidate issuer certificate was rejected because its
1.76 jmc 6192: .Cm keyUsage
1.1 jsing 6193: extension does not permit certificate signing.
1.78 jmc 6194: .It 50 X509_V_ERR_APPLICATION_VERIFICATION
1.1 jsing 6195: An application specific error.
6196: Unused.
6197: .El
1.120 kn 6198: .Tg version
1.1 jsing 6199: .Sh VERSION
6200: .Nm openssl version
6201: .Op Fl abdfopv
6202: .Pp
6203: The
6204: .Nm version
6205: command is used to print out version information about
1.79 jmc 6206: .Nm openssl .
1.1 jsing 6207: .Pp
6208: The options are as follows:
6209: .Bl -tag -width Ds
6210: .It Fl a
6211: All information: this is the same as setting all the other flags.
6212: .It Fl b
6213: The date the current version of
1.79 jmc 6214: .Nm openssl
1.1 jsing 6215: was built.
6216: .It Fl d
6217: .Ev OPENSSLDIR
6218: setting.
6219: .It Fl f
6220: Compilation flags.
6221: .It Fl o
6222: Option information: various options set when the library was built.
6223: .It Fl p
6224: Platform setting.
6225: .It Fl v
6226: The current
1.79 jmc 6227: .Nm openssl
1.1 jsing 6228: version.
6229: .El
1.120 kn 6230: .Tg x509
1.1 jsing 6231: .Sh X509
1.114 jmc 6232: .Bl -hang -width "openssl x509"
6233: .It Nm openssl x509
6234: .Bk -words
1.1 jsing 6235: .Op Fl C
6236: .Op Fl addreject Ar arg
6237: .Op Fl addtrust Ar arg
6238: .Op Fl alias
6239: .Op Fl CA Ar file
6240: .Op Fl CAcreateserial
1.80 jmc 6241: .Op Fl CAform Cm der | pem
1.1 jsing 6242: .Op Fl CAkey Ar file
1.80 jmc 6243: .Op Fl CAkeyform Cm der | pem
1.1 jsing 6244: .Op Fl CAserial Ar file
6245: .Op Fl certopt Ar option
6246: .Op Fl checkend Ar arg
6247: .Op Fl clrext
6248: .Op Fl clrreject
6249: .Op Fl clrtrust
6250: .Op Fl dates
6251: .Op Fl days Ar arg
6252: .Op Fl email
6253: .Op Fl enddate
6254: .Op Fl extensions Ar section
6255: .Op Fl extfile Ar file
6256: .Op Fl fingerprint
6257: .Op Fl hash
6258: .Op Fl in Ar file
1.80 jmc 6259: .Op Fl inform Cm der | net | pem
1.1 jsing 6260: .Op Fl issuer
6261: .Op Fl issuer_hash
6262: .Op Fl issuer_hash_old
1.80 jmc 6263: .Op Fl keyform Cm der | pem
1.29 bcook 6264: .Op Fl md5 | sha1
1.1 jsing 6265: .Op Fl modulus
6266: .Op Fl nameopt Ar option
1.107 inoguchi 6267: .Op Fl next_serial
1.1 jsing 6268: .Op Fl noout
6269: .Op Fl ocsp_uri
6270: .Op Fl ocspid
6271: .Op Fl out Ar file
1.80 jmc 6272: .Op Fl outform Cm der | net | pem
1.1 jsing 6273: .Op Fl passin Ar arg
6274: .Op Fl pubkey
6275: .Op Fl purpose
6276: .Op Fl req
6277: .Op Fl serial
6278: .Op Fl set_serial Ar n
6279: .Op Fl setalias Ar arg
6280: .Op Fl signkey Ar file
1.107 inoguchi 6281: .Op Fl sigopt Ar nm:v
1.1 jsing 6282: .Op Fl startdate
6283: .Op Fl subject
6284: .Op Fl subject_hash
6285: .Op Fl subject_hash_old
6286: .Op Fl text
6287: .Op Fl trustout
6288: .Op Fl x509toreq
1.114 jmc 6289: .Ek
6290: .El
1.1 jsing 6291: .Pp
6292: The
6293: .Nm x509
6294: command is a multi-purpose certificate utility.
6295: It can be used to display certificate information, convert certificates to
6296: various forms, sign certificate requests like a
6297: .Qq mini CA ,
6298: or edit certificate trust settings.
6299: .Pp
1.80 jmc 6300: The following are x509 input, output, and general purpose options:
1.1 jsing 6301: .Bl -tag -width "XXXX"
6302: .It Fl in Ar file
1.80 jmc 6303: The input file to read from,
6304: or standard input if not specified.
6305: .It Fl inform Cm der | net | pem
6306: The input format.
1.1 jsing 6307: Normally, the command will expect an X.509 certificate,
6308: but this can change if other options such as
6309: .Fl req
6310: are present.
1.29 bcook 6311: .It Fl md5 | sha1
1.1 jsing 6312: The digest to use.
6313: This affects any signing or display option that uses a message digest,
6314: such as the
6315: .Fl fingerprint , signkey ,
6316: and
6317: .Fl CA
6318: options.
6319: If not specified, MD5 is used.
1.80 jmc 6320: SHA1 is always used with DSA keys.
1.1 jsing 6321: .It Fl out Ar file
1.80 jmc 6322: The output file to write to,
6323: or standard output if none is specified.
6324: .It Fl outform Cm der | net | pem
6325: The output format.
1.1 jsing 6326: .It Fl passin Ar arg
6327: The key password source.
6328: .El
1.80 jmc 6329: .Pp
6330: The following are x509 display options:
1.1 jsing 6331: .Bl -tag -width "XXXX"
6332: .It Fl C
1.80 jmc 6333: Output the certificate in the form of a C source file.
1.1 jsing 6334: .It Fl certopt Ar option
6335: Customise the output format used with
1.80 jmc 6336: .Fl text ,
6337: either using a list of comma-separated options or by specifying
1.1 jsing 6338: .Fl certopt
1.80 jmc 6339: multiple times.
6340: The default behaviour is to print all fields.
6341: The options are as follows:
6342: .Pp
6343: .Bl -tag -width "no_extensions" -offset indent -compact
6344: .It Cm ca_default
6345: Equivalent to
6346: .Cm no_issuer , no_pubkey , no_header ,
6347: .Cm no_version , no_sigdump ,
6348: and
6349: .Cm no_signame .
6350: .It Cm compatible
6351: Equivalent to no output options at all.
6352: .It Cm ext_default
6353: Print unsupported certificate extensions.
6354: .It Cm ext_dump
6355: Hex dump unsupported extensions.
6356: .It Cm ext_error
6357: Print an error message for unsupported certificate extensions.
6358: .It Cm ext_parse
1.84 jmc 6359: ASN.1 parse unsupported extensions.
1.80 jmc 6360: .It Cm no_aux
6361: Do not print certificate trust information.
6362: .It Cm no_extensions
6363: Do not print X509V3 extensions.
6364: .It Cm no_header
6365: Do not print header (Certificate and Data) information.
6366: .It Cm no_issuer
6367: Do not print the issuer name.
6368: .It Cm no_pubkey
6369: Do not print the public key.
6370: .It Cm no_serial
6371: Do not print the serial number.
6372: .It Cm no_sigdump
6373: Do not give a hexadecimal dump of the certificate signature.
6374: .It Cm no_signame
6375: Do not print the signature algorithm used.
6376: .It Cm no_subject
6377: Do not print the subject name.
6378: .It Cm no_validity
6379: Do not print the
6380: .Cm notBefore
6381: and
6382: .Cm notAfter
6383: (validity) fields.
6384: .It Cm no_version
6385: Do not print the version number.
6386: .El
1.1 jsing 6387: .It Fl dates
1.80 jmc 6388: Print the start and expiry date of a certificate.
1.1 jsing 6389: .It Fl email
1.80 jmc 6390: Output the email addresses, if any.
1.1 jsing 6391: .It Fl enddate
1.80 jmc 6392: Print the expiry date of the certificate; that is, the
6393: .Cm notAfter
1.1 jsing 6394: date.
6395: .It Fl fingerprint
1.80 jmc 6396: Print the digest of the DER-encoded version of the whole certificate.
1.1 jsing 6397: .It Fl hash
6398: A synonym for
1.80 jmc 6399: .Fl subject_hash .
1.1 jsing 6400: .It Fl issuer
1.80 jmc 6401: Print the issuer name.
1.1 jsing 6402: .It Fl issuer_hash
1.80 jmc 6403: Print the hash of the certificate issuer name.
1.1 jsing 6404: .It Fl issuer_hash_old
1.80 jmc 6405: Print the hash of the certificate issuer name
6406: using the older algorithm as used by
6407: .Nm openssl
1.1 jsing 6408: versions before 1.0.0.
6409: .It Fl modulus
1.80 jmc 6410: Print the value of the modulus of the public key contained in the certificate.
1.1 jsing 6411: .It Fl nameopt Ar option
1.80 jmc 6412: Customise how the subject or issuer names are displayed,
6413: either using a list of comma-separated options or by specifying
1.1 jsing 6414: .Fl nameopt
1.80 jmc 6415: multiple times.
6416: The default behaviour is to use the
6417: .Cm oneline
6418: format.
6419: The options,
6420: which can be preceded by a dash to turn them off,
6421: are as follows:
6422: .Bl -tag -width "XXXX"
6423: .It Cm align
6424: Align field values for a more readable output.
6425: Only usable with
6426: .Ar sep_multiline .
6427: .It Cm compat
6428: Use the old format,
6429: equivalent to specifying no options at all.
6430: .It Cm dn_rev
6431: Reverse the fields of the DN, as required by RFC 2253.
6432: As a side effect, this also reverses the order of multiple AVAs.
6433: .It Cm dump_all
6434: Dump all fields.
6435: When used with
6436: .Ar dump_der ,
6437: it allows the DER encoding of the structure to be unambiguously determined.
6438: .It Cm dump_der
6439: Any fields that need to be hexdumped are
6440: dumped using the DER encoding of the field.
6441: Otherwise just the content octets will be displayed.
6442: Both options use the RFC 2253 #XXXX... format.
6443: .It Cm dump_nostr
6444: Dump non-character string types
6445: (for example OCTET STRING);
6446: usually, non-character string types are displayed
6447: as though each content octet represents a single character.
6448: .It Cm dump_unknown
6449: Dump any field whose OID is not recognised by
6450: .Nm openssl .
6451: .It Cm esc_2253
6452: Escape the
6453: .Qq special
6454: characters required by RFC 2253 in a field that is
6455: .Dq \& ,+"<>; .
6456: Additionally,
6457: .Sq #
6458: is escaped at the beginning of a string
6459: and a space character at the beginning or end of a string.
6460: .It Cm esc_ctrl
6461: Escape control characters.
6462: That is, those with ASCII values less than 0x20 (space)
6463: and the delete (0x7f) character.
6464: They are escaped using the RFC 2253 \eXX notation (where XX are two hex
6465: digits representing the character value).
6466: .It Cm esc_msb
6467: Escape characters with the MSB set; that is, with ASCII values larger than
6468: 127.
6469: .It Cm multiline
6470: A multiline format.
6471: Equivalent to
6472: .Cm esc_ctrl , esc_msb , sep_multiline ,
6473: .Cm space_eq , lname ,
6474: and
6475: .Cm align .
6476: .It Cm no_type
6477: Do not attempt to interpret multibyte characters.
6478: That is, content octets are merely dumped as though one octet
6479: represents each character.
6480: This is useful for diagnostic purposes
6481: but results in rather odd looking output.
6482: .It Cm nofname , sname , lname , oid
6483: Alter how the field name is displayed:
6484: .Cm nofname
6485: does not display the field at all;
6486: .Cm sname
6487: uses the short name form (CN for
6488: .Cm commonName ,
6489: for example);
6490: .Cm lname
6491: uses the long form.
6492: .Cm oid
6493: represents the OID in numerical form and is useful for diagnostic purpose.
6494: .It Cm oneline
6495: A one line format which is more readable than
6496: .Cm RFC2253 .
6497: Equivalent to
6498: .Cm esc_2253 , esc_ctrl , esc_msb , utf8 ,
6499: .Cm dump_nostr , dump_der , use_quote , sep_comma_plus_spc ,
6500: .Cm space_eq ,
6501: and
6502: .Cm sname .
6503: .It Cm RFC2253
6504: Displays names compatible with RFC 2253.
6505: Equivalent to
6506: .Cm esc_2253 , esc_ctrl ,
6507: .Cm esc_msb , utf8 , dump_nostr , dump_unknown ,
6508: .Cm dump_der , sep_comma_plus , dn_rev ,
6509: and
6510: .Cm sname .
6511: .It Cm sep_comma_plus , sep_comma_plus_space , sep_semi_plus_space , sep_multiline
6512: Determine the field separators:
6513: the first character is between RDNs and the second between multiple AVAs
6514: (multiple AVAs are very rare and their use is discouraged).
6515: The options ending in
6516: .Qq space
6517: additionally place a space after the separator to make it more readable.
6518: .Cm sep_multiline
6519: uses a linefeed character for the RDN separator and a spaced
6520: .Sq +
6521: for the AVA separator,
6522: as well as indenting the fields by four characters.
6523: .It Cm show_type
1.84 jmc 6524: Show the type of the ASN.1 character string.
1.80 jmc 6525: The type precedes the field contents.
6526: For example
6527: .Qq BMPSTRING: Hello World .
6528: .It Cm space_eq
6529: Place spaces round the
6530: .Sq =
6531: character which follows the field name.
6532: .It Cm use_quote
6533: Escape some characters by surrounding the whole string with
6534: .Sq \&"
6535: characters.
6536: Without the option, all escaping is done with the
6537: .Sq \e
6538: character.
6539: .It Cm utf8
6540: Convert all strings to UTF8 format first, as required by RFC 2253.
6541: On a UTF8 compatible terminal,
6542: the use of this option (and not setting
6543: .Cm esc_msb )
6544: may result in the correct display of multibyte characters.
6545: Usually, multibyte characters larger than 0xff
6546: are represented using the format \eUXXXX for 16 bits and \eWXXXXXXXX
6547: for 32 bits,
6548: and any UTF8Strings are converted to their character form first.
6549: .El
1.107 inoguchi 6550: .It Fl next_serial
6551: Print the next serial number.
1.1 jsing 6552: .It Fl noout
1.80 jmc 6553: Do not output the encoded version of the request.
1.1 jsing 6554: .It Fl ocsp_uri
1.80 jmc 6555: Print the OCSP responder addresses, if any.
1.1 jsing 6556: .It Fl ocspid
6557: Print OCSP hash values for the subject name and public key.
6558: .It Fl pubkey
1.80 jmc 6559: Print the public key.
1.1 jsing 6560: .It Fl serial
1.80 jmc 6561: Print the certificate serial number.
1.107 inoguchi 6562: .It Fl sigopt Ar nm:v
6563: Pass options to the signature algorithm during sign or certify operations.
6564: The names and values of these options are algorithm-specific.
1.1 jsing 6565: .It Fl startdate
1.80 jmc 6566: Print the start date of the certificate; that is, the
6567: .Cm notBefore
1.1 jsing 6568: date.
6569: .It Fl subject
1.80 jmc 6570: Print the subject name.
1.1 jsing 6571: .It Fl subject_hash
1.80 jmc 6572: Print the hash of the certificate subject name.
1.1 jsing 6573: This is used in
1.80 jmc 6574: .Nm openssl
1.1 jsing 6575: to form an index to allow certificates in a directory to be looked up
6576: by subject name.
6577: .It Fl subject_hash_old
1.80 jmc 6578: Print the hash of the certificate subject name
6579: using the older algorithm as used by
6580: .Nm openssl
1.1 jsing 6581: versions before 1.0.0.
6582: .It Fl text
1.80 jmc 6583: Print the full certificate in text form.
1.1 jsing 6584: .El
6585: .Pp
1.80 jmc 6586: A trusted certificate is a certificate which has several
1.1 jsing 6587: additional pieces of information attached to it such as the permitted
1.80 jmc 6588: and prohibited uses of the certificate and an alias.
1.127 jmc 6589: When a certificate is being verified, at least one certificate must be trusted.
1.80 jmc 6590: By default, a trusted certificate must be stored locally and be a root CA.
6591: The following are x509 trust settings options:
1.1 jsing 6592: .Bl -tag -width "XXXX"
6593: .It Fl addreject Ar arg
1.80 jmc 6594: Add a prohibited use.
6595: Accepts the same values as the
1.1 jsing 6596: .Fl addtrust
6597: option.
6598: .It Fl addtrust Ar arg
1.80 jmc 6599: Add a trusted certificate use.
1.1 jsing 6600: Any object name can be used here, but currently only
1.80 jmc 6601: .Cm clientAuth
6602: (SSL client use),
6603: .Cm serverAuth
6604: (SSL server use),
6605: and
6606: .Cm emailProtection
6607: (S/MIME email) are used.
1.1 jsing 6608: .It Fl alias
1.80 jmc 6609: Output the certificate alias.
1.1 jsing 6610: .It Fl clrreject
1.80 jmc 6611: Clear all the prohibited or rejected uses of the certificate.
1.1 jsing 6612: .It Fl clrtrust
1.80 jmc 6613: Clear all the permitted or trusted uses of the certificate.
1.1 jsing 6614: .It Fl purpose
1.80 jmc 6615: Perform tests on the certificate extensions.
6616: The same code is used when verifying untrusted certificates in chains,
6617: so this section is useful if a chain is rejected by the verify code.
6618: .Pp
6619: The
6620: .Cm basicConstraints
6621: extension CA flag is used to determine whether the
6622: certificate can be used as a CA.
6623: If the CA flag is true, it is a CA;
6624: if the CA flag is false, it is not a CA.
6625: All CAs should have the CA flag set to true.
6626: .Pp
6627: If the
6628: .Cm basicConstraints
6629: extension is absent, then the certificate is
6630: considered to be a possible CA;
6631: other extensions are checked according to the intended use of the certificate.
6632: A warning is given in this case because the certificate should really not
6633: be regarded as a CA.
6634: However it is allowed to be a CA to work around some broken software.
6635: .Pp
6636: If the certificate is a V1 certificate
6637: (and thus has no extensions) and it is self-signed,
6638: it is also assumed to be a CA but a warning is again given.
6639: This is to work around the problem of Verisign roots
6640: which are V1 self-signed certificates.
6641: .Pp
6642: If the
6643: .Cm keyUsage
6644: extension is present, then additional restraints are
6645: made on the uses of the certificate.
6646: A CA certificate must have the
6647: .Cm keyCertSign
6648: bit set if the
6649: .Cm keyUsage
6650: extension is present.
6651: .Pp
6652: The extended key usage extension places additional restrictions on the
6653: certificate uses.
6654: If this extension is present, whether critical or not,
6655: the key can only be used for the purposes specified.
6656: .Pp
6657: A complete description of each test is given below.
6658: The comments about
6659: .Cm basicConstraints
6660: and
6661: .Cm keyUsage
6662: and V1 certificates above apply to all CA certificates.
6663: .Bl -tag -width "XXXX"
6664: .It SSL Client
6665: The extended key usage extension must be absent or include the
6666: web client authentication OID.
6667: .Cm keyUsage
6668: must be absent or it must have the
6669: .Cm digitalSignature
6670: bit set.
6671: The Netscape certificate type must be absent
6672: or it must have the SSL client bit set.
6673: .It SSL Client CA
6674: The extended key usage extension must be absent or include the
6675: web client authentication OID.
6676: The Netscape certificate type must be absent
6677: or it must have the SSL CA bit set:
6678: this is used as a workaround if the
6679: .Cm basicConstraints
6680: extension is absent.
6681: .It SSL Server
6682: The extended key usage extension must be absent or include the
6683: web server authentication and/or one of the SGC OIDs.
6684: .Cm keyUsage
6685: must be absent or it must have the
6686: .Cm digitalSignature
6687: set, the
6688: .Cm keyEncipherment
6689: set, or both bits set.
6690: The Netscape certificate type must be absent or have the SSL server bit set.
6691: .It SSL Server CA
6692: The extended key usage extension must be absent or include the
6693: web server authentication and/or one of the SGC OIDs.
6694: The Netscape certificate type must be absent or the SSL CA bit must be set:
6695: this is used as a workaround if the
6696: .Cm basicConstraints
6697: extension is absent.
6698: .It Netscape SSL Server
6699: For Netscape SSL clients to connect to an SSL server; it must have the
6700: .Cm keyEncipherment
6701: bit set if the
6702: .Cm keyUsage
6703: extension is present.
6704: This isn't always valid because some cipher suites use the key for
6705: digital signing.
6706: Otherwise it is the same as a normal SSL server.
6707: .It Common S/MIME Client Tests
6708: The extended key usage extension must be absent or include the
6709: email protection OID.
6710: The Netscape certificate type must be absent or should have the S/MIME bit set.
6711: If the S/MIME bit is not set in Netscape certificate type, then the SSL
6712: client bit is tolerated as an alternative but a warning is shown:
6713: this is because some Verisign certificates don't set the S/MIME bit.
6714: .It S/MIME Signing
6715: In addition to the common S/MIME client tests, the
6716: .Cm digitalSignature
6717: bit must be set if the
6718: .Cm keyUsage
6719: extension is present.
6720: .It S/MIME Encryption
6721: In addition to the common S/MIME tests, the
6722: .Cm keyEncipherment
6723: bit must be set if the
6724: .Cm keyUsage
6725: extension is present.
6726: .It S/MIME CA
6727: The extended key usage extension must be absent or include the
6728: email protection OID.
6729: The Netscape certificate type must be absent
6730: or must have the S/MIME CA bit set:
6731: this is used as a workaround if the
6732: .Cm basicConstraints
6733: extension is absent.
6734: .It CRL Signing
6735: The
6736: .Cm keyUsage
6737: extension must be absent or it must have the CRL signing bit set.
6738: .It CRL Signing CA
6739: The normal CA tests apply, except the
6740: .Cm basicConstraints
6741: extension must be present.
6742: .El
1.1 jsing 6743: .It Fl setalias Ar arg
1.80 jmc 6744: Set the alias of the certificate,
6745: allowing the certificate to be referred to using a nickname,
6746: such as
1.1 jsing 6747: .Qq Steve's Certificate .
6748: .It Fl trustout
1.80 jmc 6749: Output a trusted certificate
6750: (the default if any trust settings are modified).
1.1 jsing 6751: An ordinary or trusted certificate can be input, but by default an ordinary
6752: certificate is output and any trust settings are discarded.
6753: .El
1.80 jmc 6754: .Pp
1.1 jsing 6755: The
6756: .Nm x509
1.80 jmc 6757: utility can be used to sign certificates and requests:
6758: it can thus behave like a mini CA.
6759: The following are x509 signing options:
1.1 jsing 6760: .Bl -tag -width "XXXX"
6761: .It Fl CA Ar file
1.80 jmc 6762: The CA certificate to be used for signing.
1.1 jsing 6763: When this option is present,
6764: .Nm x509
1.80 jmc 6765: behaves like a mini CA.
1.1 jsing 6766: The input file is signed by the CA using this option;
6767: that is, its issuer name is set to the subject name of the CA and it is
6768: digitally signed using the CA's private key.
6769: .Pp
6770: This option is normally combined with the
6771: .Fl req
6772: option.
6773: Without the
6774: .Fl req
6775: option, the input is a certificate which must be self-signed.
6776: .It Fl CAcreateserial
1.80 jmc 6777: Create the CA serial number file if it does not exist
6778: instead of generating an error.
6779: The file will contain the serial number
1.1 jsing 6780: .Sq 02
6781: and the certificate being signed will have
6782: .Sq 1
6783: as its serial number.
1.80 jmc 6784: .It Fl CAform Cm der | pem
1.1 jsing 6785: The format of the CA certificate file.
6786: The default is
1.80 jmc 6787: .Cm pem .
1.1 jsing 6788: .It Fl CAkey Ar file
1.80 jmc 6789: Set the CA private key to sign a certificate with.
6790: Otherwise it is assumed that the CA private key is present
6791: in the CA certificate file.
6792: .It Fl CAkeyform Cm der | pem
1.1 jsing 6793: The format of the CA private key.
6794: The default is
1.80 jmc 6795: .Cm pem .
1.1 jsing 6796: .It Fl CAserial Ar file
1.80 jmc 6797: Use the serial number in
6798: .Ar file
6799: to sign a certificate.
6800: The file should consist of one line containing an even number of hex digits
1.1 jsing 6801: with the serial number to use.
6802: After each use the serial number is incremented and written out
6803: to the file again.
6804: .Pp
6805: The default filename consists of the CA certificate file base name with
6806: .Pa .srl
6807: appended.
6808: For example, if the CA certificate file is called
6809: .Pa mycacert.pem ,
6810: it expects to find a serial number file called
6811: .Pa mycacert.srl .
6812: .It Fl checkend Ar arg
6813: Check whether the certificate expires in the next
6814: .Ar arg
6815: seconds.
6816: If so, exit with return value 1;
6817: otherwise exit with return value 0.
6818: .It Fl clrext
6819: Delete any extensions from a certificate.
6820: This option is used when a certificate is being created from another
6821: certificate (for example with the
6822: .Fl signkey
6823: or the
6824: .Fl CA
6825: options).
6826: Normally, all extensions are retained.
6827: .It Fl days Ar arg
1.80 jmc 6828: The number of days to make a certificate valid for.
1.1 jsing 6829: The default is 30 days.
6830: .It Fl extensions Ar section
6831: The section to add certificate extensions from.
6832: If this option is not specified, the extensions should either be
1.80 jmc 6833: contained in the unnamed (default) section
6834: or the default section should contain a variable called
1.1 jsing 6835: .Qq extensions
6836: which contains the section to use.
6837: .It Fl extfile Ar file
6838: File containing certificate extensions to use.
6839: If not specified, no extensions are added to the certificate.
1.80 jmc 6840: .It Fl keyform Cm der | pem
6841: The format of the private key file used in the
1.1 jsing 6842: .Fl signkey
6843: option.
6844: .It Fl req
1.80 jmc 6845: Expect a certificate request on input instead of a certificate.
1.1 jsing 6846: .It Fl set_serial Ar n
1.80 jmc 6847: The serial number to use.
1.1 jsing 6848: This option can be used with either the
6849: .Fl signkey
6850: or
6851: .Fl CA
6852: options.
6853: If used in conjunction with the
6854: .Fl CA
6855: option, the serial number file (as specified by the
6856: .Fl CAserial
6857: or
6858: .Fl CAcreateserial
6859: options) is not used.
6860: .Pp
6861: The serial number can be decimal or hex (if preceded by
6862: .Sq 0x ) .
6863: Negative serial numbers can also be specified but their use is not recommended.
6864: .It Fl signkey Ar file
1.80 jmc 6865: Self-sign
6866: .Ar file
6867: using the supplied private key.
1.1 jsing 6868: .Pp
6869: If the input file is a certificate, it sets the issuer name to the
1.80 jmc 6870: subject name (i.e. makes it self-signed),
1.1 jsing 6871: changes the public key to the supplied value,
6872: and changes the start and end dates.
6873: The start date is set to the current time and the end date is set to
6874: a value determined by the
6875: .Fl days
6876: option.
6877: Any certificate extensions are retained unless the
6878: .Fl clrext
6879: option is supplied.
6880: .Pp
6881: If the input is a certificate request, a self-signed certificate
6882: is created using the supplied private key using the subject name in
6883: the request.
6884: .It Fl x509toreq
1.80 jmc 6885: Convert a certificate into a certificate request.
1.1 jsing 6886: The
6887: .Fl signkey
6888: option is used to pass the required private key.
6889: .El
1.38 jmc 6890: .Sh COMMON NOTATION
6891: Several commands share a common syntax,
6892: as detailed below.
6893: .Pp
6894: Password arguments, typically specified using
1.33 jmc 6895: .Fl passin
6896: and
6897: .Fl passout
1.38 jmc 6898: for input and output passwords,
6899: allow passwords to be obtained from a variety of sources.
6900: Both of these options take a single argument, described below.
1.33 jmc 6901: If no password argument is given and a password is required,
6902: then the user is prompted to enter one:
6903: this will typically be read from the current terminal with echoing turned off.
1.38 jmc 6904: .Bl -tag -width "pass:password" -offset indent
6905: .It Cm pass : Ns Ar password
1.33 jmc 6906: The actual password is
6907: .Ar password .
1.38 jmc 6908: Since the password is visible to utilities,
1.33 jmc 6909: this form should only be used where security is not important.
1.38 jmc 6910: .It Cm env : Ns Ar var
1.33 jmc 6911: Obtain the password from the environment variable
6912: .Ar var .
1.38 jmc 6913: Since the environment of other processes is visible,
6914: this option should be used with caution.
6915: .It Cm file : Ns Ar path
1.33 jmc 6916: The first line of
6917: .Ar path
6918: is the password.
6919: If the same
6920: .Ar path
6921: argument is supplied to
6922: .Fl passin
6923: and
6924: .Fl passout ,
6925: then the first line will be used for the input password and the next line
6926: for the output password.
6927: .Ar path
6928: need not refer to a regular file:
6929: it could, for example, refer to a device or named pipe.
1.38 jmc 6930: .It Cm fd : Ns Ar number
1.33 jmc 6931: Read the password from the file descriptor
6932: .Ar number .
1.38 jmc 6933: This can be used to send the data via a pipe, for example.
6934: .It Cm stdin
1.33 jmc 6935: Read the password from standard input.
1.35 jmc 6936: .El
1.38 jmc 6937: .Pp
1.64 jmc 6938: Input/output formats,
1.38 jmc 6939: typically specified using
6940: .Fl inform
6941: and
6942: .Fl outform ,
1.64 jmc 6943: indicate the format being read from or written to.
1.38 jmc 6944: The argument is case insensitive.
6945: .Pp
6946: .Bl -tag -width Ds -offset indent -compact
6947: .It Cm der
6948: Distinguished Encoding Rules (DER)
6949: is a binary format.
1.64 jmc 6950: .It Cm net
6951: Insecure legacy format.
1.38 jmc 6952: .It Cm pem
6953: Privacy Enhanced Mail (PEM)
6954: is base64-encoded.
1.108 inoguchi 6955: .It Cm pvk
6956: Private Key format.
1.70 jmc 6957: .It Cm smime
6958: An SMIME format message.
1.38 jmc 6959: .It Cm txt
6960: Plain ASCII text.
6961: .El
1.35 jmc 6962: .Sh ENVIRONMENT
6963: The following environment variables affect the execution of
6964: .Nm openssl :
1.38 jmc 6965: .Bl -tag -width "/etc/ssl/openssl.cnf"
1.35 jmc 6966: .It Ev OPENSSL_CONF
6967: The location of the master configuration file.
1.33 jmc 6968: .El
1.1 jsing 6969: .Sh FILES
6970: .Bl -tag -width "/etc/ssl/openssl.cnf" -compact
1.17 sobrado 6971: .It Pa /etc/ssl/
1.1 jsing 6972: Default config directory for
6973: .Nm openssl .
1.17 sobrado 6974: .It Pa /etc/ssl/lib/
1.1 jsing 6975: Unused.
1.17 sobrado 6976: .It Pa /etc/ssl/private/
1.1 jsing 6977: Default private key directory.
1.17 sobrado 6978: .It Pa /etc/ssl/openssl.cnf
1.1 jsing 6979: Default configuration file for
6980: .Nm openssl .
1.17 sobrado 6981: .It Pa /etc/ssl/x509v3.cnf
1.1 jsing 6982: Default configuration file for
6983: .Nm x509
6984: certificates.
6985: .El
6986: .Sh SEE ALSO
1.74 jmc 6987: .Xr acme-client 1 ,
1.26 jmc 6988: .Xr nc 1 ,
1.90 schwarze 6989: .Xr openssl.cnf 5 ,
6990: .Xr x509v3.cnf 5 ,
1.1 jsing 6991: .Xr ssl 8 ,
6992: .Xr starttls 8
6993: .Sh STANDARDS
6994: .Rs
6995: .%A T. Dierks
6996: .%A C. Allen
6997: .%D January 1999
6998: .%R RFC 2246
6999: .%T The TLS Protocol Version 1.0
7000: .Re
7001: .Pp
7002: .Rs
7003: .%A M. Wahl
7004: .%A S. Killie
7005: .%A T. Howes
7006: .%D December 1997
7007: .%R RFC 2253
7008: .%T Lightweight Directory Access Protocol (v3): UTF-8 String Representation of Distinguished Names
7009: .Re
7010: .Pp
7011: .Rs
7012: .%A B. Kaliski
7013: .%D March 1998
7014: .%R RFC 2315
7015: .%T PKCS #7: Cryptographic Message Syntax Version 1.5
7016: .Re
7017: .Pp
7018: .Rs
7019: .%A R. Housley
7020: .%A W. Ford
7021: .%A W. Polk
7022: .%A D. Solo
7023: .%D January 1999
7024: .%R RFC 2459
7025: .%T Internet X.509 Public Key Infrastructure Certificate and CRL Profile
7026: .Re
7027: .Pp
7028: .Rs
7029: .%A M. Myers
7030: .%A R. Ankney
7031: .%A A. Malpani
7032: .%A S. Galperin
7033: .%A C. Adams
7034: .%D June 1999
7035: .%R RFC 2560
7036: .%T X.509 Internet Public Key Infrastructure Online Certificate Status Protocol \(en OCSP
7037: .Re
7038: .Pp
7039: .Rs
7040: .%A R. Housley
7041: .%D June 1999
7042: .%R RFC 2630
7043: .%T Cryptographic Message Syntax
7044: .Re
7045: .Pp
7046: .Rs
7047: .%A P. Chown
7048: .%D June 2002
7049: .%R RFC 3268
1.24 jmc 7050: .%T Advanced Encryption Standard (AES) Ciphersuites for Transport Layer Security (TLS)
1.1 jsing 7051: .Re
![[BACK]](/icons/back.gif){kind=icon}
Return to openssl.1 CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / usr.bin / openssl