Annotation of src/usr.bin/openssl/openssl.1, Revision 1.143
1.143 ! tb 1: .\" $OpenBSD: openssl.1,v 1.142 2023/04/22 20:51:26 tb Exp $
1.1 jsing 2: .\" ====================================================================
3: .\" Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
4: .\"
5: .\" Redistribution and use in source and binary forms, with or without
6: .\" modification, are permitted provided that the following conditions
7: .\" are met:
8: .\"
9: .\" 1. Redistributions of source code must retain the above copyright
10: .\" notice, this list of conditions and the following disclaimer.
11: .\"
12: .\" 2. Redistributions in binary form must reproduce the above copyright
13: .\" notice, this list of conditions and the following disclaimer in
14: .\" the documentation and/or other materials provided with the
15: .\" distribution.
16: .\"
17: .\" 3. All advertising materials mentioning features or use of this
18: .\" software must display the following acknowledgment:
19: .\" "This product includes software developed by the OpenSSL Project
20: .\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
21: .\"
22: .\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
23: .\" endorse or promote products derived from this software without
24: .\" prior written permission. For written permission, please contact
25: .\" openssl-core@openssl.org.
26: .\"
27: .\" 5. Products derived from this software may not be called "OpenSSL"
28: .\" nor may "OpenSSL" appear in their names without prior written
29: .\" permission of the OpenSSL Project.
30: .\"
31: .\" 6. Redistributions of any form whatsoever must retain the following
32: .\" acknowledgment:
33: .\" "This product includes software developed by the OpenSSL Project
34: .\" for use in the OpenSSL Toolkit (http://www.openssl.org/)"
35: .\"
36: .\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
37: .\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
38: .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
39: .\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
40: .\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
41: .\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
42: .\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
43: .\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
44: .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
45: .\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
46: .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
47: .\" OF THE POSSIBILITY OF SUCH DAMAGE.
48: .\" ====================================================================
49: .\"
50: .\" This product includes cryptographic software written by Eric Young
51: .\" (eay@cryptsoft.com). This product includes software written by Tim
52: .\" Hudson (tjh@cryptsoft.com).
53: .\"
54: .\"
55: .\" Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
56: .\" All rights reserved.
57: .\"
58: .\" This package is an SSL implementation written
59: .\" by Eric Young (eay@cryptsoft.com).
60: .\" The implementation was written so as to conform with Netscapes SSL.
61: .\"
62: .\" This library is free for commercial and non-commercial use as long as
63: .\" the following conditions are aheared to. The following conditions
64: .\" apply to all code found in this distribution, be it the RC4, RSA,
65: .\" lhash, DES, etc., code; not just the SSL code. The SSL documentation
66: .\" included with this distribution is covered by the same copyright terms
67: .\" except that the holder is Tim Hudson (tjh@cryptsoft.com).
68: .\"
69: .\" Copyright remains Eric Young's, and as such any Copyright notices in
70: .\" the code are not to be removed.
71: .\" If this package is used in a product, Eric Young should be given attribution
72: .\" as the author of the parts of the library used.
73: .\" This can be in the form of a textual message at program startup or
74: .\" in documentation (online or textual) provided with the package.
75: .\"
76: .\" Redistribution and use in source and binary forms, with or without
77: .\" modification, are permitted provided that the following conditions
78: .\" are met:
79: .\" 1. Redistributions of source code must retain the copyright
80: .\" notice, this list of conditions and the following disclaimer.
81: .\" 2. Redistributions in binary form must reproduce the above copyright
82: .\" notice, this list of conditions and the following disclaimer in the
83: .\" documentation and/or other materials provided with the distribution.
84: .\" 3. All advertising materials mentioning features or use of this software
85: .\" must display the following acknowledgement:
86: .\" "This product includes cryptographic software written by
87: .\" Eric Young (eay@cryptsoft.com)"
88: .\" The word 'cryptographic' can be left out if the rouines from the library
89: .\" being used are not cryptographic related :-).
90: .\" 4. If you include any Windows specific code (or a derivative thereof) from
91: .\" the apps directory (application code) you must include an
92: .\" acknowledgement:
93: .\" "This product includes software written by Tim Hudson
94: .\" (tjh@cryptsoft.com)"
95: .\"
96: .\" THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
97: .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
98: .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
99: .\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
100: .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
101: .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
102: .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
103: .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
104: .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
105: .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
106: .\" SUCH DAMAGE.
107: .\"
108: .\" The licence and distribution terms for any publically available version or
109: .\" derivative of this code cannot be changed. i.e. this code cannot simply be
110: .\" copied and put under another distribution licence
111: .\" [including the GNU Public Licence.]
112: .\"
1.143 ! tb 113: .Dd $Mdocdate: April 22 2023 $
1.1 jsing 114: .Dt OPENSSL 1
115: .Os
116: .Sh NAME
117: .Nm openssl
118: .Nd OpenSSL command line tool
119: .Sh SYNOPSIS
120: .Nm
1.90 schwarze 121: .Ar command
1.140 kn 122: .Op Ar command_opt ...
123: .Op Ar command_arg ...
1.1 jsing 124: .Pp
125: .Nm
1.13 bentley 126: .Cm list-standard-commands |
127: .Cm list-message-digest-commands |
128: .Cm list-cipher-commands |
129: .Cm list-cipher-algorithms |
130: .Cm list-message-digest-algorithms |
1.1 jsing 131: .Cm list-public-key-algorithms
132: .Pp
133: .Nm
1.39 jmc 134: .Cm no- Ns Ar command
1.1 jsing 135: .Sh DESCRIPTION
136: .Nm OpenSSL
1.31 jmc 137: is a cryptography toolkit implementing the
138: Transport Layer Security
1.1 jsing 139: .Pq TLS v1
1.31 jmc 140: network protocol,
141: as well as related cryptography standards.
1.1 jsing 142: .Pp
143: The
144: .Nm
145: program is a command line tool for using the various
146: cryptography functions of
1.39 jmc 147: .Nm openssl Ns 's
1.33 jmc 148: crypto library from the shell.
1.1 jsing 149: .Pp
150: The pseudo-commands
151: .Cm list-standard-commands , list-message-digest-commands ,
152: and
153: .Cm list-cipher-commands
154: output a list
155: .Pq one entry per line
156: of the names of all standard commands, message digest commands,
157: or cipher commands, respectively, that are available in the present
158: .Nm
159: utility.
160: .Pp
161: The pseudo-commands
162: .Cm list-cipher-algorithms
163: and
164: .Cm list-message-digest-algorithms
165: list all cipher and message digest names,
166: one entry per line.
167: Aliases are listed as:
168: .Pp
1.33 jmc 169: .D1 from => to
1.1 jsing 170: .Pp
171: The pseudo-command
172: .Cm list-public-key-algorithms
173: lists all supported public key algorithms.
174: .Pp
175: The pseudo-command
1.39 jmc 176: .Cm no- Ns Ar command
1.1 jsing 177: tests whether a command of the
178: specified name is available.
1.39 jmc 179: If
180: .Ar command
181: does not exist,
1.1 jsing 182: it returns 0
183: and prints
1.39 jmc 184: .Cm no- Ns Ar command ;
1.1 jsing 185: otherwise it returns 1 and prints
1.39 jmc 186: .Ar command .
187: In both cases, the output goes to stdout and nothing is printed to stderr.
1.1 jsing 188: Additional command line arguments are always ignored.
189: Since for each cipher there is a command of the same name,
190: this provides an easy way for shell scripts to test for the
191: availability of ciphers in the
192: .Nm
193: program.
194: .Pp
195: .Sy Note :
1.39 jmc 196: .Cm no- Ns Ar command
1.1 jsing 197: is not able to detect pseudo-commands such as
198: .Cm quit ,
199: .Cm list- Ns Ar ... Ns Cm -commands ,
200: or
1.39 jmc 201: .Cm no- Ns Ar command
1.1 jsing 202: itself.
1.120 kn 203: .Tg asn1parse
1.1 jsing 204: .Sh ASN1PARSE
1.114 jmc 205: .Bl -hang -width "openssl asn1parse"
206: .It Nm openssl asn1parse
207: .Bk -words
1.1 jsing 208: .Op Fl i
209: .Op Fl dlimit Ar number
210: .Op Fl dump
211: .Op Fl genconf Ar file
212: .Op Fl genstr Ar str
213: .Op Fl in Ar file
1.34 jmc 214: .Op Fl inform Cm der | pem | txt
1.1 jsing 215: .Op Fl length Ar number
216: .Op Fl noout
217: .Op Fl offset Ar number
218: .Op Fl oid Ar file
219: .Op Fl out Ar file
220: .Op Fl strparse Ar offset
1.114 jmc 221: .Ek
222: .El
1.1 jsing 223: .Pp
224: The
225: .Nm asn1parse
226: command is a diagnostic utility that can parse ASN.1 structures.
227: It can also be used to extract data from ASN.1 formatted data.
228: .Pp
229: The options are as follows:
230: .Bl -tag -width Ds
231: .It Fl dlimit Ar number
232: Dump the first
233: .Ar number
234: bytes of unknown data in hex form.
235: .It Fl dump
236: Dump unknown data in hex form.
237: .It Fl genconf Ar file , Fl genstr Ar str
238: Generate encoded data based on string
239: .Ar str ,
240: file
241: .Ar file ,
1.34 jmc 242: or both, using the format described in
243: .Xr ASN1_generate_nconf 3 .
1.1 jsing 244: If only
245: .Ar file
246: is present then the string is obtained from the default section
247: using the name
248: .Dq asn1 .
1.84 jmc 249: The encoded data is passed through the ASN.1 parser and printed out as
1.1 jsing 250: though it came from a file;
251: the contents can thus be examined and written to a file using the
252: .Fl out
253: option.
254: .It Fl i
1.34 jmc 255: Indent the output according to the
1.1 jsing 256: .Qq depth
257: of the structures.
258: .It Fl in Ar file
1.41 jmc 259: The input file to read from, or standard input if not specified.
1.34 jmc 260: .It Fl inform Cm der | pem | txt
1.1 jsing 261: The input format.
262: .It Fl length Ar number
1.34 jmc 263: Number of bytes to parse; the default is until end of file.
1.1 jsing 264: .It Fl noout
1.46 jmc 265: Do not output the parsed version of the input file.
1.1 jsing 266: .It Fl offset Ar number
1.34 jmc 267: Starting offset to begin parsing; the default is start of file.
1.1 jsing 268: .It Fl oid Ar file
269: A file containing additional object identifiers
270: .Pq OIDs .
271: If an OID
272: .Pq object identifier
273: is not part of
1.34 jmc 274: .Nm openssl Ns 's
1.137 naddy 275: internal table, it will be represented in
1.1 jsing 276: numerical form
277: .Pq for example 1.2.3.4 .
1.34 jmc 278: .Pp
1.1 jsing 279: Each line consists of three columns:
280: the first column is the OID in numerical format and should be followed by
281: whitespace.
282: The second column is the
1.34 jmc 283: .Qq short name ,
1.1 jsing 284: which is a single word followed by whitespace.
285: The final column is the rest of the line and is the
286: .Qq long name .
287: .Nm asn1parse
288: displays the long name.
1.34 jmc 289: .It Fl out Ar file
290: The DER-encoded output file; the default is no encoded output
291: (useful when combined with
292: .Fl strparse ) .
293: .It Fl strparse Ar offset
294: Parse the content octets of the ASN.1 object starting at
295: .Ar offset .
296: This option can be used multiple times to
297: .Qq drill down
298: into a nested structure.
299: .El
1.120 kn 300: .Tg ca
1.1 jsing 301: .Sh CA
1.114 jmc 302: .Bl -hang -width "openssl ca"
303: .It Nm openssl ca
304: .Bk -words
1.1 jsing 305: .Op Fl batch
306: .Op Fl cert Ar file
307: .Op Fl config Ar file
1.91 schwarze 308: .Op Fl create_serial
1.1 jsing 309: .Op Fl crl_CA_compromise Ar time
310: .Op Fl crl_compromise Ar time
311: .Op Fl crl_hold Ar instruction
312: .Op Fl crl_reason Ar reason
313: .Op Fl crldays Ar days
314: .Op Fl crlexts Ar section
315: .Op Fl crlhours Ar hours
1.103 inoguchi 316: .Op Fl crlsec Ar seconds
1.1 jsing 317: .Op Fl days Ar arg
318: .Op Fl enddate Ar date
319: .Op Fl extensions Ar section
1.103 inoguchi 320: .Op Fl extfile Ar file
1.1 jsing 321: .Op Fl gencrl
322: .Op Fl in Ar file
323: .Op Fl infiles
1.91 schwarze 324: .Op Fl key Ar password
1.103 inoguchi 325: .Op Fl keyfile Ar file
1.91 schwarze 326: .Op Fl keyform Cm pem | der
1.103 inoguchi 327: .Op Fl md Ar alg
1.1 jsing 328: .Op Fl msie_hack
1.107 inoguchi 329: .Op Fl multivalue-rdn
1.1 jsing 330: .Op Fl name Ar section
331: .Op Fl noemailDN
332: .Op Fl notext
333: .Op Fl out Ar file
1.103 inoguchi 334: .Op Fl outdir Ar directory
1.1 jsing 335: .Op Fl passin Ar arg
336: .Op Fl policy Ar arg
337: .Op Fl preserveDN
338: .Op Fl revoke Ar file
1.91 schwarze 339: .Op Fl selfsign
1.103 inoguchi 340: .Op Fl sigopt Ar nm:v
1.1 jsing 341: .Op Fl spkac Ar file
342: .Op Fl ss_cert Ar file
343: .Op Fl startdate Ar date
344: .Op Fl status Ar serial
345: .Op Fl subj Ar arg
346: .Op Fl updatedb
1.91 schwarze 347: .Op Fl utf8
1.1 jsing 348: .Op Fl verbose
1.114 jmc 349: .Ek
350: .El
1.1 jsing 351: .Pp
352: The
353: .Nm ca
1.35 jmc 354: command is a minimal certificate authority (CA) application.
1.1 jsing 355: It can be used to sign certificate requests in a variety of forms
1.35 jmc 356: and generate certificate revocation lists (CRLs).
1.1 jsing 357: It also maintains a text database of issued certificates and their status.
358: .Pp
1.35 jmc 359: The options relevant to CAs are as follows:
1.1 jsing 360: .Bl -tag -width "XXXX"
361: .It Fl batch
1.41 jmc 362: Batch mode.
1.1 jsing 363: In this mode no questions will be asked
364: and all certificates will be certified automatically.
365: .It Fl cert Ar file
366: The CA certificate file.
367: .It Fl config Ar file
1.72 jmc 368: Specify an alternative configuration file.
1.91 schwarze 369: .It Fl create_serial
370: If reading the serial from the text file as specified in the
371: configuration fails, create a new random serial to be used as the
372: next serial number.
1.1 jsing 373: .It Fl days Ar arg
374: The number of days to certify the certificate for.
375: .It Fl enddate Ar date
1.41 jmc 376: Set the expiry date.
1.88 jmc 377: The format of the date is [YY]YYMMDDHHMMSSZ,
378: with all four year digits required for dates from 2050 onwards.
1.1 jsing 379: .It Fl extensions Ar section
380: The section of the configuration file containing certificate extensions
381: to be added when a certificate is issued (defaults to
1.35 jmc 382: .Cm x509_extensions
1.1 jsing 383: unless the
384: .Fl extfile
385: option is used).
386: If no extension section is present, a V1 certificate is created.
387: If the extension section is present
388: .Pq even if it is empty ,
389: then a V3 certificate is created.
1.91 schwarze 390: See the
391: .Xr x509v3.cnf 5
392: manual page for details of the extension section format.
1.1 jsing 393: .It Fl extfile Ar file
394: An additional configuration
395: .Ar file
396: to read certificate extensions from
397: (using the default section unless the
398: .Fl extensions
399: option is also used).
400: .It Fl in Ar file
401: An input
402: .Ar file
403: containing a single certificate request to be signed by the CA.
404: .It Fl infiles
405: If present, this should be the last option; all subsequent arguments
406: are assumed to be the names of files containing certificate requests.
1.91 schwarze 407: .It Fl key Ar password
408: The
409: .Fa password
410: used to encrypt the private key.
1.35 jmc 411: Since on some systems the command line arguments are visible,
412: this option should be used with caution.
1.1 jsing 413: .It Fl keyfile Ar file
414: The private key to sign requests with.
1.91 schwarze 415: .It Fl keyform Cm pem | der
1.1 jsing 416: Private key file format.
1.91 schwarze 417: The default is
418: .Cm pem .
1.1 jsing 419: .It Fl md Ar alg
420: The message digest to use.
421: Possible values include
422: .Ar md5
423: and
424: .Ar sha1 .
425: This option also applies to CRLs.
426: .It Fl msie_hack
427: This is a legacy option to make
428: .Nm ca
429: work with very old versions of the IE certificate enrollment control
430: .Qq certenr3 .
431: It used UniversalStrings for almost everything.
432: Since the old control has various security bugs,
433: its use is strongly discouraged.
434: The newer control
435: .Qq Xenroll
436: does not need this option.
1.107 inoguchi 437: .It Fl multivalue-rdn
1.91 schwarze 438: This option causes the
439: .Fl subj
440: argument to be interpreted with full support for multivalued RDNs,
441: for example
442: .Qq "/DC=org/DC=OpenSSL/DC=users/UID=123456+CN=John Doe" .
443: If
1.107 inoguchi 444: .Fl multivalue-rdn
1.91 schwarze 445: is not used, the UID value is set to
446: .Qq "123456+CN=John Doe" .
1.1 jsing 447: .It Fl name Ar section
448: Specifies the configuration file
449: .Ar section
450: to use (overrides
451: .Cm default_ca
452: in the
453: .Cm ca
454: section).
455: .It Fl noemailDN
456: The DN of a certificate can contain the EMAIL field if present in the
1.30 mmcc 457: request DN, however it is good policy just having the email set into
1.1 jsing 458: the
1.35 jmc 459: .Cm altName
1.1 jsing 460: extension of the certificate.
461: When this option is set, the EMAIL field is removed from the certificate's
462: subject and set only in the, eventually present, extensions.
463: The
464: .Ar email_in_dn
465: keyword can be used in the configuration file to enable this behaviour.
466: .It Fl notext
467: Don't output the text form of a certificate to the output file.
468: .It Fl out Ar file
469: The output file to output certificates to.
470: The default is standard output.
1.91 schwarze 471: The certificate details will also be printed out to this file in
472: PEM format, except that
473: .Fl spkac
474: outputs DER format.
1.1 jsing 475: .It Fl outdir Ar directory
476: The
477: .Ar directory
478: to output certificates to.
479: The certificate will be written to a file consisting of the
480: serial number in hex with
481: .Qq .pem
482: appended.
483: .It Fl passin Ar arg
484: The key password source.
485: .It Fl policy Ar arg
1.41 jmc 486: Define the CA
1.1 jsing 487: .Qq policy
488: to use.
1.35 jmc 489: The policy section in the configuration file
490: consists of a set of variables corresponding to certificate DN fields.
491: The values may be one of
492: .Qq match
493: (the value must match the same field in the CA certificate),
494: .Qq supplied
495: (the value must be present), or
496: .Qq optional
497: (the value may be present).
498: Any fields not mentioned in the policy section
499: are silently deleted, unless the
500: .Fl preserveDN
501: option is set,
502: but this can be regarded more of a quirk than intended behaviour.
1.1 jsing 503: .It Fl preserveDN
504: Normally, the DN order of a certificate is the same as the order of the
505: fields in the relevant policy section.
506: When this option is set, the order is the same as the request.
507: This is largely for compatibility with the older IE enrollment control
508: which would only accept certificates if their DNs matched the order of the
509: request.
510: This is not needed for Xenroll.
1.91 schwarze 511: .It Fl selfsign
512: Indicates the issued certificates are to be signed with the key the
513: certificate requests were signed with, given with
514: .Fl keyfile .
515: Certificate requests signed with a different key are ignored.
516: If
517: .Fl gencrl ,
518: .Fl spkac ,
519: or
520: .Fl ss_cert
521: are given,
522: .Fl selfsign
523: is ignored.
524: .Pp
525: A consequence of using
526: .Fl selfsign
527: is that the self-signed certificate appears among the entries in
528: the certificate database (see the configuration option
529: .Cm database )
530: and uses the same serial number counter as all other certificates
531: signed with the self-signed certificate.
1.103 inoguchi 532: .It Fl sigopt Ar nm:v
533: Pass options to the signature algorithm during sign or certify operations.
534: The names and values of these options are algorithm-specific.
1.1 jsing 535: .It Fl spkac Ar file
536: A file containing a single Netscape signed public key and challenge,
537: and additional field values to be signed by the CA.
1.35 jmc 538: This will usually come from the
539: KEYGEN tag in an HTML form to create a new private key.
540: It is, however, possible to create SPKACs using the
541: .Nm spkac
542: utility.
543: .Pp
544: The file should contain the variable SPKAC set to the value of
545: the SPKAC and also the required DN components as name value pairs.
546: If it's necessary to include the same component twice,
547: then it can be preceded by a number and a
548: .Sq \&. .
1.1 jsing 549: .It Fl ss_cert Ar file
550: A single self-signed certificate to be signed by the CA.
551: .It Fl startdate Ar date
1.41 jmc 552: Set the start date.
1.88 jmc 553: The format of the date is [YY]YYMMDDHHMMSSZ,
554: with all four year digits required for dates from 2050 onwards.
1.91 schwarze 555: .It Fl subj Ar arg
556: Supersedes the subject name given in the request.
557: The
558: .Ar arg
559: must be formatted as
560: .Sm off
561: .Pf / Ar type0 Ns = Ar value0 Ns / Ar type 1 Ns = Ar value 1 Ns /
562: .Ar type2 Ns = Ar ... ;
563: .Sm on
564: characters may be escaped by
565: .Sq \e
566: .Pq backslash ,
567: no spaces are skipped.
568: .It Fl utf8
569: Interpret field values read from a terminal or obtained from a
570: configuration file as UTF-8 strings.
571: By default, they are interpreted as ASCII.
1.1 jsing 572: .It Fl verbose
1.41 jmc 573: Print extra details about the operations being performed.
1.1 jsing 574: .El
1.35 jmc 575: .Pp
576: The options relevant to CRLs are as follows:
1.1 jsing 577: .Bl -tag -width "XXXX"
578: .It Fl crl_CA_compromise Ar time
579: This is the same as
580: .Fl crl_compromise ,
581: except the revocation reason is set to CACompromise.
582: .It Fl crl_compromise Ar time
1.41 jmc 583: Set the revocation reason to keyCompromise and the compromise time to
1.1 jsing 584: .Ar time .
585: .Ar time
586: should be in GeneralizedTime format, i.e. YYYYMMDDHHMMSSZ.
587: .It Fl crl_hold Ar instruction
1.41 jmc 588: Set the CRL revocation reason code to certificateHold and the hold
1.1 jsing 589: instruction to
590: .Ar instruction
591: which must be an OID.
592: Although any OID can be used, only holdInstructionNone
593: (the use of which is discouraged by RFC 2459), holdInstructionCallIssuer or
594: holdInstructionReject will normally be used.
595: .It Fl crl_reason Ar reason
596: Revocation reason, where
597: .Ar reason
598: is one of:
599: unspecified, keyCompromise, CACompromise, affiliationChanged, superseded,
600: cessationOfOperation, certificateHold or removeFromCRL.
601: The matching of
602: .Ar reason
603: is case insensitive.
604: Setting any revocation reason will make the CRL v2.
605: In practice, removeFromCRL is not particularly useful because it is only used
606: in delta CRLs which are not currently implemented.
1.103 inoguchi 607: .It Fl crldays Ar days
1.1 jsing 608: The number of days before the next CRL is due.
609: This is the days from now to place in the CRL
1.35 jmc 610: .Cm nextUpdate
1.1 jsing 611: field.
612: .It Fl crlexts Ar section
613: The
614: .Ar section
615: of the configuration file containing CRL extensions to include.
616: If no CRL extension section is present then a V1 CRL is created;
617: if the CRL extension section is present
1.81 jmc 618: (even if it is empty)
1.1 jsing 619: then a V2 CRL is created.
1.81 jmc 620: The CRL extensions specified are CRL extensions and not CRL entry extensions.
621: It should be noted that some software can't handle V2 CRLs.
1.91 schwarze 622: See the
623: .Xr x509v3.cnf 5
624: manual page for details of the extension section format.
1.103 inoguchi 625: .It Fl crlhours Ar hours
1.1 jsing 626: The number of hours before the next CRL is due.
1.103 inoguchi 627: .It Fl crlsec Ar seconds
628: The number of seconds before the next CRL is due.
1.1 jsing 629: .It Fl gencrl
1.41 jmc 630: Generate a CRL based on information in the index file.
1.1 jsing 631: .It Fl revoke Ar file
632: A
633: .Ar file
634: containing a certificate to revoke.
1.91 schwarze 635: .It Fl status Ar serial
636: Show the status of the certificate with serial number
637: .Ar serial .
638: .It Fl updatedb
639: Update the database index to purge expired certificates.
1.1 jsing 640: .El
641: .Pp
1.35 jmc 642: Many of the options can be set in the
643: .Cm ca
644: section of the configuration file
645: (or in the default section of the configuration file),
646: specified using
647: .Cm default_ca
648: or
649: .Fl name .
650: The options
651: .Cm preserve
652: and
653: .Cm msie_hack
654: are read directly from the
655: .Cm ca
656: section.
1.1 jsing 657: .Pp
658: Many of the configuration file options are identical to command line
659: options.
660: Where the option is present in the configuration file and the command line,
661: the command line value is used.
662: Where an option is described as mandatory, then it must be present in
663: the configuration file or the command line equivalent
664: .Pq if any
665: used.
666: .Bl -tag -width "XXXX"
1.35 jmc 667: .It Cm certificate
1.1 jsing 668: The same as
669: .Fl cert .
670: It gives the file containing the CA certificate.
671: Mandatory.
1.35 jmc 672: .It Cm copy_extensions
1.1 jsing 673: Determines how extensions in certificate requests should be handled.
674: If set to
1.35 jmc 675: .Cm none
1.1 jsing 676: or this option is not present, then extensions are
677: ignored and not copied to the certificate.
678: If set to
1.35 jmc 679: .Cm copy ,
1.1 jsing 680: then any extensions present in the request that are not already present
681: are copied to the certificate.
682: If set to
1.35 jmc 683: .Cm copyall ,
1.1 jsing 684: then all extensions in the request are copied to the certificate:
685: if the extension is already present in the certificate it is deleted first.
1.35 jmc 686: .Pp
687: The
688: .Cm copy_extensions
689: option should be used with caution.
690: If care is not taken, it can be a security risk.
691: For example, if a certificate request contains a
692: .Cm basicConstraints
693: extension with CA:TRUE and the
694: .Cm copy_extensions
695: value is set to
696: .Cm copyall
697: and the user does not spot
1.91 schwarze 698: this when the certificate is displayed, then this will hand the requester
1.35 jmc 699: a valid CA certificate.
700: .Pp
701: This situation can be avoided by setting
702: .Cm copy_extensions
703: to
704: .Cm copy
705: and including
706: .Cm basicConstraints
707: with CA:FALSE in the configuration file.
708: Then if the request contains a
709: .Cm basicConstraints
710: extension, it will be ignored.
1.1 jsing 711: .Pp
712: The main use of this option is to allow a certificate request to supply
713: values for certain extensions such as
1.35 jmc 714: .Cm subjectAltName .
715: .It Cm crl_extensions
1.1 jsing 716: The same as
717: .Fl crlexts .
1.35 jmc 718: .It Cm crlnumber
1.1 jsing 719: A text file containing the next CRL number to use in hex.
720: The CRL number will be inserted in the CRLs only if this file exists.
721: If this file is present, it must contain a valid CRL number.
1.35 jmc 722: .It Cm database
1.1 jsing 723: The text database file to use.
724: Mandatory.
725: This file must be present, though initially it will be empty.
1.35 jmc 726: .It Cm default_crl_hours , default_crl_days
1.1 jsing 727: The same as the
728: .Fl crlhours
729: and
730: .Fl crldays
731: options.
732: These will only be used if neither command line option is present.
733: At least one of these must be present to generate a CRL.
1.35 jmc 734: .It Cm default_days
1.1 jsing 735: The same as the
736: .Fl days
737: option.
738: The number of days to certify a certificate for.
1.35 jmc 739: .It Cm default_enddate
1.1 jsing 740: The same as the
741: .Fl enddate
742: option.
743: Either this option or
1.35 jmc 744: .Cm default_days
1.1 jsing 745: .Pq or the command line equivalents
746: must be present.
1.35 jmc 747: .It Cm default_md
1.1 jsing 748: The same as the
749: .Fl md
750: option.
751: The message digest to use.
752: Mandatory.
1.35 jmc 753: .It Cm default_startdate
1.1 jsing 754: The same as the
755: .Fl startdate
756: option.
757: The start date to certify a certificate for.
758: If not set, the current time is used.
1.35 jmc 759: .It Cm email_in_dn
1.1 jsing 760: The same as
761: .Fl noemailDN .
762: If the EMAIL field is to be removed from the DN of the certificate,
763: simply set this to
764: .Qq no .
765: If not present, the default is to allow for the EMAIL field in the
766: certificate's DN.
1.35 jmc 767: .It Cm msie_hack
1.1 jsing 768: The same as
769: .Fl msie_hack .
1.35 jmc 770: .It Cm name_opt , cert_opt
1.1 jsing 771: These options allow the format used to display the certificate details
772: when asking the user to confirm signing.
773: All the options supported by the
774: .Nm x509
775: utilities'
776: .Fl nameopt
777: and
778: .Fl certopt
779: switches can be used here, except that
1.35 jmc 780: .Cm no_signame
1.1 jsing 781: and
1.35 jmc 782: .Cm no_sigdump
1.1 jsing 783: are permanently set and cannot be disabled
784: (this is because the certificate signature cannot be displayed because
785: the certificate has not been signed at this point).
786: .Pp
787: For convenience, the value
1.35 jmc 788: .Cm ca_default
1.1 jsing 789: is accepted by both to produce a reasonable output.
790: .Pp
791: If neither option is present, the format used in earlier versions of
1.35 jmc 792: .Nm openssl
1.1 jsing 793: is used.
1.81 jmc 794: Use of the old format is strongly discouraged
795: because it only displays fields mentioned in the
1.35 jmc 796: .Cm policy
1.1 jsing 797: section,
798: mishandles multicharacter string types and does not display extensions.
1.35 jmc 799: .It Cm new_certs_dir
1.1 jsing 800: The same as the
801: .Fl outdir
802: command line option.
803: It specifies the directory where new certificates will be placed.
804: Mandatory.
1.35 jmc 805: .It Cm oid_file
1.1 jsing 806: This specifies a file containing additional object identifiers.
807: Each line of the file should consist of the numerical form of the
808: object identifier followed by whitespace, then the short name followed
809: by whitespace and finally the long name.
1.35 jmc 810: .It Cm oid_section
1.1 jsing 811: This specifies a section in the configuration file containing extra
812: object identifiers.
813: Each line should consist of the short name of the object identifier
814: followed by
815: .Sq =
816: and the numerical form.
817: The short and long names are the same when this option is used.
1.35 jmc 818: .It Cm policy
1.1 jsing 819: The same as
820: .Fl policy .
821: Mandatory.
1.35 jmc 822: .It Cm preserve
1.1 jsing 823: The same as
824: .Fl preserveDN .
1.35 jmc 825: .It Cm private_key
1.1 jsing 826: Same as the
827: .Fl keyfile
828: option.
829: The file containing the CA private key.
830: Mandatory.
1.35 jmc 831: .It Cm serial
1.1 jsing 832: A text file containing the next serial number to use in hex.
833: Mandatory.
834: This file must be present and contain a valid serial number.
1.35 jmc 835: .It Cm unique_subject
1.1 jsing 836: If the value
1.35 jmc 837: .Cm yes
1.1 jsing 838: is given, the valid certificate entries in the
839: database must have unique subjects.
840: If the value
1.35 jmc 841: .Cm no
1.1 jsing 842: is given,
843: several valid certificate entries may have the exact same subject.
844: The default value is
1.35 jmc 845: .Cm yes .
1.131 inoguchi 846: .Pp
847: Note that it is valid in some circumstances for certificates to be created
1.132 jmc 848: without any subject.
849: In cases where there are multiple certificates without
1.131 inoguchi 850: subjects this does not count as a duplicate.
1.35 jmc 851: .It Cm x509_extensions
1.1 jsing 852: The same as
853: .Fl extensions .
1.123 inoguchi 854: .El
855: .Tg certhash
856: .Sh CERTHASH
857: .Bl -hang -width "openssl certhash"
858: .It Nm openssl certhash
859: .Bk -words
860: .Op Fl nv
861: .Ar dir ...
862: .Ek
863: .El
864: .Pp
865: The
866: .Nm certhash
867: command calculates a hash value of
868: .Qq .pem
869: file in the specified directory list and creates symbolic links for each file,
870: where the name of the link is the hash value.
871: See the
872: .Xr SSL_CTX_load_verify_locations 3
873: manual page for how hash links are used.
874: .Pp
875: The links created are of the form
876: .Qq HHHHHHHH.D ,
877: where each
878: .Sq H
879: is a hexadecimal character and
880: .Sq D
881: is a single decimal digit.
882: The hashes for CRLs look similar, except the letter
883: .Sq r
884: appears after the period, like this:
885: .Qq HHHHHHHH.rD .
886: When processing a directory,
887: .Nm certhash
888: will first remove all links that have a name in that syntax and invalid
889: reference.
890: .Pp
891: Multiple objects may have the same hash; they will be indicated by
892: incrementing the
893: .Sq D
894: value.
895: Duplicates are found by comparing the full SHA256 fingerprint.
896: A warning will be displayed if a duplicate is found.
897: .Pp
898: A warning will also be displayed if there are files that cannot be parsed as
899: either a certificate or a CRL.
900: .Pp
901: The options are as follows:
902: .Bl -tag -width Ds
903: .It Fl n
904: Perform a dry-run, and do not make any changes.
905: .It Fl v
906: Print extra details about the processing.
907: .It Ar dir ...
908: Specify the directories to process.
1.1 jsing 909: .El
1.120 kn 910: .Tg ciphers
1.1 jsing 911: .Sh CIPHERS
912: .Nm openssl ciphers
1.138 tb 913: .Op Fl hsVv
1.139 tb 914: .Op Fl tls1
915: .Op Fl tls1_1
916: .Op Fl tls1_2
917: .Op Fl tls1_3
1.93 schwarze 918: .Op Ar control
1.1 jsing 919: .Pp
920: The
921: .Nm ciphers
1.93 schwarze 922: command converts the
923: .Ar control
924: string from the format documented in
925: .Xr SSL_CTX_set_cipher_list 3
926: into an ordered SSL cipher suite preference list.
927: If no
928: .Ar control
929: string is specified, the
930: .Cm DEFAULT
931: list is printed.
1.1 jsing 932: .Pp
933: The options are as follows:
934: .Bl -tag -width Ds
935: .It Fl h , \&?
936: Print a brief usage message.
1.138 tb 937: .It Fl s
938: Only list ciphers that are supported by the TLS method.
1.139 tb 939: .It Fl tls1 | tls1_1 | tls1_2 | tls1_3
940: In combination with the
941: .Fl s
942: option, list the ciphers which could be used
943: if the specified protocol version were negotiated.
1.1 jsing 944: .It Fl V
1.36 jmc 945: Verbose.
1.92 schwarze 946: List ciphers with cipher suite code in hex format,
947: cipher name, and a complete description of protocol version,
948: key exchange, authentication, encryption, and mac algorithms.
1.36 jmc 949: .It Fl v
1.1 jsing 950: Like
1.36 jmc 951: .Fl V ,
952: but without cipher suite codes.
1.116 inoguchi 953: .El
1.120 kn 954: .Tg cms
1.116 inoguchi 955: .Sh CMS
956: .Bl -hang -width "openssl cms"
957: .It Nm openssl cms
958: .Bk -words
959: .Oo
960: .Fl aes128 | aes192 | aes256 | camellia128 |
961: .Fl camellia192 | camellia256 | des | des3 |
962: .Fl rc2-40 | rc2-64 | rc2-128
963: .Oc
964: .Op Fl CAfile Ar file
965: .Op Fl CApath Ar directory
966: .Op Fl binary
967: .Op Fl certfile Ar file
968: .Op Fl certsout Ar file
969: .Op Fl cmsout
970: .Op Fl compress
971: .Op Fl content Ar file
972: .Op Fl crlfeol
973: .Op Fl data_create
974: .Op Fl data_out
975: .Op Fl debug_decrypt
976: .Op Fl decrypt
977: .Op Fl digest_create
978: .Op Fl digest_verify
979: .Op Fl econtent_type Ar type
980: .Op Fl encrypt
981: .Op Fl EncryptedData_decrypt
982: .Op Fl EncryptedData_encrypt
983: .Op Fl from Ar addr
984: .Op Fl in Ar file
985: .Op Fl inform Cm der | pem | smime
986: .Op Fl inkey Ar file
987: .Op Fl keyform Cm der | pem
988: .Op Fl keyid
989: .Op Fl keyopt Ar nm:v
990: .Op Fl md Ar digest
991: .Op Fl no_attr_verify
992: .Op Fl no_content_verify
993: .Op Fl no_signer_cert_verify
994: .Op Fl noattr
995: .Op Fl nocerts
996: .Op Fl nodetach
997: .Op Fl nointern
998: .Op Fl nooldmime
999: .Op Fl noout
1000: .Op Fl nosigs
1001: .Op Fl nosmimecap
1002: .Op Fl noverify
1003: .Op Fl out Ar file
1004: .Op Fl outform Cm der | pem | smime
1005: .Op Fl passin Ar src
1006: .Op Fl print
1007: .Op Fl pwri_password Ar arg
1008: .Op Fl rctform Cm der | pem | smime
1009: .Op Fl receipt_request_all | receipt_request_first
1010: .Op Fl receipt_request_from Ar addr
1011: .Op Fl receipt_request_print
1012: .Op Fl receipt_request_to Ar addr
1013: .Op Fl recip Ar file
1014: .Op Fl resign
1015: .Op Fl secretkey Ar key
1016: .Op Fl secretkeyid Ar id
1017: .Op Fl sign
1018: .Op Fl sign_receipt
1019: .Op Fl signer Ar file
1020: .Op Fl stream | indef | noindef
1021: .Op Fl subject Ar s
1022: .Op Fl text
1023: .Op Fl to Ar addr
1024: .Op Fl uncompress
1025: .Op Fl verify
1026: .Op Fl verify_receipt Ar file
1027: .Op Fl verify_retcode
1028: .Op Ar cert.pem ...
1029: .Ek
1030: .El
1031: .Pp
1032: The
1033: .Nm cms
1034: command handles S/MIME v3.1 mail.
1035: It can encrypt, decrypt, sign and verify, compress and uncompress S/MIME
1036: messages.
1037: .Pp
1038: The MIME message must be sent without any blank lines between the headers and
1039: the output.
1040: Some mail programs will automatically add a blank line.
1041: Piping the mail directly to sendmail is one way to achieve the correct format.
1042: .Pp
1043: The supplied message to be signed or encrypted must include the necessary MIME
1044: headers or many S/MIME clients won't display it properly (if at all).
1045: You can use the
1046: .Fl text
1047: option to automatically add plain text headers.
1048: .Pp
1049: A "signed and encrypted" message is one where a signed message is then
1050: encrypted.
1051: This can be produced by encrypting an already signed message.
1052: .Pp
1053: There are various operation options that set the type of operation to be
1054: performed.
1055: The meaning of the other options varies according to the operation type.
1056: .Bl -tag -width "XXXX"
1057: .It Fl encrypt
1058: Encrypt mail for the given recipient certificates.
1059: Input file is the message to be encrypted.
1060: The output file is the encrypted mail in MIME format.
1061: The actual CMS type is EnvelopedData.
1062: Note that no revocation check is done for the recipient cert, so if that
1063: key has been compromised, others may be able to decrypt the text.
1064: .It Fl decrypt
1065: Decrypt mail using the supplied certificate and private key.
1066: Expects an encrypted mail message in MIME format for the input file.
1067: The decrypted mail is written to the output file.
1068: .It Fl sign
1069: Sign mail using the supplied certificate and private key.
1070: Input file is the message to be signed.
1071: The signed message in MIME format is written to the output file.
1072: .It Fl verify
1073: Verify signed mail.
1074: Expects a signed mail message on input and outputs the signed data.
1075: Both clear text and opaque signing are supported.
1076: .It Fl cmsout
1077: Take an input message and write out a PEM encoded CMS structure.
1078: .It Fl resign
1079: Resign a message.
1080: Take an existing message and one or more new signers.
1081: This operation uses an existing message digest when adding a new signer.
1082: This means that attributes must be present in at least one existing
1083: signer using the same message digest or this operation will fail.
1084: .It Fl data_create
1085: Create a CMS Data type.
1086: .It Fl data_out
1087: Output a content from the input CMS Data type.
1088: .It Fl digest_create
1089: Create a CMS DigestedData type.
1090: .It Fl digest_verify
1091: Verify a CMS DigestedData type and output the content.
1092: .It Fl compress
1093: Create a CMS CompressedData type.
1094: Must be compiled with zlib support for this option to work.
1095: .It Fl uncompress
1096: Uncompress a CMS CompressedData type and output the content.
1097: Must be compiled with zlib support for this option to work.
1098: .It Fl EncryptedData_encrypt
1099: Encrypt a content using supplied symmetric key and algorithm using a
1100: CMS EncryptedData type.
1101: .It Fl EncryptedData_decrypt
1102: Decrypt a CMS EncryptedData type using supplied symmetric key.
1103: .It Fl sign_receipt
1104: Generate and output a signed receipt for the supplied message.
1105: The input message must contain a signed receipt request.
1106: Functionality is otherwise similar to the
1107: .Fl sign
1108: operation.
1109: .It Xo
1110: .Fl verify_receipt Ar file
1111: .Xc
1112: Verify a signed receipt in file.
1113: The input message must contain the original receipt request.
1114: Functionality is otherwise similar to the
1115: .Fl verify
1116: operation.
1117: .El
1118: .Pp
1119: The remaining options are as follows:
1120: .Bl -tag -width "XXXX"
1121: .It Xo
1122: .Fl aes128 | aes192 | aes256 | camellia128 |
1123: .Fl camellia192 | camellia256 | des | des3 |
1124: .Fl rc2-40 | rc2-64 | rc2-128
1125: .Xc
1126: The encryption algorithm to use.
1127: 128-, 192-, or 256-bit AES, 128-, 192-, or 256-bit CAMELLIA,
1128: DES (56 bits), triple DES (168 bits),
1129: or 40-, 64-, or 128-bit RC2, respectively;
1130: if not specified, triple DES is
1131: used.
1132: Only used with
1133: .Fl encrypt
1134: and
1135: .Fl EncryptedData_encrypt
1136: commands.
1137: .It Fl binary
1138: Normally the input message is converted to "canonical" format which is
1139: effectively using CR/LF as end of line, as required by the S/MIME specification.
1.127 jmc 1140: When this option is present, no translation occurs.
1.116 inoguchi 1141: This is useful when handling binary data which may not be in MIME format.
1142: .It Fl CAfile Ar file
1143: A file containing trusted CA certificates, used with
1144: .Fl verify
1145: and
1146: .Fl verify_receipt .
1147: .It Fl CApath Ar directory
1148: A directory containing trusted CA certificates, used with
1149: .Fl verify
1150: and
1151: .Fl verify_receipt .
1152: This directory must be a standard certificate directory: that is a hash
1153: of each subject name (using
1154: .Nm x509 Fl hash )
1155: should be linked to each certificate.
1.124 inoguchi 1156: .It Ar cert.pem ...
1.116 inoguchi 1157: One or more certificates of message recipients: used when encrypting a message.
1158: .It Fl certfile Ar file
1159: Allows additional certificates to be specified.
1.137 naddy 1160: When signing, these will be included with the message.
1161: When verifying, these will be searched for the signer's certificates.
1.116 inoguchi 1162: The certificates should be in PEM format.
1163: .It Fl certsout Ar file
1164: A file that any certificates contained in the message are written to.
1165: .It Xo
1166: .Fl check_ss_sig ,
1167: .Fl crl_check ,
1168: .Fl crl_check_all ,
1169: .Fl extended_crl ,
1170: .Fl ignore_critical ,
1171: .Fl issuer_checks ,
1172: .Fl policy ,
1173: .Fl policy_check ,
1174: .Fl purpose ,
1175: .Fl x509_strict
1176: .Xc
1177: Set various certificate chain validation options.
1178: See the
1179: .Nm verify
1180: command for details.
1181: .It Fl content Ar file
1182: A file containing the detached content.
1183: This is only useful with the
1184: .Fl verify
1185: command.
1186: This is only usable if the CMS structure is using the detached signature
1187: form where the content is not included.
1188: This option will override any content if the input format is S/MIME and
1189: it uses the multipart/signed MIME content type.
1190: .It Fl crlfeol
1191: Output a S/MIME message with CR/LF end of line.
1192: .It Fl debug_decrypt
1193: Set the CMS_DEBUG_DECRYPT flag when decrypting.
1194: This option should be used with caution, since this can be used to disable
1195: the MMA attack protection and return an error if no recipient can be found.
1196: See the
1197: .Xr CMS_decrypt 3
1198: manual page for details of the flag.
1199: .It Xo
1200: .Fl from Ar addr ,
1201: .Fl subject Ar s ,
1202: .Fl to Ar addr
1203: .Xc
1204: The relevant mail headers.
1205: These are included outside the signed portion of a message so they may
1206: be included manually.
1207: If signing then many S/MIME mail clients check the signer's certificate's
1208: email address matches that specified in the From: address.
1209: .It Fl econtent_type Ar type
1210: Set the encapsulated content type, used with
1211: .Fl sign .
1.137 naddy 1212: If not supplied, the Data type is used.
1.116 inoguchi 1213: The type argument can be any valid OID name in either text or numerical format.
1214: .It Fl in Ar file
1215: The input message to be encrypted or signed or the message to be decrypted or
1216: verified.
1217: .It Fl inform Cm der | pem | smime
1218: The input format for the CMS structure.
1219: The default is
1220: .Cm smime ,
1221: which reads an S/MIME format message.
1222: .Cm pem
1223: and
1224: .Cm der
1225: format change this to expect PEM and DER format CMS structures instead.
1226: This currently only affects the input format of the CMS structure; if no
1227: CMS structure is being input (for example with
1228: .Fl encrypt
1229: or
1230: .Fl sign )
1231: this option has no effect.
1232: .It Fl inkey Ar file
1233: The private key to use when signing or decrypting.
1234: This must match the corresponding certificate.
1235: If this option is not specified then the private key must be included in
1236: the certificate file specified with the
1237: .Fl recip
1238: or
1239: .Fl signer
1240: file.
1.137 naddy 1241: When signing, this option can be used multiple times to specify successive keys.
1.116 inoguchi 1242: .It Fl keyform Cm der | pem
1243: Input private key format.
1244: The default is
1245: .Cm pem .
1246: .It Fl keyid
1247: Use subject key identifier to identify certificates instead of issuer
1248: name and serial number.
1249: The supplied certificate must include a subject key identifier extension.
1250: Supported by
1251: .Fl sign
1252: and
1253: .Fl encrypt
1254: operations.
1255: .It Fl keyopt Ar nm:v
1256: Set customised parameters for the preceding key or certificate
1257: for encryption and signing.
1258: It can currently be used to set RSA-PSS for signing, RSA-OAEP for
1259: encryption or to modify default parameters for ECDH.
1260: This option can be used multiple times.
1261: .It Fl md Ar digest
1262: The digest algorithm to use when signing or resigning.
1263: If not present then the default digest algorithm for the signing key
1264: will be used (usually SHA1).
1265: .It Fl no_attr_verify
1266: Do not verify the signer's attribute of a signature.
1267: .It Fl no_content_verify
1268: Do not verify the content of a signed message.
1269: .It Fl no_signer_cert_verify
1270: Do not verify the signer's certificate of a signed message.
1271: .It Fl noattr
1272: Do not include attributes.
1273: Normally when a message is signed a set of attributes are included which
1274: include the signing time and supported symmetric algorithms.
1275: With this option they are not included.
1276: .It Fl nocerts
1277: Do not include the signer's certificate.
1278: This will reduce the size of the signed message but the verifier must
1279: have a copy of the signer's certificate available locally (passed using
1280: the
1281: .Fl certfile
1282: option for example).
1283: .It Fl nodetach
1.137 naddy 1284: When signing a message, use opaque signing.
1.116 inoguchi 1285: This form is more resistant to translation by mail relays but it cannot be
1286: read by mail agents that do not support S/MIME.
1287: Without this option cleartext signing with the MIME type multipart/signed is
1288: used.
1289: .It Fl nointern
1290: Only the certificates specified in the
1291: .Fl certfile
1292: option are used.
1.137 naddy 1293: When verifying a message, normally certificates (if any) included in the
1.116 inoguchi 1294: message are searched for the signing certificate.
1295: The supplied certificates can still be used as untrusted CAs however.
1296: .It Fl nooldmime
1297: Output an old S/MIME content type like "application/x-pkcs7-".
1298: .It Fl noout
1299: Do not output the parsed CMS structure for the
1300: .Fl cmsout
1301: operation.
1302: This is useful when combined with the
1303: .Fl print
1304: option or if the syntax of the CMS structure is being checked.
1305: .It Fl nosigs
1306: Do not try to verify the signatures on the message.
1307: .It Fl nosmimecap
1308: Exclude the list of supported algorithms from signed attributes; other
1309: options such as signing time and content type are still included.
1310: .It Fl noverify
1311: Do not verify the signer's certificate of a signed message.
1312: .It Fl out Ar file
1313: The message text that has been decrypted or verified or the output MIME
1314: format message that has been signed or verified.
1315: .It Fl outform Cm der | pem | smime
1316: This specifies the output format for the CMS structure.
1317: The default is
1318: .Cm smime ,
1319: which writes an S/MIME format message.
1320: .Cm pem
1321: and
1322: .Cm der
1323: format change this to write PEM and DER format CMS structures instead.
1324: This currently only affects the output format of the CMS structure; if
1325: no CMS structure is being output (for example with
1326: .Fl verify
1327: or
1328: .Fl decrypt )
1329: this option has no effect.
1330: .It Fl passin Ar src
1331: The private key password source.
1332: .It Fl print
1333: Print out all fields of the CMS structure for the
1334: .Fl cmsout
1335: operation.
1336: This is mainly useful for testing purposes.
1337: .It Fl pwri_password Ar arg
1338: Specify PasswordRecipientInfo (PWRI) password to use.
1339: Supported by the
1340: .Fl encrypt
1341: and
1342: .Fl decrypt
1343: operations.
1344: .It Fl rctform Cm der | pem | smime
1345: Specify the format for a signed receipt for use with the
1346: .Fl receipt_verify
1347: operation.
1348: The default is
1349: .Cm smime .
1350: .It Fl receipt_request_all | receipt_request_first
1351: Indicate requests should be provided by all recipient or first tier
1352: recipients (those mailed directly and not from a mailing list), for the
1353: .Fl sign
1354: operation to include a signed receipt request.
1355: Ignored if
1356: .Fl receipt_request_from
1357: is included.
1358: .It Fl receipt_request_from Ar addr
1359: Add an explicit email address where receipts should be supplied.
1360: .It Fl receipt_request_print
1361: Print out the contents of any signed receipt requests for the
1362: .Fl verify
1363: operation.
1364: .It Fl receipt_request_to Ar addr
1365: Add an explicit email address where signed receipts should be sent to.
1366: This option must be supplied if a signed receipt is requested.
1367: .It Fl recip Ar file
1.137 naddy 1368: When decrypting a message, this specifies the recipient's certificate.
1.116 inoguchi 1369: The certificate must match one of the recipients of the message or an
1370: error occurs.
1.137 naddy 1371: When encrypting a message, this option may be used multiple times to
1.116 inoguchi 1372: specify each recipient.
1373: This form must be used if customised parameters are required (for example to
1374: specify RSA-OAEP).
1375: Only certificates carrying RSA, Diffie-Hellman or EC keys are supported
1376: by this option.
1377: .It Fl secretkey Ar key
1378: Specify symmetric key to use.
1379: The key must be supplied in hex format and be consistent with the
1380: algorithm used.
1381: Supported by the
1382: .Fl EncryptedData_encrypt ,
1383: .Fl EncryptedData_decrypt ,
1384: .Fl encrypt
1385: and
1386: .Fl decrypt
1387: operations.
1388: When used with
1389: .Fl encrypt
1390: or
1.137 naddy 1391: .Fl decrypt ,
1.116 inoguchi 1392: the supplied key is used to wrap or unwrap the content encryption key
1393: using an AES key in the KEKRecipientInfo type.
1394: .It Fl secretkeyid Ar id
1395: The key identifier for the supplied symmetric key for KEKRecipientInfo type.
1396: This option must be present if the
1397: .Fl secretkey
1398: option is used with
1399: .Fl encrypt .
1400: With
1401: .Fl decrypt
1402: operations the id is used to locate the relevant key; if it is not supplied
1403: then an attempt is used to decrypt any KEKRecipientInfo structures.
1404: .It Fl signer Ar file
1405: A signing certificate when signing or resigning a message; this option
1406: can be used multiple times if more than one signer is required.
1407: If a message is being verified then the signers certificates will be
1408: written to this file if the verification was successful.
1409: .It Xo
1410: .Fl stream |
1411: .Fl indef |
1412: .Fl noindef
1413: .Xc
1414: The
1415: .Fl stream
1416: and
1417: .Fl indef
1418: options are equivalent and enable streaming I/O for encoding operations.
1419: This permits single pass processing of data without the need to hold the
1420: entire contents in memory, potentially supporting very large files.
1421: Streaming is automatically set for S/MIME signing with detached data if
1422: the output format is
1423: .Cm smime ;
1424: it is currently off by default for all other operations.
1425: .Fl noindef
1426: disable streaming I/O where it would produce an indefinite length
1427: constructed encoding.
1428: This option currently has no effect.
1429: .It Fl text
1430: Add plain text (text/plain) MIME headers to the supplied message if
1431: encrypting or signing.
1.137 naddy 1432: If decrypting or verifying, it strips off text headers: if the decrypted
1.116 inoguchi 1433: or verified message is not of MIME type text/plain then an error occurs.
1434: .It Fl verify_retcode
1435: Set verification error code to exit code to indicate what verification error
1436: has occurred.
1437: Supported by
1438: .Fl verify
1439: operation only.
1440: Exit code value minus 32 shows verification error code.
1441: See
1442: .Nm verify
1443: command for the list of verification error code.
1444: .El
1445: .Pp
1446: The exit codes for
1447: .Nm cms
1448: are as follows:
1449: .Pp
1450: .Bl -tag -width "XXXX" -offset 3n -compact
1451: .It 0
1452: The operation was completely successful.
1453: .It 1
1454: An error occurred parsing the command options.
1455: .It 2
1456: One of the input files could not be read.
1457: .It 3
1458: An error occurred creating the CMS file or when reading the MIME message.
1459: .It 4
1460: An error occurred decrypting or verifying the message.
1461: .It 5
1462: The message was verified correctly but an error occurred writing out the
1463: signer's certificates.
1464: .It 6
1465: An error occurred writing the output file.
1466: .It 32+
1467: A verify error occurred while
1468: .Fl verify_retcode
1469: is specified.
1.1 jsing 1470: .El
1.120 kn 1471: .Tg crl
1.1 jsing 1472: .Sh CRL
1.114 jmc 1473: .Bl -hang -width "openssl crl"
1474: .It Nm openssl crl
1475: .Bk -words
1.1 jsing 1476: .Op Fl CAfile Ar file
1477: .Op Fl CApath Ar dir
1.104 inoguchi 1478: .Op Fl crlnumber
1.1 jsing 1479: .Op Fl fingerprint
1480: .Op Fl hash
1.104 inoguchi 1481: .Op Fl hash_old
1.1 jsing 1482: .Op Fl in Ar file
1.38 jmc 1483: .Op Fl inform Cm der | pem
1.1 jsing 1484: .Op Fl issuer
1485: .Op Fl lastupdate
1.104 inoguchi 1486: .Op Fl nameopt Ar option
1.1 jsing 1487: .Op Fl nextupdate
1488: .Op Fl noout
1489: .Op Fl out Ar file
1.38 jmc 1490: .Op Fl outform Cm der | pem
1.1 jsing 1491: .Op Fl text
1.104 inoguchi 1492: .Op Fl verify
1.114 jmc 1493: .Ek
1494: .El
1.1 jsing 1495: .Pp
1496: The
1497: .Nm crl
1498: command processes CRL files in DER or PEM format.
1.37 jmc 1499: .Pp
1.1 jsing 1500: The options are as follows:
1501: .Bl -tag -width Ds
1502: .It Fl CAfile Ar file
1503: Verify the signature on a CRL by looking up the issuing certificate in
1504: .Ar file .
1505: .It Fl CApath Ar directory
1506: Verify the signature on a CRL by looking up the issuing certificate in
1507: .Ar dir .
1508: This directory must be a standard certificate directory,
1509: i.e. a hash of each subject name (using
1510: .Cm x509 Fl hash )
1511: should be linked to each certificate.
1.104 inoguchi 1512: .It Fl crlnumber
1513: Print the CRL number.
1.1 jsing 1514: .It Fl fingerprint
1515: Print the CRL fingerprint.
1516: .It Fl hash
1517: Output a hash of the issuer name.
1518: This can be used to look up CRLs in a directory by issuer name.
1.104 inoguchi 1519: .It Fl hash_old
1520: Output an old-style (MD5) hash of the issuer name.
1.1 jsing 1521: .It Fl in Ar file
1.37 jmc 1522: The input file to read from, or standard input if not specified.
1.38 jmc 1523: .It Fl inform Cm der | pem
1.37 jmc 1524: The input format.
1.1 jsing 1525: .It Fl issuer
1526: Output the issuer name.
1527: .It Fl lastupdate
1528: Output the
1.37 jmc 1529: .Cm lastUpdate
1.1 jsing 1530: field.
1.104 inoguchi 1531: .It Fl nameopt Ar option
1532: Specify certificate name options.
1.1 jsing 1533: .It Fl nextupdate
1534: Output the
1.37 jmc 1535: .Cm nextUpdate
1.1 jsing 1536: field.
1537: .It Fl noout
1.46 jmc 1538: Do not output the encoded version of the CRL.
1.1 jsing 1539: .It Fl out Ar file
1.37 jmc 1540: The output file to write to, or standard output if not specified.
1.38 jmc 1541: .It Fl outform Cm der | pem
1.37 jmc 1542: The output format.
1.1 jsing 1543: .It Fl text
1.64 jmc 1544: Print the CRL in plain text.
1.104 inoguchi 1545: .It Fl verify
1546: Verify the signature on the CRL.
1.1 jsing 1547: .El
1.120 kn 1548: .Tg crl2pkcs7
1.1 jsing 1549: .Sh CRL2PKCS7
1.114 jmc 1550: .Bl -hang -width "openssl crl2pkcs7"
1551: .It Nm openssl crl2pkcs7
1552: .Bk -words
1.1 jsing 1553: .Op Fl certfile Ar file
1554: .Op Fl in Ar file
1.40 jmc 1555: .Op Fl inform Cm der | pem
1.1 jsing 1556: .Op Fl nocrl
1557: .Op Fl out Ar file
1.40 jmc 1558: .Op Fl outform Cm der | pem
1.114 jmc 1559: .Ek
1560: .El
1.1 jsing 1561: .Pp
1562: The
1563: .Nm crl2pkcs7
1564: command takes an optional CRL and one or more
1565: certificates and converts them into a PKCS#7 degenerate
1566: .Qq certificates only
1567: structure.
1568: .Pp
1569: The options are as follows:
1570: .Bl -tag -width Ds
1571: .It Fl certfile Ar file
1.40 jmc 1572: Add the certificates in PEM
1.1 jsing 1573: .Ar file
1.40 jmc 1574: to the PKCS#7 structure.
1575: This option can be used more than once
1576: to read certificates from multiple files.
1.1 jsing 1577: .It Fl in Ar file
1.40 jmc 1578: Read the CRL from
1579: .Ar file ,
1580: or standard input if not specified.
1581: .It Fl inform Cm der | pem
1.64 jmc 1582: The input format.
1.1 jsing 1583: .It Fl nocrl
1584: Normally, a CRL is included in the output file.
1585: With this option, no CRL is
1586: included in the output file and a CRL is not read from the input file.
1587: .It Fl out Ar file
1.40 jmc 1588: Write the PKCS#7 structure to
1589: .Ar file ,
1590: or standard output if not specified.
1591: .It Fl outform Cm der | pem
1.64 jmc 1592: The output format.
1.1 jsing 1593: .El
1.120 kn 1594: .Tg dgst
1.1 jsing 1595: .Sh DGST
1.114 jmc 1596: .Bl -hang -width "openssl dgst"
1597: .It Nm openssl dgst
1598: .Bk -words
1.105 inoguchi 1599: .Op Fl cdr
1.1 jsing 1600: .Op Fl binary
1.43 jmc 1601: .Op Fl Ar digest
1.1 jsing 1602: .Op Fl hex
1603: .Op Fl hmac Ar key
1.43 jmc 1604: .Op Fl keyform Cm pem
1.1 jsing 1605: .Op Fl mac Ar algorithm
1606: .Op Fl macopt Ar nm : Ns Ar v
1607: .Op Fl out Ar file
1608: .Op Fl passin Ar arg
1609: .Op Fl prverify Ar file
1610: .Op Fl sign Ar file
1611: .Op Fl signature Ar file
1612: .Op Fl sigopt Ar nm : Ns Ar v
1613: .Op Fl verify Ar file
1614: .Op Ar
1.114 jmc 1615: .Ek
1616: .El
1.1 jsing 1617: .Pp
1618: The digest functions output the message digest of a supplied
1619: .Ar file
1620: or
1621: .Ar files
1622: in hexadecimal form.
1623: They can also be used for digital signing and verification.
1624: .Pp
1625: The options are as follows:
1626: .Bl -tag -width Ds
1627: .It Fl binary
1628: Output the digest or signature in binary form.
1629: .It Fl c
1.48 jmc 1630: Print the digest in two-digit groups separated by colons.
1.1 jsing 1631: .It Fl d
1.48 jmc 1632: Print BIO debugging information.
1.43 jmc 1633: .It Fl Ar digest
1634: Use the specified message
1635: .Ar digest .
1.98 naddy 1636: The default is SHA256.
1.43 jmc 1637: The available digests can be displayed using
1638: .Nm openssl
1639: .Cm list-message-digest-commands .
1640: The following are equivalent:
1641: .Nm openssl dgst
1.98 naddy 1642: .Fl sha256
1.43 jmc 1643: and
1644: .Nm openssl
1.98 naddy 1645: .Cm sha256 .
1.1 jsing 1646: .It Fl hex
1647: Digest is to be output as a hex dump.
1648: This is the default case for a
1649: .Qq normal
1650: digest as opposed to a digital signature.
1651: .It Fl hmac Ar key
1652: Create a hashed MAC using
1653: .Ar key .
1.43 jmc 1654: .It Fl keyform Cm pem
1.1 jsing 1655: Specifies the key format to sign the digest with.
1656: .It Fl mac Ar algorithm
1657: Create a keyed Message Authentication Code (MAC).
1658: The most popular MAC algorithm is HMAC (hash-based MAC),
1659: but there are other MAC algorithms which are not based on hash.
1660: MAC keys and other options should be set via the
1661: .Fl macopt
1662: parameter.
1663: .It Fl macopt Ar nm : Ns Ar v
1664: Passes options to the MAC algorithm, specified by
1665: .Fl mac .
1666: The following options are supported by HMAC:
1667: .Bl -tag -width Ds
1.43 jmc 1668: .It Cm key : Ns Ar string
1.1 jsing 1669: Specifies the MAC key as an alphanumeric string
1670: (use if the key contain printable characters only).
1671: String length must conform to any restrictions of the MAC algorithm.
1.43 jmc 1672: .It Cm hexkey : Ns Ar string
1.1 jsing 1673: Specifies the MAC key in hexadecimal form (two hex digits per byte).
1674: Key length must conform to any restrictions of the MAC algorithm.
1675: .El
1676: .It Fl out Ar file
1.43 jmc 1677: The output file to write to,
1678: or standard output if not specified.
1.1 jsing 1679: .It Fl passin Ar arg
1680: The key password source.
1681: .It Fl prverify Ar file
1682: Verify the signature using the private key in
1683: .Ar file .
1684: The output is either
1685: .Qq Verification OK
1686: or
1687: .Qq Verification Failure .
1.105 inoguchi 1688: .It Fl r
1689: Print the digest in coreutils format.
1.1 jsing 1690: .It Fl sign Ar file
1691: Digitally sign the digest using the private key in
1692: .Ar file .
1693: .It Fl signature Ar file
1694: The actual signature to verify.
1695: .It Fl sigopt Ar nm : Ns Ar v
1696: Pass options to the signature algorithm during sign or verify operations.
1697: The names and values of these options are algorithm-specific.
1698: .It Fl verify Ar file
1699: Verify the signature using the public key in
1700: .Ar file .
1701: The output is either
1702: .Qq Verification OK
1703: or
1704: .Qq Verification Failure .
1705: .It Ar
1706: File or files to digest.
1707: If no files are specified then standard input is used.
1708: .El
1.120 kn 1709: .Tg dhparam
1.1 jsing 1710: .Sh DHPARAM
1.114 jmc 1711: .Bl -hang -width "openssl dhparam"
1712: .It Nm openssl dhparam
1713: .Bk -words
1.1 jsing 1714: .Op Fl 2 | 5
1715: .Op Fl C
1716: .Op Fl check
1717: .Op Fl dsaparam
1718: .Op Fl in Ar file
1.44 jmc 1719: .Op Fl inform Cm der | pem
1.1 jsing 1720: .Op Fl noout
1721: .Op Fl out Ar file
1.44 jmc 1722: .Op Fl outform Cm der | pem
1.1 jsing 1723: .Op Fl text
1724: .Op Ar numbits
1.114 jmc 1725: .Ek
1726: .El
1.1 jsing 1727: .Pp
1728: The
1729: .Nm dhparam
1730: command is used to manipulate DH parameter files.
1.44 jmc 1731: Only the older PKCS#3 DH is supported,
1732: not the newer X9.42 DH.
1.1 jsing 1733: .Pp
1734: The options are as follows:
1735: .Bl -tag -width Ds
1736: .It Fl 2 , 5
1.44 jmc 1737: The generator to use;
1.1 jsing 1738: 2 is the default.
1739: If present, the input file is ignored and parameters are generated instead.
1740: .It Fl C
1.44 jmc 1741: Convert the parameters into C code.
1.1 jsing 1742: The parameters can then be loaded by calling the
1.44 jmc 1743: .No get_dh Ns Ar numbits
1.1 jsing 1744: function.
1745: .It Fl check
1746: Check the DH parameters.
1747: .It Fl dsaparam
1.44 jmc 1748: Read or create DSA parameters,
1749: converted to DH format on output.
1.1 jsing 1750: Otherwise,
1751: .Qq strong
1752: primes
1753: .Pq such that (p-1)/2 is also prime
1754: will be used for DH parameter generation.
1755: .Pp
1756: DH parameter generation with the
1757: .Fl dsaparam
1758: option is much faster,
1759: and the recommended exponent length is shorter,
1760: which makes DH key exchange more efficient.
1761: Beware that with such DSA-style DH parameters,
1762: a fresh DH key should be created for each use to
1763: avoid small-subgroup attacks that may be possible otherwise.
1764: .It Fl in Ar file
1.44 jmc 1765: The input file to read from,
1766: or standard input if not specified.
1767: .It Fl inform Cm der | pem
1768: The input format.
1.1 jsing 1769: .It Fl noout
1.46 jmc 1770: Do not output the encoded version of the parameters.
1.44 jmc 1771: .It Fl out Ar file
1772: The output file to write to,
1773: or standard output if not specified.
1774: .It Fl outform Cm der | pem
1775: The output format.
1776: .It Fl text
1.64 jmc 1777: Print the DH parameters in plain text.
1.1 jsing 1778: .It Ar numbits
1.44 jmc 1779: Generate a parameter set of size
1.1 jsing 1780: .Ar numbits .
1781: It must be the last option.
1.16 sthen 1782: If not present, a value of 2048 is used.
1.1 jsing 1783: If this value is present, the input file is ignored and
1784: parameters are generated instead.
1785: .El
1.120 kn 1786: .Tg dsa
1.1 jsing 1787: .Sh DSA
1.114 jmc 1788: .Bl -hang -width "openssl dsa"
1789: .It Nm openssl dsa
1790: .Bk -words
1.1 jsing 1791: .Oo
1792: .Fl aes128 | aes192 | aes256 |
1793: .Fl des | des3
1794: .Oc
1795: .Op Fl in Ar file
1.108 inoguchi 1796: .Op Fl inform Cm der | pem | pvk
1.1 jsing 1797: .Op Fl modulus
1798: .Op Fl noout
1799: .Op Fl out Ar file
1.108 inoguchi 1800: .Op Fl outform Cm der | pem | pvk
1.1 jsing 1801: .Op Fl passin Ar arg
1802: .Op Fl passout Ar arg
1803: .Op Fl pubin
1804: .Op Fl pubout
1.108 inoguchi 1805: .Op Fl pvk-none | pvk-strong | pvk-weak
1.1 jsing 1806: .Op Fl text
1.114 jmc 1807: .Ek
1808: .El
1.1 jsing 1809: .Pp
1810: The
1811: .Nm dsa
1812: command processes DSA keys.
1813: They can be converted between various forms and their components printed out.
1814: .Pp
1815: .Sy Note :
1816: This command uses the traditional
1817: .Nm SSLeay
1818: compatible format for private key encryption:
1819: newer applications should use the more secure PKCS#8 format using the
1820: .Nm pkcs8
1821: command.
1822: .Pp
1823: The options are as follows:
1824: .Bl -tag -width Ds
1825: .It Xo
1826: .Fl aes128 | aes192 | aes256 |
1827: .Fl des | des3
1828: .Xc
1.45 jmc 1829: Encrypt the private key with the AES, DES, or the triple DES
1.1 jsing 1830: ciphers, respectively, before outputting it.
1831: A pass phrase is prompted for.
1.45 jmc 1832: If none of these options are specified, the key is written in plain text.
1.1 jsing 1833: This means that using the
1834: .Nm dsa
1.45 jmc 1835: utility to read an encrypted key with no encryption option can be used to
1.1 jsing 1836: remove the pass phrase from a key,
1.45 jmc 1837: or by setting the encryption options it can be used to add or change
1.1 jsing 1838: the pass phrase.
1839: These options can only be used with PEM format output files.
1840: .It Fl in Ar file
1.45 jmc 1841: The input file to read from,
1842: or standard input if not specified.
1.1 jsing 1843: If the key is encrypted, a pass phrase will be prompted for.
1.108 inoguchi 1844: .It Fl inform Cm der | pem | pvk
1.45 jmc 1845: The input format.
1.1 jsing 1846: .It Fl modulus
1.45 jmc 1847: Print the value of the public key component of the key.
1.1 jsing 1848: .It Fl noout
1.46 jmc 1849: Do not output the encoded version of the key.
1.1 jsing 1850: .It Fl out Ar file
1.45 jmc 1851: The output file to write to,
1852: or standard output if not specified.
1.1 jsing 1853: If any encryption options are set then a pass phrase will be
1854: prompted for.
1.108 inoguchi 1855: .It Fl outform Cm der | pem | pvk
1.45 jmc 1856: The output format.
1.1 jsing 1857: .It Fl passin Ar arg
1858: The key password source.
1859: .It Fl passout Ar arg
1860: The output file password source.
1861: .It Fl pubin
1.60 jmc 1862: Read in a public key, not a private key.
1.1 jsing 1863: .It Fl pubout
1.60 jmc 1864: Output a public key, not a private key.
1865: Automatically set if the input is a public key.
1.108 inoguchi 1866: .It Xo
1867: .Fl pvk-none | pvk-strong | pvk-weak
1868: .Xc
1869: Enable or disable PVK encoding.
1870: The default is
1871: .Fl pvk-strong .
1.1 jsing 1872: .It Fl text
1.64 jmc 1873: Print the public/private key in plain text.
1.1 jsing 1874: .El
1.120 kn 1875: .Tg dsaparam
1.1 jsing 1876: .Sh DSAPARAM
1.114 jmc 1877: .Bl -hang -width "openssl dsaparam"
1878: .It Nm openssl dsaparam
1879: .Bk -words
1.1 jsing 1880: .Op Fl C
1881: .Op Fl genkey
1882: .Op Fl in Ar file
1.46 jmc 1883: .Op Fl inform Cm der | pem
1.1 jsing 1884: .Op Fl noout
1885: .Op Fl out Ar file
1.46 jmc 1886: .Op Fl outform Cm der | pem
1.1 jsing 1887: .Op Fl text
1888: .Op Ar numbits
1.114 jmc 1889: .Ek
1890: .El
1.1 jsing 1891: .Pp
1892: The
1893: .Nm dsaparam
1894: command is used to manipulate or generate DSA parameter files.
1895: .Pp
1896: The options are as follows:
1897: .Bl -tag -width Ds
1898: .It Fl C
1.46 jmc 1899: Convert the parameters into C code.
1.1 jsing 1900: The parameters can then be loaded by calling the
1.46 jmc 1901: .No get_dsa Ns Ar XXX
1.1 jsing 1902: function.
1903: .It Fl genkey
1.46 jmc 1904: Generate a DSA key either using the specified or generated
1.1 jsing 1905: parameters.
1906: .It Fl in Ar file
1.46 jmc 1907: The input file to read from,
1908: or standard input if not specified.
1.1 jsing 1909: If the
1910: .Ar numbits
1.46 jmc 1911: parameter is included, then this option is ignored.
1912: .It Fl inform Cm der | pem
1913: The input format.
1.1 jsing 1914: .It Fl noout
1.46 jmc 1915: Do not output the encoded version of the parameters.
1916: .It Fl out Ar file
1917: The output file to write to,
1918: or standard output if not specified.
1919: .It Fl outform Cm der | pem
1920: The output format.
1921: .It Fl text
1.64 jmc 1922: Print the DSA parameters in plain text.
1.1 jsing 1923: .It Ar numbits
1.46 jmc 1924: Generate a parameter set of size
1.1 jsing 1925: .Ar numbits .
1.46 jmc 1926: If this option is included, the input file is ignored.
1.1 jsing 1927: .El
1.120 kn 1928: .Tg ec
1.1 jsing 1929: .Sh EC
1.114 jmc 1930: .Bl -hang -width "openssl ec"
1931: .It Nm openssl ec
1932: .Bk -words
1.1 jsing 1933: .Op Fl conv_form Ar arg
1934: .Op Fl des
1935: .Op Fl des3
1936: .Op Fl in Ar file
1.47 jmc 1937: .Op Fl inform Cm der | pem
1.1 jsing 1938: .Op Fl noout
1939: .Op Fl out Ar file
1.47 jmc 1940: .Op Fl outform Cm der | pem
1.1 jsing 1941: .Op Fl param_enc Ar arg
1942: .Op Fl param_out
1943: .Op Fl passin Ar arg
1944: .Op Fl passout Ar arg
1945: .Op Fl pubin
1946: .Op Fl pubout
1947: .Op Fl text
1.114 jmc 1948: .Ek
1949: .El
1.1 jsing 1950: .Pp
1951: The
1952: .Nm ec
1953: command processes EC keys.
1954: They can be converted between various
1955: forms and their components printed out.
1.47 jmc 1956: .Nm openssl
1.1 jsing 1957: uses the private key format specified in
1958: .Dq SEC 1: Elliptic Curve Cryptography
1.136 jsg 1959: .Pq Lk https://www.secg.org/ .
1.1 jsing 1960: To convert an
1961: EC private key into the PKCS#8 private key format use the
1962: .Nm pkcs8
1963: command.
1964: .Pp
1965: The options are as follows:
1966: .Bl -tag -width Ds
1967: .It Fl conv_form Ar arg
1.47 jmc 1968: Specify how the points on the elliptic curve are converted
1.1 jsing 1969: into octet strings.
1970: Possible values are:
1.95 tb 1971: .Cm compressed ,
1972: .Cm uncompressed
1.47 jmc 1973: (the default),
1.1 jsing 1974: and
1975: .Cm hybrid .
1976: For more information regarding
1.47 jmc 1977: the point conversion forms see the X9.62 standard.
1.1 jsing 1978: Note:
1979: Due to patent issues the
1980: .Cm compressed
1981: option is disabled by default for binary curves
1982: and can be enabled by defining the preprocessor macro
1.47 jmc 1983: .Dv OPENSSL_EC_BIN_PT_COMP
1.1 jsing 1984: at compile time.
1985: .It Fl des | des3
1.47 jmc 1986: Encrypt the private key with DES, triple DES, or
1.1 jsing 1987: any other cipher supported by
1.47 jmc 1988: .Nm openssl .
1.1 jsing 1989: A pass phrase is prompted for.
1.127 jmc 1990: If none of these options are specified, the key is written in plain text.
1.1 jsing 1991: This means that using the
1992: .Nm ec
1993: utility to read in an encrypted key with no
1994: encryption option can be used to remove the pass phrase from a key,
1995: or by setting the encryption options
1.83 naddy 1996: it can be used to add or change the pass phrase.
1.1 jsing 1997: These options can only be used with PEM format output files.
1998: .It Fl in Ar file
1.47 jmc 1999: The input file to read a key from,
2000: or standard input if not specified.
1.127 jmc 2001: If the key is encrypted, a pass phrase will be prompted for.
1.47 jmc 2002: .It Fl inform Cm der | pem
2003: The input format.
1.1 jsing 2004: .It Fl noout
1.47 jmc 2005: Do not output the encoded version of the key.
1.1 jsing 2006: .It Fl out Ar file
1.47 jmc 2007: The output filename to write to,
2008: or standard output if not specified.
1.1 jsing 2009: If any encryption options are set then a pass phrase will be prompted for.
1.47 jmc 2010: .It Fl outform Cm der | pem
2011: The output format.
1.1 jsing 2012: .It Fl param_enc Ar arg
1.47 jmc 2013: Specify how the elliptic curve parameters are encoded.
1.1 jsing 2014: Possible value are:
2015: .Cm named_curve ,
2016: i.e. the EC parameters are specified by an OID; or
2017: .Cm explicit ,
2018: where the EC parameters are explicitly given
2019: (see RFC 3279 for the definition of the EC parameter structures).
2020: The default value is
2021: .Cm named_curve .
2022: Note: the
2023: .Cm implicitlyCA
2024: alternative,
2025: as specified in RFC 3279,
1.47 jmc 2026: is currently not implemented.
1.106 inoguchi 2027: .It Fl param_out
2028: Print the elliptic curve parameters.
1.1 jsing 2029: .It Fl passin Ar arg
2030: The key password source.
2031: .It Fl passout Ar arg
2032: The output file password source.
2033: .It Fl pubin
1.60 jmc 2034: Read in a public key, not a private key.
1.1 jsing 2035: .It Fl pubout
1.60 jmc 2036: Output a public key, not a private key.
2037: Automatically set if the input is a public key.
1.1 jsing 2038: .It Fl text
1.64 jmc 2039: Print the public/private key in plain text.
1.1 jsing 2040: .El
1.120 kn 2041: .Tg ecparam
1.1 jsing 2042: .Sh ECPARAM
1.114 jmc 2043: .Bl -hang -width "openssl ecparam"
2044: .It Nm openssl ecparam
2045: .Bk -words
1.1 jsing 2046: .Op Fl C
2047: .Op Fl check
2048: .Op Fl conv_form Ar arg
2049: .Op Fl genkey
2050: .Op Fl in Ar file
1.48 jmc 2051: .Op Fl inform Cm der | pem
1.1 jsing 2052: .Op Fl list_curves
2053: .Op Fl name Ar arg
2054: .Op Fl no_seed
2055: .Op Fl noout
2056: .Op Fl out Ar file
1.48 jmc 2057: .Op Fl outform Cm der | pem
1.1 jsing 2058: .Op Fl param_enc Ar arg
2059: .Op Fl text
1.114 jmc 2060: .Ek
2061: .El
1.1 jsing 2062: .Pp
1.48 jmc 2063: The
2064: .Nm ecparam
2065: command is used to manipulate or generate EC parameter files.
2066: .Nm openssl
2067: is not able to generate new groups so
2068: .Nm ecparam
2069: can only create EC parameters from known (named) curves.
2070: .Pp
1.1 jsing 2071: The options are as follows:
2072: .Bl -tag -width Ds
2073: .It Fl C
2074: Convert the EC parameters into C code.
2075: The parameters can then be loaded by calling the
1.48 jmc 2076: .No get_ec_group_ Ns Ar XXX
1.1 jsing 2077: function.
2078: .It Fl check
2079: Validate the elliptic curve parameters.
2080: .It Fl conv_form Ar arg
2081: Specify how the points on the elliptic curve are converted
2082: into octet strings.
2083: Possible values are:
1.95 tb 2084: .Cm compressed ,
2085: .Cm uncompressed
1.48 jmc 2086: (the default),
1.1 jsing 2087: and
2088: .Cm hybrid .
2089: For more information regarding
1.48 jmc 2090: the point conversion forms see the X9.62 standard.
1.1 jsing 2091: Note:
2092: Due to patent issues the
2093: .Cm compressed
2094: option is disabled by default for binary curves
2095: and can be enabled by defining the preprocessor macro
1.48 jmc 2096: .Dv OPENSSL_EC_BIN_PT_COMP
1.1 jsing 2097: at compile time.
2098: .It Fl genkey
2099: Generate an EC private key using the specified parameters.
2100: .It Fl in Ar file
1.48 jmc 2101: The input file to read from,
2102: or standard input if not specified.
2103: .It Fl inform Cm der | pem
2104: The input format.
1.1 jsing 2105: .It Fl list_curves
1.48 jmc 2106: Print a list of all
1.1 jsing 2107: currently implemented EC parameter names and exit.
2108: .It Fl name Ar arg
1.48 jmc 2109: Use the EC parameters with the specified "short" name.
1.1 jsing 2110: .It Fl no_seed
1.48 jmc 2111: Do not include the seed for the parameter generation
2112: in the ECParameters structure (see RFC 3279).
1.1 jsing 2113: .It Fl noout
1.48 jmc 2114: Do not output the encoded version of the parameters.
1.1 jsing 2115: .It Fl out Ar file
1.48 jmc 2116: The output file to write to,
2117: or standard output if not specified.
2118: .It Fl outform Cm der | pem
2119: The output format.
1.1 jsing 2120: .It Fl param_enc Ar arg
1.48 jmc 2121: Specify how the elliptic curve parameters are encoded.
1.1 jsing 2122: Possible value are:
2123: .Cm named_curve ,
2124: i.e. the EC parameters are specified by an OID, or
2125: .Cm explicit ,
2126: where the EC parameters are explicitly given
2127: (see RFC 3279 for the definition of the EC parameter structures).
2128: The default value is
2129: .Cm named_curve .
2130: Note: the
2131: .Cm implicitlyCA
2132: alternative, as specified in RFC 3279,
1.48 jmc 2133: is currently not implemented.
1.1 jsing 2134: .It Fl text
1.64 jmc 2135: Print the EC parameters in plain text.
1.1 jsing 2136: .El
1.120 kn 2137: .Tg enc
1.1 jsing 2138: .Sh ENC
1.114 jmc 2139: .Bl -hang -width "openssl enc"
2140: .It Nm openssl enc
2141: .Bk -words
1.1 jsing 2142: .Fl ciphername
1.106 inoguchi 2143: .Op Fl AadePpv
1.1 jsing 2144: .Op Fl base64
2145: .Op Fl bufsize Ar number
2146: .Op Fl debug
2147: .Op Fl in Ar file
1.97 jmc 2148: .Op Fl iter Ar iterations
1.1 jsing 2149: .Op Fl iv Ar IV
2150: .Op Fl K Ar key
2151: .Op Fl k Ar password
2152: .Op Fl kfile Ar file
2153: .Op Fl md Ar digest
2154: .Op Fl none
2155: .Op Fl nopad
2156: .Op Fl nosalt
2157: .Op Fl out Ar file
2158: .Op Fl pass Ar arg
1.96 beck 2159: .Op Fl pbkdf2
1.1 jsing 2160: .Op Fl S Ar salt
2161: .Op Fl salt
1.114 jmc 2162: .Ek
2163: .El
1.1 jsing 2164: .Pp
2165: The symmetric cipher commands allow data to be encrypted or decrypted
2166: using various block and stream ciphers using keys based on passwords
2167: or explicitly provided.
2168: Base64 encoding or decoding can also be performed either by itself
2169: or in addition to the encryption or decryption.
1.49 jmc 2170: The program can be called either as
2171: .Nm openssl Ar ciphername
2172: or
2173: .Nm openssl enc - Ns Ar ciphername .
2174: .Pp
2175: Some of the ciphers do not have large keys and others have security
2176: implications if not used correctly.
2177: All the block ciphers normally use PKCS#5 padding,
2178: also known as standard block padding.
2179: If padding is disabled, the input data must be a multiple of the cipher
2180: block length.
1.1 jsing 2181: .Pp
2182: The options are as follows:
2183: .Bl -tag -width Ds
2184: .It Fl A
2185: If the
2186: .Fl a
2187: option is set, then base64 process the data on one line.
2188: .It Fl a , base64
2189: Base64 process the data.
2190: This means that if encryption is taking place, the data is base64-encoded
2191: after encryption.
1.49 jmc 2192: If decryption is set, the input data is base64-decoded before
1.1 jsing 2193: being decrypted.
2194: .It Fl bufsize Ar number
2195: Set the buffer size for I/O.
2196: .It Fl d
2197: Decrypt the input data.
2198: .It Fl debug
2199: Debug the BIOs used for I/O.
2200: .It Fl e
1.49 jmc 2201: Encrypt the input data.
2202: This is the default.
1.1 jsing 2203: .It Fl in Ar file
1.49 jmc 2204: The input file to read from,
1.57 jmc 2205: or standard input if not specified.
1.97 jmc 2206: .It Fl iter Ar iterations
2207: Use the pbkdf2 key derivation function, with
2208: .Ar iterations
2209: as the number of iterations.
1.1 jsing 2210: .It Fl iv Ar IV
2211: The actual
2212: .Ar IV
2213: .Pq initialisation vector
2214: to use:
2215: this must be represented as a string comprised only of hex digits.
2216: When only the
2217: .Ar key
2218: is specified using the
2219: .Fl K
1.49 jmc 2220: option,
2221: the IV must explicitly be defined.
1.1 jsing 2222: When a password is being specified using one of the other options,
1.49 jmc 2223: the IV is generated from this password.
1.1 jsing 2224: .It Fl K Ar key
2225: The actual
2226: .Ar key
2227: to use:
2228: this must be represented as a string comprised only of hex digits.
1.49 jmc 2229: If only the key is specified,
2230: the IV must also be specified using the
1.1 jsing 2231: .Fl iv
2232: option.
2233: When both a
2234: .Ar key
2235: and a
2236: .Ar password
2237: are specified, the
2238: .Ar key
2239: given with the
2240: .Fl K
1.49 jmc 2241: option will be used and the IV generated from the password will be taken.
1.1 jsing 2242: It probably does not make much sense to specify both
2243: .Ar key
2244: and
2245: .Ar password .
2246: .It Fl k Ar password
2247: The
2248: .Ar password
2249: to derive the key from.
2250: Superseded by the
2251: .Fl pass
2252: option.
2253: .It Fl kfile Ar file
2254: Read the password to derive the key from the first line of
2255: .Ar file .
2256: Superseded by the
2257: .Fl pass
2258: option.
2259: .It Fl md Ar digest
2260: Use
2261: .Ar digest
2262: to create a key from a pass phrase.
1.118 sthen 2263: Currently, the default value is
1.117 tb 2264: .Cm sha256 .
1.1 jsing 2265: .It Fl none
2266: Use NULL cipher (no encryption or decryption of input).
2267: .It Fl nopad
2268: Disable standard block padding.
2269: .It Fl nosalt
1.49 jmc 2270: Don't use a salt in the key derivation routines.
1.81 jmc 2271: This option should never be used
1.49 jmc 2272: since it makes it possible to perform efficient dictionary
2273: attacks on the password and to attack stream cipher encrypted data.
1.1 jsing 2274: .It Fl out Ar file
1.51 jmc 2275: The output file to write to,
1.57 jmc 2276: or standard output if not specified.
1.1 jsing 2277: .It Fl P
1.49 jmc 2278: Print out the salt, key, and IV used, then immediately exit;
1.1 jsing 2279: don't do any encryption or decryption.
2280: .It Fl p
1.49 jmc 2281: Print out the salt, key, and IV used.
1.1 jsing 2282: .It Fl pass Ar arg
2283: The password source.
1.96 beck 2284: .It Fl pbkdf2
1.97 jmc 2285: Use the pbkdf2 key derivation function, with
1.96 beck 2286: the default of 10000 iterations.
1.1 jsing 2287: .It Fl S Ar salt
2288: The actual
2289: .Ar salt
2290: to use:
2291: this must be represented as a string comprised only of hex digits.
2292: .It Fl salt
1.49 jmc 2293: Use a salt in the key derivation routines (the default).
1.137 naddy 2294: When the salt is being used,
1.49 jmc 2295: the first eight bytes of the encrypted data are reserved for the salt:
2296: it is randomly generated when encrypting a file and read from the
2297: encrypted file when it is decrypted.
1.106 inoguchi 2298: .It Fl v
2299: Print extra details about the processing.
1.1 jsing 2300: .El
1.120 kn 2301: .Tg errstr
1.1 jsing 2302: .Sh ERRSTR
2303: .Nm openssl errstr
2304: .Op Fl stats
2305: .Ar errno ...
2306: .Pp
2307: The
2308: .Nm errstr
2309: command performs error number to error string conversion,
2310: generating a human-readable string representing the error code
2311: .Ar errno .
2312: The string is obtained through the
2313: .Xr ERR_error_string_n 3
2314: function and has the following format:
2315: .Pp
2316: .Dl error:[error code]:[library name]:[function name]:[reason string]
2317: .Pp
2318: .Bq error code
2319: is an 8-digit hexadecimal number.
2320: The remaining fields
2321: .Bq library name ,
2322: .Bq function name ,
2323: and
2324: .Bq reason string
2325: are all ASCII text.
2326: .Pp
2327: The options are as follows:
2328: .Bl -tag -width Ds
2329: .It Fl stats
2330: Print debugging statistics about various aspects of the hash table.
2331: .El
1.120 kn 2332: .Tg gendsa
1.1 jsing 2333: .Sh GENDSA
1.114 jmc 2334: .Bl -hang -width "openssl gendsa"
2335: .It Nm openssl gendsa
2336: .Bk -words
1.1 jsing 2337: .Oo
1.102 jmc 2338: .Fl aes128 | aes192 | aes256 | camellia128 |
2339: .Fl camellia192 | camellia256 | des | des3 | idea
1.1 jsing 2340: .Oc
2341: .Op Fl out Ar file
1.101 inoguchi 2342: .Op Fl passout Ar arg
2343: .Ar paramfile
1.114 jmc 2344: .Ek
2345: .El
1.1 jsing 2346: .Pp
2347: The
2348: .Nm gendsa
2349: command generates a DSA private key from a DSA parameter file
1.51 jmc 2350: (typically generated by the
1.1 jsing 2351: .Nm openssl dsaparam
2352: command).
1.51 jmc 2353: DSA key generation is little more than random number generation so it is
2354: much quicker than,
2355: for example,
2356: RSA key generation.
1.1 jsing 2357: .Pp
2358: The options are as follows:
2359: .Bl -tag -width Ds
2360: .It Xo
2361: .Fl aes128 | aes192 | aes256 |
1.101 inoguchi 2362: .Fl camellia128 | camellia192 | camellia256 |
2363: .Fl des | des3 |
2364: .Fl idea
1.1 jsing 2365: .Xc
1.101 inoguchi 2366: Encrypt the private key with the AES, CAMELLIA, DES, triple DES
2367: or the IDEA ciphers, respectively, before outputting it.
1.1 jsing 2368: A pass phrase is prompted for.
2369: If none of these options are specified, no encryption is used.
2370: .It Fl out Ar file
1.51 jmc 2371: The output file to write to,
1.57 jmc 2372: or standard output if not specified.
1.101 inoguchi 2373: .It Fl passout Ar arg
2374: The output file password source.
1.1 jsing 2375: .It Ar paramfile
1.51 jmc 2376: Specify the DSA parameter file to use.
1.1 jsing 2377: The parameters in this file determine the size of the private key.
2378: .El
1.120 kn 2379: .Tg genpkey
1.1 jsing 2380: .Sh GENPKEY
1.114 jmc 2381: .Bl -hang -width "openssl genpkey"
2382: .It Nm openssl genpkey
2383: .Bk -words
1.1 jsing 2384: .Op Fl algorithm Ar alg
2385: .Op Ar cipher
2386: .Op Fl genparam
2387: .Op Fl out Ar file
1.52 jmc 2388: .Op Fl outform Cm der | pem
1.1 jsing 2389: .Op Fl paramfile Ar file
2390: .Op Fl pass Ar arg
2391: .Op Fl pkeyopt Ar opt : Ns Ar value
2392: .Op Fl text
1.114 jmc 2393: .Ek
2394: .El
1.1 jsing 2395: .Pp
2396: The
2397: .Nm genpkey
2398: command generates private keys.
2399: The use of this
2400: program is encouraged over the algorithm specific utilities
1.22 bcook 2401: because additional algorithm options can be used.
1.1 jsing 2402: .Pp
2403: The options are as follows:
2404: .Bl -tag -width Ds
2405: .It Fl algorithm Ar alg
2406: The public key algorithm to use,
2407: such as RSA, DSA, or DH.
1.52 jmc 2408: This option must precede any
1.1 jsing 2409: .Fl pkeyopt
2410: options.
2411: The options
2412: .Fl paramfile
2413: and
2414: .Fl algorithm
2415: are mutually exclusive.
2416: .It Ar cipher
2417: Encrypt the private key with the supplied cipher.
2418: Any algorithm name accepted by
1.52 jmc 2419: .Xr EVP_get_cipherbyname 3
2420: is acceptable.
1.1 jsing 2421: .It Fl genparam
2422: Generate a set of parameters instead of a private key.
1.52 jmc 2423: This option must precede any
1.1 jsing 2424: .Fl algorithm ,
2425: .Fl paramfile ,
2426: or
2427: .Fl pkeyopt
2428: options.
2429: .It Fl out Ar file
1.52 jmc 2430: The output file to write to,
1.57 jmc 2431: or standard output if not specified.
1.52 jmc 2432: .It Fl outform Cm der | pem
2433: The output format.
1.1 jsing 2434: .It Fl paramfile Ar file
1.52 jmc 2435: Some public key algorithms generate a private key based on a set of parameters,
2436: which can be supplied using this option.
1.137 naddy 2437: If this option is used, the public key
1.1 jsing 2438: algorithm used is determined by the parameters.
1.52 jmc 2439: This option must precede any
1.1 jsing 2440: .Fl pkeyopt
2441: options.
2442: The options
2443: .Fl paramfile
2444: and
2445: .Fl algorithm
2446: are mutually exclusive.
2447: .It Fl pass Ar arg
2448: The output file password source.
2449: .It Fl pkeyopt Ar opt : Ns Ar value
2450: Set the public key algorithm option
2451: .Ar opt
2452: to
1.52 jmc 2453: .Ar value ,
2454: as follows:
1.1 jsing 2455: .Bl -tag -width Ds -offset indent
2456: .It rsa_keygen_bits : Ns Ar numbits
2457: (RSA)
2458: The number of bits in the generated key.
1.52 jmc 2459: The default is 2048.
1.1 jsing 2460: .It rsa_keygen_pubexp : Ns Ar value
2461: (RSA)
2462: The RSA public exponent value.
2463: This can be a large decimal or hexadecimal value if preceded by 0x.
1.52 jmc 2464: The default is 65537.
1.1 jsing 2465: .It dsa_paramgen_bits : Ns Ar numbits
2466: (DSA)
2467: The number of bits in the generated parameters.
1.52 jmc 2468: The default is 1024.
1.1 jsing 2469: .It dh_paramgen_prime_len : Ns Ar numbits
2470: (DH)
2471: The number of bits in the prime parameter
2472: .Ar p .
2473: .It dh_paramgen_generator : Ns Ar value
2474: (DH)
2475: The value to use for the generator
2476: .Ar g .
2477: .It ec_paramgen_curve : Ns Ar curve
2478: (EC)
1.121 schwarze 2479: The elliptic curve to use.
1.1 jsing 2480: .El
1.52 jmc 2481: .It Fl text
1.64 jmc 2482: Print the private/public key in plain text.
1.52 jmc 2483: .El
1.120 kn 2484: .Tg genrsa
1.1 jsing 2485: .Sh GENRSA
1.114 jmc 2486: .Bl -hang -width "openssl genrsa"
2487: .It Nm openssl genrsa
2488: .Bk -words
1.1 jsing 2489: .Op Fl 3 | f4
1.109 inoguchi 2490: .Oo
2491: .Fl aes128 | aes192 | aes256 | camellia128 |
2492: .Fl camellia192 | camellia256 | des | des3 | idea
2493: .Oc
1.1 jsing 2494: .Op Fl out Ar file
2495: .Op Fl passout Ar arg
2496: .Op Ar numbits
1.114 jmc 2497: .Ek
2498: .El
1.1 jsing 2499: .Pp
2500: The
2501: .Nm genrsa
1.53 jmc 2502: command generates an RSA private key,
2503: which essentially involves the generation of two prime numbers.
2504: When generating the key,
2505: various symbols will be output to indicate the progress of the generation.
2506: A
2507: .Sq \&.
2508: represents each number which has passed an initial sieve test;
2509: .Sq +
1.128 tb 2510: means a number has passed a single round of the Miller-Rabin primality test;
2511: .Sq *
2512: means the number has failed primality testing
2513: and needs to be generated afresh.
1.53 jmc 2514: A newline means that the number has passed all the prime tests
2515: (the actual number depends on the key size).
1.1 jsing 2516: .Pp
2517: The options are as follows:
2518: .Bl -tag -width Ds
2519: .It Fl 3 | f4
2520: The public exponent to use, either 3 or 65537.
2521: The default is 65537.
1.109 inoguchi 2522: .It Xo
2523: .Fl aes128 | aes192 | aes256 |
2524: .Fl camellia128 | camellia192 | camellia256 |
2525: .Fl des | des3 |
2526: .Fl idea
2527: .Xc
2528: Encrypt the private key with the AES, CAMELLIA, DES, triple DES
2529: or the IDEA ciphers, respectively, before outputting it.
1.1 jsing 2530: If none of these options are specified, no encryption is used.
2531: If encryption is used, a pass phrase is prompted for,
2532: if it is not supplied via the
2533: .Fl passout
2534: option.
2535: .It Fl out Ar file
1.53 jmc 2536: The output file to write to,
1.57 jmc 2537: or standard output if not specified.
1.1 jsing 2538: .It Fl passout Ar arg
2539: The output file password source.
2540: .It Ar numbits
2541: The size of the private key to generate in bits.
2542: This must be the last option specified.
2543: The default is 2048.
2544: .El
1.120 kn 2545: .Tg ocsp
1.1 jsing 2546: .Sh OCSP
1.114 jmc 2547: .Bl -hang -width "openssl ocsp"
2548: .It Nm openssl ocsp
2549: .Bk -words
1.1 jsing 2550: .Op Fl CA Ar file
2551: .Op Fl CAfile Ar file
2552: .Op Fl CApath Ar directory
2553: .Op Fl cert Ar file
2554: .Op Fl dgst Ar alg
1.108 inoguchi 2555: .Op Fl header Ar name value
1.55 jmc 2556: .Op Fl host Ar hostname : Ns Ar port
1.108 inoguchi 2557: .Op Fl ignore_err
1.1 jsing 2558: .Op Fl index Ar indexfile
2559: .Op Fl issuer Ar file
2560: .Op Fl ndays Ar days
2561: .Op Fl nmin Ar minutes
2562: .Op Fl no_cert_checks
2563: .Op Fl no_cert_verify
2564: .Op Fl no_certs
2565: .Op Fl no_chain
1.108 inoguchi 2566: .Op Fl no_explicit
1.1 jsing 2567: .Op Fl no_intern
2568: .Op Fl no_nonce
2569: .Op Fl no_signature_verify
2570: .Op Fl nonce
2571: .Op Fl noverify
2572: .Op Fl nrequest Ar number
2573: .Op Fl out Ar file
2574: .Op Fl path Ar path
2575: .Op Fl port Ar portnum
2576: .Op Fl req_text
2577: .Op Fl reqin Ar file
2578: .Op Fl reqout Ar file
2579: .Op Fl resp_key_id
2580: .Op Fl resp_no_certs
2581: .Op Fl resp_text
2582: .Op Fl respin Ar file
2583: .Op Fl respout Ar file
2584: .Op Fl rkey Ar file
2585: .Op Fl rother Ar file
2586: .Op Fl rsigner Ar file
1.108 inoguchi 2587: .Op Fl serial Ar num
1.1 jsing 2588: .Op Fl sign_other Ar file
2589: .Op Fl signer Ar file
2590: .Op Fl signkey Ar file
2591: .Op Fl status_age Ar age
2592: .Op Fl text
1.108 inoguchi 2593: .Op Fl timeout Ar seconds
1.1 jsing 2594: .Op Fl trust_other
2595: .Op Fl url Ar responder_url
2596: .Op Fl VAfile Ar file
2597: .Op Fl validity_period Ar nsec
2598: .Op Fl verify_other Ar file
1.114 jmc 2599: .Ek
2600: .El
1.1 jsing 2601: .Pp
1.55 jmc 2602: The Online Certificate Status Protocol (OCSP)
2603: enables applications to determine the (revocation) state
2604: of an identified certificate (RFC 2560).
1.1 jsing 2605: .Pp
2606: The
2607: .Nm ocsp
2608: command performs many common OCSP tasks.
2609: It can be used to print out requests and responses,
2610: create requests and send queries to an OCSP responder,
2611: and behave like a mini OCSP server itself.
2612: .Pp
2613: The options are as follows:
2614: .Bl -tag -width Ds
2615: .It Fl CAfile Ar file , Fl CApath Ar directory
1.55 jmc 2616: A file or path containing trusted CA certificates,
2617: used to verify the signature on the OCSP response.
1.1 jsing 2618: .It Fl cert Ar file
2619: Add the certificate
2620: .Ar file
2621: to the request.
2622: The issuer certificate is taken from the previous
2623: .Fl issuer
2624: option, or an error occurs if no issuer certificate is specified.
2625: .It Fl dgst Ar alg
1.55 jmc 2626: Use the digest algorithm
2627: .Ar alg
2628: for certificate identification in the OCSP request.
1.125 inoguchi 2629: By default SHA1 is used.
1.1 jsing 2630: .It Xo
2631: .Fl host Ar hostname : Ns Ar port ,
2632: .Fl path Ar path
2633: .Xc
1.55 jmc 2634: Send
2635: the OCSP request to
1.1 jsing 2636: .Ar hostname
1.55 jmc 2637: on
1.1 jsing 2638: .Ar port .
2639: .Fl path
2640: specifies the HTTP path name to use, or
1.55 jmc 2641: .Pa /
1.1 jsing 2642: by default.
1.108 inoguchi 2643: .It Fl header Ar name value
2644: Add the header name with the specified value to the OCSP request that is sent
2645: to the responder.
2646: This may be repeated.
1.1 jsing 2647: .It Fl issuer Ar file
1.81 jmc 2648: The current issuer certificate, in PEM format.
2649: Can be used multiple times and must come before any
1.1 jsing 2650: .Fl cert
2651: options.
2652: .It Fl no_cert_checks
2653: Don't perform any additional checks on the OCSP response signer's certificate.
2654: That is, do not make any checks to see if the signer's certificate is
2655: authorised to provide the necessary status information:
2656: as a result this option should only be used for testing purposes.
2657: .It Fl no_cert_verify
2658: Don't verify the OCSP response signer's certificate at all.
2659: Since this option allows the OCSP response to be signed by any certificate,
2660: it should only be used for testing purposes.
2661: .It Fl no_certs
1.55 jmc 2662: Don't include any certificates in the signed request.
1.1 jsing 2663: .It Fl no_chain
2664: Do not use certificates in the response as additional untrusted CA
2665: certificates.
1.108 inoguchi 2666: .It Fl no_explicit
2667: Don't check the explicit trust for OCSP signing in the root CA certificate.
1.1 jsing 2668: .It Fl no_intern
2669: Ignore certificates contained in the OCSP response
2670: when searching for the signer's certificate.
1.55 jmc 2671: The signer's certificate must be specified with either the
1.1 jsing 2672: .Fl verify_other
2673: or
2674: .Fl VAfile
2675: options.
2676: .It Fl no_signature_verify
2677: Don't check the signature on the OCSP response.
2678: Since this option tolerates invalid signatures on OCSP responses,
2679: it will normally only be used for testing purposes.
2680: .It Fl nonce , no_nonce
1.55 jmc 2681: Add an OCSP nonce extension to a request,
2682: or disable an OCSP nonce addition.
1.1 jsing 2683: Normally, if an OCSP request is input using the
2684: .Fl respin
1.55 jmc 2685: option no nonce is added:
1.1 jsing 2686: using the
2687: .Fl nonce
1.55 jmc 2688: option will force the addition of a nonce.
1.1 jsing 2689: If an OCSP request is being created (using the
2690: .Fl cert
2691: and
2692: .Fl serial
1.137 naddy 2693: options),
1.55 jmc 2694: a nonce is automatically added; specifying
1.1 jsing 2695: .Fl no_nonce
2696: overrides this.
2697: .It Fl noverify
1.55 jmc 2698: Don't attempt to verify the OCSP response signature or the nonce values.
2699: This is normally only be used for debugging
1.1 jsing 2700: since it disables all verification of the responder's certificate.
2701: .It Fl out Ar file
1.55 jmc 2702: Specify the output file to write to,
1.57 jmc 2703: or standard output if not specified.
1.1 jsing 2704: .It Fl req_text , resp_text , text
2705: Print out the text form of the OCSP request, response, or both, respectively.
2706: .It Fl reqin Ar file , Fl respin Ar file
2707: Read an OCSP request or response file from
2708: .Ar file .
2709: These options are ignored
2710: if an OCSP request or response creation is implied by other options
2711: (for example with the
2712: .Fl serial , cert ,
2713: and
2714: .Fl host
2715: options).
2716: .It Fl reqout Ar file , Fl respout Ar file
2717: Write out the DER-encoded certificate request or response to
2718: .Ar file .
2719: .It Fl serial Ar num
2720: Same as the
2721: .Fl cert
2722: option except the certificate with serial number
2723: .Ar num
2724: is added to the request.
2725: The serial number is interpreted as a decimal integer unless preceded by
2726: .Sq 0x .
1.55 jmc 2727: Negative integers can also be specified
2728: by preceding the value with a minus sign.
1.1 jsing 2729: .It Fl sign_other Ar file
2730: Additional certificates to include in the signed request.
2731: .It Fl signer Ar file , Fl signkey Ar file
2732: Sign the OCSP request using the certificate specified in the
2733: .Fl signer
2734: option and the private key specified by the
2735: .Fl signkey
2736: option.
2737: If the
2738: .Fl signkey
2739: option is not present, then the private key is read from the same file
2740: as the certificate.
2741: If neither option is specified, the OCSP request is not signed.
1.108 inoguchi 2742: .It Fl timeout Ar seconds
2743: Connection timeout to the OCSP responder in seconds.
1.1 jsing 2744: .It Fl trust_other
2745: The certificates specified by the
2746: .Fl verify_other
2747: option should be explicitly trusted and no additional checks will be
2748: performed on them.
2749: This is useful when the complete responder certificate chain is not available
2750: or trusting a root CA is not appropriate.
2751: .It Fl url Ar responder_url
2752: Specify the responder URL.
2753: Both HTTP and HTTPS
2754: .Pq SSL/TLS
2755: URLs can be specified.
2756: .It Fl VAfile Ar file
1.55 jmc 2757: A file containing explicitly trusted responder certificates.
1.1 jsing 2758: Equivalent to the
2759: .Fl verify_other
2760: and
2761: .Fl trust_other
2762: options.
2763: .It Fl validity_period Ar nsec , Fl status_age Ar age
1.55 jmc 2764: The range of times, in seconds, which will be tolerated in an OCSP response.
2765: Each certificate status response includes a notBefore time
2766: and an optional notAfter time.
1.1 jsing 2767: The current time should fall between these two values,
2768: but the interval between the two times may be only a few seconds.
2769: In practice the OCSP responder and clients' clocks may not be precisely
2770: synchronised and so such a check may fail.
2771: To avoid this the
2772: .Fl validity_period
2773: option can be used to specify an acceptable error range in seconds,
1.55 jmc 2774: the default value being 5 minutes.
1.1 jsing 2775: .Pp
1.55 jmc 2776: If the notAfter time is omitted from a response,
2777: it means that new status information is immediately available.
2778: In this case the age of the notBefore field is checked
2779: to see it is not older than
1.1 jsing 2780: .Ar age
2781: seconds old.
2782: By default, this additional check is not performed.
2783: .It Fl verify_other Ar file
1.55 jmc 2784: A file containing additional certificates to search
2785: when attempting to locate the OCSP response signing certificate.
2786: Some responders omit the actual signer's certificate from the response,
2787: so this can be used to supply the necessary certificate.
1.1 jsing 2788: .El
1.55 jmc 2789: .Pp
2790: The options for the OCSP server are as follows:
1.1 jsing 2791: .Bl -tag -width "XXXX"
2792: .It Fl CA Ar file
2793: CA certificate corresponding to the revocation information in
2794: .Ar indexfile .
1.108 inoguchi 2795: .It Fl ignore_err
2796: Ignore the invalid response.
1.1 jsing 2797: .It Fl index Ar indexfile
2798: .Ar indexfile
1.55 jmc 2799: is a text index file in ca format
2800: containing certificate revocation information.
1.1 jsing 2801: .Pp
1.55 jmc 2802: If this option is specified,
1.1 jsing 2803: .Nm ocsp
1.55 jmc 2804: is in responder mode, otherwise it is in client mode.
2805: The requests the responder processes can be either specified on
1.1 jsing 2806: the command line (using the
2807: .Fl issuer
2808: and
2809: .Fl serial
2810: options), supplied in a file (using the
2811: .Fl respin
1.55 jmc 2812: option), or via external OCSP clients (if
1.1 jsing 2813: .Ar port
2814: or
2815: .Ar url
2816: is specified).
2817: .Pp
1.55 jmc 2818: If this option is present, then the
1.1 jsing 2819: .Fl CA
2820: and
2821: .Fl rsigner
2822: options must also be present.
2823: .It Fl nmin Ar minutes , Fl ndays Ar days
2824: Number of
2825: .Ar minutes
2826: or
2827: .Ar days
1.55 jmc 2828: when fresh revocation information is available:
2829: used in the nextUpdate field.
2830: If neither option is present,
2831: the nextUpdate field is omitted,
2832: meaning fresh revocation information is immediately available.
1.1 jsing 2833: .It Fl nrequest Ar number
1.55 jmc 2834: Exit after receiving
1.1 jsing 2835: .Ar number
1.55 jmc 2836: requests (the default is unlimited).
1.1 jsing 2837: .It Fl port Ar portnum
2838: Port to listen for OCSP requests on.
1.55 jmc 2839: May also be specified using the
1.1 jsing 2840: .Fl url
2841: option.
2842: .It Fl resp_key_id
2843: Identify the signer certificate using the key ID;
1.55 jmc 2844: the default is to use the subject name.
1.1 jsing 2845: .It Fl resp_no_certs
2846: Don't include any certificates in the OCSP response.
2847: .It Fl rkey Ar file
2848: The private key to sign OCSP responses with;
2849: if not present, the file specified in the
2850: .Fl rsigner
2851: option is used.
2852: .It Fl rother Ar file
2853: Additional certificates to include in the OCSP response.
2854: .It Fl rsigner Ar file
2855: The certificate to sign OCSP responses with.
2856: .El
2857: .Pp
2858: Initially the OCSP responder certificate is located and the signature on
2859: the OCSP request checked using the responder certificate's public key.
2860: Then a normal certificate verify is performed on the OCSP responder certificate
2861: building up a certificate chain in the process.
2862: The locations of the trusted certificates used to build the chain can be
2863: specified by the
2864: .Fl CAfile
2865: and
2866: .Fl CApath
2867: options or they will be looked for in the standard
1.55 jmc 2868: .Nm openssl
2869: certificates directory.
1.1 jsing 2870: .Pp
1.55 jmc 2871: If the initial verify fails, the OCSP verify process halts with an error.
1.1 jsing 2872: Otherwise the issuing CA certificate in the request is compared to the OCSP
2873: responder certificate: if there is a match then the OCSP verify succeeds.
2874: .Pp
2875: Otherwise the OCSP responder certificate's CA is checked against the issuing
2876: CA certificate in the request.
2877: If there is a match and the OCSPSigning extended key usage is present
2878: in the OCSP responder certificate, then the OCSP verify succeeds.
2879: .Pp
2880: Otherwise the root CA of the OCSP responder's CA is checked to see if it
2881: is trusted for OCSP signing.
2882: If it is, the OCSP verify succeeds.
2883: .Pp
2884: If none of these checks is successful, the OCSP verify fails.
2885: What this effectively means is that if the OCSP responder certificate is
2886: authorised directly by the CA it is issuing revocation information about
1.55 jmc 2887: (and it is correctly configured),
1.1 jsing 2888: then verification will succeed.
2889: .Pp
1.55 jmc 2890: If the OCSP responder is a global responder,
2891: which can give details about multiple CAs
2892: and has its own separate certificate chain,
2893: then its root CA can be trusted for OCSP signing.
1.1 jsing 2894: Alternatively, the responder certificate itself can be explicitly trusted
2895: with the
2896: .Fl VAfile
2897: option.
1.120 kn 2898: .Tg passwd
1.1 jsing 2899: .Sh PASSWD
1.114 jmc 2900: .Bl -hang -width "openssl passwd"
2901: .It Nm openssl passwd
2902: .Bk -words
1.1 jsing 2903: .Op Fl 1 | apr1 | crypt
2904: .Op Fl in Ar file
2905: .Op Fl noverify
2906: .Op Fl quiet
2907: .Op Fl reverse
2908: .Op Fl salt Ar string
2909: .Op Fl stdin
2910: .Op Fl table
2911: .Op Ar password
1.114 jmc 2912: .Ek
2913: .El
1.1 jsing 2914: .Pp
2915: The
2916: .Nm passwd
1.56 jmc 2917: command computes the hash of a password.
1.1 jsing 2918: .Pp
2919: The options are as follows:
2920: .Bl -tag -width Ds
2921: .It Fl 1
2922: Use the MD5 based
2923: .Bx
2924: password algorithm
1.56 jmc 2925: .Qq 1 .
1.1 jsing 2926: .It Fl apr1
2927: Use the
1.56 jmc 2928: .Qq apr1
1.1 jsing 2929: algorithm
1.56 jmc 2930: .Po
2931: Apache variant of the
1.1 jsing 2932: .Bx
1.56 jmc 2933: algorithm
2934: .Pc .
1.1 jsing 2935: .It Fl crypt
2936: Use the
1.56 jmc 2937: .Qq crypt
2938: algorithm (the default).
1.1 jsing 2939: .It Fl in Ar file
2940: Read passwords from
2941: .Ar file .
2942: .It Fl noverify
2943: Don't verify when reading a password from the terminal.
2944: .It Fl quiet
2945: Don't output warnings when passwords given on the command line are truncated.
2946: .It Fl reverse
2947: Switch table columns.
2948: This only makes sense in conjunction with the
2949: .Fl table
2950: option.
2951: .It Fl salt Ar string
1.56 jmc 2952: Use the salt specified by
2953: .Ar string .
1.1 jsing 2954: When reading a password from the terminal, this implies
2955: .Fl noverify .
2956: .It Fl stdin
1.56 jmc 2957: Read passwords from standard input.
1.1 jsing 2958: .It Fl table
2959: In the output list, prepend the cleartext password and a TAB character
2960: to each password hash.
2961: .El
1.120 kn 2962: .Tg pkcs7
1.1 jsing 2963: .Sh PKCS7
1.114 jmc 2964: .Bl -hang -width "openssl pkcs7"
2965: .It Nm openssl pkcs7
2966: .Bk -words
1.1 jsing 2967: .Op Fl in Ar file
1.57 jmc 2968: .Op Fl inform Cm der | pem
1.1 jsing 2969: .Op Fl noout
2970: .Op Fl out Ar file
1.57 jmc 2971: .Op Fl outform Cm der | pem
1.106 inoguchi 2972: .Op Fl print
1.1 jsing 2973: .Op Fl print_certs
2974: .Op Fl text
1.114 jmc 2975: .Ek
2976: .El
1.1 jsing 2977: .Pp
2978: The
2979: .Nm pkcs7
2980: command processes PKCS#7 files in DER or PEM format.
1.57 jmc 2981: The PKCS#7 routines only understand PKCS#7 v 1.5 as specified in RFC 2315.
2982: .Pp
1.1 jsing 2983: The options are as follows:
2984: .Bl -tag -width Ds
2985: .It Fl in Ar file
1.57 jmc 2986: The input file to read from,
2987: or standard input if not specified.
2988: .It Fl inform Cm der | pem
2989: The input format.
1.1 jsing 2990: .It Fl noout
2991: Don't output the encoded version of the PKCS#7 structure
2992: (or certificates if
2993: .Fl print_certs
2994: is set).
2995: .It Fl out Ar file
1.57 jmc 2996: The output to write to,
2997: or standard output if not specified.
2998: .It Fl outform Cm der | pem
2999: The output format.
1.106 inoguchi 3000: .It Fl print
3001: Print the ASN.1 representation of PKCS#7 structure.
1.1 jsing 3002: .It Fl print_certs
1.57 jmc 3003: Print any certificates or CRLs contained in the file,
3004: preceded by their subject and issuer names in a one-line format.
1.1 jsing 3005: .It Fl text
1.57 jmc 3006: Print certificate details in full rather than just subject and issuer names.
1.1 jsing 3007: .El
1.120 kn 3008: .Tg pkcs8
1.1 jsing 3009: .Sh PKCS8
1.114 jmc 3010: .Bl -hang -width "openssl pkcs8"
3011: .It Nm openssl pkcs8
3012: .Bk -words
1.1 jsing 3013: .Op Fl in Ar file
1.58 jmc 3014: .Op Fl inform Cm der | pem
1.1 jsing 3015: .Op Fl nocrypt
3016: .Op Fl noiter
3017: .Op Fl out Ar file
1.58 jmc 3018: .Op Fl outform Cm der | pem
1.1 jsing 3019: .Op Fl passin Ar arg
3020: .Op Fl passout Ar arg
3021: .Op Fl topk8
3022: .Op Fl v1 Ar alg
3023: .Op Fl v2 Ar alg
1.114 jmc 3024: .Ek
3025: .El
1.1 jsing 3026: .Pp
3027: The
3028: .Nm pkcs8
1.58 jmc 3029: command processes private keys
3030: (both encrypted and unencrypted)
3031: in PKCS#8 format
3032: with a variety of PKCS#5 (v1.5 and v2.0) and PKCS#12 algorithms.
3033: The default encryption is only 56 bits;
3034: keys encrypted using PKCS#5 v2.0 algorithms and high iteration counts
3035: are more secure.
3036: .Pp
1.1 jsing 3037: The options are as follows:
3038: .Bl -tag -width Ds
3039: .It Fl in Ar file
1.58 jmc 3040: The input file to read from,
3041: or standard input if not specified.
1.1 jsing 3042: If the key is encrypted, a pass phrase will be prompted for.
1.58 jmc 3043: .It Fl inform Cm der | pem
3044: The input format.
1.1 jsing 3045: .It Fl nocrypt
1.58 jmc 3046: Generate an unencrypted PrivateKeyInfo structure.
3047: This option does not encrypt private keys at all
3048: and should only be used when absolutely necessary.
1.1 jsing 3049: .It Fl noiter
3050: Use an iteration count of 1.
3051: See the
3052: .Sx PKCS12
3053: section below for a detailed explanation of this option.
3054: .It Fl out Ar file
1.58 jmc 3055: The output file to write to,
3056: or standard output if none is specified.
1.1 jsing 3057: If any encryption options are set, a pass phrase will be prompted for.
1.58 jmc 3058: .It Fl outform Cm der | pem
3059: The output format.
1.1 jsing 3060: .It Fl passin Ar arg
3061: The key password source.
3062: .It Fl passout Ar arg
3063: The output file password source.
3064: .It Fl topk8
1.58 jmc 3065: Read a traditional format private key and write a PKCS#8 format key.
1.1 jsing 3066: .It Fl v1 Ar alg
1.58 jmc 3067: Specify a PKCS#5 v1.5 or PKCS#12 algorithm to use.
3068: .Pp
3069: .Bl -tag -width "XXXX" -compact
3070: .It PBE-MD5-DES
3071: 56-bit DES.
3072: .It PBE-SHA1-RC2-64 | PBE-MD5-RC2-64 | PBE-SHA1-DES
3073: 64-bit RC2 or 56-bit DES.
3074: .It PBE-SHA1-RC4-128 | PBE-SHA1-RC4-40 | PBE-SHA1-3DES
3075: .It PBE-SHA1-2DES | PBE-SHA1-RC2-128 | PBE-SHA1-RC2-40
3076: PKCS#12 password-based encryption algorithm,
3077: which allow strong encryption algorithms like triple DES or 128-bit RC2.
3078: .El
1.1 jsing 3079: .It Fl v2 Ar alg
1.58 jmc 3080: Use PKCS#5 v2.0 algorithms.
3081: Supports algorithms such as 168-bit triple DES or 128-bit RC2,
3082: however not many implementations support PKCS#5 v2.0 yet
3083: (if using private keys with
3084: .Nm openssl
3085: this doesn't matter).
1.1 jsing 3086: .Pp
3087: .Ar alg
1.58 jmc 3088: is the encryption algorithm to use;
3089: valid values include des, des3, and rc2.
3090: It is recommended that des3 is used.
1.1 jsing 3091: .El
1.120 kn 3092: .Tg pkcs12
1.1 jsing 3093: .Sh PKCS12
1.114 jmc 3094: .Bl -hang -width "openssl pkcs12"
3095: .It Nm openssl pkcs12
3096: .Bk -words
1.107 inoguchi 3097: .Oo
3098: .Fl aes128 | aes192 | aes256 | camellia128 |
3099: .Fl camellia192 | camellia256 | des | des3 | idea
3100: .Oc
1.1 jsing 3101: .Op Fl cacerts
3102: .Op Fl CAfile Ar file
3103: .Op Fl caname Ar name
3104: .Op Fl CApath Ar directory
3105: .Op Fl certfile Ar file
3106: .Op Fl certpbe Ar alg
3107: .Op Fl chain
3108: .Op Fl clcerts
3109: .Op Fl CSP Ar name
3110: .Op Fl descert
3111: .Op Fl export
3112: .Op Fl in Ar file
3113: .Op Fl info
3114: .Op Fl inkey Ar file
3115: .Op Fl keyex
3116: .Op Fl keypbe Ar alg
3117: .Op Fl keysig
1.107 inoguchi 3118: .Op Fl LMK
1.1 jsing 3119: .Op Fl macalg Ar alg
3120: .Op Fl maciter
3121: .Op Fl name Ar name
3122: .Op Fl nocerts
3123: .Op Fl nodes
3124: .Op Fl noiter
3125: .Op Fl nokeys
3126: .Op Fl nomac
3127: .Op Fl nomaciter
3128: .Op Fl nomacver
3129: .Op Fl noout
3130: .Op Fl out Ar file
3131: .Op Fl passin Ar arg
3132: .Op Fl passout Ar arg
1.107 inoguchi 3133: .Op Fl password Ar arg
1.1 jsing 3134: .Op Fl twopass
1.114 jmc 3135: .Ek
3136: .El
1.1 jsing 3137: .Pp
3138: The
3139: .Nm pkcs12
3140: command allows PKCS#12 files
3141: .Pq sometimes referred to as PFX files
3142: to be created and parsed.
3143: By default, a PKCS#12 file is parsed;
3144: a PKCS#12 file can be created by using the
3145: .Fl export
1.59 jmc 3146: option.
3147: .Pp
3148: The options for parsing a PKCS12 file are as follows:
1.1 jsing 3149: .Bl -tag -width "XXXX"
1.107 inoguchi 3150: .It Xo
3151: .Fl aes128 | aes192 | aes256 |
3152: .Fl camellia128 | camellia192 | camellia256 |
3153: .Fl des | des3 |
3154: .Fl idea
3155: .Xc
3156: Encrypt private keys using AES, CAMELLIA, DES, triple DES
3157: or the IDEA ciphers, respectively.
1.1 jsing 3158: The default is triple DES.
3159: .It Fl cacerts
3160: Only output CA certificates
3161: .Pq not client certificates .
3162: .It Fl clcerts
3163: Only output client certificates
3164: .Pq not CA certificates .
3165: .It Fl in Ar file
1.59 jmc 3166: The input file to read from,
3167: or standard input if not specified.
1.1 jsing 3168: .It Fl info
3169: Output additional information about the PKCS#12 file structure,
3170: algorithms used, and iteration counts.
3171: .It Fl nocerts
1.59 jmc 3172: Do not output certificates.
1.1 jsing 3173: .It Fl nodes
1.59 jmc 3174: Do not encrypt private keys.
1.1 jsing 3175: .It Fl nokeys
1.59 jmc 3176: Do not output private keys.
1.1 jsing 3177: .It Fl nomacver
1.59 jmc 3178: Do not attempt to verify the integrity MAC before reading the file.
1.1 jsing 3179: .It Fl noout
1.59 jmc 3180: Do not output the keys and certificates to the output file
1.1 jsing 3181: version of the PKCS#12 file.
3182: .It Fl out Ar file
1.59 jmc 3183: The output file to write to,
3184: or standard output if not specified.
1.1 jsing 3185: .It Fl passin Ar arg
3186: The key password source.
3187: .It Fl passout Ar arg
3188: The output file password source.
3189: .It Fl twopass
3190: Prompt for separate integrity and encryption passwords: most software
3191: always assumes these are the same so this option will render such
3192: PKCS#12 files unreadable.
3193: .El
1.59 jmc 3194: .Pp
3195: The options for PKCS12 file creation are as follows:
1.1 jsing 3196: .Bl -tag -width "XXXX"
3197: .It Fl CAfile Ar file
3198: CA storage as a file.
3199: .It Fl CApath Ar directory
3200: CA storage as a directory.
1.59 jmc 3201: The directory must be a standard certificate directory:
1.1 jsing 3202: that is, a hash of each subject name (using
1.59 jmc 3203: .Nm x509 Fl hash )
1.1 jsing 3204: should be linked to each certificate.
3205: .It Fl caname Ar name
1.59 jmc 3206: Specify the
1.1 jsing 3207: .Qq friendly name
3208: for other certificates.
1.59 jmc 3209: May be used multiple times to specify names for all certificates
1.1 jsing 3210: in the order they appear.
3211: .It Fl certfile Ar file
3212: A file to read additional certificates from.
3213: .It Fl certpbe Ar alg , Fl keypbe Ar alg
1.59 jmc 3214: Specify the algorithm used to encrypt the private key and
1.1 jsing 3215: certificates to be selected.
1.59 jmc 3216: Any PKCS#5 v1.5 or PKCS#12 PBE algorithm name can be used.
1.1 jsing 3217: If a cipher name
3218: (as output by the
3219: .Cm list-cipher-algorithms
3220: command) is specified then it
3221: is used with PKCS#5 v2.0.
3222: For interoperability reasons it is advisable to only use PKCS#12 algorithms.
3223: .It Fl chain
1.59 jmc 3224: Include the entire certificate chain of the user certificate.
1.1 jsing 3225: The standard CA store is used for this search.
3226: If the search fails, it is considered a fatal error.
3227: .It Fl CSP Ar name
3228: Write
3229: .Ar name
3230: as a Microsoft CSP name.
3231: .It Fl descert
3232: Encrypt the certificate using triple DES; this may render the PKCS#12
3233: file unreadable by some
3234: .Qq export grade
3235: software.
3236: By default, the private key is encrypted using triple DES and the
3237: certificate using 40-bit RC2.
3238: .It Fl export
1.59 jmc 3239: Create a PKCS#12 file (rather than parsing one).
1.1 jsing 3240: .It Fl in Ar file
1.59 jmc 3241: The input file to read from,
1.81 jmc 3242: or standard input if not specified.
1.1 jsing 3243: The order doesn't matter but one private key and its corresponding
3244: certificate should be present.
3245: If additional certificates are present, they will also be included
3246: in the PKCS#12 file.
3247: .It Fl inkey Ar file
1.59 jmc 3248: File to read a private key from.
1.1 jsing 3249: If not present, a private key must be present in the input file.
3250: .It Fl keyex | keysig
1.59 jmc 3251: Specify whether the private key is to be used for key exchange or just signing.
1.1 jsing 3252: Normally,
3253: .Qq export grade
3254: software will only allow 512-bit RSA keys to be
3255: used for encryption purposes, but arbitrary length keys for signing.
3256: The
3257: .Fl keysig
3258: option marks the key for signing only.
3259: Signing only keys can be used for S/MIME signing, authenticode
1.66 jmc 3260: (ActiveX control signing)
1.59 jmc 3261: and SSL client authentication.
1.107 inoguchi 3262: .It Fl LMK
3263: Add local machine keyset attribute to private key.
1.1 jsing 3264: .It Fl macalg Ar alg
3265: Specify the MAC digest algorithm.
1.59 jmc 3266: The default is SHA1.
1.1 jsing 3267: .It Fl maciter
1.66 jmc 3268: Included for compatibility only:
1.59 jmc 3269: it used to be needed to use MAC iterations counts
3270: but they are now used by default.
1.1 jsing 3271: .It Fl name Ar name
1.59 jmc 3272: Specify the
1.1 jsing 3273: .Qq friendly name
3274: for the certificate and private key.
3275: This name is typically displayed in list boxes by software importing the file.
3276: .It Fl nomac
3277: Don't attempt to provide the MAC integrity.
3278: .It Fl nomaciter , noiter
1.59 jmc 3279: Affect the iteration counts on the MAC and key algorithms.
1.1 jsing 3280: .Pp
3281: To discourage attacks by using large dictionaries of common passwords,
3282: the algorithm that derives keys from passwords can have an iteration count
3283: applied to it: this causes a certain part of the algorithm to be repeated
3284: and slows it down.
3285: The MAC is used to check the file integrity but since it will normally
3286: have the same password as the keys and certificates it could also be attacked.
3287: By default, both MAC and encryption iteration counts are set to 2048;
3288: using these options the MAC and encryption iteration counts can be set to 1.
1.137 naddy 3289: Since this reduces the file security, you should not use these options
1.1 jsing 3290: unless you really have to.
3291: Most software supports both MAC and key iteration counts.
3292: .It Fl out Ar file
1.59 jmc 3293: The output file to write to,
3294: or standard output if not specified.
1.1 jsing 3295: .It Fl passin Ar arg
3296: The key password source.
3297: .It Fl passout Ar arg
3298: The output file password source.
1.107 inoguchi 3299: .It Fl password Ar arg
3300: With
3301: .Fl export ,
3302: .Fl password
3303: is equivalent to
3304: .Fl passout .
1.108 inoguchi 3305: Otherwise,
1.107 inoguchi 3306: .Fl password
3307: is equivalent to
3308: .Fl passin .
1.1 jsing 3309: .El
1.120 kn 3310: .Tg pkey
1.1 jsing 3311: .Sh PKEY
1.114 jmc 3312: .Bl -hang -width "openssl pkey"
3313: .It Nm openssl pkey
3314: .Bk -words
1.135 tb 3315: .Op Fl check
1.1 jsing 3316: .Op Ar cipher
3317: .Op Fl in Ar file
1.60 jmc 3318: .Op Fl inform Cm der | pem
1.1 jsing 3319: .Op Fl noout
3320: .Op Fl out Ar file
1.60 jmc 3321: .Op Fl outform Cm der | pem
1.1 jsing 3322: .Op Fl passin Ar arg
3323: .Op Fl passout Ar arg
1.135 tb 3324: .Op Fl pubcheck
1.1 jsing 3325: .Op Fl pubin
3326: .Op Fl pubout
3327: .Op Fl text
3328: .Op Fl text_pub
1.114 jmc 3329: .Ek
3330: .El
1.1 jsing 3331: .Pp
3332: The
3333: .Nm pkey
3334: command processes public or private keys.
3335: They can be converted between various forms
3336: and their components printed out.
3337: .Pp
3338: The options are as follows:
3339: .Bl -tag -width Ds
1.135 tb 3340: .It Fl check
3341: Check the validity of a key pair.
1.1 jsing 3342: .It Ar cipher
1.60 jmc 3343: Encrypt the private key with the specified cipher.
1.1 jsing 3344: Any algorithm name accepted by
1.60 jmc 3345: .Xr EVP_get_cipherbyname 3
1.1 jsing 3346: is acceptable, such as
3347: .Cm des3 .
3348: .It Fl in Ar file
1.60 jmc 3349: The input file to read from,
3350: or standard input if not specified.
1.127 jmc 3351: If the key is encrypted, a pass phrase will be prompted for.
1.60 jmc 3352: .It Fl inform Cm der | pem
3353: The input format.
1.1 jsing 3354: .It Fl noout
3355: Do not output the encoded version of the key.
3356: .It Fl out Ar file
1.60 jmc 3357: The output file to write to,
3358: or standard output if not specified.
1.1 jsing 3359: If any encryption options are set then a pass phrase
3360: will be prompted for.
1.60 jmc 3361: .It Fl outform Cm der | pem
3362: The output format.
1.1 jsing 3363: .It Fl passin Ar arg
3364: The key password source.
3365: .It Fl passout Ar arg
3366: The output file password source.
1.135 tb 3367: .It Fl pubcheck
3368: Check the validity of a public key
3369: or the public component of a key pair.
1.1 jsing 3370: .It Fl pubin
1.60 jmc 3371: Read in a public key, not a private key.
1.1 jsing 3372: .It Fl pubout
1.60 jmc 3373: Output a public key, not a private key.
3374: Automatically set if the input is a public key.
1.1 jsing 3375: .It Fl text
1.64 jmc 3376: Print the public/private key in plain text.
1.1 jsing 3377: .It Fl text_pub
3378: Print out only public key components
3379: even if a private key is being processed.
3380: .El
1.120 kn 3381: .Tg pkeyparam
1.1 jsing 3382: .Sh PKEYPARAM
3383: .Cm openssl pkeyparam
1.135 tb 3384: .Op Fl check
1.1 jsing 3385: .Op Fl in Ar file
3386: .Op Fl noout
3387: .Op Fl out Ar file
3388: .Op Fl text
3389: .Pp
3390: The
1.61 jmc 3391: .Nm pkeyparam
1.1 jsing 3392: command processes public or private keys.
1.61 jmc 3393: The key type is determined by the PEM headers.
1.1 jsing 3394: .Pp
3395: The options are as follows:
3396: .Bl -tag -width Ds
1.135 tb 3397: .It Fl check
3398: check the correctness of parameters.
1.1 jsing 3399: .It Fl in Ar file
1.61 jmc 3400: The input file to read from,
3401: or standard input if not specified.
1.1 jsing 3402: .It Fl noout
3403: Do not output the encoded version of the parameters.
3404: .It Fl out Ar file
1.61 jmc 3405: The output file to write to,
3406: or standard output if not specified.
1.1 jsing 3407: .It Fl text
1.64 jmc 3408: Print the parameters in plain text.
1.1 jsing 3409: .El
1.120 kn 3410: .Tg pkeyutl
1.1 jsing 3411: .Sh PKEYUTL
1.114 jmc 3412: .Bl -hang -width "openssl pkeyutl"
3413: .It Nm openssl pkeyutl
3414: .Bk -words
1.1 jsing 3415: .Op Fl asn1parse
3416: .Op Fl certin
3417: .Op Fl decrypt
3418: .Op Fl derive
3419: .Op Fl encrypt
3420: .Op Fl hexdump
3421: .Op Fl in Ar file
3422: .Op Fl inkey Ar file
1.62 jmc 3423: .Op Fl keyform Cm der | pem
1.1 jsing 3424: .Op Fl out Ar file
3425: .Op Fl passin Ar arg
1.62 jmc 3426: .Op Fl peerform Cm der | pem
1.1 jsing 3427: .Op Fl peerkey Ar file
3428: .Op Fl pkeyopt Ar opt : Ns Ar value
3429: .Op Fl pubin
3430: .Op Fl rev
3431: .Op Fl sigfile Ar file
3432: .Op Fl sign
3433: .Op Fl verify
3434: .Op Fl verifyrecover
1.114 jmc 3435: .Ek
3436: .El
1.1 jsing 3437: .Pp
3438: The
3439: .Nm pkeyutl
3440: command can be used to perform public key operations using
3441: any supported algorithm.
3442: .Pp
3443: The options are as follows:
3444: .Bl -tag -width Ds
3445: .It Fl asn1parse
1.84 jmc 3446: ASN.1 parse the output data.
1.1 jsing 3447: This is useful when combined with the
3448: .Fl verifyrecover
1.84 jmc 3449: option when an ASN.1 structure is signed.
1.1 jsing 3450: .It Fl certin
3451: The input is a certificate containing a public key.
3452: .It Fl decrypt
3453: Decrypt the input data using a private key.
3454: .It Fl derive
3455: Derive a shared secret using the peer key.
3456: .It Fl encrypt
3457: Encrypt the input data using a public key.
3458: .It Fl hexdump
3459: Hex dump the output data.
3460: .It Fl in Ar file
1.62 jmc 3461: The input file to read from,
3462: or standard input if not specified.
1.1 jsing 3463: .It Fl inkey Ar file
3464: The input key file.
3465: By default it should be a private key.
1.62 jmc 3466: .It Fl keyform Cm der | pem
3467: The key format.
1.1 jsing 3468: .It Fl out Ar file
1.62 jmc 3469: The output file to write to,
3470: or standard output if not specified.
1.1 jsing 3471: .It Fl passin Ar arg
3472: The key password source.
1.62 jmc 3473: .It Fl peerform Cm der | pem
3474: The peer key format.
1.1 jsing 3475: .It Fl peerkey Ar file
3476: The peer key file, used by key derivation (agreement) operations.
3477: .It Fl pkeyopt Ar opt : Ns Ar value
1.62 jmc 3478: Set the public key algorithm option
3479: .Ar opt
3480: to
3481: .Ar value .
3482: Unless otherwise mentioned, all algorithms support the format
3483: .Ar digest : Ns Ar alg ,
3484: which specifies the digest to use
1.1 jsing 3485: for sign, verify, and verifyrecover operations.
3486: The value
3487: .Ar alg
3488: should represent a digest name as used in the
1.62 jmc 3489: .Xr EVP_get_digestbyname 3
3490: function.
3491: .Pp
1.1 jsing 3492: The RSA algorithm supports the
3493: encrypt, decrypt, sign, verify, and verifyrecover operations in general.
3494: Some padding modes only support some of these
3495: operations however.
3496: .Bl -tag -width Ds
3497: .It rsa_padding_mode : Ns Ar mode
3498: This sets the RSA padding mode.
3499: Acceptable values for
3500: .Ar mode
3501: are
3502: .Cm pkcs1
3503: for PKCS#1 padding;
3504: .Cm none
3505: for no padding;
3506: .Cm oaep
3507: for OAEP mode;
3508: and
3509: .Cm pss
3510: for PSS.
3511: .Pp
3512: In PKCS#1 padding if the message digest is not set then the supplied data is
3513: signed or verified directly instead of using a DigestInfo structure.
3514: If a digest is set then a DigestInfo
3515: structure is used and its length
3516: must correspond to the digest type.
3517: For oeap mode only encryption and decryption is supported.
3518: Sign, verify, and verifyrecover can be performed in this mode.
3519: For pss mode only sign and verify are supported and the digest type must be
3520: specified.
3521: .It rsa_pss_saltlen : Ns Ar len
3522: For pss
3523: mode only this option specifies the salt length.
3524: Two special values are supported:
3525: -1 sets the salt length to the digest length.
1.127 jmc 3526: When signing, -2 sets the salt length to the maximum permissible value.
3527: When verifying, -2 causes the salt length to be automatically determined
1.1 jsing 3528: based on the PSS block structure.
3529: .El
1.62 jmc 3530: .Pp
1.1 jsing 3531: The DSA algorithm supports the sign and verify operations.
3532: Currently there are no additional options other than
3533: .Ar digest .
3534: Only the SHA1 digest can be used and this digest is assumed by default.
1.62 jmc 3535: .Pp
1.1 jsing 3536: The DH algorithm supports the derive operation
3537: and no additional options.
1.62 jmc 3538: .Pp
1.1 jsing 3539: The EC algorithm supports the sign, verify, and derive operations.
3540: The sign and verify operations use ECDSA and derive uses ECDH.
3541: Currently there are no additional options other than
3542: .Ar digest .
3543: Only the SHA1 digest can be used and this digest is assumed by default.
1.62 jmc 3544: .It Fl pubin
3545: The input file is a public key.
3546: .It Fl rev
3547: Reverse the order of the input buffer.
3548: .It Fl sigfile Ar file
3549: Signature file (verify operation only).
3550: .It Fl sign
3551: Sign the input data and output the signed result.
3552: This requires a private key.
3553: .It Fl verify
3554: Verify the input data against the signature file and indicate if the
3555: verification succeeded or failed.
3556: .It Fl verifyrecover
3557: Verify the input data and output the recovered data.
3558: .El
1.120 kn 3559: .Tg prime
1.1 jsing 3560: .Sh PRIME
3561: .Cm openssl prime
3562: .Op Fl bits Ar n
3563: .Op Fl checks Ar n
3564: .Op Fl generate
3565: .Op Fl hex
3566: .Op Fl safe
3567: .Ar p
3568: .Pp
3569: The
3570: .Nm prime
3571: command is used to generate prime numbers,
3572: or to check numbers for primality.
3573: Results are probabilistic:
3574: they have an exceedingly high likelihood of being correct,
3575: but are not guaranteed.
3576: .Pp
3577: The options are as follows:
3578: .Bl -tag -width Ds
3579: .It Fl bits Ar n
3580: Specify the number of bits in the generated prime number.
3581: Must be used in conjunction with
3582: .Fl generate .
3583: .It Fl checks Ar n
3584: Perform a Miller-Rabin probabilistic primality test with
3585: .Ar n
3586: iterations.
3587: The default is 20.
3588: .It Fl generate
3589: Generate a pseudo-random prime number.
3590: Must be used in conjunction with
3591: .Fl bits .
3592: .It Fl hex
3593: Output in hex format.
3594: .It Fl safe
3595: Generate only
3596: .Qq safe
3597: prime numbers
3598: (i.e. a prime p so that (p-1)/2 is also prime).
3599: .It Ar p
3600: Test if number
3601: .Ar p
3602: is prime.
3603: .El
1.120 kn 3604: .Tg rand
1.1 jsing 3605: .Sh RAND
1.114 jmc 3606: .Bl -hang -width "openssl rand"
3607: .It Nm openssl rand
3608: .Bk -words
1.1 jsing 3609: .Op Fl base64
3610: .Op Fl hex
3611: .Op Fl out Ar file
3612: .Ar num
1.114 jmc 3613: .Ek
3614: .El
1.1 jsing 3615: .Pp
3616: The
3617: .Nm rand
3618: command outputs
3619: .Ar num
3620: pseudo-random bytes.
3621: .Pp
3622: The options are as follows:
3623: .Bl -tag -width Ds
3624: .It Fl base64
1.81 jmc 3625: Perform base64 encoding on the output.
1.1 jsing 3626: .It Fl hex
3627: Specify hexadecimal output.
3628: .It Fl out Ar file
1.63 jmc 3629: The output file to write to,
3630: or standard output if not specified.
1.1 jsing 3631: .El
1.120 kn 3632: .Tg req
1.1 jsing 3633: .Sh REQ
1.114 jmc 3634: .Bl -hang -width "openssl req"
3635: .It Nm openssl req
3636: .Bk -words
1.115 inoguchi 3637: .Op Fl addext Ar ext
1.1 jsing 3638: .Op Fl batch
3639: .Op Fl config Ar file
3640: .Op Fl days Ar n
3641: .Op Fl extensions Ar section
3642: .Op Fl in Ar file
1.63 jmc 3643: .Op Fl inform Cm der | pem
1.1 jsing 3644: .Op Fl key Ar keyfile
1.63 jmc 3645: .Op Fl keyform Cm der | pem
1.1 jsing 3646: .Op Fl keyout Ar file
1.28 doug 3647: .Op Fl md4 | md5 | sha1
1.1 jsing 3648: .Op Fl modulus
1.107 inoguchi 3649: .Op Fl multivalue-rdn
1.1 jsing 3650: .Op Fl nameopt Ar option
3651: .Op Fl new
3652: .Op Fl newhdr
3653: .Op Fl newkey Ar arg
3654: .Op Fl nodes
3655: .Op Fl noout
3656: .Op Fl out Ar file
1.63 jmc 3657: .Op Fl outform Cm der | pem
1.1 jsing 3658: .Op Fl passin Ar arg
3659: .Op Fl passout Ar arg
1.107 inoguchi 3660: .Op Fl pkeyopt Ar opt:value
1.1 jsing 3661: .Op Fl pubkey
3662: .Op Fl reqexts Ar section
3663: .Op Fl reqopt Ar option
3664: .Op Fl set_serial Ar n
1.107 inoguchi 3665: .Op Fl sigopt Ar nm:v
1.1 jsing 3666: .Op Fl subj Ar arg
3667: .Op Fl subject
3668: .Op Fl text
3669: .Op Fl utf8
3670: .Op Fl verbose
3671: .Op Fl verify
3672: .Op Fl x509
1.114 jmc 3673: .Ek
3674: .El
1.1 jsing 3675: .Pp
3676: The
3677: .Nm req
3678: command primarily creates and processes certificate requests
3679: in PKCS#10 format.
3680: It can additionally create self-signed certificates,
3681: for use as root CAs, for example.
3682: .Pp
3683: The options are as follows:
3684: .Bl -tag -width Ds
1.115 inoguchi 3685: .It Fl addext Ar ext
3686: Add a specific extension to the certificate (if the
3687: .Fl x509
3688: option is present) or certificate request.
3689: The argument must have the form of a key=value pair as it would appear in a
3690: config file.
3691: This option can be given multiple times.
1.1 jsing 3692: .It Fl batch
3693: Non-interactive mode.
3694: .It Fl config Ar file
1.63 jmc 3695: Specify an alternative configuration file.
1.1 jsing 3696: .It Fl days Ar n
1.63 jmc 3697: Specify the number of days to certify the certificate for.
3698: The default is 30 days.
3699: Used with the
1.1 jsing 3700: .Fl x509
1.63 jmc 3701: option.
1.1 jsing 3702: .It Fl extensions Ar section , Fl reqexts Ar section
1.63 jmc 3703: Specify alternative sections to include certificate
3704: extensions (with
3705: .Fl x509 )
3706: or certificate request extensions,
3707: allowing several different sections to be used in the same configuration file.
1.1 jsing 3708: .It Fl in Ar file
1.63 jmc 3709: The input file to read a request from,
3710: or standard input if not specified.
1.1 jsing 3711: A request is only read if the creation options
3712: .Fl new
3713: and
3714: .Fl newkey
3715: are not specified.
1.63 jmc 3716: .It Fl inform Cm der | pem
3717: The input format.
1.1 jsing 3718: .It Fl key Ar keyfile
1.63 jmc 3719: The file to read the private key from.
1.1 jsing 3720: It also accepts PKCS#8 format private keys for PEM format files.
1.63 jmc 3721: .It Fl keyform Cm der | pem
1.1 jsing 3722: The format of the private key file specified in the
3723: .Fl key
3724: argument.
1.81 jmc 3725: The default is
3726: .Cm pem .
1.1 jsing 3727: .It Fl keyout Ar file
1.63 jmc 3728: The file to write the newly created private key to.
3729: If this option is not specified,
3730: the filename present in the configuration file is used.
1.4 sthen 3731: .It Fl md5 | sha1 | sha256
1.63 jmc 3732: The message digest to sign the request with.
1.1 jsing 3733: This overrides the digest algorithm specified in the configuration file.
3734: .Pp
3735: Some public key algorithms may override this choice.
3736: For instance, DSA signatures always use SHA1.
3737: .It Fl modulus
1.63 jmc 3738: Print the value of the modulus of the public key contained in the request.
1.107 inoguchi 3739: .It Fl multivalue-rdn
3740: This option causes the
3741: .Fl subj
3742: argument to be interpreted with full support for multivalued RDNs,
3743: for example
3744: .Qq "/DC=org/DC=OpenSSL/DC=users/UID=123456+CN=John Doe" .
3745: If
3746: .Fl multivalue-rdn
3747: is not used, the UID value is set to
3748: .Qq "123456+CN=John Doe" .
1.1 jsing 3749: .It Fl nameopt Ar option , Fl reqopt Ar option
1.63 jmc 3750: Determine how the subject or issuer names are displayed.
1.1 jsing 3751: .Ar option
1.63 jmc 3752: can be a single option or multiple options separated by commas.
1.1 jsing 3753: Alternatively, these options may be used more than once to set multiple options.
3754: See the
3755: .Sx X509
3756: section below for details.
3757: .It Fl new
1.63 jmc 3758: Generate a new certificate request.
3759: The user is prompted for the relevant field values.
1.1 jsing 3760: The actual fields prompted for and their maximum and minimum sizes
3761: are specified in the configuration file and any requested extensions.
3762: .Pp
3763: If the
3764: .Fl key
3765: option is not used, it will generate a new RSA private
3766: key using information specified in the configuration file.
3767: .It Fl newhdr
1.63 jmc 3768: Add the word NEW to the PEM file header and footer lines
1.112 inoguchi 3769: on the outputted request.
1.63 jmc 3770: Some software and CAs need this.
1.1 jsing 3771: .It Fl newkey Ar arg
1.63 jmc 3772: Create a new certificate request and a new private key.
1.1 jsing 3773: The argument takes one of several forms.
1.63 jmc 3774: .Pp
3775: .No rsa : Ns Ar nbits
3776: generates an RSA key
1.1 jsing 3777: .Ar nbits
3778: in size.
3779: If
3780: .Ar nbits
1.137 naddy 3781: is omitted,
1.63 jmc 3782: the default key size is used.
3783: .Pp
3784: .No dsa : Ns Ar file
3785: generates a DSA key using the parameters in
3786: .Ar file .
3787: .Pp
3788: .No param : Ns Ar file
3789: generates a key using the parameters or certificate in
3790: .Ar file .
3791: .Pp
3792: All other algorithms support the form
3793: .Ar algorithm : Ns Ar file ,
1.1 jsing 3794: where file may be an algorithm parameter file,
3795: created by the
3796: .Cm genpkey -genparam
1.14 jmc 3797: command or an X.509 certificate for a key with appropriate algorithm.
1.63 jmc 3798: .Ar file
3799: can be omitted,
3800: in which case any parameters can be specified via the
1.1 jsing 3801: .Fl pkeyopt
3802: option.
3803: .It Fl nodes
1.63 jmc 3804: Do not encrypt the private key.
1.1 jsing 3805: .It Fl noout
1.63 jmc 3806: Do not output the encoded version of the request.
1.1 jsing 3807: .It Fl out Ar file
1.63 jmc 3808: The output file to write to,
1.99 jmc 3809: or standard output if not specified.
1.63 jmc 3810: .It Fl outform Cm der | pem
3811: The output format.
1.1 jsing 3812: .It Fl passin Ar arg
3813: The key password source.
3814: .It Fl passout Ar arg
3815: The output file password source.
1.107 inoguchi 3816: .It Fl pkeyopt Ar opt:value
3817: Set the public key algorithm option
3818: .Ar opt
3819: to
3820: .Ar value .
1.1 jsing 3821: .It Fl pubkey
1.63 jmc 3822: Output the public key.
1.1 jsing 3823: .It Fl reqopt Ar option
3824: Customise the output format used with
3825: .Fl text .
3826: The
3827: .Ar option
3828: argument can be a single option or multiple options separated by commas.
1.63 jmc 3829: See also the discussion of
1.1 jsing 3830: .Fl certopt
1.63 jmc 3831: in the
1.1 jsing 3832: .Nm x509
3833: command.
3834: .It Fl set_serial Ar n
3835: Serial number to use when outputting a self-signed certificate.
3836: This may be specified as a decimal value or a hex value if preceded by
3837: .Sq 0x .
3838: It is possible to use negative serial numbers but this is not recommended.
1.107 inoguchi 3839: .It Fl sigopt Ar nm:v
3840: Pass options to the signature algorithm during sign operation.
3841: The names and values of these options are algorithm-specific.
1.1 jsing 3842: .It Fl subj Ar arg
1.63 jmc 3843: Replaces the subject field of an input request
3844: with the specified data and output the modified request.
3845: .Ar arg
3846: must be formatted as /type0=value0/type1=value1/type2=...;
1.1 jsing 3847: characters may be escaped by
3848: .Sq \e
1.63 jmc 3849: (backslash);
1.1 jsing 3850: no spaces are skipped.
3851: .It Fl subject
1.63 jmc 3852: Print the request subject (or certificate subject if
1.1 jsing 3853: .Fl x509
1.63 jmc 3854: is specified).
1.1 jsing 3855: .It Fl text
1.64 jmc 3856: Print the certificate request in plain text.
1.1 jsing 3857: .It Fl utf8
1.63 jmc 3858: Interpret field values as UTF8 strings, not ASCII.
1.1 jsing 3859: .It Fl verbose
3860: Print extra details about the operations being performed.
3861: .It Fl verify
1.63 jmc 3862: Verify the signature on the request.
1.1 jsing 3863: .It Fl x509
1.63 jmc 3864: Output a self-signed certificate instead of a certificate request.
3865: This is typically used to generate a test certificate or a self-signed root CA.
3866: The extensions added to the certificate (if any)
1.1 jsing 3867: are specified in the configuration file.
3868: Unless specified using the
3869: .Fl set_serial
1.63 jmc 3870: option, 0 is used for the serial number.
1.1 jsing 3871: .El
1.63 jmc 3872: .Pp
1.1 jsing 3873: The configuration options are specified in the
1.63 jmc 3874: .Qq req
1.1 jsing 3875: section of the configuration file.
1.63 jmc 3876: The options available are as follows:
1.1 jsing 3877: .Bl -tag -width "XXXX"
1.63 jmc 3878: .It Cm attributes
3879: The section containing any request attributes: its format
1.1 jsing 3880: is the same as
1.63 jmc 3881: .Cm distinguished_name .
3882: Typically these may contain the challengePassword or unstructuredName types.
3883: They are currently ignored by the
3884: .Nm openssl
1.1 jsing 3885: request signing utilities, but some CAs might want them.
1.63 jmc 3886: .It Cm default_bits
3887: The default key size, in bits.
3888: The default is 2048.
1.1 jsing 3889: It is used if the
3890: .Fl new
1.63 jmc 3891: option is used and can be overridden by using the
1.1 jsing 3892: .Fl newkey
3893: option.
1.63 jmc 3894: .It Cm default_keyfile
3895: The default file to write a private key to,
3896: or standard output if not specified.
3897: It can be overridden by the
1.1 jsing 3898: .Fl keyout
3899: option.
1.63 jmc 3900: .It Cm default_md
3901: The digest algorithm to use.
1.1 jsing 3902: Possible values include
1.63 jmc 3903: .Cm md5 ,
3904: .Cm sha1
1.1 jsing 3905: and
1.63 jmc 3906: .Cm sha256
3907: (the default).
3908: It can be overridden on the command line.
3909: .It Cm distinguished_name
3910: The section containing the distinguished name fields to
1.1 jsing 3911: prompt for when generating a certificate or certificate request.
1.63 jmc 3912: The format is described below.
3913: .It Cm encrypt_key
3914: If set to
3915: .Qq no
3916: and a private key is generated, it is not encrypted.
3917: It is equivalent to the
1.1 jsing 3918: .Fl nodes
1.63 jmc 3919: option.
1.1 jsing 3920: For compatibility,
1.63 jmc 3921: .Cm encrypt_rsa_key
1.1 jsing 3922: is an equivalent option.
1.63 jmc 3923: .It Cm input_password | output_password
3924: The passwords for the input private key file (if present)
3925: and the output private key file (if one will be created).
1.1 jsing 3926: The command line options
3927: .Fl passin
3928: and
3929: .Fl passout
3930: override the configuration file values.
1.63 jmc 3931: .It Cm oid_file
3932: A file containing additional OBJECT IDENTIFIERS.
1.1 jsing 3933: Each line of the file should consist of the numerical form of the
3934: object identifier, followed by whitespace, then the short name followed
3935: by whitespace and finally the long name.
1.63 jmc 3936: .It Cm oid_section
3937: Specify a section in the configuration file containing extra
1.1 jsing 3938: object identifiers.
3939: Each line should consist of the short name of the
3940: object identifier followed by
3941: .Sq =
3942: and the numerical form.
3943: The short and long names are the same when this option is used.
1.63 jmc 3944: .It Cm prompt
3945: If set to
3946: .Qq no ,
3947: it disables prompting of certificate fields
1.1 jsing 3948: and just takes values from the config file directly.
3949: It also changes the expected format of the
1.63 jmc 3950: .Cm distinguished_name
1.1 jsing 3951: and
1.63 jmc 3952: .Cm attributes
1.1 jsing 3953: sections.
1.63 jmc 3954: .It Cm req_extensions
3955: The configuration file section containing a list of
1.1 jsing 3956: extensions to add to the certificate request.
3957: It can be overridden by the
3958: .Fl reqexts
1.63 jmc 3959: option.
3960: .It Cm string_mask
3961: Limit the string types for encoding certain fields.
1.1 jsing 3962: The following values may be used, limiting strings to the indicated types:
3963: .Bl -tag -width "MASK:number"
1.63 jmc 3964: .It Cm utf8only
3965: UTF8String.
1.1 jsing 3966: This is the default, as recommended by PKIX in RFC 2459.
1.63 jmc 3967: .It Cm default
3968: PrintableString, IA5String, T61String, BMPString, UTF8String.
3969: .It Cm pkix
3970: PrintableString, IA5String, BMPString, UTF8String.
3971: Inspired by the PKIX recommendation in RFC 2459 for certificates
3972: generated before 2004, but differs by also permitting IA5String.
3973: .It Cm nombstr
3974: PrintableString, IA5String, T61String, UniversalString.
3975: A workaround for some ancient software that had problems
3976: with the variable-sized BMPString and UTF8String types.
1.1 jsing 3977: .It Cm MASK : Ns Ar number
1.63 jmc 3978: An explicit bitmask of permitted types, where
1.1 jsing 3979: .Ar number
3980: is a C-style hex, decimal, or octal number that's a bit-wise OR of
3981: .Dv B_ASN1_*
3982: values from
3983: .In openssl/asn1.h .
3984: .El
1.63 jmc 3985: .It Cm utf8
3986: If set to
3987: .Qq yes ,
1.72 jmc 3988: field values are interpreted as UTF8 strings.
1.63 jmc 3989: .It Cm x509_extensions
3990: The configuration file section containing a list of
1.1 jsing 3991: extensions to add to a certificate generated when the
3992: .Fl x509
3993: switch is used.
3994: It can be overridden by the
3995: .Fl extensions
1.72 jmc 3996: command line switch.
1.1 jsing 3997: .El
1.63 jmc 3998: .Pp
1.1 jsing 3999: There are two separate formats for the distinguished name and attribute
4000: sections.
4001: If the
4002: .Fl prompt
4003: option is set to
1.63 jmc 4004: .Qq no ,
1.72 jmc 4005: then these sections just consist of field names and values.
4006: If the
1.1 jsing 4007: .Fl prompt
4008: option is absent or not set to
1.63 jmc 4009: .Qq no ,
1.72 jmc 4010: then the file contains field prompting information of the form:
1.1 jsing 4011: .Bd -unfilled -offset indent
4012: fieldName="prompt"
4013: fieldName_default="default field value"
4014: fieldName_min= 2
4015: fieldName_max= 4
4016: .Ed
4017: .Pp
4018: .Qq fieldName
4019: is the field name being used, for example
1.63 jmc 4020: .Cm commonName
4021: (or CN).
1.1 jsing 4022: The
4023: .Qq prompt
4024: string is used to ask the user to enter the relevant details.
4025: If the user enters nothing, the default value is used;
4026: if no default value is present, the field is omitted.
4027: A field can still be omitted if a default value is present,
4028: if the user just enters the
4029: .Sq \&.
4030: character.
4031: .Pp
4032: The number of characters entered must be between the
1.63 jmc 4033: fieldName_min and fieldName_max limits:
1.1 jsing 4034: there may be additional restrictions based on the field being used
4035: (for example
1.63 jmc 4036: .Cm countryName
1.1 jsing 4037: can only ever be two characters long and must fit in a
1.63 jmc 4038: .Cm PrintableString ) .
1.1 jsing 4039: .Pp
4040: Some fields (such as
1.63 jmc 4041: .Cm organizationName )
1.1 jsing 4042: can be used more than once in a DN.
4043: This presents a problem because configuration files will
4044: not recognize the same name occurring twice.
4045: To avoid this problem, if the
1.63 jmc 4046: .Cm fieldName
1.1 jsing 4047: contains some characters followed by a full stop, they will be ignored.
4048: So, for example, a second
1.63 jmc 4049: .Cm organizationName
1.1 jsing 4050: can be input by calling it
4051: .Qq 1.organizationName .
4052: .Pp
4053: The actual permitted field names are any object identifier short or
4054: long names.
4055: These are compiled into
1.63 jmc 4056: .Nm openssl
1.1 jsing 4057: and include the usual values such as
1.63 jmc 4058: .Cm commonName , countryName , localityName , organizationName ,
1.89 jmc 4059: .Cm organizationalUnitName , stateOrProvinceName .
1.1 jsing 4060: Additionally,
1.63 jmc 4061: .Cm emailAddress
1.1 jsing 4062: is included as well as
1.63 jmc 4063: .Cm name , surname , givenName , initials
1.1 jsing 4064: and
1.63 jmc 4065: .Cm dnQualifier .
1.1 jsing 4066: .Pp
4067: Additional object identifiers can be defined with the
1.63 jmc 4068: .Cm oid_file
1.1 jsing 4069: or
1.63 jmc 4070: .Cm oid_section
1.1 jsing 4071: options in the configuration file.
4072: Any additional fields will be treated as though they were a
1.63 jmc 4073: .Cm DirectoryString .
1.120 kn 4074: .Tg rsa
1.1 jsing 4075: .Sh RSA
1.114 jmc 4076: .Bl -hang -width "openssl rsa"
4077: .It Nm openssl rsa
4078: .Bk -words
1.64 jmc 4079: .Op Fl aes128 | aes192 | aes256 | des | des3
1.1 jsing 4080: .Op Fl check
4081: .Op Fl in Ar file
1.108 inoguchi 4082: .Op Fl inform Cm der | net | pem | pvk
1.1 jsing 4083: .Op Fl modulus
4084: .Op Fl noout
4085: .Op Fl out Ar file
1.108 inoguchi 4086: .Op Fl outform Cm der | net | pem | pvk
1.1 jsing 4087: .Op Fl passin Ar arg
4088: .Op Fl passout Ar arg
4089: .Op Fl pubin
4090: .Op Fl pubout
1.108 inoguchi 4091: .Op Fl pvk-none | pvk-strong | pvk-weak
4092: .Op Fl RSAPublicKey_in
4093: .Op Fl RSAPublicKey_out
1.1 jsing 4094: .Op Fl text
1.114 jmc 4095: .Ek
4096: .El
1.1 jsing 4097: .Pp
4098: The
4099: .Nm rsa
4100: command processes RSA keys.
4101: They can be converted between various forms and their components printed out.
1.64 jmc 4102: .Nm rsa
4103: uses the traditional
1.1 jsing 4104: .Nm SSLeay
4105: compatible format for private key encryption:
4106: newer applications should use the more secure PKCS#8 format using the
4107: .Nm pkcs8
4108: utility.
4109: .Pp
4110: The options are as follows:
4111: .Bl -tag -width Ds
1.64 jmc 4112: .It Fl aes128 | aes192 | aes256 | des | des3
4113: Encrypt the private key with the AES, DES,
1.1 jsing 4114: or the triple DES ciphers, respectively, before outputting it.
4115: A pass phrase is prompted for.
4116: If none of these options are specified, the key is written in plain text.
4117: This means that using the
4118: .Nm rsa
4119: utility to read in an encrypted key with no encryption option can be used
4120: to remove the pass phrase from a key, or by setting the encryption options
4121: it can be used to add or change the pass phrase.
4122: These options can only be used with PEM format output files.
4123: .It Fl check
1.64 jmc 4124: Check the consistency of an RSA private key.
1.1 jsing 4125: .It Fl in Ar file
1.64 jmc 4126: The input file to read from,
4127: or standard input if not specified.
1.1 jsing 4128: If the key is encrypted, a pass phrase will be prompted for.
1.108 inoguchi 4129: .It Fl inform Cm der | net | pem | pvk
1.64 jmc 4130: The input format.
1.1 jsing 4131: .It Fl noout
1.64 jmc 4132: Do not output the encoded version of the key.
1.1 jsing 4133: .It Fl modulus
1.64 jmc 4134: Print the value of the modulus of the key.
1.1 jsing 4135: .It Fl out Ar file
1.64 jmc 4136: The output file to write to,
4137: or standard output if not specified.
1.108 inoguchi 4138: .It Fl outform Cm der | net | pem | pvk
1.64 jmc 4139: The output format.
1.1 jsing 4140: .It Fl passin Ar arg
4141: The key password source.
4142: .It Fl passout Ar arg
4143: The output file password source.
4144: .It Fl pubin
1.64 jmc 4145: Read in a public key,
4146: not a private key.
1.1 jsing 4147: .It Fl pubout
1.64 jmc 4148: Output a public key,
4149: not a private key.
4150: Automatically set if the input is a public key.
1.108 inoguchi 4151: .It Xo
4152: .Fl pvk-none | pvk-strong | pvk-weak
4153: .Xc
4154: Enable or disable PVK encoding.
4155: The default is
4156: .Fl pvk-strong .
4157: .It Fl RSAPublicKey_in , RSAPublicKey_out
4158: Same as
4159: .Fl pubin
4160: and
4161: .Fl pubout
4162: except
4163: .Cm RSAPublicKey
4164: format is used instead.
1.1 jsing 4165: .It Fl text
1.64 jmc 4166: Print the public/private key components in plain text.
1.1 jsing 4167: .El
1.120 kn 4168: .Tg rsautl
1.1 jsing 4169: .Sh RSAUTL
1.114 jmc 4170: .Bl -hang -width "openssl rsautl"
4171: .It Nm openssl rsautl
4172: .Bk -words
1.1 jsing 4173: .Op Fl asn1parse
4174: .Op Fl certin
4175: .Op Fl decrypt
4176: .Op Fl encrypt
4177: .Op Fl hexdump
4178: .Op Fl in Ar file
4179: .Op Fl inkey Ar file
1.65 jmc 4180: .Op Fl keyform Cm der | pem
1.141 tb 4181: .Op Fl oaep | pkcs | raw
1.1 jsing 4182: .Op Fl out Ar file
1.100 tb 4183: .Op Fl passin Ar arg
1.1 jsing 4184: .Op Fl pubin
1.100 tb 4185: .Op Fl rev
1.1 jsing 4186: .Op Fl sign
4187: .Op Fl verify
1.114 jmc 4188: .Ek
4189: .El
1.1 jsing 4190: .Pp
4191: The
4192: .Nm rsautl
4193: command can be used to sign, verify, encrypt and decrypt
4194: data using the RSA algorithm.
4195: .Pp
4196: The options are as follows:
4197: .Bl -tag -width Ds
4198: .It Fl asn1parse
4199: Asn1parse the output data; this is useful when combined with the
4200: .Fl verify
4201: option.
4202: .It Fl certin
4203: The input is a certificate containing an RSA public key.
4204: .It Fl decrypt
4205: Decrypt the input data using an RSA private key.
4206: .It Fl encrypt
4207: Encrypt the input data using an RSA public key.
4208: .It Fl hexdump
4209: Hex dump the output data.
4210: .It Fl in Ar file
1.65 jmc 4211: The input to read from,
4212: or standard input if not specified.
1.1 jsing 4213: .It Fl inkey Ar file
1.65 jmc 4214: The input key file; by default an RSA private key.
4215: .It Fl keyform Cm der | pem
1.85 tb 4216: The private key format.
1.65 jmc 4217: The default is
4218: .Cm pem .
1.141 tb 4219: .It Fl oaep | pkcs | raw
1.1 jsing 4220: The padding to use:
1.141 tb 4221: PKCS#1 OAEP, PKCS#1 v1.5 (the default), no padding,
1.100 tb 4222: respectively.
1.1 jsing 4223: For signatures, only
4224: .Fl pkcs
4225: and
4226: .Fl raw
4227: can be used.
4228: .It Fl out Ar file
1.65 jmc 4229: The output file to write to,
4230: or standard output if not specified.
1.100 tb 4231: .It Fl passin Ar arg
4232: The key password source.
1.1 jsing 4233: .It Fl pubin
4234: The input file is an RSA public key.
1.100 tb 4235: .It Fl rev
4236: Reverse the order of the input buffer.
1.1 jsing 4237: .It Fl sign
4238: Sign the input data and output the signed result.
4239: This requires an RSA private key.
4240: .It Fl verify
4241: Verify the input data and output the recovered data.
4242: .El
1.120 kn 4243: .Tg s_client
1.1 jsing 4244: .Sh S_CLIENT
1.114 jmc 4245: .Bl -hang -width "openssl s_client"
4246: .It Nm openssl s_client
4247: .Bk -words
1.1 jsing 4248: .Op Fl 4 | 6
1.110 inoguchi 4249: .Op Fl alpn Ar protocols
1.1 jsing 4250: .Op Fl bugs
4251: .Op Fl CAfile Ar file
4252: .Op Fl CApath Ar directory
4253: .Op Fl cert Ar file
1.110 inoguchi 4254: .Op Fl certform Cm der | pem
1.1 jsing 4255: .Op Fl check_ss_sig
4256: .Op Fl cipher Ar cipherlist
1.66 jmc 4257: .Op Fl connect Ar host Ns Op : Ns Ar port
1.1 jsing 4258: .Op Fl crl_check
4259: .Op Fl crl_check_all
4260: .Op Fl crlf
4261: .Op Fl debug
1.129 jsing 4262: .Op Fl dtls
1.110 inoguchi 4263: .Op Fl dtls1
1.129 jsing 4264: .Op Fl dtls1_2
1.1 jsing 4265: .Op Fl extended_crl
1.121 schwarze 4266: .Op Fl groups Ar list
1.110 inoguchi 4267: .Op Fl host Ar host
1.1 jsing 4268: .Op Fl ign_eof
4269: .Op Fl ignore_critical
4270: .Op Fl issuer_checks
4271: .Op Fl key Ar keyfile
1.110 inoguchi 4272: .Op Fl keyform Cm der | pem
4273: .Op Fl keymatexport Ar label
4274: .Op Fl keymatexportlen Ar len
4275: .Op Fl legacy_server_connect
1.1 jsing 4276: .Op Fl msg
1.110 inoguchi 4277: .Op Fl mtu Ar mtu
1.1 jsing 4278: .Op Fl nbio
4279: .Op Fl nbio_test
1.110 inoguchi 4280: .Op Fl no_comp
4281: .Op Fl no_ign_eof
4282: .Op Fl no_legacy_server_connect
1.1 jsing 4283: .Op Fl no_ticket
4284: .Op Fl no_tls1
1.6 guenther 4285: .Op Fl no_tls1_1
4286: .Op Fl no_tls1_2
1.119 jsing 4287: .Op Fl no_tls1_3
1.110 inoguchi 4288: .Op Fl pass Ar arg
1.1 jsing 4289: .Op Fl pause
4290: .Op Fl policy_check
1.110 inoguchi 4291: .Op Fl port Ar port
1.1 jsing 4292: .Op Fl prexit
1.11 bluhm 4293: .Op Fl proxy Ar host : Ns Ar port
1.1 jsing 4294: .Op Fl quiet
4295: .Op Fl reconnect
1.5 jsing 4296: .Op Fl servername Ar name
1.110 inoguchi 4297: .Op Fl serverpref
4298: .Op Fl sess_in Ar file
4299: .Op Fl sess_out Ar file
1.1 jsing 4300: .Op Fl showcerts
4301: .Op Fl starttls Ar protocol
4302: .Op Fl state
1.110 inoguchi 4303: .Op Fl status
4304: .Op Fl timeout
1.1 jsing 4305: .Op Fl tls1
1.31 jmc 4306: .Op Fl tls1_1
4307: .Op Fl tls1_2
1.119 jsing 4308: .Op Fl tls1_3
1.1 jsing 4309: .Op Fl tlsextdebug
1.110 inoguchi 4310: .Op Fl use_srtp Ar profiles
1.1 jsing 4311: .Op Fl verify Ar depth
1.110 inoguchi 4312: .Op Fl verify_return_error
1.1 jsing 4313: .Op Fl x509_strict
1.19 landry 4314: .Op Fl xmpphost Ar host
1.114 jmc 4315: .Ek
4316: .El
1.1 jsing 4317: .Pp
4318: The
4319: .Nm s_client
4320: command implements a generic SSL/TLS client which connects
4321: to a remote host using SSL/TLS.
1.66 jmc 4322: .Pp
4323: If a connection is established with an SSL server, any data received
4324: from the server is displayed and any key presses will be sent to the
4325: server.
4326: When used interactively (which means neither
4327: .Fl quiet
4328: nor
4329: .Fl ign_eof
4330: have been given), the session will be renegotiated if the line begins with an
4331: .Cm R ;
4332: if the line begins with a
4333: .Cm Q
4334: or if end of file is reached, the connection will be closed down.
1.1 jsing 4335: .Pp
4336: The options are as follows:
4337: .Bl -tag -width Ds
4338: .It Fl 4
1.66 jmc 4339: Attempt connections using IPv4 only.
1.1 jsing 4340: .It Fl 6
1.66 jmc 4341: Attempt connections using IPv6 only.
1.110 inoguchi 4342: .It Fl alpn Ar protocols
4343: Enable the Application-Layer Protocol Negotiation.
4344: .Ar protocols
4345: is a comma-separated list of protocol names that the client should advertise
4346: support for.
1.1 jsing 4347: .It Fl bugs
1.66 jmc 4348: Enable various workarounds for buggy implementations.
1.1 jsing 4349: .It Fl CAfile Ar file
4350: A
4351: .Ar file
4352: containing trusted certificates to use during server authentication
4353: and to use when attempting to build the client certificate chain.
4354: .It Fl CApath Ar directory
4355: The
4356: .Ar directory
4357: to use for server certificate verification.
4358: This directory must be in
4359: .Qq hash format ;
4360: see
4361: .Fl verify
4362: for more information.
4363: These are also used when building the client certificate chain.
4364: .It Fl cert Ar file
4365: The certificate to use, if one is requested by the server.
4366: The default is not to use a certificate.
1.110 inoguchi 4367: .It Fl certform Cm der | pem
4368: The certificate format.
4369: The default is
4370: .Cm pem .
1.1 jsing 4371: .It Xo
4372: .Fl check_ss_sig ,
4373: .Fl crl_check ,
4374: .Fl crl_check_all ,
4375: .Fl extended_crl ,
4376: .Fl ignore_critical ,
4377: .Fl issuer_checks ,
4378: .Fl policy_check ,
4379: .Fl x509_strict
4380: .Xc
4381: Set various certificate chain validation options.
4382: See the
1.66 jmc 4383: .Nm verify
1.1 jsing 4384: command for details.
4385: .It Fl cipher Ar cipherlist
1.66 jmc 4386: Modify the cipher list sent by the client.
1.1 jsing 4387: Although the server determines which cipher suite is used, it should take
4388: the first supported cipher in the list sent by the client.
4389: See the
1.66 jmc 4390: .Nm ciphers
4391: command for more information.
4392: .It Fl connect Ar host Ns Op : Ns Ar port
4393: The
1.1 jsing 4394: .Ar host
1.66 jmc 4395: and
1.1 jsing 4396: .Ar port
4397: to connect to.
4398: If not specified, an attempt is made to connect to the local host
4399: on port 4433.
4400: Alternatively, the host and port pair may be separated using a forward-slash
1.66 jmc 4401: character,
4402: which is useful for numeric IPv6 addresses.
1.1 jsing 4403: .It Fl crlf
1.66 jmc 4404: Translate a line feed from the terminal into CR+LF,
4405: as required by some servers.
1.1 jsing 4406: .It Fl debug
1.66 jmc 4407: Print extensive debugging information, including a hex dump of all traffic.
1.129 jsing 4408: .It Fl dtls
4409: Permit any version of DTLS.
1.110 inoguchi 4410: .It Fl dtls1
4411: Permit only DTLS1.0.
1.129 jsing 4412: .It Fl dtls1_2
4413: Permit only DTLS1.2.
1.121 schwarze 4414: .It Fl groups Ar list
4415: Set the supported elliptic curve groups to the colon separated
4416: .Ar list
4417: of group NIDs or names as documented in
4418: .Xr SSL_CTX_set1_groups_list 3 .
1.110 inoguchi 4419: .It Fl host Ar host
4420: The
4421: .Ar host
4422: to connect to.
4423: The default is localhost.
1.1 jsing 4424: .It Fl ign_eof
1.66 jmc 4425: Inhibit shutting down the connection when end of file is reached in the input.
1.1 jsing 4426: .It Fl key Ar keyfile
4427: The private key to use.
4428: If not specified, the certificate file will be used.
1.110 inoguchi 4429: .It Fl keyform Cm der | pem
4430: The private key format.
4431: The default is
4432: .Cm pem .
4433: .It Fl keymatexport Ar label
4434: Export keying material using label.
4435: .It Fl keymatexportlen Ar len
4436: Export len bytes of keying material (default 20).
4437: .It Fl legacy_server_connect , no_legacy_server_connect
4438: Allow or disallow initial connection to servers that don't support RI.
1.1 jsing 4439: .It Fl msg
4440: Show all protocol messages with hex dump.
1.110 inoguchi 4441: .It Fl mtu Ar mtu
4442: Set the link layer MTU.
1.1 jsing 4443: .It Fl nbio
1.66 jmc 4444: Turn on non-blocking I/O.
1.1 jsing 4445: .It Fl nbio_test
1.66 jmc 4446: Test non-blocking I/O.
1.110 inoguchi 4447: .It Fl no_ign_eof
4448: Shut down the connection when end of file is reached in the input.
4449: Can be used to override the implicit
4450: .Fl ign_eof
4451: after
4452: .Fl quiet .
1.119 jsing 4453: .It Fl no_tls1 | no_tls1_1 | no_tls1_2 | no_tls1_3
4454: Disable the use of TLS1.0, 1.1, 1.2 and 1.3 respectively.
1.1 jsing 4455: .It Fl no_ticket
4456: Disable RFC 4507 session ticket support.
1.110 inoguchi 4457: .It Fl pass Ar arg
4458: The private key password source.
1.1 jsing 4459: .It Fl pause
1.66 jmc 4460: Pause 1 second between each read and write call.
1.110 inoguchi 4461: .It Fl port Ar port
4462: The
4463: .Ar port
4464: to connect to.
4465: The default is 4433.
1.1 jsing 4466: .It Fl prexit
4467: Print session information when the program exits.
4468: This will always attempt
4469: to print out information even if the connection fails.
4470: Normally, information will only be printed out once if the connection succeeds.
4471: This option is useful because the cipher in use may be renegotiated
4472: or the connection may fail because a client certificate is required or is
4473: requested only after an attempt is made to access a certain URL.
1.66 jmc 4474: Note that the output produced by this option is not always accurate
4475: because a connection might never have been established.
1.11 bluhm 4476: .It Fl proxy Ar host : Ns Ar port
4477: Use the HTTP proxy at
4478: .Ar host
4479: and
4480: .Ar port .
4481: The connection to the proxy is done in cleartext and the
4482: .Fl connect
4483: argument is given to the proxy.
4484: If not specified, localhost is used as final destination.
4485: After that, switch the connection through the proxy to the destination
4486: to TLS.
1.1 jsing 4487: .It Fl quiet
4488: Inhibit printing of session and certificate information.
4489: This implicitly turns on
4490: .Fl ign_eof
4491: as well.
4492: .It Fl reconnect
1.66 jmc 4493: Reconnect to the same server 5 times using the same session ID; this can
1.1 jsing 4494: be used as a test that session caching is working.
1.5 jsing 4495: .It Fl servername Ar name
4496: Include the TLS Server Name Indication (SNI) extension in the ClientHello
4497: message, using the specified server
4498: .Ar name .
1.1 jsing 4499: .It Fl showcerts
4500: Display the whole server certificate chain: normally only the server
4501: certificate itself is displayed.
1.110 inoguchi 4502: .It Fl serverpref
4503: Use the server's cipher preferences.
4504: .It Fl sess_in Ar file
4505: Load TLS session from file.
4506: The client will attempt to resume a connection from this session.
4507: .It Fl sess_out Ar file
4508: Output TLS session to file.
1.1 jsing 4509: .It Fl starttls Ar protocol
1.66 jmc 4510: Send the protocol-specific messages to switch to TLS for communication.
1.1 jsing 4511: .Ar protocol
4512: is a keyword for the intended protocol.
4513: Currently, the supported keywords are
4514: .Qq ftp ,
4515: .Qq imap ,
4516: .Qq smtp ,
4517: .Qq pop3 ,
4518: and
4519: .Qq xmpp .
4520: .It Fl state
1.66 jmc 4521: Print the SSL session states.
1.110 inoguchi 4522: .It Fl status
4523: Send a certificate status request to the server (OCSP stapling).
4524: The server response (if any) is printed out.
4525: .It Fl timeout
4526: Enable send/receive timeout on DTLS connections.
1.119 jsing 4527: .It Fl tls1 | tls1_1 | tls1_2 | tls1_3
4528: Permit only TLS1.0, 1.1, 1.2 or 1.3 respectively.
1.1 jsing 4529: .It Fl tlsextdebug
1.66 jmc 4530: Print a hex dump of any TLS extensions received from the server.
1.110 inoguchi 4531: .It Fl use_srtp Ar profiles
4532: Offer SRTP key management with a colon-separated profile list.
1.1 jsing 4533: .It Fl verify Ar depth
1.66 jmc 4534: Turn on server certificate verification,
4535: with a maximum length of
4536: .Ar depth .
1.1 jsing 4537: Currently the verify operation continues after errors so all the problems
4538: with a certificate chain can be seen.
4539: As a side effect the connection will never fail due to a server
4540: certificate verify failure.
1.110 inoguchi 4541: .It Fl verify_return_error
4542: Return verification error.
1.19 landry 4543: .It Fl xmpphost Ar hostname
1.66 jmc 4544: When used with
1.19 landry 4545: .Fl starttls Ar xmpp ,
1.66 jmc 4546: specify the host for the "to" attribute of the stream element.
1.19 landry 4547: If this option is not specified then the host specified with
4548: .Fl connect
4549: will be used.
1.1 jsing 4550: .El
1.120 kn 4551: .Tg s_server
1.1 jsing 4552: .Sh S_SERVER
1.114 jmc 4553: .Bl -hang -width "openssl s_server"
4554: .It Nm openssl s_server
4555: .Bk -words
1.1 jsing 4556: .Op Fl accept Ar port
1.111 inoguchi 4557: .Op Fl alpn Ar protocols
1.1 jsing 4558: .Op Fl bugs
4559: .Op Fl CAfile Ar file
4560: .Op Fl CApath Ar directory
4561: .Op Fl cert Ar file
1.111 inoguchi 4562: .Op Fl cert2 Ar file
4563: .Op Fl certform Cm der | pem
1.1 jsing 4564: .Op Fl cipher Ar cipherlist
4565: .Op Fl context Ar id
4566: .Op Fl crl_check
4567: .Op Fl crl_check_all
4568: .Op Fl crlf
4569: .Op Fl dcert Ar file
1.111 inoguchi 4570: .Op Fl dcertform Cm der | pem
1.1 jsing 4571: .Op Fl debug
4572: .Op Fl dhparam Ar file
4573: .Op Fl dkey Ar file
1.111 inoguchi 4574: .Op Fl dkeyform Cm der | pem
4575: .Op Fl dpass Ar arg
1.129 jsing 4576: .Op Fl dtls
1.111 inoguchi 4577: .Op Fl dtls1
1.129 jsing 4578: .Op Fl dtls1_2
1.121 schwarze 4579: .Op Fl groups Ar list
1.1 jsing 4580: .Op Fl HTTP
4581: .Op Fl id_prefix Ar arg
4582: .Op Fl key Ar keyfile
1.111 inoguchi 4583: .Op Fl key2 Ar keyfile
4584: .Op Fl keyform Cm der | pem
4585: .Op Fl keymatexport Ar label
4586: .Op Fl keymatexportlen Ar len
1.1 jsing 4587: .Op Fl msg
1.111 inoguchi 4588: .Op Fl mtu Ar mtu
1.130 tb 4589: .Op Fl naccept Ar num
1.111 inoguchi 4590: .Op Fl named_curve Ar arg
1.1 jsing 4591: .Op Fl nbio
4592: .Op Fl nbio_test
1.111 inoguchi 4593: .Op Fl no_cache
1.1 jsing 4594: .Op Fl no_dhe
1.111 inoguchi 4595: .Op Fl no_ecdhe
4596: .Op Fl no_ticket
1.1 jsing 4597: .Op Fl no_tls1
1.6 guenther 4598: .Op Fl no_tls1_1
4599: .Op Fl no_tls1_2
1.122 inoguchi 4600: .Op Fl no_tls1_3
1.1 jsing 4601: .Op Fl no_tmp_rsa
4602: .Op Fl nocert
1.111 inoguchi 4603: .Op Fl pass Ar arg
1.1 jsing 4604: .Op Fl quiet
1.111 inoguchi 4605: .Op Fl servername Ar name
4606: .Op Fl servername_fatal
1.1 jsing 4607: .Op Fl serverpref
4608: .Op Fl state
1.111 inoguchi 4609: .Op Fl status
4610: .Op Fl status_timeout Ar nsec
4611: .Op Fl status_url Ar url
4612: .Op Fl status_verbose
4613: .Op Fl timeout
1.1 jsing 4614: .Op Fl tls1
1.31 jmc 4615: .Op Fl tls1_1
4616: .Op Fl tls1_2
1.122 inoguchi 4617: .Op Fl tls1_3
1.111 inoguchi 4618: .Op Fl tlsextdebug
4619: .Op Fl use_srtp Ar profiles
1.1 jsing 4620: .Op Fl Verify Ar depth
4621: .Op Fl verify Ar depth
1.111 inoguchi 4622: .Op Fl verify_return_error
1.1 jsing 4623: .Op Fl WWW
4624: .Op Fl www
1.114 jmc 4625: .Ek
4626: .El
1.1 jsing 4627: .Pp
4628: The
4629: .Nm s_server
4630: command implements a generic SSL/TLS server which listens
4631: for connections on a given port using SSL/TLS.
4632: .Pp
1.67 jmc 4633: If a connection request is established with a client and neither the
4634: .Fl www
4635: nor the
4636: .Fl WWW
4637: option has been used, then any data received
4638: from the client is displayed and any key presses are sent to the client.
4639: Certain single letter commands perform special operations:
4640: .Pp
4641: .Bl -tag -width "XXXX" -compact
4642: .It Ic P
4643: Send plain text, which should cause the client to disconnect.
4644: .It Ic Q
4645: End the current SSL connection and exit.
4646: .It Ic q
4647: End the current SSL connection, but still accept new connections.
4648: .It Ic R
4649: Renegotiate the SSL session and request a client certificate.
4650: .It Ic r
4651: Renegotiate the SSL session.
4652: .It Ic S
4653: Print out some session cache status information.
4654: .El
4655: .Pp
1.1 jsing 4656: The options are as follows:
4657: .Bl -tag -width Ds
1.113 inoguchi 4658: .It Fl accept Ar port
1.67 jmc 4659: Listen on TCP
1.1 jsing 4660: .Ar port
1.67 jmc 4661: for connections.
4662: The default is port 4433.
1.111 inoguchi 4663: .It Fl alpn Ar protocols
4664: Enable the Application-Layer Protocol Negotiation.
4665: .Ar protocols
4666: is a comma-separated list of supported protocol names.
1.1 jsing 4667: .It Fl bugs
1.67 jmc 4668: Enable various workarounds for buggy implementations.
1.1 jsing 4669: .It Fl CAfile Ar file
1.67 jmc 4670: A
4671: .Ar file
4672: containing trusted certificates to use during client authentication
1.1 jsing 4673: and to use when attempting to build the server certificate chain.
4674: The list is also used in the list of acceptable client CAs passed to the
4675: client when a certificate is requested.
4676: .It Fl CApath Ar directory
4677: The
4678: .Ar directory
4679: to use for client certificate verification.
4680: This directory must be in
4681: .Qq hash format ;
4682: see
4683: .Fl verify
4684: for more information.
4685: These are also used when building the server certificate chain.
4686: .It Fl cert Ar file
1.67 jmc 4687: The certificate to use: most server's cipher suites require the use of a
4688: certificate and some require a certificate with a certain public key type.
4689: For example, the DSS cipher suites require a certificate containing a DSS
4690: (DSA) key.
1.1 jsing 4691: If not specified, the file
4692: .Pa server.pem
4693: will be used.
1.111 inoguchi 4694: .It Fl cert2 Ar file
4695: The certificate to use for servername.
4696: .It Fl certform Cm der | pem
4697: The certificate format.
4698: The default is
4699: .Cm pem .
1.1 jsing 4700: .It Fl cipher Ar cipherlist
1.67 jmc 4701: Modify the cipher list used by the server.
1.1 jsing 4702: This allows the cipher list used by the server to be modified.
4703: When the client sends a list of supported ciphers, the first client cipher
4704: also included in the server list is used.
4705: Because the client specifies the preference order, the order of the server
4706: cipherlist is irrelevant.
4707: See the
1.67 jmc 4708: .Nm ciphers
4709: command for more information.
1.1 jsing 4710: .It Fl context Ar id
1.67 jmc 4711: Set the SSL context ID.
1.1 jsing 4712: It can be given any string value.
4713: .It Fl crl_check , crl_check_all
4714: Check the peer certificate has not been revoked by its CA.
4715: The CRLs are appended to the certificate file.
4716: .Fl crl_check_all
1.67 jmc 4717: checks all CRLs of all CAs in the chain.
1.1 jsing 4718: .It Fl crlf
1.67 jmc 4719: Translate a line feed from the terminal into CR+LF.
1.1 jsing 4720: .It Fl dcert Ar file , Fl dkey Ar file
4721: Specify an additional certificate and private key; these behave in the
4722: same manner as the
4723: .Fl cert
4724: and
4725: .Fl key
4726: options except there is no default if they are not specified
1.67 jmc 4727: (no additional certificate or key is used).
1.1 jsing 4728: By using RSA and DSS certificates and keys,
4729: a server can support clients which only support RSA or DSS cipher suites
4730: by using an appropriate certificate.
1.111 inoguchi 4731: .It Fl dcertform Cm der | pem , Fl dkeyform Cm der | pem , Fl dpass Ar arg
4732: Additional certificate and private key format, and private key password source,
4733: respectively.
1.1 jsing 4734: .It Fl debug
1.67 jmc 4735: Print extensive debugging information, including a hex dump of all traffic.
1.1 jsing 4736: .It Fl dhparam Ar file
4737: The DH parameter file to use.
4738: The ephemeral DH cipher suites generate keys
4739: using a set of DH parameters.
4740: If not specified, an attempt is made to
4741: load the parameters from the server certificate file.
4742: If this fails, a static set of parameters hard coded into the
4743: .Nm s_server
4744: program will be used.
1.129 jsing 4745: .It Fl dtls
4746: Permit any version of DTLS.
1.111 inoguchi 4747: .It Fl dtls1
4748: Permit only DTLS1.0.
1.129 jsing 4749: .It Fl dtls1_2
4750: Permit only DTLS1.2.
1.121 schwarze 4751: .It Fl groups Ar list
4752: Set the supported elliptic curve groups to the colon separated
4753: .Ar list
4754: of group NIDs or names as documented in
4755: .Xr SSL_CTX_set1_groups_list 3 .
1.1 jsing 4756: .It Fl HTTP
1.67 jmc 4757: Emulate a simple web server.
4758: Pages are resolved relative to the current directory.
4759: For example if the URL
1.1 jsing 4760: .Pa https://myhost/page.html
4761: is requested, the file
4762: .Pa ./page.html
4763: will be loaded.
4764: The files loaded are assumed to contain a complete and correct HTTP
4765: response (lines that are part of the HTTP response line and headers
4766: must end with CRLF).
4767: .It Fl id_prefix Ar arg
4768: Generate SSL/TLS session IDs prefixed by
4769: .Ar arg .
4770: This is mostly useful for testing any SSL/TLS code
1.81 jmc 4771: that wish to deal with multiple servers,
4772: when each of which might be generating a unique range of session IDs.
1.1 jsing 4773: .It Fl key Ar keyfile
4774: The private key to use.
4775: If not specified, the certificate file will be used.
1.111 inoguchi 4776: .It Fl key2 Ar keyfile
4777: The private key to use for servername.
4778: .It Fl keyform Cm der | pem
4779: The private key format.
4780: The default is
4781: .Cm pem .
4782: .It Fl keymatexport Ar label
4783: Export keying material using label.
4784: .It Fl keymatexportlen Ar len
4785: Export len bytes of keying material (default 20).
1.1 jsing 4786: .It Fl msg
4787: Show all protocol messages with hex dump.
1.111 inoguchi 4788: .It Fl mtu Ar mtu
4789: Set the link layer MTU.
1.130 tb 4790: .It Fl naccept Ar num
4791: Terminate server after
4792: .Ar num
4793: connections.
1.111 inoguchi 4794: .It Fl named_curve Ar arg
4795: Specify the elliptic curve name to use for ephemeral ECDH keys.
1.121 schwarze 4796: This option is deprecated; use
4797: .Fl groups
4798: instead.
1.1 jsing 4799: .It Fl nbio
1.67 jmc 4800: Turn on non-blocking I/O.
1.1 jsing 4801: .It Fl nbio_test
1.67 jmc 4802: Test non-blocking I/O.
1.111 inoguchi 4803: .It Fl no_cache
4804: Disable session caching.
1.1 jsing 4805: .It Fl no_dhe
1.67 jmc 4806: Disable ephemeral DH cipher suites.
1.111 inoguchi 4807: .It Fl no_ecdhe
4808: Disable ephemeral ECDH cipher suites.
4809: .It Fl no_ticket
4810: Disable RFC 4507 session ticket support.
1.122 inoguchi 4811: .It Fl no_tls1 | no_tls1_1 | no_tls1_2 | no_tls1_3
4812: Disable the use of TLS1.0, 1.1, 1.2, and 1.3, respectively.
1.1 jsing 4813: .It Fl no_tmp_rsa
1.67 jmc 4814: Disable temporary RSA key generation.
1.1 jsing 4815: .It Fl nocert
1.67 jmc 4816: Do not use a certificate.
1.1 jsing 4817: This restricts the cipher suites available to the anonymous ones
1.67 jmc 4818: (currently just anonymous DH).
1.111 inoguchi 4819: .It Fl pass Ar arg
4820: The private key password source.
1.1 jsing 4821: .It Fl quiet
4822: Inhibit printing of session and certificate information.
1.111 inoguchi 4823: .It Fl servername Ar name
4824: Set the TLS Server Name Indication (SNI) extension with
4825: .Ar name .
4826: .It Fl servername_fatal
4827: Send fatal alert if servername does not match.
4828: The default is warning alert.
1.1 jsing 4829: .It Fl serverpref
4830: Use server's cipher preferences.
4831: .It Fl state
1.67 jmc 4832: Print the SSL session states.
1.111 inoguchi 4833: .It Fl status
4834: Enables certificate status request support (OCSP stapling).
4835: .It Fl status_timeout Ar nsec
4836: Sets the timeout for OCSP response in seconds.
4837: .It Fl status_url Ar url
4838: Sets a fallback responder URL to use if no responder URL is present in the
4839: server certificate.
4840: Without this option, an error is returned if the server certificate does not
4841: contain a responder address.
4842: .It Fl status_verbose
4843: Enables certificate status request support (OCSP stapling) and gives a verbose
4844: printout of the OCSP response.
4845: .It Fl timeout
4846: Enable send/receive timeout on DTLS connections.
1.122 inoguchi 4847: .It Fl tls1 | tls1_1 | tls1_2 | tls1_3
4848: Permit only TLS1.0, 1.1, 1.2, or 1.3, respectively.
1.111 inoguchi 4849: .It Fl tlsextdebug
4850: Print a hex dump of any TLS extensions received from the server.
4851: .It Fl use_srtp Ar profiles
4852: Offer SRTP key management with a colon-separated profile list.
4853: .It Fl verify_return_error
4854: Return verification error.
1.1 jsing 4855: .It Fl WWW
1.67 jmc 4856: Emulate a simple web server.
4857: Pages are resolved relative to the current directory.
4858: For example if the URL
1.1 jsing 4859: .Pa https://myhost/page.html
4860: is requested, the file
4861: .Pa ./page.html
4862: will be loaded.
4863: .It Fl www
1.67 jmc 4864: Send a status message to the client when it connects,
4865: including information about the ciphers used and various session parameters.
1.1 jsing 4866: The output is in HTML format so this option will normally be used with a
4867: web browser.
4868: .It Fl Verify Ar depth , Fl verify Ar depth
1.67 jmc 4869: Request a certificate chain from the client,
4870: with a maximum length of
4871: .Ar depth .
4872: With
4873: .Fl Verify ,
4874: the client must supply a certificate or an error occurs;
4875: with
4876: .Fl verify ,
4877: a certificate is requested but the client does not have to send one.
1.1 jsing 4878: .El
1.120 kn 4879: .Tg s_time
1.1 jsing 4880: .Sh S_TIME
1.114 jmc 4881: .Bl -hang -width "openssl s_time"
4882: .It Nm openssl s_time
4883: .Bk -words
1.1 jsing 4884: .Op Fl bugs
4885: .Op Fl CAfile Ar file
4886: .Op Fl CApath Ar directory
4887: .Op Fl cert Ar file
4888: .Op Fl cipher Ar cipherlist
1.68 jmc 4889: .Op Fl connect Ar host Ns Op : Ns Ar port
1.1 jsing 4890: .Op Fl key Ar keyfile
4891: .Op Fl nbio
4892: .Op Fl new
1.20 lteo 4893: .Op Fl no_shutdown
1.1 jsing 4894: .Op Fl reuse
4895: .Op Fl time Ar seconds
4896: .Op Fl verify Ar depth
4897: .Op Fl www Ar page
1.114 jmc 4898: .Ek
4899: .El
1.1 jsing 4900: .Pp
4901: The
1.68 jmc 4902: .Nm s_time
1.1 jsing 4903: command implements a generic SSL/TLS client which connects to a
4904: remote host using SSL/TLS.
4905: It can request a page from the server and includes
4906: the time to transfer the payload data in its timing measurements.
4907: It measures the number of connections within a given timeframe,
4908: the amount of data transferred
4909: .Pq if any ,
4910: and calculates the average time spent for one connection.
4911: .Pp
4912: The options are as follows:
4913: .Bl -tag -width Ds
4914: .It Fl bugs
1.68 jmc 4915: Enable various workarounds for buggy implementations.
1.1 jsing 4916: .It Fl CAfile Ar file
1.68 jmc 4917: A
4918: .Ar file
4919: containing trusted certificates to use during server authentication
1.1 jsing 4920: and to use when attempting to build the client certificate chain.
4921: .It Fl CApath Ar directory
4922: The directory to use for server certificate verification.
4923: This directory must be in
4924: .Qq hash format ;
4925: see
4926: .Nm verify
4927: for more information.
4928: These are also used when building the client certificate chain.
4929: .It Fl cert Ar file
4930: The certificate to use, if one is requested by the server.
4931: The default is not to use a certificate.
4932: .It Fl cipher Ar cipherlist
1.68 jmc 4933: Modify the cipher list sent by the client.
1.1 jsing 4934: Although the server determines which cipher suite is used,
4935: it should take the first supported cipher in the list sent by the client.
4936: See the
4937: .Nm ciphers
4938: command for more information.
1.68 jmc 4939: .It Fl connect Ar host Ns Op : Ns Ar port
4940: The host and port to connect to.
1.1 jsing 4941: .It Fl key Ar keyfile
4942: The private key to use.
4943: If not specified, the certificate file will be used.
4944: .It Fl nbio
1.68 jmc 4945: Turn on non-blocking I/O.
1.1 jsing 4946: .It Fl new
1.68 jmc 4947: Perform the timing test using a new session ID for each connection.
1.1 jsing 4948: If neither
4949: .Fl new
4950: nor
4951: .Fl reuse
4952: are specified,
4953: they are both on by default and executed in sequence.
1.20 lteo 4954: .It Fl no_shutdown
1.21 jmc 4955: Shut down the connection without sending a
1.68 jmc 4956: .Qq close notify
1.20 lteo 4957: shutdown alert to the server.
1.1 jsing 4958: .It Fl reuse
1.68 jmc 4959: Perform the timing test using the same session ID for each connection.
1.1 jsing 4960: If neither
4961: .Fl new
4962: nor
4963: .Fl reuse
4964: are specified,
4965: they are both on by default and executed in sequence.
4966: .It Fl time Ar seconds
1.68 jmc 4967: Limit
1.1 jsing 4968: .Nm s_time
1.68 jmc 4969: benchmarks to the number of
4970: .Ar seconds .
1.1 jsing 4971: The default is 30 seconds.
4972: .It Fl verify Ar depth
1.68 jmc 4973: Turn on server certificate verification,
4974: with a maximum length of
4975: .Ar depth .
1.1 jsing 4976: Currently the verify operation continues after errors, so all the problems
4977: with a certificate chain can be seen.
4978: As a side effect,
4979: the connection will never fail due to a server certificate verify failure.
4980: .It Fl www Ar page
1.68 jmc 4981: The page to GET from the server.
1.1 jsing 4982: A value of
4983: .Sq /
4984: gets the index.htm[l] page.
4985: If this parameter is not specified,
4986: .Nm s_time
4987: will only perform the handshake to establish SSL connections
4988: but not transfer any payload data.
4989: .El
1.120 kn 4990: .Tg sess_id
1.1 jsing 4991: .Sh SESS_ID
1.114 jmc 4992: .Bl -hang -width "openssl sess_id"
4993: .It Nm openssl sess_id
4994: .Bk -words
1.1 jsing 4995: .Op Fl cert
4996: .Op Fl context Ar ID
4997: .Op Fl in Ar file
1.69 jmc 4998: .Op Fl inform Cm der | pem
1.1 jsing 4999: .Op Fl noout
5000: .Op Fl out Ar file
1.69 jmc 5001: .Op Fl outform Cm der | pem
1.1 jsing 5002: .Op Fl text
1.114 jmc 5003: .Ek
5004: .El
1.1 jsing 5005: .Pp
5006: The
5007: .Nm sess_id
5008: program processes the encoded version of the SSL session structure and
5009: optionally prints out SSL session details
1.69 jmc 5010: (for example the SSL session master key)
1.72 jmc 5011: in human-readable format.
1.1 jsing 5012: .Pp
5013: The options are as follows:
5014: .Bl -tag -width Ds
5015: .It Fl cert
5016: If a certificate is present in the session,
5017: it will be output using this option;
5018: if the
5019: .Fl text
5020: option is also present, then it will be printed out in text form.
5021: .It Fl context Ar ID
1.69 jmc 5022: Set the session
1.1 jsing 5023: .Ar ID .
1.69 jmc 5024: The ID can be any string of characters.
1.1 jsing 5025: .It Fl in Ar file
1.69 jmc 5026: The input file to read from,
5027: or standard input if not specified.
5028: .It Fl inform Cm der | pem
5029: The input format.
5030: .Cm der
1.84 jmc 5031: uses an ASN.1 DER-encoded format containing session details.
1.1 jsing 5032: The precise format can vary from one version to the next.
1.69 jmc 5033: .Cm pem
5034: is the default format: it consists of the DER
1.1 jsing 5035: format base64-encoded with additional header and footer lines.
5036: .It Fl noout
1.69 jmc 5037: Do not output the encoded version of the session.
1.1 jsing 5038: .It Fl out Ar file
1.69 jmc 5039: The output file to write to,
5040: or standard output if not specified.
5041: .It Fl outform Cm der | pem
5042: The output format.
1.1 jsing 5043: .It Fl text
1.69 jmc 5044: Print the various public or private key components in plain text,
5045: in addition to the encoded version.
1.1 jsing 5046: .El
5047: .Pp
1.69 jmc 5048: The output of
5049: .Nm sess_id
5050: is composed as follows:
1.1 jsing 5051: .Pp
1.69 jmc 5052: .Bl -tag -width "Verify return code " -offset 3n -compact
5053: .It Protocol
5054: The protocol in use.
5055: .It Cipher
5056: The actual raw SSL or TLS cipher code.
5057: .It Session-ID
5058: The SSL session ID, in hex format.
5059: .It Session-ID-ctx
5060: The session ID context, in hex format.
5061: .It Master-Key
5062: The SSL session master key.
5063: .It Key-Arg
1.1 jsing 5064: The key argument; this is only used in SSL v2.
1.69 jmc 5065: .It Start Time
5066: The session start time.
1.1 jsing 5067: .Ux
5068: format.
1.69 jmc 5069: .It Timeout
5070: The timeout, in seconds.
5071: .It Verify return code
5072: The return code when a certificate is verified.
1.1 jsing 5073: .El
5074: .Pp
5075: Since the SSL session output contains the master key, it is possible to read
5076: the contents of an encrypted session using this information.
5077: Therefore appropriate security precautions
5078: should be taken if the information is being output by a
5079: .Qq real
5080: application.
5081: This is, however, strongly discouraged and should only be used for
5082: debugging purposes.
1.120 kn 5083: .Tg smime
1.1 jsing 5084: .Sh SMIME
1.114 jmc 5085: .Bl -hang -width "openssl smime"
5086: .It Nm openssl smime
5087: .Bk -words
1.1 jsing 5088: .Oo
5089: .Fl aes128 | aes192 | aes256 | des |
5090: .Fl des3 | rc2-40 | rc2-64 | rc2-128
5091: .Oc
5092: .Op Fl binary
5093: .Op Fl CAfile Ar file
5094: .Op Fl CApath Ar directory
5095: .Op Fl certfile Ar file
5096: .Op Fl check_ss_sig
5097: .Op Fl content Ar file
5098: .Op Fl crl_check
5099: .Op Fl crl_check_all
5100: .Op Fl decrypt
5101: .Op Fl encrypt
5102: .Op Fl extended_crl
5103: .Op Fl from Ar addr
5104: .Op Fl ignore_critical
5105: .Op Fl in Ar file
5106: .Op Fl indef
1.70 jmc 5107: .Op Fl inform Cm der | pem | smime
1.1 jsing 5108: .Op Fl inkey Ar file
5109: .Op Fl issuer_checks
1.112 inoguchi 5110: .Op Fl keyform Cm der | pem
1.1 jsing 5111: .Op Fl md Ar digest
5112: .Op Fl noattr
5113: .Op Fl nocerts
5114: .Op Fl nochain
5115: .Op Fl nodetach
5116: .Op Fl noindef
5117: .Op Fl nointern
5118: .Op Fl nosigs
1.108 inoguchi 5119: .Op Fl nosmimecap
1.1 jsing 5120: .Op Fl noverify
5121: .Op Fl out Ar file
1.70 jmc 5122: .Op Fl outform Cm der | pem | smime
1.1 jsing 5123: .Op Fl passin Ar arg
5124: .Op Fl pk7out
5125: .Op Fl policy_check
5126: .Op Fl recip Ar file
5127: .Op Fl resign
5128: .Op Fl sign
5129: .Op Fl signer Ar file
5130: .Op Fl stream
5131: .Op Fl subject Ar s
5132: .Op Fl text
5133: .Op Fl to Ar addr
5134: .Op Fl verify
5135: .Op Fl x509_strict
5136: .Op Ar cert.pem ...
1.114 jmc 5137: .Ek
5138: .El
1.1 jsing 5139: .Pp
5140: The
5141: .Nm smime
1.70 jmc 5142: command handles S/MIME mail.
5143: It can encrypt, decrypt, sign, and verify S/MIME messages.
5144: .Pp
5145: The MIME message must be sent without any blank lines between the
5146: headers and the output.
5147: Some mail programs will automatically add a blank line.
5148: Piping the mail directly to an MTA is one way to
5149: achieve the correct format.
5150: .Pp
5151: The supplied message to be signed or encrypted must include the necessary
5152: MIME headers or many S/MIME clients won't display it properly (if at all).
5153: Use the
5154: .Fl text
5155: option to automatically add plain text headers.
1.1 jsing 5156: .Pp
1.70 jmc 5157: A
5158: .Qq signed and encrypted
5159: message is one where a signed message is then encrypted.
5160: This can be produced by encrypting an already signed message.
1.1 jsing 5161: .Pp
1.70 jmc 5162: There are a number of operations that can be performed, as follows:
1.1 jsing 5163: .Bl -tag -width "XXXX"
5164: .It Fl decrypt
5165: Decrypt mail using the supplied certificate and private key.
1.70 jmc 5166: The input file is an encrypted mail message in MIME format.
1.1 jsing 5167: The decrypted mail is written to the output file.
5168: .It Fl encrypt
5169: Encrypt mail for the given recipient certificates.
1.70 jmc 5170: The input is the message to be encrypted.
5171: The output file is the encrypted mail, in MIME format.
1.1 jsing 5172: .It Fl pk7out
1.70 jmc 5173: Take an input message and write out a PEM-encoded PKCS#7 structure.
1.1 jsing 5174: .It Fl resign
5175: Resign a message: take an existing message and one or more new signers.
5176: .It Fl sign
5177: Sign mail using the supplied certificate and private key.
1.70 jmc 5178: The input file is the message to be signed.
5179: The signed message, in MIME format, is written to the output file.
1.1 jsing 5180: .It Fl verify
5181: Verify signed mail.
1.70 jmc 5182: The input is a signed mail message and the output is the signed data.
1.1 jsing 5183: Both clear text and opaque signing is supported.
5184: .El
5185: .Pp
1.14 jmc 5186: The remaining options are as follows:
1.1 jsing 5187: .Bl -tag -width "XXXX"
5188: .It Xo
5189: .Fl aes128 | aes192 | aes256 | des |
5190: .Fl des3 | rc2-40 | rc2-64 | rc2-128
5191: .Xc
5192: The encryption algorithm to use.
1.70 jmc 5193: 128-, 192-, or 256-bit AES, DES (56 bits), triple DES (168 bits),
1.1 jsing 5194: or 40-, 64-, or 128-bit RC2, respectively;
5195: if not specified, 40-bit RC2 is
5196: used.
5197: Only used with
5198: .Fl encrypt .
5199: .It Fl binary
5200: Normally, the input message is converted to
5201: .Qq canonical
1.70 jmc 5202: format which uses CR/LF as end of line,
5203: as required by the S/MIME specification.
1.127 jmc 5204: When this option is present, no translation occurs.
1.70 jmc 5205: This is useful when handling binary data which may not be in MIME format.
1.1 jsing 5206: .It Fl CAfile Ar file
5207: A
5208: .Ar file
5209: containing trusted CA certificates; only used with
5210: .Fl verify .
5211: .It Fl CApath Ar directory
5212: A
5213: .Ar directory
5214: containing trusted CA certificates; only used with
5215: .Fl verify .
5216: This directory must be a standard certificate directory:
5217: that is, a hash of each subject name (using
5218: .Nm x509 -hash )
5219: should be linked to each certificate.
5220: .It Ar cert.pem ...
5221: One or more certificates of message recipients: used when encrypting
5222: a message.
5223: .It Fl certfile Ar file
5224: Allows additional certificates to be specified.
5225: When signing, these will be included with the message.
5226: When verifying, these will be searched for the signers' certificates.
5227: The certificates should be in PEM format.
5228: .It Xo
5229: .Fl check_ss_sig ,
5230: .Fl crl_check ,
5231: .Fl crl_check_all ,
5232: .Fl extended_crl ,
5233: .Fl ignore_critical ,
5234: .Fl issuer_checks ,
5235: .Fl policy_check ,
5236: .Fl x509_strict
5237: .Xc
5238: Set various certificate chain validation options.
5239: See the
1.70 jmc 5240: .Nm verify
1.1 jsing 5241: command for details.
5242: .It Fl content Ar file
1.70 jmc 5243: A file containing the detached content.
1.1 jsing 5244: This is only useful with the
5245: .Fl verify
1.70 jmc 5246: option,
5247: and only usable if the PKCS#7 structure is using the detached
1.1 jsing 5248: signature form where the content is not included.
1.70 jmc 5249: This option will override any content if the input format is S/MIME
5250: and it uses the multipart/signed MIME content type.
1.1 jsing 5251: .It Xo
5252: .Fl from Ar addr ,
5253: .Fl subject Ar s ,
5254: .Fl to Ar addr
5255: .Xc
5256: The relevant mail headers.
5257: These are included outside the signed
5258: portion of a message so they may be included manually.
1.70 jmc 5259: When signing, many S/MIME
1.1 jsing 5260: mail clients check that the signer's certificate email
5261: address matches the From: address.
5262: .It Fl in Ar file
1.70 jmc 5263: The input file to read from.
1.1 jsing 5264: .It Fl indef
5265: Enable streaming I/O for encoding operations.
5266: This permits single pass processing of data without
5267: the need to hold the entire contents in memory,
5268: potentially supporting very large files.
5269: Streaming is automatically set for S/MIME signing with detached
5270: data if the output format is SMIME;
5271: it is currently off by default for all other operations.
1.70 jmc 5272: .It Fl inform Cm der | pem | smime
5273: The input format.
1.1 jsing 5274: .It Fl inkey Ar file
1.70 jmc 5275: The private key to use when signing or decrypting,
5276: which must match the corresponding certificate.
1.1 jsing 5277: If this option is not specified, the private key must be included
5278: in the certificate file specified with
5279: the
5280: .Fl recip
5281: or
5282: .Fl signer
5283: file.
5284: When signing,
5285: this option can be used multiple times to specify successive keys.
1.112 inoguchi 5286: .It Fl keyform Cm der | pem
1.1 jsing 5287: Input private key format.
1.112 inoguchi 5288: The default is
5289: .Cm pem .
1.1 jsing 5290: .It Fl md Ar digest
5291: The digest algorithm to use when signing or resigning.
5292: If not present then the default digest algorithm for the signing key is used
5293: (usually SHA1).
5294: .It Fl noattr
1.70 jmc 5295: Do not include attributes.
1.1 jsing 5296: .It Fl nocerts
1.70 jmc 5297: Do not include the signer's certificate.
1.1 jsing 5298: This will reduce the size of the signed message but the verifier must
5299: have a copy of the signer's certificate available locally (passed using the
5300: .Fl certfile
5301: option, for example).
5302: .It Fl nochain
5303: Do not do chain verification of signers' certificates: that is,
5304: don't use the certificates in the signed message as untrusted CAs.
5305: .It Fl nodetach
1.137 naddy 5306: When signing a message, use opaque signing: this form is more resistant
1.1 jsing 5307: to translation by mail relays but it cannot be read by mail agents that
1.70 jmc 5308: do not support S/MIME.
5309: Without this option cleartext signing with the MIME type
5310: multipart/signed is used.
1.1 jsing 5311: .It Fl noindef
1.70 jmc 5312: Disable streaming I/O where it would produce an encoding of indefinite length
5313: (currently has no effect).
1.1 jsing 5314: .It Fl nointern
1.70 jmc 5315: Only use certificates specified in the
5316: .Fl certfile .
5317: The supplied certificates can still be used as untrusted CAs.
1.1 jsing 5318: .It Fl nosigs
1.70 jmc 5319: Do not try to verify the signatures on the message.
1.108 inoguchi 5320: .It Fl nosmimecap
5321: Exclude the list of supported algorithms from signed attributes,
5322: other options such as signing time and content type are still included.
1.1 jsing 5323: .It Fl noverify
5324: Do not verify the signer's certificate of a signed message.
5325: .It Fl out Ar file
1.70 jmc 5326: The output file to write to.
5327: .It Fl outform Cm der | pem | smime
5328: The output format.
5329: The default is smime, which writes an S/MIME format message.
5330: .Cm pem
1.1 jsing 5331: and
1.70 jmc 5332: .Cm der
5333: change this to write PEM and DER format PKCS#7 structures instead.
1.1 jsing 5334: This currently only affects the output format of the PKCS#7
5335: structure; if no PKCS#7 structure is being output (for example with
5336: .Fl verify
5337: or
5338: .Fl decrypt )
5339: this option has no effect.
5340: .It Fl passin Ar arg
5341: The key password source.
5342: .It Fl recip Ar file
5343: The recipients certificate when decrypting a message.
5344: This certificate
5345: must match one of the recipients of the message or an error occurs.
5346: .It Fl signer Ar file
5347: A signing certificate when signing or resigning a message;
5348: this option can be used multiple times if more than one signer is required.
5349: If a message is being verified, the signer's certificates will be
5350: written to this file if the verification was successful.
5351: .It Fl stream
5352: The same as
5353: .Fl indef .
5354: .It Fl text
1.70 jmc 5355: Add plain text (text/plain) MIME
1.1 jsing 5356: headers to the supplied message if encrypting or signing.
5357: If decrypting or verifying, it strips off text headers:
1.70 jmc 5358: if the decrypted or verified message is not of MIME type text/plain
5359: then an error occurs.
1.1 jsing 5360: .El
5361: .Pp
1.70 jmc 5362: The exit codes for
5363: .Nm smime
5364: are as follows:
1.1 jsing 5365: .Pp
1.70 jmc 5366: .Bl -tag -width "XXXX" -offset 3n -compact
5367: .It 0
1.1 jsing 5368: The operation was completely successful.
1.70 jmc 5369: .It 1
1.1 jsing 5370: An error occurred parsing the command options.
1.70 jmc 5371: .It 2
1.1 jsing 5372: One of the input files could not be read.
1.70 jmc 5373: .It 3
5374: An error occurred creating the file or when reading the message.
5375: .It 4
1.1 jsing 5376: An error occurred decrypting or verifying the message.
1.70 jmc 5377: .It 5
5378: An error occurred writing certificates.
1.1 jsing 5379: .El
1.120 kn 5380: .Tg speed
1.1 jsing 5381: .Sh SPEED
1.114 jmc 5382: .Bl -hang -width "openssl speed"
5383: .It Nm openssl speed
5384: .Bk -words
1.71 jmc 5385: .Op Ar algorithm
1.1 jsing 5386: .Op Fl decrypt
5387: .Op Fl elapsed
1.71 jmc 5388: .Op Fl evp Ar algorithm
1.1 jsing 5389: .Op Fl mr
5390: .Op Fl multi Ar number
1.114 jmc 5391: .Ek
5392: .El
1.1 jsing 5393: .Pp
5394: The
5395: .Nm speed
5396: command is used to test the performance of cryptographic algorithms.
5397: .Bl -tag -width "XXXX"
1.71 jmc 5398: .It Ar algorithm
5399: Perform the test using
5400: .Ar algorithm .
5401: The default is to test all algorithms.
1.1 jsing 5402: .It Fl decrypt
1.71 jmc 5403: Time decryption instead of encryption;
5404: must be used with
5405: .Fl evp .
1.1 jsing 5406: .It Fl elapsed
5407: Measure time in real time instead of CPU user time.
1.71 jmc 5408: .It Fl evp Ar algorithm
5409: Perform the test using one of the algorithms accepted by
5410: .Xr EVP_get_cipherbyname 3 .
1.1 jsing 5411: .It Fl mr
5412: Produce machine readable output.
5413: .It Fl multi Ar number
5414: Run
5415: .Ar number
5416: benchmarks in parallel.
5417: .El
1.120 kn 5418: .Tg spkac
1.77 jmc 5419: .Sh SPKAC
1.114 jmc 5420: .Bl -hang -width "openssl spkac"
5421: .It Nm openssl spkac
5422: .Bk -words
1.77 jmc 5423: .Op Fl challenge Ar string
5424: .Op Fl in Ar file
5425: .Op Fl key Ar keyfile
5426: .Op Fl noout
5427: .Op Fl out Ar file
5428: .Op Fl passin Ar arg
5429: .Op Fl pubkey
5430: .Op Fl spkac Ar spkacname
5431: .Op Fl spksect Ar section
5432: .Op Fl verify
1.114 jmc 5433: .Ek
5434: .El
1.77 jmc 5435: .Pp
5436: The
5437: .Nm spkac
5438: command processes signed public key and challenge (SPKAC) files.
5439: It can print out their contents, verify the signature,
5440: and produce its own SPKACs from a supplied private key.
5441: .Pp
5442: The options are as follows:
5443: .Bl -tag -width Ds
5444: .It Fl challenge Ar string
5445: The challenge string, if an SPKAC is being created.
5446: .It Fl in Ar file
5447: The input file to read from,
5448: or standard input if not specified.
5449: Ignored if the
5450: .Fl key
5451: option is used.
5452: .It Fl key Ar keyfile
5453: Create an SPKAC file using the private key in
5454: .Ar keyfile .
5455: The
5456: .Fl in , noout , spksect ,
5457: and
5458: .Fl verify
5459: options are ignored, if present.
5460: .It Fl noout
5461: Do not output the text version of the SPKAC.
5462: .It Fl out Ar file
5463: The output file to write to,
5464: or standard output if not specified.
5465: .It Fl passin Ar arg
5466: The key password source.
5467: .It Fl pubkey
5468: Output the public key of an SPKAC.
5469: .It Fl spkac Ar spkacname
5470: An alternative name for the variable containing the SPKAC.
5471: The default is "SPKAC".
5472: This option affects both generated and input SPKAC files.
5473: .It Fl spksect Ar section
5474: An alternative name for the
5475: .Ar section
5476: containing the SPKAC.
5477: .It Fl verify
5478: Verify the digital signature on the supplied SPKAC.
5479: .El
1.120 kn 5480: .Tg ts
1.1 jsing 5481: .Sh TS
1.114 jmc 5482: .Bk -words
5483: .Bl -hang -width "openssl ts"
5484: .It Nm openssl ts
1.1 jsing 5485: .Fl query
1.29 bcook 5486: .Op Fl md4 | md5 | ripemd160 | sha1
1.1 jsing 5487: .Op Fl cert
5488: .Op Fl config Ar configfile
5489: .Op Fl data Ar file_to_hash
5490: .Op Fl digest Ar digest_bytes
5491: .Op Fl in Ar request.tsq
5492: .Op Fl no_nonce
5493: .Op Fl out Ar request.tsq
5494: .Op Fl policy Ar object_id
5495: .Op Fl text
1.114 jmc 5496: .It Nm openssl ts
1.1 jsing 5497: .Fl reply
5498: .Op Fl chain Ar certs_file.pem
5499: .Op Fl config Ar configfile
5500: .Op Fl in Ar response.tsr
5501: .Op Fl inkey Ar private.pem
5502: .Op Fl out Ar response.tsr
5503: .Op Fl passin Ar arg
5504: .Op Fl policy Ar object_id
5505: .Op Fl queryfile Ar request.tsq
5506: .Op Fl section Ar tsa_section
5507: .Op Fl signer Ar tsa_cert.pem
5508: .Op Fl text
5509: .Op Fl token_in
5510: .Op Fl token_out
1.114 jmc 5511: .It Nm openssl ts
1.1 jsing 5512: .Fl verify
5513: .Op Fl CAfile Ar trusted_certs.pem
5514: .Op Fl CApath Ar trusted_cert_path
5515: .Op Fl data Ar file_to_hash
5516: .Op Fl digest Ar digest_bytes
5517: .Op Fl in Ar response.tsr
5518: .Op Fl queryfile Ar request.tsq
5519: .Op Fl token_in
5520: .Op Fl untrusted Ar cert_file.pem
1.114 jmc 5521: .El
5522: .Ek
1.1 jsing 5523: .Pp
5524: The
5525: .Nm ts
5526: command is a basic Time Stamping Authority (TSA) client and server
5527: application as specified in RFC 3161 (Time-Stamp Protocol, TSP).
5528: A TSA can be part of a PKI deployment and its role is to provide long
1.72 jmc 5529: term proof of the existence of specific data.
1.1 jsing 5530: Here is a brief description of the protocol:
5531: .Bl -enum
5532: .It
5533: The TSA client computes a one-way hash value for a data file and sends
5534: the hash to the TSA.
5535: .It
5536: The TSA attaches the current date and time to the received hash value,
5537: signs them and sends the time stamp token back to the client.
5538: By creating this token the TSA certifies the existence of the original
5539: data file at the time of response generation.
5540: .It
5541: The TSA client receives the time stamp token and verifies the
5542: signature on it.
5543: It also checks if the token contains the same hash
5544: value that it had sent to the TSA.
5545: .El
5546: .Pp
5547: There is one DER-encoded protocol data unit defined for transporting a time
5548: stamp request to the TSA and one for sending the time stamp response
5549: back to the client.
5550: The
5551: .Nm ts
5552: command has three main functions:
5553: creating a time stamp request based on a data file;
5554: creating a time stamp response based on a request;
5555: and verifying if a response corresponds
5556: to a particular request or a data file.
5557: .Pp
5558: There is no support for sending the requests/responses automatically
5559: over HTTP or TCP yet as suggested in RFC 3161.
5560: Users must send the requests either by FTP or email.
5561: .Pp
5562: The
5563: .Fl query
5564: switch can be used for creating and printing a time stamp
5565: request with the following options:
5566: .Bl -tag -width Ds
5567: .It Fl cert
1.72 jmc 5568: Expect the TSA to include its signing certificate in the response.
1.1 jsing 5569: .It Fl config Ar configfile
1.72 jmc 5570: Specify an alternative configuration file.
5571: Only the OID section is used.
1.1 jsing 5572: .It Fl data Ar file_to_hash
5573: The data file for which the time stamp request needs to be created.
1.72 jmc 5574: The default is standard input.
1.1 jsing 5575: .It Fl digest Ar digest_bytes
1.72 jmc 5576: Specify the message imprint explicitly without the data file.
1.1 jsing 5577: The imprint must be specified in a hexadecimal format,
5578: two characters per byte,
1.72 jmc 5579: the bytes optionally separated by colons.
1.1 jsing 5580: The number of bytes must match the message digest algorithm in use.
5581: .It Fl in Ar request.tsq
1.72 jmc 5582: A previously created time stamp request in DER
1.1 jsing 5583: format that will be printed into the output file.
1.72 jmc 5584: Useful for examining the content of a request in human-readable format.
1.76 jmc 5585: .It Fl md4 | md5 | ripemd160 | sha | sha1
1.1 jsing 5586: The message digest to apply to the data file.
5587: It supports all the message digest algorithms that are supported by the
5588: .Nm dgst
5589: command.
1.125 inoguchi 5590: The default is SHA1.
1.1 jsing 5591: .It Fl no_nonce
1.72 jmc 5592: Specify no nonce in the request.
5593: The default, to include a 64-bit long pseudo-random nonce,
5594: is recommended to protect against replay attacks.
1.1 jsing 5595: .It Fl out Ar request.tsq
1.72 jmc 5596: The output file to write to,
5597: or standard output if not specified.
1.1 jsing 5598: .It Fl policy Ar object_id
5599: The policy that the client expects the TSA to use for creating the
5600: time stamp token.
1.72 jmc 5601: Either dotted OID notation or OID names defined
1.1 jsing 5602: in the config file can be used.
1.127 jmc 5603: If no policy is requested, the TSA uses its own default policy.
1.1 jsing 5604: .It Fl text
1.72 jmc 5605: Output in human-readable text format instead of DER.
1.1 jsing 5606: .El
5607: .Pp
5608: A time stamp response (TimeStampResp) consists of a response status
5609: and the time stamp token itself (ContentInfo),
5610: if the token generation was successful.
5611: The
5612: .Fl reply
5613: command is for creating a time stamp
5614: response or time stamp token based on a request and printing the
5615: response/token in human-readable format.
5616: If
5617: .Fl token_out
5618: is not specified the output is always a time stamp response (TimeStampResp),
5619: otherwise it is a time stamp token (ContentInfo).
5620: .Bl -tag -width Ds
5621: .It Fl chain Ar certs_file.pem
1.72 jmc 5622: The collection of PEM certificates
1.1 jsing 5623: that will be included in the response
5624: in addition to the signer certificate if the
5625: .Fl cert
5626: option was used for the request.
5627: This file is supposed to contain the certificate chain
5628: for the signer certificate from its issuer upwards.
5629: The
5630: .Fl reply
5631: command does not build a certificate chain automatically.
5632: .It Fl config Ar configfile
1.72 jmc 5633: Specify an alternative configuration file.
1.1 jsing 5634: .It Fl in Ar response.tsr
1.72 jmc 5635: Specify a previously created time stamp response (or time stamp token, if
1.1 jsing 5636: .Fl token_in
1.72 jmc 5637: is also specified)
1.1 jsing 5638: in DER format that will be written to the output file.
5639: This option does not require a request;
5640: it is useful, for example,
1.72 jmc 5641: to examine the content of a response or token
5642: or to extract the time stamp token from a response.
1.137 naddy 5643: If the input is a token and the output is a time stamp response, a default
1.72 jmc 5644: .Qq granted
1.1 jsing 5645: status info is added to the token.
5646: .It Fl inkey Ar private.pem
5647: The signer private key of the TSA in PEM format.
5648: Overrides the
5649: .Cm signer_key
5650: config file option.
5651: .It Fl out Ar response.tsr
5652: The response is written to this file.
5653: The format and content of the file depends on other options (see
5654: .Fl text
5655: and
5656: .Fl token_out ) .
5657: The default is stdout.
5658: .It Fl passin Ar arg
5659: The key password source.
5660: .It Fl policy Ar object_id
1.72 jmc 5661: The default policy to use for the response.
5662: Either dotted OID notation or OID names defined
5663: in the config file can be used.
1.137 naddy 5664: If no policy is requested, the TSA uses its own default policy.
1.1 jsing 5665: .It Fl queryfile Ar request.tsq
1.72 jmc 5666: The file containing a DER-encoded time stamp request.
1.1 jsing 5667: .It Fl section Ar tsa_section
1.72 jmc 5668: The config file section containing the settings for response generation.
1.1 jsing 5669: .It Fl signer Ar tsa_cert.pem
1.72 jmc 5670: The PEM signer certificate of the TSA.
1.1 jsing 5671: The TSA signing certificate must have exactly one extended key usage
5672: assigned to it: timeStamping.
5673: The extended key usage must also be critical,
5674: otherwise the certificate is going to be refused.
5675: Overrides the
5676: .Cm signer_cert
5677: variable of the config file.
5678: .It Fl text
1.72 jmc 5679: Output in human-readable text format instead of DER.
1.1 jsing 5680: .It Fl token_in
1.72 jmc 5681: The input is a DER-encoded time stamp token (ContentInfo)
5682: instead of a time stamp response (TimeStampResp).
1.1 jsing 5683: .It Fl token_out
1.72 jmc 5684: The output is a time stamp token (ContentInfo)
5685: instead of a time stamp response (TimeStampResp).
1.1 jsing 5686: .El
5687: .Pp
5688: The
5689: .Fl verify
5690: command is for verifying if a time stamp response or time stamp token
5691: is valid and matches a particular time stamp request or data file.
5692: The
5693: .Fl verify
5694: command does not use the configuration file.
5695: .Bl -tag -width Ds
5696: .It Fl CAfile Ar trusted_certs.pem
1.72 jmc 5697: The file containing a set of trusted self-signed PEM CA certificates.
5698: See
1.1 jsing 5699: .Nm verify
5700: for additional details.
5701: Either this option or
5702: .Fl CApath
5703: must be specified.
5704: .It Fl CApath Ar trusted_cert_path
1.112 inoguchi 5705: The directory containing the trusted CA certificates of the client.
1.72 jmc 5706: See
1.1 jsing 5707: .Nm verify
5708: for additional details.
5709: Either this option or
5710: .Fl CAfile
5711: must be specified.
5712: .It Fl data Ar file_to_hash
5713: The response or token must be verified against
5714: .Ar file_to_hash .
5715: The file is hashed with the message digest algorithm specified in the token.
5716: The
5717: .Fl digest
5718: and
5719: .Fl queryfile
5720: options must not be specified with this one.
5721: .It Fl digest Ar digest_bytes
5722: The response or token must be verified against the message digest specified
5723: with this option.
5724: The number of bytes must match the message digest algorithm
5725: specified in the token.
5726: The
5727: .Fl data
5728: and
5729: .Fl queryfile
5730: options must not be specified with this one.
5731: .It Fl in Ar response.tsr
5732: The time stamp response that needs to be verified, in DER format.
5733: This option in mandatory.
5734: .It Fl queryfile Ar request.tsq
5735: The original time stamp request, in DER format.
5736: The
5737: .Fl data
5738: and
5739: .Fl digest
5740: options must not be specified with this one.
5741: .It Fl token_in
1.72 jmc 5742: The input is a DER-encoded time stamp token (ContentInfo)
5743: instead of a time stamp response (TimeStampResp).
1.1 jsing 5744: .It Fl untrusted Ar cert_file.pem
1.72 jmc 5745: Additional untrusted PEM certificates which may be needed
5746: when building the certificate chain for the TSA's signing certificate.
1.1 jsing 5747: This file must contain the TSA signing certificate and
5748: all intermediate CA certificates unless the response includes them.
5749: .El
5750: .Pp
1.72 jmc 5751: Options specified on the command line always override
5752: the settings in the config file:
1.1 jsing 5753: .Bl -tag -width Ds
5754: .It Cm tsa Ar section , Cm default_tsa
5755: This is the main section and it specifies the name of another section
5756: that contains all the options for the
5757: .Fl reply
5758: option.
1.72 jmc 5759: This section can be overridden with the
1.1 jsing 5760: .Fl section
5761: command line switch.
5762: .It Cm oid_file
5763: See
5764: .Nm ca
5765: for a description.
5766: .It Cm oid_section
5767: See
5768: .Nm ca
5769: for a description.
5770: .It Cm serial
1.72 jmc 5771: The file containing the hexadecimal serial number of the
1.1 jsing 5772: last time stamp response created.
5773: This number is incremented by 1 for each response.
1.137 naddy 5774: If the file does not exist at the time of response generation,
1.72 jmc 5775: a new file is created with serial number 1.
1.1 jsing 5776: This parameter is mandatory.
5777: .It Cm signer_cert
5778: TSA signing certificate, in PEM format.
5779: The same as the
5780: .Fl signer
5781: command line option.
5782: .It Cm certs
1.72 jmc 5783: A set of PEM-encoded certificates that need to be
1.1 jsing 5784: included in the response.
5785: The same as the
5786: .Fl chain
5787: command line option.
5788: .It Cm signer_key
5789: The private key of the TSA, in PEM format.
5790: The same as the
5791: .Fl inkey
5792: command line option.
5793: .It Cm default_policy
5794: The default policy to use when the request does not mandate any policy.
5795: The same as the
5796: .Fl policy
5797: command line option.
5798: .It Cm other_policies
5799: Comma separated list of policies that are also acceptable by the TSA
5800: and used only if the request explicitly specifies one of them.
5801: .It Cm digests
5802: The list of message digest algorithms that the TSA accepts.
5803: At least one algorithm must be specified.
5804: This parameter is mandatory.
5805: .It Cm accuracy
5806: The accuracy of the time source of the TSA in seconds, milliseconds
5807: and microseconds.
5808: For example, secs:1, millisecs:500, microsecs:100.
5809: If any of the components is missing,
5810: zero is assumed for that field.
5811: .It Cm clock_precision_digits
1.72 jmc 5812: The maximum number of digits, which represent the fraction of seconds,
5813: that need to be included in the time field.
1.1 jsing 5814: The trailing zeroes must be removed from the time,
1.72 jmc 5815: so there might actually be fewer digits
1.1 jsing 5816: or no fraction of seconds at all.
5817: The maximum value is 6;
5818: the default is 0.
5819: .It Cm ordering
5820: If this option is yes,
5821: the responses generated by this TSA can always be ordered,
5822: even if the time difference between two responses is less
5823: than the sum of their accuracies.
5824: The default is no.
5825: .It Cm tsa_name
5826: Set this option to yes if the subject name of the TSA must be included in
5827: the TSA name field of the response.
5828: The default is no.
5829: .It Cm ess_cert_id_chain
5830: The SignedData objects created by the TSA always contain the
5831: certificate identifier of the signing certificate in a signed
5832: attribute (see RFC 2634, Enhanced Security Services).
5833: If this option is set to yes and either the
5834: .Cm certs
5835: variable or the
5836: .Fl chain
5837: option is specified then the certificate identifiers of the chain will also
5838: be included in the SigningCertificate signed attribute.
5839: If this variable is set to no,
5840: only the signing certificate identifier is included.
5841: The default is no.
5842: .El
1.120 kn 5843: .Tg verify
1.1 jsing 5844: .Sh VERIFY
1.114 jmc 5845: .Bl -hang -width "openssl verify"
5846: .It Nm openssl verify
5847: .Bk -words
1.1 jsing 5848: .Op Fl CAfile Ar file
5849: .Op Fl CApath Ar directory
5850: .Op Fl check_ss_sig
1.107 inoguchi 5851: .Op Fl CRLfile Ar file
1.1 jsing 5852: .Op Fl crl_check
5853: .Op Fl crl_check_all
5854: .Op Fl explicit_policy
5855: .Op Fl extended_crl
5856: .Op Fl help
5857: .Op Fl ignore_critical
5858: .Op Fl inhibit_any
5859: .Op Fl inhibit_map
5860: .Op Fl issuer_checks
1.126 tb 5861: .Op Fl legacy_verify
1.1 jsing 5862: .Op Fl policy_check
5863: .Op Fl purpose Ar purpose
1.107 inoguchi 5864: .Op Fl trusted Ar file
1.1 jsing 5865: .Op Fl untrusted Ar file
5866: .Op Fl verbose
5867: .Op Fl x509_strict
5868: .Op Ar certificates
1.114 jmc 5869: .Ek
5870: .El
1.1 jsing 5871: .Pp
5872: The
5873: .Nm verify
5874: command verifies certificate chains.
5875: .Pp
5876: The options are as follows:
5877: .Bl -tag -width Ds
5878: .It Fl CAfile Ar file
5879: A
5880: .Ar file
5881: of trusted certificates.
5882: The
5883: .Ar file
5884: should contain multiple certificates in PEM format, concatenated together.
5885: .It Fl CApath Ar directory
5886: A
5887: .Ar directory
5888: of trusted certificates.
1.76 jmc 5889: The certificates, or symbolic links to them,
5890: should have names of the form
5891: .Ar hash Ns .0 ,
5892: where
5893: .Ar hash
5894: is the hashed certificate subject name
5895: (see the
1.1 jsing 5896: .Fl hash
5897: option of the
5898: .Nm x509
5899: utility).
1.107 inoguchi 5900: .It Fl check_ss_sig
5901: Verify the signature on the self-signed root CA.
5902: This is disabled by default
5903: because it doesn't add any security.
5904: .It Fl CRLfile Ar file
5905: The
5906: .Ar file
5907: should contain one or more CRLs in PEM format.
1.1 jsing 5908: .It Fl crl_check
1.76 jmc 5909: Check end entity certificate validity by attempting to look up a valid CRL.
1.127 jmc 5910: If a valid CRL cannot be found, an error occurs.
1.1 jsing 5911: .It Fl crl_check_all
1.76 jmc 5912: Check the validity of all certificates in the chain by attempting
1.1 jsing 5913: to look up valid CRLs.
5914: .It Fl explicit_policy
1.76 jmc 5915: Set policy variable require-explicit-policy (RFC 3280).
1.1 jsing 5916: .It Fl extended_crl
5917: Enable extended CRL features such as indirect CRLs and alternate CRL
5918: signing keys.
5919: .It Fl help
1.76 jmc 5920: Print a usage message.
1.1 jsing 5921: .It Fl ignore_critical
1.76 jmc 5922: Ignore critical extensions instead of rejecting the certificate.
1.1 jsing 5923: .It Fl inhibit_any
1.76 jmc 5924: Set policy variable inhibit-any-policy (RFC 3280).
1.1 jsing 5925: .It Fl inhibit_map
1.76 jmc 5926: Set policy variable inhibit-policy-mapping (RFC 3280).
1.1 jsing 5927: .It Fl issuer_checks
1.76 jmc 5928: Print diagnostics relating to searches for the issuer certificate
5929: of the current certificate
5930: showing why each candidate issuer certificate was rejected.
5931: The presence of rejection messages
5932: does not itself imply that anything is wrong:
5933: during the normal verify process several rejections may take place.
1.126 tb 5934: .It Fl legacy_verify
5935: Use the legacy X.509 certificate chain verification code.
1.1 jsing 5936: .It Fl policy_check
1.76 jmc 5937: Enable certificate policy processing.
1.1 jsing 5938: .It Fl purpose Ar purpose
5939: The intended use for the certificate.
5940: Without this option no chain verification will be done.
5941: Currently accepted uses are
1.76 jmc 5942: .Cm sslclient , sslserver ,
5943: .Cm nssslserver , smimesign ,
5944: .Cm smimeencrypt , crlsign ,
5945: .Cm any ,
1.1 jsing 5946: and
1.76 jmc 5947: .Cm ocsphelper .
1.107 inoguchi 5948: .It Fl trusted Ar file
5949: A
5950: .Ar file
5951: of trusted certificates.
5952: The
5953: .Ar file
5954: should contain multiple certificates.
1.1 jsing 5955: .It Fl untrusted Ar file
5956: A
5957: .Ar file
5958: of untrusted certificates.
5959: The
5960: .Ar file
5961: should contain multiple certificates.
5962: .It Fl verbose
5963: Print extra information about the operations being performed.
5964: .It Fl x509_strict
5965: Disable workarounds for broken certificates which have to be disabled
5966: for strict X.509 compliance.
5967: .It Ar certificates
1.76 jmc 5968: One or more PEM
1.1 jsing 5969: .Ar certificates
5970: to verify.
5971: If no certificate files are included, an attempt is made to read
5972: a certificate from standard input.
1.76 jmc 5973: If the first certificate filename begins with a dash,
5974: use a lone dash to mark the last option.
1.1 jsing 5975: .El
1.76 jmc 5976: .Pp
1.1 jsing 5977: The
5978: .Nm verify
5979: program uses the same functions as the internal SSL and S/MIME verification,
1.76 jmc 5980: with one crucial difference:
5981: wherever possible an attempt is made to continue after an error,
5982: whereas normally the verify operation would halt on the first error.
1.1 jsing 5983: This allows all the problems with a certificate chain to be determined.
5984: .Pp
1.76 jmc 5985: The verify operation consists of a number of separate steps.
1.1 jsing 5986: Firstly a certificate chain is built up starting from the supplied certificate
5987: and ending in the root CA.
5988: It is an error if the whole chain cannot be built up.
5989: The chain is built up by looking up the issuer's certificate of the current
5990: certificate.
5991: If a certificate is found which is its own issuer, it is assumed
5992: to be the root CA.
5993: .Pp
1.76 jmc 5994: All certificates whose subject name matches the issuer name
1.1 jsing 5995: of the current certificate are subject to further tests.
5996: The relevant authority key identifier components of the current certificate
1.76 jmc 5997: (if present) must match the subject key identifier (if present)
5998: and issuer and serial number of the candidate issuer;
5999: in addition the
6000: .Cm keyUsage
6001: extension of the candidate issuer (if present) must permit certificate signing.
1.1 jsing 6002: .Pp
6003: The lookup first looks in the list of untrusted certificates and if no match
6004: is found the remaining lookups are from the trusted certificates.
1.76 jmc 6005: The root CA is always looked up in the trusted certificate list:
6006: if the certificate to verify is a root certificate,
6007: then an exact match must be found in the trusted list.
1.1 jsing 6008: .Pp
6009: The second operation is to check every untrusted certificate's extensions for
6010: consistency with the supplied purpose.
6011: If the
6012: .Fl purpose
6013: option is not included, then no checks are done.
6014: The supplied or
6015: .Qq leaf
6016: certificate must have extensions compatible with the supplied purpose
6017: and all other certificates must also be valid CA certificates.
6018: The precise extensions required are described in more detail in
6019: the
1.76 jmc 6020: .Nm X509
1.1 jsing 6021: section below.
6022: .Pp
6023: The third operation is to check the trust settings on the root CA.
6024: The root CA should be trusted for the supplied purpose.
1.76 jmc 6025: A certificate with no trust settings is considered to be valid for
1.1 jsing 6026: all purposes.
6027: .Pp
6028: The final operation is to check the validity of the certificate chain.
6029: The validity period is checked against the current system time and the
1.76 jmc 6030: .Cm notBefore
1.1 jsing 6031: and
1.76 jmc 6032: .Cm notAfter
1.1 jsing 6033: dates in the certificate.
6034: The certificate signatures are also checked at this point.
6035: .Pp
6036: If all operations complete successfully, the certificate is considered
6037: valid.
6038: If any operation fails then the certificate is not valid.
6039: When a verify operation fails, the output messages can be somewhat cryptic.
6040: The general form of the error message is:
1.76 jmc 6041: .Bd -literal
6042: server.pem: /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test CA (1024-bit)
6043: error 24 at 1 depth lookup:invalid CA certificate
1.1 jsing 6044: .Ed
6045: .Pp
6046: The first line contains the name of the certificate being verified, followed by
6047: the subject name of the certificate.
6048: The second line contains the error number and the depth.
6049: The depth is the number of the certificate being verified when a
6050: problem was detected starting with zero for the certificate being verified
6051: itself, then 1 for the CA that signed the certificate and so on.
6052: Finally a text version of the error number is presented.
6053: .Pp
6054: An exhaustive list of the error codes and messages is shown below; this also
6055: includes the name of the error code as defined in the header file
1.12 bentley 6056: .In openssl/x509_vfy.h .
1.76 jmc 6057: Some of the error codes are defined but never returned: these are described as
1.1 jsing 6058: .Qq unused .
6059: .Bl -tag -width "XXXX"
1.78 jmc 6060: .It 0 X509_V_OK
1.1 jsing 6061: The operation was successful.
1.78 jmc 6062: .It 2 X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT
6063: The issuer certificate of an untrusted certificate could not be found.
6064: .It 3 X509_V_ERR_UNABLE_TO_GET_CRL
1.1 jsing 6065: The CRL of a certificate could not be found.
1.78 jmc 6066: .It 4 X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE
1.1 jsing 6067: The certificate signature could not be decrypted.
1.78 jmc 6068: This means that the actual signature value could not be determined
6069: rather than it not matching the expected value.
1.1 jsing 6070: This is only meaningful for RSA keys.
1.78 jmc 6071: .It 5 X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE
6072: The CRL signature could not be decrypted.
6073: This means that the actual signature value could not be determined
6074: rather than it not matching the expected value.
1.1 jsing 6075: Unused.
1.78 jmc 6076: .It 6 X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY
1.1 jsing 6077: The public key in the certificate
1.76 jmc 6078: .Cm SubjectPublicKeyInfo
1.1 jsing 6079: could not be read.
1.78 jmc 6080: .It 7 X509_V_ERR_CERT_SIGNATURE_FAILURE
1.1 jsing 6081: The signature of the certificate is invalid.
1.78 jmc 6082: .It 8 X509_V_ERR_CRL_SIGNATURE_FAILURE
1.1 jsing 6083: The signature of the certificate is invalid.
1.78 jmc 6084: .It 9 X509_V_ERR_CERT_NOT_YET_VALID
1.1 jsing 6085: The certificate is not yet valid: the
1.76 jmc 6086: .Cm notBefore
1.1 jsing 6087: date is after the current time.
1.78 jmc 6088: .It 10 X509_V_ERR_CERT_HAS_EXPIRED
1.1 jsing 6089: The certificate has expired; that is, the
1.76 jmc 6090: .Cm notAfter
1.1 jsing 6091: date is before the current time.
1.78 jmc 6092: .It 11 X509_V_ERR_CRL_NOT_YET_VALID
1.1 jsing 6093: The CRL is not yet valid.
1.78 jmc 6094: .It 12 X509_V_ERR_CRL_HAS_EXPIRED
1.1 jsing 6095: The CRL has expired.
1.78 jmc 6096: .It 13 X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD
1.1 jsing 6097: The certificate
1.76 jmc 6098: .Cm notBefore
1.1 jsing 6099: field contains an invalid time.
1.78 jmc 6100: .It 14 X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD
1.1 jsing 6101: The certificate
1.76 jmc 6102: .Cm notAfter
1.1 jsing 6103: field contains an invalid time.
1.78 jmc 6104: .It 15 X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD
1.1 jsing 6105: The CRL
1.76 jmc 6106: .Cm lastUpdate
1.1 jsing 6107: field contains an invalid time.
1.78 jmc 6108: .It 16 X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD
1.1 jsing 6109: The CRL
1.76 jmc 6110: .Cm nextUpdate
1.1 jsing 6111: field contains an invalid time.
1.78 jmc 6112: .It 17 X509_V_ERR_OUT_OF_MEM
1.1 jsing 6113: An error occurred trying to allocate memory.
6114: This should never happen.
1.78 jmc 6115: .It 18 X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT
1.1 jsing 6116: The passed certificate is self-signed and the same certificate cannot be
6117: found in the list of trusted certificates.
1.78 jmc 6118: .It 19 X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN
1.1 jsing 6119: The certificate chain could be built up using the untrusted certificates but
6120: the root could not be found locally.
1.78 jmc 6121: .It 20 X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY
1.1 jsing 6122: The issuer certificate of a locally looked up certificate could not be found.
6123: This normally means the list of trusted certificates is not complete.
1.78 jmc 6124: .It 21 X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE
1.1 jsing 6125: No signatures could be verified because the chain contains only one
6126: certificate and it is not self-signed.
1.78 jmc 6127: .It 22 X509_V_ERR_CERT_CHAIN_TOO_LONG
1.1 jsing 6128: The certificate chain length is greater than the supplied maximum depth.
6129: Unused.
1.78 jmc 6130: .It 23 X509_V_ERR_CERT_REVOKED
1.1 jsing 6131: The certificate has been revoked.
1.78 jmc 6132: .It 24 X509_V_ERR_INVALID_CA
1.1 jsing 6133: A CA certificate is invalid.
6134: Either it is not a CA or its extensions are not consistent
6135: with the supplied purpose.
1.78 jmc 6136: .It 25 X509_V_ERR_PATH_LENGTH_EXCEEDED
1.1 jsing 6137: The
1.76 jmc 6138: .Cm basicConstraints
1.1 jsing 6139: pathlength parameter has been exceeded.
1.78 jmc 6140: .It 26 X509_V_ERR_INVALID_PURPOSE
1.1 jsing 6141: The supplied certificate cannot be used for the specified purpose.
1.78 jmc 6142: .It 27 X509_V_ERR_CERT_UNTRUSTED
1.1 jsing 6143: The root CA is not marked as trusted for the specified purpose.
1.78 jmc 6144: .It 28 X509_V_ERR_CERT_REJECTED
1.1 jsing 6145: The root CA is marked to reject the specified purpose.
1.78 jmc 6146: .It 29 X509_V_ERR_SUBJECT_ISSUER_MISMATCH
1.1 jsing 6147: The current candidate issuer certificate was rejected because its subject name
6148: did not match the issuer name of the current certificate.
6149: Only displayed when the
6150: .Fl issuer_checks
6151: option is set.
1.78 jmc 6152: .It 30 X509_V_ERR_AKID_SKID_MISMATCH
1.1 jsing 6153: The current candidate issuer certificate was rejected because its subject key
6154: identifier was present and did not match the authority key identifier current
6155: certificate.
6156: Only displayed when the
6157: .Fl issuer_checks
6158: option is set.
1.78 jmc 6159: .It 31 X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH
1.1 jsing 6160: The current candidate issuer certificate was rejected because its issuer name
6161: and serial number were present and did not match the authority key identifier
6162: of the current certificate.
6163: Only displayed when the
6164: .Fl issuer_checks
6165: option is set.
1.78 jmc 6166: .It 32 X509_V_ERR_KEYUSAGE_NO_CERTSIGN
1.1 jsing 6167: The current candidate issuer certificate was rejected because its
1.76 jmc 6168: .Cm keyUsage
1.1 jsing 6169: extension does not permit certificate signing.
1.78 jmc 6170: .It 50 X509_V_ERR_APPLICATION_VERIFICATION
1.1 jsing 6171: An application specific error.
6172: Unused.
6173: .El
1.120 kn 6174: .Tg version
1.1 jsing 6175: .Sh VERSION
6176: .Nm openssl version
6177: .Op Fl abdfopv
6178: .Pp
6179: The
6180: .Nm version
6181: command is used to print out version information about
1.79 jmc 6182: .Nm openssl .
1.1 jsing 6183: .Pp
6184: The options are as follows:
6185: .Bl -tag -width Ds
6186: .It Fl a
6187: All information: this is the same as setting all the other flags.
6188: .It Fl b
6189: The date the current version of
1.79 jmc 6190: .Nm openssl
1.1 jsing 6191: was built.
6192: .It Fl d
6193: .Ev OPENSSLDIR
6194: setting.
6195: .It Fl f
6196: Compilation flags.
6197: .It Fl o
6198: Option information: various options set when the library was built.
6199: .It Fl p
6200: Platform setting.
6201: .It Fl v
6202: The current
1.79 jmc 6203: .Nm openssl
1.1 jsing 6204: version.
6205: .El
1.120 kn 6206: .Tg x509
1.1 jsing 6207: .Sh X509
1.114 jmc 6208: .Bl -hang -width "openssl x509"
6209: .It Nm openssl x509
6210: .Bk -words
1.1 jsing 6211: .Op Fl C
6212: .Op Fl addreject Ar arg
6213: .Op Fl addtrust Ar arg
6214: .Op Fl alias
6215: .Op Fl CA Ar file
6216: .Op Fl CAcreateserial
1.80 jmc 6217: .Op Fl CAform Cm der | pem
1.1 jsing 6218: .Op Fl CAkey Ar file
1.80 jmc 6219: .Op Fl CAkeyform Cm der | pem
1.1 jsing 6220: .Op Fl CAserial Ar file
6221: .Op Fl certopt Ar option
6222: .Op Fl checkend Ar arg
6223: .Op Fl clrext
6224: .Op Fl clrreject
6225: .Op Fl clrtrust
6226: .Op Fl dates
6227: .Op Fl days Ar arg
6228: .Op Fl email
6229: .Op Fl enddate
6230: .Op Fl extensions Ar section
6231: .Op Fl extfile Ar file
6232: .Op Fl fingerprint
6233: .Op Fl hash
6234: .Op Fl in Ar file
1.80 jmc 6235: .Op Fl inform Cm der | net | pem
1.1 jsing 6236: .Op Fl issuer
6237: .Op Fl issuer_hash
6238: .Op Fl issuer_hash_old
1.80 jmc 6239: .Op Fl keyform Cm der | pem
1.29 bcook 6240: .Op Fl md5 | sha1
1.1 jsing 6241: .Op Fl modulus
6242: .Op Fl nameopt Ar option
1.107 inoguchi 6243: .Op Fl next_serial
1.1 jsing 6244: .Op Fl noout
6245: .Op Fl ocsp_uri
6246: .Op Fl ocspid
6247: .Op Fl out Ar file
1.80 jmc 6248: .Op Fl outform Cm der | net | pem
1.1 jsing 6249: .Op Fl passin Ar arg
6250: .Op Fl pubkey
6251: .Op Fl purpose
6252: .Op Fl req
6253: .Op Fl serial
6254: .Op Fl set_serial Ar n
6255: .Op Fl setalias Ar arg
6256: .Op Fl signkey Ar file
1.107 inoguchi 6257: .Op Fl sigopt Ar nm:v
1.1 jsing 6258: .Op Fl startdate
6259: .Op Fl subject
6260: .Op Fl subject_hash
6261: .Op Fl subject_hash_old
6262: .Op Fl text
6263: .Op Fl trustout
6264: .Op Fl x509toreq
1.114 jmc 6265: .Ek
6266: .El
1.1 jsing 6267: .Pp
6268: The
6269: .Nm x509
6270: command is a multi-purpose certificate utility.
6271: It can be used to display certificate information, convert certificates to
6272: various forms, sign certificate requests like a
6273: .Qq mini CA ,
6274: or edit certificate trust settings.
6275: .Pp
1.80 jmc 6276: The following are x509 input, output, and general purpose options:
1.1 jsing 6277: .Bl -tag -width "XXXX"
6278: .It Fl in Ar file
1.80 jmc 6279: The input file to read from,
6280: or standard input if not specified.
6281: .It Fl inform Cm der | net | pem
6282: The input format.
1.1 jsing 6283: Normally, the command will expect an X.509 certificate,
6284: but this can change if other options such as
6285: .Fl req
6286: are present.
1.29 bcook 6287: .It Fl md5 | sha1
1.1 jsing 6288: The digest to use.
6289: This affects any signing or display option that uses a message digest,
6290: such as the
6291: .Fl fingerprint , signkey ,
6292: and
6293: .Fl CA
6294: options.
6295: If not specified, MD5 is used.
1.80 jmc 6296: SHA1 is always used with DSA keys.
1.1 jsing 6297: .It Fl out Ar file
1.80 jmc 6298: The output file to write to,
6299: or standard output if none is specified.
6300: .It Fl outform Cm der | net | pem
6301: The output format.
1.1 jsing 6302: .It Fl passin Ar arg
6303: The key password source.
6304: .El
1.80 jmc 6305: .Pp
6306: The following are x509 display options:
1.1 jsing 6307: .Bl -tag -width "XXXX"
6308: .It Fl C
1.80 jmc 6309: Output the certificate in the form of a C source file.
1.1 jsing 6310: .It Fl certopt Ar option
6311: Customise the output format used with
1.80 jmc 6312: .Fl text ,
6313: either using a list of comma-separated options or by specifying
1.1 jsing 6314: .Fl certopt
1.80 jmc 6315: multiple times.
6316: The default behaviour is to print all fields.
6317: The options are as follows:
6318: .Pp
6319: .Bl -tag -width "no_extensions" -offset indent -compact
6320: .It Cm ca_default
6321: Equivalent to
6322: .Cm no_issuer , no_pubkey , no_header ,
6323: .Cm no_version , no_sigdump ,
6324: and
6325: .Cm no_signame .
6326: .It Cm compatible
6327: Equivalent to no output options at all.
6328: .It Cm ext_default
6329: Print unsupported certificate extensions.
6330: .It Cm ext_dump
6331: Hex dump unsupported extensions.
6332: .It Cm ext_error
6333: Print an error message for unsupported certificate extensions.
6334: .It Cm ext_parse
1.84 jmc 6335: ASN.1 parse unsupported extensions.
1.80 jmc 6336: .It Cm no_aux
6337: Do not print certificate trust information.
6338: .It Cm no_extensions
6339: Do not print X509V3 extensions.
6340: .It Cm no_header
6341: Do not print header (Certificate and Data) information.
6342: .It Cm no_issuer
6343: Do not print the issuer name.
6344: .It Cm no_pubkey
6345: Do not print the public key.
6346: .It Cm no_serial
6347: Do not print the serial number.
6348: .It Cm no_sigdump
6349: Do not give a hexadecimal dump of the certificate signature.
6350: .It Cm no_signame
6351: Do not print the signature algorithm used.
6352: .It Cm no_subject
6353: Do not print the subject name.
6354: .It Cm no_validity
6355: Do not print the
6356: .Cm notBefore
6357: and
6358: .Cm notAfter
6359: (validity) fields.
6360: .It Cm no_version
6361: Do not print the version number.
6362: .El
1.1 jsing 6363: .It Fl dates
1.80 jmc 6364: Print the start and expiry date of a certificate.
1.1 jsing 6365: .It Fl email
1.80 jmc 6366: Output the email addresses, if any.
1.1 jsing 6367: .It Fl enddate
1.80 jmc 6368: Print the expiry date of the certificate; that is, the
6369: .Cm notAfter
1.1 jsing 6370: date.
6371: .It Fl fingerprint
1.80 jmc 6372: Print the digest of the DER-encoded version of the whole certificate.
1.1 jsing 6373: .It Fl hash
6374: A synonym for
1.80 jmc 6375: .Fl subject_hash .
1.1 jsing 6376: .It Fl issuer
1.80 jmc 6377: Print the issuer name.
1.1 jsing 6378: .It Fl issuer_hash
1.80 jmc 6379: Print the hash of the certificate issuer name.
1.1 jsing 6380: .It Fl issuer_hash_old
1.80 jmc 6381: Print the hash of the certificate issuer name
6382: using the older algorithm as used by
6383: .Nm openssl
1.1 jsing 6384: versions before 1.0.0.
6385: .It Fl modulus
1.80 jmc 6386: Print the value of the modulus of the public key contained in the certificate.
1.1 jsing 6387: .It Fl nameopt Ar option
1.80 jmc 6388: Customise how the subject or issuer names are displayed,
6389: either using a list of comma-separated options or by specifying
1.1 jsing 6390: .Fl nameopt
1.80 jmc 6391: multiple times.
6392: The default behaviour is to use the
6393: .Cm oneline
6394: format.
6395: The options,
6396: which can be preceded by a dash to turn them off,
6397: are as follows:
6398: .Bl -tag -width "XXXX"
6399: .It Cm align
6400: Align field values for a more readable output.
6401: Only usable with
6402: .Ar sep_multiline .
6403: .It Cm compat
6404: Use the old format,
6405: equivalent to specifying no options at all.
6406: .It Cm dn_rev
6407: Reverse the fields of the DN, as required by RFC 2253.
6408: As a side effect, this also reverses the order of multiple AVAs.
6409: .It Cm dump_all
6410: Dump all fields.
6411: When used with
6412: .Ar dump_der ,
6413: it allows the DER encoding of the structure to be unambiguously determined.
6414: .It Cm dump_der
6415: Any fields that need to be hexdumped are
6416: dumped using the DER encoding of the field.
6417: Otherwise just the content octets will be displayed.
6418: Both options use the RFC 2253 #XXXX... format.
6419: .It Cm dump_nostr
6420: Dump non-character string types
6421: (for example OCTET STRING);
6422: usually, non-character string types are displayed
6423: as though each content octet represents a single character.
6424: .It Cm dump_unknown
6425: Dump any field whose OID is not recognised by
6426: .Nm openssl .
6427: .It Cm esc_2253
6428: Escape the
6429: .Qq special
6430: characters required by RFC 2253 in a field that is
6431: .Dq \& ,+"<>; .
6432: Additionally,
6433: .Sq #
6434: is escaped at the beginning of a string
6435: and a space character at the beginning or end of a string.
6436: .It Cm esc_ctrl
6437: Escape control characters.
6438: That is, those with ASCII values less than 0x20 (space)
6439: and the delete (0x7f) character.
6440: They are escaped using the RFC 2253 \eXX notation (where XX are two hex
6441: digits representing the character value).
6442: .It Cm esc_msb
6443: Escape characters with the MSB set; that is, with ASCII values larger than
6444: 127.
6445: .It Cm multiline
6446: A multiline format.
6447: Equivalent to
6448: .Cm esc_ctrl , esc_msb , sep_multiline ,
6449: .Cm space_eq , lname ,
6450: and
6451: .Cm align .
6452: .It Cm no_type
6453: Do not attempt to interpret multibyte characters.
6454: That is, content octets are merely dumped as though one octet
6455: represents each character.
6456: This is useful for diagnostic purposes
6457: but results in rather odd looking output.
6458: .It Cm nofname , sname , lname , oid
6459: Alter how the field name is displayed:
6460: .Cm nofname
6461: does not display the field at all;
6462: .Cm sname
6463: uses the short name form (CN for
6464: .Cm commonName ,
6465: for example);
6466: .Cm lname
6467: uses the long form.
6468: .Cm oid
6469: represents the OID in numerical form and is useful for diagnostic purpose.
6470: .It Cm oneline
6471: A one line format which is more readable than
6472: .Cm RFC2253 .
6473: Equivalent to
6474: .Cm esc_2253 , esc_ctrl , esc_msb , utf8 ,
6475: .Cm dump_nostr , dump_der , use_quote , sep_comma_plus_spc ,
6476: .Cm space_eq ,
6477: and
6478: .Cm sname .
6479: .It Cm RFC2253
6480: Displays names compatible with RFC 2253.
6481: Equivalent to
6482: .Cm esc_2253 , esc_ctrl ,
6483: .Cm esc_msb , utf8 , dump_nostr , dump_unknown ,
6484: .Cm dump_der , sep_comma_plus , dn_rev ,
6485: and
6486: .Cm sname .
6487: .It Cm sep_comma_plus , sep_comma_plus_space , sep_semi_plus_space , sep_multiline
6488: Determine the field separators:
6489: the first character is between RDNs and the second between multiple AVAs
6490: (multiple AVAs are very rare and their use is discouraged).
6491: The options ending in
6492: .Qq space
6493: additionally place a space after the separator to make it more readable.
6494: .Cm sep_multiline
6495: uses a linefeed character for the RDN separator and a spaced
6496: .Sq +
6497: for the AVA separator,
6498: as well as indenting the fields by four characters.
1.142 tb 6499: If no field separator is specified then
6500: .Cm sep_comma_plus_space
6501: is used by default.
1.80 jmc 6502: .It Cm show_type
1.84 jmc 6503: Show the type of the ASN.1 character string.
1.80 jmc 6504: The type precedes the field contents.
6505: For example
6506: .Qq BMPSTRING: Hello World .
6507: .It Cm space_eq
6508: Place spaces round the
6509: .Sq =
6510: character which follows the field name.
6511: .It Cm use_quote
6512: Escape some characters by surrounding the whole string with
6513: .Sq \&"
6514: characters.
6515: Without the option, all escaping is done with the
6516: .Sq \e
6517: character.
6518: .It Cm utf8
6519: Convert all strings to UTF8 format first, as required by RFC 2253.
6520: On a UTF8 compatible terminal,
6521: the use of this option (and not setting
6522: .Cm esc_msb )
6523: may result in the correct display of multibyte characters.
6524: Usually, multibyte characters larger than 0xff
6525: are represented using the format \eUXXXX for 16 bits and \eWXXXXXXXX
6526: for 32 bits,
6527: and any UTF8Strings are converted to their character form first.
6528: .El
1.107 inoguchi 6529: .It Fl next_serial
6530: Print the next serial number.
1.1 jsing 6531: .It Fl noout
1.80 jmc 6532: Do not output the encoded version of the request.
1.1 jsing 6533: .It Fl ocsp_uri
1.80 jmc 6534: Print the OCSP responder addresses, if any.
1.1 jsing 6535: .It Fl ocspid
6536: Print OCSP hash values for the subject name and public key.
6537: .It Fl pubkey
1.80 jmc 6538: Print the public key.
1.1 jsing 6539: .It Fl serial
1.80 jmc 6540: Print the certificate serial number.
1.107 inoguchi 6541: .It Fl sigopt Ar nm:v
6542: Pass options to the signature algorithm during sign or certify operations.
6543: The names and values of these options are algorithm-specific.
1.1 jsing 6544: .It Fl startdate
1.80 jmc 6545: Print the start date of the certificate; that is, the
6546: .Cm notBefore
1.1 jsing 6547: date.
6548: .It Fl subject
1.80 jmc 6549: Print the subject name.
1.1 jsing 6550: .It Fl subject_hash
1.80 jmc 6551: Print the hash of the certificate subject name.
1.1 jsing 6552: This is used in
1.80 jmc 6553: .Nm openssl
1.1 jsing 6554: to form an index to allow certificates in a directory to be looked up
6555: by subject name.
6556: .It Fl subject_hash_old
1.80 jmc 6557: Print the hash of the certificate subject name
6558: using the older algorithm as used by
6559: .Nm openssl
1.1 jsing 6560: versions before 1.0.0.
6561: .It Fl text
1.80 jmc 6562: Print the full certificate in text form.
1.1 jsing 6563: .El
6564: .Pp
1.80 jmc 6565: A trusted certificate is a certificate which has several
1.1 jsing 6566: additional pieces of information attached to it such as the permitted
1.80 jmc 6567: and prohibited uses of the certificate and an alias.
1.127 jmc 6568: When a certificate is being verified, at least one certificate must be trusted.
1.80 jmc 6569: By default, a trusted certificate must be stored locally and be a root CA.
6570: The following are x509 trust settings options:
1.1 jsing 6571: .Bl -tag -width "XXXX"
6572: .It Fl addreject Ar arg
1.80 jmc 6573: Add a prohibited use.
6574: Accepts the same values as the
1.1 jsing 6575: .Fl addtrust
6576: option.
6577: .It Fl addtrust Ar arg
1.80 jmc 6578: Add a trusted certificate use.
1.1 jsing 6579: Any object name can be used here, but currently only
1.80 jmc 6580: .Cm clientAuth
6581: (SSL client use),
6582: .Cm serverAuth
6583: (SSL server use),
6584: and
6585: .Cm emailProtection
6586: (S/MIME email) are used.
1.1 jsing 6587: .It Fl alias
1.80 jmc 6588: Output the certificate alias.
1.1 jsing 6589: .It Fl clrreject
1.80 jmc 6590: Clear all the prohibited or rejected uses of the certificate.
1.1 jsing 6591: .It Fl clrtrust
1.80 jmc 6592: Clear all the permitted or trusted uses of the certificate.
1.1 jsing 6593: .It Fl purpose
1.80 jmc 6594: Perform tests on the certificate extensions.
6595: The same code is used when verifying untrusted certificates in chains,
6596: so this section is useful if a chain is rejected by the verify code.
6597: .Pp
6598: The
6599: .Cm basicConstraints
6600: extension CA flag is used to determine whether the
6601: certificate can be used as a CA.
6602: If the CA flag is true, it is a CA;
6603: if the CA flag is false, it is not a CA.
6604: All CAs should have the CA flag set to true.
6605: .Pp
6606: If the
6607: .Cm basicConstraints
6608: extension is absent, then the certificate is
6609: considered to be a possible CA;
6610: other extensions are checked according to the intended use of the certificate.
6611: A warning is given in this case because the certificate should really not
6612: be regarded as a CA.
6613: However it is allowed to be a CA to work around some broken software.
6614: .Pp
6615: If the certificate is a V1 certificate
6616: (and thus has no extensions) and it is self-signed,
6617: it is also assumed to be a CA but a warning is again given.
6618: This is to work around the problem of Verisign roots
6619: which are V1 self-signed certificates.
6620: .Pp
6621: If the
6622: .Cm keyUsage
6623: extension is present, then additional restraints are
6624: made on the uses of the certificate.
6625: A CA certificate must have the
6626: .Cm keyCertSign
6627: bit set if the
6628: .Cm keyUsage
6629: extension is present.
6630: .Pp
6631: The extended key usage extension places additional restrictions on the
6632: certificate uses.
6633: If this extension is present, whether critical or not,
6634: the key can only be used for the purposes specified.
6635: .Pp
6636: A complete description of each test is given below.
6637: The comments about
6638: .Cm basicConstraints
6639: and
6640: .Cm keyUsage
6641: and V1 certificates above apply to all CA certificates.
6642: .Bl -tag -width "XXXX"
6643: .It SSL Client
6644: The extended key usage extension must be absent or include the
6645: web client authentication OID.
6646: .Cm keyUsage
6647: must be absent or it must have the
6648: .Cm digitalSignature
6649: bit set.
6650: The Netscape certificate type must be absent
6651: or it must have the SSL client bit set.
6652: .It SSL Client CA
6653: The extended key usage extension must be absent or include the
6654: web client authentication OID.
6655: The Netscape certificate type must be absent
6656: or it must have the SSL CA bit set:
6657: this is used as a workaround if the
6658: .Cm basicConstraints
6659: extension is absent.
6660: .It SSL Server
6661: The extended key usage extension must be absent or include the
6662: web server authentication and/or one of the SGC OIDs.
6663: .Cm keyUsage
6664: must be absent or it must have the
6665: .Cm digitalSignature
6666: set, the
6667: .Cm keyEncipherment
6668: set, or both bits set.
6669: The Netscape certificate type must be absent or have the SSL server bit set.
6670: .It SSL Server CA
6671: The extended key usage extension must be absent or include the
6672: web server authentication and/or one of the SGC OIDs.
6673: The Netscape certificate type must be absent or the SSL CA bit must be set:
6674: this is used as a workaround if the
6675: .Cm basicConstraints
6676: extension is absent.
6677: .It Netscape SSL Server
6678: For Netscape SSL clients to connect to an SSL server; it must have the
6679: .Cm keyEncipherment
6680: bit set if the
6681: .Cm keyUsage
6682: extension is present.
6683: This isn't always valid because some cipher suites use the key for
6684: digital signing.
6685: Otherwise it is the same as a normal SSL server.
6686: .It Common S/MIME Client Tests
6687: The extended key usage extension must be absent or include the
6688: email protection OID.
6689: The Netscape certificate type must be absent or should have the S/MIME bit set.
6690: If the S/MIME bit is not set in Netscape certificate type, then the SSL
6691: client bit is tolerated as an alternative but a warning is shown:
6692: this is because some Verisign certificates don't set the S/MIME bit.
6693: .It S/MIME Signing
6694: In addition to the common S/MIME client tests, the
6695: .Cm digitalSignature
6696: bit must be set if the
6697: .Cm keyUsage
6698: extension is present.
6699: .It S/MIME Encryption
6700: In addition to the common S/MIME tests, the
6701: .Cm keyEncipherment
6702: bit must be set if the
6703: .Cm keyUsage
6704: extension is present.
6705: .It S/MIME CA
6706: The extended key usage extension must be absent or include the
6707: email protection OID.
6708: The Netscape certificate type must be absent
6709: or must have the S/MIME CA bit set:
6710: this is used as a workaround if the
6711: .Cm basicConstraints
6712: extension is absent.
6713: .It CRL Signing
6714: The
6715: .Cm keyUsage
6716: extension must be absent or it must have the CRL signing bit set.
6717: .It CRL Signing CA
6718: The normal CA tests apply, except the
6719: .Cm basicConstraints
6720: extension must be present.
6721: .El
1.1 jsing 6722: .It Fl setalias Ar arg
1.80 jmc 6723: Set the alias of the certificate,
6724: allowing the certificate to be referred to using a nickname,
6725: such as
1.1 jsing 6726: .Qq Steve's Certificate .
6727: .It Fl trustout
1.80 jmc 6728: Output a trusted certificate
6729: (the default if any trust settings are modified).
1.1 jsing 6730: An ordinary or trusted certificate can be input, but by default an ordinary
6731: certificate is output and any trust settings are discarded.
6732: .El
1.80 jmc 6733: .Pp
1.1 jsing 6734: The
6735: .Nm x509
1.80 jmc 6736: utility can be used to sign certificates and requests:
6737: it can thus behave like a mini CA.
6738: The following are x509 signing options:
1.1 jsing 6739: .Bl -tag -width "XXXX"
6740: .It Fl CA Ar file
1.80 jmc 6741: The CA certificate to be used for signing.
1.1 jsing 6742: When this option is present,
6743: .Nm x509
1.80 jmc 6744: behaves like a mini CA.
1.1 jsing 6745: The input file is signed by the CA using this option;
6746: that is, its issuer name is set to the subject name of the CA and it is
6747: digitally signed using the CA's private key.
6748: .Pp
6749: This option is normally combined with the
6750: .Fl req
6751: option.
6752: Without the
6753: .Fl req
6754: option, the input is a certificate which must be self-signed.
6755: .It Fl CAcreateserial
1.80 jmc 6756: Create the CA serial number file if it does not exist
6757: instead of generating an error.
6758: The file will contain the serial number
1.1 jsing 6759: .Sq 02
6760: and the certificate being signed will have
6761: .Sq 1
6762: as its serial number.
1.80 jmc 6763: .It Fl CAform Cm der | pem
1.1 jsing 6764: The format of the CA certificate file.
6765: The default is
1.80 jmc 6766: .Cm pem .
1.1 jsing 6767: .It Fl CAkey Ar file
1.80 jmc 6768: Set the CA private key to sign a certificate with.
6769: Otherwise it is assumed that the CA private key is present
6770: in the CA certificate file.
6771: .It Fl CAkeyform Cm der | pem
1.1 jsing 6772: The format of the CA private key.
6773: The default is
1.80 jmc 6774: .Cm pem .
1.1 jsing 6775: .It Fl CAserial Ar file
1.80 jmc 6776: Use the serial number in
6777: .Ar file
6778: to sign a certificate.
6779: The file should consist of one line containing an even number of hex digits
1.1 jsing 6780: with the serial number to use.
6781: After each use the serial number is incremented and written out
6782: to the file again.
6783: .Pp
6784: The default filename consists of the CA certificate file base name with
6785: .Pa .srl
6786: appended.
6787: For example, if the CA certificate file is called
6788: .Pa mycacert.pem ,
6789: it expects to find a serial number file called
6790: .Pa mycacert.srl .
6791: .It Fl checkend Ar arg
6792: Check whether the certificate expires in the next
6793: .Ar arg
6794: seconds.
6795: If so, exit with return value 1;
6796: otherwise exit with return value 0.
6797: .It Fl clrext
6798: Delete any extensions from a certificate.
6799: This option is used when a certificate is being created from another
6800: certificate (for example with the
6801: .Fl signkey
6802: or the
6803: .Fl CA
6804: options).
6805: Normally, all extensions are retained.
6806: .It Fl days Ar arg
1.80 jmc 6807: The number of days to make a certificate valid for.
1.1 jsing 6808: The default is 30 days.
6809: .It Fl extensions Ar section
6810: The section to add certificate extensions from.
6811: If this option is not specified, the extensions should either be
1.80 jmc 6812: contained in the unnamed (default) section
6813: or the default section should contain a variable called
1.1 jsing 6814: .Qq extensions
6815: which contains the section to use.
6816: .It Fl extfile Ar file
6817: File containing certificate extensions to use.
6818: If not specified, no extensions are added to the certificate.
1.80 jmc 6819: .It Fl keyform Cm der | pem
6820: The format of the private key file used in the
1.1 jsing 6821: .Fl signkey
6822: option.
6823: .It Fl req
1.80 jmc 6824: Expect a certificate request on input instead of a certificate.
1.1 jsing 6825: .It Fl set_serial Ar n
1.80 jmc 6826: The serial number to use.
1.1 jsing 6827: This option can be used with either the
6828: .Fl signkey
6829: or
6830: .Fl CA
6831: options.
6832: If used in conjunction with the
6833: .Fl CA
6834: option, the serial number file (as specified by the
6835: .Fl CAserial
6836: or
6837: .Fl CAcreateserial
6838: options) is not used.
6839: .Pp
6840: The serial number can be decimal or hex (if preceded by
6841: .Sq 0x ) .
6842: Negative serial numbers can also be specified but their use is not recommended.
6843: .It Fl signkey Ar file
1.80 jmc 6844: Self-sign
6845: .Ar file
6846: using the supplied private key.
1.1 jsing 6847: .Pp
6848: If the input file is a certificate, it sets the issuer name to the
1.80 jmc 6849: subject name (i.e. makes it self-signed),
1.1 jsing 6850: changes the public key to the supplied value,
6851: and changes the start and end dates.
6852: The start date is set to the current time and the end date is set to
6853: a value determined by the
6854: .Fl days
6855: option.
6856: Any certificate extensions are retained unless the
6857: .Fl clrext
6858: option is supplied.
6859: .Pp
6860: If the input is a certificate request, a self-signed certificate
6861: is created using the supplied private key using the subject name in
6862: the request.
6863: .It Fl x509toreq
1.80 jmc 6864: Convert a certificate into a certificate request.
1.1 jsing 6865: The
6866: .Fl signkey
6867: option is used to pass the required private key.
6868: .El
1.38 jmc 6869: .Sh COMMON NOTATION
6870: Several commands share a common syntax,
6871: as detailed below.
6872: .Pp
6873: Password arguments, typically specified using
1.33 jmc 6874: .Fl passin
6875: and
6876: .Fl passout
1.38 jmc 6877: for input and output passwords,
6878: allow passwords to be obtained from a variety of sources.
6879: Both of these options take a single argument, described below.
1.33 jmc 6880: If no password argument is given and a password is required,
6881: then the user is prompted to enter one:
6882: this will typically be read from the current terminal with echoing turned off.
1.38 jmc 6883: .Bl -tag -width "pass:password" -offset indent
6884: .It Cm pass : Ns Ar password
1.33 jmc 6885: The actual password is
6886: .Ar password .
1.38 jmc 6887: Since the password is visible to utilities,
1.33 jmc 6888: this form should only be used where security is not important.
1.38 jmc 6889: .It Cm env : Ns Ar var
1.33 jmc 6890: Obtain the password from the environment variable
6891: .Ar var .
1.38 jmc 6892: Since the environment of other processes is visible,
6893: this option should be used with caution.
6894: .It Cm file : Ns Ar path
1.33 jmc 6895: The first line of
6896: .Ar path
6897: is the password.
6898: If the same
6899: .Ar path
6900: argument is supplied to
6901: .Fl passin
6902: and
6903: .Fl passout ,
6904: then the first line will be used for the input password and the next line
6905: for the output password.
6906: .Ar path
6907: need not refer to a regular file:
6908: it could, for example, refer to a device or named pipe.
1.38 jmc 6909: .It Cm fd : Ns Ar number
1.33 jmc 6910: Read the password from the file descriptor
6911: .Ar number .
1.38 jmc 6912: This can be used to send the data via a pipe, for example.
6913: .It Cm stdin
1.33 jmc 6914: Read the password from standard input.
1.35 jmc 6915: .El
1.38 jmc 6916: .Pp
1.64 jmc 6917: Input/output formats,
1.38 jmc 6918: typically specified using
6919: .Fl inform
6920: and
6921: .Fl outform ,
1.64 jmc 6922: indicate the format being read from or written to.
1.38 jmc 6923: The argument is case insensitive.
6924: .Pp
6925: .Bl -tag -width Ds -offset indent -compact
6926: .It Cm der
6927: Distinguished Encoding Rules (DER)
6928: is a binary format.
1.64 jmc 6929: .It Cm net
6930: Insecure legacy format.
1.38 jmc 6931: .It Cm pem
6932: Privacy Enhanced Mail (PEM)
6933: is base64-encoded.
1.108 inoguchi 6934: .It Cm pvk
6935: Private Key format.
1.70 jmc 6936: .It Cm smime
6937: An SMIME format message.
1.38 jmc 6938: .It Cm txt
6939: Plain ASCII text.
6940: .El
1.35 jmc 6941: .Sh ENVIRONMENT
6942: The following environment variables affect the execution of
6943: .Nm openssl :
1.38 jmc 6944: .Bl -tag -width "/etc/ssl/openssl.cnf"
1.35 jmc 6945: .It Ev OPENSSL_CONF
6946: The location of the master configuration file.
1.33 jmc 6947: .El
1.1 jsing 6948: .Sh FILES
6949: .Bl -tag -width "/etc/ssl/openssl.cnf" -compact
1.17 sobrado 6950: .It Pa /etc/ssl/
1.1 jsing 6951: Default config directory for
6952: .Nm openssl .
1.17 sobrado 6953: .It Pa /etc/ssl/lib/
1.1 jsing 6954: Unused.
1.17 sobrado 6955: .It Pa /etc/ssl/private/
1.1 jsing 6956: Default private key directory.
1.17 sobrado 6957: .It Pa /etc/ssl/openssl.cnf
1.1 jsing 6958: Default configuration file for
6959: .Nm openssl .
1.17 sobrado 6960: .It Pa /etc/ssl/x509v3.cnf
1.1 jsing 6961: Default configuration file for
6962: .Nm x509
6963: certificates.
6964: .El
6965: .Sh SEE ALSO
1.74 jmc 6966: .Xr acme-client 1 ,
1.26 jmc 6967: .Xr nc 1 ,
1.90 schwarze 6968: .Xr openssl.cnf 5 ,
6969: .Xr x509v3.cnf 5 ,
1.1 jsing 6970: .Xr ssl 8 ,
6971: .Xr starttls 8
6972: .Sh STANDARDS
6973: .Rs
6974: .%A T. Dierks
6975: .%A C. Allen
6976: .%D January 1999
6977: .%R RFC 2246
6978: .%T The TLS Protocol Version 1.0
6979: .Re
6980: .Pp
6981: .Rs
6982: .%A M. Wahl
6983: .%A S. Killie
6984: .%A T. Howes
6985: .%D December 1997
6986: .%R RFC 2253
6987: .%T Lightweight Directory Access Protocol (v3): UTF-8 String Representation of Distinguished Names
6988: .Re
6989: .Pp
6990: .Rs
6991: .%A B. Kaliski
6992: .%D March 1998
6993: .%R RFC 2315
6994: .%T PKCS #7: Cryptographic Message Syntax Version 1.5
6995: .Re
6996: .Pp
6997: .Rs
6998: .%A R. Housley
6999: .%A W. Ford
7000: .%A W. Polk
7001: .%A D. Solo
7002: .%D January 1999
7003: .%R RFC 2459
7004: .%T Internet X.509 Public Key Infrastructure Certificate and CRL Profile
7005: .Re
7006: .Pp
7007: .Rs
7008: .%A M. Myers
7009: .%A R. Ankney
7010: .%A A. Malpani
7011: .%A S. Galperin
7012: .%A C. Adams
7013: .%D June 1999
7014: .%R RFC 2560
7015: .%T X.509 Internet Public Key Infrastructure Online Certificate Status Protocol \(en OCSP
7016: .Re
7017: .Pp
7018: .Rs
7019: .%A R. Housley
7020: .%D June 1999
7021: .%R RFC 2630
7022: .%T Cryptographic Message Syntax
7023: .Re
7024: .Pp
7025: .Rs
7026: .%A P. Chown
7027: .%D June 2002
7028: .%R RFC 3268
1.24 jmc 7029: .%T Advanced Encryption Standard (AES) Ciphersuites for Transport Layer Security (TLS)
1.1 jsing 7030: .Re