Annotation of src/usr.bin/openssl/openssl.1, Revision 1.155
1.155 ! job 1: .\" $OpenBSD: openssl.1,v 1.154 2024/01/12 11:24:03 job Exp $
1.1 jsing 2: .\" ====================================================================
3: .\" Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
4: .\"
5: .\" Redistribution and use in source and binary forms, with or without
6: .\" modification, are permitted provided that the following conditions
7: .\" are met:
8: .\"
9: .\" 1. Redistributions of source code must retain the above copyright
10: .\" notice, this list of conditions and the following disclaimer.
11: .\"
12: .\" 2. Redistributions in binary form must reproduce the above copyright
13: .\" notice, this list of conditions and the following disclaimer in
14: .\" the documentation and/or other materials provided with the
15: .\" distribution.
16: .\"
17: .\" 3. All advertising materials mentioning features or use of this
18: .\" software must display the following acknowledgment:
19: .\" "This product includes software developed by the OpenSSL Project
20: .\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
21: .\"
22: .\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
23: .\" endorse or promote products derived from this software without
24: .\" prior written permission. For written permission, please contact
25: .\" openssl-core@openssl.org.
26: .\"
27: .\" 5. Products derived from this software may not be called "OpenSSL"
28: .\" nor may "OpenSSL" appear in their names without prior written
29: .\" permission of the OpenSSL Project.
30: .\"
31: .\" 6. Redistributions of any form whatsoever must retain the following
32: .\" acknowledgment:
33: .\" "This product includes software developed by the OpenSSL Project
34: .\" for use in the OpenSSL Toolkit (http://www.openssl.org/)"
35: .\"
36: .\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
37: .\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
38: .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
39: .\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
40: .\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
41: .\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
42: .\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
43: .\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
44: .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
45: .\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
46: .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
47: .\" OF THE POSSIBILITY OF SUCH DAMAGE.
48: .\" ====================================================================
49: .\"
50: .\" This product includes cryptographic software written by Eric Young
51: .\" (eay@cryptsoft.com). This product includes software written by Tim
52: .\" Hudson (tjh@cryptsoft.com).
53: .\"
54: .\"
55: .\" Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
56: .\" All rights reserved.
57: .\"
58: .\" This package is an SSL implementation written
59: .\" by Eric Young (eay@cryptsoft.com).
60: .\" The implementation was written so as to conform with Netscapes SSL.
61: .\"
62: .\" This library is free for commercial and non-commercial use as long as
63: .\" the following conditions are aheared to. The following conditions
64: .\" apply to all code found in this distribution, be it the RC4, RSA,
65: .\" lhash, DES, etc., code; not just the SSL code. The SSL documentation
66: .\" included with this distribution is covered by the same copyright terms
67: .\" except that the holder is Tim Hudson (tjh@cryptsoft.com).
68: .\"
69: .\" Copyright remains Eric Young's, and as such any Copyright notices in
70: .\" the code are not to be removed.
71: .\" If this package is used in a product, Eric Young should be given attribution
72: .\" as the author of the parts of the library used.
73: .\" This can be in the form of a textual message at program startup or
74: .\" in documentation (online or textual) provided with the package.
75: .\"
76: .\" Redistribution and use in source and binary forms, with or without
77: .\" modification, are permitted provided that the following conditions
78: .\" are met:
79: .\" 1. Redistributions of source code must retain the copyright
80: .\" notice, this list of conditions and the following disclaimer.
81: .\" 2. Redistributions in binary form must reproduce the above copyright
82: .\" notice, this list of conditions and the following disclaimer in the
83: .\" documentation and/or other materials provided with the distribution.
84: .\" 3. All advertising materials mentioning features or use of this software
85: .\" must display the following acknowledgement:
86: .\" "This product includes cryptographic software written by
87: .\" Eric Young (eay@cryptsoft.com)"
88: .\" The word 'cryptographic' can be left out if the rouines from the library
89: .\" being used are not cryptographic related :-).
90: .\" 4. If you include any Windows specific code (or a derivative thereof) from
91: .\" the apps directory (application code) you must include an
92: .\" acknowledgement:
93: .\" "This product includes software written by Tim Hudson
94: .\" (tjh@cryptsoft.com)"
95: .\"
96: .\" THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
97: .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
98: .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
99: .\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
100: .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
101: .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
102: .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
103: .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
104: .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
105: .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
106: .\" SUCH DAMAGE.
107: .\"
108: .\" The licence and distribution terms for any publically available version or
109: .\" derivative of this code cannot be changed. i.e. this code cannot simply be
110: .\" copied and put under another distribution licence
111: .\" [including the GNU Public Licence.]
112: .\"
1.155 ! job 113: .Dd $Mdocdate: January 12 2024 $
1.1 jsing 114: .Dt OPENSSL 1
115: .Os
116: .Sh NAME
117: .Nm openssl
118: .Nd OpenSSL command line tool
119: .Sh SYNOPSIS
120: .Nm
1.90 schwarze 121: .Ar command
1.140 kn 122: .Op Ar command_opt ...
123: .Op Ar command_arg ...
1.1 jsing 124: .Pp
125: .Nm
1.13 bentley 126: .Cm list-standard-commands |
127: .Cm list-message-digest-commands |
128: .Cm list-cipher-commands |
129: .Cm list-cipher-algorithms |
130: .Cm list-message-digest-algorithms |
1.1 jsing 131: .Cm list-public-key-algorithms
132: .Pp
133: .Nm
1.39 jmc 134: .Cm no- Ns Ar command
1.1 jsing 135: .Sh DESCRIPTION
136: .Nm OpenSSL
1.31 jmc 137: is a cryptography toolkit implementing the
138: Transport Layer Security
1.1 jsing 139: .Pq TLS v1
1.31 jmc 140: network protocol,
141: as well as related cryptography standards.
1.1 jsing 142: .Pp
143: The
144: .Nm
145: program is a command line tool for using the various
146: cryptography functions of
1.39 jmc 147: .Nm openssl Ns 's
1.33 jmc 148: crypto library from the shell.
1.1 jsing 149: .Pp
150: The pseudo-commands
151: .Cm list-standard-commands , list-message-digest-commands ,
152: and
153: .Cm list-cipher-commands
154: output a list
155: .Pq one entry per line
156: of the names of all standard commands, message digest commands,
157: or cipher commands, respectively, that are available in the present
158: .Nm
159: utility.
160: .Pp
161: The pseudo-commands
162: .Cm list-cipher-algorithms
163: and
164: .Cm list-message-digest-algorithms
165: list all cipher and message digest names,
166: one entry per line.
167: Aliases are listed as:
168: .Pp
1.33 jmc 169: .D1 from => to
1.1 jsing 170: .Pp
171: The pseudo-command
172: .Cm list-public-key-algorithms
173: lists all supported public key algorithms.
174: .Pp
175: The pseudo-command
1.39 jmc 176: .Cm no- Ns Ar command
1.1 jsing 177: tests whether a command of the
178: specified name is available.
1.39 jmc 179: If
180: .Ar command
181: does not exist,
1.1 jsing 182: it returns 0
183: and prints
1.39 jmc 184: .Cm no- Ns Ar command ;
1.1 jsing 185: otherwise it returns 1 and prints
1.39 jmc 186: .Ar command .
187: In both cases, the output goes to stdout and nothing is printed to stderr.
1.1 jsing 188: Additional command line arguments are always ignored.
189: Since for each cipher there is a command of the same name,
190: this provides an easy way for shell scripts to test for the
191: availability of ciphers in the
192: .Nm
193: program.
194: .Pp
195: .Sy Note :
1.39 jmc 196: .Cm no- Ns Ar command
1.1 jsing 197: is not able to detect pseudo-commands such as
198: .Cm quit ,
199: .Cm list- Ns Ar ... Ns Cm -commands ,
200: or
1.39 jmc 201: .Cm no- Ns Ar command
1.1 jsing 202: itself.
1.120 kn 203: .Tg asn1parse
1.1 jsing 204: .Sh ASN1PARSE
1.114 jmc 205: .Bl -hang -width "openssl asn1parse"
206: .It Nm openssl asn1parse
207: .Bk -words
1.1 jsing 208: .Op Fl i
209: .Op Fl dlimit Ar number
210: .Op Fl dump
211: .Op Fl genconf Ar file
212: .Op Fl genstr Ar str
213: .Op Fl in Ar file
1.34 jmc 214: .Op Fl inform Cm der | pem | txt
1.1 jsing 215: .Op Fl length Ar number
216: .Op Fl noout
217: .Op Fl offset Ar number
218: .Op Fl oid Ar file
219: .Op Fl out Ar file
220: .Op Fl strparse Ar offset
1.114 jmc 221: .Ek
222: .El
1.1 jsing 223: .Pp
224: The
225: .Nm asn1parse
226: command is a diagnostic utility that can parse ASN.1 structures.
227: It can also be used to extract data from ASN.1 formatted data.
228: .Pp
229: The options are as follows:
230: .Bl -tag -width Ds
231: .It Fl dlimit Ar number
232: Dump the first
233: .Ar number
234: bytes of unknown data in hex form.
235: .It Fl dump
236: Dump unknown data in hex form.
237: .It Fl genconf Ar file , Fl genstr Ar str
238: Generate encoded data based on string
239: .Ar str ,
240: file
241: .Ar file ,
1.34 jmc 242: or both, using the format described in
243: .Xr ASN1_generate_nconf 3 .
1.1 jsing 244: If only
245: .Ar file
246: is present then the string is obtained from the default section
247: using the name
248: .Dq asn1 .
1.84 jmc 249: The encoded data is passed through the ASN.1 parser and printed out as
1.1 jsing 250: though it came from a file;
251: the contents can thus be examined and written to a file using the
252: .Fl out
253: option.
254: .It Fl i
1.34 jmc 255: Indent the output according to the
1.1 jsing 256: .Qq depth
257: of the structures.
258: .It Fl in Ar file
1.41 jmc 259: The input file to read from, or standard input if not specified.
1.34 jmc 260: .It Fl inform Cm der | pem | txt
1.1 jsing 261: The input format.
262: .It Fl length Ar number
1.34 jmc 263: Number of bytes to parse; the default is until end of file.
1.1 jsing 264: .It Fl noout
1.46 jmc 265: Do not output the parsed version of the input file.
1.1 jsing 266: .It Fl offset Ar number
1.34 jmc 267: Starting offset to begin parsing; the default is start of file.
1.1 jsing 268: .It Fl oid Ar file
269: A file containing additional object identifiers
270: .Pq OIDs .
271: If an OID
272: .Pq object identifier
273: is not part of
1.34 jmc 274: .Nm openssl Ns 's
1.137 naddy 275: internal table, it will be represented in
1.1 jsing 276: numerical form
277: .Pq for example 1.2.3.4 .
1.34 jmc 278: .Pp
1.1 jsing 279: Each line consists of three columns:
280: the first column is the OID in numerical format and should be followed by
281: whitespace.
282: The second column is the
1.34 jmc 283: .Qq short name ,
1.1 jsing 284: which is a single word followed by whitespace.
285: The final column is the rest of the line and is the
286: .Qq long name .
287: .Nm asn1parse
288: displays the long name.
1.34 jmc 289: .It Fl out Ar file
290: The DER-encoded output file; the default is no encoded output
291: (useful when combined with
292: .Fl strparse ) .
293: .It Fl strparse Ar offset
294: Parse the content octets of the ASN.1 object starting at
295: .Ar offset .
296: This option can be used multiple times to
297: .Qq drill down
298: into a nested structure.
299: .El
1.120 kn 300: .Tg ca
1.1 jsing 301: .Sh CA
1.114 jmc 302: .Bl -hang -width "openssl ca"
303: .It Nm openssl ca
304: .Bk -words
1.1 jsing 305: .Op Fl batch
306: .Op Fl cert Ar file
307: .Op Fl config Ar file
1.91 schwarze 308: .Op Fl create_serial
1.1 jsing 309: .Op Fl crl_CA_compromise Ar time
310: .Op Fl crl_compromise Ar time
311: .Op Fl crl_hold Ar instruction
312: .Op Fl crl_reason Ar reason
313: .Op Fl crldays Ar days
314: .Op Fl crlexts Ar section
315: .Op Fl crlhours Ar hours
1.103 inoguchi 316: .Op Fl crlsec Ar seconds
1.1 jsing 317: .Op Fl days Ar arg
318: .Op Fl enddate Ar date
319: .Op Fl extensions Ar section
1.103 inoguchi 320: .Op Fl extfile Ar file
1.1 jsing 321: .Op Fl gencrl
322: .Op Fl in Ar file
323: .Op Fl infiles
1.91 schwarze 324: .Op Fl key Ar password
1.103 inoguchi 325: .Op Fl keyfile Ar file
1.91 schwarze 326: .Op Fl keyform Cm pem | der
1.103 inoguchi 327: .Op Fl md Ar alg
1.1 jsing 328: .Op Fl msie_hack
1.107 inoguchi 329: .Op Fl multivalue-rdn
1.1 jsing 330: .Op Fl name Ar section
331: .Op Fl noemailDN
332: .Op Fl notext
333: .Op Fl out Ar file
1.103 inoguchi 334: .Op Fl outdir Ar directory
1.1 jsing 335: .Op Fl passin Ar arg
336: .Op Fl policy Ar arg
337: .Op Fl preserveDN
338: .Op Fl revoke Ar file
1.91 schwarze 339: .Op Fl selfsign
1.103 inoguchi 340: .Op Fl sigopt Ar nm:v
1.1 jsing 341: .Op Fl spkac Ar file
342: .Op Fl ss_cert Ar file
343: .Op Fl startdate Ar date
344: .Op Fl status Ar serial
345: .Op Fl subj Ar arg
346: .Op Fl updatedb
1.91 schwarze 347: .Op Fl utf8
1.1 jsing 348: .Op Fl verbose
1.114 jmc 349: .Ek
350: .El
1.1 jsing 351: .Pp
352: The
353: .Nm ca
1.35 jmc 354: command is a minimal certificate authority (CA) application.
1.1 jsing 355: It can be used to sign certificate requests in a variety of forms
1.35 jmc 356: and generate certificate revocation lists (CRLs).
1.1 jsing 357: It also maintains a text database of issued certificates and their status.
358: .Pp
1.35 jmc 359: The options relevant to CAs are as follows:
1.1 jsing 360: .Bl -tag -width "XXXX"
361: .It Fl batch
1.41 jmc 362: Batch mode.
1.1 jsing 363: In this mode no questions will be asked
364: and all certificates will be certified automatically.
365: .It Fl cert Ar file
366: The CA certificate file.
367: .It Fl config Ar file
1.72 jmc 368: Specify an alternative configuration file.
1.91 schwarze 369: .It Fl create_serial
370: If reading the serial from the text file as specified in the
371: configuration fails, create a new random serial to be used as the
372: next serial number.
1.1 jsing 373: .It Fl days Ar arg
374: The number of days to certify the certificate for.
375: .It Fl enddate Ar date
1.41 jmc 376: Set the expiry date.
1.88 jmc 377: The format of the date is [YY]YYMMDDHHMMSSZ,
378: with all four year digits required for dates from 2050 onwards.
1.1 jsing 379: .It Fl extensions Ar section
380: The section of the configuration file containing certificate extensions
381: to be added when a certificate is issued (defaults to
1.35 jmc 382: .Cm x509_extensions
1.1 jsing 383: unless the
384: .Fl extfile
385: option is used).
386: If no extension section is present, a V1 certificate is created.
387: If the extension section is present
388: .Pq even if it is empty ,
389: then a V3 certificate is created.
1.91 schwarze 390: See the
391: .Xr x509v3.cnf 5
392: manual page for details of the extension section format.
1.1 jsing 393: .It Fl extfile Ar file
394: An additional configuration
395: .Ar file
396: to read certificate extensions from
397: (using the default section unless the
398: .Fl extensions
399: option is also used).
400: .It Fl in Ar file
401: An input
402: .Ar file
403: containing a single certificate request to be signed by the CA.
404: .It Fl infiles
405: If present, this should be the last option; all subsequent arguments
406: are assumed to be the names of files containing certificate requests.
1.91 schwarze 407: .It Fl key Ar password
408: The
409: .Fa password
410: used to encrypt the private key.
1.35 jmc 411: Since on some systems the command line arguments are visible,
412: this option should be used with caution.
1.1 jsing 413: .It Fl keyfile Ar file
414: The private key to sign requests with.
1.91 schwarze 415: .It Fl keyform Cm pem | der
1.1 jsing 416: Private key file format.
1.91 schwarze 417: The default is
418: .Cm pem .
1.1 jsing 419: .It Fl md Ar alg
420: The message digest to use.
421: Possible values include
422: .Ar md5
423: and
424: .Ar sha1 .
425: This option also applies to CRLs.
426: .It Fl msie_hack
427: This is a legacy option to make
428: .Nm ca
429: work with very old versions of the IE certificate enrollment control
430: .Qq certenr3 .
431: It used UniversalStrings for almost everything.
432: Since the old control has various security bugs,
433: its use is strongly discouraged.
434: The newer control
435: .Qq Xenroll
436: does not need this option.
1.107 inoguchi 437: .It Fl multivalue-rdn
1.91 schwarze 438: This option causes the
439: .Fl subj
440: argument to be interpreted with full support for multivalued RDNs,
441: for example
442: .Qq "/DC=org/DC=OpenSSL/DC=users/UID=123456+CN=John Doe" .
443: If
1.107 inoguchi 444: .Fl multivalue-rdn
1.91 schwarze 445: is not used, the UID value is set to
446: .Qq "123456+CN=John Doe" .
1.1 jsing 447: .It Fl name Ar section
448: Specifies the configuration file
449: .Ar section
450: to use (overrides
451: .Cm default_ca
452: in the
453: .Cm ca
454: section).
455: .It Fl noemailDN
456: The DN of a certificate can contain the EMAIL field if present in the
1.30 mmcc 457: request DN, however it is good policy just having the email set into
1.1 jsing 458: the
1.35 jmc 459: .Cm altName
1.1 jsing 460: extension of the certificate.
461: When this option is set, the EMAIL field is removed from the certificate's
462: subject and set only in the, eventually present, extensions.
463: The
464: .Ar email_in_dn
465: keyword can be used in the configuration file to enable this behaviour.
466: .It Fl notext
467: Don't output the text form of a certificate to the output file.
468: .It Fl out Ar file
469: The output file to output certificates to.
470: The default is standard output.
1.91 schwarze 471: The certificate details will also be printed out to this file in
472: PEM format, except that
473: .Fl spkac
474: outputs DER format.
1.1 jsing 475: .It Fl outdir Ar directory
476: The
477: .Ar directory
478: to output certificates to.
479: The certificate will be written to a file consisting of the
480: serial number in hex with
481: .Qq .pem
482: appended.
483: .It Fl passin Ar arg
484: The key password source.
485: .It Fl policy Ar arg
1.41 jmc 486: Define the CA
1.1 jsing 487: .Qq policy
488: to use.
1.35 jmc 489: The policy section in the configuration file
490: consists of a set of variables corresponding to certificate DN fields.
491: The values may be one of
492: .Qq match
493: (the value must match the same field in the CA certificate),
494: .Qq supplied
495: (the value must be present), or
496: .Qq optional
497: (the value may be present).
498: Any fields not mentioned in the policy section
499: are silently deleted, unless the
500: .Fl preserveDN
501: option is set,
502: but this can be regarded more of a quirk than intended behaviour.
1.1 jsing 503: .It Fl preserveDN
504: Normally, the DN order of a certificate is the same as the order of the
505: fields in the relevant policy section.
506: When this option is set, the order is the same as the request.
507: This is largely for compatibility with the older IE enrollment control
508: which would only accept certificates if their DNs matched the order of the
509: request.
510: This is not needed for Xenroll.
1.91 schwarze 511: .It Fl selfsign
512: Indicates the issued certificates are to be signed with the key the
513: certificate requests were signed with, given with
514: .Fl keyfile .
515: Certificate requests signed with a different key are ignored.
516: If
517: .Fl gencrl ,
518: .Fl spkac ,
519: or
520: .Fl ss_cert
521: are given,
522: .Fl selfsign
523: is ignored.
524: .Pp
525: A consequence of using
526: .Fl selfsign
527: is that the self-signed certificate appears among the entries in
528: the certificate database (see the configuration option
529: .Cm database )
530: and uses the same serial number counter as all other certificates
531: signed with the self-signed certificate.
1.103 inoguchi 532: .It Fl sigopt Ar nm:v
533: Pass options to the signature algorithm during sign or certify operations.
534: The names and values of these options are algorithm-specific.
1.1 jsing 535: .It Fl spkac Ar file
536: A file containing a single Netscape signed public key and challenge,
537: and additional field values to be signed by the CA.
1.35 jmc 538: This will usually come from the
539: KEYGEN tag in an HTML form to create a new private key.
540: It is, however, possible to create SPKACs using the
541: .Nm spkac
542: utility.
543: .Pp
544: The file should contain the variable SPKAC set to the value of
545: the SPKAC and also the required DN components as name value pairs.
546: If it's necessary to include the same component twice,
547: then it can be preceded by a number and a
548: .Sq \&. .
1.1 jsing 549: .It Fl ss_cert Ar file
550: A single self-signed certificate to be signed by the CA.
551: .It Fl startdate Ar date
1.41 jmc 552: Set the start date.
1.88 jmc 553: The format of the date is [YY]YYMMDDHHMMSSZ,
554: with all four year digits required for dates from 2050 onwards.
1.91 schwarze 555: .It Fl subj Ar arg
556: Supersedes the subject name given in the request.
557: The
558: .Ar arg
559: must be formatted as
560: .Sm off
561: .Pf / Ar type0 Ns = Ar value0 Ns / Ar type 1 Ns = Ar value 1 Ns /
562: .Ar type2 Ns = Ar ... ;
563: .Sm on
564: characters may be escaped by
565: .Sq \e
566: .Pq backslash ,
567: no spaces are skipped.
568: .It Fl utf8
569: Interpret field values read from a terminal or obtained from a
570: configuration file as UTF-8 strings.
571: By default, they are interpreted as ASCII.
1.1 jsing 572: .It Fl verbose
1.41 jmc 573: Print extra details about the operations being performed.
1.1 jsing 574: .El
1.35 jmc 575: .Pp
576: The options relevant to CRLs are as follows:
1.1 jsing 577: .Bl -tag -width "XXXX"
578: .It Fl crl_CA_compromise Ar time
579: This is the same as
580: .Fl crl_compromise ,
581: except the revocation reason is set to CACompromise.
582: .It Fl crl_compromise Ar time
1.41 jmc 583: Set the revocation reason to keyCompromise and the compromise time to
1.1 jsing 584: .Ar time .
585: .Ar time
586: should be in GeneralizedTime format, i.e. YYYYMMDDHHMMSSZ.
587: .It Fl crl_hold Ar instruction
1.41 jmc 588: Set the CRL revocation reason code to certificateHold and the hold
1.1 jsing 589: instruction to
590: .Ar instruction
591: which must be an OID.
592: Although any OID can be used, only holdInstructionNone
593: (the use of which is discouraged by RFC 2459), holdInstructionCallIssuer or
594: holdInstructionReject will normally be used.
595: .It Fl crl_reason Ar reason
596: Revocation reason, where
597: .Ar reason
598: is one of:
599: unspecified, keyCompromise, CACompromise, affiliationChanged, superseded,
600: cessationOfOperation, certificateHold or removeFromCRL.
601: The matching of
602: .Ar reason
603: is case insensitive.
604: Setting any revocation reason will make the CRL v2.
605: In practice, removeFromCRL is not particularly useful because it is only used
606: in delta CRLs which are not currently implemented.
1.103 inoguchi 607: .It Fl crldays Ar days
1.1 jsing 608: The number of days before the next CRL is due.
609: This is the days from now to place in the CRL
1.35 jmc 610: .Cm nextUpdate
1.1 jsing 611: field.
612: .It Fl crlexts Ar section
613: The
614: .Ar section
615: of the configuration file containing CRL extensions to include.
616: If no CRL extension section is present then a V1 CRL is created;
617: if the CRL extension section is present
1.81 jmc 618: (even if it is empty)
1.1 jsing 619: then a V2 CRL is created.
1.81 jmc 620: The CRL extensions specified are CRL extensions and not CRL entry extensions.
621: It should be noted that some software can't handle V2 CRLs.
1.91 schwarze 622: See the
623: .Xr x509v3.cnf 5
624: manual page for details of the extension section format.
1.103 inoguchi 625: .It Fl crlhours Ar hours
1.1 jsing 626: The number of hours before the next CRL is due.
1.103 inoguchi 627: .It Fl crlsec Ar seconds
628: The number of seconds before the next CRL is due.
1.1 jsing 629: .It Fl gencrl
1.41 jmc 630: Generate a CRL based on information in the index file.
1.1 jsing 631: .It Fl revoke Ar file
632: A
633: .Ar file
634: containing a certificate to revoke.
1.91 schwarze 635: .It Fl status Ar serial
636: Show the status of the certificate with serial number
637: .Ar serial .
638: .It Fl updatedb
639: Update the database index to purge expired certificates.
1.1 jsing 640: .El
641: .Pp
1.35 jmc 642: Many of the options can be set in the
643: .Cm ca
644: section of the configuration file
645: (or in the default section of the configuration file),
646: specified using
647: .Cm default_ca
648: or
649: .Fl name .
650: The options
651: .Cm preserve
652: and
653: .Cm msie_hack
654: are read directly from the
655: .Cm ca
656: section.
1.1 jsing 657: .Pp
658: Many of the configuration file options are identical to command line
659: options.
660: Where the option is present in the configuration file and the command line,
661: the command line value is used.
662: Where an option is described as mandatory, then it must be present in
663: the configuration file or the command line equivalent
664: .Pq if any
665: used.
666: .Bl -tag -width "XXXX"
1.35 jmc 667: .It Cm certificate
1.1 jsing 668: The same as
669: .Fl cert .
670: It gives the file containing the CA certificate.
671: Mandatory.
1.35 jmc 672: .It Cm copy_extensions
1.1 jsing 673: Determines how extensions in certificate requests should be handled.
674: If set to
1.35 jmc 675: .Cm none
1.1 jsing 676: or this option is not present, then extensions are
677: ignored and not copied to the certificate.
678: If set to
1.35 jmc 679: .Cm copy ,
1.1 jsing 680: then any extensions present in the request that are not already present
681: are copied to the certificate.
682: If set to
1.35 jmc 683: .Cm copyall ,
1.1 jsing 684: then all extensions in the request are copied to the certificate:
685: if the extension is already present in the certificate it is deleted first.
1.35 jmc 686: .Pp
687: The
688: .Cm copy_extensions
689: option should be used with caution.
690: If care is not taken, it can be a security risk.
691: For example, if a certificate request contains a
692: .Cm basicConstraints
693: extension with CA:TRUE and the
694: .Cm copy_extensions
695: value is set to
696: .Cm copyall
697: and the user does not spot
1.91 schwarze 698: this when the certificate is displayed, then this will hand the requester
1.35 jmc 699: a valid CA certificate.
700: .Pp
701: This situation can be avoided by setting
702: .Cm copy_extensions
703: to
704: .Cm copy
705: and including
706: .Cm basicConstraints
707: with CA:FALSE in the configuration file.
708: Then if the request contains a
709: .Cm basicConstraints
710: extension, it will be ignored.
1.1 jsing 711: .Pp
712: The main use of this option is to allow a certificate request to supply
713: values for certain extensions such as
1.35 jmc 714: .Cm subjectAltName .
715: .It Cm crl_extensions
1.1 jsing 716: The same as
717: .Fl crlexts .
1.35 jmc 718: .It Cm crlnumber
1.1 jsing 719: A text file containing the next CRL number to use in hex.
720: The CRL number will be inserted in the CRLs only if this file exists.
721: If this file is present, it must contain a valid CRL number.
1.35 jmc 722: .It Cm database
1.1 jsing 723: The text database file to use.
724: Mandatory.
725: This file must be present, though initially it will be empty.
1.35 jmc 726: .It Cm default_crl_hours , default_crl_days
1.1 jsing 727: The same as the
728: .Fl crlhours
729: and
730: .Fl crldays
731: options.
732: These will only be used if neither command line option is present.
733: At least one of these must be present to generate a CRL.
1.35 jmc 734: .It Cm default_days
1.1 jsing 735: The same as the
736: .Fl days
737: option.
738: The number of days to certify a certificate for.
1.35 jmc 739: .It Cm default_enddate
1.1 jsing 740: The same as the
741: .Fl enddate
742: option.
743: Either this option or
1.35 jmc 744: .Cm default_days
1.1 jsing 745: .Pq or the command line equivalents
746: must be present.
1.35 jmc 747: .It Cm default_md
1.1 jsing 748: The same as the
749: .Fl md
750: option.
751: The message digest to use.
752: Mandatory.
1.35 jmc 753: .It Cm default_startdate
1.1 jsing 754: The same as the
755: .Fl startdate
756: option.
757: The start date to certify a certificate for.
758: If not set, the current time is used.
1.35 jmc 759: .It Cm email_in_dn
1.1 jsing 760: The same as
761: .Fl noemailDN .
762: If the EMAIL field is to be removed from the DN of the certificate,
763: simply set this to
764: .Qq no .
765: If not present, the default is to allow for the EMAIL field in the
766: certificate's DN.
1.35 jmc 767: .It Cm msie_hack
1.1 jsing 768: The same as
769: .Fl msie_hack .
1.35 jmc 770: .It Cm name_opt , cert_opt
1.1 jsing 771: These options allow the format used to display the certificate details
772: when asking the user to confirm signing.
773: All the options supported by the
774: .Nm x509
775: utilities'
776: .Fl nameopt
777: and
778: .Fl certopt
779: switches can be used here, except that
1.35 jmc 780: .Cm no_signame
1.1 jsing 781: and
1.35 jmc 782: .Cm no_sigdump
1.1 jsing 783: are permanently set and cannot be disabled
784: (this is because the certificate signature cannot be displayed because
785: the certificate has not been signed at this point).
786: .Pp
787: For convenience, the value
1.35 jmc 788: .Cm ca_default
1.1 jsing 789: is accepted by both to produce a reasonable output.
790: .Pp
791: If neither option is present, the format used in earlier versions of
1.35 jmc 792: .Nm openssl
1.1 jsing 793: is used.
1.81 jmc 794: Use of the old format is strongly discouraged
795: because it only displays fields mentioned in the
1.35 jmc 796: .Cm policy
1.1 jsing 797: section,
798: mishandles multicharacter string types and does not display extensions.
1.35 jmc 799: .It Cm new_certs_dir
1.1 jsing 800: The same as the
801: .Fl outdir
802: command line option.
803: It specifies the directory where new certificates will be placed.
804: Mandatory.
1.35 jmc 805: .It Cm oid_file
1.1 jsing 806: This specifies a file containing additional object identifiers.
807: Each line of the file should consist of the numerical form of the
808: object identifier followed by whitespace, then the short name followed
809: by whitespace and finally the long name.
1.35 jmc 810: .It Cm oid_section
1.1 jsing 811: This specifies a section in the configuration file containing extra
812: object identifiers.
813: Each line should consist of the short name of the object identifier
814: followed by
815: .Sq =
816: and the numerical form.
817: The short and long names are the same when this option is used.
1.35 jmc 818: .It Cm policy
1.1 jsing 819: The same as
820: .Fl policy .
821: Mandatory.
1.35 jmc 822: .It Cm preserve
1.1 jsing 823: The same as
824: .Fl preserveDN .
1.35 jmc 825: .It Cm private_key
1.1 jsing 826: Same as the
827: .Fl keyfile
828: option.
829: The file containing the CA private key.
830: Mandatory.
1.35 jmc 831: .It Cm serial
1.1 jsing 832: A text file containing the next serial number to use in hex.
833: Mandatory.
834: This file must be present and contain a valid serial number.
1.35 jmc 835: .It Cm unique_subject
1.1 jsing 836: If the value
1.35 jmc 837: .Cm yes
1.1 jsing 838: is given, the valid certificate entries in the
839: database must have unique subjects.
840: If the value
1.35 jmc 841: .Cm no
1.1 jsing 842: is given,
843: several valid certificate entries may have the exact same subject.
844: The default value is
1.35 jmc 845: .Cm yes .
1.131 inoguchi 846: .Pp
847: Note that it is valid in some circumstances for certificates to be created
1.132 jmc 848: without any subject.
849: In cases where there are multiple certificates without
1.131 inoguchi 850: subjects this does not count as a duplicate.
1.35 jmc 851: .It Cm x509_extensions
1.1 jsing 852: The same as
853: .Fl extensions .
1.123 inoguchi 854: .El
855: .Tg certhash
856: .Sh CERTHASH
857: .Bl -hang -width "openssl certhash"
858: .It Nm openssl certhash
859: .Bk -words
860: .Op Fl nv
861: .Ar dir ...
862: .Ek
863: .El
864: .Pp
865: The
866: .Nm certhash
867: command calculates a hash value of
868: .Qq .pem
869: file in the specified directory list and creates symbolic links for each file,
870: where the name of the link is the hash value.
871: See the
872: .Xr SSL_CTX_load_verify_locations 3
873: manual page for how hash links are used.
874: .Pp
875: The links created are of the form
876: .Qq HHHHHHHH.D ,
877: where each
878: .Sq H
879: is a hexadecimal character and
880: .Sq D
881: is a single decimal digit.
882: The hashes for CRLs look similar, except the letter
883: .Sq r
884: appears after the period, like this:
885: .Qq HHHHHHHH.rD .
886: When processing a directory,
887: .Nm certhash
888: will first remove all links that have a name in that syntax and invalid
889: reference.
890: .Pp
891: Multiple objects may have the same hash; they will be indicated by
892: incrementing the
893: .Sq D
894: value.
895: Duplicates are found by comparing the full SHA256 fingerprint.
896: A warning will be displayed if a duplicate is found.
897: .Pp
898: A warning will also be displayed if there are files that cannot be parsed as
899: either a certificate or a CRL.
900: .Pp
901: The options are as follows:
902: .Bl -tag -width Ds
903: .It Fl n
904: Perform a dry-run, and do not make any changes.
905: .It Fl v
906: Print extra details about the processing.
907: .It Ar dir ...
908: Specify the directories to process.
1.1 jsing 909: .El
1.120 kn 910: .Tg ciphers
1.1 jsing 911: .Sh CIPHERS
912: .Nm openssl ciphers
1.138 tb 913: .Op Fl hsVv
1.139 tb 914: .Op Fl tls1_2
915: .Op Fl tls1_3
1.93 schwarze 916: .Op Ar control
1.1 jsing 917: .Pp
918: The
919: .Nm ciphers
1.93 schwarze 920: command converts the
921: .Ar control
922: string from the format documented in
923: .Xr SSL_CTX_set_cipher_list 3
924: into an ordered SSL cipher suite preference list.
925: If no
926: .Ar control
927: string is specified, the
928: .Cm DEFAULT
929: list is printed.
1.1 jsing 930: .Pp
931: The options are as follows:
932: .Bl -tag -width Ds
933: .It Fl h , \&?
934: Print a brief usage message.
1.138 tb 935: .It Fl s
936: Only list ciphers that are supported by the TLS method.
1.150 jmc 937: .It Fl tls1_2 | tls1_3
1.139 tb 938: In combination with the
939: .Fl s
940: option, list the ciphers which could be used
941: if the specified protocol version were negotiated.
1.1 jsing 942: .It Fl V
1.36 jmc 943: Verbose.
1.92 schwarze 944: List ciphers with cipher suite code in hex format,
945: cipher name, and a complete description of protocol version,
946: key exchange, authentication, encryption, and mac algorithms.
1.36 jmc 947: .It Fl v
1.1 jsing 948: Like
1.36 jmc 949: .Fl V ,
950: but without cipher suite codes.
1.116 inoguchi 951: .El
1.120 kn 952: .Tg cms
1.116 inoguchi 953: .Sh CMS
954: .Bl -hang -width "openssl cms"
955: .It Nm openssl cms
956: .Bk -words
957: .Oo
958: .Fl aes128 | aes192 | aes256 | camellia128 |
959: .Fl camellia192 | camellia256 | des | des3 |
960: .Fl rc2-40 | rc2-64 | rc2-128
961: .Oc
962: .Op Fl CAfile Ar file
963: .Op Fl CApath Ar directory
964: .Op Fl binary
965: .Op Fl certfile Ar file
966: .Op Fl certsout Ar file
967: .Op Fl cmsout
968: .Op Fl compress
969: .Op Fl content Ar file
970: .Op Fl crlfeol
971: .Op Fl data_create
972: .Op Fl data_out
973: .Op Fl debug_decrypt
974: .Op Fl decrypt
975: .Op Fl digest_create
976: .Op Fl digest_verify
977: .Op Fl econtent_type Ar type
978: .Op Fl encrypt
979: .Op Fl EncryptedData_decrypt
980: .Op Fl EncryptedData_encrypt
981: .Op Fl from Ar addr
982: .Op Fl in Ar file
983: .Op Fl inform Cm der | pem | smime
984: .Op Fl inkey Ar file
985: .Op Fl keyform Cm der | pem
986: .Op Fl keyid
987: .Op Fl keyopt Ar nm:v
988: .Op Fl md Ar digest
989: .Op Fl no_attr_verify
990: .Op Fl no_content_verify
991: .Op Fl no_signer_cert_verify
992: .Op Fl noattr
993: .Op Fl nocerts
994: .Op Fl nodetach
995: .Op Fl nointern
996: .Op Fl nooldmime
997: .Op Fl noout
998: .Op Fl nosigs
999: .Op Fl nosmimecap
1000: .Op Fl noverify
1001: .Op Fl out Ar file
1002: .Op Fl outform Cm der | pem | smime
1003: .Op Fl passin Ar src
1004: .Op Fl print
1005: .Op Fl pwri_password Ar arg
1006: .Op Fl rctform Cm der | pem | smime
1007: .Op Fl receipt_request_all | receipt_request_first
1008: .Op Fl receipt_request_from Ar addr
1009: .Op Fl receipt_request_print
1010: .Op Fl receipt_request_to Ar addr
1011: .Op Fl recip Ar file
1012: .Op Fl resign
1013: .Op Fl secretkey Ar key
1014: .Op Fl secretkeyid Ar id
1015: .Op Fl sign
1016: .Op Fl sign_receipt
1017: .Op Fl signer Ar file
1018: .Op Fl stream | indef | noindef
1019: .Op Fl subject Ar s
1020: .Op Fl text
1021: .Op Fl to Ar addr
1022: .Op Fl uncompress
1023: .Op Fl verify
1024: .Op Fl verify_receipt Ar file
1025: .Op Fl verify_retcode
1026: .Op Ar cert.pem ...
1027: .Ek
1028: .El
1029: .Pp
1030: The
1031: .Nm cms
1032: command handles S/MIME v3.1 mail.
1033: It can encrypt, decrypt, sign and verify, compress and uncompress S/MIME
1034: messages.
1035: .Pp
1036: The MIME message must be sent without any blank lines between the headers and
1037: the output.
1038: Some mail programs will automatically add a blank line.
1039: Piping the mail directly to sendmail is one way to achieve the correct format.
1040: .Pp
1041: The supplied message to be signed or encrypted must include the necessary MIME
1042: headers or many S/MIME clients won't display it properly (if at all).
1043: You can use the
1044: .Fl text
1045: option to automatically add plain text headers.
1046: .Pp
1047: A "signed and encrypted" message is one where a signed message is then
1048: encrypted.
1049: This can be produced by encrypting an already signed message.
1050: .Pp
1051: There are various operation options that set the type of operation to be
1052: performed.
1053: The meaning of the other options varies according to the operation type.
1054: .Bl -tag -width "XXXX"
1055: .It Fl encrypt
1056: Encrypt mail for the given recipient certificates.
1057: Input file is the message to be encrypted.
1058: The output file is the encrypted mail in MIME format.
1059: The actual CMS type is EnvelopedData.
1060: Note that no revocation check is done for the recipient cert, so if that
1061: key has been compromised, others may be able to decrypt the text.
1062: .It Fl decrypt
1063: Decrypt mail using the supplied certificate and private key.
1064: Expects an encrypted mail message in MIME format for the input file.
1065: The decrypted mail is written to the output file.
1066: .It Fl sign
1067: Sign mail using the supplied certificate and private key.
1068: Input file is the message to be signed.
1069: The signed message in MIME format is written to the output file.
1070: .It Fl verify
1071: Verify signed mail.
1072: Expects a signed mail message on input and outputs the signed data.
1073: Both clear text and opaque signing are supported.
1074: .It Fl cmsout
1075: Take an input message and write out a PEM encoded CMS structure.
1076: .It Fl resign
1077: Resign a message.
1078: Take an existing message and one or more new signers.
1079: This operation uses an existing message digest when adding a new signer.
1080: This means that attributes must be present in at least one existing
1081: signer using the same message digest or this operation will fail.
1082: .It Fl data_create
1083: Create a CMS Data type.
1084: .It Fl data_out
1085: Output a content from the input CMS Data type.
1086: .It Fl digest_create
1087: Create a CMS DigestedData type.
1088: .It Fl digest_verify
1089: Verify a CMS DigestedData type and output the content.
1090: .It Fl compress
1091: Create a CMS CompressedData type.
1092: Must be compiled with zlib support for this option to work.
1093: .It Fl uncompress
1094: Uncompress a CMS CompressedData type and output the content.
1095: Must be compiled with zlib support for this option to work.
1096: .It Fl EncryptedData_encrypt
1097: Encrypt a content using supplied symmetric key and algorithm using a
1098: CMS EncryptedData type.
1099: .It Fl EncryptedData_decrypt
1100: Decrypt a CMS EncryptedData type using supplied symmetric key.
1101: .It Fl sign_receipt
1102: Generate and output a signed receipt for the supplied message.
1103: The input message must contain a signed receipt request.
1104: Functionality is otherwise similar to the
1105: .Fl sign
1106: operation.
1107: .It Xo
1108: .Fl verify_receipt Ar file
1109: .Xc
1110: Verify a signed receipt in file.
1111: The input message must contain the original receipt request.
1112: Functionality is otherwise similar to the
1113: .Fl verify
1114: operation.
1115: .El
1116: .Pp
1117: The remaining options are as follows:
1118: .Bl -tag -width "XXXX"
1119: .It Xo
1120: .Fl aes128 | aes192 | aes256 | camellia128 |
1121: .Fl camellia192 | camellia256 | des | des3 |
1122: .Fl rc2-40 | rc2-64 | rc2-128
1123: .Xc
1124: The encryption algorithm to use.
1125: 128-, 192-, or 256-bit AES, 128-, 192-, or 256-bit CAMELLIA,
1126: DES (56 bits), triple DES (168 bits),
1127: or 40-, 64-, or 128-bit RC2, respectively;
1128: if not specified, triple DES is
1129: used.
1130: Only used with
1131: .Fl encrypt
1132: and
1133: .Fl EncryptedData_encrypt
1134: commands.
1135: .It Fl binary
1136: Normally the input message is converted to "canonical" format which is
1137: effectively using CR/LF as end of line, as required by the S/MIME specification.
1.127 jmc 1138: When this option is present, no translation occurs.
1.116 inoguchi 1139: This is useful when handling binary data which may not be in MIME format.
1140: .It Fl CAfile Ar file
1141: A file containing trusted CA certificates, used with
1142: .Fl verify
1143: and
1144: .Fl verify_receipt .
1145: .It Fl CApath Ar directory
1146: A directory containing trusted CA certificates, used with
1147: .Fl verify
1148: and
1149: .Fl verify_receipt .
1150: This directory must be a standard certificate directory: that is a hash
1151: of each subject name (using
1152: .Nm x509 Fl hash )
1153: should be linked to each certificate.
1.124 inoguchi 1154: .It Ar cert.pem ...
1.116 inoguchi 1155: One or more certificates of message recipients: used when encrypting a message.
1156: .It Fl certfile Ar file
1157: Allows additional certificates to be specified.
1.137 naddy 1158: When signing, these will be included with the message.
1159: When verifying, these will be searched for the signer's certificates.
1.116 inoguchi 1160: The certificates should be in PEM format.
1161: .It Fl certsout Ar file
1162: A file that any certificates contained in the message are written to.
1163: .It Xo
1164: .Fl check_ss_sig ,
1165: .Fl crl_check ,
1166: .Fl crl_check_all ,
1167: .Fl extended_crl ,
1168: .Fl ignore_critical ,
1169: .Fl issuer_checks ,
1170: .Fl policy ,
1171: .Fl policy_check ,
1172: .Fl purpose ,
1173: .Fl x509_strict
1174: .Xc
1175: Set various certificate chain validation options.
1176: See the
1177: .Nm verify
1178: command for details.
1179: .It Fl content Ar file
1180: A file containing the detached content.
1181: This is only useful with the
1182: .Fl verify
1183: command.
1184: This is only usable if the CMS structure is using the detached signature
1185: form where the content is not included.
1186: This option will override any content if the input format is S/MIME and
1187: it uses the multipart/signed MIME content type.
1188: .It Fl crlfeol
1189: Output a S/MIME message with CR/LF end of line.
1190: .It Fl debug_decrypt
1191: Set the CMS_DEBUG_DECRYPT flag when decrypting.
1192: This option should be used with caution, since this can be used to disable
1193: the MMA attack protection and return an error if no recipient can be found.
1194: See the
1195: .Xr CMS_decrypt 3
1196: manual page for details of the flag.
1197: .It Xo
1198: .Fl from Ar addr ,
1199: .Fl subject Ar s ,
1200: .Fl to Ar addr
1201: .Xc
1202: The relevant mail headers.
1203: These are included outside the signed portion of a message so they may
1204: be included manually.
1205: If signing then many S/MIME mail clients check the signer's certificate's
1206: email address matches that specified in the From: address.
1207: .It Fl econtent_type Ar type
1208: Set the encapsulated content type, used with
1209: .Fl sign .
1.137 naddy 1210: If not supplied, the Data type is used.
1.116 inoguchi 1211: The type argument can be any valid OID name in either text or numerical format.
1212: .It Fl in Ar file
1213: The input message to be encrypted or signed or the message to be decrypted or
1214: verified.
1215: .It Fl inform Cm der | pem | smime
1216: The input format for the CMS structure.
1217: The default is
1218: .Cm smime ,
1219: which reads an S/MIME format message.
1220: .Cm pem
1221: and
1222: .Cm der
1223: format change this to expect PEM and DER format CMS structures instead.
1224: This currently only affects the input format of the CMS structure; if no
1225: CMS structure is being input (for example with
1226: .Fl encrypt
1227: or
1228: .Fl sign )
1229: this option has no effect.
1230: .It Fl inkey Ar file
1231: The private key to use when signing or decrypting.
1232: This must match the corresponding certificate.
1233: If this option is not specified then the private key must be included in
1234: the certificate file specified with the
1235: .Fl recip
1236: or
1237: .Fl signer
1238: file.
1.137 naddy 1239: When signing, this option can be used multiple times to specify successive keys.
1.116 inoguchi 1240: .It Fl keyform Cm der | pem
1241: Input private key format.
1242: The default is
1243: .Cm pem .
1244: .It Fl keyid
1245: Use subject key identifier to identify certificates instead of issuer
1246: name and serial number.
1247: The supplied certificate must include a subject key identifier extension.
1248: Supported by
1249: .Fl sign
1250: and
1251: .Fl encrypt
1252: operations.
1253: .It Fl keyopt Ar nm:v
1254: Set customised parameters for the preceding key or certificate
1255: for encryption and signing.
1256: It can currently be used to set RSA-PSS for signing, RSA-OAEP for
1257: encryption or to modify default parameters for ECDH.
1258: This option can be used multiple times.
1259: .It Fl md Ar digest
1260: The digest algorithm to use when signing or resigning.
1261: If not present then the default digest algorithm for the signing key
1262: will be used (usually SHA1).
1263: .It Fl no_attr_verify
1264: Do not verify the signer's attribute of a signature.
1265: .It Fl no_content_verify
1266: Do not verify the content of a signed message.
1267: .It Fl no_signer_cert_verify
1268: Do not verify the signer's certificate of a signed message.
1269: .It Fl noattr
1270: Do not include attributes.
1271: Normally when a message is signed a set of attributes are included which
1272: include the signing time and supported symmetric algorithms.
1273: With this option they are not included.
1274: .It Fl nocerts
1275: Do not include the signer's certificate.
1276: This will reduce the size of the signed message but the verifier must
1277: have a copy of the signer's certificate available locally (passed using
1278: the
1279: .Fl certfile
1280: option for example).
1281: .It Fl nodetach
1.137 naddy 1282: When signing a message, use opaque signing.
1.116 inoguchi 1283: This form is more resistant to translation by mail relays but it cannot be
1284: read by mail agents that do not support S/MIME.
1285: Without this option cleartext signing with the MIME type multipart/signed is
1286: used.
1287: .It Fl nointern
1288: Only the certificates specified in the
1289: .Fl certfile
1290: option are used.
1.137 naddy 1291: When verifying a message, normally certificates (if any) included in the
1.116 inoguchi 1292: message are searched for the signing certificate.
1293: The supplied certificates can still be used as untrusted CAs however.
1294: .It Fl nooldmime
1295: Output an old S/MIME content type like "application/x-pkcs7-".
1296: .It Fl noout
1297: Do not output the parsed CMS structure for the
1298: .Fl cmsout
1299: operation.
1300: This is useful when combined with the
1301: .Fl print
1302: option or if the syntax of the CMS structure is being checked.
1303: .It Fl nosigs
1304: Do not try to verify the signatures on the message.
1305: .It Fl nosmimecap
1306: Exclude the list of supported algorithms from signed attributes; other
1307: options such as signing time and content type are still included.
1308: .It Fl noverify
1309: Do not verify the signer's certificate of a signed message.
1310: .It Fl out Ar file
1311: The message text that has been decrypted or verified or the output MIME
1312: format message that has been signed or verified.
1313: .It Fl outform Cm der | pem | smime
1314: This specifies the output format for the CMS structure.
1315: The default is
1316: .Cm smime ,
1317: which writes an S/MIME format message.
1318: .Cm pem
1319: and
1320: .Cm der
1321: format change this to write PEM and DER format CMS structures instead.
1322: This currently only affects the output format of the CMS structure; if
1323: no CMS structure is being output (for example with
1324: .Fl verify
1325: or
1326: .Fl decrypt )
1327: this option has no effect.
1328: .It Fl passin Ar src
1329: The private key password source.
1330: .It Fl print
1331: Print out all fields of the CMS structure for the
1332: .Fl cmsout
1333: operation.
1334: This is mainly useful for testing purposes.
1335: .It Fl pwri_password Ar arg
1336: Specify PasswordRecipientInfo (PWRI) password to use.
1337: Supported by the
1338: .Fl encrypt
1339: and
1340: .Fl decrypt
1341: operations.
1342: .It Fl rctform Cm der | pem | smime
1343: Specify the format for a signed receipt for use with the
1344: .Fl receipt_verify
1345: operation.
1346: The default is
1347: .Cm smime .
1348: .It Fl receipt_request_all | receipt_request_first
1349: Indicate requests should be provided by all recipient or first tier
1350: recipients (those mailed directly and not from a mailing list), for the
1351: .Fl sign
1352: operation to include a signed receipt request.
1353: Ignored if
1354: .Fl receipt_request_from
1355: is included.
1356: .It Fl receipt_request_from Ar addr
1357: Add an explicit email address where receipts should be supplied.
1358: .It Fl receipt_request_print
1359: Print out the contents of any signed receipt requests for the
1360: .Fl verify
1361: operation.
1362: .It Fl receipt_request_to Ar addr
1363: Add an explicit email address where signed receipts should be sent to.
1364: This option must be supplied if a signed receipt is requested.
1365: .It Fl recip Ar file
1.137 naddy 1366: When decrypting a message, this specifies the recipient's certificate.
1.116 inoguchi 1367: The certificate must match one of the recipients of the message or an
1368: error occurs.
1.137 naddy 1369: When encrypting a message, this option may be used multiple times to
1.116 inoguchi 1370: specify each recipient.
1371: This form must be used if customised parameters are required (for example to
1372: specify RSA-OAEP).
1373: Only certificates carrying RSA, Diffie-Hellman or EC keys are supported
1374: by this option.
1375: .It Fl secretkey Ar key
1376: Specify symmetric key to use.
1377: The key must be supplied in hex format and be consistent with the
1378: algorithm used.
1379: Supported by the
1380: .Fl EncryptedData_encrypt ,
1381: .Fl EncryptedData_decrypt ,
1382: .Fl encrypt
1383: and
1384: .Fl decrypt
1385: operations.
1386: When used with
1387: .Fl encrypt
1388: or
1.137 naddy 1389: .Fl decrypt ,
1.116 inoguchi 1390: the supplied key is used to wrap or unwrap the content encryption key
1391: using an AES key in the KEKRecipientInfo type.
1392: .It Fl secretkeyid Ar id
1393: The key identifier for the supplied symmetric key for KEKRecipientInfo type.
1394: This option must be present if the
1395: .Fl secretkey
1396: option is used with
1397: .Fl encrypt .
1398: With
1399: .Fl decrypt
1400: operations the id is used to locate the relevant key; if it is not supplied
1401: then an attempt is used to decrypt any KEKRecipientInfo structures.
1402: .It Fl signer Ar file
1403: A signing certificate when signing or resigning a message; this option
1404: can be used multiple times if more than one signer is required.
1405: If a message is being verified then the signers certificates will be
1406: written to this file if the verification was successful.
1407: .It Xo
1408: .Fl stream |
1409: .Fl indef |
1410: .Fl noindef
1411: .Xc
1412: The
1413: .Fl stream
1414: and
1415: .Fl indef
1416: options are equivalent and enable streaming I/O for encoding operations.
1417: This permits single pass processing of data without the need to hold the
1418: entire contents in memory, potentially supporting very large files.
1419: Streaming is automatically set for S/MIME signing with detached data if
1420: the output format is
1421: .Cm smime ;
1422: it is currently off by default for all other operations.
1423: .Fl noindef
1424: disable streaming I/O where it would produce an indefinite length
1425: constructed encoding.
1426: This option currently has no effect.
1427: .It Fl text
1428: Add plain text (text/plain) MIME headers to the supplied message if
1429: encrypting or signing.
1.137 naddy 1430: If decrypting or verifying, it strips off text headers: if the decrypted
1.116 inoguchi 1431: or verified message is not of MIME type text/plain then an error occurs.
1432: .It Fl verify_retcode
1433: Set verification error code to exit code to indicate what verification error
1434: has occurred.
1435: Supported by
1436: .Fl verify
1437: operation only.
1438: Exit code value minus 32 shows verification error code.
1439: See
1440: .Nm verify
1441: command for the list of verification error code.
1442: .El
1443: .Pp
1444: The exit codes for
1445: .Nm cms
1446: are as follows:
1447: .Pp
1448: .Bl -tag -width "XXXX" -offset 3n -compact
1449: .It 0
1450: The operation was completely successful.
1451: .It 1
1452: An error occurred parsing the command options.
1453: .It 2
1454: One of the input files could not be read.
1455: .It 3
1456: An error occurred creating the CMS file or when reading the MIME message.
1457: .It 4
1458: An error occurred decrypting or verifying the message.
1459: .It 5
1460: The message was verified correctly but an error occurred writing out the
1461: signer's certificates.
1462: .It 6
1463: An error occurred writing the output file.
1464: .It 32+
1465: A verify error occurred while
1466: .Fl verify_retcode
1467: is specified.
1.1 jsing 1468: .El
1.120 kn 1469: .Tg crl
1.1 jsing 1470: .Sh CRL
1.114 jmc 1471: .Bl -hang -width "openssl crl"
1472: .It Nm openssl crl
1473: .Bk -words
1.1 jsing 1474: .Op Fl CAfile Ar file
1475: .Op Fl CApath Ar dir
1.104 inoguchi 1476: .Op Fl crlnumber
1.1 jsing 1477: .Op Fl fingerprint
1478: .Op Fl hash
1.104 inoguchi 1479: .Op Fl hash_old
1.1 jsing 1480: .Op Fl in Ar file
1.38 jmc 1481: .Op Fl inform Cm der | pem
1.1 jsing 1482: .Op Fl issuer
1483: .Op Fl lastupdate
1.104 inoguchi 1484: .Op Fl nameopt Ar option
1.1 jsing 1485: .Op Fl nextupdate
1486: .Op Fl noout
1487: .Op Fl out Ar file
1.38 jmc 1488: .Op Fl outform Cm der | pem
1.1 jsing 1489: .Op Fl text
1.104 inoguchi 1490: .Op Fl verify
1.114 jmc 1491: .Ek
1492: .El
1.1 jsing 1493: .Pp
1494: The
1495: .Nm crl
1496: command processes CRL files in DER or PEM format.
1.37 jmc 1497: .Pp
1.1 jsing 1498: The options are as follows:
1499: .Bl -tag -width Ds
1500: .It Fl CAfile Ar file
1501: Verify the signature on a CRL by looking up the issuing certificate in
1502: .Ar file .
1503: .It Fl CApath Ar directory
1504: Verify the signature on a CRL by looking up the issuing certificate in
1505: .Ar dir .
1506: This directory must be a standard certificate directory,
1507: i.e. a hash of each subject name (using
1508: .Cm x509 Fl hash )
1509: should be linked to each certificate.
1.104 inoguchi 1510: .It Fl crlnumber
1511: Print the CRL number.
1.1 jsing 1512: .It Fl fingerprint
1513: Print the CRL fingerprint.
1514: .It Fl hash
1515: Output a hash of the issuer name.
1516: This can be used to look up CRLs in a directory by issuer name.
1.104 inoguchi 1517: .It Fl hash_old
1518: Output an old-style (MD5) hash of the issuer name.
1.1 jsing 1519: .It Fl in Ar file
1.37 jmc 1520: The input file to read from, or standard input if not specified.
1.38 jmc 1521: .It Fl inform Cm der | pem
1.37 jmc 1522: The input format.
1.1 jsing 1523: .It Fl issuer
1524: Output the issuer name.
1525: .It Fl lastupdate
1526: Output the
1.147 schwarze 1527: .Cm thisUpdate
1.1 jsing 1528: field.
1.147 schwarze 1529: This option is misnamed for historical reasons.
1.104 inoguchi 1530: .It Fl nameopt Ar option
1531: Specify certificate name options.
1.1 jsing 1532: .It Fl nextupdate
1533: Output the
1.37 jmc 1534: .Cm nextUpdate
1.1 jsing 1535: field.
1536: .It Fl noout
1.46 jmc 1537: Do not output the encoded version of the CRL.
1.1 jsing 1538: .It Fl out Ar file
1.37 jmc 1539: The output file to write to, or standard output if not specified.
1.38 jmc 1540: .It Fl outform Cm der | pem
1.37 jmc 1541: The output format.
1.1 jsing 1542: .It Fl text
1.64 jmc 1543: Print the CRL in plain text.
1.104 inoguchi 1544: .It Fl verify
1545: Verify the signature on the CRL.
1.1 jsing 1546: .El
1.120 kn 1547: .Tg crl2pkcs7
1.1 jsing 1548: .Sh CRL2PKCS7
1.114 jmc 1549: .Bl -hang -width "openssl crl2pkcs7"
1550: .It Nm openssl crl2pkcs7
1551: .Bk -words
1.1 jsing 1552: .Op Fl certfile Ar file
1553: .Op Fl in Ar file
1.40 jmc 1554: .Op Fl inform Cm der | pem
1.1 jsing 1555: .Op Fl nocrl
1556: .Op Fl out Ar file
1.40 jmc 1557: .Op Fl outform Cm der | pem
1.114 jmc 1558: .Ek
1559: .El
1.1 jsing 1560: .Pp
1561: The
1562: .Nm crl2pkcs7
1563: command takes an optional CRL and one or more
1564: certificates and converts them into a PKCS#7 degenerate
1565: .Qq certificates only
1566: structure.
1567: .Pp
1568: The options are as follows:
1569: .Bl -tag -width Ds
1570: .It Fl certfile Ar file
1.40 jmc 1571: Add the certificates in PEM
1.1 jsing 1572: .Ar file
1.40 jmc 1573: to the PKCS#7 structure.
1574: This option can be used more than once
1575: to read certificates from multiple files.
1.1 jsing 1576: .It Fl in Ar file
1.40 jmc 1577: Read the CRL from
1578: .Ar file ,
1579: or standard input if not specified.
1580: .It Fl inform Cm der | pem
1.64 jmc 1581: The input format.
1.1 jsing 1582: .It Fl nocrl
1583: Normally, a CRL is included in the output file.
1584: With this option, no CRL is
1585: included in the output file and a CRL is not read from the input file.
1586: .It Fl out Ar file
1.40 jmc 1587: Write the PKCS#7 structure to
1588: .Ar file ,
1589: or standard output if not specified.
1590: .It Fl outform Cm der | pem
1.64 jmc 1591: The output format.
1.1 jsing 1592: .El
1.120 kn 1593: .Tg dgst
1.1 jsing 1594: .Sh DGST
1.114 jmc 1595: .Bl -hang -width "openssl dgst"
1596: .It Nm openssl dgst
1597: .Bk -words
1.105 inoguchi 1598: .Op Fl cdr
1.1 jsing 1599: .Op Fl binary
1.43 jmc 1600: .Op Fl Ar digest
1.1 jsing 1601: .Op Fl hex
1602: .Op Fl hmac Ar key
1.43 jmc 1603: .Op Fl keyform Cm pem
1.1 jsing 1604: .Op Fl mac Ar algorithm
1605: .Op Fl macopt Ar nm : Ns Ar v
1606: .Op Fl out Ar file
1607: .Op Fl passin Ar arg
1608: .Op Fl prverify Ar file
1609: .Op Fl sign Ar file
1610: .Op Fl signature Ar file
1611: .Op Fl sigopt Ar nm : Ns Ar v
1612: .Op Fl verify Ar file
1613: .Op Ar
1.114 jmc 1614: .Ek
1615: .El
1.1 jsing 1616: .Pp
1617: The digest functions output the message digest of a supplied
1618: .Ar file
1619: or
1620: .Ar files
1621: in hexadecimal form.
1622: They can also be used for digital signing and verification.
1623: .Pp
1624: The options are as follows:
1625: .Bl -tag -width Ds
1626: .It Fl binary
1627: Output the digest or signature in binary form.
1628: .It Fl c
1.48 jmc 1629: Print the digest in two-digit groups separated by colons.
1.1 jsing 1630: .It Fl d
1.48 jmc 1631: Print BIO debugging information.
1.43 jmc 1632: .It Fl Ar digest
1633: Use the specified message
1634: .Ar digest .
1.98 naddy 1635: The default is SHA256.
1.43 jmc 1636: The available digests can be displayed using
1637: .Nm openssl
1638: .Cm list-message-digest-commands .
1639: The following are equivalent:
1640: .Nm openssl dgst
1.98 naddy 1641: .Fl sha256
1.43 jmc 1642: and
1643: .Nm openssl
1.98 naddy 1644: .Cm sha256 .
1.1 jsing 1645: .It Fl hex
1646: Digest is to be output as a hex dump.
1647: This is the default case for a
1648: .Qq normal
1649: digest as opposed to a digital signature.
1650: .It Fl hmac Ar key
1651: Create a hashed MAC using
1652: .Ar key .
1.43 jmc 1653: .It Fl keyform Cm pem
1.1 jsing 1654: Specifies the key format to sign the digest with.
1655: .It Fl mac Ar algorithm
1656: Create a keyed Message Authentication Code (MAC).
1657: The most popular MAC algorithm is HMAC (hash-based MAC),
1658: but there are other MAC algorithms which are not based on hash.
1659: MAC keys and other options should be set via the
1660: .Fl macopt
1661: parameter.
1662: .It Fl macopt Ar nm : Ns Ar v
1663: Passes options to the MAC algorithm, specified by
1664: .Fl mac .
1665: The following options are supported by HMAC:
1666: .Bl -tag -width Ds
1.43 jmc 1667: .It Cm key : Ns Ar string
1.1 jsing 1668: Specifies the MAC key as an alphanumeric string
1669: (use if the key contain printable characters only).
1670: String length must conform to any restrictions of the MAC algorithm.
1.43 jmc 1671: .It Cm hexkey : Ns Ar string
1.1 jsing 1672: Specifies the MAC key in hexadecimal form (two hex digits per byte).
1673: Key length must conform to any restrictions of the MAC algorithm.
1674: .El
1675: .It Fl out Ar file
1.43 jmc 1676: The output file to write to,
1677: or standard output if not specified.
1.1 jsing 1678: .It Fl passin Ar arg
1679: The key password source.
1680: .It Fl prverify Ar file
1681: Verify the signature using the private key in
1682: .Ar file .
1683: The output is either
1684: .Qq Verification OK
1685: or
1686: .Qq Verification Failure .
1.105 inoguchi 1687: .It Fl r
1688: Print the digest in coreutils format.
1.1 jsing 1689: .It Fl sign Ar file
1690: Digitally sign the digest using the private key in
1691: .Ar file .
1692: .It Fl signature Ar file
1693: The actual signature to verify.
1694: .It Fl sigopt Ar nm : Ns Ar v
1695: Pass options to the signature algorithm during sign or verify operations.
1696: The names and values of these options are algorithm-specific.
1697: .It Fl verify Ar file
1698: Verify the signature using the public key in
1699: .Ar file .
1700: The output is either
1701: .Qq Verification OK
1702: or
1703: .Qq Verification Failure .
1704: .It Ar
1705: File or files to digest.
1706: If no files are specified then standard input is used.
1707: .El
1.120 kn 1708: .Tg dhparam
1.1 jsing 1709: .Sh DHPARAM
1.114 jmc 1710: .Bl -hang -width "openssl dhparam"
1711: .It Nm openssl dhparam
1712: .Bk -words
1.1 jsing 1713: .Op Fl 2 | 5
1714: .Op Fl C
1715: .Op Fl check
1716: .Op Fl dsaparam
1717: .Op Fl in Ar file
1.44 jmc 1718: .Op Fl inform Cm der | pem
1.1 jsing 1719: .Op Fl noout
1720: .Op Fl out Ar file
1.44 jmc 1721: .Op Fl outform Cm der | pem
1.1 jsing 1722: .Op Fl text
1723: .Op Ar numbits
1.114 jmc 1724: .Ek
1725: .El
1.1 jsing 1726: .Pp
1727: The
1728: .Nm dhparam
1729: command is used to manipulate DH parameter files.
1.44 jmc 1730: Only the older PKCS#3 DH is supported,
1731: not the newer X9.42 DH.
1.1 jsing 1732: .Pp
1733: The options are as follows:
1734: .Bl -tag -width Ds
1735: .It Fl 2 , 5
1.44 jmc 1736: The generator to use;
1.1 jsing 1737: 2 is the default.
1738: If present, the input file is ignored and parameters are generated instead.
1739: .It Fl C
1.44 jmc 1740: Convert the parameters into C code.
1.1 jsing 1741: The parameters can then be loaded by calling the
1.44 jmc 1742: .No get_dh Ns Ar numbits
1.1 jsing 1743: function.
1744: .It Fl check
1745: Check the DH parameters.
1746: .It Fl dsaparam
1.44 jmc 1747: Read or create DSA parameters,
1748: converted to DH format on output.
1.1 jsing 1749: Otherwise,
1750: .Qq strong
1751: primes
1752: .Pq such that (p-1)/2 is also prime
1753: will be used for DH parameter generation.
1754: .Pp
1755: DH parameter generation with the
1756: .Fl dsaparam
1757: option is much faster,
1758: and the recommended exponent length is shorter,
1759: which makes DH key exchange more efficient.
1760: Beware that with such DSA-style DH parameters,
1761: a fresh DH key should be created for each use to
1762: avoid small-subgroup attacks that may be possible otherwise.
1763: .It Fl in Ar file
1.44 jmc 1764: The input file to read from,
1765: or standard input if not specified.
1766: .It Fl inform Cm der | pem
1767: The input format.
1.1 jsing 1768: .It Fl noout
1.46 jmc 1769: Do not output the encoded version of the parameters.
1.44 jmc 1770: .It Fl out Ar file
1771: The output file to write to,
1772: or standard output if not specified.
1773: .It Fl outform Cm der | pem
1774: The output format.
1775: .It Fl text
1.64 jmc 1776: Print the DH parameters in plain text.
1.1 jsing 1777: .It Ar numbits
1.44 jmc 1778: Generate a parameter set of size
1.1 jsing 1779: .Ar numbits .
1780: It must be the last option.
1.16 sthen 1781: If not present, a value of 2048 is used.
1.1 jsing 1782: If this value is present, the input file is ignored and
1783: parameters are generated instead.
1784: .El
1.120 kn 1785: .Tg dsa
1.1 jsing 1786: .Sh DSA
1.114 jmc 1787: .Bl -hang -width "openssl dsa"
1788: .It Nm openssl dsa
1789: .Bk -words
1.1 jsing 1790: .Oo
1791: .Fl aes128 | aes192 | aes256 |
1792: .Fl des | des3
1793: .Oc
1794: .Op Fl in Ar file
1.108 inoguchi 1795: .Op Fl inform Cm der | pem | pvk
1.1 jsing 1796: .Op Fl modulus
1797: .Op Fl noout
1798: .Op Fl out Ar file
1.108 inoguchi 1799: .Op Fl outform Cm der | pem | pvk
1.1 jsing 1800: .Op Fl passin Ar arg
1801: .Op Fl passout Ar arg
1802: .Op Fl pubin
1803: .Op Fl pubout
1.108 inoguchi 1804: .Op Fl pvk-none | pvk-strong | pvk-weak
1.1 jsing 1805: .Op Fl text
1.114 jmc 1806: .Ek
1807: .El
1.1 jsing 1808: .Pp
1809: The
1810: .Nm dsa
1811: command processes DSA keys.
1812: They can be converted between various forms and their components printed out.
1813: .Pp
1814: .Sy Note :
1815: This command uses the traditional
1816: .Nm SSLeay
1817: compatible format for private key encryption:
1818: newer applications should use the more secure PKCS#8 format using the
1819: .Nm pkcs8
1820: command.
1821: .Pp
1822: The options are as follows:
1823: .Bl -tag -width Ds
1824: .It Xo
1825: .Fl aes128 | aes192 | aes256 |
1826: .Fl des | des3
1827: .Xc
1.45 jmc 1828: Encrypt the private key with the AES, DES, or the triple DES
1.1 jsing 1829: ciphers, respectively, before outputting it.
1830: A pass phrase is prompted for.
1.45 jmc 1831: If none of these options are specified, the key is written in plain text.
1.1 jsing 1832: This means that using the
1833: .Nm dsa
1.45 jmc 1834: utility to read an encrypted key with no encryption option can be used to
1.1 jsing 1835: remove the pass phrase from a key,
1.45 jmc 1836: or by setting the encryption options it can be used to add or change
1.1 jsing 1837: the pass phrase.
1838: These options can only be used with PEM format output files.
1839: .It Fl in Ar file
1.45 jmc 1840: The input file to read from,
1841: or standard input if not specified.
1.1 jsing 1842: If the key is encrypted, a pass phrase will be prompted for.
1.108 inoguchi 1843: .It Fl inform Cm der | pem | pvk
1.45 jmc 1844: The input format.
1.1 jsing 1845: .It Fl modulus
1.45 jmc 1846: Print the value of the public key component of the key.
1.1 jsing 1847: .It Fl noout
1.46 jmc 1848: Do not output the encoded version of the key.
1.1 jsing 1849: .It Fl out Ar file
1.45 jmc 1850: The output file to write to,
1851: or standard output if not specified.
1.1 jsing 1852: If any encryption options are set then a pass phrase will be
1853: prompted for.
1.108 inoguchi 1854: .It Fl outform Cm der | pem | pvk
1.45 jmc 1855: The output format.
1.1 jsing 1856: .It Fl passin Ar arg
1857: The key password source.
1858: .It Fl passout Ar arg
1859: The output file password source.
1860: .It Fl pubin
1.60 jmc 1861: Read in a public key, not a private key.
1.1 jsing 1862: .It Fl pubout
1.60 jmc 1863: Output a public key, not a private key.
1864: Automatically set if the input is a public key.
1.108 inoguchi 1865: .It Xo
1866: .Fl pvk-none | pvk-strong | pvk-weak
1867: .Xc
1868: Enable or disable PVK encoding.
1869: The default is
1870: .Fl pvk-strong .
1.1 jsing 1871: .It Fl text
1.64 jmc 1872: Print the public/private key in plain text.
1.1 jsing 1873: .El
1.120 kn 1874: .Tg dsaparam
1.1 jsing 1875: .Sh DSAPARAM
1.114 jmc 1876: .Bl -hang -width "openssl dsaparam"
1877: .It Nm openssl dsaparam
1878: .Bk -words
1.1 jsing 1879: .Op Fl C
1880: .Op Fl genkey
1881: .Op Fl in Ar file
1.46 jmc 1882: .Op Fl inform Cm der | pem
1.1 jsing 1883: .Op Fl noout
1884: .Op Fl out Ar file
1.46 jmc 1885: .Op Fl outform Cm der | pem
1.1 jsing 1886: .Op Fl text
1887: .Op Ar numbits
1.114 jmc 1888: .Ek
1889: .El
1.1 jsing 1890: .Pp
1891: The
1892: .Nm dsaparam
1893: command is used to manipulate or generate DSA parameter files.
1894: .Pp
1895: The options are as follows:
1896: .Bl -tag -width Ds
1897: .It Fl C
1.46 jmc 1898: Convert the parameters into C code.
1.1 jsing 1899: The parameters can then be loaded by calling the
1.46 jmc 1900: .No get_dsa Ns Ar XXX
1.1 jsing 1901: function.
1902: .It Fl genkey
1.46 jmc 1903: Generate a DSA key either using the specified or generated
1.1 jsing 1904: parameters.
1905: .It Fl in Ar file
1.46 jmc 1906: The input file to read from,
1907: or standard input if not specified.
1.1 jsing 1908: If the
1909: .Ar numbits
1.46 jmc 1910: parameter is included, then this option is ignored.
1911: .It Fl inform Cm der | pem
1912: The input format.
1.1 jsing 1913: .It Fl noout
1.46 jmc 1914: Do not output the encoded version of the parameters.
1915: .It Fl out Ar file
1916: The output file to write to,
1917: or standard output if not specified.
1918: .It Fl outform Cm der | pem
1919: The output format.
1920: .It Fl text
1.64 jmc 1921: Print the DSA parameters in plain text.
1.1 jsing 1922: .It Ar numbits
1.46 jmc 1923: Generate a parameter set of size
1.1 jsing 1924: .Ar numbits .
1.46 jmc 1925: If this option is included, the input file is ignored.
1.1 jsing 1926: .El
1.120 kn 1927: .Tg ec
1.1 jsing 1928: .Sh EC
1.114 jmc 1929: .Bl -hang -width "openssl ec"
1930: .It Nm openssl ec
1931: .Bk -words
1.1 jsing 1932: .Op Fl conv_form Ar arg
1933: .Op Fl des
1934: .Op Fl des3
1935: .Op Fl in Ar file
1.47 jmc 1936: .Op Fl inform Cm der | pem
1.1 jsing 1937: .Op Fl noout
1938: .Op Fl out Ar file
1.47 jmc 1939: .Op Fl outform Cm der | pem
1.1 jsing 1940: .Op Fl param_enc Ar arg
1941: .Op Fl param_out
1942: .Op Fl passin Ar arg
1943: .Op Fl passout Ar arg
1944: .Op Fl pubin
1945: .Op Fl pubout
1946: .Op Fl text
1.114 jmc 1947: .Ek
1948: .El
1.1 jsing 1949: .Pp
1950: The
1951: .Nm ec
1952: command processes EC keys.
1953: They can be converted between various
1954: forms and their components printed out.
1.47 jmc 1955: .Nm openssl
1.1 jsing 1956: uses the private key format specified in
1957: .Dq SEC 1: Elliptic Curve Cryptography
1.136 jsg 1958: .Pq Lk https://www.secg.org/ .
1.1 jsing 1959: To convert an
1960: EC private key into the PKCS#8 private key format use the
1961: .Nm pkcs8
1962: command.
1963: .Pp
1964: The options are as follows:
1965: .Bl -tag -width Ds
1966: .It Fl conv_form Ar arg
1.47 jmc 1967: Specify how the points on the elliptic curve are converted
1.1 jsing 1968: into octet strings.
1969: Possible values are:
1.95 tb 1970: .Cm compressed ,
1971: .Cm uncompressed
1.47 jmc 1972: (the default),
1.1 jsing 1973: and
1974: .Cm hybrid .
1975: For more information regarding
1.47 jmc 1976: the point conversion forms see the X9.62 standard.
1.1 jsing 1977: Note:
1978: Due to patent issues the
1979: .Cm compressed
1980: option is disabled by default for binary curves
1981: and can be enabled by defining the preprocessor macro
1.47 jmc 1982: .Dv OPENSSL_EC_BIN_PT_COMP
1.1 jsing 1983: at compile time.
1984: .It Fl des | des3
1.47 jmc 1985: Encrypt the private key with DES, triple DES, or
1.1 jsing 1986: any other cipher supported by
1.47 jmc 1987: .Nm openssl .
1.1 jsing 1988: A pass phrase is prompted for.
1.127 jmc 1989: If none of these options are specified, the key is written in plain text.
1.1 jsing 1990: This means that using the
1991: .Nm ec
1992: utility to read in an encrypted key with no
1993: encryption option can be used to remove the pass phrase from a key,
1994: or by setting the encryption options
1.83 naddy 1995: it can be used to add or change the pass phrase.
1.1 jsing 1996: These options can only be used with PEM format output files.
1997: .It Fl in Ar file
1.47 jmc 1998: The input file to read a key from,
1999: or standard input if not specified.
1.127 jmc 2000: If the key is encrypted, a pass phrase will be prompted for.
1.47 jmc 2001: .It Fl inform Cm der | pem
2002: The input format.
1.1 jsing 2003: .It Fl noout
1.47 jmc 2004: Do not output the encoded version of the key.
1.1 jsing 2005: .It Fl out Ar file
1.47 jmc 2006: The output filename to write to,
2007: or standard output if not specified.
1.1 jsing 2008: If any encryption options are set then a pass phrase will be prompted for.
1.47 jmc 2009: .It Fl outform Cm der | pem
2010: The output format.
1.1 jsing 2011: .It Fl param_enc Ar arg
1.47 jmc 2012: Specify how the elliptic curve parameters are encoded.
1.1 jsing 2013: Possible value are:
2014: .Cm named_curve ,
2015: i.e. the EC parameters are specified by an OID; or
2016: .Cm explicit ,
2017: where the EC parameters are explicitly given
2018: (see RFC 3279 for the definition of the EC parameter structures).
2019: The default value is
2020: .Cm named_curve .
2021: Note: the
2022: .Cm implicitlyCA
2023: alternative,
2024: as specified in RFC 3279,
1.47 jmc 2025: is currently not implemented.
1.106 inoguchi 2026: .It Fl param_out
2027: Print the elliptic curve parameters.
1.1 jsing 2028: .It Fl passin Ar arg
2029: The key password source.
2030: .It Fl passout Ar arg
2031: The output file password source.
2032: .It Fl pubin
1.60 jmc 2033: Read in a public key, not a private key.
1.1 jsing 2034: .It Fl pubout
1.60 jmc 2035: Output a public key, not a private key.
2036: Automatically set if the input is a public key.
1.1 jsing 2037: .It Fl text
1.64 jmc 2038: Print the public/private key in plain text.
1.1 jsing 2039: .El
1.120 kn 2040: .Tg ecparam
1.1 jsing 2041: .Sh ECPARAM
1.114 jmc 2042: .Bl -hang -width "openssl ecparam"
2043: .It Nm openssl ecparam
2044: .Bk -words
1.1 jsing 2045: .Op Fl C
2046: .Op Fl check
2047: .Op Fl conv_form Ar arg
2048: .Op Fl genkey
2049: .Op Fl in Ar file
1.48 jmc 2050: .Op Fl inform Cm der | pem
1.1 jsing 2051: .Op Fl list_curves
2052: .Op Fl name Ar arg
2053: .Op Fl no_seed
2054: .Op Fl noout
2055: .Op Fl out Ar file
1.48 jmc 2056: .Op Fl outform Cm der | pem
1.1 jsing 2057: .Op Fl param_enc Ar arg
2058: .Op Fl text
1.114 jmc 2059: .Ek
2060: .El
1.1 jsing 2061: .Pp
1.48 jmc 2062: The
2063: .Nm ecparam
2064: command is used to manipulate or generate EC parameter files.
2065: .Nm openssl
2066: is not able to generate new groups so
2067: .Nm ecparam
2068: can only create EC parameters from known (named) curves.
2069: .Pp
1.1 jsing 2070: The options are as follows:
2071: .Bl -tag -width Ds
2072: .It Fl C
2073: Convert the EC parameters into C code.
2074: The parameters can then be loaded by calling the
1.48 jmc 2075: .No get_ec_group_ Ns Ar XXX
1.1 jsing 2076: function.
2077: .It Fl check
2078: Validate the elliptic curve parameters.
2079: .It Fl conv_form Ar arg
2080: Specify how the points on the elliptic curve are converted
2081: into octet strings.
2082: Possible values are:
1.95 tb 2083: .Cm compressed ,
2084: .Cm uncompressed
1.48 jmc 2085: (the default),
1.1 jsing 2086: and
2087: .Cm hybrid .
2088: For more information regarding
1.48 jmc 2089: the point conversion forms see the X9.62 standard.
1.1 jsing 2090: Note:
2091: Due to patent issues the
2092: .Cm compressed
2093: option is disabled by default for binary curves
2094: and can be enabled by defining the preprocessor macro
1.48 jmc 2095: .Dv OPENSSL_EC_BIN_PT_COMP
1.1 jsing 2096: at compile time.
2097: .It Fl genkey
2098: Generate an EC private key using the specified parameters.
2099: .It Fl in Ar file
1.48 jmc 2100: The input file to read from,
2101: or standard input if not specified.
2102: .It Fl inform Cm der | pem
2103: The input format.
1.1 jsing 2104: .It Fl list_curves
1.48 jmc 2105: Print a list of all
1.1 jsing 2106: currently implemented EC parameter names and exit.
2107: .It Fl name Ar arg
1.48 jmc 2108: Use the EC parameters with the specified "short" name.
1.1 jsing 2109: .It Fl no_seed
1.48 jmc 2110: Do not include the seed for the parameter generation
2111: in the ECParameters structure (see RFC 3279).
1.1 jsing 2112: .It Fl noout
1.48 jmc 2113: Do not output the encoded version of the parameters.
1.1 jsing 2114: .It Fl out Ar file
1.48 jmc 2115: The output file to write to,
2116: or standard output if not specified.
2117: .It Fl outform Cm der | pem
2118: The output format.
1.1 jsing 2119: .It Fl param_enc Ar arg
1.48 jmc 2120: Specify how the elliptic curve parameters are encoded.
1.1 jsing 2121: Possible value are:
2122: .Cm named_curve ,
2123: i.e. the EC parameters are specified by an OID, or
2124: .Cm explicit ,
2125: where the EC parameters are explicitly given
2126: (see RFC 3279 for the definition of the EC parameter structures).
2127: The default value is
2128: .Cm named_curve .
2129: Note: the
2130: .Cm implicitlyCA
2131: alternative, as specified in RFC 3279,
1.48 jmc 2132: is currently not implemented.
1.1 jsing 2133: .It Fl text
1.64 jmc 2134: Print the EC parameters in plain text.
1.1 jsing 2135: .El
1.120 kn 2136: .Tg enc
1.1 jsing 2137: .Sh ENC
1.114 jmc 2138: .Bl -hang -width "openssl enc"
2139: .It Nm openssl enc
2140: .Bk -words
1.1 jsing 2141: .Fl ciphername
1.106 inoguchi 2142: .Op Fl AadePpv
1.1 jsing 2143: .Op Fl base64
2144: .Op Fl bufsize Ar number
2145: .Op Fl debug
2146: .Op Fl in Ar file
1.97 jmc 2147: .Op Fl iter Ar iterations
1.1 jsing 2148: .Op Fl iv Ar IV
2149: .Op Fl K Ar key
2150: .Op Fl k Ar password
2151: .Op Fl kfile Ar file
2152: .Op Fl md Ar digest
2153: .Op Fl none
2154: .Op Fl nopad
2155: .Op Fl nosalt
2156: .Op Fl out Ar file
2157: .Op Fl pass Ar arg
1.96 beck 2158: .Op Fl pbkdf2
1.1 jsing 2159: .Op Fl S Ar salt
2160: .Op Fl salt
1.114 jmc 2161: .Ek
2162: .El
1.1 jsing 2163: .Pp
2164: The symmetric cipher commands allow data to be encrypted or decrypted
2165: using various block and stream ciphers using keys based on passwords
2166: or explicitly provided.
2167: Base64 encoding or decoding can also be performed either by itself
2168: or in addition to the encryption or decryption.
1.49 jmc 2169: The program can be called either as
2170: .Nm openssl Ar ciphername
2171: or
2172: .Nm openssl enc - Ns Ar ciphername .
2173: .Pp
2174: Some of the ciphers do not have large keys and others have security
2175: implications if not used correctly.
2176: All the block ciphers normally use PKCS#5 padding,
2177: also known as standard block padding.
2178: If padding is disabled, the input data must be a multiple of the cipher
2179: block length.
1.1 jsing 2180: .Pp
2181: The options are as follows:
2182: .Bl -tag -width Ds
2183: .It Fl A
2184: If the
2185: .Fl a
2186: option is set, then base64 process the data on one line.
2187: .It Fl a , base64
2188: Base64 process the data.
2189: This means that if encryption is taking place, the data is base64-encoded
2190: after encryption.
1.49 jmc 2191: If decryption is set, the input data is base64-decoded before
1.1 jsing 2192: being decrypted.
2193: .It Fl bufsize Ar number
2194: Set the buffer size for I/O.
2195: .It Fl d
2196: Decrypt the input data.
2197: .It Fl debug
2198: Debug the BIOs used for I/O.
2199: .It Fl e
1.49 jmc 2200: Encrypt the input data.
2201: This is the default.
1.1 jsing 2202: .It Fl in Ar file
1.49 jmc 2203: The input file to read from,
1.57 jmc 2204: or standard input if not specified.
1.97 jmc 2205: .It Fl iter Ar iterations
2206: Use the pbkdf2 key derivation function, with
2207: .Ar iterations
2208: as the number of iterations.
1.1 jsing 2209: .It Fl iv Ar IV
2210: The actual
2211: .Ar IV
2212: .Pq initialisation vector
2213: to use:
2214: this must be represented as a string comprised only of hex digits.
2215: When only the
2216: .Ar key
2217: is specified using the
2218: .Fl K
1.49 jmc 2219: option,
2220: the IV must explicitly be defined.
1.1 jsing 2221: When a password is being specified using one of the other options,
1.49 jmc 2222: the IV is generated from this password.
1.1 jsing 2223: .It Fl K Ar key
2224: The actual
2225: .Ar key
2226: to use:
2227: this must be represented as a string comprised only of hex digits.
1.49 jmc 2228: If only the key is specified,
2229: the IV must also be specified using the
1.1 jsing 2230: .Fl iv
2231: option.
2232: When both a
2233: .Ar key
2234: and a
2235: .Ar password
2236: are specified, the
2237: .Ar key
2238: given with the
2239: .Fl K
1.49 jmc 2240: option will be used and the IV generated from the password will be taken.
1.1 jsing 2241: It probably does not make much sense to specify both
2242: .Ar key
2243: and
2244: .Ar password .
2245: .It Fl k Ar password
2246: The
2247: .Ar password
2248: to derive the key from.
2249: Superseded by the
2250: .Fl pass
2251: option.
2252: .It Fl kfile Ar file
2253: Read the password to derive the key from the first line of
2254: .Ar file .
2255: Superseded by the
2256: .Fl pass
2257: option.
2258: .It Fl md Ar digest
2259: Use
2260: .Ar digest
2261: to create a key from a pass phrase.
1.118 sthen 2262: Currently, the default value is
1.117 tb 2263: .Cm sha256 .
1.1 jsing 2264: .It Fl none
2265: Use NULL cipher (no encryption or decryption of input).
2266: .It Fl nopad
2267: Disable standard block padding.
2268: .It Fl nosalt
1.49 jmc 2269: Don't use a salt in the key derivation routines.
1.81 jmc 2270: This option should never be used
1.49 jmc 2271: since it makes it possible to perform efficient dictionary
2272: attacks on the password and to attack stream cipher encrypted data.
1.1 jsing 2273: .It Fl out Ar file
1.51 jmc 2274: The output file to write to,
1.57 jmc 2275: or standard output if not specified.
1.1 jsing 2276: .It Fl P
1.49 jmc 2277: Print out the salt, key, and IV used, then immediately exit;
1.1 jsing 2278: don't do any encryption or decryption.
2279: .It Fl p
1.49 jmc 2280: Print out the salt, key, and IV used.
1.1 jsing 2281: .It Fl pass Ar arg
2282: The password source.
1.96 beck 2283: .It Fl pbkdf2
1.97 jmc 2284: Use the pbkdf2 key derivation function, with
1.96 beck 2285: the default of 10000 iterations.
1.1 jsing 2286: .It Fl S Ar salt
2287: The actual
2288: .Ar salt
2289: to use:
2290: this must be represented as a string comprised only of hex digits.
2291: .It Fl salt
1.49 jmc 2292: Use a salt in the key derivation routines (the default).
1.137 naddy 2293: When the salt is being used,
1.49 jmc 2294: the first eight bytes of the encrypted data are reserved for the salt:
2295: it is randomly generated when encrypting a file and read from the
2296: encrypted file when it is decrypted.
1.106 inoguchi 2297: .It Fl v
2298: Print extra details about the processing.
1.1 jsing 2299: .El
1.120 kn 2300: .Tg errstr
1.1 jsing 2301: .Sh ERRSTR
2302: .Nm openssl errstr
2303: .Ar errno ...
2304: .Pp
2305: The
2306: .Nm errstr
2307: command performs error number to error string conversion,
2308: generating a human-readable string representing the error code
2309: .Ar errno .
2310: The string is obtained through the
2311: .Xr ERR_error_string_n 3
2312: function and has the following format:
2313: .Pp
2314: .Dl error:[error code]:[library name]:[function name]:[reason string]
2315: .Pp
2316: .Bq error code
2317: is an 8-digit hexadecimal number.
2318: The remaining fields
2319: .Bq library name ,
2320: .Bq function name ,
2321: and
2322: .Bq reason string
2323: are all ASCII text.
1.120 kn 2324: .Tg gendsa
1.1 jsing 2325: .Sh GENDSA
1.114 jmc 2326: .Bl -hang -width "openssl gendsa"
2327: .It Nm openssl gendsa
2328: .Bk -words
1.1 jsing 2329: .Oo
1.102 jmc 2330: .Fl aes128 | aes192 | aes256 | camellia128 |
2331: .Fl camellia192 | camellia256 | des | des3 | idea
1.1 jsing 2332: .Oc
2333: .Op Fl out Ar file
1.101 inoguchi 2334: .Op Fl passout Ar arg
2335: .Ar paramfile
1.114 jmc 2336: .Ek
2337: .El
1.1 jsing 2338: .Pp
2339: The
2340: .Nm gendsa
2341: command generates a DSA private key from a DSA parameter file
1.51 jmc 2342: (typically generated by the
1.1 jsing 2343: .Nm openssl dsaparam
2344: command).
1.51 jmc 2345: DSA key generation is little more than random number generation so it is
2346: much quicker than,
2347: for example,
2348: RSA key generation.
1.1 jsing 2349: .Pp
2350: The options are as follows:
2351: .Bl -tag -width Ds
2352: .It Xo
2353: .Fl aes128 | aes192 | aes256 |
1.101 inoguchi 2354: .Fl camellia128 | camellia192 | camellia256 |
2355: .Fl des | des3 |
2356: .Fl idea
1.1 jsing 2357: .Xc
1.101 inoguchi 2358: Encrypt the private key with the AES, CAMELLIA, DES, triple DES
2359: or the IDEA ciphers, respectively, before outputting it.
1.1 jsing 2360: A pass phrase is prompted for.
2361: If none of these options are specified, no encryption is used.
2362: .It Fl out Ar file
1.51 jmc 2363: The output file to write to,
1.57 jmc 2364: or standard output if not specified.
1.101 inoguchi 2365: .It Fl passout Ar arg
2366: The output file password source.
1.1 jsing 2367: .It Ar paramfile
1.51 jmc 2368: Specify the DSA parameter file to use.
1.1 jsing 2369: The parameters in this file determine the size of the private key.
2370: .El
1.120 kn 2371: .Tg genpkey
1.1 jsing 2372: .Sh GENPKEY
1.114 jmc 2373: .Bl -hang -width "openssl genpkey"
2374: .It Nm openssl genpkey
2375: .Bk -words
1.1 jsing 2376: .Op Fl algorithm Ar alg
2377: .Op Ar cipher
2378: .Op Fl genparam
2379: .Op Fl out Ar file
1.52 jmc 2380: .Op Fl outform Cm der | pem
1.1 jsing 2381: .Op Fl paramfile Ar file
2382: .Op Fl pass Ar arg
2383: .Op Fl pkeyopt Ar opt : Ns Ar value
2384: .Op Fl text
1.114 jmc 2385: .Ek
2386: .El
1.1 jsing 2387: .Pp
2388: The
2389: .Nm genpkey
2390: command generates private keys.
2391: The use of this
2392: program is encouraged over the algorithm specific utilities
1.22 bcook 2393: because additional algorithm options can be used.
1.1 jsing 2394: .Pp
2395: The options are as follows:
2396: .Bl -tag -width Ds
2397: .It Fl algorithm Ar alg
2398: The public key algorithm to use,
2399: such as RSA, DSA, or DH.
1.52 jmc 2400: This option must precede any
1.1 jsing 2401: .Fl pkeyopt
2402: options.
2403: The options
2404: .Fl paramfile
2405: and
2406: .Fl algorithm
2407: are mutually exclusive.
2408: .It Ar cipher
2409: Encrypt the private key with the supplied cipher.
2410: Any algorithm name accepted by
1.52 jmc 2411: .Xr EVP_get_cipherbyname 3
2412: is acceptable.
1.1 jsing 2413: .It Fl genparam
2414: Generate a set of parameters instead of a private key.
1.52 jmc 2415: This option must precede any
1.1 jsing 2416: .Fl algorithm ,
2417: .Fl paramfile ,
2418: or
2419: .Fl pkeyopt
2420: options.
2421: .It Fl out Ar file
1.52 jmc 2422: The output file to write to,
1.57 jmc 2423: or standard output if not specified.
1.52 jmc 2424: .It Fl outform Cm der | pem
2425: The output format.
1.1 jsing 2426: .It Fl paramfile Ar file
1.52 jmc 2427: Some public key algorithms generate a private key based on a set of parameters,
2428: which can be supplied using this option.
1.137 naddy 2429: If this option is used, the public key
1.1 jsing 2430: algorithm used is determined by the parameters.
1.52 jmc 2431: This option must precede any
1.1 jsing 2432: .Fl pkeyopt
2433: options.
2434: The options
2435: .Fl paramfile
2436: and
2437: .Fl algorithm
2438: are mutually exclusive.
2439: .It Fl pass Ar arg
2440: The output file password source.
2441: .It Fl pkeyopt Ar opt : Ns Ar value
2442: Set the public key algorithm option
2443: .Ar opt
2444: to
1.52 jmc 2445: .Ar value ,
2446: as follows:
1.1 jsing 2447: .Bl -tag -width Ds -offset indent
2448: .It rsa_keygen_bits : Ns Ar numbits
2449: (RSA)
2450: The number of bits in the generated key.
1.52 jmc 2451: The default is 2048.
1.1 jsing 2452: .It rsa_keygen_pubexp : Ns Ar value
2453: (RSA)
2454: The RSA public exponent value.
2455: This can be a large decimal or hexadecimal value if preceded by 0x.
1.52 jmc 2456: The default is 65537.
1.1 jsing 2457: .It dsa_paramgen_bits : Ns Ar numbits
2458: (DSA)
2459: The number of bits in the generated parameters.
1.52 jmc 2460: The default is 1024.
1.1 jsing 2461: .It dh_paramgen_prime_len : Ns Ar numbits
2462: (DH)
2463: The number of bits in the prime parameter
2464: .Ar p .
2465: .It dh_paramgen_generator : Ns Ar value
2466: (DH)
2467: The value to use for the generator
2468: .Ar g .
2469: .It ec_paramgen_curve : Ns Ar curve
2470: (EC)
1.121 schwarze 2471: The elliptic curve to use.
1.1 jsing 2472: .El
1.52 jmc 2473: .It Fl text
1.64 jmc 2474: Print the private/public key in plain text.
1.52 jmc 2475: .El
1.120 kn 2476: .Tg genrsa
1.1 jsing 2477: .Sh GENRSA
1.114 jmc 2478: .Bl -hang -width "openssl genrsa"
2479: .It Nm openssl genrsa
2480: .Bk -words
1.1 jsing 2481: .Op Fl 3 | f4
1.109 inoguchi 2482: .Oo
2483: .Fl aes128 | aes192 | aes256 | camellia128 |
2484: .Fl camellia192 | camellia256 | des | des3 | idea
2485: .Oc
1.1 jsing 2486: .Op Fl out Ar file
2487: .Op Fl passout Ar arg
2488: .Op Ar numbits
1.114 jmc 2489: .Ek
2490: .El
1.1 jsing 2491: .Pp
2492: The
2493: .Nm genrsa
1.53 jmc 2494: command generates an RSA private key,
2495: which essentially involves the generation of two prime numbers.
2496: When generating the key,
2497: various symbols will be output to indicate the progress of the generation.
2498: A
2499: .Sq \&.
2500: represents each number which has passed an initial sieve test;
2501: .Sq +
1.128 tb 2502: means a number has passed a single round of the Miller-Rabin primality test;
2503: .Sq *
2504: means the number has failed primality testing
2505: and needs to be generated afresh.
1.53 jmc 2506: A newline means that the number has passed all the prime tests
2507: (the actual number depends on the key size).
1.1 jsing 2508: .Pp
2509: The options are as follows:
2510: .Bl -tag -width Ds
2511: .It Fl 3 | f4
2512: The public exponent to use, either 3 or 65537.
2513: The default is 65537.
1.109 inoguchi 2514: .It Xo
2515: .Fl aes128 | aes192 | aes256 |
2516: .Fl camellia128 | camellia192 | camellia256 |
2517: .Fl des | des3 |
2518: .Fl idea
2519: .Xc
2520: Encrypt the private key with the AES, CAMELLIA, DES, triple DES
2521: or the IDEA ciphers, respectively, before outputting it.
1.1 jsing 2522: If none of these options are specified, no encryption is used.
2523: If encryption is used, a pass phrase is prompted for,
2524: if it is not supplied via the
2525: .Fl passout
2526: option.
2527: .It Fl out Ar file
1.53 jmc 2528: The output file to write to,
1.57 jmc 2529: or standard output if not specified.
1.1 jsing 2530: .It Fl passout Ar arg
2531: The output file password source.
2532: .It Ar numbits
2533: The size of the private key to generate in bits.
2534: This must be the last option specified.
2535: The default is 2048.
2536: .El
1.120 kn 2537: .Tg ocsp
1.1 jsing 2538: .Sh OCSP
1.114 jmc 2539: .Bl -hang -width "openssl ocsp"
2540: .It Nm openssl ocsp
2541: .Bk -words
1.1 jsing 2542: .Op Fl CA Ar file
2543: .Op Fl CAfile Ar file
2544: .Op Fl CApath Ar directory
2545: .Op Fl cert Ar file
2546: .Op Fl dgst Ar alg
1.108 inoguchi 2547: .Op Fl header Ar name value
1.55 jmc 2548: .Op Fl host Ar hostname : Ns Ar port
1.108 inoguchi 2549: .Op Fl ignore_err
1.1 jsing 2550: .Op Fl index Ar indexfile
2551: .Op Fl issuer Ar file
2552: .Op Fl ndays Ar days
2553: .Op Fl nmin Ar minutes
2554: .Op Fl no_cert_checks
2555: .Op Fl no_cert_verify
2556: .Op Fl no_certs
2557: .Op Fl no_chain
1.108 inoguchi 2558: .Op Fl no_explicit
1.1 jsing 2559: .Op Fl no_intern
2560: .Op Fl no_nonce
2561: .Op Fl no_signature_verify
2562: .Op Fl nonce
2563: .Op Fl noverify
2564: .Op Fl nrequest Ar number
2565: .Op Fl out Ar file
2566: .Op Fl path Ar path
2567: .Op Fl port Ar portnum
2568: .Op Fl req_text
2569: .Op Fl reqin Ar file
2570: .Op Fl reqout Ar file
2571: .Op Fl resp_key_id
2572: .Op Fl resp_no_certs
2573: .Op Fl resp_text
2574: .Op Fl respin Ar file
2575: .Op Fl respout Ar file
2576: .Op Fl rkey Ar file
2577: .Op Fl rother Ar file
2578: .Op Fl rsigner Ar file
1.108 inoguchi 2579: .Op Fl serial Ar num
1.1 jsing 2580: .Op Fl sign_other Ar file
2581: .Op Fl signer Ar file
2582: .Op Fl signkey Ar file
2583: .Op Fl status_age Ar age
2584: .Op Fl text
1.108 inoguchi 2585: .Op Fl timeout Ar seconds
1.1 jsing 2586: .Op Fl trust_other
2587: .Op Fl url Ar responder_url
2588: .Op Fl VAfile Ar file
2589: .Op Fl validity_period Ar nsec
2590: .Op Fl verify_other Ar file
1.114 jmc 2591: .Ek
2592: .El
1.1 jsing 2593: .Pp
1.55 jmc 2594: The Online Certificate Status Protocol (OCSP)
2595: enables applications to determine the (revocation) state
2596: of an identified certificate (RFC 2560).
1.1 jsing 2597: .Pp
2598: The
2599: .Nm ocsp
2600: command performs many common OCSP tasks.
2601: It can be used to print out requests and responses,
2602: create requests and send queries to an OCSP responder,
2603: and behave like a mini OCSP server itself.
2604: .Pp
2605: The options are as follows:
2606: .Bl -tag -width Ds
2607: .It Fl CAfile Ar file , Fl CApath Ar directory
1.55 jmc 2608: A file or path containing trusted CA certificates,
2609: used to verify the signature on the OCSP response.
1.1 jsing 2610: .It Fl cert Ar file
2611: Add the certificate
2612: .Ar file
2613: to the request.
2614: The issuer certificate is taken from the previous
2615: .Fl issuer
2616: option, or an error occurs if no issuer certificate is specified.
2617: .It Fl dgst Ar alg
1.55 jmc 2618: Use the digest algorithm
2619: .Ar alg
2620: for certificate identification in the OCSP request.
1.125 inoguchi 2621: By default SHA1 is used.
1.1 jsing 2622: .It Xo
2623: .Fl host Ar hostname : Ns Ar port ,
2624: .Fl path Ar path
2625: .Xc
1.55 jmc 2626: Send
2627: the OCSP request to
1.1 jsing 2628: .Ar hostname
1.55 jmc 2629: on
1.1 jsing 2630: .Ar port .
2631: .Fl path
2632: specifies the HTTP path name to use, or
1.55 jmc 2633: .Pa /
1.1 jsing 2634: by default.
1.108 inoguchi 2635: .It Fl header Ar name value
2636: Add the header name with the specified value to the OCSP request that is sent
2637: to the responder.
2638: This may be repeated.
1.1 jsing 2639: .It Fl issuer Ar file
1.81 jmc 2640: The current issuer certificate, in PEM format.
2641: Can be used multiple times and must come before any
1.1 jsing 2642: .Fl cert
2643: options.
2644: .It Fl no_cert_checks
2645: Don't perform any additional checks on the OCSP response signer's certificate.
2646: That is, do not make any checks to see if the signer's certificate is
2647: authorised to provide the necessary status information:
2648: as a result this option should only be used for testing purposes.
2649: .It Fl no_cert_verify
2650: Don't verify the OCSP response signer's certificate at all.
2651: Since this option allows the OCSP response to be signed by any certificate,
2652: it should only be used for testing purposes.
2653: .It Fl no_certs
1.55 jmc 2654: Don't include any certificates in the signed request.
1.1 jsing 2655: .It Fl no_chain
2656: Do not use certificates in the response as additional untrusted CA
2657: certificates.
1.108 inoguchi 2658: .It Fl no_explicit
2659: Don't check the explicit trust for OCSP signing in the root CA certificate.
1.1 jsing 2660: .It Fl no_intern
2661: Ignore certificates contained in the OCSP response
2662: when searching for the signer's certificate.
1.55 jmc 2663: The signer's certificate must be specified with either the
1.1 jsing 2664: .Fl verify_other
2665: or
2666: .Fl VAfile
2667: options.
2668: .It Fl no_signature_verify
2669: Don't check the signature on the OCSP response.
2670: Since this option tolerates invalid signatures on OCSP responses,
2671: it will normally only be used for testing purposes.
2672: .It Fl nonce , no_nonce
1.55 jmc 2673: Add an OCSP nonce extension to a request,
2674: or disable an OCSP nonce addition.
1.1 jsing 2675: Normally, if an OCSP request is input using the
2676: .Fl respin
1.55 jmc 2677: option no nonce is added:
1.1 jsing 2678: using the
2679: .Fl nonce
1.55 jmc 2680: option will force the addition of a nonce.
1.1 jsing 2681: If an OCSP request is being created (using the
2682: .Fl cert
2683: and
2684: .Fl serial
1.137 naddy 2685: options),
1.55 jmc 2686: a nonce is automatically added; specifying
1.1 jsing 2687: .Fl no_nonce
2688: overrides this.
2689: .It Fl noverify
1.55 jmc 2690: Don't attempt to verify the OCSP response signature or the nonce values.
2691: This is normally only be used for debugging
1.1 jsing 2692: since it disables all verification of the responder's certificate.
2693: .It Fl out Ar file
1.55 jmc 2694: Specify the output file to write to,
1.57 jmc 2695: or standard output if not specified.
1.1 jsing 2696: .It Fl req_text , resp_text , text
2697: Print out the text form of the OCSP request, response, or both, respectively.
2698: .It Fl reqin Ar file , Fl respin Ar file
2699: Read an OCSP request or response file from
2700: .Ar file .
2701: These options are ignored
2702: if an OCSP request or response creation is implied by other options
2703: (for example with the
2704: .Fl serial , cert ,
2705: and
2706: .Fl host
2707: options).
2708: .It Fl reqout Ar file , Fl respout Ar file
2709: Write out the DER-encoded certificate request or response to
2710: .Ar file .
2711: .It Fl serial Ar num
2712: Same as the
2713: .Fl cert
2714: option except the certificate with serial number
2715: .Ar num
2716: is added to the request.
2717: The serial number is interpreted as a decimal integer unless preceded by
2718: .Sq 0x .
1.55 jmc 2719: Negative integers can also be specified
2720: by preceding the value with a minus sign.
1.1 jsing 2721: .It Fl sign_other Ar file
2722: Additional certificates to include in the signed request.
2723: .It Fl signer Ar file , Fl signkey Ar file
2724: Sign the OCSP request using the certificate specified in the
2725: .Fl signer
2726: option and the private key specified by the
2727: .Fl signkey
2728: option.
2729: If the
2730: .Fl signkey
2731: option is not present, then the private key is read from the same file
2732: as the certificate.
2733: If neither option is specified, the OCSP request is not signed.
1.108 inoguchi 2734: .It Fl timeout Ar seconds
2735: Connection timeout to the OCSP responder in seconds.
1.1 jsing 2736: .It Fl trust_other
2737: The certificates specified by the
2738: .Fl verify_other
2739: option should be explicitly trusted and no additional checks will be
2740: performed on them.
2741: This is useful when the complete responder certificate chain is not available
2742: or trusting a root CA is not appropriate.
2743: .It Fl url Ar responder_url
2744: Specify the responder URL.
2745: Both HTTP and HTTPS
2746: .Pq SSL/TLS
2747: URLs can be specified.
2748: .It Fl VAfile Ar file
1.55 jmc 2749: A file containing explicitly trusted responder certificates.
1.1 jsing 2750: Equivalent to the
2751: .Fl verify_other
2752: and
2753: .Fl trust_other
2754: options.
2755: .It Fl validity_period Ar nsec , Fl status_age Ar age
1.55 jmc 2756: The range of times, in seconds, which will be tolerated in an OCSP response.
2757: Each certificate status response includes a notBefore time
2758: and an optional notAfter time.
1.1 jsing 2759: The current time should fall between these two values,
2760: but the interval between the two times may be only a few seconds.
2761: In practice the OCSP responder and clients' clocks may not be precisely
2762: synchronised and so such a check may fail.
2763: To avoid this the
2764: .Fl validity_period
2765: option can be used to specify an acceptable error range in seconds,
1.55 jmc 2766: the default value being 5 minutes.
1.1 jsing 2767: .Pp
1.55 jmc 2768: If the notAfter time is omitted from a response,
2769: it means that new status information is immediately available.
2770: In this case the age of the notBefore field is checked
2771: to see it is not older than
1.1 jsing 2772: .Ar age
2773: seconds old.
2774: By default, this additional check is not performed.
2775: .It Fl verify_other Ar file
1.55 jmc 2776: A file containing additional certificates to search
2777: when attempting to locate the OCSP response signing certificate.
2778: Some responders omit the actual signer's certificate from the response,
2779: so this can be used to supply the necessary certificate.
1.1 jsing 2780: .El
1.55 jmc 2781: .Pp
2782: The options for the OCSP server are as follows:
1.1 jsing 2783: .Bl -tag -width "XXXX"
2784: .It Fl CA Ar file
2785: CA certificate corresponding to the revocation information in
2786: .Ar indexfile .
1.108 inoguchi 2787: .It Fl ignore_err
2788: Ignore the invalid response.
1.1 jsing 2789: .It Fl index Ar indexfile
2790: .Ar indexfile
1.55 jmc 2791: is a text index file in ca format
2792: containing certificate revocation information.
1.1 jsing 2793: .Pp
1.55 jmc 2794: If this option is specified,
1.1 jsing 2795: .Nm ocsp
1.55 jmc 2796: is in responder mode, otherwise it is in client mode.
2797: The requests the responder processes can be either specified on
1.1 jsing 2798: the command line (using the
2799: .Fl issuer
2800: and
2801: .Fl serial
2802: options), supplied in a file (using the
2803: .Fl respin
1.55 jmc 2804: option), or via external OCSP clients (if
1.1 jsing 2805: .Ar port
2806: or
2807: .Ar url
2808: is specified).
2809: .Pp
1.55 jmc 2810: If this option is present, then the
1.1 jsing 2811: .Fl CA
2812: and
2813: .Fl rsigner
2814: options must also be present.
2815: .It Fl nmin Ar minutes , Fl ndays Ar days
2816: Number of
2817: .Ar minutes
2818: or
2819: .Ar days
1.55 jmc 2820: when fresh revocation information is available:
2821: used in the nextUpdate field.
2822: If neither option is present,
2823: the nextUpdate field is omitted,
2824: meaning fresh revocation information is immediately available.
1.1 jsing 2825: .It Fl nrequest Ar number
1.55 jmc 2826: Exit after receiving
1.1 jsing 2827: .Ar number
1.55 jmc 2828: requests (the default is unlimited).
1.1 jsing 2829: .It Fl port Ar portnum
2830: Port to listen for OCSP requests on.
1.55 jmc 2831: May also be specified using the
1.1 jsing 2832: .Fl url
2833: option.
2834: .It Fl resp_key_id
2835: Identify the signer certificate using the key ID;
1.55 jmc 2836: the default is to use the subject name.
1.1 jsing 2837: .It Fl resp_no_certs
2838: Don't include any certificates in the OCSP response.
2839: .It Fl rkey Ar file
2840: The private key to sign OCSP responses with;
2841: if not present, the file specified in the
2842: .Fl rsigner
2843: option is used.
2844: .It Fl rother Ar file
2845: Additional certificates to include in the OCSP response.
2846: .It Fl rsigner Ar file
2847: The certificate to sign OCSP responses with.
2848: .El
2849: .Pp
2850: Initially the OCSP responder certificate is located and the signature on
2851: the OCSP request checked using the responder certificate's public key.
2852: Then a normal certificate verify is performed on the OCSP responder certificate
2853: building up a certificate chain in the process.
2854: The locations of the trusted certificates used to build the chain can be
2855: specified by the
2856: .Fl CAfile
2857: and
2858: .Fl CApath
2859: options or they will be looked for in the standard
1.55 jmc 2860: .Nm openssl
2861: certificates directory.
1.1 jsing 2862: .Pp
1.55 jmc 2863: If the initial verify fails, the OCSP verify process halts with an error.
1.1 jsing 2864: Otherwise the issuing CA certificate in the request is compared to the OCSP
2865: responder certificate: if there is a match then the OCSP verify succeeds.
2866: .Pp
2867: Otherwise the OCSP responder certificate's CA is checked against the issuing
2868: CA certificate in the request.
2869: If there is a match and the OCSPSigning extended key usage is present
2870: in the OCSP responder certificate, then the OCSP verify succeeds.
2871: .Pp
2872: Otherwise the root CA of the OCSP responder's CA is checked to see if it
2873: is trusted for OCSP signing.
2874: If it is, the OCSP verify succeeds.
2875: .Pp
2876: If none of these checks is successful, the OCSP verify fails.
2877: What this effectively means is that if the OCSP responder certificate is
2878: authorised directly by the CA it is issuing revocation information about
1.55 jmc 2879: (and it is correctly configured),
1.1 jsing 2880: then verification will succeed.
2881: .Pp
1.55 jmc 2882: If the OCSP responder is a global responder,
2883: which can give details about multiple CAs
2884: and has its own separate certificate chain,
2885: then its root CA can be trusted for OCSP signing.
1.1 jsing 2886: Alternatively, the responder certificate itself can be explicitly trusted
2887: with the
2888: .Fl VAfile
2889: option.
1.120 kn 2890: .Tg passwd
1.1 jsing 2891: .Sh PASSWD
1.114 jmc 2892: .Bl -hang -width "openssl passwd"
2893: .It Nm openssl passwd
2894: .Bk -words
1.1 jsing 2895: .Op Fl 1 | apr1 | crypt
2896: .Op Fl in Ar file
2897: .Op Fl noverify
2898: .Op Fl quiet
2899: .Op Fl reverse
2900: .Op Fl salt Ar string
2901: .Op Fl stdin
2902: .Op Fl table
2903: .Op Ar password
1.114 jmc 2904: .Ek
2905: .El
1.1 jsing 2906: .Pp
2907: The
2908: .Nm passwd
1.56 jmc 2909: command computes the hash of a password.
1.1 jsing 2910: .Pp
2911: The options are as follows:
2912: .Bl -tag -width Ds
2913: .It Fl 1
2914: Use the MD5 based
2915: .Bx
2916: password algorithm
1.56 jmc 2917: .Qq 1 .
1.1 jsing 2918: .It Fl apr1
2919: Use the
1.56 jmc 2920: .Qq apr1
1.1 jsing 2921: algorithm
1.56 jmc 2922: .Po
2923: Apache variant of the
1.1 jsing 2924: .Bx
1.56 jmc 2925: algorithm
2926: .Pc .
1.1 jsing 2927: .It Fl crypt
2928: Use the
1.56 jmc 2929: .Qq crypt
2930: algorithm (the default).
1.1 jsing 2931: .It Fl in Ar file
2932: Read passwords from
2933: .Ar file .
2934: .It Fl noverify
2935: Don't verify when reading a password from the terminal.
2936: .It Fl quiet
2937: Don't output warnings when passwords given on the command line are truncated.
2938: .It Fl reverse
2939: Switch table columns.
2940: This only makes sense in conjunction with the
2941: .Fl table
2942: option.
2943: .It Fl salt Ar string
1.56 jmc 2944: Use the salt specified by
2945: .Ar string .
1.1 jsing 2946: When reading a password from the terminal, this implies
2947: .Fl noverify .
2948: .It Fl stdin
1.56 jmc 2949: Read passwords from standard input.
1.1 jsing 2950: .It Fl table
2951: In the output list, prepend the cleartext password and a TAB character
2952: to each password hash.
2953: .El
1.120 kn 2954: .Tg pkcs7
1.1 jsing 2955: .Sh PKCS7
1.114 jmc 2956: .Bl -hang -width "openssl pkcs7"
2957: .It Nm openssl pkcs7
2958: .Bk -words
1.1 jsing 2959: .Op Fl in Ar file
1.57 jmc 2960: .Op Fl inform Cm der | pem
1.1 jsing 2961: .Op Fl noout
2962: .Op Fl out Ar file
1.57 jmc 2963: .Op Fl outform Cm der | pem
1.106 inoguchi 2964: .Op Fl print
1.1 jsing 2965: .Op Fl print_certs
2966: .Op Fl text
1.114 jmc 2967: .Ek
2968: .El
1.1 jsing 2969: .Pp
2970: The
2971: .Nm pkcs7
2972: command processes PKCS#7 files in DER or PEM format.
1.57 jmc 2973: The PKCS#7 routines only understand PKCS#7 v 1.5 as specified in RFC 2315.
2974: .Pp
1.1 jsing 2975: The options are as follows:
2976: .Bl -tag -width Ds
2977: .It Fl in Ar file
1.57 jmc 2978: The input file to read from,
2979: or standard input if not specified.
2980: .It Fl inform Cm der | pem
2981: The input format.
1.1 jsing 2982: .It Fl noout
2983: Don't output the encoded version of the PKCS#7 structure
2984: (or certificates if
2985: .Fl print_certs
2986: is set).
2987: .It Fl out Ar file
1.57 jmc 2988: The output to write to,
2989: or standard output if not specified.
2990: .It Fl outform Cm der | pem
2991: The output format.
1.106 inoguchi 2992: .It Fl print
2993: Print the ASN.1 representation of PKCS#7 structure.
1.1 jsing 2994: .It Fl print_certs
1.57 jmc 2995: Print any certificates or CRLs contained in the file,
2996: preceded by their subject and issuer names in a one-line format.
1.1 jsing 2997: .It Fl text
1.57 jmc 2998: Print certificate details in full rather than just subject and issuer names.
1.1 jsing 2999: .El
1.120 kn 3000: .Tg pkcs8
1.1 jsing 3001: .Sh PKCS8
1.114 jmc 3002: .Bl -hang -width "openssl pkcs8"
3003: .It Nm openssl pkcs8
3004: .Bk -words
1.1 jsing 3005: .Op Fl in Ar file
1.58 jmc 3006: .Op Fl inform Cm der | pem
1.1 jsing 3007: .Op Fl nocrypt
3008: .Op Fl noiter
3009: .Op Fl out Ar file
1.58 jmc 3010: .Op Fl outform Cm der | pem
1.1 jsing 3011: .Op Fl passin Ar arg
3012: .Op Fl passout Ar arg
3013: .Op Fl topk8
3014: .Op Fl v1 Ar alg
3015: .Op Fl v2 Ar alg
1.114 jmc 3016: .Ek
3017: .El
1.1 jsing 3018: .Pp
3019: The
3020: .Nm pkcs8
1.58 jmc 3021: command processes private keys
3022: (both encrypted and unencrypted)
3023: in PKCS#8 format
3024: with a variety of PKCS#5 (v1.5 and v2.0) and PKCS#12 algorithms.
3025: The default encryption is only 56 bits;
3026: keys encrypted using PKCS#5 v2.0 algorithms and high iteration counts
3027: are more secure.
3028: .Pp
1.1 jsing 3029: The options are as follows:
3030: .Bl -tag -width Ds
3031: .It Fl in Ar file
1.58 jmc 3032: The input file to read from,
3033: or standard input if not specified.
1.1 jsing 3034: If the key is encrypted, a pass phrase will be prompted for.
1.58 jmc 3035: .It Fl inform Cm der | pem
3036: The input format.
1.1 jsing 3037: .It Fl nocrypt
1.58 jmc 3038: Generate an unencrypted PrivateKeyInfo structure.
3039: This option does not encrypt private keys at all
3040: and should only be used when absolutely necessary.
1.1 jsing 3041: .It Fl noiter
3042: Use an iteration count of 1.
3043: See the
3044: .Sx PKCS12
3045: section below for a detailed explanation of this option.
3046: .It Fl out Ar file
1.58 jmc 3047: The output file to write to,
3048: or standard output if none is specified.
1.1 jsing 3049: If any encryption options are set, a pass phrase will be prompted for.
1.58 jmc 3050: .It Fl outform Cm der | pem
3051: The output format.
1.1 jsing 3052: .It Fl passin Ar arg
3053: The key password source.
3054: .It Fl passout Ar arg
3055: The output file password source.
3056: .It Fl topk8
1.58 jmc 3057: Read a traditional format private key and write a PKCS#8 format key.
1.1 jsing 3058: .It Fl v1 Ar alg
1.58 jmc 3059: Specify a PKCS#5 v1.5 or PKCS#12 algorithm to use.
3060: .Pp
3061: .Bl -tag -width "XXXX" -compact
3062: .It PBE-MD5-DES
3063: 56-bit DES.
3064: .It PBE-SHA1-RC2-64 | PBE-MD5-RC2-64 | PBE-SHA1-DES
3065: 64-bit RC2 or 56-bit DES.
3066: .It PBE-SHA1-RC4-128 | PBE-SHA1-RC4-40 | PBE-SHA1-3DES
3067: .It PBE-SHA1-2DES | PBE-SHA1-RC2-128 | PBE-SHA1-RC2-40
3068: PKCS#12 password-based encryption algorithm,
3069: which allow strong encryption algorithms like triple DES or 128-bit RC2.
3070: .El
1.1 jsing 3071: .It Fl v2 Ar alg
1.58 jmc 3072: Use PKCS#5 v2.0 algorithms.
3073: Supports algorithms such as 168-bit triple DES or 128-bit RC2,
3074: however not many implementations support PKCS#5 v2.0 yet
3075: (if using private keys with
3076: .Nm openssl
3077: this doesn't matter).
1.1 jsing 3078: .Pp
3079: .Ar alg
1.58 jmc 3080: is the encryption algorithm to use;
3081: valid values include des, des3, and rc2.
3082: It is recommended that des3 is used.
1.1 jsing 3083: .El
1.120 kn 3084: .Tg pkcs12
1.1 jsing 3085: .Sh PKCS12
1.114 jmc 3086: .Bl -hang -width "openssl pkcs12"
3087: .It Nm openssl pkcs12
3088: .Bk -words
1.107 inoguchi 3089: .Oo
3090: .Fl aes128 | aes192 | aes256 | camellia128 |
3091: .Fl camellia192 | camellia256 | des | des3 | idea
3092: .Oc
1.1 jsing 3093: .Op Fl cacerts
3094: .Op Fl CAfile Ar file
3095: .Op Fl caname Ar name
3096: .Op Fl CApath Ar directory
3097: .Op Fl certfile Ar file
3098: .Op Fl certpbe Ar alg
3099: .Op Fl chain
3100: .Op Fl clcerts
3101: .Op Fl CSP Ar name
3102: .Op Fl descert
3103: .Op Fl export
3104: .Op Fl in Ar file
3105: .Op Fl info
3106: .Op Fl inkey Ar file
3107: .Op Fl keyex
3108: .Op Fl keypbe Ar alg
3109: .Op Fl keysig
1.107 inoguchi 3110: .Op Fl LMK
1.1 jsing 3111: .Op Fl macalg Ar alg
3112: .Op Fl maciter
3113: .Op Fl name Ar name
3114: .Op Fl nocerts
3115: .Op Fl nodes
3116: .Op Fl noiter
3117: .Op Fl nokeys
3118: .Op Fl nomac
3119: .Op Fl nomaciter
3120: .Op Fl nomacver
3121: .Op Fl noout
3122: .Op Fl out Ar file
3123: .Op Fl passin Ar arg
3124: .Op Fl passout Ar arg
1.107 inoguchi 3125: .Op Fl password Ar arg
1.1 jsing 3126: .Op Fl twopass
1.114 jmc 3127: .Ek
3128: .El
1.1 jsing 3129: .Pp
3130: The
3131: .Nm pkcs12
3132: command allows PKCS#12 files
3133: .Pq sometimes referred to as PFX files
3134: to be created and parsed.
3135: By default, a PKCS#12 file is parsed;
3136: a PKCS#12 file can be created by using the
3137: .Fl export
1.59 jmc 3138: option.
3139: .Pp
3140: The options for parsing a PKCS12 file are as follows:
1.1 jsing 3141: .Bl -tag -width "XXXX"
1.107 inoguchi 3142: .It Xo
3143: .Fl aes128 | aes192 | aes256 |
3144: .Fl camellia128 | camellia192 | camellia256 |
3145: .Fl des | des3 |
3146: .Fl idea
3147: .Xc
3148: Encrypt private keys using AES, CAMELLIA, DES, triple DES
3149: or the IDEA ciphers, respectively.
1.1 jsing 3150: The default is triple DES.
3151: .It Fl cacerts
3152: Only output CA certificates
3153: .Pq not client certificates .
3154: .It Fl clcerts
3155: Only output client certificates
3156: .Pq not CA certificates .
3157: .It Fl in Ar file
1.59 jmc 3158: The input file to read from,
3159: or standard input if not specified.
1.1 jsing 3160: .It Fl info
3161: Output additional information about the PKCS#12 file structure,
3162: algorithms used, and iteration counts.
3163: .It Fl nocerts
1.59 jmc 3164: Do not output certificates.
1.1 jsing 3165: .It Fl nodes
1.59 jmc 3166: Do not encrypt private keys.
1.1 jsing 3167: .It Fl nokeys
1.59 jmc 3168: Do not output private keys.
1.1 jsing 3169: .It Fl nomacver
1.59 jmc 3170: Do not attempt to verify the integrity MAC before reading the file.
1.1 jsing 3171: .It Fl noout
1.59 jmc 3172: Do not output the keys and certificates to the output file
1.1 jsing 3173: version of the PKCS#12 file.
3174: .It Fl out Ar file
1.59 jmc 3175: The output file to write to,
3176: or standard output if not specified.
1.1 jsing 3177: .It Fl passin Ar arg
3178: The key password source.
3179: .It Fl passout Ar arg
3180: The output file password source.
3181: .It Fl twopass
3182: Prompt for separate integrity and encryption passwords: most software
3183: always assumes these are the same so this option will render such
3184: PKCS#12 files unreadable.
3185: .El
1.59 jmc 3186: .Pp
3187: The options for PKCS12 file creation are as follows:
1.1 jsing 3188: .Bl -tag -width "XXXX"
3189: .It Fl CAfile Ar file
3190: CA storage as a file.
3191: .It Fl CApath Ar directory
3192: CA storage as a directory.
1.59 jmc 3193: The directory must be a standard certificate directory:
1.1 jsing 3194: that is, a hash of each subject name (using
1.59 jmc 3195: .Nm x509 Fl hash )
1.1 jsing 3196: should be linked to each certificate.
3197: .It Fl caname Ar name
1.59 jmc 3198: Specify the
1.1 jsing 3199: .Qq friendly name
3200: for other certificates.
1.59 jmc 3201: May be used multiple times to specify names for all certificates
1.1 jsing 3202: in the order they appear.
3203: .It Fl certfile Ar file
3204: A file to read additional certificates from.
3205: .It Fl certpbe Ar alg , Fl keypbe Ar alg
1.59 jmc 3206: Specify the algorithm used to encrypt the private key and
1.1 jsing 3207: certificates to be selected.
1.59 jmc 3208: Any PKCS#5 v1.5 or PKCS#12 PBE algorithm name can be used.
1.1 jsing 3209: If a cipher name
3210: (as output by the
3211: .Cm list-cipher-algorithms
3212: command) is specified then it
3213: is used with PKCS#5 v2.0.
3214: For interoperability reasons it is advisable to only use PKCS#12 algorithms.
3215: .It Fl chain
1.59 jmc 3216: Include the entire certificate chain of the user certificate.
1.1 jsing 3217: The standard CA store is used for this search.
3218: If the search fails, it is considered a fatal error.
3219: .It Fl CSP Ar name
3220: Write
3221: .Ar name
3222: as a Microsoft CSP name.
3223: .It Fl descert
3224: Encrypt the certificate using triple DES; this may render the PKCS#12
3225: file unreadable by some
3226: .Qq export grade
3227: software.
3228: By default, the private key is encrypted using triple DES and the
3229: certificate using 40-bit RC2.
3230: .It Fl export
1.59 jmc 3231: Create a PKCS#12 file (rather than parsing one).
1.1 jsing 3232: .It Fl in Ar file
1.59 jmc 3233: The input file to read from,
1.81 jmc 3234: or standard input if not specified.
1.1 jsing 3235: The order doesn't matter but one private key and its corresponding
3236: certificate should be present.
3237: If additional certificates are present, they will also be included
3238: in the PKCS#12 file.
3239: .It Fl inkey Ar file
1.59 jmc 3240: File to read a private key from.
1.1 jsing 3241: If not present, a private key must be present in the input file.
3242: .It Fl keyex | keysig
1.59 jmc 3243: Specify whether the private key is to be used for key exchange or just signing.
1.1 jsing 3244: Normally,
3245: .Qq export grade
3246: software will only allow 512-bit RSA keys to be
3247: used for encryption purposes, but arbitrary length keys for signing.
3248: The
3249: .Fl keysig
3250: option marks the key for signing only.
3251: Signing only keys can be used for S/MIME signing, authenticode
1.66 jmc 3252: (ActiveX control signing)
1.59 jmc 3253: and SSL client authentication.
1.107 inoguchi 3254: .It Fl LMK
3255: Add local machine keyset attribute to private key.
1.1 jsing 3256: .It Fl macalg Ar alg
3257: Specify the MAC digest algorithm.
1.59 jmc 3258: The default is SHA1.
1.1 jsing 3259: .It Fl maciter
1.66 jmc 3260: Included for compatibility only:
1.59 jmc 3261: it used to be needed to use MAC iterations counts
3262: but they are now used by default.
1.1 jsing 3263: .It Fl name Ar name
1.59 jmc 3264: Specify the
1.1 jsing 3265: .Qq friendly name
3266: for the certificate and private key.
3267: This name is typically displayed in list boxes by software importing the file.
3268: .It Fl nomac
3269: Don't attempt to provide the MAC integrity.
3270: .It Fl nomaciter , noiter
1.59 jmc 3271: Affect the iteration counts on the MAC and key algorithms.
1.1 jsing 3272: .Pp
3273: To discourage attacks by using large dictionaries of common passwords,
3274: the algorithm that derives keys from passwords can have an iteration count
3275: applied to it: this causes a certain part of the algorithm to be repeated
3276: and slows it down.
3277: The MAC is used to check the file integrity but since it will normally
3278: have the same password as the keys and certificates it could also be attacked.
3279: By default, both MAC and encryption iteration counts are set to 2048;
3280: using these options the MAC and encryption iteration counts can be set to 1.
1.137 naddy 3281: Since this reduces the file security, you should not use these options
1.1 jsing 3282: unless you really have to.
3283: Most software supports both MAC and key iteration counts.
3284: .It Fl out Ar file
1.59 jmc 3285: The output file to write to,
3286: or standard output if not specified.
1.1 jsing 3287: .It Fl passin Ar arg
3288: The key password source.
3289: .It Fl passout Ar arg
3290: The output file password source.
1.107 inoguchi 3291: .It Fl password Ar arg
3292: With
3293: .Fl export ,
3294: .Fl password
3295: is equivalent to
3296: .Fl passout .
1.108 inoguchi 3297: Otherwise,
1.107 inoguchi 3298: .Fl password
3299: is equivalent to
3300: .Fl passin .
1.1 jsing 3301: .El
1.120 kn 3302: .Tg pkey
1.1 jsing 3303: .Sh PKEY
1.114 jmc 3304: .Bl -hang -width "openssl pkey"
3305: .It Nm openssl pkey
3306: .Bk -words
1.135 tb 3307: .Op Fl check
1.1 jsing 3308: .Op Ar cipher
3309: .Op Fl in Ar file
1.60 jmc 3310: .Op Fl inform Cm der | pem
1.1 jsing 3311: .Op Fl noout
3312: .Op Fl out Ar file
1.60 jmc 3313: .Op Fl outform Cm der | pem
1.1 jsing 3314: .Op Fl passin Ar arg
3315: .Op Fl passout Ar arg
1.135 tb 3316: .Op Fl pubcheck
1.1 jsing 3317: .Op Fl pubin
3318: .Op Fl pubout
3319: .Op Fl text
3320: .Op Fl text_pub
1.114 jmc 3321: .Ek
3322: .El
1.1 jsing 3323: .Pp
3324: The
3325: .Nm pkey
3326: command processes public or private keys.
3327: They can be converted between various forms
3328: and their components printed out.
3329: .Pp
3330: The options are as follows:
3331: .Bl -tag -width Ds
1.135 tb 3332: .It Fl check
3333: Check the validity of a key pair.
1.1 jsing 3334: .It Ar cipher
1.60 jmc 3335: Encrypt the private key with the specified cipher.
1.1 jsing 3336: Any algorithm name accepted by
1.60 jmc 3337: .Xr EVP_get_cipherbyname 3
1.1 jsing 3338: is acceptable, such as
3339: .Cm des3 .
3340: .It Fl in Ar file
1.60 jmc 3341: The input file to read from,
3342: or standard input if not specified.
1.127 jmc 3343: If the key is encrypted, a pass phrase will be prompted for.
1.60 jmc 3344: .It Fl inform Cm der | pem
3345: The input format.
1.1 jsing 3346: .It Fl noout
3347: Do not output the encoded version of the key.
3348: .It Fl out Ar file
1.60 jmc 3349: The output file to write to,
3350: or standard output if not specified.
1.1 jsing 3351: If any encryption options are set then a pass phrase
3352: will be prompted for.
1.60 jmc 3353: .It Fl outform Cm der | pem
3354: The output format.
1.1 jsing 3355: .It Fl passin Ar arg
3356: The key password source.
3357: .It Fl passout Ar arg
3358: The output file password source.
1.135 tb 3359: .It Fl pubcheck
3360: Check the validity of a public key
3361: or the public component of a key pair.
1.1 jsing 3362: .It Fl pubin
1.60 jmc 3363: Read in a public key, not a private key.
1.1 jsing 3364: .It Fl pubout
1.60 jmc 3365: Output a public key, not a private key.
3366: Automatically set if the input is a public key.
1.1 jsing 3367: .It Fl text
1.64 jmc 3368: Print the public/private key in plain text.
1.1 jsing 3369: .It Fl text_pub
3370: Print out only public key components
3371: even if a private key is being processed.
3372: .El
1.120 kn 3373: .Tg pkeyparam
1.1 jsing 3374: .Sh PKEYPARAM
3375: .Cm openssl pkeyparam
1.135 tb 3376: .Op Fl check
1.1 jsing 3377: .Op Fl in Ar file
3378: .Op Fl noout
3379: .Op Fl out Ar file
3380: .Op Fl text
3381: .Pp
3382: The
1.61 jmc 3383: .Nm pkeyparam
1.1 jsing 3384: command processes public or private keys.
1.61 jmc 3385: The key type is determined by the PEM headers.
1.1 jsing 3386: .Pp
3387: The options are as follows:
3388: .Bl -tag -width Ds
1.135 tb 3389: .It Fl check
3390: check the correctness of parameters.
1.1 jsing 3391: .It Fl in Ar file
1.61 jmc 3392: The input file to read from,
3393: or standard input if not specified.
1.1 jsing 3394: .It Fl noout
3395: Do not output the encoded version of the parameters.
3396: .It Fl out Ar file
1.61 jmc 3397: The output file to write to,
3398: or standard output if not specified.
1.1 jsing 3399: .It Fl text
1.64 jmc 3400: Print the parameters in plain text.
1.1 jsing 3401: .El
1.120 kn 3402: .Tg pkeyutl
1.1 jsing 3403: .Sh PKEYUTL
1.114 jmc 3404: .Bl -hang -width "openssl pkeyutl"
3405: .It Nm openssl pkeyutl
3406: .Bk -words
1.1 jsing 3407: .Op Fl asn1parse
3408: .Op Fl certin
3409: .Op Fl decrypt
3410: .Op Fl derive
3411: .Op Fl encrypt
3412: .Op Fl hexdump
3413: .Op Fl in Ar file
3414: .Op Fl inkey Ar file
1.62 jmc 3415: .Op Fl keyform Cm der | pem
1.1 jsing 3416: .Op Fl out Ar file
3417: .Op Fl passin Ar arg
1.62 jmc 3418: .Op Fl peerform Cm der | pem
1.1 jsing 3419: .Op Fl peerkey Ar file
3420: .Op Fl pkeyopt Ar opt : Ns Ar value
3421: .Op Fl pubin
3422: .Op Fl rev
3423: .Op Fl sigfile Ar file
3424: .Op Fl sign
3425: .Op Fl verify
3426: .Op Fl verifyrecover
1.114 jmc 3427: .Ek
3428: .El
1.1 jsing 3429: .Pp
3430: The
3431: .Nm pkeyutl
3432: command can be used to perform public key operations using
3433: any supported algorithm.
3434: .Pp
3435: The options are as follows:
3436: .Bl -tag -width Ds
3437: .It Fl asn1parse
1.84 jmc 3438: ASN.1 parse the output data.
1.1 jsing 3439: This is useful when combined with the
3440: .Fl verifyrecover
1.84 jmc 3441: option when an ASN.1 structure is signed.
1.1 jsing 3442: .It Fl certin
3443: The input is a certificate containing a public key.
3444: .It Fl decrypt
3445: Decrypt the input data using a private key.
3446: .It Fl derive
3447: Derive a shared secret using the peer key.
3448: .It Fl encrypt
3449: Encrypt the input data using a public key.
3450: .It Fl hexdump
3451: Hex dump the output data.
3452: .It Fl in Ar file
1.62 jmc 3453: The input file to read from,
3454: or standard input if not specified.
1.1 jsing 3455: .It Fl inkey Ar file
3456: The input key file.
3457: By default it should be a private key.
1.62 jmc 3458: .It Fl keyform Cm der | pem
3459: The key format.
1.1 jsing 3460: .It Fl out Ar file
1.62 jmc 3461: The output file to write to,
3462: or standard output if not specified.
1.1 jsing 3463: .It Fl passin Ar arg
3464: The key password source.
1.62 jmc 3465: .It Fl peerform Cm der | pem
3466: The peer key format.
1.1 jsing 3467: .It Fl peerkey Ar file
3468: The peer key file, used by key derivation (agreement) operations.
3469: .It Fl pkeyopt Ar opt : Ns Ar value
1.62 jmc 3470: Set the public key algorithm option
3471: .Ar opt
3472: to
3473: .Ar value .
3474: Unless otherwise mentioned, all algorithms support the format
3475: .Ar digest : Ns Ar alg ,
3476: which specifies the digest to use
1.1 jsing 3477: for sign, verify, and verifyrecover operations.
3478: The value
3479: .Ar alg
3480: should represent a digest name as used in the
1.62 jmc 3481: .Xr EVP_get_digestbyname 3
3482: function.
3483: .Pp
1.1 jsing 3484: The RSA algorithm supports the
3485: encrypt, decrypt, sign, verify, and verifyrecover operations in general.
3486: Some padding modes only support some of these
3487: operations however.
3488: .Bl -tag -width Ds
3489: .It rsa_padding_mode : Ns Ar mode
3490: This sets the RSA padding mode.
3491: Acceptable values for
3492: .Ar mode
3493: are
3494: .Cm pkcs1
3495: for PKCS#1 padding;
3496: .Cm none
3497: for no padding;
3498: .Cm oaep
3499: for OAEP mode;
1.144 tb 3500: .Cm x931
3501: for X9.31 mode;
1.1 jsing 3502: and
3503: .Cm pss
3504: for PSS.
3505: .Pp
3506: In PKCS#1 padding if the message digest is not set then the supplied data is
3507: signed or verified directly instead of using a DigestInfo structure.
3508: If a digest is set then a DigestInfo
3509: structure is used and its length
3510: must correspond to the digest type.
3511: For oeap mode only encryption and decryption is supported.
1.144 tb 3512: For x931 if the digest type is set it is used to format the block data;
3513: otherwise the first byte is used to specify the X9.31 digest ID.
1.1 jsing 3514: Sign, verify, and verifyrecover can be performed in this mode.
3515: For pss mode only sign and verify are supported and the digest type must be
3516: specified.
3517: .It rsa_pss_saltlen : Ns Ar len
3518: For pss
3519: mode only this option specifies the salt length.
3520: Two special values are supported:
3521: -1 sets the salt length to the digest length.
1.127 jmc 3522: When signing, -2 sets the salt length to the maximum permissible value.
3523: When verifying, -2 causes the salt length to be automatically determined
1.1 jsing 3524: based on the PSS block structure.
3525: .El
1.62 jmc 3526: .Pp
1.1 jsing 3527: The DSA algorithm supports the sign and verify operations.
3528: Currently there are no additional options other than
3529: .Ar digest .
3530: Only the SHA1 digest can be used and this digest is assumed by default.
1.62 jmc 3531: .Pp
1.1 jsing 3532: The DH algorithm supports the derive operation
3533: and no additional options.
1.62 jmc 3534: .Pp
1.1 jsing 3535: The EC algorithm supports the sign, verify, and derive operations.
3536: The sign and verify operations use ECDSA and derive uses ECDH.
3537: Currently there are no additional options other than
3538: .Ar digest .
3539: Only the SHA1 digest can be used and this digest is assumed by default.
1.62 jmc 3540: .It Fl pubin
3541: The input file is a public key.
3542: .It Fl rev
3543: Reverse the order of the input buffer.
3544: .It Fl sigfile Ar file
3545: Signature file (verify operation only).
3546: .It Fl sign
3547: Sign the input data and output the signed result.
3548: This requires a private key.
3549: .It Fl verify
3550: Verify the input data against the signature file and indicate if the
3551: verification succeeded or failed.
3552: .It Fl verifyrecover
3553: Verify the input data and output the recovered data.
3554: .El
1.120 kn 3555: .Tg prime
1.1 jsing 3556: .Sh PRIME
3557: .Cm openssl prime
3558: .Op Fl bits Ar n
3559: .Op Fl checks Ar n
3560: .Op Fl generate
3561: .Op Fl hex
3562: .Op Fl safe
3563: .Ar p
3564: .Pp
3565: The
3566: .Nm prime
3567: command is used to generate prime numbers,
3568: or to check numbers for primality.
3569: Results are probabilistic:
3570: they have an exceedingly high likelihood of being correct,
3571: but are not guaranteed.
3572: .Pp
3573: The options are as follows:
3574: .Bl -tag -width Ds
3575: .It Fl bits Ar n
3576: Specify the number of bits in the generated prime number.
3577: Must be used in conjunction with
3578: .Fl generate .
3579: .It Fl checks Ar n
3580: Perform a Miller-Rabin probabilistic primality test with
3581: .Ar n
3582: iterations.
3583: The default is 20.
3584: .It Fl generate
3585: Generate a pseudo-random prime number.
3586: Must be used in conjunction with
3587: .Fl bits .
3588: .It Fl hex
3589: Output in hex format.
3590: .It Fl safe
3591: Generate only
3592: .Qq safe
3593: prime numbers
3594: (i.e. a prime p so that (p-1)/2 is also prime).
3595: .It Ar p
3596: Test if number
3597: .Ar p
3598: is prime.
3599: .El
1.120 kn 3600: .Tg rand
1.1 jsing 3601: .Sh RAND
1.114 jmc 3602: .Bl -hang -width "openssl rand"
3603: .It Nm openssl rand
3604: .Bk -words
1.1 jsing 3605: .Op Fl base64
3606: .Op Fl hex
3607: .Op Fl out Ar file
3608: .Ar num
1.114 jmc 3609: .Ek
3610: .El
1.1 jsing 3611: .Pp
3612: The
3613: .Nm rand
3614: command outputs
3615: .Ar num
3616: pseudo-random bytes.
3617: .Pp
3618: The options are as follows:
3619: .Bl -tag -width Ds
3620: .It Fl base64
1.81 jmc 3621: Perform base64 encoding on the output.
1.1 jsing 3622: .It Fl hex
3623: Specify hexadecimal output.
3624: .It Fl out Ar file
1.63 jmc 3625: The output file to write to,
3626: or standard output if not specified.
1.1 jsing 3627: .El
1.120 kn 3628: .Tg req
1.1 jsing 3629: .Sh REQ
1.114 jmc 3630: .Bl -hang -width "openssl req"
3631: .It Nm openssl req
3632: .Bk -words
1.115 inoguchi 3633: .Op Fl addext Ar ext
1.1 jsing 3634: .Op Fl batch
3635: .Op Fl config Ar file
3636: .Op Fl days Ar n
3637: .Op Fl extensions Ar section
3638: .Op Fl in Ar file
1.63 jmc 3639: .Op Fl inform Cm der | pem
1.1 jsing 3640: .Op Fl key Ar keyfile
1.63 jmc 3641: .Op Fl keyform Cm der | pem
1.1 jsing 3642: .Op Fl keyout Ar file
1.28 doug 3643: .Op Fl md4 | md5 | sha1
1.1 jsing 3644: .Op Fl modulus
1.107 inoguchi 3645: .Op Fl multivalue-rdn
1.1 jsing 3646: .Op Fl nameopt Ar option
3647: .Op Fl new
3648: .Op Fl newhdr
3649: .Op Fl newkey Ar arg
3650: .Op Fl nodes
3651: .Op Fl noout
3652: .Op Fl out Ar file
1.63 jmc 3653: .Op Fl outform Cm der | pem
1.1 jsing 3654: .Op Fl passin Ar arg
3655: .Op Fl passout Ar arg
1.107 inoguchi 3656: .Op Fl pkeyopt Ar opt:value
1.1 jsing 3657: .Op Fl pubkey
3658: .Op Fl reqexts Ar section
3659: .Op Fl reqopt Ar option
3660: .Op Fl set_serial Ar n
1.107 inoguchi 3661: .Op Fl sigopt Ar nm:v
1.1 jsing 3662: .Op Fl subj Ar arg
3663: .Op Fl subject
3664: .Op Fl text
3665: .Op Fl utf8
3666: .Op Fl verbose
3667: .Op Fl verify
3668: .Op Fl x509
1.114 jmc 3669: .Ek
3670: .El
1.1 jsing 3671: .Pp
3672: The
3673: .Nm req
3674: command primarily creates and processes certificate requests
3675: in PKCS#10 format.
3676: It can additionally create self-signed certificates,
3677: for use as root CAs, for example.
3678: .Pp
3679: The options are as follows:
3680: .Bl -tag -width Ds
1.115 inoguchi 3681: .It Fl addext Ar ext
3682: Add a specific extension to the certificate (if the
3683: .Fl x509
3684: option is present) or certificate request.
3685: The argument must have the form of a key=value pair as it would appear in a
3686: config file.
3687: This option can be given multiple times.
1.1 jsing 3688: .It Fl batch
3689: Non-interactive mode.
3690: .It Fl config Ar file
1.63 jmc 3691: Specify an alternative configuration file.
1.1 jsing 3692: .It Fl days Ar n
1.63 jmc 3693: Specify the number of days to certify the certificate for.
3694: The default is 30 days.
3695: Used with the
1.1 jsing 3696: .Fl x509
1.63 jmc 3697: option.
1.1 jsing 3698: .It Fl extensions Ar section , Fl reqexts Ar section
1.63 jmc 3699: Specify alternative sections to include certificate
3700: extensions (with
3701: .Fl x509 )
3702: or certificate request extensions,
3703: allowing several different sections to be used in the same configuration file.
1.1 jsing 3704: .It Fl in Ar file
1.63 jmc 3705: The input file to read a request from,
3706: or standard input if not specified.
1.1 jsing 3707: A request is only read if the creation options
3708: .Fl new
3709: and
3710: .Fl newkey
3711: are not specified.
1.63 jmc 3712: .It Fl inform Cm der | pem
3713: The input format.
1.1 jsing 3714: .It Fl key Ar keyfile
1.63 jmc 3715: The file to read the private key from.
1.1 jsing 3716: It also accepts PKCS#8 format private keys for PEM format files.
1.63 jmc 3717: .It Fl keyform Cm der | pem
1.1 jsing 3718: The format of the private key file specified in the
3719: .Fl key
3720: argument.
1.81 jmc 3721: The default is
3722: .Cm pem .
1.1 jsing 3723: .It Fl keyout Ar file
1.63 jmc 3724: The file to write the newly created private key to.
3725: If this option is not specified,
3726: the filename present in the configuration file is used.
1.4 sthen 3727: .It Fl md5 | sha1 | sha256
1.63 jmc 3728: The message digest to sign the request with.
1.1 jsing 3729: This overrides the digest algorithm specified in the configuration file.
3730: .Pp
3731: Some public key algorithms may override this choice.
3732: For instance, DSA signatures always use SHA1.
3733: .It Fl modulus
1.63 jmc 3734: Print the value of the modulus of the public key contained in the request.
1.107 inoguchi 3735: .It Fl multivalue-rdn
3736: This option causes the
3737: .Fl subj
3738: argument to be interpreted with full support for multivalued RDNs,
3739: for example
3740: .Qq "/DC=org/DC=OpenSSL/DC=users/UID=123456+CN=John Doe" .
3741: If
3742: .Fl multivalue-rdn
3743: is not used, the UID value is set to
3744: .Qq "123456+CN=John Doe" .
1.1 jsing 3745: .It Fl nameopt Ar option , Fl reqopt Ar option
1.63 jmc 3746: Determine how the subject or issuer names are displayed.
1.1 jsing 3747: .Ar option
1.63 jmc 3748: can be a single option or multiple options separated by commas.
1.1 jsing 3749: Alternatively, these options may be used more than once to set multiple options.
3750: See the
3751: .Sx X509
3752: section below for details.
3753: .It Fl new
1.63 jmc 3754: Generate a new certificate request.
3755: The user is prompted for the relevant field values.
1.1 jsing 3756: The actual fields prompted for and their maximum and minimum sizes
3757: are specified in the configuration file and any requested extensions.
3758: .Pp
3759: If the
3760: .Fl key
3761: option is not used, it will generate a new RSA private
3762: key using information specified in the configuration file.
3763: .It Fl newhdr
1.63 jmc 3764: Add the word NEW to the PEM file header and footer lines
1.112 inoguchi 3765: on the outputted request.
1.63 jmc 3766: Some software and CAs need this.
1.1 jsing 3767: .It Fl newkey Ar arg
1.63 jmc 3768: Create a new certificate request and a new private key.
1.1 jsing 3769: The argument takes one of several forms.
1.63 jmc 3770: .Pp
3771: .No rsa : Ns Ar nbits
3772: generates an RSA key
1.1 jsing 3773: .Ar nbits
3774: in size.
3775: If
3776: .Ar nbits
1.137 naddy 3777: is omitted,
1.63 jmc 3778: the default key size is used.
3779: .Pp
3780: .No dsa : Ns Ar file
3781: generates a DSA key using the parameters in
3782: .Ar file .
3783: .Pp
3784: .No param : Ns Ar file
3785: generates a key using the parameters or certificate in
3786: .Ar file .
3787: .Pp
3788: All other algorithms support the form
3789: .Ar algorithm : Ns Ar file ,
1.1 jsing 3790: where file may be an algorithm parameter file,
3791: created by the
3792: .Cm genpkey -genparam
1.14 jmc 3793: command or an X.509 certificate for a key with appropriate algorithm.
1.63 jmc 3794: .Ar file
3795: can be omitted,
3796: in which case any parameters can be specified via the
1.1 jsing 3797: .Fl pkeyopt
3798: option.
3799: .It Fl nodes
1.63 jmc 3800: Do not encrypt the private key.
1.1 jsing 3801: .It Fl noout
1.63 jmc 3802: Do not output the encoded version of the request.
1.1 jsing 3803: .It Fl out Ar file
1.63 jmc 3804: The output file to write to,
1.99 jmc 3805: or standard output if not specified.
1.63 jmc 3806: .It Fl outform Cm der | pem
3807: The output format.
1.1 jsing 3808: .It Fl passin Ar arg
3809: The key password source.
3810: .It Fl passout Ar arg
3811: The output file password source.
1.107 inoguchi 3812: .It Fl pkeyopt Ar opt:value
3813: Set the public key algorithm option
3814: .Ar opt
3815: to
3816: .Ar value .
1.1 jsing 3817: .It Fl pubkey
1.63 jmc 3818: Output the public key.
1.1 jsing 3819: .It Fl reqopt Ar option
3820: Customise the output format used with
3821: .Fl text .
3822: The
3823: .Ar option
3824: argument can be a single option or multiple options separated by commas.
1.63 jmc 3825: See also the discussion of
1.1 jsing 3826: .Fl certopt
1.63 jmc 3827: in the
1.1 jsing 3828: .Nm x509
3829: command.
3830: .It Fl set_serial Ar n
3831: Serial number to use when outputting a self-signed certificate.
3832: This may be specified as a decimal value or a hex value if preceded by
3833: .Sq 0x .
3834: It is possible to use negative serial numbers but this is not recommended.
1.107 inoguchi 3835: .It Fl sigopt Ar nm:v
3836: Pass options to the signature algorithm during sign operation.
3837: The names and values of these options are algorithm-specific.
1.1 jsing 3838: .It Fl subj Ar arg
1.63 jmc 3839: Replaces the subject field of an input request
3840: with the specified data and output the modified request.
3841: .Ar arg
3842: must be formatted as /type0=value0/type1=value1/type2=...;
1.1 jsing 3843: characters may be escaped by
3844: .Sq \e
1.63 jmc 3845: (backslash);
1.1 jsing 3846: no spaces are skipped.
3847: .It Fl subject
1.63 jmc 3848: Print the request subject (or certificate subject if
1.1 jsing 3849: .Fl x509
1.63 jmc 3850: is specified).
1.1 jsing 3851: .It Fl text
1.64 jmc 3852: Print the certificate request in plain text.
1.1 jsing 3853: .It Fl utf8
1.63 jmc 3854: Interpret field values as UTF8 strings, not ASCII.
1.1 jsing 3855: .It Fl verbose
3856: Print extra details about the operations being performed.
3857: .It Fl verify
1.63 jmc 3858: Verify the signature on the request.
1.1 jsing 3859: .It Fl x509
1.63 jmc 3860: Output a self-signed certificate instead of a certificate request.
3861: This is typically used to generate a test certificate or a self-signed root CA.
3862: The extensions added to the certificate (if any)
1.1 jsing 3863: are specified in the configuration file.
3864: Unless specified using the
3865: .Fl set_serial
1.63 jmc 3866: option, 0 is used for the serial number.
1.1 jsing 3867: .El
1.63 jmc 3868: .Pp
1.1 jsing 3869: The configuration options are specified in the
1.63 jmc 3870: .Qq req
1.1 jsing 3871: section of the configuration file.
1.63 jmc 3872: The options available are as follows:
1.1 jsing 3873: .Bl -tag -width "XXXX"
1.63 jmc 3874: .It Cm attributes
3875: The section containing any request attributes: its format
1.1 jsing 3876: is the same as
1.63 jmc 3877: .Cm distinguished_name .
3878: Typically these may contain the challengePassword or unstructuredName types.
3879: They are currently ignored by the
3880: .Nm openssl
1.1 jsing 3881: request signing utilities, but some CAs might want them.
1.63 jmc 3882: .It Cm default_bits
3883: The default key size, in bits.
3884: The default is 2048.
1.1 jsing 3885: It is used if the
3886: .Fl new
1.63 jmc 3887: option is used and can be overridden by using the
1.1 jsing 3888: .Fl newkey
3889: option.
1.63 jmc 3890: .It Cm default_keyfile
3891: The default file to write a private key to,
3892: or standard output if not specified.
3893: It can be overridden by the
1.1 jsing 3894: .Fl keyout
3895: option.
1.63 jmc 3896: .It Cm default_md
3897: The digest algorithm to use.
1.1 jsing 3898: Possible values include
1.63 jmc 3899: .Cm md5 ,
3900: .Cm sha1
1.1 jsing 3901: and
1.63 jmc 3902: .Cm sha256
3903: (the default).
3904: It can be overridden on the command line.
3905: .It Cm distinguished_name
3906: The section containing the distinguished name fields to
1.1 jsing 3907: prompt for when generating a certificate or certificate request.
1.63 jmc 3908: The format is described below.
3909: .It Cm encrypt_key
3910: If set to
3911: .Qq no
3912: and a private key is generated, it is not encrypted.
3913: It is equivalent to the
1.1 jsing 3914: .Fl nodes
1.63 jmc 3915: option.
1.1 jsing 3916: For compatibility,
1.63 jmc 3917: .Cm encrypt_rsa_key
1.1 jsing 3918: is an equivalent option.
1.63 jmc 3919: .It Cm input_password | output_password
3920: The passwords for the input private key file (if present)
3921: and the output private key file (if one will be created).
1.1 jsing 3922: The command line options
3923: .Fl passin
3924: and
3925: .Fl passout
3926: override the configuration file values.
1.63 jmc 3927: .It Cm oid_file
3928: A file containing additional OBJECT IDENTIFIERS.
1.1 jsing 3929: Each line of the file should consist of the numerical form of the
3930: object identifier, followed by whitespace, then the short name followed
3931: by whitespace and finally the long name.
1.63 jmc 3932: .It Cm oid_section
3933: Specify a section in the configuration file containing extra
1.1 jsing 3934: object identifiers.
3935: Each line should consist of the short name of the
3936: object identifier followed by
3937: .Sq =
3938: and the numerical form.
3939: The short and long names are the same when this option is used.
1.63 jmc 3940: .It Cm prompt
3941: If set to
3942: .Qq no ,
3943: it disables prompting of certificate fields
1.1 jsing 3944: and just takes values from the config file directly.
3945: It also changes the expected format of the
1.63 jmc 3946: .Cm distinguished_name
1.1 jsing 3947: and
1.63 jmc 3948: .Cm attributes
1.1 jsing 3949: sections.
1.63 jmc 3950: .It Cm req_extensions
3951: The configuration file section containing a list of
1.1 jsing 3952: extensions to add to the certificate request.
3953: It can be overridden by the
3954: .Fl reqexts
1.63 jmc 3955: option.
3956: .It Cm string_mask
3957: Limit the string types for encoding certain fields.
1.1 jsing 3958: The following values may be used, limiting strings to the indicated types:
3959: .Bl -tag -width "MASK:number"
1.63 jmc 3960: .It Cm utf8only
3961: UTF8String.
1.1 jsing 3962: This is the default, as recommended by PKIX in RFC 2459.
1.63 jmc 3963: .It Cm default
3964: PrintableString, IA5String, T61String, BMPString, UTF8String.
3965: .It Cm pkix
3966: PrintableString, IA5String, BMPString, UTF8String.
3967: Inspired by the PKIX recommendation in RFC 2459 for certificates
3968: generated before 2004, but differs by also permitting IA5String.
3969: .It Cm nombstr
3970: PrintableString, IA5String, T61String, UniversalString.
3971: A workaround for some ancient software that had problems
3972: with the variable-sized BMPString and UTF8String types.
1.1 jsing 3973: .It Cm MASK : Ns Ar number
1.63 jmc 3974: An explicit bitmask of permitted types, where
1.1 jsing 3975: .Ar number
3976: is a C-style hex, decimal, or octal number that's a bit-wise OR of
3977: .Dv B_ASN1_*
3978: values from
3979: .In openssl/asn1.h .
3980: .El
1.63 jmc 3981: .It Cm utf8
3982: If set to
3983: .Qq yes ,
1.72 jmc 3984: field values are interpreted as UTF8 strings.
1.63 jmc 3985: .It Cm x509_extensions
3986: The configuration file section containing a list of
1.1 jsing 3987: extensions to add to a certificate generated when the
3988: .Fl x509
3989: switch is used.
3990: It can be overridden by the
3991: .Fl extensions
1.72 jmc 3992: command line switch.
1.1 jsing 3993: .El
1.63 jmc 3994: .Pp
1.1 jsing 3995: There are two separate formats for the distinguished name and attribute
3996: sections.
3997: If the
3998: .Fl prompt
3999: option is set to
1.63 jmc 4000: .Qq no ,
1.72 jmc 4001: then these sections just consist of field names and values.
4002: If the
1.1 jsing 4003: .Fl prompt
4004: option is absent or not set to
1.63 jmc 4005: .Qq no ,
1.72 jmc 4006: then the file contains field prompting information of the form:
1.1 jsing 4007: .Bd -unfilled -offset indent
4008: fieldName="prompt"
4009: fieldName_default="default field value"
4010: fieldName_min= 2
4011: fieldName_max= 4
4012: .Ed
4013: .Pp
4014: .Qq fieldName
4015: is the field name being used, for example
1.63 jmc 4016: .Cm commonName
4017: (or CN).
1.1 jsing 4018: The
4019: .Qq prompt
4020: string is used to ask the user to enter the relevant details.
4021: If the user enters nothing, the default value is used;
4022: if no default value is present, the field is omitted.
4023: A field can still be omitted if a default value is present,
4024: if the user just enters the
4025: .Sq \&.
4026: character.
4027: .Pp
4028: The number of characters entered must be between the
1.63 jmc 4029: fieldName_min and fieldName_max limits:
1.1 jsing 4030: there may be additional restrictions based on the field being used
4031: (for example
1.63 jmc 4032: .Cm countryName
1.1 jsing 4033: can only ever be two characters long and must fit in a
1.63 jmc 4034: .Cm PrintableString ) .
1.1 jsing 4035: .Pp
4036: Some fields (such as
1.63 jmc 4037: .Cm organizationName )
1.1 jsing 4038: can be used more than once in a DN.
4039: This presents a problem because configuration files will
4040: not recognize the same name occurring twice.
4041: To avoid this problem, if the
1.63 jmc 4042: .Cm fieldName
1.1 jsing 4043: contains some characters followed by a full stop, they will be ignored.
4044: So, for example, a second
1.63 jmc 4045: .Cm organizationName
1.1 jsing 4046: can be input by calling it
4047: .Qq 1.organizationName .
4048: .Pp
4049: The actual permitted field names are any object identifier short or
4050: long names.
4051: These are compiled into
1.63 jmc 4052: .Nm openssl
1.1 jsing 4053: and include the usual values such as
1.63 jmc 4054: .Cm commonName , countryName , localityName , organizationName ,
1.89 jmc 4055: .Cm organizationalUnitName , stateOrProvinceName .
1.1 jsing 4056: Additionally,
1.63 jmc 4057: .Cm emailAddress
1.1 jsing 4058: is included as well as
1.63 jmc 4059: .Cm name , surname , givenName , initials
1.1 jsing 4060: and
1.63 jmc 4061: .Cm dnQualifier .
1.1 jsing 4062: .Pp
4063: Additional object identifiers can be defined with the
1.63 jmc 4064: .Cm oid_file
1.1 jsing 4065: or
1.63 jmc 4066: .Cm oid_section
1.1 jsing 4067: options in the configuration file.
4068: Any additional fields will be treated as though they were a
1.63 jmc 4069: .Cm DirectoryString .
1.120 kn 4070: .Tg rsa
1.1 jsing 4071: .Sh RSA
1.114 jmc 4072: .Bl -hang -width "openssl rsa"
4073: .It Nm openssl rsa
4074: .Bk -words
1.64 jmc 4075: .Op Fl aes128 | aes192 | aes256 | des | des3
1.1 jsing 4076: .Op Fl check
4077: .Op Fl in Ar file
1.108 inoguchi 4078: .Op Fl inform Cm der | net | pem | pvk
1.1 jsing 4079: .Op Fl modulus
4080: .Op Fl noout
4081: .Op Fl out Ar file
1.108 inoguchi 4082: .Op Fl outform Cm der | net | pem | pvk
1.1 jsing 4083: .Op Fl passin Ar arg
4084: .Op Fl passout Ar arg
4085: .Op Fl pubin
4086: .Op Fl pubout
1.108 inoguchi 4087: .Op Fl pvk-none | pvk-strong | pvk-weak
4088: .Op Fl RSAPublicKey_in
4089: .Op Fl RSAPublicKey_out
1.1 jsing 4090: .Op Fl text
1.114 jmc 4091: .Ek
4092: .El
1.1 jsing 4093: .Pp
4094: The
4095: .Nm rsa
4096: command processes RSA keys.
4097: They can be converted between various forms and their components printed out.
1.64 jmc 4098: .Nm rsa
4099: uses the traditional
1.1 jsing 4100: .Nm SSLeay
4101: compatible format for private key encryption:
4102: newer applications should use the more secure PKCS#8 format using the
4103: .Nm pkcs8
4104: utility.
4105: .Pp
4106: The options are as follows:
4107: .Bl -tag -width Ds
1.64 jmc 4108: .It Fl aes128 | aes192 | aes256 | des | des3
4109: Encrypt the private key with the AES, DES,
1.1 jsing 4110: or the triple DES ciphers, respectively, before outputting it.
4111: A pass phrase is prompted for.
4112: If none of these options are specified, the key is written in plain text.
4113: This means that using the
4114: .Nm rsa
4115: utility to read in an encrypted key with no encryption option can be used
4116: to remove the pass phrase from a key, or by setting the encryption options
4117: it can be used to add or change the pass phrase.
4118: These options can only be used with PEM format output files.
4119: .It Fl check
1.64 jmc 4120: Check the consistency of an RSA private key.
1.1 jsing 4121: .It Fl in Ar file
1.64 jmc 4122: The input file to read from,
4123: or standard input if not specified.
1.1 jsing 4124: If the key is encrypted, a pass phrase will be prompted for.
1.108 inoguchi 4125: .It Fl inform Cm der | net | pem | pvk
1.64 jmc 4126: The input format.
1.1 jsing 4127: .It Fl noout
1.64 jmc 4128: Do not output the encoded version of the key.
1.1 jsing 4129: .It Fl modulus
1.64 jmc 4130: Print the value of the modulus of the key.
1.1 jsing 4131: .It Fl out Ar file
1.64 jmc 4132: The output file to write to,
4133: or standard output if not specified.
1.108 inoguchi 4134: .It Fl outform Cm der | net | pem | pvk
1.64 jmc 4135: The output format.
1.1 jsing 4136: .It Fl passin Ar arg
4137: The key password source.
4138: .It Fl passout Ar arg
4139: The output file password source.
4140: .It Fl pubin
1.64 jmc 4141: Read in a public key,
4142: not a private key.
1.1 jsing 4143: .It Fl pubout
1.64 jmc 4144: Output a public key,
4145: not a private key.
4146: Automatically set if the input is a public key.
1.108 inoguchi 4147: .It Xo
4148: .Fl pvk-none | pvk-strong | pvk-weak
4149: .Xc
4150: Enable or disable PVK encoding.
4151: The default is
4152: .Fl pvk-strong .
4153: .It Fl RSAPublicKey_in , RSAPublicKey_out
4154: Same as
4155: .Fl pubin
4156: and
4157: .Fl pubout
4158: except
4159: .Cm RSAPublicKey
4160: format is used instead.
1.1 jsing 4161: .It Fl text
1.64 jmc 4162: Print the public/private key components in plain text.
1.1 jsing 4163: .El
1.120 kn 4164: .Tg rsautl
1.1 jsing 4165: .Sh RSAUTL
1.114 jmc 4166: .Bl -hang -width "openssl rsautl"
4167: .It Nm openssl rsautl
4168: .Bk -words
1.1 jsing 4169: .Op Fl asn1parse
4170: .Op Fl certin
4171: .Op Fl decrypt
4172: .Op Fl encrypt
4173: .Op Fl hexdump
4174: .Op Fl in Ar file
4175: .Op Fl inkey Ar file
1.65 jmc 4176: .Op Fl keyform Cm der | pem
1.144 tb 4177: .Op Fl oaep | pkcs | raw | x931
1.1 jsing 4178: .Op Fl out Ar file
1.100 tb 4179: .Op Fl passin Ar arg
1.1 jsing 4180: .Op Fl pubin
1.100 tb 4181: .Op Fl rev
1.1 jsing 4182: .Op Fl sign
4183: .Op Fl verify
1.114 jmc 4184: .Ek
4185: .El
1.1 jsing 4186: .Pp
4187: The
4188: .Nm rsautl
4189: command can be used to sign, verify, encrypt and decrypt
4190: data using the RSA algorithm.
4191: .Pp
4192: The options are as follows:
4193: .Bl -tag -width Ds
4194: .It Fl asn1parse
4195: Asn1parse the output data; this is useful when combined with the
4196: .Fl verify
4197: option.
4198: .It Fl certin
4199: The input is a certificate containing an RSA public key.
4200: .It Fl decrypt
4201: Decrypt the input data using an RSA private key.
4202: .It Fl encrypt
4203: Encrypt the input data using an RSA public key.
4204: .It Fl hexdump
4205: Hex dump the output data.
4206: .It Fl in Ar file
1.65 jmc 4207: The input to read from,
4208: or standard input if not specified.
1.1 jsing 4209: .It Fl inkey Ar file
1.65 jmc 4210: The input key file; by default an RSA private key.
4211: .It Fl keyform Cm der | pem
1.85 tb 4212: The private key format.
1.65 jmc 4213: The default is
4214: .Cm pem .
1.144 tb 4215: .It Fl oaep | pkcs | raw | x931
1.1 jsing 4216: The padding to use:
1.144 tb 4217: PKCS#1 OAEP, PKCS#1 v1.5 (the default), no padding, or ANSI X9.31,
1.100 tb 4218: respectively.
1.1 jsing 4219: For signatures, only
4220: .Fl pkcs
4221: and
4222: .Fl raw
4223: can be used.
4224: .It Fl out Ar file
1.65 jmc 4225: The output file to write to,
4226: or standard output if not specified.
1.100 tb 4227: .It Fl passin Ar arg
4228: The key password source.
1.1 jsing 4229: .It Fl pubin
4230: The input file is an RSA public key.
1.100 tb 4231: .It Fl rev
4232: Reverse the order of the input buffer.
1.1 jsing 4233: .It Fl sign
4234: Sign the input data and output the signed result.
4235: This requires an RSA private key.
4236: .It Fl verify
4237: Verify the input data and output the recovered data.
4238: .El
1.120 kn 4239: .Tg s_client
1.1 jsing 4240: .Sh S_CLIENT
1.114 jmc 4241: .Bl -hang -width "openssl s_client"
4242: .It Nm openssl s_client
4243: .Bk -words
1.1 jsing 4244: .Op Fl 4 | 6
1.110 inoguchi 4245: .Op Fl alpn Ar protocols
1.1 jsing 4246: .Op Fl bugs
4247: .Op Fl CAfile Ar file
4248: .Op Fl CApath Ar directory
4249: .Op Fl cert Ar file
1.110 inoguchi 4250: .Op Fl certform Cm der | pem
1.1 jsing 4251: .Op Fl check_ss_sig
4252: .Op Fl cipher Ar cipherlist
1.66 jmc 4253: .Op Fl connect Ar host Ns Op : Ns Ar port
1.1 jsing 4254: .Op Fl crl_check
4255: .Op Fl crl_check_all
4256: .Op Fl crlf
4257: .Op Fl debug
1.129 jsing 4258: .Op Fl dtls
4259: .Op Fl dtls1_2
1.1 jsing 4260: .Op Fl extended_crl
1.121 schwarze 4261: .Op Fl groups Ar list
1.110 inoguchi 4262: .Op Fl host Ar host
1.1 jsing 4263: .Op Fl ign_eof
4264: .Op Fl ignore_critical
4265: .Op Fl issuer_checks
4266: .Op Fl key Ar keyfile
1.110 inoguchi 4267: .Op Fl keyform Cm der | pem
4268: .Op Fl keymatexport Ar label
4269: .Op Fl keymatexportlen Ar len
4270: .Op Fl legacy_server_connect
1.1 jsing 4271: .Op Fl msg
1.110 inoguchi 4272: .Op Fl mtu Ar mtu
1.1 jsing 4273: .Op Fl nbio
4274: .Op Fl nbio_test
1.110 inoguchi 4275: .Op Fl no_comp
4276: .Op Fl no_ign_eof
4277: .Op Fl no_legacy_server_connect
1.1 jsing 4278: .Op Fl no_ticket
1.6 guenther 4279: .Op Fl no_tls1_2
1.119 jsing 4280: .Op Fl no_tls1_3
1.110 inoguchi 4281: .Op Fl pass Ar arg
1.1 jsing 4282: .Op Fl policy_check
1.110 inoguchi 4283: .Op Fl port Ar port
1.1 jsing 4284: .Op Fl prexit
1.11 bluhm 4285: .Op Fl proxy Ar host : Ns Ar port
1.1 jsing 4286: .Op Fl quiet
4287: .Op Fl reconnect
1.5 jsing 4288: .Op Fl servername Ar name
1.110 inoguchi 4289: .Op Fl serverpref
4290: .Op Fl sess_in Ar file
4291: .Op Fl sess_out Ar file
1.1 jsing 4292: .Op Fl showcerts
4293: .Op Fl starttls Ar protocol
4294: .Op Fl state
1.110 inoguchi 4295: .Op Fl status
4296: .Op Fl timeout
1.31 jmc 4297: .Op Fl tls1_2
1.119 jsing 4298: .Op Fl tls1_3
1.1 jsing 4299: .Op Fl tlsextdebug
1.110 inoguchi 4300: .Op Fl use_srtp Ar profiles
1.1 jsing 4301: .Op Fl verify Ar depth
1.110 inoguchi 4302: .Op Fl verify_return_error
1.1 jsing 4303: .Op Fl x509_strict
1.19 landry 4304: .Op Fl xmpphost Ar host
1.114 jmc 4305: .Ek
4306: .El
1.1 jsing 4307: .Pp
4308: The
4309: .Nm s_client
4310: command implements a generic SSL/TLS client which connects
4311: to a remote host using SSL/TLS.
1.66 jmc 4312: .Pp
4313: If a connection is established with an SSL server, any data received
4314: from the server is displayed and any key presses will be sent to the
4315: server.
4316: When used interactively (which means neither
4317: .Fl quiet
4318: nor
4319: .Fl ign_eof
4320: have been given), the session will be renegotiated if the line begins with an
4321: .Cm R ;
4322: if the line begins with a
4323: .Cm Q
4324: or if end of file is reached, the connection will be closed down.
1.1 jsing 4325: .Pp
4326: The options are as follows:
4327: .Bl -tag -width Ds
4328: .It Fl 4
1.66 jmc 4329: Attempt connections using IPv4 only.
1.1 jsing 4330: .It Fl 6
1.66 jmc 4331: Attempt connections using IPv6 only.
1.110 inoguchi 4332: .It Fl alpn Ar protocols
4333: Enable the Application-Layer Protocol Negotiation.
4334: .Ar protocols
4335: is a comma-separated list of protocol names that the client should advertise
4336: support for.
1.1 jsing 4337: .It Fl bugs
1.66 jmc 4338: Enable various workarounds for buggy implementations.
1.1 jsing 4339: .It Fl CAfile Ar file
4340: A
4341: .Ar file
4342: containing trusted certificates to use during server authentication
4343: and to use when attempting to build the client certificate chain.
4344: .It Fl CApath Ar directory
4345: The
4346: .Ar directory
4347: to use for server certificate verification.
4348: This directory must be in
4349: .Qq hash format ;
4350: see
4351: .Fl verify
4352: for more information.
4353: These are also used when building the client certificate chain.
4354: .It Fl cert Ar file
4355: The certificate to use, if one is requested by the server.
4356: The default is not to use a certificate.
1.110 inoguchi 4357: .It Fl certform Cm der | pem
4358: The certificate format.
4359: The default is
4360: .Cm pem .
1.1 jsing 4361: .It Xo
4362: .Fl check_ss_sig ,
4363: .Fl crl_check ,
4364: .Fl crl_check_all ,
4365: .Fl extended_crl ,
4366: .Fl ignore_critical ,
4367: .Fl issuer_checks ,
4368: .Fl policy_check ,
4369: .Fl x509_strict
4370: .Xc
4371: Set various certificate chain validation options.
4372: See the
1.66 jmc 4373: .Nm verify
1.1 jsing 4374: command for details.
4375: .It Fl cipher Ar cipherlist
1.66 jmc 4376: Modify the cipher list sent by the client.
1.1 jsing 4377: Although the server determines which cipher suite is used, it should take
4378: the first supported cipher in the list sent by the client.
4379: See the
1.66 jmc 4380: .Nm ciphers
4381: command for more information.
4382: .It Fl connect Ar host Ns Op : Ns Ar port
4383: The
1.1 jsing 4384: .Ar host
1.66 jmc 4385: and
1.1 jsing 4386: .Ar port
4387: to connect to.
4388: If not specified, an attempt is made to connect to the local host
4389: on port 4433.
4390: Alternatively, the host and port pair may be separated using a forward-slash
1.66 jmc 4391: character,
4392: which is useful for numeric IPv6 addresses.
1.1 jsing 4393: .It Fl crlf
1.66 jmc 4394: Translate a line feed from the terminal into CR+LF,
4395: as required by some servers.
1.1 jsing 4396: .It Fl debug
1.66 jmc 4397: Print extensive debugging information, including a hex dump of all traffic.
1.129 jsing 4398: .It Fl dtls
4399: Permit any version of DTLS.
4400: .It Fl dtls1_2
4401: Permit only DTLS1.2.
1.121 schwarze 4402: .It Fl groups Ar list
4403: Set the supported elliptic curve groups to the colon separated
4404: .Ar list
4405: of group NIDs or names as documented in
4406: .Xr SSL_CTX_set1_groups_list 3 .
1.110 inoguchi 4407: .It Fl host Ar host
4408: The
4409: .Ar host
4410: to connect to.
4411: The default is localhost.
1.1 jsing 4412: .It Fl ign_eof
1.66 jmc 4413: Inhibit shutting down the connection when end of file is reached in the input.
1.1 jsing 4414: .It Fl key Ar keyfile
4415: The private key to use.
4416: If not specified, the certificate file will be used.
1.110 inoguchi 4417: .It Fl keyform Cm der | pem
4418: The private key format.
4419: The default is
4420: .Cm pem .
4421: .It Fl keymatexport Ar label
4422: Export keying material using label.
4423: .It Fl keymatexportlen Ar len
4424: Export len bytes of keying material (default 20).
4425: .It Fl legacy_server_connect , no_legacy_server_connect
4426: Allow or disallow initial connection to servers that don't support RI.
1.1 jsing 4427: .It Fl msg
4428: Show all protocol messages with hex dump.
1.110 inoguchi 4429: .It Fl mtu Ar mtu
4430: Set the link layer MTU.
1.1 jsing 4431: .It Fl nbio
1.66 jmc 4432: Turn on non-blocking I/O.
1.1 jsing 4433: .It Fl nbio_test
1.66 jmc 4434: Test non-blocking I/O.
1.110 inoguchi 4435: .It Fl no_ign_eof
4436: Shut down the connection when end of file is reached in the input.
4437: Can be used to override the implicit
4438: .Fl ign_eof
4439: after
4440: .Fl quiet .
1.149 beck 4441: .It Fl no_tls1_2 | no_tls1_3
1.150 jmc 4442: Disable the use of TLS1.2 and 1.3, respectively.
1.1 jsing 4443: .It Fl no_ticket
4444: Disable RFC 4507 session ticket support.
1.110 inoguchi 4445: .It Fl pass Ar arg
4446: The private key password source.
4447: .It Fl port Ar port
4448: The
4449: .Ar port
4450: to connect to.
4451: The default is 4433.
1.1 jsing 4452: .It Fl prexit
4453: Print session information when the program exits.
4454: This will always attempt
4455: to print out information even if the connection fails.
4456: Normally, information will only be printed out once if the connection succeeds.
4457: This option is useful because the cipher in use may be renegotiated
4458: or the connection may fail because a client certificate is required or is
4459: requested only after an attempt is made to access a certain URL.
1.66 jmc 4460: Note that the output produced by this option is not always accurate
4461: because a connection might never have been established.
1.11 bluhm 4462: .It Fl proxy Ar host : Ns Ar port
4463: Use the HTTP proxy at
4464: .Ar host
4465: and
4466: .Ar port .
4467: The connection to the proxy is done in cleartext and the
4468: .Fl connect
4469: argument is given to the proxy.
4470: If not specified, localhost is used as final destination.
4471: After that, switch the connection through the proxy to the destination
4472: to TLS.
1.1 jsing 4473: .It Fl quiet
4474: Inhibit printing of session and certificate information.
4475: This implicitly turns on
4476: .Fl ign_eof
4477: as well.
4478: .It Fl reconnect
1.66 jmc 4479: Reconnect to the same server 5 times using the same session ID; this can
1.1 jsing 4480: be used as a test that session caching is working.
1.5 jsing 4481: .It Fl servername Ar name
4482: Include the TLS Server Name Indication (SNI) extension in the ClientHello
4483: message, using the specified server
4484: .Ar name .
1.1 jsing 4485: .It Fl showcerts
4486: Display the whole server certificate chain: normally only the server
4487: certificate itself is displayed.
1.110 inoguchi 4488: .It Fl serverpref
4489: Use the server's cipher preferences.
4490: .It Fl sess_in Ar file
4491: Load TLS session from file.
4492: The client will attempt to resume a connection from this session.
4493: .It Fl sess_out Ar file
4494: Output TLS session to file.
1.1 jsing 4495: .It Fl starttls Ar protocol
1.66 jmc 4496: Send the protocol-specific messages to switch to TLS for communication.
1.1 jsing 4497: .Ar protocol
4498: is a keyword for the intended protocol.
4499: Currently, the supported keywords are
4500: .Qq ftp ,
4501: .Qq imap ,
4502: .Qq smtp ,
4503: .Qq pop3 ,
4504: and
4505: .Qq xmpp .
4506: .It Fl state
1.66 jmc 4507: Print the SSL session states.
1.110 inoguchi 4508: .It Fl status
4509: Send a certificate status request to the server (OCSP stapling).
4510: The server response (if any) is printed out.
4511: .It Fl timeout
4512: Enable send/receive timeout on DTLS connections.
1.149 beck 4513: .It Fl tls1_2 | tls1_3
4514: Permit only TLS1.2 or 1.3 respectively.
1.1 jsing 4515: .It Fl tlsextdebug
1.66 jmc 4516: Print a hex dump of any TLS extensions received from the server.
1.110 inoguchi 4517: .It Fl use_srtp Ar profiles
4518: Offer SRTP key management with a colon-separated profile list.
1.1 jsing 4519: .It Fl verify Ar depth
1.66 jmc 4520: Turn on server certificate verification,
4521: with a maximum length of
4522: .Ar depth .
1.1 jsing 4523: Currently the verify operation continues after errors so all the problems
4524: with a certificate chain can be seen.
4525: As a side effect the connection will never fail due to a server
4526: certificate verify failure.
1.110 inoguchi 4527: .It Fl verify_return_error
4528: Return verification error.
1.19 landry 4529: .It Fl xmpphost Ar hostname
1.66 jmc 4530: When used with
1.19 landry 4531: .Fl starttls Ar xmpp ,
1.66 jmc 4532: specify the host for the "to" attribute of the stream element.
1.19 landry 4533: If this option is not specified then the host specified with
4534: .Fl connect
4535: will be used.
1.1 jsing 4536: .El
1.120 kn 4537: .Tg s_server
1.1 jsing 4538: .Sh S_SERVER
1.114 jmc 4539: .Bl -hang -width "openssl s_server"
4540: .It Nm openssl s_server
4541: .Bk -words
1.1 jsing 4542: .Op Fl accept Ar port
1.111 inoguchi 4543: .Op Fl alpn Ar protocols
1.1 jsing 4544: .Op Fl bugs
4545: .Op Fl CAfile Ar file
4546: .Op Fl CApath Ar directory
4547: .Op Fl cert Ar file
1.111 inoguchi 4548: .Op Fl cert2 Ar file
4549: .Op Fl certform Cm der | pem
1.1 jsing 4550: .Op Fl cipher Ar cipherlist
4551: .Op Fl context Ar id
4552: .Op Fl crl_check
4553: .Op Fl crl_check_all
4554: .Op Fl crlf
4555: .Op Fl dcert Ar file
1.111 inoguchi 4556: .Op Fl dcertform Cm der | pem
1.1 jsing 4557: .Op Fl debug
4558: .Op Fl dhparam Ar file
4559: .Op Fl dkey Ar file
1.111 inoguchi 4560: .Op Fl dkeyform Cm der | pem
4561: .Op Fl dpass Ar arg
1.129 jsing 4562: .Op Fl dtls
1.111 inoguchi 4563: .Op Fl dtls1
1.129 jsing 4564: .Op Fl dtls1_2
1.121 schwarze 4565: .Op Fl groups Ar list
1.1 jsing 4566: .Op Fl HTTP
4567: .Op Fl id_prefix Ar arg
4568: .Op Fl key Ar keyfile
1.111 inoguchi 4569: .Op Fl key2 Ar keyfile
4570: .Op Fl keyform Cm der | pem
4571: .Op Fl keymatexport Ar label
4572: .Op Fl keymatexportlen Ar len
1.1 jsing 4573: .Op Fl msg
1.111 inoguchi 4574: .Op Fl mtu Ar mtu
1.130 tb 4575: .Op Fl naccept Ar num
1.111 inoguchi 4576: .Op Fl named_curve Ar arg
1.1 jsing 4577: .Op Fl nbio
4578: .Op Fl nbio_test
1.111 inoguchi 4579: .Op Fl no_cache
1.1 jsing 4580: .Op Fl no_dhe
1.111 inoguchi 4581: .Op Fl no_ecdhe
4582: .Op Fl no_ticket
1.6 guenther 4583: .Op Fl no_tls1_2
1.122 inoguchi 4584: .Op Fl no_tls1_3
1.1 jsing 4585: .Op Fl no_tmp_rsa
4586: .Op Fl nocert
1.111 inoguchi 4587: .Op Fl pass Ar arg
1.1 jsing 4588: .Op Fl quiet
1.111 inoguchi 4589: .Op Fl servername Ar name
4590: .Op Fl servername_fatal
1.1 jsing 4591: .Op Fl serverpref
4592: .Op Fl state
1.111 inoguchi 4593: .Op Fl status
4594: .Op Fl status_timeout Ar nsec
4595: .Op Fl status_url Ar url
4596: .Op Fl status_verbose
4597: .Op Fl timeout
1.31 jmc 4598: .Op Fl tls1_2
1.122 inoguchi 4599: .Op Fl tls1_3
1.111 inoguchi 4600: .Op Fl tlsextdebug
4601: .Op Fl use_srtp Ar profiles
1.1 jsing 4602: .Op Fl Verify Ar depth
4603: .Op Fl verify Ar depth
1.111 inoguchi 4604: .Op Fl verify_return_error
1.1 jsing 4605: .Op Fl WWW
4606: .Op Fl www
1.114 jmc 4607: .Ek
4608: .El
1.1 jsing 4609: .Pp
4610: The
4611: .Nm s_server
4612: command implements a generic SSL/TLS server which listens
4613: for connections on a given port using SSL/TLS.
4614: .Pp
1.67 jmc 4615: If a connection request is established with a client and neither the
4616: .Fl www
4617: nor the
4618: .Fl WWW
4619: option has been used, then any data received
4620: from the client is displayed and any key presses are sent to the client.
4621: Certain single letter commands perform special operations:
4622: .Pp
4623: .Bl -tag -width "XXXX" -compact
4624: .It Ic P
4625: Send plain text, which should cause the client to disconnect.
4626: .It Ic Q
4627: End the current SSL connection and exit.
4628: .It Ic q
4629: End the current SSL connection, but still accept new connections.
4630: .It Ic R
4631: Renegotiate the SSL session and request a client certificate.
4632: .It Ic r
4633: Renegotiate the SSL session.
4634: .It Ic S
4635: Print out some session cache status information.
4636: .El
4637: .Pp
1.1 jsing 4638: The options are as follows:
4639: .Bl -tag -width Ds
1.113 inoguchi 4640: .It Fl accept Ar port
1.67 jmc 4641: Listen on TCP
1.1 jsing 4642: .Ar port
1.67 jmc 4643: for connections.
4644: The default is port 4433.
1.111 inoguchi 4645: .It Fl alpn Ar protocols
4646: Enable the Application-Layer Protocol Negotiation.
4647: .Ar protocols
4648: is a comma-separated list of supported protocol names.
1.1 jsing 4649: .It Fl bugs
1.67 jmc 4650: Enable various workarounds for buggy implementations.
1.1 jsing 4651: .It Fl CAfile Ar file
1.67 jmc 4652: A
4653: .Ar file
4654: containing trusted certificates to use during client authentication
1.1 jsing 4655: and to use when attempting to build the server certificate chain.
4656: The list is also used in the list of acceptable client CAs passed to the
4657: client when a certificate is requested.
4658: .It Fl CApath Ar directory
4659: The
4660: .Ar directory
4661: to use for client certificate verification.
4662: This directory must be in
4663: .Qq hash format ;
4664: see
4665: .Fl verify
4666: for more information.
4667: These are also used when building the server certificate chain.
4668: .It Fl cert Ar file
1.67 jmc 4669: The certificate to use: most server's cipher suites require the use of a
4670: certificate and some require a certificate with a certain public key type.
4671: For example, the DSS cipher suites require a certificate containing a DSS
4672: (DSA) key.
1.1 jsing 4673: If not specified, the file
4674: .Pa server.pem
4675: will be used.
1.111 inoguchi 4676: .It Fl cert2 Ar file
4677: The certificate to use for servername.
4678: .It Fl certform Cm der | pem
4679: The certificate format.
4680: The default is
4681: .Cm pem .
1.1 jsing 4682: .It Fl cipher Ar cipherlist
1.67 jmc 4683: Modify the cipher list used by the server.
1.1 jsing 4684: This allows the cipher list used by the server to be modified.
4685: When the client sends a list of supported ciphers, the first client cipher
4686: also included in the server list is used.
4687: Because the client specifies the preference order, the order of the server
4688: cipherlist is irrelevant.
4689: See the
1.67 jmc 4690: .Nm ciphers
4691: command for more information.
1.1 jsing 4692: .It Fl context Ar id
1.67 jmc 4693: Set the SSL context ID.
1.1 jsing 4694: It can be given any string value.
4695: .It Fl crl_check , crl_check_all
4696: Check the peer certificate has not been revoked by its CA.
4697: The CRLs are appended to the certificate file.
4698: .Fl crl_check_all
1.67 jmc 4699: checks all CRLs of all CAs in the chain.
1.1 jsing 4700: .It Fl crlf
1.67 jmc 4701: Translate a line feed from the terminal into CR+LF.
1.1 jsing 4702: .It Fl dcert Ar file , Fl dkey Ar file
4703: Specify an additional certificate and private key; these behave in the
4704: same manner as the
4705: .Fl cert
4706: and
4707: .Fl key
4708: options except there is no default if they are not specified
1.67 jmc 4709: (no additional certificate or key is used).
1.1 jsing 4710: By using RSA and DSS certificates and keys,
4711: a server can support clients which only support RSA or DSS cipher suites
4712: by using an appropriate certificate.
1.111 inoguchi 4713: .It Fl dcertform Cm der | pem , Fl dkeyform Cm der | pem , Fl dpass Ar arg
4714: Additional certificate and private key format, and private key password source,
4715: respectively.
1.1 jsing 4716: .It Fl debug
1.67 jmc 4717: Print extensive debugging information, including a hex dump of all traffic.
1.1 jsing 4718: .It Fl dhparam Ar file
4719: The DH parameter file to use.
4720: The ephemeral DH cipher suites generate keys
4721: using a set of DH parameters.
4722: If not specified, an attempt is made to
4723: load the parameters from the server certificate file.
4724: If this fails, a static set of parameters hard coded into the
4725: .Nm s_server
4726: program will be used.
1.129 jsing 4727: .It Fl dtls
4728: Permit any version of DTLS.
4729: .It Fl dtls1_2
4730: Permit only DTLS1.2.
1.121 schwarze 4731: .It Fl groups Ar list
4732: Set the supported elliptic curve groups to the colon separated
4733: .Ar list
4734: of group NIDs or names as documented in
4735: .Xr SSL_CTX_set1_groups_list 3 .
1.1 jsing 4736: .It Fl HTTP
1.67 jmc 4737: Emulate a simple web server.
4738: Pages are resolved relative to the current directory.
4739: For example if the URL
1.1 jsing 4740: .Pa https://myhost/page.html
4741: is requested, the file
4742: .Pa ./page.html
4743: will be loaded.
4744: The files loaded are assumed to contain a complete and correct HTTP
4745: response (lines that are part of the HTTP response line and headers
4746: must end with CRLF).
4747: .It Fl id_prefix Ar arg
4748: Generate SSL/TLS session IDs prefixed by
4749: .Ar arg .
4750: This is mostly useful for testing any SSL/TLS code
1.81 jmc 4751: that wish to deal with multiple servers,
4752: when each of which might be generating a unique range of session IDs.
1.1 jsing 4753: .It Fl key Ar keyfile
4754: The private key to use.
4755: If not specified, the certificate file will be used.
1.111 inoguchi 4756: .It Fl key2 Ar keyfile
4757: The private key to use for servername.
4758: .It Fl keyform Cm der | pem
4759: The private key format.
4760: The default is
4761: .Cm pem .
4762: .It Fl keymatexport Ar label
4763: Export keying material using label.
4764: .It Fl keymatexportlen Ar len
4765: Export len bytes of keying material (default 20).
1.1 jsing 4766: .It Fl msg
4767: Show all protocol messages with hex dump.
1.111 inoguchi 4768: .It Fl mtu Ar mtu
4769: Set the link layer MTU.
1.130 tb 4770: .It Fl naccept Ar num
4771: Terminate server after
4772: .Ar num
4773: connections.
1.111 inoguchi 4774: .It Fl named_curve Ar arg
4775: Specify the elliptic curve name to use for ephemeral ECDH keys.
1.121 schwarze 4776: This option is deprecated; use
4777: .Fl groups
4778: instead.
1.1 jsing 4779: .It Fl nbio
1.67 jmc 4780: Turn on non-blocking I/O.
1.1 jsing 4781: .It Fl nbio_test
1.67 jmc 4782: Test non-blocking I/O.
1.111 inoguchi 4783: .It Fl no_cache
4784: Disable session caching.
1.1 jsing 4785: .It Fl no_dhe
1.67 jmc 4786: Disable ephemeral DH cipher suites.
1.111 inoguchi 4787: .It Fl no_ecdhe
4788: Disable ephemeral ECDH cipher suites.
4789: .It Fl no_ticket
4790: Disable RFC 4507 session ticket support.
1.149 beck 4791: .It Fl no_tls1_2 | no_tls1_3
1.150 jmc 4792: Disable the use of TLS1.2 and 1.3, respectively.
1.1 jsing 4793: .It Fl no_tmp_rsa
1.67 jmc 4794: Disable temporary RSA key generation.
1.1 jsing 4795: .It Fl nocert
1.67 jmc 4796: Do not use a certificate.
1.1 jsing 4797: This restricts the cipher suites available to the anonymous ones
1.67 jmc 4798: (currently just anonymous DH).
1.111 inoguchi 4799: .It Fl pass Ar arg
4800: The private key password source.
1.1 jsing 4801: .It Fl quiet
4802: Inhibit printing of session and certificate information.
1.111 inoguchi 4803: .It Fl servername Ar name
4804: Set the TLS Server Name Indication (SNI) extension with
4805: .Ar name .
4806: .It Fl servername_fatal
4807: Send fatal alert if servername does not match.
4808: The default is warning alert.
1.1 jsing 4809: .It Fl serverpref
4810: Use server's cipher preferences.
4811: .It Fl state
1.67 jmc 4812: Print the SSL session states.
1.111 inoguchi 4813: .It Fl status
4814: Enables certificate status request support (OCSP stapling).
4815: .It Fl status_timeout Ar nsec
4816: Sets the timeout for OCSP response in seconds.
4817: .It Fl status_url Ar url
4818: Sets a fallback responder URL to use if no responder URL is present in the
4819: server certificate.
4820: Without this option, an error is returned if the server certificate does not
4821: contain a responder address.
4822: .It Fl status_verbose
4823: Enables certificate status request support (OCSP stapling) and gives a verbose
4824: printout of the OCSP response.
4825: .It Fl timeout
4826: Enable send/receive timeout on DTLS connections.
1.149 beck 4827: .It Fl tls1_2 | tls1_3
4828: Permit only TLS1.2, or 1.3, respectively.
1.111 inoguchi 4829: .It Fl tlsextdebug
4830: Print a hex dump of any TLS extensions received from the server.
4831: .It Fl use_srtp Ar profiles
4832: Offer SRTP key management with a colon-separated profile list.
4833: .It Fl verify_return_error
4834: Return verification error.
1.1 jsing 4835: .It Fl WWW
1.67 jmc 4836: Emulate a simple web server.
4837: Pages are resolved relative to the current directory.
4838: For example if the URL
1.1 jsing 4839: .Pa https://myhost/page.html
4840: is requested, the file
4841: .Pa ./page.html
4842: will be loaded.
4843: .It Fl www
1.67 jmc 4844: Send a status message to the client when it connects,
4845: including information about the ciphers used and various session parameters.
1.1 jsing 4846: The output is in HTML format so this option will normally be used with a
4847: web browser.
4848: .It Fl Verify Ar depth , Fl verify Ar depth
1.67 jmc 4849: Request a certificate chain from the client,
4850: with a maximum length of
4851: .Ar depth .
4852: With
4853: .Fl Verify ,
4854: the client must supply a certificate or an error occurs;
4855: with
4856: .Fl verify ,
4857: a certificate is requested but the client does not have to send one.
1.1 jsing 4858: .El
1.120 kn 4859: .Tg s_time
1.1 jsing 4860: .Sh S_TIME
1.114 jmc 4861: .Bl -hang -width "openssl s_time"
4862: .It Nm openssl s_time
4863: .Bk -words
1.1 jsing 4864: .Op Fl bugs
4865: .Op Fl CAfile Ar file
4866: .Op Fl CApath Ar directory
4867: .Op Fl cert Ar file
4868: .Op Fl cipher Ar cipherlist
1.68 jmc 4869: .Op Fl connect Ar host Ns Op : Ns Ar port
1.1 jsing 4870: .Op Fl key Ar keyfile
4871: .Op Fl nbio
4872: .Op Fl new
1.20 lteo 4873: .Op Fl no_shutdown
1.1 jsing 4874: .Op Fl reuse
4875: .Op Fl time Ar seconds
4876: .Op Fl verify Ar depth
4877: .Op Fl www Ar page
1.114 jmc 4878: .Ek
4879: .El
1.1 jsing 4880: .Pp
4881: The
1.68 jmc 4882: .Nm s_time
1.1 jsing 4883: command implements a generic SSL/TLS client which connects to a
4884: remote host using SSL/TLS.
4885: It can request a page from the server and includes
4886: the time to transfer the payload data in its timing measurements.
4887: It measures the number of connections within a given timeframe,
4888: the amount of data transferred
4889: .Pq if any ,
4890: and calculates the average time spent for one connection.
4891: .Pp
4892: The options are as follows:
4893: .Bl -tag -width Ds
4894: .It Fl bugs
1.68 jmc 4895: Enable various workarounds for buggy implementations.
1.1 jsing 4896: .It Fl CAfile Ar file
1.68 jmc 4897: A
4898: .Ar file
4899: containing trusted certificates to use during server authentication
1.1 jsing 4900: and to use when attempting to build the client certificate chain.
4901: .It Fl CApath Ar directory
4902: The directory to use for server certificate verification.
4903: This directory must be in
4904: .Qq hash format ;
4905: see
4906: .Nm verify
4907: for more information.
4908: These are also used when building the client certificate chain.
4909: .It Fl cert Ar file
4910: The certificate to use, if one is requested by the server.
4911: The default is not to use a certificate.
4912: .It Fl cipher Ar cipherlist
1.68 jmc 4913: Modify the cipher list sent by the client.
1.1 jsing 4914: Although the server determines which cipher suite is used,
4915: it should take the first supported cipher in the list sent by the client.
4916: See the
4917: .Nm ciphers
4918: command for more information.
1.68 jmc 4919: .It Fl connect Ar host Ns Op : Ns Ar port
4920: The host and port to connect to.
1.1 jsing 4921: .It Fl key Ar keyfile
4922: The private key to use.
4923: If not specified, the certificate file will be used.
4924: .It Fl nbio
1.68 jmc 4925: Turn on non-blocking I/O.
1.1 jsing 4926: .It Fl new
1.68 jmc 4927: Perform the timing test using a new session ID for each connection.
1.1 jsing 4928: If neither
4929: .Fl new
4930: nor
4931: .Fl reuse
4932: are specified,
4933: they are both on by default and executed in sequence.
1.20 lteo 4934: .It Fl no_shutdown
1.21 jmc 4935: Shut down the connection without sending a
1.68 jmc 4936: .Qq close notify
1.20 lteo 4937: shutdown alert to the server.
1.1 jsing 4938: .It Fl reuse
1.68 jmc 4939: Perform the timing test using the same session ID for each connection.
1.1 jsing 4940: If neither
4941: .Fl new
4942: nor
4943: .Fl reuse
4944: are specified,
4945: they are both on by default and executed in sequence.
4946: .It Fl time Ar seconds
1.68 jmc 4947: Limit
1.1 jsing 4948: .Nm s_time
1.68 jmc 4949: benchmarks to the number of
4950: .Ar seconds .
1.1 jsing 4951: The default is 30 seconds.
4952: .It Fl verify Ar depth
1.68 jmc 4953: Turn on server certificate verification,
4954: with a maximum length of
4955: .Ar depth .
1.1 jsing 4956: Currently the verify operation continues after errors, so all the problems
4957: with a certificate chain can be seen.
4958: As a side effect,
4959: the connection will never fail due to a server certificate verify failure.
4960: .It Fl www Ar page
1.68 jmc 4961: The page to GET from the server.
1.1 jsing 4962: A value of
4963: .Sq /
4964: gets the index.htm[l] page.
4965: If this parameter is not specified,
4966: .Nm s_time
4967: will only perform the handshake to establish SSL connections
4968: but not transfer any payload data.
4969: .El
1.120 kn 4970: .Tg sess_id
1.1 jsing 4971: .Sh SESS_ID
1.114 jmc 4972: .Bl -hang -width "openssl sess_id"
4973: .It Nm openssl sess_id
4974: .Bk -words
1.1 jsing 4975: .Op Fl cert
4976: .Op Fl context Ar ID
4977: .Op Fl in Ar file
1.69 jmc 4978: .Op Fl inform Cm der | pem
1.1 jsing 4979: .Op Fl noout
4980: .Op Fl out Ar file
1.69 jmc 4981: .Op Fl outform Cm der | pem
1.1 jsing 4982: .Op Fl text
1.114 jmc 4983: .Ek
4984: .El
1.1 jsing 4985: .Pp
4986: The
4987: .Nm sess_id
4988: program processes the encoded version of the SSL session structure and
4989: optionally prints out SSL session details
1.69 jmc 4990: (for example the SSL session master key)
1.72 jmc 4991: in human-readable format.
1.1 jsing 4992: .Pp
4993: The options are as follows:
4994: .Bl -tag -width Ds
4995: .It Fl cert
4996: If a certificate is present in the session,
4997: it will be output using this option;
4998: if the
4999: .Fl text
5000: option is also present, then it will be printed out in text form.
5001: .It Fl context Ar ID
1.69 jmc 5002: Set the session
1.1 jsing 5003: .Ar ID .
1.69 jmc 5004: The ID can be any string of characters.
1.1 jsing 5005: .It Fl in Ar file
1.69 jmc 5006: The input file to read from,
5007: or standard input if not specified.
5008: .It Fl inform Cm der | pem
5009: The input format.
5010: .Cm der
1.84 jmc 5011: uses an ASN.1 DER-encoded format containing session details.
1.1 jsing 5012: The precise format can vary from one version to the next.
1.69 jmc 5013: .Cm pem
5014: is the default format: it consists of the DER
1.1 jsing 5015: format base64-encoded with additional header and footer lines.
5016: .It Fl noout
1.69 jmc 5017: Do not output the encoded version of the session.
1.1 jsing 5018: .It Fl out Ar file
1.69 jmc 5019: The output file to write to,
5020: or standard output if not specified.
5021: .It Fl outform Cm der | pem
5022: The output format.
1.1 jsing 5023: .It Fl text
1.69 jmc 5024: Print the various public or private key components in plain text,
5025: in addition to the encoded version.
1.1 jsing 5026: .El
5027: .Pp
1.69 jmc 5028: The output of
5029: .Nm sess_id
5030: is composed as follows:
1.1 jsing 5031: .Pp
1.69 jmc 5032: .Bl -tag -width "Verify return code " -offset 3n -compact
5033: .It Protocol
5034: The protocol in use.
5035: .It Cipher
5036: The actual raw SSL or TLS cipher code.
5037: .It Session-ID
5038: The SSL session ID, in hex format.
5039: .It Session-ID-ctx
5040: The session ID context, in hex format.
5041: .It Master-Key
5042: The SSL session master key.
5043: .It Key-Arg
1.1 jsing 5044: The key argument; this is only used in SSL v2.
1.69 jmc 5045: .It Start Time
5046: The session start time.
1.1 jsing 5047: .Ux
5048: format.
1.69 jmc 5049: .It Timeout
5050: The timeout, in seconds.
5051: .It Verify return code
5052: The return code when a certificate is verified.
1.1 jsing 5053: .El
5054: .Pp
5055: Since the SSL session output contains the master key, it is possible to read
5056: the contents of an encrypted session using this information.
5057: Therefore appropriate security precautions
5058: should be taken if the information is being output by a
5059: .Qq real
5060: application.
5061: This is, however, strongly discouraged and should only be used for
5062: debugging purposes.
1.120 kn 5063: .Tg smime
1.1 jsing 5064: .Sh SMIME
1.114 jmc 5065: .Bl -hang -width "openssl smime"
5066: .It Nm openssl smime
5067: .Bk -words
1.1 jsing 5068: .Oo
5069: .Fl aes128 | aes192 | aes256 | des |
5070: .Fl des3 | rc2-40 | rc2-64 | rc2-128
5071: .Oc
5072: .Op Fl binary
5073: .Op Fl CAfile Ar file
5074: .Op Fl CApath Ar directory
5075: .Op Fl certfile Ar file
5076: .Op Fl check_ss_sig
5077: .Op Fl content Ar file
5078: .Op Fl crl_check
5079: .Op Fl crl_check_all
5080: .Op Fl decrypt
5081: .Op Fl encrypt
5082: .Op Fl extended_crl
5083: .Op Fl from Ar addr
5084: .Op Fl ignore_critical
5085: .Op Fl in Ar file
5086: .Op Fl indef
1.70 jmc 5087: .Op Fl inform Cm der | pem | smime
1.1 jsing 5088: .Op Fl inkey Ar file
5089: .Op Fl issuer_checks
1.112 inoguchi 5090: .Op Fl keyform Cm der | pem
1.1 jsing 5091: .Op Fl md Ar digest
5092: .Op Fl noattr
5093: .Op Fl nocerts
5094: .Op Fl nochain
5095: .Op Fl nodetach
5096: .Op Fl noindef
5097: .Op Fl nointern
5098: .Op Fl nosigs
1.108 inoguchi 5099: .Op Fl nosmimecap
1.1 jsing 5100: .Op Fl noverify
5101: .Op Fl out Ar file
1.70 jmc 5102: .Op Fl outform Cm der | pem | smime
1.1 jsing 5103: .Op Fl passin Ar arg
5104: .Op Fl pk7out
5105: .Op Fl policy_check
5106: .Op Fl recip Ar file
5107: .Op Fl resign
5108: .Op Fl sign
5109: .Op Fl signer Ar file
5110: .Op Fl stream
5111: .Op Fl subject Ar s
5112: .Op Fl text
5113: .Op Fl to Ar addr
5114: .Op Fl verify
5115: .Op Fl x509_strict
5116: .Op Ar cert.pem ...
1.114 jmc 5117: .Ek
5118: .El
1.1 jsing 5119: .Pp
5120: The
5121: .Nm smime
1.70 jmc 5122: command handles S/MIME mail.
5123: It can encrypt, decrypt, sign, and verify S/MIME messages.
5124: .Pp
5125: The MIME message must be sent without any blank lines between the
5126: headers and the output.
5127: Some mail programs will automatically add a blank line.
5128: Piping the mail directly to an MTA is one way to
5129: achieve the correct format.
5130: .Pp
5131: The supplied message to be signed or encrypted must include the necessary
5132: MIME headers or many S/MIME clients won't display it properly (if at all).
5133: Use the
5134: .Fl text
5135: option to automatically add plain text headers.
1.1 jsing 5136: .Pp
1.70 jmc 5137: A
5138: .Qq signed and encrypted
5139: message is one where a signed message is then encrypted.
5140: This can be produced by encrypting an already signed message.
1.1 jsing 5141: .Pp
1.70 jmc 5142: There are a number of operations that can be performed, as follows:
1.1 jsing 5143: .Bl -tag -width "XXXX"
5144: .It Fl decrypt
5145: Decrypt mail using the supplied certificate and private key.
1.70 jmc 5146: The input file is an encrypted mail message in MIME format.
1.1 jsing 5147: The decrypted mail is written to the output file.
5148: .It Fl encrypt
5149: Encrypt mail for the given recipient certificates.
1.70 jmc 5150: The input is the message to be encrypted.
5151: The output file is the encrypted mail, in MIME format.
1.1 jsing 5152: .It Fl pk7out
1.70 jmc 5153: Take an input message and write out a PEM-encoded PKCS#7 structure.
1.1 jsing 5154: .It Fl resign
5155: Resign a message: take an existing message and one or more new signers.
5156: .It Fl sign
5157: Sign mail using the supplied certificate and private key.
1.70 jmc 5158: The input file is the message to be signed.
5159: The signed message, in MIME format, is written to the output file.
1.1 jsing 5160: .It Fl verify
5161: Verify signed mail.
1.70 jmc 5162: The input is a signed mail message and the output is the signed data.
1.1 jsing 5163: Both clear text and opaque signing is supported.
5164: .El
5165: .Pp
1.14 jmc 5166: The remaining options are as follows:
1.1 jsing 5167: .Bl -tag -width "XXXX"
5168: .It Xo
5169: .Fl aes128 | aes192 | aes256 | des |
5170: .Fl des3 | rc2-40 | rc2-64 | rc2-128
5171: .Xc
5172: The encryption algorithm to use.
1.70 jmc 5173: 128-, 192-, or 256-bit AES, DES (56 bits), triple DES (168 bits),
1.1 jsing 5174: or 40-, 64-, or 128-bit RC2, respectively;
5175: if not specified, 40-bit RC2 is
5176: used.
5177: Only used with
5178: .Fl encrypt .
5179: .It Fl binary
5180: Normally, the input message is converted to
5181: .Qq canonical
1.70 jmc 5182: format which uses CR/LF as end of line,
5183: as required by the S/MIME specification.
1.127 jmc 5184: When this option is present, no translation occurs.
1.70 jmc 5185: This is useful when handling binary data which may not be in MIME format.
1.1 jsing 5186: .It Fl CAfile Ar file
5187: A
5188: .Ar file
5189: containing trusted CA certificates; only used with
5190: .Fl verify .
5191: .It Fl CApath Ar directory
5192: A
5193: .Ar directory
5194: containing trusted CA certificates; only used with
5195: .Fl verify .
5196: This directory must be a standard certificate directory:
5197: that is, a hash of each subject name (using
5198: .Nm x509 -hash )
5199: should be linked to each certificate.
5200: .It Ar cert.pem ...
5201: One or more certificates of message recipients: used when encrypting
5202: a message.
5203: .It Fl certfile Ar file
5204: Allows additional certificates to be specified.
5205: When signing, these will be included with the message.
5206: When verifying, these will be searched for the signers' certificates.
5207: The certificates should be in PEM format.
5208: .It Xo
5209: .Fl check_ss_sig ,
5210: .Fl crl_check ,
5211: .Fl crl_check_all ,
5212: .Fl extended_crl ,
5213: .Fl ignore_critical ,
5214: .Fl issuer_checks ,
5215: .Fl policy_check ,
5216: .Fl x509_strict
5217: .Xc
5218: Set various certificate chain validation options.
5219: See the
1.70 jmc 5220: .Nm verify
1.1 jsing 5221: command for details.
5222: .It Fl content Ar file
1.70 jmc 5223: A file containing the detached content.
1.1 jsing 5224: This is only useful with the
5225: .Fl verify
1.70 jmc 5226: option,
5227: and only usable if the PKCS#7 structure is using the detached
1.1 jsing 5228: signature form where the content is not included.
1.70 jmc 5229: This option will override any content if the input format is S/MIME
5230: and it uses the multipart/signed MIME content type.
1.1 jsing 5231: .It Xo
5232: .Fl from Ar addr ,
5233: .Fl subject Ar s ,
5234: .Fl to Ar addr
5235: .Xc
5236: The relevant mail headers.
5237: These are included outside the signed
5238: portion of a message so they may be included manually.
1.70 jmc 5239: When signing, many S/MIME
1.1 jsing 5240: mail clients check that the signer's certificate email
5241: address matches the From: address.
5242: .It Fl in Ar file
1.70 jmc 5243: The input file to read from.
1.1 jsing 5244: .It Fl indef
5245: Enable streaming I/O for encoding operations.
5246: This permits single pass processing of data without
5247: the need to hold the entire contents in memory,
5248: potentially supporting very large files.
5249: Streaming is automatically set for S/MIME signing with detached
5250: data if the output format is SMIME;
5251: it is currently off by default for all other operations.
1.70 jmc 5252: .It Fl inform Cm der | pem | smime
5253: The input format.
1.1 jsing 5254: .It Fl inkey Ar file
1.70 jmc 5255: The private key to use when signing or decrypting,
5256: which must match the corresponding certificate.
1.1 jsing 5257: If this option is not specified, the private key must be included
5258: in the certificate file specified with
5259: the
5260: .Fl recip
5261: or
5262: .Fl signer
5263: file.
5264: When signing,
5265: this option can be used multiple times to specify successive keys.
1.112 inoguchi 5266: .It Fl keyform Cm der | pem
1.1 jsing 5267: Input private key format.
1.112 inoguchi 5268: The default is
5269: .Cm pem .
1.1 jsing 5270: .It Fl md Ar digest
5271: The digest algorithm to use when signing or resigning.
5272: If not present then the default digest algorithm for the signing key is used
5273: (usually SHA1).
5274: .It Fl noattr
1.70 jmc 5275: Do not include attributes.
1.1 jsing 5276: .It Fl nocerts
1.70 jmc 5277: Do not include the signer's certificate.
1.1 jsing 5278: This will reduce the size of the signed message but the verifier must
5279: have a copy of the signer's certificate available locally (passed using the
5280: .Fl certfile
5281: option, for example).
5282: .It Fl nochain
5283: Do not do chain verification of signers' certificates: that is,
5284: don't use the certificates in the signed message as untrusted CAs.
5285: .It Fl nodetach
1.137 naddy 5286: When signing a message, use opaque signing: this form is more resistant
1.1 jsing 5287: to translation by mail relays but it cannot be read by mail agents that
1.70 jmc 5288: do not support S/MIME.
5289: Without this option cleartext signing with the MIME type
5290: multipart/signed is used.
1.1 jsing 5291: .It Fl noindef
1.70 jmc 5292: Disable streaming I/O where it would produce an encoding of indefinite length
5293: (currently has no effect).
1.1 jsing 5294: .It Fl nointern
1.70 jmc 5295: Only use certificates specified in the
5296: .Fl certfile .
5297: The supplied certificates can still be used as untrusted CAs.
1.1 jsing 5298: .It Fl nosigs
1.70 jmc 5299: Do not try to verify the signatures on the message.
1.108 inoguchi 5300: .It Fl nosmimecap
5301: Exclude the list of supported algorithms from signed attributes,
5302: other options such as signing time and content type are still included.
1.1 jsing 5303: .It Fl noverify
5304: Do not verify the signer's certificate of a signed message.
5305: .It Fl out Ar file
1.70 jmc 5306: The output file to write to.
5307: .It Fl outform Cm der | pem | smime
5308: The output format.
5309: The default is smime, which writes an S/MIME format message.
5310: .Cm pem
1.1 jsing 5311: and
1.70 jmc 5312: .Cm der
5313: change this to write PEM and DER format PKCS#7 structures instead.
1.1 jsing 5314: This currently only affects the output format of the PKCS#7
5315: structure; if no PKCS#7 structure is being output (for example with
5316: .Fl verify
5317: or
5318: .Fl decrypt )
5319: this option has no effect.
5320: .It Fl passin Ar arg
5321: The key password source.
5322: .It Fl recip Ar file
5323: The recipients certificate when decrypting a message.
5324: This certificate
5325: must match one of the recipients of the message or an error occurs.
5326: .It Fl signer Ar file
5327: A signing certificate when signing or resigning a message;
5328: this option can be used multiple times if more than one signer is required.
5329: If a message is being verified, the signer's certificates will be
5330: written to this file if the verification was successful.
5331: .It Fl stream
5332: The same as
5333: .Fl indef .
5334: .It Fl text
1.70 jmc 5335: Add plain text (text/plain) MIME
1.1 jsing 5336: headers to the supplied message if encrypting or signing.
5337: If decrypting or verifying, it strips off text headers:
1.70 jmc 5338: if the decrypted or verified message is not of MIME type text/plain
5339: then an error occurs.
1.1 jsing 5340: .El
5341: .Pp
1.70 jmc 5342: The exit codes for
5343: .Nm smime
5344: are as follows:
1.1 jsing 5345: .Pp
1.150 jmc 5346: .Bl -tag -width "XXXX" -offset 3n -compact
1.70 jmc 5347: .It 0
1.1 jsing 5348: The operation was completely successful.
1.70 jmc 5349: .It 1
1.1 jsing 5350: An error occurred parsing the command options.
1.70 jmc 5351: .It 2
1.1 jsing 5352: One of the input files could not be read.
1.70 jmc 5353: .It 3
5354: An error occurred creating the file or when reading the message.
5355: .It 4
1.1 jsing 5356: An error occurred decrypting or verifying the message.
1.70 jmc 5357: .It 5
5358: An error occurred writing certificates.
1.1 jsing 5359: .El
1.120 kn 5360: .Tg speed
1.1 jsing 5361: .Sh SPEED
1.114 jmc 5362: .Bl -hang -width "openssl speed"
5363: .It Nm openssl speed
5364: .Bk -words
1.71 jmc 5365: .Op Ar algorithm
1.1 jsing 5366: .Op Fl decrypt
5367: .Op Fl elapsed
1.71 jmc 5368: .Op Fl evp Ar algorithm
1.1 jsing 5369: .Op Fl mr
5370: .Op Fl multi Ar number
1.145 tb 5371: .Op Fl unaligned Ar number
1.114 jmc 5372: .Ek
5373: .El
1.1 jsing 5374: .Pp
5375: The
5376: .Nm speed
5377: command is used to test the performance of cryptographic algorithms.
5378: .Bl -tag -width "XXXX"
1.71 jmc 5379: .It Ar algorithm
5380: Perform the test using
5381: .Ar algorithm .
5382: The default is to test all algorithms.
1.1 jsing 5383: .It Fl decrypt
1.71 jmc 5384: Time decryption instead of encryption;
5385: must be used with
5386: .Fl evp .
1.1 jsing 5387: .It Fl elapsed
5388: Measure time in real time instead of CPU user time.
1.71 jmc 5389: .It Fl evp Ar algorithm
5390: Perform the test using one of the algorithms accepted by
5391: .Xr EVP_get_cipherbyname 3 .
1.1 jsing 5392: .It Fl mr
5393: Produce machine readable output.
5394: .It Fl multi Ar number
5395: Run
5396: .Ar number
5397: benchmarks in parallel.
1.145 tb 5398: .It Fl unaligned Ar number
5399: Use allocated buffers with an offset of
5400: .Ar number
5401: bytes from the alignment provided by
1.146 tb 5402: .Xr malloc 3 .
1.145 tb 5403: .Ar number
5404: should be between 0 and 16.
1.1 jsing 5405: .El
1.120 kn 5406: .Tg spkac
1.77 jmc 5407: .Sh SPKAC
1.114 jmc 5408: .Bl -hang -width "openssl spkac"
5409: .It Nm openssl spkac
5410: .Bk -words
1.77 jmc 5411: .Op Fl challenge Ar string
5412: .Op Fl in Ar file
5413: .Op Fl key Ar keyfile
5414: .Op Fl noout
5415: .Op Fl out Ar file
5416: .Op Fl passin Ar arg
5417: .Op Fl pubkey
5418: .Op Fl spkac Ar spkacname
5419: .Op Fl spksect Ar section
5420: .Op Fl verify
1.114 jmc 5421: .Ek
5422: .El
1.77 jmc 5423: .Pp
5424: The
5425: .Nm spkac
5426: command processes signed public key and challenge (SPKAC) files.
5427: It can print out their contents, verify the signature,
5428: and produce its own SPKACs from a supplied private key.
5429: .Pp
5430: The options are as follows:
5431: .Bl -tag -width Ds
5432: .It Fl challenge Ar string
5433: The challenge string, if an SPKAC is being created.
5434: .It Fl in Ar file
5435: The input file to read from,
5436: or standard input if not specified.
5437: Ignored if the
5438: .Fl key
5439: option is used.
5440: .It Fl key Ar keyfile
5441: Create an SPKAC file using the private key in
5442: .Ar keyfile .
5443: The
5444: .Fl in , noout , spksect ,
5445: and
5446: .Fl verify
5447: options are ignored, if present.
5448: .It Fl noout
5449: Do not output the text version of the SPKAC.
5450: .It Fl out Ar file
5451: The output file to write to,
5452: or standard output if not specified.
5453: .It Fl passin Ar arg
5454: The key password source.
5455: .It Fl pubkey
5456: Output the public key of an SPKAC.
5457: .It Fl spkac Ar spkacname
5458: An alternative name for the variable containing the SPKAC.
5459: The default is "SPKAC".
5460: This option affects both generated and input SPKAC files.
5461: .It Fl spksect Ar section
5462: An alternative name for the
5463: .Ar section
5464: containing the SPKAC.
5465: .It Fl verify
5466: Verify the digital signature on the supplied SPKAC.
5467: .El
1.120 kn 5468: .Tg ts
1.1 jsing 5469: .Sh TS
1.114 jmc 5470: .Bk -words
5471: .Bl -hang -width "openssl ts"
5472: .It Nm openssl ts
1.1 jsing 5473: .Fl query
1.29 bcook 5474: .Op Fl md4 | md5 | ripemd160 | sha1
1.1 jsing 5475: .Op Fl cert
5476: .Op Fl config Ar configfile
5477: .Op Fl data Ar file_to_hash
5478: .Op Fl digest Ar digest_bytes
5479: .Op Fl in Ar request.tsq
5480: .Op Fl no_nonce
5481: .Op Fl out Ar request.tsq
5482: .Op Fl policy Ar object_id
5483: .Op Fl text
1.114 jmc 5484: .It Nm openssl ts
1.1 jsing 5485: .Fl reply
5486: .Op Fl chain Ar certs_file.pem
5487: .Op Fl config Ar configfile
5488: .Op Fl in Ar response.tsr
5489: .Op Fl inkey Ar private.pem
5490: .Op Fl out Ar response.tsr
5491: .Op Fl passin Ar arg
5492: .Op Fl policy Ar object_id
5493: .Op Fl queryfile Ar request.tsq
5494: .Op Fl section Ar tsa_section
5495: .Op Fl signer Ar tsa_cert.pem
5496: .Op Fl text
5497: .Op Fl token_in
5498: .Op Fl token_out
1.114 jmc 5499: .It Nm openssl ts
1.1 jsing 5500: .Fl verify
5501: .Op Fl CAfile Ar trusted_certs.pem
5502: .Op Fl CApath Ar trusted_cert_path
5503: .Op Fl data Ar file_to_hash
5504: .Op Fl digest Ar digest_bytes
5505: .Op Fl in Ar response.tsr
5506: .Op Fl queryfile Ar request.tsq
5507: .Op Fl token_in
5508: .Op Fl untrusted Ar cert_file.pem
1.114 jmc 5509: .El
5510: .Ek
1.1 jsing 5511: .Pp
5512: The
5513: .Nm ts
5514: command is a basic Time Stamping Authority (TSA) client and server
5515: application as specified in RFC 3161 (Time-Stamp Protocol, TSP).
5516: A TSA can be part of a PKI deployment and its role is to provide long
1.72 jmc 5517: term proof of the existence of specific data.
1.1 jsing 5518: Here is a brief description of the protocol:
5519: .Bl -enum
5520: .It
5521: The TSA client computes a one-way hash value for a data file and sends
5522: the hash to the TSA.
5523: .It
5524: The TSA attaches the current date and time to the received hash value,
5525: signs them and sends the time stamp token back to the client.
5526: By creating this token the TSA certifies the existence of the original
5527: data file at the time of response generation.
5528: .It
5529: The TSA client receives the time stamp token and verifies the
5530: signature on it.
5531: It also checks if the token contains the same hash
5532: value that it had sent to the TSA.
5533: .El
5534: .Pp
5535: There is one DER-encoded protocol data unit defined for transporting a time
5536: stamp request to the TSA and one for sending the time stamp response
5537: back to the client.
5538: The
5539: .Nm ts
5540: command has three main functions:
5541: creating a time stamp request based on a data file;
5542: creating a time stamp response based on a request;
5543: and verifying if a response corresponds
5544: to a particular request or a data file.
5545: .Pp
5546: There is no support for sending the requests/responses automatically
5547: over HTTP or TCP yet as suggested in RFC 3161.
5548: Users must send the requests either by FTP or email.
5549: .Pp
5550: The
5551: .Fl query
5552: switch can be used for creating and printing a time stamp
5553: request with the following options:
5554: .Bl -tag -width Ds
5555: .It Fl cert
1.72 jmc 5556: Expect the TSA to include its signing certificate in the response.
1.1 jsing 5557: .It Fl config Ar configfile
1.72 jmc 5558: Specify an alternative configuration file.
5559: Only the OID section is used.
1.1 jsing 5560: .It Fl data Ar file_to_hash
5561: The data file for which the time stamp request needs to be created.
1.72 jmc 5562: The default is standard input.
1.1 jsing 5563: .It Fl digest Ar digest_bytes
1.72 jmc 5564: Specify the message imprint explicitly without the data file.
1.1 jsing 5565: The imprint must be specified in a hexadecimal format,
5566: two characters per byte,
1.72 jmc 5567: the bytes optionally separated by colons.
1.1 jsing 5568: The number of bytes must match the message digest algorithm in use.
5569: .It Fl in Ar request.tsq
1.72 jmc 5570: A previously created time stamp request in DER
1.1 jsing 5571: format that will be printed into the output file.
1.72 jmc 5572: Useful for examining the content of a request in human-readable format.
1.76 jmc 5573: .It Fl md4 | md5 | ripemd160 | sha | sha1
1.1 jsing 5574: The message digest to apply to the data file.
5575: It supports all the message digest algorithms that are supported by the
5576: .Nm dgst
5577: command.
1.125 inoguchi 5578: The default is SHA1.
1.1 jsing 5579: .It Fl no_nonce
1.72 jmc 5580: Specify no nonce in the request.
5581: The default, to include a 64-bit long pseudo-random nonce,
5582: is recommended to protect against replay attacks.
1.1 jsing 5583: .It Fl out Ar request.tsq
1.72 jmc 5584: The output file to write to,
5585: or standard output if not specified.
1.1 jsing 5586: .It Fl policy Ar object_id
5587: The policy that the client expects the TSA to use for creating the
5588: time stamp token.
1.72 jmc 5589: Either dotted OID notation or OID names defined
1.1 jsing 5590: in the config file can be used.
1.127 jmc 5591: If no policy is requested, the TSA uses its own default policy.
1.1 jsing 5592: .It Fl text
1.72 jmc 5593: Output in human-readable text format instead of DER.
1.1 jsing 5594: .El
5595: .Pp
5596: A time stamp response (TimeStampResp) consists of a response status
5597: and the time stamp token itself (ContentInfo),
5598: if the token generation was successful.
5599: The
5600: .Fl reply
5601: command is for creating a time stamp
5602: response or time stamp token based on a request and printing the
5603: response/token in human-readable format.
5604: If
5605: .Fl token_out
5606: is not specified the output is always a time stamp response (TimeStampResp),
5607: otherwise it is a time stamp token (ContentInfo).
5608: .Bl -tag -width Ds
5609: .It Fl chain Ar certs_file.pem
1.72 jmc 5610: The collection of PEM certificates
1.1 jsing 5611: that will be included in the response
5612: in addition to the signer certificate if the
5613: .Fl cert
5614: option was used for the request.
5615: This file is supposed to contain the certificate chain
5616: for the signer certificate from its issuer upwards.
5617: The
5618: .Fl reply
5619: command does not build a certificate chain automatically.
5620: .It Fl config Ar configfile
1.72 jmc 5621: Specify an alternative configuration file.
1.1 jsing 5622: .It Fl in Ar response.tsr
1.72 jmc 5623: Specify a previously created time stamp response (or time stamp token, if
1.1 jsing 5624: .Fl token_in
1.72 jmc 5625: is also specified)
1.1 jsing 5626: in DER format that will be written to the output file.
5627: This option does not require a request;
5628: it is useful, for example,
1.72 jmc 5629: to examine the content of a response or token
5630: or to extract the time stamp token from a response.
1.137 naddy 5631: If the input is a token and the output is a time stamp response, a default
1.72 jmc 5632: .Qq granted
1.1 jsing 5633: status info is added to the token.
5634: .It Fl inkey Ar private.pem
5635: The signer private key of the TSA in PEM format.
5636: Overrides the
5637: .Cm signer_key
5638: config file option.
5639: .It Fl out Ar response.tsr
5640: The response is written to this file.
5641: The format and content of the file depends on other options (see
5642: .Fl text
5643: and
5644: .Fl token_out ) .
5645: The default is stdout.
5646: .It Fl passin Ar arg
5647: The key password source.
5648: .It Fl policy Ar object_id
1.72 jmc 5649: The default policy to use for the response.
5650: Either dotted OID notation or OID names defined
5651: in the config file can be used.
1.137 naddy 5652: If no policy is requested, the TSA uses its own default policy.
1.1 jsing 5653: .It Fl queryfile Ar request.tsq
1.72 jmc 5654: The file containing a DER-encoded time stamp request.
1.1 jsing 5655: .It Fl section Ar tsa_section
1.72 jmc 5656: The config file section containing the settings for response generation.
1.1 jsing 5657: .It Fl signer Ar tsa_cert.pem
1.72 jmc 5658: The PEM signer certificate of the TSA.
1.1 jsing 5659: The TSA signing certificate must have exactly one extended key usage
5660: assigned to it: timeStamping.
5661: The extended key usage must also be critical,
5662: otherwise the certificate is going to be refused.
5663: Overrides the
5664: .Cm signer_cert
5665: variable of the config file.
5666: .It Fl text
1.72 jmc 5667: Output in human-readable text format instead of DER.
1.1 jsing 5668: .It Fl token_in
1.72 jmc 5669: The input is a DER-encoded time stamp token (ContentInfo)
5670: instead of a time stamp response (TimeStampResp).
1.1 jsing 5671: .It Fl token_out
1.72 jmc 5672: The output is a time stamp token (ContentInfo)
5673: instead of a time stamp response (TimeStampResp).
1.1 jsing 5674: .El
5675: .Pp
5676: The
5677: .Fl verify
5678: command is for verifying if a time stamp response or time stamp token
5679: is valid and matches a particular time stamp request or data file.
5680: The
5681: .Fl verify
5682: command does not use the configuration file.
5683: .Bl -tag -width Ds
5684: .It Fl CAfile Ar trusted_certs.pem
1.72 jmc 5685: The file containing a set of trusted self-signed PEM CA certificates.
5686: See
1.1 jsing 5687: .Nm verify
5688: for additional details.
5689: Either this option or
5690: .Fl CApath
5691: must be specified.
5692: .It Fl CApath Ar trusted_cert_path
1.112 inoguchi 5693: The directory containing the trusted CA certificates of the client.
1.72 jmc 5694: See
1.1 jsing 5695: .Nm verify
5696: for additional details.
5697: Either this option or
5698: .Fl CAfile
5699: must be specified.
5700: .It Fl data Ar file_to_hash
5701: The response or token must be verified against
5702: .Ar file_to_hash .
5703: The file is hashed with the message digest algorithm specified in the token.
5704: The
5705: .Fl digest
5706: and
5707: .Fl queryfile
5708: options must not be specified with this one.
5709: .It Fl digest Ar digest_bytes
5710: The response or token must be verified against the message digest specified
5711: with this option.
5712: The number of bytes must match the message digest algorithm
5713: specified in the token.
5714: The
5715: .Fl data
5716: and
5717: .Fl queryfile
5718: options must not be specified with this one.
5719: .It Fl in Ar response.tsr
5720: The time stamp response that needs to be verified, in DER format.
5721: This option in mandatory.
5722: .It Fl queryfile Ar request.tsq
5723: The original time stamp request, in DER format.
5724: The
5725: .Fl data
5726: and
5727: .Fl digest
5728: options must not be specified with this one.
5729: .It Fl token_in
1.72 jmc 5730: The input is a DER-encoded time stamp token (ContentInfo)
5731: instead of a time stamp response (TimeStampResp).
1.1 jsing 5732: .It Fl untrusted Ar cert_file.pem
1.72 jmc 5733: Additional untrusted PEM certificates which may be needed
5734: when building the certificate chain for the TSA's signing certificate.
1.1 jsing 5735: This file must contain the TSA signing certificate and
5736: all intermediate CA certificates unless the response includes them.
5737: .El
5738: .Pp
1.72 jmc 5739: Options specified on the command line always override
5740: the settings in the config file:
1.1 jsing 5741: .Bl -tag -width Ds
5742: .It Cm tsa Ar section , Cm default_tsa
5743: This is the main section and it specifies the name of another section
5744: that contains all the options for the
5745: .Fl reply
5746: option.
1.72 jmc 5747: This section can be overridden with the
1.1 jsing 5748: .Fl section
5749: command line switch.
5750: .It Cm oid_file
5751: See
5752: .Nm ca
5753: for a description.
5754: .It Cm oid_section
5755: See
5756: .Nm ca
5757: for a description.
5758: .It Cm serial
1.72 jmc 5759: The file containing the hexadecimal serial number of the
1.1 jsing 5760: last time stamp response created.
5761: This number is incremented by 1 for each response.
1.137 naddy 5762: If the file does not exist at the time of response generation,
1.72 jmc 5763: a new file is created with serial number 1.
1.1 jsing 5764: This parameter is mandatory.
5765: .It Cm signer_cert
5766: TSA signing certificate, in PEM format.
5767: The same as the
5768: .Fl signer
5769: command line option.
5770: .It Cm certs
1.72 jmc 5771: A set of PEM-encoded certificates that need to be
1.1 jsing 5772: included in the response.
5773: The same as the
5774: .Fl chain
5775: command line option.
5776: .It Cm signer_key
5777: The private key of the TSA, in PEM format.
5778: The same as the
5779: .Fl inkey
5780: command line option.
5781: .It Cm default_policy
5782: The default policy to use when the request does not mandate any policy.
5783: The same as the
5784: .Fl policy
5785: command line option.
5786: .It Cm other_policies
5787: Comma separated list of policies that are also acceptable by the TSA
5788: and used only if the request explicitly specifies one of them.
5789: .It Cm digests
5790: The list of message digest algorithms that the TSA accepts.
5791: At least one algorithm must be specified.
5792: This parameter is mandatory.
5793: .It Cm accuracy
5794: The accuracy of the time source of the TSA in seconds, milliseconds
5795: and microseconds.
5796: For example, secs:1, millisecs:500, microsecs:100.
5797: If any of the components is missing,
5798: zero is assumed for that field.
5799: .It Cm clock_precision_digits
1.72 jmc 5800: The maximum number of digits, which represent the fraction of seconds,
5801: that need to be included in the time field.
1.1 jsing 5802: The trailing zeroes must be removed from the time,
1.72 jmc 5803: so there might actually be fewer digits
1.1 jsing 5804: or no fraction of seconds at all.
5805: The maximum value is 6;
5806: the default is 0.
5807: .It Cm ordering
5808: If this option is yes,
5809: the responses generated by this TSA can always be ordered,
5810: even if the time difference between two responses is less
5811: than the sum of their accuracies.
5812: The default is no.
5813: .It Cm tsa_name
5814: Set this option to yes if the subject name of the TSA must be included in
5815: the TSA name field of the response.
5816: The default is no.
5817: .It Cm ess_cert_id_chain
5818: The SignedData objects created by the TSA always contain the
5819: certificate identifier of the signing certificate in a signed
5820: attribute (see RFC 2634, Enhanced Security Services).
5821: If this option is set to yes and either the
5822: .Cm certs
5823: variable or the
5824: .Fl chain
5825: option is specified then the certificate identifiers of the chain will also
5826: be included in the SigningCertificate signed attribute.
5827: If this variable is set to no,
5828: only the signing certificate identifier is included.
5829: The default is no.
5830: .El
1.120 kn 5831: .Tg verify
1.1 jsing 5832: .Sh VERIFY
1.114 jmc 5833: .Bl -hang -width "openssl verify"
5834: .It Nm openssl verify
5835: .Bk -words
1.1 jsing 5836: .Op Fl CAfile Ar file
5837: .Op Fl CApath Ar directory
5838: .Op Fl check_ss_sig
1.107 inoguchi 5839: .Op Fl CRLfile Ar file
1.1 jsing 5840: .Op Fl crl_check
5841: .Op Fl crl_check_all
5842: .Op Fl explicit_policy
5843: .Op Fl extended_crl
5844: .Op Fl help
5845: .Op Fl ignore_critical
5846: .Op Fl inhibit_any
5847: .Op Fl inhibit_map
5848: .Op Fl issuer_checks
1.126 tb 5849: .Op Fl legacy_verify
1.1 jsing 5850: .Op Fl policy_check
5851: .Op Fl purpose Ar purpose
1.107 inoguchi 5852: .Op Fl trusted Ar file
1.1 jsing 5853: .Op Fl untrusted Ar file
5854: .Op Fl verbose
5855: .Op Fl x509_strict
5856: .Op Ar certificates
1.114 jmc 5857: .Ek
5858: .El
1.1 jsing 5859: .Pp
5860: The
5861: .Nm verify
5862: command verifies certificate chains.
5863: .Pp
5864: The options are as follows:
5865: .Bl -tag -width Ds
5866: .It Fl CAfile Ar file
5867: A
5868: .Ar file
5869: of trusted certificates.
5870: The
5871: .Ar file
5872: should contain multiple certificates in PEM format, concatenated together.
5873: .It Fl CApath Ar directory
5874: A
5875: .Ar directory
5876: of trusted certificates.
1.76 jmc 5877: The certificates, or symbolic links to them,
5878: should have names of the form
5879: .Ar hash Ns .0 ,
5880: where
5881: .Ar hash
5882: is the hashed certificate subject name
5883: (see the
1.1 jsing 5884: .Fl hash
5885: option of the
5886: .Nm x509
5887: utility).
1.107 inoguchi 5888: .It Fl check_ss_sig
5889: Verify the signature on the self-signed root CA.
5890: This is disabled by default
5891: because it doesn't add any security.
5892: .It Fl CRLfile Ar file
5893: The
5894: .Ar file
5895: should contain one or more CRLs in PEM format.
1.1 jsing 5896: .It Fl crl_check
1.76 jmc 5897: Check end entity certificate validity by attempting to look up a valid CRL.
1.127 jmc 5898: If a valid CRL cannot be found, an error occurs.
1.1 jsing 5899: .It Fl crl_check_all
1.76 jmc 5900: Check the validity of all certificates in the chain by attempting
1.1 jsing 5901: to look up valid CRLs.
5902: .It Fl explicit_policy
1.76 jmc 5903: Set policy variable require-explicit-policy (RFC 3280).
1.1 jsing 5904: .It Fl extended_crl
5905: Enable extended CRL features such as indirect CRLs and alternate CRL
5906: signing keys.
5907: .It Fl help
1.76 jmc 5908: Print a usage message.
1.1 jsing 5909: .It Fl ignore_critical
1.76 jmc 5910: Ignore critical extensions instead of rejecting the certificate.
1.1 jsing 5911: .It Fl inhibit_any
1.76 jmc 5912: Set policy variable inhibit-any-policy (RFC 3280).
1.1 jsing 5913: .It Fl inhibit_map
1.76 jmc 5914: Set policy variable inhibit-policy-mapping (RFC 3280).
1.1 jsing 5915: .It Fl issuer_checks
1.76 jmc 5916: Print diagnostics relating to searches for the issuer certificate
5917: of the current certificate
5918: showing why each candidate issuer certificate was rejected.
5919: The presence of rejection messages
5920: does not itself imply that anything is wrong:
5921: during the normal verify process several rejections may take place.
1.126 tb 5922: .It Fl legacy_verify
5923: Use the legacy X.509 certificate chain verification code.
1.1 jsing 5924: .It Fl policy_check
1.76 jmc 5925: Enable certificate policy processing.
1.1 jsing 5926: .It Fl purpose Ar purpose
5927: The intended use for the certificate.
5928: Without this option no chain verification will be done.
5929: Currently accepted uses are
1.76 jmc 5930: .Cm sslclient , sslserver ,
5931: .Cm nssslserver , smimesign ,
5932: .Cm smimeencrypt , crlsign ,
5933: .Cm any ,
1.1 jsing 5934: and
1.76 jmc 5935: .Cm ocsphelper .
1.107 inoguchi 5936: .It Fl trusted Ar file
5937: A
5938: .Ar file
5939: of trusted certificates.
5940: The
5941: .Ar file
5942: should contain multiple certificates.
1.1 jsing 5943: .It Fl untrusted Ar file
5944: A
5945: .Ar file
5946: of untrusted certificates.
5947: The
5948: .Ar file
5949: should contain multiple certificates.
5950: .It Fl verbose
5951: Print extra information about the operations being performed.
5952: .It Fl x509_strict
5953: Disable workarounds for broken certificates which have to be disabled
5954: for strict X.509 compliance.
5955: .It Ar certificates
1.76 jmc 5956: One or more PEM
1.1 jsing 5957: .Ar certificates
5958: to verify.
5959: If no certificate files are included, an attempt is made to read
5960: a certificate from standard input.
1.76 jmc 5961: If the first certificate filename begins with a dash,
5962: use a lone dash to mark the last option.
1.1 jsing 5963: .El
1.76 jmc 5964: .Pp
1.1 jsing 5965: The
5966: .Nm verify
5967: program uses the same functions as the internal SSL and S/MIME verification,
1.76 jmc 5968: with one crucial difference:
5969: wherever possible an attempt is made to continue after an error,
5970: whereas normally the verify operation would halt on the first error.
1.1 jsing 5971: This allows all the problems with a certificate chain to be determined.
5972: .Pp
1.76 jmc 5973: The verify operation consists of a number of separate steps.
1.1 jsing 5974: Firstly a certificate chain is built up starting from the supplied certificate
5975: and ending in the root CA.
5976: It is an error if the whole chain cannot be built up.
5977: The chain is built up by looking up the issuer's certificate of the current
5978: certificate.
5979: If a certificate is found which is its own issuer, it is assumed
5980: to be the root CA.
5981: .Pp
1.76 jmc 5982: All certificates whose subject name matches the issuer name
1.1 jsing 5983: of the current certificate are subject to further tests.
5984: The relevant authority key identifier components of the current certificate
1.76 jmc 5985: (if present) must match the subject key identifier (if present)
5986: and issuer and serial number of the candidate issuer;
5987: in addition the
5988: .Cm keyUsage
5989: extension of the candidate issuer (if present) must permit certificate signing.
1.1 jsing 5990: .Pp
5991: The lookup first looks in the list of untrusted certificates and if no match
5992: is found the remaining lookups are from the trusted certificates.
1.76 jmc 5993: The root CA is always looked up in the trusted certificate list:
5994: if the certificate to verify is a root certificate,
5995: then an exact match must be found in the trusted list.
1.1 jsing 5996: .Pp
5997: The second operation is to check every untrusted certificate's extensions for
5998: consistency with the supplied purpose.
5999: If the
6000: .Fl purpose
6001: option is not included, then no checks are done.
6002: The supplied or
6003: .Qq leaf
6004: certificate must have extensions compatible with the supplied purpose
6005: and all other certificates must also be valid CA certificates.
6006: The precise extensions required are described in more detail in
6007: the
1.76 jmc 6008: .Nm X509
1.1 jsing 6009: section below.
6010: .Pp
6011: The third operation is to check the trust settings on the root CA.
6012: The root CA should be trusted for the supplied purpose.
1.76 jmc 6013: A certificate with no trust settings is considered to be valid for
1.1 jsing 6014: all purposes.
6015: .Pp
6016: The final operation is to check the validity of the certificate chain.
6017: The validity period is checked against the current system time and the
1.76 jmc 6018: .Cm notBefore
1.1 jsing 6019: and
1.76 jmc 6020: .Cm notAfter
1.1 jsing 6021: dates in the certificate.
6022: The certificate signatures are also checked at this point.
6023: .Pp
6024: If all operations complete successfully, the certificate is considered
6025: valid.
6026: If any operation fails then the certificate is not valid.
6027: When a verify operation fails, the output messages can be somewhat cryptic.
6028: The general form of the error message is:
1.76 jmc 6029: .Bd -literal
6030: server.pem: /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test CA (1024-bit)
6031: error 24 at 1 depth lookup:invalid CA certificate
1.1 jsing 6032: .Ed
6033: .Pp
6034: The first line contains the name of the certificate being verified, followed by
6035: the subject name of the certificate.
1.148 schwarze 6036: The second line contains the error number as defined by the
6037: .Dv X509_V_ERR_*
6038: constants in
6039: .In openssl/x509_vfy.h ,
6040: the associated error message documented in
6041: .Xr X509_STORE_CTX_get_error 3 ,
6042: and the depth.
1.1 jsing 6043: The depth is the number of the certificate being verified when a
6044: problem was detected starting with zero for the certificate being verified
6045: itself, then 1 for the CA that signed the certificate and so on.
1.120 kn 6046: .Tg version
1.1 jsing 6047: .Sh VERSION
6048: .Nm openssl version
1.152 tb 6049: .Op Fl abdfpv
1.1 jsing 6050: .Pp
6051: The
6052: .Nm version
6053: command is used to print out version information about
1.79 jmc 6054: .Nm openssl .
1.1 jsing 6055: .Pp
6056: The options are as follows:
6057: .Bl -tag -width Ds
6058: .It Fl a
6059: All information: this is the same as setting all the other flags.
6060: .It Fl b
6061: The date the current version of
1.79 jmc 6062: .Nm openssl
1.1 jsing 6063: was built.
6064: .It Fl d
6065: .Ev OPENSSLDIR
6066: setting.
6067: .It Fl f
6068: Compilation flags.
6069: .It Fl p
6070: Platform setting.
6071: .It Fl v
6072: The current
1.79 jmc 6073: .Nm openssl
1.1 jsing 6074: version.
6075: .El
1.120 kn 6076: .Tg x509
1.1 jsing 6077: .Sh X509
1.114 jmc 6078: .Bl -hang -width "openssl x509"
6079: .It Nm openssl x509
6080: .Bk -words
1.1 jsing 6081: .Op Fl C
6082: .Op Fl addreject Ar arg
6083: .Op Fl addtrust Ar arg
6084: .Op Fl alias
6085: .Op Fl CA Ar file
6086: .Op Fl CAcreateserial
1.80 jmc 6087: .Op Fl CAform Cm der | pem
1.1 jsing 6088: .Op Fl CAkey Ar file
1.80 jmc 6089: .Op Fl CAkeyform Cm der | pem
1.1 jsing 6090: .Op Fl CAserial Ar file
6091: .Op Fl certopt Ar option
6092: .Op Fl checkend Ar arg
6093: .Op Fl clrext
6094: .Op Fl clrreject
6095: .Op Fl clrtrust
6096: .Op Fl dates
6097: .Op Fl days Ar arg
6098: .Op Fl email
6099: .Op Fl enddate
6100: .Op Fl extensions Ar section
6101: .Op Fl extfile Ar file
6102: .Op Fl fingerprint
1.154 job 6103: .Op Fl force_pubkey Ar key
1.1 jsing 6104: .Op Fl hash
6105: .Op Fl in Ar file
1.80 jmc 6106: .Op Fl inform Cm der | net | pem
1.1 jsing 6107: .Op Fl issuer
6108: .Op Fl issuer_hash
6109: .Op Fl issuer_hash_old
1.80 jmc 6110: .Op Fl keyform Cm der | pem
1.29 bcook 6111: .Op Fl md5 | sha1
1.1 jsing 6112: .Op Fl modulus
1.154 job 6113: .Op Fl multivalue-rdn
1.1 jsing 6114: .Op Fl nameopt Ar option
1.155 ! job 6115: .Op Fl new
1.107 inoguchi 6116: .Op Fl next_serial
1.1 jsing 6117: .Op Fl noout
6118: .Op Fl ocsp_uri
6119: .Op Fl ocspid
6120: .Op Fl out Ar file
1.80 jmc 6121: .Op Fl outform Cm der | net | pem
1.1 jsing 6122: .Op Fl passin Ar arg
6123: .Op Fl pubkey
6124: .Op Fl purpose
6125: .Op Fl req
6126: .Op Fl serial
1.154 job 6127: .Op Fl set_issuer Ar name
1.1 jsing 6128: .Op Fl set_serial Ar n
1.154 job 6129: .Op Fl set_subject Ar name
1.1 jsing 6130: .Op Fl setalias Ar arg
6131: .Op Fl signkey Ar file
1.107 inoguchi 6132: .Op Fl sigopt Ar nm:v
1.1 jsing 6133: .Op Fl startdate
6134: .Op Fl subject
6135: .Op Fl subject_hash
6136: .Op Fl subject_hash_old
6137: .Op Fl text
6138: .Op Fl trustout
1.154 job 6139: .Op Fl utf8
1.1 jsing 6140: .Op Fl x509toreq
1.114 jmc 6141: .Ek
6142: .El
1.1 jsing 6143: .Pp
6144: The
6145: .Nm x509
6146: command is a multi-purpose certificate utility.
6147: It can be used to display certificate information, convert certificates to
6148: various forms, sign certificate requests like a
6149: .Qq mini CA ,
6150: or edit certificate trust settings.
6151: .Pp
1.80 jmc 6152: The following are x509 input, output, and general purpose options:
1.1 jsing 6153: .Bl -tag -width "XXXX"
6154: .It Fl in Ar file
1.80 jmc 6155: The input file to read from,
6156: or standard input if not specified.
1.155 ! job 6157: This option cannot be used with
! 6158: .Fl new .
1.80 jmc 6159: .It Fl inform Cm der | net | pem
6160: The input format.
1.1 jsing 6161: Normally, the command will expect an X.509 certificate,
6162: but this can change if other options such as
1.155 ! job 6163: .Fl in
! 6164: or
1.1 jsing 6165: .Fl req
6166: are present.
1.29 bcook 6167: .It Fl md5 | sha1
1.1 jsing 6168: The digest to use.
6169: This affects any signing or display option that uses a message digest,
6170: such as the
6171: .Fl fingerprint , signkey ,
6172: and
6173: .Fl CA
6174: options.
6175: If not specified, MD5 is used.
1.80 jmc 6176: SHA1 is always used with DSA keys.
1.1 jsing 6177: .It Fl out Ar file
1.80 jmc 6178: The output file to write to,
6179: or standard output if none is specified.
6180: .It Fl outform Cm der | net | pem
6181: The output format.
1.1 jsing 6182: .It Fl passin Ar arg
6183: The key password source.
6184: .El
1.80 jmc 6185: .Pp
6186: The following are x509 display options:
1.1 jsing 6187: .Bl -tag -width "XXXX"
6188: .It Fl C
1.80 jmc 6189: Output the certificate in the form of a C source file.
1.1 jsing 6190: .It Fl certopt Ar option
6191: Customise the output format used with
1.80 jmc 6192: .Fl text ,
6193: either using a list of comma-separated options or by specifying
1.1 jsing 6194: .Fl certopt
1.80 jmc 6195: multiple times.
6196: The default behaviour is to print all fields.
6197: The options are as follows:
6198: .Pp
6199: .Bl -tag -width "no_extensions" -offset indent -compact
6200: .It Cm ca_default
6201: Equivalent to
6202: .Cm no_issuer , no_pubkey , no_header ,
6203: .Cm no_version , no_sigdump ,
6204: and
6205: .Cm no_signame .
6206: .It Cm compatible
6207: Equivalent to no output options at all.
6208: .It Cm ext_default
6209: Print unsupported certificate extensions.
6210: .It Cm ext_dump
6211: Hex dump unsupported extensions.
6212: .It Cm ext_error
6213: Print an error message for unsupported certificate extensions.
6214: .It Cm ext_parse
1.84 jmc 6215: ASN.1 parse unsupported extensions.
1.80 jmc 6216: .It Cm no_aux
6217: Do not print certificate trust information.
6218: .It Cm no_extensions
6219: Do not print X509V3 extensions.
6220: .It Cm no_header
6221: Do not print header (Certificate and Data) information.
6222: .It Cm no_issuer
6223: Do not print the issuer name.
6224: .It Cm no_pubkey
6225: Do not print the public key.
6226: .It Cm no_serial
6227: Do not print the serial number.
6228: .It Cm no_sigdump
6229: Do not give a hexadecimal dump of the certificate signature.
6230: .It Cm no_signame
6231: Do not print the signature algorithm used.
6232: .It Cm no_subject
6233: Do not print the subject name.
6234: .It Cm no_validity
6235: Do not print the
6236: .Cm notBefore
6237: and
6238: .Cm notAfter
6239: (validity) fields.
6240: .It Cm no_version
6241: Do not print the version number.
6242: .El
1.1 jsing 6243: .It Fl dates
1.80 jmc 6244: Print the start and expiry date of a certificate.
1.1 jsing 6245: .It Fl email
1.80 jmc 6246: Output the email addresses, if any.
1.1 jsing 6247: .It Fl enddate
1.80 jmc 6248: Print the expiry date of the certificate; that is, the
6249: .Cm notAfter
1.1 jsing 6250: date.
6251: .It Fl fingerprint
1.80 jmc 6252: Print the digest of the DER-encoded version of the whole certificate.
1.1 jsing 6253: .It Fl hash
6254: A synonym for
1.80 jmc 6255: .Fl subject_hash .
1.1 jsing 6256: .It Fl issuer
1.80 jmc 6257: Print the issuer name.
1.1 jsing 6258: .It Fl issuer_hash
1.80 jmc 6259: Print the hash of the certificate issuer name.
1.1 jsing 6260: .It Fl issuer_hash_old
1.80 jmc 6261: Print the hash of the certificate issuer name
6262: using the older algorithm as used by
6263: .Nm openssl
1.1 jsing 6264: versions before 1.0.0.
6265: .It Fl modulus
1.80 jmc 6266: Print the value of the modulus of the public key contained in the certificate.
1.154 job 6267: .It Fl multivalue-rdn
6268: This option causes the
6269: .Fl subj
6270: argument to be interpreted with full support for multivalued RDNs,
6271: for example
6272: .Qq "/DC=org/DC=OpenSSL/DC=users/UID=123456+CN=John Doe" .
6273: If
6274: .Fl multivalue-rdn
6275: is not used, the UID value is set to
6276: .Qq "123456+CN=John Doe" .
1.1 jsing 6277: .It Fl nameopt Ar option
1.80 jmc 6278: Customise how the subject or issuer names are displayed,
6279: either using a list of comma-separated options or by specifying
1.1 jsing 6280: .Fl nameopt
1.80 jmc 6281: multiple times.
6282: The default behaviour is to use the
6283: .Cm oneline
6284: format.
6285: The options,
6286: which can be preceded by a dash to turn them off,
6287: are as follows:
6288: .Bl -tag -width "XXXX"
6289: .It Cm align
6290: Align field values for a more readable output.
6291: Only usable with
6292: .Ar sep_multiline .
6293: .It Cm compat
6294: Use the old format,
6295: equivalent to specifying no options at all.
6296: .It Cm dn_rev
6297: Reverse the fields of the DN, as required by RFC 2253.
6298: As a side effect, this also reverses the order of multiple AVAs.
6299: .It Cm dump_all
6300: Dump all fields.
6301: When used with
6302: .Ar dump_der ,
6303: it allows the DER encoding of the structure to be unambiguously determined.
6304: .It Cm dump_der
6305: Any fields that need to be hexdumped are
6306: dumped using the DER encoding of the field.
6307: Otherwise just the content octets will be displayed.
6308: Both options use the RFC 2253 #XXXX... format.
6309: .It Cm dump_nostr
6310: Dump non-character string types
6311: (for example OCTET STRING);
6312: usually, non-character string types are displayed
6313: as though each content octet represents a single character.
6314: .It Cm dump_unknown
6315: Dump any field whose OID is not recognised by
6316: .Nm openssl .
6317: .It Cm esc_2253
6318: Escape the
6319: .Qq special
6320: characters required by RFC 2253 in a field that is
6321: .Dq \& ,+"<>; .
6322: Additionally,
6323: .Sq #
6324: is escaped at the beginning of a string
6325: and a space character at the beginning or end of a string.
6326: .It Cm esc_ctrl
6327: Escape control characters.
6328: That is, those with ASCII values less than 0x20 (space)
6329: and the delete (0x7f) character.
6330: They are escaped using the RFC 2253 \eXX notation (where XX are two hex
6331: digits representing the character value).
6332: .It Cm esc_msb
6333: Escape characters with the MSB set; that is, with ASCII values larger than
6334: 127.
6335: .It Cm multiline
6336: A multiline format.
6337: Equivalent to
6338: .Cm esc_ctrl , esc_msb , sep_multiline ,
6339: .Cm space_eq , lname ,
6340: and
6341: .Cm align .
6342: .It Cm no_type
6343: Do not attempt to interpret multibyte characters.
6344: That is, content octets are merely dumped as though one octet
6345: represents each character.
6346: This is useful for diagnostic purposes
6347: but results in rather odd looking output.
6348: .It Cm nofname , sname , lname , oid
6349: Alter how the field name is displayed:
6350: .Cm nofname
6351: does not display the field at all;
6352: .Cm sname
6353: uses the short name form (CN for
6354: .Cm commonName ,
6355: for example);
6356: .Cm lname
6357: uses the long form.
6358: .Cm oid
6359: represents the OID in numerical form and is useful for diagnostic purpose.
6360: .It Cm oneline
6361: A one line format which is more readable than
6362: .Cm RFC2253 .
6363: Equivalent to
6364: .Cm esc_2253 , esc_ctrl , esc_msb , utf8 ,
6365: .Cm dump_nostr , dump_der , use_quote , sep_comma_plus_spc ,
6366: .Cm space_eq ,
6367: and
6368: .Cm sname .
6369: .It Cm RFC2253
6370: Displays names compatible with RFC 2253.
6371: Equivalent to
6372: .Cm esc_2253 , esc_ctrl ,
6373: .Cm esc_msb , utf8 , dump_nostr , dump_unknown ,
6374: .Cm dump_der , sep_comma_plus , dn_rev ,
6375: and
6376: .Cm sname .
6377: .It Cm sep_comma_plus , sep_comma_plus_space , sep_semi_plus_space , sep_multiline
6378: Determine the field separators:
6379: the first character is between RDNs and the second between multiple AVAs
6380: (multiple AVAs are very rare and their use is discouraged).
6381: The options ending in
6382: .Qq space
6383: additionally place a space after the separator to make it more readable.
6384: .Cm sep_multiline
6385: uses a linefeed character for the RDN separator and a spaced
6386: .Sq +
6387: for the AVA separator,
6388: as well as indenting the fields by four characters.
1.142 tb 6389: If no field separator is specified then
6390: .Cm sep_comma_plus_space
6391: is used by default.
1.80 jmc 6392: .It Cm show_type
1.84 jmc 6393: Show the type of the ASN.1 character string.
1.80 jmc 6394: The type precedes the field contents.
6395: For example
6396: .Qq BMPSTRING: Hello World .
6397: .It Cm space_eq
6398: Place spaces round the
6399: .Sq =
6400: character which follows the field name.
6401: .It Cm use_quote
6402: Escape some characters by surrounding the whole string with
6403: .Sq \&"
6404: characters.
6405: Without the option, all escaping is done with the
6406: .Sq \e
6407: character.
6408: .It Cm utf8
6409: Convert all strings to UTF8 format first, as required by RFC 2253.
6410: On a UTF8 compatible terminal,
6411: the use of this option (and not setting
6412: .Cm esc_msb )
6413: may result in the correct display of multibyte characters.
6414: Usually, multibyte characters larger than 0xff
6415: are represented using the format \eUXXXX for 16 bits and \eWXXXXXXXX
6416: for 32 bits,
6417: and any UTF8Strings are converted to their character form first.
6418: .El
1.107 inoguchi 6419: .It Fl next_serial
6420: Print the next serial number.
1.1 jsing 6421: .It Fl noout
1.80 jmc 6422: Do not output the encoded version of the request.
1.1 jsing 6423: .It Fl ocsp_uri
1.80 jmc 6424: Print the OCSP responder addresses, if any.
1.1 jsing 6425: .It Fl ocspid
6426: Print OCSP hash values for the subject name and public key.
6427: .It Fl pubkey
1.80 jmc 6428: Print the public key.
1.1 jsing 6429: .It Fl serial
1.80 jmc 6430: Print the certificate serial number.
1.107 inoguchi 6431: .It Fl sigopt Ar nm:v
6432: Pass options to the signature algorithm during sign or certify operations.
6433: The names and values of these options are algorithm-specific.
1.1 jsing 6434: .It Fl startdate
1.80 jmc 6435: Print the start date of the certificate; that is, the
6436: .Cm notBefore
1.1 jsing 6437: date.
6438: .It Fl subject
1.80 jmc 6439: Print the subject name.
1.1 jsing 6440: .It Fl subject_hash
1.80 jmc 6441: Print the hash of the certificate subject name.
1.1 jsing 6442: This is used in
1.80 jmc 6443: .Nm openssl
1.1 jsing 6444: to form an index to allow certificates in a directory to be looked up
6445: by subject name.
6446: .It Fl subject_hash_old
1.80 jmc 6447: Print the hash of the certificate subject name
6448: using the older algorithm as used by
6449: .Nm openssl
1.1 jsing 6450: versions before 1.0.0.
6451: .It Fl text
1.80 jmc 6452: Print the full certificate in text form.
1.1 jsing 6453: .El
6454: .Pp
1.80 jmc 6455: A trusted certificate is a certificate which has several
1.1 jsing 6456: additional pieces of information attached to it such as the permitted
1.80 jmc 6457: and prohibited uses of the certificate and an alias.
1.127 jmc 6458: When a certificate is being verified, at least one certificate must be trusted.
1.80 jmc 6459: By default, a trusted certificate must be stored locally and be a root CA.
6460: The following are x509 trust settings options:
1.1 jsing 6461: .Bl -tag -width "XXXX"
6462: .It Fl addreject Ar arg
1.80 jmc 6463: Add a prohibited use.
6464: Accepts the same values as the
1.1 jsing 6465: .Fl addtrust
6466: option.
6467: .It Fl addtrust Ar arg
1.80 jmc 6468: Add a trusted certificate use.
1.1 jsing 6469: Any object name can be used here, but currently only
1.80 jmc 6470: .Cm clientAuth
6471: (SSL client use),
6472: .Cm serverAuth
6473: (SSL server use),
6474: and
6475: .Cm emailProtection
6476: (S/MIME email) are used.
1.1 jsing 6477: .It Fl alias
1.80 jmc 6478: Output the certificate alias.
1.1 jsing 6479: .It Fl clrreject
1.80 jmc 6480: Clear all the prohibited or rejected uses of the certificate.
1.1 jsing 6481: .It Fl clrtrust
1.80 jmc 6482: Clear all the permitted or trusted uses of the certificate.
1.1 jsing 6483: .It Fl purpose
1.80 jmc 6484: Perform tests on the certificate extensions.
6485: The same code is used when verifying untrusted certificates in chains,
6486: so this section is useful if a chain is rejected by the verify code.
6487: .Pp
6488: The
6489: .Cm basicConstraints
6490: extension CA flag is used to determine whether the
6491: certificate can be used as a CA.
6492: If the CA flag is true, it is a CA;
6493: if the CA flag is false, it is not a CA.
6494: All CAs should have the CA flag set to true.
6495: .Pp
6496: If the
6497: .Cm basicConstraints
6498: extension is absent, then the certificate is
6499: considered to be a possible CA;
6500: other extensions are checked according to the intended use of the certificate.
6501: A warning is given in this case because the certificate should really not
6502: be regarded as a CA.
6503: However it is allowed to be a CA to work around some broken software.
6504: .Pp
6505: If the certificate is a V1 certificate
6506: (and thus has no extensions) and it is self-signed,
6507: it is also assumed to be a CA but a warning is again given.
6508: This is to work around the problem of Verisign roots
6509: which are V1 self-signed certificates.
6510: .Pp
6511: If the
6512: .Cm keyUsage
6513: extension is present, then additional restraints are
6514: made on the uses of the certificate.
6515: A CA certificate must have the
6516: .Cm keyCertSign
6517: bit set if the
6518: .Cm keyUsage
6519: extension is present.
6520: .Pp
6521: The extended key usage extension places additional restrictions on the
6522: certificate uses.
6523: If this extension is present, whether critical or not,
6524: the key can only be used for the purposes specified.
6525: .Pp
6526: A complete description of each test is given below.
6527: The comments about
6528: .Cm basicConstraints
6529: and
6530: .Cm keyUsage
6531: and V1 certificates above apply to all CA certificates.
6532: .Bl -tag -width "XXXX"
6533: .It SSL Client
6534: The extended key usage extension must be absent or include the
6535: web client authentication OID.
6536: .Cm keyUsage
6537: must be absent or it must have the
6538: .Cm digitalSignature
6539: bit set.
6540: The Netscape certificate type must be absent
6541: or it must have the SSL client bit set.
6542: .It SSL Client CA
6543: The extended key usage extension must be absent or include the
6544: web client authentication OID.
6545: The Netscape certificate type must be absent
6546: or it must have the SSL CA bit set:
6547: this is used as a workaround if the
6548: .Cm basicConstraints
6549: extension is absent.
6550: .It SSL Server
6551: The extended key usage extension must be absent or include the
6552: web server authentication and/or one of the SGC OIDs.
6553: .Cm keyUsage
6554: must be absent or it must have the
6555: .Cm digitalSignature
6556: set, the
6557: .Cm keyEncipherment
6558: set, or both bits set.
6559: The Netscape certificate type must be absent or have the SSL server bit set.
6560: .It SSL Server CA
6561: The extended key usage extension must be absent or include the
6562: web server authentication and/or one of the SGC OIDs.
6563: The Netscape certificate type must be absent or the SSL CA bit must be set:
6564: this is used as a workaround if the
6565: .Cm basicConstraints
6566: extension is absent.
6567: .It Netscape SSL Server
6568: For Netscape SSL clients to connect to an SSL server; it must have the
6569: .Cm keyEncipherment
6570: bit set if the
6571: .Cm keyUsage
6572: extension is present.
6573: This isn't always valid because some cipher suites use the key for
6574: digital signing.
6575: Otherwise it is the same as a normal SSL server.
6576: .It Common S/MIME Client Tests
6577: The extended key usage extension must be absent or include the
6578: email protection OID.
6579: The Netscape certificate type must be absent or should have the S/MIME bit set.
6580: If the S/MIME bit is not set in Netscape certificate type, then the SSL
6581: client bit is tolerated as an alternative but a warning is shown:
6582: this is because some Verisign certificates don't set the S/MIME bit.
6583: .It S/MIME Signing
6584: In addition to the common S/MIME client tests, the
6585: .Cm digitalSignature
6586: bit must be set if the
6587: .Cm keyUsage
6588: extension is present.
6589: .It S/MIME Encryption
6590: In addition to the common S/MIME tests, the
6591: .Cm keyEncipherment
6592: bit must be set if the
6593: .Cm keyUsage
6594: extension is present.
6595: .It S/MIME CA
6596: The extended key usage extension must be absent or include the
6597: email protection OID.
6598: The Netscape certificate type must be absent
6599: or must have the S/MIME CA bit set:
6600: this is used as a workaround if the
6601: .Cm basicConstraints
6602: extension is absent.
6603: .It CRL Signing
6604: The
6605: .Cm keyUsage
6606: extension must be absent or it must have the CRL signing bit set.
6607: .It CRL Signing CA
6608: The normal CA tests apply, except the
6609: .Cm basicConstraints
6610: extension must be present.
6611: .El
1.1 jsing 6612: .It Fl setalias Ar arg
1.80 jmc 6613: Set the alias of the certificate,
6614: allowing the certificate to be referred to using a nickname,
6615: such as
1.1 jsing 6616: .Qq Steve's Certificate .
6617: .It Fl trustout
1.80 jmc 6618: Output a trusted certificate
6619: (the default if any trust settings are modified).
1.1 jsing 6620: An ordinary or trusted certificate can be input, but by default an ordinary
6621: certificate is output and any trust settings are discarded.
6622: .El
1.80 jmc 6623: .Pp
1.1 jsing 6624: The
6625: .Nm x509
1.80 jmc 6626: utility can be used to sign certificates and requests:
6627: it can thus behave like a mini CA.
6628: The following are x509 signing options:
1.1 jsing 6629: .Bl -tag -width "XXXX"
6630: .It Fl CA Ar file
1.80 jmc 6631: The CA certificate to be used for signing.
1.1 jsing 6632: When this option is present,
6633: .Nm x509
1.80 jmc 6634: behaves like a mini CA.
1.1 jsing 6635: The input file is signed by the CA using this option;
6636: that is, its issuer name is set to the subject name of the CA and it is
6637: digitally signed using the CA's private key.
6638: .Pp
6639: This option is normally combined with the
6640: .Fl req
6641: option.
6642: Without the
6643: .Fl req
6644: option, the input is a certificate which must be self-signed.
6645: .It Fl CAcreateserial
1.80 jmc 6646: Create the CA serial number file if it does not exist
6647: instead of generating an error.
6648: The file will contain the serial number
1.1 jsing 6649: .Sq 02
6650: and the certificate being signed will have
6651: .Sq 1
6652: as its serial number.
1.80 jmc 6653: .It Fl CAform Cm der | pem
1.1 jsing 6654: The format of the CA certificate file.
6655: The default is
1.80 jmc 6656: .Cm pem .
1.1 jsing 6657: .It Fl CAkey Ar file
1.80 jmc 6658: Set the CA private key to sign a certificate with.
6659: Otherwise it is assumed that the CA private key is present
6660: in the CA certificate file.
6661: .It Fl CAkeyform Cm der | pem
1.1 jsing 6662: The format of the CA private key.
6663: The default is
1.80 jmc 6664: .Cm pem .
1.1 jsing 6665: .It Fl CAserial Ar file
1.80 jmc 6666: Use the serial number in
6667: .Ar file
6668: to sign a certificate.
6669: The file should consist of one line containing an even number of hex digits
1.1 jsing 6670: with the serial number to use.
6671: After each use the serial number is incremented and written out
6672: to the file again.
6673: .Pp
6674: The default filename consists of the CA certificate file base name with
6675: .Pa .srl
6676: appended.
6677: For example, if the CA certificate file is called
6678: .Pa mycacert.pem ,
6679: it expects to find a serial number file called
6680: .Pa mycacert.srl .
6681: .It Fl checkend Ar arg
6682: Check whether the certificate expires in the next
6683: .Ar arg
6684: seconds.
6685: If so, exit with return value 1;
6686: otherwise exit with return value 0.
6687: .It Fl clrext
6688: Delete any extensions from a certificate.
6689: This option is used when a certificate is being created from another
6690: certificate (for example with the
6691: .Fl signkey
6692: or the
6693: .Fl CA
6694: options).
6695: Normally, all extensions are retained.
6696: .It Fl days Ar arg
1.80 jmc 6697: The number of days to make a certificate valid for.
1.1 jsing 6698: The default is 30 days.
6699: .It Fl extensions Ar section
6700: The section to add certificate extensions from.
6701: If this option is not specified, the extensions should either be
1.80 jmc 6702: contained in the unnamed (default) section
6703: or the default section should contain a variable called
1.1 jsing 6704: .Qq extensions
6705: which contains the section to use.
6706: .It Fl extfile Ar file
6707: File containing certificate extensions to use.
6708: If not specified, no extensions are added to the certificate.
1.154 job 6709: .It Fl force_pubkey Ar key
6710: Set the public key of the certificate to the public key contained in
6711: .Ar key .
1.80 jmc 6712: .It Fl keyform Cm der | pem
1.154 job 6713: The format of the key file used in the
6714: .Fl force_pubkey
6715: and
1.1 jsing 6716: .Fl signkey
1.154 job 6717: options.
1.155 ! job 6718: .It Fl new
! 6719: Generate a new certificate using the subject given by
! 6720: .Fl set_subject
! 6721: and signed by
! 6722: .Fl signkey .
! 6723: If no public key is provided with
! 6724: .Fl force_pubkey ,
! 6725: the resulting certificate is self-signed.
! 6726: This option cannot be used with
! 6727: .Fl in
! 6728: or
! 6729: .Fl req .
1.1 jsing 6730: .It Fl req
1.80 jmc 6731: Expect a certificate request on input instead of a certificate.
1.155 ! job 6732: This option cannot be used with
! 6733: .Fl new .
1.154 job 6734: .It Fl set_issuer Ar name
6735: The issuer name to use.
6736: .Ar name
6737: must be formatted as /type0=value0/type1=value1/type2=...;
6738: characters may be escaped by
6739: .Sq \e
6740: (backslash);
6741: no spaces are skipped.
1.1 jsing 6742: .It Fl set_serial Ar n
1.80 jmc 6743: The serial number to use.
1.1 jsing 6744: This option can be used with either the
6745: .Fl signkey
6746: or
6747: .Fl CA
6748: options.
6749: If used in conjunction with the
6750: .Fl CA
6751: option, the serial number file (as specified by the
6752: .Fl CAserial
6753: or
6754: .Fl CAcreateserial
6755: options) is not used.
6756: .Pp
6757: The serial number can be decimal or hex (if preceded by
6758: .Sq 0x ) .
6759: Negative serial numbers can also be specified but their use is not recommended.
1.154 job 6760: .It Fl set_subject Ar name
6761: The subject name to use.
6762: .Ar name
6763: must be formatted as /type0=value0/type1=value1/type2=...;
6764: characters may be escaped by
6765: .Sq \e
6766: (backslash);
6767: no spaces are skipped.
1.1 jsing 6768: .It Fl signkey Ar file
1.80 jmc 6769: Self-sign
6770: .Ar file
6771: using the supplied private key.
1.1 jsing 6772: .Pp
6773: If the input file is a certificate, it sets the issuer name to the
1.80 jmc 6774: subject name (i.e. makes it self-signed),
1.1 jsing 6775: changes the public key to the supplied value,
6776: and changes the start and end dates.
6777: The start date is set to the current time and the end date is set to
6778: a value determined by the
6779: .Fl days
6780: option.
6781: Any certificate extensions are retained unless the
6782: .Fl clrext
6783: option is supplied.
6784: .Pp
6785: If the input is a certificate request, a self-signed certificate
6786: is created using the supplied private key using the subject name in
6787: the request.
1.154 job 6788: .It Fl utf8
6789: Interpret field values read from a terminal or obtained from a configuration
6790: file as UTF-8 strings.
6791: By default, they are interpreted as ASCII.
1.1 jsing 6792: .It Fl x509toreq
1.80 jmc 6793: Convert a certificate into a certificate request.
1.1 jsing 6794: The
6795: .Fl signkey
6796: option is used to pass the required private key.
6797: .El
1.38 jmc 6798: .Sh COMMON NOTATION
6799: Several commands share a common syntax,
6800: as detailed below.
6801: .Pp
6802: Password arguments, typically specified using
1.33 jmc 6803: .Fl passin
6804: and
6805: .Fl passout
1.38 jmc 6806: for input and output passwords,
6807: allow passwords to be obtained from a variety of sources.
6808: Both of these options take a single argument, described below.
1.33 jmc 6809: If no password argument is given and a password is required,
6810: then the user is prompted to enter one:
6811: this will typically be read from the current terminal with echoing turned off.
1.38 jmc 6812: .Bl -tag -width "pass:password" -offset indent
6813: .It Cm pass : Ns Ar password
1.33 jmc 6814: The actual password is
6815: .Ar password .
1.38 jmc 6816: Since the password is visible to utilities,
1.33 jmc 6817: this form should only be used where security is not important.
1.38 jmc 6818: .It Cm env : Ns Ar var
1.33 jmc 6819: Obtain the password from the environment variable
6820: .Ar var .
1.38 jmc 6821: Since the environment of other processes is visible,
6822: this option should be used with caution.
6823: .It Cm file : Ns Ar path
1.33 jmc 6824: The first line of
6825: .Ar path
6826: is the password.
6827: If the same
6828: .Ar path
6829: argument is supplied to
6830: .Fl passin
6831: and
6832: .Fl passout ,
6833: then the first line will be used for the input password and the next line
6834: for the output password.
6835: .Ar path
6836: need not refer to a regular file:
6837: it could, for example, refer to a device or named pipe.
1.38 jmc 6838: .It Cm fd : Ns Ar number
1.33 jmc 6839: Read the password from the file descriptor
6840: .Ar number .
1.38 jmc 6841: This can be used to send the data via a pipe, for example.
6842: .It Cm stdin
1.33 jmc 6843: Read the password from standard input.
1.35 jmc 6844: .El
1.38 jmc 6845: .Pp
1.64 jmc 6846: Input/output formats,
1.38 jmc 6847: typically specified using
6848: .Fl inform
6849: and
6850: .Fl outform ,
1.64 jmc 6851: indicate the format being read from or written to.
1.38 jmc 6852: The argument is case insensitive.
6853: .Pp
6854: .Bl -tag -width Ds -offset indent -compact
6855: .It Cm der
6856: Distinguished Encoding Rules (DER)
6857: is a binary format.
1.64 jmc 6858: .It Cm net
6859: Insecure legacy format.
1.38 jmc 6860: .It Cm pem
6861: Privacy Enhanced Mail (PEM)
6862: is base64-encoded.
1.108 inoguchi 6863: .It Cm pvk
6864: Private Key format.
1.70 jmc 6865: .It Cm smime
6866: An SMIME format message.
1.38 jmc 6867: .It Cm txt
6868: Plain ASCII text.
6869: .El
1.35 jmc 6870: .Sh ENVIRONMENT
6871: The following environment variables affect the execution of
6872: .Nm openssl :
1.38 jmc 6873: .Bl -tag -width "/etc/ssl/openssl.cnf"
1.35 jmc 6874: .It Ev OPENSSL_CONF
6875: The location of the master configuration file.
1.33 jmc 6876: .El
1.1 jsing 6877: .Sh FILES
6878: .Bl -tag -width "/etc/ssl/openssl.cnf" -compact
1.17 sobrado 6879: .It Pa /etc/ssl/
1.1 jsing 6880: Default config directory for
6881: .Nm openssl .
1.17 sobrado 6882: .It Pa /etc/ssl/lib/
1.1 jsing 6883: Unused.
1.17 sobrado 6884: .It Pa /etc/ssl/private/
1.1 jsing 6885: Default private key directory.
1.17 sobrado 6886: .It Pa /etc/ssl/openssl.cnf
1.1 jsing 6887: Default configuration file for
6888: .Nm openssl .
1.17 sobrado 6889: .It Pa /etc/ssl/x509v3.cnf
1.1 jsing 6890: Default configuration file for
6891: .Nm x509
6892: certificates.
6893: .El
6894: .Sh SEE ALSO
1.74 jmc 6895: .Xr acme-client 1 ,
1.26 jmc 6896: .Xr nc 1 ,
1.90 schwarze 6897: .Xr openssl.cnf 5 ,
6898: .Xr x509v3.cnf 5 ,
1.1 jsing 6899: .Xr ssl 8 ,
6900: .Xr starttls 8
6901: .Sh STANDARDS
6902: .Rs
6903: .%A T. Dierks
6904: .%A C. Allen
6905: .%D January 1999
6906: .%R RFC 2246
6907: .%T The TLS Protocol Version 1.0
6908: .Re
6909: .Pp
6910: .Rs
6911: .%A M. Wahl
6912: .%A S. Killie
6913: .%A T. Howes
6914: .%D December 1997
6915: .%R RFC 2253
6916: .%T Lightweight Directory Access Protocol (v3): UTF-8 String Representation of Distinguished Names
6917: .Re
6918: .Pp
6919: .Rs
6920: .%A B. Kaliski
6921: .%D March 1998
6922: .%R RFC 2315
6923: .%T PKCS #7: Cryptographic Message Syntax Version 1.5
6924: .Re
6925: .Pp
6926: .Rs
6927: .%A R. Housley
6928: .%A W. Ford
6929: .%A W. Polk
6930: .%A D. Solo
6931: .%D January 1999
6932: .%R RFC 2459
6933: .%T Internet X.509 Public Key Infrastructure Certificate and CRL Profile
6934: .Re
6935: .Pp
6936: .Rs
6937: .%A M. Myers
6938: .%A R. Ankney
6939: .%A A. Malpani
6940: .%A S. Galperin
6941: .%A C. Adams
6942: .%D June 1999
6943: .%R RFC 2560
6944: .%T X.509 Internet Public Key Infrastructure Online Certificate Status Protocol \(en OCSP
6945: .Re
6946: .Pp
6947: .Rs
6948: .%A R. Housley
6949: .%D June 1999
6950: .%R RFC 2630
6951: .%T Cryptographic Message Syntax
6952: .Re
6953: .Pp
6954: .Rs
6955: .%A P. Chown
6956: .%D June 2002
6957: .%R RFC 3268
1.24 jmc 6958: .%T Advanced Encryption Standard (AES) Ciphersuites for Transport Layer Security (TLS)
1.1 jsing 6959: .Re