Annotation of src/usr.bin/openssl/openssl.1, Revision 1.80
1.80 ! jmc 1: .\" $OpenBSD: openssl.1,v 1.79 2016/09/20 16:45:38 jmc Exp $
1.1 jsing 2: .\" ====================================================================
3: .\" Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
4: .\"
5: .\" Redistribution and use in source and binary forms, with or without
6: .\" modification, are permitted provided that the following conditions
7: .\" are met:
8: .\"
9: .\" 1. Redistributions of source code must retain the above copyright
10: .\" notice, this list of conditions and the following disclaimer.
11: .\"
12: .\" 2. Redistributions in binary form must reproduce the above copyright
13: .\" notice, this list of conditions and the following disclaimer in
14: .\" the documentation and/or other materials provided with the
15: .\" distribution.
16: .\"
17: .\" 3. All advertising materials mentioning features or use of this
18: .\" software must display the following acknowledgment:
19: .\" "This product includes software developed by the OpenSSL Project
20: .\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
21: .\"
22: .\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
23: .\" endorse or promote products derived from this software without
24: .\" prior written permission. For written permission, please contact
25: .\" openssl-core@openssl.org.
26: .\"
27: .\" 5. Products derived from this software may not be called "OpenSSL"
28: .\" nor may "OpenSSL" appear in their names without prior written
29: .\" permission of the OpenSSL Project.
30: .\"
31: .\" 6. Redistributions of any form whatsoever must retain the following
32: .\" acknowledgment:
33: .\" "This product includes software developed by the OpenSSL Project
34: .\" for use in the OpenSSL Toolkit (http://www.openssl.org/)"
35: .\"
36: .\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
37: .\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
38: .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
39: .\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
40: .\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
41: .\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
42: .\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
43: .\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
44: .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
45: .\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
46: .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
47: .\" OF THE POSSIBILITY OF SUCH DAMAGE.
48: .\" ====================================================================
49: .\"
50: .\" This product includes cryptographic software written by Eric Young
51: .\" (eay@cryptsoft.com). This product includes software written by Tim
52: .\" Hudson (tjh@cryptsoft.com).
53: .\"
54: .\"
55: .\" Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
56: .\" All rights reserved.
57: .\"
58: .\" This package is an SSL implementation written
59: .\" by Eric Young (eay@cryptsoft.com).
60: .\" The implementation was written so as to conform with Netscapes SSL.
61: .\"
62: .\" This library is free for commercial and non-commercial use as long as
63: .\" the following conditions are aheared to. The following conditions
64: .\" apply to all code found in this distribution, be it the RC4, RSA,
65: .\" lhash, DES, etc., code; not just the SSL code. The SSL documentation
66: .\" included with this distribution is covered by the same copyright terms
67: .\" except that the holder is Tim Hudson (tjh@cryptsoft.com).
68: .\"
69: .\" Copyright remains Eric Young's, and as such any Copyright notices in
70: .\" the code are not to be removed.
71: .\" If this package is used in a product, Eric Young should be given attribution
72: .\" as the author of the parts of the library used.
73: .\" This can be in the form of a textual message at program startup or
74: .\" in documentation (online or textual) provided with the package.
75: .\"
76: .\" Redistribution and use in source and binary forms, with or without
77: .\" modification, are permitted provided that the following conditions
78: .\" are met:
79: .\" 1. Redistributions of source code must retain the copyright
80: .\" notice, this list of conditions and the following disclaimer.
81: .\" 2. Redistributions in binary form must reproduce the above copyright
82: .\" notice, this list of conditions and the following disclaimer in the
83: .\" documentation and/or other materials provided with the distribution.
84: .\" 3. All advertising materials mentioning features or use of this software
85: .\" must display the following acknowledgement:
86: .\" "This product includes cryptographic software written by
87: .\" Eric Young (eay@cryptsoft.com)"
88: .\" The word 'cryptographic' can be left out if the rouines from the library
89: .\" being used are not cryptographic related :-).
90: .\" 4. If you include any Windows specific code (or a derivative thereof) from
91: .\" the apps directory (application code) you must include an
92: .\" acknowledgement:
93: .\" "This product includes software written by Tim Hudson
94: .\" (tjh@cryptsoft.com)"
95: .\"
96: .\" THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
97: .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
98: .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
99: .\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
100: .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
101: .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
102: .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
103: .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
104: .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
105: .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
106: .\" SUCH DAMAGE.
107: .\"
108: .\" The licence and distribution terms for any publically available version or
109: .\" derivative of this code cannot be changed. i.e. this code cannot simply be
110: .\" copied and put under another distribution licence
111: .\" [including the GNU Public Licence.]
112: .\"
113: .\" OPENSSL
114: .\"
1.79 jmc 115: .Dd $Mdocdate: September 20 2016 $
1.1 jsing 116: .Dt OPENSSL 1
117: .Os
118: .Sh NAME
119: .Nm openssl
120: .Nd OpenSSL command line tool
121: .Sh SYNOPSIS
122: .Nm
123: .Cm command
124: .Op Ar command_opts
125: .Op Ar command_args
126: .Pp
127: .Nm
1.13 bentley 128: .Cm list-standard-commands |
129: .Cm list-message-digest-commands |
130: .Cm list-cipher-commands |
131: .Cm list-cipher-algorithms |
132: .Cm list-message-digest-algorithms |
1.1 jsing 133: .Cm list-public-key-algorithms
134: .Pp
135: .Nm
1.39 jmc 136: .Cm no- Ns Ar command
1.1 jsing 137: .Sh DESCRIPTION
138: .Nm OpenSSL
1.31 jmc 139: is a cryptography toolkit implementing the
140: Transport Layer Security
1.1 jsing 141: .Pq TLS v1
1.31 jmc 142: network protocol,
143: as well as related cryptography standards.
1.1 jsing 144: .Pp
145: The
146: .Nm
147: program is a command line tool for using the various
148: cryptography functions of
1.39 jmc 149: .Nm openssl Ns 's
1.33 jmc 150: crypto library from the shell.
1.1 jsing 151: .Pp
152: The pseudo-commands
153: .Cm list-standard-commands , list-message-digest-commands ,
154: and
155: .Cm list-cipher-commands
156: output a list
157: .Pq one entry per line
158: of the names of all standard commands, message digest commands,
159: or cipher commands, respectively, that are available in the present
160: .Nm
161: utility.
162: .Pp
163: The pseudo-commands
164: .Cm list-cipher-algorithms
165: and
166: .Cm list-message-digest-algorithms
167: list all cipher and message digest names,
168: one entry per line.
169: Aliases are listed as:
170: .Pp
1.33 jmc 171: .D1 from => to
1.1 jsing 172: .Pp
173: The pseudo-command
174: .Cm list-public-key-algorithms
175: lists all supported public key algorithms.
176: .Pp
177: The pseudo-command
1.39 jmc 178: .Cm no- Ns Ar command
1.1 jsing 179: tests whether a command of the
180: specified name is available.
1.39 jmc 181: If
182: .Ar command
183: does not exist,
1.1 jsing 184: it returns 0
185: and prints
1.39 jmc 186: .Cm no- Ns Ar command ;
1.1 jsing 187: otherwise it returns 1 and prints
1.39 jmc 188: .Ar command .
189: In both cases, the output goes to stdout and nothing is printed to stderr.
1.1 jsing 190: Additional command line arguments are always ignored.
191: Since for each cipher there is a command of the same name,
192: this provides an easy way for shell scripts to test for the
193: availability of ciphers in the
194: .Nm
195: program.
196: .Pp
197: .Sy Note :
1.39 jmc 198: .Cm no- Ns Ar command
1.1 jsing 199: is not able to detect pseudo-commands such as
200: .Cm quit ,
201: .Cm list- Ns Ar ... Ns Cm -commands ,
202: or
1.39 jmc 203: .Cm no- Ns Ar command
1.1 jsing 204: itself.
205: .Sh ASN1PARSE
206: .nr nS 1
207: .Nm "openssl asn1parse"
208: .Op Fl i
209: .Op Fl dlimit Ar number
210: .Op Fl dump
211: .Op Fl genconf Ar file
212: .Op Fl genstr Ar str
213: .Op Fl in Ar file
1.34 jmc 214: .Op Fl inform Cm der | pem | txt
1.1 jsing 215: .Op Fl length Ar number
216: .Op Fl noout
217: .Op Fl offset Ar number
218: .Op Fl oid Ar file
219: .Op Fl out Ar file
220: .Op Fl strparse Ar offset
221: .nr nS 0
222: .Pp
223: The
224: .Nm asn1parse
225: command is a diagnostic utility that can parse ASN.1 structures.
226: It can also be used to extract data from ASN.1 formatted data.
227: .Pp
228: The options are as follows:
229: .Bl -tag -width Ds
230: .It Fl dlimit Ar number
231: Dump the first
232: .Ar number
233: bytes of unknown data in hex form.
234: .It Fl dump
235: Dump unknown data in hex form.
236: .It Fl genconf Ar file , Fl genstr Ar str
237: Generate encoded data based on string
238: .Ar str ,
239: file
240: .Ar file ,
1.34 jmc 241: or both, using the format described in
242: .Xr ASN1_generate_nconf 3 .
1.1 jsing 243: If only
244: .Ar file
245: is present then the string is obtained from the default section
246: using the name
247: .Dq asn1 .
248: The encoded data is passed through the ASN1 parser and printed out as
249: though it came from a file;
250: the contents can thus be examined and written to a file using the
251: .Fl out
252: option.
253: .It Fl i
1.34 jmc 254: Indent the output according to the
1.1 jsing 255: .Qq depth
256: of the structures.
257: .It Fl in Ar file
1.41 jmc 258: The input file to read from, or standard input if not specified.
1.34 jmc 259: .It Fl inform Cm der | pem | txt
1.1 jsing 260: The input format.
261: .It Fl length Ar number
1.34 jmc 262: Number of bytes to parse; the default is until end of file.
1.1 jsing 263: .It Fl noout
1.46 jmc 264: Do not output the parsed version of the input file.
1.1 jsing 265: .It Fl offset Ar number
1.34 jmc 266: Starting offset to begin parsing; the default is start of file.
1.1 jsing 267: .It Fl oid Ar file
268: A file containing additional object identifiers
269: .Pq OIDs .
270: If an OID
271: .Pq object identifier
272: is not part of
1.34 jmc 273: .Nm openssl Ns 's
1.1 jsing 274: internal table it will be represented in
275: numerical form
276: .Pq for example 1.2.3.4 .
1.34 jmc 277: .Pp
1.1 jsing 278: Each line consists of three columns:
279: the first column is the OID in numerical format and should be followed by
280: whitespace.
281: The second column is the
1.34 jmc 282: .Qq short name ,
1.1 jsing 283: which is a single word followed by whitespace.
284: The final column is the rest of the line and is the
285: .Qq long name .
286: .Nm asn1parse
287: displays the long name.
1.34 jmc 288: .It Fl out Ar file
289: The DER-encoded output file; the default is no encoded output
290: (useful when combined with
291: .Fl strparse ) .
292: .It Fl strparse Ar offset
293: Parse the content octets of the ASN.1 object starting at
294: .Ar offset .
295: This option can be used multiple times to
296: .Qq drill down
297: into a nested structure.
298: .El
1.1 jsing 299: .Sh CA
300: .nr nS 1
301: .Nm "openssl ca"
302: .Op Fl batch
303: .Op Fl cert Ar file
304: .Op Fl config Ar file
305: .Op Fl crl_CA_compromise Ar time
306: .Op Fl crl_compromise Ar time
307: .Op Fl crl_hold Ar instruction
308: .Op Fl crl_reason Ar reason
309: .Op Fl crldays Ar days
310: .Op Fl crlexts Ar section
311: .Op Fl crlhours Ar hours
312: .Op Fl days Ar arg
313: .Op Fl enddate Ar date
314: .Op Fl extensions Ar section
315: .Op Fl extfile Ar section
316: .Op Fl gencrl
317: .Op Fl in Ar file
318: .Op Fl infiles
319: .Op Fl key Ar keyfile
320: .Op Fl keyfile Ar arg
1.22 bcook 321: .Op Fl keyform Ar PEM
1.1 jsing 322: .Op Fl md Ar arg
323: .Op Fl msie_hack
324: .Op Fl name Ar section
325: .Op Fl noemailDN
326: .Op Fl notext
327: .Op Fl out Ar file
328: .Op Fl outdir Ar dir
329: .Op Fl passin Ar arg
330: .Op Fl policy Ar arg
331: .Op Fl preserveDN
332: .Op Fl revoke Ar file
333: .Op Fl spkac Ar file
334: .Op Fl ss_cert Ar file
335: .Op Fl startdate Ar date
336: .Op Fl status Ar serial
337: .Op Fl subj Ar arg
338: .Op Fl updatedb
339: .Op Fl verbose
340: .nr nS 0
341: .Pp
342: The
343: .Nm ca
1.35 jmc 344: command is a minimal certificate authority (CA) application.
1.1 jsing 345: It can be used to sign certificate requests in a variety of forms
1.35 jmc 346: and generate certificate revocation lists (CRLs).
1.1 jsing 347: It also maintains a text database of issued certificates and their status.
348: .Pp
1.35 jmc 349: The options relevant to CAs are as follows:
1.1 jsing 350: .Bl -tag -width "XXXX"
351: .It Fl batch
1.41 jmc 352: Batch mode.
1.1 jsing 353: In this mode no questions will be asked
354: and all certificates will be certified automatically.
355: .It Fl cert Ar file
356: The CA certificate file.
357: .It Fl config Ar file
1.72 jmc 358: Specify an alternative configuration file.
1.1 jsing 359: .It Fl days Ar arg
360: The number of days to certify the certificate for.
361: .It Fl enddate Ar date
1.41 jmc 362: Set the expiry date.
1.1 jsing 363: The format of the date is YYMMDDHHMMSSZ
364: .Pq the same as an ASN1 UTCTime structure .
365: .It Fl extensions Ar section
366: The section of the configuration file containing certificate extensions
367: to be added when a certificate is issued (defaults to
1.35 jmc 368: .Cm x509_extensions
1.1 jsing 369: unless the
370: .Fl extfile
371: option is used).
372: If no extension section is present, a V1 certificate is created.
373: If the extension section is present
374: .Pq even if it is empty ,
375: then a V3 certificate is created.
376: .It Fl extfile Ar file
377: An additional configuration
378: .Ar file
379: to read certificate extensions from
380: (using the default section unless the
381: .Fl extensions
382: option is also used).
383: .It Fl in Ar file
384: An input
385: .Ar file
386: containing a single certificate request to be signed by the CA.
387: .It Fl infiles
388: If present, this should be the last option; all subsequent arguments
389: are assumed to be the names of files containing certificate requests.
390: .It Fl key Ar keyfile
391: The password used to encrypt the private key.
1.35 jmc 392: Since on some systems the command line arguments are visible,
393: this option should be used with caution.
1.1 jsing 394: .It Fl keyfile Ar file
395: The private key to sign requests with.
1.22 bcook 396: .It Fl keyform Ar PEM
1.1 jsing 397: Private key file format.
398: .It Fl md Ar alg
399: The message digest to use.
400: Possible values include
401: .Ar md5
402: and
403: .Ar sha1 .
404: This option also applies to CRLs.
405: .It Fl msie_hack
406: This is a legacy option to make
407: .Nm ca
408: work with very old versions of the IE certificate enrollment control
409: .Qq certenr3 .
410: It used UniversalStrings for almost everything.
411: Since the old control has various security bugs,
412: its use is strongly discouraged.
413: The newer control
414: .Qq Xenroll
415: does not need this option.
416: .It Fl name Ar section
417: Specifies the configuration file
418: .Ar section
419: to use (overrides
420: .Cm default_ca
421: in the
422: .Cm ca
423: section).
424: .It Fl noemailDN
425: The DN of a certificate can contain the EMAIL field if present in the
1.30 mmcc 426: request DN, however it is good policy just having the email set into
1.1 jsing 427: the
1.35 jmc 428: .Cm altName
1.1 jsing 429: extension of the certificate.
430: When this option is set, the EMAIL field is removed from the certificate's
431: subject and set only in the, eventually present, extensions.
432: The
433: .Ar email_in_dn
434: keyword can be used in the configuration file to enable this behaviour.
435: .It Fl notext
436: Don't output the text form of a certificate to the output file.
437: .It Fl out Ar file
438: The output file to output certificates to.
439: The default is standard output.
440: The certificate details will also be printed out to this file.
441: .It Fl outdir Ar directory
442: The
443: .Ar directory
444: to output certificates to.
445: The certificate will be written to a file consisting of the
446: serial number in hex with
447: .Qq .pem
448: appended.
449: .It Fl passin Ar arg
450: The key password source.
451: .It Fl policy Ar arg
1.41 jmc 452: Define the CA
1.1 jsing 453: .Qq policy
454: to use.
1.35 jmc 455: The policy section in the configuration file
456: consists of a set of variables corresponding to certificate DN fields.
457: The values may be one of
458: .Qq match
459: (the value must match the same field in the CA certificate),
460: .Qq supplied
461: (the value must be present), or
462: .Qq optional
463: (the value may be present).
464: Any fields not mentioned in the policy section
465: are silently deleted, unless the
466: .Fl preserveDN
467: option is set,
468: but this can be regarded more of a quirk than intended behaviour.
1.1 jsing 469: .It Fl preserveDN
470: Normally, the DN order of a certificate is the same as the order of the
471: fields in the relevant policy section.
472: When this option is set, the order is the same as the request.
473: This is largely for compatibility with the older IE enrollment control
474: which would only accept certificates if their DNs matched the order of the
475: request.
476: This is not needed for Xenroll.
477: .It Fl spkac Ar file
478: A file containing a single Netscape signed public key and challenge,
479: and additional field values to be signed by the CA.
1.35 jmc 480: This will usually come from the
481: KEYGEN tag in an HTML form to create a new private key.
482: It is, however, possible to create SPKACs using the
483: .Nm spkac
484: utility.
485: .Pp
486: The file should contain the variable SPKAC set to the value of
487: the SPKAC and also the required DN components as name value pairs.
488: If it's necessary to include the same component twice,
489: then it can be preceded by a number and a
490: .Sq \&. .
1.1 jsing 491: .It Fl ss_cert Ar file
492: A single self-signed certificate to be signed by the CA.
493: .It Fl startdate Ar date
1.41 jmc 494: Set the start date.
1.1 jsing 495: The format of the date is YYMMDDHHMMSSZ
496: .Pq the same as an ASN1 UTCTime structure .
497: .It Fl status Ar serial
1.35 jmc 498: Show the status of the certificate with serial number
1.1 jsing 499: .Ar serial .
500: .It Fl updatedb
501: Update database for expired certificates.
502: .It Fl verbose
1.41 jmc 503: Print extra details about the operations being performed.
1.1 jsing 504: .El
1.35 jmc 505: .Pp
506: The options relevant to CRLs are as follows:
1.1 jsing 507: .Bl -tag -width "XXXX"
508: .It Fl crl_CA_compromise Ar time
509: This is the same as
510: .Fl crl_compromise ,
511: except the revocation reason is set to CACompromise.
512: .It Fl crl_compromise Ar time
1.41 jmc 513: Set the revocation reason to keyCompromise and the compromise time to
1.1 jsing 514: .Ar time .
515: .Ar time
516: should be in GeneralizedTime format, i.e. YYYYMMDDHHMMSSZ.
517: .It Fl crl_hold Ar instruction
1.41 jmc 518: Set the CRL revocation reason code to certificateHold and the hold
1.1 jsing 519: instruction to
520: .Ar instruction
521: which must be an OID.
522: Although any OID can be used, only holdInstructionNone
523: (the use of which is discouraged by RFC 2459), holdInstructionCallIssuer or
524: holdInstructionReject will normally be used.
525: .It Fl crl_reason Ar reason
526: Revocation reason, where
527: .Ar reason
528: is one of:
529: unspecified, keyCompromise, CACompromise, affiliationChanged, superseded,
530: cessationOfOperation, certificateHold or removeFromCRL.
531: The matching of
532: .Ar reason
533: is case insensitive.
534: Setting any revocation reason will make the CRL v2.
535: In practice, removeFromCRL is not particularly useful because it is only used
536: in delta CRLs which are not currently implemented.
537: .It Fl crldays Ar num
538: The number of days before the next CRL is due.
539: This is the days from now to place in the CRL
1.35 jmc 540: .Cm nextUpdate
1.1 jsing 541: field.
542: .It Fl crlexts Ar section
543: The
544: .Ar section
545: of the configuration file containing CRL extensions to include.
546: If no CRL extension section is present then a V1 CRL is created;
547: if the CRL extension section is present
548: .Pq even if it is empty
549: then a V2 CRL is created.
550: The CRL extensions specified are CRL extensions and
551: .Em not
552: CRL entry extensions.
553: It should be noted that some software
554: .Pq for example Netscape
555: can't handle V2 CRLs.
556: .It Fl crlhours Ar num
557: The number of hours before the next CRL is due.
558: .It Fl gencrl
1.41 jmc 559: Generate a CRL based on information in the index file.
1.1 jsing 560: .It Fl revoke Ar file
561: A
562: .Ar file
563: containing a certificate to revoke.
564: .It Fl subj Ar arg
565: Supersedes the subject name given in the request.
566: The
567: .Ar arg
568: must be formatted as
569: .Ar /type0=value0/type1=value1/type2=... ;
570: characters may be escaped by
571: .Sq \e
572: .Pq backslash ,
573: no spaces are skipped.
574: .El
575: .Pp
1.35 jmc 576: Many of the options can be set in the
577: .Cm ca
578: section of the configuration file
579: (or in the default section of the configuration file),
580: specified using
581: .Cm default_ca
582: or
583: .Fl name .
584: The options
585: .Cm preserve
586: and
587: .Cm msie_hack
588: are read directly from the
589: .Cm ca
590: section.
1.1 jsing 591: .Pp
592: Many of the configuration file options are identical to command line
593: options.
594: Where the option is present in the configuration file and the command line,
595: the command line value is used.
596: Where an option is described as mandatory, then it must be present in
597: the configuration file or the command line equivalent
598: .Pq if any
599: used.
600: .Bl -tag -width "XXXX"
1.35 jmc 601: .It Cm certificate
1.1 jsing 602: The same as
603: .Fl cert .
604: It gives the file containing the CA certificate.
605: Mandatory.
1.35 jmc 606: .It Cm copy_extensions
1.1 jsing 607: Determines how extensions in certificate requests should be handled.
608: If set to
1.35 jmc 609: .Cm none
1.1 jsing 610: or this option is not present, then extensions are
611: ignored and not copied to the certificate.
612: If set to
1.35 jmc 613: .Cm copy ,
1.1 jsing 614: then any extensions present in the request that are not already present
615: are copied to the certificate.
616: If set to
1.35 jmc 617: .Cm copyall ,
1.1 jsing 618: then all extensions in the request are copied to the certificate:
619: if the extension is already present in the certificate it is deleted first.
1.35 jmc 620: .Pp
621: The
622: .Cm copy_extensions
623: option should be used with caution.
624: If care is not taken, it can be a security risk.
625: For example, if a certificate request contains a
626: .Cm basicConstraints
627: extension with CA:TRUE and the
628: .Cm copy_extensions
629: value is set to
630: .Cm copyall
631: and the user does not spot
632: this when the certificate is displayed, then this will hand the requestor
633: a valid CA certificate.
634: .Pp
635: This situation can be avoided by setting
636: .Cm copy_extensions
637: to
638: .Cm copy
639: and including
640: .Cm basicConstraints
641: with CA:FALSE in the configuration file.
642: Then if the request contains a
643: .Cm basicConstraints
644: extension, it will be ignored.
1.1 jsing 645: .Pp
646: The main use of this option is to allow a certificate request to supply
647: values for certain extensions such as
1.35 jmc 648: .Cm subjectAltName .
649: .It Cm crl_extensions
1.1 jsing 650: The same as
651: .Fl crlexts .
1.35 jmc 652: .It Cm crlnumber
1.1 jsing 653: A text file containing the next CRL number to use in hex.
654: The CRL number will be inserted in the CRLs only if this file exists.
655: If this file is present, it must contain a valid CRL number.
1.35 jmc 656: .It Cm database
1.1 jsing 657: The text database file to use.
658: Mandatory.
659: This file must be present, though initially it will be empty.
1.35 jmc 660: .It Cm default_crl_hours , default_crl_days
1.1 jsing 661: The same as the
662: .Fl crlhours
663: and
664: .Fl crldays
665: options.
666: These will only be used if neither command line option is present.
667: At least one of these must be present to generate a CRL.
1.35 jmc 668: .It Cm default_days
1.1 jsing 669: The same as the
670: .Fl days
671: option.
672: The number of days to certify a certificate for.
1.35 jmc 673: .It Cm default_enddate
1.1 jsing 674: The same as the
675: .Fl enddate
676: option.
677: Either this option or
1.35 jmc 678: .Cm default_days
1.1 jsing 679: .Pq or the command line equivalents
680: must be present.
1.35 jmc 681: .It Cm default_md
1.1 jsing 682: The same as the
683: .Fl md
684: option.
685: The message digest to use.
686: Mandatory.
1.35 jmc 687: .It Cm default_startdate
1.1 jsing 688: The same as the
689: .Fl startdate
690: option.
691: The start date to certify a certificate for.
692: If not set, the current time is used.
1.35 jmc 693: .It Cm email_in_dn
1.1 jsing 694: The same as
695: .Fl noemailDN .
696: If the EMAIL field is to be removed from the DN of the certificate,
697: simply set this to
698: .Qq no .
699: If not present, the default is to allow for the EMAIL field in the
700: certificate's DN.
1.35 jmc 701: .It Cm msie_hack
1.1 jsing 702: The same as
703: .Fl msie_hack .
1.35 jmc 704: .It Cm name_opt , cert_opt
1.1 jsing 705: These options allow the format used to display the certificate details
706: when asking the user to confirm signing.
707: All the options supported by the
708: .Nm x509
709: utilities'
710: .Fl nameopt
711: and
712: .Fl certopt
713: switches can be used here, except that
1.35 jmc 714: .Cm no_signame
1.1 jsing 715: and
1.35 jmc 716: .Cm no_sigdump
1.1 jsing 717: are permanently set and cannot be disabled
718: (this is because the certificate signature cannot be displayed because
719: the certificate has not been signed at this point).
720: .Pp
721: For convenience, the value
1.35 jmc 722: .Cm ca_default
1.1 jsing 723: is accepted by both to produce a reasonable output.
724: .Pp
725: If neither option is present, the format used in earlier versions of
1.35 jmc 726: .Nm openssl
1.1 jsing 727: is used.
728: Use of the old format is
729: .Em strongly
730: discouraged because it only displays fields mentioned in the
1.35 jmc 731: .Cm policy
1.1 jsing 732: section,
733: mishandles multicharacter string types and does not display extensions.
1.35 jmc 734: .It Cm new_certs_dir
1.1 jsing 735: The same as the
736: .Fl outdir
737: command line option.
738: It specifies the directory where new certificates will be placed.
739: Mandatory.
1.35 jmc 740: .It Cm oid_file
1.1 jsing 741: This specifies a file containing additional object identifiers.
742: Each line of the file should consist of the numerical form of the
743: object identifier followed by whitespace, then the short name followed
744: by whitespace and finally the long name.
1.35 jmc 745: .It Cm oid_section
1.1 jsing 746: This specifies a section in the configuration file containing extra
747: object identifiers.
748: Each line should consist of the short name of the object identifier
749: followed by
750: .Sq =
751: and the numerical form.
752: The short and long names are the same when this option is used.
1.35 jmc 753: .It Cm policy
1.1 jsing 754: The same as
755: .Fl policy .
756: Mandatory.
1.35 jmc 757: .It Cm preserve
1.1 jsing 758: The same as
759: .Fl preserveDN .
1.35 jmc 760: .It Cm private_key
1.1 jsing 761: Same as the
762: .Fl keyfile
763: option.
764: The file containing the CA private key.
765: Mandatory.
1.35 jmc 766: .It Cm serial
1.1 jsing 767: A text file containing the next serial number to use in hex.
768: Mandatory.
769: This file must be present and contain a valid serial number.
1.35 jmc 770: .It Cm unique_subject
1.1 jsing 771: If the value
1.35 jmc 772: .Cm yes
1.1 jsing 773: is given, the valid certificate entries in the
774: database must have unique subjects.
775: If the value
1.35 jmc 776: .Cm no
1.1 jsing 777: is given,
778: several valid certificate entries may have the exact same subject.
779: The default value is
1.35 jmc 780: .Cm yes .
781: .It Cm x509_extensions
1.1 jsing 782: The same as
783: .Fl extensions .
784: .El
785: .Sh CIPHERS
786: .Nm openssl ciphers
787: .Op Fl hVv
1.18 jmc 788: .Op Fl tls1
1.1 jsing 789: .Op Ar cipherlist
790: .Pp
791: The
792: .Nm ciphers
793: command converts
1.36 jmc 794: .Nm openssl
1.1 jsing 795: cipher lists into ordered SSL cipher preference lists.
1.41 jmc 796: It can be used as a way to determine the appropriate cipher list.
1.1 jsing 797: .Pp
798: The options are as follows:
799: .Bl -tag -width Ds
800: .It Fl h , \&?
801: Print a brief usage message.
802: .It Fl tls1
803: Only include TLS v1 ciphers.
804: .It Fl V
1.36 jmc 805: Verbose.
806: List ciphers with a complete description of protocol version,
807: key exchange, authentication, encryption and mac algorithms,
808: any key size restrictions,
809: and cipher suite codes (hex format).
810: .It Fl v
1.1 jsing 811: Like
1.36 jmc 812: .Fl V ,
813: but without cipher suite codes.
1.1 jsing 814: .It Ar cipherlist
815: A cipher list to convert to a cipher preference list.
816: If it is not included, the default cipher list will be used.
1.36 jmc 817: .Pp
818: The cipher list consists of one or more cipher strings
1.1 jsing 819: separated by colons.
820: Commas or spaces are also acceptable separators, but colons are normally used.
821: .Pp
1.36 jmc 822: The actual cipher string can take several different forms:
1.1 jsing 823: .Pp
1.36 jmc 824: It can consist of a single cipher suite, such as RC4-SHA.
1.1 jsing 825: .Pp
826: It can represent a list of cipher suites containing a certain algorithm,
827: or cipher suites of a certain type.
1.36 jmc 828: For example SHA1 represents all cipher suites using the digest algorithm SHA1.
829: .Pp
830: Lists of cipher suites can be combined in a single cipher string using the
1.1 jsing 831: .Sq +
1.36 jmc 832: character
833: (logical AND operation).
834: For example, SHA1+DES represents all cipher suites
835: containing the SHA1 and DES algorithms.
1.1 jsing 836: .Pp
837: Each cipher string can be optionally preceded by the characters
838: .Sq \&! ,
839: .Sq - ,
840: or
841: .Sq + .
842: If
843: .Sq !\&
844: is used, then the ciphers are permanently deleted from the list.
845: The ciphers deleted can never reappear in the list even if they are
846: explicitly stated.
847: If
848: .Sq -
849: is used, then the ciphers are deleted from the list, but some or
850: all of the ciphers can be added again by later options.
851: If
852: .Sq +
853: is used, then the ciphers are moved to the end of the list.
854: This option doesn't add any new ciphers, it just moves matching existing ones.
855: .Pp
856: If none of these characters is present, the string is just interpreted
857: as a list of ciphers to be appended to the current preference list.
858: If the list includes any ciphers already present, they will be ignored;
859: that is, they will not be moved to the end of the list.
860: .Pp
861: Additionally, the cipher string
1.36 jmc 862: .Cm @STRENGTH
1.1 jsing 863: can be used at any point to sort the current cipher list in order of
864: encryption algorithm key length.
1.36 jmc 865: .El
866: .Pp
1.1 jsing 867: The following is a list of all permitted cipher strings and their meanings.
868: .Bl -tag -width "XXXX"
1.36 jmc 869: .It Cm DEFAULT
1.1 jsing 870: The default cipher list.
871: This is determined at compile time and is currently
1.36 jmc 872: .Cm ALL:!aNULL:!eNULL:!SSLv2 .
873: This must be the first cipher string specified.
874: .It Cm COMPLEMENTOFDEFAULT
1.1 jsing 875: The ciphers included in
1.36 jmc 876: .Cm ALL ,
1.1 jsing 877: but not enabled by default.
878: Currently this is
1.36 jmc 879: .Cm ADH .
1.1 jsing 880: Note that this rule does not cover
1.36 jmc 881: .Cm eNULL ,
1.1 jsing 882: which is not included by
1.36 jmc 883: .Cm ALL
1.1 jsing 884: (use
1.36 jmc 885: .Cm COMPLEMENTOFALL
1.1 jsing 886: if necessary).
1.36 jmc 887: .It Cm ALL
1.1 jsing 888: All cipher suites except the
1.36 jmc 889: .Cm eNULL
890: ciphers, which must be explicitly enabled.
891: .It Cm COMPLEMENTOFALL
1.1 jsing 892: The cipher suites not enabled by
1.36 jmc 893: .Cm ALL ,
1.1 jsing 894: currently being
1.36 jmc 895: .Cm eNULL .
896: .It Cm HIGH
1.1 jsing 897: .Qq High
898: encryption cipher suites.
899: This currently means those with key lengths larger than 128 bits.
1.36 jmc 900: .It Cm MEDIUM
1.1 jsing 901: .Qq Medium
902: encryption cipher suites, currently those using 128-bit encryption.
1.36 jmc 903: .It Cm LOW
1.1 jsing 904: .Qq Low
905: encryption cipher suites, currently those using 64- or 56-bit encryption
1.9 lteo 906: algorithms.
1.36 jmc 907: .It Cm eNULL , NULL
1.1 jsing 908: The
909: .Qq NULL
910: ciphers; that is, those offering no encryption.
911: Because these offer no encryption at all and are a security risk,
912: they are disabled unless explicitly included.
1.36 jmc 913: .It Cm aNULL
1.1 jsing 914: The cipher suites offering no authentication.
915: This is currently the anonymous DH algorithms.
916: These cipher suites are vulnerable to a
917: .Qq man in the middle
918: attack, so their use is normally discouraged.
1.36 jmc 919: .It Cm kRSA , RSA
1.1 jsing 920: Cipher suites using RSA key exchange.
1.36 jmc 921: .It Cm kEDH
1.1 jsing 922: Cipher suites using ephemeral DH key agreement.
1.36 jmc 923: .It Cm aRSA
1.1 jsing 924: Cipher suites using RSA authentication, i.e. the certificates carry RSA keys.
1.36 jmc 925: .It Cm aDSS , DSS
1.1 jsing 926: Cipher suites using DSS authentication, i.e. the certificates carry DSS keys.
1.36 jmc 927: .It Cm TLSv1
1.18 jmc 928: TLS v1.0 cipher suites.
1.36 jmc 929: .It Cm DH
1.1 jsing 930: Cipher suites using DH, including anonymous DH.
1.36 jmc 931: .It Cm ADH
1.1 jsing 932: Anonymous DH cipher suites.
1.36 jmc 933: .It Cm AES
1.1 jsing 934: Cipher suites using AES.
1.36 jmc 935: .It Cm 3DES
1.1 jsing 936: Cipher suites using triple DES.
1.36 jmc 937: .It Cm DES
1.1 jsing 938: Cipher suites using DES
939: .Pq not triple DES .
1.36 jmc 940: .It Cm RC4
1.1 jsing 941: Cipher suites using RC4.
1.36 jmc 942: .It Cm CAMELLIA
1.9 lteo 943: Cipher suites using Camellia.
1.36 jmc 944: .It Cm CHACHA20
1.9 lteo 945: Cipher suites using ChaCha20.
1.36 jmc 946: .It Cm IDEA
1.9 lteo 947: Cipher suites using IDEA.
1.36 jmc 948: .It Cm MD5
1.1 jsing 949: Cipher suites using MD5.
1.36 jmc 950: .It Cm SHA1 , SHA
1.1 jsing 951: Cipher suites using SHA1.
952: .El
953: .Sh CRL
954: .nr nS 1
955: .Nm "openssl crl"
956: .Op Fl CAfile Ar file
957: .Op Fl CApath Ar dir
958: .Op Fl fingerprint
959: .Op Fl hash
960: .Op Fl in Ar file
1.38 jmc 961: .Op Fl inform Cm der | pem
1.1 jsing 962: .Op Fl issuer
963: .Op Fl lastupdate
964: .Op Fl nextupdate
965: .Op Fl noout
966: .Op Fl out Ar file
1.38 jmc 967: .Op Fl outform Cm der | pem
1.1 jsing 968: .Op Fl text
969: .nr nS 0
970: .Pp
971: The
972: .Nm crl
973: command processes CRL files in DER or PEM format.
1.37 jmc 974: .Pp
1.1 jsing 975: The options are as follows:
976: .Bl -tag -width Ds
977: .It Fl CAfile Ar file
978: Verify the signature on a CRL by looking up the issuing certificate in
979: .Ar file .
980: .It Fl CApath Ar directory
981: Verify the signature on a CRL by looking up the issuing certificate in
982: .Ar dir .
983: This directory must be a standard certificate directory,
984: i.e. a hash of each subject name (using
985: .Cm x509 Fl hash )
986: should be linked to each certificate.
987: .It Fl fingerprint
988: Print the CRL fingerprint.
989: .It Fl hash
990: Output a hash of the issuer name.
991: This can be used to look up CRLs in a directory by issuer name.
992: .It Fl in Ar file
1.37 jmc 993: The input file to read from, or standard input if not specified.
1.38 jmc 994: .It Fl inform Cm der | pem
1.37 jmc 995: The input format.
1.1 jsing 996: .It Fl issuer
997: Output the issuer name.
998: .It Fl lastupdate
999: Output the
1.37 jmc 1000: .Cm lastUpdate
1.1 jsing 1001: field.
1002: .It Fl nextupdate
1003: Output the
1.37 jmc 1004: .Cm nextUpdate
1.1 jsing 1005: field.
1006: .It Fl noout
1.46 jmc 1007: Do not output the encoded version of the CRL.
1.1 jsing 1008: .It Fl out Ar file
1.37 jmc 1009: The output file to write to, or standard output if not specified.
1.38 jmc 1010: .It Fl outform Cm der | pem
1.37 jmc 1011: The output format.
1.1 jsing 1012: .It Fl text
1.64 jmc 1013: Print the CRL in plain text.
1.1 jsing 1014: .El
1015: .Sh CRL2PKCS7
1016: .nr nS 1
1017: .Nm "openssl crl2pkcs7"
1018: .Op Fl certfile Ar file
1019: .Op Fl in Ar file
1.40 jmc 1020: .Op Fl inform Cm der | pem
1.1 jsing 1021: .Op Fl nocrl
1022: .Op Fl out Ar file
1.40 jmc 1023: .Op Fl outform Cm der | pem
1.1 jsing 1024: .nr nS 0
1025: .Pp
1026: The
1027: .Nm crl2pkcs7
1028: command takes an optional CRL and one or more
1029: certificates and converts them into a PKCS#7 degenerate
1030: .Qq certificates only
1031: structure.
1032: .Pp
1033: The options are as follows:
1034: .Bl -tag -width Ds
1035: .It Fl certfile Ar file
1.40 jmc 1036: Add the certificates in PEM
1.1 jsing 1037: .Ar file
1.40 jmc 1038: to the PKCS#7 structure.
1039: This option can be used more than once
1040: to read certificates from multiple files.
1.1 jsing 1041: .It Fl in Ar file
1.40 jmc 1042: Read the CRL from
1043: .Ar file ,
1044: or standard input if not specified.
1045: .It Fl inform Cm der | pem
1.64 jmc 1046: The input format.
1.1 jsing 1047: .It Fl nocrl
1048: Normally, a CRL is included in the output file.
1049: With this option, no CRL is
1050: included in the output file and a CRL is not read from the input file.
1051: .It Fl out Ar file
1.40 jmc 1052: Write the PKCS#7 structure to
1053: .Ar file ,
1054: or standard output if not specified.
1055: .It Fl outform Cm der | pem
1.64 jmc 1056: The output format.
1.1 jsing 1057: .El
1058: .Sh DGST
1059: .nr nS 1
1060: .Nm "openssl dgst"
1.43 jmc 1061: .Op Fl cd
1.1 jsing 1062: .Op Fl binary
1.43 jmc 1063: .Op Fl Ar digest
1.1 jsing 1064: .Op Fl hex
1065: .Op Fl hmac Ar key
1.43 jmc 1066: .Op Fl keyform Cm pem
1.1 jsing 1067: .Op Fl mac Ar algorithm
1068: .Op Fl macopt Ar nm : Ns Ar v
1069: .Op Fl out Ar file
1070: .Op Fl passin Ar arg
1071: .Op Fl prverify Ar file
1072: .Op Fl sign Ar file
1073: .Op Fl signature Ar file
1074: .Op Fl sigopt Ar nm : Ns Ar v
1075: .Op Fl verify Ar file
1076: .Op Ar
1077: .nr nS 0
1078: .Pp
1079: The digest functions output the message digest of a supplied
1080: .Ar file
1081: or
1082: .Ar files
1083: in hexadecimal form.
1084: They can also be used for digital signing and verification.
1085: .Pp
1086: The options are as follows:
1087: .Bl -tag -width Ds
1088: .It Fl binary
1089: Output the digest or signature in binary form.
1090: .It Fl c
1.48 jmc 1091: Print the digest in two-digit groups separated by colons.
1.1 jsing 1092: .It Fl d
1.48 jmc 1093: Print BIO debugging information.
1.43 jmc 1094: .It Fl Ar digest
1095: Use the specified message
1096: .Ar digest .
1097: The default is MD5.
1098: The available digests can be displayed using
1099: .Nm openssl
1100: .Cm list-message-digest-commands .
1101: The following are equivalent:
1102: .Nm openssl dgst
1103: .Fl md5
1104: and
1105: .Nm openssl
1106: .Cm md5 .
1.1 jsing 1107: .It Fl hex
1108: Digest is to be output as a hex dump.
1109: This is the default case for a
1110: .Qq normal
1111: digest as opposed to a digital signature.
1112: .It Fl hmac Ar key
1113: Create a hashed MAC using
1114: .Ar key .
1.43 jmc 1115: .It Fl keyform Cm pem
1.1 jsing 1116: Specifies the key format to sign the digest with.
1117: .It Fl mac Ar algorithm
1118: Create a keyed Message Authentication Code (MAC).
1119: The most popular MAC algorithm is HMAC (hash-based MAC),
1120: but there are other MAC algorithms which are not based on hash.
1121: MAC keys and other options should be set via the
1122: .Fl macopt
1123: parameter.
1124: .It Fl macopt Ar nm : Ns Ar v
1125: Passes options to the MAC algorithm, specified by
1126: .Fl mac .
1127: The following options are supported by HMAC:
1128: .Bl -tag -width Ds
1.43 jmc 1129: .It Cm key : Ns Ar string
1.1 jsing 1130: Specifies the MAC key as an alphanumeric string
1131: (use if the key contain printable characters only).
1132: String length must conform to any restrictions of the MAC algorithm.
1.43 jmc 1133: .It Cm hexkey : Ns Ar string
1.1 jsing 1134: Specifies the MAC key in hexadecimal form (two hex digits per byte).
1135: Key length must conform to any restrictions of the MAC algorithm.
1136: .El
1137: .It Fl out Ar file
1.43 jmc 1138: The output file to write to,
1139: or standard output if not specified.
1.1 jsing 1140: .It Fl passin Ar arg
1141: The key password source.
1142: .It Fl prverify Ar file
1143: Verify the signature using the private key in
1144: .Ar file .
1145: The output is either
1146: .Qq Verification OK
1147: or
1148: .Qq Verification Failure .
1149: .It Fl sign Ar file
1150: Digitally sign the digest using the private key in
1151: .Ar file .
1152: .It Fl signature Ar file
1153: The actual signature to verify.
1154: .It Fl sigopt Ar nm : Ns Ar v
1155: Pass options to the signature algorithm during sign or verify operations.
1156: The names and values of these options are algorithm-specific.
1157: .It Fl verify Ar file
1158: Verify the signature using the public key in
1159: .Ar file .
1160: The output is either
1161: .Qq Verification OK
1162: or
1163: .Qq Verification Failure .
1164: .It Ar
1165: File or files to digest.
1166: If no files are specified then standard input is used.
1167: .El
1168: .Sh DHPARAM
1169: .nr nS 1
1170: .Nm "openssl dhparam"
1171: .Op Fl 2 | 5
1172: .Op Fl C
1173: .Op Fl check
1174: .Op Fl dsaparam
1175: .Op Fl in Ar file
1.44 jmc 1176: .Op Fl inform Cm der | pem
1.1 jsing 1177: .Op Fl noout
1178: .Op Fl out Ar file
1.44 jmc 1179: .Op Fl outform Cm der | pem
1.1 jsing 1180: .Op Fl text
1181: .Op Ar numbits
1182: .nr nS 0
1183: .Pp
1184: The
1185: .Nm dhparam
1186: command is used to manipulate DH parameter files.
1.44 jmc 1187: Only the older PKCS#3 DH is supported,
1188: not the newer X9.42 DH.
1.1 jsing 1189: .Pp
1190: The options are as follows:
1191: .Bl -tag -width Ds
1192: .It Fl 2 , 5
1.44 jmc 1193: The generator to use;
1.1 jsing 1194: 2 is the default.
1195: If present, the input file is ignored and parameters are generated instead.
1196: .It Fl C
1.44 jmc 1197: Convert the parameters into C code.
1.1 jsing 1198: The parameters can then be loaded by calling the
1.44 jmc 1199: .No get_dh Ns Ar numbits
1.1 jsing 1200: function.
1201: .It Fl check
1202: Check the DH parameters.
1203: .It Fl dsaparam
1.44 jmc 1204: Read or create DSA parameters,
1205: converted to DH format on output.
1.1 jsing 1206: Otherwise,
1207: .Qq strong
1208: primes
1209: .Pq such that (p-1)/2 is also prime
1210: will be used for DH parameter generation.
1211: .Pp
1212: DH parameter generation with the
1213: .Fl dsaparam
1214: option is much faster,
1215: and the recommended exponent length is shorter,
1216: which makes DH key exchange more efficient.
1217: Beware that with such DSA-style DH parameters,
1218: a fresh DH key should be created for each use to
1219: avoid small-subgroup attacks that may be possible otherwise.
1220: .It Fl in Ar file
1.44 jmc 1221: The input file to read from,
1222: or standard input if not specified.
1223: .It Fl inform Cm der | pem
1224: The input format.
1.1 jsing 1225: .It Fl noout
1.46 jmc 1226: Do not output the encoded version of the parameters.
1.44 jmc 1227: .It Fl out Ar file
1228: The output file to write to,
1229: or standard output if not specified.
1230: .It Fl outform Cm der | pem
1231: The output format.
1232: .It Fl text
1.64 jmc 1233: Print the DH parameters in plain text.
1.1 jsing 1234: .It Ar numbits
1.44 jmc 1235: Generate a parameter set of size
1.1 jsing 1236: .Ar numbits .
1237: It must be the last option.
1.16 sthen 1238: If not present, a value of 2048 is used.
1.1 jsing 1239: If this value is present, the input file is ignored and
1240: parameters are generated instead.
1241: .El
1242: .Sh DSA
1243: .nr nS 1
1244: .Nm "openssl dsa"
1245: .Oo
1246: .Fl aes128 | aes192 | aes256 |
1247: .Fl des | des3
1248: .Oc
1249: .Op Fl in Ar file
1.45 jmc 1250: .Op Fl inform Cm der | pem
1.1 jsing 1251: .Op Fl modulus
1252: .Op Fl noout
1253: .Op Fl out Ar file
1.45 jmc 1254: .Op Fl outform Cm der | pem
1.1 jsing 1255: .Op Fl passin Ar arg
1256: .Op Fl passout Ar arg
1257: .Op Fl pubin
1258: .Op Fl pubout
1259: .Op Fl text
1260: .nr nS 0
1261: .Pp
1262: The
1263: .Nm dsa
1264: command processes DSA keys.
1265: They can be converted between various forms and their components printed out.
1266: .Pp
1267: .Sy Note :
1268: This command uses the traditional
1269: .Nm SSLeay
1270: compatible format for private key encryption:
1271: newer applications should use the more secure PKCS#8 format using the
1272: .Nm pkcs8
1273: command.
1274: .Pp
1275: The options are as follows:
1276: .Bl -tag -width Ds
1277: .It Xo
1278: .Fl aes128 | aes192 | aes256 |
1279: .Fl des | des3
1280: .Xc
1.45 jmc 1281: Encrypt the private key with the AES, DES, or the triple DES
1.1 jsing 1282: ciphers, respectively, before outputting it.
1283: A pass phrase is prompted for.
1.45 jmc 1284: If none of these options are specified, the key is written in plain text.
1.1 jsing 1285: This means that using the
1286: .Nm dsa
1.45 jmc 1287: utility to read an encrypted key with no encryption option can be used to
1.1 jsing 1288: remove the pass phrase from a key,
1.45 jmc 1289: or by setting the encryption options it can be used to add or change
1.1 jsing 1290: the pass phrase.
1291: These options can only be used with PEM format output files.
1292: .It Fl in Ar file
1.45 jmc 1293: The input file to read from,
1294: or standard input if not specified.
1.1 jsing 1295: If the key is encrypted, a pass phrase will be prompted for.
1.45 jmc 1296: .It Fl inform Cm der | pem
1297: The input format.
1.1 jsing 1298: .It Fl modulus
1.45 jmc 1299: Print the value of the public key component of the key.
1.1 jsing 1300: .It Fl noout
1.46 jmc 1301: Do not output the encoded version of the key.
1.1 jsing 1302: .It Fl out Ar file
1.45 jmc 1303: The output file to write to,
1304: or standard output if not specified.
1.1 jsing 1305: If any encryption options are set then a pass phrase will be
1306: prompted for.
1.45 jmc 1307: .It Fl outform Cm der | pem
1308: The output format.
1.1 jsing 1309: .It Fl passin Ar arg
1310: The key password source.
1311: .It Fl passout Ar arg
1312: The output file password source.
1313: .It Fl pubin
1.60 jmc 1314: Read in a public key, not a private key.
1.1 jsing 1315: .It Fl pubout
1.60 jmc 1316: Output a public key, not a private key.
1317: Automatically set if the input is a public key.
1.1 jsing 1318: .It Fl text
1.64 jmc 1319: Print the public/private key in plain text.
1.1 jsing 1320: .El
1321: .Sh DSAPARAM
1322: .nr nS 1
1323: .Nm "openssl dsaparam"
1324: .Op Fl C
1325: .Op Fl genkey
1326: .Op Fl in Ar file
1.46 jmc 1327: .Op Fl inform Cm der | pem
1.1 jsing 1328: .Op Fl noout
1329: .Op Fl out Ar file
1.46 jmc 1330: .Op Fl outform Cm der | pem
1.1 jsing 1331: .Op Fl text
1332: .Op Ar numbits
1333: .nr nS 0
1334: .Pp
1335: The
1336: .Nm dsaparam
1337: command is used to manipulate or generate DSA parameter files.
1338: .Pp
1339: The options are as follows:
1340: .Bl -tag -width Ds
1341: .It Fl C
1.46 jmc 1342: Convert the parameters into C code.
1.1 jsing 1343: The parameters can then be loaded by calling the
1.46 jmc 1344: .No get_dsa Ns Ar XXX
1.1 jsing 1345: function.
1346: .It Fl genkey
1.46 jmc 1347: Generate a DSA key either using the specified or generated
1.1 jsing 1348: parameters.
1349: .It Fl in Ar file
1.46 jmc 1350: The input file to read from,
1351: or standard input if not specified.
1.1 jsing 1352: If the
1353: .Ar numbits
1.46 jmc 1354: parameter is included, then this option is ignored.
1355: .It Fl inform Cm der | pem
1356: The input format.
1.1 jsing 1357: .It Fl noout
1.46 jmc 1358: Do not output the encoded version of the parameters.
1359: .It Fl out Ar file
1360: The output file to write to,
1361: or standard output if not specified.
1362: .It Fl outform Cm der | pem
1363: The output format.
1364: .It Fl text
1.64 jmc 1365: Print the DSA parameters in plain text.
1.1 jsing 1366: .It Ar numbits
1.46 jmc 1367: Generate a parameter set of size
1.1 jsing 1368: .Ar numbits .
1.46 jmc 1369: If this option is included, the input file is ignored.
1.1 jsing 1370: .El
1371: .Sh EC
1372: .nr nS 1
1373: .Nm "openssl ec"
1374: .Op Fl conv_form Ar arg
1375: .Op Fl des
1376: .Op Fl des3
1377: .Op Fl in Ar file
1.47 jmc 1378: .Op Fl inform Cm der | pem
1.1 jsing 1379: .Op Fl noout
1380: .Op Fl out Ar file
1.47 jmc 1381: .Op Fl outform Cm der | pem
1.1 jsing 1382: .Op Fl param_enc Ar arg
1383: .Op Fl param_out
1384: .Op Fl passin Ar arg
1385: .Op Fl passout Ar arg
1386: .Op Fl pubin
1387: .Op Fl pubout
1388: .Op Fl text
1389: .nr nS 0
1390: .Pp
1391: The
1392: .Nm ec
1393: command processes EC keys.
1394: They can be converted between various
1395: forms and their components printed out.
1.47 jmc 1396: .Nm openssl
1.1 jsing 1397: uses the private key format specified in
1398: .Dq SEC 1: Elliptic Curve Cryptography
1399: .Pq Lk http://www.secg.org/ .
1400: To convert an
1401: EC private key into the PKCS#8 private key format use the
1402: .Nm pkcs8
1403: command.
1404: .Pp
1405: The options are as follows:
1406: .Bl -tag -width Ds
1407: .It Fl conv_form Ar arg
1.47 jmc 1408: Specify how the points on the elliptic curve are converted
1.1 jsing 1409: into octet strings.
1410: Possible values are:
1411: .Cm compressed
1.47 jmc 1412: (the default),
1.1 jsing 1413: .Cm uncompressed ,
1414: and
1415: .Cm hybrid .
1416: For more information regarding
1.47 jmc 1417: the point conversion forms see the X9.62 standard.
1.1 jsing 1418: Note:
1419: Due to patent issues the
1420: .Cm compressed
1421: option is disabled by default for binary curves
1422: and can be enabled by defining the preprocessor macro
1.47 jmc 1423: .Dv OPENSSL_EC_BIN_PT_COMP
1.1 jsing 1424: at compile time.
1425: .It Fl des | des3
1.47 jmc 1426: Encrypt the private key with DES, triple DES, or
1.1 jsing 1427: any other cipher supported by
1.47 jmc 1428: .Nm openssl .
1.1 jsing 1429: A pass phrase is prompted for.
1430: If none of these options is specified the key is written in plain text.
1431: This means that using the
1432: .Nm ec
1433: utility to read in an encrypted key with no
1434: encryption option can be used to remove the pass phrase from a key,
1435: or by setting the encryption options
1436: it can be use to add or change the pass phrase.
1437: These options can only be used with PEM format output files.
1438: .It Fl in Ar file
1.47 jmc 1439: The input file to read a key from,
1440: or standard input if not specified.
1.1 jsing 1441: If the key is encrypted a pass phrase will be prompted for.
1.47 jmc 1442: .It Fl inform Cm der | pem
1443: The input format.
1.1 jsing 1444: .It Fl noout
1.47 jmc 1445: Do not output the encoded version of the key.
1.1 jsing 1446: .It Fl out Ar file
1.47 jmc 1447: The output filename to write to,
1448: or standard output if not specified.
1.1 jsing 1449: If any encryption options are set then a pass phrase will be prompted for.
1.47 jmc 1450: .It Fl outform Cm der | pem
1451: The output format.
1.1 jsing 1452: .It Fl param_enc Ar arg
1.47 jmc 1453: Specify how the elliptic curve parameters are encoded.
1.1 jsing 1454: Possible value are:
1455: .Cm named_curve ,
1456: i.e. the EC parameters are specified by an OID; or
1457: .Cm explicit ,
1458: where the EC parameters are explicitly given
1459: (see RFC 3279 for the definition of the EC parameter structures).
1460: The default value is
1461: .Cm named_curve .
1462: Note: the
1463: .Cm implicitlyCA
1464: alternative,
1465: as specified in RFC 3279,
1.47 jmc 1466: is currently not implemented.
1.1 jsing 1467: .It Fl passin Ar arg
1468: The key password source.
1469: .It Fl passout Ar arg
1470: The output file password source.
1471: .It Fl pubin
1.60 jmc 1472: Read in a public key, not a private key.
1.1 jsing 1473: .It Fl pubout
1.60 jmc 1474: Output a public key, not a private key.
1475: Automatically set if the input is a public key.
1.1 jsing 1476: .It Fl text
1.64 jmc 1477: Print the public/private key in plain text.
1.1 jsing 1478: .El
1479: .Sh ECPARAM
1480: .nr nS 1
1481: .Nm "openssl ecparam"
1482: .Op Fl C
1483: .Op Fl check
1484: .Op Fl conv_form Ar arg
1485: .Op Fl genkey
1486: .Op Fl in Ar file
1.48 jmc 1487: .Op Fl inform Cm der | pem
1.1 jsing 1488: .Op Fl list_curves
1489: .Op Fl name Ar arg
1490: .Op Fl no_seed
1491: .Op Fl noout
1492: .Op Fl out Ar file
1.48 jmc 1493: .Op Fl outform Cm der | pem
1.1 jsing 1494: .Op Fl param_enc Ar arg
1495: .Op Fl text
1496: .nr nS 0
1497: .Pp
1.48 jmc 1498: The
1499: .Nm ecparam
1500: command is used to manipulate or generate EC parameter files.
1501: .Nm openssl
1502: is not able to generate new groups so
1503: .Nm ecparam
1504: can only create EC parameters from known (named) curves.
1505: .Pp
1.1 jsing 1506: The options are as follows:
1507: .Bl -tag -width Ds
1508: .It Fl C
1509: Convert the EC parameters into C code.
1510: The parameters can then be loaded by calling the
1.48 jmc 1511: .No get_ec_group_ Ns Ar XXX
1.1 jsing 1512: function.
1513: .It Fl check
1514: Validate the elliptic curve parameters.
1515: .It Fl conv_form Ar arg
1516: Specify how the points on the elliptic curve are converted
1517: into octet strings.
1518: Possible values are:
1519: .Cm compressed
1.48 jmc 1520: (the default),
1.1 jsing 1521: .Cm uncompressed ,
1522: and
1523: .Cm hybrid .
1524: For more information regarding
1.48 jmc 1525: the point conversion forms see the X9.62 standard.
1.1 jsing 1526: Note:
1527: Due to patent issues the
1528: .Cm compressed
1529: option is disabled by default for binary curves
1530: and can be enabled by defining the preprocessor macro
1.48 jmc 1531: .Dv OPENSSL_EC_BIN_PT_COMP
1.1 jsing 1532: at compile time.
1533: .It Fl genkey
1534: Generate an EC private key using the specified parameters.
1535: .It Fl in Ar file
1.48 jmc 1536: The input file to read from,
1537: or standard input if not specified.
1538: .It Fl inform Cm der | pem
1539: The input format.
1.1 jsing 1540: .It Fl list_curves
1.48 jmc 1541: Print a list of all
1.1 jsing 1542: currently implemented EC parameter names and exit.
1543: .It Fl name Ar arg
1.48 jmc 1544: Use the EC parameters with the specified "short" name.
1.1 jsing 1545: .It Fl no_seed
1.48 jmc 1546: Do not include the seed for the parameter generation
1547: in the ECParameters structure (see RFC 3279).
1.1 jsing 1548: .It Fl noout
1.48 jmc 1549: Do not output the encoded version of the parameters.
1.1 jsing 1550: .It Fl out Ar file
1.48 jmc 1551: The output file to write to,
1552: or standard output if not specified.
1553: .It Fl outform Cm der | pem
1554: The output format.
1.1 jsing 1555: .It Fl param_enc Ar arg
1.48 jmc 1556: Specify how the elliptic curve parameters are encoded.
1.1 jsing 1557: Possible value are:
1558: .Cm named_curve ,
1559: i.e. the EC parameters are specified by an OID, or
1560: .Cm explicit ,
1561: where the EC parameters are explicitly given
1562: (see RFC 3279 for the definition of the EC parameter structures).
1563: The default value is
1564: .Cm named_curve .
1565: Note: the
1566: .Cm implicitlyCA
1567: alternative, as specified in RFC 3279,
1.48 jmc 1568: is currently not implemented.
1.1 jsing 1569: .It Fl text
1.64 jmc 1570: Print the EC parameters in plain text.
1.1 jsing 1571: .El
1572: .Sh ENC
1573: .nr nS 1
1574: .Nm "openssl enc"
1575: .Fl ciphername
1576: .Op Fl AadePp
1577: .Op Fl base64
1578: .Op Fl bufsize Ar number
1579: .Op Fl debug
1580: .Op Fl in Ar file
1581: .Op Fl iv Ar IV
1582: .Op Fl K Ar key
1583: .Op Fl k Ar password
1584: .Op Fl kfile Ar file
1585: .Op Fl md Ar digest
1586: .Op Fl none
1587: .Op Fl nopad
1588: .Op Fl nosalt
1589: .Op Fl out Ar file
1590: .Op Fl pass Ar arg
1591: .Op Fl S Ar salt
1592: .Op Fl salt
1593: .nr nS 0
1594: .Pp
1595: The symmetric cipher commands allow data to be encrypted or decrypted
1596: using various block and stream ciphers using keys based on passwords
1597: or explicitly provided.
1598: Base64 encoding or decoding can also be performed either by itself
1599: or in addition to the encryption or decryption.
1.49 jmc 1600: The program can be called either as
1601: .Nm openssl Ar ciphername
1602: or
1603: .Nm openssl enc - Ns Ar ciphername .
1604: .Pp
1605: Some of the ciphers do not have large keys and others have security
1606: implications if not used correctly.
1607: All the block ciphers normally use PKCS#5 padding,
1608: also known as standard block padding.
1609: If padding is disabled, the input data must be a multiple of the cipher
1610: block length.
1.1 jsing 1611: .Pp
1612: The options are as follows:
1613: .Bl -tag -width Ds
1614: .It Fl A
1615: If the
1616: .Fl a
1617: option is set, then base64 process the data on one line.
1618: .It Fl a , base64
1619: Base64 process the data.
1620: This means that if encryption is taking place, the data is base64-encoded
1621: after encryption.
1.49 jmc 1622: If decryption is set, the input data is base64-decoded before
1.1 jsing 1623: being decrypted.
1624: .It Fl bufsize Ar number
1625: Set the buffer size for I/O.
1626: .It Fl d
1627: Decrypt the input data.
1628: .It Fl debug
1629: Debug the BIOs used for I/O.
1630: .It Fl e
1.49 jmc 1631: Encrypt the input data.
1632: This is the default.
1.1 jsing 1633: .It Fl in Ar file
1.49 jmc 1634: The input file to read from,
1.57 jmc 1635: or standard input if not specified.
1.1 jsing 1636: .It Fl iv Ar IV
1637: The actual
1638: .Ar IV
1639: .Pq initialisation vector
1640: to use:
1641: this must be represented as a string comprised only of hex digits.
1642: When only the
1643: .Ar key
1644: is specified using the
1645: .Fl K
1.49 jmc 1646: option,
1647: the IV must explicitly be defined.
1.1 jsing 1648: When a password is being specified using one of the other options,
1.49 jmc 1649: the IV is generated from this password.
1.1 jsing 1650: .It Fl K Ar key
1651: The actual
1652: .Ar key
1653: to use:
1654: this must be represented as a string comprised only of hex digits.
1.49 jmc 1655: If only the key is specified,
1656: the IV must also be specified using the
1.1 jsing 1657: .Fl iv
1658: option.
1659: When both a
1660: .Ar key
1661: and a
1662: .Ar password
1663: are specified, the
1664: .Ar key
1665: given with the
1666: .Fl K
1.49 jmc 1667: option will be used and the IV generated from the password will be taken.
1.1 jsing 1668: It probably does not make much sense to specify both
1669: .Ar key
1670: and
1671: .Ar password .
1672: .It Fl k Ar password
1673: The
1674: .Ar password
1675: to derive the key from.
1676: Superseded by the
1677: .Fl pass
1678: option.
1679: .It Fl kfile Ar file
1680: Read the password to derive the key from the first line of
1681: .Ar file .
1682: Superseded by the
1683: .Fl pass
1684: option.
1685: .It Fl md Ar digest
1686: Use
1687: .Ar digest
1688: to create a key from a pass phrase.
1689: .Ar digest
1690: may be one of
1.49 jmc 1691: .Cm md5
1.1 jsing 1692: or
1.49 jmc 1693: .Cm sha1 .
1.1 jsing 1694: .It Fl none
1695: Use NULL cipher (no encryption or decryption of input).
1696: .It Fl nopad
1697: Disable standard block padding.
1698: .It Fl nosalt
1.49 jmc 1699: Don't use a salt in the key derivation routines.
1.1 jsing 1700: This option should
1701: .Em NEVER
1.49 jmc 1702: be used
1703: since it makes it possible to perform efficient dictionary
1704: attacks on the password and to attack stream cipher encrypted data.
1.1 jsing 1705: .It Fl out Ar file
1.51 jmc 1706: The output file to write to,
1.57 jmc 1707: or standard output if not specified.
1.1 jsing 1708: .It Fl P
1.49 jmc 1709: Print out the salt, key, and IV used, then immediately exit;
1.1 jsing 1710: don't do any encryption or decryption.
1711: .It Fl p
1.49 jmc 1712: Print out the salt, key, and IV used.
1.1 jsing 1713: .It Fl pass Ar arg
1714: The password source.
1715: .It Fl S Ar salt
1716: The actual
1717: .Ar salt
1718: to use:
1719: this must be represented as a string comprised only of hex digits.
1720: .It Fl salt
1.49 jmc 1721: Use a salt in the key derivation routines (the default).
1722: When the salt is being used
1723: the first eight bytes of the encrypted data are reserved for the salt:
1724: it is randomly generated when encrypting a file and read from the
1725: encrypted file when it is decrypted.
1.1 jsing 1726: .El
1727: .Sh ERRSTR
1728: .Nm openssl errstr
1729: .Op Fl stats
1730: .Ar errno ...
1731: .Pp
1732: The
1733: .Nm errstr
1734: command performs error number to error string conversion,
1735: generating a human-readable string representing the error code
1736: .Ar errno .
1737: The string is obtained through the
1738: .Xr ERR_error_string_n 3
1739: function and has the following format:
1740: .Pp
1741: .Dl error:[error code]:[library name]:[function name]:[reason string]
1742: .Pp
1743: .Bq error code
1744: is an 8-digit hexadecimal number.
1745: The remaining fields
1746: .Bq library name ,
1747: .Bq function name ,
1748: and
1749: .Bq reason string
1750: are all ASCII text.
1751: .Pp
1752: The options are as follows:
1753: .Bl -tag -width Ds
1754: .It Fl stats
1755: Print debugging statistics about various aspects of the hash table.
1756: .El
1757: .Sh GENDSA
1758: .nr nS 1
1759: .Nm "openssl gendsa"
1760: .Oo
1761: .Fl aes128 | aes192 | aes256 |
1762: .Fl des | des3
1763: .Oc
1764: .Op Fl out Ar file
1765: .Op Ar paramfile
1766: .nr nS 0
1767: .Pp
1768: The
1769: .Nm gendsa
1770: command generates a DSA private key from a DSA parameter file
1.51 jmc 1771: (typically generated by the
1.1 jsing 1772: .Nm openssl dsaparam
1773: command).
1.51 jmc 1774: DSA key generation is little more than random number generation so it is
1775: much quicker than,
1776: for example,
1777: RSA key generation.
1.1 jsing 1778: .Pp
1779: The options are as follows:
1780: .Bl -tag -width Ds
1781: .It Xo
1782: .Fl aes128 | aes192 | aes256 |
1783: .Fl des | des3
1784: .Xc
1.51 jmc 1785: Encrypt the private key with the AES, DES,
1.1 jsing 1786: or the triple DES ciphers, respectively, before outputting it.
1787: A pass phrase is prompted for.
1788: If none of these options are specified, no encryption is used.
1789: .It Fl out Ar file
1.51 jmc 1790: The output file to write to,
1.57 jmc 1791: or standard output if not specified.
1.1 jsing 1792: .It Ar paramfile
1.51 jmc 1793: Specify the DSA parameter file to use.
1.1 jsing 1794: The parameters in this file determine the size of the private key.
1795: .El
1796: .Sh GENPKEY
1797: .nr nS 1
1798: .Nm "openssl genpkey"
1799: .Op Fl algorithm Ar alg
1800: .Op Ar cipher
1801: .Op Fl genparam
1802: .Op Fl out Ar file
1.52 jmc 1803: .Op Fl outform Cm der | pem
1.1 jsing 1804: .Op Fl paramfile Ar file
1805: .Op Fl pass Ar arg
1806: .Op Fl pkeyopt Ar opt : Ns Ar value
1807: .Op Fl text
1808: .nr nS 0
1809: .Pp
1810: The
1811: .Nm genpkey
1812: command generates private keys.
1813: The use of this
1814: program is encouraged over the algorithm specific utilities
1.22 bcook 1815: because additional algorithm options can be used.
1.1 jsing 1816: .Pp
1817: The options are as follows:
1818: .Bl -tag -width Ds
1819: .It Fl algorithm Ar alg
1820: The public key algorithm to use,
1821: such as RSA, DSA, or DH.
1.52 jmc 1822: This option must precede any
1.1 jsing 1823: .Fl pkeyopt
1824: options.
1825: The options
1826: .Fl paramfile
1827: and
1828: .Fl algorithm
1829: are mutually exclusive.
1830: .It Ar cipher
1831: Encrypt the private key with the supplied cipher.
1832: Any algorithm name accepted by
1.52 jmc 1833: .Xr EVP_get_cipherbyname 3
1834: is acceptable.
1.1 jsing 1835: .It Fl genparam
1836: Generate a set of parameters instead of a private key.
1.52 jmc 1837: This option must precede any
1.1 jsing 1838: .Fl algorithm ,
1839: .Fl paramfile ,
1840: or
1841: .Fl pkeyopt
1842: options.
1843: .It Fl out Ar file
1.52 jmc 1844: The output file to write to,
1.57 jmc 1845: or standard output if not specified.
1.52 jmc 1846: .It Fl outform Cm der | pem
1847: The output format.
1.1 jsing 1848: .It Fl paramfile Ar file
1.52 jmc 1849: Some public key algorithms generate a private key based on a set of parameters,
1850: which can be supplied using this option.
1.1 jsing 1851: If this option is used the public key
1852: algorithm used is determined by the parameters.
1.52 jmc 1853: This option must precede any
1.1 jsing 1854: .Fl pkeyopt
1855: options.
1856: The options
1857: .Fl paramfile
1858: and
1859: .Fl algorithm
1860: are mutually exclusive.
1861: .It Fl pass Ar arg
1862: The output file password source.
1863: .It Fl pkeyopt Ar opt : Ns Ar value
1864: Set the public key algorithm option
1865: .Ar opt
1866: to
1.52 jmc 1867: .Ar value ,
1868: as follows:
1.1 jsing 1869: .Bl -tag -width Ds -offset indent
1870: .It rsa_keygen_bits : Ns Ar numbits
1871: (RSA)
1872: The number of bits in the generated key.
1.52 jmc 1873: The default is 2048.
1.1 jsing 1874: .It rsa_keygen_pubexp : Ns Ar value
1875: (RSA)
1876: The RSA public exponent value.
1877: This can be a large decimal or hexadecimal value if preceded by 0x.
1.52 jmc 1878: The default is 65537.
1.1 jsing 1879: .It dsa_paramgen_bits : Ns Ar numbits
1880: (DSA)
1881: The number of bits in the generated parameters.
1.52 jmc 1882: The default is 1024.
1.1 jsing 1883: .It dh_paramgen_prime_len : Ns Ar numbits
1884: (DH)
1885: The number of bits in the prime parameter
1886: .Ar p .
1887: .It dh_paramgen_generator : Ns Ar value
1888: (DH)
1889: The value to use for the generator
1890: .Ar g .
1891: .It ec_paramgen_curve : Ns Ar curve
1892: (EC)
1893: The EC curve to use.
1894: .El
1.52 jmc 1895: .It Fl text
1.64 jmc 1896: Print the private/public key in plain text.
1.52 jmc 1897: .El
1.1 jsing 1898: .Sh GENRSA
1899: .nr nS 1
1900: .Nm "openssl genrsa"
1901: .Op Fl 3 | f4
1.53 jmc 1902: .Op Fl aes128 | aes192 | aes256 | des | des3
1.1 jsing 1903: .Op Fl out Ar file
1904: .Op Fl passout Ar arg
1905: .Op Ar numbits
1906: .nr nS 0
1907: .Pp
1908: The
1909: .Nm genrsa
1.53 jmc 1910: command generates an RSA private key,
1911: which essentially involves the generation of two prime numbers.
1912: When generating the key,
1913: various symbols will be output to indicate the progress of the generation.
1914: A
1915: .Sq \&.
1916: represents each number which has passed an initial sieve test;
1917: .Sq +
1918: means a number has passed a single round of the Miller-Rabin primality test.
1919: A newline means that the number has passed all the prime tests
1920: (the actual number depends on the key size).
1.1 jsing 1921: .Pp
1922: The options are as follows:
1923: .Bl -tag -width Ds
1924: .It Fl 3 | f4
1925: The public exponent to use, either 3 or 65537.
1926: The default is 65537.
1.53 jmc 1927: .It Fl aes128 | aes192 | aes256 | des | des3
1928: Encrypt the private key with the AES, DES,
1.1 jsing 1929: or the triple DES ciphers, respectively, before outputting it.
1930: If none of these options are specified, no encryption is used.
1931: If encryption is used, a pass phrase is prompted for,
1932: if it is not supplied via the
1933: .Fl passout
1934: option.
1935: .It Fl out Ar file
1.53 jmc 1936: The output file to write to,
1.57 jmc 1937: or standard output if not specified.
1.1 jsing 1938: .It Fl passout Ar arg
1939: The output file password source.
1940: .It Ar numbits
1941: The size of the private key to generate in bits.
1942: This must be the last option specified.
1943: The default is 2048.
1944: .El
1945: .Sh NSEQ
1946: .Nm openssl nseq
1947: .Op Fl in Ar file
1948: .Op Fl out Ar file
1949: .Op Fl toseq
1950: .Pp
1951: The
1952: .Nm nseq
1.54 jmc 1953: command takes a file containing a Netscape certificate sequence
1954: (an alternative to the standard PKCS#7 format)
1955: and prints out the certificates contained in it,
1956: or takes a file of certificates
1957: and converts it into a Netscape certificate sequence.
1958: .Pp
1.1 jsing 1959: The options are as follows:
1960: .Bl -tag -width Ds
1961: .It Fl in Ar file
1.54 jmc 1962: The input file to read from,
1963: or standard input if not specified.
1.1 jsing 1964: .It Fl out Ar file
1.54 jmc 1965: The output file to write to,
1966: or standard output if not specified.
1.1 jsing 1967: .It Fl toseq
1968: Normally, a Netscape certificate sequence will be input and the output
1969: is the certificates contained in it.
1970: With the
1971: .Fl toseq
1972: option the situation is reversed:
1973: a Netscape certificate sequence is created from a file of certificates.
1974: .El
1975: .Sh OCSP
1976: .nr nS 1
1977: .Nm "openssl ocsp"
1978: .Op Fl CA Ar file
1979: .Op Fl CAfile Ar file
1980: .Op Fl CApath Ar directory
1981: .Op Fl cert Ar file
1982: .Op Fl dgst Ar alg
1.55 jmc 1983: .Op Fl host Ar hostname : Ns Ar port
1.1 jsing 1984: .Op Fl index Ar indexfile
1985: .Op Fl issuer Ar file
1986: .Op Fl ndays Ar days
1987: .Op Fl nmin Ar minutes
1988: .Op Fl no_cert_checks
1989: .Op Fl no_cert_verify
1990: .Op Fl no_certs
1991: .Op Fl no_chain
1992: .Op Fl no_intern
1993: .Op Fl no_nonce
1994: .Op Fl no_signature_verify
1995: .Op Fl nonce
1996: .Op Fl noverify
1997: .Op Fl nrequest Ar number
1998: .Op Fl out Ar file
1999: .Op Fl path Ar path
2000: .Op Fl port Ar portnum
2001: .Op Fl req_text
2002: .Op Fl reqin Ar file
2003: .Op Fl reqout Ar file
2004: .Op Fl resp_key_id
2005: .Op Fl resp_no_certs
2006: .Op Fl resp_text
2007: .Op Fl respin Ar file
2008: .Op Fl respout Ar file
2009: .Op Fl rkey Ar file
2010: .Op Fl rother Ar file
2011: .Op Fl rsigner Ar file
2012: .Op Fl serial Ar number
2013: .Op Fl sign_other Ar file
2014: .Op Fl signer Ar file
2015: .Op Fl signkey Ar file
2016: .Op Fl status_age Ar age
2017: .Op Fl text
2018: .Op Fl trust_other
2019: .Op Fl url Ar responder_url
2020: .Op Fl VAfile Ar file
2021: .Op Fl validity_period Ar nsec
2022: .Op Fl verify_other Ar file
2023: .nr nS 0
2024: .Pp
1.55 jmc 2025: The Online Certificate Status Protocol (OCSP)
2026: enables applications to determine the (revocation) state
2027: of an identified certificate (RFC 2560).
1.1 jsing 2028: .Pp
2029: The
2030: .Nm ocsp
2031: command performs many common OCSP tasks.
2032: It can be used to print out requests and responses,
2033: create requests and send queries to an OCSP responder,
2034: and behave like a mini OCSP server itself.
2035: .Pp
2036: The options are as follows:
2037: .Bl -tag -width Ds
2038: .It Fl CAfile Ar file , Fl CApath Ar directory
1.55 jmc 2039: A file or path containing trusted CA certificates,
2040: used to verify the signature on the OCSP response.
1.1 jsing 2041: .It Fl cert Ar file
2042: Add the certificate
2043: .Ar file
2044: to the request.
2045: The issuer certificate is taken from the previous
2046: .Fl issuer
2047: option, or an error occurs if no issuer certificate is specified.
2048: .It Fl dgst Ar alg
1.55 jmc 2049: Use the digest algorithm
2050: .Ar alg
2051: for certificate identification in the OCSP request.
1.1 jsing 2052: By default SHA-1 is used.
2053: .It Xo
2054: .Fl host Ar hostname : Ns Ar port ,
2055: .Fl path Ar path
2056: .Xc
1.55 jmc 2057: Send
2058: the OCSP request to
1.1 jsing 2059: .Ar hostname
1.55 jmc 2060: on
1.1 jsing 2061: .Ar port .
2062: .Fl path
2063: specifies the HTTP path name to use, or
1.55 jmc 2064: .Pa /
1.1 jsing 2065: by default.
2066: .It Fl issuer Ar file
1.55 jmc 2067: The current issuer certificate,
2068: in PEM format.
2069: Can be used multiple times
2070: and must come before any
1.1 jsing 2071: .Fl cert
2072: options.
2073: .It Fl no_cert_checks
2074: Don't perform any additional checks on the OCSP response signer's certificate.
2075: That is, do not make any checks to see if the signer's certificate is
2076: authorised to provide the necessary status information:
2077: as a result this option should only be used for testing purposes.
2078: .It Fl no_cert_verify
2079: Don't verify the OCSP response signer's certificate at all.
2080: Since this option allows the OCSP response to be signed by any certificate,
2081: it should only be used for testing purposes.
2082: .It Fl no_certs
1.55 jmc 2083: Don't include any certificates in the signed request.
1.1 jsing 2084: .It Fl no_chain
2085: Do not use certificates in the response as additional untrusted CA
2086: certificates.
2087: .It Fl no_intern
2088: Ignore certificates contained in the OCSP response
2089: when searching for the signer's certificate.
1.55 jmc 2090: The signer's certificate must be specified with either the
1.1 jsing 2091: .Fl verify_other
2092: or
2093: .Fl VAfile
2094: options.
2095: .It Fl no_signature_verify
2096: Don't check the signature on the OCSP response.
2097: Since this option tolerates invalid signatures on OCSP responses,
2098: it will normally only be used for testing purposes.
2099: .It Fl nonce , no_nonce
1.55 jmc 2100: Add an OCSP nonce extension to a request,
2101: or disable an OCSP nonce addition.
1.1 jsing 2102: Normally, if an OCSP request is input using the
2103: .Fl respin
1.55 jmc 2104: option no nonce is added:
1.1 jsing 2105: using the
2106: .Fl nonce
1.55 jmc 2107: option will force the addition of a nonce.
1.1 jsing 2108: If an OCSP request is being created (using the
2109: .Fl cert
2110: and
2111: .Fl serial
2112: options)
1.55 jmc 2113: a nonce is automatically added; specifying
1.1 jsing 2114: .Fl no_nonce
2115: overrides this.
2116: .It Fl noverify
1.55 jmc 2117: Don't attempt to verify the OCSP response signature or the nonce values.
2118: This is normally only be used for debugging
1.1 jsing 2119: since it disables all verification of the responder's certificate.
2120: .It Fl out Ar file
1.55 jmc 2121: Specify the output file to write to,
1.57 jmc 2122: or standard output if not specified.
1.1 jsing 2123: .It Fl req_text , resp_text , text
2124: Print out the text form of the OCSP request, response, or both, respectively.
2125: .It Fl reqin Ar file , Fl respin Ar file
2126: Read an OCSP request or response file from
2127: .Ar file .
2128: These options are ignored
2129: if an OCSP request or response creation is implied by other options
2130: (for example with the
2131: .Fl serial , cert ,
2132: and
2133: .Fl host
2134: options).
2135: .It Fl reqout Ar file , Fl respout Ar file
2136: Write out the DER-encoded certificate request or response to
2137: .Ar file .
2138: .It Fl serial Ar num
2139: Same as the
2140: .Fl cert
2141: option except the certificate with serial number
2142: .Ar num
2143: is added to the request.
2144: The serial number is interpreted as a decimal integer unless preceded by
2145: .Sq 0x .
1.55 jmc 2146: Negative integers can also be specified
2147: by preceding the value with a minus sign.
1.1 jsing 2148: .It Fl sign_other Ar file
2149: Additional certificates to include in the signed request.
2150: .It Fl signer Ar file , Fl signkey Ar file
2151: Sign the OCSP request using the certificate specified in the
2152: .Fl signer
2153: option and the private key specified by the
2154: .Fl signkey
2155: option.
2156: If the
2157: .Fl signkey
2158: option is not present, then the private key is read from the same file
2159: as the certificate.
2160: If neither option is specified, the OCSP request is not signed.
2161: .It Fl trust_other
2162: The certificates specified by the
2163: .Fl verify_other
2164: option should be explicitly trusted and no additional checks will be
2165: performed on them.
2166: This is useful when the complete responder certificate chain is not available
2167: or trusting a root CA is not appropriate.
2168: .It Fl url Ar responder_url
2169: Specify the responder URL.
2170: Both HTTP and HTTPS
2171: .Pq SSL/TLS
2172: URLs can be specified.
2173: .It Fl VAfile Ar file
1.55 jmc 2174: A file containing explicitly trusted responder certificates.
1.1 jsing 2175: Equivalent to the
2176: .Fl verify_other
2177: and
2178: .Fl trust_other
2179: options.
2180: .It Fl validity_period Ar nsec , Fl status_age Ar age
1.55 jmc 2181: The range of times, in seconds, which will be tolerated in an OCSP response.
2182: Each certificate status response includes a notBefore time
2183: and an optional notAfter time.
1.1 jsing 2184: The current time should fall between these two values,
2185: but the interval between the two times may be only a few seconds.
2186: In practice the OCSP responder and clients' clocks may not be precisely
2187: synchronised and so such a check may fail.
2188: To avoid this the
2189: .Fl validity_period
2190: option can be used to specify an acceptable error range in seconds,
1.55 jmc 2191: the default value being 5 minutes.
1.1 jsing 2192: .Pp
1.55 jmc 2193: If the notAfter time is omitted from a response,
2194: it means that new status information is immediately available.
2195: In this case the age of the notBefore field is checked
2196: to see it is not older than
1.1 jsing 2197: .Ar age
2198: seconds old.
2199: By default, this additional check is not performed.
2200: .It Fl verify_other Ar file
1.55 jmc 2201: A file containing additional certificates to search
2202: when attempting to locate the OCSP response signing certificate.
2203: Some responders omit the actual signer's certificate from the response,
2204: so this can be used to supply the necessary certificate.
1.1 jsing 2205: .El
1.55 jmc 2206: .Pp
2207: The options for the OCSP server are as follows:
1.1 jsing 2208: .Bl -tag -width "XXXX"
2209: .It Fl CA Ar file
2210: CA certificate corresponding to the revocation information in
2211: .Ar indexfile .
2212: .It Fl index Ar indexfile
2213: .Ar indexfile
1.55 jmc 2214: is a text index file in ca format
2215: containing certificate revocation information.
1.1 jsing 2216: .Pp
1.55 jmc 2217: If this option is specified,
1.1 jsing 2218: .Nm ocsp
1.55 jmc 2219: is in responder mode, otherwise it is in client mode.
2220: The requests the responder processes can be either specified on
1.1 jsing 2221: the command line (using the
2222: .Fl issuer
2223: and
2224: .Fl serial
2225: options), supplied in a file (using the
2226: .Fl respin
1.55 jmc 2227: option), or via external OCSP clients (if
1.1 jsing 2228: .Ar port
2229: or
2230: .Ar url
2231: is specified).
2232: .Pp
1.55 jmc 2233: If this option is present, then the
1.1 jsing 2234: .Fl CA
2235: and
2236: .Fl rsigner
2237: options must also be present.
2238: .It Fl nmin Ar minutes , Fl ndays Ar days
2239: Number of
2240: .Ar minutes
2241: or
2242: .Ar days
1.55 jmc 2243: when fresh revocation information is available:
2244: used in the nextUpdate field.
2245: If neither option is present,
2246: the nextUpdate field is omitted,
2247: meaning fresh revocation information is immediately available.
1.1 jsing 2248: .It Fl nrequest Ar number
1.55 jmc 2249: Exit after receiving
1.1 jsing 2250: .Ar number
1.55 jmc 2251: requests (the default is unlimited).
1.1 jsing 2252: .It Fl port Ar portnum
2253: Port to listen for OCSP requests on.
1.55 jmc 2254: May also be specified using the
1.1 jsing 2255: .Fl url
2256: option.
2257: .It Fl resp_key_id
2258: Identify the signer certificate using the key ID;
1.55 jmc 2259: the default is to use the subject name.
1.1 jsing 2260: .It Fl resp_no_certs
2261: Don't include any certificates in the OCSP response.
2262: .It Fl rkey Ar file
2263: The private key to sign OCSP responses with;
2264: if not present, the file specified in the
2265: .Fl rsigner
2266: option is used.
2267: .It Fl rother Ar file
2268: Additional certificates to include in the OCSP response.
2269: .It Fl rsigner Ar file
2270: The certificate to sign OCSP responses with.
2271: .El
2272: .Pp
2273: Initially the OCSP responder certificate is located and the signature on
2274: the OCSP request checked using the responder certificate's public key.
2275: Then a normal certificate verify is performed on the OCSP responder certificate
2276: building up a certificate chain in the process.
2277: The locations of the trusted certificates used to build the chain can be
2278: specified by the
2279: .Fl CAfile
2280: and
2281: .Fl CApath
2282: options or they will be looked for in the standard
1.55 jmc 2283: .Nm openssl
2284: certificates directory.
1.1 jsing 2285: .Pp
1.55 jmc 2286: If the initial verify fails, the OCSP verify process halts with an error.
1.1 jsing 2287: Otherwise the issuing CA certificate in the request is compared to the OCSP
2288: responder certificate: if there is a match then the OCSP verify succeeds.
2289: .Pp
2290: Otherwise the OCSP responder certificate's CA is checked against the issuing
2291: CA certificate in the request.
2292: If there is a match and the OCSPSigning extended key usage is present
2293: in the OCSP responder certificate, then the OCSP verify succeeds.
2294: .Pp
2295: Otherwise the root CA of the OCSP responder's CA is checked to see if it
2296: is trusted for OCSP signing.
2297: If it is, the OCSP verify succeeds.
2298: .Pp
2299: If none of these checks is successful, the OCSP verify fails.
2300: What this effectively means is that if the OCSP responder certificate is
2301: authorised directly by the CA it is issuing revocation information about
1.55 jmc 2302: (and it is correctly configured),
1.1 jsing 2303: then verification will succeed.
2304: .Pp
1.55 jmc 2305: If the OCSP responder is a global responder,
2306: which can give details about multiple CAs
2307: and has its own separate certificate chain,
2308: then its root CA can be trusted for OCSP signing.
1.1 jsing 2309: For example:
2310: .Bd -literal -offset indent
2311: $ openssl x509 -in ocspCA.pem -addtrust OCSPSigning \e
2312: -out trustedCA.pem
2313: .Ed
2314: .Pp
2315: Alternatively, the responder certificate itself can be explicitly trusted
2316: with the
2317: .Fl VAfile
2318: option.
2319: .Sh PASSWD
2320: .nr nS 1
2321: .Nm "openssl passwd"
2322: .Op Fl 1 | apr1 | crypt
2323: .Op Fl in Ar file
2324: .Op Fl noverify
2325: .Op Fl quiet
2326: .Op Fl reverse
2327: .Op Fl salt Ar string
2328: .Op Fl stdin
2329: .Op Fl table
2330: .Op Ar password
2331: .nr nS 0
2332: .Pp
2333: The
2334: .Nm passwd
1.56 jmc 2335: command computes the hash of a password.
1.1 jsing 2336: .Pp
2337: The options are as follows:
2338: .Bl -tag -width Ds
2339: .It Fl 1
2340: Use the MD5 based
2341: .Bx
2342: password algorithm
1.56 jmc 2343: .Qq 1 .
1.1 jsing 2344: .It Fl apr1
2345: Use the
1.56 jmc 2346: .Qq apr1
1.1 jsing 2347: algorithm
1.56 jmc 2348: .Po
2349: Apache variant of the
1.1 jsing 2350: .Bx
1.56 jmc 2351: algorithm
2352: .Pc .
1.1 jsing 2353: .It Fl crypt
2354: Use the
1.56 jmc 2355: .Qq crypt
2356: algorithm (the default).
1.1 jsing 2357: .It Fl in Ar file
2358: Read passwords from
2359: .Ar file .
2360: .It Fl noverify
2361: Don't verify when reading a password from the terminal.
2362: .It Fl quiet
2363: Don't output warnings when passwords given on the command line are truncated.
2364: .It Fl reverse
2365: Switch table columns.
2366: This only makes sense in conjunction with the
2367: .Fl table
2368: option.
2369: .It Fl salt Ar string
1.56 jmc 2370: Use the salt specified by
2371: .Ar string .
1.1 jsing 2372: When reading a password from the terminal, this implies
2373: .Fl noverify .
2374: .It Fl stdin
1.56 jmc 2375: Read passwords from standard input.
1.1 jsing 2376: .It Fl table
2377: In the output list, prepend the cleartext password and a TAB character
2378: to each password hash.
2379: .El
2380: .Sh PKCS7
2381: .nr nS 1
2382: .Nm "openssl pkcs7"
2383: .Op Fl in Ar file
1.57 jmc 2384: .Op Fl inform Cm der | pem
1.1 jsing 2385: .Op Fl noout
2386: .Op Fl out Ar file
1.57 jmc 2387: .Op Fl outform Cm der | pem
1.1 jsing 2388: .Op Fl print_certs
2389: .Op Fl text
2390: .nr nS 0
2391: .Pp
2392: The
2393: .Nm pkcs7
2394: command processes PKCS#7 files in DER or PEM format.
1.57 jmc 2395: The PKCS#7 routines only understand PKCS#7 v 1.5 as specified in RFC 2315.
2396: .Pp
1.1 jsing 2397: The options are as follows:
2398: .Bl -tag -width Ds
2399: .It Fl in Ar file
1.57 jmc 2400: The input file to read from,
2401: or standard input if not specified.
2402: .It Fl inform Cm der | pem
2403: The input format.
1.1 jsing 2404: .It Fl noout
2405: Don't output the encoded version of the PKCS#7 structure
2406: (or certificates if
2407: .Fl print_certs
2408: is set).
2409: .It Fl out Ar file
1.57 jmc 2410: The output to write to,
2411: or standard output if not specified.
2412: .It Fl outform Cm der | pem
2413: The output format.
1.1 jsing 2414: .It Fl print_certs
1.57 jmc 2415: Print any certificates or CRLs contained in the file,
2416: preceded by their subject and issuer names in a one-line format.
1.1 jsing 2417: .It Fl text
1.57 jmc 2418: Print certificate details in full rather than just subject and issuer names.
1.1 jsing 2419: .El
2420: .Sh PKCS8
2421: .nr nS 1
2422: .Nm "openssl pkcs8"
2423: .Op Fl embed
2424: .Op Fl in Ar file
1.58 jmc 2425: .Op Fl inform Cm der | pem
1.1 jsing 2426: .Op Fl nocrypt
2427: .Op Fl noiter
2428: .Op Fl nooct
2429: .Op Fl nsdb
2430: .Op Fl out Ar file
1.58 jmc 2431: .Op Fl outform Cm der | pem
1.1 jsing 2432: .Op Fl passin Ar arg
2433: .Op Fl passout Ar arg
2434: .Op Fl topk8
2435: .Op Fl v1 Ar alg
2436: .Op Fl v2 Ar alg
2437: .nr nS 0
2438: .Pp
2439: The
2440: .Nm pkcs8
1.58 jmc 2441: command processes private keys
2442: (both encrypted and unencrypted)
2443: in PKCS#8 format
2444: with a variety of PKCS#5 (v1.5 and v2.0) and PKCS#12 algorithms.
2445: The default encryption is only 56 bits;
2446: keys encrypted using PKCS#5 v2.0 algorithms and high iteration counts
2447: are more secure.
2448: .Pp
1.1 jsing 2449: The options are as follows:
2450: .Bl -tag -width Ds
2451: .It Fl embed
1.58 jmc 2452: Generate DSA keys in a broken format.
2453: The DSA parameters are embedded inside the PrivateKey structure.
1.1 jsing 2454: In this form the OCTET STRING contains an ASN1 SEQUENCE consisting of
2455: two structures:
2456: a SEQUENCE containing the parameters and an ASN1 INTEGER containing
2457: the private key.
2458: .It Fl in Ar file
1.58 jmc 2459: The input file to read from,
2460: or standard input if not specified.
1.1 jsing 2461: If the key is encrypted, a pass phrase will be prompted for.
1.58 jmc 2462: .It Fl inform Cm der | pem
2463: The input format.
1.1 jsing 2464: .It Fl nocrypt
1.58 jmc 2465: Generate an unencrypted PrivateKeyInfo structure.
2466: This option does not encrypt private keys at all
2467: and should only be used when absolutely necessary.
1.1 jsing 2468: .It Fl noiter
2469: Use an iteration count of 1.
2470: See the
2471: .Sx PKCS12
2472: section below for a detailed explanation of this option.
2473: .It Fl nooct
1.58 jmc 2474: Generate RSA private keys in a broken format that some software uses.
1.1 jsing 2475: Specifically the private key should be enclosed in an OCTET STRING,
2476: but some software just includes the structure itself without the
2477: surrounding OCTET STRING.
2478: .It Fl nsdb
1.58 jmc 2479: Generate DSA keys in a broken format compatible with Netscape
1.1 jsing 2480: private key databases.
1.58 jmc 2481: The PrivateKey contains a SEQUENCE
2482: consisting of the public and private keys, respectively.
1.1 jsing 2483: .It Fl out Ar file
1.58 jmc 2484: The output file to write to,
2485: or standard output if none is specified.
1.1 jsing 2486: If any encryption options are set, a pass phrase will be prompted for.
1.58 jmc 2487: .It Fl outform Cm der | pem
2488: The output format.
1.1 jsing 2489: .It Fl passin Ar arg
2490: The key password source.
2491: .It Fl passout Ar arg
2492: The output file password source.
2493: .It Fl topk8
1.58 jmc 2494: Read a traditional format private key and write a PKCS#8 format key.
1.1 jsing 2495: .It Fl v1 Ar alg
1.58 jmc 2496: Specify a PKCS#5 v1.5 or PKCS#12 algorithm to use.
2497: .Pp
2498: .Bl -tag -width "XXXX" -compact
2499: .It PBE-MD5-DES
2500: 56-bit DES.
2501: .It PBE-SHA1-RC2-64 | PBE-MD5-RC2-64 | PBE-SHA1-DES
2502: 64-bit RC2 or 56-bit DES.
2503: .It PBE-SHA1-RC4-128 | PBE-SHA1-RC4-40 | PBE-SHA1-3DES
2504: .It PBE-SHA1-2DES | PBE-SHA1-RC2-128 | PBE-SHA1-RC2-40
2505: PKCS#12 password-based encryption algorithm,
2506: which allow strong encryption algorithms like triple DES or 128-bit RC2.
2507: .El
1.1 jsing 2508: .It Fl v2 Ar alg
1.58 jmc 2509: Use PKCS#5 v2.0 algorithms.
2510: Supports algorithms such as 168-bit triple DES or 128-bit RC2,
2511: however not many implementations support PKCS#5 v2.0 yet
2512: (if using private keys with
2513: .Nm openssl
2514: this doesn't matter).
1.1 jsing 2515: .Pp
2516: .Ar alg
1.58 jmc 2517: is the encryption algorithm to use;
2518: valid values include des, des3, and rc2.
2519: It is recommended that des3 is used.
1.1 jsing 2520: .El
2521: .Sh PKCS12
2522: .nr nS 1
2523: .Nm "openssl pkcs12"
1.59 jmc 2524: .Op Fl aes128 | aes192 | aes256 | des | des3
1.1 jsing 2525: .Op Fl cacerts
2526: .Op Fl CAfile Ar file
2527: .Op Fl caname Ar name
2528: .Op Fl CApath Ar directory
2529: .Op Fl certfile Ar file
2530: .Op Fl certpbe Ar alg
2531: .Op Fl chain
2532: .Op Fl clcerts
2533: .Op Fl CSP Ar name
2534: .Op Fl descert
2535: .Op Fl export
2536: .Op Fl in Ar file
2537: .Op Fl info
2538: .Op Fl inkey Ar file
2539: .Op Fl keyex
2540: .Op Fl keypbe Ar alg
2541: .Op Fl keysig
2542: .Op Fl macalg Ar alg
2543: .Op Fl maciter
2544: .Op Fl name Ar name
2545: .Op Fl nocerts
2546: .Op Fl nodes
2547: .Op Fl noiter
2548: .Op Fl nokeys
2549: .Op Fl nomac
2550: .Op Fl nomaciter
2551: .Op Fl nomacver
2552: .Op Fl noout
2553: .Op Fl out Ar file
2554: .Op Fl passin Ar arg
2555: .Op Fl passout Ar arg
2556: .Op Fl twopass
2557: .nr nS 0
2558: .Pp
2559: The
2560: .Nm pkcs12
2561: command allows PKCS#12 files
2562: .Pq sometimes referred to as PFX files
2563: to be created and parsed.
2564: By default, a PKCS#12 file is parsed;
2565: a PKCS#12 file can be created by using the
2566: .Fl export
1.59 jmc 2567: option.
2568: .Pp
2569: The options for parsing a PKCS12 file are as follows:
1.1 jsing 2570: .Bl -tag -width "XXXX"
1.59 jmc 2571: .It Fl aes128 | aes192 | aes256 | des | des3
2572: Encrypt private keys
2573: using AES, DES, or triple DES, respectively.
1.1 jsing 2574: The default is triple DES.
2575: .It Fl cacerts
2576: Only output CA certificates
2577: .Pq not client certificates .
2578: .It Fl clcerts
2579: Only output client certificates
2580: .Pq not CA certificates .
2581: .It Fl in Ar file
1.59 jmc 2582: The input file to read from,
2583: or standard input if not specified.
1.1 jsing 2584: .It Fl info
2585: Output additional information about the PKCS#12 file structure,
2586: algorithms used, and iteration counts.
2587: .It Fl nocerts
1.59 jmc 2588: Do not output certificates.
1.1 jsing 2589: .It Fl nodes
1.59 jmc 2590: Do not encrypt private keys.
1.1 jsing 2591: .It Fl nokeys
1.59 jmc 2592: Do not output private keys.
1.1 jsing 2593: .It Fl nomacver
1.59 jmc 2594: Do not attempt to verify the integrity MAC before reading the file.
1.1 jsing 2595: .It Fl noout
1.59 jmc 2596: Do not output the keys and certificates to the output file
1.1 jsing 2597: version of the PKCS#12 file.
2598: .It Fl out Ar file
1.59 jmc 2599: The output file to write to,
2600: or standard output if not specified.
1.1 jsing 2601: .It Fl passin Ar arg
2602: The key password source.
2603: .It Fl passout Ar arg
2604: The output file password source.
2605: .It Fl twopass
2606: Prompt for separate integrity and encryption passwords: most software
2607: always assumes these are the same so this option will render such
2608: PKCS#12 files unreadable.
2609: .El
1.59 jmc 2610: .Pp
2611: The options for PKCS12 file creation are as follows:
1.1 jsing 2612: .Bl -tag -width "XXXX"
2613: .It Fl CAfile Ar file
2614: CA storage as a file.
2615: .It Fl CApath Ar directory
2616: CA storage as a directory.
1.59 jmc 2617: The directory must be a standard certificate directory:
1.1 jsing 2618: that is, a hash of each subject name (using
1.59 jmc 2619: .Nm x509 Fl hash )
1.1 jsing 2620: should be linked to each certificate.
2621: .It Fl caname Ar name
1.59 jmc 2622: Specify the
1.1 jsing 2623: .Qq friendly name
2624: for other certificates.
1.59 jmc 2625: May be used multiple times to specify names for all certificates
1.1 jsing 2626: in the order they appear.
2627: .It Fl certfile Ar file
2628: A file to read additional certificates from.
2629: .It Fl certpbe Ar alg , Fl keypbe Ar alg
1.59 jmc 2630: Specify the algorithm used to encrypt the private key and
1.1 jsing 2631: certificates to be selected.
1.59 jmc 2632: Any PKCS#5 v1.5 or PKCS#12 PBE algorithm name can be used.
1.1 jsing 2633: If a cipher name
2634: (as output by the
2635: .Cm list-cipher-algorithms
2636: command) is specified then it
2637: is used with PKCS#5 v2.0.
2638: For interoperability reasons it is advisable to only use PKCS#12 algorithms.
2639: .It Fl chain
1.59 jmc 2640: Include the entire certificate chain of the user certificate.
1.1 jsing 2641: The standard CA store is used for this search.
2642: If the search fails, it is considered a fatal error.
2643: .It Fl CSP Ar name
2644: Write
2645: .Ar name
2646: as a Microsoft CSP name.
2647: .It Fl descert
2648: Encrypt the certificate using triple DES; this may render the PKCS#12
2649: file unreadable by some
2650: .Qq export grade
2651: software.
2652: By default, the private key is encrypted using triple DES and the
2653: certificate using 40-bit RC2.
2654: .It Fl export
1.59 jmc 2655: Create a PKCS#12 file (rather than parsing one).
1.1 jsing 2656: .It Fl in Ar file
1.59 jmc 2657: The input file to read from,
2658: or standard input if not specified,
2659: in PEM format.
1.1 jsing 2660: The order doesn't matter but one private key and its corresponding
2661: certificate should be present.
2662: If additional certificates are present, they will also be included
2663: in the PKCS#12 file.
2664: .It Fl inkey Ar file
1.59 jmc 2665: File to read a private key from.
1.1 jsing 2666: If not present, a private key must be present in the input file.
2667: .It Fl keyex | keysig
1.59 jmc 2668: Specify whether the private key is to be used for key exchange or just signing.
1.1 jsing 2669: Normally,
2670: .Qq export grade
2671: software will only allow 512-bit RSA keys to be
2672: used for encryption purposes, but arbitrary length keys for signing.
2673: The
2674: .Fl keysig
2675: option marks the key for signing only.
2676: Signing only keys can be used for S/MIME signing, authenticode
1.66 jmc 2677: (ActiveX control signing)
1.59 jmc 2678: and SSL client authentication.
1.1 jsing 2679: .It Fl macalg Ar alg
2680: Specify the MAC digest algorithm.
1.59 jmc 2681: The default is SHA1.
1.1 jsing 2682: .It Fl maciter
1.66 jmc 2683: Included for compatibility only:
1.59 jmc 2684: it used to be needed to use MAC iterations counts
2685: but they are now used by default.
1.1 jsing 2686: .It Fl name Ar name
1.59 jmc 2687: Specify the
1.1 jsing 2688: .Qq friendly name
2689: for the certificate and private key.
2690: This name is typically displayed in list boxes by software importing the file.
2691: .It Fl nomac
2692: Don't attempt to provide the MAC integrity.
2693: .It Fl nomaciter , noiter
1.59 jmc 2694: Affect the iteration counts on the MAC and key algorithms.
1.1 jsing 2695: Unless you wish to produce files compatible with MSIE 4.0, you should leave
2696: these options alone.
2697: .Pp
2698: To discourage attacks by using large dictionaries of common passwords,
2699: the algorithm that derives keys from passwords can have an iteration count
2700: applied to it: this causes a certain part of the algorithm to be repeated
2701: and slows it down.
2702: The MAC is used to check the file integrity but since it will normally
2703: have the same password as the keys and certificates it could also be attacked.
2704: By default, both MAC and encryption iteration counts are set to 2048;
2705: using these options the MAC and encryption iteration counts can be set to 1.
2706: Since this reduces the file security you should not use these options
2707: unless you really have to.
2708: Most software supports both MAC and key iteration counts.
2709: MSIE 4.0 doesn't support MAC iteration counts, so it needs the
2710: .Fl nomaciter
2711: option.
2712: .It Fl out Ar file
1.59 jmc 2713: The output file to write to,
2714: or standard output if not specified.
1.1 jsing 2715: .It Fl passin Ar arg
2716: The key password source.
2717: .It Fl passout Ar arg
2718: The output file password source.
2719: .El
2720: .Sh PKEY
2721: .nr nS 1
2722: .Nm "openssl pkey"
2723: .Op Ar cipher
2724: .Op Fl in Ar file
1.60 jmc 2725: .Op Fl inform Cm der | pem
1.1 jsing 2726: .Op Fl noout
2727: .Op Fl out Ar file
1.60 jmc 2728: .Op Fl outform Cm der | pem
1.1 jsing 2729: .Op Fl passin Ar arg
2730: .Op Fl passout Ar arg
2731: .Op Fl pubin
2732: .Op Fl pubout
2733: .Op Fl text
2734: .Op Fl text_pub
2735: .nr nS 0
2736: .Pp
2737: The
2738: .Nm pkey
2739: command processes public or private keys.
2740: They can be converted between various forms
2741: and their components printed out.
2742: .Pp
2743: The options are as follows:
2744: .Bl -tag -width Ds
2745: .It Ar cipher
1.60 jmc 2746: Encrypt the private key with the specified cipher.
1.1 jsing 2747: Any algorithm name accepted by
1.60 jmc 2748: .Xr EVP_get_cipherbyname 3
1.1 jsing 2749: is acceptable, such as
2750: .Cm des3 .
2751: .It Fl in Ar file
1.60 jmc 2752: The input file to read from,
2753: or standard input if not specified.
1.1 jsing 2754: If the key is encrypted a pass phrase will be prompted for.
1.60 jmc 2755: .It Fl inform Cm der | pem
2756: The input format.
1.1 jsing 2757: .It Fl noout
2758: Do not output the encoded version of the key.
2759: .It Fl out Ar file
1.60 jmc 2760: The output file to write to,
2761: or standard output if not specified.
1.1 jsing 2762: If any encryption options are set then a pass phrase
2763: will be prompted for.
1.60 jmc 2764: .It Fl outform Cm der | pem
2765: The output format.
1.1 jsing 2766: .It Fl passin Ar arg
2767: The key password source.
2768: .It Fl passout Ar arg
2769: The output file password source.
2770: .It Fl pubin
1.60 jmc 2771: Read in a public key, not a private key.
1.1 jsing 2772: .It Fl pubout
1.60 jmc 2773: Output a public key, not a private key.
2774: Automatically set if the input is a public key.
1.1 jsing 2775: .It Fl text
1.64 jmc 2776: Print the public/private key in plain text.
1.1 jsing 2777: .It Fl text_pub
2778: Print out only public key components
2779: even if a private key is being processed.
2780: .El
2781: .Sh PKEYPARAM
2782: .Cm openssl pkeyparam
2783: .Op Fl in Ar file
2784: .Op Fl noout
2785: .Op Fl out Ar file
2786: .Op Fl text
2787: .Pp
2788: The
1.61 jmc 2789: .Nm pkeyparam
1.1 jsing 2790: command processes public or private keys.
1.61 jmc 2791: The key type is determined by the PEM headers.
1.1 jsing 2792: .Pp
2793: The options are as follows:
2794: .Bl -tag -width Ds
2795: .It Fl in Ar file
1.61 jmc 2796: The input file to read from,
2797: or standard input if not specified.
1.1 jsing 2798: .It Fl noout
2799: Do not output the encoded version of the parameters.
2800: .It Fl out Ar file
1.61 jmc 2801: The output file to write to,
2802: or standard output if not specified.
1.1 jsing 2803: .It Fl text
1.64 jmc 2804: Print the parameters in plain text.
1.1 jsing 2805: .El
2806: .Sh PKEYUTL
2807: .nr nS 1
2808: .Nm "openssl pkeyutl"
2809: .Op Fl asn1parse
2810: .Op Fl certin
2811: .Op Fl decrypt
2812: .Op Fl derive
2813: .Op Fl encrypt
2814: .Op Fl hexdump
2815: .Op Fl in Ar file
2816: .Op Fl inkey Ar file
1.62 jmc 2817: .Op Fl keyform Cm der | pem
1.1 jsing 2818: .Op Fl out Ar file
2819: .Op Fl passin Ar arg
1.62 jmc 2820: .Op Fl peerform Cm der | pem
1.1 jsing 2821: .Op Fl peerkey Ar file
2822: .Op Fl pkeyopt Ar opt : Ns Ar value
2823: .Op Fl pubin
2824: .Op Fl rev
2825: .Op Fl sigfile Ar file
2826: .Op Fl sign
2827: .Op Fl verify
2828: .Op Fl verifyrecover
2829: .nr nS 0
2830: .Pp
2831: The
2832: .Nm pkeyutl
2833: command can be used to perform public key operations using
2834: any supported algorithm.
2835: .Pp
2836: The options are as follows:
2837: .Bl -tag -width Ds
2838: .It Fl asn1parse
2839: ASN1parse the output data.
2840: This is useful when combined with the
2841: .Fl verifyrecover
2842: option when an ASN1 structure is signed.
2843: .It Fl certin
2844: The input is a certificate containing a public key.
2845: .It Fl decrypt
2846: Decrypt the input data using a private key.
2847: .It Fl derive
2848: Derive a shared secret using the peer key.
2849: .It Fl encrypt
2850: Encrypt the input data using a public key.
2851: .It Fl hexdump
2852: Hex dump the output data.
2853: .It Fl in Ar file
1.62 jmc 2854: The input file to read from,
2855: or standard input if not specified.
1.1 jsing 2856: .It Fl inkey Ar file
2857: The input key file.
2858: By default it should be a private key.
1.62 jmc 2859: .It Fl keyform Cm der | pem
2860: The key format.
1.1 jsing 2861: .It Fl out Ar file
1.62 jmc 2862: The output file to write to,
2863: or standard output if not specified.
1.1 jsing 2864: .It Fl passin Ar arg
2865: The key password source.
1.62 jmc 2866: .It Fl peerform Cm der | pem
2867: The peer key format.
1.1 jsing 2868: .It Fl peerkey Ar file
2869: The peer key file, used by key derivation (agreement) operations.
2870: .It Fl pkeyopt Ar opt : Ns Ar value
1.62 jmc 2871: Set the public key algorithm option
2872: .Ar opt
2873: to
2874: .Ar value .
2875: Unless otherwise mentioned, all algorithms support the format
2876: .Ar digest : Ns Ar alg ,
2877: which specifies the digest to use
1.1 jsing 2878: for sign, verify, and verifyrecover operations.
2879: The value
2880: .Ar alg
2881: should represent a digest name as used in the
1.62 jmc 2882: .Xr EVP_get_digestbyname 3
2883: function.
2884: .Pp
1.1 jsing 2885: The RSA algorithm supports the
2886: encrypt, decrypt, sign, verify, and verifyrecover operations in general.
2887: Some padding modes only support some of these
2888: operations however.
2889: .Bl -tag -width Ds
2890: .It rsa_padding_mode : Ns Ar mode
2891: This sets the RSA padding mode.
2892: Acceptable values for
2893: .Ar mode
2894: are
2895: .Cm pkcs1
2896: for PKCS#1 padding;
2897: .Cm none
2898: for no padding;
2899: .Cm oaep
2900: for OAEP mode;
2901: .Cm x931
2902: for X9.31 mode;
2903: and
2904: .Cm pss
2905: for PSS.
2906: .Pp
2907: In PKCS#1 padding if the message digest is not set then the supplied data is
2908: signed or verified directly instead of using a DigestInfo structure.
2909: If a digest is set then a DigestInfo
2910: structure is used and its length
2911: must correspond to the digest type.
2912: For oeap mode only encryption and decryption is supported.
2913: For x931 if the digest type is set it is used to format the block data;
2914: otherwise the first byte is used to specify the X9.31 digest ID.
2915: Sign, verify, and verifyrecover can be performed in this mode.
2916: For pss mode only sign and verify are supported and the digest type must be
2917: specified.
2918: .It rsa_pss_saltlen : Ns Ar len
2919: For pss
2920: mode only this option specifies the salt length.
2921: Two special values are supported:
2922: -1 sets the salt length to the digest length.
2923: When signing -2 sets the salt length to the maximum permissible value.
2924: When verifying -2 causes the salt length to be automatically determined
2925: based on the PSS block structure.
2926: .El
1.62 jmc 2927: .Pp
1.1 jsing 2928: The DSA algorithm supports the sign and verify operations.
2929: Currently there are no additional options other than
2930: .Ar digest .
2931: Only the SHA1 digest can be used and this digest is assumed by default.
1.62 jmc 2932: .Pp
1.1 jsing 2933: The DH algorithm supports the derive operation
2934: and no additional options.
1.62 jmc 2935: .Pp
1.1 jsing 2936: The EC algorithm supports the sign, verify, and derive operations.
2937: The sign and verify operations use ECDSA and derive uses ECDH.
2938: Currently there are no additional options other than
2939: .Ar digest .
2940: Only the SHA1 digest can be used and this digest is assumed by default.
1.62 jmc 2941: .It Fl pubin
2942: The input file is a public key.
2943: .It Fl rev
2944: Reverse the order of the input buffer.
2945: .It Fl sigfile Ar file
2946: Signature file (verify operation only).
2947: .It Fl sign
2948: Sign the input data and output the signed result.
2949: This requires a private key.
2950: .It Fl verify
2951: Verify the input data against the signature file and indicate if the
2952: verification succeeded or failed.
2953: .It Fl verifyrecover
2954: Verify the input data and output the recovered data.
2955: .El
1.1 jsing 2956: .Sh PRIME
2957: .Cm openssl prime
2958: .Op Fl bits Ar n
2959: .Op Fl checks Ar n
2960: .Op Fl generate
2961: .Op Fl hex
2962: .Op Fl safe
2963: .Ar p
2964: .Pp
2965: The
2966: .Nm prime
2967: command is used to generate prime numbers,
2968: or to check numbers for primality.
2969: Results are probabilistic:
2970: they have an exceedingly high likelihood of being correct,
2971: but are not guaranteed.
2972: .Pp
2973: The options are as follows:
2974: .Bl -tag -width Ds
2975: .It Fl bits Ar n
2976: Specify the number of bits in the generated prime number.
2977: Must be used in conjunction with
2978: .Fl generate .
2979: .It Fl checks Ar n
2980: Perform a Miller-Rabin probabilistic primality test with
2981: .Ar n
2982: iterations.
2983: The default is 20.
2984: .It Fl generate
2985: Generate a pseudo-random prime number.
2986: Must be used in conjunction with
2987: .Fl bits .
2988: .It Fl hex
2989: Output in hex format.
2990: .It Fl safe
2991: Generate only
2992: .Qq safe
2993: prime numbers
2994: (i.e. a prime p so that (p-1)/2 is also prime).
2995: .It Ar p
2996: Test if number
2997: .Ar p
2998: is prime.
2999: .El
3000: .Sh RAND
3001: .nr nS 1
3002: .Nm "openssl rand"
3003: .Op Fl base64
3004: .Op Fl hex
3005: .Op Fl out Ar file
3006: .Ar num
3007: .nr nS 0
3008: .Pp
3009: The
3010: .Nm rand
3011: command outputs
3012: .Ar num
3013: pseudo-random bytes.
3014: .Pp
3015: The options are as follows:
3016: .Bl -tag -width Ds
3017: .It Fl base64
3018: Perform
3019: .Em base64
3020: encoding on the output.
3021: .It Fl hex
3022: Specify hexadecimal output.
3023: .It Fl out Ar file
1.63 jmc 3024: The output file to write to,
3025: or standard output if not specified.
1.1 jsing 3026: .El
3027: .Sh REQ
3028: .nr nS 1
3029: .Nm "openssl req"
3030: .Op Fl asn1-kludge
3031: .Op Fl batch
3032: .Op Fl config Ar file
3033: .Op Fl days Ar n
3034: .Op Fl extensions Ar section
3035: .Op Fl in Ar file
1.63 jmc 3036: .Op Fl inform Cm der | pem
1.1 jsing 3037: .Op Fl key Ar keyfile
1.63 jmc 3038: .Op Fl keyform Cm der | pem
1.1 jsing 3039: .Op Fl keyout Ar file
1.28 doug 3040: .Op Fl md4 | md5 | sha1
1.1 jsing 3041: .Op Fl modulus
3042: .Op Fl nameopt Ar option
3043: .Op Fl new
3044: .Op Fl newhdr
3045: .Op Fl newkey Ar arg
3046: .Op Fl no-asn1-kludge
3047: .Op Fl nodes
3048: .Op Fl noout
3049: .Op Fl out Ar file
1.63 jmc 3050: .Op Fl outform Cm der | pem
1.1 jsing 3051: .Op Fl passin Ar arg
3052: .Op Fl passout Ar arg
3053: .Op Fl pubkey
3054: .Op Fl reqexts Ar section
3055: .Op Fl reqopt Ar option
3056: .Op Fl set_serial Ar n
3057: .Op Fl subj Ar arg
3058: .Op Fl subject
3059: .Op Fl text
3060: .Op Fl utf8
3061: .Op Fl verbose
3062: .Op Fl verify
3063: .Op Fl x509
3064: .nr nS 0
3065: .Pp
3066: The
3067: .Nm req
3068: command primarily creates and processes certificate requests
3069: in PKCS#10 format.
3070: It can additionally create self-signed certificates,
3071: for use as root CAs, for example.
3072: .Pp
3073: The options are as follows:
3074: .Bl -tag -width Ds
3075: .It Fl asn1-kludge
1.63 jmc 3076: Produce requests in an invalid format for certain picky CAs.
3077: Very few CAs still require the use of this option.
1.1 jsing 3078: .It Fl batch
3079: Non-interactive mode.
3080: .It Fl config Ar file
1.63 jmc 3081: Specify an alternative configuration file.
1.1 jsing 3082: .It Fl days Ar n
1.63 jmc 3083: Specify the number of days to certify the certificate for.
3084: The default is 30 days.
3085: Used with the
1.1 jsing 3086: .Fl x509
1.63 jmc 3087: option.
1.1 jsing 3088: .It Fl extensions Ar section , Fl reqexts Ar section
1.63 jmc 3089: Specify alternative sections to include certificate
3090: extensions (with
3091: .Fl x509 )
3092: or certificate request extensions,
3093: allowing several different sections to be used in the same configuration file.
1.1 jsing 3094: .It Fl in Ar file
1.63 jmc 3095: The input file to read a request from,
3096: or standard input if not specified.
1.1 jsing 3097: A request is only read if the creation options
3098: .Fl new
3099: and
3100: .Fl newkey
3101: are not specified.
1.63 jmc 3102: .It Fl inform Cm der | pem
3103: The input format.
1.1 jsing 3104: .It Fl key Ar keyfile
1.63 jmc 3105: The file to read the private key from.
1.1 jsing 3106: It also accepts PKCS#8 format private keys for PEM format files.
1.63 jmc 3107: .It Fl keyform Cm der | pem
1.1 jsing 3108: The format of the private key file specified in the
3109: .Fl key
3110: argument.
1.63 jmc 3111: The default is PEM.
1.1 jsing 3112: .It Fl keyout Ar file
1.63 jmc 3113: The file to write the newly created private key to.
3114: If this option is not specified,
3115: the filename present in the configuration file is used.
1.4 sthen 3116: .It Fl md5 | sha1 | sha256
1.63 jmc 3117: The message digest to sign the request with.
1.1 jsing 3118: This overrides the digest algorithm specified in the configuration file.
3119: .Pp
3120: Some public key algorithms may override this choice.
3121: For instance, DSA signatures always use SHA1.
3122: .It Fl modulus
1.63 jmc 3123: Print the value of the modulus of the public key contained in the request.
1.1 jsing 3124: .It Fl nameopt Ar option , Fl reqopt Ar option
1.63 jmc 3125: Determine how the subject or issuer names are displayed.
1.1 jsing 3126: .Ar option
1.63 jmc 3127: can be a single option or multiple options separated by commas.
1.1 jsing 3128: Alternatively, these options may be used more than once to set multiple options.
3129: See the
3130: .Sx X509
3131: section below for details.
3132: .It Fl new
1.63 jmc 3133: Generate a new certificate request.
3134: The user is prompted for the relevant field values.
1.1 jsing 3135: The actual fields prompted for and their maximum and minimum sizes
3136: are specified in the configuration file and any requested extensions.
3137: .Pp
3138: If the
3139: .Fl key
3140: option is not used, it will generate a new RSA private
3141: key using information specified in the configuration file.
3142: .It Fl newhdr
1.63 jmc 3143: Add the word NEW to the PEM file header and footer lines
1.1 jsing 3144: on the outputed request.
1.63 jmc 3145: Some software and CAs need this.
1.1 jsing 3146: .It Fl newkey Ar arg
1.63 jmc 3147: Create a new certificate request and a new private key.
1.1 jsing 3148: The argument takes one of several forms.
1.63 jmc 3149: .Pp
3150: .No rsa : Ns Ar nbits
3151: generates an RSA key
1.1 jsing 3152: .Ar nbits
3153: in size.
3154: If
3155: .Ar nbits
1.63 jmc 3156: is omitted
3157: the default key size is used.
3158: .Pp
3159: .No dsa : Ns Ar file
3160: generates a DSA key using the parameters in
3161: .Ar file .
3162: .Pp
3163: .No param : Ns Ar file
3164: generates a key using the parameters or certificate in
3165: .Ar file .
3166: .Pp
3167: All other algorithms support the form
3168: .Ar algorithm : Ns Ar file ,
1.1 jsing 3169: where file may be an algorithm parameter file,
3170: created by the
3171: .Cm genpkey -genparam
1.14 jmc 3172: command or an X.509 certificate for a key with appropriate algorithm.
1.63 jmc 3173: .Ar file
3174: can be omitted,
3175: in which case any parameters can be specified via the
1.1 jsing 3176: .Fl pkeyopt
3177: option.
3178: .It Fl no-asn1-kludge
1.63 jmc 3179: Reverse the effect of
1.1 jsing 3180: .Fl asn1-kludge .
3181: .It Fl nodes
1.63 jmc 3182: Do not encrypt the private key.
1.1 jsing 3183: .It Fl noout
1.63 jmc 3184: Do not output the encoded version of the request.
1.1 jsing 3185: .It Fl out Ar file
1.63 jmc 3186: The output file to write to,
3187: or standard output if not spceified.
3188: .It Fl outform Cm der | pem
3189: The output format.
1.1 jsing 3190: .It Fl passin Ar arg
3191: The key password source.
3192: .It Fl passout Ar arg
3193: The output file password source.
3194: .It Fl pubkey
1.63 jmc 3195: Output the public key.
1.1 jsing 3196: .It Fl reqopt Ar option
3197: Customise the output format used with
3198: .Fl text .
3199: The
3200: .Ar option
3201: argument can be a single option or multiple options separated by commas.
1.63 jmc 3202: See also the discussion of
1.1 jsing 3203: .Fl certopt
1.63 jmc 3204: in the
1.1 jsing 3205: .Nm x509
3206: command.
3207: .It Fl set_serial Ar n
3208: Serial number to use when outputting a self-signed certificate.
3209: This may be specified as a decimal value or a hex value if preceded by
3210: .Sq 0x .
3211: It is possible to use negative serial numbers but this is not recommended.
3212: .It Fl subj Ar arg
1.63 jmc 3213: Replaces the subject field of an input request
3214: with the specified data and output the modified request.
3215: .Ar arg
3216: must be formatted as /type0=value0/type1=value1/type2=...;
1.1 jsing 3217: characters may be escaped by
3218: .Sq \e
1.63 jmc 3219: (backslash);
1.1 jsing 3220: no spaces are skipped.
3221: .It Fl subject
1.63 jmc 3222: Print the request subject (or certificate subject if
1.1 jsing 3223: .Fl x509
1.63 jmc 3224: is specified).
1.1 jsing 3225: .It Fl text
1.64 jmc 3226: Print the certificate request in plain text.
1.1 jsing 3227: .It Fl utf8
1.63 jmc 3228: Interpret field values as UTF8 strings, not ASCII.
1.1 jsing 3229: .It Fl verbose
3230: Print extra details about the operations being performed.
3231: .It Fl verify
1.63 jmc 3232: Verify the signature on the request.
1.1 jsing 3233: .It Fl x509
1.63 jmc 3234: Output a self-signed certificate instead of a certificate request.
3235: This is typically used to generate a test certificate or a self-signed root CA.
3236: The extensions added to the certificate (if any)
1.1 jsing 3237: are specified in the configuration file.
3238: Unless specified using the
3239: .Fl set_serial
1.63 jmc 3240: option, 0 is used for the serial number.
1.1 jsing 3241: .El
1.63 jmc 3242: .Pp
1.1 jsing 3243: The configuration options are specified in the
1.63 jmc 3244: .Qq req
1.1 jsing 3245: section of the configuration file.
1.63 jmc 3246: The options available are as follows:
1.1 jsing 3247: .Bl -tag -width "XXXX"
1.63 jmc 3248: .It Cm attributes
3249: The section containing any request attributes: its format
1.1 jsing 3250: is the same as
1.63 jmc 3251: .Cm distinguished_name .
3252: Typically these may contain the challengePassword or unstructuredName types.
3253: They are currently ignored by the
3254: .Nm openssl
1.1 jsing 3255: request signing utilities, but some CAs might want them.
1.63 jmc 3256: .It Cm default_bits
3257: The default key size, in bits.
3258: The default is 2048.
1.1 jsing 3259: It is used if the
3260: .Fl new
1.63 jmc 3261: option is used and can be overridden by using the
1.1 jsing 3262: .Fl newkey
3263: option.
1.63 jmc 3264: .It Cm default_keyfile
3265: The default file to write a private key to,
3266: or standard output if not specified.
3267: It can be overridden by the
1.1 jsing 3268: .Fl keyout
3269: option.
1.63 jmc 3270: .It Cm default_md
3271: The digest algorithm to use.
1.1 jsing 3272: Possible values include
1.63 jmc 3273: .Cm md5 ,
3274: .Cm sha1
1.1 jsing 3275: and
1.63 jmc 3276: .Cm sha256
3277: (the default).
3278: It can be overridden on the command line.
3279: .It Cm distinguished_name
3280: The section containing the distinguished name fields to
1.1 jsing 3281: prompt for when generating a certificate or certificate request.
1.63 jmc 3282: The format is described below.
3283: .It Cm encrypt_key
3284: If set to
3285: .Qq no
3286: and a private key is generated, it is not encrypted.
3287: It is equivalent to the
1.1 jsing 3288: .Fl nodes
1.63 jmc 3289: option.
1.1 jsing 3290: For compatibility,
1.63 jmc 3291: .Cm encrypt_rsa_key
1.1 jsing 3292: is an equivalent option.
1.63 jmc 3293: .It Cm input_password | output_password
3294: The passwords for the input private key file (if present)
3295: and the output private key file (if one will be created).
1.1 jsing 3296: The command line options
3297: .Fl passin
3298: and
3299: .Fl passout
3300: override the configuration file values.
1.63 jmc 3301: .It Cm oid_file
3302: A file containing additional OBJECT IDENTIFIERS.
1.1 jsing 3303: Each line of the file should consist of the numerical form of the
3304: object identifier, followed by whitespace, then the short name followed
3305: by whitespace and finally the long name.
1.63 jmc 3306: .It Cm oid_section
3307: Specify a section in the configuration file containing extra
1.1 jsing 3308: object identifiers.
3309: Each line should consist of the short name of the
3310: object identifier followed by
3311: .Sq =
3312: and the numerical form.
3313: The short and long names are the same when this option is used.
1.63 jmc 3314: .It Cm prompt
3315: If set to
3316: .Qq no ,
3317: it disables prompting of certificate fields
1.1 jsing 3318: and just takes values from the config file directly.
3319: It also changes the expected format of the
1.63 jmc 3320: .Cm distinguished_name
1.1 jsing 3321: and
1.63 jmc 3322: .Cm attributes
1.1 jsing 3323: sections.
1.63 jmc 3324: .It Cm req_extensions
3325: The configuration file section containing a list of
1.1 jsing 3326: extensions to add to the certificate request.
3327: It can be overridden by the
3328: .Fl reqexts
1.63 jmc 3329: option.
3330: .It Cm string_mask
3331: Limit the string types for encoding certain fields.
1.1 jsing 3332: The following values may be used, limiting strings to the indicated types:
3333: .Bl -tag -width "MASK:number"
1.63 jmc 3334: .It Cm utf8only
3335: UTF8String.
1.1 jsing 3336: This is the default, as recommended by PKIX in RFC 2459.
1.63 jmc 3337: .It Cm default
3338: PrintableString, IA5String, T61String, BMPString, UTF8String.
3339: .It Cm pkix
3340: PrintableString, IA5String, BMPString, UTF8String.
3341: Inspired by the PKIX recommendation in RFC 2459 for certificates
3342: generated before 2004, but differs by also permitting IA5String.
3343: .It Cm nombstr
3344: PrintableString, IA5String, T61String, UniversalString.
3345: A workaround for some ancient software that had problems
3346: with the variable-sized BMPString and UTF8String types.
1.1 jsing 3347: .It Cm MASK : Ns Ar number
1.63 jmc 3348: An explicit bitmask of permitted types, where
1.1 jsing 3349: .Ar number
3350: is a C-style hex, decimal, or octal number that's a bit-wise OR of
3351: .Dv B_ASN1_*
3352: values from
3353: .In openssl/asn1.h .
3354: .El
1.63 jmc 3355: .It Cm utf8
3356: If set to
3357: .Qq yes ,
1.72 jmc 3358: field values are interpreted as UTF8 strings.
1.63 jmc 3359: .It Cm x509_extensions
3360: The configuration file section containing a list of
1.1 jsing 3361: extensions to add to a certificate generated when the
3362: .Fl x509
3363: switch is used.
3364: It can be overridden by the
3365: .Fl extensions
1.72 jmc 3366: command line switch.
1.1 jsing 3367: .El
1.63 jmc 3368: .Pp
1.1 jsing 3369: There are two separate formats for the distinguished name and attribute
3370: sections.
3371: If the
3372: .Fl prompt
3373: option is set to
1.63 jmc 3374: .Qq no ,
1.72 jmc 3375: then these sections just consist of field names and values.
3376: If the
1.1 jsing 3377: .Fl prompt
3378: option is absent or not set to
1.63 jmc 3379: .Qq no ,
1.72 jmc 3380: then the file contains field prompting information of the form:
1.1 jsing 3381: .Bd -unfilled -offset indent
3382: fieldName="prompt"
3383: fieldName_default="default field value"
3384: fieldName_min= 2
3385: fieldName_max= 4
3386: .Ed
3387: .Pp
3388: .Qq fieldName
3389: is the field name being used, for example
1.63 jmc 3390: .Cm commonName
3391: (or CN).
1.1 jsing 3392: The
3393: .Qq prompt
3394: string is used to ask the user to enter the relevant details.
3395: If the user enters nothing, the default value is used;
3396: if no default value is present, the field is omitted.
3397: A field can still be omitted if a default value is present,
3398: if the user just enters the
3399: .Sq \&.
3400: character.
3401: .Pp
3402: The number of characters entered must be between the
1.63 jmc 3403: fieldName_min and fieldName_max limits:
1.1 jsing 3404: there may be additional restrictions based on the field being used
3405: (for example
1.63 jmc 3406: .Cm countryName
1.1 jsing 3407: can only ever be two characters long and must fit in a
1.63 jmc 3408: .Cm PrintableString ) .
1.1 jsing 3409: .Pp
3410: Some fields (such as
1.63 jmc 3411: .Cm organizationName )
1.1 jsing 3412: can be used more than once in a DN.
3413: This presents a problem because configuration files will
3414: not recognize the same name occurring twice.
3415: To avoid this problem, if the
1.63 jmc 3416: .Cm fieldName
1.1 jsing 3417: contains some characters followed by a full stop, they will be ignored.
3418: So, for example, a second
1.63 jmc 3419: .Cm organizationName
1.1 jsing 3420: can be input by calling it
3421: .Qq 1.organizationName .
3422: .Pp
3423: The actual permitted field names are any object identifier short or
3424: long names.
3425: These are compiled into
1.63 jmc 3426: .Nm openssl
1.1 jsing 3427: and include the usual values such as
1.63 jmc 3428: .Cm commonName , countryName , localityName , organizationName ,
3429: .Cm organizationUnitName , stateOrProvinceName .
1.1 jsing 3430: Additionally,
1.63 jmc 3431: .Cm emailAddress
1.1 jsing 3432: is included as well as
1.63 jmc 3433: .Cm name , surname , givenName , initials
1.1 jsing 3434: and
1.63 jmc 3435: .Cm dnQualifier .
1.1 jsing 3436: .Pp
3437: Additional object identifiers can be defined with the
1.63 jmc 3438: .Cm oid_file
1.1 jsing 3439: or
1.63 jmc 3440: .Cm oid_section
1.1 jsing 3441: options in the configuration file.
3442: Any additional fields will be treated as though they were a
1.63 jmc 3443: .Cm DirectoryString .
1.1 jsing 3444: .Sh RSA
3445: .nr nS 1
3446: .Nm "openssl rsa"
1.64 jmc 3447: .Op Fl aes128 | aes192 | aes256 | des | des3
1.1 jsing 3448: .Op Fl check
3449: .Op Fl in Ar file
1.64 jmc 3450: .Op Fl inform Cm der | net | pem
1.1 jsing 3451: .Op Fl modulus
3452: .Op Fl noout
3453: .Op Fl out Ar file
1.64 jmc 3454: .Op Fl outform Cm der | net | pem
1.1 jsing 3455: .Op Fl passin Ar arg
3456: .Op Fl passout Ar arg
3457: .Op Fl pubin
3458: .Op Fl pubout
3459: .Op Fl sgckey
3460: .Op Fl text
3461: .nr nS 0
3462: .Pp
3463: The
3464: .Nm rsa
3465: command processes RSA keys.
3466: They can be converted between various forms and their components printed out.
1.64 jmc 3467: .Nm rsa
3468: uses the traditional
1.1 jsing 3469: .Nm SSLeay
3470: compatible format for private key encryption:
3471: newer applications should use the more secure PKCS#8 format using the
3472: .Nm pkcs8
3473: utility.
3474: .Pp
3475: The options are as follows:
3476: .Bl -tag -width Ds
1.64 jmc 3477: .It Fl aes128 | aes192 | aes256 | des | des3
3478: Encrypt the private key with the AES, DES,
1.1 jsing 3479: or the triple DES ciphers, respectively, before outputting it.
3480: A pass phrase is prompted for.
3481: If none of these options are specified, the key is written in plain text.
3482: This means that using the
3483: .Nm rsa
3484: utility to read in an encrypted key with no encryption option can be used
3485: to remove the pass phrase from a key, or by setting the encryption options
3486: it can be used to add or change the pass phrase.
3487: These options can only be used with PEM format output files.
3488: .It Fl check
1.64 jmc 3489: Check the consistency of an RSA private key.
1.1 jsing 3490: .It Fl in Ar file
1.64 jmc 3491: The input file to read from,
3492: or standard input if not specified.
1.1 jsing 3493: If the key is encrypted, a pass phrase will be prompted for.
1.64 jmc 3494: .It Fl inform Cm der | net | pem
3495: The input format.
1.1 jsing 3496: .It Fl noout
1.64 jmc 3497: Do not output the encoded version of the key.
1.1 jsing 3498: .It Fl modulus
1.64 jmc 3499: Print the value of the modulus of the key.
1.1 jsing 3500: .It Fl out Ar file
1.64 jmc 3501: The output file to write to,
3502: or standard output if not specified.
3503: .It Fl outform Cm der | net | pem
3504: The output format.
1.1 jsing 3505: .It Fl passin Ar arg
3506: The key password source.
3507: .It Fl passout Ar arg
3508: The output file password source.
3509: .It Fl pubin
1.64 jmc 3510: Read in a public key,
3511: not a private key.
1.1 jsing 3512: .It Fl pubout
1.64 jmc 3513: Output a public key,
3514: not a private key.
3515: Automatically set if the input is a public key.
1.1 jsing 3516: .It Fl sgckey
1.64 jmc 3517: Use the modified NET algorithm used with some versions of Microsoft IIS
3518: and SGC keys.
1.1 jsing 3519: .It Fl text
1.64 jmc 3520: Print the public/private key components in plain text.
1.1 jsing 3521: .El
3522: .Sh RSAUTL
3523: .nr nS 1
3524: .Nm "openssl rsautl"
3525: .Op Fl asn1parse
3526: .Op Fl certin
3527: .Op Fl decrypt
3528: .Op Fl encrypt
3529: .Op Fl hexdump
3530: .Op Fl in Ar file
3531: .Op Fl inkey Ar file
1.65 jmc 3532: .Op Fl keyform Cm der | pem
1.1 jsing 3533: .Op Fl oaep | pkcs | raw | ssl
3534: .Op Fl out Ar file
3535: .Op Fl pubin
3536: .Op Fl sign
3537: .Op Fl verify
3538: .nr nS 0
3539: .Pp
3540: The
3541: .Nm rsautl
3542: command can be used to sign, verify, encrypt and decrypt
3543: data using the RSA algorithm.
3544: .Pp
3545: The options are as follows:
3546: .Bl -tag -width Ds
3547: .It Fl asn1parse
3548: Asn1parse the output data; this is useful when combined with the
3549: .Fl verify
3550: option.
3551: .It Fl certin
3552: The input is a certificate containing an RSA public key.
3553: .It Fl decrypt
3554: Decrypt the input data using an RSA private key.
3555: .It Fl encrypt
3556: Encrypt the input data using an RSA public key.
3557: .It Fl hexdump
3558: Hex dump the output data.
3559: .It Fl in Ar file
1.65 jmc 3560: The input to read from,
3561: or standard input if not specified.
1.1 jsing 3562: .It Fl inkey Ar file
1.65 jmc 3563: The input key file; by default an RSA private key.
3564: .It Fl keyform Cm der | pem
3565: The private ket format.
3566: The default is
3567: .Cm pem .
1.1 jsing 3568: .It Fl oaep | pkcs | raw | ssl
3569: The padding to use:
1.65 jmc 3570: PKCS#1 OAEP, PKCS#1 v1.5 (the default), or no padding, respectively.
1.1 jsing 3571: For signatures, only
3572: .Fl pkcs
3573: and
3574: .Fl raw
3575: can be used.
3576: .It Fl out Ar file
1.65 jmc 3577: The output file to write to,
3578: or standard output if not specified.
1.1 jsing 3579: .It Fl pubin
3580: The input file is an RSA public key.
3581: .It Fl sign
3582: Sign the input data and output the signed result.
3583: This requires an RSA private key.
3584: .It Fl verify
3585: Verify the input data and output the recovered data.
3586: .El
3587: .Sh S_CLIENT
3588: .nr nS 1
3589: .Nm "openssl s_client"
3590: .Op Fl 4 | 6
3591: .Op Fl bugs
3592: .Op Fl CAfile Ar file
3593: .Op Fl CApath Ar directory
3594: .Op Fl cert Ar file
3595: .Op Fl check_ss_sig
3596: .Op Fl cipher Ar cipherlist
1.66 jmc 3597: .Op Fl connect Ar host Ns Op : Ns Ar port
1.1 jsing 3598: .Op Fl crl_check
3599: .Op Fl crl_check_all
3600: .Op Fl crlf
3601: .Op Fl debug
3602: .Op Fl extended_crl
3603: .Op Fl ign_eof
3604: .Op Fl ignore_critical
3605: .Op Fl issuer_checks
3606: .Op Fl key Ar keyfile
3607: .Op Fl msg
3608: .Op Fl nbio
3609: .Op Fl nbio_test
3610: .Op Fl no_ticket
3611: .Op Fl no_tls1
1.6 guenther 3612: .Op Fl no_tls1_1
3613: .Op Fl no_tls1_2
1.1 jsing 3614: .Op Fl pause
3615: .Op Fl policy_check
3616: .Op Fl prexit
1.11 bluhm 3617: .Op Fl proxy Ar host : Ns Ar port
1.1 jsing 3618: .Op Fl psk Ar key
3619: .Op Fl psk_identity Ar identity
3620: .Op Fl quiet
3621: .Op Fl reconnect
1.5 jsing 3622: .Op Fl servername Ar name
1.1 jsing 3623: .Op Fl showcerts
3624: .Op Fl starttls Ar protocol
3625: .Op Fl state
3626: .Op Fl tls1
1.31 jmc 3627: .Op Fl tls1_1
3628: .Op Fl tls1_2
1.1 jsing 3629: .Op Fl tlsextdebug
3630: .Op Fl verify Ar depth
3631: .Op Fl x509_strict
1.19 landry 3632: .Op Fl xmpphost Ar host
1.1 jsing 3633: .nr nS 0
3634: .Pp
3635: The
3636: .Nm s_client
3637: command implements a generic SSL/TLS client which connects
3638: to a remote host using SSL/TLS.
1.66 jmc 3639: .Pp
3640: If a connection is established with an SSL server, any data received
3641: from the server is displayed and any key presses will be sent to the
3642: server.
3643: When used interactively (which means neither
3644: .Fl quiet
3645: nor
3646: .Fl ign_eof
3647: have been given), the session will be renegotiated if the line begins with an
3648: .Cm R ;
3649: if the line begins with a
3650: .Cm Q
3651: or if end of file is reached, the connection will be closed down.
1.1 jsing 3652: .Pp
3653: The options are as follows:
3654: .Bl -tag -width Ds
3655: .It Fl 4
1.66 jmc 3656: Attempt connections using IPv4 only.
1.1 jsing 3657: .It Fl 6
1.66 jmc 3658: Attempt connections using IPv6 only.
1.1 jsing 3659: .It Fl bugs
1.66 jmc 3660: Enable various workarounds for buggy implementations.
1.1 jsing 3661: .It Fl CAfile Ar file
3662: A
3663: .Ar file
3664: containing trusted certificates to use during server authentication
3665: and to use when attempting to build the client certificate chain.
3666: .It Fl CApath Ar directory
3667: The
3668: .Ar directory
3669: to use for server certificate verification.
3670: This directory must be in
3671: .Qq hash format ;
3672: see
3673: .Fl verify
3674: for more information.
3675: These are also used when building the client certificate chain.
3676: .It Fl cert Ar file
3677: The certificate to use, if one is requested by the server.
3678: The default is not to use a certificate.
3679: .It Xo
3680: .Fl check_ss_sig ,
3681: .Fl crl_check ,
3682: .Fl crl_check_all ,
3683: .Fl extended_crl ,
3684: .Fl ignore_critical ,
3685: .Fl issuer_checks ,
3686: .Fl policy_check ,
3687: .Fl x509_strict
3688: .Xc
3689: Set various certificate chain validation options.
3690: See the
1.66 jmc 3691: .Nm verify
1.1 jsing 3692: command for details.
3693: .It Fl cipher Ar cipherlist
1.66 jmc 3694: Modify the cipher list sent by the client.
1.1 jsing 3695: Although the server determines which cipher suite is used, it should take
3696: the first supported cipher in the list sent by the client.
3697: See the
1.66 jmc 3698: .Nm ciphers
3699: command for more information.
3700: .It Fl connect Ar host Ns Op : Ns Ar port
3701: The
1.1 jsing 3702: .Ar host
1.66 jmc 3703: and
1.1 jsing 3704: .Ar port
3705: to connect to.
3706: If not specified, an attempt is made to connect to the local host
3707: on port 4433.
3708: Alternatively, the host and port pair may be separated using a forward-slash
1.66 jmc 3709: character,
3710: which is useful for numeric IPv6 addresses.
1.1 jsing 3711: .It Fl crlf
1.66 jmc 3712: Translate a line feed from the terminal into CR+LF,
3713: as required by some servers.
1.1 jsing 3714: .It Fl debug
1.66 jmc 3715: Print extensive debugging information, including a hex dump of all traffic.
1.1 jsing 3716: .It Fl ign_eof
1.66 jmc 3717: Inhibit shutting down the connection when end of file is reached in the input.
1.1 jsing 3718: .It Fl key Ar keyfile
3719: The private key to use.
3720: If not specified, the certificate file will be used.
3721: .It Fl msg
3722: Show all protocol messages with hex dump.
3723: .It Fl nbio
1.66 jmc 3724: Turn on non-blocking I/O.
1.1 jsing 3725: .It Fl nbio_test
1.66 jmc 3726: Test non-blocking I/O.
1.31 jmc 3727: .It Fl no_tls1 | no_tls1_1 | no_tls1_2
1.66 jmc 3728: Disable the use of TLS1.0, 1.1, and 1.2, respectively.
1.1 jsing 3729: .It Fl no_ticket
3730: Disable RFC 4507 session ticket support.
3731: .It Fl pause
1.66 jmc 3732: Pause 1 second between each read and write call.
1.1 jsing 3733: .It Fl prexit
3734: Print session information when the program exits.
3735: This will always attempt
3736: to print out information even if the connection fails.
3737: Normally, information will only be printed out once if the connection succeeds.
3738: This option is useful because the cipher in use may be renegotiated
3739: or the connection may fail because a client certificate is required or is
3740: requested only after an attempt is made to access a certain URL.
1.66 jmc 3741: Note that the output produced by this option is not always accurate
3742: because a connection might never have been established.
1.11 bluhm 3743: .It Fl proxy Ar host : Ns Ar port
3744: Use the HTTP proxy at
3745: .Ar host
3746: and
3747: .Ar port .
3748: The connection to the proxy is done in cleartext and the
3749: .Fl connect
3750: argument is given to the proxy.
3751: If not specified, localhost is used as final destination.
3752: After that, switch the connection through the proxy to the destination
3753: to TLS.
1.1 jsing 3754: .It Fl psk Ar key
3755: Use the PSK key
3756: .Ar key
3757: when using a PSK cipher suite.
3758: The key is given as a hexadecimal number without the leading 0x,
3759: for example -psk 1a2b3c4d.
3760: .It Fl psk_identity Ar identity
1.66 jmc 3761: Use the PSK
1.1 jsing 3762: .Ar identity
3763: when using a PSK cipher suite.
3764: .It Fl quiet
3765: Inhibit printing of session and certificate information.
3766: This implicitly turns on
3767: .Fl ign_eof
3768: as well.
3769: .It Fl reconnect
1.66 jmc 3770: Reconnect to the same server 5 times using the same session ID; this can
1.1 jsing 3771: be used as a test that session caching is working.
1.5 jsing 3772: .It Fl servername Ar name
3773: Include the TLS Server Name Indication (SNI) extension in the ClientHello
3774: message, using the specified server
3775: .Ar name .
1.1 jsing 3776: .It Fl showcerts
3777: Display the whole server certificate chain: normally only the server
3778: certificate itself is displayed.
3779: .It Fl starttls Ar protocol
1.66 jmc 3780: Send the protocol-specific messages to switch to TLS for communication.
1.1 jsing 3781: .Ar protocol
3782: is a keyword for the intended protocol.
3783: Currently, the supported keywords are
3784: .Qq ftp ,
3785: .Qq imap ,
3786: .Qq smtp ,
3787: .Qq pop3 ,
3788: and
3789: .Qq xmpp .
3790: .It Fl state
1.66 jmc 3791: Print the SSL session states.
1.31 jmc 3792: .It Fl tls1 | tls1_1 | tls1_2
3793: Permit only TLS1.0, 1.1, or 1.2, respectively.
1.1 jsing 3794: .It Fl tlsextdebug
1.66 jmc 3795: Print a hex dump of any TLS extensions received from the server.
1.1 jsing 3796: .It Fl verify Ar depth
1.66 jmc 3797: Turn on server certificate verification,
3798: with a maximum length of
3799: .Ar depth .
1.1 jsing 3800: Currently the verify operation continues after errors so all the problems
3801: with a certificate chain can be seen.
3802: As a side effect the connection will never fail due to a server
3803: certificate verify failure.
1.19 landry 3804: .It Fl xmpphost Ar hostname
1.66 jmc 3805: When used with
1.19 landry 3806: .Fl starttls Ar xmpp ,
1.66 jmc 3807: specify the host for the "to" attribute of the stream element.
1.19 landry 3808: If this option is not specified then the host specified with
3809: .Fl connect
3810: will be used.
1.1 jsing 3811: .El
3812: .Sh S_SERVER
3813: .nr nS 1
3814: .Nm "openssl s_server"
3815: .Op Fl accept Ar port
3816: .Op Fl bugs
3817: .Op Fl CAfile Ar file
3818: .Op Fl CApath Ar directory
3819: .Op Fl cert Ar file
3820: .Op Fl cipher Ar cipherlist
3821: .Op Fl context Ar id
3822: .Op Fl crl_check
3823: .Op Fl crl_check_all
3824: .Op Fl crlf
3825: .Op Fl dcert Ar file
3826: .Op Fl debug
3827: .Op Fl dhparam Ar file
3828: .Op Fl dkey Ar file
3829: .Op Fl hack
3830: .Op Fl HTTP
3831: .Op Fl id_prefix Ar arg
3832: .Op Fl key Ar keyfile
3833: .Op Fl msg
3834: .Op Fl nbio
3835: .Op Fl nbio_test
3836: .Op Fl no_dhe
3837: .Op Fl no_tls1
1.6 guenther 3838: .Op Fl no_tls1_1
3839: .Op Fl no_tls1_2
1.1 jsing 3840: .Op Fl no_tmp_rsa
3841: .Op Fl nocert
3842: .Op Fl psk Ar key
3843: .Op Fl psk_hint Ar hint
3844: .Op Fl quiet
3845: .Op Fl serverpref
3846: .Op Fl state
3847: .Op Fl tls1
1.31 jmc 3848: .Op Fl tls1_1
3849: .Op Fl tls1_2
1.1 jsing 3850: .Op Fl Verify Ar depth
3851: .Op Fl verify Ar depth
3852: .Op Fl WWW
3853: .Op Fl www
3854: .nr nS 0
3855: .Pp
3856: The
3857: .Nm s_server
3858: command implements a generic SSL/TLS server which listens
3859: for connections on a given port using SSL/TLS.
3860: .Pp
1.67 jmc 3861: If a connection request is established with a client and neither the
3862: .Fl www
3863: nor the
3864: .Fl WWW
3865: option has been used, then any data received
3866: from the client is displayed and any key presses are sent to the client.
3867: Certain single letter commands perform special operations:
3868: .Pp
3869: .Bl -tag -width "XXXX" -compact
3870: .It Ic P
3871: Send plain text, which should cause the client to disconnect.
3872: .It Ic Q
3873: End the current SSL connection and exit.
3874: .It Ic q
3875: End the current SSL connection, but still accept new connections.
3876: .It Ic R
3877: Renegotiate the SSL session and request a client certificate.
3878: .It Ic r
3879: Renegotiate the SSL session.
3880: .It Ic S
3881: Print out some session cache status information.
3882: .El
3883: .Pp
1.1 jsing 3884: The options are as follows:
3885: .Bl -tag -width Ds
3886: .It Fl accept Ar port
1.67 jmc 3887: Listen on TCP
1.1 jsing 3888: .Ar port
1.67 jmc 3889: for connections.
3890: The default is port 4433.
1.1 jsing 3891: .It Fl bugs
1.67 jmc 3892: Enable various workarounds for buggy implementations.
1.1 jsing 3893: .It Fl CAfile Ar file
1.67 jmc 3894: A
3895: .Ar file
3896: containing trusted certificates to use during client authentication
1.1 jsing 3897: and to use when attempting to build the server certificate chain.
3898: The list is also used in the list of acceptable client CAs passed to the
3899: client when a certificate is requested.
3900: .It Fl CApath Ar directory
3901: The
3902: .Ar directory
3903: to use for client certificate verification.
3904: This directory must be in
3905: .Qq hash format ;
3906: see
3907: .Fl verify
3908: for more information.
3909: These are also used when building the server certificate chain.
3910: .It Fl cert Ar file
1.67 jmc 3911: The certificate to use: most server's cipher suites require the use of a
3912: certificate and some require a certificate with a certain public key type.
3913: For example, the DSS cipher suites require a certificate containing a DSS
3914: (DSA) key.
1.1 jsing 3915: If not specified, the file
3916: .Pa server.pem
3917: will be used.
3918: .It Fl cipher Ar cipherlist
1.67 jmc 3919: Modify the cipher list used by the server.
1.1 jsing 3920: This allows the cipher list used by the server to be modified.
3921: When the client sends a list of supported ciphers, the first client cipher
3922: also included in the server list is used.
3923: Because the client specifies the preference order, the order of the server
3924: cipherlist is irrelevant.
3925: See the
1.67 jmc 3926: .Nm ciphers
3927: command for more information.
1.1 jsing 3928: .It Fl context Ar id
1.67 jmc 3929: Set the SSL context ID.
1.1 jsing 3930: It can be given any string value.
3931: .It Fl crl_check , crl_check_all
3932: Check the peer certificate has not been revoked by its CA.
3933: The CRLs are appended to the certificate file.
3934: .Fl crl_check_all
1.67 jmc 3935: checks all CRLs of all CAs in the chain.
1.1 jsing 3936: .It Fl crlf
1.67 jmc 3937: Translate a line feed from the terminal into CR+LF.
1.1 jsing 3938: .It Fl dcert Ar file , Fl dkey Ar file
3939: Specify an additional certificate and private key; these behave in the
3940: same manner as the
3941: .Fl cert
3942: and
3943: .Fl key
3944: options except there is no default if they are not specified
1.67 jmc 3945: (no additional certificate or key is used).
1.1 jsing 3946: By using RSA and DSS certificates and keys,
3947: a server can support clients which only support RSA or DSS cipher suites
3948: by using an appropriate certificate.
3949: .It Fl debug
1.67 jmc 3950: Print extensive debugging information, including a hex dump of all traffic.
1.1 jsing 3951: .It Fl dhparam Ar file
3952: The DH parameter file to use.
3953: The ephemeral DH cipher suites generate keys
3954: using a set of DH parameters.
3955: If not specified, an attempt is made to
3956: load the parameters from the server certificate file.
3957: If this fails, a static set of parameters hard coded into the
3958: .Nm s_server
3959: program will be used.
3960: .It Fl hack
1.67 jmc 3961: Enables a further workaround for some early Netscape SSL code.
1.1 jsing 3962: .It Fl HTTP
1.67 jmc 3963: Emulate a simple web server.
3964: Pages are resolved relative to the current directory.
3965: For example if the URL
1.1 jsing 3966: .Pa https://myhost/page.html
3967: is requested, the file
3968: .Pa ./page.html
3969: will be loaded.
3970: The files loaded are assumed to contain a complete and correct HTTP
3971: response (lines that are part of the HTTP response line and headers
3972: must end with CRLF).
3973: .It Fl id_prefix Ar arg
3974: Generate SSL/TLS session IDs prefixed by
3975: .Ar arg .
3976: This is mostly useful for testing any SSL/TLS code
1.67 jmc 3977: (e.g. proxies)
1.1 jsing 3978: that wish to deal with multiple servers, when each of which might be
3979: generating a unique range of session IDs
1.67 jmc 3980: (e.g. with a certain prefix).
1.1 jsing 3981: .It Fl key Ar keyfile
3982: The private key to use.
3983: If not specified, the certificate file will be used.
3984: .It Fl msg
3985: Show all protocol messages with hex dump.
3986: .It Fl nbio
1.67 jmc 3987: Turn on non-blocking I/O.
1.1 jsing 3988: .It Fl nbio_test
1.67 jmc 3989: Test non-blocking I/O.
1.1 jsing 3990: .It Fl no_dhe
1.67 jmc 3991: Disable ephemeral DH cipher suites.
1.31 jmc 3992: .It Fl no_tls1 | no_tls1_1 | no_tls1_2
1.67 jmc 3993: Disable the use of TLS1.0, 1.1, and 1.2, respectively.
1.1 jsing 3994: .It Fl no_tmp_rsa
1.67 jmc 3995: Disable temporary RSA key generation.
1.1 jsing 3996: .It Fl nocert
1.67 jmc 3997: Do not use a certificate.
1.1 jsing 3998: This restricts the cipher suites available to the anonymous ones
1.67 jmc 3999: (currently just anonymous DH).
1.1 jsing 4000: .It Fl psk Ar key
4001: Use the PSK key
4002: .Ar key
4003: when using a PSK cipher suite.
4004: The key is given as a hexadecimal number without the leading 0x,
4005: for example -psk 1a2b3c4d.
4006: .It Fl psk_hint Ar hint
4007: Use the PSK identity hint
4008: .Ar hint
4009: when using a PSK cipher suite.
4010: .It Fl quiet
4011: Inhibit printing of session and certificate information.
4012: .It Fl serverpref
4013: Use server's cipher preferences.
4014: .It Fl state
1.67 jmc 4015: Print the SSL session states.
1.31 jmc 4016: .It Fl tls1 | tls1_1 | tls1_2
4017: Permit only TLS1.0, 1.1, or 1.2, respectively.
1.1 jsing 4018: .It Fl WWW
1.67 jmc 4019: Emulate a simple web server.
4020: Pages are resolved relative to the current directory.
4021: For example if the URL
1.1 jsing 4022: .Pa https://myhost/page.html
4023: is requested, the file
4024: .Pa ./page.html
4025: will be loaded.
4026: .It Fl www
1.67 jmc 4027: Send a status message to the client when it connects,
4028: including information about the ciphers used and various session parameters.
1.1 jsing 4029: The output is in HTML format so this option will normally be used with a
4030: web browser.
4031: .It Fl Verify Ar depth , Fl verify Ar depth
1.67 jmc 4032: Request a certificate chain from the client,
4033: with a maximum length of
4034: .Ar depth .
4035: With
4036: .Fl Verify ,
4037: the client must supply a certificate or an error occurs;
4038: with
4039: .Fl verify ,
4040: a certificate is requested but the client does not have to send one.
1.1 jsing 4041: .El
4042: .Sh S_TIME
4043: .nr nS 1
4044: .Nm "openssl s_time"
4045: .Op Fl bugs
4046: .Op Fl CAfile Ar file
4047: .Op Fl CApath Ar directory
4048: .Op Fl cert Ar file
4049: .Op Fl cipher Ar cipherlist
1.68 jmc 4050: .Op Fl connect Ar host Ns Op : Ns Ar port
1.1 jsing 4051: .Op Fl key Ar keyfile
4052: .Op Fl nbio
4053: .Op Fl new
1.20 lteo 4054: .Op Fl no_shutdown
1.1 jsing 4055: .Op Fl reuse
4056: .Op Fl time Ar seconds
4057: .Op Fl verify Ar depth
4058: .Op Fl www Ar page
4059: .nr nS 0
4060: .Pp
4061: The
1.68 jmc 4062: .Nm s_time
1.1 jsing 4063: command implements a generic SSL/TLS client which connects to a
4064: remote host using SSL/TLS.
4065: It can request a page from the server and includes
4066: the time to transfer the payload data in its timing measurements.
4067: It measures the number of connections within a given timeframe,
4068: the amount of data transferred
4069: .Pq if any ,
4070: and calculates the average time spent for one connection.
4071: .Pp
4072: The options are as follows:
4073: .Bl -tag -width Ds
4074: .It Fl bugs
1.68 jmc 4075: Enable various workarounds for buggy implementations.
1.1 jsing 4076: .It Fl CAfile Ar file
1.68 jmc 4077: A
4078: .Ar file
4079: containing trusted certificates to use during server authentication
1.1 jsing 4080: and to use when attempting to build the client certificate chain.
4081: .It Fl CApath Ar directory
4082: The directory to use for server certificate verification.
4083: This directory must be in
4084: .Qq hash format ;
4085: see
4086: .Nm verify
4087: for more information.
4088: These are also used when building the client certificate chain.
4089: .It Fl cert Ar file
4090: The certificate to use, if one is requested by the server.
4091: The default is not to use a certificate.
4092: .It Fl cipher Ar cipherlist
1.68 jmc 4093: Modify the cipher list sent by the client.
1.1 jsing 4094: Although the server determines which cipher suite is used,
4095: it should take the first supported cipher in the list sent by the client.
4096: See the
4097: .Nm ciphers
4098: command for more information.
1.68 jmc 4099: .It Fl connect Ar host Ns Op : Ns Ar port
4100: The host and port to connect to.
1.1 jsing 4101: .It Fl key Ar keyfile
4102: The private key to use.
4103: If not specified, the certificate file will be used.
4104: .It Fl nbio
1.68 jmc 4105: Turn on non-blocking I/O.
1.1 jsing 4106: .It Fl new
1.68 jmc 4107: Perform the timing test using a new session ID for each connection.
1.1 jsing 4108: If neither
4109: .Fl new
4110: nor
4111: .Fl reuse
4112: are specified,
4113: they are both on by default and executed in sequence.
1.20 lteo 4114: .It Fl no_shutdown
1.21 jmc 4115: Shut down the connection without sending a
1.68 jmc 4116: .Qq close notify
1.20 lteo 4117: shutdown alert to the server.
1.1 jsing 4118: .It Fl reuse
1.68 jmc 4119: Perform the timing test using the same session ID for each connection.
1.1 jsing 4120: If neither
4121: .Fl new
4122: nor
4123: .Fl reuse
4124: are specified,
4125: they are both on by default and executed in sequence.
4126: .It Fl time Ar seconds
1.68 jmc 4127: Limit
1.1 jsing 4128: .Nm s_time
1.68 jmc 4129: benchmarks to the number of
4130: .Ar seconds .
1.1 jsing 4131: The default is 30 seconds.
4132: .It Fl verify Ar depth
1.68 jmc 4133: Turn on server certificate verification,
4134: with a maximum length of
4135: .Ar depth .
1.1 jsing 4136: Currently the verify operation continues after errors, so all the problems
4137: with a certificate chain can be seen.
4138: As a side effect,
4139: the connection will never fail due to a server certificate verify failure.
4140: .It Fl www Ar page
1.68 jmc 4141: The page to GET from the server.
1.1 jsing 4142: A value of
4143: .Sq /
4144: gets the index.htm[l] page.
4145: If this parameter is not specified,
4146: .Nm s_time
4147: will only perform the handshake to establish SSL connections
4148: but not transfer any payload data.
4149: .El
4150: .Sh SESS_ID
4151: .nr nS 1
4152: .Nm "openssl sess_id"
4153: .Op Fl cert
4154: .Op Fl context Ar ID
4155: .Op Fl in Ar file
1.69 jmc 4156: .Op Fl inform Cm der | pem
1.1 jsing 4157: .Op Fl noout
4158: .Op Fl out Ar file
1.69 jmc 4159: .Op Fl outform Cm der | pem
1.1 jsing 4160: .Op Fl text
4161: .nr nS 0
4162: .Pp
4163: The
4164: .Nm sess_id
4165: program processes the encoded version of the SSL session structure and
4166: optionally prints out SSL session details
1.69 jmc 4167: (for example the SSL session master key)
1.72 jmc 4168: in human-readable format.
1.1 jsing 4169: .Pp
4170: The options are as follows:
4171: .Bl -tag -width Ds
4172: .It Fl cert
4173: If a certificate is present in the session,
4174: it will be output using this option;
4175: if the
4176: .Fl text
4177: option is also present, then it will be printed out in text form.
4178: .It Fl context Ar ID
1.69 jmc 4179: Set the session
1.1 jsing 4180: .Ar ID .
1.69 jmc 4181: The ID can be any string of characters.
1.1 jsing 4182: .It Fl in Ar file
1.69 jmc 4183: The input file to read from,
4184: or standard input if not specified.
4185: .It Fl inform Cm der | pem
4186: The input format.
4187: .Cm der
4188: uses an ASN1 DER-encoded format containing session details.
1.1 jsing 4189: The precise format can vary from one version to the next.
1.69 jmc 4190: .Cm pem
4191: is the default format: it consists of the DER
1.1 jsing 4192: format base64-encoded with additional header and footer lines.
4193: .It Fl noout
1.69 jmc 4194: Do not output the encoded version of the session.
1.1 jsing 4195: .It Fl out Ar file
1.69 jmc 4196: The output file to write to,
4197: or standard output if not specified.
4198: .It Fl outform Cm der | pem
4199: The output format.
1.1 jsing 4200: .It Fl text
1.69 jmc 4201: Print the various public or private key components in plain text,
4202: in addition to the encoded version.
1.1 jsing 4203: .El
4204: .Pp
1.69 jmc 4205: The output of
4206: .Nm sess_id
4207: is composed as follows:
1.1 jsing 4208: .Pp
1.69 jmc 4209: .Bl -tag -width "Verify return code " -offset 3n -compact
4210: .It Protocol
4211: The protocol in use.
4212: .It Cipher
4213: The actual raw SSL or TLS cipher code.
4214: .It Session-ID
4215: The SSL session ID, in hex format.
4216: .It Session-ID-ctx
4217: The session ID context, in hex format.
4218: .It Master-Key
4219: The SSL session master key.
4220: .It Key-Arg
1.1 jsing 4221: The key argument; this is only used in SSL v2.
1.69 jmc 4222: .It Start Time
4223: The session start time.
1.1 jsing 4224: .Ux
4225: format.
1.69 jmc 4226: .It Timeout
4227: The timeout, in seconds.
4228: .It Verify return code
4229: The return code when a certificate is verified.
1.1 jsing 4230: .El
4231: .Pp
4232: Since the SSL session output contains the master key, it is possible to read
4233: the contents of an encrypted session using this information.
4234: Therefore appropriate security precautions
4235: should be taken if the information is being output by a
4236: .Qq real
4237: application.
4238: This is, however, strongly discouraged and should only be used for
4239: debugging purposes.
4240: .Sh SMIME
4241: .nr nS 1
4242: .Nm "openssl smime"
4243: .Oo
4244: .Fl aes128 | aes192 | aes256 | des |
4245: .Fl des3 | rc2-40 | rc2-64 | rc2-128
4246: .Oc
4247: .Op Fl binary
4248: .Op Fl CAfile Ar file
4249: .Op Fl CApath Ar directory
4250: .Op Fl certfile Ar file
4251: .Op Fl check_ss_sig
4252: .Op Fl content Ar file
4253: .Op Fl crl_check
4254: .Op Fl crl_check_all
4255: .Op Fl decrypt
4256: .Op Fl encrypt
4257: .Op Fl extended_crl
4258: .Op Fl from Ar addr
4259: .Op Fl ignore_critical
4260: .Op Fl in Ar file
4261: .Op Fl indef
1.70 jmc 4262: .Op Fl inform Cm der | pem | smime
1.1 jsing 4263: .Op Fl inkey Ar file
4264: .Op Fl issuer_checks
1.70 jmc 4265: .Op Fl keyform Cm pem
1.1 jsing 4266: .Op Fl md Ar digest
4267: .Op Fl noattr
4268: .Op Fl nocerts
4269: .Op Fl nochain
4270: .Op Fl nodetach
4271: .Op Fl noindef
4272: .Op Fl nointern
4273: .Op Fl nosigs
4274: .Op Fl noverify
4275: .Op Fl out Ar file
1.70 jmc 4276: .Op Fl outform Cm der | pem | smime
1.1 jsing 4277: .Op Fl passin Ar arg
4278: .Op Fl pk7out
4279: .Op Fl policy_check
4280: .Op Fl recip Ar file
4281: .Op Fl resign
4282: .Op Fl sign
4283: .Op Fl signer Ar file
4284: .Op Fl stream
4285: .Op Fl subject Ar s
4286: .Op Fl text
4287: .Op Fl to Ar addr
4288: .Op Fl verify
4289: .Op Fl x509_strict
4290: .Op Ar cert.pem ...
4291: .nr nS 0
4292: .Pp
4293: The
4294: .Nm smime
1.70 jmc 4295: command handles S/MIME mail.
4296: It can encrypt, decrypt, sign, and verify S/MIME messages.
4297: .Pp
4298: The MIME message must be sent without any blank lines between the
4299: headers and the output.
4300: Some mail programs will automatically add a blank line.
4301: Piping the mail directly to an MTA is one way to
4302: achieve the correct format.
4303: .Pp
4304: The supplied message to be signed or encrypted must include the necessary
4305: MIME headers or many S/MIME clients won't display it properly (if at all).
4306: Use the
4307: .Fl text
4308: option to automatically add plain text headers.
1.1 jsing 4309: .Pp
1.70 jmc 4310: A
4311: .Qq signed and encrypted
4312: message is one where a signed message is then encrypted.
4313: This can be produced by encrypting an already signed message.
1.1 jsing 4314: .Pp
1.70 jmc 4315: There are a number of operations that can be performed, as follows:
1.1 jsing 4316: .Bl -tag -width "XXXX"
4317: .It Fl decrypt
4318: Decrypt mail using the supplied certificate and private key.
1.70 jmc 4319: The input file is an encrypted mail message in MIME format.
1.1 jsing 4320: The decrypted mail is written to the output file.
4321: .It Fl encrypt
4322: Encrypt mail for the given recipient certificates.
1.70 jmc 4323: The input is the message to be encrypted.
4324: The output file is the encrypted mail, in MIME format.
1.1 jsing 4325: .It Fl pk7out
1.70 jmc 4326: Take an input message and write out a PEM-encoded PKCS#7 structure.
1.1 jsing 4327: .It Fl resign
4328: Resign a message: take an existing message and one or more new signers.
4329: .It Fl sign
4330: Sign mail using the supplied certificate and private key.
1.70 jmc 4331: The input file is the message to be signed.
4332: The signed message, in MIME format, is written to the output file.
1.1 jsing 4333: .It Fl verify
4334: Verify signed mail.
1.70 jmc 4335: The input is a signed mail message and the output is the signed data.
1.1 jsing 4336: Both clear text and opaque signing is supported.
4337: .El
4338: .Pp
1.14 jmc 4339: The remaining options are as follows:
1.1 jsing 4340: .Bl -tag -width "XXXX"
4341: .It Xo
4342: .Fl aes128 | aes192 | aes256 | des |
4343: .Fl des3 | rc2-40 | rc2-64 | rc2-128
4344: .Xc
4345: The encryption algorithm to use.
1.70 jmc 4346: 128-, 192-, or 256-bit AES, DES (56 bits), triple DES (168 bits),
1.1 jsing 4347: or 40-, 64-, or 128-bit RC2, respectively;
4348: if not specified, 40-bit RC2 is
4349: used.
4350: Only used with
4351: .Fl encrypt .
4352: .It Fl binary
4353: Normally, the input message is converted to
4354: .Qq canonical
1.70 jmc 4355: format which uses CR/LF as end of line,
4356: as required by the S/MIME specification.
1.1 jsing 4357: When this option is present no translation occurs.
1.70 jmc 4358: This is useful when handling binary data which may not be in MIME format.
1.1 jsing 4359: .It Fl CAfile Ar file
4360: A
4361: .Ar file
4362: containing trusted CA certificates; only used with
4363: .Fl verify .
4364: .It Fl CApath Ar directory
4365: A
4366: .Ar directory
4367: containing trusted CA certificates; only used with
4368: .Fl verify .
4369: This directory must be a standard certificate directory:
4370: that is, a hash of each subject name (using
4371: .Nm x509 -hash )
4372: should be linked to each certificate.
4373: .It Ar cert.pem ...
4374: One or more certificates of message recipients: used when encrypting
4375: a message.
4376: .It Fl certfile Ar file
4377: Allows additional certificates to be specified.
4378: When signing, these will be included with the message.
4379: When verifying, these will be searched for the signers' certificates.
4380: The certificates should be in PEM format.
4381: .It Xo
4382: .Fl check_ss_sig ,
4383: .Fl crl_check ,
4384: .Fl crl_check_all ,
4385: .Fl extended_crl ,
4386: .Fl ignore_critical ,
4387: .Fl issuer_checks ,
4388: .Fl policy_check ,
4389: .Fl x509_strict
4390: .Xc
4391: Set various certificate chain validation options.
4392: See the
1.70 jmc 4393: .Nm verify
1.1 jsing 4394: command for details.
4395: .It Fl content Ar file
1.70 jmc 4396: A file containing the detached content.
1.1 jsing 4397: This is only useful with the
4398: .Fl verify
1.70 jmc 4399: option,
4400: and only usable if the PKCS#7 structure is using the detached
1.1 jsing 4401: signature form where the content is not included.
1.70 jmc 4402: This option will override any content if the input format is S/MIME
4403: and it uses the multipart/signed MIME content type.
1.1 jsing 4404: .It Xo
4405: .Fl from Ar addr ,
4406: .Fl subject Ar s ,
4407: .Fl to Ar addr
4408: .Xc
4409: The relevant mail headers.
4410: These are included outside the signed
4411: portion of a message so they may be included manually.
1.70 jmc 4412: When signing, many S/MIME
1.1 jsing 4413: mail clients check that the signer's certificate email
4414: address matches the From: address.
4415: .It Fl in Ar file
1.70 jmc 4416: The input file to read from.
1.1 jsing 4417: .It Fl indef
4418: Enable streaming I/O for encoding operations.
4419: This permits single pass processing of data without
4420: the need to hold the entire contents in memory,
4421: potentially supporting very large files.
4422: Streaming is automatically set for S/MIME signing with detached
4423: data if the output format is SMIME;
4424: it is currently off by default for all other operations.
1.70 jmc 4425: .It Fl inform Cm der | pem | smime
4426: The input format.
1.1 jsing 4427: .It Fl inkey Ar file
1.70 jmc 4428: The private key to use when signing or decrypting,
4429: which must match the corresponding certificate.
1.1 jsing 4430: If this option is not specified, the private key must be included
4431: in the certificate file specified with
4432: the
4433: .Fl recip
4434: or
4435: .Fl signer
4436: file.
4437: When signing,
4438: this option can be used multiple times to specify successive keys.
1.70 jmc 4439: .It Fl keyform Cm pem
1.1 jsing 4440: Input private key format.
4441: .It Fl md Ar digest
4442: The digest algorithm to use when signing or resigning.
4443: If not present then the default digest algorithm for the signing key is used
4444: (usually SHA1).
4445: .It Fl noattr
1.70 jmc 4446: Do not include attributes.
1.1 jsing 4447: .It Fl nocerts
1.70 jmc 4448: Do not include the signer's certificate.
1.1 jsing 4449: This will reduce the size of the signed message but the verifier must
4450: have a copy of the signer's certificate available locally (passed using the
4451: .Fl certfile
4452: option, for example).
4453: .It Fl nochain
4454: Do not do chain verification of signers' certificates: that is,
4455: don't use the certificates in the signed message as untrusted CAs.
4456: .It Fl nodetach
4457: When signing a message use opaque signing: this form is more resistant
4458: to translation by mail relays but it cannot be read by mail agents that
1.70 jmc 4459: do not support S/MIME.
4460: Without this option cleartext signing with the MIME type
4461: multipart/signed is used.
1.1 jsing 4462: .It Fl noindef
1.70 jmc 4463: Disable streaming I/O where it would produce an encoding of indefinite length
4464: (currently has no effect).
1.1 jsing 4465: .It Fl nointern
1.70 jmc 4466: Only use certificates specified in the
4467: .Fl certfile .
4468: The supplied certificates can still be used as untrusted CAs.
1.1 jsing 4469: .It Fl nosigs
1.70 jmc 4470: Do not try to verify the signatures on the message.
1.1 jsing 4471: .It Fl noverify
4472: Do not verify the signer's certificate of a signed message.
4473: .It Fl out Ar file
1.70 jmc 4474: The output file to write to.
4475: .It Fl outform Cm der | pem | smime
4476: The output format.
4477: The default is smime, which writes an S/MIME format message.
4478: .Cm pem
1.1 jsing 4479: and
1.70 jmc 4480: .Cm der
4481: change this to write PEM and DER format PKCS#7 structures instead.
1.1 jsing 4482: This currently only affects the output format of the PKCS#7
4483: structure; if no PKCS#7 structure is being output (for example with
4484: .Fl verify
4485: or
4486: .Fl decrypt )
4487: this option has no effect.
4488: .It Fl passin Ar arg
4489: The key password source.
4490: .It Fl recip Ar file
4491: The recipients certificate when decrypting a message.
4492: This certificate
4493: must match one of the recipients of the message or an error occurs.
4494: .It Fl signer Ar file
4495: A signing certificate when signing or resigning a message;
4496: this option can be used multiple times if more than one signer is required.
4497: If a message is being verified, the signer's certificates will be
4498: written to this file if the verification was successful.
4499: .It Fl stream
4500: The same as
4501: .Fl indef .
4502: .It Fl text
1.70 jmc 4503: Add plain text (text/plain) MIME
1.1 jsing 4504: headers to the supplied message if encrypting or signing.
4505: If decrypting or verifying, it strips off text headers:
1.70 jmc 4506: if the decrypted or verified message is not of MIME type text/plain
4507: then an error occurs.
1.1 jsing 4508: .El
4509: .Pp
1.70 jmc 4510: The exit codes for
4511: .Nm smime
4512: are as follows:
1.1 jsing 4513: .Pp
1.70 jmc 4514: .Bl -tag -width "XXXX" -offset 3n -compact
4515: .It 0
1.1 jsing 4516: The operation was completely successful.
1.70 jmc 4517: .It 1
1.1 jsing 4518: An error occurred parsing the command options.
1.70 jmc 4519: .It 2
1.1 jsing 4520: One of the input files could not be read.
1.70 jmc 4521: .It 3
4522: An error occurred creating the file or when reading the message.
4523: .It 4
1.1 jsing 4524: An error occurred decrypting or verifying the message.
1.70 jmc 4525: .It 5
4526: An error occurred writing certificates.
1.1 jsing 4527: .El
4528: .Sh SPEED
4529: .nr nS 1
4530: .Nm "openssl speed"
1.71 jmc 4531: .Op Ar algorithm
1.1 jsing 4532: .Op Fl decrypt
4533: .Op Fl elapsed
1.71 jmc 4534: .Op Fl evp Ar algorithm
1.1 jsing 4535: .Op Fl mr
4536: .Op Fl multi Ar number
4537: .nr nS 0
4538: .Pp
4539: The
4540: .Nm speed
4541: command is used to test the performance of cryptographic algorithms.
4542: .Bl -tag -width "XXXX"
1.71 jmc 4543: .It Ar algorithm
4544: Perform the test using
4545: .Ar algorithm .
4546: The default is to test all algorithms.
1.1 jsing 4547: .It Fl decrypt
1.71 jmc 4548: Time decryption instead of encryption;
4549: must be used with
4550: .Fl evp .
1.1 jsing 4551: .It Fl elapsed
4552: Measure time in real time instead of CPU user time.
1.71 jmc 4553: .It Fl evp Ar algorithm
4554: Perform the test using one of the algorithms accepted by
4555: .Xr EVP_get_cipherbyname 3 .
1.1 jsing 4556: .It Fl mr
4557: Produce machine readable output.
4558: .It Fl multi Ar number
4559: Run
4560: .Ar number
4561: benchmarks in parallel.
4562: .El
1.77 jmc 4563: .Sh SPKAC
4564: .nr nS 1
4565: .Nm "openssl spkac"
4566: .Op Fl challenge Ar string
4567: .Op Fl in Ar file
4568: .Op Fl key Ar keyfile
4569: .Op Fl noout
4570: .Op Fl out Ar file
4571: .Op Fl passin Ar arg
4572: .Op Fl pubkey
4573: .Op Fl spkac Ar spkacname
4574: .Op Fl spksect Ar section
4575: .Op Fl verify
4576: .nr nS 0
4577: .Pp
4578: The
4579: .Nm spkac
4580: command processes signed public key and challenge (SPKAC) files.
4581: It can print out their contents, verify the signature,
4582: and produce its own SPKACs from a supplied private key.
4583: .Pp
4584: The options are as follows:
4585: .Bl -tag -width Ds
4586: .It Fl challenge Ar string
4587: The challenge string, if an SPKAC is being created.
4588: .It Fl in Ar file
4589: The input file to read from,
4590: or standard input if not specified.
4591: Ignored if the
4592: .Fl key
4593: option is used.
4594: .It Fl key Ar keyfile
4595: Create an SPKAC file using the private key in
4596: .Ar keyfile .
4597: The
4598: .Fl in , noout , spksect ,
4599: and
4600: .Fl verify
4601: options are ignored, if present.
4602: .It Fl noout
4603: Do not output the text version of the SPKAC.
4604: .It Fl out Ar file
4605: The output file to write to,
4606: or standard output if not specified.
4607: .It Fl passin Ar arg
4608: The key password source.
4609: .It Fl pubkey
4610: Output the public key of an SPKAC.
4611: .It Fl spkac Ar spkacname
4612: An alternative name for the variable containing the SPKAC.
4613: The default is "SPKAC".
4614: This option affects both generated and input SPKAC files.
4615: .It Fl spksect Ar section
4616: An alternative name for the
4617: .Ar section
4618: containing the SPKAC.
4619: .It Fl verify
4620: Verify the digital signature on the supplied SPKAC.
4621: .El
1.1 jsing 4622: .Sh TS
4623: .nr nS 1
4624: .Nm "openssl ts"
4625: .Fl query
1.29 bcook 4626: .Op Fl md4 | md5 | ripemd160 | sha1
1.1 jsing 4627: .Op Fl cert
4628: .Op Fl config Ar configfile
4629: .Op Fl data Ar file_to_hash
4630: .Op Fl digest Ar digest_bytes
4631: .Op Fl in Ar request.tsq
4632: .Op Fl no_nonce
4633: .Op Fl out Ar request.tsq
4634: .Op Fl policy Ar object_id
4635: .Op Fl text
4636: .nr nS 0
4637: .Pp
4638: .nr nS 1
4639: .Nm "openssl ts"
4640: .Fl reply
4641: .Op Fl chain Ar certs_file.pem
4642: .Op Fl config Ar configfile
4643: .Op Fl in Ar response.tsr
4644: .Op Fl inkey Ar private.pem
4645: .Op Fl out Ar response.tsr
4646: .Op Fl passin Ar arg
4647: .Op Fl policy Ar object_id
4648: .Op Fl queryfile Ar request.tsq
4649: .Op Fl section Ar tsa_section
4650: .Op Fl signer Ar tsa_cert.pem
4651: .Op Fl text
4652: .Op Fl token_in
4653: .Op Fl token_out
4654: .nr nS 0
4655: .Pp
4656: .nr nS 1
4657: .Nm "openssl ts"
4658: .Fl verify
4659: .Op Fl CAfile Ar trusted_certs.pem
4660: .Op Fl CApath Ar trusted_cert_path
4661: .Op Fl data Ar file_to_hash
4662: .Op Fl digest Ar digest_bytes
4663: .Op Fl in Ar response.tsr
4664: .Op Fl queryfile Ar request.tsq
4665: .Op Fl token_in
4666: .Op Fl untrusted Ar cert_file.pem
4667: .nr nS 0
4668: .Pp
4669: The
4670: .Nm ts
4671: command is a basic Time Stamping Authority (TSA) client and server
4672: application as specified in RFC 3161 (Time-Stamp Protocol, TSP).
4673: A TSA can be part of a PKI deployment and its role is to provide long
1.72 jmc 4674: term proof of the existence of specific data.
1.1 jsing 4675: Here is a brief description of the protocol:
4676: .Bl -enum
4677: .It
4678: The TSA client computes a one-way hash value for a data file and sends
4679: the hash to the TSA.
4680: .It
4681: The TSA attaches the current date and time to the received hash value,
4682: signs them and sends the time stamp token back to the client.
4683: By creating this token the TSA certifies the existence of the original
4684: data file at the time of response generation.
4685: .It
4686: The TSA client receives the time stamp token and verifies the
4687: signature on it.
4688: It also checks if the token contains the same hash
4689: value that it had sent to the TSA.
4690: .El
4691: .Pp
4692: There is one DER-encoded protocol data unit defined for transporting a time
4693: stamp request to the TSA and one for sending the time stamp response
4694: back to the client.
4695: The
4696: .Nm ts
4697: command has three main functions:
4698: creating a time stamp request based on a data file;
4699: creating a time stamp response based on a request;
4700: and verifying if a response corresponds
4701: to a particular request or a data file.
4702: .Pp
4703: There is no support for sending the requests/responses automatically
4704: over HTTP or TCP yet as suggested in RFC 3161.
4705: Users must send the requests either by FTP or email.
4706: .Pp
4707: The
4708: .Fl query
4709: switch can be used for creating and printing a time stamp
4710: request with the following options:
4711: .Bl -tag -width Ds
4712: .It Fl cert
1.72 jmc 4713: Expect the TSA to include its signing certificate in the response.
1.1 jsing 4714: .It Fl config Ar configfile
1.72 jmc 4715: Specify an alternative configuration file.
4716: Only the OID section is used.
1.1 jsing 4717: .It Fl data Ar file_to_hash
4718: The data file for which the time stamp request needs to be created.
1.72 jmc 4719: The default is standard input.
1.1 jsing 4720: .It Fl digest Ar digest_bytes
1.72 jmc 4721: Specify the message imprint explicitly without the data file.
1.1 jsing 4722: The imprint must be specified in a hexadecimal format,
4723: two characters per byte,
1.72 jmc 4724: the bytes optionally separated by colons.
1.1 jsing 4725: The number of bytes must match the message digest algorithm in use.
4726: .It Fl in Ar request.tsq
1.72 jmc 4727: A previously created time stamp request in DER
1.1 jsing 4728: format that will be printed into the output file.
1.72 jmc 4729: Useful for examining the content of a request in human-readable format.
1.76 jmc 4730: .It Fl md4 | md5 | ripemd160 | sha | sha1
1.1 jsing 4731: The message digest to apply to the data file.
4732: It supports all the message digest algorithms that are supported by the
4733: .Nm dgst
4734: command.
4735: The default is SHA-1.
4736: .It Fl no_nonce
1.72 jmc 4737: Specify no nonce in the request.
4738: The default, to include a 64-bit long pseudo-random nonce,
4739: is recommended to protect against replay attacks.
1.1 jsing 4740: .It Fl out Ar request.tsq
1.72 jmc 4741: The output file to write to,
4742: or standard output if not specified.
1.1 jsing 4743: .It Fl policy Ar object_id
4744: The policy that the client expects the TSA to use for creating the
4745: time stamp token.
1.72 jmc 4746: Either dotted OID notation or OID names defined
1.1 jsing 4747: in the config file can be used.
1.72 jmc 4748: If no policy is requested the TSA uses its own default policy.
1.1 jsing 4749: .It Fl text
1.72 jmc 4750: Output in human-readable text format instead of DER.
1.1 jsing 4751: .El
4752: .Pp
4753: A time stamp response (TimeStampResp) consists of a response status
4754: and the time stamp token itself (ContentInfo),
4755: if the token generation was successful.
4756: The
4757: .Fl reply
4758: command is for creating a time stamp
4759: response or time stamp token based on a request and printing the
4760: response/token in human-readable format.
4761: If
4762: .Fl token_out
4763: is not specified the output is always a time stamp response (TimeStampResp),
4764: otherwise it is a time stamp token (ContentInfo).
4765: .Bl -tag -width Ds
4766: .It Fl chain Ar certs_file.pem
1.72 jmc 4767: The collection of PEM certificates
1.1 jsing 4768: that will be included in the response
4769: in addition to the signer certificate if the
4770: .Fl cert
4771: option was used for the request.
4772: This file is supposed to contain the certificate chain
4773: for the signer certificate from its issuer upwards.
4774: The
4775: .Fl reply
4776: command does not build a certificate chain automatically.
4777: .It Fl config Ar configfile
1.72 jmc 4778: Specify an alternative configuration file.
1.1 jsing 4779: .It Fl in Ar response.tsr
1.72 jmc 4780: Specify a previously created time stamp response (or time stamp token, if
1.1 jsing 4781: .Fl token_in
1.72 jmc 4782: is also specified)
1.1 jsing 4783: in DER format that will be written to the output file.
4784: This option does not require a request;
4785: it is useful, for example,
1.72 jmc 4786: to examine the content of a response or token
4787: or to extract the time stamp token from a response.
1.1 jsing 4788: If the input is a token and the output is a time stamp response a default
1.72 jmc 4789: .Qq granted
1.1 jsing 4790: status info is added to the token.
4791: .It Fl inkey Ar private.pem
4792: The signer private key of the TSA in PEM format.
4793: Overrides the
4794: .Cm signer_key
4795: config file option.
4796: .It Fl out Ar response.tsr
4797: The response is written to this file.
4798: The format and content of the file depends on other options (see
4799: .Fl text
4800: and
4801: .Fl token_out ) .
4802: The default is stdout.
4803: .It Fl passin Ar arg
4804: The key password source.
4805: .It Fl policy Ar object_id
1.72 jmc 4806: The default policy to use for the response.
4807: Either dotted OID notation or OID names defined
4808: in the config file can be used.
4809: If no policy is requested the TSA uses its own default policy.
1.1 jsing 4810: .It Fl queryfile Ar request.tsq
1.72 jmc 4811: The file containing a DER-encoded time stamp request.
1.1 jsing 4812: .It Fl section Ar tsa_section
1.72 jmc 4813: The config file section containing the settings for response generation.
1.1 jsing 4814: .It Fl signer Ar tsa_cert.pem
1.72 jmc 4815: The PEM signer certificate of the TSA.
1.1 jsing 4816: The TSA signing certificate must have exactly one extended key usage
4817: assigned to it: timeStamping.
4818: The extended key usage must also be critical,
4819: otherwise the certificate is going to be refused.
4820: Overrides the
4821: .Cm signer_cert
4822: variable of the config file.
4823: .It Fl text
1.72 jmc 4824: Output in human-readable text format instead of DER.
1.1 jsing 4825: .It Fl token_in
1.72 jmc 4826: The input is a DER-encoded time stamp token (ContentInfo)
4827: instead of a time stamp response (TimeStampResp).
1.1 jsing 4828: .It Fl token_out
1.72 jmc 4829: The output is a time stamp token (ContentInfo)
4830: instead of a time stamp response (TimeStampResp).
1.1 jsing 4831: .El
4832: .Pp
4833: The
4834: .Fl verify
4835: command is for verifying if a time stamp response or time stamp token
4836: is valid and matches a particular time stamp request or data file.
4837: The
4838: .Fl verify
4839: command does not use the configuration file.
4840: .Bl -tag -width Ds
4841: .It Fl CAfile Ar trusted_certs.pem
1.72 jmc 4842: The file containing a set of trusted self-signed PEM CA certificates.
4843: See
1.1 jsing 4844: .Nm verify
4845: for additional details.
4846: Either this option or
4847: .Fl CApath
4848: must be specified.
4849: .It Fl CApath Ar trusted_cert_path
1.72 jmc 4850: The directory containing the trused CA certificates of the client.
4851: See
1.1 jsing 4852: .Nm verify
4853: for additional details.
4854: Either this option or
4855: .Fl CAfile
4856: must be specified.
4857: .It Fl data Ar file_to_hash
4858: The response or token must be verified against
4859: .Ar file_to_hash .
4860: The file is hashed with the message digest algorithm specified in the token.
4861: The
4862: .Fl digest
4863: and
4864: .Fl queryfile
4865: options must not be specified with this one.
4866: .It Fl digest Ar digest_bytes
4867: The response or token must be verified against the message digest specified
4868: with this option.
4869: The number of bytes must match the message digest algorithm
4870: specified in the token.
4871: The
4872: .Fl data
4873: and
4874: .Fl queryfile
4875: options must not be specified with this one.
4876: .It Fl in Ar response.tsr
4877: The time stamp response that needs to be verified, in DER format.
4878: This option in mandatory.
4879: .It Fl queryfile Ar request.tsq
4880: The original time stamp request, in DER format.
4881: The
4882: .Fl data
4883: and
4884: .Fl digest
4885: options must not be specified with this one.
4886: .It Fl token_in
1.72 jmc 4887: The input is a DER-encoded time stamp token (ContentInfo)
4888: instead of a time stamp response (TimeStampResp).
1.1 jsing 4889: .It Fl untrusted Ar cert_file.pem
1.72 jmc 4890: Additional untrusted PEM certificates which may be needed
4891: when building the certificate chain for the TSA's signing certificate.
1.1 jsing 4892: This file must contain the TSA signing certificate and
4893: all intermediate CA certificates unless the response includes them.
4894: .El
4895: .Pp
1.72 jmc 4896: Options specified on the command line always override
4897: the settings in the config file:
1.1 jsing 4898: .Bl -tag -width Ds
4899: .It Cm tsa Ar section , Cm default_tsa
4900: This is the main section and it specifies the name of another section
4901: that contains all the options for the
4902: .Fl reply
4903: option.
1.72 jmc 4904: This section can be overridden with the
1.1 jsing 4905: .Fl section
4906: command line switch.
4907: .It Cm oid_file
4908: See
4909: .Nm ca
4910: for a description.
4911: .It Cm oid_section
4912: See
4913: .Nm ca
4914: for a description.
4915: .It Cm serial
1.72 jmc 4916: The file containing the hexadecimal serial number of the
1.1 jsing 4917: last time stamp response created.
4918: This number is incremented by 1 for each response.
1.72 jmc 4919: If the file does not exist at the time of response generation
4920: a new file is created with serial number 1.
1.1 jsing 4921: This parameter is mandatory.
4922: .It Cm signer_cert
4923: TSA signing certificate, in PEM format.
4924: The same as the
4925: .Fl signer
4926: command line option.
4927: .It Cm certs
1.72 jmc 4928: A set of PEM-encoded certificates that need to be
1.1 jsing 4929: included in the response.
4930: The same as the
4931: .Fl chain
4932: command line option.
4933: .It Cm signer_key
4934: The private key of the TSA, in PEM format.
4935: The same as the
4936: .Fl inkey
4937: command line option.
4938: .It Cm default_policy
4939: The default policy to use when the request does not mandate any policy.
4940: The same as the
4941: .Fl policy
4942: command line option.
4943: .It Cm other_policies
4944: Comma separated list of policies that are also acceptable by the TSA
4945: and used only if the request explicitly specifies one of them.
4946: .It Cm digests
4947: The list of message digest algorithms that the TSA accepts.
4948: At least one algorithm must be specified.
4949: This parameter is mandatory.
4950: .It Cm accuracy
4951: The accuracy of the time source of the TSA in seconds, milliseconds
4952: and microseconds.
4953: For example, secs:1, millisecs:500, microsecs:100.
4954: If any of the components is missing,
4955: zero is assumed for that field.
4956: .It Cm clock_precision_digits
1.72 jmc 4957: The maximum number of digits, which represent the fraction of seconds,
4958: that need to be included in the time field.
1.1 jsing 4959: The trailing zeroes must be removed from the time,
1.72 jmc 4960: so there might actually be fewer digits
1.1 jsing 4961: or no fraction of seconds at all.
4962: The maximum value is 6;
4963: the default is 0.
4964: .It Cm ordering
4965: If this option is yes,
4966: the responses generated by this TSA can always be ordered,
4967: even if the time difference between two responses is less
4968: than the sum of their accuracies.
4969: The default is no.
4970: .It Cm tsa_name
4971: Set this option to yes if the subject name of the TSA must be included in
4972: the TSA name field of the response.
4973: The default is no.
4974: .It Cm ess_cert_id_chain
4975: The SignedData objects created by the TSA always contain the
4976: certificate identifier of the signing certificate in a signed
4977: attribute (see RFC 2634, Enhanced Security Services).
4978: If this option is set to yes and either the
4979: .Cm certs
4980: variable or the
4981: .Fl chain
4982: option is specified then the certificate identifiers of the chain will also
4983: be included in the SigningCertificate signed attribute.
4984: If this variable is set to no,
4985: only the signing certificate identifier is included.
4986: The default is no.
4987: .El
4988: .Sh VERIFY
4989: .nr nS 1
4990: .Nm "openssl verify"
4991: .Op Fl CAfile Ar file
4992: .Op Fl CApath Ar directory
4993: .Op Fl check_ss_sig
4994: .Op Fl crl_check
4995: .Op Fl crl_check_all
4996: .Op Fl explicit_policy
4997: .Op Fl extended_crl
4998: .Op Fl help
4999: .Op Fl ignore_critical
5000: .Op Fl inhibit_any
5001: .Op Fl inhibit_map
5002: .Op Fl issuer_checks
5003: .Op Fl policy_check
5004: .Op Fl purpose Ar purpose
5005: .Op Fl untrusted Ar file
5006: .Op Fl verbose
5007: .Op Fl x509_strict
5008: .Op Ar certificates
5009: .nr nS 0
5010: .Pp
5011: The
5012: .Nm verify
5013: command verifies certificate chains.
5014: .Pp
5015: The options are as follows:
5016: .Bl -tag -width Ds
5017: .It Fl check_ss_sig
5018: Verify the signature on the self-signed root CA.
5019: This is disabled by default
5020: because it doesn't add any security.
5021: .It Fl CAfile Ar file
5022: A
5023: .Ar file
5024: of trusted certificates.
5025: The
5026: .Ar file
5027: should contain multiple certificates in PEM format, concatenated together.
5028: .It Fl CApath Ar directory
5029: A
5030: .Ar directory
5031: of trusted certificates.
1.76 jmc 5032: The certificates, or symbolic links to them,
5033: should have names of the form
5034: .Ar hash Ns .0 ,
5035: where
5036: .Ar hash
5037: is the hashed certificate subject name
5038: (see the
1.1 jsing 5039: .Fl hash
5040: option of the
5041: .Nm x509
5042: utility).
5043: .It Fl crl_check
1.76 jmc 5044: Check end entity certificate validity by attempting to look up a valid CRL.
1.1 jsing 5045: If a valid CRL cannot be found an error occurs.
5046: .It Fl crl_check_all
1.76 jmc 5047: Check the validity of all certificates in the chain by attempting
1.1 jsing 5048: to look up valid CRLs.
5049: .It Fl explicit_policy
1.76 jmc 5050: Set policy variable require-explicit-policy (RFC 3280).
1.1 jsing 5051: .It Fl extended_crl
5052: Enable extended CRL features such as indirect CRLs and alternate CRL
5053: signing keys.
5054: .It Fl help
1.76 jmc 5055: Print a usage message.
1.1 jsing 5056: .It Fl ignore_critical
1.76 jmc 5057: Ignore critical extensions instead of rejecting the certificate.
1.1 jsing 5058: .It Fl inhibit_any
1.76 jmc 5059: Set policy variable inhibit-any-policy (RFC 3280).
1.1 jsing 5060: .It Fl inhibit_map
1.76 jmc 5061: Set policy variable inhibit-policy-mapping (RFC 3280).
1.1 jsing 5062: .It Fl issuer_checks
1.76 jmc 5063: Print diagnostics relating to searches for the issuer certificate
5064: of the current certificate
5065: showing why each candidate issuer certificate was rejected.
5066: The presence of rejection messages
5067: does not itself imply that anything is wrong:
5068: during the normal verify process several rejections may take place.
1.1 jsing 5069: .It Fl policy_check
1.76 jmc 5070: Enable certificate policy processing.
1.1 jsing 5071: .It Fl purpose Ar purpose
5072: The intended use for the certificate.
5073: Without this option no chain verification will be done.
5074: Currently accepted uses are
1.76 jmc 5075: .Cm sslclient , sslserver ,
5076: .Cm nssslserver , smimesign ,
5077: .Cm smimeencrypt , crlsign ,
5078: .Cm any ,
1.1 jsing 5079: and
1.76 jmc 5080: .Cm ocsphelper .
1.1 jsing 5081: .It Fl untrusted Ar file
5082: A
5083: .Ar file
5084: of untrusted certificates.
5085: The
5086: .Ar file
5087: should contain multiple certificates.
5088: .It Fl verbose
5089: Print extra information about the operations being performed.
5090: .It Fl x509_strict
5091: Disable workarounds for broken certificates which have to be disabled
5092: for strict X.509 compliance.
5093: .It Ar certificates
1.76 jmc 5094: One or more PEM
1.1 jsing 5095: .Ar certificates
5096: to verify.
5097: If no certificate files are included, an attempt is made to read
5098: a certificate from standard input.
1.76 jmc 5099: If the first certificate filename begins with a dash,
5100: use a lone dash to mark the last option.
1.1 jsing 5101: .El
1.76 jmc 5102: .Pp
1.1 jsing 5103: The
5104: .Nm verify
5105: program uses the same functions as the internal SSL and S/MIME verification,
1.76 jmc 5106: with one crucial difference:
5107: wherever possible an attempt is made to continue after an error,
5108: whereas normally the verify operation would halt on the first error.
1.1 jsing 5109: This allows all the problems with a certificate chain to be determined.
5110: .Pp
1.76 jmc 5111: The verify operation consists of a number of separate steps.
1.1 jsing 5112: Firstly a certificate chain is built up starting from the supplied certificate
5113: and ending in the root CA.
5114: It is an error if the whole chain cannot be built up.
5115: The chain is built up by looking up the issuer's certificate of the current
5116: certificate.
5117: If a certificate is found which is its own issuer, it is assumed
5118: to be the root CA.
5119: .Pp
1.76 jmc 5120: All certificates whose subject name matches the issuer name
1.1 jsing 5121: of the current certificate are subject to further tests.
5122: The relevant authority key identifier components of the current certificate
1.76 jmc 5123: (if present) must match the subject key identifier (if present)
5124: and issuer and serial number of the candidate issuer;
5125: in addition the
5126: .Cm keyUsage
5127: extension of the candidate issuer (if present) must permit certificate signing.
1.1 jsing 5128: .Pp
5129: The lookup first looks in the list of untrusted certificates and if no match
5130: is found the remaining lookups are from the trusted certificates.
1.76 jmc 5131: The root CA is always looked up in the trusted certificate list:
5132: if the certificate to verify is a root certificate,
5133: then an exact match must be found in the trusted list.
1.1 jsing 5134: .Pp
5135: The second operation is to check every untrusted certificate's extensions for
5136: consistency with the supplied purpose.
5137: If the
5138: .Fl purpose
5139: option is not included, then no checks are done.
5140: The supplied or
5141: .Qq leaf
5142: certificate must have extensions compatible with the supplied purpose
5143: and all other certificates must also be valid CA certificates.
5144: The precise extensions required are described in more detail in
5145: the
1.76 jmc 5146: .Nm X509
1.1 jsing 5147: section below.
5148: .Pp
5149: The third operation is to check the trust settings on the root CA.
5150: The root CA should be trusted for the supplied purpose.
1.76 jmc 5151: A certificate with no trust settings is considered to be valid for
1.1 jsing 5152: all purposes.
5153: .Pp
5154: The final operation is to check the validity of the certificate chain.
5155: The validity period is checked against the current system time and the
1.76 jmc 5156: .Cm notBefore
1.1 jsing 5157: and
1.76 jmc 5158: .Cm notAfter
1.1 jsing 5159: dates in the certificate.
5160: The certificate signatures are also checked at this point.
5161: .Pp
5162: If all operations complete successfully, the certificate is considered
5163: valid.
5164: If any operation fails then the certificate is not valid.
5165: When a verify operation fails, the output messages can be somewhat cryptic.
5166: The general form of the error message is:
1.76 jmc 5167: .Bd -literal
5168: server.pem: /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test CA (1024-bit)
5169: error 24 at 1 depth lookup:invalid CA certificate
1.1 jsing 5170: .Ed
5171: .Pp
5172: The first line contains the name of the certificate being verified, followed by
5173: the subject name of the certificate.
5174: The second line contains the error number and the depth.
5175: The depth is the number of the certificate being verified when a
5176: problem was detected starting with zero for the certificate being verified
5177: itself, then 1 for the CA that signed the certificate and so on.
5178: Finally a text version of the error number is presented.
5179: .Pp
5180: An exhaustive list of the error codes and messages is shown below; this also
5181: includes the name of the error code as defined in the header file
1.12 bentley 5182: .In openssl/x509_vfy.h .
1.76 jmc 5183: Some of the error codes are defined but never returned: these are described as
1.1 jsing 5184: .Qq unused .
5185: .Bl -tag -width "XXXX"
1.78 jmc 5186: .It 0 X509_V_OK
1.1 jsing 5187: The operation was successful.
1.78 jmc 5188: .It 2 X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT
5189: The issuer certificate of an untrusted certificate could not be found.
5190: .It 3 X509_V_ERR_UNABLE_TO_GET_CRL
1.1 jsing 5191: The CRL of a certificate could not be found.
1.78 jmc 5192: .It 4 X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE
1.1 jsing 5193: The certificate signature could not be decrypted.
1.78 jmc 5194: This means that the actual signature value could not be determined
5195: rather than it not matching the expected value.
1.1 jsing 5196: This is only meaningful for RSA keys.
1.78 jmc 5197: .It 5 X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE
5198: The CRL signature could not be decrypted.
5199: This means that the actual signature value could not be determined
5200: rather than it not matching the expected value.
1.1 jsing 5201: Unused.
1.78 jmc 5202: .It 6 X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY
1.1 jsing 5203: The public key in the certificate
1.76 jmc 5204: .Cm SubjectPublicKeyInfo
1.1 jsing 5205: could not be read.
1.78 jmc 5206: .It 7 X509_V_ERR_CERT_SIGNATURE_FAILURE
1.1 jsing 5207: The signature of the certificate is invalid.
1.78 jmc 5208: .It 8 X509_V_ERR_CRL_SIGNATURE_FAILURE
1.1 jsing 5209: The signature of the certificate is invalid.
1.78 jmc 5210: .It 9 X509_V_ERR_CERT_NOT_YET_VALID
1.1 jsing 5211: The certificate is not yet valid: the
1.76 jmc 5212: .Cm notBefore
1.1 jsing 5213: date is after the current time.
1.78 jmc 5214: .It 10 X509_V_ERR_CERT_HAS_EXPIRED
1.1 jsing 5215: The certificate has expired; that is, the
1.76 jmc 5216: .Cm notAfter
1.1 jsing 5217: date is before the current time.
1.78 jmc 5218: .It 11 X509_V_ERR_CRL_NOT_YET_VALID
1.1 jsing 5219: The CRL is not yet valid.
1.78 jmc 5220: .It 12 X509_V_ERR_CRL_HAS_EXPIRED
1.1 jsing 5221: The CRL has expired.
1.78 jmc 5222: .It 13 X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD
1.1 jsing 5223: The certificate
1.76 jmc 5224: .Cm notBefore
1.1 jsing 5225: field contains an invalid time.
1.78 jmc 5226: .It 14 X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD
1.1 jsing 5227: The certificate
1.76 jmc 5228: .Cm notAfter
1.1 jsing 5229: field contains an invalid time.
1.78 jmc 5230: .It 15 X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD
1.1 jsing 5231: The CRL
1.76 jmc 5232: .Cm lastUpdate
1.1 jsing 5233: field contains an invalid time.
1.78 jmc 5234: .It 16 X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD
1.1 jsing 5235: The CRL
1.76 jmc 5236: .Cm nextUpdate
1.1 jsing 5237: field contains an invalid time.
1.78 jmc 5238: .It 17 X509_V_ERR_OUT_OF_MEM
1.1 jsing 5239: An error occurred trying to allocate memory.
5240: This should never happen.
1.78 jmc 5241: .It 18 X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT
1.1 jsing 5242: The passed certificate is self-signed and the same certificate cannot be
5243: found in the list of trusted certificates.
1.78 jmc 5244: .It 19 X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN
1.1 jsing 5245: The certificate chain could be built up using the untrusted certificates but
5246: the root could not be found locally.
1.78 jmc 5247: .It 20 X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY
1.1 jsing 5248: The issuer certificate of a locally looked up certificate could not be found.
5249: This normally means the list of trusted certificates is not complete.
1.78 jmc 5250: .It 21 X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE
1.1 jsing 5251: No signatures could be verified because the chain contains only one
5252: certificate and it is not self-signed.
1.78 jmc 5253: .It 22 X509_V_ERR_CERT_CHAIN_TOO_LONG
1.1 jsing 5254: The certificate chain length is greater than the supplied maximum depth.
5255: Unused.
1.78 jmc 5256: .It 23 X509_V_ERR_CERT_REVOKED
1.1 jsing 5257: The certificate has been revoked.
1.78 jmc 5258: .It 24 X509_V_ERR_INVALID_CA
1.1 jsing 5259: A CA certificate is invalid.
5260: Either it is not a CA or its extensions are not consistent
5261: with the supplied purpose.
1.78 jmc 5262: .It 25 X509_V_ERR_PATH_LENGTH_EXCEEDED
1.1 jsing 5263: The
1.76 jmc 5264: .Cm basicConstraints
1.1 jsing 5265: pathlength parameter has been exceeded.
1.78 jmc 5266: .It 26 X509_V_ERR_INVALID_PURPOSE
1.1 jsing 5267: The supplied certificate cannot be used for the specified purpose.
1.78 jmc 5268: .It 27 X509_V_ERR_CERT_UNTRUSTED
1.1 jsing 5269: The root CA is not marked as trusted for the specified purpose.
1.78 jmc 5270: .It 28 X509_V_ERR_CERT_REJECTED
1.1 jsing 5271: The root CA is marked to reject the specified purpose.
1.78 jmc 5272: .It 29 X509_V_ERR_SUBJECT_ISSUER_MISMATCH
1.1 jsing 5273: The current candidate issuer certificate was rejected because its subject name
5274: did not match the issuer name of the current certificate.
5275: Only displayed when the
5276: .Fl issuer_checks
5277: option is set.
1.78 jmc 5278: .It 30 X509_V_ERR_AKID_SKID_MISMATCH
1.1 jsing 5279: The current candidate issuer certificate was rejected because its subject key
5280: identifier was present and did not match the authority key identifier current
5281: certificate.
5282: Only displayed when the
5283: .Fl issuer_checks
5284: option is set.
1.78 jmc 5285: .It 31 X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH
1.1 jsing 5286: The current candidate issuer certificate was rejected because its issuer name
5287: and serial number were present and did not match the authority key identifier
5288: of the current certificate.
5289: Only displayed when the
5290: .Fl issuer_checks
5291: option is set.
1.78 jmc 5292: .It 32 X509_V_ERR_KEYUSAGE_NO_CERTSIGN
1.1 jsing 5293: The current candidate issuer certificate was rejected because its
1.76 jmc 5294: .Cm keyUsage
1.1 jsing 5295: extension does not permit certificate signing.
1.78 jmc 5296: .It 50 X509_V_ERR_APPLICATION_VERIFICATION
1.1 jsing 5297: An application specific error.
5298: Unused.
5299: .El
5300: .Sh VERSION
5301: .Nm openssl version
5302: .Op Fl abdfopv
5303: .Pp
5304: The
5305: .Nm version
5306: command is used to print out version information about
1.79 jmc 5307: .Nm openssl .
1.1 jsing 5308: .Pp
5309: The options are as follows:
5310: .Bl -tag -width Ds
5311: .It Fl a
5312: All information: this is the same as setting all the other flags.
5313: .It Fl b
5314: The date the current version of
1.79 jmc 5315: .Nm openssl
1.1 jsing 5316: was built.
5317: .It Fl d
5318: .Ev OPENSSLDIR
5319: setting.
5320: .It Fl f
5321: Compilation flags.
5322: .It Fl o
5323: Option information: various options set when the library was built.
5324: .It Fl p
5325: Platform setting.
5326: .It Fl v
5327: The current
1.79 jmc 5328: .Nm openssl
1.1 jsing 5329: version.
5330: .El
5331: .Sh X509
5332: .nr nS 1
5333: .Nm "openssl x509"
5334: .Op Fl C
5335: .Op Fl addreject Ar arg
5336: .Op Fl addtrust Ar arg
5337: .Op Fl alias
5338: .Op Fl CA Ar file
5339: .Op Fl CAcreateserial
1.80 ! jmc 5340: .Op Fl CAform Cm der | pem
1.1 jsing 5341: .Op Fl CAkey Ar file
1.80 ! jmc 5342: .Op Fl CAkeyform Cm der | pem
1.1 jsing 5343: .Op Fl CAserial Ar file
5344: .Op Fl certopt Ar option
5345: .Op Fl checkend Ar arg
5346: .Op Fl clrext
5347: .Op Fl clrreject
5348: .Op Fl clrtrust
5349: .Op Fl dates
5350: .Op Fl days Ar arg
5351: .Op Fl email
5352: .Op Fl enddate
5353: .Op Fl extensions Ar section
5354: .Op Fl extfile Ar file
5355: .Op Fl fingerprint
5356: .Op Fl hash
5357: .Op Fl in Ar file
1.80 ! jmc 5358: .Op Fl inform Cm der | net | pem
1.1 jsing 5359: .Op Fl issuer
5360: .Op Fl issuer_hash
5361: .Op Fl issuer_hash_old
1.80 ! jmc 5362: .Op Fl keyform Cm der | pem
1.29 bcook 5363: .Op Fl md5 | sha1
1.1 jsing 5364: .Op Fl modulus
5365: .Op Fl nameopt Ar option
5366: .Op Fl noout
5367: .Op Fl ocsp_uri
5368: .Op Fl ocspid
5369: .Op Fl out Ar file
1.80 ! jmc 5370: .Op Fl outform Cm der | net | pem
1.1 jsing 5371: .Op Fl passin Ar arg
5372: .Op Fl pubkey
5373: .Op Fl purpose
5374: .Op Fl req
5375: .Op Fl serial
5376: .Op Fl set_serial Ar n
5377: .Op Fl setalias Ar arg
5378: .Op Fl signkey Ar file
5379: .Op Fl startdate
5380: .Op Fl subject
5381: .Op Fl subject_hash
5382: .Op Fl subject_hash_old
5383: .Op Fl text
5384: .Op Fl trustout
5385: .Op Fl x509toreq
5386: .nr nS 0
5387: .Pp
5388: The
5389: .Nm x509
5390: command is a multi-purpose certificate utility.
5391: It can be used to display certificate information, convert certificates to
5392: various forms, sign certificate requests like a
5393: .Qq mini CA ,
5394: or edit certificate trust settings.
5395: .Pp
1.80 ! jmc 5396: The following are x509 input, output, and general purpose options:
1.1 jsing 5397: .Bl -tag -width "XXXX"
5398: .It Fl in Ar file
1.80 ! jmc 5399: The input file to read from,
! 5400: or standard input if not specified.
! 5401: .It Fl inform Cm der | net | pem
! 5402: The input format.
1.1 jsing 5403: Normally, the command will expect an X.509 certificate,
5404: but this can change if other options such as
5405: .Fl req
5406: are present.
1.29 bcook 5407: .It Fl md5 | sha1
1.1 jsing 5408: The digest to use.
5409: This affects any signing or display option that uses a message digest,
5410: such as the
5411: .Fl fingerprint , signkey ,
5412: and
5413: .Fl CA
5414: options.
5415: If not specified, MD5 is used.
1.80 ! jmc 5416: SHA1 is always used with DSA keys.
1.1 jsing 5417: .It Fl out Ar file
1.80 ! jmc 5418: The output file to write to,
! 5419: or standard output if none is specified.
! 5420: .It Fl outform Cm der | net | pem
! 5421: The output format.
1.1 jsing 5422: .It Fl passin Ar arg
5423: The key password source.
5424: .El
1.80 ! jmc 5425: .Pp
! 5426: The following are x509 display options:
1.1 jsing 5427: .Bl -tag -width "XXXX"
5428: .It Fl C
1.80 ! jmc 5429: Output the certificate in the form of a C source file.
1.1 jsing 5430: .It Fl certopt Ar option
5431: Customise the output format used with
1.80 ! jmc 5432: .Fl text ,
! 5433: either using a list of comma-separated options or by specifying
1.1 jsing 5434: .Fl certopt
1.80 ! jmc 5435: multiple times.
! 5436: The default behaviour is to print all fields.
! 5437: The options are as follows:
! 5438: .Pp
! 5439: .Bl -tag -width "no_extensions" -offset indent -compact
! 5440: .It Cm ca_default
! 5441: Equivalent to
! 5442: .Cm no_issuer , no_pubkey , no_header ,
! 5443: .Cm no_version , no_sigdump ,
! 5444: and
! 5445: .Cm no_signame .
! 5446: .It Cm compatible
! 5447: Equivalent to no output options at all.
! 5448: .It Cm ext_default
! 5449: Print unsupported certificate extensions.
! 5450: .It Cm ext_dump
! 5451: Hex dump unsupported extensions.
! 5452: .It Cm ext_error
! 5453: Print an error message for unsupported certificate extensions.
! 5454: .It Cm ext_parse
! 5455: ASN1 parse unsupported extensions.
! 5456: .It Cm no_aux
! 5457: Do not print certificate trust information.
! 5458: .It Cm no_extensions
! 5459: Do not print X509V3 extensions.
! 5460: .It Cm no_header
! 5461: Do not print header (Certificate and Data) information.
! 5462: .It Cm no_issuer
! 5463: Do not print the issuer name.
! 5464: .It Cm no_pubkey
! 5465: Do not print the public key.
! 5466: .It Cm no_serial
! 5467: Do not print the serial number.
! 5468: .It Cm no_sigdump
! 5469: Do not give a hexadecimal dump of the certificate signature.
! 5470: .It Cm no_signame
! 5471: Do not print the signature algorithm used.
! 5472: .It Cm no_subject
! 5473: Do not print the subject name.
! 5474: .It Cm no_validity
! 5475: Do not print the
! 5476: .Cm notBefore
! 5477: and
! 5478: .Cm notAfter
! 5479: (validity) fields.
! 5480: .It Cm no_version
! 5481: Do not print the version number.
! 5482: .El
1.1 jsing 5483: .It Fl dates
1.80 ! jmc 5484: Print the start and expiry date of a certificate.
1.1 jsing 5485: .It Fl email
1.80 ! jmc 5486: Output the email addresses, if any.
1.1 jsing 5487: .It Fl enddate
1.80 ! jmc 5488: Print the expiry date of the certificate; that is, the
! 5489: .Cm notAfter
1.1 jsing 5490: date.
5491: .It Fl fingerprint
1.80 ! jmc 5492: Print the digest of the DER-encoded version of the whole certificate.
1.1 jsing 5493: .It Fl hash
5494: A synonym for
1.80 ! jmc 5495: .Fl subject_hash .
1.1 jsing 5496: .It Fl issuer
1.80 ! jmc 5497: Print the issuer name.
1.1 jsing 5498: .It Fl issuer_hash
1.80 ! jmc 5499: Print the hash of the certificate issuer name.
1.1 jsing 5500: .It Fl issuer_hash_old
1.80 ! jmc 5501: Print the hash of the certificate issuer name
! 5502: using the older algorithm as used by
! 5503: .Nm openssl
1.1 jsing 5504: versions before 1.0.0.
5505: .It Fl modulus
1.80 ! jmc 5506: Print the value of the modulus of the public key contained in the certificate.
1.1 jsing 5507: .It Fl nameopt Ar option
1.80 ! jmc 5508: Customise how the subject or issuer names are displayed,
! 5509: either using a list of comma-separated options or by specifying
1.1 jsing 5510: .Fl nameopt
1.80 ! jmc 5511: multiple times.
! 5512: The default behaviour is to use the
! 5513: .Cm oneline
! 5514: format.
! 5515: The options,
! 5516: which can be preceded by a dash to turn them off,
! 5517: are as follows:
! 5518: .Bl -tag -width "XXXX"
! 5519: .It Cm align
! 5520: Align field values for a more readable output.
! 5521: Only usable with
! 5522: .Ar sep_multiline .
! 5523: .It Cm compat
! 5524: Use the old format,
! 5525: equivalent to specifying no options at all.
! 5526: .It Cm dn_rev
! 5527: Reverse the fields of the DN, as required by RFC 2253.
! 5528: As a side effect, this also reverses the order of multiple AVAs.
! 5529: .It Cm dump_all
! 5530: Dump all fields.
! 5531: When used with
! 5532: .Ar dump_der ,
! 5533: it allows the DER encoding of the structure to be unambiguously determined.
! 5534: .It Cm dump_der
! 5535: Any fields that need to be hexdumped are
! 5536: dumped using the DER encoding of the field.
! 5537: Otherwise just the content octets will be displayed.
! 5538: Both options use the RFC 2253 #XXXX... format.
! 5539: .It Cm dump_nostr
! 5540: Dump non-character string types
! 5541: (for example OCTET STRING);
! 5542: usually, non-character string types are displayed
! 5543: as though each content octet represents a single character.
! 5544: .It Cm dump_unknown
! 5545: Dump any field whose OID is not recognised by
! 5546: .Nm openssl .
! 5547: .It Cm esc_2253
! 5548: Escape the
! 5549: .Qq special
! 5550: characters required by RFC 2253 in a field that is
! 5551: .Dq \& ,+"<>; .
! 5552: Additionally,
! 5553: .Sq #
! 5554: is escaped at the beginning of a string
! 5555: and a space character at the beginning or end of a string.
! 5556: .It Cm esc_ctrl
! 5557: Escape control characters.
! 5558: That is, those with ASCII values less than 0x20 (space)
! 5559: and the delete (0x7f) character.
! 5560: They are escaped using the RFC 2253 \eXX notation (where XX are two hex
! 5561: digits representing the character value).
! 5562: .It Cm esc_msb
! 5563: Escape characters with the MSB set; that is, with ASCII values larger than
! 5564: 127.
! 5565: .It Cm multiline
! 5566: A multiline format.
! 5567: Equivalent to
! 5568: .Cm esc_ctrl , esc_msb , sep_multiline ,
! 5569: .Cm space_eq , lname ,
! 5570: and
! 5571: .Cm align .
! 5572: .It Cm no_type
! 5573: Do not attempt to interpret multibyte characters.
! 5574: That is, content octets are merely dumped as though one octet
! 5575: represents each character.
! 5576: This is useful for diagnostic purposes
! 5577: but results in rather odd looking output.
! 5578: .It Cm nofname , sname , lname , oid
! 5579: Alter how the field name is displayed:
! 5580: .Cm nofname
! 5581: does not display the field at all;
! 5582: .Cm sname
! 5583: uses the short name form (CN for
! 5584: .Cm commonName ,
! 5585: for example);
! 5586: .Cm lname
! 5587: uses the long form.
! 5588: .Cm oid
! 5589: represents the OID in numerical form and is useful for diagnostic purpose.
! 5590: .It Cm oneline
! 5591: A one line format which is more readable than
! 5592: .Cm RFC2253 .
! 5593: Equivalent to
! 5594: .Cm esc_2253 , esc_ctrl , esc_msb , utf8 ,
! 5595: .Cm dump_nostr , dump_der , use_quote , sep_comma_plus_spc ,
! 5596: .Cm space_eq ,
! 5597: and
! 5598: .Cm sname .
! 5599: .It Cm RFC2253
! 5600: Displays names compatible with RFC 2253.
! 5601: Equivalent to
! 5602: .Cm esc_2253 , esc_ctrl ,
! 5603: .Cm esc_msb , utf8 , dump_nostr , dump_unknown ,
! 5604: .Cm dump_der , sep_comma_plus , dn_rev ,
! 5605: and
! 5606: .Cm sname .
! 5607: .It Cm sep_comma_plus , sep_comma_plus_space , sep_semi_plus_space , sep_multiline
! 5608: Determine the field separators:
! 5609: the first character is between RDNs and the second between multiple AVAs
! 5610: (multiple AVAs are very rare and their use is discouraged).
! 5611: The options ending in
! 5612: .Qq space
! 5613: additionally place a space after the separator to make it more readable.
! 5614: .Cm sep_multiline
! 5615: uses a linefeed character for the RDN separator and a spaced
! 5616: .Sq +
! 5617: for the AVA separator,
! 5618: as well as indenting the fields by four characters.
! 5619: .It Cm show_type
! 5620: Show the type of the ASN1 character string.
! 5621: The type precedes the field contents.
! 5622: For example
! 5623: .Qq BMPSTRING: Hello World .
! 5624: .It Cm space_eq
! 5625: Place spaces round the
! 5626: .Sq =
! 5627: character which follows the field name.
! 5628: .It Cm use_quote
! 5629: Escape some characters by surrounding the whole string with
! 5630: .Sq \&"
! 5631: characters.
! 5632: Without the option, all escaping is done with the
! 5633: .Sq \e
! 5634: character.
! 5635: .It Cm utf8
! 5636: Convert all strings to UTF8 format first, as required by RFC 2253.
! 5637: On a UTF8 compatible terminal,
! 5638: the use of this option (and not setting
! 5639: .Cm esc_msb )
! 5640: may result in the correct display of multibyte characters.
! 5641: Usually, multibyte characters larger than 0xff
! 5642: are represented using the format \eUXXXX for 16 bits and \eWXXXXXXXX
! 5643: for 32 bits,
! 5644: and any UTF8Strings are converted to their character form first.
! 5645: .El
1.1 jsing 5646: .It Fl noout
1.80 ! jmc 5647: Do not output the encoded version of the request.
1.1 jsing 5648: .It Fl ocsp_uri
1.80 ! jmc 5649: Print the OCSP responder addresses, if any.
1.1 jsing 5650: .It Fl ocspid
5651: Print OCSP hash values for the subject name and public key.
5652: .It Fl pubkey
1.80 ! jmc 5653: Print the public key.
1.1 jsing 5654: .It Fl serial
1.80 ! jmc 5655: Print the certificate serial number.
1.1 jsing 5656: .It Fl startdate
1.80 ! jmc 5657: Print the start date of the certificate; that is, the
! 5658: .Cm notBefore
1.1 jsing 5659: date.
5660: .It Fl subject
1.80 ! jmc 5661: Print the subject name.
1.1 jsing 5662: .It Fl subject_hash
1.80 ! jmc 5663: Print the hash of the certificate subject name.
1.1 jsing 5664: This is used in
1.80 ! jmc 5665: .Nm openssl
1.1 jsing 5666: to form an index to allow certificates in a directory to be looked up
5667: by subject name.
5668: .It Fl subject_hash_old
1.80 ! jmc 5669: Print the hash of the certificate subject name
! 5670: using the older algorithm as used by
! 5671: .Nm openssl
1.1 jsing 5672: versions before 1.0.0.
5673: .It Fl text
1.80 ! jmc 5674: Print the full certificate in text form.
1.1 jsing 5675: .El
5676: .Pp
1.80 ! jmc 5677: A trusted certificate is a certificate which has several
1.1 jsing 5678: additional pieces of information attached to it such as the permitted
1.80 ! jmc 5679: and prohibited uses of the certificate and an alias.
! 5680: When a certificate is being verified at least one certificate must be trusted.
! 5681: By default, a trusted certificate must be stored locally and be a root CA.
! 5682: The following are x509 trust settings options:
1.1 jsing 5683: .Bl -tag -width "XXXX"
5684: .It Fl addreject Ar arg
1.80 ! jmc 5685: Add a prohibited use.
! 5686: Accepts the same values as the
1.1 jsing 5687: .Fl addtrust
5688: option.
5689: .It Fl addtrust Ar arg
1.80 ! jmc 5690: Add a trusted certificate use.
1.1 jsing 5691: Any object name can be used here, but currently only
1.80 ! jmc 5692: .Cm clientAuth
! 5693: (SSL client use),
! 5694: .Cm serverAuth
! 5695: (SSL server use),
! 5696: and
! 5697: .Cm emailProtection
! 5698: (S/MIME email) are used.
1.1 jsing 5699: .It Fl alias
1.80 ! jmc 5700: Output the certificate alias.
1.1 jsing 5701: .It Fl clrreject
1.80 ! jmc 5702: Clear all the prohibited or rejected uses of the certificate.
1.1 jsing 5703: .It Fl clrtrust
1.80 ! jmc 5704: Clear all the permitted or trusted uses of the certificate.
1.1 jsing 5705: .It Fl purpose
1.80 ! jmc 5706: Perform tests on the certificate extensions.
! 5707: The same code is used when verifying untrusted certificates in chains,
! 5708: so this section is useful if a chain is rejected by the verify code.
! 5709: .Pp
! 5710: The
! 5711: .Cm basicConstraints
! 5712: extension CA flag is used to determine whether the
! 5713: certificate can be used as a CA.
! 5714: If the CA flag is true, it is a CA;
! 5715: if the CA flag is false, it is not a CA.
! 5716: All CAs should have the CA flag set to true.
! 5717: .Pp
! 5718: If the
! 5719: .Cm basicConstraints
! 5720: extension is absent, then the certificate is
! 5721: considered to be a possible CA;
! 5722: other extensions are checked according to the intended use of the certificate.
! 5723: A warning is given in this case because the certificate should really not
! 5724: be regarded as a CA.
! 5725: However it is allowed to be a CA to work around some broken software.
! 5726: .Pp
! 5727: If the certificate is a V1 certificate
! 5728: (and thus has no extensions) and it is self-signed,
! 5729: it is also assumed to be a CA but a warning is again given.
! 5730: This is to work around the problem of Verisign roots
! 5731: which are V1 self-signed certificates.
! 5732: .Pp
! 5733: If the
! 5734: .Cm keyUsage
! 5735: extension is present, then additional restraints are
! 5736: made on the uses of the certificate.
! 5737: A CA certificate must have the
! 5738: .Cm keyCertSign
! 5739: bit set if the
! 5740: .Cm keyUsage
! 5741: extension is present.
! 5742: .Pp
! 5743: The extended key usage extension places additional restrictions on the
! 5744: certificate uses.
! 5745: If this extension is present, whether critical or not,
! 5746: the key can only be used for the purposes specified.
! 5747: .Pp
! 5748: A complete description of each test is given below.
! 5749: The comments about
! 5750: .Cm basicConstraints
! 5751: and
! 5752: .Cm keyUsage
! 5753: and V1 certificates above apply to all CA certificates.
! 5754: .Bl -tag -width "XXXX"
! 5755: .It SSL Client
! 5756: The extended key usage extension must be absent or include the
! 5757: web client authentication OID.
! 5758: .Cm keyUsage
! 5759: must be absent or it must have the
! 5760: .Cm digitalSignature
! 5761: bit set.
! 5762: The Netscape certificate type must be absent
! 5763: or it must have the SSL client bit set.
! 5764: .It SSL Client CA
! 5765: The extended key usage extension must be absent or include the
! 5766: web client authentication OID.
! 5767: The Netscape certificate type must be absent
! 5768: or it must have the SSL CA bit set:
! 5769: this is used as a workaround if the
! 5770: .Cm basicConstraints
! 5771: extension is absent.
! 5772: .It SSL Server
! 5773: The extended key usage extension must be absent or include the
! 5774: web server authentication and/or one of the SGC OIDs.
! 5775: .Cm keyUsage
! 5776: must be absent or it must have the
! 5777: .Cm digitalSignature
! 5778: set, the
! 5779: .Cm keyEncipherment
! 5780: set, or both bits set.
! 5781: The Netscape certificate type must be absent or have the SSL server bit set.
! 5782: .It SSL Server CA
! 5783: The extended key usage extension must be absent or include the
! 5784: web server authentication and/or one of the SGC OIDs.
! 5785: The Netscape certificate type must be absent or the SSL CA bit must be set:
! 5786: this is used as a workaround if the
! 5787: .Cm basicConstraints
! 5788: extension is absent.
! 5789: .It Netscape SSL Server
! 5790: For Netscape SSL clients to connect to an SSL server; it must have the
! 5791: .Cm keyEncipherment
! 5792: bit set if the
! 5793: .Cm keyUsage
! 5794: extension is present.
! 5795: This isn't always valid because some cipher suites use the key for
! 5796: digital signing.
! 5797: Otherwise it is the same as a normal SSL server.
! 5798: .It Common S/MIME Client Tests
! 5799: The extended key usage extension must be absent or include the
! 5800: email protection OID.
! 5801: The Netscape certificate type must be absent or should have the S/MIME bit set.
! 5802: If the S/MIME bit is not set in Netscape certificate type, then the SSL
! 5803: client bit is tolerated as an alternative but a warning is shown:
! 5804: this is because some Verisign certificates don't set the S/MIME bit.
! 5805: .It S/MIME Signing
! 5806: In addition to the common S/MIME client tests, the
! 5807: .Cm digitalSignature
! 5808: bit must be set if the
! 5809: .Cm keyUsage
! 5810: extension is present.
! 5811: .It S/MIME Encryption
! 5812: In addition to the common S/MIME tests, the
! 5813: .Cm keyEncipherment
! 5814: bit must be set if the
! 5815: .Cm keyUsage
! 5816: extension is present.
! 5817: .It S/MIME CA
! 5818: The extended key usage extension must be absent or include the
! 5819: email protection OID.
! 5820: The Netscape certificate type must be absent
! 5821: or must have the S/MIME CA bit set:
! 5822: this is used as a workaround if the
! 5823: .Cm basicConstraints
! 5824: extension is absent.
! 5825: .It CRL Signing
! 5826: The
! 5827: .Cm keyUsage
! 5828: extension must be absent or it must have the CRL signing bit set.
! 5829: .It CRL Signing CA
! 5830: The normal CA tests apply, except the
! 5831: .Cm basicConstraints
! 5832: extension must be present.
! 5833: .El
1.1 jsing 5834: .It Fl setalias Ar arg
1.80 ! jmc 5835: Set the alias of the certificate,
! 5836: allowing the certificate to be referred to using a nickname,
! 5837: such as
1.1 jsing 5838: .Qq Steve's Certificate .
5839: .It Fl trustout
1.80 ! jmc 5840: Output a trusted certificate
! 5841: (the default if any trust settings are modified).
1.1 jsing 5842: An ordinary or trusted certificate can be input, but by default an ordinary
5843: certificate is output and any trust settings are discarded.
5844: .El
1.80 ! jmc 5845: .Pp
1.1 jsing 5846: The
5847: .Nm x509
1.80 ! jmc 5848: utility can be used to sign certificates and requests:
! 5849: it can thus behave like a mini CA.
! 5850: The following are x509 signing options:
1.1 jsing 5851: .Bl -tag -width "XXXX"
5852: .It Fl CA Ar file
1.80 ! jmc 5853: The CA certificate to be used for signing.
1.1 jsing 5854: When this option is present,
5855: .Nm x509
1.80 ! jmc 5856: behaves like a mini CA.
1.1 jsing 5857: The input file is signed by the CA using this option;
5858: that is, its issuer name is set to the subject name of the CA and it is
5859: digitally signed using the CA's private key.
5860: .Pp
5861: This option is normally combined with the
5862: .Fl req
5863: option.
5864: Without the
5865: .Fl req
5866: option, the input is a certificate which must be self-signed.
5867: .It Fl CAcreateserial
1.80 ! jmc 5868: Create the CA serial number file if it does not exist
! 5869: instead of generating an error.
! 5870: The file will contain the serial number
1.1 jsing 5871: .Sq 02
5872: and the certificate being signed will have
5873: .Sq 1
5874: as its serial number.
1.80 ! jmc 5875: .It Fl CAform Cm der | pem
1.1 jsing 5876: The format of the CA certificate file.
5877: The default is
1.80 ! jmc 5878: .Cm pem .
1.1 jsing 5879: .It Fl CAkey Ar file
1.80 ! jmc 5880: Set the CA private key to sign a certificate with.
! 5881: Otherwise it is assumed that the CA private key is present
! 5882: in the CA certificate file.
! 5883: .It Fl CAkeyform Cm der | pem
1.1 jsing 5884: The format of the CA private key.
5885: The default is
1.80 ! jmc 5886: .Cm pem .
1.1 jsing 5887: .It Fl CAserial Ar file
1.80 ! jmc 5888: Use the serial number in
! 5889: .Ar file
! 5890: to sign a certificate.
! 5891: The file should consist of one line containing an even number of hex digits
1.1 jsing 5892: with the serial number to use.
5893: After each use the serial number is incremented and written out
5894: to the file again.
5895: .Pp
5896: The default filename consists of the CA certificate file base name with
5897: .Pa .srl
5898: appended.
5899: For example, if the CA certificate file is called
5900: .Pa mycacert.pem ,
5901: it expects to find a serial number file called
5902: .Pa mycacert.srl .
5903: .It Fl checkend Ar arg
5904: Check whether the certificate expires in the next
5905: .Ar arg
5906: seconds.
5907: If so, exit with return value 1;
5908: otherwise exit with return value 0.
5909: .It Fl clrext
5910: Delete any extensions from a certificate.
5911: This option is used when a certificate is being created from another
5912: certificate (for example with the
5913: .Fl signkey
5914: or the
5915: .Fl CA
5916: options).
5917: Normally, all extensions are retained.
5918: .It Fl days Ar arg
1.80 ! jmc 5919: The number of days to make a certificate valid for.
1.1 jsing 5920: The default is 30 days.
5921: .It Fl extensions Ar section
5922: The section to add certificate extensions from.
5923: If this option is not specified, the extensions should either be
1.80 ! jmc 5924: contained in the unnamed (default) section
! 5925: or the default section should contain a variable called
1.1 jsing 5926: .Qq extensions
5927: which contains the section to use.
5928: .It Fl extfile Ar file
5929: File containing certificate extensions to use.
5930: If not specified, no extensions are added to the certificate.
1.80 ! jmc 5931: .It Fl keyform Cm der | pem
! 5932: The format of the private key file used in the
1.1 jsing 5933: .Fl signkey
5934: option.
5935: .It Fl req
1.80 ! jmc 5936: Expect a certificate request on input instead of a certificate.
1.1 jsing 5937: .It Fl set_serial Ar n
1.80 ! jmc 5938: The serial number to use.
1.1 jsing 5939: This option can be used with either the
5940: .Fl signkey
5941: or
5942: .Fl CA
5943: options.
5944: If used in conjunction with the
5945: .Fl CA
5946: option, the serial number file (as specified by the
5947: .Fl CAserial
5948: or
5949: .Fl CAcreateserial
5950: options) is not used.
5951: .Pp
5952: The serial number can be decimal or hex (if preceded by
5953: .Sq 0x ) .
5954: Negative serial numbers can also be specified but their use is not recommended.
5955: .It Fl signkey Ar file
1.80 ! jmc 5956: Self-sign
! 5957: .Ar file
! 5958: using the supplied private key.
1.1 jsing 5959: .Pp
5960: If the input file is a certificate, it sets the issuer name to the
1.80 ! jmc 5961: subject name (i.e. makes it self-signed),
1.1 jsing 5962: changes the public key to the supplied value,
5963: and changes the start and end dates.
5964: The start date is set to the current time and the end date is set to
5965: a value determined by the
5966: .Fl days
5967: option.
5968: Any certificate extensions are retained unless the
5969: .Fl clrext
5970: option is supplied.
5971: .Pp
5972: If the input is a certificate request, a self-signed certificate
5973: is created using the supplied private key using the subject name in
5974: the request.
5975: .It Fl x509toreq
1.80 ! jmc 5976: Convert a certificate into a certificate request.
1.1 jsing 5977: The
5978: .Fl signkey
5979: option is used to pass the required private key.
5980: .El
1.38 jmc 5981: .Sh COMMON NOTATION
5982: Several commands share a common syntax,
5983: as detailed below.
5984: .Pp
5985: Password arguments, typically specified using
1.33 jmc 5986: .Fl passin
5987: and
5988: .Fl passout
1.38 jmc 5989: for input and output passwords,
5990: allow passwords to be obtained from a variety of sources.
5991: Both of these options take a single argument, described below.
1.33 jmc 5992: If no password argument is given and a password is required,
5993: then the user is prompted to enter one:
5994: this will typically be read from the current terminal with echoing turned off.
1.38 jmc 5995: .Bl -tag -width "pass:password" -offset indent
5996: .It Cm pass : Ns Ar password
1.33 jmc 5997: The actual password is
5998: .Ar password .
1.38 jmc 5999: Since the password is visible to utilities,
1.33 jmc 6000: this form should only be used where security is not important.
1.38 jmc 6001: .It Cm env : Ns Ar var
1.33 jmc 6002: Obtain the password from the environment variable
6003: .Ar var .
1.38 jmc 6004: Since the environment of other processes is visible,
6005: this option should be used with caution.
6006: .It Cm file : Ns Ar path
1.33 jmc 6007: The first line of
6008: .Ar path
6009: is the password.
6010: If the same
6011: .Ar path
6012: argument is supplied to
6013: .Fl passin
6014: and
6015: .Fl passout ,
6016: then the first line will be used for the input password and the next line
6017: for the output password.
6018: .Ar path
6019: need not refer to a regular file:
6020: it could, for example, refer to a device or named pipe.
1.38 jmc 6021: .It Cm fd : Ns Ar number
1.33 jmc 6022: Read the password from the file descriptor
6023: .Ar number .
1.38 jmc 6024: This can be used to send the data via a pipe, for example.
6025: .It Cm stdin
1.33 jmc 6026: Read the password from standard input.
1.35 jmc 6027: .El
1.38 jmc 6028: .Pp
1.64 jmc 6029: Input/output formats,
1.38 jmc 6030: typically specified using
6031: .Fl inform
6032: and
6033: .Fl outform ,
1.64 jmc 6034: indicate the format being read from or written to.
1.38 jmc 6035: The argument is case insensitive.
6036: .Pp
6037: .Bl -tag -width Ds -offset indent -compact
6038: .It Cm der
6039: Distinguished Encoding Rules (DER)
6040: is a binary format.
1.64 jmc 6041: .It Cm net
6042: Insecure legacy format.
1.38 jmc 6043: .It Cm pem
6044: Privacy Enhanced Mail (PEM)
6045: is base64-encoded.
1.70 jmc 6046: .It Cm smime
6047: An SMIME format message.
1.38 jmc 6048: .It Cm txt
6049: Plain ASCII text.
6050: .El
1.35 jmc 6051: .Sh ENVIRONMENT
6052: The following environment variables affect the execution of
6053: .Nm openssl :
1.38 jmc 6054: .Bl -tag -width "/etc/ssl/openssl.cnf"
1.35 jmc 6055: .It Ev OPENSSL_CONF
6056: The location of the master configuration file.
1.33 jmc 6057: .El
1.1 jsing 6058: .\"
6059: .\" FILES
6060: .\"
6061: .Sh FILES
6062: .Bl -tag -width "/etc/ssl/openssl.cnf" -compact
1.17 sobrado 6063: .It Pa /etc/ssl/
1.1 jsing 6064: Default config directory for
6065: .Nm openssl .
1.17 sobrado 6066: .It Pa /etc/ssl/lib/
1.1 jsing 6067: Unused.
1.17 sobrado 6068: .It Pa /etc/ssl/private/
1.1 jsing 6069: Default private key directory.
1.17 sobrado 6070: .It Pa /etc/ssl/openssl.cnf
1.1 jsing 6071: Default configuration file for
6072: .Nm openssl .
1.17 sobrado 6073: .It Pa /etc/ssl/x509v3.cnf
1.1 jsing 6074: Default configuration file for
6075: .Nm x509
6076: certificates.
6077: .El
6078: .\"
6079: .\" SEE ALSO
6080: .\"
6081: .Sh SEE ALSO
1.74 jmc 6082: .Xr acme-client 1 ,
1.26 jmc 6083: .Xr nc 1 ,
1.1 jsing 6084: .Xr ssl 8 ,
6085: .Xr starttls 8
6086: .Sh STANDARDS
6087: .Rs
6088: .%D February 1995
6089: .%Q Netscape Communications Corp.
6090: .%T The SSL Protocol
6091: .Re
6092: .Pp
6093: .Rs
6094: .%D November 1996
6095: .%Q Netscape Communications Corp.
6096: .%T The SSL 3.0 Protocol
6097: .Re
6098: .Pp
6099: .Rs
6100: .%A T. Dierks
6101: .%A C. Allen
6102: .%D January 1999
6103: .%R RFC 2246
6104: .%T The TLS Protocol Version 1.0
6105: .Re
6106: .Pp
6107: .Rs
6108: .%A M. Wahl
6109: .%A S. Killie
6110: .%A T. Howes
6111: .%D December 1997
6112: .%R RFC 2253
6113: .%T Lightweight Directory Access Protocol (v3): UTF-8 String Representation of Distinguished Names
6114: .Re
6115: .Pp
6116: .Rs
6117: .%A B. Kaliski
6118: .%D March 1998
6119: .%R RFC 2315
6120: .%T PKCS #7: Cryptographic Message Syntax Version 1.5
6121: .Re
6122: .Pp
6123: .Rs
6124: .%A R. Housley
6125: .%A W. Ford
6126: .%A W. Polk
6127: .%A D. Solo
6128: .%D January 1999
6129: .%R RFC 2459
6130: .%T Internet X.509 Public Key Infrastructure Certificate and CRL Profile
6131: .Re
6132: .Pp
6133: .Rs
6134: .%A M. Myers
6135: .%A R. Ankney
6136: .%A A. Malpani
6137: .%A S. Galperin
6138: .%A C. Adams
6139: .%D June 1999
6140: .%R RFC 2560
6141: .%T X.509 Internet Public Key Infrastructure Online Certificate Status Protocol \(en OCSP
6142: .Re
6143: .Pp
6144: .Rs
6145: .%A R. Housley
6146: .%D June 1999
6147: .%R RFC 2630
6148: .%T Cryptographic Message Syntax
6149: .Re
6150: .Pp
6151: .Rs
6152: .%A P. Chown
6153: .%D June 2002
6154: .%R RFC 3268
1.24 jmc 6155: .%T Advanced Encryption Standard (AES) Ciphersuites for Transport Layer Security (TLS)
1.1 jsing 6156: .Re