Annotation of src/usr.bin/openssl/openssl.1, Revision 1.89
1.89 ! jmc 1: .\" $OpenBSD: openssl.1,v 1.88 2018/02/28 20:36:09 jmc Exp $
1.1 jsing 2: .\" ====================================================================
3: .\" Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
4: .\"
5: .\" Redistribution and use in source and binary forms, with or without
6: .\" modification, are permitted provided that the following conditions
7: .\" are met:
8: .\"
9: .\" 1. Redistributions of source code must retain the above copyright
10: .\" notice, this list of conditions and the following disclaimer.
11: .\"
12: .\" 2. Redistributions in binary form must reproduce the above copyright
13: .\" notice, this list of conditions and the following disclaimer in
14: .\" the documentation and/or other materials provided with the
15: .\" distribution.
16: .\"
17: .\" 3. All advertising materials mentioning features or use of this
18: .\" software must display the following acknowledgment:
19: .\" "This product includes software developed by the OpenSSL Project
20: .\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
21: .\"
22: .\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
23: .\" endorse or promote products derived from this software without
24: .\" prior written permission. For written permission, please contact
25: .\" openssl-core@openssl.org.
26: .\"
27: .\" 5. Products derived from this software may not be called "OpenSSL"
28: .\" nor may "OpenSSL" appear in their names without prior written
29: .\" permission of the OpenSSL Project.
30: .\"
31: .\" 6. Redistributions of any form whatsoever must retain the following
32: .\" acknowledgment:
33: .\" "This product includes software developed by the OpenSSL Project
34: .\" for use in the OpenSSL Toolkit (http://www.openssl.org/)"
35: .\"
36: .\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
37: .\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
38: .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
39: .\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
40: .\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
41: .\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
42: .\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
43: .\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
44: .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
45: .\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
46: .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
47: .\" OF THE POSSIBILITY OF SUCH DAMAGE.
48: .\" ====================================================================
49: .\"
50: .\" This product includes cryptographic software written by Eric Young
51: .\" (eay@cryptsoft.com). This product includes software written by Tim
52: .\" Hudson (tjh@cryptsoft.com).
53: .\"
54: .\"
55: .\" Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
56: .\" All rights reserved.
57: .\"
58: .\" This package is an SSL implementation written
59: .\" by Eric Young (eay@cryptsoft.com).
60: .\" The implementation was written so as to conform with Netscapes SSL.
61: .\"
62: .\" This library is free for commercial and non-commercial use as long as
63: .\" the following conditions are aheared to. The following conditions
64: .\" apply to all code found in this distribution, be it the RC4, RSA,
65: .\" lhash, DES, etc., code; not just the SSL code. The SSL documentation
66: .\" included with this distribution is covered by the same copyright terms
67: .\" except that the holder is Tim Hudson (tjh@cryptsoft.com).
68: .\"
69: .\" Copyright remains Eric Young's, and as such any Copyright notices in
70: .\" the code are not to be removed.
71: .\" If this package is used in a product, Eric Young should be given attribution
72: .\" as the author of the parts of the library used.
73: .\" This can be in the form of a textual message at program startup or
74: .\" in documentation (online or textual) provided with the package.
75: .\"
76: .\" Redistribution and use in source and binary forms, with or without
77: .\" modification, are permitted provided that the following conditions
78: .\" are met:
79: .\" 1. Redistributions of source code must retain the copyright
80: .\" notice, this list of conditions and the following disclaimer.
81: .\" 2. Redistributions in binary form must reproduce the above copyright
82: .\" notice, this list of conditions and the following disclaimer in the
83: .\" documentation and/or other materials provided with the distribution.
84: .\" 3. All advertising materials mentioning features or use of this software
85: .\" must display the following acknowledgement:
86: .\" "This product includes cryptographic software written by
87: .\" Eric Young (eay@cryptsoft.com)"
88: .\" The word 'cryptographic' can be left out if the rouines from the library
89: .\" being used are not cryptographic related :-).
90: .\" 4. If you include any Windows specific code (or a derivative thereof) from
91: .\" the apps directory (application code) you must include an
92: .\" acknowledgement:
93: .\" "This product includes software written by Tim Hudson
94: .\" (tjh@cryptsoft.com)"
95: .\"
96: .\" THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
97: .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
98: .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
99: .\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
100: .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
101: .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
102: .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
103: .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
104: .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
105: .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
106: .\" SUCH DAMAGE.
107: .\"
108: .\" The licence and distribution terms for any publically available version or
109: .\" derivative of this code cannot be changed. i.e. this code cannot simply be
110: .\" copied and put under another distribution licence
111: .\" [including the GNU Public Licence.]
112: .\"
113: .\" OPENSSL
114: .\"
1.89 ! jmc 115: .Dd $Mdocdate: February 28 2018 $
1.1 jsing 116: .Dt OPENSSL 1
117: .Os
118: .Sh NAME
119: .Nm openssl
120: .Nd OpenSSL command line tool
121: .Sh SYNOPSIS
122: .Nm
123: .Cm command
124: .Op Ar command_opts
125: .Op Ar command_args
126: .Pp
127: .Nm
1.13 bentley 128: .Cm list-standard-commands |
129: .Cm list-message-digest-commands |
130: .Cm list-cipher-commands |
131: .Cm list-cipher-algorithms |
132: .Cm list-message-digest-algorithms |
1.1 jsing 133: .Cm list-public-key-algorithms
134: .Pp
135: .Nm
1.39 jmc 136: .Cm no- Ns Ar command
1.1 jsing 137: .Sh DESCRIPTION
138: .Nm OpenSSL
1.31 jmc 139: is a cryptography toolkit implementing the
140: Transport Layer Security
1.1 jsing 141: .Pq TLS v1
1.31 jmc 142: network protocol,
143: as well as related cryptography standards.
1.1 jsing 144: .Pp
145: The
146: .Nm
147: program is a command line tool for using the various
148: cryptography functions of
1.39 jmc 149: .Nm openssl Ns 's
1.33 jmc 150: crypto library from the shell.
1.1 jsing 151: .Pp
152: The pseudo-commands
153: .Cm list-standard-commands , list-message-digest-commands ,
154: and
155: .Cm list-cipher-commands
156: output a list
157: .Pq one entry per line
158: of the names of all standard commands, message digest commands,
159: or cipher commands, respectively, that are available in the present
160: .Nm
161: utility.
162: .Pp
163: The pseudo-commands
164: .Cm list-cipher-algorithms
165: and
166: .Cm list-message-digest-algorithms
167: list all cipher and message digest names,
168: one entry per line.
169: Aliases are listed as:
170: .Pp
1.33 jmc 171: .D1 from => to
1.1 jsing 172: .Pp
173: The pseudo-command
174: .Cm list-public-key-algorithms
175: lists all supported public key algorithms.
176: .Pp
177: The pseudo-command
1.39 jmc 178: .Cm no- Ns Ar command
1.1 jsing 179: tests whether a command of the
180: specified name is available.
1.39 jmc 181: If
182: .Ar command
183: does not exist,
1.1 jsing 184: it returns 0
185: and prints
1.39 jmc 186: .Cm no- Ns Ar command ;
1.1 jsing 187: otherwise it returns 1 and prints
1.39 jmc 188: .Ar command .
189: In both cases, the output goes to stdout and nothing is printed to stderr.
1.1 jsing 190: Additional command line arguments are always ignored.
191: Since for each cipher there is a command of the same name,
192: this provides an easy way for shell scripts to test for the
193: availability of ciphers in the
194: .Nm
195: program.
196: .Pp
197: .Sy Note :
1.39 jmc 198: .Cm no- Ns Ar command
1.1 jsing 199: is not able to detect pseudo-commands such as
200: .Cm quit ,
201: .Cm list- Ns Ar ... Ns Cm -commands ,
202: or
1.39 jmc 203: .Cm no- Ns Ar command
1.1 jsing 204: itself.
205: .Sh ASN1PARSE
206: .nr nS 1
207: .Nm "openssl asn1parse"
208: .Op Fl i
209: .Op Fl dlimit Ar number
210: .Op Fl dump
211: .Op Fl genconf Ar file
212: .Op Fl genstr Ar str
213: .Op Fl in Ar file
1.34 jmc 214: .Op Fl inform Cm der | pem | txt
1.1 jsing 215: .Op Fl length Ar number
216: .Op Fl noout
217: .Op Fl offset Ar number
218: .Op Fl oid Ar file
219: .Op Fl out Ar file
220: .Op Fl strparse Ar offset
221: .nr nS 0
222: .Pp
223: The
224: .Nm asn1parse
225: command is a diagnostic utility that can parse ASN.1 structures.
226: It can also be used to extract data from ASN.1 formatted data.
227: .Pp
228: The options are as follows:
229: .Bl -tag -width Ds
230: .It Fl dlimit Ar number
231: Dump the first
232: .Ar number
233: bytes of unknown data in hex form.
234: .It Fl dump
235: Dump unknown data in hex form.
236: .It Fl genconf Ar file , Fl genstr Ar str
237: Generate encoded data based on string
238: .Ar str ,
239: file
240: .Ar file ,
1.34 jmc 241: or both, using the format described in
242: .Xr ASN1_generate_nconf 3 .
1.1 jsing 243: If only
244: .Ar file
245: is present then the string is obtained from the default section
246: using the name
247: .Dq asn1 .
1.84 jmc 248: The encoded data is passed through the ASN.1 parser and printed out as
1.1 jsing 249: though it came from a file;
250: the contents can thus be examined and written to a file using the
251: .Fl out
252: option.
253: .It Fl i
1.34 jmc 254: Indent the output according to the
1.1 jsing 255: .Qq depth
256: of the structures.
257: .It Fl in Ar file
1.41 jmc 258: The input file to read from, or standard input if not specified.
1.34 jmc 259: .It Fl inform Cm der | pem | txt
1.1 jsing 260: The input format.
261: .It Fl length Ar number
1.34 jmc 262: Number of bytes to parse; the default is until end of file.
1.1 jsing 263: .It Fl noout
1.46 jmc 264: Do not output the parsed version of the input file.
1.1 jsing 265: .It Fl offset Ar number
1.34 jmc 266: Starting offset to begin parsing; the default is start of file.
1.1 jsing 267: .It Fl oid Ar file
268: A file containing additional object identifiers
269: .Pq OIDs .
270: If an OID
271: .Pq object identifier
272: is not part of
1.34 jmc 273: .Nm openssl Ns 's
1.1 jsing 274: internal table it will be represented in
275: numerical form
276: .Pq for example 1.2.3.4 .
1.34 jmc 277: .Pp
1.1 jsing 278: Each line consists of three columns:
279: the first column is the OID in numerical format and should be followed by
280: whitespace.
281: The second column is the
1.34 jmc 282: .Qq short name ,
1.1 jsing 283: which is a single word followed by whitespace.
284: The final column is the rest of the line and is the
285: .Qq long name .
286: .Nm asn1parse
287: displays the long name.
1.34 jmc 288: .It Fl out Ar file
289: The DER-encoded output file; the default is no encoded output
290: (useful when combined with
291: .Fl strparse ) .
292: .It Fl strparse Ar offset
293: Parse the content octets of the ASN.1 object starting at
294: .Ar offset .
295: This option can be used multiple times to
296: .Qq drill down
297: into a nested structure.
298: .El
1.1 jsing 299: .Sh CA
300: .nr nS 1
301: .Nm "openssl ca"
302: .Op Fl batch
303: .Op Fl cert Ar file
304: .Op Fl config Ar file
305: .Op Fl crl_CA_compromise Ar time
306: .Op Fl crl_compromise Ar time
307: .Op Fl crl_hold Ar instruction
308: .Op Fl crl_reason Ar reason
309: .Op Fl crldays Ar days
310: .Op Fl crlexts Ar section
311: .Op Fl crlhours Ar hours
312: .Op Fl days Ar arg
313: .Op Fl enddate Ar date
314: .Op Fl extensions Ar section
315: .Op Fl extfile Ar section
316: .Op Fl gencrl
317: .Op Fl in Ar file
318: .Op Fl infiles
319: .Op Fl key Ar keyfile
320: .Op Fl keyfile Ar arg
1.81 jmc 321: .Op Fl keyform Ar pem
1.1 jsing 322: .Op Fl md Ar arg
323: .Op Fl msie_hack
324: .Op Fl name Ar section
325: .Op Fl noemailDN
326: .Op Fl notext
327: .Op Fl out Ar file
328: .Op Fl outdir Ar dir
329: .Op Fl passin Ar arg
330: .Op Fl policy Ar arg
331: .Op Fl preserveDN
332: .Op Fl revoke Ar file
333: .Op Fl spkac Ar file
334: .Op Fl ss_cert Ar file
335: .Op Fl startdate Ar date
336: .Op Fl status Ar serial
337: .Op Fl subj Ar arg
338: .Op Fl updatedb
339: .Op Fl verbose
340: .nr nS 0
341: .Pp
342: The
343: .Nm ca
1.35 jmc 344: command is a minimal certificate authority (CA) application.
1.1 jsing 345: It can be used to sign certificate requests in a variety of forms
1.35 jmc 346: and generate certificate revocation lists (CRLs).
1.1 jsing 347: It also maintains a text database of issued certificates and their status.
348: .Pp
1.35 jmc 349: The options relevant to CAs are as follows:
1.1 jsing 350: .Bl -tag -width "XXXX"
351: .It Fl batch
1.41 jmc 352: Batch mode.
1.1 jsing 353: In this mode no questions will be asked
354: and all certificates will be certified automatically.
355: .It Fl cert Ar file
356: The CA certificate file.
357: .It Fl config Ar file
1.72 jmc 358: Specify an alternative configuration file.
1.1 jsing 359: .It Fl days Ar arg
360: The number of days to certify the certificate for.
361: .It Fl enddate Ar date
1.41 jmc 362: Set the expiry date.
1.88 jmc 363: The format of the date is [YY]YYMMDDHHMMSSZ,
364: with all four year digits required for dates from 2050 onwards.
1.1 jsing 365: .It Fl extensions Ar section
366: The section of the configuration file containing certificate extensions
367: to be added when a certificate is issued (defaults to
1.35 jmc 368: .Cm x509_extensions
1.1 jsing 369: unless the
370: .Fl extfile
371: option is used).
372: If no extension section is present, a V1 certificate is created.
373: If the extension section is present
374: .Pq even if it is empty ,
375: then a V3 certificate is created.
376: .It Fl extfile Ar file
377: An additional configuration
378: .Ar file
379: to read certificate extensions from
380: (using the default section unless the
381: .Fl extensions
382: option is also used).
383: .It Fl in Ar file
384: An input
385: .Ar file
386: containing a single certificate request to be signed by the CA.
387: .It Fl infiles
388: If present, this should be the last option; all subsequent arguments
389: are assumed to be the names of files containing certificate requests.
390: .It Fl key Ar keyfile
391: The password used to encrypt the private key.
1.35 jmc 392: Since on some systems the command line arguments are visible,
393: this option should be used with caution.
1.1 jsing 394: .It Fl keyfile Ar file
395: The private key to sign requests with.
1.81 jmc 396: .It Fl keyform Ar pem
1.1 jsing 397: Private key file format.
398: .It Fl md Ar alg
399: The message digest to use.
400: Possible values include
401: .Ar md5
402: and
403: .Ar sha1 .
404: This option also applies to CRLs.
405: .It Fl msie_hack
406: This is a legacy option to make
407: .Nm ca
408: work with very old versions of the IE certificate enrollment control
409: .Qq certenr3 .
410: It used UniversalStrings for almost everything.
411: Since the old control has various security bugs,
412: its use is strongly discouraged.
413: The newer control
414: .Qq Xenroll
415: does not need this option.
416: .It Fl name Ar section
417: Specifies the configuration file
418: .Ar section
419: to use (overrides
420: .Cm default_ca
421: in the
422: .Cm ca
423: section).
424: .It Fl noemailDN
425: The DN of a certificate can contain the EMAIL field if present in the
1.30 mmcc 426: request DN, however it is good policy just having the email set into
1.1 jsing 427: the
1.35 jmc 428: .Cm altName
1.1 jsing 429: extension of the certificate.
430: When this option is set, the EMAIL field is removed from the certificate's
431: subject and set only in the, eventually present, extensions.
432: The
433: .Ar email_in_dn
434: keyword can be used in the configuration file to enable this behaviour.
435: .It Fl notext
436: Don't output the text form of a certificate to the output file.
437: .It Fl out Ar file
438: The output file to output certificates to.
439: The default is standard output.
440: The certificate details will also be printed out to this file.
441: .It Fl outdir Ar directory
442: The
443: .Ar directory
444: to output certificates to.
445: The certificate will be written to a file consisting of the
446: serial number in hex with
447: .Qq .pem
448: appended.
449: .It Fl passin Ar arg
450: The key password source.
451: .It Fl policy Ar arg
1.41 jmc 452: Define the CA
1.1 jsing 453: .Qq policy
454: to use.
1.35 jmc 455: The policy section in the configuration file
456: consists of a set of variables corresponding to certificate DN fields.
457: The values may be one of
458: .Qq match
459: (the value must match the same field in the CA certificate),
460: .Qq supplied
461: (the value must be present), or
462: .Qq optional
463: (the value may be present).
464: Any fields not mentioned in the policy section
465: are silently deleted, unless the
466: .Fl preserveDN
467: option is set,
468: but this can be regarded more of a quirk than intended behaviour.
1.1 jsing 469: .It Fl preserveDN
470: Normally, the DN order of a certificate is the same as the order of the
471: fields in the relevant policy section.
472: When this option is set, the order is the same as the request.
473: This is largely for compatibility with the older IE enrollment control
474: which would only accept certificates if their DNs matched the order of the
475: request.
476: This is not needed for Xenroll.
477: .It Fl spkac Ar file
478: A file containing a single Netscape signed public key and challenge,
479: and additional field values to be signed by the CA.
1.35 jmc 480: This will usually come from the
481: KEYGEN tag in an HTML form to create a new private key.
482: It is, however, possible to create SPKACs using the
483: .Nm spkac
484: utility.
485: .Pp
486: The file should contain the variable SPKAC set to the value of
487: the SPKAC and also the required DN components as name value pairs.
488: If it's necessary to include the same component twice,
489: then it can be preceded by a number and a
490: .Sq \&. .
1.1 jsing 491: .It Fl ss_cert Ar file
492: A single self-signed certificate to be signed by the CA.
493: .It Fl startdate Ar date
1.41 jmc 494: Set the start date.
1.88 jmc 495: The format of the date is [YY]YYMMDDHHMMSSZ,
496: with all four year digits required for dates from 2050 onwards.
1.1 jsing 497: .It Fl status Ar serial
1.35 jmc 498: Show the status of the certificate with serial number
1.1 jsing 499: .Ar serial .
500: .It Fl updatedb
501: Update database for expired certificates.
502: .It Fl verbose
1.41 jmc 503: Print extra details about the operations being performed.
1.1 jsing 504: .El
1.35 jmc 505: .Pp
506: The options relevant to CRLs are as follows:
1.1 jsing 507: .Bl -tag -width "XXXX"
508: .It Fl crl_CA_compromise Ar time
509: This is the same as
510: .Fl crl_compromise ,
511: except the revocation reason is set to CACompromise.
512: .It Fl crl_compromise Ar time
1.41 jmc 513: Set the revocation reason to keyCompromise and the compromise time to
1.1 jsing 514: .Ar time .
515: .Ar time
516: should be in GeneralizedTime format, i.e. YYYYMMDDHHMMSSZ.
517: .It Fl crl_hold Ar instruction
1.41 jmc 518: Set the CRL revocation reason code to certificateHold and the hold
1.1 jsing 519: instruction to
520: .Ar instruction
521: which must be an OID.
522: Although any OID can be used, only holdInstructionNone
523: (the use of which is discouraged by RFC 2459), holdInstructionCallIssuer or
524: holdInstructionReject will normally be used.
525: .It Fl crl_reason Ar reason
526: Revocation reason, where
527: .Ar reason
528: is one of:
529: unspecified, keyCompromise, CACompromise, affiliationChanged, superseded,
530: cessationOfOperation, certificateHold or removeFromCRL.
531: The matching of
532: .Ar reason
533: is case insensitive.
534: Setting any revocation reason will make the CRL v2.
535: In practice, removeFromCRL is not particularly useful because it is only used
536: in delta CRLs which are not currently implemented.
537: .It Fl crldays Ar num
538: The number of days before the next CRL is due.
539: This is the days from now to place in the CRL
1.35 jmc 540: .Cm nextUpdate
1.1 jsing 541: field.
542: .It Fl crlexts Ar section
543: The
544: .Ar section
545: of the configuration file containing CRL extensions to include.
546: If no CRL extension section is present then a V1 CRL is created;
547: if the CRL extension section is present
1.81 jmc 548: (even if it is empty)
1.1 jsing 549: then a V2 CRL is created.
1.81 jmc 550: The CRL extensions specified are CRL extensions and not CRL entry extensions.
551: It should be noted that some software can't handle V2 CRLs.
1.1 jsing 552: .It Fl crlhours Ar num
553: The number of hours before the next CRL is due.
554: .It Fl gencrl
1.41 jmc 555: Generate a CRL based on information in the index file.
1.1 jsing 556: .It Fl revoke Ar file
557: A
558: .Ar file
559: containing a certificate to revoke.
560: .It Fl subj Ar arg
561: Supersedes the subject name given in the request.
562: The
563: .Ar arg
564: must be formatted as
565: .Ar /type0=value0/type1=value1/type2=... ;
566: characters may be escaped by
567: .Sq \e
568: .Pq backslash ,
569: no spaces are skipped.
570: .El
571: .Pp
1.35 jmc 572: Many of the options can be set in the
573: .Cm ca
574: section of the configuration file
575: (or in the default section of the configuration file),
576: specified using
577: .Cm default_ca
578: or
579: .Fl name .
580: The options
581: .Cm preserve
582: and
583: .Cm msie_hack
584: are read directly from the
585: .Cm ca
586: section.
1.1 jsing 587: .Pp
588: Many of the configuration file options are identical to command line
589: options.
590: Where the option is present in the configuration file and the command line,
591: the command line value is used.
592: Where an option is described as mandatory, then it must be present in
593: the configuration file or the command line equivalent
594: .Pq if any
595: used.
596: .Bl -tag -width "XXXX"
1.35 jmc 597: .It Cm certificate
1.1 jsing 598: The same as
599: .Fl cert .
600: It gives the file containing the CA certificate.
601: Mandatory.
1.35 jmc 602: .It Cm copy_extensions
1.1 jsing 603: Determines how extensions in certificate requests should be handled.
604: If set to
1.35 jmc 605: .Cm none
1.1 jsing 606: or this option is not present, then extensions are
607: ignored and not copied to the certificate.
608: If set to
1.35 jmc 609: .Cm copy ,
1.1 jsing 610: then any extensions present in the request that are not already present
611: are copied to the certificate.
612: If set to
1.35 jmc 613: .Cm copyall ,
1.1 jsing 614: then all extensions in the request are copied to the certificate:
615: if the extension is already present in the certificate it is deleted first.
1.35 jmc 616: .Pp
617: The
618: .Cm copy_extensions
619: option should be used with caution.
620: If care is not taken, it can be a security risk.
621: For example, if a certificate request contains a
622: .Cm basicConstraints
623: extension with CA:TRUE and the
624: .Cm copy_extensions
625: value is set to
626: .Cm copyall
627: and the user does not spot
628: this when the certificate is displayed, then this will hand the requestor
629: a valid CA certificate.
630: .Pp
631: This situation can be avoided by setting
632: .Cm copy_extensions
633: to
634: .Cm copy
635: and including
636: .Cm basicConstraints
637: with CA:FALSE in the configuration file.
638: Then if the request contains a
639: .Cm basicConstraints
640: extension, it will be ignored.
1.1 jsing 641: .Pp
642: The main use of this option is to allow a certificate request to supply
643: values for certain extensions such as
1.35 jmc 644: .Cm subjectAltName .
645: .It Cm crl_extensions
1.1 jsing 646: The same as
647: .Fl crlexts .
1.35 jmc 648: .It Cm crlnumber
1.1 jsing 649: A text file containing the next CRL number to use in hex.
650: The CRL number will be inserted in the CRLs only if this file exists.
651: If this file is present, it must contain a valid CRL number.
1.35 jmc 652: .It Cm database
1.1 jsing 653: The text database file to use.
654: Mandatory.
655: This file must be present, though initially it will be empty.
1.35 jmc 656: .It Cm default_crl_hours , default_crl_days
1.1 jsing 657: The same as the
658: .Fl crlhours
659: and
660: .Fl crldays
661: options.
662: These will only be used if neither command line option is present.
663: At least one of these must be present to generate a CRL.
1.35 jmc 664: .It Cm default_days
1.1 jsing 665: The same as the
666: .Fl days
667: option.
668: The number of days to certify a certificate for.
1.35 jmc 669: .It Cm default_enddate
1.1 jsing 670: The same as the
671: .Fl enddate
672: option.
673: Either this option or
1.35 jmc 674: .Cm default_days
1.1 jsing 675: .Pq or the command line equivalents
676: must be present.
1.35 jmc 677: .It Cm default_md
1.1 jsing 678: The same as the
679: .Fl md
680: option.
681: The message digest to use.
682: Mandatory.
1.35 jmc 683: .It Cm default_startdate
1.1 jsing 684: The same as the
685: .Fl startdate
686: option.
687: The start date to certify a certificate for.
688: If not set, the current time is used.
1.35 jmc 689: .It Cm email_in_dn
1.1 jsing 690: The same as
691: .Fl noemailDN .
692: If the EMAIL field is to be removed from the DN of the certificate,
693: simply set this to
694: .Qq no .
695: If not present, the default is to allow for the EMAIL field in the
696: certificate's DN.
1.35 jmc 697: .It Cm msie_hack
1.1 jsing 698: The same as
699: .Fl msie_hack .
1.35 jmc 700: .It Cm name_opt , cert_opt
1.1 jsing 701: These options allow the format used to display the certificate details
702: when asking the user to confirm signing.
703: All the options supported by the
704: .Nm x509
705: utilities'
706: .Fl nameopt
707: and
708: .Fl certopt
709: switches can be used here, except that
1.35 jmc 710: .Cm no_signame
1.1 jsing 711: and
1.35 jmc 712: .Cm no_sigdump
1.1 jsing 713: are permanently set and cannot be disabled
714: (this is because the certificate signature cannot be displayed because
715: the certificate has not been signed at this point).
716: .Pp
717: For convenience, the value
1.35 jmc 718: .Cm ca_default
1.1 jsing 719: is accepted by both to produce a reasonable output.
720: .Pp
721: If neither option is present, the format used in earlier versions of
1.35 jmc 722: .Nm openssl
1.1 jsing 723: is used.
1.81 jmc 724: Use of the old format is strongly discouraged
725: because it only displays fields mentioned in the
1.35 jmc 726: .Cm policy
1.1 jsing 727: section,
728: mishandles multicharacter string types and does not display extensions.
1.35 jmc 729: .It Cm new_certs_dir
1.1 jsing 730: The same as the
731: .Fl outdir
732: command line option.
733: It specifies the directory where new certificates will be placed.
734: Mandatory.
1.35 jmc 735: .It Cm oid_file
1.1 jsing 736: This specifies a file containing additional object identifiers.
737: Each line of the file should consist of the numerical form of the
738: object identifier followed by whitespace, then the short name followed
739: by whitespace and finally the long name.
1.35 jmc 740: .It Cm oid_section
1.1 jsing 741: This specifies a section in the configuration file containing extra
742: object identifiers.
743: Each line should consist of the short name of the object identifier
744: followed by
745: .Sq =
746: and the numerical form.
747: The short and long names are the same when this option is used.
1.35 jmc 748: .It Cm policy
1.1 jsing 749: The same as
750: .Fl policy .
751: Mandatory.
1.35 jmc 752: .It Cm preserve
1.1 jsing 753: The same as
754: .Fl preserveDN .
1.35 jmc 755: .It Cm private_key
1.1 jsing 756: Same as the
757: .Fl keyfile
758: option.
759: The file containing the CA private key.
760: Mandatory.
1.35 jmc 761: .It Cm serial
1.1 jsing 762: A text file containing the next serial number to use in hex.
763: Mandatory.
764: This file must be present and contain a valid serial number.
1.35 jmc 765: .It Cm unique_subject
1.1 jsing 766: If the value
1.35 jmc 767: .Cm yes
1.1 jsing 768: is given, the valid certificate entries in the
769: database must have unique subjects.
770: If the value
1.35 jmc 771: .Cm no
1.1 jsing 772: is given,
773: several valid certificate entries may have the exact same subject.
774: The default value is
1.35 jmc 775: .Cm yes .
776: .It Cm x509_extensions
1.1 jsing 777: The same as
778: .Fl extensions .
779: .El
780: .Sh CIPHERS
781: .Nm openssl ciphers
782: .Op Fl hVv
1.18 jmc 783: .Op Fl tls1
1.1 jsing 784: .Op Ar cipherlist
785: .Pp
786: The
787: .Nm ciphers
788: command converts
1.36 jmc 789: .Nm openssl
1.1 jsing 790: cipher lists into ordered SSL cipher preference lists.
1.41 jmc 791: It can be used as a way to determine the appropriate cipher list.
1.1 jsing 792: .Pp
793: The options are as follows:
794: .Bl -tag -width Ds
795: .It Fl h , \&?
796: Print a brief usage message.
797: .It Fl tls1
798: Only include TLS v1 ciphers.
799: .It Fl V
1.36 jmc 800: Verbose.
801: List ciphers with a complete description of protocol version,
802: key exchange, authentication, encryption and mac algorithms,
803: any key size restrictions,
804: and cipher suite codes (hex format).
805: .It Fl v
1.1 jsing 806: Like
1.36 jmc 807: .Fl V ,
808: but without cipher suite codes.
1.1 jsing 809: .It Ar cipherlist
810: A cipher list to convert to a cipher preference list.
811: If it is not included, the default cipher list will be used.
1.36 jmc 812: .Pp
813: The cipher list consists of one or more cipher strings
1.1 jsing 814: separated by colons.
815: Commas or spaces are also acceptable separators, but colons are normally used.
816: .Pp
1.36 jmc 817: The actual cipher string can take several different forms:
1.1 jsing 818: .Pp
1.36 jmc 819: It can consist of a single cipher suite, such as RC4-SHA.
1.1 jsing 820: .Pp
821: It can represent a list of cipher suites containing a certain algorithm,
822: or cipher suites of a certain type.
1.36 jmc 823: For example SHA1 represents all cipher suites using the digest algorithm SHA1.
824: .Pp
825: Lists of cipher suites can be combined in a single cipher string using the
1.1 jsing 826: .Sq +
1.36 jmc 827: character
828: (logical AND operation).
829: For example, SHA1+DES represents all cipher suites
830: containing the SHA1 and DES algorithms.
1.1 jsing 831: .Pp
832: Each cipher string can be optionally preceded by the characters
833: .Sq \&! ,
834: .Sq - ,
835: or
836: .Sq + .
837: If
838: .Sq !\&
839: is used, then the ciphers are permanently deleted from the list.
840: The ciphers deleted can never reappear in the list even if they are
841: explicitly stated.
842: If
843: .Sq -
844: is used, then the ciphers are deleted from the list, but some or
845: all of the ciphers can be added again by later options.
846: If
847: .Sq +
848: is used, then the ciphers are moved to the end of the list.
849: This option doesn't add any new ciphers, it just moves matching existing ones.
850: .Pp
851: If none of these characters is present, the string is just interpreted
852: as a list of ciphers to be appended to the current preference list.
853: If the list includes any ciphers already present, they will be ignored;
854: that is, they will not be moved to the end of the list.
855: .Pp
856: Additionally, the cipher string
1.36 jmc 857: .Cm @STRENGTH
1.1 jsing 858: can be used at any point to sort the current cipher list in order of
859: encryption algorithm key length.
1.36 jmc 860: .El
861: .Pp
1.1 jsing 862: The following is a list of all permitted cipher strings and their meanings.
863: .Bl -tag -width "XXXX"
1.36 jmc 864: .It Cm DEFAULT
1.1 jsing 865: The default cipher list.
866: This is determined at compile time and is currently
1.36 jmc 867: .Cm ALL:!aNULL:!eNULL:!SSLv2 .
868: This must be the first cipher string specified.
869: .It Cm COMPLEMENTOFDEFAULT
1.1 jsing 870: The ciphers included in
1.36 jmc 871: .Cm ALL ,
1.1 jsing 872: but not enabled by default.
873: Currently this is
1.36 jmc 874: .Cm ADH .
1.1 jsing 875: Note that this rule does not cover
1.36 jmc 876: .Cm eNULL ,
1.1 jsing 877: which is not included by
1.36 jmc 878: .Cm ALL
1.1 jsing 879: (use
1.36 jmc 880: .Cm COMPLEMENTOFALL
1.1 jsing 881: if necessary).
1.36 jmc 882: .It Cm ALL
1.1 jsing 883: All cipher suites except the
1.36 jmc 884: .Cm eNULL
885: ciphers, which must be explicitly enabled.
886: .It Cm COMPLEMENTOFALL
1.1 jsing 887: The cipher suites not enabled by
1.36 jmc 888: .Cm ALL ,
1.1 jsing 889: currently being
1.36 jmc 890: .Cm eNULL .
891: .It Cm HIGH
1.1 jsing 892: .Qq High
893: encryption cipher suites.
894: This currently means those with key lengths larger than 128 bits.
1.36 jmc 895: .It Cm MEDIUM
1.1 jsing 896: .Qq Medium
897: encryption cipher suites, currently those using 128-bit encryption.
1.36 jmc 898: .It Cm LOW
1.1 jsing 899: .Qq Low
900: encryption cipher suites, currently those using 64- or 56-bit encryption
1.9 lteo 901: algorithms.
1.36 jmc 902: .It Cm eNULL , NULL
1.1 jsing 903: The
904: .Qq NULL
905: ciphers; that is, those offering no encryption.
906: Because these offer no encryption at all and are a security risk,
907: they are disabled unless explicitly included.
1.36 jmc 908: .It Cm aNULL
1.1 jsing 909: The cipher suites offering no authentication.
910: This is currently the anonymous DH algorithms.
911: These cipher suites are vulnerable to a
912: .Qq man in the middle
913: attack, so their use is normally discouraged.
1.36 jmc 914: .It Cm kRSA , RSA
1.1 jsing 915: Cipher suites using RSA key exchange.
1.36 jmc 916: .It Cm kEDH
1.1 jsing 917: Cipher suites using ephemeral DH key agreement.
1.36 jmc 918: .It Cm aRSA
1.1 jsing 919: Cipher suites using RSA authentication, i.e. the certificates carry RSA keys.
1.36 jmc 920: .It Cm aDSS , DSS
1.1 jsing 921: Cipher suites using DSS authentication, i.e. the certificates carry DSS keys.
1.36 jmc 922: .It Cm TLSv1
1.18 jmc 923: TLS v1.0 cipher suites.
1.36 jmc 924: .It Cm DH
1.1 jsing 925: Cipher suites using DH, including anonymous DH.
1.36 jmc 926: .It Cm ADH
1.1 jsing 927: Anonymous DH cipher suites.
1.36 jmc 928: .It Cm AES
1.1 jsing 929: Cipher suites using AES.
1.36 jmc 930: .It Cm 3DES
1.1 jsing 931: Cipher suites using triple DES.
1.36 jmc 932: .It Cm DES
1.1 jsing 933: Cipher suites using DES
934: .Pq not triple DES .
1.36 jmc 935: .It Cm RC4
1.1 jsing 936: Cipher suites using RC4.
1.36 jmc 937: .It Cm CAMELLIA
1.9 lteo 938: Cipher suites using Camellia.
1.36 jmc 939: .It Cm CHACHA20
1.9 lteo 940: Cipher suites using ChaCha20.
1.36 jmc 941: .It Cm IDEA
1.9 lteo 942: Cipher suites using IDEA.
1.36 jmc 943: .It Cm MD5
1.1 jsing 944: Cipher suites using MD5.
1.36 jmc 945: .It Cm SHA1 , SHA
1.1 jsing 946: Cipher suites using SHA1.
947: .El
948: .Sh CRL
949: .nr nS 1
950: .Nm "openssl crl"
951: .Op Fl CAfile Ar file
952: .Op Fl CApath Ar dir
953: .Op Fl fingerprint
954: .Op Fl hash
955: .Op Fl in Ar file
1.38 jmc 956: .Op Fl inform Cm der | pem
1.1 jsing 957: .Op Fl issuer
958: .Op Fl lastupdate
959: .Op Fl nextupdate
960: .Op Fl noout
961: .Op Fl out Ar file
1.38 jmc 962: .Op Fl outform Cm der | pem
1.1 jsing 963: .Op Fl text
964: .nr nS 0
965: .Pp
966: The
967: .Nm crl
968: command processes CRL files in DER or PEM format.
1.37 jmc 969: .Pp
1.1 jsing 970: The options are as follows:
971: .Bl -tag -width Ds
972: .It Fl CAfile Ar file
973: Verify the signature on a CRL by looking up the issuing certificate in
974: .Ar file .
975: .It Fl CApath Ar directory
976: Verify the signature on a CRL by looking up the issuing certificate in
977: .Ar dir .
978: This directory must be a standard certificate directory,
979: i.e. a hash of each subject name (using
980: .Cm x509 Fl hash )
981: should be linked to each certificate.
982: .It Fl fingerprint
983: Print the CRL fingerprint.
984: .It Fl hash
985: Output a hash of the issuer name.
986: This can be used to look up CRLs in a directory by issuer name.
987: .It Fl in Ar file
1.37 jmc 988: The input file to read from, or standard input if not specified.
1.38 jmc 989: .It Fl inform Cm der | pem
1.37 jmc 990: The input format.
1.1 jsing 991: .It Fl issuer
992: Output the issuer name.
993: .It Fl lastupdate
994: Output the
1.37 jmc 995: .Cm lastUpdate
1.1 jsing 996: field.
997: .It Fl nextupdate
998: Output the
1.37 jmc 999: .Cm nextUpdate
1.1 jsing 1000: field.
1001: .It Fl noout
1.46 jmc 1002: Do not output the encoded version of the CRL.
1.1 jsing 1003: .It Fl out Ar file
1.37 jmc 1004: The output file to write to, or standard output if not specified.
1.38 jmc 1005: .It Fl outform Cm der | pem
1.37 jmc 1006: The output format.
1.1 jsing 1007: .It Fl text
1.64 jmc 1008: Print the CRL in plain text.
1.1 jsing 1009: .El
1010: .Sh CRL2PKCS7
1011: .nr nS 1
1012: .Nm "openssl crl2pkcs7"
1013: .Op Fl certfile Ar file
1014: .Op Fl in Ar file
1.40 jmc 1015: .Op Fl inform Cm der | pem
1.1 jsing 1016: .Op Fl nocrl
1017: .Op Fl out Ar file
1.40 jmc 1018: .Op Fl outform Cm der | pem
1.1 jsing 1019: .nr nS 0
1020: .Pp
1021: The
1022: .Nm crl2pkcs7
1023: command takes an optional CRL and one or more
1024: certificates and converts them into a PKCS#7 degenerate
1025: .Qq certificates only
1026: structure.
1027: .Pp
1028: The options are as follows:
1029: .Bl -tag -width Ds
1030: .It Fl certfile Ar file
1.40 jmc 1031: Add the certificates in PEM
1.1 jsing 1032: .Ar file
1.40 jmc 1033: to the PKCS#7 structure.
1034: This option can be used more than once
1035: to read certificates from multiple files.
1.1 jsing 1036: .It Fl in Ar file
1.40 jmc 1037: Read the CRL from
1038: .Ar file ,
1039: or standard input if not specified.
1040: .It Fl inform Cm der | pem
1.64 jmc 1041: The input format.
1.1 jsing 1042: .It Fl nocrl
1043: Normally, a CRL is included in the output file.
1044: With this option, no CRL is
1045: included in the output file and a CRL is not read from the input file.
1046: .It Fl out Ar file
1.40 jmc 1047: Write the PKCS#7 structure to
1048: .Ar file ,
1049: or standard output if not specified.
1050: .It Fl outform Cm der | pem
1.64 jmc 1051: The output format.
1.1 jsing 1052: .El
1053: .Sh DGST
1054: .nr nS 1
1055: .Nm "openssl dgst"
1.43 jmc 1056: .Op Fl cd
1.1 jsing 1057: .Op Fl binary
1.43 jmc 1058: .Op Fl Ar digest
1.1 jsing 1059: .Op Fl hex
1060: .Op Fl hmac Ar key
1.43 jmc 1061: .Op Fl keyform Cm pem
1.1 jsing 1062: .Op Fl mac Ar algorithm
1063: .Op Fl macopt Ar nm : Ns Ar v
1064: .Op Fl out Ar file
1065: .Op Fl passin Ar arg
1066: .Op Fl prverify Ar file
1067: .Op Fl sign Ar file
1068: .Op Fl signature Ar file
1069: .Op Fl sigopt Ar nm : Ns Ar v
1070: .Op Fl verify Ar file
1071: .Op Ar
1072: .nr nS 0
1073: .Pp
1074: The digest functions output the message digest of a supplied
1075: .Ar file
1076: or
1077: .Ar files
1078: in hexadecimal form.
1079: They can also be used for digital signing and verification.
1080: .Pp
1081: The options are as follows:
1082: .Bl -tag -width Ds
1083: .It Fl binary
1084: Output the digest or signature in binary form.
1085: .It Fl c
1.48 jmc 1086: Print the digest in two-digit groups separated by colons.
1.1 jsing 1087: .It Fl d
1.48 jmc 1088: Print BIO debugging information.
1.43 jmc 1089: .It Fl Ar digest
1090: Use the specified message
1091: .Ar digest .
1092: The default is MD5.
1093: The available digests can be displayed using
1094: .Nm openssl
1095: .Cm list-message-digest-commands .
1096: The following are equivalent:
1097: .Nm openssl dgst
1098: .Fl md5
1099: and
1100: .Nm openssl
1101: .Cm md5 .
1.1 jsing 1102: .It Fl hex
1103: Digest is to be output as a hex dump.
1104: This is the default case for a
1105: .Qq normal
1106: digest as opposed to a digital signature.
1107: .It Fl hmac Ar key
1108: Create a hashed MAC using
1109: .Ar key .
1.43 jmc 1110: .It Fl keyform Cm pem
1.1 jsing 1111: Specifies the key format to sign the digest with.
1112: .It Fl mac Ar algorithm
1113: Create a keyed Message Authentication Code (MAC).
1114: The most popular MAC algorithm is HMAC (hash-based MAC),
1115: but there are other MAC algorithms which are not based on hash.
1116: MAC keys and other options should be set via the
1117: .Fl macopt
1118: parameter.
1119: .It Fl macopt Ar nm : Ns Ar v
1120: Passes options to the MAC algorithm, specified by
1121: .Fl mac .
1122: The following options are supported by HMAC:
1123: .Bl -tag -width Ds
1.43 jmc 1124: .It Cm key : Ns Ar string
1.1 jsing 1125: Specifies the MAC key as an alphanumeric string
1126: (use if the key contain printable characters only).
1127: String length must conform to any restrictions of the MAC algorithm.
1.43 jmc 1128: .It Cm hexkey : Ns Ar string
1.1 jsing 1129: Specifies the MAC key in hexadecimal form (two hex digits per byte).
1130: Key length must conform to any restrictions of the MAC algorithm.
1131: .El
1132: .It Fl out Ar file
1.43 jmc 1133: The output file to write to,
1134: or standard output if not specified.
1.1 jsing 1135: .It Fl passin Ar arg
1136: The key password source.
1137: .It Fl prverify Ar file
1138: Verify the signature using the private key in
1139: .Ar file .
1140: The output is either
1141: .Qq Verification OK
1142: or
1143: .Qq Verification Failure .
1144: .It Fl sign Ar file
1145: Digitally sign the digest using the private key in
1146: .Ar file .
1147: .It Fl signature Ar file
1148: The actual signature to verify.
1149: .It Fl sigopt Ar nm : Ns Ar v
1150: Pass options to the signature algorithm during sign or verify operations.
1151: The names and values of these options are algorithm-specific.
1152: .It Fl verify Ar file
1153: Verify the signature using the public key in
1154: .Ar file .
1155: The output is either
1156: .Qq Verification OK
1157: or
1158: .Qq Verification Failure .
1159: .It Ar
1160: File or files to digest.
1161: If no files are specified then standard input is used.
1162: .El
1163: .Sh DHPARAM
1164: .nr nS 1
1165: .Nm "openssl dhparam"
1166: .Op Fl 2 | 5
1167: .Op Fl C
1168: .Op Fl check
1169: .Op Fl dsaparam
1170: .Op Fl in Ar file
1.44 jmc 1171: .Op Fl inform Cm der | pem
1.1 jsing 1172: .Op Fl noout
1173: .Op Fl out Ar file
1.44 jmc 1174: .Op Fl outform Cm der | pem
1.1 jsing 1175: .Op Fl text
1176: .Op Ar numbits
1177: .nr nS 0
1178: .Pp
1179: The
1180: .Nm dhparam
1181: command is used to manipulate DH parameter files.
1.44 jmc 1182: Only the older PKCS#3 DH is supported,
1183: not the newer X9.42 DH.
1.1 jsing 1184: .Pp
1185: The options are as follows:
1186: .Bl -tag -width Ds
1187: .It Fl 2 , 5
1.44 jmc 1188: The generator to use;
1.1 jsing 1189: 2 is the default.
1190: If present, the input file is ignored and parameters are generated instead.
1191: .It Fl C
1.44 jmc 1192: Convert the parameters into C code.
1.1 jsing 1193: The parameters can then be loaded by calling the
1.44 jmc 1194: .No get_dh Ns Ar numbits
1.1 jsing 1195: function.
1196: .It Fl check
1197: Check the DH parameters.
1198: .It Fl dsaparam
1.44 jmc 1199: Read or create DSA parameters,
1200: converted to DH format on output.
1.1 jsing 1201: Otherwise,
1202: .Qq strong
1203: primes
1204: .Pq such that (p-1)/2 is also prime
1205: will be used for DH parameter generation.
1206: .Pp
1207: DH parameter generation with the
1208: .Fl dsaparam
1209: option is much faster,
1210: and the recommended exponent length is shorter,
1211: which makes DH key exchange more efficient.
1212: Beware that with such DSA-style DH parameters,
1213: a fresh DH key should be created for each use to
1214: avoid small-subgroup attacks that may be possible otherwise.
1215: .It Fl in Ar file
1.44 jmc 1216: The input file to read from,
1217: or standard input if not specified.
1218: .It Fl inform Cm der | pem
1219: The input format.
1.1 jsing 1220: .It Fl noout
1.46 jmc 1221: Do not output the encoded version of the parameters.
1.44 jmc 1222: .It Fl out Ar file
1223: The output file to write to,
1224: or standard output if not specified.
1225: .It Fl outform Cm der | pem
1226: The output format.
1227: .It Fl text
1.64 jmc 1228: Print the DH parameters in plain text.
1.1 jsing 1229: .It Ar numbits
1.44 jmc 1230: Generate a parameter set of size
1.1 jsing 1231: .Ar numbits .
1232: It must be the last option.
1.16 sthen 1233: If not present, a value of 2048 is used.
1.1 jsing 1234: If this value is present, the input file is ignored and
1235: parameters are generated instead.
1236: .El
1237: .Sh DSA
1238: .nr nS 1
1239: .Nm "openssl dsa"
1240: .Oo
1241: .Fl aes128 | aes192 | aes256 |
1242: .Fl des | des3
1243: .Oc
1244: .Op Fl in Ar file
1.45 jmc 1245: .Op Fl inform Cm der | pem
1.1 jsing 1246: .Op Fl modulus
1247: .Op Fl noout
1248: .Op Fl out Ar file
1.45 jmc 1249: .Op Fl outform Cm der | pem
1.1 jsing 1250: .Op Fl passin Ar arg
1251: .Op Fl passout Ar arg
1252: .Op Fl pubin
1253: .Op Fl pubout
1254: .Op Fl text
1255: .nr nS 0
1256: .Pp
1257: The
1258: .Nm dsa
1259: command processes DSA keys.
1260: They can be converted between various forms and their components printed out.
1261: .Pp
1262: .Sy Note :
1263: This command uses the traditional
1264: .Nm SSLeay
1265: compatible format for private key encryption:
1266: newer applications should use the more secure PKCS#8 format using the
1267: .Nm pkcs8
1268: command.
1269: .Pp
1270: The options are as follows:
1271: .Bl -tag -width Ds
1272: .It Xo
1273: .Fl aes128 | aes192 | aes256 |
1274: .Fl des | des3
1275: .Xc
1.45 jmc 1276: Encrypt the private key with the AES, DES, or the triple DES
1.1 jsing 1277: ciphers, respectively, before outputting it.
1278: A pass phrase is prompted for.
1.45 jmc 1279: If none of these options are specified, the key is written in plain text.
1.1 jsing 1280: This means that using the
1281: .Nm dsa
1.45 jmc 1282: utility to read an encrypted key with no encryption option can be used to
1.1 jsing 1283: remove the pass phrase from a key,
1.45 jmc 1284: or by setting the encryption options it can be used to add or change
1.1 jsing 1285: the pass phrase.
1286: These options can only be used with PEM format output files.
1287: .It Fl in Ar file
1.45 jmc 1288: The input file to read from,
1289: or standard input if not specified.
1.1 jsing 1290: If the key is encrypted, a pass phrase will be prompted for.
1.45 jmc 1291: .It Fl inform Cm der | pem
1292: The input format.
1.1 jsing 1293: .It Fl modulus
1.45 jmc 1294: Print the value of the public key component of the key.
1.1 jsing 1295: .It Fl noout
1.46 jmc 1296: Do not output the encoded version of the key.
1.1 jsing 1297: .It Fl out Ar file
1.45 jmc 1298: The output file to write to,
1299: or standard output if not specified.
1.1 jsing 1300: If any encryption options are set then a pass phrase will be
1301: prompted for.
1.45 jmc 1302: .It Fl outform Cm der | pem
1303: The output format.
1.1 jsing 1304: .It Fl passin Ar arg
1305: The key password source.
1306: .It Fl passout Ar arg
1307: The output file password source.
1308: .It Fl pubin
1.60 jmc 1309: Read in a public key, not a private key.
1.1 jsing 1310: .It Fl pubout
1.60 jmc 1311: Output a public key, not a private key.
1312: Automatically set if the input is a public key.
1.1 jsing 1313: .It Fl text
1.64 jmc 1314: Print the public/private key in plain text.
1.1 jsing 1315: .El
1316: .Sh DSAPARAM
1317: .nr nS 1
1318: .Nm "openssl dsaparam"
1319: .Op Fl C
1320: .Op Fl genkey
1321: .Op Fl in Ar file
1.46 jmc 1322: .Op Fl inform Cm der | pem
1.1 jsing 1323: .Op Fl noout
1324: .Op Fl out Ar file
1.46 jmc 1325: .Op Fl outform Cm der | pem
1.1 jsing 1326: .Op Fl text
1327: .Op Ar numbits
1328: .nr nS 0
1329: .Pp
1330: The
1331: .Nm dsaparam
1332: command is used to manipulate or generate DSA parameter files.
1333: .Pp
1334: The options are as follows:
1335: .Bl -tag -width Ds
1336: .It Fl C
1.46 jmc 1337: Convert the parameters into C code.
1.1 jsing 1338: The parameters can then be loaded by calling the
1.46 jmc 1339: .No get_dsa Ns Ar XXX
1.1 jsing 1340: function.
1341: .It Fl genkey
1.46 jmc 1342: Generate a DSA key either using the specified or generated
1.1 jsing 1343: parameters.
1344: .It Fl in Ar file
1.46 jmc 1345: The input file to read from,
1346: or standard input if not specified.
1.1 jsing 1347: If the
1348: .Ar numbits
1.46 jmc 1349: parameter is included, then this option is ignored.
1350: .It Fl inform Cm der | pem
1351: The input format.
1.1 jsing 1352: .It Fl noout
1.46 jmc 1353: Do not output the encoded version of the parameters.
1354: .It Fl out Ar file
1355: The output file to write to,
1356: or standard output if not specified.
1357: .It Fl outform Cm der | pem
1358: The output format.
1359: .It Fl text
1.64 jmc 1360: Print the DSA parameters in plain text.
1.1 jsing 1361: .It Ar numbits
1.46 jmc 1362: Generate a parameter set of size
1.1 jsing 1363: .Ar numbits .
1.46 jmc 1364: If this option is included, the input file is ignored.
1.1 jsing 1365: .El
1366: .Sh EC
1367: .nr nS 1
1368: .Nm "openssl ec"
1369: .Op Fl conv_form Ar arg
1370: .Op Fl des
1371: .Op Fl des3
1372: .Op Fl in Ar file
1.47 jmc 1373: .Op Fl inform Cm der | pem
1.1 jsing 1374: .Op Fl noout
1375: .Op Fl out Ar file
1.47 jmc 1376: .Op Fl outform Cm der | pem
1.1 jsing 1377: .Op Fl param_enc Ar arg
1378: .Op Fl param_out
1379: .Op Fl passin Ar arg
1380: .Op Fl passout Ar arg
1381: .Op Fl pubin
1382: .Op Fl pubout
1383: .Op Fl text
1384: .nr nS 0
1385: .Pp
1386: The
1387: .Nm ec
1388: command processes EC keys.
1389: They can be converted between various
1390: forms and their components printed out.
1.47 jmc 1391: .Nm openssl
1.1 jsing 1392: uses the private key format specified in
1393: .Dq SEC 1: Elliptic Curve Cryptography
1394: .Pq Lk http://www.secg.org/ .
1395: To convert an
1396: EC private key into the PKCS#8 private key format use the
1397: .Nm pkcs8
1398: command.
1399: .Pp
1400: The options are as follows:
1401: .Bl -tag -width Ds
1402: .It Fl conv_form Ar arg
1.47 jmc 1403: Specify how the points on the elliptic curve are converted
1.1 jsing 1404: into octet strings.
1405: Possible values are:
1406: .Cm compressed
1.47 jmc 1407: (the default),
1.1 jsing 1408: .Cm uncompressed ,
1409: and
1410: .Cm hybrid .
1411: For more information regarding
1.47 jmc 1412: the point conversion forms see the X9.62 standard.
1.1 jsing 1413: Note:
1414: Due to patent issues the
1415: .Cm compressed
1416: option is disabled by default for binary curves
1417: and can be enabled by defining the preprocessor macro
1.47 jmc 1418: .Dv OPENSSL_EC_BIN_PT_COMP
1.1 jsing 1419: at compile time.
1420: .It Fl des | des3
1.47 jmc 1421: Encrypt the private key with DES, triple DES, or
1.1 jsing 1422: any other cipher supported by
1.47 jmc 1423: .Nm openssl .
1.1 jsing 1424: A pass phrase is prompted for.
1425: If none of these options is specified the key is written in plain text.
1426: This means that using the
1427: .Nm ec
1428: utility to read in an encrypted key with no
1429: encryption option can be used to remove the pass phrase from a key,
1430: or by setting the encryption options
1.83 naddy 1431: it can be used to add or change the pass phrase.
1.1 jsing 1432: These options can only be used with PEM format output files.
1433: .It Fl in Ar file
1.47 jmc 1434: The input file to read a key from,
1435: or standard input if not specified.
1.1 jsing 1436: If the key is encrypted a pass phrase will be prompted for.
1.47 jmc 1437: .It Fl inform Cm der | pem
1438: The input format.
1.1 jsing 1439: .It Fl noout
1.47 jmc 1440: Do not output the encoded version of the key.
1.1 jsing 1441: .It Fl out Ar file
1.47 jmc 1442: The output filename to write to,
1443: or standard output if not specified.
1.1 jsing 1444: If any encryption options are set then a pass phrase will be prompted for.
1.47 jmc 1445: .It Fl outform Cm der | pem
1446: The output format.
1.1 jsing 1447: .It Fl param_enc Ar arg
1.47 jmc 1448: Specify how the elliptic curve parameters are encoded.
1.1 jsing 1449: Possible value are:
1450: .Cm named_curve ,
1451: i.e. the EC parameters are specified by an OID; or
1452: .Cm explicit ,
1453: where the EC parameters are explicitly given
1454: (see RFC 3279 for the definition of the EC parameter structures).
1455: The default value is
1456: .Cm named_curve .
1457: Note: the
1458: .Cm implicitlyCA
1459: alternative,
1460: as specified in RFC 3279,
1.47 jmc 1461: is currently not implemented.
1.1 jsing 1462: .It Fl passin Ar arg
1463: The key password source.
1464: .It Fl passout Ar arg
1465: The output file password source.
1466: .It Fl pubin
1.60 jmc 1467: Read in a public key, not a private key.
1.1 jsing 1468: .It Fl pubout
1.60 jmc 1469: Output a public key, not a private key.
1470: Automatically set if the input is a public key.
1.1 jsing 1471: .It Fl text
1.64 jmc 1472: Print the public/private key in plain text.
1.1 jsing 1473: .El
1474: .Sh ECPARAM
1475: .nr nS 1
1476: .Nm "openssl ecparam"
1477: .Op Fl C
1478: .Op Fl check
1479: .Op Fl conv_form Ar arg
1480: .Op Fl genkey
1481: .Op Fl in Ar file
1.48 jmc 1482: .Op Fl inform Cm der | pem
1.1 jsing 1483: .Op Fl list_curves
1484: .Op Fl name Ar arg
1485: .Op Fl no_seed
1486: .Op Fl noout
1487: .Op Fl out Ar file
1.48 jmc 1488: .Op Fl outform Cm der | pem
1.1 jsing 1489: .Op Fl param_enc Ar arg
1490: .Op Fl text
1491: .nr nS 0
1492: .Pp
1.48 jmc 1493: The
1494: .Nm ecparam
1495: command is used to manipulate or generate EC parameter files.
1496: .Nm openssl
1497: is not able to generate new groups so
1498: .Nm ecparam
1499: can only create EC parameters from known (named) curves.
1500: .Pp
1.1 jsing 1501: The options are as follows:
1502: .Bl -tag -width Ds
1503: .It Fl C
1504: Convert the EC parameters into C code.
1505: The parameters can then be loaded by calling the
1.48 jmc 1506: .No get_ec_group_ Ns Ar XXX
1.1 jsing 1507: function.
1508: .It Fl check
1509: Validate the elliptic curve parameters.
1510: .It Fl conv_form Ar arg
1511: Specify how the points on the elliptic curve are converted
1512: into octet strings.
1513: Possible values are:
1514: .Cm compressed
1.48 jmc 1515: (the default),
1.1 jsing 1516: .Cm uncompressed ,
1517: and
1518: .Cm hybrid .
1519: For more information regarding
1.48 jmc 1520: the point conversion forms see the X9.62 standard.
1.1 jsing 1521: Note:
1522: Due to patent issues the
1523: .Cm compressed
1524: option is disabled by default for binary curves
1525: and can be enabled by defining the preprocessor macro
1.48 jmc 1526: .Dv OPENSSL_EC_BIN_PT_COMP
1.1 jsing 1527: at compile time.
1528: .It Fl genkey
1529: Generate an EC private key using the specified parameters.
1530: .It Fl in Ar file
1.48 jmc 1531: The input file to read from,
1532: or standard input if not specified.
1533: .It Fl inform Cm der | pem
1534: The input format.
1.1 jsing 1535: .It Fl list_curves
1.48 jmc 1536: Print a list of all
1.1 jsing 1537: currently implemented EC parameter names and exit.
1538: .It Fl name Ar arg
1.48 jmc 1539: Use the EC parameters with the specified "short" name.
1.1 jsing 1540: .It Fl no_seed
1.48 jmc 1541: Do not include the seed for the parameter generation
1542: in the ECParameters structure (see RFC 3279).
1.1 jsing 1543: .It Fl noout
1.48 jmc 1544: Do not output the encoded version of the parameters.
1.1 jsing 1545: .It Fl out Ar file
1.48 jmc 1546: The output file to write to,
1547: or standard output if not specified.
1548: .It Fl outform Cm der | pem
1549: The output format.
1.1 jsing 1550: .It Fl param_enc Ar arg
1.48 jmc 1551: Specify how the elliptic curve parameters are encoded.
1.1 jsing 1552: Possible value are:
1553: .Cm named_curve ,
1554: i.e. the EC parameters are specified by an OID, or
1555: .Cm explicit ,
1556: where the EC parameters are explicitly given
1557: (see RFC 3279 for the definition of the EC parameter structures).
1558: The default value is
1559: .Cm named_curve .
1560: Note: the
1561: .Cm implicitlyCA
1562: alternative, as specified in RFC 3279,
1.48 jmc 1563: is currently not implemented.
1.1 jsing 1564: .It Fl text
1.64 jmc 1565: Print the EC parameters in plain text.
1.1 jsing 1566: .El
1567: .Sh ENC
1568: .nr nS 1
1569: .Nm "openssl enc"
1570: .Fl ciphername
1571: .Op Fl AadePp
1572: .Op Fl base64
1573: .Op Fl bufsize Ar number
1574: .Op Fl debug
1575: .Op Fl in Ar file
1576: .Op Fl iv Ar IV
1577: .Op Fl K Ar key
1578: .Op Fl k Ar password
1579: .Op Fl kfile Ar file
1580: .Op Fl md Ar digest
1581: .Op Fl none
1582: .Op Fl nopad
1583: .Op Fl nosalt
1584: .Op Fl out Ar file
1585: .Op Fl pass Ar arg
1586: .Op Fl S Ar salt
1587: .Op Fl salt
1588: .nr nS 0
1589: .Pp
1590: The symmetric cipher commands allow data to be encrypted or decrypted
1591: using various block and stream ciphers using keys based on passwords
1592: or explicitly provided.
1593: Base64 encoding or decoding can also be performed either by itself
1594: or in addition to the encryption or decryption.
1.49 jmc 1595: The program can be called either as
1596: .Nm openssl Ar ciphername
1597: or
1598: .Nm openssl enc - Ns Ar ciphername .
1599: .Pp
1600: Some of the ciphers do not have large keys and others have security
1601: implications if not used correctly.
1602: All the block ciphers normally use PKCS#5 padding,
1603: also known as standard block padding.
1604: If padding is disabled, the input data must be a multiple of the cipher
1605: block length.
1.1 jsing 1606: .Pp
1607: The options are as follows:
1608: .Bl -tag -width Ds
1609: .It Fl A
1610: If the
1611: .Fl a
1612: option is set, then base64 process the data on one line.
1613: .It Fl a , base64
1614: Base64 process the data.
1615: This means that if encryption is taking place, the data is base64-encoded
1616: after encryption.
1.49 jmc 1617: If decryption is set, the input data is base64-decoded before
1.1 jsing 1618: being decrypted.
1619: .It Fl bufsize Ar number
1620: Set the buffer size for I/O.
1621: .It Fl d
1622: Decrypt the input data.
1623: .It Fl debug
1624: Debug the BIOs used for I/O.
1625: .It Fl e
1.49 jmc 1626: Encrypt the input data.
1627: This is the default.
1.1 jsing 1628: .It Fl in Ar file
1.49 jmc 1629: The input file to read from,
1.57 jmc 1630: or standard input if not specified.
1.1 jsing 1631: .It Fl iv Ar IV
1632: The actual
1633: .Ar IV
1634: .Pq initialisation vector
1635: to use:
1636: this must be represented as a string comprised only of hex digits.
1637: When only the
1638: .Ar key
1639: is specified using the
1640: .Fl K
1.49 jmc 1641: option,
1642: the IV must explicitly be defined.
1.1 jsing 1643: When a password is being specified using one of the other options,
1.49 jmc 1644: the IV is generated from this password.
1.1 jsing 1645: .It Fl K Ar key
1646: The actual
1647: .Ar key
1648: to use:
1649: this must be represented as a string comprised only of hex digits.
1.49 jmc 1650: If only the key is specified,
1651: the IV must also be specified using the
1.1 jsing 1652: .Fl iv
1653: option.
1654: When both a
1655: .Ar key
1656: and a
1657: .Ar password
1658: are specified, the
1659: .Ar key
1660: given with the
1661: .Fl K
1.49 jmc 1662: option will be used and the IV generated from the password will be taken.
1.1 jsing 1663: It probably does not make much sense to specify both
1664: .Ar key
1665: and
1666: .Ar password .
1667: .It Fl k Ar password
1668: The
1669: .Ar password
1670: to derive the key from.
1671: Superseded by the
1672: .Fl pass
1673: option.
1674: .It Fl kfile Ar file
1675: Read the password to derive the key from the first line of
1676: .Ar file .
1677: Superseded by the
1678: .Fl pass
1679: option.
1680: .It Fl md Ar digest
1681: Use
1682: .Ar digest
1683: to create a key from a pass phrase.
1684: .Ar digest
1685: may be one of
1.49 jmc 1686: .Cm md5
1.1 jsing 1687: or
1.49 jmc 1688: .Cm sha1 .
1.1 jsing 1689: .It Fl none
1690: Use NULL cipher (no encryption or decryption of input).
1691: .It Fl nopad
1692: Disable standard block padding.
1693: .It Fl nosalt
1.49 jmc 1694: Don't use a salt in the key derivation routines.
1.81 jmc 1695: This option should never be used
1.49 jmc 1696: since it makes it possible to perform efficient dictionary
1697: attacks on the password and to attack stream cipher encrypted data.
1.1 jsing 1698: .It Fl out Ar file
1.51 jmc 1699: The output file to write to,
1.57 jmc 1700: or standard output if not specified.
1.1 jsing 1701: .It Fl P
1.49 jmc 1702: Print out the salt, key, and IV used, then immediately exit;
1.1 jsing 1703: don't do any encryption or decryption.
1704: .It Fl p
1.49 jmc 1705: Print out the salt, key, and IV used.
1.1 jsing 1706: .It Fl pass Ar arg
1707: The password source.
1708: .It Fl S Ar salt
1709: The actual
1710: .Ar salt
1711: to use:
1712: this must be represented as a string comprised only of hex digits.
1713: .It Fl salt
1.49 jmc 1714: Use a salt in the key derivation routines (the default).
1715: When the salt is being used
1716: the first eight bytes of the encrypted data are reserved for the salt:
1717: it is randomly generated when encrypting a file and read from the
1718: encrypted file when it is decrypted.
1.1 jsing 1719: .El
1720: .Sh ERRSTR
1721: .Nm openssl errstr
1722: .Op Fl stats
1723: .Ar errno ...
1724: .Pp
1725: The
1726: .Nm errstr
1727: command performs error number to error string conversion,
1728: generating a human-readable string representing the error code
1729: .Ar errno .
1730: The string is obtained through the
1731: .Xr ERR_error_string_n 3
1732: function and has the following format:
1733: .Pp
1734: .Dl error:[error code]:[library name]:[function name]:[reason string]
1735: .Pp
1736: .Bq error code
1737: is an 8-digit hexadecimal number.
1738: The remaining fields
1739: .Bq library name ,
1740: .Bq function name ,
1741: and
1742: .Bq reason string
1743: are all ASCII text.
1744: .Pp
1745: The options are as follows:
1746: .Bl -tag -width Ds
1747: .It Fl stats
1748: Print debugging statistics about various aspects of the hash table.
1749: .El
1750: .Sh GENDSA
1751: .nr nS 1
1752: .Nm "openssl gendsa"
1753: .Oo
1754: .Fl aes128 | aes192 | aes256 |
1755: .Fl des | des3
1756: .Oc
1757: .Op Fl out Ar file
1758: .Op Ar paramfile
1759: .nr nS 0
1760: .Pp
1761: The
1762: .Nm gendsa
1763: command generates a DSA private key from a DSA parameter file
1.51 jmc 1764: (typically generated by the
1.1 jsing 1765: .Nm openssl dsaparam
1766: command).
1.51 jmc 1767: DSA key generation is little more than random number generation so it is
1768: much quicker than,
1769: for example,
1770: RSA key generation.
1.1 jsing 1771: .Pp
1772: The options are as follows:
1773: .Bl -tag -width Ds
1774: .It Xo
1775: .Fl aes128 | aes192 | aes256 |
1776: .Fl des | des3
1777: .Xc
1.51 jmc 1778: Encrypt the private key with the AES, DES,
1.1 jsing 1779: or the triple DES ciphers, respectively, before outputting it.
1780: A pass phrase is prompted for.
1781: If none of these options are specified, no encryption is used.
1782: .It Fl out Ar file
1.51 jmc 1783: The output file to write to,
1.57 jmc 1784: or standard output if not specified.
1.1 jsing 1785: .It Ar paramfile
1.51 jmc 1786: Specify the DSA parameter file to use.
1.1 jsing 1787: The parameters in this file determine the size of the private key.
1788: .El
1789: .Sh GENPKEY
1790: .nr nS 1
1791: .Nm "openssl genpkey"
1792: .Op Fl algorithm Ar alg
1793: .Op Ar cipher
1794: .Op Fl genparam
1795: .Op Fl out Ar file
1.52 jmc 1796: .Op Fl outform Cm der | pem
1.1 jsing 1797: .Op Fl paramfile Ar file
1798: .Op Fl pass Ar arg
1799: .Op Fl pkeyopt Ar opt : Ns Ar value
1800: .Op Fl text
1801: .nr nS 0
1802: .Pp
1803: The
1804: .Nm genpkey
1805: command generates private keys.
1806: The use of this
1807: program is encouraged over the algorithm specific utilities
1.22 bcook 1808: because additional algorithm options can be used.
1.1 jsing 1809: .Pp
1810: The options are as follows:
1811: .Bl -tag -width Ds
1812: .It Fl algorithm Ar alg
1813: The public key algorithm to use,
1814: such as RSA, DSA, or DH.
1.52 jmc 1815: This option must precede any
1.1 jsing 1816: .Fl pkeyopt
1817: options.
1818: The options
1819: .Fl paramfile
1820: and
1821: .Fl algorithm
1822: are mutually exclusive.
1823: .It Ar cipher
1824: Encrypt the private key with the supplied cipher.
1825: Any algorithm name accepted by
1.52 jmc 1826: .Xr EVP_get_cipherbyname 3
1827: is acceptable.
1.1 jsing 1828: .It Fl genparam
1829: Generate a set of parameters instead of a private key.
1.52 jmc 1830: This option must precede any
1.1 jsing 1831: .Fl algorithm ,
1832: .Fl paramfile ,
1833: or
1834: .Fl pkeyopt
1835: options.
1836: .It Fl out Ar file
1.52 jmc 1837: The output file to write to,
1.57 jmc 1838: or standard output if not specified.
1.52 jmc 1839: .It Fl outform Cm der | pem
1840: The output format.
1.1 jsing 1841: .It Fl paramfile Ar file
1.52 jmc 1842: Some public key algorithms generate a private key based on a set of parameters,
1843: which can be supplied using this option.
1.1 jsing 1844: If this option is used the public key
1845: algorithm used is determined by the parameters.
1.52 jmc 1846: This option must precede any
1.1 jsing 1847: .Fl pkeyopt
1848: options.
1849: The options
1850: .Fl paramfile
1851: and
1852: .Fl algorithm
1853: are mutually exclusive.
1854: .It Fl pass Ar arg
1855: The output file password source.
1856: .It Fl pkeyopt Ar opt : Ns Ar value
1857: Set the public key algorithm option
1858: .Ar opt
1859: to
1.52 jmc 1860: .Ar value ,
1861: as follows:
1.1 jsing 1862: .Bl -tag -width Ds -offset indent
1863: .It rsa_keygen_bits : Ns Ar numbits
1864: (RSA)
1865: The number of bits in the generated key.
1.52 jmc 1866: The default is 2048.
1.1 jsing 1867: .It rsa_keygen_pubexp : Ns Ar value
1868: (RSA)
1869: The RSA public exponent value.
1870: This can be a large decimal or hexadecimal value if preceded by 0x.
1.52 jmc 1871: The default is 65537.
1.1 jsing 1872: .It dsa_paramgen_bits : Ns Ar numbits
1873: (DSA)
1874: The number of bits in the generated parameters.
1.52 jmc 1875: The default is 1024.
1.1 jsing 1876: .It dh_paramgen_prime_len : Ns Ar numbits
1877: (DH)
1878: The number of bits in the prime parameter
1879: .Ar p .
1880: .It dh_paramgen_generator : Ns Ar value
1881: (DH)
1882: The value to use for the generator
1883: .Ar g .
1884: .It ec_paramgen_curve : Ns Ar curve
1885: (EC)
1886: The EC curve to use.
1887: .El
1.52 jmc 1888: .It Fl text
1.64 jmc 1889: Print the private/public key in plain text.
1.52 jmc 1890: .El
1.1 jsing 1891: .Sh GENRSA
1892: .nr nS 1
1893: .Nm "openssl genrsa"
1894: .Op Fl 3 | f4
1.53 jmc 1895: .Op Fl aes128 | aes192 | aes256 | des | des3
1.1 jsing 1896: .Op Fl out Ar file
1897: .Op Fl passout Ar arg
1898: .Op Ar numbits
1899: .nr nS 0
1900: .Pp
1901: The
1902: .Nm genrsa
1.53 jmc 1903: command generates an RSA private key,
1904: which essentially involves the generation of two prime numbers.
1905: When generating the key,
1906: various symbols will be output to indicate the progress of the generation.
1907: A
1908: .Sq \&.
1909: represents each number which has passed an initial sieve test;
1910: .Sq +
1911: means a number has passed a single round of the Miller-Rabin primality test.
1912: A newline means that the number has passed all the prime tests
1913: (the actual number depends on the key size).
1.1 jsing 1914: .Pp
1915: The options are as follows:
1916: .Bl -tag -width Ds
1917: .It Fl 3 | f4
1918: The public exponent to use, either 3 or 65537.
1919: The default is 65537.
1.53 jmc 1920: .It Fl aes128 | aes192 | aes256 | des | des3
1921: Encrypt the private key with the AES, DES,
1.1 jsing 1922: or the triple DES ciphers, respectively, before outputting it.
1923: If none of these options are specified, no encryption is used.
1924: If encryption is used, a pass phrase is prompted for,
1925: if it is not supplied via the
1926: .Fl passout
1927: option.
1928: .It Fl out Ar file
1.53 jmc 1929: The output file to write to,
1.57 jmc 1930: or standard output if not specified.
1.1 jsing 1931: .It Fl passout Ar arg
1932: The output file password source.
1933: .It Ar numbits
1934: The size of the private key to generate in bits.
1935: This must be the last option specified.
1936: The default is 2048.
1937: .El
1938: .Sh NSEQ
1939: .Nm openssl nseq
1940: .Op Fl in Ar file
1941: .Op Fl out Ar file
1942: .Op Fl toseq
1943: .Pp
1944: The
1945: .Nm nseq
1.54 jmc 1946: command takes a file containing a Netscape certificate sequence
1947: (an alternative to the standard PKCS#7 format)
1948: and prints out the certificates contained in it,
1949: or takes a file of certificates
1950: and converts it into a Netscape certificate sequence.
1951: .Pp
1.1 jsing 1952: The options are as follows:
1953: .Bl -tag -width Ds
1954: .It Fl in Ar file
1.54 jmc 1955: The input file to read from,
1956: or standard input if not specified.
1.1 jsing 1957: .It Fl out Ar file
1.54 jmc 1958: The output file to write to,
1959: or standard output if not specified.
1.1 jsing 1960: .It Fl toseq
1961: Normally, a Netscape certificate sequence will be input and the output
1962: is the certificates contained in it.
1963: With the
1964: .Fl toseq
1965: option the situation is reversed:
1966: a Netscape certificate sequence is created from a file of certificates.
1967: .El
1968: .Sh OCSP
1969: .nr nS 1
1970: .Nm "openssl ocsp"
1971: .Op Fl CA Ar file
1972: .Op Fl CAfile Ar file
1973: .Op Fl CApath Ar directory
1974: .Op Fl cert Ar file
1975: .Op Fl dgst Ar alg
1.55 jmc 1976: .Op Fl host Ar hostname : Ns Ar port
1.1 jsing 1977: .Op Fl index Ar indexfile
1978: .Op Fl issuer Ar file
1979: .Op Fl ndays Ar days
1980: .Op Fl nmin Ar minutes
1981: .Op Fl no_cert_checks
1982: .Op Fl no_cert_verify
1983: .Op Fl no_certs
1984: .Op Fl no_chain
1985: .Op Fl no_intern
1986: .Op Fl no_nonce
1987: .Op Fl no_signature_verify
1988: .Op Fl nonce
1989: .Op Fl noverify
1990: .Op Fl nrequest Ar number
1991: .Op Fl out Ar file
1992: .Op Fl path Ar path
1993: .Op Fl port Ar portnum
1994: .Op Fl req_text
1995: .Op Fl reqin Ar file
1996: .Op Fl reqout Ar file
1997: .Op Fl resp_key_id
1998: .Op Fl resp_no_certs
1999: .Op Fl resp_text
2000: .Op Fl respin Ar file
2001: .Op Fl respout Ar file
2002: .Op Fl rkey Ar file
2003: .Op Fl rother Ar file
2004: .Op Fl rsigner Ar file
2005: .Op Fl serial Ar number
2006: .Op Fl sign_other Ar file
2007: .Op Fl signer Ar file
2008: .Op Fl signkey Ar file
2009: .Op Fl status_age Ar age
2010: .Op Fl text
2011: .Op Fl trust_other
2012: .Op Fl url Ar responder_url
2013: .Op Fl VAfile Ar file
2014: .Op Fl validity_period Ar nsec
2015: .Op Fl verify_other Ar file
2016: .nr nS 0
2017: .Pp
1.55 jmc 2018: The Online Certificate Status Protocol (OCSP)
2019: enables applications to determine the (revocation) state
2020: of an identified certificate (RFC 2560).
1.1 jsing 2021: .Pp
2022: The
2023: .Nm ocsp
2024: command performs many common OCSP tasks.
2025: It can be used to print out requests and responses,
2026: create requests and send queries to an OCSP responder,
2027: and behave like a mini OCSP server itself.
2028: .Pp
2029: The options are as follows:
2030: .Bl -tag -width Ds
2031: .It Fl CAfile Ar file , Fl CApath Ar directory
1.55 jmc 2032: A file or path containing trusted CA certificates,
2033: used to verify the signature on the OCSP response.
1.1 jsing 2034: .It Fl cert Ar file
2035: Add the certificate
2036: .Ar file
2037: to the request.
2038: The issuer certificate is taken from the previous
2039: .Fl issuer
2040: option, or an error occurs if no issuer certificate is specified.
2041: .It Fl dgst Ar alg
1.55 jmc 2042: Use the digest algorithm
2043: .Ar alg
2044: for certificate identification in the OCSP request.
1.1 jsing 2045: By default SHA-1 is used.
2046: .It Xo
2047: .Fl host Ar hostname : Ns Ar port ,
2048: .Fl path Ar path
2049: .Xc
1.55 jmc 2050: Send
2051: the OCSP request to
1.1 jsing 2052: .Ar hostname
1.55 jmc 2053: on
1.1 jsing 2054: .Ar port .
2055: .Fl path
2056: specifies the HTTP path name to use, or
1.55 jmc 2057: .Pa /
1.1 jsing 2058: by default.
2059: .It Fl issuer Ar file
1.81 jmc 2060: The current issuer certificate, in PEM format.
2061: Can be used multiple times and must come before any
1.1 jsing 2062: .Fl cert
2063: options.
2064: .It Fl no_cert_checks
2065: Don't perform any additional checks on the OCSP response signer's certificate.
2066: That is, do not make any checks to see if the signer's certificate is
2067: authorised to provide the necessary status information:
2068: as a result this option should only be used for testing purposes.
2069: .It Fl no_cert_verify
2070: Don't verify the OCSP response signer's certificate at all.
2071: Since this option allows the OCSP response to be signed by any certificate,
2072: it should only be used for testing purposes.
2073: .It Fl no_certs
1.55 jmc 2074: Don't include any certificates in the signed request.
1.1 jsing 2075: .It Fl no_chain
2076: Do not use certificates in the response as additional untrusted CA
2077: certificates.
2078: .It Fl no_intern
2079: Ignore certificates contained in the OCSP response
2080: when searching for the signer's certificate.
1.55 jmc 2081: The signer's certificate must be specified with either the
1.1 jsing 2082: .Fl verify_other
2083: or
2084: .Fl VAfile
2085: options.
2086: .It Fl no_signature_verify
2087: Don't check the signature on the OCSP response.
2088: Since this option tolerates invalid signatures on OCSP responses,
2089: it will normally only be used for testing purposes.
2090: .It Fl nonce , no_nonce
1.55 jmc 2091: Add an OCSP nonce extension to a request,
2092: or disable an OCSP nonce addition.
1.1 jsing 2093: Normally, if an OCSP request is input using the
2094: .Fl respin
1.55 jmc 2095: option no nonce is added:
1.1 jsing 2096: using the
2097: .Fl nonce
1.55 jmc 2098: option will force the addition of a nonce.
1.1 jsing 2099: If an OCSP request is being created (using the
2100: .Fl cert
2101: and
2102: .Fl serial
2103: options)
1.55 jmc 2104: a nonce is automatically added; specifying
1.1 jsing 2105: .Fl no_nonce
2106: overrides this.
2107: .It Fl noverify
1.55 jmc 2108: Don't attempt to verify the OCSP response signature or the nonce values.
2109: This is normally only be used for debugging
1.1 jsing 2110: since it disables all verification of the responder's certificate.
2111: .It Fl out Ar file
1.55 jmc 2112: Specify the output file to write to,
1.57 jmc 2113: or standard output if not specified.
1.1 jsing 2114: .It Fl req_text , resp_text , text
2115: Print out the text form of the OCSP request, response, or both, respectively.
2116: .It Fl reqin Ar file , Fl respin Ar file
2117: Read an OCSP request or response file from
2118: .Ar file .
2119: These options are ignored
2120: if an OCSP request or response creation is implied by other options
2121: (for example with the
2122: .Fl serial , cert ,
2123: and
2124: .Fl host
2125: options).
2126: .It Fl reqout Ar file , Fl respout Ar file
2127: Write out the DER-encoded certificate request or response to
2128: .Ar file .
2129: .It Fl serial Ar num
2130: Same as the
2131: .Fl cert
2132: option except the certificate with serial number
2133: .Ar num
2134: is added to the request.
2135: The serial number is interpreted as a decimal integer unless preceded by
2136: .Sq 0x .
1.55 jmc 2137: Negative integers can also be specified
2138: by preceding the value with a minus sign.
1.1 jsing 2139: .It Fl sign_other Ar file
2140: Additional certificates to include in the signed request.
2141: .It Fl signer Ar file , Fl signkey Ar file
2142: Sign the OCSP request using the certificate specified in the
2143: .Fl signer
2144: option and the private key specified by the
2145: .Fl signkey
2146: option.
2147: If the
2148: .Fl signkey
2149: option is not present, then the private key is read from the same file
2150: as the certificate.
2151: If neither option is specified, the OCSP request is not signed.
2152: .It Fl trust_other
2153: The certificates specified by the
2154: .Fl verify_other
2155: option should be explicitly trusted and no additional checks will be
2156: performed on them.
2157: This is useful when the complete responder certificate chain is not available
2158: or trusting a root CA is not appropriate.
2159: .It Fl url Ar responder_url
2160: Specify the responder URL.
2161: Both HTTP and HTTPS
2162: .Pq SSL/TLS
2163: URLs can be specified.
2164: .It Fl VAfile Ar file
1.55 jmc 2165: A file containing explicitly trusted responder certificates.
1.1 jsing 2166: Equivalent to the
2167: .Fl verify_other
2168: and
2169: .Fl trust_other
2170: options.
2171: .It Fl validity_period Ar nsec , Fl status_age Ar age
1.55 jmc 2172: The range of times, in seconds, which will be tolerated in an OCSP response.
2173: Each certificate status response includes a notBefore time
2174: and an optional notAfter time.
1.1 jsing 2175: The current time should fall between these two values,
2176: but the interval between the two times may be only a few seconds.
2177: In practice the OCSP responder and clients' clocks may not be precisely
2178: synchronised and so such a check may fail.
2179: To avoid this the
2180: .Fl validity_period
2181: option can be used to specify an acceptable error range in seconds,
1.55 jmc 2182: the default value being 5 minutes.
1.1 jsing 2183: .Pp
1.55 jmc 2184: If the notAfter time is omitted from a response,
2185: it means that new status information is immediately available.
2186: In this case the age of the notBefore field is checked
2187: to see it is not older than
1.1 jsing 2188: .Ar age
2189: seconds old.
2190: By default, this additional check is not performed.
2191: .It Fl verify_other Ar file
1.55 jmc 2192: A file containing additional certificates to search
2193: when attempting to locate the OCSP response signing certificate.
2194: Some responders omit the actual signer's certificate from the response,
2195: so this can be used to supply the necessary certificate.
1.1 jsing 2196: .El
1.55 jmc 2197: .Pp
2198: The options for the OCSP server are as follows:
1.1 jsing 2199: .Bl -tag -width "XXXX"
2200: .It Fl CA Ar file
2201: CA certificate corresponding to the revocation information in
2202: .Ar indexfile .
2203: .It Fl index Ar indexfile
2204: .Ar indexfile
1.55 jmc 2205: is a text index file in ca format
2206: containing certificate revocation information.
1.1 jsing 2207: .Pp
1.55 jmc 2208: If this option is specified,
1.1 jsing 2209: .Nm ocsp
1.55 jmc 2210: is in responder mode, otherwise it is in client mode.
2211: The requests the responder processes can be either specified on
1.1 jsing 2212: the command line (using the
2213: .Fl issuer
2214: and
2215: .Fl serial
2216: options), supplied in a file (using the
2217: .Fl respin
1.55 jmc 2218: option), or via external OCSP clients (if
1.1 jsing 2219: .Ar port
2220: or
2221: .Ar url
2222: is specified).
2223: .Pp
1.55 jmc 2224: If this option is present, then the
1.1 jsing 2225: .Fl CA
2226: and
2227: .Fl rsigner
2228: options must also be present.
2229: .It Fl nmin Ar minutes , Fl ndays Ar days
2230: Number of
2231: .Ar minutes
2232: or
2233: .Ar days
1.55 jmc 2234: when fresh revocation information is available:
2235: used in the nextUpdate field.
2236: If neither option is present,
2237: the nextUpdate field is omitted,
2238: meaning fresh revocation information is immediately available.
1.1 jsing 2239: .It Fl nrequest Ar number
1.55 jmc 2240: Exit after receiving
1.1 jsing 2241: .Ar number
1.55 jmc 2242: requests (the default is unlimited).
1.1 jsing 2243: .It Fl port Ar portnum
2244: Port to listen for OCSP requests on.
1.55 jmc 2245: May also be specified using the
1.1 jsing 2246: .Fl url
2247: option.
2248: .It Fl resp_key_id
2249: Identify the signer certificate using the key ID;
1.55 jmc 2250: the default is to use the subject name.
1.1 jsing 2251: .It Fl resp_no_certs
2252: Don't include any certificates in the OCSP response.
2253: .It Fl rkey Ar file
2254: The private key to sign OCSP responses with;
2255: if not present, the file specified in the
2256: .Fl rsigner
2257: option is used.
2258: .It Fl rother Ar file
2259: Additional certificates to include in the OCSP response.
2260: .It Fl rsigner Ar file
2261: The certificate to sign OCSP responses with.
2262: .El
2263: .Pp
2264: Initially the OCSP responder certificate is located and the signature on
2265: the OCSP request checked using the responder certificate's public key.
2266: Then a normal certificate verify is performed on the OCSP responder certificate
2267: building up a certificate chain in the process.
2268: The locations of the trusted certificates used to build the chain can be
2269: specified by the
2270: .Fl CAfile
2271: and
2272: .Fl CApath
2273: options or they will be looked for in the standard
1.55 jmc 2274: .Nm openssl
2275: certificates directory.
1.1 jsing 2276: .Pp
1.55 jmc 2277: If the initial verify fails, the OCSP verify process halts with an error.
1.1 jsing 2278: Otherwise the issuing CA certificate in the request is compared to the OCSP
2279: responder certificate: if there is a match then the OCSP verify succeeds.
2280: .Pp
2281: Otherwise the OCSP responder certificate's CA is checked against the issuing
2282: CA certificate in the request.
2283: If there is a match and the OCSPSigning extended key usage is present
2284: in the OCSP responder certificate, then the OCSP verify succeeds.
2285: .Pp
2286: Otherwise the root CA of the OCSP responder's CA is checked to see if it
2287: is trusted for OCSP signing.
2288: If it is, the OCSP verify succeeds.
2289: .Pp
2290: If none of these checks is successful, the OCSP verify fails.
2291: What this effectively means is that if the OCSP responder certificate is
2292: authorised directly by the CA it is issuing revocation information about
1.55 jmc 2293: (and it is correctly configured),
1.1 jsing 2294: then verification will succeed.
2295: .Pp
1.55 jmc 2296: If the OCSP responder is a global responder,
2297: which can give details about multiple CAs
2298: and has its own separate certificate chain,
2299: then its root CA can be trusted for OCSP signing.
1.1 jsing 2300: Alternatively, the responder certificate itself can be explicitly trusted
2301: with the
2302: .Fl VAfile
2303: option.
2304: .Sh PASSWD
2305: .nr nS 1
2306: .Nm "openssl passwd"
2307: .Op Fl 1 | apr1 | crypt
2308: .Op Fl in Ar file
2309: .Op Fl noverify
2310: .Op Fl quiet
2311: .Op Fl reverse
2312: .Op Fl salt Ar string
2313: .Op Fl stdin
2314: .Op Fl table
2315: .Op Ar password
2316: .nr nS 0
2317: .Pp
2318: The
2319: .Nm passwd
1.56 jmc 2320: command computes the hash of a password.
1.1 jsing 2321: .Pp
2322: The options are as follows:
2323: .Bl -tag -width Ds
2324: .It Fl 1
2325: Use the MD5 based
2326: .Bx
2327: password algorithm
1.56 jmc 2328: .Qq 1 .
1.1 jsing 2329: .It Fl apr1
2330: Use the
1.56 jmc 2331: .Qq apr1
1.1 jsing 2332: algorithm
1.56 jmc 2333: .Po
2334: Apache variant of the
1.1 jsing 2335: .Bx
1.56 jmc 2336: algorithm
2337: .Pc .
1.1 jsing 2338: .It Fl crypt
2339: Use the
1.56 jmc 2340: .Qq crypt
2341: algorithm (the default).
1.1 jsing 2342: .It Fl in Ar file
2343: Read passwords from
2344: .Ar file .
2345: .It Fl noverify
2346: Don't verify when reading a password from the terminal.
2347: .It Fl quiet
2348: Don't output warnings when passwords given on the command line are truncated.
2349: .It Fl reverse
2350: Switch table columns.
2351: This only makes sense in conjunction with the
2352: .Fl table
2353: option.
2354: .It Fl salt Ar string
1.56 jmc 2355: Use the salt specified by
2356: .Ar string .
1.1 jsing 2357: When reading a password from the terminal, this implies
2358: .Fl noverify .
2359: .It Fl stdin
1.56 jmc 2360: Read passwords from standard input.
1.1 jsing 2361: .It Fl table
2362: In the output list, prepend the cleartext password and a TAB character
2363: to each password hash.
2364: .El
2365: .Sh PKCS7
2366: .nr nS 1
2367: .Nm "openssl pkcs7"
2368: .Op Fl in Ar file
1.57 jmc 2369: .Op Fl inform Cm der | pem
1.1 jsing 2370: .Op Fl noout
2371: .Op Fl out Ar file
1.57 jmc 2372: .Op Fl outform Cm der | pem
1.1 jsing 2373: .Op Fl print_certs
2374: .Op Fl text
2375: .nr nS 0
2376: .Pp
2377: The
2378: .Nm pkcs7
2379: command processes PKCS#7 files in DER or PEM format.
1.57 jmc 2380: The PKCS#7 routines only understand PKCS#7 v 1.5 as specified in RFC 2315.
2381: .Pp
1.1 jsing 2382: The options are as follows:
2383: .Bl -tag -width Ds
2384: .It Fl in Ar file
1.57 jmc 2385: The input file to read from,
2386: or standard input if not specified.
2387: .It Fl inform Cm der | pem
2388: The input format.
1.1 jsing 2389: .It Fl noout
2390: Don't output the encoded version of the PKCS#7 structure
2391: (or certificates if
2392: .Fl print_certs
2393: is set).
2394: .It Fl out Ar file
1.57 jmc 2395: The output to write to,
2396: or standard output if not specified.
2397: .It Fl outform Cm der | pem
2398: The output format.
1.1 jsing 2399: .It Fl print_certs
1.57 jmc 2400: Print any certificates or CRLs contained in the file,
2401: preceded by their subject and issuer names in a one-line format.
1.1 jsing 2402: .It Fl text
1.57 jmc 2403: Print certificate details in full rather than just subject and issuer names.
1.1 jsing 2404: .El
2405: .Sh PKCS8
2406: .nr nS 1
2407: .Nm "openssl pkcs8"
2408: .Op Fl embed
2409: .Op Fl in Ar file
1.58 jmc 2410: .Op Fl inform Cm der | pem
1.1 jsing 2411: .Op Fl nocrypt
2412: .Op Fl noiter
2413: .Op Fl nooct
2414: .Op Fl nsdb
2415: .Op Fl out Ar file
1.58 jmc 2416: .Op Fl outform Cm der | pem
1.1 jsing 2417: .Op Fl passin Ar arg
2418: .Op Fl passout Ar arg
2419: .Op Fl topk8
2420: .Op Fl v1 Ar alg
2421: .Op Fl v2 Ar alg
2422: .nr nS 0
2423: .Pp
2424: The
2425: .Nm pkcs8
1.58 jmc 2426: command processes private keys
2427: (both encrypted and unencrypted)
2428: in PKCS#8 format
2429: with a variety of PKCS#5 (v1.5 and v2.0) and PKCS#12 algorithms.
2430: The default encryption is only 56 bits;
2431: keys encrypted using PKCS#5 v2.0 algorithms and high iteration counts
2432: are more secure.
2433: .Pp
1.1 jsing 2434: The options are as follows:
2435: .Bl -tag -width Ds
2436: .It Fl embed
1.58 jmc 2437: Generate DSA keys in a broken format.
2438: The DSA parameters are embedded inside the PrivateKey structure.
1.84 jmc 2439: In this form the OCTET STRING contains an ASN.1 SEQUENCE consisting of
1.1 jsing 2440: two structures:
1.84 jmc 2441: a SEQUENCE containing the parameters and an ASN.1 INTEGER containing
1.1 jsing 2442: the private key.
2443: .It Fl in Ar file
1.58 jmc 2444: The input file to read from,
2445: or standard input if not specified.
1.1 jsing 2446: If the key is encrypted, a pass phrase will be prompted for.
1.58 jmc 2447: .It Fl inform Cm der | pem
2448: The input format.
1.1 jsing 2449: .It Fl nocrypt
1.58 jmc 2450: Generate an unencrypted PrivateKeyInfo structure.
2451: This option does not encrypt private keys at all
2452: and should only be used when absolutely necessary.
1.1 jsing 2453: .It Fl noiter
2454: Use an iteration count of 1.
2455: See the
2456: .Sx PKCS12
2457: section below for a detailed explanation of this option.
2458: .It Fl nooct
1.58 jmc 2459: Generate RSA private keys in a broken format that some software uses.
1.1 jsing 2460: Specifically the private key should be enclosed in an OCTET STRING,
2461: but some software just includes the structure itself without the
2462: surrounding OCTET STRING.
2463: .It Fl nsdb
1.58 jmc 2464: Generate DSA keys in a broken format compatible with Netscape
1.1 jsing 2465: private key databases.
1.58 jmc 2466: The PrivateKey contains a SEQUENCE
2467: consisting of the public and private keys, respectively.
1.1 jsing 2468: .It Fl out Ar file
1.58 jmc 2469: The output file to write to,
2470: or standard output if none is specified.
1.1 jsing 2471: If any encryption options are set, a pass phrase will be prompted for.
1.58 jmc 2472: .It Fl outform Cm der | pem
2473: The output format.
1.1 jsing 2474: .It Fl passin Ar arg
2475: The key password source.
2476: .It Fl passout Ar arg
2477: The output file password source.
2478: .It Fl topk8
1.58 jmc 2479: Read a traditional format private key and write a PKCS#8 format key.
1.1 jsing 2480: .It Fl v1 Ar alg
1.58 jmc 2481: Specify a PKCS#5 v1.5 or PKCS#12 algorithm to use.
2482: .Pp
2483: .Bl -tag -width "XXXX" -compact
2484: .It PBE-MD5-DES
2485: 56-bit DES.
2486: .It PBE-SHA1-RC2-64 | PBE-MD5-RC2-64 | PBE-SHA1-DES
2487: 64-bit RC2 or 56-bit DES.
2488: .It PBE-SHA1-RC4-128 | PBE-SHA1-RC4-40 | PBE-SHA1-3DES
2489: .It PBE-SHA1-2DES | PBE-SHA1-RC2-128 | PBE-SHA1-RC2-40
2490: PKCS#12 password-based encryption algorithm,
2491: which allow strong encryption algorithms like triple DES or 128-bit RC2.
2492: .El
1.1 jsing 2493: .It Fl v2 Ar alg
1.58 jmc 2494: Use PKCS#5 v2.0 algorithms.
2495: Supports algorithms such as 168-bit triple DES or 128-bit RC2,
2496: however not many implementations support PKCS#5 v2.0 yet
2497: (if using private keys with
2498: .Nm openssl
2499: this doesn't matter).
1.1 jsing 2500: .Pp
2501: .Ar alg
1.58 jmc 2502: is the encryption algorithm to use;
2503: valid values include des, des3, and rc2.
2504: It is recommended that des3 is used.
1.1 jsing 2505: .El
2506: .Sh PKCS12
2507: .nr nS 1
2508: .Nm "openssl pkcs12"
1.59 jmc 2509: .Op Fl aes128 | aes192 | aes256 | des | des3
1.1 jsing 2510: .Op Fl cacerts
2511: .Op Fl CAfile Ar file
2512: .Op Fl caname Ar name
2513: .Op Fl CApath Ar directory
2514: .Op Fl certfile Ar file
2515: .Op Fl certpbe Ar alg
2516: .Op Fl chain
2517: .Op Fl clcerts
2518: .Op Fl CSP Ar name
2519: .Op Fl descert
2520: .Op Fl export
2521: .Op Fl in Ar file
2522: .Op Fl info
2523: .Op Fl inkey Ar file
2524: .Op Fl keyex
2525: .Op Fl keypbe Ar alg
2526: .Op Fl keysig
2527: .Op Fl macalg Ar alg
2528: .Op Fl maciter
2529: .Op Fl name Ar name
2530: .Op Fl nocerts
2531: .Op Fl nodes
2532: .Op Fl noiter
2533: .Op Fl nokeys
2534: .Op Fl nomac
2535: .Op Fl nomaciter
2536: .Op Fl nomacver
2537: .Op Fl noout
2538: .Op Fl out Ar file
2539: .Op Fl passin Ar arg
2540: .Op Fl passout Ar arg
2541: .Op Fl twopass
2542: .nr nS 0
2543: .Pp
2544: The
2545: .Nm pkcs12
2546: command allows PKCS#12 files
2547: .Pq sometimes referred to as PFX files
2548: to be created and parsed.
2549: By default, a PKCS#12 file is parsed;
2550: a PKCS#12 file can be created by using the
2551: .Fl export
1.59 jmc 2552: option.
2553: .Pp
2554: The options for parsing a PKCS12 file are as follows:
1.1 jsing 2555: .Bl -tag -width "XXXX"
1.59 jmc 2556: .It Fl aes128 | aes192 | aes256 | des | des3
2557: Encrypt private keys
2558: using AES, DES, or triple DES, respectively.
1.1 jsing 2559: The default is triple DES.
2560: .It Fl cacerts
2561: Only output CA certificates
2562: .Pq not client certificates .
2563: .It Fl clcerts
2564: Only output client certificates
2565: .Pq not CA certificates .
2566: .It Fl in Ar file
1.59 jmc 2567: The input file to read from,
2568: or standard input if not specified.
1.1 jsing 2569: .It Fl info
2570: Output additional information about the PKCS#12 file structure,
2571: algorithms used, and iteration counts.
2572: .It Fl nocerts
1.59 jmc 2573: Do not output certificates.
1.1 jsing 2574: .It Fl nodes
1.59 jmc 2575: Do not encrypt private keys.
1.1 jsing 2576: .It Fl nokeys
1.59 jmc 2577: Do not output private keys.
1.1 jsing 2578: .It Fl nomacver
1.59 jmc 2579: Do not attempt to verify the integrity MAC before reading the file.
1.1 jsing 2580: .It Fl noout
1.59 jmc 2581: Do not output the keys and certificates to the output file
1.1 jsing 2582: version of the PKCS#12 file.
2583: .It Fl out Ar file
1.59 jmc 2584: The output file to write to,
2585: or standard output if not specified.
1.1 jsing 2586: .It Fl passin Ar arg
2587: The key password source.
2588: .It Fl passout Ar arg
2589: The output file password source.
2590: .It Fl twopass
2591: Prompt for separate integrity and encryption passwords: most software
2592: always assumes these are the same so this option will render such
2593: PKCS#12 files unreadable.
2594: .El
1.59 jmc 2595: .Pp
2596: The options for PKCS12 file creation are as follows:
1.1 jsing 2597: .Bl -tag -width "XXXX"
2598: .It Fl CAfile Ar file
2599: CA storage as a file.
2600: .It Fl CApath Ar directory
2601: CA storage as a directory.
1.59 jmc 2602: The directory must be a standard certificate directory:
1.1 jsing 2603: that is, a hash of each subject name (using
1.59 jmc 2604: .Nm x509 Fl hash )
1.1 jsing 2605: should be linked to each certificate.
2606: .It Fl caname Ar name
1.59 jmc 2607: Specify the
1.1 jsing 2608: .Qq friendly name
2609: for other certificates.
1.59 jmc 2610: May be used multiple times to specify names for all certificates
1.1 jsing 2611: in the order they appear.
2612: .It Fl certfile Ar file
2613: A file to read additional certificates from.
2614: .It Fl certpbe Ar alg , Fl keypbe Ar alg
1.59 jmc 2615: Specify the algorithm used to encrypt the private key and
1.1 jsing 2616: certificates to be selected.
1.59 jmc 2617: Any PKCS#5 v1.5 or PKCS#12 PBE algorithm name can be used.
1.1 jsing 2618: If a cipher name
2619: (as output by the
2620: .Cm list-cipher-algorithms
2621: command) is specified then it
2622: is used with PKCS#5 v2.0.
2623: For interoperability reasons it is advisable to only use PKCS#12 algorithms.
2624: .It Fl chain
1.59 jmc 2625: Include the entire certificate chain of the user certificate.
1.1 jsing 2626: The standard CA store is used for this search.
2627: If the search fails, it is considered a fatal error.
2628: .It Fl CSP Ar name
2629: Write
2630: .Ar name
2631: as a Microsoft CSP name.
2632: .It Fl descert
2633: Encrypt the certificate using triple DES; this may render the PKCS#12
2634: file unreadable by some
2635: .Qq export grade
2636: software.
2637: By default, the private key is encrypted using triple DES and the
2638: certificate using 40-bit RC2.
2639: .It Fl export
1.59 jmc 2640: Create a PKCS#12 file (rather than parsing one).
1.1 jsing 2641: .It Fl in Ar file
1.59 jmc 2642: The input file to read from,
1.81 jmc 2643: or standard input if not specified.
1.1 jsing 2644: The order doesn't matter but one private key and its corresponding
2645: certificate should be present.
2646: If additional certificates are present, they will also be included
2647: in the PKCS#12 file.
2648: .It Fl inkey Ar file
1.59 jmc 2649: File to read a private key from.
1.1 jsing 2650: If not present, a private key must be present in the input file.
2651: .It Fl keyex | keysig
1.59 jmc 2652: Specify whether the private key is to be used for key exchange or just signing.
1.1 jsing 2653: Normally,
2654: .Qq export grade
2655: software will only allow 512-bit RSA keys to be
2656: used for encryption purposes, but arbitrary length keys for signing.
2657: The
2658: .Fl keysig
2659: option marks the key for signing only.
2660: Signing only keys can be used for S/MIME signing, authenticode
1.66 jmc 2661: (ActiveX control signing)
1.59 jmc 2662: and SSL client authentication.
1.1 jsing 2663: .It Fl macalg Ar alg
2664: Specify the MAC digest algorithm.
1.59 jmc 2665: The default is SHA1.
1.1 jsing 2666: .It Fl maciter
1.66 jmc 2667: Included for compatibility only:
1.59 jmc 2668: it used to be needed to use MAC iterations counts
2669: but they are now used by default.
1.1 jsing 2670: .It Fl name Ar name
1.59 jmc 2671: Specify the
1.1 jsing 2672: .Qq friendly name
2673: for the certificate and private key.
2674: This name is typically displayed in list boxes by software importing the file.
2675: .It Fl nomac
2676: Don't attempt to provide the MAC integrity.
2677: .It Fl nomaciter , noiter
1.59 jmc 2678: Affect the iteration counts on the MAC and key algorithms.
1.1 jsing 2679: .Pp
2680: To discourage attacks by using large dictionaries of common passwords,
2681: the algorithm that derives keys from passwords can have an iteration count
2682: applied to it: this causes a certain part of the algorithm to be repeated
2683: and slows it down.
2684: The MAC is used to check the file integrity but since it will normally
2685: have the same password as the keys and certificates it could also be attacked.
2686: By default, both MAC and encryption iteration counts are set to 2048;
2687: using these options the MAC and encryption iteration counts can be set to 1.
2688: Since this reduces the file security you should not use these options
2689: unless you really have to.
2690: Most software supports both MAC and key iteration counts.
2691: .It Fl out Ar file
1.59 jmc 2692: The output file to write to,
2693: or standard output if not specified.
1.1 jsing 2694: .It Fl passin Ar arg
2695: The key password source.
2696: .It Fl passout Ar arg
2697: The output file password source.
2698: .El
2699: .Sh PKEY
2700: .nr nS 1
2701: .Nm "openssl pkey"
2702: .Op Ar cipher
2703: .Op Fl in Ar file
1.60 jmc 2704: .Op Fl inform Cm der | pem
1.1 jsing 2705: .Op Fl noout
2706: .Op Fl out Ar file
1.60 jmc 2707: .Op Fl outform Cm der | pem
1.1 jsing 2708: .Op Fl passin Ar arg
2709: .Op Fl passout Ar arg
2710: .Op Fl pubin
2711: .Op Fl pubout
2712: .Op Fl text
2713: .Op Fl text_pub
2714: .nr nS 0
2715: .Pp
2716: The
2717: .Nm pkey
2718: command processes public or private keys.
2719: They can be converted between various forms
2720: and their components printed out.
2721: .Pp
2722: The options are as follows:
2723: .Bl -tag -width Ds
2724: .It Ar cipher
1.60 jmc 2725: Encrypt the private key with the specified cipher.
1.1 jsing 2726: Any algorithm name accepted by
1.60 jmc 2727: .Xr EVP_get_cipherbyname 3
1.1 jsing 2728: is acceptable, such as
2729: .Cm des3 .
2730: .It Fl in Ar file
1.60 jmc 2731: The input file to read from,
2732: or standard input if not specified.
1.1 jsing 2733: If the key is encrypted a pass phrase will be prompted for.
1.60 jmc 2734: .It Fl inform Cm der | pem
2735: The input format.
1.1 jsing 2736: .It Fl noout
2737: Do not output the encoded version of the key.
2738: .It Fl out Ar file
1.60 jmc 2739: The output file to write to,
2740: or standard output if not specified.
1.1 jsing 2741: If any encryption options are set then a pass phrase
2742: will be prompted for.
1.60 jmc 2743: .It Fl outform Cm der | pem
2744: The output format.
1.1 jsing 2745: .It Fl passin Ar arg
2746: The key password source.
2747: .It Fl passout Ar arg
2748: The output file password source.
2749: .It Fl pubin
1.60 jmc 2750: Read in a public key, not a private key.
1.1 jsing 2751: .It Fl pubout
1.60 jmc 2752: Output a public key, not a private key.
2753: Automatically set if the input is a public key.
1.1 jsing 2754: .It Fl text
1.64 jmc 2755: Print the public/private key in plain text.
1.1 jsing 2756: .It Fl text_pub
2757: Print out only public key components
2758: even if a private key is being processed.
2759: .El
2760: .Sh PKEYPARAM
2761: .Cm openssl pkeyparam
2762: .Op Fl in Ar file
2763: .Op Fl noout
2764: .Op Fl out Ar file
2765: .Op Fl text
2766: .Pp
2767: The
1.61 jmc 2768: .Nm pkeyparam
1.1 jsing 2769: command processes public or private keys.
1.61 jmc 2770: The key type is determined by the PEM headers.
1.1 jsing 2771: .Pp
2772: The options are as follows:
2773: .Bl -tag -width Ds
2774: .It Fl in Ar file
1.61 jmc 2775: The input file to read from,
2776: or standard input if not specified.
1.1 jsing 2777: .It Fl noout
2778: Do not output the encoded version of the parameters.
2779: .It Fl out Ar file
1.61 jmc 2780: The output file to write to,
2781: or standard output if not specified.
1.1 jsing 2782: .It Fl text
1.64 jmc 2783: Print the parameters in plain text.
1.1 jsing 2784: .El
2785: .Sh PKEYUTL
2786: .nr nS 1
2787: .Nm "openssl pkeyutl"
2788: .Op Fl asn1parse
2789: .Op Fl certin
2790: .Op Fl decrypt
2791: .Op Fl derive
2792: .Op Fl encrypt
2793: .Op Fl hexdump
2794: .Op Fl in Ar file
2795: .Op Fl inkey Ar file
1.62 jmc 2796: .Op Fl keyform Cm der | pem
1.1 jsing 2797: .Op Fl out Ar file
2798: .Op Fl passin Ar arg
1.62 jmc 2799: .Op Fl peerform Cm der | pem
1.1 jsing 2800: .Op Fl peerkey Ar file
2801: .Op Fl pkeyopt Ar opt : Ns Ar value
2802: .Op Fl pubin
2803: .Op Fl rev
2804: .Op Fl sigfile Ar file
2805: .Op Fl sign
2806: .Op Fl verify
2807: .Op Fl verifyrecover
2808: .nr nS 0
2809: .Pp
2810: The
2811: .Nm pkeyutl
2812: command can be used to perform public key operations using
2813: any supported algorithm.
2814: .Pp
2815: The options are as follows:
2816: .Bl -tag -width Ds
2817: .It Fl asn1parse
1.84 jmc 2818: ASN.1 parse the output data.
1.1 jsing 2819: This is useful when combined with the
2820: .Fl verifyrecover
1.84 jmc 2821: option when an ASN.1 structure is signed.
1.1 jsing 2822: .It Fl certin
2823: The input is a certificate containing a public key.
2824: .It Fl decrypt
2825: Decrypt the input data using a private key.
2826: .It Fl derive
2827: Derive a shared secret using the peer key.
2828: .It Fl encrypt
2829: Encrypt the input data using a public key.
2830: .It Fl hexdump
2831: Hex dump the output data.
2832: .It Fl in Ar file
1.62 jmc 2833: The input file to read from,
2834: or standard input if not specified.
1.1 jsing 2835: .It Fl inkey Ar file
2836: The input key file.
2837: By default it should be a private key.
1.62 jmc 2838: .It Fl keyform Cm der | pem
2839: The key format.
1.1 jsing 2840: .It Fl out Ar file
1.62 jmc 2841: The output file to write to,
2842: or standard output if not specified.
1.1 jsing 2843: .It Fl passin Ar arg
2844: The key password source.
1.62 jmc 2845: .It Fl peerform Cm der | pem
2846: The peer key format.
1.1 jsing 2847: .It Fl peerkey Ar file
2848: The peer key file, used by key derivation (agreement) operations.
2849: .It Fl pkeyopt Ar opt : Ns Ar value
1.62 jmc 2850: Set the public key algorithm option
2851: .Ar opt
2852: to
2853: .Ar value .
2854: Unless otherwise mentioned, all algorithms support the format
2855: .Ar digest : Ns Ar alg ,
2856: which specifies the digest to use
1.1 jsing 2857: for sign, verify, and verifyrecover operations.
2858: The value
2859: .Ar alg
2860: should represent a digest name as used in the
1.62 jmc 2861: .Xr EVP_get_digestbyname 3
2862: function.
2863: .Pp
1.1 jsing 2864: The RSA algorithm supports the
2865: encrypt, decrypt, sign, verify, and verifyrecover operations in general.
2866: Some padding modes only support some of these
2867: operations however.
2868: .Bl -tag -width Ds
2869: .It rsa_padding_mode : Ns Ar mode
2870: This sets the RSA padding mode.
2871: Acceptable values for
2872: .Ar mode
2873: are
2874: .Cm pkcs1
2875: for PKCS#1 padding;
2876: .Cm none
2877: for no padding;
2878: .Cm oaep
2879: for OAEP mode;
2880: .Cm x931
2881: for X9.31 mode;
2882: and
2883: .Cm pss
2884: for PSS.
2885: .Pp
2886: In PKCS#1 padding if the message digest is not set then the supplied data is
2887: signed or verified directly instead of using a DigestInfo structure.
2888: If a digest is set then a DigestInfo
2889: structure is used and its length
2890: must correspond to the digest type.
2891: For oeap mode only encryption and decryption is supported.
2892: For x931 if the digest type is set it is used to format the block data;
2893: otherwise the first byte is used to specify the X9.31 digest ID.
2894: Sign, verify, and verifyrecover can be performed in this mode.
2895: For pss mode only sign and verify are supported and the digest type must be
2896: specified.
2897: .It rsa_pss_saltlen : Ns Ar len
2898: For pss
2899: mode only this option specifies the salt length.
2900: Two special values are supported:
2901: -1 sets the salt length to the digest length.
2902: When signing -2 sets the salt length to the maximum permissible value.
2903: When verifying -2 causes the salt length to be automatically determined
2904: based on the PSS block structure.
2905: .El
1.62 jmc 2906: .Pp
1.1 jsing 2907: The DSA algorithm supports the sign and verify operations.
2908: Currently there are no additional options other than
2909: .Ar digest .
2910: Only the SHA1 digest can be used and this digest is assumed by default.
1.62 jmc 2911: .Pp
1.1 jsing 2912: The DH algorithm supports the derive operation
2913: and no additional options.
1.62 jmc 2914: .Pp
1.1 jsing 2915: The EC algorithm supports the sign, verify, and derive operations.
2916: The sign and verify operations use ECDSA and derive uses ECDH.
2917: Currently there are no additional options other than
2918: .Ar digest .
2919: Only the SHA1 digest can be used and this digest is assumed by default.
1.62 jmc 2920: .It Fl pubin
2921: The input file is a public key.
2922: .It Fl rev
2923: Reverse the order of the input buffer.
2924: .It Fl sigfile Ar file
2925: Signature file (verify operation only).
2926: .It Fl sign
2927: Sign the input data and output the signed result.
2928: This requires a private key.
2929: .It Fl verify
2930: Verify the input data against the signature file and indicate if the
2931: verification succeeded or failed.
2932: .It Fl verifyrecover
2933: Verify the input data and output the recovered data.
2934: .El
1.1 jsing 2935: .Sh PRIME
2936: .Cm openssl prime
2937: .Op Fl bits Ar n
2938: .Op Fl checks Ar n
2939: .Op Fl generate
2940: .Op Fl hex
2941: .Op Fl safe
2942: .Ar p
2943: .Pp
2944: The
2945: .Nm prime
2946: command is used to generate prime numbers,
2947: or to check numbers for primality.
2948: Results are probabilistic:
2949: they have an exceedingly high likelihood of being correct,
2950: but are not guaranteed.
2951: .Pp
2952: The options are as follows:
2953: .Bl -tag -width Ds
2954: .It Fl bits Ar n
2955: Specify the number of bits in the generated prime number.
2956: Must be used in conjunction with
2957: .Fl generate .
2958: .It Fl checks Ar n
2959: Perform a Miller-Rabin probabilistic primality test with
2960: .Ar n
2961: iterations.
2962: The default is 20.
2963: .It Fl generate
2964: Generate a pseudo-random prime number.
2965: Must be used in conjunction with
2966: .Fl bits .
2967: .It Fl hex
2968: Output in hex format.
2969: .It Fl safe
2970: Generate only
2971: .Qq safe
2972: prime numbers
2973: (i.e. a prime p so that (p-1)/2 is also prime).
2974: .It Ar p
2975: Test if number
2976: .Ar p
2977: is prime.
2978: .El
2979: .Sh RAND
2980: .nr nS 1
2981: .Nm "openssl rand"
2982: .Op Fl base64
2983: .Op Fl hex
2984: .Op Fl out Ar file
2985: .Ar num
2986: .nr nS 0
2987: .Pp
2988: The
2989: .Nm rand
2990: command outputs
2991: .Ar num
2992: pseudo-random bytes.
2993: .Pp
2994: The options are as follows:
2995: .Bl -tag -width Ds
2996: .It Fl base64
1.81 jmc 2997: Perform base64 encoding on the output.
1.1 jsing 2998: .It Fl hex
2999: Specify hexadecimal output.
3000: .It Fl out Ar file
1.63 jmc 3001: The output file to write to,
3002: or standard output if not specified.
1.1 jsing 3003: .El
3004: .Sh REQ
3005: .nr nS 1
3006: .Nm "openssl req"
3007: .Op Fl asn1-kludge
3008: .Op Fl batch
3009: .Op Fl config Ar file
3010: .Op Fl days Ar n
3011: .Op Fl extensions Ar section
3012: .Op Fl in Ar file
1.63 jmc 3013: .Op Fl inform Cm der | pem
1.1 jsing 3014: .Op Fl key Ar keyfile
1.63 jmc 3015: .Op Fl keyform Cm der | pem
1.1 jsing 3016: .Op Fl keyout Ar file
1.28 doug 3017: .Op Fl md4 | md5 | sha1
1.1 jsing 3018: .Op Fl modulus
3019: .Op Fl nameopt Ar option
3020: .Op Fl new
3021: .Op Fl newhdr
3022: .Op Fl newkey Ar arg
3023: .Op Fl no-asn1-kludge
3024: .Op Fl nodes
3025: .Op Fl noout
3026: .Op Fl out Ar file
1.63 jmc 3027: .Op Fl outform Cm der | pem
1.1 jsing 3028: .Op Fl passin Ar arg
3029: .Op Fl passout Ar arg
3030: .Op Fl pubkey
3031: .Op Fl reqexts Ar section
3032: .Op Fl reqopt Ar option
3033: .Op Fl set_serial Ar n
3034: .Op Fl subj Ar arg
3035: .Op Fl subject
3036: .Op Fl text
3037: .Op Fl utf8
3038: .Op Fl verbose
3039: .Op Fl verify
3040: .Op Fl x509
3041: .nr nS 0
3042: .Pp
3043: The
3044: .Nm req
3045: command primarily creates and processes certificate requests
3046: in PKCS#10 format.
3047: It can additionally create self-signed certificates,
3048: for use as root CAs, for example.
3049: .Pp
3050: The options are as follows:
3051: .Bl -tag -width Ds
3052: .It Fl asn1-kludge
1.63 jmc 3053: Produce requests in an invalid format for certain picky CAs.
3054: Very few CAs still require the use of this option.
1.1 jsing 3055: .It Fl batch
3056: Non-interactive mode.
3057: .It Fl config Ar file
1.63 jmc 3058: Specify an alternative configuration file.
1.1 jsing 3059: .It Fl days Ar n
1.63 jmc 3060: Specify the number of days to certify the certificate for.
3061: The default is 30 days.
3062: Used with the
1.1 jsing 3063: .Fl x509
1.63 jmc 3064: option.
1.1 jsing 3065: .It Fl extensions Ar section , Fl reqexts Ar section
1.63 jmc 3066: Specify alternative sections to include certificate
3067: extensions (with
3068: .Fl x509 )
3069: or certificate request extensions,
3070: allowing several different sections to be used in the same configuration file.
1.1 jsing 3071: .It Fl in Ar file
1.63 jmc 3072: The input file to read a request from,
3073: or standard input if not specified.
1.1 jsing 3074: A request is only read if the creation options
3075: .Fl new
3076: and
3077: .Fl newkey
3078: are not specified.
1.63 jmc 3079: .It Fl inform Cm der | pem
3080: The input format.
1.1 jsing 3081: .It Fl key Ar keyfile
1.63 jmc 3082: The file to read the private key from.
1.1 jsing 3083: It also accepts PKCS#8 format private keys for PEM format files.
1.63 jmc 3084: .It Fl keyform Cm der | pem
1.1 jsing 3085: The format of the private key file specified in the
3086: .Fl key
3087: argument.
1.81 jmc 3088: The default is
3089: .Cm pem .
1.1 jsing 3090: .It Fl keyout Ar file
1.63 jmc 3091: The file to write the newly created private key to.
3092: If this option is not specified,
3093: the filename present in the configuration file is used.
1.4 sthen 3094: .It Fl md5 | sha1 | sha256
1.63 jmc 3095: The message digest to sign the request with.
1.1 jsing 3096: This overrides the digest algorithm specified in the configuration file.
3097: .Pp
3098: Some public key algorithms may override this choice.
3099: For instance, DSA signatures always use SHA1.
3100: .It Fl modulus
1.63 jmc 3101: Print the value of the modulus of the public key contained in the request.
1.1 jsing 3102: .It Fl nameopt Ar option , Fl reqopt Ar option
1.63 jmc 3103: Determine how the subject or issuer names are displayed.
1.1 jsing 3104: .Ar option
1.63 jmc 3105: can be a single option or multiple options separated by commas.
1.1 jsing 3106: Alternatively, these options may be used more than once to set multiple options.
3107: See the
3108: .Sx X509
3109: section below for details.
3110: .It Fl new
1.63 jmc 3111: Generate a new certificate request.
3112: The user is prompted for the relevant field values.
1.1 jsing 3113: The actual fields prompted for and their maximum and minimum sizes
3114: are specified in the configuration file and any requested extensions.
3115: .Pp
3116: If the
3117: .Fl key
3118: option is not used, it will generate a new RSA private
3119: key using information specified in the configuration file.
3120: .It Fl newhdr
1.63 jmc 3121: Add the word NEW to the PEM file header and footer lines
1.1 jsing 3122: on the outputed request.
1.63 jmc 3123: Some software and CAs need this.
1.1 jsing 3124: .It Fl newkey Ar arg
1.63 jmc 3125: Create a new certificate request and a new private key.
1.1 jsing 3126: The argument takes one of several forms.
1.63 jmc 3127: .Pp
3128: .No rsa : Ns Ar nbits
3129: generates an RSA key
1.1 jsing 3130: .Ar nbits
3131: in size.
3132: If
3133: .Ar nbits
1.63 jmc 3134: is omitted
3135: the default key size is used.
3136: .Pp
3137: .No dsa : Ns Ar file
3138: generates a DSA key using the parameters in
3139: .Ar file .
3140: .Pp
3141: .No param : Ns Ar file
3142: generates a key using the parameters or certificate in
3143: .Ar file .
3144: .Pp
3145: All other algorithms support the form
3146: .Ar algorithm : Ns Ar file ,
1.1 jsing 3147: where file may be an algorithm parameter file,
3148: created by the
3149: .Cm genpkey -genparam
1.14 jmc 3150: command or an X.509 certificate for a key with appropriate algorithm.
1.63 jmc 3151: .Ar file
3152: can be omitted,
3153: in which case any parameters can be specified via the
1.1 jsing 3154: .Fl pkeyopt
3155: option.
3156: .It Fl no-asn1-kludge
1.63 jmc 3157: Reverse the effect of
1.1 jsing 3158: .Fl asn1-kludge .
3159: .It Fl nodes
1.63 jmc 3160: Do not encrypt the private key.
1.1 jsing 3161: .It Fl noout
1.63 jmc 3162: Do not output the encoded version of the request.
1.1 jsing 3163: .It Fl out Ar file
1.63 jmc 3164: The output file to write to,
3165: or standard output if not spceified.
3166: .It Fl outform Cm der | pem
3167: The output format.
1.1 jsing 3168: .It Fl passin Ar arg
3169: The key password source.
3170: .It Fl passout Ar arg
3171: The output file password source.
3172: .It Fl pubkey
1.63 jmc 3173: Output the public key.
1.1 jsing 3174: .It Fl reqopt Ar option
3175: Customise the output format used with
3176: .Fl text .
3177: The
3178: .Ar option
3179: argument can be a single option or multiple options separated by commas.
1.63 jmc 3180: See also the discussion of
1.1 jsing 3181: .Fl certopt
1.63 jmc 3182: in the
1.1 jsing 3183: .Nm x509
3184: command.
3185: .It Fl set_serial Ar n
3186: Serial number to use when outputting a self-signed certificate.
3187: This may be specified as a decimal value or a hex value if preceded by
3188: .Sq 0x .
3189: It is possible to use negative serial numbers but this is not recommended.
3190: .It Fl subj Ar arg
1.63 jmc 3191: Replaces the subject field of an input request
3192: with the specified data and output the modified request.
3193: .Ar arg
3194: must be formatted as /type0=value0/type1=value1/type2=...;
1.1 jsing 3195: characters may be escaped by
3196: .Sq \e
1.63 jmc 3197: (backslash);
1.1 jsing 3198: no spaces are skipped.
3199: .It Fl subject
1.63 jmc 3200: Print the request subject (or certificate subject if
1.1 jsing 3201: .Fl x509
1.63 jmc 3202: is specified).
1.1 jsing 3203: .It Fl text
1.64 jmc 3204: Print the certificate request in plain text.
1.1 jsing 3205: .It Fl utf8
1.63 jmc 3206: Interpret field values as UTF8 strings, not ASCII.
1.1 jsing 3207: .It Fl verbose
3208: Print extra details about the operations being performed.
3209: .It Fl verify
1.63 jmc 3210: Verify the signature on the request.
1.1 jsing 3211: .It Fl x509
1.63 jmc 3212: Output a self-signed certificate instead of a certificate request.
3213: This is typically used to generate a test certificate or a self-signed root CA.
3214: The extensions added to the certificate (if any)
1.1 jsing 3215: are specified in the configuration file.
3216: Unless specified using the
3217: .Fl set_serial
1.63 jmc 3218: option, 0 is used for the serial number.
1.1 jsing 3219: .El
1.63 jmc 3220: .Pp
1.1 jsing 3221: The configuration options are specified in the
1.63 jmc 3222: .Qq req
1.1 jsing 3223: section of the configuration file.
1.63 jmc 3224: The options available are as follows:
1.1 jsing 3225: .Bl -tag -width "XXXX"
1.63 jmc 3226: .It Cm attributes
3227: The section containing any request attributes: its format
1.1 jsing 3228: is the same as
1.63 jmc 3229: .Cm distinguished_name .
3230: Typically these may contain the challengePassword or unstructuredName types.
3231: They are currently ignored by the
3232: .Nm openssl
1.1 jsing 3233: request signing utilities, but some CAs might want them.
1.63 jmc 3234: .It Cm default_bits
3235: The default key size, in bits.
3236: The default is 2048.
1.1 jsing 3237: It is used if the
3238: .Fl new
1.63 jmc 3239: option is used and can be overridden by using the
1.1 jsing 3240: .Fl newkey
3241: option.
1.63 jmc 3242: .It Cm default_keyfile
3243: The default file to write a private key to,
3244: or standard output if not specified.
3245: It can be overridden by the
1.1 jsing 3246: .Fl keyout
3247: option.
1.63 jmc 3248: .It Cm default_md
3249: The digest algorithm to use.
1.1 jsing 3250: Possible values include
1.63 jmc 3251: .Cm md5 ,
3252: .Cm sha1
1.1 jsing 3253: and
1.63 jmc 3254: .Cm sha256
3255: (the default).
3256: It can be overridden on the command line.
3257: .It Cm distinguished_name
3258: The section containing the distinguished name fields to
1.1 jsing 3259: prompt for when generating a certificate or certificate request.
1.63 jmc 3260: The format is described below.
3261: .It Cm encrypt_key
3262: If set to
3263: .Qq no
3264: and a private key is generated, it is not encrypted.
3265: It is equivalent to the
1.1 jsing 3266: .Fl nodes
1.63 jmc 3267: option.
1.1 jsing 3268: For compatibility,
1.63 jmc 3269: .Cm encrypt_rsa_key
1.1 jsing 3270: is an equivalent option.
1.63 jmc 3271: .It Cm input_password | output_password
3272: The passwords for the input private key file (if present)
3273: and the output private key file (if one will be created).
1.1 jsing 3274: The command line options
3275: .Fl passin
3276: and
3277: .Fl passout
3278: override the configuration file values.
1.63 jmc 3279: .It Cm oid_file
3280: A file containing additional OBJECT IDENTIFIERS.
1.1 jsing 3281: Each line of the file should consist of the numerical form of the
3282: object identifier, followed by whitespace, then the short name followed
3283: by whitespace and finally the long name.
1.63 jmc 3284: .It Cm oid_section
3285: Specify a section in the configuration file containing extra
1.1 jsing 3286: object identifiers.
3287: Each line should consist of the short name of the
3288: object identifier followed by
3289: .Sq =
3290: and the numerical form.
3291: The short and long names are the same when this option is used.
1.63 jmc 3292: .It Cm prompt
3293: If set to
3294: .Qq no ,
3295: it disables prompting of certificate fields
1.1 jsing 3296: and just takes values from the config file directly.
3297: It also changes the expected format of the
1.63 jmc 3298: .Cm distinguished_name
1.1 jsing 3299: and
1.63 jmc 3300: .Cm attributes
1.1 jsing 3301: sections.
1.63 jmc 3302: .It Cm req_extensions
3303: The configuration file section containing a list of
1.1 jsing 3304: extensions to add to the certificate request.
3305: It can be overridden by the
3306: .Fl reqexts
1.63 jmc 3307: option.
3308: .It Cm string_mask
3309: Limit the string types for encoding certain fields.
1.1 jsing 3310: The following values may be used, limiting strings to the indicated types:
3311: .Bl -tag -width "MASK:number"
1.63 jmc 3312: .It Cm utf8only
3313: UTF8String.
1.1 jsing 3314: This is the default, as recommended by PKIX in RFC 2459.
1.63 jmc 3315: .It Cm default
3316: PrintableString, IA5String, T61String, BMPString, UTF8String.
3317: .It Cm pkix
3318: PrintableString, IA5String, BMPString, UTF8String.
3319: Inspired by the PKIX recommendation in RFC 2459 for certificates
3320: generated before 2004, but differs by also permitting IA5String.
3321: .It Cm nombstr
3322: PrintableString, IA5String, T61String, UniversalString.
3323: A workaround for some ancient software that had problems
3324: with the variable-sized BMPString and UTF8String types.
1.1 jsing 3325: .It Cm MASK : Ns Ar number
1.63 jmc 3326: An explicit bitmask of permitted types, where
1.1 jsing 3327: .Ar number
3328: is a C-style hex, decimal, or octal number that's a bit-wise OR of
3329: .Dv B_ASN1_*
3330: values from
3331: .In openssl/asn1.h .
3332: .El
1.63 jmc 3333: .It Cm utf8
3334: If set to
3335: .Qq yes ,
1.72 jmc 3336: field values are interpreted as UTF8 strings.
1.63 jmc 3337: .It Cm x509_extensions
3338: The configuration file section containing a list of
1.1 jsing 3339: extensions to add to a certificate generated when the
3340: .Fl x509
3341: switch is used.
3342: It can be overridden by the
3343: .Fl extensions
1.72 jmc 3344: command line switch.
1.1 jsing 3345: .El
1.63 jmc 3346: .Pp
1.1 jsing 3347: There are two separate formats for the distinguished name and attribute
3348: sections.
3349: If the
3350: .Fl prompt
3351: option is set to
1.63 jmc 3352: .Qq no ,
1.72 jmc 3353: then these sections just consist of field names and values.
3354: If the
1.1 jsing 3355: .Fl prompt
3356: option is absent or not set to
1.63 jmc 3357: .Qq no ,
1.72 jmc 3358: then the file contains field prompting information of the form:
1.1 jsing 3359: .Bd -unfilled -offset indent
3360: fieldName="prompt"
3361: fieldName_default="default field value"
3362: fieldName_min= 2
3363: fieldName_max= 4
3364: .Ed
3365: .Pp
3366: .Qq fieldName
3367: is the field name being used, for example
1.63 jmc 3368: .Cm commonName
3369: (or CN).
1.1 jsing 3370: The
3371: .Qq prompt
3372: string is used to ask the user to enter the relevant details.
3373: If the user enters nothing, the default value is used;
3374: if no default value is present, the field is omitted.
3375: A field can still be omitted if a default value is present,
3376: if the user just enters the
3377: .Sq \&.
3378: character.
3379: .Pp
3380: The number of characters entered must be between the
1.63 jmc 3381: fieldName_min and fieldName_max limits:
1.1 jsing 3382: there may be additional restrictions based on the field being used
3383: (for example
1.63 jmc 3384: .Cm countryName
1.1 jsing 3385: can only ever be two characters long and must fit in a
1.63 jmc 3386: .Cm PrintableString ) .
1.1 jsing 3387: .Pp
3388: Some fields (such as
1.63 jmc 3389: .Cm organizationName )
1.1 jsing 3390: can be used more than once in a DN.
3391: This presents a problem because configuration files will
3392: not recognize the same name occurring twice.
3393: To avoid this problem, if the
1.63 jmc 3394: .Cm fieldName
1.1 jsing 3395: contains some characters followed by a full stop, they will be ignored.
3396: So, for example, a second
1.63 jmc 3397: .Cm organizationName
1.1 jsing 3398: can be input by calling it
3399: .Qq 1.organizationName .
3400: .Pp
3401: The actual permitted field names are any object identifier short or
3402: long names.
3403: These are compiled into
1.63 jmc 3404: .Nm openssl
1.1 jsing 3405: and include the usual values such as
1.63 jmc 3406: .Cm commonName , countryName , localityName , organizationName ,
1.89 ! jmc 3407: .Cm organizationalUnitName , stateOrProvinceName .
1.1 jsing 3408: Additionally,
1.63 jmc 3409: .Cm emailAddress
1.1 jsing 3410: is included as well as
1.63 jmc 3411: .Cm name , surname , givenName , initials
1.1 jsing 3412: and
1.63 jmc 3413: .Cm dnQualifier .
1.1 jsing 3414: .Pp
3415: Additional object identifiers can be defined with the
1.63 jmc 3416: .Cm oid_file
1.1 jsing 3417: or
1.63 jmc 3418: .Cm oid_section
1.1 jsing 3419: options in the configuration file.
3420: Any additional fields will be treated as though they were a
1.63 jmc 3421: .Cm DirectoryString .
1.1 jsing 3422: .Sh RSA
3423: .nr nS 1
3424: .Nm "openssl rsa"
1.64 jmc 3425: .Op Fl aes128 | aes192 | aes256 | des | des3
1.1 jsing 3426: .Op Fl check
3427: .Op Fl in Ar file
1.64 jmc 3428: .Op Fl inform Cm der | net | pem
1.1 jsing 3429: .Op Fl modulus
3430: .Op Fl noout
3431: .Op Fl out Ar file
1.64 jmc 3432: .Op Fl outform Cm der | net | pem
1.1 jsing 3433: .Op Fl passin Ar arg
3434: .Op Fl passout Ar arg
3435: .Op Fl pubin
3436: .Op Fl pubout
3437: .Op Fl sgckey
3438: .Op Fl text
3439: .nr nS 0
3440: .Pp
3441: The
3442: .Nm rsa
3443: command processes RSA keys.
3444: They can be converted between various forms and their components printed out.
1.64 jmc 3445: .Nm rsa
3446: uses the traditional
1.1 jsing 3447: .Nm SSLeay
3448: compatible format for private key encryption:
3449: newer applications should use the more secure PKCS#8 format using the
3450: .Nm pkcs8
3451: utility.
3452: .Pp
3453: The options are as follows:
3454: .Bl -tag -width Ds
1.64 jmc 3455: .It Fl aes128 | aes192 | aes256 | des | des3
3456: Encrypt the private key with the AES, DES,
1.1 jsing 3457: or the triple DES ciphers, respectively, before outputting it.
3458: A pass phrase is prompted for.
3459: If none of these options are specified, the key is written in plain text.
3460: This means that using the
3461: .Nm rsa
3462: utility to read in an encrypted key with no encryption option can be used
3463: to remove the pass phrase from a key, or by setting the encryption options
3464: it can be used to add or change the pass phrase.
3465: These options can only be used with PEM format output files.
3466: .It Fl check
1.64 jmc 3467: Check the consistency of an RSA private key.
1.1 jsing 3468: .It Fl in Ar file
1.64 jmc 3469: The input file to read from,
3470: or standard input if not specified.
1.1 jsing 3471: If the key is encrypted, a pass phrase will be prompted for.
1.64 jmc 3472: .It Fl inform Cm der | net | pem
3473: The input format.
1.1 jsing 3474: .It Fl noout
1.64 jmc 3475: Do not output the encoded version of the key.
1.1 jsing 3476: .It Fl modulus
1.64 jmc 3477: Print the value of the modulus of the key.
1.1 jsing 3478: .It Fl out Ar file
1.64 jmc 3479: The output file to write to,
3480: or standard output if not specified.
3481: .It Fl outform Cm der | net | pem
3482: The output format.
1.1 jsing 3483: .It Fl passin Ar arg
3484: The key password source.
3485: .It Fl passout Ar arg
3486: The output file password source.
3487: .It Fl pubin
1.64 jmc 3488: Read in a public key,
3489: not a private key.
1.1 jsing 3490: .It Fl pubout
1.64 jmc 3491: Output a public key,
3492: not a private key.
3493: Automatically set if the input is a public key.
1.1 jsing 3494: .It Fl sgckey
1.64 jmc 3495: Use the modified NET algorithm used with some versions of Microsoft IIS
3496: and SGC keys.
1.1 jsing 3497: .It Fl text
1.64 jmc 3498: Print the public/private key components in plain text.
1.1 jsing 3499: .El
3500: .Sh RSAUTL
3501: .nr nS 1
3502: .Nm "openssl rsautl"
3503: .Op Fl asn1parse
3504: .Op Fl certin
3505: .Op Fl decrypt
3506: .Op Fl encrypt
3507: .Op Fl hexdump
3508: .Op Fl in Ar file
3509: .Op Fl inkey Ar file
1.65 jmc 3510: .Op Fl keyform Cm der | pem
1.86 jsing 3511: .Op Fl oaep | pkcs | raw
1.1 jsing 3512: .Op Fl out Ar file
3513: .Op Fl pubin
3514: .Op Fl sign
3515: .Op Fl verify
3516: .nr nS 0
3517: .Pp
3518: The
3519: .Nm rsautl
3520: command can be used to sign, verify, encrypt and decrypt
3521: data using the RSA algorithm.
3522: .Pp
3523: The options are as follows:
3524: .Bl -tag -width Ds
3525: .It Fl asn1parse
3526: Asn1parse the output data; this is useful when combined with the
3527: .Fl verify
3528: option.
3529: .It Fl certin
3530: The input is a certificate containing an RSA public key.
3531: .It Fl decrypt
3532: Decrypt the input data using an RSA private key.
3533: .It Fl encrypt
3534: Encrypt the input data using an RSA public key.
3535: .It Fl hexdump
3536: Hex dump the output data.
3537: .It Fl in Ar file
1.65 jmc 3538: The input to read from,
3539: or standard input if not specified.
1.1 jsing 3540: .It Fl inkey Ar file
1.65 jmc 3541: The input key file; by default an RSA private key.
3542: .It Fl keyform Cm der | pem
1.85 tb 3543: The private key format.
1.65 jmc 3544: The default is
3545: .Cm pem .
1.86 jsing 3546: .It Fl oaep | pkcs | raw
1.1 jsing 3547: The padding to use:
1.65 jmc 3548: PKCS#1 OAEP, PKCS#1 v1.5 (the default), or no padding, respectively.
1.1 jsing 3549: For signatures, only
3550: .Fl pkcs
3551: and
3552: .Fl raw
3553: can be used.
3554: .It Fl out Ar file
1.65 jmc 3555: The output file to write to,
3556: or standard output if not specified.
1.1 jsing 3557: .It Fl pubin
3558: The input file is an RSA public key.
3559: .It Fl sign
3560: Sign the input data and output the signed result.
3561: This requires an RSA private key.
3562: .It Fl verify
3563: Verify the input data and output the recovered data.
3564: .El
3565: .Sh S_CLIENT
3566: .nr nS 1
3567: .Nm "openssl s_client"
3568: .Op Fl 4 | 6
3569: .Op Fl bugs
3570: .Op Fl CAfile Ar file
3571: .Op Fl CApath Ar directory
3572: .Op Fl cert Ar file
3573: .Op Fl check_ss_sig
3574: .Op Fl cipher Ar cipherlist
1.66 jmc 3575: .Op Fl connect Ar host Ns Op : Ns Ar port
1.1 jsing 3576: .Op Fl crl_check
3577: .Op Fl crl_check_all
3578: .Op Fl crlf
3579: .Op Fl debug
3580: .Op Fl extended_crl
1.87 jmc 3581: .Op Fl groups
1.1 jsing 3582: .Op Fl ign_eof
3583: .Op Fl ignore_critical
3584: .Op Fl issuer_checks
3585: .Op Fl key Ar keyfile
3586: .Op Fl msg
3587: .Op Fl nbio
3588: .Op Fl nbio_test
3589: .Op Fl no_ticket
3590: .Op Fl no_tls1
1.6 guenther 3591: .Op Fl no_tls1_1
3592: .Op Fl no_tls1_2
1.1 jsing 3593: .Op Fl pause
3594: .Op Fl policy_check
3595: .Op Fl prexit
1.11 bluhm 3596: .Op Fl proxy Ar host : Ns Ar port
1.1 jsing 3597: .Op Fl psk Ar key
3598: .Op Fl psk_identity Ar identity
3599: .Op Fl quiet
3600: .Op Fl reconnect
1.5 jsing 3601: .Op Fl servername Ar name
1.1 jsing 3602: .Op Fl showcerts
3603: .Op Fl starttls Ar protocol
3604: .Op Fl state
3605: .Op Fl tls1
1.31 jmc 3606: .Op Fl tls1_1
3607: .Op Fl tls1_2
1.1 jsing 3608: .Op Fl tlsextdebug
3609: .Op Fl verify Ar depth
3610: .Op Fl x509_strict
1.19 landry 3611: .Op Fl xmpphost Ar host
1.1 jsing 3612: .nr nS 0
3613: .Pp
3614: The
3615: .Nm s_client
3616: command implements a generic SSL/TLS client which connects
3617: to a remote host using SSL/TLS.
1.66 jmc 3618: .Pp
3619: If a connection is established with an SSL server, any data received
3620: from the server is displayed and any key presses will be sent to the
3621: server.
3622: When used interactively (which means neither
3623: .Fl quiet
3624: nor
3625: .Fl ign_eof
3626: have been given), the session will be renegotiated if the line begins with an
3627: .Cm R ;
3628: if the line begins with a
3629: .Cm Q
3630: or if end of file is reached, the connection will be closed down.
1.1 jsing 3631: .Pp
3632: The options are as follows:
3633: .Bl -tag -width Ds
3634: .It Fl 4
1.66 jmc 3635: Attempt connections using IPv4 only.
1.1 jsing 3636: .It Fl 6
1.66 jmc 3637: Attempt connections using IPv6 only.
1.1 jsing 3638: .It Fl bugs
1.66 jmc 3639: Enable various workarounds for buggy implementations.
1.1 jsing 3640: .It Fl CAfile Ar file
3641: A
3642: .Ar file
3643: containing trusted certificates to use during server authentication
3644: and to use when attempting to build the client certificate chain.
3645: .It Fl CApath Ar directory
3646: The
3647: .Ar directory
3648: to use for server certificate verification.
3649: This directory must be in
3650: .Qq hash format ;
3651: see
3652: .Fl verify
3653: for more information.
3654: These are also used when building the client certificate chain.
3655: .It Fl cert Ar file
3656: The certificate to use, if one is requested by the server.
3657: The default is not to use a certificate.
3658: .It Xo
3659: .Fl check_ss_sig ,
3660: .Fl crl_check ,
3661: .Fl crl_check_all ,
3662: .Fl extended_crl ,
3663: .Fl ignore_critical ,
3664: .Fl issuer_checks ,
3665: .Fl policy_check ,
3666: .Fl x509_strict
3667: .Xc
3668: Set various certificate chain validation options.
3669: See the
1.66 jmc 3670: .Nm verify
1.1 jsing 3671: command for details.
3672: .It Fl cipher Ar cipherlist
1.66 jmc 3673: Modify the cipher list sent by the client.
1.1 jsing 3674: Although the server determines which cipher suite is used, it should take
3675: the first supported cipher in the list sent by the client.
3676: See the
1.66 jmc 3677: .Nm ciphers
3678: command for more information.
3679: .It Fl connect Ar host Ns Op : Ns Ar port
3680: The
1.1 jsing 3681: .Ar host
1.66 jmc 3682: and
1.1 jsing 3683: .Ar port
3684: to connect to.
3685: If not specified, an attempt is made to connect to the local host
3686: on port 4433.
3687: Alternatively, the host and port pair may be separated using a forward-slash
1.66 jmc 3688: character,
3689: which is useful for numeric IPv6 addresses.
1.1 jsing 3690: .It Fl crlf
1.66 jmc 3691: Translate a line feed from the terminal into CR+LF,
3692: as required by some servers.
1.1 jsing 3693: .It Fl debug
1.66 jmc 3694: Print extensive debugging information, including a hex dump of all traffic.
1.87 jmc 3695: .It Fl groups Ar ecgroups
3696: Specify a colon-separated list of permitted EC curve groups.
1.1 jsing 3697: .It Fl ign_eof
1.66 jmc 3698: Inhibit shutting down the connection when end of file is reached in the input.
1.1 jsing 3699: .It Fl key Ar keyfile
3700: The private key to use.
3701: If not specified, the certificate file will be used.
3702: .It Fl msg
3703: Show all protocol messages with hex dump.
3704: .It Fl nbio
1.66 jmc 3705: Turn on non-blocking I/O.
1.1 jsing 3706: .It Fl nbio_test
1.66 jmc 3707: Test non-blocking I/O.
1.31 jmc 3708: .It Fl no_tls1 | no_tls1_1 | no_tls1_2
1.66 jmc 3709: Disable the use of TLS1.0, 1.1, and 1.2, respectively.
1.1 jsing 3710: .It Fl no_ticket
3711: Disable RFC 4507 session ticket support.
3712: .It Fl pause
1.66 jmc 3713: Pause 1 second between each read and write call.
1.1 jsing 3714: .It Fl prexit
3715: Print session information when the program exits.
3716: This will always attempt
3717: to print out information even if the connection fails.
3718: Normally, information will only be printed out once if the connection succeeds.
3719: This option is useful because the cipher in use may be renegotiated
3720: or the connection may fail because a client certificate is required or is
3721: requested only after an attempt is made to access a certain URL.
1.66 jmc 3722: Note that the output produced by this option is not always accurate
3723: because a connection might never have been established.
1.11 bluhm 3724: .It Fl proxy Ar host : Ns Ar port
3725: Use the HTTP proxy at
3726: .Ar host
3727: and
3728: .Ar port .
3729: The connection to the proxy is done in cleartext and the
3730: .Fl connect
3731: argument is given to the proxy.
3732: If not specified, localhost is used as final destination.
3733: After that, switch the connection through the proxy to the destination
3734: to TLS.
1.1 jsing 3735: .It Fl psk Ar key
3736: Use the PSK key
3737: .Ar key
3738: when using a PSK cipher suite.
3739: The key is given as a hexadecimal number without the leading 0x,
3740: for example -psk 1a2b3c4d.
3741: .It Fl psk_identity Ar identity
1.66 jmc 3742: Use the PSK
1.1 jsing 3743: .Ar identity
3744: when using a PSK cipher suite.
3745: .It Fl quiet
3746: Inhibit printing of session and certificate information.
3747: This implicitly turns on
3748: .Fl ign_eof
3749: as well.
3750: .It Fl reconnect
1.66 jmc 3751: Reconnect to the same server 5 times using the same session ID; this can
1.1 jsing 3752: be used as a test that session caching is working.
1.5 jsing 3753: .It Fl servername Ar name
3754: Include the TLS Server Name Indication (SNI) extension in the ClientHello
3755: message, using the specified server
3756: .Ar name .
1.1 jsing 3757: .It Fl showcerts
3758: Display the whole server certificate chain: normally only the server
3759: certificate itself is displayed.
3760: .It Fl starttls Ar protocol
1.66 jmc 3761: Send the protocol-specific messages to switch to TLS for communication.
1.1 jsing 3762: .Ar protocol
3763: is a keyword for the intended protocol.
3764: Currently, the supported keywords are
3765: .Qq ftp ,
3766: .Qq imap ,
3767: .Qq smtp ,
3768: .Qq pop3 ,
3769: and
3770: .Qq xmpp .
3771: .It Fl state
1.66 jmc 3772: Print the SSL session states.
1.31 jmc 3773: .It Fl tls1 | tls1_1 | tls1_2
3774: Permit only TLS1.0, 1.1, or 1.2, respectively.
1.1 jsing 3775: .It Fl tlsextdebug
1.66 jmc 3776: Print a hex dump of any TLS extensions received from the server.
1.1 jsing 3777: .It Fl verify Ar depth
1.66 jmc 3778: Turn on server certificate verification,
3779: with a maximum length of
3780: .Ar depth .
1.1 jsing 3781: Currently the verify operation continues after errors so all the problems
3782: with a certificate chain can be seen.
3783: As a side effect the connection will never fail due to a server
3784: certificate verify failure.
1.19 landry 3785: .It Fl xmpphost Ar hostname
1.66 jmc 3786: When used with
1.19 landry 3787: .Fl starttls Ar xmpp ,
1.66 jmc 3788: specify the host for the "to" attribute of the stream element.
1.19 landry 3789: If this option is not specified then the host specified with
3790: .Fl connect
3791: will be used.
1.1 jsing 3792: .El
3793: .Sh S_SERVER
3794: .nr nS 1
3795: .Nm "openssl s_server"
3796: .Op Fl accept Ar port
3797: .Op Fl bugs
3798: .Op Fl CAfile Ar file
3799: .Op Fl CApath Ar directory
3800: .Op Fl cert Ar file
3801: .Op Fl cipher Ar cipherlist
3802: .Op Fl context Ar id
3803: .Op Fl crl_check
3804: .Op Fl crl_check_all
3805: .Op Fl crlf
3806: .Op Fl dcert Ar file
3807: .Op Fl debug
3808: .Op Fl dhparam Ar file
3809: .Op Fl dkey Ar file
3810: .Op Fl hack
3811: .Op Fl HTTP
3812: .Op Fl id_prefix Ar arg
3813: .Op Fl key Ar keyfile
3814: .Op Fl msg
3815: .Op Fl nbio
3816: .Op Fl nbio_test
3817: .Op Fl no_dhe
3818: .Op Fl no_tls1
1.6 guenther 3819: .Op Fl no_tls1_1
3820: .Op Fl no_tls1_2
1.1 jsing 3821: .Op Fl no_tmp_rsa
3822: .Op Fl nocert
3823: .Op Fl psk Ar key
3824: .Op Fl psk_hint Ar hint
3825: .Op Fl quiet
3826: .Op Fl serverpref
3827: .Op Fl state
3828: .Op Fl tls1
1.31 jmc 3829: .Op Fl tls1_1
3830: .Op Fl tls1_2
1.1 jsing 3831: .Op Fl Verify Ar depth
3832: .Op Fl verify Ar depth
3833: .Op Fl WWW
3834: .Op Fl www
3835: .nr nS 0
3836: .Pp
3837: The
3838: .Nm s_server
3839: command implements a generic SSL/TLS server which listens
3840: for connections on a given port using SSL/TLS.
3841: .Pp
1.67 jmc 3842: If a connection request is established with a client and neither the
3843: .Fl www
3844: nor the
3845: .Fl WWW
3846: option has been used, then any data received
3847: from the client is displayed and any key presses are sent to the client.
3848: Certain single letter commands perform special operations:
3849: .Pp
3850: .Bl -tag -width "XXXX" -compact
3851: .It Ic P
3852: Send plain text, which should cause the client to disconnect.
3853: .It Ic Q
3854: End the current SSL connection and exit.
3855: .It Ic q
3856: End the current SSL connection, but still accept new connections.
3857: .It Ic R
3858: Renegotiate the SSL session and request a client certificate.
3859: .It Ic r
3860: Renegotiate the SSL session.
3861: .It Ic S
3862: Print out some session cache status information.
3863: .El
3864: .Pp
1.1 jsing 3865: The options are as follows:
3866: .Bl -tag -width Ds
3867: .It Fl accept Ar port
1.67 jmc 3868: Listen on TCP
1.1 jsing 3869: .Ar port
1.67 jmc 3870: for connections.
3871: The default is port 4433.
1.1 jsing 3872: .It Fl bugs
1.67 jmc 3873: Enable various workarounds for buggy implementations.
1.1 jsing 3874: .It Fl CAfile Ar file
1.67 jmc 3875: A
3876: .Ar file
3877: containing trusted certificates to use during client authentication
1.1 jsing 3878: and to use when attempting to build the server certificate chain.
3879: The list is also used in the list of acceptable client CAs passed to the
3880: client when a certificate is requested.
3881: .It Fl CApath Ar directory
3882: The
3883: .Ar directory
3884: to use for client certificate verification.
3885: This directory must be in
3886: .Qq hash format ;
3887: see
3888: .Fl verify
3889: for more information.
3890: These are also used when building the server certificate chain.
3891: .It Fl cert Ar file
1.67 jmc 3892: The certificate to use: most server's cipher suites require the use of a
3893: certificate and some require a certificate with a certain public key type.
3894: For example, the DSS cipher suites require a certificate containing a DSS
3895: (DSA) key.
1.1 jsing 3896: If not specified, the file
3897: .Pa server.pem
3898: will be used.
3899: .It Fl cipher Ar cipherlist
1.67 jmc 3900: Modify the cipher list used by the server.
1.1 jsing 3901: This allows the cipher list used by the server to be modified.
3902: When the client sends a list of supported ciphers, the first client cipher
3903: also included in the server list is used.
3904: Because the client specifies the preference order, the order of the server
3905: cipherlist is irrelevant.
3906: See the
1.67 jmc 3907: .Nm ciphers
3908: command for more information.
1.1 jsing 3909: .It Fl context Ar id
1.67 jmc 3910: Set the SSL context ID.
1.1 jsing 3911: It can be given any string value.
3912: .It Fl crl_check , crl_check_all
3913: Check the peer certificate has not been revoked by its CA.
3914: The CRLs are appended to the certificate file.
3915: .Fl crl_check_all
1.67 jmc 3916: checks all CRLs of all CAs in the chain.
1.1 jsing 3917: .It Fl crlf
1.67 jmc 3918: Translate a line feed from the terminal into CR+LF.
1.1 jsing 3919: .It Fl dcert Ar file , Fl dkey Ar file
3920: Specify an additional certificate and private key; these behave in the
3921: same manner as the
3922: .Fl cert
3923: and
3924: .Fl key
3925: options except there is no default if they are not specified
1.67 jmc 3926: (no additional certificate or key is used).
1.1 jsing 3927: By using RSA and DSS certificates and keys,
3928: a server can support clients which only support RSA or DSS cipher suites
3929: by using an appropriate certificate.
3930: .It Fl debug
1.67 jmc 3931: Print extensive debugging information, including a hex dump of all traffic.
1.1 jsing 3932: .It Fl dhparam Ar file
3933: The DH parameter file to use.
3934: The ephemeral DH cipher suites generate keys
3935: using a set of DH parameters.
3936: If not specified, an attempt is made to
3937: load the parameters from the server certificate file.
3938: If this fails, a static set of parameters hard coded into the
3939: .Nm s_server
3940: program will be used.
3941: .It Fl hack
1.67 jmc 3942: Enables a further workaround for some early Netscape SSL code.
1.1 jsing 3943: .It Fl HTTP
1.67 jmc 3944: Emulate a simple web server.
3945: Pages are resolved relative to the current directory.
3946: For example if the URL
1.1 jsing 3947: .Pa https://myhost/page.html
3948: is requested, the file
3949: .Pa ./page.html
3950: will be loaded.
3951: The files loaded are assumed to contain a complete and correct HTTP
3952: response (lines that are part of the HTTP response line and headers
3953: must end with CRLF).
3954: .It Fl id_prefix Ar arg
3955: Generate SSL/TLS session IDs prefixed by
3956: .Ar arg .
3957: This is mostly useful for testing any SSL/TLS code
1.81 jmc 3958: that wish to deal with multiple servers,
3959: when each of which might be generating a unique range of session IDs.
1.1 jsing 3960: .It Fl key Ar keyfile
3961: The private key to use.
3962: If not specified, the certificate file will be used.
3963: .It Fl msg
3964: Show all protocol messages with hex dump.
3965: .It Fl nbio
1.67 jmc 3966: Turn on non-blocking I/O.
1.1 jsing 3967: .It Fl nbio_test
1.67 jmc 3968: Test non-blocking I/O.
1.1 jsing 3969: .It Fl no_dhe
1.67 jmc 3970: Disable ephemeral DH cipher suites.
1.31 jmc 3971: .It Fl no_tls1 | no_tls1_1 | no_tls1_2
1.67 jmc 3972: Disable the use of TLS1.0, 1.1, and 1.2, respectively.
1.1 jsing 3973: .It Fl no_tmp_rsa
1.67 jmc 3974: Disable temporary RSA key generation.
1.1 jsing 3975: .It Fl nocert
1.67 jmc 3976: Do not use a certificate.
1.1 jsing 3977: This restricts the cipher suites available to the anonymous ones
1.67 jmc 3978: (currently just anonymous DH).
1.1 jsing 3979: .It Fl psk Ar key
3980: Use the PSK key
3981: .Ar key
3982: when using a PSK cipher suite.
3983: The key is given as a hexadecimal number without the leading 0x,
3984: for example -psk 1a2b3c4d.
3985: .It Fl psk_hint Ar hint
3986: Use the PSK identity hint
3987: .Ar hint
3988: when using a PSK cipher suite.
3989: .It Fl quiet
3990: Inhibit printing of session and certificate information.
3991: .It Fl serverpref
3992: Use server's cipher preferences.
3993: .It Fl state
1.67 jmc 3994: Print the SSL session states.
1.31 jmc 3995: .It Fl tls1 | tls1_1 | tls1_2
3996: Permit only TLS1.0, 1.1, or 1.2, respectively.
1.1 jsing 3997: .It Fl WWW
1.67 jmc 3998: Emulate a simple web server.
3999: Pages are resolved relative to the current directory.
4000: For example if the URL
1.1 jsing 4001: .Pa https://myhost/page.html
4002: is requested, the file
4003: .Pa ./page.html
4004: will be loaded.
4005: .It Fl www
1.67 jmc 4006: Send a status message to the client when it connects,
4007: including information about the ciphers used and various session parameters.
1.1 jsing 4008: The output is in HTML format so this option will normally be used with a
4009: web browser.
4010: .It Fl Verify Ar depth , Fl verify Ar depth
1.67 jmc 4011: Request a certificate chain from the client,
4012: with a maximum length of
4013: .Ar depth .
4014: With
4015: .Fl Verify ,
4016: the client must supply a certificate or an error occurs;
4017: with
4018: .Fl verify ,
4019: a certificate is requested but the client does not have to send one.
1.1 jsing 4020: .El
4021: .Sh S_TIME
4022: .nr nS 1
4023: .Nm "openssl s_time"
4024: .Op Fl bugs
4025: .Op Fl CAfile Ar file
4026: .Op Fl CApath Ar directory
4027: .Op Fl cert Ar file
4028: .Op Fl cipher Ar cipherlist
1.68 jmc 4029: .Op Fl connect Ar host Ns Op : Ns Ar port
1.1 jsing 4030: .Op Fl key Ar keyfile
4031: .Op Fl nbio
4032: .Op Fl new
1.20 lteo 4033: .Op Fl no_shutdown
1.1 jsing 4034: .Op Fl reuse
4035: .Op Fl time Ar seconds
4036: .Op Fl verify Ar depth
4037: .Op Fl www Ar page
4038: .nr nS 0
4039: .Pp
4040: The
1.68 jmc 4041: .Nm s_time
1.1 jsing 4042: command implements a generic SSL/TLS client which connects to a
4043: remote host using SSL/TLS.
4044: It can request a page from the server and includes
4045: the time to transfer the payload data in its timing measurements.
4046: It measures the number of connections within a given timeframe,
4047: the amount of data transferred
4048: .Pq if any ,
4049: and calculates the average time spent for one connection.
4050: .Pp
4051: The options are as follows:
4052: .Bl -tag -width Ds
4053: .It Fl bugs
1.68 jmc 4054: Enable various workarounds for buggy implementations.
1.1 jsing 4055: .It Fl CAfile Ar file
1.68 jmc 4056: A
4057: .Ar file
4058: containing trusted certificates to use during server authentication
1.1 jsing 4059: and to use when attempting to build the client certificate chain.
4060: .It Fl CApath Ar directory
4061: The directory to use for server certificate verification.
4062: This directory must be in
4063: .Qq hash format ;
4064: see
4065: .Nm verify
4066: for more information.
4067: These are also used when building the client certificate chain.
4068: .It Fl cert Ar file
4069: The certificate to use, if one is requested by the server.
4070: The default is not to use a certificate.
4071: .It Fl cipher Ar cipherlist
1.68 jmc 4072: Modify the cipher list sent by the client.
1.1 jsing 4073: Although the server determines which cipher suite is used,
4074: it should take the first supported cipher in the list sent by the client.
4075: See the
4076: .Nm ciphers
4077: command for more information.
1.68 jmc 4078: .It Fl connect Ar host Ns Op : Ns Ar port
4079: The host and port to connect to.
1.1 jsing 4080: .It Fl key Ar keyfile
4081: The private key to use.
4082: If not specified, the certificate file will be used.
4083: .It Fl nbio
1.68 jmc 4084: Turn on non-blocking I/O.
1.1 jsing 4085: .It Fl new
1.68 jmc 4086: Perform the timing test using a new session ID for each connection.
1.1 jsing 4087: If neither
4088: .Fl new
4089: nor
4090: .Fl reuse
4091: are specified,
4092: they are both on by default and executed in sequence.
1.20 lteo 4093: .It Fl no_shutdown
1.21 jmc 4094: Shut down the connection without sending a
1.68 jmc 4095: .Qq close notify
1.20 lteo 4096: shutdown alert to the server.
1.1 jsing 4097: .It Fl reuse
1.68 jmc 4098: Perform the timing test using the same session ID for each connection.
1.1 jsing 4099: If neither
4100: .Fl new
4101: nor
4102: .Fl reuse
4103: are specified,
4104: they are both on by default and executed in sequence.
4105: .It Fl time Ar seconds
1.68 jmc 4106: Limit
1.1 jsing 4107: .Nm s_time
1.68 jmc 4108: benchmarks to the number of
4109: .Ar seconds .
1.1 jsing 4110: The default is 30 seconds.
4111: .It Fl verify Ar depth
1.68 jmc 4112: Turn on server certificate verification,
4113: with a maximum length of
4114: .Ar depth .
1.1 jsing 4115: Currently the verify operation continues after errors, so all the problems
4116: with a certificate chain can be seen.
4117: As a side effect,
4118: the connection will never fail due to a server certificate verify failure.
4119: .It Fl www Ar page
1.68 jmc 4120: The page to GET from the server.
1.1 jsing 4121: A value of
4122: .Sq /
4123: gets the index.htm[l] page.
4124: If this parameter is not specified,
4125: .Nm s_time
4126: will only perform the handshake to establish SSL connections
4127: but not transfer any payload data.
4128: .El
4129: .Sh SESS_ID
4130: .nr nS 1
4131: .Nm "openssl sess_id"
4132: .Op Fl cert
4133: .Op Fl context Ar ID
4134: .Op Fl in Ar file
1.69 jmc 4135: .Op Fl inform Cm der | pem
1.1 jsing 4136: .Op Fl noout
4137: .Op Fl out Ar file
1.69 jmc 4138: .Op Fl outform Cm der | pem
1.1 jsing 4139: .Op Fl text
4140: .nr nS 0
4141: .Pp
4142: The
4143: .Nm sess_id
4144: program processes the encoded version of the SSL session structure and
4145: optionally prints out SSL session details
1.69 jmc 4146: (for example the SSL session master key)
1.72 jmc 4147: in human-readable format.
1.1 jsing 4148: .Pp
4149: The options are as follows:
4150: .Bl -tag -width Ds
4151: .It Fl cert
4152: If a certificate is present in the session,
4153: it will be output using this option;
4154: if the
4155: .Fl text
4156: option is also present, then it will be printed out in text form.
4157: .It Fl context Ar ID
1.69 jmc 4158: Set the session
1.1 jsing 4159: .Ar ID .
1.69 jmc 4160: The ID can be any string of characters.
1.1 jsing 4161: .It Fl in Ar file
1.69 jmc 4162: The input file to read from,
4163: or standard input if not specified.
4164: .It Fl inform Cm der | pem
4165: The input format.
4166: .Cm der
1.84 jmc 4167: uses an ASN.1 DER-encoded format containing session details.
1.1 jsing 4168: The precise format can vary from one version to the next.
1.69 jmc 4169: .Cm pem
4170: is the default format: it consists of the DER
1.1 jsing 4171: format base64-encoded with additional header and footer lines.
4172: .It Fl noout
1.69 jmc 4173: Do not output the encoded version of the session.
1.1 jsing 4174: .It Fl out Ar file
1.69 jmc 4175: The output file to write to,
4176: or standard output if not specified.
4177: .It Fl outform Cm der | pem
4178: The output format.
1.1 jsing 4179: .It Fl text
1.69 jmc 4180: Print the various public or private key components in plain text,
4181: in addition to the encoded version.
1.1 jsing 4182: .El
4183: .Pp
1.69 jmc 4184: The output of
4185: .Nm sess_id
4186: is composed as follows:
1.1 jsing 4187: .Pp
1.69 jmc 4188: .Bl -tag -width "Verify return code " -offset 3n -compact
4189: .It Protocol
4190: The protocol in use.
4191: .It Cipher
4192: The actual raw SSL or TLS cipher code.
4193: .It Session-ID
4194: The SSL session ID, in hex format.
4195: .It Session-ID-ctx
4196: The session ID context, in hex format.
4197: .It Master-Key
4198: The SSL session master key.
4199: .It Key-Arg
1.1 jsing 4200: The key argument; this is only used in SSL v2.
1.69 jmc 4201: .It Start Time
4202: The session start time.
1.1 jsing 4203: .Ux
4204: format.
1.69 jmc 4205: .It Timeout
4206: The timeout, in seconds.
4207: .It Verify return code
4208: The return code when a certificate is verified.
1.1 jsing 4209: .El
4210: .Pp
4211: Since the SSL session output contains the master key, it is possible to read
4212: the contents of an encrypted session using this information.
4213: Therefore appropriate security precautions
4214: should be taken if the information is being output by a
4215: .Qq real
4216: application.
4217: This is, however, strongly discouraged and should only be used for
4218: debugging purposes.
4219: .Sh SMIME
4220: .nr nS 1
4221: .Nm "openssl smime"
4222: .Oo
4223: .Fl aes128 | aes192 | aes256 | des |
4224: .Fl des3 | rc2-40 | rc2-64 | rc2-128
4225: .Oc
4226: .Op Fl binary
4227: .Op Fl CAfile Ar file
4228: .Op Fl CApath Ar directory
4229: .Op Fl certfile Ar file
4230: .Op Fl check_ss_sig
4231: .Op Fl content Ar file
4232: .Op Fl crl_check
4233: .Op Fl crl_check_all
4234: .Op Fl decrypt
4235: .Op Fl encrypt
4236: .Op Fl extended_crl
4237: .Op Fl from Ar addr
4238: .Op Fl ignore_critical
4239: .Op Fl in Ar file
4240: .Op Fl indef
1.70 jmc 4241: .Op Fl inform Cm der | pem | smime
1.1 jsing 4242: .Op Fl inkey Ar file
4243: .Op Fl issuer_checks
1.70 jmc 4244: .Op Fl keyform Cm pem
1.1 jsing 4245: .Op Fl md Ar digest
4246: .Op Fl noattr
4247: .Op Fl nocerts
4248: .Op Fl nochain
4249: .Op Fl nodetach
4250: .Op Fl noindef
4251: .Op Fl nointern
4252: .Op Fl nosigs
4253: .Op Fl noverify
4254: .Op Fl out Ar file
1.70 jmc 4255: .Op Fl outform Cm der | pem | smime
1.1 jsing 4256: .Op Fl passin Ar arg
4257: .Op Fl pk7out
4258: .Op Fl policy_check
4259: .Op Fl recip Ar file
4260: .Op Fl resign
4261: .Op Fl sign
4262: .Op Fl signer Ar file
4263: .Op Fl stream
4264: .Op Fl subject Ar s
4265: .Op Fl text
4266: .Op Fl to Ar addr
4267: .Op Fl verify
4268: .Op Fl x509_strict
4269: .Op Ar cert.pem ...
4270: .nr nS 0
4271: .Pp
4272: The
4273: .Nm smime
1.70 jmc 4274: command handles S/MIME mail.
4275: It can encrypt, decrypt, sign, and verify S/MIME messages.
4276: .Pp
4277: The MIME message must be sent without any blank lines between the
4278: headers and the output.
4279: Some mail programs will automatically add a blank line.
4280: Piping the mail directly to an MTA is one way to
4281: achieve the correct format.
4282: .Pp
4283: The supplied message to be signed or encrypted must include the necessary
4284: MIME headers or many S/MIME clients won't display it properly (if at all).
4285: Use the
4286: .Fl text
4287: option to automatically add plain text headers.
1.1 jsing 4288: .Pp
1.70 jmc 4289: A
4290: .Qq signed and encrypted
4291: message is one where a signed message is then encrypted.
4292: This can be produced by encrypting an already signed message.
1.1 jsing 4293: .Pp
1.70 jmc 4294: There are a number of operations that can be performed, as follows:
1.1 jsing 4295: .Bl -tag -width "XXXX"
4296: .It Fl decrypt
4297: Decrypt mail using the supplied certificate and private key.
1.70 jmc 4298: The input file is an encrypted mail message in MIME format.
1.1 jsing 4299: The decrypted mail is written to the output file.
4300: .It Fl encrypt
4301: Encrypt mail for the given recipient certificates.
1.70 jmc 4302: The input is the message to be encrypted.
4303: The output file is the encrypted mail, in MIME format.
1.1 jsing 4304: .It Fl pk7out
1.70 jmc 4305: Take an input message and write out a PEM-encoded PKCS#7 structure.
1.1 jsing 4306: .It Fl resign
4307: Resign a message: take an existing message and one or more new signers.
4308: .It Fl sign
4309: Sign mail using the supplied certificate and private key.
1.70 jmc 4310: The input file is the message to be signed.
4311: The signed message, in MIME format, is written to the output file.
1.1 jsing 4312: .It Fl verify
4313: Verify signed mail.
1.70 jmc 4314: The input is a signed mail message and the output is the signed data.
1.1 jsing 4315: Both clear text and opaque signing is supported.
4316: .El
4317: .Pp
1.14 jmc 4318: The remaining options are as follows:
1.1 jsing 4319: .Bl -tag -width "XXXX"
4320: .It Xo
4321: .Fl aes128 | aes192 | aes256 | des |
4322: .Fl des3 | rc2-40 | rc2-64 | rc2-128
4323: .Xc
4324: The encryption algorithm to use.
1.70 jmc 4325: 128-, 192-, or 256-bit AES, DES (56 bits), triple DES (168 bits),
1.1 jsing 4326: or 40-, 64-, or 128-bit RC2, respectively;
4327: if not specified, 40-bit RC2 is
4328: used.
4329: Only used with
4330: .Fl encrypt .
4331: .It Fl binary
4332: Normally, the input message is converted to
4333: .Qq canonical
1.70 jmc 4334: format which uses CR/LF as end of line,
4335: as required by the S/MIME specification.
1.1 jsing 4336: When this option is present no translation occurs.
1.70 jmc 4337: This is useful when handling binary data which may not be in MIME format.
1.1 jsing 4338: .It Fl CAfile Ar file
4339: A
4340: .Ar file
4341: containing trusted CA certificates; only used with
4342: .Fl verify .
4343: .It Fl CApath Ar directory
4344: A
4345: .Ar directory
4346: containing trusted CA certificates; only used with
4347: .Fl verify .
4348: This directory must be a standard certificate directory:
4349: that is, a hash of each subject name (using
4350: .Nm x509 -hash )
4351: should be linked to each certificate.
4352: .It Ar cert.pem ...
4353: One or more certificates of message recipients: used when encrypting
4354: a message.
4355: .It Fl certfile Ar file
4356: Allows additional certificates to be specified.
4357: When signing, these will be included with the message.
4358: When verifying, these will be searched for the signers' certificates.
4359: The certificates should be in PEM format.
4360: .It Xo
4361: .Fl check_ss_sig ,
4362: .Fl crl_check ,
4363: .Fl crl_check_all ,
4364: .Fl extended_crl ,
4365: .Fl ignore_critical ,
4366: .Fl issuer_checks ,
4367: .Fl policy_check ,
4368: .Fl x509_strict
4369: .Xc
4370: Set various certificate chain validation options.
4371: See the
1.70 jmc 4372: .Nm verify
1.1 jsing 4373: command for details.
4374: .It Fl content Ar file
1.70 jmc 4375: A file containing the detached content.
1.1 jsing 4376: This is only useful with the
4377: .Fl verify
1.70 jmc 4378: option,
4379: and only usable if the PKCS#7 structure is using the detached
1.1 jsing 4380: signature form where the content is not included.
1.70 jmc 4381: This option will override any content if the input format is S/MIME
4382: and it uses the multipart/signed MIME content type.
1.1 jsing 4383: .It Xo
4384: .Fl from Ar addr ,
4385: .Fl subject Ar s ,
4386: .Fl to Ar addr
4387: .Xc
4388: The relevant mail headers.
4389: These are included outside the signed
4390: portion of a message so they may be included manually.
1.70 jmc 4391: When signing, many S/MIME
1.1 jsing 4392: mail clients check that the signer's certificate email
4393: address matches the From: address.
4394: .It Fl in Ar file
1.70 jmc 4395: The input file to read from.
1.1 jsing 4396: .It Fl indef
4397: Enable streaming I/O for encoding operations.
4398: This permits single pass processing of data without
4399: the need to hold the entire contents in memory,
4400: potentially supporting very large files.
4401: Streaming is automatically set for S/MIME signing with detached
4402: data if the output format is SMIME;
4403: it is currently off by default for all other operations.
1.70 jmc 4404: .It Fl inform Cm der | pem | smime
4405: The input format.
1.1 jsing 4406: .It Fl inkey Ar file
1.70 jmc 4407: The private key to use when signing or decrypting,
4408: which must match the corresponding certificate.
1.1 jsing 4409: If this option is not specified, the private key must be included
4410: in the certificate file specified with
4411: the
4412: .Fl recip
4413: or
4414: .Fl signer
4415: file.
4416: When signing,
4417: this option can be used multiple times to specify successive keys.
1.70 jmc 4418: .It Fl keyform Cm pem
1.1 jsing 4419: Input private key format.
4420: .It Fl md Ar digest
4421: The digest algorithm to use when signing or resigning.
4422: If not present then the default digest algorithm for the signing key is used
4423: (usually SHA1).
4424: .It Fl noattr
1.70 jmc 4425: Do not include attributes.
1.1 jsing 4426: .It Fl nocerts
1.70 jmc 4427: Do not include the signer's certificate.
1.1 jsing 4428: This will reduce the size of the signed message but the verifier must
4429: have a copy of the signer's certificate available locally (passed using the
4430: .Fl certfile
4431: option, for example).
4432: .It Fl nochain
4433: Do not do chain verification of signers' certificates: that is,
4434: don't use the certificates in the signed message as untrusted CAs.
4435: .It Fl nodetach
4436: When signing a message use opaque signing: this form is more resistant
4437: to translation by mail relays but it cannot be read by mail agents that
1.70 jmc 4438: do not support S/MIME.
4439: Without this option cleartext signing with the MIME type
4440: multipart/signed is used.
1.1 jsing 4441: .It Fl noindef
1.70 jmc 4442: Disable streaming I/O where it would produce an encoding of indefinite length
4443: (currently has no effect).
1.1 jsing 4444: .It Fl nointern
1.70 jmc 4445: Only use certificates specified in the
4446: .Fl certfile .
4447: The supplied certificates can still be used as untrusted CAs.
1.1 jsing 4448: .It Fl nosigs
1.70 jmc 4449: Do not try to verify the signatures on the message.
1.1 jsing 4450: .It Fl noverify
4451: Do not verify the signer's certificate of a signed message.
4452: .It Fl out Ar file
1.70 jmc 4453: The output file to write to.
4454: .It Fl outform Cm der | pem | smime
4455: The output format.
4456: The default is smime, which writes an S/MIME format message.
4457: .Cm pem
1.1 jsing 4458: and
1.70 jmc 4459: .Cm der
4460: change this to write PEM and DER format PKCS#7 structures instead.
1.1 jsing 4461: This currently only affects the output format of the PKCS#7
4462: structure; if no PKCS#7 structure is being output (for example with
4463: .Fl verify
4464: or
4465: .Fl decrypt )
4466: this option has no effect.
4467: .It Fl passin Ar arg
4468: The key password source.
4469: .It Fl recip Ar file
4470: The recipients certificate when decrypting a message.
4471: This certificate
4472: must match one of the recipients of the message or an error occurs.
4473: .It Fl signer Ar file
4474: A signing certificate when signing or resigning a message;
4475: this option can be used multiple times if more than one signer is required.
4476: If a message is being verified, the signer's certificates will be
4477: written to this file if the verification was successful.
4478: .It Fl stream
4479: The same as
4480: .Fl indef .
4481: .It Fl text
1.70 jmc 4482: Add plain text (text/plain) MIME
1.1 jsing 4483: headers to the supplied message if encrypting or signing.
4484: If decrypting or verifying, it strips off text headers:
1.70 jmc 4485: if the decrypted or verified message is not of MIME type text/plain
4486: then an error occurs.
1.1 jsing 4487: .El
4488: .Pp
1.70 jmc 4489: The exit codes for
4490: .Nm smime
4491: are as follows:
1.1 jsing 4492: .Pp
1.70 jmc 4493: .Bl -tag -width "XXXX" -offset 3n -compact
4494: .It 0
1.1 jsing 4495: The operation was completely successful.
1.70 jmc 4496: .It 1
1.1 jsing 4497: An error occurred parsing the command options.
1.70 jmc 4498: .It 2
1.1 jsing 4499: One of the input files could not be read.
1.70 jmc 4500: .It 3
4501: An error occurred creating the file or when reading the message.
4502: .It 4
1.1 jsing 4503: An error occurred decrypting or verifying the message.
1.70 jmc 4504: .It 5
4505: An error occurred writing certificates.
1.1 jsing 4506: .El
4507: .Sh SPEED
4508: .nr nS 1
4509: .Nm "openssl speed"
1.71 jmc 4510: .Op Ar algorithm
1.1 jsing 4511: .Op Fl decrypt
4512: .Op Fl elapsed
1.71 jmc 4513: .Op Fl evp Ar algorithm
1.1 jsing 4514: .Op Fl mr
4515: .Op Fl multi Ar number
4516: .nr nS 0
4517: .Pp
4518: The
4519: .Nm speed
4520: command is used to test the performance of cryptographic algorithms.
4521: .Bl -tag -width "XXXX"
1.71 jmc 4522: .It Ar algorithm
4523: Perform the test using
4524: .Ar algorithm .
4525: The default is to test all algorithms.
1.1 jsing 4526: .It Fl decrypt
1.71 jmc 4527: Time decryption instead of encryption;
4528: must be used with
4529: .Fl evp .
1.1 jsing 4530: .It Fl elapsed
4531: Measure time in real time instead of CPU user time.
1.71 jmc 4532: .It Fl evp Ar algorithm
4533: Perform the test using one of the algorithms accepted by
4534: .Xr EVP_get_cipherbyname 3 .
1.1 jsing 4535: .It Fl mr
4536: Produce machine readable output.
4537: .It Fl multi Ar number
4538: Run
4539: .Ar number
4540: benchmarks in parallel.
4541: .El
1.77 jmc 4542: .Sh SPKAC
4543: .nr nS 1
4544: .Nm "openssl spkac"
4545: .Op Fl challenge Ar string
4546: .Op Fl in Ar file
4547: .Op Fl key Ar keyfile
4548: .Op Fl noout
4549: .Op Fl out Ar file
4550: .Op Fl passin Ar arg
4551: .Op Fl pubkey
4552: .Op Fl spkac Ar spkacname
4553: .Op Fl spksect Ar section
4554: .Op Fl verify
4555: .nr nS 0
4556: .Pp
4557: The
4558: .Nm spkac
4559: command processes signed public key and challenge (SPKAC) files.
4560: It can print out their contents, verify the signature,
4561: and produce its own SPKACs from a supplied private key.
4562: .Pp
4563: The options are as follows:
4564: .Bl -tag -width Ds
4565: .It Fl challenge Ar string
4566: The challenge string, if an SPKAC is being created.
4567: .It Fl in Ar file
4568: The input file to read from,
4569: or standard input if not specified.
4570: Ignored if the
4571: .Fl key
4572: option is used.
4573: .It Fl key Ar keyfile
4574: Create an SPKAC file using the private key in
4575: .Ar keyfile .
4576: The
4577: .Fl in , noout , spksect ,
4578: and
4579: .Fl verify
4580: options are ignored, if present.
4581: .It Fl noout
4582: Do not output the text version of the SPKAC.
4583: .It Fl out Ar file
4584: The output file to write to,
4585: or standard output if not specified.
4586: .It Fl passin Ar arg
4587: The key password source.
4588: .It Fl pubkey
4589: Output the public key of an SPKAC.
4590: .It Fl spkac Ar spkacname
4591: An alternative name for the variable containing the SPKAC.
4592: The default is "SPKAC".
4593: This option affects both generated and input SPKAC files.
4594: .It Fl spksect Ar section
4595: An alternative name for the
4596: .Ar section
4597: containing the SPKAC.
4598: .It Fl verify
4599: Verify the digital signature on the supplied SPKAC.
4600: .El
1.1 jsing 4601: .Sh TS
4602: .nr nS 1
4603: .Nm "openssl ts"
4604: .Fl query
1.29 bcook 4605: .Op Fl md4 | md5 | ripemd160 | sha1
1.1 jsing 4606: .Op Fl cert
4607: .Op Fl config Ar configfile
4608: .Op Fl data Ar file_to_hash
4609: .Op Fl digest Ar digest_bytes
4610: .Op Fl in Ar request.tsq
4611: .Op Fl no_nonce
4612: .Op Fl out Ar request.tsq
4613: .Op Fl policy Ar object_id
4614: .Op Fl text
4615: .nr nS 0
4616: .Pp
4617: .nr nS 1
4618: .Nm "openssl ts"
4619: .Fl reply
4620: .Op Fl chain Ar certs_file.pem
4621: .Op Fl config Ar configfile
4622: .Op Fl in Ar response.tsr
4623: .Op Fl inkey Ar private.pem
4624: .Op Fl out Ar response.tsr
4625: .Op Fl passin Ar arg
4626: .Op Fl policy Ar object_id
4627: .Op Fl queryfile Ar request.tsq
4628: .Op Fl section Ar tsa_section
4629: .Op Fl signer Ar tsa_cert.pem
4630: .Op Fl text
4631: .Op Fl token_in
4632: .Op Fl token_out
4633: .nr nS 0
4634: .Pp
4635: .nr nS 1
4636: .Nm "openssl ts"
4637: .Fl verify
4638: .Op Fl CAfile Ar trusted_certs.pem
4639: .Op Fl CApath Ar trusted_cert_path
4640: .Op Fl data Ar file_to_hash
4641: .Op Fl digest Ar digest_bytes
4642: .Op Fl in Ar response.tsr
4643: .Op Fl queryfile Ar request.tsq
4644: .Op Fl token_in
4645: .Op Fl untrusted Ar cert_file.pem
4646: .nr nS 0
4647: .Pp
4648: The
4649: .Nm ts
4650: command is a basic Time Stamping Authority (TSA) client and server
4651: application as specified in RFC 3161 (Time-Stamp Protocol, TSP).
4652: A TSA can be part of a PKI deployment and its role is to provide long
1.72 jmc 4653: term proof of the existence of specific data.
1.1 jsing 4654: Here is a brief description of the protocol:
4655: .Bl -enum
4656: .It
4657: The TSA client computes a one-way hash value for a data file and sends
4658: the hash to the TSA.
4659: .It
4660: The TSA attaches the current date and time to the received hash value,
4661: signs them and sends the time stamp token back to the client.
4662: By creating this token the TSA certifies the existence of the original
4663: data file at the time of response generation.
4664: .It
4665: The TSA client receives the time stamp token and verifies the
4666: signature on it.
4667: It also checks if the token contains the same hash
4668: value that it had sent to the TSA.
4669: .El
4670: .Pp
4671: There is one DER-encoded protocol data unit defined for transporting a time
4672: stamp request to the TSA and one for sending the time stamp response
4673: back to the client.
4674: The
4675: .Nm ts
4676: command has three main functions:
4677: creating a time stamp request based on a data file;
4678: creating a time stamp response based on a request;
4679: and verifying if a response corresponds
4680: to a particular request or a data file.
4681: .Pp
4682: There is no support for sending the requests/responses automatically
4683: over HTTP or TCP yet as suggested in RFC 3161.
4684: Users must send the requests either by FTP or email.
4685: .Pp
4686: The
4687: .Fl query
4688: switch can be used for creating and printing a time stamp
4689: request with the following options:
4690: .Bl -tag -width Ds
4691: .It Fl cert
1.72 jmc 4692: Expect the TSA to include its signing certificate in the response.
1.1 jsing 4693: .It Fl config Ar configfile
1.72 jmc 4694: Specify an alternative configuration file.
4695: Only the OID section is used.
1.1 jsing 4696: .It Fl data Ar file_to_hash
4697: The data file for which the time stamp request needs to be created.
1.72 jmc 4698: The default is standard input.
1.1 jsing 4699: .It Fl digest Ar digest_bytes
1.72 jmc 4700: Specify the message imprint explicitly without the data file.
1.1 jsing 4701: The imprint must be specified in a hexadecimal format,
4702: two characters per byte,
1.72 jmc 4703: the bytes optionally separated by colons.
1.1 jsing 4704: The number of bytes must match the message digest algorithm in use.
4705: .It Fl in Ar request.tsq
1.72 jmc 4706: A previously created time stamp request in DER
1.1 jsing 4707: format that will be printed into the output file.
1.72 jmc 4708: Useful for examining the content of a request in human-readable format.
1.76 jmc 4709: .It Fl md4 | md5 | ripemd160 | sha | sha1
1.1 jsing 4710: The message digest to apply to the data file.
4711: It supports all the message digest algorithms that are supported by the
4712: .Nm dgst
4713: command.
4714: The default is SHA-1.
4715: .It Fl no_nonce
1.72 jmc 4716: Specify no nonce in the request.
4717: The default, to include a 64-bit long pseudo-random nonce,
4718: is recommended to protect against replay attacks.
1.1 jsing 4719: .It Fl out Ar request.tsq
1.72 jmc 4720: The output file to write to,
4721: or standard output if not specified.
1.1 jsing 4722: .It Fl policy Ar object_id
4723: The policy that the client expects the TSA to use for creating the
4724: time stamp token.
1.72 jmc 4725: Either dotted OID notation or OID names defined
1.1 jsing 4726: in the config file can be used.
1.72 jmc 4727: If no policy is requested the TSA uses its own default policy.
1.1 jsing 4728: .It Fl text
1.72 jmc 4729: Output in human-readable text format instead of DER.
1.1 jsing 4730: .El
4731: .Pp
4732: A time stamp response (TimeStampResp) consists of a response status
4733: and the time stamp token itself (ContentInfo),
4734: if the token generation was successful.
4735: The
4736: .Fl reply
4737: command is for creating a time stamp
4738: response or time stamp token based on a request and printing the
4739: response/token in human-readable format.
4740: If
4741: .Fl token_out
4742: is not specified the output is always a time stamp response (TimeStampResp),
4743: otherwise it is a time stamp token (ContentInfo).
4744: .Bl -tag -width Ds
4745: .It Fl chain Ar certs_file.pem
1.72 jmc 4746: The collection of PEM certificates
1.1 jsing 4747: that will be included in the response
4748: in addition to the signer certificate if the
4749: .Fl cert
4750: option was used for the request.
4751: This file is supposed to contain the certificate chain
4752: for the signer certificate from its issuer upwards.
4753: The
4754: .Fl reply
4755: command does not build a certificate chain automatically.
4756: .It Fl config Ar configfile
1.72 jmc 4757: Specify an alternative configuration file.
1.1 jsing 4758: .It Fl in Ar response.tsr
1.72 jmc 4759: Specify a previously created time stamp response (or time stamp token, if
1.1 jsing 4760: .Fl token_in
1.72 jmc 4761: is also specified)
1.1 jsing 4762: in DER format that will be written to the output file.
4763: This option does not require a request;
4764: it is useful, for example,
1.72 jmc 4765: to examine the content of a response or token
4766: or to extract the time stamp token from a response.
1.1 jsing 4767: If the input is a token and the output is a time stamp response a default
1.72 jmc 4768: .Qq granted
1.1 jsing 4769: status info is added to the token.
4770: .It Fl inkey Ar private.pem
4771: The signer private key of the TSA in PEM format.
4772: Overrides the
4773: .Cm signer_key
4774: config file option.
4775: .It Fl out Ar response.tsr
4776: The response is written to this file.
4777: The format and content of the file depends on other options (see
4778: .Fl text
4779: and
4780: .Fl token_out ) .
4781: The default is stdout.
4782: .It Fl passin Ar arg
4783: The key password source.
4784: .It Fl policy Ar object_id
1.72 jmc 4785: The default policy to use for the response.
4786: Either dotted OID notation or OID names defined
4787: in the config file can be used.
4788: If no policy is requested the TSA uses its own default policy.
1.1 jsing 4789: .It Fl queryfile Ar request.tsq
1.72 jmc 4790: The file containing a DER-encoded time stamp request.
1.1 jsing 4791: .It Fl section Ar tsa_section
1.72 jmc 4792: The config file section containing the settings for response generation.
1.1 jsing 4793: .It Fl signer Ar tsa_cert.pem
1.72 jmc 4794: The PEM signer certificate of the TSA.
1.1 jsing 4795: The TSA signing certificate must have exactly one extended key usage
4796: assigned to it: timeStamping.
4797: The extended key usage must also be critical,
4798: otherwise the certificate is going to be refused.
4799: Overrides the
4800: .Cm signer_cert
4801: variable of the config file.
4802: .It Fl text
1.72 jmc 4803: Output in human-readable text format instead of DER.
1.1 jsing 4804: .It Fl token_in
1.72 jmc 4805: The input is a DER-encoded time stamp token (ContentInfo)
4806: instead of a time stamp response (TimeStampResp).
1.1 jsing 4807: .It Fl token_out
1.72 jmc 4808: The output is a time stamp token (ContentInfo)
4809: instead of a time stamp response (TimeStampResp).
1.1 jsing 4810: .El
4811: .Pp
4812: The
4813: .Fl verify
4814: command is for verifying if a time stamp response or time stamp token
4815: is valid and matches a particular time stamp request or data file.
4816: The
4817: .Fl verify
4818: command does not use the configuration file.
4819: .Bl -tag -width Ds
4820: .It Fl CAfile Ar trusted_certs.pem
1.72 jmc 4821: The file containing a set of trusted self-signed PEM CA certificates.
4822: See
1.1 jsing 4823: .Nm verify
4824: for additional details.
4825: Either this option or
4826: .Fl CApath
4827: must be specified.
4828: .It Fl CApath Ar trusted_cert_path
1.72 jmc 4829: The directory containing the trused CA certificates of the client.
4830: See
1.1 jsing 4831: .Nm verify
4832: for additional details.
4833: Either this option or
4834: .Fl CAfile
4835: must be specified.
4836: .It Fl data Ar file_to_hash
4837: The response or token must be verified against
4838: .Ar file_to_hash .
4839: The file is hashed with the message digest algorithm specified in the token.
4840: The
4841: .Fl digest
4842: and
4843: .Fl queryfile
4844: options must not be specified with this one.
4845: .It Fl digest Ar digest_bytes
4846: The response or token must be verified against the message digest specified
4847: with this option.
4848: The number of bytes must match the message digest algorithm
4849: specified in the token.
4850: The
4851: .Fl data
4852: and
4853: .Fl queryfile
4854: options must not be specified with this one.
4855: .It Fl in Ar response.tsr
4856: The time stamp response that needs to be verified, in DER format.
4857: This option in mandatory.
4858: .It Fl queryfile Ar request.tsq
4859: The original time stamp request, in DER format.
4860: The
4861: .Fl data
4862: and
4863: .Fl digest
4864: options must not be specified with this one.
4865: .It Fl token_in
1.72 jmc 4866: The input is a DER-encoded time stamp token (ContentInfo)
4867: instead of a time stamp response (TimeStampResp).
1.1 jsing 4868: .It Fl untrusted Ar cert_file.pem
1.72 jmc 4869: Additional untrusted PEM certificates which may be needed
4870: when building the certificate chain for the TSA's signing certificate.
1.1 jsing 4871: This file must contain the TSA signing certificate and
4872: all intermediate CA certificates unless the response includes them.
4873: .El
4874: .Pp
1.72 jmc 4875: Options specified on the command line always override
4876: the settings in the config file:
1.1 jsing 4877: .Bl -tag -width Ds
4878: .It Cm tsa Ar section , Cm default_tsa
4879: This is the main section and it specifies the name of another section
4880: that contains all the options for the
4881: .Fl reply
4882: option.
1.72 jmc 4883: This section can be overridden with the
1.1 jsing 4884: .Fl section
4885: command line switch.
4886: .It Cm oid_file
4887: See
4888: .Nm ca
4889: for a description.
4890: .It Cm oid_section
4891: See
4892: .Nm ca
4893: for a description.
4894: .It Cm serial
1.72 jmc 4895: The file containing the hexadecimal serial number of the
1.1 jsing 4896: last time stamp response created.
4897: This number is incremented by 1 for each response.
1.72 jmc 4898: If the file does not exist at the time of response generation
4899: a new file is created with serial number 1.
1.1 jsing 4900: This parameter is mandatory.
4901: .It Cm signer_cert
4902: TSA signing certificate, in PEM format.
4903: The same as the
4904: .Fl signer
4905: command line option.
4906: .It Cm certs
1.72 jmc 4907: A set of PEM-encoded certificates that need to be
1.1 jsing 4908: included in the response.
4909: The same as the
4910: .Fl chain
4911: command line option.
4912: .It Cm signer_key
4913: The private key of the TSA, in PEM format.
4914: The same as the
4915: .Fl inkey
4916: command line option.
4917: .It Cm default_policy
4918: The default policy to use when the request does not mandate any policy.
4919: The same as the
4920: .Fl policy
4921: command line option.
4922: .It Cm other_policies
4923: Comma separated list of policies that are also acceptable by the TSA
4924: and used only if the request explicitly specifies one of them.
4925: .It Cm digests
4926: The list of message digest algorithms that the TSA accepts.
4927: At least one algorithm must be specified.
4928: This parameter is mandatory.
4929: .It Cm accuracy
4930: The accuracy of the time source of the TSA in seconds, milliseconds
4931: and microseconds.
4932: For example, secs:1, millisecs:500, microsecs:100.
4933: If any of the components is missing,
4934: zero is assumed for that field.
4935: .It Cm clock_precision_digits
1.72 jmc 4936: The maximum number of digits, which represent the fraction of seconds,
4937: that need to be included in the time field.
1.1 jsing 4938: The trailing zeroes must be removed from the time,
1.72 jmc 4939: so there might actually be fewer digits
1.1 jsing 4940: or no fraction of seconds at all.
4941: The maximum value is 6;
4942: the default is 0.
4943: .It Cm ordering
4944: If this option is yes,
4945: the responses generated by this TSA can always be ordered,
4946: even if the time difference between two responses is less
4947: than the sum of their accuracies.
4948: The default is no.
4949: .It Cm tsa_name
4950: Set this option to yes if the subject name of the TSA must be included in
4951: the TSA name field of the response.
4952: The default is no.
4953: .It Cm ess_cert_id_chain
4954: The SignedData objects created by the TSA always contain the
4955: certificate identifier of the signing certificate in a signed
4956: attribute (see RFC 2634, Enhanced Security Services).
4957: If this option is set to yes and either the
4958: .Cm certs
4959: variable or the
4960: .Fl chain
4961: option is specified then the certificate identifiers of the chain will also
4962: be included in the SigningCertificate signed attribute.
4963: If this variable is set to no,
4964: only the signing certificate identifier is included.
4965: The default is no.
4966: .El
4967: .Sh VERIFY
4968: .nr nS 1
4969: .Nm "openssl verify"
4970: .Op Fl CAfile Ar file
4971: .Op Fl CApath Ar directory
4972: .Op Fl check_ss_sig
4973: .Op Fl crl_check
4974: .Op Fl crl_check_all
4975: .Op Fl explicit_policy
4976: .Op Fl extended_crl
4977: .Op Fl help
4978: .Op Fl ignore_critical
4979: .Op Fl inhibit_any
4980: .Op Fl inhibit_map
4981: .Op Fl issuer_checks
4982: .Op Fl policy_check
4983: .Op Fl purpose Ar purpose
4984: .Op Fl untrusted Ar file
4985: .Op Fl verbose
4986: .Op Fl x509_strict
4987: .Op Ar certificates
4988: .nr nS 0
4989: .Pp
4990: The
4991: .Nm verify
4992: command verifies certificate chains.
4993: .Pp
4994: The options are as follows:
4995: .Bl -tag -width Ds
4996: .It Fl check_ss_sig
4997: Verify the signature on the self-signed root CA.
4998: This is disabled by default
4999: because it doesn't add any security.
5000: .It Fl CAfile Ar file
5001: A
5002: .Ar file
5003: of trusted certificates.
5004: The
5005: .Ar file
5006: should contain multiple certificates in PEM format, concatenated together.
5007: .It Fl CApath Ar directory
5008: A
5009: .Ar directory
5010: of trusted certificates.
1.76 jmc 5011: The certificates, or symbolic links to them,
5012: should have names of the form
5013: .Ar hash Ns .0 ,
5014: where
5015: .Ar hash
5016: is the hashed certificate subject name
5017: (see the
1.1 jsing 5018: .Fl hash
5019: option of the
5020: .Nm x509
5021: utility).
5022: .It Fl crl_check
1.76 jmc 5023: Check end entity certificate validity by attempting to look up a valid CRL.
1.1 jsing 5024: If a valid CRL cannot be found an error occurs.
5025: .It Fl crl_check_all
1.76 jmc 5026: Check the validity of all certificates in the chain by attempting
1.1 jsing 5027: to look up valid CRLs.
5028: .It Fl explicit_policy
1.76 jmc 5029: Set policy variable require-explicit-policy (RFC 3280).
1.1 jsing 5030: .It Fl extended_crl
5031: Enable extended CRL features such as indirect CRLs and alternate CRL
5032: signing keys.
5033: .It Fl help
1.76 jmc 5034: Print a usage message.
1.1 jsing 5035: .It Fl ignore_critical
1.76 jmc 5036: Ignore critical extensions instead of rejecting the certificate.
1.1 jsing 5037: .It Fl inhibit_any
1.76 jmc 5038: Set policy variable inhibit-any-policy (RFC 3280).
1.1 jsing 5039: .It Fl inhibit_map
1.76 jmc 5040: Set policy variable inhibit-policy-mapping (RFC 3280).
1.1 jsing 5041: .It Fl issuer_checks
1.76 jmc 5042: Print diagnostics relating to searches for the issuer certificate
5043: of the current certificate
5044: showing why each candidate issuer certificate was rejected.
5045: The presence of rejection messages
5046: does not itself imply that anything is wrong:
5047: during the normal verify process several rejections may take place.
1.1 jsing 5048: .It Fl policy_check
1.76 jmc 5049: Enable certificate policy processing.
1.1 jsing 5050: .It Fl purpose Ar purpose
5051: The intended use for the certificate.
5052: Without this option no chain verification will be done.
5053: Currently accepted uses are
1.76 jmc 5054: .Cm sslclient , sslserver ,
5055: .Cm nssslserver , smimesign ,
5056: .Cm smimeencrypt , crlsign ,
5057: .Cm any ,
1.1 jsing 5058: and
1.76 jmc 5059: .Cm ocsphelper .
1.1 jsing 5060: .It Fl untrusted Ar file
5061: A
5062: .Ar file
5063: of untrusted certificates.
5064: The
5065: .Ar file
5066: should contain multiple certificates.
5067: .It Fl verbose
5068: Print extra information about the operations being performed.
5069: .It Fl x509_strict
5070: Disable workarounds for broken certificates which have to be disabled
5071: for strict X.509 compliance.
5072: .It Ar certificates
1.76 jmc 5073: One or more PEM
1.1 jsing 5074: .Ar certificates
5075: to verify.
5076: If no certificate files are included, an attempt is made to read
5077: a certificate from standard input.
1.76 jmc 5078: If the first certificate filename begins with a dash,
5079: use a lone dash to mark the last option.
1.1 jsing 5080: .El
1.76 jmc 5081: .Pp
1.1 jsing 5082: The
5083: .Nm verify
5084: program uses the same functions as the internal SSL and S/MIME verification,
1.76 jmc 5085: with one crucial difference:
5086: wherever possible an attempt is made to continue after an error,
5087: whereas normally the verify operation would halt on the first error.
1.1 jsing 5088: This allows all the problems with a certificate chain to be determined.
5089: .Pp
1.76 jmc 5090: The verify operation consists of a number of separate steps.
1.1 jsing 5091: Firstly a certificate chain is built up starting from the supplied certificate
5092: and ending in the root CA.
5093: It is an error if the whole chain cannot be built up.
5094: The chain is built up by looking up the issuer's certificate of the current
5095: certificate.
5096: If a certificate is found which is its own issuer, it is assumed
5097: to be the root CA.
5098: .Pp
1.76 jmc 5099: All certificates whose subject name matches the issuer name
1.1 jsing 5100: of the current certificate are subject to further tests.
5101: The relevant authority key identifier components of the current certificate
1.76 jmc 5102: (if present) must match the subject key identifier (if present)
5103: and issuer and serial number of the candidate issuer;
5104: in addition the
5105: .Cm keyUsage
5106: extension of the candidate issuer (if present) must permit certificate signing.
1.1 jsing 5107: .Pp
5108: The lookup first looks in the list of untrusted certificates and if no match
5109: is found the remaining lookups are from the trusted certificates.
1.76 jmc 5110: The root CA is always looked up in the trusted certificate list:
5111: if the certificate to verify is a root certificate,
5112: then an exact match must be found in the trusted list.
1.1 jsing 5113: .Pp
5114: The second operation is to check every untrusted certificate's extensions for
5115: consistency with the supplied purpose.
5116: If the
5117: .Fl purpose
5118: option is not included, then no checks are done.
5119: The supplied or
5120: .Qq leaf
5121: certificate must have extensions compatible with the supplied purpose
5122: and all other certificates must also be valid CA certificates.
5123: The precise extensions required are described in more detail in
5124: the
1.76 jmc 5125: .Nm X509
1.1 jsing 5126: section below.
5127: .Pp
5128: The third operation is to check the trust settings on the root CA.
5129: The root CA should be trusted for the supplied purpose.
1.76 jmc 5130: A certificate with no trust settings is considered to be valid for
1.1 jsing 5131: all purposes.
5132: .Pp
5133: The final operation is to check the validity of the certificate chain.
5134: The validity period is checked against the current system time and the
1.76 jmc 5135: .Cm notBefore
1.1 jsing 5136: and
1.76 jmc 5137: .Cm notAfter
1.1 jsing 5138: dates in the certificate.
5139: The certificate signatures are also checked at this point.
5140: .Pp
5141: If all operations complete successfully, the certificate is considered
5142: valid.
5143: If any operation fails then the certificate is not valid.
5144: When a verify operation fails, the output messages can be somewhat cryptic.
5145: The general form of the error message is:
1.76 jmc 5146: .Bd -literal
5147: server.pem: /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test CA (1024-bit)
5148: error 24 at 1 depth lookup:invalid CA certificate
1.1 jsing 5149: .Ed
5150: .Pp
5151: The first line contains the name of the certificate being verified, followed by
5152: the subject name of the certificate.
5153: The second line contains the error number and the depth.
5154: The depth is the number of the certificate being verified when a
5155: problem was detected starting with zero for the certificate being verified
5156: itself, then 1 for the CA that signed the certificate and so on.
5157: Finally a text version of the error number is presented.
5158: .Pp
5159: An exhaustive list of the error codes and messages is shown below; this also
5160: includes the name of the error code as defined in the header file
1.12 bentley 5161: .In openssl/x509_vfy.h .
1.76 jmc 5162: Some of the error codes are defined but never returned: these are described as
1.1 jsing 5163: .Qq unused .
5164: .Bl -tag -width "XXXX"
1.78 jmc 5165: .It 0 X509_V_OK
1.1 jsing 5166: The operation was successful.
1.78 jmc 5167: .It 2 X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT
5168: The issuer certificate of an untrusted certificate could not be found.
5169: .It 3 X509_V_ERR_UNABLE_TO_GET_CRL
1.1 jsing 5170: The CRL of a certificate could not be found.
1.78 jmc 5171: .It 4 X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE
1.1 jsing 5172: The certificate signature could not be decrypted.
1.78 jmc 5173: This means that the actual signature value could not be determined
5174: rather than it not matching the expected value.
1.1 jsing 5175: This is only meaningful for RSA keys.
1.78 jmc 5176: .It 5 X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE
5177: The CRL signature could not be decrypted.
5178: This means that the actual signature value could not be determined
5179: rather than it not matching the expected value.
1.1 jsing 5180: Unused.
1.78 jmc 5181: .It 6 X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY
1.1 jsing 5182: The public key in the certificate
1.76 jmc 5183: .Cm SubjectPublicKeyInfo
1.1 jsing 5184: could not be read.
1.78 jmc 5185: .It 7 X509_V_ERR_CERT_SIGNATURE_FAILURE
1.1 jsing 5186: The signature of the certificate is invalid.
1.78 jmc 5187: .It 8 X509_V_ERR_CRL_SIGNATURE_FAILURE
1.1 jsing 5188: The signature of the certificate is invalid.
1.78 jmc 5189: .It 9 X509_V_ERR_CERT_NOT_YET_VALID
1.1 jsing 5190: The certificate is not yet valid: the
1.76 jmc 5191: .Cm notBefore
1.1 jsing 5192: date is after the current time.
1.78 jmc 5193: .It 10 X509_V_ERR_CERT_HAS_EXPIRED
1.1 jsing 5194: The certificate has expired; that is, the
1.76 jmc 5195: .Cm notAfter
1.1 jsing 5196: date is before the current time.
1.78 jmc 5197: .It 11 X509_V_ERR_CRL_NOT_YET_VALID
1.1 jsing 5198: The CRL is not yet valid.
1.78 jmc 5199: .It 12 X509_V_ERR_CRL_HAS_EXPIRED
1.1 jsing 5200: The CRL has expired.
1.78 jmc 5201: .It 13 X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD
1.1 jsing 5202: The certificate
1.76 jmc 5203: .Cm notBefore
1.1 jsing 5204: field contains an invalid time.
1.78 jmc 5205: .It 14 X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD
1.1 jsing 5206: The certificate
1.76 jmc 5207: .Cm notAfter
1.1 jsing 5208: field contains an invalid time.
1.78 jmc 5209: .It 15 X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD
1.1 jsing 5210: The CRL
1.76 jmc 5211: .Cm lastUpdate
1.1 jsing 5212: field contains an invalid time.
1.78 jmc 5213: .It 16 X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD
1.1 jsing 5214: The CRL
1.76 jmc 5215: .Cm nextUpdate
1.1 jsing 5216: field contains an invalid time.
1.78 jmc 5217: .It 17 X509_V_ERR_OUT_OF_MEM
1.1 jsing 5218: An error occurred trying to allocate memory.
5219: This should never happen.
1.78 jmc 5220: .It 18 X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT
1.1 jsing 5221: The passed certificate is self-signed and the same certificate cannot be
5222: found in the list of trusted certificates.
1.78 jmc 5223: .It 19 X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN
1.1 jsing 5224: The certificate chain could be built up using the untrusted certificates but
5225: the root could not be found locally.
1.78 jmc 5226: .It 20 X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY
1.1 jsing 5227: The issuer certificate of a locally looked up certificate could not be found.
5228: This normally means the list of trusted certificates is not complete.
1.78 jmc 5229: .It 21 X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE
1.1 jsing 5230: No signatures could be verified because the chain contains only one
5231: certificate and it is not self-signed.
1.78 jmc 5232: .It 22 X509_V_ERR_CERT_CHAIN_TOO_LONG
1.1 jsing 5233: The certificate chain length is greater than the supplied maximum depth.
5234: Unused.
1.78 jmc 5235: .It 23 X509_V_ERR_CERT_REVOKED
1.1 jsing 5236: The certificate has been revoked.
1.78 jmc 5237: .It 24 X509_V_ERR_INVALID_CA
1.1 jsing 5238: A CA certificate is invalid.
5239: Either it is not a CA or its extensions are not consistent
5240: with the supplied purpose.
1.78 jmc 5241: .It 25 X509_V_ERR_PATH_LENGTH_EXCEEDED
1.1 jsing 5242: The
1.76 jmc 5243: .Cm basicConstraints
1.1 jsing 5244: pathlength parameter has been exceeded.
1.78 jmc 5245: .It 26 X509_V_ERR_INVALID_PURPOSE
1.1 jsing 5246: The supplied certificate cannot be used for the specified purpose.
1.78 jmc 5247: .It 27 X509_V_ERR_CERT_UNTRUSTED
1.1 jsing 5248: The root CA is not marked as trusted for the specified purpose.
1.78 jmc 5249: .It 28 X509_V_ERR_CERT_REJECTED
1.1 jsing 5250: The root CA is marked to reject the specified purpose.
1.78 jmc 5251: .It 29 X509_V_ERR_SUBJECT_ISSUER_MISMATCH
1.1 jsing 5252: The current candidate issuer certificate was rejected because its subject name
5253: did not match the issuer name of the current certificate.
5254: Only displayed when the
5255: .Fl issuer_checks
5256: option is set.
1.78 jmc 5257: .It 30 X509_V_ERR_AKID_SKID_MISMATCH
1.1 jsing 5258: The current candidate issuer certificate was rejected because its subject key
5259: identifier was present and did not match the authority key identifier current
5260: certificate.
5261: Only displayed when the
5262: .Fl issuer_checks
5263: option is set.
1.78 jmc 5264: .It 31 X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH
1.1 jsing 5265: The current candidate issuer certificate was rejected because its issuer name
5266: and serial number were present and did not match the authority key identifier
5267: of the current certificate.
5268: Only displayed when the
5269: .Fl issuer_checks
5270: option is set.
1.78 jmc 5271: .It 32 X509_V_ERR_KEYUSAGE_NO_CERTSIGN
1.1 jsing 5272: The current candidate issuer certificate was rejected because its
1.76 jmc 5273: .Cm keyUsage
1.1 jsing 5274: extension does not permit certificate signing.
1.78 jmc 5275: .It 50 X509_V_ERR_APPLICATION_VERIFICATION
1.1 jsing 5276: An application specific error.
5277: Unused.
5278: .El
5279: .Sh VERSION
5280: .Nm openssl version
5281: .Op Fl abdfopv
5282: .Pp
5283: The
5284: .Nm version
5285: command is used to print out version information about
1.79 jmc 5286: .Nm openssl .
1.1 jsing 5287: .Pp
5288: The options are as follows:
5289: .Bl -tag -width Ds
5290: .It Fl a
5291: All information: this is the same as setting all the other flags.
5292: .It Fl b
5293: The date the current version of
1.79 jmc 5294: .Nm openssl
1.1 jsing 5295: was built.
5296: .It Fl d
5297: .Ev OPENSSLDIR
5298: setting.
5299: .It Fl f
5300: Compilation flags.
5301: .It Fl o
5302: Option information: various options set when the library was built.
5303: .It Fl p
5304: Platform setting.
5305: .It Fl v
5306: The current
1.79 jmc 5307: .Nm openssl
1.1 jsing 5308: version.
5309: .El
5310: .Sh X509
5311: .nr nS 1
5312: .Nm "openssl x509"
5313: .Op Fl C
5314: .Op Fl addreject Ar arg
5315: .Op Fl addtrust Ar arg
5316: .Op Fl alias
5317: .Op Fl CA Ar file
5318: .Op Fl CAcreateserial
1.80 jmc 5319: .Op Fl CAform Cm der | pem
1.1 jsing 5320: .Op Fl CAkey Ar file
1.80 jmc 5321: .Op Fl CAkeyform Cm der | pem
1.1 jsing 5322: .Op Fl CAserial Ar file
5323: .Op Fl certopt Ar option
5324: .Op Fl checkend Ar arg
5325: .Op Fl clrext
5326: .Op Fl clrreject
5327: .Op Fl clrtrust
5328: .Op Fl dates
5329: .Op Fl days Ar arg
5330: .Op Fl email
5331: .Op Fl enddate
5332: .Op Fl extensions Ar section
5333: .Op Fl extfile Ar file
5334: .Op Fl fingerprint
5335: .Op Fl hash
5336: .Op Fl in Ar file
1.80 jmc 5337: .Op Fl inform Cm der | net | pem
1.1 jsing 5338: .Op Fl issuer
5339: .Op Fl issuer_hash
5340: .Op Fl issuer_hash_old
1.80 jmc 5341: .Op Fl keyform Cm der | pem
1.29 bcook 5342: .Op Fl md5 | sha1
1.1 jsing 5343: .Op Fl modulus
5344: .Op Fl nameopt Ar option
5345: .Op Fl noout
5346: .Op Fl ocsp_uri
5347: .Op Fl ocspid
5348: .Op Fl out Ar file
1.80 jmc 5349: .Op Fl outform Cm der | net | pem
1.1 jsing 5350: .Op Fl passin Ar arg
5351: .Op Fl pubkey
5352: .Op Fl purpose
5353: .Op Fl req
5354: .Op Fl serial
5355: .Op Fl set_serial Ar n
5356: .Op Fl setalias Ar arg
5357: .Op Fl signkey Ar file
5358: .Op Fl startdate
5359: .Op Fl subject
5360: .Op Fl subject_hash
5361: .Op Fl subject_hash_old
5362: .Op Fl text
5363: .Op Fl trustout
5364: .Op Fl x509toreq
5365: .nr nS 0
5366: .Pp
5367: The
5368: .Nm x509
5369: command is a multi-purpose certificate utility.
5370: It can be used to display certificate information, convert certificates to
5371: various forms, sign certificate requests like a
5372: .Qq mini CA ,
5373: or edit certificate trust settings.
5374: .Pp
1.80 jmc 5375: The following are x509 input, output, and general purpose options:
1.1 jsing 5376: .Bl -tag -width "XXXX"
5377: .It Fl in Ar file
1.80 jmc 5378: The input file to read from,
5379: or standard input if not specified.
5380: .It Fl inform Cm der | net | pem
5381: The input format.
1.1 jsing 5382: Normally, the command will expect an X.509 certificate,
5383: but this can change if other options such as
5384: .Fl req
5385: are present.
1.29 bcook 5386: .It Fl md5 | sha1
1.1 jsing 5387: The digest to use.
5388: This affects any signing or display option that uses a message digest,
5389: such as the
5390: .Fl fingerprint , signkey ,
5391: and
5392: .Fl CA
5393: options.
5394: If not specified, MD5 is used.
1.80 jmc 5395: SHA1 is always used with DSA keys.
1.1 jsing 5396: .It Fl out Ar file
1.80 jmc 5397: The output file to write to,
5398: or standard output if none is specified.
5399: .It Fl outform Cm der | net | pem
5400: The output format.
1.1 jsing 5401: .It Fl passin Ar arg
5402: The key password source.
5403: .El
1.80 jmc 5404: .Pp
5405: The following are x509 display options:
1.1 jsing 5406: .Bl -tag -width "XXXX"
5407: .It Fl C
1.80 jmc 5408: Output the certificate in the form of a C source file.
1.1 jsing 5409: .It Fl certopt Ar option
5410: Customise the output format used with
1.80 jmc 5411: .Fl text ,
5412: either using a list of comma-separated options or by specifying
1.1 jsing 5413: .Fl certopt
1.80 jmc 5414: multiple times.
5415: The default behaviour is to print all fields.
5416: The options are as follows:
5417: .Pp
5418: .Bl -tag -width "no_extensions" -offset indent -compact
5419: .It Cm ca_default
5420: Equivalent to
5421: .Cm no_issuer , no_pubkey , no_header ,
5422: .Cm no_version , no_sigdump ,
5423: and
5424: .Cm no_signame .
5425: .It Cm compatible
5426: Equivalent to no output options at all.
5427: .It Cm ext_default
5428: Print unsupported certificate extensions.
5429: .It Cm ext_dump
5430: Hex dump unsupported extensions.
5431: .It Cm ext_error
5432: Print an error message for unsupported certificate extensions.
5433: .It Cm ext_parse
1.84 jmc 5434: ASN.1 parse unsupported extensions.
1.80 jmc 5435: .It Cm no_aux
5436: Do not print certificate trust information.
5437: .It Cm no_extensions
5438: Do not print X509V3 extensions.
5439: .It Cm no_header
5440: Do not print header (Certificate and Data) information.
5441: .It Cm no_issuer
5442: Do not print the issuer name.
5443: .It Cm no_pubkey
5444: Do not print the public key.
5445: .It Cm no_serial
5446: Do not print the serial number.
5447: .It Cm no_sigdump
5448: Do not give a hexadecimal dump of the certificate signature.
5449: .It Cm no_signame
5450: Do not print the signature algorithm used.
5451: .It Cm no_subject
5452: Do not print the subject name.
5453: .It Cm no_validity
5454: Do not print the
5455: .Cm notBefore
5456: and
5457: .Cm notAfter
5458: (validity) fields.
5459: .It Cm no_version
5460: Do not print the version number.
5461: .El
1.1 jsing 5462: .It Fl dates
1.80 jmc 5463: Print the start and expiry date of a certificate.
1.1 jsing 5464: .It Fl email
1.80 jmc 5465: Output the email addresses, if any.
1.1 jsing 5466: .It Fl enddate
1.80 jmc 5467: Print the expiry date of the certificate; that is, the
5468: .Cm notAfter
1.1 jsing 5469: date.
5470: .It Fl fingerprint
1.80 jmc 5471: Print the digest of the DER-encoded version of the whole certificate.
1.1 jsing 5472: .It Fl hash
5473: A synonym for
1.80 jmc 5474: .Fl subject_hash .
1.1 jsing 5475: .It Fl issuer
1.80 jmc 5476: Print the issuer name.
1.1 jsing 5477: .It Fl issuer_hash
1.80 jmc 5478: Print the hash of the certificate issuer name.
1.1 jsing 5479: .It Fl issuer_hash_old
1.80 jmc 5480: Print the hash of the certificate issuer name
5481: using the older algorithm as used by
5482: .Nm openssl
1.1 jsing 5483: versions before 1.0.0.
5484: .It Fl modulus
1.80 jmc 5485: Print the value of the modulus of the public key contained in the certificate.
1.1 jsing 5486: .It Fl nameopt Ar option
1.80 jmc 5487: Customise how the subject or issuer names are displayed,
5488: either using a list of comma-separated options or by specifying
1.1 jsing 5489: .Fl nameopt
1.80 jmc 5490: multiple times.
5491: The default behaviour is to use the
5492: .Cm oneline
5493: format.
5494: The options,
5495: which can be preceded by a dash to turn them off,
5496: are as follows:
5497: .Bl -tag -width "XXXX"
5498: .It Cm align
5499: Align field values for a more readable output.
5500: Only usable with
5501: .Ar sep_multiline .
5502: .It Cm compat
5503: Use the old format,
5504: equivalent to specifying no options at all.
5505: .It Cm dn_rev
5506: Reverse the fields of the DN, as required by RFC 2253.
5507: As a side effect, this also reverses the order of multiple AVAs.
5508: .It Cm dump_all
5509: Dump all fields.
5510: When used with
5511: .Ar dump_der ,
5512: it allows the DER encoding of the structure to be unambiguously determined.
5513: .It Cm dump_der
5514: Any fields that need to be hexdumped are
5515: dumped using the DER encoding of the field.
5516: Otherwise just the content octets will be displayed.
5517: Both options use the RFC 2253 #XXXX... format.
5518: .It Cm dump_nostr
5519: Dump non-character string types
5520: (for example OCTET STRING);
5521: usually, non-character string types are displayed
5522: as though each content octet represents a single character.
5523: .It Cm dump_unknown
5524: Dump any field whose OID is not recognised by
5525: .Nm openssl .
5526: .It Cm esc_2253
5527: Escape the
5528: .Qq special
5529: characters required by RFC 2253 in a field that is
5530: .Dq \& ,+"<>; .
5531: Additionally,
5532: .Sq #
5533: is escaped at the beginning of a string
5534: and a space character at the beginning or end of a string.
5535: .It Cm esc_ctrl
5536: Escape control characters.
5537: That is, those with ASCII values less than 0x20 (space)
5538: and the delete (0x7f) character.
5539: They are escaped using the RFC 2253 \eXX notation (where XX are two hex
5540: digits representing the character value).
5541: .It Cm esc_msb
5542: Escape characters with the MSB set; that is, with ASCII values larger than
5543: 127.
5544: .It Cm multiline
5545: A multiline format.
5546: Equivalent to
5547: .Cm esc_ctrl , esc_msb , sep_multiline ,
5548: .Cm space_eq , lname ,
5549: and
5550: .Cm align .
5551: .It Cm no_type
5552: Do not attempt to interpret multibyte characters.
5553: That is, content octets are merely dumped as though one octet
5554: represents each character.
5555: This is useful for diagnostic purposes
5556: but results in rather odd looking output.
5557: .It Cm nofname , sname , lname , oid
5558: Alter how the field name is displayed:
5559: .Cm nofname
5560: does not display the field at all;
5561: .Cm sname
5562: uses the short name form (CN for
5563: .Cm commonName ,
5564: for example);
5565: .Cm lname
5566: uses the long form.
5567: .Cm oid
5568: represents the OID in numerical form and is useful for diagnostic purpose.
5569: .It Cm oneline
5570: A one line format which is more readable than
5571: .Cm RFC2253 .
5572: Equivalent to
5573: .Cm esc_2253 , esc_ctrl , esc_msb , utf8 ,
5574: .Cm dump_nostr , dump_der , use_quote , sep_comma_plus_spc ,
5575: .Cm space_eq ,
5576: and
5577: .Cm sname .
5578: .It Cm RFC2253
5579: Displays names compatible with RFC 2253.
5580: Equivalent to
5581: .Cm esc_2253 , esc_ctrl ,
5582: .Cm esc_msb , utf8 , dump_nostr , dump_unknown ,
5583: .Cm dump_der , sep_comma_plus , dn_rev ,
5584: and
5585: .Cm sname .
5586: .It Cm sep_comma_plus , sep_comma_plus_space , sep_semi_plus_space , sep_multiline
5587: Determine the field separators:
5588: the first character is between RDNs and the second between multiple AVAs
5589: (multiple AVAs are very rare and their use is discouraged).
5590: The options ending in
5591: .Qq space
5592: additionally place a space after the separator to make it more readable.
5593: .Cm sep_multiline
5594: uses a linefeed character for the RDN separator and a spaced
5595: .Sq +
5596: for the AVA separator,
5597: as well as indenting the fields by four characters.
5598: .It Cm show_type
1.84 jmc 5599: Show the type of the ASN.1 character string.
1.80 jmc 5600: The type precedes the field contents.
5601: For example
5602: .Qq BMPSTRING: Hello World .
5603: .It Cm space_eq
5604: Place spaces round the
5605: .Sq =
5606: character which follows the field name.
5607: .It Cm use_quote
5608: Escape some characters by surrounding the whole string with
5609: .Sq \&"
5610: characters.
5611: Without the option, all escaping is done with the
5612: .Sq \e
5613: character.
5614: .It Cm utf8
5615: Convert all strings to UTF8 format first, as required by RFC 2253.
5616: On a UTF8 compatible terminal,
5617: the use of this option (and not setting
5618: .Cm esc_msb )
5619: may result in the correct display of multibyte characters.
5620: Usually, multibyte characters larger than 0xff
5621: are represented using the format \eUXXXX for 16 bits and \eWXXXXXXXX
5622: for 32 bits,
5623: and any UTF8Strings are converted to their character form first.
5624: .El
1.1 jsing 5625: .It Fl noout
1.80 jmc 5626: Do not output the encoded version of the request.
1.1 jsing 5627: .It Fl ocsp_uri
1.80 jmc 5628: Print the OCSP responder addresses, if any.
1.1 jsing 5629: .It Fl ocspid
5630: Print OCSP hash values for the subject name and public key.
5631: .It Fl pubkey
1.80 jmc 5632: Print the public key.
1.1 jsing 5633: .It Fl serial
1.80 jmc 5634: Print the certificate serial number.
1.1 jsing 5635: .It Fl startdate
1.80 jmc 5636: Print the start date of the certificate; that is, the
5637: .Cm notBefore
1.1 jsing 5638: date.
5639: .It Fl subject
1.80 jmc 5640: Print the subject name.
1.1 jsing 5641: .It Fl subject_hash
1.80 jmc 5642: Print the hash of the certificate subject name.
1.1 jsing 5643: This is used in
1.80 jmc 5644: .Nm openssl
1.1 jsing 5645: to form an index to allow certificates in a directory to be looked up
5646: by subject name.
5647: .It Fl subject_hash_old
1.80 jmc 5648: Print the hash of the certificate subject name
5649: using the older algorithm as used by
5650: .Nm openssl
1.1 jsing 5651: versions before 1.0.0.
5652: .It Fl text
1.80 jmc 5653: Print the full certificate in text form.
1.1 jsing 5654: .El
5655: .Pp
1.80 jmc 5656: A trusted certificate is a certificate which has several
1.1 jsing 5657: additional pieces of information attached to it such as the permitted
1.80 jmc 5658: and prohibited uses of the certificate and an alias.
5659: When a certificate is being verified at least one certificate must be trusted.
5660: By default, a trusted certificate must be stored locally and be a root CA.
5661: The following are x509 trust settings options:
1.1 jsing 5662: .Bl -tag -width "XXXX"
5663: .It Fl addreject Ar arg
1.80 jmc 5664: Add a prohibited use.
5665: Accepts the same values as the
1.1 jsing 5666: .Fl addtrust
5667: option.
5668: .It Fl addtrust Ar arg
1.80 jmc 5669: Add a trusted certificate use.
1.1 jsing 5670: Any object name can be used here, but currently only
1.80 jmc 5671: .Cm clientAuth
5672: (SSL client use),
5673: .Cm serverAuth
5674: (SSL server use),
5675: and
5676: .Cm emailProtection
5677: (S/MIME email) are used.
1.1 jsing 5678: .It Fl alias
1.80 jmc 5679: Output the certificate alias.
1.1 jsing 5680: .It Fl clrreject
1.80 jmc 5681: Clear all the prohibited or rejected uses of the certificate.
1.1 jsing 5682: .It Fl clrtrust
1.80 jmc 5683: Clear all the permitted or trusted uses of the certificate.
1.1 jsing 5684: .It Fl purpose
1.80 jmc 5685: Perform tests on the certificate extensions.
5686: The same code is used when verifying untrusted certificates in chains,
5687: so this section is useful if a chain is rejected by the verify code.
5688: .Pp
5689: The
5690: .Cm basicConstraints
5691: extension CA flag is used to determine whether the
5692: certificate can be used as a CA.
5693: If the CA flag is true, it is a CA;
5694: if the CA flag is false, it is not a CA.
5695: All CAs should have the CA flag set to true.
5696: .Pp
5697: If the
5698: .Cm basicConstraints
5699: extension is absent, then the certificate is
5700: considered to be a possible CA;
5701: other extensions are checked according to the intended use of the certificate.
5702: A warning is given in this case because the certificate should really not
5703: be regarded as a CA.
5704: However it is allowed to be a CA to work around some broken software.
5705: .Pp
5706: If the certificate is a V1 certificate
5707: (and thus has no extensions) and it is self-signed,
5708: it is also assumed to be a CA but a warning is again given.
5709: This is to work around the problem of Verisign roots
5710: which are V1 self-signed certificates.
5711: .Pp
5712: If the
5713: .Cm keyUsage
5714: extension is present, then additional restraints are
5715: made on the uses of the certificate.
5716: A CA certificate must have the
5717: .Cm keyCertSign
5718: bit set if the
5719: .Cm keyUsage
5720: extension is present.
5721: .Pp
5722: The extended key usage extension places additional restrictions on the
5723: certificate uses.
5724: If this extension is present, whether critical or not,
5725: the key can only be used for the purposes specified.
5726: .Pp
5727: A complete description of each test is given below.
5728: The comments about
5729: .Cm basicConstraints
5730: and
5731: .Cm keyUsage
5732: and V1 certificates above apply to all CA certificates.
5733: .Bl -tag -width "XXXX"
5734: .It SSL Client
5735: The extended key usage extension must be absent or include the
5736: web client authentication OID.
5737: .Cm keyUsage
5738: must be absent or it must have the
5739: .Cm digitalSignature
5740: bit set.
5741: The Netscape certificate type must be absent
5742: or it must have the SSL client bit set.
5743: .It SSL Client CA
5744: The extended key usage extension must be absent or include the
5745: web client authentication OID.
5746: The Netscape certificate type must be absent
5747: or it must have the SSL CA bit set:
5748: this is used as a workaround if the
5749: .Cm basicConstraints
5750: extension is absent.
5751: .It SSL Server
5752: The extended key usage extension must be absent or include the
5753: web server authentication and/or one of the SGC OIDs.
5754: .Cm keyUsage
5755: must be absent or it must have the
5756: .Cm digitalSignature
5757: set, the
5758: .Cm keyEncipherment
5759: set, or both bits set.
5760: The Netscape certificate type must be absent or have the SSL server bit set.
5761: .It SSL Server CA
5762: The extended key usage extension must be absent or include the
5763: web server authentication and/or one of the SGC OIDs.
5764: The Netscape certificate type must be absent or the SSL CA bit must be set:
5765: this is used as a workaround if the
5766: .Cm basicConstraints
5767: extension is absent.
5768: .It Netscape SSL Server
5769: For Netscape SSL clients to connect to an SSL server; it must have the
5770: .Cm keyEncipherment
5771: bit set if the
5772: .Cm keyUsage
5773: extension is present.
5774: This isn't always valid because some cipher suites use the key for
5775: digital signing.
5776: Otherwise it is the same as a normal SSL server.
5777: .It Common S/MIME Client Tests
5778: The extended key usage extension must be absent or include the
5779: email protection OID.
5780: The Netscape certificate type must be absent or should have the S/MIME bit set.
5781: If the S/MIME bit is not set in Netscape certificate type, then the SSL
5782: client bit is tolerated as an alternative but a warning is shown:
5783: this is because some Verisign certificates don't set the S/MIME bit.
5784: .It S/MIME Signing
5785: In addition to the common S/MIME client tests, the
5786: .Cm digitalSignature
5787: bit must be set if the
5788: .Cm keyUsage
5789: extension is present.
5790: .It S/MIME Encryption
5791: In addition to the common S/MIME tests, the
5792: .Cm keyEncipherment
5793: bit must be set if the
5794: .Cm keyUsage
5795: extension is present.
5796: .It S/MIME CA
5797: The extended key usage extension must be absent or include the
5798: email protection OID.
5799: The Netscape certificate type must be absent
5800: or must have the S/MIME CA bit set:
5801: this is used as a workaround if the
5802: .Cm basicConstraints
5803: extension is absent.
5804: .It CRL Signing
5805: The
5806: .Cm keyUsage
5807: extension must be absent or it must have the CRL signing bit set.
5808: .It CRL Signing CA
5809: The normal CA tests apply, except the
5810: .Cm basicConstraints
5811: extension must be present.
5812: .El
1.1 jsing 5813: .It Fl setalias Ar arg
1.80 jmc 5814: Set the alias of the certificate,
5815: allowing the certificate to be referred to using a nickname,
5816: such as
1.1 jsing 5817: .Qq Steve's Certificate .
5818: .It Fl trustout
1.80 jmc 5819: Output a trusted certificate
5820: (the default if any trust settings are modified).
1.1 jsing 5821: An ordinary or trusted certificate can be input, but by default an ordinary
5822: certificate is output and any trust settings are discarded.
5823: .El
1.80 jmc 5824: .Pp
1.1 jsing 5825: The
5826: .Nm x509
1.80 jmc 5827: utility can be used to sign certificates and requests:
5828: it can thus behave like a mini CA.
5829: The following are x509 signing options:
1.1 jsing 5830: .Bl -tag -width "XXXX"
5831: .It Fl CA Ar file
1.80 jmc 5832: The CA certificate to be used for signing.
1.1 jsing 5833: When this option is present,
5834: .Nm x509
1.80 jmc 5835: behaves like a mini CA.
1.1 jsing 5836: The input file is signed by the CA using this option;
5837: that is, its issuer name is set to the subject name of the CA and it is
5838: digitally signed using the CA's private key.
5839: .Pp
5840: This option is normally combined with the
5841: .Fl req
5842: option.
5843: Without the
5844: .Fl req
5845: option, the input is a certificate which must be self-signed.
5846: .It Fl CAcreateserial
1.80 jmc 5847: Create the CA serial number file if it does not exist
5848: instead of generating an error.
5849: The file will contain the serial number
1.1 jsing 5850: .Sq 02
5851: and the certificate being signed will have
5852: .Sq 1
5853: as its serial number.
1.80 jmc 5854: .It Fl CAform Cm der | pem
1.1 jsing 5855: The format of the CA certificate file.
5856: The default is
1.80 jmc 5857: .Cm pem .
1.1 jsing 5858: .It Fl CAkey Ar file
1.80 jmc 5859: Set the CA private key to sign a certificate with.
5860: Otherwise it is assumed that the CA private key is present
5861: in the CA certificate file.
5862: .It Fl CAkeyform Cm der | pem
1.1 jsing 5863: The format of the CA private key.
5864: The default is
1.80 jmc 5865: .Cm pem .
1.1 jsing 5866: .It Fl CAserial Ar file
1.80 jmc 5867: Use the serial number in
5868: .Ar file
5869: to sign a certificate.
5870: The file should consist of one line containing an even number of hex digits
1.1 jsing 5871: with the serial number to use.
5872: After each use the serial number is incremented and written out
5873: to the file again.
5874: .Pp
5875: The default filename consists of the CA certificate file base name with
5876: .Pa .srl
5877: appended.
5878: For example, if the CA certificate file is called
5879: .Pa mycacert.pem ,
5880: it expects to find a serial number file called
5881: .Pa mycacert.srl .
5882: .It Fl checkend Ar arg
5883: Check whether the certificate expires in the next
5884: .Ar arg
5885: seconds.
5886: If so, exit with return value 1;
5887: otherwise exit with return value 0.
5888: .It Fl clrext
5889: Delete any extensions from a certificate.
5890: This option is used when a certificate is being created from another
5891: certificate (for example with the
5892: .Fl signkey
5893: or the
5894: .Fl CA
5895: options).
5896: Normally, all extensions are retained.
5897: .It Fl days Ar arg
1.80 jmc 5898: The number of days to make a certificate valid for.
1.1 jsing 5899: The default is 30 days.
5900: .It Fl extensions Ar section
5901: The section to add certificate extensions from.
5902: If this option is not specified, the extensions should either be
1.80 jmc 5903: contained in the unnamed (default) section
5904: or the default section should contain a variable called
1.1 jsing 5905: .Qq extensions
5906: which contains the section to use.
5907: .It Fl extfile Ar file
5908: File containing certificate extensions to use.
5909: If not specified, no extensions are added to the certificate.
1.80 jmc 5910: .It Fl keyform Cm der | pem
5911: The format of the private key file used in the
1.1 jsing 5912: .Fl signkey
5913: option.
5914: .It Fl req
1.80 jmc 5915: Expect a certificate request on input instead of a certificate.
1.1 jsing 5916: .It Fl set_serial Ar n
1.80 jmc 5917: The serial number to use.
1.1 jsing 5918: This option can be used with either the
5919: .Fl signkey
5920: or
5921: .Fl CA
5922: options.
5923: If used in conjunction with the
5924: .Fl CA
5925: option, the serial number file (as specified by the
5926: .Fl CAserial
5927: or
5928: .Fl CAcreateserial
5929: options) is not used.
5930: .Pp
5931: The serial number can be decimal or hex (if preceded by
5932: .Sq 0x ) .
5933: Negative serial numbers can also be specified but their use is not recommended.
5934: .It Fl signkey Ar file
1.80 jmc 5935: Self-sign
5936: .Ar file
5937: using the supplied private key.
1.1 jsing 5938: .Pp
5939: If the input file is a certificate, it sets the issuer name to the
1.80 jmc 5940: subject name (i.e. makes it self-signed),
1.1 jsing 5941: changes the public key to the supplied value,
5942: and changes the start and end dates.
5943: The start date is set to the current time and the end date is set to
5944: a value determined by the
5945: .Fl days
5946: option.
5947: Any certificate extensions are retained unless the
5948: .Fl clrext
5949: option is supplied.
5950: .Pp
5951: If the input is a certificate request, a self-signed certificate
5952: is created using the supplied private key using the subject name in
5953: the request.
5954: .It Fl x509toreq
1.80 jmc 5955: Convert a certificate into a certificate request.
1.1 jsing 5956: The
5957: .Fl signkey
5958: option is used to pass the required private key.
5959: .El
1.38 jmc 5960: .Sh COMMON NOTATION
5961: Several commands share a common syntax,
5962: as detailed below.
5963: .Pp
5964: Password arguments, typically specified using
1.33 jmc 5965: .Fl passin
5966: and
5967: .Fl passout
1.38 jmc 5968: for input and output passwords,
5969: allow passwords to be obtained from a variety of sources.
5970: Both of these options take a single argument, described below.
1.33 jmc 5971: If no password argument is given and a password is required,
5972: then the user is prompted to enter one:
5973: this will typically be read from the current terminal with echoing turned off.
1.38 jmc 5974: .Bl -tag -width "pass:password" -offset indent
5975: .It Cm pass : Ns Ar password
1.33 jmc 5976: The actual password is
5977: .Ar password .
1.38 jmc 5978: Since the password is visible to utilities,
1.33 jmc 5979: this form should only be used where security is not important.
1.38 jmc 5980: .It Cm env : Ns Ar var
1.33 jmc 5981: Obtain the password from the environment variable
5982: .Ar var .
1.38 jmc 5983: Since the environment of other processes is visible,
5984: this option should be used with caution.
5985: .It Cm file : Ns Ar path
1.33 jmc 5986: The first line of
5987: .Ar path
5988: is the password.
5989: If the same
5990: .Ar path
5991: argument is supplied to
5992: .Fl passin
5993: and
5994: .Fl passout ,
5995: then the first line will be used for the input password and the next line
5996: for the output password.
5997: .Ar path
5998: need not refer to a regular file:
5999: it could, for example, refer to a device or named pipe.
1.38 jmc 6000: .It Cm fd : Ns Ar number
1.33 jmc 6001: Read the password from the file descriptor
6002: .Ar number .
1.38 jmc 6003: This can be used to send the data via a pipe, for example.
6004: .It Cm stdin
1.33 jmc 6005: Read the password from standard input.
1.35 jmc 6006: .El
1.38 jmc 6007: .Pp
1.64 jmc 6008: Input/output formats,
1.38 jmc 6009: typically specified using
6010: .Fl inform
6011: and
6012: .Fl outform ,
1.64 jmc 6013: indicate the format being read from or written to.
1.38 jmc 6014: The argument is case insensitive.
6015: .Pp
6016: .Bl -tag -width Ds -offset indent -compact
6017: .It Cm der
6018: Distinguished Encoding Rules (DER)
6019: is a binary format.
1.64 jmc 6020: .It Cm net
6021: Insecure legacy format.
1.38 jmc 6022: .It Cm pem
6023: Privacy Enhanced Mail (PEM)
6024: is base64-encoded.
1.70 jmc 6025: .It Cm smime
6026: An SMIME format message.
1.38 jmc 6027: .It Cm txt
6028: Plain ASCII text.
6029: .El
1.35 jmc 6030: .Sh ENVIRONMENT
6031: The following environment variables affect the execution of
6032: .Nm openssl :
1.38 jmc 6033: .Bl -tag -width "/etc/ssl/openssl.cnf"
1.35 jmc 6034: .It Ev OPENSSL_CONF
6035: The location of the master configuration file.
1.33 jmc 6036: .El
1.1 jsing 6037: .Sh FILES
6038: .Bl -tag -width "/etc/ssl/openssl.cnf" -compact
1.17 sobrado 6039: .It Pa /etc/ssl/
1.1 jsing 6040: Default config directory for
6041: .Nm openssl .
1.17 sobrado 6042: .It Pa /etc/ssl/lib/
1.1 jsing 6043: Unused.
1.17 sobrado 6044: .It Pa /etc/ssl/private/
1.1 jsing 6045: Default private key directory.
1.17 sobrado 6046: .It Pa /etc/ssl/openssl.cnf
1.1 jsing 6047: Default configuration file for
6048: .Nm openssl .
1.17 sobrado 6049: .It Pa /etc/ssl/x509v3.cnf
1.1 jsing 6050: Default configuration file for
6051: .Nm x509
6052: certificates.
6053: .El
6054: .Sh SEE ALSO
1.74 jmc 6055: .Xr acme-client 1 ,
1.26 jmc 6056: .Xr nc 1 ,
1.1 jsing 6057: .Xr ssl 8 ,
6058: .Xr starttls 8
6059: .Sh STANDARDS
6060: .Rs
6061: .%A T. Dierks
6062: .%A C. Allen
6063: .%D January 1999
6064: .%R RFC 2246
6065: .%T The TLS Protocol Version 1.0
6066: .Re
6067: .Pp
6068: .Rs
6069: .%A M. Wahl
6070: .%A S. Killie
6071: .%A T. Howes
6072: .%D December 1997
6073: .%R RFC 2253
6074: .%T Lightweight Directory Access Protocol (v3): UTF-8 String Representation of Distinguished Names
6075: .Re
6076: .Pp
6077: .Rs
6078: .%A B. Kaliski
6079: .%D March 1998
6080: .%R RFC 2315
6081: .%T PKCS #7: Cryptographic Message Syntax Version 1.5
6082: .Re
6083: .Pp
6084: .Rs
6085: .%A R. Housley
6086: .%A W. Ford
6087: .%A W. Polk
6088: .%A D. Solo
6089: .%D January 1999
6090: .%R RFC 2459
6091: .%T Internet X.509 Public Key Infrastructure Certificate and CRL Profile
6092: .Re
6093: .Pp
6094: .Rs
6095: .%A M. Myers
6096: .%A R. Ankney
6097: .%A A. Malpani
6098: .%A S. Galperin
6099: .%A C. Adams
6100: .%D June 1999
6101: .%R RFC 2560
6102: .%T X.509 Internet Public Key Infrastructure Online Certificate Status Protocol \(en OCSP
6103: .Re
6104: .Pp
6105: .Rs
6106: .%A R. Housley
6107: .%D June 1999
6108: .%R RFC 2630
6109: .%T Cryptographic Message Syntax
6110: .Re
6111: .Pp
6112: .Rs
6113: .%A P. Chown
6114: .%D June 2002
6115: .%R RFC 3268
1.24 jmc 6116: .%T Advanced Encryption Standard (AES) Ciphersuites for Transport Layer Security (TLS)
1.1 jsing 6117: .Re