Annotation of src/usr.bin/openssl/openssl.1, Revision 1.91
1.91 ! schwarze 1: .\" $OpenBSD: openssl.1,v 1.90 2018/03/30 20:38:23 schwarze Exp $
1.1 jsing 2: .\" ====================================================================
3: .\" Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
4: .\"
5: .\" Redistribution and use in source and binary forms, with or without
6: .\" modification, are permitted provided that the following conditions
7: .\" are met:
8: .\"
9: .\" 1. Redistributions of source code must retain the above copyright
10: .\" notice, this list of conditions and the following disclaimer.
11: .\"
12: .\" 2. Redistributions in binary form must reproduce the above copyright
13: .\" notice, this list of conditions and the following disclaimer in
14: .\" the documentation and/or other materials provided with the
15: .\" distribution.
16: .\"
17: .\" 3. All advertising materials mentioning features or use of this
18: .\" software must display the following acknowledgment:
19: .\" "This product includes software developed by the OpenSSL Project
20: .\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
21: .\"
22: .\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
23: .\" endorse or promote products derived from this software without
24: .\" prior written permission. For written permission, please contact
25: .\" openssl-core@openssl.org.
26: .\"
27: .\" 5. Products derived from this software may not be called "OpenSSL"
28: .\" nor may "OpenSSL" appear in their names without prior written
29: .\" permission of the OpenSSL Project.
30: .\"
31: .\" 6. Redistributions of any form whatsoever must retain the following
32: .\" acknowledgment:
33: .\" "This product includes software developed by the OpenSSL Project
34: .\" for use in the OpenSSL Toolkit (http://www.openssl.org/)"
35: .\"
36: .\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
37: .\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
38: .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
39: .\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
40: .\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
41: .\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
42: .\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
43: .\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
44: .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
45: .\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
46: .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
47: .\" OF THE POSSIBILITY OF SUCH DAMAGE.
48: .\" ====================================================================
49: .\"
50: .\" This product includes cryptographic software written by Eric Young
51: .\" (eay@cryptsoft.com). This product includes software written by Tim
52: .\" Hudson (tjh@cryptsoft.com).
53: .\"
54: .\"
55: .\" Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
56: .\" All rights reserved.
57: .\"
58: .\" This package is an SSL implementation written
59: .\" by Eric Young (eay@cryptsoft.com).
60: .\" The implementation was written so as to conform with Netscapes SSL.
61: .\"
62: .\" This library is free for commercial and non-commercial use as long as
63: .\" the following conditions are aheared to. The following conditions
64: .\" apply to all code found in this distribution, be it the RC4, RSA,
65: .\" lhash, DES, etc., code; not just the SSL code. The SSL documentation
66: .\" included with this distribution is covered by the same copyright terms
67: .\" except that the holder is Tim Hudson (tjh@cryptsoft.com).
68: .\"
69: .\" Copyright remains Eric Young's, and as such any Copyright notices in
70: .\" the code are not to be removed.
71: .\" If this package is used in a product, Eric Young should be given attribution
72: .\" as the author of the parts of the library used.
73: .\" This can be in the form of a textual message at program startup or
74: .\" in documentation (online or textual) provided with the package.
75: .\"
76: .\" Redistribution and use in source and binary forms, with or without
77: .\" modification, are permitted provided that the following conditions
78: .\" are met:
79: .\" 1. Redistributions of source code must retain the copyright
80: .\" notice, this list of conditions and the following disclaimer.
81: .\" 2. Redistributions in binary form must reproduce the above copyright
82: .\" notice, this list of conditions and the following disclaimer in the
83: .\" documentation and/or other materials provided with the distribution.
84: .\" 3. All advertising materials mentioning features or use of this software
85: .\" must display the following acknowledgement:
86: .\" "This product includes cryptographic software written by
87: .\" Eric Young (eay@cryptsoft.com)"
88: .\" The word 'cryptographic' can be left out if the rouines from the library
89: .\" being used are not cryptographic related :-).
90: .\" 4. If you include any Windows specific code (or a derivative thereof) from
91: .\" the apps directory (application code) you must include an
92: .\" acknowledgement:
93: .\" "This product includes software written by Tim Hudson
94: .\" (tjh@cryptsoft.com)"
95: .\"
96: .\" THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
97: .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
98: .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
99: .\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
100: .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
101: .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
102: .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
103: .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
104: .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
105: .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
106: .\" SUCH DAMAGE.
107: .\"
108: .\" The licence and distribution terms for any publically available version or
109: .\" derivative of this code cannot be changed. i.e. this code cannot simply be
110: .\" copied and put under another distribution licence
111: .\" [including the GNU Public Licence.]
112: .\"
1.91 ! schwarze 113: .Dd $Mdocdate: March 30 2018 $
1.1 jsing 114: .Dt OPENSSL 1
115: .Os
116: .Sh NAME
117: .Nm openssl
118: .Nd OpenSSL command line tool
119: .Sh SYNOPSIS
120: .Nm
1.90 schwarze 121: .Ar command
1.1 jsing 122: .Op Ar command_opts
123: .Op Ar command_args
124: .Pp
125: .Nm
1.13 bentley 126: .Cm list-standard-commands |
127: .Cm list-message-digest-commands |
128: .Cm list-cipher-commands |
129: .Cm list-cipher-algorithms |
130: .Cm list-message-digest-algorithms |
1.1 jsing 131: .Cm list-public-key-algorithms
132: .Pp
133: .Nm
1.39 jmc 134: .Cm no- Ns Ar command
1.1 jsing 135: .Sh DESCRIPTION
136: .Nm OpenSSL
1.31 jmc 137: is a cryptography toolkit implementing the
138: Transport Layer Security
1.1 jsing 139: .Pq TLS v1
1.31 jmc 140: network protocol,
141: as well as related cryptography standards.
1.1 jsing 142: .Pp
143: The
144: .Nm
145: program is a command line tool for using the various
146: cryptography functions of
1.39 jmc 147: .Nm openssl Ns 's
1.33 jmc 148: crypto library from the shell.
1.1 jsing 149: .Pp
150: The pseudo-commands
151: .Cm list-standard-commands , list-message-digest-commands ,
152: and
153: .Cm list-cipher-commands
154: output a list
155: .Pq one entry per line
156: of the names of all standard commands, message digest commands,
157: or cipher commands, respectively, that are available in the present
158: .Nm
159: utility.
160: .Pp
161: The pseudo-commands
162: .Cm list-cipher-algorithms
163: and
164: .Cm list-message-digest-algorithms
165: list all cipher and message digest names,
166: one entry per line.
167: Aliases are listed as:
168: .Pp
1.33 jmc 169: .D1 from => to
1.1 jsing 170: .Pp
171: The pseudo-command
172: .Cm list-public-key-algorithms
173: lists all supported public key algorithms.
174: .Pp
175: The pseudo-command
1.39 jmc 176: .Cm no- Ns Ar command
1.1 jsing 177: tests whether a command of the
178: specified name is available.
1.39 jmc 179: If
180: .Ar command
181: does not exist,
1.1 jsing 182: it returns 0
183: and prints
1.39 jmc 184: .Cm no- Ns Ar command ;
1.1 jsing 185: otherwise it returns 1 and prints
1.39 jmc 186: .Ar command .
187: In both cases, the output goes to stdout and nothing is printed to stderr.
1.1 jsing 188: Additional command line arguments are always ignored.
189: Since for each cipher there is a command of the same name,
190: this provides an easy way for shell scripts to test for the
191: availability of ciphers in the
192: .Nm
193: program.
194: .Pp
195: .Sy Note :
1.39 jmc 196: .Cm no- Ns Ar command
1.1 jsing 197: is not able to detect pseudo-commands such as
198: .Cm quit ,
199: .Cm list- Ns Ar ... Ns Cm -commands ,
200: or
1.39 jmc 201: .Cm no- Ns Ar command
1.1 jsing 202: itself.
203: .Sh ASN1PARSE
204: .nr nS 1
205: .Nm "openssl asn1parse"
206: .Op Fl i
207: .Op Fl dlimit Ar number
208: .Op Fl dump
209: .Op Fl genconf Ar file
210: .Op Fl genstr Ar str
211: .Op Fl in Ar file
1.34 jmc 212: .Op Fl inform Cm der | pem | txt
1.1 jsing 213: .Op Fl length Ar number
214: .Op Fl noout
215: .Op Fl offset Ar number
216: .Op Fl oid Ar file
217: .Op Fl out Ar file
218: .Op Fl strparse Ar offset
219: .nr nS 0
220: .Pp
221: The
222: .Nm asn1parse
223: command is a diagnostic utility that can parse ASN.1 structures.
224: It can also be used to extract data from ASN.1 formatted data.
225: .Pp
226: The options are as follows:
227: .Bl -tag -width Ds
228: .It Fl dlimit Ar number
229: Dump the first
230: .Ar number
231: bytes of unknown data in hex form.
232: .It Fl dump
233: Dump unknown data in hex form.
234: .It Fl genconf Ar file , Fl genstr Ar str
235: Generate encoded data based on string
236: .Ar str ,
237: file
238: .Ar file ,
1.34 jmc 239: or both, using the format described in
240: .Xr ASN1_generate_nconf 3 .
1.1 jsing 241: If only
242: .Ar file
243: is present then the string is obtained from the default section
244: using the name
245: .Dq asn1 .
1.84 jmc 246: The encoded data is passed through the ASN.1 parser and printed out as
1.1 jsing 247: though it came from a file;
248: the contents can thus be examined and written to a file using the
249: .Fl out
250: option.
251: .It Fl i
1.34 jmc 252: Indent the output according to the
1.1 jsing 253: .Qq depth
254: of the structures.
255: .It Fl in Ar file
1.41 jmc 256: The input file to read from, or standard input if not specified.
1.34 jmc 257: .It Fl inform Cm der | pem | txt
1.1 jsing 258: The input format.
259: .It Fl length Ar number
1.34 jmc 260: Number of bytes to parse; the default is until end of file.
1.1 jsing 261: .It Fl noout
1.46 jmc 262: Do not output the parsed version of the input file.
1.1 jsing 263: .It Fl offset Ar number
1.34 jmc 264: Starting offset to begin parsing; the default is start of file.
1.1 jsing 265: .It Fl oid Ar file
266: A file containing additional object identifiers
267: .Pq OIDs .
268: If an OID
269: .Pq object identifier
270: is not part of
1.34 jmc 271: .Nm openssl Ns 's
1.1 jsing 272: internal table it will be represented in
273: numerical form
274: .Pq for example 1.2.3.4 .
1.34 jmc 275: .Pp
1.1 jsing 276: Each line consists of three columns:
277: the first column is the OID in numerical format and should be followed by
278: whitespace.
279: The second column is the
1.34 jmc 280: .Qq short name ,
1.1 jsing 281: which is a single word followed by whitespace.
282: The final column is the rest of the line and is the
283: .Qq long name .
284: .Nm asn1parse
285: displays the long name.
1.34 jmc 286: .It Fl out Ar file
287: The DER-encoded output file; the default is no encoded output
288: (useful when combined with
289: .Fl strparse ) .
290: .It Fl strparse Ar offset
291: Parse the content octets of the ASN.1 object starting at
292: .Ar offset .
293: This option can be used multiple times to
294: .Qq drill down
295: into a nested structure.
296: .El
1.1 jsing 297: .Sh CA
298: .nr nS 1
299: .Nm "openssl ca"
300: .Op Fl batch
301: .Op Fl cert Ar file
302: .Op Fl config Ar file
1.91 ! schwarze 303: .Op Fl create_serial
1.1 jsing 304: .Op Fl crl_CA_compromise Ar time
305: .Op Fl crl_compromise Ar time
306: .Op Fl crl_hold Ar instruction
307: .Op Fl crl_reason Ar reason
308: .Op Fl crldays Ar days
309: .Op Fl crlexts Ar section
310: .Op Fl crlhours Ar hours
311: .Op Fl days Ar arg
312: .Op Fl enddate Ar date
313: .Op Fl extensions Ar section
314: .Op Fl extfile Ar section
315: .Op Fl gencrl
316: .Op Fl in Ar file
317: .Op Fl infiles
1.91 ! schwarze 318: .Op Fl key Ar password
1.1 jsing 319: .Op Fl keyfile Ar arg
1.91 ! schwarze 320: .Op Fl keyform Cm pem | der
1.1 jsing 321: .Op Fl md Ar arg
322: .Op Fl msie_hack
1.91 ! schwarze 323: .Op Fl multivalue\-rdn
1.1 jsing 324: .Op Fl name Ar section
325: .Op Fl noemailDN
326: .Op Fl notext
327: .Op Fl out Ar file
328: .Op Fl outdir Ar dir
329: .Op Fl passin Ar arg
330: .Op Fl policy Ar arg
331: .Op Fl preserveDN
332: .Op Fl revoke Ar file
1.91 ! schwarze 333: .Op Fl selfsign
1.1 jsing 334: .Op Fl spkac Ar file
335: .Op Fl ss_cert Ar file
336: .Op Fl startdate Ar date
337: .Op Fl status Ar serial
338: .Op Fl subj Ar arg
339: .Op Fl updatedb
1.91 ! schwarze 340: .Op Fl utf8
1.1 jsing 341: .Op Fl verbose
342: .nr nS 0
343: .Pp
344: The
345: .Nm ca
1.35 jmc 346: command is a minimal certificate authority (CA) application.
1.1 jsing 347: It can be used to sign certificate requests in a variety of forms
1.35 jmc 348: and generate certificate revocation lists (CRLs).
1.1 jsing 349: It also maintains a text database of issued certificates and their status.
350: .Pp
1.35 jmc 351: The options relevant to CAs are as follows:
1.1 jsing 352: .Bl -tag -width "XXXX"
353: .It Fl batch
1.41 jmc 354: Batch mode.
1.1 jsing 355: In this mode no questions will be asked
356: and all certificates will be certified automatically.
357: .It Fl cert Ar file
358: The CA certificate file.
359: .It Fl config Ar file
1.72 jmc 360: Specify an alternative configuration file.
1.91 ! schwarze 361: .It Fl create_serial
! 362: If reading the serial from the text file as specified in the
! 363: configuration fails, create a new random serial to be used as the
! 364: next serial number.
1.1 jsing 365: .It Fl days Ar arg
366: The number of days to certify the certificate for.
367: .It Fl enddate Ar date
1.41 jmc 368: Set the expiry date.
1.88 jmc 369: The format of the date is [YY]YYMMDDHHMMSSZ,
370: with all four year digits required for dates from 2050 onwards.
1.1 jsing 371: .It Fl extensions Ar section
372: The section of the configuration file containing certificate extensions
373: to be added when a certificate is issued (defaults to
1.35 jmc 374: .Cm x509_extensions
1.1 jsing 375: unless the
376: .Fl extfile
377: option is used).
378: If no extension section is present, a V1 certificate is created.
379: If the extension section is present
380: .Pq even if it is empty ,
381: then a V3 certificate is created.
1.91 ! schwarze 382: See the
! 383: .Xr x509v3.cnf 5
! 384: manual page for details of the extension section format.
1.1 jsing 385: .It Fl extfile Ar file
386: An additional configuration
387: .Ar file
388: to read certificate extensions from
389: (using the default section unless the
390: .Fl extensions
391: option is also used).
392: .It Fl in Ar file
393: An input
394: .Ar file
395: containing a single certificate request to be signed by the CA.
396: .It Fl infiles
397: If present, this should be the last option; all subsequent arguments
398: are assumed to be the names of files containing certificate requests.
1.91 ! schwarze 399: .It Fl key Ar password
! 400: The
! 401: .Fa password
! 402: used to encrypt the private key.
1.35 jmc 403: Since on some systems the command line arguments are visible,
404: this option should be used with caution.
1.1 jsing 405: .It Fl keyfile Ar file
406: The private key to sign requests with.
1.91 ! schwarze 407: .It Fl keyform Cm pem | der
1.1 jsing 408: Private key file format.
1.91 ! schwarze 409: The default is
! 410: .Cm pem .
1.1 jsing 411: .It Fl md Ar alg
412: The message digest to use.
413: Possible values include
414: .Ar md5
415: and
416: .Ar sha1 .
417: This option also applies to CRLs.
418: .It Fl msie_hack
419: This is a legacy option to make
420: .Nm ca
421: work with very old versions of the IE certificate enrollment control
422: .Qq certenr3 .
423: It used UniversalStrings for almost everything.
424: Since the old control has various security bugs,
425: its use is strongly discouraged.
426: The newer control
427: .Qq Xenroll
428: does not need this option.
1.91 ! schwarze 429: .It Fl multivalue\-rdn
! 430: This option causes the
! 431: .Fl subj
! 432: argument to be interpreted with full support for multivalued RDNs,
! 433: for example
! 434: .Qq "/DC=org/DC=OpenSSL/DC=users/UID=123456+CN=John Doe" .
! 435: If
! 436: .Fl multivalue\-rdn
! 437: is not used, the UID value is set to
! 438: .Qq "123456+CN=John Doe" .
1.1 jsing 439: .It Fl name Ar section
440: Specifies the configuration file
441: .Ar section
442: to use (overrides
443: .Cm default_ca
444: in the
445: .Cm ca
446: section).
447: .It Fl noemailDN
448: The DN of a certificate can contain the EMAIL field if present in the
1.30 mmcc 449: request DN, however it is good policy just having the email set into
1.1 jsing 450: the
1.35 jmc 451: .Cm altName
1.1 jsing 452: extension of the certificate.
453: When this option is set, the EMAIL field is removed from the certificate's
454: subject and set only in the, eventually present, extensions.
455: The
456: .Ar email_in_dn
457: keyword can be used in the configuration file to enable this behaviour.
458: .It Fl notext
459: Don't output the text form of a certificate to the output file.
460: .It Fl out Ar file
461: The output file to output certificates to.
462: The default is standard output.
1.91 ! schwarze 463: The certificate details will also be printed out to this file in
! 464: PEM format, except that
! 465: .Fl spkac
! 466: outputs DER format.
1.1 jsing 467: .It Fl outdir Ar directory
468: The
469: .Ar directory
470: to output certificates to.
471: The certificate will be written to a file consisting of the
472: serial number in hex with
473: .Qq .pem
474: appended.
475: .It Fl passin Ar arg
476: The key password source.
477: .It Fl policy Ar arg
1.41 jmc 478: Define the CA
1.1 jsing 479: .Qq policy
480: to use.
1.35 jmc 481: The policy section in the configuration file
482: consists of a set of variables corresponding to certificate DN fields.
483: The values may be one of
484: .Qq match
485: (the value must match the same field in the CA certificate),
486: .Qq supplied
487: (the value must be present), or
488: .Qq optional
489: (the value may be present).
490: Any fields not mentioned in the policy section
491: are silently deleted, unless the
492: .Fl preserveDN
493: option is set,
494: but this can be regarded more of a quirk than intended behaviour.
1.1 jsing 495: .It Fl preserveDN
496: Normally, the DN order of a certificate is the same as the order of the
497: fields in the relevant policy section.
498: When this option is set, the order is the same as the request.
499: This is largely for compatibility with the older IE enrollment control
500: which would only accept certificates if their DNs matched the order of the
501: request.
502: This is not needed for Xenroll.
1.91 ! schwarze 503: .It Fl selfsign
! 504: Indicates the issued certificates are to be signed with the key the
! 505: certificate requests were signed with, given with
! 506: .Fl keyfile .
! 507: Certificate requests signed with a different key are ignored.
! 508: If
! 509: .Fl gencrl ,
! 510: .Fl spkac ,
! 511: or
! 512: .Fl ss_cert
! 513: are given,
! 514: .Fl selfsign
! 515: is ignored.
! 516: .Pp
! 517: A consequence of using
! 518: .Fl selfsign
! 519: is that the self-signed certificate appears among the entries in
! 520: the certificate database (see the configuration option
! 521: .Cm database )
! 522: and uses the same serial number counter as all other certificates
! 523: signed with the self-signed certificate.
1.1 jsing 524: .It Fl spkac Ar file
525: A file containing a single Netscape signed public key and challenge,
526: and additional field values to be signed by the CA.
1.35 jmc 527: This will usually come from the
528: KEYGEN tag in an HTML form to create a new private key.
529: It is, however, possible to create SPKACs using the
530: .Nm spkac
531: utility.
532: .Pp
533: The file should contain the variable SPKAC set to the value of
534: the SPKAC and also the required DN components as name value pairs.
535: If it's necessary to include the same component twice,
536: then it can be preceded by a number and a
537: .Sq \&. .
1.1 jsing 538: .It Fl ss_cert Ar file
539: A single self-signed certificate to be signed by the CA.
540: .It Fl startdate Ar date
1.41 jmc 541: Set the start date.
1.88 jmc 542: The format of the date is [YY]YYMMDDHHMMSSZ,
543: with all four year digits required for dates from 2050 onwards.
1.91 ! schwarze 544: .It Fl subj Ar arg
! 545: Supersedes the subject name given in the request.
! 546: The
! 547: .Ar arg
! 548: must be formatted as
! 549: .Sm off
! 550: .Pf / Ar type0 Ns = Ar value0 Ns / Ar type 1 Ns = Ar value 1 Ns /
! 551: .Ar type2 Ns = Ar ... ;
! 552: .Sm on
! 553: characters may be escaped by
! 554: .Sq \e
! 555: .Pq backslash ,
! 556: no spaces are skipped.
! 557: .It Fl utf8
! 558: Interpret field values read from a terminal or obtained from a
! 559: configuration file as UTF-8 strings.
! 560: By default, they are interpreted as ASCII.
1.1 jsing 561: .It Fl verbose
1.41 jmc 562: Print extra details about the operations being performed.
1.1 jsing 563: .El
1.35 jmc 564: .Pp
565: The options relevant to CRLs are as follows:
1.1 jsing 566: .Bl -tag -width "XXXX"
567: .It Fl crl_CA_compromise Ar time
568: This is the same as
569: .Fl crl_compromise ,
570: except the revocation reason is set to CACompromise.
571: .It Fl crl_compromise Ar time
1.41 jmc 572: Set the revocation reason to keyCompromise and the compromise time to
1.1 jsing 573: .Ar time .
574: .Ar time
575: should be in GeneralizedTime format, i.e. YYYYMMDDHHMMSSZ.
576: .It Fl crl_hold Ar instruction
1.41 jmc 577: Set the CRL revocation reason code to certificateHold and the hold
1.1 jsing 578: instruction to
579: .Ar instruction
580: which must be an OID.
581: Although any OID can be used, only holdInstructionNone
582: (the use of which is discouraged by RFC 2459), holdInstructionCallIssuer or
583: holdInstructionReject will normally be used.
584: .It Fl crl_reason Ar reason
585: Revocation reason, where
586: .Ar reason
587: is one of:
588: unspecified, keyCompromise, CACompromise, affiliationChanged, superseded,
589: cessationOfOperation, certificateHold or removeFromCRL.
590: The matching of
591: .Ar reason
592: is case insensitive.
593: Setting any revocation reason will make the CRL v2.
594: In practice, removeFromCRL is not particularly useful because it is only used
595: in delta CRLs which are not currently implemented.
596: .It Fl crldays Ar num
597: The number of days before the next CRL is due.
598: This is the days from now to place in the CRL
1.35 jmc 599: .Cm nextUpdate
1.1 jsing 600: field.
601: .It Fl crlexts Ar section
602: The
603: .Ar section
604: of the configuration file containing CRL extensions to include.
605: If no CRL extension section is present then a V1 CRL is created;
606: if the CRL extension section is present
1.81 jmc 607: (even if it is empty)
1.1 jsing 608: then a V2 CRL is created.
1.81 jmc 609: The CRL extensions specified are CRL extensions and not CRL entry extensions.
610: It should be noted that some software can't handle V2 CRLs.
1.91 ! schwarze 611: See the
! 612: .Xr x509v3.cnf 5
! 613: manual page for details of the extension section format.
1.1 jsing 614: .It Fl crlhours Ar num
615: The number of hours before the next CRL is due.
616: .It Fl gencrl
1.41 jmc 617: Generate a CRL based on information in the index file.
1.1 jsing 618: .It Fl revoke Ar file
619: A
620: .Ar file
621: containing a certificate to revoke.
1.91 ! schwarze 622: .It Fl status Ar serial
! 623: Show the status of the certificate with serial number
! 624: .Ar serial .
! 625: .It Fl updatedb
! 626: Update the database index to purge expired certificates.
1.1 jsing 627: .El
628: .Pp
1.35 jmc 629: Many of the options can be set in the
630: .Cm ca
631: section of the configuration file
632: (or in the default section of the configuration file),
633: specified using
634: .Cm default_ca
635: or
636: .Fl name .
637: The options
638: .Cm preserve
639: and
640: .Cm msie_hack
641: are read directly from the
642: .Cm ca
643: section.
1.1 jsing 644: .Pp
645: Many of the configuration file options are identical to command line
646: options.
647: Where the option is present in the configuration file and the command line,
648: the command line value is used.
649: Where an option is described as mandatory, then it must be present in
650: the configuration file or the command line equivalent
651: .Pq if any
652: used.
653: .Bl -tag -width "XXXX"
1.35 jmc 654: .It Cm certificate
1.1 jsing 655: The same as
656: .Fl cert .
657: It gives the file containing the CA certificate.
658: Mandatory.
1.35 jmc 659: .It Cm copy_extensions
1.1 jsing 660: Determines how extensions in certificate requests should be handled.
661: If set to
1.35 jmc 662: .Cm none
1.1 jsing 663: or this option is not present, then extensions are
664: ignored and not copied to the certificate.
665: If set to
1.35 jmc 666: .Cm copy ,
1.1 jsing 667: then any extensions present in the request that are not already present
668: are copied to the certificate.
669: If set to
1.35 jmc 670: .Cm copyall ,
1.1 jsing 671: then all extensions in the request are copied to the certificate:
672: if the extension is already present in the certificate it is deleted first.
1.35 jmc 673: .Pp
674: The
675: .Cm copy_extensions
676: option should be used with caution.
677: If care is not taken, it can be a security risk.
678: For example, if a certificate request contains a
679: .Cm basicConstraints
680: extension with CA:TRUE and the
681: .Cm copy_extensions
682: value is set to
683: .Cm copyall
684: and the user does not spot
1.91 ! schwarze 685: this when the certificate is displayed, then this will hand the requester
1.35 jmc 686: a valid CA certificate.
687: .Pp
688: This situation can be avoided by setting
689: .Cm copy_extensions
690: to
691: .Cm copy
692: and including
693: .Cm basicConstraints
694: with CA:FALSE in the configuration file.
695: Then if the request contains a
696: .Cm basicConstraints
697: extension, it will be ignored.
1.1 jsing 698: .Pp
699: The main use of this option is to allow a certificate request to supply
700: values for certain extensions such as
1.35 jmc 701: .Cm subjectAltName .
702: .It Cm crl_extensions
1.1 jsing 703: The same as
704: .Fl crlexts .
1.35 jmc 705: .It Cm crlnumber
1.1 jsing 706: A text file containing the next CRL number to use in hex.
707: The CRL number will be inserted in the CRLs only if this file exists.
708: If this file is present, it must contain a valid CRL number.
1.35 jmc 709: .It Cm database
1.1 jsing 710: The text database file to use.
711: Mandatory.
712: This file must be present, though initially it will be empty.
1.35 jmc 713: .It Cm default_crl_hours , default_crl_days
1.1 jsing 714: The same as the
715: .Fl crlhours
716: and
717: .Fl crldays
718: options.
719: These will only be used if neither command line option is present.
720: At least one of these must be present to generate a CRL.
1.35 jmc 721: .It Cm default_days
1.1 jsing 722: The same as the
723: .Fl days
724: option.
725: The number of days to certify a certificate for.
1.35 jmc 726: .It Cm default_enddate
1.1 jsing 727: The same as the
728: .Fl enddate
729: option.
730: Either this option or
1.35 jmc 731: .Cm default_days
1.1 jsing 732: .Pq or the command line equivalents
733: must be present.
1.35 jmc 734: .It Cm default_md
1.1 jsing 735: The same as the
736: .Fl md
737: option.
738: The message digest to use.
739: Mandatory.
1.35 jmc 740: .It Cm default_startdate
1.1 jsing 741: The same as the
742: .Fl startdate
743: option.
744: The start date to certify a certificate for.
745: If not set, the current time is used.
1.35 jmc 746: .It Cm email_in_dn
1.1 jsing 747: The same as
748: .Fl noemailDN .
749: If the EMAIL field is to be removed from the DN of the certificate,
750: simply set this to
751: .Qq no .
752: If not present, the default is to allow for the EMAIL field in the
753: certificate's DN.
1.35 jmc 754: .It Cm msie_hack
1.1 jsing 755: The same as
756: .Fl msie_hack .
1.35 jmc 757: .It Cm name_opt , cert_opt
1.1 jsing 758: These options allow the format used to display the certificate details
759: when asking the user to confirm signing.
760: All the options supported by the
761: .Nm x509
762: utilities'
763: .Fl nameopt
764: and
765: .Fl certopt
766: switches can be used here, except that
1.35 jmc 767: .Cm no_signame
1.1 jsing 768: and
1.35 jmc 769: .Cm no_sigdump
1.1 jsing 770: are permanently set and cannot be disabled
771: (this is because the certificate signature cannot be displayed because
772: the certificate has not been signed at this point).
773: .Pp
774: For convenience, the value
1.35 jmc 775: .Cm ca_default
1.1 jsing 776: is accepted by both to produce a reasonable output.
777: .Pp
778: If neither option is present, the format used in earlier versions of
1.35 jmc 779: .Nm openssl
1.1 jsing 780: is used.
1.81 jmc 781: Use of the old format is strongly discouraged
782: because it only displays fields mentioned in the
1.35 jmc 783: .Cm policy
1.1 jsing 784: section,
785: mishandles multicharacter string types and does not display extensions.
1.35 jmc 786: .It Cm new_certs_dir
1.1 jsing 787: The same as the
788: .Fl outdir
789: command line option.
790: It specifies the directory where new certificates will be placed.
791: Mandatory.
1.35 jmc 792: .It Cm oid_file
1.1 jsing 793: This specifies a file containing additional object identifiers.
794: Each line of the file should consist of the numerical form of the
795: object identifier followed by whitespace, then the short name followed
796: by whitespace and finally the long name.
1.35 jmc 797: .It Cm oid_section
1.1 jsing 798: This specifies a section in the configuration file containing extra
799: object identifiers.
800: Each line should consist of the short name of the object identifier
801: followed by
802: .Sq =
803: and the numerical form.
804: The short and long names are the same when this option is used.
1.35 jmc 805: .It Cm policy
1.1 jsing 806: The same as
807: .Fl policy .
808: Mandatory.
1.35 jmc 809: .It Cm preserve
1.1 jsing 810: The same as
811: .Fl preserveDN .
1.35 jmc 812: .It Cm private_key
1.1 jsing 813: Same as the
814: .Fl keyfile
815: option.
816: The file containing the CA private key.
817: Mandatory.
1.35 jmc 818: .It Cm serial
1.1 jsing 819: A text file containing the next serial number to use in hex.
820: Mandatory.
821: This file must be present and contain a valid serial number.
1.35 jmc 822: .It Cm unique_subject
1.1 jsing 823: If the value
1.35 jmc 824: .Cm yes
1.1 jsing 825: is given, the valid certificate entries in the
826: database must have unique subjects.
827: If the value
1.35 jmc 828: .Cm no
1.1 jsing 829: is given,
830: several valid certificate entries may have the exact same subject.
831: The default value is
1.35 jmc 832: .Cm yes .
833: .It Cm x509_extensions
1.1 jsing 834: The same as
835: .Fl extensions .
836: .El
837: .Sh CIPHERS
838: .Nm openssl ciphers
839: .Op Fl hVv
1.18 jmc 840: .Op Fl tls1
1.1 jsing 841: .Op Ar cipherlist
842: .Pp
843: The
844: .Nm ciphers
845: command converts
1.36 jmc 846: .Nm openssl
1.1 jsing 847: cipher lists into ordered SSL cipher preference lists.
1.41 jmc 848: It can be used as a way to determine the appropriate cipher list.
1.1 jsing 849: .Pp
850: The options are as follows:
851: .Bl -tag -width Ds
852: .It Fl h , \&?
853: Print a brief usage message.
854: .It Fl tls1
855: Only include TLS v1 ciphers.
856: .It Fl V
1.36 jmc 857: Verbose.
858: List ciphers with a complete description of protocol version,
859: key exchange, authentication, encryption and mac algorithms,
860: any key size restrictions,
861: and cipher suite codes (hex format).
862: .It Fl v
1.1 jsing 863: Like
1.36 jmc 864: .Fl V ,
865: but without cipher suite codes.
1.1 jsing 866: .It Ar cipherlist
867: A cipher list to convert to a cipher preference list.
868: If it is not included, the default cipher list will be used.
1.36 jmc 869: .Pp
870: The cipher list consists of one or more cipher strings
1.1 jsing 871: separated by colons.
872: Commas or spaces are also acceptable separators, but colons are normally used.
873: .Pp
1.36 jmc 874: The actual cipher string can take several different forms:
1.1 jsing 875: .Pp
1.36 jmc 876: It can consist of a single cipher suite, such as RC4-SHA.
1.1 jsing 877: .Pp
878: It can represent a list of cipher suites containing a certain algorithm,
879: or cipher suites of a certain type.
1.36 jmc 880: For example SHA1 represents all cipher suites using the digest algorithm SHA1.
881: .Pp
882: Lists of cipher suites can be combined in a single cipher string using the
1.1 jsing 883: .Sq +
1.36 jmc 884: character
885: (logical AND operation).
886: For example, SHA1+DES represents all cipher suites
887: containing the SHA1 and DES algorithms.
1.1 jsing 888: .Pp
889: Each cipher string can be optionally preceded by the characters
890: .Sq \&! ,
891: .Sq - ,
892: or
893: .Sq + .
894: If
895: .Sq !\&
896: is used, then the ciphers are permanently deleted from the list.
897: The ciphers deleted can never reappear in the list even if they are
898: explicitly stated.
899: If
900: .Sq -
901: is used, then the ciphers are deleted from the list, but some or
902: all of the ciphers can be added again by later options.
903: If
904: .Sq +
905: is used, then the ciphers are moved to the end of the list.
906: This option doesn't add any new ciphers, it just moves matching existing ones.
907: .Pp
908: If none of these characters is present, the string is just interpreted
909: as a list of ciphers to be appended to the current preference list.
910: If the list includes any ciphers already present, they will be ignored;
911: that is, they will not be moved to the end of the list.
912: .Pp
913: Additionally, the cipher string
1.36 jmc 914: .Cm @STRENGTH
1.1 jsing 915: can be used at any point to sort the current cipher list in order of
916: encryption algorithm key length.
1.36 jmc 917: .El
918: .Pp
1.1 jsing 919: The following is a list of all permitted cipher strings and their meanings.
920: .Bl -tag -width "XXXX"
1.36 jmc 921: .It Cm DEFAULT
1.1 jsing 922: The default cipher list.
923: This is determined at compile time and is currently
1.36 jmc 924: .Cm ALL:!aNULL:!eNULL:!SSLv2 .
925: This must be the first cipher string specified.
926: .It Cm COMPLEMENTOFDEFAULT
1.1 jsing 927: The ciphers included in
1.36 jmc 928: .Cm ALL ,
1.1 jsing 929: but not enabled by default.
930: Currently this is
1.36 jmc 931: .Cm ADH .
1.1 jsing 932: Note that this rule does not cover
1.36 jmc 933: .Cm eNULL ,
1.1 jsing 934: which is not included by
1.36 jmc 935: .Cm ALL
1.1 jsing 936: (use
1.36 jmc 937: .Cm COMPLEMENTOFALL
1.1 jsing 938: if necessary).
1.36 jmc 939: .It Cm ALL
1.1 jsing 940: All cipher suites except the
1.36 jmc 941: .Cm eNULL
942: ciphers, which must be explicitly enabled.
943: .It Cm COMPLEMENTOFALL
1.1 jsing 944: The cipher suites not enabled by
1.36 jmc 945: .Cm ALL ,
1.1 jsing 946: currently being
1.36 jmc 947: .Cm eNULL .
948: .It Cm HIGH
1.1 jsing 949: .Qq High
950: encryption cipher suites.
951: This currently means those with key lengths larger than 128 bits.
1.36 jmc 952: .It Cm MEDIUM
1.1 jsing 953: .Qq Medium
954: encryption cipher suites, currently those using 128-bit encryption.
1.36 jmc 955: .It Cm LOW
1.1 jsing 956: .Qq Low
957: encryption cipher suites, currently those using 64- or 56-bit encryption
1.9 lteo 958: algorithms.
1.36 jmc 959: .It Cm eNULL , NULL
1.1 jsing 960: The
961: .Qq NULL
962: ciphers; that is, those offering no encryption.
963: Because these offer no encryption at all and are a security risk,
964: they are disabled unless explicitly included.
1.36 jmc 965: .It Cm aNULL
1.1 jsing 966: The cipher suites offering no authentication.
967: This is currently the anonymous DH algorithms.
968: These cipher suites are vulnerable to a
969: .Qq man in the middle
970: attack, so their use is normally discouraged.
1.36 jmc 971: .It Cm kRSA , RSA
1.1 jsing 972: Cipher suites using RSA key exchange.
1.36 jmc 973: .It Cm kEDH
1.1 jsing 974: Cipher suites using ephemeral DH key agreement.
1.36 jmc 975: .It Cm aRSA
1.1 jsing 976: Cipher suites using RSA authentication, i.e. the certificates carry RSA keys.
1.36 jmc 977: .It Cm aDSS , DSS
1.1 jsing 978: Cipher suites using DSS authentication, i.e. the certificates carry DSS keys.
1.36 jmc 979: .It Cm TLSv1
1.18 jmc 980: TLS v1.0 cipher suites.
1.36 jmc 981: .It Cm DH
1.1 jsing 982: Cipher suites using DH, including anonymous DH.
1.36 jmc 983: .It Cm ADH
1.1 jsing 984: Anonymous DH cipher suites.
1.36 jmc 985: .It Cm AES
1.1 jsing 986: Cipher suites using AES.
1.36 jmc 987: .It Cm 3DES
1.1 jsing 988: Cipher suites using triple DES.
1.36 jmc 989: .It Cm DES
1.1 jsing 990: Cipher suites using DES
991: .Pq not triple DES .
1.36 jmc 992: .It Cm RC4
1.1 jsing 993: Cipher suites using RC4.
1.36 jmc 994: .It Cm CAMELLIA
1.9 lteo 995: Cipher suites using Camellia.
1.36 jmc 996: .It Cm CHACHA20
1.9 lteo 997: Cipher suites using ChaCha20.
1.36 jmc 998: .It Cm IDEA
1.9 lteo 999: Cipher suites using IDEA.
1.36 jmc 1000: .It Cm MD5
1.1 jsing 1001: Cipher suites using MD5.
1.36 jmc 1002: .It Cm SHA1 , SHA
1.1 jsing 1003: Cipher suites using SHA1.
1004: .El
1005: .Sh CRL
1006: .nr nS 1
1007: .Nm "openssl crl"
1008: .Op Fl CAfile Ar file
1009: .Op Fl CApath Ar dir
1010: .Op Fl fingerprint
1011: .Op Fl hash
1012: .Op Fl in Ar file
1.38 jmc 1013: .Op Fl inform Cm der | pem
1.1 jsing 1014: .Op Fl issuer
1015: .Op Fl lastupdate
1016: .Op Fl nextupdate
1017: .Op Fl noout
1018: .Op Fl out Ar file
1.38 jmc 1019: .Op Fl outform Cm der | pem
1.1 jsing 1020: .Op Fl text
1021: .nr nS 0
1022: .Pp
1023: The
1024: .Nm crl
1025: command processes CRL files in DER or PEM format.
1.37 jmc 1026: .Pp
1.1 jsing 1027: The options are as follows:
1028: .Bl -tag -width Ds
1029: .It Fl CAfile Ar file
1030: Verify the signature on a CRL by looking up the issuing certificate in
1031: .Ar file .
1032: .It Fl CApath Ar directory
1033: Verify the signature on a CRL by looking up the issuing certificate in
1034: .Ar dir .
1035: This directory must be a standard certificate directory,
1036: i.e. a hash of each subject name (using
1037: .Cm x509 Fl hash )
1038: should be linked to each certificate.
1039: .It Fl fingerprint
1040: Print the CRL fingerprint.
1041: .It Fl hash
1042: Output a hash of the issuer name.
1043: This can be used to look up CRLs in a directory by issuer name.
1044: .It Fl in Ar file
1.37 jmc 1045: The input file to read from, or standard input if not specified.
1.38 jmc 1046: .It Fl inform Cm der | pem
1.37 jmc 1047: The input format.
1.1 jsing 1048: .It Fl issuer
1049: Output the issuer name.
1050: .It Fl lastupdate
1051: Output the
1.37 jmc 1052: .Cm lastUpdate
1.1 jsing 1053: field.
1054: .It Fl nextupdate
1055: Output the
1.37 jmc 1056: .Cm nextUpdate
1.1 jsing 1057: field.
1058: .It Fl noout
1.46 jmc 1059: Do not output the encoded version of the CRL.
1.1 jsing 1060: .It Fl out Ar file
1.37 jmc 1061: The output file to write to, or standard output if not specified.
1.38 jmc 1062: .It Fl outform Cm der | pem
1.37 jmc 1063: The output format.
1.1 jsing 1064: .It Fl text
1.64 jmc 1065: Print the CRL in plain text.
1.1 jsing 1066: .El
1067: .Sh CRL2PKCS7
1068: .nr nS 1
1069: .Nm "openssl crl2pkcs7"
1070: .Op Fl certfile Ar file
1071: .Op Fl in Ar file
1.40 jmc 1072: .Op Fl inform Cm der | pem
1.1 jsing 1073: .Op Fl nocrl
1074: .Op Fl out Ar file
1.40 jmc 1075: .Op Fl outform Cm der | pem
1.1 jsing 1076: .nr nS 0
1077: .Pp
1078: The
1079: .Nm crl2pkcs7
1080: command takes an optional CRL and one or more
1081: certificates and converts them into a PKCS#7 degenerate
1082: .Qq certificates only
1083: structure.
1084: .Pp
1085: The options are as follows:
1086: .Bl -tag -width Ds
1087: .It Fl certfile Ar file
1.40 jmc 1088: Add the certificates in PEM
1.1 jsing 1089: .Ar file
1.40 jmc 1090: to the PKCS#7 structure.
1091: This option can be used more than once
1092: to read certificates from multiple files.
1.1 jsing 1093: .It Fl in Ar file
1.40 jmc 1094: Read the CRL from
1095: .Ar file ,
1096: or standard input if not specified.
1097: .It Fl inform Cm der | pem
1.64 jmc 1098: The input format.
1.1 jsing 1099: .It Fl nocrl
1100: Normally, a CRL is included in the output file.
1101: With this option, no CRL is
1102: included in the output file and a CRL is not read from the input file.
1103: .It Fl out Ar file
1.40 jmc 1104: Write the PKCS#7 structure to
1105: .Ar file ,
1106: or standard output if not specified.
1107: .It Fl outform Cm der | pem
1.64 jmc 1108: The output format.
1.1 jsing 1109: .El
1110: .Sh DGST
1111: .nr nS 1
1112: .Nm "openssl dgst"
1.43 jmc 1113: .Op Fl cd
1.1 jsing 1114: .Op Fl binary
1.43 jmc 1115: .Op Fl Ar digest
1.1 jsing 1116: .Op Fl hex
1117: .Op Fl hmac Ar key
1.43 jmc 1118: .Op Fl keyform Cm pem
1.1 jsing 1119: .Op Fl mac Ar algorithm
1120: .Op Fl macopt Ar nm : Ns Ar v
1121: .Op Fl out Ar file
1122: .Op Fl passin Ar arg
1123: .Op Fl prverify Ar file
1124: .Op Fl sign Ar file
1125: .Op Fl signature Ar file
1126: .Op Fl sigopt Ar nm : Ns Ar v
1127: .Op Fl verify Ar file
1128: .Op Ar
1129: .nr nS 0
1130: .Pp
1131: The digest functions output the message digest of a supplied
1132: .Ar file
1133: or
1134: .Ar files
1135: in hexadecimal form.
1136: They can also be used for digital signing and verification.
1137: .Pp
1138: The options are as follows:
1139: .Bl -tag -width Ds
1140: .It Fl binary
1141: Output the digest or signature in binary form.
1142: .It Fl c
1.48 jmc 1143: Print the digest in two-digit groups separated by colons.
1.1 jsing 1144: .It Fl d
1.48 jmc 1145: Print BIO debugging information.
1.43 jmc 1146: .It Fl Ar digest
1147: Use the specified message
1148: .Ar digest .
1149: The default is MD5.
1150: The available digests can be displayed using
1151: .Nm openssl
1152: .Cm list-message-digest-commands .
1153: The following are equivalent:
1154: .Nm openssl dgst
1155: .Fl md5
1156: and
1157: .Nm openssl
1158: .Cm md5 .
1.1 jsing 1159: .It Fl hex
1160: Digest is to be output as a hex dump.
1161: This is the default case for a
1162: .Qq normal
1163: digest as opposed to a digital signature.
1164: .It Fl hmac Ar key
1165: Create a hashed MAC using
1166: .Ar key .
1.43 jmc 1167: .It Fl keyform Cm pem
1.1 jsing 1168: Specifies the key format to sign the digest with.
1169: .It Fl mac Ar algorithm
1170: Create a keyed Message Authentication Code (MAC).
1171: The most popular MAC algorithm is HMAC (hash-based MAC),
1172: but there are other MAC algorithms which are not based on hash.
1173: MAC keys and other options should be set via the
1174: .Fl macopt
1175: parameter.
1176: .It Fl macopt Ar nm : Ns Ar v
1177: Passes options to the MAC algorithm, specified by
1178: .Fl mac .
1179: The following options are supported by HMAC:
1180: .Bl -tag -width Ds
1.43 jmc 1181: .It Cm key : Ns Ar string
1.1 jsing 1182: Specifies the MAC key as an alphanumeric string
1183: (use if the key contain printable characters only).
1184: String length must conform to any restrictions of the MAC algorithm.
1.43 jmc 1185: .It Cm hexkey : Ns Ar string
1.1 jsing 1186: Specifies the MAC key in hexadecimal form (two hex digits per byte).
1187: Key length must conform to any restrictions of the MAC algorithm.
1188: .El
1189: .It Fl out Ar file
1.43 jmc 1190: The output file to write to,
1191: or standard output if not specified.
1.1 jsing 1192: .It Fl passin Ar arg
1193: The key password source.
1194: .It Fl prverify Ar file
1195: Verify the signature using the private key in
1196: .Ar file .
1197: The output is either
1198: .Qq Verification OK
1199: or
1200: .Qq Verification Failure .
1201: .It Fl sign Ar file
1202: Digitally sign the digest using the private key in
1203: .Ar file .
1204: .It Fl signature Ar file
1205: The actual signature to verify.
1206: .It Fl sigopt Ar nm : Ns Ar v
1207: Pass options to the signature algorithm during sign or verify operations.
1208: The names and values of these options are algorithm-specific.
1209: .It Fl verify Ar file
1210: Verify the signature using the public key in
1211: .Ar file .
1212: The output is either
1213: .Qq Verification OK
1214: or
1215: .Qq Verification Failure .
1216: .It Ar
1217: File or files to digest.
1218: If no files are specified then standard input is used.
1219: .El
1220: .Sh DHPARAM
1221: .nr nS 1
1222: .Nm "openssl dhparam"
1223: .Op Fl 2 | 5
1224: .Op Fl C
1225: .Op Fl check
1226: .Op Fl dsaparam
1227: .Op Fl in Ar file
1.44 jmc 1228: .Op Fl inform Cm der | pem
1.1 jsing 1229: .Op Fl noout
1230: .Op Fl out Ar file
1.44 jmc 1231: .Op Fl outform Cm der | pem
1.1 jsing 1232: .Op Fl text
1233: .Op Ar numbits
1234: .nr nS 0
1235: .Pp
1236: The
1237: .Nm dhparam
1238: command is used to manipulate DH parameter files.
1.44 jmc 1239: Only the older PKCS#3 DH is supported,
1240: not the newer X9.42 DH.
1.1 jsing 1241: .Pp
1242: The options are as follows:
1243: .Bl -tag -width Ds
1244: .It Fl 2 , 5
1.44 jmc 1245: The generator to use;
1.1 jsing 1246: 2 is the default.
1247: If present, the input file is ignored and parameters are generated instead.
1248: .It Fl C
1.44 jmc 1249: Convert the parameters into C code.
1.1 jsing 1250: The parameters can then be loaded by calling the
1.44 jmc 1251: .No get_dh Ns Ar numbits
1.1 jsing 1252: function.
1253: .It Fl check
1254: Check the DH parameters.
1255: .It Fl dsaparam
1.44 jmc 1256: Read or create DSA parameters,
1257: converted to DH format on output.
1.1 jsing 1258: Otherwise,
1259: .Qq strong
1260: primes
1261: .Pq such that (p-1)/2 is also prime
1262: will be used for DH parameter generation.
1263: .Pp
1264: DH parameter generation with the
1265: .Fl dsaparam
1266: option is much faster,
1267: and the recommended exponent length is shorter,
1268: which makes DH key exchange more efficient.
1269: Beware that with such DSA-style DH parameters,
1270: a fresh DH key should be created for each use to
1271: avoid small-subgroup attacks that may be possible otherwise.
1272: .It Fl in Ar file
1.44 jmc 1273: The input file to read from,
1274: or standard input if not specified.
1275: .It Fl inform Cm der | pem
1276: The input format.
1.1 jsing 1277: .It Fl noout
1.46 jmc 1278: Do not output the encoded version of the parameters.
1.44 jmc 1279: .It Fl out Ar file
1280: The output file to write to,
1281: or standard output if not specified.
1282: .It Fl outform Cm der | pem
1283: The output format.
1284: .It Fl text
1.64 jmc 1285: Print the DH parameters in plain text.
1.1 jsing 1286: .It Ar numbits
1.44 jmc 1287: Generate a parameter set of size
1.1 jsing 1288: .Ar numbits .
1289: It must be the last option.
1.16 sthen 1290: If not present, a value of 2048 is used.
1.1 jsing 1291: If this value is present, the input file is ignored and
1292: parameters are generated instead.
1293: .El
1294: .Sh DSA
1295: .nr nS 1
1296: .Nm "openssl dsa"
1297: .Oo
1298: .Fl aes128 | aes192 | aes256 |
1299: .Fl des | des3
1300: .Oc
1301: .Op Fl in Ar file
1.45 jmc 1302: .Op Fl inform Cm der | pem
1.1 jsing 1303: .Op Fl modulus
1304: .Op Fl noout
1305: .Op Fl out Ar file
1.45 jmc 1306: .Op Fl outform Cm der | pem
1.1 jsing 1307: .Op Fl passin Ar arg
1308: .Op Fl passout Ar arg
1309: .Op Fl pubin
1310: .Op Fl pubout
1311: .Op Fl text
1312: .nr nS 0
1313: .Pp
1314: The
1315: .Nm dsa
1316: command processes DSA keys.
1317: They can be converted between various forms and their components printed out.
1318: .Pp
1319: .Sy Note :
1320: This command uses the traditional
1321: .Nm SSLeay
1322: compatible format for private key encryption:
1323: newer applications should use the more secure PKCS#8 format using the
1324: .Nm pkcs8
1325: command.
1326: .Pp
1327: The options are as follows:
1328: .Bl -tag -width Ds
1329: .It Xo
1330: .Fl aes128 | aes192 | aes256 |
1331: .Fl des | des3
1332: .Xc
1.45 jmc 1333: Encrypt the private key with the AES, DES, or the triple DES
1.1 jsing 1334: ciphers, respectively, before outputting it.
1335: A pass phrase is prompted for.
1.45 jmc 1336: If none of these options are specified, the key is written in plain text.
1.1 jsing 1337: This means that using the
1338: .Nm dsa
1.45 jmc 1339: utility to read an encrypted key with no encryption option can be used to
1.1 jsing 1340: remove the pass phrase from a key,
1.45 jmc 1341: or by setting the encryption options it can be used to add or change
1.1 jsing 1342: the pass phrase.
1343: These options can only be used with PEM format output files.
1344: .It Fl in Ar file
1.45 jmc 1345: The input file to read from,
1346: or standard input if not specified.
1.1 jsing 1347: If the key is encrypted, a pass phrase will be prompted for.
1.45 jmc 1348: .It Fl inform Cm der | pem
1349: The input format.
1.1 jsing 1350: .It Fl modulus
1.45 jmc 1351: Print the value of the public key component of the key.
1.1 jsing 1352: .It Fl noout
1.46 jmc 1353: Do not output the encoded version of the key.
1.1 jsing 1354: .It Fl out Ar file
1.45 jmc 1355: The output file to write to,
1356: or standard output if not specified.
1.1 jsing 1357: If any encryption options are set then a pass phrase will be
1358: prompted for.
1.45 jmc 1359: .It Fl outform Cm der | pem
1360: The output format.
1.1 jsing 1361: .It Fl passin Ar arg
1362: The key password source.
1363: .It Fl passout Ar arg
1364: The output file password source.
1365: .It Fl pubin
1.60 jmc 1366: Read in a public key, not a private key.
1.1 jsing 1367: .It Fl pubout
1.60 jmc 1368: Output a public key, not a private key.
1369: Automatically set if the input is a public key.
1.1 jsing 1370: .It Fl text
1.64 jmc 1371: Print the public/private key in plain text.
1.1 jsing 1372: .El
1373: .Sh DSAPARAM
1374: .nr nS 1
1375: .Nm "openssl dsaparam"
1376: .Op Fl C
1377: .Op Fl genkey
1378: .Op Fl in Ar file
1.46 jmc 1379: .Op Fl inform Cm der | pem
1.1 jsing 1380: .Op Fl noout
1381: .Op Fl out Ar file
1.46 jmc 1382: .Op Fl outform Cm der | pem
1.1 jsing 1383: .Op Fl text
1384: .Op Ar numbits
1385: .nr nS 0
1386: .Pp
1387: The
1388: .Nm dsaparam
1389: command is used to manipulate or generate DSA parameter files.
1390: .Pp
1391: The options are as follows:
1392: .Bl -tag -width Ds
1393: .It Fl C
1.46 jmc 1394: Convert the parameters into C code.
1.1 jsing 1395: The parameters can then be loaded by calling the
1.46 jmc 1396: .No get_dsa Ns Ar XXX
1.1 jsing 1397: function.
1398: .It Fl genkey
1.46 jmc 1399: Generate a DSA key either using the specified or generated
1.1 jsing 1400: parameters.
1401: .It Fl in Ar file
1.46 jmc 1402: The input file to read from,
1403: or standard input if not specified.
1.1 jsing 1404: If the
1405: .Ar numbits
1.46 jmc 1406: parameter is included, then this option is ignored.
1407: .It Fl inform Cm der | pem
1408: The input format.
1.1 jsing 1409: .It Fl noout
1.46 jmc 1410: Do not output the encoded version of the parameters.
1411: .It Fl out Ar file
1412: The output file to write to,
1413: or standard output if not specified.
1414: .It Fl outform Cm der | pem
1415: The output format.
1416: .It Fl text
1.64 jmc 1417: Print the DSA parameters in plain text.
1.1 jsing 1418: .It Ar numbits
1.46 jmc 1419: Generate a parameter set of size
1.1 jsing 1420: .Ar numbits .
1.46 jmc 1421: If this option is included, the input file is ignored.
1.1 jsing 1422: .El
1423: .Sh EC
1424: .nr nS 1
1425: .Nm "openssl ec"
1426: .Op Fl conv_form Ar arg
1427: .Op Fl des
1428: .Op Fl des3
1429: .Op Fl in Ar file
1.47 jmc 1430: .Op Fl inform Cm der | pem
1.1 jsing 1431: .Op Fl noout
1432: .Op Fl out Ar file
1.47 jmc 1433: .Op Fl outform Cm der | pem
1.1 jsing 1434: .Op Fl param_enc Ar arg
1435: .Op Fl param_out
1436: .Op Fl passin Ar arg
1437: .Op Fl passout Ar arg
1438: .Op Fl pubin
1439: .Op Fl pubout
1440: .Op Fl text
1441: .nr nS 0
1442: .Pp
1443: The
1444: .Nm ec
1445: command processes EC keys.
1446: They can be converted between various
1447: forms and their components printed out.
1.47 jmc 1448: .Nm openssl
1.1 jsing 1449: uses the private key format specified in
1450: .Dq SEC 1: Elliptic Curve Cryptography
1451: .Pq Lk http://www.secg.org/ .
1452: To convert an
1453: EC private key into the PKCS#8 private key format use the
1454: .Nm pkcs8
1455: command.
1456: .Pp
1457: The options are as follows:
1458: .Bl -tag -width Ds
1459: .It Fl conv_form Ar arg
1.47 jmc 1460: Specify how the points on the elliptic curve are converted
1.1 jsing 1461: into octet strings.
1462: Possible values are:
1463: .Cm compressed
1.47 jmc 1464: (the default),
1.1 jsing 1465: .Cm uncompressed ,
1466: and
1467: .Cm hybrid .
1468: For more information regarding
1.47 jmc 1469: the point conversion forms see the X9.62 standard.
1.1 jsing 1470: Note:
1471: Due to patent issues the
1472: .Cm compressed
1473: option is disabled by default for binary curves
1474: and can be enabled by defining the preprocessor macro
1.47 jmc 1475: .Dv OPENSSL_EC_BIN_PT_COMP
1.1 jsing 1476: at compile time.
1477: .It Fl des | des3
1.47 jmc 1478: Encrypt the private key with DES, triple DES, or
1.1 jsing 1479: any other cipher supported by
1.47 jmc 1480: .Nm openssl .
1.1 jsing 1481: A pass phrase is prompted for.
1482: If none of these options is specified the key is written in plain text.
1483: This means that using the
1484: .Nm ec
1485: utility to read in an encrypted key with no
1486: encryption option can be used to remove the pass phrase from a key,
1487: or by setting the encryption options
1.83 naddy 1488: it can be used to add or change the pass phrase.
1.1 jsing 1489: These options can only be used with PEM format output files.
1490: .It Fl in Ar file
1.47 jmc 1491: The input file to read a key from,
1492: or standard input if not specified.
1.1 jsing 1493: If the key is encrypted a pass phrase will be prompted for.
1.47 jmc 1494: .It Fl inform Cm der | pem
1495: The input format.
1.1 jsing 1496: .It Fl noout
1.47 jmc 1497: Do not output the encoded version of the key.
1.1 jsing 1498: .It Fl out Ar file
1.47 jmc 1499: The output filename to write to,
1500: or standard output if not specified.
1.1 jsing 1501: If any encryption options are set then a pass phrase will be prompted for.
1.47 jmc 1502: .It Fl outform Cm der | pem
1503: The output format.
1.1 jsing 1504: .It Fl param_enc Ar arg
1.47 jmc 1505: Specify how the elliptic curve parameters are encoded.
1.1 jsing 1506: Possible value are:
1507: .Cm named_curve ,
1508: i.e. the EC parameters are specified by an OID; or
1509: .Cm explicit ,
1510: where the EC parameters are explicitly given
1511: (see RFC 3279 for the definition of the EC parameter structures).
1512: The default value is
1513: .Cm named_curve .
1514: Note: the
1515: .Cm implicitlyCA
1516: alternative,
1517: as specified in RFC 3279,
1.47 jmc 1518: is currently not implemented.
1.1 jsing 1519: .It Fl passin Ar arg
1520: The key password source.
1521: .It Fl passout Ar arg
1522: The output file password source.
1523: .It Fl pubin
1.60 jmc 1524: Read in a public key, not a private key.
1.1 jsing 1525: .It Fl pubout
1.60 jmc 1526: Output a public key, not a private key.
1527: Automatically set if the input is a public key.
1.1 jsing 1528: .It Fl text
1.64 jmc 1529: Print the public/private key in plain text.
1.1 jsing 1530: .El
1531: .Sh ECPARAM
1532: .nr nS 1
1533: .Nm "openssl ecparam"
1534: .Op Fl C
1535: .Op Fl check
1536: .Op Fl conv_form Ar arg
1537: .Op Fl genkey
1538: .Op Fl in Ar file
1.48 jmc 1539: .Op Fl inform Cm der | pem
1.1 jsing 1540: .Op Fl list_curves
1541: .Op Fl name Ar arg
1542: .Op Fl no_seed
1543: .Op Fl noout
1544: .Op Fl out Ar file
1.48 jmc 1545: .Op Fl outform Cm der | pem
1.1 jsing 1546: .Op Fl param_enc Ar arg
1547: .Op Fl text
1548: .nr nS 0
1549: .Pp
1.48 jmc 1550: The
1551: .Nm ecparam
1552: command is used to manipulate or generate EC parameter files.
1553: .Nm openssl
1554: is not able to generate new groups so
1555: .Nm ecparam
1556: can only create EC parameters from known (named) curves.
1557: .Pp
1.1 jsing 1558: The options are as follows:
1559: .Bl -tag -width Ds
1560: .It Fl C
1561: Convert the EC parameters into C code.
1562: The parameters can then be loaded by calling the
1.48 jmc 1563: .No get_ec_group_ Ns Ar XXX
1.1 jsing 1564: function.
1565: .It Fl check
1566: Validate the elliptic curve parameters.
1567: .It Fl conv_form Ar arg
1568: Specify how the points on the elliptic curve are converted
1569: into octet strings.
1570: Possible values are:
1571: .Cm compressed
1.48 jmc 1572: (the default),
1.1 jsing 1573: .Cm uncompressed ,
1574: and
1575: .Cm hybrid .
1576: For more information regarding
1.48 jmc 1577: the point conversion forms see the X9.62 standard.
1.1 jsing 1578: Note:
1579: Due to patent issues the
1580: .Cm compressed
1581: option is disabled by default for binary curves
1582: and can be enabled by defining the preprocessor macro
1.48 jmc 1583: .Dv OPENSSL_EC_BIN_PT_COMP
1.1 jsing 1584: at compile time.
1585: .It Fl genkey
1586: Generate an EC private key using the specified parameters.
1587: .It Fl in Ar file
1.48 jmc 1588: The input file to read from,
1589: or standard input if not specified.
1590: .It Fl inform Cm der | pem
1591: The input format.
1.1 jsing 1592: .It Fl list_curves
1.48 jmc 1593: Print a list of all
1.1 jsing 1594: currently implemented EC parameter names and exit.
1595: .It Fl name Ar arg
1.48 jmc 1596: Use the EC parameters with the specified "short" name.
1.1 jsing 1597: .It Fl no_seed
1.48 jmc 1598: Do not include the seed for the parameter generation
1599: in the ECParameters structure (see RFC 3279).
1.1 jsing 1600: .It Fl noout
1.48 jmc 1601: Do not output the encoded version of the parameters.
1.1 jsing 1602: .It Fl out Ar file
1.48 jmc 1603: The output file to write to,
1604: or standard output if not specified.
1605: .It Fl outform Cm der | pem
1606: The output format.
1.1 jsing 1607: .It Fl param_enc Ar arg
1.48 jmc 1608: Specify how the elliptic curve parameters are encoded.
1.1 jsing 1609: Possible value are:
1610: .Cm named_curve ,
1611: i.e. the EC parameters are specified by an OID, or
1612: .Cm explicit ,
1613: where the EC parameters are explicitly given
1614: (see RFC 3279 for the definition of the EC parameter structures).
1615: The default value is
1616: .Cm named_curve .
1617: Note: the
1618: .Cm implicitlyCA
1619: alternative, as specified in RFC 3279,
1.48 jmc 1620: is currently not implemented.
1.1 jsing 1621: .It Fl text
1.64 jmc 1622: Print the EC parameters in plain text.
1.1 jsing 1623: .El
1624: .Sh ENC
1625: .nr nS 1
1626: .Nm "openssl enc"
1627: .Fl ciphername
1628: .Op Fl AadePp
1629: .Op Fl base64
1630: .Op Fl bufsize Ar number
1631: .Op Fl debug
1632: .Op Fl in Ar file
1633: .Op Fl iv Ar IV
1634: .Op Fl K Ar key
1635: .Op Fl k Ar password
1636: .Op Fl kfile Ar file
1637: .Op Fl md Ar digest
1638: .Op Fl none
1639: .Op Fl nopad
1640: .Op Fl nosalt
1641: .Op Fl out Ar file
1642: .Op Fl pass Ar arg
1643: .Op Fl S Ar salt
1644: .Op Fl salt
1645: .nr nS 0
1646: .Pp
1647: The symmetric cipher commands allow data to be encrypted or decrypted
1648: using various block and stream ciphers using keys based on passwords
1649: or explicitly provided.
1650: Base64 encoding or decoding can also be performed either by itself
1651: or in addition to the encryption or decryption.
1.49 jmc 1652: The program can be called either as
1653: .Nm openssl Ar ciphername
1654: or
1655: .Nm openssl enc - Ns Ar ciphername .
1656: .Pp
1657: Some of the ciphers do not have large keys and others have security
1658: implications if not used correctly.
1659: All the block ciphers normally use PKCS#5 padding,
1660: also known as standard block padding.
1661: If padding is disabled, the input data must be a multiple of the cipher
1662: block length.
1.1 jsing 1663: .Pp
1664: The options are as follows:
1665: .Bl -tag -width Ds
1666: .It Fl A
1667: If the
1668: .Fl a
1669: option is set, then base64 process the data on one line.
1670: .It Fl a , base64
1671: Base64 process the data.
1672: This means that if encryption is taking place, the data is base64-encoded
1673: after encryption.
1.49 jmc 1674: If decryption is set, the input data is base64-decoded before
1.1 jsing 1675: being decrypted.
1676: .It Fl bufsize Ar number
1677: Set the buffer size for I/O.
1678: .It Fl d
1679: Decrypt the input data.
1680: .It Fl debug
1681: Debug the BIOs used for I/O.
1682: .It Fl e
1.49 jmc 1683: Encrypt the input data.
1684: This is the default.
1.1 jsing 1685: .It Fl in Ar file
1.49 jmc 1686: The input file to read from,
1.57 jmc 1687: or standard input if not specified.
1.1 jsing 1688: .It Fl iv Ar IV
1689: The actual
1690: .Ar IV
1691: .Pq initialisation vector
1692: to use:
1693: this must be represented as a string comprised only of hex digits.
1694: When only the
1695: .Ar key
1696: is specified using the
1697: .Fl K
1.49 jmc 1698: option,
1699: the IV must explicitly be defined.
1.1 jsing 1700: When a password is being specified using one of the other options,
1.49 jmc 1701: the IV is generated from this password.
1.1 jsing 1702: .It Fl K Ar key
1703: The actual
1704: .Ar key
1705: to use:
1706: this must be represented as a string comprised only of hex digits.
1.49 jmc 1707: If only the key is specified,
1708: the IV must also be specified using the
1.1 jsing 1709: .Fl iv
1710: option.
1711: When both a
1712: .Ar key
1713: and a
1714: .Ar password
1715: are specified, the
1716: .Ar key
1717: given with the
1718: .Fl K
1.49 jmc 1719: option will be used and the IV generated from the password will be taken.
1.1 jsing 1720: It probably does not make much sense to specify both
1721: .Ar key
1722: and
1723: .Ar password .
1724: .It Fl k Ar password
1725: The
1726: .Ar password
1727: to derive the key from.
1728: Superseded by the
1729: .Fl pass
1730: option.
1731: .It Fl kfile Ar file
1732: Read the password to derive the key from the first line of
1733: .Ar file .
1734: Superseded by the
1735: .Fl pass
1736: option.
1737: .It Fl md Ar digest
1738: Use
1739: .Ar digest
1740: to create a key from a pass phrase.
1741: .Ar digest
1742: may be one of
1.49 jmc 1743: .Cm md5
1.1 jsing 1744: or
1.49 jmc 1745: .Cm sha1 .
1.1 jsing 1746: .It Fl none
1747: Use NULL cipher (no encryption or decryption of input).
1748: .It Fl nopad
1749: Disable standard block padding.
1750: .It Fl nosalt
1.49 jmc 1751: Don't use a salt in the key derivation routines.
1.81 jmc 1752: This option should never be used
1.49 jmc 1753: since it makes it possible to perform efficient dictionary
1754: attacks on the password and to attack stream cipher encrypted data.
1.1 jsing 1755: .It Fl out Ar file
1.51 jmc 1756: The output file to write to,
1.57 jmc 1757: or standard output if not specified.
1.1 jsing 1758: .It Fl P
1.49 jmc 1759: Print out the salt, key, and IV used, then immediately exit;
1.1 jsing 1760: don't do any encryption or decryption.
1761: .It Fl p
1.49 jmc 1762: Print out the salt, key, and IV used.
1.1 jsing 1763: .It Fl pass Ar arg
1764: The password source.
1765: .It Fl S Ar salt
1766: The actual
1767: .Ar salt
1768: to use:
1769: this must be represented as a string comprised only of hex digits.
1770: .It Fl salt
1.49 jmc 1771: Use a salt in the key derivation routines (the default).
1772: When the salt is being used
1773: the first eight bytes of the encrypted data are reserved for the salt:
1774: it is randomly generated when encrypting a file and read from the
1775: encrypted file when it is decrypted.
1.1 jsing 1776: .El
1777: .Sh ERRSTR
1778: .Nm openssl errstr
1779: .Op Fl stats
1780: .Ar errno ...
1781: .Pp
1782: The
1783: .Nm errstr
1784: command performs error number to error string conversion,
1785: generating a human-readable string representing the error code
1786: .Ar errno .
1787: The string is obtained through the
1788: .Xr ERR_error_string_n 3
1789: function and has the following format:
1790: .Pp
1791: .Dl error:[error code]:[library name]:[function name]:[reason string]
1792: .Pp
1793: .Bq error code
1794: is an 8-digit hexadecimal number.
1795: The remaining fields
1796: .Bq library name ,
1797: .Bq function name ,
1798: and
1799: .Bq reason string
1800: are all ASCII text.
1801: .Pp
1802: The options are as follows:
1803: .Bl -tag -width Ds
1804: .It Fl stats
1805: Print debugging statistics about various aspects of the hash table.
1806: .El
1807: .Sh GENDSA
1808: .nr nS 1
1809: .Nm "openssl gendsa"
1810: .Oo
1811: .Fl aes128 | aes192 | aes256 |
1812: .Fl des | des3
1813: .Oc
1814: .Op Fl out Ar file
1815: .Op Ar paramfile
1816: .nr nS 0
1817: .Pp
1818: The
1819: .Nm gendsa
1820: command generates a DSA private key from a DSA parameter file
1.51 jmc 1821: (typically generated by the
1.1 jsing 1822: .Nm openssl dsaparam
1823: command).
1.51 jmc 1824: DSA key generation is little more than random number generation so it is
1825: much quicker than,
1826: for example,
1827: RSA key generation.
1.1 jsing 1828: .Pp
1829: The options are as follows:
1830: .Bl -tag -width Ds
1831: .It Xo
1832: .Fl aes128 | aes192 | aes256 |
1833: .Fl des | des3
1834: .Xc
1.51 jmc 1835: Encrypt the private key with the AES, DES,
1.1 jsing 1836: or the triple DES ciphers, respectively, before outputting it.
1837: A pass phrase is prompted for.
1838: If none of these options are specified, no encryption is used.
1839: .It Fl out Ar file
1.51 jmc 1840: The output file to write to,
1.57 jmc 1841: or standard output if not specified.
1.1 jsing 1842: .It Ar paramfile
1.51 jmc 1843: Specify the DSA parameter file to use.
1.1 jsing 1844: The parameters in this file determine the size of the private key.
1845: .El
1846: .Sh GENPKEY
1847: .nr nS 1
1848: .Nm "openssl genpkey"
1849: .Op Fl algorithm Ar alg
1850: .Op Ar cipher
1851: .Op Fl genparam
1852: .Op Fl out Ar file
1.52 jmc 1853: .Op Fl outform Cm der | pem
1.1 jsing 1854: .Op Fl paramfile Ar file
1855: .Op Fl pass Ar arg
1856: .Op Fl pkeyopt Ar opt : Ns Ar value
1857: .Op Fl text
1858: .nr nS 0
1859: .Pp
1860: The
1861: .Nm genpkey
1862: command generates private keys.
1863: The use of this
1864: program is encouraged over the algorithm specific utilities
1.22 bcook 1865: because additional algorithm options can be used.
1.1 jsing 1866: .Pp
1867: The options are as follows:
1868: .Bl -tag -width Ds
1869: .It Fl algorithm Ar alg
1870: The public key algorithm to use,
1871: such as RSA, DSA, or DH.
1.52 jmc 1872: This option must precede any
1.1 jsing 1873: .Fl pkeyopt
1874: options.
1875: The options
1876: .Fl paramfile
1877: and
1878: .Fl algorithm
1879: are mutually exclusive.
1880: .It Ar cipher
1881: Encrypt the private key with the supplied cipher.
1882: Any algorithm name accepted by
1.52 jmc 1883: .Xr EVP_get_cipherbyname 3
1884: is acceptable.
1.1 jsing 1885: .It Fl genparam
1886: Generate a set of parameters instead of a private key.
1.52 jmc 1887: This option must precede any
1.1 jsing 1888: .Fl algorithm ,
1889: .Fl paramfile ,
1890: or
1891: .Fl pkeyopt
1892: options.
1893: .It Fl out Ar file
1.52 jmc 1894: The output file to write to,
1.57 jmc 1895: or standard output if not specified.
1.52 jmc 1896: .It Fl outform Cm der | pem
1897: The output format.
1.1 jsing 1898: .It Fl paramfile Ar file
1.52 jmc 1899: Some public key algorithms generate a private key based on a set of parameters,
1900: which can be supplied using this option.
1.1 jsing 1901: If this option is used the public key
1902: algorithm used is determined by the parameters.
1.52 jmc 1903: This option must precede any
1.1 jsing 1904: .Fl pkeyopt
1905: options.
1906: The options
1907: .Fl paramfile
1908: and
1909: .Fl algorithm
1910: are mutually exclusive.
1911: .It Fl pass Ar arg
1912: The output file password source.
1913: .It Fl pkeyopt Ar opt : Ns Ar value
1914: Set the public key algorithm option
1915: .Ar opt
1916: to
1.52 jmc 1917: .Ar value ,
1918: as follows:
1.1 jsing 1919: .Bl -tag -width Ds -offset indent
1920: .It rsa_keygen_bits : Ns Ar numbits
1921: (RSA)
1922: The number of bits in the generated key.
1.52 jmc 1923: The default is 2048.
1.1 jsing 1924: .It rsa_keygen_pubexp : Ns Ar value
1925: (RSA)
1926: The RSA public exponent value.
1927: This can be a large decimal or hexadecimal value if preceded by 0x.
1.52 jmc 1928: The default is 65537.
1.1 jsing 1929: .It dsa_paramgen_bits : Ns Ar numbits
1930: (DSA)
1931: The number of bits in the generated parameters.
1.52 jmc 1932: The default is 1024.
1.1 jsing 1933: .It dh_paramgen_prime_len : Ns Ar numbits
1934: (DH)
1935: The number of bits in the prime parameter
1936: .Ar p .
1937: .It dh_paramgen_generator : Ns Ar value
1938: (DH)
1939: The value to use for the generator
1940: .Ar g .
1941: .It ec_paramgen_curve : Ns Ar curve
1942: (EC)
1943: The EC curve to use.
1944: .El
1.52 jmc 1945: .It Fl text
1.64 jmc 1946: Print the private/public key in plain text.
1.52 jmc 1947: .El
1.1 jsing 1948: .Sh GENRSA
1949: .nr nS 1
1950: .Nm "openssl genrsa"
1951: .Op Fl 3 | f4
1.53 jmc 1952: .Op Fl aes128 | aes192 | aes256 | des | des3
1.1 jsing 1953: .Op Fl out Ar file
1954: .Op Fl passout Ar arg
1955: .Op Ar numbits
1956: .nr nS 0
1957: .Pp
1958: The
1959: .Nm genrsa
1.53 jmc 1960: command generates an RSA private key,
1961: which essentially involves the generation of two prime numbers.
1962: When generating the key,
1963: various symbols will be output to indicate the progress of the generation.
1964: A
1965: .Sq \&.
1966: represents each number which has passed an initial sieve test;
1967: .Sq +
1968: means a number has passed a single round of the Miller-Rabin primality test.
1969: A newline means that the number has passed all the prime tests
1970: (the actual number depends on the key size).
1.1 jsing 1971: .Pp
1972: The options are as follows:
1973: .Bl -tag -width Ds
1974: .It Fl 3 | f4
1975: The public exponent to use, either 3 or 65537.
1976: The default is 65537.
1.53 jmc 1977: .It Fl aes128 | aes192 | aes256 | des | des3
1978: Encrypt the private key with the AES, DES,
1.1 jsing 1979: or the triple DES ciphers, respectively, before outputting it.
1980: If none of these options are specified, no encryption is used.
1981: If encryption is used, a pass phrase is prompted for,
1982: if it is not supplied via the
1983: .Fl passout
1984: option.
1985: .It Fl out Ar file
1.53 jmc 1986: The output file to write to,
1.57 jmc 1987: or standard output if not specified.
1.1 jsing 1988: .It Fl passout Ar arg
1989: The output file password source.
1990: .It Ar numbits
1991: The size of the private key to generate in bits.
1992: This must be the last option specified.
1993: The default is 2048.
1994: .El
1995: .Sh NSEQ
1996: .Nm openssl nseq
1997: .Op Fl in Ar file
1998: .Op Fl out Ar file
1999: .Op Fl toseq
2000: .Pp
2001: The
2002: .Nm nseq
1.54 jmc 2003: command takes a file containing a Netscape certificate sequence
2004: (an alternative to the standard PKCS#7 format)
2005: and prints out the certificates contained in it,
2006: or takes a file of certificates
2007: and converts it into a Netscape certificate sequence.
2008: .Pp
1.1 jsing 2009: The options are as follows:
2010: .Bl -tag -width Ds
2011: .It Fl in Ar file
1.54 jmc 2012: The input file to read from,
2013: or standard input if not specified.
1.1 jsing 2014: .It Fl out Ar file
1.54 jmc 2015: The output file to write to,
2016: or standard output if not specified.
1.1 jsing 2017: .It Fl toseq
2018: Normally, a Netscape certificate sequence will be input and the output
2019: is the certificates contained in it.
2020: With the
2021: .Fl toseq
2022: option the situation is reversed:
2023: a Netscape certificate sequence is created from a file of certificates.
2024: .El
2025: .Sh OCSP
2026: .nr nS 1
2027: .Nm "openssl ocsp"
2028: .Op Fl CA Ar file
2029: .Op Fl CAfile Ar file
2030: .Op Fl CApath Ar directory
2031: .Op Fl cert Ar file
2032: .Op Fl dgst Ar alg
1.55 jmc 2033: .Op Fl host Ar hostname : Ns Ar port
1.1 jsing 2034: .Op Fl index Ar indexfile
2035: .Op Fl issuer Ar file
2036: .Op Fl ndays Ar days
2037: .Op Fl nmin Ar minutes
2038: .Op Fl no_cert_checks
2039: .Op Fl no_cert_verify
2040: .Op Fl no_certs
2041: .Op Fl no_chain
2042: .Op Fl no_intern
2043: .Op Fl no_nonce
2044: .Op Fl no_signature_verify
2045: .Op Fl nonce
2046: .Op Fl noverify
2047: .Op Fl nrequest Ar number
2048: .Op Fl out Ar file
2049: .Op Fl path Ar path
2050: .Op Fl port Ar portnum
2051: .Op Fl req_text
2052: .Op Fl reqin Ar file
2053: .Op Fl reqout Ar file
2054: .Op Fl resp_key_id
2055: .Op Fl resp_no_certs
2056: .Op Fl resp_text
2057: .Op Fl respin Ar file
2058: .Op Fl respout Ar file
2059: .Op Fl rkey Ar file
2060: .Op Fl rother Ar file
2061: .Op Fl rsigner Ar file
2062: .Op Fl serial Ar number
2063: .Op Fl sign_other Ar file
2064: .Op Fl signer Ar file
2065: .Op Fl signkey Ar file
2066: .Op Fl status_age Ar age
2067: .Op Fl text
2068: .Op Fl trust_other
2069: .Op Fl url Ar responder_url
2070: .Op Fl VAfile Ar file
2071: .Op Fl validity_period Ar nsec
2072: .Op Fl verify_other Ar file
2073: .nr nS 0
2074: .Pp
1.55 jmc 2075: The Online Certificate Status Protocol (OCSP)
2076: enables applications to determine the (revocation) state
2077: of an identified certificate (RFC 2560).
1.1 jsing 2078: .Pp
2079: The
2080: .Nm ocsp
2081: command performs many common OCSP tasks.
2082: It can be used to print out requests and responses,
2083: create requests and send queries to an OCSP responder,
2084: and behave like a mini OCSP server itself.
2085: .Pp
2086: The options are as follows:
2087: .Bl -tag -width Ds
2088: .It Fl CAfile Ar file , Fl CApath Ar directory
1.55 jmc 2089: A file or path containing trusted CA certificates,
2090: used to verify the signature on the OCSP response.
1.1 jsing 2091: .It Fl cert Ar file
2092: Add the certificate
2093: .Ar file
2094: to the request.
2095: The issuer certificate is taken from the previous
2096: .Fl issuer
2097: option, or an error occurs if no issuer certificate is specified.
2098: .It Fl dgst Ar alg
1.55 jmc 2099: Use the digest algorithm
2100: .Ar alg
2101: for certificate identification in the OCSP request.
1.1 jsing 2102: By default SHA-1 is used.
2103: .It Xo
2104: .Fl host Ar hostname : Ns Ar port ,
2105: .Fl path Ar path
2106: .Xc
1.55 jmc 2107: Send
2108: the OCSP request to
1.1 jsing 2109: .Ar hostname
1.55 jmc 2110: on
1.1 jsing 2111: .Ar port .
2112: .Fl path
2113: specifies the HTTP path name to use, or
1.55 jmc 2114: .Pa /
1.1 jsing 2115: by default.
2116: .It Fl issuer Ar file
1.81 jmc 2117: The current issuer certificate, in PEM format.
2118: Can be used multiple times and must come before any
1.1 jsing 2119: .Fl cert
2120: options.
2121: .It Fl no_cert_checks
2122: Don't perform any additional checks on the OCSP response signer's certificate.
2123: That is, do not make any checks to see if the signer's certificate is
2124: authorised to provide the necessary status information:
2125: as a result this option should only be used for testing purposes.
2126: .It Fl no_cert_verify
2127: Don't verify the OCSP response signer's certificate at all.
2128: Since this option allows the OCSP response to be signed by any certificate,
2129: it should only be used for testing purposes.
2130: .It Fl no_certs
1.55 jmc 2131: Don't include any certificates in the signed request.
1.1 jsing 2132: .It Fl no_chain
2133: Do not use certificates in the response as additional untrusted CA
2134: certificates.
2135: .It Fl no_intern
2136: Ignore certificates contained in the OCSP response
2137: when searching for the signer's certificate.
1.55 jmc 2138: The signer's certificate must be specified with either the
1.1 jsing 2139: .Fl verify_other
2140: or
2141: .Fl VAfile
2142: options.
2143: .It Fl no_signature_verify
2144: Don't check the signature on the OCSP response.
2145: Since this option tolerates invalid signatures on OCSP responses,
2146: it will normally only be used for testing purposes.
2147: .It Fl nonce , no_nonce
1.55 jmc 2148: Add an OCSP nonce extension to a request,
2149: or disable an OCSP nonce addition.
1.1 jsing 2150: Normally, if an OCSP request is input using the
2151: .Fl respin
1.55 jmc 2152: option no nonce is added:
1.1 jsing 2153: using the
2154: .Fl nonce
1.55 jmc 2155: option will force the addition of a nonce.
1.1 jsing 2156: If an OCSP request is being created (using the
2157: .Fl cert
2158: and
2159: .Fl serial
2160: options)
1.55 jmc 2161: a nonce is automatically added; specifying
1.1 jsing 2162: .Fl no_nonce
2163: overrides this.
2164: .It Fl noverify
1.55 jmc 2165: Don't attempt to verify the OCSP response signature or the nonce values.
2166: This is normally only be used for debugging
1.1 jsing 2167: since it disables all verification of the responder's certificate.
2168: .It Fl out Ar file
1.55 jmc 2169: Specify the output file to write to,
1.57 jmc 2170: or standard output if not specified.
1.1 jsing 2171: .It Fl req_text , resp_text , text
2172: Print out the text form of the OCSP request, response, or both, respectively.
2173: .It Fl reqin Ar file , Fl respin Ar file
2174: Read an OCSP request or response file from
2175: .Ar file .
2176: These options are ignored
2177: if an OCSP request or response creation is implied by other options
2178: (for example with the
2179: .Fl serial , cert ,
2180: and
2181: .Fl host
2182: options).
2183: .It Fl reqout Ar file , Fl respout Ar file
2184: Write out the DER-encoded certificate request or response to
2185: .Ar file .
2186: .It Fl serial Ar num
2187: Same as the
2188: .Fl cert
2189: option except the certificate with serial number
2190: .Ar num
2191: is added to the request.
2192: The serial number is interpreted as a decimal integer unless preceded by
2193: .Sq 0x .
1.55 jmc 2194: Negative integers can also be specified
2195: by preceding the value with a minus sign.
1.1 jsing 2196: .It Fl sign_other Ar file
2197: Additional certificates to include in the signed request.
2198: .It Fl signer Ar file , Fl signkey Ar file
2199: Sign the OCSP request using the certificate specified in the
2200: .Fl signer
2201: option and the private key specified by the
2202: .Fl signkey
2203: option.
2204: If the
2205: .Fl signkey
2206: option is not present, then the private key is read from the same file
2207: as the certificate.
2208: If neither option is specified, the OCSP request is not signed.
2209: .It Fl trust_other
2210: The certificates specified by the
2211: .Fl verify_other
2212: option should be explicitly trusted and no additional checks will be
2213: performed on them.
2214: This is useful when the complete responder certificate chain is not available
2215: or trusting a root CA is not appropriate.
2216: .It Fl url Ar responder_url
2217: Specify the responder URL.
2218: Both HTTP and HTTPS
2219: .Pq SSL/TLS
2220: URLs can be specified.
2221: .It Fl VAfile Ar file
1.55 jmc 2222: A file containing explicitly trusted responder certificates.
1.1 jsing 2223: Equivalent to the
2224: .Fl verify_other
2225: and
2226: .Fl trust_other
2227: options.
2228: .It Fl validity_period Ar nsec , Fl status_age Ar age
1.55 jmc 2229: The range of times, in seconds, which will be tolerated in an OCSP response.
2230: Each certificate status response includes a notBefore time
2231: and an optional notAfter time.
1.1 jsing 2232: The current time should fall between these two values,
2233: but the interval between the two times may be only a few seconds.
2234: In practice the OCSP responder and clients' clocks may not be precisely
2235: synchronised and so such a check may fail.
2236: To avoid this the
2237: .Fl validity_period
2238: option can be used to specify an acceptable error range in seconds,
1.55 jmc 2239: the default value being 5 minutes.
1.1 jsing 2240: .Pp
1.55 jmc 2241: If the notAfter time is omitted from a response,
2242: it means that new status information is immediately available.
2243: In this case the age of the notBefore field is checked
2244: to see it is not older than
1.1 jsing 2245: .Ar age
2246: seconds old.
2247: By default, this additional check is not performed.
2248: .It Fl verify_other Ar file
1.55 jmc 2249: A file containing additional certificates to search
2250: when attempting to locate the OCSP response signing certificate.
2251: Some responders omit the actual signer's certificate from the response,
2252: so this can be used to supply the necessary certificate.
1.1 jsing 2253: .El
1.55 jmc 2254: .Pp
2255: The options for the OCSP server are as follows:
1.1 jsing 2256: .Bl -tag -width "XXXX"
2257: .It Fl CA Ar file
2258: CA certificate corresponding to the revocation information in
2259: .Ar indexfile .
2260: .It Fl index Ar indexfile
2261: .Ar indexfile
1.55 jmc 2262: is a text index file in ca format
2263: containing certificate revocation information.
1.1 jsing 2264: .Pp
1.55 jmc 2265: If this option is specified,
1.1 jsing 2266: .Nm ocsp
1.55 jmc 2267: is in responder mode, otherwise it is in client mode.
2268: The requests the responder processes can be either specified on
1.1 jsing 2269: the command line (using the
2270: .Fl issuer
2271: and
2272: .Fl serial
2273: options), supplied in a file (using the
2274: .Fl respin
1.55 jmc 2275: option), or via external OCSP clients (if
1.1 jsing 2276: .Ar port
2277: or
2278: .Ar url
2279: is specified).
2280: .Pp
1.55 jmc 2281: If this option is present, then the
1.1 jsing 2282: .Fl CA
2283: and
2284: .Fl rsigner
2285: options must also be present.
2286: .It Fl nmin Ar minutes , Fl ndays Ar days
2287: Number of
2288: .Ar minutes
2289: or
2290: .Ar days
1.55 jmc 2291: when fresh revocation information is available:
2292: used in the nextUpdate field.
2293: If neither option is present,
2294: the nextUpdate field is omitted,
2295: meaning fresh revocation information is immediately available.
1.1 jsing 2296: .It Fl nrequest Ar number
1.55 jmc 2297: Exit after receiving
1.1 jsing 2298: .Ar number
1.55 jmc 2299: requests (the default is unlimited).
1.1 jsing 2300: .It Fl port Ar portnum
2301: Port to listen for OCSP requests on.
1.55 jmc 2302: May also be specified using the
1.1 jsing 2303: .Fl url
2304: option.
2305: .It Fl resp_key_id
2306: Identify the signer certificate using the key ID;
1.55 jmc 2307: the default is to use the subject name.
1.1 jsing 2308: .It Fl resp_no_certs
2309: Don't include any certificates in the OCSP response.
2310: .It Fl rkey Ar file
2311: The private key to sign OCSP responses with;
2312: if not present, the file specified in the
2313: .Fl rsigner
2314: option is used.
2315: .It Fl rother Ar file
2316: Additional certificates to include in the OCSP response.
2317: .It Fl rsigner Ar file
2318: The certificate to sign OCSP responses with.
2319: .El
2320: .Pp
2321: Initially the OCSP responder certificate is located and the signature on
2322: the OCSP request checked using the responder certificate's public key.
2323: Then a normal certificate verify is performed on the OCSP responder certificate
2324: building up a certificate chain in the process.
2325: The locations of the trusted certificates used to build the chain can be
2326: specified by the
2327: .Fl CAfile
2328: and
2329: .Fl CApath
2330: options or they will be looked for in the standard
1.55 jmc 2331: .Nm openssl
2332: certificates directory.
1.1 jsing 2333: .Pp
1.55 jmc 2334: If the initial verify fails, the OCSP verify process halts with an error.
1.1 jsing 2335: Otherwise the issuing CA certificate in the request is compared to the OCSP
2336: responder certificate: if there is a match then the OCSP verify succeeds.
2337: .Pp
2338: Otherwise the OCSP responder certificate's CA is checked against the issuing
2339: CA certificate in the request.
2340: If there is a match and the OCSPSigning extended key usage is present
2341: in the OCSP responder certificate, then the OCSP verify succeeds.
2342: .Pp
2343: Otherwise the root CA of the OCSP responder's CA is checked to see if it
2344: is trusted for OCSP signing.
2345: If it is, the OCSP verify succeeds.
2346: .Pp
2347: If none of these checks is successful, the OCSP verify fails.
2348: What this effectively means is that if the OCSP responder certificate is
2349: authorised directly by the CA it is issuing revocation information about
1.55 jmc 2350: (and it is correctly configured),
1.1 jsing 2351: then verification will succeed.
2352: .Pp
1.55 jmc 2353: If the OCSP responder is a global responder,
2354: which can give details about multiple CAs
2355: and has its own separate certificate chain,
2356: then its root CA can be trusted for OCSP signing.
1.1 jsing 2357: Alternatively, the responder certificate itself can be explicitly trusted
2358: with the
2359: .Fl VAfile
2360: option.
2361: .Sh PASSWD
2362: .nr nS 1
2363: .Nm "openssl passwd"
2364: .Op Fl 1 | apr1 | crypt
2365: .Op Fl in Ar file
2366: .Op Fl noverify
2367: .Op Fl quiet
2368: .Op Fl reverse
2369: .Op Fl salt Ar string
2370: .Op Fl stdin
2371: .Op Fl table
2372: .Op Ar password
2373: .nr nS 0
2374: .Pp
2375: The
2376: .Nm passwd
1.56 jmc 2377: command computes the hash of a password.
1.1 jsing 2378: .Pp
2379: The options are as follows:
2380: .Bl -tag -width Ds
2381: .It Fl 1
2382: Use the MD5 based
2383: .Bx
2384: password algorithm
1.56 jmc 2385: .Qq 1 .
1.1 jsing 2386: .It Fl apr1
2387: Use the
1.56 jmc 2388: .Qq apr1
1.1 jsing 2389: algorithm
1.56 jmc 2390: .Po
2391: Apache variant of the
1.1 jsing 2392: .Bx
1.56 jmc 2393: algorithm
2394: .Pc .
1.1 jsing 2395: .It Fl crypt
2396: Use the
1.56 jmc 2397: .Qq crypt
2398: algorithm (the default).
1.1 jsing 2399: .It Fl in Ar file
2400: Read passwords from
2401: .Ar file .
2402: .It Fl noverify
2403: Don't verify when reading a password from the terminal.
2404: .It Fl quiet
2405: Don't output warnings when passwords given on the command line are truncated.
2406: .It Fl reverse
2407: Switch table columns.
2408: This only makes sense in conjunction with the
2409: .Fl table
2410: option.
2411: .It Fl salt Ar string
1.56 jmc 2412: Use the salt specified by
2413: .Ar string .
1.1 jsing 2414: When reading a password from the terminal, this implies
2415: .Fl noverify .
2416: .It Fl stdin
1.56 jmc 2417: Read passwords from standard input.
1.1 jsing 2418: .It Fl table
2419: In the output list, prepend the cleartext password and a TAB character
2420: to each password hash.
2421: .El
2422: .Sh PKCS7
2423: .nr nS 1
2424: .Nm "openssl pkcs7"
2425: .Op Fl in Ar file
1.57 jmc 2426: .Op Fl inform Cm der | pem
1.1 jsing 2427: .Op Fl noout
2428: .Op Fl out Ar file
1.57 jmc 2429: .Op Fl outform Cm der | pem
1.1 jsing 2430: .Op Fl print_certs
2431: .Op Fl text
2432: .nr nS 0
2433: .Pp
2434: The
2435: .Nm pkcs7
2436: command processes PKCS#7 files in DER or PEM format.
1.57 jmc 2437: The PKCS#7 routines only understand PKCS#7 v 1.5 as specified in RFC 2315.
2438: .Pp
1.1 jsing 2439: The options are as follows:
2440: .Bl -tag -width Ds
2441: .It Fl in Ar file
1.57 jmc 2442: The input file to read from,
2443: or standard input if not specified.
2444: .It Fl inform Cm der | pem
2445: The input format.
1.1 jsing 2446: .It Fl noout
2447: Don't output the encoded version of the PKCS#7 structure
2448: (or certificates if
2449: .Fl print_certs
2450: is set).
2451: .It Fl out Ar file
1.57 jmc 2452: The output to write to,
2453: or standard output if not specified.
2454: .It Fl outform Cm der | pem
2455: The output format.
1.1 jsing 2456: .It Fl print_certs
1.57 jmc 2457: Print any certificates or CRLs contained in the file,
2458: preceded by their subject and issuer names in a one-line format.
1.1 jsing 2459: .It Fl text
1.57 jmc 2460: Print certificate details in full rather than just subject and issuer names.
1.1 jsing 2461: .El
2462: .Sh PKCS8
2463: .nr nS 1
2464: .Nm "openssl pkcs8"
2465: .Op Fl embed
2466: .Op Fl in Ar file
1.58 jmc 2467: .Op Fl inform Cm der | pem
1.1 jsing 2468: .Op Fl nocrypt
2469: .Op Fl noiter
2470: .Op Fl nooct
2471: .Op Fl nsdb
2472: .Op Fl out Ar file
1.58 jmc 2473: .Op Fl outform Cm der | pem
1.1 jsing 2474: .Op Fl passin Ar arg
2475: .Op Fl passout Ar arg
2476: .Op Fl topk8
2477: .Op Fl v1 Ar alg
2478: .Op Fl v2 Ar alg
2479: .nr nS 0
2480: .Pp
2481: The
2482: .Nm pkcs8
1.58 jmc 2483: command processes private keys
2484: (both encrypted and unencrypted)
2485: in PKCS#8 format
2486: with a variety of PKCS#5 (v1.5 and v2.0) and PKCS#12 algorithms.
2487: The default encryption is only 56 bits;
2488: keys encrypted using PKCS#5 v2.0 algorithms and high iteration counts
2489: are more secure.
2490: .Pp
1.1 jsing 2491: The options are as follows:
2492: .Bl -tag -width Ds
2493: .It Fl embed
1.58 jmc 2494: Generate DSA keys in a broken format.
2495: The DSA parameters are embedded inside the PrivateKey structure.
1.84 jmc 2496: In this form the OCTET STRING contains an ASN.1 SEQUENCE consisting of
1.1 jsing 2497: two structures:
1.84 jmc 2498: a SEQUENCE containing the parameters and an ASN.1 INTEGER containing
1.1 jsing 2499: the private key.
2500: .It Fl in Ar file
1.58 jmc 2501: The input file to read from,
2502: or standard input if not specified.
1.1 jsing 2503: If the key is encrypted, a pass phrase will be prompted for.
1.58 jmc 2504: .It Fl inform Cm der | pem
2505: The input format.
1.1 jsing 2506: .It Fl nocrypt
1.58 jmc 2507: Generate an unencrypted PrivateKeyInfo structure.
2508: This option does not encrypt private keys at all
2509: and should only be used when absolutely necessary.
1.1 jsing 2510: .It Fl noiter
2511: Use an iteration count of 1.
2512: See the
2513: .Sx PKCS12
2514: section below for a detailed explanation of this option.
2515: .It Fl nooct
1.58 jmc 2516: Generate RSA private keys in a broken format that some software uses.
1.1 jsing 2517: Specifically the private key should be enclosed in an OCTET STRING,
2518: but some software just includes the structure itself without the
2519: surrounding OCTET STRING.
2520: .It Fl nsdb
1.58 jmc 2521: Generate DSA keys in a broken format compatible with Netscape
1.1 jsing 2522: private key databases.
1.58 jmc 2523: The PrivateKey contains a SEQUENCE
2524: consisting of the public and private keys, respectively.
1.1 jsing 2525: .It Fl out Ar file
1.58 jmc 2526: The output file to write to,
2527: or standard output if none is specified.
1.1 jsing 2528: If any encryption options are set, a pass phrase will be prompted for.
1.58 jmc 2529: .It Fl outform Cm der | pem
2530: The output format.
1.1 jsing 2531: .It Fl passin Ar arg
2532: The key password source.
2533: .It Fl passout Ar arg
2534: The output file password source.
2535: .It Fl topk8
1.58 jmc 2536: Read a traditional format private key and write a PKCS#8 format key.
1.1 jsing 2537: .It Fl v1 Ar alg
1.58 jmc 2538: Specify a PKCS#5 v1.5 or PKCS#12 algorithm to use.
2539: .Pp
2540: .Bl -tag -width "XXXX" -compact
2541: .It PBE-MD5-DES
2542: 56-bit DES.
2543: .It PBE-SHA1-RC2-64 | PBE-MD5-RC2-64 | PBE-SHA1-DES
2544: 64-bit RC2 or 56-bit DES.
2545: .It PBE-SHA1-RC4-128 | PBE-SHA1-RC4-40 | PBE-SHA1-3DES
2546: .It PBE-SHA1-2DES | PBE-SHA1-RC2-128 | PBE-SHA1-RC2-40
2547: PKCS#12 password-based encryption algorithm,
2548: which allow strong encryption algorithms like triple DES or 128-bit RC2.
2549: .El
1.1 jsing 2550: .It Fl v2 Ar alg
1.58 jmc 2551: Use PKCS#5 v2.0 algorithms.
2552: Supports algorithms such as 168-bit triple DES or 128-bit RC2,
2553: however not many implementations support PKCS#5 v2.0 yet
2554: (if using private keys with
2555: .Nm openssl
2556: this doesn't matter).
1.1 jsing 2557: .Pp
2558: .Ar alg
1.58 jmc 2559: is the encryption algorithm to use;
2560: valid values include des, des3, and rc2.
2561: It is recommended that des3 is used.
1.1 jsing 2562: .El
2563: .Sh PKCS12
2564: .nr nS 1
2565: .Nm "openssl pkcs12"
1.59 jmc 2566: .Op Fl aes128 | aes192 | aes256 | des | des3
1.1 jsing 2567: .Op Fl cacerts
2568: .Op Fl CAfile Ar file
2569: .Op Fl caname Ar name
2570: .Op Fl CApath Ar directory
2571: .Op Fl certfile Ar file
2572: .Op Fl certpbe Ar alg
2573: .Op Fl chain
2574: .Op Fl clcerts
2575: .Op Fl CSP Ar name
2576: .Op Fl descert
2577: .Op Fl export
2578: .Op Fl in Ar file
2579: .Op Fl info
2580: .Op Fl inkey Ar file
2581: .Op Fl keyex
2582: .Op Fl keypbe Ar alg
2583: .Op Fl keysig
2584: .Op Fl macalg Ar alg
2585: .Op Fl maciter
2586: .Op Fl name Ar name
2587: .Op Fl nocerts
2588: .Op Fl nodes
2589: .Op Fl noiter
2590: .Op Fl nokeys
2591: .Op Fl nomac
2592: .Op Fl nomaciter
2593: .Op Fl nomacver
2594: .Op Fl noout
2595: .Op Fl out Ar file
2596: .Op Fl passin Ar arg
2597: .Op Fl passout Ar arg
2598: .Op Fl twopass
2599: .nr nS 0
2600: .Pp
2601: The
2602: .Nm pkcs12
2603: command allows PKCS#12 files
2604: .Pq sometimes referred to as PFX files
2605: to be created and parsed.
2606: By default, a PKCS#12 file is parsed;
2607: a PKCS#12 file can be created by using the
2608: .Fl export
1.59 jmc 2609: option.
2610: .Pp
2611: The options for parsing a PKCS12 file are as follows:
1.1 jsing 2612: .Bl -tag -width "XXXX"
1.59 jmc 2613: .It Fl aes128 | aes192 | aes256 | des | des3
2614: Encrypt private keys
2615: using AES, DES, or triple DES, respectively.
1.1 jsing 2616: The default is triple DES.
2617: .It Fl cacerts
2618: Only output CA certificates
2619: .Pq not client certificates .
2620: .It Fl clcerts
2621: Only output client certificates
2622: .Pq not CA certificates .
2623: .It Fl in Ar file
1.59 jmc 2624: The input file to read from,
2625: or standard input if not specified.
1.1 jsing 2626: .It Fl info
2627: Output additional information about the PKCS#12 file structure,
2628: algorithms used, and iteration counts.
2629: .It Fl nocerts
1.59 jmc 2630: Do not output certificates.
1.1 jsing 2631: .It Fl nodes
1.59 jmc 2632: Do not encrypt private keys.
1.1 jsing 2633: .It Fl nokeys
1.59 jmc 2634: Do not output private keys.
1.1 jsing 2635: .It Fl nomacver
1.59 jmc 2636: Do not attempt to verify the integrity MAC before reading the file.
1.1 jsing 2637: .It Fl noout
1.59 jmc 2638: Do not output the keys and certificates to the output file
1.1 jsing 2639: version of the PKCS#12 file.
2640: .It Fl out Ar file
1.59 jmc 2641: The output file to write to,
2642: or standard output if not specified.
1.1 jsing 2643: .It Fl passin Ar arg
2644: The key password source.
2645: .It Fl passout Ar arg
2646: The output file password source.
2647: .It Fl twopass
2648: Prompt for separate integrity and encryption passwords: most software
2649: always assumes these are the same so this option will render such
2650: PKCS#12 files unreadable.
2651: .El
1.59 jmc 2652: .Pp
2653: The options for PKCS12 file creation are as follows:
1.1 jsing 2654: .Bl -tag -width "XXXX"
2655: .It Fl CAfile Ar file
2656: CA storage as a file.
2657: .It Fl CApath Ar directory
2658: CA storage as a directory.
1.59 jmc 2659: The directory must be a standard certificate directory:
1.1 jsing 2660: that is, a hash of each subject name (using
1.59 jmc 2661: .Nm x509 Fl hash )
1.1 jsing 2662: should be linked to each certificate.
2663: .It Fl caname Ar name
1.59 jmc 2664: Specify the
1.1 jsing 2665: .Qq friendly name
2666: for other certificates.
1.59 jmc 2667: May be used multiple times to specify names for all certificates
1.1 jsing 2668: in the order they appear.
2669: .It Fl certfile Ar file
2670: A file to read additional certificates from.
2671: .It Fl certpbe Ar alg , Fl keypbe Ar alg
1.59 jmc 2672: Specify the algorithm used to encrypt the private key and
1.1 jsing 2673: certificates to be selected.
1.59 jmc 2674: Any PKCS#5 v1.5 or PKCS#12 PBE algorithm name can be used.
1.1 jsing 2675: If a cipher name
2676: (as output by the
2677: .Cm list-cipher-algorithms
2678: command) is specified then it
2679: is used with PKCS#5 v2.0.
2680: For interoperability reasons it is advisable to only use PKCS#12 algorithms.
2681: .It Fl chain
1.59 jmc 2682: Include the entire certificate chain of the user certificate.
1.1 jsing 2683: The standard CA store is used for this search.
2684: If the search fails, it is considered a fatal error.
2685: .It Fl CSP Ar name
2686: Write
2687: .Ar name
2688: as a Microsoft CSP name.
2689: .It Fl descert
2690: Encrypt the certificate using triple DES; this may render the PKCS#12
2691: file unreadable by some
2692: .Qq export grade
2693: software.
2694: By default, the private key is encrypted using triple DES and the
2695: certificate using 40-bit RC2.
2696: .It Fl export
1.59 jmc 2697: Create a PKCS#12 file (rather than parsing one).
1.1 jsing 2698: .It Fl in Ar file
1.59 jmc 2699: The input file to read from,
1.81 jmc 2700: or standard input if not specified.
1.1 jsing 2701: The order doesn't matter but one private key and its corresponding
2702: certificate should be present.
2703: If additional certificates are present, they will also be included
2704: in the PKCS#12 file.
2705: .It Fl inkey Ar file
1.59 jmc 2706: File to read a private key from.
1.1 jsing 2707: If not present, a private key must be present in the input file.
2708: .It Fl keyex | keysig
1.59 jmc 2709: Specify whether the private key is to be used for key exchange or just signing.
1.1 jsing 2710: Normally,
2711: .Qq export grade
2712: software will only allow 512-bit RSA keys to be
2713: used for encryption purposes, but arbitrary length keys for signing.
2714: The
2715: .Fl keysig
2716: option marks the key for signing only.
2717: Signing only keys can be used for S/MIME signing, authenticode
1.66 jmc 2718: (ActiveX control signing)
1.59 jmc 2719: and SSL client authentication.
1.1 jsing 2720: .It Fl macalg Ar alg
2721: Specify the MAC digest algorithm.
1.59 jmc 2722: The default is SHA1.
1.1 jsing 2723: .It Fl maciter
1.66 jmc 2724: Included for compatibility only:
1.59 jmc 2725: it used to be needed to use MAC iterations counts
2726: but they are now used by default.
1.1 jsing 2727: .It Fl name Ar name
1.59 jmc 2728: Specify the
1.1 jsing 2729: .Qq friendly name
2730: for the certificate and private key.
2731: This name is typically displayed in list boxes by software importing the file.
2732: .It Fl nomac
2733: Don't attempt to provide the MAC integrity.
2734: .It Fl nomaciter , noiter
1.59 jmc 2735: Affect the iteration counts on the MAC and key algorithms.
1.1 jsing 2736: .Pp
2737: To discourage attacks by using large dictionaries of common passwords,
2738: the algorithm that derives keys from passwords can have an iteration count
2739: applied to it: this causes a certain part of the algorithm to be repeated
2740: and slows it down.
2741: The MAC is used to check the file integrity but since it will normally
2742: have the same password as the keys and certificates it could also be attacked.
2743: By default, both MAC and encryption iteration counts are set to 2048;
2744: using these options the MAC and encryption iteration counts can be set to 1.
2745: Since this reduces the file security you should not use these options
2746: unless you really have to.
2747: Most software supports both MAC and key iteration counts.
2748: .It Fl out Ar file
1.59 jmc 2749: The output file to write to,
2750: or standard output if not specified.
1.1 jsing 2751: .It Fl passin Ar arg
2752: The key password source.
2753: .It Fl passout Ar arg
2754: The output file password source.
2755: .El
2756: .Sh PKEY
2757: .nr nS 1
2758: .Nm "openssl pkey"
2759: .Op Ar cipher
2760: .Op Fl in Ar file
1.60 jmc 2761: .Op Fl inform Cm der | pem
1.1 jsing 2762: .Op Fl noout
2763: .Op Fl out Ar file
1.60 jmc 2764: .Op Fl outform Cm der | pem
1.1 jsing 2765: .Op Fl passin Ar arg
2766: .Op Fl passout Ar arg
2767: .Op Fl pubin
2768: .Op Fl pubout
2769: .Op Fl text
2770: .Op Fl text_pub
2771: .nr nS 0
2772: .Pp
2773: The
2774: .Nm pkey
2775: command processes public or private keys.
2776: They can be converted between various forms
2777: and their components printed out.
2778: .Pp
2779: The options are as follows:
2780: .Bl -tag -width Ds
2781: .It Ar cipher
1.60 jmc 2782: Encrypt the private key with the specified cipher.
1.1 jsing 2783: Any algorithm name accepted by
1.60 jmc 2784: .Xr EVP_get_cipherbyname 3
1.1 jsing 2785: is acceptable, such as
2786: .Cm des3 .
2787: .It Fl in Ar file
1.60 jmc 2788: The input file to read from,
2789: or standard input if not specified.
1.1 jsing 2790: If the key is encrypted a pass phrase will be prompted for.
1.60 jmc 2791: .It Fl inform Cm der | pem
2792: The input format.
1.1 jsing 2793: .It Fl noout
2794: Do not output the encoded version of the key.
2795: .It Fl out Ar file
1.60 jmc 2796: The output file to write to,
2797: or standard output if not specified.
1.1 jsing 2798: If any encryption options are set then a pass phrase
2799: will be prompted for.
1.60 jmc 2800: .It Fl outform Cm der | pem
2801: The output format.
1.1 jsing 2802: .It Fl passin Ar arg
2803: The key password source.
2804: .It Fl passout Ar arg
2805: The output file password source.
2806: .It Fl pubin
1.60 jmc 2807: Read in a public key, not a private key.
1.1 jsing 2808: .It Fl pubout
1.60 jmc 2809: Output a public key, not a private key.
2810: Automatically set if the input is a public key.
1.1 jsing 2811: .It Fl text
1.64 jmc 2812: Print the public/private key in plain text.
1.1 jsing 2813: .It Fl text_pub
2814: Print out only public key components
2815: even if a private key is being processed.
2816: .El
2817: .Sh PKEYPARAM
2818: .Cm openssl pkeyparam
2819: .Op Fl in Ar file
2820: .Op Fl noout
2821: .Op Fl out Ar file
2822: .Op Fl text
2823: .Pp
2824: The
1.61 jmc 2825: .Nm pkeyparam
1.1 jsing 2826: command processes public or private keys.
1.61 jmc 2827: The key type is determined by the PEM headers.
1.1 jsing 2828: .Pp
2829: The options are as follows:
2830: .Bl -tag -width Ds
2831: .It Fl in Ar file
1.61 jmc 2832: The input file to read from,
2833: or standard input if not specified.
1.1 jsing 2834: .It Fl noout
2835: Do not output the encoded version of the parameters.
2836: .It Fl out Ar file
1.61 jmc 2837: The output file to write to,
2838: or standard output if not specified.
1.1 jsing 2839: .It Fl text
1.64 jmc 2840: Print the parameters in plain text.
1.1 jsing 2841: .El
2842: .Sh PKEYUTL
2843: .nr nS 1
2844: .Nm "openssl pkeyutl"
2845: .Op Fl asn1parse
2846: .Op Fl certin
2847: .Op Fl decrypt
2848: .Op Fl derive
2849: .Op Fl encrypt
2850: .Op Fl hexdump
2851: .Op Fl in Ar file
2852: .Op Fl inkey Ar file
1.62 jmc 2853: .Op Fl keyform Cm der | pem
1.1 jsing 2854: .Op Fl out Ar file
2855: .Op Fl passin Ar arg
1.62 jmc 2856: .Op Fl peerform Cm der | pem
1.1 jsing 2857: .Op Fl peerkey Ar file
2858: .Op Fl pkeyopt Ar opt : Ns Ar value
2859: .Op Fl pubin
2860: .Op Fl rev
2861: .Op Fl sigfile Ar file
2862: .Op Fl sign
2863: .Op Fl verify
2864: .Op Fl verifyrecover
2865: .nr nS 0
2866: .Pp
2867: The
2868: .Nm pkeyutl
2869: command can be used to perform public key operations using
2870: any supported algorithm.
2871: .Pp
2872: The options are as follows:
2873: .Bl -tag -width Ds
2874: .It Fl asn1parse
1.84 jmc 2875: ASN.1 parse the output data.
1.1 jsing 2876: This is useful when combined with the
2877: .Fl verifyrecover
1.84 jmc 2878: option when an ASN.1 structure is signed.
1.1 jsing 2879: .It Fl certin
2880: The input is a certificate containing a public key.
2881: .It Fl decrypt
2882: Decrypt the input data using a private key.
2883: .It Fl derive
2884: Derive a shared secret using the peer key.
2885: .It Fl encrypt
2886: Encrypt the input data using a public key.
2887: .It Fl hexdump
2888: Hex dump the output data.
2889: .It Fl in Ar file
1.62 jmc 2890: The input file to read from,
2891: or standard input if not specified.
1.1 jsing 2892: .It Fl inkey Ar file
2893: The input key file.
2894: By default it should be a private key.
1.62 jmc 2895: .It Fl keyform Cm der | pem
2896: The key format.
1.1 jsing 2897: .It Fl out Ar file
1.62 jmc 2898: The output file to write to,
2899: or standard output if not specified.
1.1 jsing 2900: .It Fl passin Ar arg
2901: The key password source.
1.62 jmc 2902: .It Fl peerform Cm der | pem
2903: The peer key format.
1.1 jsing 2904: .It Fl peerkey Ar file
2905: The peer key file, used by key derivation (agreement) operations.
2906: .It Fl pkeyopt Ar opt : Ns Ar value
1.62 jmc 2907: Set the public key algorithm option
2908: .Ar opt
2909: to
2910: .Ar value .
2911: Unless otherwise mentioned, all algorithms support the format
2912: .Ar digest : Ns Ar alg ,
2913: which specifies the digest to use
1.1 jsing 2914: for sign, verify, and verifyrecover operations.
2915: The value
2916: .Ar alg
2917: should represent a digest name as used in the
1.62 jmc 2918: .Xr EVP_get_digestbyname 3
2919: function.
2920: .Pp
1.1 jsing 2921: The RSA algorithm supports the
2922: encrypt, decrypt, sign, verify, and verifyrecover operations in general.
2923: Some padding modes only support some of these
2924: operations however.
2925: .Bl -tag -width Ds
2926: .It rsa_padding_mode : Ns Ar mode
2927: This sets the RSA padding mode.
2928: Acceptable values for
2929: .Ar mode
2930: are
2931: .Cm pkcs1
2932: for PKCS#1 padding;
2933: .Cm none
2934: for no padding;
2935: .Cm oaep
2936: for OAEP mode;
2937: .Cm x931
2938: for X9.31 mode;
2939: and
2940: .Cm pss
2941: for PSS.
2942: .Pp
2943: In PKCS#1 padding if the message digest is not set then the supplied data is
2944: signed or verified directly instead of using a DigestInfo structure.
2945: If a digest is set then a DigestInfo
2946: structure is used and its length
2947: must correspond to the digest type.
2948: For oeap mode only encryption and decryption is supported.
2949: For x931 if the digest type is set it is used to format the block data;
2950: otherwise the first byte is used to specify the X9.31 digest ID.
2951: Sign, verify, and verifyrecover can be performed in this mode.
2952: For pss mode only sign and verify are supported and the digest type must be
2953: specified.
2954: .It rsa_pss_saltlen : Ns Ar len
2955: For pss
2956: mode only this option specifies the salt length.
2957: Two special values are supported:
2958: -1 sets the salt length to the digest length.
2959: When signing -2 sets the salt length to the maximum permissible value.
2960: When verifying -2 causes the salt length to be automatically determined
2961: based on the PSS block structure.
2962: .El
1.62 jmc 2963: .Pp
1.1 jsing 2964: The DSA algorithm supports the sign and verify operations.
2965: Currently there are no additional options other than
2966: .Ar digest .
2967: Only the SHA1 digest can be used and this digest is assumed by default.
1.62 jmc 2968: .Pp
1.1 jsing 2969: The DH algorithm supports the derive operation
2970: and no additional options.
1.62 jmc 2971: .Pp
1.1 jsing 2972: The EC algorithm supports the sign, verify, and derive operations.
2973: The sign and verify operations use ECDSA and derive uses ECDH.
2974: Currently there are no additional options other than
2975: .Ar digest .
2976: Only the SHA1 digest can be used and this digest is assumed by default.
1.62 jmc 2977: .It Fl pubin
2978: The input file is a public key.
2979: .It Fl rev
2980: Reverse the order of the input buffer.
2981: .It Fl sigfile Ar file
2982: Signature file (verify operation only).
2983: .It Fl sign
2984: Sign the input data and output the signed result.
2985: This requires a private key.
2986: .It Fl verify
2987: Verify the input data against the signature file and indicate if the
2988: verification succeeded or failed.
2989: .It Fl verifyrecover
2990: Verify the input data and output the recovered data.
2991: .El
1.1 jsing 2992: .Sh PRIME
2993: .Cm openssl prime
2994: .Op Fl bits Ar n
2995: .Op Fl checks Ar n
2996: .Op Fl generate
2997: .Op Fl hex
2998: .Op Fl safe
2999: .Ar p
3000: .Pp
3001: The
3002: .Nm prime
3003: command is used to generate prime numbers,
3004: or to check numbers for primality.
3005: Results are probabilistic:
3006: they have an exceedingly high likelihood of being correct,
3007: but are not guaranteed.
3008: .Pp
3009: The options are as follows:
3010: .Bl -tag -width Ds
3011: .It Fl bits Ar n
3012: Specify the number of bits in the generated prime number.
3013: Must be used in conjunction with
3014: .Fl generate .
3015: .It Fl checks Ar n
3016: Perform a Miller-Rabin probabilistic primality test with
3017: .Ar n
3018: iterations.
3019: The default is 20.
3020: .It Fl generate
3021: Generate a pseudo-random prime number.
3022: Must be used in conjunction with
3023: .Fl bits .
3024: .It Fl hex
3025: Output in hex format.
3026: .It Fl safe
3027: Generate only
3028: .Qq safe
3029: prime numbers
3030: (i.e. a prime p so that (p-1)/2 is also prime).
3031: .It Ar p
3032: Test if number
3033: .Ar p
3034: is prime.
3035: .El
3036: .Sh RAND
3037: .nr nS 1
3038: .Nm "openssl rand"
3039: .Op Fl base64
3040: .Op Fl hex
3041: .Op Fl out Ar file
3042: .Ar num
3043: .nr nS 0
3044: .Pp
3045: The
3046: .Nm rand
3047: command outputs
3048: .Ar num
3049: pseudo-random bytes.
3050: .Pp
3051: The options are as follows:
3052: .Bl -tag -width Ds
3053: .It Fl base64
1.81 jmc 3054: Perform base64 encoding on the output.
1.1 jsing 3055: .It Fl hex
3056: Specify hexadecimal output.
3057: .It Fl out Ar file
1.63 jmc 3058: The output file to write to,
3059: or standard output if not specified.
1.1 jsing 3060: .El
3061: .Sh REQ
3062: .nr nS 1
3063: .Nm "openssl req"
3064: .Op Fl asn1-kludge
3065: .Op Fl batch
3066: .Op Fl config Ar file
3067: .Op Fl days Ar n
3068: .Op Fl extensions Ar section
3069: .Op Fl in Ar file
1.63 jmc 3070: .Op Fl inform Cm der | pem
1.1 jsing 3071: .Op Fl key Ar keyfile
1.63 jmc 3072: .Op Fl keyform Cm der | pem
1.1 jsing 3073: .Op Fl keyout Ar file
1.28 doug 3074: .Op Fl md4 | md5 | sha1
1.1 jsing 3075: .Op Fl modulus
3076: .Op Fl nameopt Ar option
3077: .Op Fl new
3078: .Op Fl newhdr
3079: .Op Fl newkey Ar arg
3080: .Op Fl no-asn1-kludge
3081: .Op Fl nodes
3082: .Op Fl noout
3083: .Op Fl out Ar file
1.63 jmc 3084: .Op Fl outform Cm der | pem
1.1 jsing 3085: .Op Fl passin Ar arg
3086: .Op Fl passout Ar arg
3087: .Op Fl pubkey
3088: .Op Fl reqexts Ar section
3089: .Op Fl reqopt Ar option
3090: .Op Fl set_serial Ar n
3091: .Op Fl subj Ar arg
3092: .Op Fl subject
3093: .Op Fl text
3094: .Op Fl utf8
3095: .Op Fl verbose
3096: .Op Fl verify
3097: .Op Fl x509
3098: .nr nS 0
3099: .Pp
3100: The
3101: .Nm req
3102: command primarily creates and processes certificate requests
3103: in PKCS#10 format.
3104: It can additionally create self-signed certificates,
3105: for use as root CAs, for example.
3106: .Pp
3107: The options are as follows:
3108: .Bl -tag -width Ds
3109: .It Fl asn1-kludge
1.63 jmc 3110: Produce requests in an invalid format for certain picky CAs.
3111: Very few CAs still require the use of this option.
1.1 jsing 3112: .It Fl batch
3113: Non-interactive mode.
3114: .It Fl config Ar file
1.63 jmc 3115: Specify an alternative configuration file.
1.1 jsing 3116: .It Fl days Ar n
1.63 jmc 3117: Specify the number of days to certify the certificate for.
3118: The default is 30 days.
3119: Used with the
1.1 jsing 3120: .Fl x509
1.63 jmc 3121: option.
1.1 jsing 3122: .It Fl extensions Ar section , Fl reqexts Ar section
1.63 jmc 3123: Specify alternative sections to include certificate
3124: extensions (with
3125: .Fl x509 )
3126: or certificate request extensions,
3127: allowing several different sections to be used in the same configuration file.
1.1 jsing 3128: .It Fl in Ar file
1.63 jmc 3129: The input file to read a request from,
3130: or standard input if not specified.
1.1 jsing 3131: A request is only read if the creation options
3132: .Fl new
3133: and
3134: .Fl newkey
3135: are not specified.
1.63 jmc 3136: .It Fl inform Cm der | pem
3137: The input format.
1.1 jsing 3138: .It Fl key Ar keyfile
1.63 jmc 3139: The file to read the private key from.
1.1 jsing 3140: It also accepts PKCS#8 format private keys for PEM format files.
1.63 jmc 3141: .It Fl keyform Cm der | pem
1.1 jsing 3142: The format of the private key file specified in the
3143: .Fl key
3144: argument.
1.81 jmc 3145: The default is
3146: .Cm pem .
1.1 jsing 3147: .It Fl keyout Ar file
1.63 jmc 3148: The file to write the newly created private key to.
3149: If this option is not specified,
3150: the filename present in the configuration file is used.
1.4 sthen 3151: .It Fl md5 | sha1 | sha256
1.63 jmc 3152: The message digest to sign the request with.
1.1 jsing 3153: This overrides the digest algorithm specified in the configuration file.
3154: .Pp
3155: Some public key algorithms may override this choice.
3156: For instance, DSA signatures always use SHA1.
3157: .It Fl modulus
1.63 jmc 3158: Print the value of the modulus of the public key contained in the request.
1.1 jsing 3159: .It Fl nameopt Ar option , Fl reqopt Ar option
1.63 jmc 3160: Determine how the subject or issuer names are displayed.
1.1 jsing 3161: .Ar option
1.63 jmc 3162: can be a single option or multiple options separated by commas.
1.1 jsing 3163: Alternatively, these options may be used more than once to set multiple options.
3164: See the
3165: .Sx X509
3166: section below for details.
3167: .It Fl new
1.63 jmc 3168: Generate a new certificate request.
3169: The user is prompted for the relevant field values.
1.1 jsing 3170: The actual fields prompted for and their maximum and minimum sizes
3171: are specified in the configuration file and any requested extensions.
3172: .Pp
3173: If the
3174: .Fl key
3175: option is not used, it will generate a new RSA private
3176: key using information specified in the configuration file.
3177: .It Fl newhdr
1.63 jmc 3178: Add the word NEW to the PEM file header and footer lines
1.1 jsing 3179: on the outputed request.
1.63 jmc 3180: Some software and CAs need this.
1.1 jsing 3181: .It Fl newkey Ar arg
1.63 jmc 3182: Create a new certificate request and a new private key.
1.1 jsing 3183: The argument takes one of several forms.
1.63 jmc 3184: .Pp
3185: .No rsa : Ns Ar nbits
3186: generates an RSA key
1.1 jsing 3187: .Ar nbits
3188: in size.
3189: If
3190: .Ar nbits
1.63 jmc 3191: is omitted
3192: the default key size is used.
3193: .Pp
3194: .No dsa : Ns Ar file
3195: generates a DSA key using the parameters in
3196: .Ar file .
3197: .Pp
3198: .No param : Ns Ar file
3199: generates a key using the parameters or certificate in
3200: .Ar file .
3201: .Pp
3202: All other algorithms support the form
3203: .Ar algorithm : Ns Ar file ,
1.1 jsing 3204: where file may be an algorithm parameter file,
3205: created by the
3206: .Cm genpkey -genparam
1.14 jmc 3207: command or an X.509 certificate for a key with appropriate algorithm.
1.63 jmc 3208: .Ar file
3209: can be omitted,
3210: in which case any parameters can be specified via the
1.1 jsing 3211: .Fl pkeyopt
3212: option.
3213: .It Fl no-asn1-kludge
1.63 jmc 3214: Reverse the effect of
1.1 jsing 3215: .Fl asn1-kludge .
3216: .It Fl nodes
1.63 jmc 3217: Do not encrypt the private key.
1.1 jsing 3218: .It Fl noout
1.63 jmc 3219: Do not output the encoded version of the request.
1.1 jsing 3220: .It Fl out Ar file
1.63 jmc 3221: The output file to write to,
3222: or standard output if not spceified.
3223: .It Fl outform Cm der | pem
3224: The output format.
1.1 jsing 3225: .It Fl passin Ar arg
3226: The key password source.
3227: .It Fl passout Ar arg
3228: The output file password source.
3229: .It Fl pubkey
1.63 jmc 3230: Output the public key.
1.1 jsing 3231: .It Fl reqopt Ar option
3232: Customise the output format used with
3233: .Fl text .
3234: The
3235: .Ar option
3236: argument can be a single option or multiple options separated by commas.
1.63 jmc 3237: See also the discussion of
1.1 jsing 3238: .Fl certopt
1.63 jmc 3239: in the
1.1 jsing 3240: .Nm x509
3241: command.
3242: .It Fl set_serial Ar n
3243: Serial number to use when outputting a self-signed certificate.
3244: This may be specified as a decimal value or a hex value if preceded by
3245: .Sq 0x .
3246: It is possible to use negative serial numbers but this is not recommended.
3247: .It Fl subj Ar arg
1.63 jmc 3248: Replaces the subject field of an input request
3249: with the specified data and output the modified request.
3250: .Ar arg
3251: must be formatted as /type0=value0/type1=value1/type2=...;
1.1 jsing 3252: characters may be escaped by
3253: .Sq \e
1.63 jmc 3254: (backslash);
1.1 jsing 3255: no spaces are skipped.
3256: .It Fl subject
1.63 jmc 3257: Print the request subject (or certificate subject if
1.1 jsing 3258: .Fl x509
1.63 jmc 3259: is specified).
1.1 jsing 3260: .It Fl text
1.64 jmc 3261: Print the certificate request in plain text.
1.1 jsing 3262: .It Fl utf8
1.63 jmc 3263: Interpret field values as UTF8 strings, not ASCII.
1.1 jsing 3264: .It Fl verbose
3265: Print extra details about the operations being performed.
3266: .It Fl verify
1.63 jmc 3267: Verify the signature on the request.
1.1 jsing 3268: .It Fl x509
1.63 jmc 3269: Output a self-signed certificate instead of a certificate request.
3270: This is typically used to generate a test certificate or a self-signed root CA.
3271: The extensions added to the certificate (if any)
1.1 jsing 3272: are specified in the configuration file.
3273: Unless specified using the
3274: .Fl set_serial
1.63 jmc 3275: option, 0 is used for the serial number.
1.1 jsing 3276: .El
1.63 jmc 3277: .Pp
1.1 jsing 3278: The configuration options are specified in the
1.63 jmc 3279: .Qq req
1.1 jsing 3280: section of the configuration file.
1.63 jmc 3281: The options available are as follows:
1.1 jsing 3282: .Bl -tag -width "XXXX"
1.63 jmc 3283: .It Cm attributes
3284: The section containing any request attributes: its format
1.1 jsing 3285: is the same as
1.63 jmc 3286: .Cm distinguished_name .
3287: Typically these may contain the challengePassword or unstructuredName types.
3288: They are currently ignored by the
3289: .Nm openssl
1.1 jsing 3290: request signing utilities, but some CAs might want them.
1.63 jmc 3291: .It Cm default_bits
3292: The default key size, in bits.
3293: The default is 2048.
1.1 jsing 3294: It is used if the
3295: .Fl new
1.63 jmc 3296: option is used and can be overridden by using the
1.1 jsing 3297: .Fl newkey
3298: option.
1.63 jmc 3299: .It Cm default_keyfile
3300: The default file to write a private key to,
3301: or standard output if not specified.
3302: It can be overridden by the
1.1 jsing 3303: .Fl keyout
3304: option.
1.63 jmc 3305: .It Cm default_md
3306: The digest algorithm to use.
1.1 jsing 3307: Possible values include
1.63 jmc 3308: .Cm md5 ,
3309: .Cm sha1
1.1 jsing 3310: and
1.63 jmc 3311: .Cm sha256
3312: (the default).
3313: It can be overridden on the command line.
3314: .It Cm distinguished_name
3315: The section containing the distinguished name fields to
1.1 jsing 3316: prompt for when generating a certificate or certificate request.
1.63 jmc 3317: The format is described below.
3318: .It Cm encrypt_key
3319: If set to
3320: .Qq no
3321: and a private key is generated, it is not encrypted.
3322: It is equivalent to the
1.1 jsing 3323: .Fl nodes
1.63 jmc 3324: option.
1.1 jsing 3325: For compatibility,
1.63 jmc 3326: .Cm encrypt_rsa_key
1.1 jsing 3327: is an equivalent option.
1.63 jmc 3328: .It Cm input_password | output_password
3329: The passwords for the input private key file (if present)
3330: and the output private key file (if one will be created).
1.1 jsing 3331: The command line options
3332: .Fl passin
3333: and
3334: .Fl passout
3335: override the configuration file values.
1.63 jmc 3336: .It Cm oid_file
3337: A file containing additional OBJECT IDENTIFIERS.
1.1 jsing 3338: Each line of the file should consist of the numerical form of the
3339: object identifier, followed by whitespace, then the short name followed
3340: by whitespace and finally the long name.
1.63 jmc 3341: .It Cm oid_section
3342: Specify a section in the configuration file containing extra
1.1 jsing 3343: object identifiers.
3344: Each line should consist of the short name of the
3345: object identifier followed by
3346: .Sq =
3347: and the numerical form.
3348: The short and long names are the same when this option is used.
1.63 jmc 3349: .It Cm prompt
3350: If set to
3351: .Qq no ,
3352: it disables prompting of certificate fields
1.1 jsing 3353: and just takes values from the config file directly.
3354: It also changes the expected format of the
1.63 jmc 3355: .Cm distinguished_name
1.1 jsing 3356: and
1.63 jmc 3357: .Cm attributes
1.1 jsing 3358: sections.
1.63 jmc 3359: .It Cm req_extensions
3360: The configuration file section containing a list of
1.1 jsing 3361: extensions to add to the certificate request.
3362: It can be overridden by the
3363: .Fl reqexts
1.63 jmc 3364: option.
3365: .It Cm string_mask
3366: Limit the string types for encoding certain fields.
1.1 jsing 3367: The following values may be used, limiting strings to the indicated types:
3368: .Bl -tag -width "MASK:number"
1.63 jmc 3369: .It Cm utf8only
3370: UTF8String.
1.1 jsing 3371: This is the default, as recommended by PKIX in RFC 2459.
1.63 jmc 3372: .It Cm default
3373: PrintableString, IA5String, T61String, BMPString, UTF8String.
3374: .It Cm pkix
3375: PrintableString, IA5String, BMPString, UTF8String.
3376: Inspired by the PKIX recommendation in RFC 2459 for certificates
3377: generated before 2004, but differs by also permitting IA5String.
3378: .It Cm nombstr
3379: PrintableString, IA5String, T61String, UniversalString.
3380: A workaround for some ancient software that had problems
3381: with the variable-sized BMPString and UTF8String types.
1.1 jsing 3382: .It Cm MASK : Ns Ar number
1.63 jmc 3383: An explicit bitmask of permitted types, where
1.1 jsing 3384: .Ar number
3385: is a C-style hex, decimal, or octal number that's a bit-wise OR of
3386: .Dv B_ASN1_*
3387: values from
3388: .In openssl/asn1.h .
3389: .El
1.63 jmc 3390: .It Cm utf8
3391: If set to
3392: .Qq yes ,
1.72 jmc 3393: field values are interpreted as UTF8 strings.
1.63 jmc 3394: .It Cm x509_extensions
3395: The configuration file section containing a list of
1.1 jsing 3396: extensions to add to a certificate generated when the
3397: .Fl x509
3398: switch is used.
3399: It can be overridden by the
3400: .Fl extensions
1.72 jmc 3401: command line switch.
1.1 jsing 3402: .El
1.63 jmc 3403: .Pp
1.1 jsing 3404: There are two separate formats for the distinguished name and attribute
3405: sections.
3406: If the
3407: .Fl prompt
3408: option is set to
1.63 jmc 3409: .Qq no ,
1.72 jmc 3410: then these sections just consist of field names and values.
3411: If the
1.1 jsing 3412: .Fl prompt
3413: option is absent or not set to
1.63 jmc 3414: .Qq no ,
1.72 jmc 3415: then the file contains field prompting information of the form:
1.1 jsing 3416: .Bd -unfilled -offset indent
3417: fieldName="prompt"
3418: fieldName_default="default field value"
3419: fieldName_min= 2
3420: fieldName_max= 4
3421: .Ed
3422: .Pp
3423: .Qq fieldName
3424: is the field name being used, for example
1.63 jmc 3425: .Cm commonName
3426: (or CN).
1.1 jsing 3427: The
3428: .Qq prompt
3429: string is used to ask the user to enter the relevant details.
3430: If the user enters nothing, the default value is used;
3431: if no default value is present, the field is omitted.
3432: A field can still be omitted if a default value is present,
3433: if the user just enters the
3434: .Sq \&.
3435: character.
3436: .Pp
3437: The number of characters entered must be between the
1.63 jmc 3438: fieldName_min and fieldName_max limits:
1.1 jsing 3439: there may be additional restrictions based on the field being used
3440: (for example
1.63 jmc 3441: .Cm countryName
1.1 jsing 3442: can only ever be two characters long and must fit in a
1.63 jmc 3443: .Cm PrintableString ) .
1.1 jsing 3444: .Pp
3445: Some fields (such as
1.63 jmc 3446: .Cm organizationName )
1.1 jsing 3447: can be used more than once in a DN.
3448: This presents a problem because configuration files will
3449: not recognize the same name occurring twice.
3450: To avoid this problem, if the
1.63 jmc 3451: .Cm fieldName
1.1 jsing 3452: contains some characters followed by a full stop, they will be ignored.
3453: So, for example, a second
1.63 jmc 3454: .Cm organizationName
1.1 jsing 3455: can be input by calling it
3456: .Qq 1.organizationName .
3457: .Pp
3458: The actual permitted field names are any object identifier short or
3459: long names.
3460: These are compiled into
1.63 jmc 3461: .Nm openssl
1.1 jsing 3462: and include the usual values such as
1.63 jmc 3463: .Cm commonName , countryName , localityName , organizationName ,
1.89 jmc 3464: .Cm organizationalUnitName , stateOrProvinceName .
1.1 jsing 3465: Additionally,
1.63 jmc 3466: .Cm emailAddress
1.1 jsing 3467: is included as well as
1.63 jmc 3468: .Cm name , surname , givenName , initials
1.1 jsing 3469: and
1.63 jmc 3470: .Cm dnQualifier .
1.1 jsing 3471: .Pp
3472: Additional object identifiers can be defined with the
1.63 jmc 3473: .Cm oid_file
1.1 jsing 3474: or
1.63 jmc 3475: .Cm oid_section
1.1 jsing 3476: options in the configuration file.
3477: Any additional fields will be treated as though they were a
1.63 jmc 3478: .Cm DirectoryString .
1.1 jsing 3479: .Sh RSA
3480: .nr nS 1
3481: .Nm "openssl rsa"
1.64 jmc 3482: .Op Fl aes128 | aes192 | aes256 | des | des3
1.1 jsing 3483: .Op Fl check
3484: .Op Fl in Ar file
1.64 jmc 3485: .Op Fl inform Cm der | net | pem
1.1 jsing 3486: .Op Fl modulus
3487: .Op Fl noout
3488: .Op Fl out Ar file
1.64 jmc 3489: .Op Fl outform Cm der | net | pem
1.1 jsing 3490: .Op Fl passin Ar arg
3491: .Op Fl passout Ar arg
3492: .Op Fl pubin
3493: .Op Fl pubout
3494: .Op Fl sgckey
3495: .Op Fl text
3496: .nr nS 0
3497: .Pp
3498: The
3499: .Nm rsa
3500: command processes RSA keys.
3501: They can be converted between various forms and their components printed out.
1.64 jmc 3502: .Nm rsa
3503: uses the traditional
1.1 jsing 3504: .Nm SSLeay
3505: compatible format for private key encryption:
3506: newer applications should use the more secure PKCS#8 format using the
3507: .Nm pkcs8
3508: utility.
3509: .Pp
3510: The options are as follows:
3511: .Bl -tag -width Ds
1.64 jmc 3512: .It Fl aes128 | aes192 | aes256 | des | des3
3513: Encrypt the private key with the AES, DES,
1.1 jsing 3514: or the triple DES ciphers, respectively, before outputting it.
3515: A pass phrase is prompted for.
3516: If none of these options are specified, the key is written in plain text.
3517: This means that using the
3518: .Nm rsa
3519: utility to read in an encrypted key with no encryption option can be used
3520: to remove the pass phrase from a key, or by setting the encryption options
3521: it can be used to add or change the pass phrase.
3522: These options can only be used with PEM format output files.
3523: .It Fl check
1.64 jmc 3524: Check the consistency of an RSA private key.
1.1 jsing 3525: .It Fl in Ar file
1.64 jmc 3526: The input file to read from,
3527: or standard input if not specified.
1.1 jsing 3528: If the key is encrypted, a pass phrase will be prompted for.
1.64 jmc 3529: .It Fl inform Cm der | net | pem
3530: The input format.
1.1 jsing 3531: .It Fl noout
1.64 jmc 3532: Do not output the encoded version of the key.
1.1 jsing 3533: .It Fl modulus
1.64 jmc 3534: Print the value of the modulus of the key.
1.1 jsing 3535: .It Fl out Ar file
1.64 jmc 3536: The output file to write to,
3537: or standard output if not specified.
3538: .It Fl outform Cm der | net | pem
3539: The output format.
1.1 jsing 3540: .It Fl passin Ar arg
3541: The key password source.
3542: .It Fl passout Ar arg
3543: The output file password source.
3544: .It Fl pubin
1.64 jmc 3545: Read in a public key,
3546: not a private key.
1.1 jsing 3547: .It Fl pubout
1.64 jmc 3548: Output a public key,
3549: not a private key.
3550: Automatically set if the input is a public key.
1.1 jsing 3551: .It Fl sgckey
1.64 jmc 3552: Use the modified NET algorithm used with some versions of Microsoft IIS
3553: and SGC keys.
1.1 jsing 3554: .It Fl text
1.64 jmc 3555: Print the public/private key components in plain text.
1.1 jsing 3556: .El
3557: .Sh RSAUTL
3558: .nr nS 1
3559: .Nm "openssl rsautl"
3560: .Op Fl asn1parse
3561: .Op Fl certin
3562: .Op Fl decrypt
3563: .Op Fl encrypt
3564: .Op Fl hexdump
3565: .Op Fl in Ar file
3566: .Op Fl inkey Ar file
1.65 jmc 3567: .Op Fl keyform Cm der | pem
1.86 jsing 3568: .Op Fl oaep | pkcs | raw
1.1 jsing 3569: .Op Fl out Ar file
3570: .Op Fl pubin
3571: .Op Fl sign
3572: .Op Fl verify
3573: .nr nS 0
3574: .Pp
3575: The
3576: .Nm rsautl
3577: command can be used to sign, verify, encrypt and decrypt
3578: data using the RSA algorithm.
3579: .Pp
3580: The options are as follows:
3581: .Bl -tag -width Ds
3582: .It Fl asn1parse
3583: Asn1parse the output data; this is useful when combined with the
3584: .Fl verify
3585: option.
3586: .It Fl certin
3587: The input is a certificate containing an RSA public key.
3588: .It Fl decrypt
3589: Decrypt the input data using an RSA private key.
3590: .It Fl encrypt
3591: Encrypt the input data using an RSA public key.
3592: .It Fl hexdump
3593: Hex dump the output data.
3594: .It Fl in Ar file
1.65 jmc 3595: The input to read from,
3596: or standard input if not specified.
1.1 jsing 3597: .It Fl inkey Ar file
1.65 jmc 3598: The input key file; by default an RSA private key.
3599: .It Fl keyform Cm der | pem
1.85 tb 3600: The private key format.
1.65 jmc 3601: The default is
3602: .Cm pem .
1.86 jsing 3603: .It Fl oaep | pkcs | raw
1.1 jsing 3604: The padding to use:
1.65 jmc 3605: PKCS#1 OAEP, PKCS#1 v1.5 (the default), or no padding, respectively.
1.1 jsing 3606: For signatures, only
3607: .Fl pkcs
3608: and
3609: .Fl raw
3610: can be used.
3611: .It Fl out Ar file
1.65 jmc 3612: The output file to write to,
3613: or standard output if not specified.
1.1 jsing 3614: .It Fl pubin
3615: The input file is an RSA public key.
3616: .It Fl sign
3617: Sign the input data and output the signed result.
3618: This requires an RSA private key.
3619: .It Fl verify
3620: Verify the input data and output the recovered data.
3621: .El
3622: .Sh S_CLIENT
3623: .nr nS 1
3624: .Nm "openssl s_client"
3625: .Op Fl 4 | 6
3626: .Op Fl bugs
3627: .Op Fl CAfile Ar file
3628: .Op Fl CApath Ar directory
3629: .Op Fl cert Ar file
3630: .Op Fl check_ss_sig
3631: .Op Fl cipher Ar cipherlist
1.66 jmc 3632: .Op Fl connect Ar host Ns Op : Ns Ar port
1.1 jsing 3633: .Op Fl crl_check
3634: .Op Fl crl_check_all
3635: .Op Fl crlf
3636: .Op Fl debug
3637: .Op Fl extended_crl
1.87 jmc 3638: .Op Fl groups
1.1 jsing 3639: .Op Fl ign_eof
3640: .Op Fl ignore_critical
3641: .Op Fl issuer_checks
3642: .Op Fl key Ar keyfile
3643: .Op Fl msg
3644: .Op Fl nbio
3645: .Op Fl nbio_test
3646: .Op Fl no_ticket
3647: .Op Fl no_tls1
1.6 guenther 3648: .Op Fl no_tls1_1
3649: .Op Fl no_tls1_2
1.1 jsing 3650: .Op Fl pause
3651: .Op Fl policy_check
3652: .Op Fl prexit
1.11 bluhm 3653: .Op Fl proxy Ar host : Ns Ar port
1.1 jsing 3654: .Op Fl psk Ar key
3655: .Op Fl psk_identity Ar identity
3656: .Op Fl quiet
3657: .Op Fl reconnect
1.5 jsing 3658: .Op Fl servername Ar name
1.1 jsing 3659: .Op Fl showcerts
3660: .Op Fl starttls Ar protocol
3661: .Op Fl state
3662: .Op Fl tls1
1.31 jmc 3663: .Op Fl tls1_1
3664: .Op Fl tls1_2
1.1 jsing 3665: .Op Fl tlsextdebug
3666: .Op Fl verify Ar depth
3667: .Op Fl x509_strict
1.19 landry 3668: .Op Fl xmpphost Ar host
1.1 jsing 3669: .nr nS 0
3670: .Pp
3671: The
3672: .Nm s_client
3673: command implements a generic SSL/TLS client which connects
3674: to a remote host using SSL/TLS.
1.66 jmc 3675: .Pp
3676: If a connection is established with an SSL server, any data received
3677: from the server is displayed and any key presses will be sent to the
3678: server.
3679: When used interactively (which means neither
3680: .Fl quiet
3681: nor
3682: .Fl ign_eof
3683: have been given), the session will be renegotiated if the line begins with an
3684: .Cm R ;
3685: if the line begins with a
3686: .Cm Q
3687: or if end of file is reached, the connection will be closed down.
1.1 jsing 3688: .Pp
3689: The options are as follows:
3690: .Bl -tag -width Ds
3691: .It Fl 4
1.66 jmc 3692: Attempt connections using IPv4 only.
1.1 jsing 3693: .It Fl 6
1.66 jmc 3694: Attempt connections using IPv6 only.
1.1 jsing 3695: .It Fl bugs
1.66 jmc 3696: Enable various workarounds for buggy implementations.
1.1 jsing 3697: .It Fl CAfile Ar file
3698: A
3699: .Ar file
3700: containing trusted certificates to use during server authentication
3701: and to use when attempting to build the client certificate chain.
3702: .It Fl CApath Ar directory
3703: The
3704: .Ar directory
3705: to use for server certificate verification.
3706: This directory must be in
3707: .Qq hash format ;
3708: see
3709: .Fl verify
3710: for more information.
3711: These are also used when building the client certificate chain.
3712: .It Fl cert Ar file
3713: The certificate to use, if one is requested by the server.
3714: The default is not to use a certificate.
3715: .It Xo
3716: .Fl check_ss_sig ,
3717: .Fl crl_check ,
3718: .Fl crl_check_all ,
3719: .Fl extended_crl ,
3720: .Fl ignore_critical ,
3721: .Fl issuer_checks ,
3722: .Fl policy_check ,
3723: .Fl x509_strict
3724: .Xc
3725: Set various certificate chain validation options.
3726: See the
1.66 jmc 3727: .Nm verify
1.1 jsing 3728: command for details.
3729: .It Fl cipher Ar cipherlist
1.66 jmc 3730: Modify the cipher list sent by the client.
1.1 jsing 3731: Although the server determines which cipher suite is used, it should take
3732: the first supported cipher in the list sent by the client.
3733: See the
1.66 jmc 3734: .Nm ciphers
3735: command for more information.
3736: .It Fl connect Ar host Ns Op : Ns Ar port
3737: The
1.1 jsing 3738: .Ar host
1.66 jmc 3739: and
1.1 jsing 3740: .Ar port
3741: to connect to.
3742: If not specified, an attempt is made to connect to the local host
3743: on port 4433.
3744: Alternatively, the host and port pair may be separated using a forward-slash
1.66 jmc 3745: character,
3746: which is useful for numeric IPv6 addresses.
1.1 jsing 3747: .It Fl crlf
1.66 jmc 3748: Translate a line feed from the terminal into CR+LF,
3749: as required by some servers.
1.1 jsing 3750: .It Fl debug
1.66 jmc 3751: Print extensive debugging information, including a hex dump of all traffic.
1.87 jmc 3752: .It Fl groups Ar ecgroups
3753: Specify a colon-separated list of permitted EC curve groups.
1.1 jsing 3754: .It Fl ign_eof
1.66 jmc 3755: Inhibit shutting down the connection when end of file is reached in the input.
1.1 jsing 3756: .It Fl key Ar keyfile
3757: The private key to use.
3758: If not specified, the certificate file will be used.
3759: .It Fl msg
3760: Show all protocol messages with hex dump.
3761: .It Fl nbio
1.66 jmc 3762: Turn on non-blocking I/O.
1.1 jsing 3763: .It Fl nbio_test
1.66 jmc 3764: Test non-blocking I/O.
1.31 jmc 3765: .It Fl no_tls1 | no_tls1_1 | no_tls1_2
1.66 jmc 3766: Disable the use of TLS1.0, 1.1, and 1.2, respectively.
1.1 jsing 3767: .It Fl no_ticket
3768: Disable RFC 4507 session ticket support.
3769: .It Fl pause
1.66 jmc 3770: Pause 1 second between each read and write call.
1.1 jsing 3771: .It Fl prexit
3772: Print session information when the program exits.
3773: This will always attempt
3774: to print out information even if the connection fails.
3775: Normally, information will only be printed out once if the connection succeeds.
3776: This option is useful because the cipher in use may be renegotiated
3777: or the connection may fail because a client certificate is required or is
3778: requested only after an attempt is made to access a certain URL.
1.66 jmc 3779: Note that the output produced by this option is not always accurate
3780: because a connection might never have been established.
1.11 bluhm 3781: .It Fl proxy Ar host : Ns Ar port
3782: Use the HTTP proxy at
3783: .Ar host
3784: and
3785: .Ar port .
3786: The connection to the proxy is done in cleartext and the
3787: .Fl connect
3788: argument is given to the proxy.
3789: If not specified, localhost is used as final destination.
3790: After that, switch the connection through the proxy to the destination
3791: to TLS.
1.1 jsing 3792: .It Fl psk Ar key
3793: Use the PSK key
3794: .Ar key
3795: when using a PSK cipher suite.
3796: The key is given as a hexadecimal number without the leading 0x,
3797: for example -psk 1a2b3c4d.
3798: .It Fl psk_identity Ar identity
1.66 jmc 3799: Use the PSK
1.1 jsing 3800: .Ar identity
3801: when using a PSK cipher suite.
3802: .It Fl quiet
3803: Inhibit printing of session and certificate information.
3804: This implicitly turns on
3805: .Fl ign_eof
3806: as well.
3807: .It Fl reconnect
1.66 jmc 3808: Reconnect to the same server 5 times using the same session ID; this can
1.1 jsing 3809: be used as a test that session caching is working.
1.5 jsing 3810: .It Fl servername Ar name
3811: Include the TLS Server Name Indication (SNI) extension in the ClientHello
3812: message, using the specified server
3813: .Ar name .
1.1 jsing 3814: .It Fl showcerts
3815: Display the whole server certificate chain: normally only the server
3816: certificate itself is displayed.
3817: .It Fl starttls Ar protocol
1.66 jmc 3818: Send the protocol-specific messages to switch to TLS for communication.
1.1 jsing 3819: .Ar protocol
3820: is a keyword for the intended protocol.
3821: Currently, the supported keywords are
3822: .Qq ftp ,
3823: .Qq imap ,
3824: .Qq smtp ,
3825: .Qq pop3 ,
3826: and
3827: .Qq xmpp .
3828: .It Fl state
1.66 jmc 3829: Print the SSL session states.
1.31 jmc 3830: .It Fl tls1 | tls1_1 | tls1_2
3831: Permit only TLS1.0, 1.1, or 1.2, respectively.
1.1 jsing 3832: .It Fl tlsextdebug
1.66 jmc 3833: Print a hex dump of any TLS extensions received from the server.
1.1 jsing 3834: .It Fl verify Ar depth
1.66 jmc 3835: Turn on server certificate verification,
3836: with a maximum length of
3837: .Ar depth .
1.1 jsing 3838: Currently the verify operation continues after errors so all the problems
3839: with a certificate chain can be seen.
3840: As a side effect the connection will never fail due to a server
3841: certificate verify failure.
1.19 landry 3842: .It Fl xmpphost Ar hostname
1.66 jmc 3843: When used with
1.19 landry 3844: .Fl starttls Ar xmpp ,
1.66 jmc 3845: specify the host for the "to" attribute of the stream element.
1.19 landry 3846: If this option is not specified then the host specified with
3847: .Fl connect
3848: will be used.
1.1 jsing 3849: .El
3850: .Sh S_SERVER
3851: .nr nS 1
3852: .Nm "openssl s_server"
3853: .Op Fl accept Ar port
3854: .Op Fl bugs
3855: .Op Fl CAfile Ar file
3856: .Op Fl CApath Ar directory
3857: .Op Fl cert Ar file
3858: .Op Fl cipher Ar cipherlist
3859: .Op Fl context Ar id
3860: .Op Fl crl_check
3861: .Op Fl crl_check_all
3862: .Op Fl crlf
3863: .Op Fl dcert Ar file
3864: .Op Fl debug
3865: .Op Fl dhparam Ar file
3866: .Op Fl dkey Ar file
3867: .Op Fl hack
3868: .Op Fl HTTP
3869: .Op Fl id_prefix Ar arg
3870: .Op Fl key Ar keyfile
3871: .Op Fl msg
3872: .Op Fl nbio
3873: .Op Fl nbio_test
3874: .Op Fl no_dhe
3875: .Op Fl no_tls1
1.6 guenther 3876: .Op Fl no_tls1_1
3877: .Op Fl no_tls1_2
1.1 jsing 3878: .Op Fl no_tmp_rsa
3879: .Op Fl nocert
3880: .Op Fl psk Ar key
3881: .Op Fl psk_hint Ar hint
3882: .Op Fl quiet
3883: .Op Fl serverpref
3884: .Op Fl state
3885: .Op Fl tls1
1.31 jmc 3886: .Op Fl tls1_1
3887: .Op Fl tls1_2
1.1 jsing 3888: .Op Fl Verify Ar depth
3889: .Op Fl verify Ar depth
3890: .Op Fl WWW
3891: .Op Fl www
3892: .nr nS 0
3893: .Pp
3894: The
3895: .Nm s_server
3896: command implements a generic SSL/TLS server which listens
3897: for connections on a given port using SSL/TLS.
3898: .Pp
1.67 jmc 3899: If a connection request is established with a client and neither the
3900: .Fl www
3901: nor the
3902: .Fl WWW
3903: option has been used, then any data received
3904: from the client is displayed and any key presses are sent to the client.
3905: Certain single letter commands perform special operations:
3906: .Pp
3907: .Bl -tag -width "XXXX" -compact
3908: .It Ic P
3909: Send plain text, which should cause the client to disconnect.
3910: .It Ic Q
3911: End the current SSL connection and exit.
3912: .It Ic q
3913: End the current SSL connection, but still accept new connections.
3914: .It Ic R
3915: Renegotiate the SSL session and request a client certificate.
3916: .It Ic r
3917: Renegotiate the SSL session.
3918: .It Ic S
3919: Print out some session cache status information.
3920: .El
3921: .Pp
1.1 jsing 3922: The options are as follows:
3923: .Bl -tag -width Ds
3924: .It Fl accept Ar port
1.67 jmc 3925: Listen on TCP
1.1 jsing 3926: .Ar port
1.67 jmc 3927: for connections.
3928: The default is port 4433.
1.1 jsing 3929: .It Fl bugs
1.67 jmc 3930: Enable various workarounds for buggy implementations.
1.1 jsing 3931: .It Fl CAfile Ar file
1.67 jmc 3932: A
3933: .Ar file
3934: containing trusted certificates to use during client authentication
1.1 jsing 3935: and to use when attempting to build the server certificate chain.
3936: The list is also used in the list of acceptable client CAs passed to the
3937: client when a certificate is requested.
3938: .It Fl CApath Ar directory
3939: The
3940: .Ar directory
3941: to use for client certificate verification.
3942: This directory must be in
3943: .Qq hash format ;
3944: see
3945: .Fl verify
3946: for more information.
3947: These are also used when building the server certificate chain.
3948: .It Fl cert Ar file
1.67 jmc 3949: The certificate to use: most server's cipher suites require the use of a
3950: certificate and some require a certificate with a certain public key type.
3951: For example, the DSS cipher suites require a certificate containing a DSS
3952: (DSA) key.
1.1 jsing 3953: If not specified, the file
3954: .Pa server.pem
3955: will be used.
3956: .It Fl cipher Ar cipherlist
1.67 jmc 3957: Modify the cipher list used by the server.
1.1 jsing 3958: This allows the cipher list used by the server to be modified.
3959: When the client sends a list of supported ciphers, the first client cipher
3960: also included in the server list is used.
3961: Because the client specifies the preference order, the order of the server
3962: cipherlist is irrelevant.
3963: See the
1.67 jmc 3964: .Nm ciphers
3965: command for more information.
1.1 jsing 3966: .It Fl context Ar id
1.67 jmc 3967: Set the SSL context ID.
1.1 jsing 3968: It can be given any string value.
3969: .It Fl crl_check , crl_check_all
3970: Check the peer certificate has not been revoked by its CA.
3971: The CRLs are appended to the certificate file.
3972: .Fl crl_check_all
1.67 jmc 3973: checks all CRLs of all CAs in the chain.
1.1 jsing 3974: .It Fl crlf
1.67 jmc 3975: Translate a line feed from the terminal into CR+LF.
1.1 jsing 3976: .It Fl dcert Ar file , Fl dkey Ar file
3977: Specify an additional certificate and private key; these behave in the
3978: same manner as the
3979: .Fl cert
3980: and
3981: .Fl key
3982: options except there is no default if they are not specified
1.67 jmc 3983: (no additional certificate or key is used).
1.1 jsing 3984: By using RSA and DSS certificates and keys,
3985: a server can support clients which only support RSA or DSS cipher suites
3986: by using an appropriate certificate.
3987: .It Fl debug
1.67 jmc 3988: Print extensive debugging information, including a hex dump of all traffic.
1.1 jsing 3989: .It Fl dhparam Ar file
3990: The DH parameter file to use.
3991: The ephemeral DH cipher suites generate keys
3992: using a set of DH parameters.
3993: If not specified, an attempt is made to
3994: load the parameters from the server certificate file.
3995: If this fails, a static set of parameters hard coded into the
3996: .Nm s_server
3997: program will be used.
3998: .It Fl hack
1.67 jmc 3999: Enables a further workaround for some early Netscape SSL code.
1.1 jsing 4000: .It Fl HTTP
1.67 jmc 4001: Emulate a simple web server.
4002: Pages are resolved relative to the current directory.
4003: For example if the URL
1.1 jsing 4004: .Pa https://myhost/page.html
4005: is requested, the file
4006: .Pa ./page.html
4007: will be loaded.
4008: The files loaded are assumed to contain a complete and correct HTTP
4009: response (lines that are part of the HTTP response line and headers
4010: must end with CRLF).
4011: .It Fl id_prefix Ar arg
4012: Generate SSL/TLS session IDs prefixed by
4013: .Ar arg .
4014: This is mostly useful for testing any SSL/TLS code
1.81 jmc 4015: that wish to deal with multiple servers,
4016: when each of which might be generating a unique range of session IDs.
1.1 jsing 4017: .It Fl key Ar keyfile
4018: The private key to use.
4019: If not specified, the certificate file will be used.
4020: .It Fl msg
4021: Show all protocol messages with hex dump.
4022: .It Fl nbio
1.67 jmc 4023: Turn on non-blocking I/O.
1.1 jsing 4024: .It Fl nbio_test
1.67 jmc 4025: Test non-blocking I/O.
1.1 jsing 4026: .It Fl no_dhe
1.67 jmc 4027: Disable ephemeral DH cipher suites.
1.31 jmc 4028: .It Fl no_tls1 | no_tls1_1 | no_tls1_2
1.67 jmc 4029: Disable the use of TLS1.0, 1.1, and 1.2, respectively.
1.1 jsing 4030: .It Fl no_tmp_rsa
1.67 jmc 4031: Disable temporary RSA key generation.
1.1 jsing 4032: .It Fl nocert
1.67 jmc 4033: Do not use a certificate.
1.1 jsing 4034: This restricts the cipher suites available to the anonymous ones
1.67 jmc 4035: (currently just anonymous DH).
1.1 jsing 4036: .It Fl psk Ar key
4037: Use the PSK key
4038: .Ar key
4039: when using a PSK cipher suite.
4040: The key is given as a hexadecimal number without the leading 0x,
4041: for example -psk 1a2b3c4d.
4042: .It Fl psk_hint Ar hint
4043: Use the PSK identity hint
4044: .Ar hint
4045: when using a PSK cipher suite.
4046: .It Fl quiet
4047: Inhibit printing of session and certificate information.
4048: .It Fl serverpref
4049: Use server's cipher preferences.
4050: .It Fl state
1.67 jmc 4051: Print the SSL session states.
1.31 jmc 4052: .It Fl tls1 | tls1_1 | tls1_2
4053: Permit only TLS1.0, 1.1, or 1.2, respectively.
1.1 jsing 4054: .It Fl WWW
1.67 jmc 4055: Emulate a simple web server.
4056: Pages are resolved relative to the current directory.
4057: For example if the URL
1.1 jsing 4058: .Pa https://myhost/page.html
4059: is requested, the file
4060: .Pa ./page.html
4061: will be loaded.
4062: .It Fl www
1.67 jmc 4063: Send a status message to the client when it connects,
4064: including information about the ciphers used and various session parameters.
1.1 jsing 4065: The output is in HTML format so this option will normally be used with a
4066: web browser.
4067: .It Fl Verify Ar depth , Fl verify Ar depth
1.67 jmc 4068: Request a certificate chain from the client,
4069: with a maximum length of
4070: .Ar depth .
4071: With
4072: .Fl Verify ,
4073: the client must supply a certificate or an error occurs;
4074: with
4075: .Fl verify ,
4076: a certificate is requested but the client does not have to send one.
1.1 jsing 4077: .El
4078: .Sh S_TIME
4079: .nr nS 1
4080: .Nm "openssl s_time"
4081: .Op Fl bugs
4082: .Op Fl CAfile Ar file
4083: .Op Fl CApath Ar directory
4084: .Op Fl cert Ar file
4085: .Op Fl cipher Ar cipherlist
1.68 jmc 4086: .Op Fl connect Ar host Ns Op : Ns Ar port
1.1 jsing 4087: .Op Fl key Ar keyfile
4088: .Op Fl nbio
4089: .Op Fl new
1.20 lteo 4090: .Op Fl no_shutdown
1.1 jsing 4091: .Op Fl reuse
4092: .Op Fl time Ar seconds
4093: .Op Fl verify Ar depth
4094: .Op Fl www Ar page
4095: .nr nS 0
4096: .Pp
4097: The
1.68 jmc 4098: .Nm s_time
1.1 jsing 4099: command implements a generic SSL/TLS client which connects to a
4100: remote host using SSL/TLS.
4101: It can request a page from the server and includes
4102: the time to transfer the payload data in its timing measurements.
4103: It measures the number of connections within a given timeframe,
4104: the amount of data transferred
4105: .Pq if any ,
4106: and calculates the average time spent for one connection.
4107: .Pp
4108: The options are as follows:
4109: .Bl -tag -width Ds
4110: .It Fl bugs
1.68 jmc 4111: Enable various workarounds for buggy implementations.
1.1 jsing 4112: .It Fl CAfile Ar file
1.68 jmc 4113: A
4114: .Ar file
4115: containing trusted certificates to use during server authentication
1.1 jsing 4116: and to use when attempting to build the client certificate chain.
4117: .It Fl CApath Ar directory
4118: The directory to use for server certificate verification.
4119: This directory must be in
4120: .Qq hash format ;
4121: see
4122: .Nm verify
4123: for more information.
4124: These are also used when building the client certificate chain.
4125: .It Fl cert Ar file
4126: The certificate to use, if one is requested by the server.
4127: The default is not to use a certificate.
4128: .It Fl cipher Ar cipherlist
1.68 jmc 4129: Modify the cipher list sent by the client.
1.1 jsing 4130: Although the server determines which cipher suite is used,
4131: it should take the first supported cipher in the list sent by the client.
4132: See the
4133: .Nm ciphers
4134: command for more information.
1.68 jmc 4135: .It Fl connect Ar host Ns Op : Ns Ar port
4136: The host and port to connect to.
1.1 jsing 4137: .It Fl key Ar keyfile
4138: The private key to use.
4139: If not specified, the certificate file will be used.
4140: .It Fl nbio
1.68 jmc 4141: Turn on non-blocking I/O.
1.1 jsing 4142: .It Fl new
1.68 jmc 4143: Perform the timing test using a new session ID for each connection.
1.1 jsing 4144: If neither
4145: .Fl new
4146: nor
4147: .Fl reuse
4148: are specified,
4149: they are both on by default and executed in sequence.
1.20 lteo 4150: .It Fl no_shutdown
1.21 jmc 4151: Shut down the connection without sending a
1.68 jmc 4152: .Qq close notify
1.20 lteo 4153: shutdown alert to the server.
1.1 jsing 4154: .It Fl reuse
1.68 jmc 4155: Perform the timing test using the same session ID for each connection.
1.1 jsing 4156: If neither
4157: .Fl new
4158: nor
4159: .Fl reuse
4160: are specified,
4161: they are both on by default and executed in sequence.
4162: .It Fl time Ar seconds
1.68 jmc 4163: Limit
1.1 jsing 4164: .Nm s_time
1.68 jmc 4165: benchmarks to the number of
4166: .Ar seconds .
1.1 jsing 4167: The default is 30 seconds.
4168: .It Fl verify Ar depth
1.68 jmc 4169: Turn on server certificate verification,
4170: with a maximum length of
4171: .Ar depth .
1.1 jsing 4172: Currently the verify operation continues after errors, so all the problems
4173: with a certificate chain can be seen.
4174: As a side effect,
4175: the connection will never fail due to a server certificate verify failure.
4176: .It Fl www Ar page
1.68 jmc 4177: The page to GET from the server.
1.1 jsing 4178: A value of
4179: .Sq /
4180: gets the index.htm[l] page.
4181: If this parameter is not specified,
4182: .Nm s_time
4183: will only perform the handshake to establish SSL connections
4184: but not transfer any payload data.
4185: .El
4186: .Sh SESS_ID
4187: .nr nS 1
4188: .Nm "openssl sess_id"
4189: .Op Fl cert
4190: .Op Fl context Ar ID
4191: .Op Fl in Ar file
1.69 jmc 4192: .Op Fl inform Cm der | pem
1.1 jsing 4193: .Op Fl noout
4194: .Op Fl out Ar file
1.69 jmc 4195: .Op Fl outform Cm der | pem
1.1 jsing 4196: .Op Fl text
4197: .nr nS 0
4198: .Pp
4199: The
4200: .Nm sess_id
4201: program processes the encoded version of the SSL session structure and
4202: optionally prints out SSL session details
1.69 jmc 4203: (for example the SSL session master key)
1.72 jmc 4204: in human-readable format.
1.1 jsing 4205: .Pp
4206: The options are as follows:
4207: .Bl -tag -width Ds
4208: .It Fl cert
4209: If a certificate is present in the session,
4210: it will be output using this option;
4211: if the
4212: .Fl text
4213: option is also present, then it will be printed out in text form.
4214: .It Fl context Ar ID
1.69 jmc 4215: Set the session
1.1 jsing 4216: .Ar ID .
1.69 jmc 4217: The ID can be any string of characters.
1.1 jsing 4218: .It Fl in Ar file
1.69 jmc 4219: The input file to read from,
4220: or standard input if not specified.
4221: .It Fl inform Cm der | pem
4222: The input format.
4223: .Cm der
1.84 jmc 4224: uses an ASN.1 DER-encoded format containing session details.
1.1 jsing 4225: The precise format can vary from one version to the next.
1.69 jmc 4226: .Cm pem
4227: is the default format: it consists of the DER
1.1 jsing 4228: format base64-encoded with additional header and footer lines.
4229: .It Fl noout
1.69 jmc 4230: Do not output the encoded version of the session.
1.1 jsing 4231: .It Fl out Ar file
1.69 jmc 4232: The output file to write to,
4233: or standard output if not specified.
4234: .It Fl outform Cm der | pem
4235: The output format.
1.1 jsing 4236: .It Fl text
1.69 jmc 4237: Print the various public or private key components in plain text,
4238: in addition to the encoded version.
1.1 jsing 4239: .El
4240: .Pp
1.69 jmc 4241: The output of
4242: .Nm sess_id
4243: is composed as follows:
1.1 jsing 4244: .Pp
1.69 jmc 4245: .Bl -tag -width "Verify return code " -offset 3n -compact
4246: .It Protocol
4247: The protocol in use.
4248: .It Cipher
4249: The actual raw SSL or TLS cipher code.
4250: .It Session-ID
4251: The SSL session ID, in hex format.
4252: .It Session-ID-ctx
4253: The session ID context, in hex format.
4254: .It Master-Key
4255: The SSL session master key.
4256: .It Key-Arg
1.1 jsing 4257: The key argument; this is only used in SSL v2.
1.69 jmc 4258: .It Start Time
4259: The session start time.
1.1 jsing 4260: .Ux
4261: format.
1.69 jmc 4262: .It Timeout
4263: The timeout, in seconds.
4264: .It Verify return code
4265: The return code when a certificate is verified.
1.1 jsing 4266: .El
4267: .Pp
4268: Since the SSL session output contains the master key, it is possible to read
4269: the contents of an encrypted session using this information.
4270: Therefore appropriate security precautions
4271: should be taken if the information is being output by a
4272: .Qq real
4273: application.
4274: This is, however, strongly discouraged and should only be used for
4275: debugging purposes.
4276: .Sh SMIME
4277: .nr nS 1
4278: .Nm "openssl smime"
4279: .Oo
4280: .Fl aes128 | aes192 | aes256 | des |
4281: .Fl des3 | rc2-40 | rc2-64 | rc2-128
4282: .Oc
4283: .Op Fl binary
4284: .Op Fl CAfile Ar file
4285: .Op Fl CApath Ar directory
4286: .Op Fl certfile Ar file
4287: .Op Fl check_ss_sig
4288: .Op Fl content Ar file
4289: .Op Fl crl_check
4290: .Op Fl crl_check_all
4291: .Op Fl decrypt
4292: .Op Fl encrypt
4293: .Op Fl extended_crl
4294: .Op Fl from Ar addr
4295: .Op Fl ignore_critical
4296: .Op Fl in Ar file
4297: .Op Fl indef
1.70 jmc 4298: .Op Fl inform Cm der | pem | smime
1.1 jsing 4299: .Op Fl inkey Ar file
4300: .Op Fl issuer_checks
1.70 jmc 4301: .Op Fl keyform Cm pem
1.1 jsing 4302: .Op Fl md Ar digest
4303: .Op Fl noattr
4304: .Op Fl nocerts
4305: .Op Fl nochain
4306: .Op Fl nodetach
4307: .Op Fl noindef
4308: .Op Fl nointern
4309: .Op Fl nosigs
4310: .Op Fl noverify
4311: .Op Fl out Ar file
1.70 jmc 4312: .Op Fl outform Cm der | pem | smime
1.1 jsing 4313: .Op Fl passin Ar arg
4314: .Op Fl pk7out
4315: .Op Fl policy_check
4316: .Op Fl recip Ar file
4317: .Op Fl resign
4318: .Op Fl sign
4319: .Op Fl signer Ar file
4320: .Op Fl stream
4321: .Op Fl subject Ar s
4322: .Op Fl text
4323: .Op Fl to Ar addr
4324: .Op Fl verify
4325: .Op Fl x509_strict
4326: .Op Ar cert.pem ...
4327: .nr nS 0
4328: .Pp
4329: The
4330: .Nm smime
1.70 jmc 4331: command handles S/MIME mail.
4332: It can encrypt, decrypt, sign, and verify S/MIME messages.
4333: .Pp
4334: The MIME message must be sent without any blank lines between the
4335: headers and the output.
4336: Some mail programs will automatically add a blank line.
4337: Piping the mail directly to an MTA is one way to
4338: achieve the correct format.
4339: .Pp
4340: The supplied message to be signed or encrypted must include the necessary
4341: MIME headers or many S/MIME clients won't display it properly (if at all).
4342: Use the
4343: .Fl text
4344: option to automatically add plain text headers.
1.1 jsing 4345: .Pp
1.70 jmc 4346: A
4347: .Qq signed and encrypted
4348: message is one where a signed message is then encrypted.
4349: This can be produced by encrypting an already signed message.
1.1 jsing 4350: .Pp
1.70 jmc 4351: There are a number of operations that can be performed, as follows:
1.1 jsing 4352: .Bl -tag -width "XXXX"
4353: .It Fl decrypt
4354: Decrypt mail using the supplied certificate and private key.
1.70 jmc 4355: The input file is an encrypted mail message in MIME format.
1.1 jsing 4356: The decrypted mail is written to the output file.
4357: .It Fl encrypt
4358: Encrypt mail for the given recipient certificates.
1.70 jmc 4359: The input is the message to be encrypted.
4360: The output file is the encrypted mail, in MIME format.
1.1 jsing 4361: .It Fl pk7out
1.70 jmc 4362: Take an input message and write out a PEM-encoded PKCS#7 structure.
1.1 jsing 4363: .It Fl resign
4364: Resign a message: take an existing message and one or more new signers.
4365: .It Fl sign
4366: Sign mail using the supplied certificate and private key.
1.70 jmc 4367: The input file is the message to be signed.
4368: The signed message, in MIME format, is written to the output file.
1.1 jsing 4369: .It Fl verify
4370: Verify signed mail.
1.70 jmc 4371: The input is a signed mail message and the output is the signed data.
1.1 jsing 4372: Both clear text and opaque signing is supported.
4373: .El
4374: .Pp
1.14 jmc 4375: The remaining options are as follows:
1.1 jsing 4376: .Bl -tag -width "XXXX"
4377: .It Xo
4378: .Fl aes128 | aes192 | aes256 | des |
4379: .Fl des3 | rc2-40 | rc2-64 | rc2-128
4380: .Xc
4381: The encryption algorithm to use.
1.70 jmc 4382: 128-, 192-, or 256-bit AES, DES (56 bits), triple DES (168 bits),
1.1 jsing 4383: or 40-, 64-, or 128-bit RC2, respectively;
4384: if not specified, 40-bit RC2 is
4385: used.
4386: Only used with
4387: .Fl encrypt .
4388: .It Fl binary
4389: Normally, the input message is converted to
4390: .Qq canonical
1.70 jmc 4391: format which uses CR/LF as end of line,
4392: as required by the S/MIME specification.
1.1 jsing 4393: When this option is present no translation occurs.
1.70 jmc 4394: This is useful when handling binary data which may not be in MIME format.
1.1 jsing 4395: .It Fl CAfile Ar file
4396: A
4397: .Ar file
4398: containing trusted CA certificates; only used with
4399: .Fl verify .
4400: .It Fl CApath Ar directory
4401: A
4402: .Ar directory
4403: containing trusted CA certificates; only used with
4404: .Fl verify .
4405: This directory must be a standard certificate directory:
4406: that is, a hash of each subject name (using
4407: .Nm x509 -hash )
4408: should be linked to each certificate.
4409: .It Ar cert.pem ...
4410: One or more certificates of message recipients: used when encrypting
4411: a message.
4412: .It Fl certfile Ar file
4413: Allows additional certificates to be specified.
4414: When signing, these will be included with the message.
4415: When verifying, these will be searched for the signers' certificates.
4416: The certificates should be in PEM format.
4417: .It Xo
4418: .Fl check_ss_sig ,
4419: .Fl crl_check ,
4420: .Fl crl_check_all ,
4421: .Fl extended_crl ,
4422: .Fl ignore_critical ,
4423: .Fl issuer_checks ,
4424: .Fl policy_check ,
4425: .Fl x509_strict
4426: .Xc
4427: Set various certificate chain validation options.
4428: See the
1.70 jmc 4429: .Nm verify
1.1 jsing 4430: command for details.
4431: .It Fl content Ar file
1.70 jmc 4432: A file containing the detached content.
1.1 jsing 4433: This is only useful with the
4434: .Fl verify
1.70 jmc 4435: option,
4436: and only usable if the PKCS#7 structure is using the detached
1.1 jsing 4437: signature form where the content is not included.
1.70 jmc 4438: This option will override any content if the input format is S/MIME
4439: and it uses the multipart/signed MIME content type.
1.1 jsing 4440: .It Xo
4441: .Fl from Ar addr ,
4442: .Fl subject Ar s ,
4443: .Fl to Ar addr
4444: .Xc
4445: The relevant mail headers.
4446: These are included outside the signed
4447: portion of a message so they may be included manually.
1.70 jmc 4448: When signing, many S/MIME
1.1 jsing 4449: mail clients check that the signer's certificate email
4450: address matches the From: address.
4451: .It Fl in Ar file
1.70 jmc 4452: The input file to read from.
1.1 jsing 4453: .It Fl indef
4454: Enable streaming I/O for encoding operations.
4455: This permits single pass processing of data without
4456: the need to hold the entire contents in memory,
4457: potentially supporting very large files.
4458: Streaming is automatically set for S/MIME signing with detached
4459: data if the output format is SMIME;
4460: it is currently off by default for all other operations.
1.70 jmc 4461: .It Fl inform Cm der | pem | smime
4462: The input format.
1.1 jsing 4463: .It Fl inkey Ar file
1.70 jmc 4464: The private key to use when signing or decrypting,
4465: which must match the corresponding certificate.
1.1 jsing 4466: If this option is not specified, the private key must be included
4467: in the certificate file specified with
4468: the
4469: .Fl recip
4470: or
4471: .Fl signer
4472: file.
4473: When signing,
4474: this option can be used multiple times to specify successive keys.
1.70 jmc 4475: .It Fl keyform Cm pem
1.1 jsing 4476: Input private key format.
4477: .It Fl md Ar digest
4478: The digest algorithm to use when signing or resigning.
4479: If not present then the default digest algorithm for the signing key is used
4480: (usually SHA1).
4481: .It Fl noattr
1.70 jmc 4482: Do not include attributes.
1.1 jsing 4483: .It Fl nocerts
1.70 jmc 4484: Do not include the signer's certificate.
1.1 jsing 4485: This will reduce the size of the signed message but the verifier must
4486: have a copy of the signer's certificate available locally (passed using the
4487: .Fl certfile
4488: option, for example).
4489: .It Fl nochain
4490: Do not do chain verification of signers' certificates: that is,
4491: don't use the certificates in the signed message as untrusted CAs.
4492: .It Fl nodetach
4493: When signing a message use opaque signing: this form is more resistant
4494: to translation by mail relays but it cannot be read by mail agents that
1.70 jmc 4495: do not support S/MIME.
4496: Without this option cleartext signing with the MIME type
4497: multipart/signed is used.
1.1 jsing 4498: .It Fl noindef
1.70 jmc 4499: Disable streaming I/O where it would produce an encoding of indefinite length
4500: (currently has no effect).
1.1 jsing 4501: .It Fl nointern
1.70 jmc 4502: Only use certificates specified in the
4503: .Fl certfile .
4504: The supplied certificates can still be used as untrusted CAs.
1.1 jsing 4505: .It Fl nosigs
1.70 jmc 4506: Do not try to verify the signatures on the message.
1.1 jsing 4507: .It Fl noverify
4508: Do not verify the signer's certificate of a signed message.
4509: .It Fl out Ar file
1.70 jmc 4510: The output file to write to.
4511: .It Fl outform Cm der | pem | smime
4512: The output format.
4513: The default is smime, which writes an S/MIME format message.
4514: .Cm pem
1.1 jsing 4515: and
1.70 jmc 4516: .Cm der
4517: change this to write PEM and DER format PKCS#7 structures instead.
1.1 jsing 4518: This currently only affects the output format of the PKCS#7
4519: structure; if no PKCS#7 structure is being output (for example with
4520: .Fl verify
4521: or
4522: .Fl decrypt )
4523: this option has no effect.
4524: .It Fl passin Ar arg
4525: The key password source.
4526: .It Fl recip Ar file
4527: The recipients certificate when decrypting a message.
4528: This certificate
4529: must match one of the recipients of the message or an error occurs.
4530: .It Fl signer Ar file
4531: A signing certificate when signing or resigning a message;
4532: this option can be used multiple times if more than one signer is required.
4533: If a message is being verified, the signer's certificates will be
4534: written to this file if the verification was successful.
4535: .It Fl stream
4536: The same as
4537: .Fl indef .
4538: .It Fl text
1.70 jmc 4539: Add plain text (text/plain) MIME
1.1 jsing 4540: headers to the supplied message if encrypting or signing.
4541: If decrypting or verifying, it strips off text headers:
1.70 jmc 4542: if the decrypted or verified message is not of MIME type text/plain
4543: then an error occurs.
1.1 jsing 4544: .El
4545: .Pp
1.70 jmc 4546: The exit codes for
4547: .Nm smime
4548: are as follows:
1.1 jsing 4549: .Pp
1.70 jmc 4550: .Bl -tag -width "XXXX" -offset 3n -compact
4551: .It 0
1.1 jsing 4552: The operation was completely successful.
1.70 jmc 4553: .It 1
1.1 jsing 4554: An error occurred parsing the command options.
1.70 jmc 4555: .It 2
1.1 jsing 4556: One of the input files could not be read.
1.70 jmc 4557: .It 3
4558: An error occurred creating the file or when reading the message.
4559: .It 4
1.1 jsing 4560: An error occurred decrypting or verifying the message.
1.70 jmc 4561: .It 5
4562: An error occurred writing certificates.
1.1 jsing 4563: .El
4564: .Sh SPEED
4565: .nr nS 1
4566: .Nm "openssl speed"
1.71 jmc 4567: .Op Ar algorithm
1.1 jsing 4568: .Op Fl decrypt
4569: .Op Fl elapsed
1.71 jmc 4570: .Op Fl evp Ar algorithm
1.1 jsing 4571: .Op Fl mr
4572: .Op Fl multi Ar number
4573: .nr nS 0
4574: .Pp
4575: The
4576: .Nm speed
4577: command is used to test the performance of cryptographic algorithms.
4578: .Bl -tag -width "XXXX"
1.71 jmc 4579: .It Ar algorithm
4580: Perform the test using
4581: .Ar algorithm .
4582: The default is to test all algorithms.
1.1 jsing 4583: .It Fl decrypt
1.71 jmc 4584: Time decryption instead of encryption;
4585: must be used with
4586: .Fl evp .
1.1 jsing 4587: .It Fl elapsed
4588: Measure time in real time instead of CPU user time.
1.71 jmc 4589: .It Fl evp Ar algorithm
4590: Perform the test using one of the algorithms accepted by
4591: .Xr EVP_get_cipherbyname 3 .
1.1 jsing 4592: .It Fl mr
4593: Produce machine readable output.
4594: .It Fl multi Ar number
4595: Run
4596: .Ar number
4597: benchmarks in parallel.
4598: .El
1.77 jmc 4599: .Sh SPKAC
4600: .nr nS 1
4601: .Nm "openssl spkac"
4602: .Op Fl challenge Ar string
4603: .Op Fl in Ar file
4604: .Op Fl key Ar keyfile
4605: .Op Fl noout
4606: .Op Fl out Ar file
4607: .Op Fl passin Ar arg
4608: .Op Fl pubkey
4609: .Op Fl spkac Ar spkacname
4610: .Op Fl spksect Ar section
4611: .Op Fl verify
4612: .nr nS 0
4613: .Pp
4614: The
4615: .Nm spkac
4616: command processes signed public key and challenge (SPKAC) files.
4617: It can print out their contents, verify the signature,
4618: and produce its own SPKACs from a supplied private key.
4619: .Pp
4620: The options are as follows:
4621: .Bl -tag -width Ds
4622: .It Fl challenge Ar string
4623: The challenge string, if an SPKAC is being created.
4624: .It Fl in Ar file
4625: The input file to read from,
4626: or standard input if not specified.
4627: Ignored if the
4628: .Fl key
4629: option is used.
4630: .It Fl key Ar keyfile
4631: Create an SPKAC file using the private key in
4632: .Ar keyfile .
4633: The
4634: .Fl in , noout , spksect ,
4635: and
4636: .Fl verify
4637: options are ignored, if present.
4638: .It Fl noout
4639: Do not output the text version of the SPKAC.
4640: .It Fl out Ar file
4641: The output file to write to,
4642: or standard output if not specified.
4643: .It Fl passin Ar arg
4644: The key password source.
4645: .It Fl pubkey
4646: Output the public key of an SPKAC.
4647: .It Fl spkac Ar spkacname
4648: An alternative name for the variable containing the SPKAC.
4649: The default is "SPKAC".
4650: This option affects both generated and input SPKAC files.
4651: .It Fl spksect Ar section
4652: An alternative name for the
4653: .Ar section
4654: containing the SPKAC.
4655: .It Fl verify
4656: Verify the digital signature on the supplied SPKAC.
4657: .El
1.1 jsing 4658: .Sh TS
4659: .nr nS 1
4660: .Nm "openssl ts"
4661: .Fl query
1.29 bcook 4662: .Op Fl md4 | md5 | ripemd160 | sha1
1.1 jsing 4663: .Op Fl cert
4664: .Op Fl config Ar configfile
4665: .Op Fl data Ar file_to_hash
4666: .Op Fl digest Ar digest_bytes
4667: .Op Fl in Ar request.tsq
4668: .Op Fl no_nonce
4669: .Op Fl out Ar request.tsq
4670: .Op Fl policy Ar object_id
4671: .Op Fl text
4672: .nr nS 0
4673: .Pp
4674: .nr nS 1
4675: .Nm "openssl ts"
4676: .Fl reply
4677: .Op Fl chain Ar certs_file.pem
4678: .Op Fl config Ar configfile
4679: .Op Fl in Ar response.tsr
4680: .Op Fl inkey Ar private.pem
4681: .Op Fl out Ar response.tsr
4682: .Op Fl passin Ar arg
4683: .Op Fl policy Ar object_id
4684: .Op Fl queryfile Ar request.tsq
4685: .Op Fl section Ar tsa_section
4686: .Op Fl signer Ar tsa_cert.pem
4687: .Op Fl text
4688: .Op Fl token_in
4689: .Op Fl token_out
4690: .nr nS 0
4691: .Pp
4692: .nr nS 1
4693: .Nm "openssl ts"
4694: .Fl verify
4695: .Op Fl CAfile Ar trusted_certs.pem
4696: .Op Fl CApath Ar trusted_cert_path
4697: .Op Fl data Ar file_to_hash
4698: .Op Fl digest Ar digest_bytes
4699: .Op Fl in Ar response.tsr
4700: .Op Fl queryfile Ar request.tsq
4701: .Op Fl token_in
4702: .Op Fl untrusted Ar cert_file.pem
4703: .nr nS 0
4704: .Pp
4705: The
4706: .Nm ts
4707: command is a basic Time Stamping Authority (TSA) client and server
4708: application as specified in RFC 3161 (Time-Stamp Protocol, TSP).
4709: A TSA can be part of a PKI deployment and its role is to provide long
1.72 jmc 4710: term proof of the existence of specific data.
1.1 jsing 4711: Here is a brief description of the protocol:
4712: .Bl -enum
4713: .It
4714: The TSA client computes a one-way hash value for a data file and sends
4715: the hash to the TSA.
4716: .It
4717: The TSA attaches the current date and time to the received hash value,
4718: signs them and sends the time stamp token back to the client.
4719: By creating this token the TSA certifies the existence of the original
4720: data file at the time of response generation.
4721: .It
4722: The TSA client receives the time stamp token and verifies the
4723: signature on it.
4724: It also checks if the token contains the same hash
4725: value that it had sent to the TSA.
4726: .El
4727: .Pp
4728: There is one DER-encoded protocol data unit defined for transporting a time
4729: stamp request to the TSA and one for sending the time stamp response
4730: back to the client.
4731: The
4732: .Nm ts
4733: command has three main functions:
4734: creating a time stamp request based on a data file;
4735: creating a time stamp response based on a request;
4736: and verifying if a response corresponds
4737: to a particular request or a data file.
4738: .Pp
4739: There is no support for sending the requests/responses automatically
4740: over HTTP or TCP yet as suggested in RFC 3161.
4741: Users must send the requests either by FTP or email.
4742: .Pp
4743: The
4744: .Fl query
4745: switch can be used for creating and printing a time stamp
4746: request with the following options:
4747: .Bl -tag -width Ds
4748: .It Fl cert
1.72 jmc 4749: Expect the TSA to include its signing certificate in the response.
1.1 jsing 4750: .It Fl config Ar configfile
1.72 jmc 4751: Specify an alternative configuration file.
4752: Only the OID section is used.
1.1 jsing 4753: .It Fl data Ar file_to_hash
4754: The data file for which the time stamp request needs to be created.
1.72 jmc 4755: The default is standard input.
1.1 jsing 4756: .It Fl digest Ar digest_bytes
1.72 jmc 4757: Specify the message imprint explicitly without the data file.
1.1 jsing 4758: The imprint must be specified in a hexadecimal format,
4759: two characters per byte,
1.72 jmc 4760: the bytes optionally separated by colons.
1.1 jsing 4761: The number of bytes must match the message digest algorithm in use.
4762: .It Fl in Ar request.tsq
1.72 jmc 4763: A previously created time stamp request in DER
1.1 jsing 4764: format that will be printed into the output file.
1.72 jmc 4765: Useful for examining the content of a request in human-readable format.
1.76 jmc 4766: .It Fl md4 | md5 | ripemd160 | sha | sha1
1.1 jsing 4767: The message digest to apply to the data file.
4768: It supports all the message digest algorithms that are supported by the
4769: .Nm dgst
4770: command.
4771: The default is SHA-1.
4772: .It Fl no_nonce
1.72 jmc 4773: Specify no nonce in the request.
4774: The default, to include a 64-bit long pseudo-random nonce,
4775: is recommended to protect against replay attacks.
1.1 jsing 4776: .It Fl out Ar request.tsq
1.72 jmc 4777: The output file to write to,
4778: or standard output if not specified.
1.1 jsing 4779: .It Fl policy Ar object_id
4780: The policy that the client expects the TSA to use for creating the
4781: time stamp token.
1.72 jmc 4782: Either dotted OID notation or OID names defined
1.1 jsing 4783: in the config file can be used.
1.72 jmc 4784: If no policy is requested the TSA uses its own default policy.
1.1 jsing 4785: .It Fl text
1.72 jmc 4786: Output in human-readable text format instead of DER.
1.1 jsing 4787: .El
4788: .Pp
4789: A time stamp response (TimeStampResp) consists of a response status
4790: and the time stamp token itself (ContentInfo),
4791: if the token generation was successful.
4792: The
4793: .Fl reply
4794: command is for creating a time stamp
4795: response or time stamp token based on a request and printing the
4796: response/token in human-readable format.
4797: If
4798: .Fl token_out
4799: is not specified the output is always a time stamp response (TimeStampResp),
4800: otherwise it is a time stamp token (ContentInfo).
4801: .Bl -tag -width Ds
4802: .It Fl chain Ar certs_file.pem
1.72 jmc 4803: The collection of PEM certificates
1.1 jsing 4804: that will be included in the response
4805: in addition to the signer certificate if the
4806: .Fl cert
4807: option was used for the request.
4808: This file is supposed to contain the certificate chain
4809: for the signer certificate from its issuer upwards.
4810: The
4811: .Fl reply
4812: command does not build a certificate chain automatically.
4813: .It Fl config Ar configfile
1.72 jmc 4814: Specify an alternative configuration file.
1.1 jsing 4815: .It Fl in Ar response.tsr
1.72 jmc 4816: Specify a previously created time stamp response (or time stamp token, if
1.1 jsing 4817: .Fl token_in
1.72 jmc 4818: is also specified)
1.1 jsing 4819: in DER format that will be written to the output file.
4820: This option does not require a request;
4821: it is useful, for example,
1.72 jmc 4822: to examine the content of a response or token
4823: or to extract the time stamp token from a response.
1.1 jsing 4824: If the input is a token and the output is a time stamp response a default
1.72 jmc 4825: .Qq granted
1.1 jsing 4826: status info is added to the token.
4827: .It Fl inkey Ar private.pem
4828: The signer private key of the TSA in PEM format.
4829: Overrides the
4830: .Cm signer_key
4831: config file option.
4832: .It Fl out Ar response.tsr
4833: The response is written to this file.
4834: The format and content of the file depends on other options (see
4835: .Fl text
4836: and
4837: .Fl token_out ) .
4838: The default is stdout.
4839: .It Fl passin Ar arg
4840: The key password source.
4841: .It Fl policy Ar object_id
1.72 jmc 4842: The default policy to use for the response.
4843: Either dotted OID notation or OID names defined
4844: in the config file can be used.
4845: If no policy is requested the TSA uses its own default policy.
1.1 jsing 4846: .It Fl queryfile Ar request.tsq
1.72 jmc 4847: The file containing a DER-encoded time stamp request.
1.1 jsing 4848: .It Fl section Ar tsa_section
1.72 jmc 4849: The config file section containing the settings for response generation.
1.1 jsing 4850: .It Fl signer Ar tsa_cert.pem
1.72 jmc 4851: The PEM signer certificate of the TSA.
1.1 jsing 4852: The TSA signing certificate must have exactly one extended key usage
4853: assigned to it: timeStamping.
4854: The extended key usage must also be critical,
4855: otherwise the certificate is going to be refused.
4856: Overrides the
4857: .Cm signer_cert
4858: variable of the config file.
4859: .It Fl text
1.72 jmc 4860: Output in human-readable text format instead of DER.
1.1 jsing 4861: .It Fl token_in
1.72 jmc 4862: The input is a DER-encoded time stamp token (ContentInfo)
4863: instead of a time stamp response (TimeStampResp).
1.1 jsing 4864: .It Fl token_out
1.72 jmc 4865: The output is a time stamp token (ContentInfo)
4866: instead of a time stamp response (TimeStampResp).
1.1 jsing 4867: .El
4868: .Pp
4869: The
4870: .Fl verify
4871: command is for verifying if a time stamp response or time stamp token
4872: is valid and matches a particular time stamp request or data file.
4873: The
4874: .Fl verify
4875: command does not use the configuration file.
4876: .Bl -tag -width Ds
4877: .It Fl CAfile Ar trusted_certs.pem
1.72 jmc 4878: The file containing a set of trusted self-signed PEM CA certificates.
4879: See
1.1 jsing 4880: .Nm verify
4881: for additional details.
4882: Either this option or
4883: .Fl CApath
4884: must be specified.
4885: .It Fl CApath Ar trusted_cert_path
1.72 jmc 4886: The directory containing the trused CA certificates of the client.
4887: See
1.1 jsing 4888: .Nm verify
4889: for additional details.
4890: Either this option or
4891: .Fl CAfile
4892: must be specified.
4893: .It Fl data Ar file_to_hash
4894: The response or token must be verified against
4895: .Ar file_to_hash .
4896: The file is hashed with the message digest algorithm specified in the token.
4897: The
4898: .Fl digest
4899: and
4900: .Fl queryfile
4901: options must not be specified with this one.
4902: .It Fl digest Ar digest_bytes
4903: The response or token must be verified against the message digest specified
4904: with this option.
4905: The number of bytes must match the message digest algorithm
4906: specified in the token.
4907: The
4908: .Fl data
4909: and
4910: .Fl queryfile
4911: options must not be specified with this one.
4912: .It Fl in Ar response.tsr
4913: The time stamp response that needs to be verified, in DER format.
4914: This option in mandatory.
4915: .It Fl queryfile Ar request.tsq
4916: The original time stamp request, in DER format.
4917: The
4918: .Fl data
4919: and
4920: .Fl digest
4921: options must not be specified with this one.
4922: .It Fl token_in
1.72 jmc 4923: The input is a DER-encoded time stamp token (ContentInfo)
4924: instead of a time stamp response (TimeStampResp).
1.1 jsing 4925: .It Fl untrusted Ar cert_file.pem
1.72 jmc 4926: Additional untrusted PEM certificates which may be needed
4927: when building the certificate chain for the TSA's signing certificate.
1.1 jsing 4928: This file must contain the TSA signing certificate and
4929: all intermediate CA certificates unless the response includes them.
4930: .El
4931: .Pp
1.72 jmc 4932: Options specified on the command line always override
4933: the settings in the config file:
1.1 jsing 4934: .Bl -tag -width Ds
4935: .It Cm tsa Ar section , Cm default_tsa
4936: This is the main section and it specifies the name of another section
4937: that contains all the options for the
4938: .Fl reply
4939: option.
1.72 jmc 4940: This section can be overridden with the
1.1 jsing 4941: .Fl section
4942: command line switch.
4943: .It Cm oid_file
4944: See
4945: .Nm ca
4946: for a description.
4947: .It Cm oid_section
4948: See
4949: .Nm ca
4950: for a description.
4951: .It Cm serial
1.72 jmc 4952: The file containing the hexadecimal serial number of the
1.1 jsing 4953: last time stamp response created.
4954: This number is incremented by 1 for each response.
1.72 jmc 4955: If the file does not exist at the time of response generation
4956: a new file is created with serial number 1.
1.1 jsing 4957: This parameter is mandatory.
4958: .It Cm signer_cert
4959: TSA signing certificate, in PEM format.
4960: The same as the
4961: .Fl signer
4962: command line option.
4963: .It Cm certs
1.72 jmc 4964: A set of PEM-encoded certificates that need to be
1.1 jsing 4965: included in the response.
4966: The same as the
4967: .Fl chain
4968: command line option.
4969: .It Cm signer_key
4970: The private key of the TSA, in PEM format.
4971: The same as the
4972: .Fl inkey
4973: command line option.
4974: .It Cm default_policy
4975: The default policy to use when the request does not mandate any policy.
4976: The same as the
4977: .Fl policy
4978: command line option.
4979: .It Cm other_policies
4980: Comma separated list of policies that are also acceptable by the TSA
4981: and used only if the request explicitly specifies one of them.
4982: .It Cm digests
4983: The list of message digest algorithms that the TSA accepts.
4984: At least one algorithm must be specified.
4985: This parameter is mandatory.
4986: .It Cm accuracy
4987: The accuracy of the time source of the TSA in seconds, milliseconds
4988: and microseconds.
4989: For example, secs:1, millisecs:500, microsecs:100.
4990: If any of the components is missing,
4991: zero is assumed for that field.
4992: .It Cm clock_precision_digits
1.72 jmc 4993: The maximum number of digits, which represent the fraction of seconds,
4994: that need to be included in the time field.
1.1 jsing 4995: The trailing zeroes must be removed from the time,
1.72 jmc 4996: so there might actually be fewer digits
1.1 jsing 4997: or no fraction of seconds at all.
4998: The maximum value is 6;
4999: the default is 0.
5000: .It Cm ordering
5001: If this option is yes,
5002: the responses generated by this TSA can always be ordered,
5003: even if the time difference between two responses is less
5004: than the sum of their accuracies.
5005: The default is no.
5006: .It Cm tsa_name
5007: Set this option to yes if the subject name of the TSA must be included in
5008: the TSA name field of the response.
5009: The default is no.
5010: .It Cm ess_cert_id_chain
5011: The SignedData objects created by the TSA always contain the
5012: certificate identifier of the signing certificate in a signed
5013: attribute (see RFC 2634, Enhanced Security Services).
5014: If this option is set to yes and either the
5015: .Cm certs
5016: variable or the
5017: .Fl chain
5018: option is specified then the certificate identifiers of the chain will also
5019: be included in the SigningCertificate signed attribute.
5020: If this variable is set to no,
5021: only the signing certificate identifier is included.
5022: The default is no.
5023: .El
5024: .Sh VERIFY
5025: .nr nS 1
5026: .Nm "openssl verify"
5027: .Op Fl CAfile Ar file
5028: .Op Fl CApath Ar directory
5029: .Op Fl check_ss_sig
5030: .Op Fl crl_check
5031: .Op Fl crl_check_all
5032: .Op Fl explicit_policy
5033: .Op Fl extended_crl
5034: .Op Fl help
5035: .Op Fl ignore_critical
5036: .Op Fl inhibit_any
5037: .Op Fl inhibit_map
5038: .Op Fl issuer_checks
5039: .Op Fl policy_check
5040: .Op Fl purpose Ar purpose
5041: .Op Fl untrusted Ar file
5042: .Op Fl verbose
5043: .Op Fl x509_strict
5044: .Op Ar certificates
5045: .nr nS 0
5046: .Pp
5047: The
5048: .Nm verify
5049: command verifies certificate chains.
5050: .Pp
5051: The options are as follows:
5052: .Bl -tag -width Ds
5053: .It Fl check_ss_sig
5054: Verify the signature on the self-signed root CA.
5055: This is disabled by default
5056: because it doesn't add any security.
5057: .It Fl CAfile Ar file
5058: A
5059: .Ar file
5060: of trusted certificates.
5061: The
5062: .Ar file
5063: should contain multiple certificates in PEM format, concatenated together.
5064: .It Fl CApath Ar directory
5065: A
5066: .Ar directory
5067: of trusted certificates.
1.76 jmc 5068: The certificates, or symbolic links to them,
5069: should have names of the form
5070: .Ar hash Ns .0 ,
5071: where
5072: .Ar hash
5073: is the hashed certificate subject name
5074: (see the
1.1 jsing 5075: .Fl hash
5076: option of the
5077: .Nm x509
5078: utility).
5079: .It Fl crl_check
1.76 jmc 5080: Check end entity certificate validity by attempting to look up a valid CRL.
1.1 jsing 5081: If a valid CRL cannot be found an error occurs.
5082: .It Fl crl_check_all
1.76 jmc 5083: Check the validity of all certificates in the chain by attempting
1.1 jsing 5084: to look up valid CRLs.
5085: .It Fl explicit_policy
1.76 jmc 5086: Set policy variable require-explicit-policy (RFC 3280).
1.1 jsing 5087: .It Fl extended_crl
5088: Enable extended CRL features such as indirect CRLs and alternate CRL
5089: signing keys.
5090: .It Fl help
1.76 jmc 5091: Print a usage message.
1.1 jsing 5092: .It Fl ignore_critical
1.76 jmc 5093: Ignore critical extensions instead of rejecting the certificate.
1.1 jsing 5094: .It Fl inhibit_any
1.76 jmc 5095: Set policy variable inhibit-any-policy (RFC 3280).
1.1 jsing 5096: .It Fl inhibit_map
1.76 jmc 5097: Set policy variable inhibit-policy-mapping (RFC 3280).
1.1 jsing 5098: .It Fl issuer_checks
1.76 jmc 5099: Print diagnostics relating to searches for the issuer certificate
5100: of the current certificate
5101: showing why each candidate issuer certificate was rejected.
5102: The presence of rejection messages
5103: does not itself imply that anything is wrong:
5104: during the normal verify process several rejections may take place.
1.1 jsing 5105: .It Fl policy_check
1.76 jmc 5106: Enable certificate policy processing.
1.1 jsing 5107: .It Fl purpose Ar purpose
5108: The intended use for the certificate.
5109: Without this option no chain verification will be done.
5110: Currently accepted uses are
1.76 jmc 5111: .Cm sslclient , sslserver ,
5112: .Cm nssslserver , smimesign ,
5113: .Cm smimeencrypt , crlsign ,
5114: .Cm any ,
1.1 jsing 5115: and
1.76 jmc 5116: .Cm ocsphelper .
1.1 jsing 5117: .It Fl untrusted Ar file
5118: A
5119: .Ar file
5120: of untrusted certificates.
5121: The
5122: .Ar file
5123: should contain multiple certificates.
5124: .It Fl verbose
5125: Print extra information about the operations being performed.
5126: .It Fl x509_strict
5127: Disable workarounds for broken certificates which have to be disabled
5128: for strict X.509 compliance.
5129: .It Ar certificates
1.76 jmc 5130: One or more PEM
1.1 jsing 5131: .Ar certificates
5132: to verify.
5133: If no certificate files are included, an attempt is made to read
5134: a certificate from standard input.
1.76 jmc 5135: If the first certificate filename begins with a dash,
5136: use a lone dash to mark the last option.
1.1 jsing 5137: .El
1.76 jmc 5138: .Pp
1.1 jsing 5139: The
5140: .Nm verify
5141: program uses the same functions as the internal SSL and S/MIME verification,
1.76 jmc 5142: with one crucial difference:
5143: wherever possible an attempt is made to continue after an error,
5144: whereas normally the verify operation would halt on the first error.
1.1 jsing 5145: This allows all the problems with a certificate chain to be determined.
5146: .Pp
1.76 jmc 5147: The verify operation consists of a number of separate steps.
1.1 jsing 5148: Firstly a certificate chain is built up starting from the supplied certificate
5149: and ending in the root CA.
5150: It is an error if the whole chain cannot be built up.
5151: The chain is built up by looking up the issuer's certificate of the current
5152: certificate.
5153: If a certificate is found which is its own issuer, it is assumed
5154: to be the root CA.
5155: .Pp
1.76 jmc 5156: All certificates whose subject name matches the issuer name
1.1 jsing 5157: of the current certificate are subject to further tests.
5158: The relevant authority key identifier components of the current certificate
1.76 jmc 5159: (if present) must match the subject key identifier (if present)
5160: and issuer and serial number of the candidate issuer;
5161: in addition the
5162: .Cm keyUsage
5163: extension of the candidate issuer (if present) must permit certificate signing.
1.1 jsing 5164: .Pp
5165: The lookup first looks in the list of untrusted certificates and if no match
5166: is found the remaining lookups are from the trusted certificates.
1.76 jmc 5167: The root CA is always looked up in the trusted certificate list:
5168: if the certificate to verify is a root certificate,
5169: then an exact match must be found in the trusted list.
1.1 jsing 5170: .Pp
5171: The second operation is to check every untrusted certificate's extensions for
5172: consistency with the supplied purpose.
5173: If the
5174: .Fl purpose
5175: option is not included, then no checks are done.
5176: The supplied or
5177: .Qq leaf
5178: certificate must have extensions compatible with the supplied purpose
5179: and all other certificates must also be valid CA certificates.
5180: The precise extensions required are described in more detail in
5181: the
1.76 jmc 5182: .Nm X509
1.1 jsing 5183: section below.
5184: .Pp
5185: The third operation is to check the trust settings on the root CA.
5186: The root CA should be trusted for the supplied purpose.
1.76 jmc 5187: A certificate with no trust settings is considered to be valid for
1.1 jsing 5188: all purposes.
5189: .Pp
5190: The final operation is to check the validity of the certificate chain.
5191: The validity period is checked against the current system time and the
1.76 jmc 5192: .Cm notBefore
1.1 jsing 5193: and
1.76 jmc 5194: .Cm notAfter
1.1 jsing 5195: dates in the certificate.
5196: The certificate signatures are also checked at this point.
5197: .Pp
5198: If all operations complete successfully, the certificate is considered
5199: valid.
5200: If any operation fails then the certificate is not valid.
5201: When a verify operation fails, the output messages can be somewhat cryptic.
5202: The general form of the error message is:
1.76 jmc 5203: .Bd -literal
5204: server.pem: /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test CA (1024-bit)
5205: error 24 at 1 depth lookup:invalid CA certificate
1.1 jsing 5206: .Ed
5207: .Pp
5208: The first line contains the name of the certificate being verified, followed by
5209: the subject name of the certificate.
5210: The second line contains the error number and the depth.
5211: The depth is the number of the certificate being verified when a
5212: problem was detected starting with zero for the certificate being verified
5213: itself, then 1 for the CA that signed the certificate and so on.
5214: Finally a text version of the error number is presented.
5215: .Pp
5216: An exhaustive list of the error codes and messages is shown below; this also
5217: includes the name of the error code as defined in the header file
1.12 bentley 5218: .In openssl/x509_vfy.h .
1.76 jmc 5219: Some of the error codes are defined but never returned: these are described as
1.1 jsing 5220: .Qq unused .
5221: .Bl -tag -width "XXXX"
1.78 jmc 5222: .It 0 X509_V_OK
1.1 jsing 5223: The operation was successful.
1.78 jmc 5224: .It 2 X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT
5225: The issuer certificate of an untrusted certificate could not be found.
5226: .It 3 X509_V_ERR_UNABLE_TO_GET_CRL
1.1 jsing 5227: The CRL of a certificate could not be found.
1.78 jmc 5228: .It 4 X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE
1.1 jsing 5229: The certificate signature could not be decrypted.
1.78 jmc 5230: This means that the actual signature value could not be determined
5231: rather than it not matching the expected value.
1.1 jsing 5232: This is only meaningful for RSA keys.
1.78 jmc 5233: .It 5 X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE
5234: The CRL signature could not be decrypted.
5235: This means that the actual signature value could not be determined
5236: rather than it not matching the expected value.
1.1 jsing 5237: Unused.
1.78 jmc 5238: .It 6 X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY
1.1 jsing 5239: The public key in the certificate
1.76 jmc 5240: .Cm SubjectPublicKeyInfo
1.1 jsing 5241: could not be read.
1.78 jmc 5242: .It 7 X509_V_ERR_CERT_SIGNATURE_FAILURE
1.1 jsing 5243: The signature of the certificate is invalid.
1.78 jmc 5244: .It 8 X509_V_ERR_CRL_SIGNATURE_FAILURE
1.1 jsing 5245: The signature of the certificate is invalid.
1.78 jmc 5246: .It 9 X509_V_ERR_CERT_NOT_YET_VALID
1.1 jsing 5247: The certificate is not yet valid: the
1.76 jmc 5248: .Cm notBefore
1.1 jsing 5249: date is after the current time.
1.78 jmc 5250: .It 10 X509_V_ERR_CERT_HAS_EXPIRED
1.1 jsing 5251: The certificate has expired; that is, the
1.76 jmc 5252: .Cm notAfter
1.1 jsing 5253: date is before the current time.
1.78 jmc 5254: .It 11 X509_V_ERR_CRL_NOT_YET_VALID
1.1 jsing 5255: The CRL is not yet valid.
1.78 jmc 5256: .It 12 X509_V_ERR_CRL_HAS_EXPIRED
1.1 jsing 5257: The CRL has expired.
1.78 jmc 5258: .It 13 X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD
1.1 jsing 5259: The certificate
1.76 jmc 5260: .Cm notBefore
1.1 jsing 5261: field contains an invalid time.
1.78 jmc 5262: .It 14 X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD
1.1 jsing 5263: The certificate
1.76 jmc 5264: .Cm notAfter
1.1 jsing 5265: field contains an invalid time.
1.78 jmc 5266: .It 15 X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD
1.1 jsing 5267: The CRL
1.76 jmc 5268: .Cm lastUpdate
1.1 jsing 5269: field contains an invalid time.
1.78 jmc 5270: .It 16 X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD
1.1 jsing 5271: The CRL
1.76 jmc 5272: .Cm nextUpdate
1.1 jsing 5273: field contains an invalid time.
1.78 jmc 5274: .It 17 X509_V_ERR_OUT_OF_MEM
1.1 jsing 5275: An error occurred trying to allocate memory.
5276: This should never happen.
1.78 jmc 5277: .It 18 X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT
1.1 jsing 5278: The passed certificate is self-signed and the same certificate cannot be
5279: found in the list of trusted certificates.
1.78 jmc 5280: .It 19 X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN
1.1 jsing 5281: The certificate chain could be built up using the untrusted certificates but
5282: the root could not be found locally.
1.78 jmc 5283: .It 20 X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY
1.1 jsing 5284: The issuer certificate of a locally looked up certificate could not be found.
5285: This normally means the list of trusted certificates is not complete.
1.78 jmc 5286: .It 21 X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE
1.1 jsing 5287: No signatures could be verified because the chain contains only one
5288: certificate and it is not self-signed.
1.78 jmc 5289: .It 22 X509_V_ERR_CERT_CHAIN_TOO_LONG
1.1 jsing 5290: The certificate chain length is greater than the supplied maximum depth.
5291: Unused.
1.78 jmc 5292: .It 23 X509_V_ERR_CERT_REVOKED
1.1 jsing 5293: The certificate has been revoked.
1.78 jmc 5294: .It 24 X509_V_ERR_INVALID_CA
1.1 jsing 5295: A CA certificate is invalid.
5296: Either it is not a CA or its extensions are not consistent
5297: with the supplied purpose.
1.78 jmc 5298: .It 25 X509_V_ERR_PATH_LENGTH_EXCEEDED
1.1 jsing 5299: The
1.76 jmc 5300: .Cm basicConstraints
1.1 jsing 5301: pathlength parameter has been exceeded.
1.78 jmc 5302: .It 26 X509_V_ERR_INVALID_PURPOSE
1.1 jsing 5303: The supplied certificate cannot be used for the specified purpose.
1.78 jmc 5304: .It 27 X509_V_ERR_CERT_UNTRUSTED
1.1 jsing 5305: The root CA is not marked as trusted for the specified purpose.
1.78 jmc 5306: .It 28 X509_V_ERR_CERT_REJECTED
1.1 jsing 5307: The root CA is marked to reject the specified purpose.
1.78 jmc 5308: .It 29 X509_V_ERR_SUBJECT_ISSUER_MISMATCH
1.1 jsing 5309: The current candidate issuer certificate was rejected because its subject name
5310: did not match the issuer name of the current certificate.
5311: Only displayed when the
5312: .Fl issuer_checks
5313: option is set.
1.78 jmc 5314: .It 30 X509_V_ERR_AKID_SKID_MISMATCH
1.1 jsing 5315: The current candidate issuer certificate was rejected because its subject key
5316: identifier was present and did not match the authority key identifier current
5317: certificate.
5318: Only displayed when the
5319: .Fl issuer_checks
5320: option is set.
1.78 jmc 5321: .It 31 X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH
1.1 jsing 5322: The current candidate issuer certificate was rejected because its issuer name
5323: and serial number were present and did not match the authority key identifier
5324: of the current certificate.
5325: Only displayed when the
5326: .Fl issuer_checks
5327: option is set.
1.78 jmc 5328: .It 32 X509_V_ERR_KEYUSAGE_NO_CERTSIGN
1.1 jsing 5329: The current candidate issuer certificate was rejected because its
1.76 jmc 5330: .Cm keyUsage
1.1 jsing 5331: extension does not permit certificate signing.
1.78 jmc 5332: .It 50 X509_V_ERR_APPLICATION_VERIFICATION
1.1 jsing 5333: An application specific error.
5334: Unused.
5335: .El
5336: .Sh VERSION
5337: .Nm openssl version
5338: .Op Fl abdfopv
5339: .Pp
5340: The
5341: .Nm version
5342: command is used to print out version information about
1.79 jmc 5343: .Nm openssl .
1.1 jsing 5344: .Pp
5345: The options are as follows:
5346: .Bl -tag -width Ds
5347: .It Fl a
5348: All information: this is the same as setting all the other flags.
5349: .It Fl b
5350: The date the current version of
1.79 jmc 5351: .Nm openssl
1.1 jsing 5352: was built.
5353: .It Fl d
5354: .Ev OPENSSLDIR
5355: setting.
5356: .It Fl f
5357: Compilation flags.
5358: .It Fl o
5359: Option information: various options set when the library was built.
5360: .It Fl p
5361: Platform setting.
5362: .It Fl v
5363: The current
1.79 jmc 5364: .Nm openssl
1.1 jsing 5365: version.
5366: .El
5367: .Sh X509
5368: .nr nS 1
5369: .Nm "openssl x509"
5370: .Op Fl C
5371: .Op Fl addreject Ar arg
5372: .Op Fl addtrust Ar arg
5373: .Op Fl alias
5374: .Op Fl CA Ar file
5375: .Op Fl CAcreateserial
1.80 jmc 5376: .Op Fl CAform Cm der | pem
1.1 jsing 5377: .Op Fl CAkey Ar file
1.80 jmc 5378: .Op Fl CAkeyform Cm der | pem
1.1 jsing 5379: .Op Fl CAserial Ar file
5380: .Op Fl certopt Ar option
5381: .Op Fl checkend Ar arg
5382: .Op Fl clrext
5383: .Op Fl clrreject
5384: .Op Fl clrtrust
5385: .Op Fl dates
5386: .Op Fl days Ar arg
5387: .Op Fl email
5388: .Op Fl enddate
5389: .Op Fl extensions Ar section
5390: .Op Fl extfile Ar file
5391: .Op Fl fingerprint
5392: .Op Fl hash
5393: .Op Fl in Ar file
1.80 jmc 5394: .Op Fl inform Cm der | net | pem
1.1 jsing 5395: .Op Fl issuer
5396: .Op Fl issuer_hash
5397: .Op Fl issuer_hash_old
1.80 jmc 5398: .Op Fl keyform Cm der | pem
1.29 bcook 5399: .Op Fl md5 | sha1
1.1 jsing 5400: .Op Fl modulus
5401: .Op Fl nameopt Ar option
5402: .Op Fl noout
5403: .Op Fl ocsp_uri
5404: .Op Fl ocspid
5405: .Op Fl out Ar file
1.80 jmc 5406: .Op Fl outform Cm der | net | pem
1.1 jsing 5407: .Op Fl passin Ar arg
5408: .Op Fl pubkey
5409: .Op Fl purpose
5410: .Op Fl req
5411: .Op Fl serial
5412: .Op Fl set_serial Ar n
5413: .Op Fl setalias Ar arg
5414: .Op Fl signkey Ar file
5415: .Op Fl startdate
5416: .Op Fl subject
5417: .Op Fl subject_hash
5418: .Op Fl subject_hash_old
5419: .Op Fl text
5420: .Op Fl trustout
5421: .Op Fl x509toreq
5422: .nr nS 0
5423: .Pp
5424: The
5425: .Nm x509
5426: command is a multi-purpose certificate utility.
5427: It can be used to display certificate information, convert certificates to
5428: various forms, sign certificate requests like a
5429: .Qq mini CA ,
5430: or edit certificate trust settings.
5431: .Pp
1.80 jmc 5432: The following are x509 input, output, and general purpose options:
1.1 jsing 5433: .Bl -tag -width "XXXX"
5434: .It Fl in Ar file
1.80 jmc 5435: The input file to read from,
5436: or standard input if not specified.
5437: .It Fl inform Cm der | net | pem
5438: The input format.
1.1 jsing 5439: Normally, the command will expect an X.509 certificate,
5440: but this can change if other options such as
5441: .Fl req
5442: are present.
1.29 bcook 5443: .It Fl md5 | sha1
1.1 jsing 5444: The digest to use.
5445: This affects any signing or display option that uses a message digest,
5446: such as the
5447: .Fl fingerprint , signkey ,
5448: and
5449: .Fl CA
5450: options.
5451: If not specified, MD5 is used.
1.80 jmc 5452: SHA1 is always used with DSA keys.
1.1 jsing 5453: .It Fl out Ar file
1.80 jmc 5454: The output file to write to,
5455: or standard output if none is specified.
5456: .It Fl outform Cm der | net | pem
5457: The output format.
1.1 jsing 5458: .It Fl passin Ar arg
5459: The key password source.
5460: .El
1.80 jmc 5461: .Pp
5462: The following are x509 display options:
1.1 jsing 5463: .Bl -tag -width "XXXX"
5464: .It Fl C
1.80 jmc 5465: Output the certificate in the form of a C source file.
1.1 jsing 5466: .It Fl certopt Ar option
5467: Customise the output format used with
1.80 jmc 5468: .Fl text ,
5469: either using a list of comma-separated options or by specifying
1.1 jsing 5470: .Fl certopt
1.80 jmc 5471: multiple times.
5472: The default behaviour is to print all fields.
5473: The options are as follows:
5474: .Pp
5475: .Bl -tag -width "no_extensions" -offset indent -compact
5476: .It Cm ca_default
5477: Equivalent to
5478: .Cm no_issuer , no_pubkey , no_header ,
5479: .Cm no_version , no_sigdump ,
5480: and
5481: .Cm no_signame .
5482: .It Cm compatible
5483: Equivalent to no output options at all.
5484: .It Cm ext_default
5485: Print unsupported certificate extensions.
5486: .It Cm ext_dump
5487: Hex dump unsupported extensions.
5488: .It Cm ext_error
5489: Print an error message for unsupported certificate extensions.
5490: .It Cm ext_parse
1.84 jmc 5491: ASN.1 parse unsupported extensions.
1.80 jmc 5492: .It Cm no_aux
5493: Do not print certificate trust information.
5494: .It Cm no_extensions
5495: Do not print X509V3 extensions.
5496: .It Cm no_header
5497: Do not print header (Certificate and Data) information.
5498: .It Cm no_issuer
5499: Do not print the issuer name.
5500: .It Cm no_pubkey
5501: Do not print the public key.
5502: .It Cm no_serial
5503: Do not print the serial number.
5504: .It Cm no_sigdump
5505: Do not give a hexadecimal dump of the certificate signature.
5506: .It Cm no_signame
5507: Do not print the signature algorithm used.
5508: .It Cm no_subject
5509: Do not print the subject name.
5510: .It Cm no_validity
5511: Do not print the
5512: .Cm notBefore
5513: and
5514: .Cm notAfter
5515: (validity) fields.
5516: .It Cm no_version
5517: Do not print the version number.
5518: .El
1.1 jsing 5519: .It Fl dates
1.80 jmc 5520: Print the start and expiry date of a certificate.
1.1 jsing 5521: .It Fl email
1.80 jmc 5522: Output the email addresses, if any.
1.1 jsing 5523: .It Fl enddate
1.80 jmc 5524: Print the expiry date of the certificate; that is, the
5525: .Cm notAfter
1.1 jsing 5526: date.
5527: .It Fl fingerprint
1.80 jmc 5528: Print the digest of the DER-encoded version of the whole certificate.
1.1 jsing 5529: .It Fl hash
5530: A synonym for
1.80 jmc 5531: .Fl subject_hash .
1.1 jsing 5532: .It Fl issuer
1.80 jmc 5533: Print the issuer name.
1.1 jsing 5534: .It Fl issuer_hash
1.80 jmc 5535: Print the hash of the certificate issuer name.
1.1 jsing 5536: .It Fl issuer_hash_old
1.80 jmc 5537: Print the hash of the certificate issuer name
5538: using the older algorithm as used by
5539: .Nm openssl
1.1 jsing 5540: versions before 1.0.0.
5541: .It Fl modulus
1.80 jmc 5542: Print the value of the modulus of the public key contained in the certificate.
1.1 jsing 5543: .It Fl nameopt Ar option
1.80 jmc 5544: Customise how the subject or issuer names are displayed,
5545: either using a list of comma-separated options or by specifying
1.1 jsing 5546: .Fl nameopt
1.80 jmc 5547: multiple times.
5548: The default behaviour is to use the
5549: .Cm oneline
5550: format.
5551: The options,
5552: which can be preceded by a dash to turn them off,
5553: are as follows:
5554: .Bl -tag -width "XXXX"
5555: .It Cm align
5556: Align field values for a more readable output.
5557: Only usable with
5558: .Ar sep_multiline .
5559: .It Cm compat
5560: Use the old format,
5561: equivalent to specifying no options at all.
5562: .It Cm dn_rev
5563: Reverse the fields of the DN, as required by RFC 2253.
5564: As a side effect, this also reverses the order of multiple AVAs.
5565: .It Cm dump_all
5566: Dump all fields.
5567: When used with
5568: .Ar dump_der ,
5569: it allows the DER encoding of the structure to be unambiguously determined.
5570: .It Cm dump_der
5571: Any fields that need to be hexdumped are
5572: dumped using the DER encoding of the field.
5573: Otherwise just the content octets will be displayed.
5574: Both options use the RFC 2253 #XXXX... format.
5575: .It Cm dump_nostr
5576: Dump non-character string types
5577: (for example OCTET STRING);
5578: usually, non-character string types are displayed
5579: as though each content octet represents a single character.
5580: .It Cm dump_unknown
5581: Dump any field whose OID is not recognised by
5582: .Nm openssl .
5583: .It Cm esc_2253
5584: Escape the
5585: .Qq special
5586: characters required by RFC 2253 in a field that is
5587: .Dq \& ,+"<>; .
5588: Additionally,
5589: .Sq #
5590: is escaped at the beginning of a string
5591: and a space character at the beginning or end of a string.
5592: .It Cm esc_ctrl
5593: Escape control characters.
5594: That is, those with ASCII values less than 0x20 (space)
5595: and the delete (0x7f) character.
5596: They are escaped using the RFC 2253 \eXX notation (where XX are two hex
5597: digits representing the character value).
5598: .It Cm esc_msb
5599: Escape characters with the MSB set; that is, with ASCII values larger than
5600: 127.
5601: .It Cm multiline
5602: A multiline format.
5603: Equivalent to
5604: .Cm esc_ctrl , esc_msb , sep_multiline ,
5605: .Cm space_eq , lname ,
5606: and
5607: .Cm align .
5608: .It Cm no_type
5609: Do not attempt to interpret multibyte characters.
5610: That is, content octets are merely dumped as though one octet
5611: represents each character.
5612: This is useful for diagnostic purposes
5613: but results in rather odd looking output.
5614: .It Cm nofname , sname , lname , oid
5615: Alter how the field name is displayed:
5616: .Cm nofname
5617: does not display the field at all;
5618: .Cm sname
5619: uses the short name form (CN for
5620: .Cm commonName ,
5621: for example);
5622: .Cm lname
5623: uses the long form.
5624: .Cm oid
5625: represents the OID in numerical form and is useful for diagnostic purpose.
5626: .It Cm oneline
5627: A one line format which is more readable than
5628: .Cm RFC2253 .
5629: Equivalent to
5630: .Cm esc_2253 , esc_ctrl , esc_msb , utf8 ,
5631: .Cm dump_nostr , dump_der , use_quote , sep_comma_plus_spc ,
5632: .Cm space_eq ,
5633: and
5634: .Cm sname .
5635: .It Cm RFC2253
5636: Displays names compatible with RFC 2253.
5637: Equivalent to
5638: .Cm esc_2253 , esc_ctrl ,
5639: .Cm esc_msb , utf8 , dump_nostr , dump_unknown ,
5640: .Cm dump_der , sep_comma_plus , dn_rev ,
5641: and
5642: .Cm sname .
5643: .It Cm sep_comma_plus , sep_comma_plus_space , sep_semi_plus_space , sep_multiline
5644: Determine the field separators:
5645: the first character is between RDNs and the second between multiple AVAs
5646: (multiple AVAs are very rare and their use is discouraged).
5647: The options ending in
5648: .Qq space
5649: additionally place a space after the separator to make it more readable.
5650: .Cm sep_multiline
5651: uses a linefeed character for the RDN separator and a spaced
5652: .Sq +
5653: for the AVA separator,
5654: as well as indenting the fields by four characters.
5655: .It Cm show_type
1.84 jmc 5656: Show the type of the ASN.1 character string.
1.80 jmc 5657: The type precedes the field contents.
5658: For example
5659: .Qq BMPSTRING: Hello World .
5660: .It Cm space_eq
5661: Place spaces round the
5662: .Sq =
5663: character which follows the field name.
5664: .It Cm use_quote
5665: Escape some characters by surrounding the whole string with
5666: .Sq \&"
5667: characters.
5668: Without the option, all escaping is done with the
5669: .Sq \e
5670: character.
5671: .It Cm utf8
5672: Convert all strings to UTF8 format first, as required by RFC 2253.
5673: On a UTF8 compatible terminal,
5674: the use of this option (and not setting
5675: .Cm esc_msb )
5676: may result in the correct display of multibyte characters.
5677: Usually, multibyte characters larger than 0xff
5678: are represented using the format \eUXXXX for 16 bits and \eWXXXXXXXX
5679: for 32 bits,
5680: and any UTF8Strings are converted to their character form first.
5681: .El
1.1 jsing 5682: .It Fl noout
1.80 jmc 5683: Do not output the encoded version of the request.
1.1 jsing 5684: .It Fl ocsp_uri
1.80 jmc 5685: Print the OCSP responder addresses, if any.
1.1 jsing 5686: .It Fl ocspid
5687: Print OCSP hash values for the subject name and public key.
5688: .It Fl pubkey
1.80 jmc 5689: Print the public key.
1.1 jsing 5690: .It Fl serial
1.80 jmc 5691: Print the certificate serial number.
1.1 jsing 5692: .It Fl startdate
1.80 jmc 5693: Print the start date of the certificate; that is, the
5694: .Cm notBefore
1.1 jsing 5695: date.
5696: .It Fl subject
1.80 jmc 5697: Print the subject name.
1.1 jsing 5698: .It Fl subject_hash
1.80 jmc 5699: Print the hash of the certificate subject name.
1.1 jsing 5700: This is used in
1.80 jmc 5701: .Nm openssl
1.1 jsing 5702: to form an index to allow certificates in a directory to be looked up
5703: by subject name.
5704: .It Fl subject_hash_old
1.80 jmc 5705: Print the hash of the certificate subject name
5706: using the older algorithm as used by
5707: .Nm openssl
1.1 jsing 5708: versions before 1.0.0.
5709: .It Fl text
1.80 jmc 5710: Print the full certificate in text form.
1.1 jsing 5711: .El
5712: .Pp
1.80 jmc 5713: A trusted certificate is a certificate which has several
1.1 jsing 5714: additional pieces of information attached to it such as the permitted
1.80 jmc 5715: and prohibited uses of the certificate and an alias.
5716: When a certificate is being verified at least one certificate must be trusted.
5717: By default, a trusted certificate must be stored locally and be a root CA.
5718: The following are x509 trust settings options:
1.1 jsing 5719: .Bl -tag -width "XXXX"
5720: .It Fl addreject Ar arg
1.80 jmc 5721: Add a prohibited use.
5722: Accepts the same values as the
1.1 jsing 5723: .Fl addtrust
5724: option.
5725: .It Fl addtrust Ar arg
1.80 jmc 5726: Add a trusted certificate use.
1.1 jsing 5727: Any object name can be used here, but currently only
1.80 jmc 5728: .Cm clientAuth
5729: (SSL client use),
5730: .Cm serverAuth
5731: (SSL server use),
5732: and
5733: .Cm emailProtection
5734: (S/MIME email) are used.
1.1 jsing 5735: .It Fl alias
1.80 jmc 5736: Output the certificate alias.
1.1 jsing 5737: .It Fl clrreject
1.80 jmc 5738: Clear all the prohibited or rejected uses of the certificate.
1.1 jsing 5739: .It Fl clrtrust
1.80 jmc 5740: Clear all the permitted or trusted uses of the certificate.
1.1 jsing 5741: .It Fl purpose
1.80 jmc 5742: Perform tests on the certificate extensions.
5743: The same code is used when verifying untrusted certificates in chains,
5744: so this section is useful if a chain is rejected by the verify code.
5745: .Pp
5746: The
5747: .Cm basicConstraints
5748: extension CA flag is used to determine whether the
5749: certificate can be used as a CA.
5750: If the CA flag is true, it is a CA;
5751: if the CA flag is false, it is not a CA.
5752: All CAs should have the CA flag set to true.
5753: .Pp
5754: If the
5755: .Cm basicConstraints
5756: extension is absent, then the certificate is
5757: considered to be a possible CA;
5758: other extensions are checked according to the intended use of the certificate.
5759: A warning is given in this case because the certificate should really not
5760: be regarded as a CA.
5761: However it is allowed to be a CA to work around some broken software.
5762: .Pp
5763: If the certificate is a V1 certificate
5764: (and thus has no extensions) and it is self-signed,
5765: it is also assumed to be a CA but a warning is again given.
5766: This is to work around the problem of Verisign roots
5767: which are V1 self-signed certificates.
5768: .Pp
5769: If the
5770: .Cm keyUsage
5771: extension is present, then additional restraints are
5772: made on the uses of the certificate.
5773: A CA certificate must have the
5774: .Cm keyCertSign
5775: bit set if the
5776: .Cm keyUsage
5777: extension is present.
5778: .Pp
5779: The extended key usage extension places additional restrictions on the
5780: certificate uses.
5781: If this extension is present, whether critical or not,
5782: the key can only be used for the purposes specified.
5783: .Pp
5784: A complete description of each test is given below.
5785: The comments about
5786: .Cm basicConstraints
5787: and
5788: .Cm keyUsage
5789: and V1 certificates above apply to all CA certificates.
5790: .Bl -tag -width "XXXX"
5791: .It SSL Client
5792: The extended key usage extension must be absent or include the
5793: web client authentication OID.
5794: .Cm keyUsage
5795: must be absent or it must have the
5796: .Cm digitalSignature
5797: bit set.
5798: The Netscape certificate type must be absent
5799: or it must have the SSL client bit set.
5800: .It SSL Client CA
5801: The extended key usage extension must be absent or include the
5802: web client authentication OID.
5803: The Netscape certificate type must be absent
5804: or it must have the SSL CA bit set:
5805: this is used as a workaround if the
5806: .Cm basicConstraints
5807: extension is absent.
5808: .It SSL Server
5809: The extended key usage extension must be absent or include the
5810: web server authentication and/or one of the SGC OIDs.
5811: .Cm keyUsage
5812: must be absent or it must have the
5813: .Cm digitalSignature
5814: set, the
5815: .Cm keyEncipherment
5816: set, or both bits set.
5817: The Netscape certificate type must be absent or have the SSL server bit set.
5818: .It SSL Server CA
5819: The extended key usage extension must be absent or include the
5820: web server authentication and/or one of the SGC OIDs.
5821: The Netscape certificate type must be absent or the SSL CA bit must be set:
5822: this is used as a workaround if the
5823: .Cm basicConstraints
5824: extension is absent.
5825: .It Netscape SSL Server
5826: For Netscape SSL clients to connect to an SSL server; it must have the
5827: .Cm keyEncipherment
5828: bit set if the
5829: .Cm keyUsage
5830: extension is present.
5831: This isn't always valid because some cipher suites use the key for
5832: digital signing.
5833: Otherwise it is the same as a normal SSL server.
5834: .It Common S/MIME Client Tests
5835: The extended key usage extension must be absent or include the
5836: email protection OID.
5837: The Netscape certificate type must be absent or should have the S/MIME bit set.
5838: If the S/MIME bit is not set in Netscape certificate type, then the SSL
5839: client bit is tolerated as an alternative but a warning is shown:
5840: this is because some Verisign certificates don't set the S/MIME bit.
5841: .It S/MIME Signing
5842: In addition to the common S/MIME client tests, the
5843: .Cm digitalSignature
5844: bit must be set if the
5845: .Cm keyUsage
5846: extension is present.
5847: .It S/MIME Encryption
5848: In addition to the common S/MIME tests, the
5849: .Cm keyEncipherment
5850: bit must be set if the
5851: .Cm keyUsage
5852: extension is present.
5853: .It S/MIME CA
5854: The extended key usage extension must be absent or include the
5855: email protection OID.
5856: The Netscape certificate type must be absent
5857: or must have the S/MIME CA bit set:
5858: this is used as a workaround if the
5859: .Cm basicConstraints
5860: extension is absent.
5861: .It CRL Signing
5862: The
5863: .Cm keyUsage
5864: extension must be absent or it must have the CRL signing bit set.
5865: .It CRL Signing CA
5866: The normal CA tests apply, except the
5867: .Cm basicConstraints
5868: extension must be present.
5869: .El
1.1 jsing 5870: .It Fl setalias Ar arg
1.80 jmc 5871: Set the alias of the certificate,
5872: allowing the certificate to be referred to using a nickname,
5873: such as
1.1 jsing 5874: .Qq Steve's Certificate .
5875: .It Fl trustout
1.80 jmc 5876: Output a trusted certificate
5877: (the default if any trust settings are modified).
1.1 jsing 5878: An ordinary or trusted certificate can be input, but by default an ordinary
5879: certificate is output and any trust settings are discarded.
5880: .El
1.80 jmc 5881: .Pp
1.1 jsing 5882: The
5883: .Nm x509
1.80 jmc 5884: utility can be used to sign certificates and requests:
5885: it can thus behave like a mini CA.
5886: The following are x509 signing options:
1.1 jsing 5887: .Bl -tag -width "XXXX"
5888: .It Fl CA Ar file
1.80 jmc 5889: The CA certificate to be used for signing.
1.1 jsing 5890: When this option is present,
5891: .Nm x509
1.80 jmc 5892: behaves like a mini CA.
1.1 jsing 5893: The input file is signed by the CA using this option;
5894: that is, its issuer name is set to the subject name of the CA and it is
5895: digitally signed using the CA's private key.
5896: .Pp
5897: This option is normally combined with the
5898: .Fl req
5899: option.
5900: Without the
5901: .Fl req
5902: option, the input is a certificate which must be self-signed.
5903: .It Fl CAcreateserial
1.80 jmc 5904: Create the CA serial number file if it does not exist
5905: instead of generating an error.
5906: The file will contain the serial number
1.1 jsing 5907: .Sq 02
5908: and the certificate being signed will have
5909: .Sq 1
5910: as its serial number.
1.80 jmc 5911: .It Fl CAform Cm der | pem
1.1 jsing 5912: The format of the CA certificate file.
5913: The default is
1.80 jmc 5914: .Cm pem .
1.1 jsing 5915: .It Fl CAkey Ar file
1.80 jmc 5916: Set the CA private key to sign a certificate with.
5917: Otherwise it is assumed that the CA private key is present
5918: in the CA certificate file.
5919: .It Fl CAkeyform Cm der | pem
1.1 jsing 5920: The format of the CA private key.
5921: The default is
1.80 jmc 5922: .Cm pem .
1.1 jsing 5923: .It Fl CAserial Ar file
1.80 jmc 5924: Use the serial number in
5925: .Ar file
5926: to sign a certificate.
5927: The file should consist of one line containing an even number of hex digits
1.1 jsing 5928: with the serial number to use.
5929: After each use the serial number is incremented and written out
5930: to the file again.
5931: .Pp
5932: The default filename consists of the CA certificate file base name with
5933: .Pa .srl
5934: appended.
5935: For example, if the CA certificate file is called
5936: .Pa mycacert.pem ,
5937: it expects to find a serial number file called
5938: .Pa mycacert.srl .
5939: .It Fl checkend Ar arg
5940: Check whether the certificate expires in the next
5941: .Ar arg
5942: seconds.
5943: If so, exit with return value 1;
5944: otherwise exit with return value 0.
5945: .It Fl clrext
5946: Delete any extensions from a certificate.
5947: This option is used when a certificate is being created from another
5948: certificate (for example with the
5949: .Fl signkey
5950: or the
5951: .Fl CA
5952: options).
5953: Normally, all extensions are retained.
5954: .It Fl days Ar arg
1.80 jmc 5955: The number of days to make a certificate valid for.
1.1 jsing 5956: The default is 30 days.
5957: .It Fl extensions Ar section
5958: The section to add certificate extensions from.
5959: If this option is not specified, the extensions should either be
1.80 jmc 5960: contained in the unnamed (default) section
5961: or the default section should contain a variable called
1.1 jsing 5962: .Qq extensions
5963: which contains the section to use.
5964: .It Fl extfile Ar file
5965: File containing certificate extensions to use.
5966: If not specified, no extensions are added to the certificate.
1.80 jmc 5967: .It Fl keyform Cm der | pem
5968: The format of the private key file used in the
1.1 jsing 5969: .Fl signkey
5970: option.
5971: .It Fl req
1.80 jmc 5972: Expect a certificate request on input instead of a certificate.
1.1 jsing 5973: .It Fl set_serial Ar n
1.80 jmc 5974: The serial number to use.
1.1 jsing 5975: This option can be used with either the
5976: .Fl signkey
5977: or
5978: .Fl CA
5979: options.
5980: If used in conjunction with the
5981: .Fl CA
5982: option, the serial number file (as specified by the
5983: .Fl CAserial
5984: or
5985: .Fl CAcreateserial
5986: options) is not used.
5987: .Pp
5988: The serial number can be decimal or hex (if preceded by
5989: .Sq 0x ) .
5990: Negative serial numbers can also be specified but their use is not recommended.
5991: .It Fl signkey Ar file
1.80 jmc 5992: Self-sign
5993: .Ar file
5994: using the supplied private key.
1.1 jsing 5995: .Pp
5996: If the input file is a certificate, it sets the issuer name to the
1.80 jmc 5997: subject name (i.e. makes it self-signed),
1.1 jsing 5998: changes the public key to the supplied value,
5999: and changes the start and end dates.
6000: The start date is set to the current time and the end date is set to
6001: a value determined by the
6002: .Fl days
6003: option.
6004: Any certificate extensions are retained unless the
6005: .Fl clrext
6006: option is supplied.
6007: .Pp
6008: If the input is a certificate request, a self-signed certificate
6009: is created using the supplied private key using the subject name in
6010: the request.
6011: .It Fl x509toreq
1.80 jmc 6012: Convert a certificate into a certificate request.
1.1 jsing 6013: The
6014: .Fl signkey
6015: option is used to pass the required private key.
6016: .El
1.38 jmc 6017: .Sh COMMON NOTATION
6018: Several commands share a common syntax,
6019: as detailed below.
6020: .Pp
6021: Password arguments, typically specified using
1.33 jmc 6022: .Fl passin
6023: and
6024: .Fl passout
1.38 jmc 6025: for input and output passwords,
6026: allow passwords to be obtained from a variety of sources.
6027: Both of these options take a single argument, described below.
1.33 jmc 6028: If no password argument is given and a password is required,
6029: then the user is prompted to enter one:
6030: this will typically be read from the current terminal with echoing turned off.
1.38 jmc 6031: .Bl -tag -width "pass:password" -offset indent
6032: .It Cm pass : Ns Ar password
1.33 jmc 6033: The actual password is
6034: .Ar password .
1.38 jmc 6035: Since the password is visible to utilities,
1.33 jmc 6036: this form should only be used where security is not important.
1.38 jmc 6037: .It Cm env : Ns Ar var
1.33 jmc 6038: Obtain the password from the environment variable
6039: .Ar var .
1.38 jmc 6040: Since the environment of other processes is visible,
6041: this option should be used with caution.
6042: .It Cm file : Ns Ar path
1.33 jmc 6043: The first line of
6044: .Ar path
6045: is the password.
6046: If the same
6047: .Ar path
6048: argument is supplied to
6049: .Fl passin
6050: and
6051: .Fl passout ,
6052: then the first line will be used for the input password and the next line
6053: for the output password.
6054: .Ar path
6055: need not refer to a regular file:
6056: it could, for example, refer to a device or named pipe.
1.38 jmc 6057: .It Cm fd : Ns Ar number
1.33 jmc 6058: Read the password from the file descriptor
6059: .Ar number .
1.38 jmc 6060: This can be used to send the data via a pipe, for example.
6061: .It Cm stdin
1.33 jmc 6062: Read the password from standard input.
1.35 jmc 6063: .El
1.38 jmc 6064: .Pp
1.64 jmc 6065: Input/output formats,
1.38 jmc 6066: typically specified using
6067: .Fl inform
6068: and
6069: .Fl outform ,
1.64 jmc 6070: indicate the format being read from or written to.
1.38 jmc 6071: The argument is case insensitive.
6072: .Pp
6073: .Bl -tag -width Ds -offset indent -compact
6074: .It Cm der
6075: Distinguished Encoding Rules (DER)
6076: is a binary format.
1.64 jmc 6077: .It Cm net
6078: Insecure legacy format.
1.38 jmc 6079: .It Cm pem
6080: Privacy Enhanced Mail (PEM)
6081: is base64-encoded.
1.70 jmc 6082: .It Cm smime
6083: An SMIME format message.
1.38 jmc 6084: .It Cm txt
6085: Plain ASCII text.
6086: .El
1.35 jmc 6087: .Sh ENVIRONMENT
6088: The following environment variables affect the execution of
6089: .Nm openssl :
1.38 jmc 6090: .Bl -tag -width "/etc/ssl/openssl.cnf"
1.35 jmc 6091: .It Ev OPENSSL_CONF
6092: The location of the master configuration file.
1.33 jmc 6093: .El
1.1 jsing 6094: .Sh FILES
6095: .Bl -tag -width "/etc/ssl/openssl.cnf" -compact
1.17 sobrado 6096: .It Pa /etc/ssl/
1.1 jsing 6097: Default config directory for
6098: .Nm openssl .
1.17 sobrado 6099: .It Pa /etc/ssl/lib/
1.1 jsing 6100: Unused.
1.17 sobrado 6101: .It Pa /etc/ssl/private/
1.1 jsing 6102: Default private key directory.
1.17 sobrado 6103: .It Pa /etc/ssl/openssl.cnf
1.1 jsing 6104: Default configuration file for
6105: .Nm openssl .
1.17 sobrado 6106: .It Pa /etc/ssl/x509v3.cnf
1.1 jsing 6107: Default configuration file for
6108: .Nm x509
6109: certificates.
6110: .El
6111: .Sh SEE ALSO
1.74 jmc 6112: .Xr acme-client 1 ,
1.26 jmc 6113: .Xr nc 1 ,
1.90 schwarze 6114: .Xr openssl.cnf 5 ,
6115: .Xr x509v3.cnf 5 ,
1.1 jsing 6116: .Xr ssl 8 ,
6117: .Xr starttls 8
6118: .Sh STANDARDS
6119: .Rs
6120: .%A T. Dierks
6121: .%A C. Allen
6122: .%D January 1999
6123: .%R RFC 2246
6124: .%T The TLS Protocol Version 1.0
6125: .Re
6126: .Pp
6127: .Rs
6128: .%A M. Wahl
6129: .%A S. Killie
6130: .%A T. Howes
6131: .%D December 1997
6132: .%R RFC 2253
6133: .%T Lightweight Directory Access Protocol (v3): UTF-8 String Representation of Distinguished Names
6134: .Re
6135: .Pp
6136: .Rs
6137: .%A B. Kaliski
6138: .%D March 1998
6139: .%R RFC 2315
6140: .%T PKCS #7: Cryptographic Message Syntax Version 1.5
6141: .Re
6142: .Pp
6143: .Rs
6144: .%A R. Housley
6145: .%A W. Ford
6146: .%A W. Polk
6147: .%A D. Solo
6148: .%D January 1999
6149: .%R RFC 2459
6150: .%T Internet X.509 Public Key Infrastructure Certificate and CRL Profile
6151: .Re
6152: .Pp
6153: .Rs
6154: .%A M. Myers
6155: .%A R. Ankney
6156: .%A A. Malpani
6157: .%A S. Galperin
6158: .%A C. Adams
6159: .%D June 1999
6160: .%R RFC 2560
6161: .%T X.509 Internet Public Key Infrastructure Online Certificate Status Protocol \(en OCSP
6162: .Re
6163: .Pp
6164: .Rs
6165: .%A R. Housley
6166: .%D June 1999
6167: .%R RFC 2630
6168: .%T Cryptographic Message Syntax
6169: .Re
6170: .Pp
6171: .Rs
6172: .%A P. Chown
6173: .%D June 2002
6174: .%R RFC 3268
1.24 jmc 6175: .%T Advanced Encryption Standard (AES) Ciphersuites for Transport Layer Security (TLS)
1.1 jsing 6176: .Re