OLD | NEW |
1 | 1 |
2 =pod | 2 =pod |
3 | 3 |
4 =head1 NAME | 4 =head1 NAME |
5 | 5 |
6 openssl - OpenSSL command line tool | 6 openssl - OpenSSL command line tool |
7 | 7 |
8 =head1 SYNOPSIS | 8 =head1 SYNOPSIS |
9 | 9 |
10 B<openssl> | 10 B<openssl> |
11 I<command> | 11 I<command> |
12 [ I<command_opts> ] | 12 [ I<command_opts> ] |
13 [ I<command_args> ] | 13 [ I<command_args> ] |
14 | 14 |
15 B<openssl> [ B<list-standard-commands> | B<list-message-digest-commands> | B<lis
t-cipher-commands> ] | 15 B<openssl> [ B<list-standard-commands> | B<list-message-digest-commands> | B<lis
t-cipher-commands> | B<list-cipher-algorithms> | B<list-message-digest-algorithm
s> | B<list-public-key-algorithms>] |
16 | 16 |
17 B<openssl> B<no->I<XXX> [ I<arbitrary options> ] | 17 B<openssl> B<no->I<XXX> [ I<arbitrary options> ] |
18 | 18 |
19 =head1 DESCRIPTION | 19 =head1 DESCRIPTION |
20 | 20 |
21 OpenSSL is a cryptography toolkit implementing the Secure Sockets Layer (SSL | 21 OpenSSL is a cryptography toolkit implementing the Secure Sockets Layer (SSL |
22 v2/v3) and Transport Layer Security (TLS v1) network protocols and related | 22 v2/v3) and Transport Layer Security (TLS v1) network protocols and related |
23 cryptography standards required by them. | 23 cryptography standards required by them. |
24 | 24 |
25 The B<openssl> program is a command line tool for using the various | 25 The B<openssl> program is a command line tool for using the various |
26 cryptography functions of OpenSSL's B<crypto> library from the shell. | 26 cryptography functions of OpenSSL's B<crypto> library from the shell. |
27 It can be used for | 27 It can be used for |
28 | 28 |
29 o Creation of RSA, DH and DSA key parameters | 29 o Creation and management of private keys, public keys and parameters |
| 30 o Public key cryptographic operations |
30 o Creation of X.509 certificates, CSRs and CRLs | 31 o Creation of X.509 certificates, CSRs and CRLs |
31 o Calculation of Message Digests | 32 o Calculation of Message Digests |
32 o Encryption and Decryption with Ciphers | 33 o Encryption and Decryption with Ciphers |
33 o SSL/TLS Client and Server Tests | 34 o SSL/TLS Client and Server Tests |
34 o Handling of S/MIME signed or encrypted mail | 35 o Handling of S/MIME signed or encrypted mail |
| 36 o Time Stamp requests, generation and verification |
35 | 37 |
36 =head1 COMMAND SUMMARY | 38 =head1 COMMAND SUMMARY |
37 | 39 |
38 The B<openssl> program provides a rich variety of commands (I<command> in the | 40 The B<openssl> program provides a rich variety of commands (I<command> in the |
39 SYNOPSIS above), each of which often has a wealth of options and arguments | 41 SYNOPSIS above), each of which often has a wealth of options and arguments |
40 (I<command_opts> and I<command_args> in the SYNOPSIS). | 42 (I<command_opts> and I<command_args> in the SYNOPSIS). |
41 | 43 |
42 The pseudo-commands B<list-standard-commands>, B<list-message-digest-commands>, | 44 The pseudo-commands B<list-standard-commands>, B<list-message-digest-commands>, |
43 and B<list-cipher-commands> output a list (one entry per line) of the names | 45 and B<list-cipher-commands> output a list (one entry per line) of the names |
44 of all standard commands, message digest commands, or cipher commands, | 46 of all standard commands, message digest commands, or cipher commands, |
45 respectively, that are available in the present B<openssl> utility. | 47 respectively, that are available in the present B<openssl> utility. |
46 | 48 |
| 49 The pseudo-commands B<list-cipher-algorithms> and |
| 50 B<list-message-digest-algorithms> list all cipher and message digest names, one
entry per line. Aliases are listed as: |
| 51 |
| 52 from => to |
| 53 |
| 54 The pseudo-command B<list-public-key-algorithms> lists all supported public |
| 55 key algorithms. |
| 56 |
47 The pseudo-command B<no->I<XXX> tests whether a command of the | 57 The pseudo-command B<no->I<XXX> tests whether a command of the |
48 specified name is available. If no command named I<XXX> exists, it | 58 specified name is available. If no command named I<XXX> exists, it |
49 returns 0 (success) and prints B<no->I<XXX>; otherwise it returns 1 | 59 returns 0 (success) and prints B<no->I<XXX>; otherwise it returns 1 |
50 and prints I<XXX>. In both cases, the output goes to B<stdout> and | 60 and prints I<XXX>. In both cases, the output goes to B<stdout> and |
51 nothing is printed to B<stderr>. Additional command line arguments | 61 nothing is printed to B<stderr>. Additional command line arguments |
52 are always ignored. Since for each cipher there is a command of the | 62 are always ignored. Since for each cipher there is a command of the |
53 same name, this provides an easy way for shell scripts to test for the | 63 same name, this provides an easy way for shell scripts to test for the |
54 availability of ciphers in the B<openssl> program. (B<no->I<XXX> is | 64 availability of ciphers in the B<openssl> program. (B<no->I<XXX> is |
55 not able to detect pseudo-commands such as B<quit>, | 65 not able to detect pseudo-commands such as B<quit>, |
56 B<list->I<...>B<-commands>, or B<no->I<XXX> itself.) | 66 B<list->I<...>B<-commands>, or B<no->I<XXX> itself.) |
57 | 67 |
58 =head2 STANDARD COMMANDS | 68 =head2 STANDARD COMMANDS |
59 | 69 |
60 =over 10 | 70 =over 10 |
61 | 71 |
62 =item L<B<asn1parse>|asn1parse(1)> | 72 =item L<B<asn1parse>|asn1parse(1)> |
63 | 73 |
64 Parse an ASN.1 sequence. | 74 Parse an ASN.1 sequence. |
65 | 75 |
66 =item L<B<ca>|ca(1)> | 76 =item L<B<ca>|ca(1)> |
67 | 77 |
68 Certificate Authority (CA) Management. | 78 Certificate Authority (CA) Management. |
69 | 79 |
70 =item L<B<ciphers>|ciphers(1)> | 80 =item L<B<ciphers>|ciphers(1)> |
71 | 81 |
72 Cipher Suite Description Determination. | 82 Cipher Suite Description Determination. |
73 | 83 |
| 84 =item L<B<cms>|cms(1)> |
| 85 |
| 86 CMS (Cryptographic Message Syntax) utility |
| 87 |
74 =item L<B<crl>|crl(1)> | 88 =item L<B<crl>|crl(1)> |
75 | 89 |
76 Certificate Revocation List (CRL) Management. | 90 Certificate Revocation List (CRL) Management. |
77 | 91 |
78 =item L<B<crl2pkcs7>|crl2pkcs7(1)> | 92 =item L<B<crl2pkcs7>|crl2pkcs7(1)> |
79 | 93 |
80 CRL to PKCS#7 Conversion. | 94 CRL to PKCS#7 Conversion. |
81 | 95 |
82 =item L<B<dgst>|dgst(1)> | 96 =item L<B<dgst>|dgst(1)> |
83 | 97 |
84 Message Digest Calculation. | 98 Message Digest Calculation. |
85 | 99 |
86 =item B<dh> | 100 =item B<dh> |
87 | 101 |
88 Diffie-Hellman Parameter Management. | 102 Diffie-Hellman Parameter Management. |
89 Obsoleted by L<B<dhparam>|dhparam(1)>. | 103 Obsoleted by L<B<dhparam>|dhparam(1)>. |
90 | 104 |
| 105 =item L<B<dhparam>|dhparam(1)> |
| 106 |
| 107 Generation and Management of Diffie-Hellman Parameters. Superseded by |
| 108 L<B<genpkey>|genpkey(1)> and L<B<pkeyparam>|pkeyparam(1)> |
| 109 |
| 110 |
91 =item L<B<dsa>|dsa(1)> | 111 =item L<B<dsa>|dsa(1)> |
92 | 112 |
93 DSA Data Management. | 113 DSA Data Management. |
94 | 114 |
95 =item L<B<dsaparam>|dsaparam(1)> | 115 =item L<B<dsaparam>|dsaparam(1)> |
96 | 116 |
97 DSA Parameter Generation. | 117 DSA Parameter Generation and Management. Superseded by |
| 118 L<B<genpkey>|genpkey(1)> and L<B<pkeyparam>|pkeyparam(1)> |
| 119 |
| 120 =item L<B<ec>|ec(1)> |
| 121 |
| 122 EC (Elliptic curve) key processing |
| 123 |
| 124 =item L<B<ecparam>|ecparam(1)> |
| 125 |
| 126 EC parameter manipulation and generation |
98 | 127 |
99 =item L<B<enc>|enc(1)> | 128 =item L<B<enc>|enc(1)> |
100 | 129 |
101 Encoding with Ciphers. | 130 Encoding with Ciphers. |
102 | 131 |
| 132 =item L<B<engine>|engine(1)> |
| 133 |
| 134 Engine (loadble module) information and manipulation. |
| 135 |
103 =item L<B<errstr>|errstr(1)> | 136 =item L<B<errstr>|errstr(1)> |
104 | 137 |
105 Error Number to Error String Conversion. | 138 Error Number to Error String Conversion. |
106 | 139 |
107 =item L<B<dhparam>|dhparam(1)> | |
108 | |
109 Generation and Management of Diffie-Hellman Parameters. | |
110 | |
111 =item B<gendh> | 140 =item B<gendh> |
112 | 141 |
113 Generation of Diffie-Hellman Parameters. | 142 Generation of Diffie-Hellman Parameters. |
114 Obsoleted by L<B<dhparam>|dhparam(1)>. | 143 Obsoleted by L<B<dhparam>|dhparam(1)>. |
115 | 144 |
116 =item L<B<gendsa>|gendsa(1)> | 145 =item L<B<gendsa>|gendsa(1)> |
117 | 146 |
118 Generation of DSA Parameters. | 147 Generation of DSA Private Key from Parameters. Superseded by |
| 148 L<B<genpkey>|genpkey(1)> and L<B<pkey>|pkey(1)> |
| 149 |
| 150 =item L<B<genpkey>|genpkey(1)> |
| 151 |
| 152 Generation of Private Key or Parameters. |
119 | 153 |
120 =item L<B<genrsa>|genrsa(1)> | 154 =item L<B<genrsa>|genrsa(1)> |
121 | 155 |
122 Generation of RSA Parameters. | 156 Generation of RSA Private Key. Superceded by L<B<genpkey>|genpkey(1)>. |
| 157 |
| 158 =item L<B<nseq>|nseq(1)> |
| 159 |
| 160 Create or examine a netscape certificate sequence |
123 | 161 |
124 =item L<B<ocsp>|ocsp(1)> | 162 =item L<B<ocsp>|ocsp(1)> |
125 | 163 |
126 Online Certificate Status Protocol utility. | 164 Online Certificate Status Protocol utility. |
127 | 165 |
128 =item L<B<passwd>|passwd(1)> | 166 =item L<B<passwd>|passwd(1)> |
129 | 167 |
130 Generation of hashed passwords. | 168 Generation of hashed passwords. |
131 | 169 |
132 =item L<B<pkcs12>|pkcs12(1)> | 170 =item L<B<pkcs12>|pkcs12(1)> |
133 | 171 |
134 PKCS#12 Data Management. | 172 PKCS#12 Data Management. |
135 | 173 |
136 =item L<B<pkcs7>|pkcs7(1)> | 174 =item L<B<pkcs7>|pkcs7(1)> |
137 | 175 |
138 PKCS#7 Data Management. | 176 PKCS#7 Data Management. |
139 | 177 |
| 178 =item L<B<pkey>|pkey(1)> |
| 179 |
| 180 Public and private key management. |
| 181 |
| 182 =item L<B<pkeyparam>|pkeyparam(1)> |
| 183 |
| 184 Public key algorithm parameter management. |
| 185 |
| 186 =item L<B<pkeyutl>|pkeyutl(1)> |
| 187 |
| 188 Public key algorithm cryptographic operation utility. |
| 189 |
140 =item L<B<rand>|rand(1)> | 190 =item L<B<rand>|rand(1)> |
141 | 191 |
142 Generate pseudo-random bytes. | 192 Generate pseudo-random bytes. |
143 | 193 |
144 =item L<B<req>|req(1)> | 194 =item L<B<req>|req(1)> |
145 | 195 |
146 X.509 Certificate Signing Request (CSR) Management. | 196 PKCS#10 X.509 Certificate Signing Request (CSR) Management. |
147 | 197 |
148 =item L<B<rsa>|rsa(1)> | 198 =item L<B<rsa>|rsa(1)> |
149 | 199 |
150 RSA Data Management. | 200 RSA key management. |
| 201 |
151 | 202 |
152 =item L<B<rsautl>|rsautl(1)> | 203 =item L<B<rsautl>|rsautl(1)> |
153 | 204 |
154 RSA utility for signing, verification, encryption, and decryption. | 205 RSA utility for signing, verification, encryption, and decryption. Superseded |
| 206 by L<B<pkeyutl>|pkeyutl(1)> |
155 | 207 |
156 =item L<B<s_client>|s_client(1)> | 208 =item L<B<s_client>|s_client(1)> |
157 | 209 |
158 This implements a generic SSL/TLS client which can establish a transparent | 210 This implements a generic SSL/TLS client which can establish a transparent |
159 connection to a remote server speaking SSL/TLS. It's intended for testing | 211 connection to a remote server speaking SSL/TLS. It's intended for testing |
160 purposes only and provides only rudimentary interface functionality but | 212 purposes only and provides only rudimentary interface functionality but |
161 internally uses mostly all functionality of the OpenSSL B<ssl> library. | 213 internally uses mostly all functionality of the OpenSSL B<ssl> library. |
162 | 214 |
163 =item L<B<s_server>|s_server(1)> | 215 =item L<B<s_server>|s_server(1)> |
164 | 216 |
(...skipping 13 matching lines...) Expand all Loading... |
178 SSL Session Data Management. | 230 SSL Session Data Management. |
179 | 231 |
180 =item L<B<smime>|smime(1)> | 232 =item L<B<smime>|smime(1)> |
181 | 233 |
182 S/MIME mail processing. | 234 S/MIME mail processing. |
183 | 235 |
184 =item L<B<speed>|speed(1)> | 236 =item L<B<speed>|speed(1)> |
185 | 237 |
186 Algorithm Speed Measurement. | 238 Algorithm Speed Measurement. |
187 | 239 |
| 240 =item L<B<spkac>|spkac(1)> |
| 241 |
| 242 SPKAC printing and generating utility |
| 243 |
| 244 =item L<B<ts>|ts(1)> |
| 245 |
| 246 Time Stamping Authority tool (client/server) |
| 247 |
188 =item L<B<verify>|verify(1)> | 248 =item L<B<verify>|verify(1)> |
189 | 249 |
190 X.509 Certificate Verification. | 250 X.509 Certificate Verification. |
191 | 251 |
192 =item L<B<version>|version(1)> | 252 =item L<B<version>|version(1)> |
193 | 253 |
194 OpenSSL Version Information. | 254 OpenSSL Version Information. |
195 | 255 |
196 =item L<B<x509>|x509(1)> | 256 =item L<B<x509>|x509(1)> |
197 | 257 |
(...skipping 22 matching lines...) Expand all Loading... |
220 RMD-160 Digest | 280 RMD-160 Digest |
221 | 281 |
222 =item B<sha> | 282 =item B<sha> |
223 | 283 |
224 SHA Digest | 284 SHA Digest |
225 | 285 |
226 =item B<sha1> | 286 =item B<sha1> |
227 | 287 |
228 SHA-1 Digest | 288 SHA-1 Digest |
229 | 289 |
| 290 =back |
| 291 |
230 =item B<sha224> | 292 =item B<sha224> |
231 | 293 |
232 SHA-224 Digest | 294 SHA-224 Digest |
233 | 295 |
234 =item B<sha256> | 296 =item B<sha256> |
235 | 297 |
236 SHA-256 Digest | 298 SHA-256 Digest |
237 | 299 |
238 =item B<sha384> | 300 =item B<sha384> |
239 | 301 |
240 SHA-384 Digest | 302 SHA-384 Digest |
241 | 303 |
242 =item B<sha512> | 304 =item B<sha512> |
243 | 305 |
244 SHA-512 Digest | 306 SHA-512 Digest |
245 | 307 |
246 =back | |
247 | |
248 =head2 ENCODING AND CIPHER COMMANDS | 308 =head2 ENCODING AND CIPHER COMMANDS |
249 | 309 |
250 =over 10 | 310 =over 10 |
251 | 311 |
252 =item B<base64> | 312 =item B<base64> |
253 | 313 |
254 Base64 Encoding | 314 Base64 Encoding |
255 | 315 |
256 =item B<bf bf-cbc bf-cfb bf-ecb bf-ofb> | 316 =item B<bf bf-cbc bf-cfb bf-ecb bf-ofb> |
257 | 317 |
(...skipping 74 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
332 | 392 |
333 read the password from standard input. | 393 read the password from standard input. |
334 | 394 |
335 =back | 395 =back |
336 | 396 |
337 =head1 SEE ALSO | 397 =head1 SEE ALSO |
338 | 398 |
339 L<asn1parse(1)|asn1parse(1)>, L<ca(1)|ca(1)>, L<config(5)|config(5)>, | 399 L<asn1parse(1)|asn1parse(1)>, L<ca(1)|ca(1)>, L<config(5)|config(5)>, |
340 L<crl(1)|crl(1)>, L<crl2pkcs7(1)|crl2pkcs7(1)>, L<dgst(1)|dgst(1)>, | 400 L<crl(1)|crl(1)>, L<crl2pkcs7(1)|crl2pkcs7(1)>, L<dgst(1)|dgst(1)>, |
341 L<dhparam(1)|dhparam(1)>, L<dsa(1)|dsa(1)>, L<dsaparam(1)|dsaparam(1)>, | 401 L<dhparam(1)|dhparam(1)>, L<dsa(1)|dsa(1)>, L<dsaparam(1)|dsaparam(1)>, |
342 L<enc(1)|enc(1)>, L<gendsa(1)|gendsa(1)>, | 402 L<enc(1)|enc(1)>, L<gendsa(1)|gendsa(1)>, L<genpkey(1)|genpkey(1)>, |
343 L<genrsa(1)|genrsa(1)>, L<nseq(1)|nseq(1)>, L<openssl(1)|openssl(1)>, | 403 L<genrsa(1)|genrsa(1)>, L<nseq(1)|nseq(1)>, L<openssl(1)|openssl(1)>, |
344 L<passwd(1)|passwd(1)>, | 404 L<passwd(1)|passwd(1)>, |
345 L<pkcs12(1)|pkcs12(1)>, L<pkcs7(1)|pkcs7(1)>, L<pkcs8(1)|pkcs8(1)>, | 405 L<pkcs12(1)|pkcs12(1)>, L<pkcs7(1)|pkcs7(1)>, L<pkcs8(1)|pkcs8(1)>, |
346 L<rand(1)|rand(1)>, L<req(1)|req(1)>, L<rsa(1)|rsa(1)>, | 406 L<rand(1)|rand(1)>, L<req(1)|req(1)>, L<rsa(1)|rsa(1)>, |
347 L<rsautl(1)|rsautl(1)>, L<s_client(1)|s_client(1)>, | 407 L<rsautl(1)|rsautl(1)>, L<s_client(1)|s_client(1)>, |
348 L<s_server(1)|s_server(1)>, L<s_time(1)|s_time(1)>, | 408 L<s_server(1)|s_server(1)>, L<s_time(1)|s_time(1)>, |
349 L<smime(1)|smime(1)>, L<spkac(1)|spkac(1)>, | 409 L<smime(1)|smime(1)>, L<spkac(1)|spkac(1)>, |
350 L<verify(1)|verify(1)>, L<version(1)|version(1)>, L<x509(1)|x509(1)>, | 410 L<verify(1)|verify(1)>, L<version(1)|version(1)>, L<x509(1)|x509(1)>, |
351 L<crypto(3)|crypto(3)>, L<ssl(3)|ssl(3)> | 411 L<crypto(3)|crypto(3)>, L<ssl(3)|ssl(3)>, L<x509v3_config(5)|x509v3_config(5)> |
352 | 412 |
353 =head1 HISTORY | 413 =head1 HISTORY |
354 | 414 |
355 The openssl(1) document appeared in OpenSSL 0.9.2. | 415 The openssl(1) document appeared in OpenSSL 0.9.2. |
356 The B<list->I<XXX>B<-commands> pseudo-commands were added in OpenSSL 0.9.3; | 416 The B<list->I<XXX>B<-commands> pseudo-commands were added in OpenSSL 0.9.3; |
| 417 The B<list->I<XXX>B<-algorithms> pseudo-commands were added in OpenSSL 1.0.0; |
357 the B<no->I<XXX> pseudo-commands were added in OpenSSL 0.9.5a. | 418 the B<no->I<XXX> pseudo-commands were added in OpenSSL 0.9.5a. |
358 For notes on the availability of other commands, see their individual | 419 For notes on the availability of other commands, see their individual |
359 manual pages. | 420 manual pages. |
360 | 421 |
361 =cut | 422 =cut |
OLD | NEW |