diff options
author | bcook <> | 2015-09-11 14:30:23 +0000 |
---|---|---|
committer | bcook <> | 2015-09-11 14:30:23 +0000 |
commit | e2fad4e6bdd4e404b3f4c186de52078738af2271 (patch) | |
tree | cc1109842924cab95a77b6863b32de51b6d4f960 /src/usr.bin/openssl/openssl.1 | |
parent | 7cea1ef22b79637be449efa70b99c6deaf74ef10 (diff) | |
download | openbsd-e2fad4e6bdd4e404b3f4c186de52078738af2271.tar.gz openbsd-e2fad4e6bdd4e404b3f4c186de52078738af2271.tar.bz2 openbsd-e2fad4e6bdd4e404b3f4c186de52078738af2271.zip |
Remove engine command and parameters from openssl(1).
We do not have any builtin or dynamic engines, meaning openssl(1) has
no way to use the engine command or parameters at all.
ok jsing@
Diffstat (limited to 'src/usr.bin/openssl/openssl.1')
-rw-r--r-- | src/usr.bin/openssl/openssl.1 | 368 |
1 files changed, 14 insertions, 354 deletions
diff --git a/src/usr.bin/openssl/openssl.1 b/src/usr.bin/openssl/openssl.1 index 89b1979e2e..7e4937207d 100644 --- a/src/usr.bin/openssl/openssl.1 +++ b/src/usr.bin/openssl/openssl.1 | |||
@@ -1,4 +1,4 @@ | |||
1 | .\" $OpenBSD: openssl.1,v 1.21 2015/09/11 06:43:05 jmc Exp $ | 1 | .\" $OpenBSD: openssl.1,v 1.22 2015/09/11 14:30:23 bcook Exp $ |
2 | .\" ==================================================================== | 2 | .\" ==================================================================== |
3 | .\" Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. | 3 | .\" Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. |
4 | .\" | 4 | .\" |
@@ -284,8 +284,6 @@ Elliptic curve (EC) key processing. | |||
284 | EC parameter manipulation and generation. | 284 | EC parameter manipulation and generation. |
285 | .It Cm enc | 285 | .It Cm enc |
286 | Encoding with ciphers. | 286 | Encoding with ciphers. |
287 | .It Cm engine | ||
288 | Engine (loadable module) information and manipulation. | ||
289 | .It Cm errstr | 287 | .It Cm errstr |
290 | Error number to error string conversion. | 288 | Error number to error string conversion. |
291 | .It Cm gendh | 289 | .It Cm gendh |
@@ -703,7 +701,6 @@ The output of some ASN.1 types is not well handled | |||
703 | .Op Fl crlhours Ar hours | 701 | .Op Fl crlhours Ar hours |
704 | .Op Fl days Ar arg | 702 | .Op Fl days Ar arg |
705 | .Op Fl enddate Ar date | 703 | .Op Fl enddate Ar date |
706 | .Op Fl engine Ar id | ||
707 | .Op Fl extensions Ar section | 704 | .Op Fl extensions Ar section |
708 | .Op Fl extfile Ar section | 705 | .Op Fl extfile Ar section |
709 | .Op Fl gencrl | 706 | .Op Fl gencrl |
@@ -711,7 +708,7 @@ The output of some ASN.1 types is not well handled | |||
711 | .Op Fl infiles | 708 | .Op Fl infiles |
712 | .Op Fl key Ar keyfile | 709 | .Op Fl key Ar keyfile |
713 | .Op Fl keyfile Ar arg | 710 | .Op Fl keyfile Ar arg |
714 | .Op Fl keyform Ar ENGINE | PEM | 711 | .Op Fl keyform Ar PEM |
715 | .Op Fl md Ar arg | 712 | .Op Fl md Ar arg |
716 | .Op Fl msie_hack | 713 | .Op Fl msie_hack |
717 | .Op Fl name Ar section | 714 | .Op Fl name Ar section |
@@ -757,14 +754,6 @@ The number of days to certify the certificate for. | |||
757 | This allows the expiry date to be explicitly set. | 754 | This allows the expiry date to be explicitly set. |
758 | The format of the date is YYMMDDHHMMSSZ | 755 | The format of the date is YYMMDDHHMMSSZ |
759 | .Pq the same as an ASN1 UTCTime structure . | 756 | .Pq the same as an ASN1 UTCTime structure . |
760 | .It Fl engine Ar id | ||
761 | Specifying an engine (by its unique | ||
762 | .Ar id | ||
763 | string) will cause | ||
764 | .Nm ca | ||
765 | to attempt to obtain a functional reference to the specified engine, | ||
766 | thus initialising it if needed. | ||
767 | The engine will then be set as the default for all available algorithms. | ||
768 | .It Fl extensions Ar section | 757 | .It Fl extensions Ar section |
769 | The section of the configuration file containing certificate extensions | 758 | The section of the configuration file containing certificate extensions |
770 | to be added when a certificate is issued (defaults to | 759 | to be added when a certificate is issued (defaults to |
@@ -800,7 +789,7 @@ with the | |||
800 | utility) this option should be used with caution. | 789 | utility) this option should be used with caution. |
801 | .It Fl keyfile Ar file | 790 | .It Fl keyfile Ar file |
802 | The private key to sign requests with. | 791 | The private key to sign requests with. |
803 | .It Fl keyform Ar ENGINE | PEM | 792 | .It Fl keyform Ar PEM |
804 | Private key file format. | 793 | Private key file format. |
805 | .It Fl md Ar alg | 794 | .It Fl md Ar alg |
806 | The message digest to use. | 795 | The message digest to use. |
@@ -1811,10 +1800,9 @@ install user certificates and CAs in MSIE using the Xenroll control. | |||
1811 | .Oc | 1800 | .Oc |
1812 | .Op Fl binary | 1801 | .Op Fl binary |
1813 | .Op Fl cd | 1802 | .Op Fl cd |
1814 | .Op Fl engine Ar id | ||
1815 | .Op Fl hex | 1803 | .Op Fl hex |
1816 | .Op Fl hmac Ar key | 1804 | .Op Fl hmac Ar key |
1817 | .Op Fl keyform Ar ENGINE | PEM | 1805 | .Op Fl keyform Ar PEM |
1818 | .Op Fl mac Ar algorithm | 1806 | .Op Fl mac Ar algorithm |
1819 | .Op Fl macopt Ar nm : Ns Ar v | 1807 | .Op Fl macopt Ar nm : Ns Ar v |
1820 | .Op Fl out Ar file | 1808 | .Op Fl out Ar file |
@@ -1853,16 +1841,6 @@ Print out the digest in two-digit groups separated by colons; only relevant if | |||
1853 | format output is used. | 1841 | format output is used. |
1854 | .It Fl d | 1842 | .It Fl d |
1855 | Print out BIO debugging information. | 1843 | Print out BIO debugging information. |
1856 | .It Fl engine Ar id | ||
1857 | Specifying an engine (by its unique | ||
1858 | .Ar id | ||
1859 | string) will cause | ||
1860 | .Nm dgst | ||
1861 | to attempt to obtain a functional reference to the specified engine, | ||
1862 | thus initialising it if needed. | ||
1863 | The engine will then be set as the default for all available algorithms. | ||
1864 | This engine is not used as a source for digest algorithms | ||
1865 | unless it is also specified in the configuration file. | ||
1866 | .It Fl hex | 1844 | .It Fl hex |
1867 | Digest is to be output as a hex dump. | 1845 | Digest is to be output as a hex dump. |
1868 | This is the default case for a | 1846 | This is the default case for a |
@@ -1871,7 +1849,7 @@ digest as opposed to a digital signature. | |||
1871 | .It Fl hmac Ar key | 1849 | .It Fl hmac Ar key |
1872 | Create a hashed MAC using | 1850 | Create a hashed MAC using |
1873 | .Ar key . | 1851 | .Ar key . |
1874 | .It Fl keyform Ar ENGINE | PEM | 1852 | .It Fl keyform Ar PEM |
1875 | Specifies the key format to sign the digest with. | 1853 | Specifies the key format to sign the digest with. |
1876 | .It Fl mac Ar algorithm | 1854 | .It Fl mac Ar algorithm |
1877 | Create a keyed Message Authentication Code (MAC). | 1855 | Create a keyed Message Authentication Code (MAC). |
@@ -1963,7 +1941,6 @@ below. | |||
1963 | .Op Fl C | 1941 | .Op Fl C |
1964 | .Op Fl check | 1942 | .Op Fl check |
1965 | .Op Fl dsaparam | 1943 | .Op Fl dsaparam |
1966 | .Op Fl engine Ar id | ||
1967 | .Op Fl in Ar file | 1944 | .Op Fl in Ar file |
1968 | .Op Fl inform Ar DER | PEM | 1945 | .Op Fl inform Ar DER | PEM |
1969 | .Op Fl noout | 1946 | .Op Fl noout |
@@ -2008,14 +1985,6 @@ which makes DH key exchange more efficient. | |||
2008 | Beware that with such DSA-style DH parameters, | 1985 | Beware that with such DSA-style DH parameters, |
2009 | a fresh DH key should be created for each use to | 1986 | a fresh DH key should be created for each use to |
2010 | avoid small-subgroup attacks that may be possible otherwise. | 1987 | avoid small-subgroup attacks that may be possible otherwise. |
2011 | .It Fl engine Ar id | ||
2012 | Specifying an engine (by its unique | ||
2013 | .Ar id | ||
2014 | string) will cause | ||
2015 | .Nm dhparam | ||
2016 | to attempt to obtain a functional reference to the specified engine, | ||
2017 | thus initialising it if needed. | ||
2018 | The engine will then be set as the default for all available algorithms. | ||
2019 | .It Fl in Ar file | 1988 | .It Fl in Ar file |
2020 | This specifies the input | 1989 | This specifies the input |
2021 | .Ar file | 1990 | .Ar file |
@@ -2109,7 +2078,6 @@ option was added in | |||
2109 | .Fl aes128 | aes192 | aes256 | | 2078 | .Fl aes128 | aes192 | aes256 | |
2110 | .Fl des | des3 | 2079 | .Fl des | des3 |
2111 | .Oc | 2080 | .Oc |
2112 | .Op Fl engine Ar id | ||
2113 | .Op Fl in Ar file | 2081 | .Op Fl in Ar file |
2114 | .Op Fl inform Ar DER | PEM | 2082 | .Op Fl inform Ar DER | PEM |
2115 | .Op Fl modulus | 2083 | .Op Fl modulus |
@@ -2154,14 +2122,6 @@ remove the pass phrase from a key, | |||
2154 | or by setting the encryption options it can be use to add or change | 2122 | or by setting the encryption options it can be use to add or change |
2155 | the pass phrase. | 2123 | the pass phrase. |
2156 | These options can only be used with PEM format output files. | 2124 | These options can only be used with PEM format output files. |
2157 | .It Fl engine Ar id | ||
2158 | Specifying an engine (by its unique | ||
2159 | .Ar id | ||
2160 | string) will cause | ||
2161 | .Nm dsa | ||
2162 | to attempt to obtain a functional reference to the specified engine, | ||
2163 | thus initialising it if needed. | ||
2164 | The engine will then be set as the default for all available algorithms. | ||
2165 | .It Fl in Ar file | 2125 | .It Fl in Ar file |
2166 | This specifies the input | 2126 | This specifies the input |
2167 | .Ar file | 2127 | .Ar file |
@@ -2267,7 +2227,6 @@ To just output the public part of a private key: | |||
2267 | .Nm "openssl dsaparam" | 2227 | .Nm "openssl dsaparam" |
2268 | .Bk -words | 2228 | .Bk -words |
2269 | .Op Fl C | 2229 | .Op Fl C |
2270 | .Op Fl engine Ar id | ||
2271 | .Op Fl genkey | 2230 | .Op Fl genkey |
2272 | .Op Fl in Ar file | 2231 | .Op Fl in Ar file |
2273 | .Op Fl inform Ar DER | PEM | 2232 | .Op Fl inform Ar DER | PEM |
@@ -2290,14 +2249,6 @@ This option converts the parameters into C code. | |||
2290 | The parameters can then be loaded by calling the | 2249 | The parameters can then be loaded by calling the |
2291 | .Cm get_dsa Ns Ar XXX Ns Li () | 2250 | .Cm get_dsa Ns Ar XXX Ns Li () |
2292 | function. | 2251 | function. |
2293 | .It Fl engine Ar id | ||
2294 | Specifying an engine (by its unique | ||
2295 | .Ar id | ||
2296 | string) will cause | ||
2297 | .Nm dsaparam | ||
2298 | to attempt to obtain a functional reference to the specified engine, | ||
2299 | thus initialising it if needed. | ||
2300 | The engine will then be set as the default for all available algorithms. | ||
2301 | .It Fl genkey | 2252 | .It Fl genkey |
2302 | This option will generate a DSA either using the specified or generated | 2253 | This option will generate a DSA either using the specified or generated |
2303 | parameters. | 2254 | parameters. |
@@ -2362,7 +2313,6 @@ DSA parameters is often used to generate several distinct keys. | |||
2362 | .Op Fl conv_form Ar arg | 2313 | .Op Fl conv_form Ar arg |
2363 | .Op Fl des | 2314 | .Op Fl des |
2364 | .Op Fl des3 | 2315 | .Op Fl des3 |
2365 | .Op Fl engine Ar id | ||
2366 | .Op Fl in Ar file | 2316 | .Op Fl in Ar file |
2367 | .Op Fl inform Ar DER | PEM | 2317 | .Op Fl inform Ar DER | PEM |
2368 | .Op Fl noout | 2318 | .Op Fl noout |
@@ -2428,14 +2378,6 @@ encryption option can be used to remove the pass phrase from a key, | |||
2428 | or by setting the encryption options | 2378 | or by setting the encryption options |
2429 | it can be use to add or change the pass phrase. | 2379 | it can be use to add or change the pass phrase. |
2430 | These options can only be used with PEM format output files. | 2380 | These options can only be used with PEM format output files. |
2431 | .It Fl engine Ar id | ||
2432 | Specifying an engine (by its unique | ||
2433 | .Ar id | ||
2434 | string) will cause | ||
2435 | .Nm ec | ||
2436 | to attempt to obtain a functional reference to the specified engine, | ||
2437 | thus initialising it if needed. | ||
2438 | The engine will then be set as the default for all available algorithms. | ||
2439 | .It Fl in Ar file | 2381 | .It Fl in Ar file |
2440 | This specifies the input filename to read a key from, | 2382 | This specifies the input filename to read a key from, |
2441 | or standard input if this option is not specified. | 2383 | or standard input if this option is not specified. |
@@ -2567,7 +2509,6 @@ command was first introduced in | |||
2567 | .Op Fl C | 2509 | .Op Fl C |
2568 | .Op Fl check | 2510 | .Op Fl check |
2569 | .Op Fl conv_form Ar arg | 2511 | .Op Fl conv_form Ar arg |
2570 | .Op Fl engine Ar id | ||
2571 | .Op Fl genkey | 2512 | .Op Fl genkey |
2572 | .Op Fl in Ar file | 2513 | .Op Fl in Ar file |
2573 | .Op Fl inform Ar DER | PEM | 2514 | .Op Fl inform Ar DER | PEM |
@@ -2611,14 +2552,6 @@ option is disabled by default for binary curves | |||
2611 | and can be enabled by defining the preprocessor macro | 2552 | and can be enabled by defining the preprocessor macro |
2612 | .Ar OPENSSL_EC_BIN_PT_COMP | 2553 | .Ar OPENSSL_EC_BIN_PT_COMP |
2613 | at compile time. | 2554 | at compile time. |
2614 | .It Fl engine Ar id | ||
2615 | Specifying an engine (by its unique | ||
2616 | .Ar id | ||
2617 | string) will cause | ||
2618 | .Nm ecparam | ||
2619 | to attempt to obtain a functional reference to the specified engine, | ||
2620 | thus initialising it if needed. | ||
2621 | The engine will then be set as the default for all available algorithms. | ||
2622 | .It Fl genkey | 2555 | .It Fl genkey |
2623 | Generate an EC private key using the specified parameters. | 2556 | Generate an EC private key using the specified parameters. |
2624 | .It Fl in Ar file | 2557 | .It Fl in Ar file |
@@ -2736,7 +2669,6 @@ command was first introduced in | |||
2736 | .Op Fl base64 | 2669 | .Op Fl base64 |
2737 | .Op Fl bufsize Ar number | 2670 | .Op Fl bufsize Ar number |
2738 | .Op Fl debug | 2671 | .Op Fl debug |
2739 | .Op Fl engine Ar id | ||
2740 | .Op Fl in Ar file | 2672 | .Op Fl in Ar file |
2741 | .Op Fl iv Ar IV | 2673 | .Op Fl iv Ar IV |
2742 | .Op Fl K Ar key | 2674 | .Op Fl K Ar key |
@@ -2779,14 +2711,6 @@ Decrypt the input data. | |||
2779 | Debug the BIOs used for I/O. | 2711 | Debug the BIOs used for I/O. |
2780 | .It Fl e | 2712 | .It Fl e |
2781 | Encrypt the input data: this is the default. | 2713 | Encrypt the input data: this is the default. |
2782 | .It Fl engine Ar id | ||
2783 | Specifying an engine (by its unique | ||
2784 | .Ar id | ||
2785 | string) will cause | ||
2786 | .Nm enc | ||
2787 | to attempt to obtain a functional reference to the specified engine, | ||
2788 | thus initialising it if needed. | ||
2789 | The engine will then be set as the default for all available algorithms. | ||
2790 | .It Fl in Ar file | 2714 | .It Fl in Ar file |
2791 | The input | 2715 | The input |
2792 | .Ar file ; | 2716 | .Ar file ; |
@@ -2918,25 +2842,6 @@ The program can be called either as | |||
2918 | .Nm openssl ciphername | 2842 | .Nm openssl ciphername |
2919 | or | 2843 | or |
2920 | .Nm openssl enc -ciphername . | 2844 | .Nm openssl enc -ciphername . |
2921 | But the first form doesn't work with engine-provided ciphers, | ||
2922 | because this form is processed before the | ||
2923 | configuration file is read and any engines loaded. | ||
2924 | .Pp | ||
2925 | Engines which provide entirely new encryption algorithms | ||
2926 | should be configured in the configuration file. | ||
2927 | Engines, specified on the command line using the | ||
2928 | .Fl engine | ||
2929 | option, | ||
2930 | can only be used for hardware-assisted implementations of ciphers, | ||
2931 | supported by | ||
2932 | .Nm OpenSSL | ||
2933 | core, or by other engines specified in the configuration file. | ||
2934 | .Pp | ||
2935 | When | ||
2936 | .Nm enc | ||
2937 | lists supported ciphers, | ||
2938 | ciphers provided by engines specified in the configuration files | ||
2939 | are listed too. | ||
2940 | .Pp | 2845 | .Pp |
2941 | A password will be prompted for to derive the | 2846 | A password will be prompted for to derive the |
2942 | .Ar key | 2847 | .Ar key |
@@ -3077,56 +2982,6 @@ program only supports a fixed number of algorithms with certain parameters. | |||
3077 | Therefore it is not possible to use RC2 with a 76-bit key | 2982 | Therefore it is not possible to use RC2 with a 76-bit key |
3078 | or RC4 with an 84-bit key with this program. | 2983 | or RC4 with an 84-bit key with this program. |
3079 | .\" | 2984 | .\" |
3080 | .\" ENGINE | ||
3081 | .\" | ||
3082 | .Sh ENGINE | ||
3083 | .Nm openssl engine | ||
3084 | .Op Fl ctv | ||
3085 | .Op Fl post Ar cmd | ||
3086 | .Op Fl pre Ar cmd | ||
3087 | .Op Ar engine ... | ||
3088 | .Pp | ||
3089 | The | ||
3090 | .Nm engine | ||
3091 | command provides loadable module information and manipulation | ||
3092 | of various engines. | ||
3093 | Any options are applied to all engines supplied on the command line, | ||
3094 | or all supported engines if none are specified. | ||
3095 | .Pp | ||
3096 | The options are as follows: | ||
3097 | .Bl -tag -width Ds | ||
3098 | .It Fl c | ||
3099 | For each engine, also list the capabilities. | ||
3100 | .It Fl post Ar cmd | ||
3101 | Run command | ||
3102 | .Ar cmd | ||
3103 | against the engine after loading it | ||
3104 | (only used if | ||
3105 | .Fl t | ||
3106 | is also provided). | ||
3107 | .It Fl pre Ar cmd | ||
3108 | Run command | ||
3109 | .Ar cmd | ||
3110 | against the engine before any attempts | ||
3111 | to load it | ||
3112 | (only used if | ||
3113 | .Fl t | ||
3114 | is also provided). | ||
3115 | .It Fl t | ||
3116 | For each engine, check that they are really available. | ||
3117 | .Fl tt | ||
3118 | will display an error trace for unavailable engines. | ||
3119 | .It Fl v | ||
3120 | Verbose mode. | ||
3121 | For each engine, list its 'control commands'. | ||
3122 | .Fl vv | ||
3123 | will additionally display each command's description. | ||
3124 | .Fl vvv | ||
3125 | will also add the input flags for each command. | ||
3126 | .Fl vvvv | ||
3127 | will also show internal input flags. | ||
3128 | .El | ||
3129 | .\" | ||
3130 | .\" ERRSTR | 2985 | .\" ERRSTR |
3131 | .\" | 2986 | .\" |
3132 | .Sh ERRSTR | 2987 | .Sh ERRSTR |
@@ -3192,7 +3047,6 @@ above. | |||
3192 | .Fl aes128 | aes192 | aes256 | | 3047 | .Fl aes128 | aes192 | aes256 | |
3193 | .Fl des | des3 | 3048 | .Fl des | des3 |
3194 | .Oc | 3049 | .Oc |
3195 | .Op Fl engine Ar id | ||
3196 | .Op Fl out Ar file | 3050 | .Op Fl out Ar file |
3197 | .Op Ar paramfile | 3051 | .Op Ar paramfile |
3198 | .Ek | 3052 | .Ek |
@@ -3215,14 +3069,6 @@ These options encrypt the private key with the AES, DES, | |||
3215 | or the triple DES ciphers, respectively, before outputting it. | 3069 | or the triple DES ciphers, respectively, before outputting it. |
3216 | A pass phrase is prompted for. | 3070 | A pass phrase is prompted for. |
3217 | If none of these options are specified, no encryption is used. | 3071 | If none of these options are specified, no encryption is used. |
3218 | .It Fl engine Ar id | ||
3219 | Specifying an engine (by its unique | ||
3220 | .Ar id | ||
3221 | string) will cause | ||
3222 | .Nm gendsa | ||
3223 | to attempt to obtain a functional reference to the specified engine, | ||
3224 | thus initialising it if needed. | ||
3225 | The engine will then be set as the default for all available algorithms. | ||
3226 | .It Fl out Ar file | 3072 | .It Fl out Ar file |
3227 | The output | 3073 | The output |
3228 | .Ar file . | 3074 | .Ar file . |
@@ -3246,7 +3092,6 @@ much quicker than RSA key generation, for example. | |||
3246 | .Bk -words | 3092 | .Bk -words |
3247 | .Op Fl algorithm Ar alg | 3093 | .Op Fl algorithm Ar alg |
3248 | .Op Ar cipher | 3094 | .Op Ar cipher |
3249 | .Op Fl engine Ar id | ||
3250 | .Op Fl genparam | 3095 | .Op Fl genparam |
3251 | .Op Fl out Ar file | 3096 | .Op Fl out Ar file |
3252 | .Op Fl outform Ar DER | PEM | 3097 | .Op Fl outform Ar DER | PEM |
@@ -3262,8 +3107,7 @@ The | |||
3262 | command generates private keys. | 3107 | command generates private keys. |
3263 | The use of this | 3108 | The use of this |
3264 | program is encouraged over the algorithm specific utilities | 3109 | program is encouraged over the algorithm specific utilities |
3265 | because additional algorithm options | 3110 | because additional algorithm options can be used. |
3266 | and engine-provided algorithms can be used. | ||
3267 | .Pp | 3111 | .Pp |
3268 | The options are as follows: | 3112 | The options are as follows: |
3269 | .Bl -tag -width Ds | 3113 | .Bl -tag -width Ds |
@@ -3284,14 +3128,6 @@ Any algorithm name accepted by | |||
3284 | .Fn EVP_get_cipherbyname | 3128 | .Fn EVP_get_cipherbyname |
3285 | is acceptable, such as | 3129 | is acceptable, such as |
3286 | .Cm des3 . | 3130 | .Cm des3 . |
3287 | .It Fl engine Ar id | ||
3288 | Specifying an engine (by its unique | ||
3289 | .Ar id | ||
3290 | string) will cause | ||
3291 | .Nm genpkey | ||
3292 | to attempt to obtain a functional reference to the specified engine, | ||
3293 | thus initialising it if needed. | ||
3294 | The engine will then be set as the default for all available algorithms. | ||
3295 | .It Fl genparam | 3131 | .It Fl genparam |
3296 | Generate a set of parameters instead of a private key. | 3132 | Generate a set of parameters instead of a private key. |
3297 | If used this option must precede any | 3133 | If used this option must precede any |
@@ -3422,7 +3258,6 @@ $ openssl genpkey -paramfile dhp.pem -out dhkey.pem | |||
3422 | .Fl aes128 | aes192 | aes256 | | 3258 | .Fl aes128 | aes192 | aes256 | |
3423 | .Fl des | des3 | 3259 | .Fl des | des3 |
3424 | .Oc | 3260 | .Oc |
3425 | .Op Fl engine Ar id | ||
3426 | .Op Fl out Ar file | 3261 | .Op Fl out Ar file |
3427 | .Op Fl passout Ar arg | 3262 | .Op Fl passout Ar arg |
3428 | .Op Ar numbits | 3263 | .Op Ar numbits |
@@ -3449,14 +3284,6 @@ If encryption is used, a pass phrase is prompted for, | |||
3449 | if it is not supplied via the | 3284 | if it is not supplied via the |
3450 | .Fl passout | 3285 | .Fl passout |
3451 | option. | 3286 | option. |
3452 | .It Fl engine Ar id | ||
3453 | Specifying an engine (by its unique | ||
3454 | .Ar id | ||
3455 | string) will cause | ||
3456 | .Nm genrsa | ||
3457 | to attempt to obtain a functional reference to the specified engine, | ||
3458 | thus initialising it if needed. | ||
3459 | The engine will then be set as the default for all available algorithms. | ||
3460 | .It Fl out Ar file | 3287 | .It Fl out Ar file |
3461 | The output | 3288 | The output |
3462 | .Ar file . | 3289 | .Ar file . |
@@ -4129,7 +3956,6 @@ prints | |||
4129 | .nr nS 1 | 3956 | .nr nS 1 |
4130 | .Nm "openssl pkcs7" | 3957 | .Nm "openssl pkcs7" |
4131 | .Bk -words | 3958 | .Bk -words |
4132 | .Op Fl engine Ar id | ||
4133 | .Op Fl in Ar file | 3959 | .Op Fl in Ar file |
4134 | .Op Fl inform Ar DER | PEM | 3960 | .Op Fl inform Ar DER | PEM |
4135 | .Op Fl noout | 3961 | .Op Fl noout |
@@ -4146,14 +3972,6 @@ command processes PKCS#7 files in DER or PEM format. | |||
4146 | .Pp | 3972 | .Pp |
4147 | The options are as follows: | 3973 | The options are as follows: |
4148 | .Bl -tag -width Ds | 3974 | .Bl -tag -width Ds |
4149 | .It Fl engine Ar id | ||
4150 | Specifying an engine (by its unique | ||
4151 | .Ar id | ||
4152 | string) will cause | ||
4153 | .Nm pkcs7 | ||
4154 | to attempt to obtain a functional reference to the specified engine, | ||
4155 | thus initialising it if needed. | ||
4156 | The engine will then be set as the default for all available algorithms. | ||
4157 | .It Fl in Ar file | 3975 | .It Fl in Ar file |
4158 | This specifies the input | 3976 | This specifies the input |
4159 | .Ar file | 3977 | .Ar file |
@@ -4218,7 +4036,6 @@ They cannot currently parse, for example, the new CMS as described in RFC 2630. | |||
4218 | .Nm "openssl pkcs8" | 4036 | .Nm "openssl pkcs8" |
4219 | .Bk -words | 4037 | .Bk -words |
4220 | .Op Fl embed | 4038 | .Op Fl embed |
4221 | .Op Fl engine Ar id | ||
4222 | .Op Fl in Ar file | 4039 | .Op Fl in Ar file |
4223 | .Op Fl inform Ar DER | PEM | 4040 | .Op Fl inform Ar DER | PEM |
4224 | .Op Fl nocrypt | 4041 | .Op Fl nocrypt |
@@ -4254,14 +4071,6 @@ In this form the OCTET STRING contains an ASN1 SEQUENCE consisting of | |||
4254 | two structures: | 4071 | two structures: |
4255 | a SEQUENCE containing the parameters and an ASN1 INTEGER containing | 4072 | a SEQUENCE containing the parameters and an ASN1 INTEGER containing |
4256 | the private key. | 4073 | the private key. |
4257 | .It Fl engine Ar id | ||
4258 | Specifying an engine (by its unique | ||
4259 | .Ar id | ||
4260 | string) will cause | ||
4261 | .Nm pkcs8 | ||
4262 | to attempt to obtain a functional reference to the specified engine, | ||
4263 | thus initialising it if needed. | ||
4264 | The engine will then be set as the default for all available algorithms. | ||
4265 | .It Fl in Ar file | 4074 | .It Fl in Ar file |
4266 | This specifies the input | 4075 | This specifies the input |
4267 | .Ar file | 4076 | .Ar file |
@@ -4484,7 +4293,6 @@ compatibility, several of the utilities use the old format at present. | |||
4484 | .Op Fl clcerts | 4293 | .Op Fl clcerts |
4485 | .Op Fl CSP Ar name | 4294 | .Op Fl CSP Ar name |
4486 | .Op Fl descert | 4295 | .Op Fl descert |
4487 | .Op Fl engine Ar id | ||
4488 | .Op Fl export | 4296 | .Op Fl export |
4489 | .Op Fl in Ar file | 4297 | .Op Fl in Ar file |
4490 | .Op Fl info | 4298 | .Op Fl info |
@@ -4631,14 +4439,6 @@ file unreadable by some | |||
4631 | software. | 4439 | software. |
4632 | By default, the private key is encrypted using triple DES and the | 4440 | By default, the private key is encrypted using triple DES and the |
4633 | certificate using 40-bit RC2. | 4441 | certificate using 40-bit RC2. |
4634 | .It Fl engine Ar id | ||
4635 | Specifying an engine (by its unique | ||
4636 | .Ar id | ||
4637 | string) will cause | ||
4638 | .Nm pkcs12 | ||
4639 | to attempt to obtain a functional reference to the specified engine, | ||
4640 | thus initialising it if needed. | ||
4641 | The engine will then be set as the default for all available algorithms. | ||
4642 | .It Fl export | 4442 | .It Fl export |
4643 | This option specifies that a PKCS#12 file will be created rather than | 4443 | This option specifies that a PKCS#12 file will be created rather than |
4644 | parsed. | 4444 | parsed. |
@@ -4844,7 +4644,6 @@ $ openssl -in keycerts.pem -export -name "My PKCS#12 file" \e | |||
4844 | .Nm "openssl pkey" | 4644 | .Nm "openssl pkey" |
4845 | .Bk -words | 4645 | .Bk -words |
4846 | .Op Ar cipher | 4646 | .Op Ar cipher |
4847 | .Op Fl engine Ar id | ||
4848 | .Op Fl in Ar file | 4647 | .Op Fl in Ar file |
4849 | .Op Fl inform Ar DER | PEM | 4648 | .Op Fl inform Ar DER | PEM |
4850 | .Op Fl noout | 4649 | .Op Fl noout |
@@ -4873,14 +4672,6 @@ Any algorithm name accepted by | |||
4873 | .Fn EVP_get_cipherbyname | 4672 | .Fn EVP_get_cipherbyname |
4874 | is acceptable, such as | 4673 | is acceptable, such as |
4875 | .Cm des3 . | 4674 | .Cm des3 . |
4876 | .It Fl engine Ar id | ||
4877 | Specifying an engine (by its unique | ||
4878 | .Ar id | ||
4879 | string) will cause | ||
4880 | .Nm pkey | ||
4881 | to attempt to obtain a functional reference to the specified engine, | ||
4882 | thus initialising it if needed. | ||
4883 | The engine will then be set as the default for all available algorithms. | ||
4884 | .It Fl in Ar file | 4675 | .It Fl in Ar file |
4885 | This specifies the input filename to read a key from, | 4676 | This specifies the input filename to read a key from, |
4886 | or standard input if this option is not specified. | 4677 | or standard input if this option is not specified. |
@@ -4966,7 +4757,6 @@ $ openssl pkey -in key.pem -pubout -out pubkey.pem | |||
4966 | .\" | 4757 | .\" |
4967 | .Sh PKEYPARAM | 4758 | .Sh PKEYPARAM |
4968 | .Cm openssl pkeyparam | 4759 | .Cm openssl pkeyparam |
4969 | .Op Fl engine Ar id | ||
4970 | .Op Fl in Ar file | 4760 | .Op Fl in Ar file |
4971 | .Op Fl noout | 4761 | .Op Fl noout |
4972 | .Op Fl out Ar file | 4762 | .Op Fl out Ar file |
@@ -4979,14 +4769,6 @@ They can be converted between various forms and their components printed out. | |||
4979 | .Pp | 4769 | .Pp |
4980 | The options are as follows: | 4770 | The options are as follows: |
4981 | .Bl -tag -width Ds | 4771 | .Bl -tag -width Ds |
4982 | .It Fl engine Ar id | ||
4983 | Specifying an engine (by its unique | ||
4984 | .Ar id | ||
4985 | string) will cause | ||
4986 | .Nm pkeyparam | ||
4987 | to attempt to obtain a functional reference to the specified engine, | ||
4988 | thus initialising it if needed. | ||
4989 | The engine will then be set as the default for all available algorithms. | ||
4990 | .It Fl in Ar file | 4772 | .It Fl in Ar file |
4991 | This specifies the input filename to read parameters from, | 4773 | This specifies the input filename to read parameters from, |
4992 | or standard input if this option is not specified. | 4774 | or standard input if this option is not specified. |
@@ -5022,14 +4804,13 @@ because the key type is determined by the PEM headers. | |||
5022 | .Op Fl decrypt | 4804 | .Op Fl decrypt |
5023 | .Op Fl derive | 4805 | .Op Fl derive |
5024 | .Op Fl encrypt | 4806 | .Op Fl encrypt |
5025 | .Op Fl engine Ar id | ||
5026 | .Op Fl hexdump | 4807 | .Op Fl hexdump |
5027 | .Op Fl in Ar file | 4808 | .Op Fl in Ar file |
5028 | .Op Fl inkey Ar file | 4809 | .Op Fl inkey Ar file |
5029 | .Op Fl keyform Ar DER | ENGINE | PEM | 4810 | .Op Fl keyform Ar DER | PEM |
5030 | .Op Fl out Ar file | 4811 | .Op Fl out Ar file |
5031 | .Op Fl passin Ar arg | 4812 | .Op Fl passin Ar arg |
5032 | .Op Fl peerform Ar DER | ENGINE | PEM | 4813 | .Op Fl peerform Ar DER | PEM |
5033 | .Op Fl peerkey Ar file | 4814 | .Op Fl peerkey Ar file |
5034 | .Op Fl pkeyopt Ar opt : Ns Ar value | 4815 | .Op Fl pkeyopt Ar opt : Ns Ar value |
5035 | .Op Fl pubin | 4816 | .Op Fl pubin |
@@ -5061,14 +4842,6 @@ Decrypt the input data using a private key. | |||
5061 | Derive a shared secret using the peer key. | 4842 | Derive a shared secret using the peer key. |
5062 | .It Fl encrypt | 4843 | .It Fl encrypt |
5063 | Encrypt the input data using a public key. | 4844 | Encrypt the input data using a public key. |
5064 | .It Fl engine Ar id | ||
5065 | Specifying an engine (by its unique | ||
5066 | .Ar id | ||
5067 | string) will cause | ||
5068 | .Nm pkeyutl | ||
5069 | to attempt to obtain a functional reference to the specified engine, | ||
5070 | thus initialising it if needed. | ||
5071 | The engine will then be set as the default for all available algorithms. | ||
5072 | .It Fl hexdump | 4845 | .It Fl hexdump |
5073 | Hex dump the output data. | 4846 | Hex dump the output data. |
5074 | .It Fl in Ar file | 4847 | .It Fl in Ar file |
@@ -5077,8 +4850,8 @@ or standard input if this option is not specified. | |||
5077 | .It Fl inkey Ar file | 4850 | .It Fl inkey Ar file |
5078 | The input key file. | 4851 | The input key file. |
5079 | By default it should be a private key. | 4852 | By default it should be a private key. |
5080 | .It Fl keyform Ar DER | ENGINE | PEM | 4853 | .It Fl keyform Ar DER | PEM |
5081 | The key format DER, ENGINE, or PEM. | 4854 | The key format DER or PEM. |
5082 | .It Fl out Ar file | 4855 | .It Fl out Ar file |
5083 | Specify the output filename to write to, | 4856 | Specify the output filename to write to, |
5084 | or standard output by default. | 4857 | or standard output by default. |
@@ -5089,8 +4862,8 @@ For more information about the format of | |||
5089 | see the | 4862 | see the |
5090 | .Sx PASS PHRASE ARGUMENTS | 4863 | .Sx PASS PHRASE ARGUMENTS |
5091 | section above. | 4864 | section above. |
5092 | .It Fl peerform Ar DER | ENGINE | PEM | 4865 | .It Fl peerform Ar DER | PEM |
5093 | The peer key format DER, ENGINE, or PEM. | 4866 | The peer key format DER or PEM. |
5094 | .It Fl peerkey Ar file | 4867 | .It Fl peerkey Ar file |
5095 | The peer key file, used by key derivation (agreement) operations. | 4868 | The peer key file, used by key derivation (agreement) operations. |
5096 | .It Fl pkeyopt Ar opt : Ns Ar value | 4869 | .It Fl pkeyopt Ar opt : Ns Ar value |
@@ -5271,7 +5044,6 @@ is prime. | |||
5271 | .nr nS 1 | 5044 | .nr nS 1 |
5272 | .Nm "openssl rand" | 5045 | .Nm "openssl rand" |
5273 | .Op Fl base64 | 5046 | .Op Fl base64 |
5274 | .Op Fl engine Ar id | ||
5275 | .Op Fl hex | 5047 | .Op Fl hex |
5276 | .Op Fl out Ar file | 5048 | .Op Fl out Ar file |
5277 | .Ar num | 5049 | .Ar num |
@@ -5289,14 +5061,6 @@ The options are as follows: | |||
5289 | Perform | 5061 | Perform |
5290 | .Em base64 | 5062 | .Em base64 |
5291 | encoding on the output. | 5063 | encoding on the output. |
5292 | .It Fl engine Ar id | ||
5293 | Specifying an engine (by its unique | ||
5294 | .Ar id | ||
5295 | string) will cause | ||
5296 | .Nm rand | ||
5297 | to attempt to obtain a functional reference to the specified engine, | ||
5298 | thus initialising it if needed. | ||
5299 | The engine will then be set as the default for all available algorithms. | ||
5300 | .It Fl hex | 5064 | .It Fl hex |
5301 | Specify hexadecimal output. | 5065 | Specify hexadecimal output. |
5302 | .It Fl out Ar file | 5066 | .It Fl out Ar file |
@@ -5315,7 +5079,6 @@ instead of standard output. | |||
5315 | .Op Fl batch | 5079 | .Op Fl batch |
5316 | .Op Fl config Ar file | 5080 | .Op Fl config Ar file |
5317 | .Op Fl days Ar n | 5081 | .Op Fl days Ar n |
5318 | .Op Fl engine Ar id | ||
5319 | .Op Fl extensions Ar section | 5082 | .Op Fl extensions Ar section |
5320 | .Op Fl in Ar file | 5083 | .Op Fl in Ar file |
5321 | .Op Fl inform Ar DER | PEM | 5084 | .Op Fl inform Ar DER | PEM |
@@ -5392,14 +5155,6 @@ When the | |||
5392 | option is being used, this specifies the number of | 5155 | option is being used, this specifies the number of |
5393 | days to certify the certificate for. | 5156 | days to certify the certificate for. |
5394 | The default is 30 days. | 5157 | The default is 30 days. |
5395 | .It Fl engine Ar id | ||
5396 | Specifying an engine (by its unique | ||
5397 | .Ar id | ||
5398 | string) will cause | ||
5399 | .Nm req | ||
5400 | to attempt to obtain a functional reference to the specified engine, | ||
5401 | thus initialising it if needed. | ||
5402 | The engine will then be set as the default for all available algorithms. | ||
5403 | .It Fl extensions Ar section , Fl reqexts Ar section | 5158 | .It Fl extensions Ar section , Fl reqexts Ar section |
5404 | These options specify alternative sections to include certificate | 5159 | These options specify alternative sections to include certificate |
5405 | extensions (if the | 5160 | extensions (if the |
@@ -6067,7 +5822,6 @@ should be input by the user. | |||
6067 | .Fl des | des3 | 5822 | .Fl des | des3 |
6068 | .Oc | 5823 | .Oc |
6069 | .Op Fl check | 5824 | .Op Fl check |
6070 | .Op Fl engine Ar id | ||
6071 | .Op Fl in Ar file | 5825 | .Op Fl in Ar file |
6072 | .Op Fl inform Ar DER | NET | PEM | 5826 | .Op Fl inform Ar DER | NET | PEM |
6073 | .Op Fl modulus | 5827 | .Op Fl modulus |
@@ -6114,14 +5868,6 @@ it can be used to add or change the pass phrase. | |||
6114 | These options can only be used with PEM format output files. | 5868 | These options can only be used with PEM format output files. |
6115 | .It Fl check | 5869 | .It Fl check |
6116 | This option checks the consistency of an RSA private key. | 5870 | This option checks the consistency of an RSA private key. |
6117 | .It Fl engine Ar id | ||
6118 | Specifying an engine (by its unique | ||
6119 | .Ar id | ||
6120 | string) will cause | ||
6121 | .Nm rsa | ||
6122 | to attempt to obtain a functional reference to the specified engine, | ||
6123 | thus initialising it if needed. | ||
6124 | The engine will then be set as the default for all available algorithms. | ||
6125 | .It Fl in Ar file | 5871 | .It Fl in Ar file |
6126 | This specifies the input | 5872 | This specifies the input |
6127 | .Ar file | 5873 | .Ar file |
@@ -6264,7 +6010,6 @@ without having to manually edit them. | |||
6264 | .Op Fl certin | 6010 | .Op Fl certin |
6265 | .Op Fl decrypt | 6011 | .Op Fl decrypt |
6266 | .Op Fl encrypt | 6012 | .Op Fl encrypt |
6267 | .Op Fl engine Ar id | ||
6268 | .Op Fl hexdump | 6013 | .Op Fl hexdump |
6269 | .Op Fl in Ar file | 6014 | .Op Fl in Ar file |
6270 | .Op Fl inkey Ar file | 6015 | .Op Fl inkey Ar file |
@@ -6294,14 +6039,6 @@ The input is a certificate containing an RSA public key. | |||
6294 | Decrypt the input data using an RSA private key. | 6039 | Decrypt the input data using an RSA private key. |
6295 | .It Fl encrypt | 6040 | .It Fl encrypt |
6296 | Encrypt the input data using an RSA public key. | 6041 | Encrypt the input data using an RSA public key. |
6297 | .It Fl engine Ar id | ||
6298 | Specifying an engine (by its unique | ||
6299 | .Ar id | ||
6300 | string) will cause | ||
6301 | .Nm rsautl | ||
6302 | to attempt to obtain a functional reference to the specified engine, | ||
6303 | thus initialising it if needed. | ||
6304 | The engine will then be set as the default for all available algorithms. | ||
6305 | .It Fl hexdump | 6042 | .It Fl hexdump |
6306 | Hex dump the output data. | 6043 | Hex dump the output data. |
6307 | .It Fl in Ar file | 6044 | .It Fl in Ar file |
@@ -6458,7 +6195,6 @@ which it can be seen agrees with the recovered value above. | |||
6458 | .Op Fl crl_check_all | 6195 | .Op Fl crl_check_all |
6459 | .Op Fl crlf | 6196 | .Op Fl crlf |
6460 | .Op Fl debug | 6197 | .Op Fl debug |
6461 | .Op Fl engine Ar id | ||
6462 | .Op Fl extended_crl | 6198 | .Op Fl extended_crl |
6463 | .Op Fl ign_eof | 6199 | .Op Fl ign_eof |
6464 | .Op Fl ignore_critical | 6200 | .Op Fl ignore_critical |
@@ -6570,14 +6306,6 @@ This option translates a line feed from the terminal into CR+LF as required | |||
6570 | by some servers. | 6306 | by some servers. |
6571 | .It Fl debug | 6307 | .It Fl debug |
6572 | Print extensive debugging information including a hex dump of all traffic. | 6308 | Print extensive debugging information including a hex dump of all traffic. |
6573 | .It Fl engine Ar id | ||
6574 | Specifying an engine (by its unique | ||
6575 | .Ar id | ||
6576 | string) will cause | ||
6577 | .Nm s_client | ||
6578 | to attempt to obtain a functional reference to the specified engine, | ||
6579 | thus initialising it if needed. | ||
6580 | The engine will then be set as the default for all available algorithms. | ||
6581 | .It Fl ign_eof | 6309 | .It Fl ign_eof |
6582 | Inhibit shutting down the connection when end of file is reached in the | 6310 | Inhibit shutting down the connection when end of file is reached in the |
6583 | input. | 6311 | input. |
@@ -6782,7 +6510,6 @@ We should really report information whenever a session is renegotiated. | |||
6782 | .Op Fl debug | 6510 | .Op Fl debug |
6783 | .Op Fl dhparam Ar file | 6511 | .Op Fl dhparam Ar file |
6784 | .Op Fl dkey Ar file | 6512 | .Op Fl dkey Ar file |
6785 | .Op Fl engine Ar id | ||
6786 | .Op Fl hack | 6513 | .Op Fl hack |
6787 | .Op Fl HTTP | 6514 | .Op Fl HTTP |
6788 | .Op Fl id_prefix Ar arg | 6515 | .Op Fl id_prefix Ar arg |
@@ -6897,14 +6624,6 @@ load the parameters from the server certificate file. | |||
6897 | If this fails, a static set of parameters hard coded into the | 6624 | If this fails, a static set of parameters hard coded into the |
6898 | .Nm s_server | 6625 | .Nm s_server |
6899 | program will be used. | 6626 | program will be used. |
6900 | .It Fl engine Ar id | ||
6901 | Specifying an engine (by its unique | ||
6902 | .Ar id | ||
6903 | string) will cause | ||
6904 | .Nm s_server | ||
6905 | to attempt to obtain a functional reference to the specified engine, | ||
6906 | thus initialising it if needed. | ||
6907 | The engine will then be set as the default for all available algorithms. | ||
6908 | .It Fl hack | 6627 | .It Fl hack |
6909 | This option enables a further workaround for some early Netscape | 6628 | This option enables a further workaround for some early Netscape |
6910 | SSL code | 6629 | SSL code |
@@ -7386,7 +7105,6 @@ The cipher and start time should be printed out in human readable form. | |||
7386 | .Op Fl crl_check_all | 7105 | .Op Fl crl_check_all |
7387 | .Op Fl decrypt | 7106 | .Op Fl decrypt |
7388 | .Op Fl encrypt | 7107 | .Op Fl encrypt |
7389 | .Op Fl engine Ar id | ||
7390 | .Op Fl extended_crl | 7108 | .Op Fl extended_crl |
7391 | .Op Fl from Ar addr | 7109 | .Op Fl from Ar addr |
7392 | .Op Fl ignore_critical | 7110 | .Op Fl ignore_critical |
@@ -7395,7 +7113,7 @@ The cipher and start time should be printed out in human readable form. | |||
7395 | .Op Fl inform Ar DER | PEM | SMIME | 7113 | .Op Fl inform Ar DER | PEM | SMIME |
7396 | .Op Fl inkey Ar file | 7114 | .Op Fl inkey Ar file |
7397 | .Op Fl issuer_checks | 7115 | .Op Fl issuer_checks |
7398 | .Op Fl keyform Ar ENGINE | PEM | 7116 | .Op Fl keyform Ar PEM |
7399 | .Op Fl md Ar digest | 7117 | .Op Fl md Ar digest |
7400 | .Op Fl noattr | 7118 | .Op Fl noattr |
7401 | .Op Fl nocerts | 7119 | .Op Fl nocerts |
@@ -7542,14 +7260,6 @@ This option will override any content if the input format is | |||
7542 | and it uses the multipart/signed | 7260 | and it uses the multipart/signed |
7543 | .Em MIME | 7261 | .Em MIME |
7544 | content type. | 7262 | content type. |
7545 | .It Fl engine Ar id | ||
7546 | Specifying an engine (by its unique | ||
7547 | .Ar id | ||
7548 | string) will cause | ||
7549 | .Nm smime | ||
7550 | to attempt to obtain a functional reference to the specified engine, | ||
7551 | thus initialising it if needed. | ||
7552 | The engine will then be set as the default for all available algorithms. | ||
7553 | .It Xo | 7263 | .It Xo |
7554 | .Fl from Ar addr , | 7264 | .Fl from Ar addr , |
7555 | .Fl subject Ar s , | 7265 | .Fl subject Ar s , |
@@ -7605,7 +7315,7 @@ or | |||
7605 | file. | 7315 | file. |
7606 | When signing, | 7316 | When signing, |
7607 | this option can be used multiple times to specify successive keys. | 7317 | this option can be used multiple times to specify successive keys. |
7608 | .It Fl keyform Ar ENGINE | PEM | 7318 | .It Fl keyform Ar PEM |
7609 | Input private key format. | 7319 | Input private key format. |
7610 | .It Fl md Ar digest | 7320 | .It Fl md Ar digest |
7611 | The digest algorithm to use when signing or resigning. | 7321 | The digest algorithm to use when signing or resigning. |
@@ -7968,7 +7678,6 @@ command were first added in | |||
7968 | .Op Cm sha1 | 7678 | .Op Cm sha1 |
7969 | .Op Fl decrypt | 7679 | .Op Fl decrypt |
7970 | .Op Fl elapsed | 7680 | .Op Fl elapsed |
7971 | .Op Fl engine Ar id | ||
7972 | .Op Fl evp Ar e | 7681 | .Op Fl evp Ar e |
7973 | .Op Fl mr | 7682 | .Op Fl mr |
7974 | .Op Fl multi Ar number | 7683 | .Op Fl multi Ar number |
@@ -7986,14 +7695,6 @@ tests those algorithms, otherwise all of the above are tested. | |||
7986 | .It Fl decrypt | 7695 | .It Fl decrypt |
7987 | Time decryption instead of encryption | 7696 | Time decryption instead of encryption |
7988 | .Pq only EVP . | 7697 | .Pq only EVP . |
7989 | .It Fl engine Ar id | ||
7990 | Specifying an engine (by its unique | ||
7991 | .Ar id | ||
7992 | string) will cause | ||
7993 | .Nm speed | ||
7994 | to attempt to obtain a functional reference to the specified engine, | ||
7995 | thus initialising it if needed. | ||
7996 | The engine will then be set as the default for all available algorithms. | ||
7997 | .It Fl elapsed | 7698 | .It Fl elapsed |
7998 | Measure time in real time instead of CPU user time. | 7699 | Measure time in real time instead of CPU user time. |
7999 | .It Fl evp Ar e | 7700 | .It Fl evp Ar e |
@@ -8033,7 +7734,6 @@ benchmarks in parallel. | |||
8033 | .Fl reply | 7734 | .Fl reply |
8034 | .Op Fl chain Ar certs_file.pem | 7735 | .Op Fl chain Ar certs_file.pem |
8035 | .Op Fl config Ar configfile | 7736 | .Op Fl config Ar configfile |
8036 | .Op Fl engine Ar id | ||
8037 | .Op Fl in Ar response.tsr | 7737 | .Op Fl in Ar response.tsr |
8038 | .Op Fl inkey Ar private.pem | 7738 | .Op Fl inkey Ar private.pem |
8039 | .Op Fl out Ar response.tsr | 7739 | .Op Fl out Ar response.tsr |
@@ -8194,14 +7894,6 @@ environment variable. | |||
8194 | See | 7894 | See |
8195 | .Sx TS CONFIGURATION FILE OPTIONS | 7895 | .Sx TS CONFIGURATION FILE OPTIONS |
8196 | for configurable variables. | 7896 | for configurable variables. |
8197 | .It Fl engine Ar id | ||
8198 | Specifying an engine (by its unique | ||
8199 | .Ar id | ||
8200 | string) will cause | ||
8201 | .Nm ts | ||
8202 | to attempt to obtain a functional reference to the specified engine, | ||
8203 | thus initialising it if needed. | ||
8204 | The engine will then be set as the default for all available algorithms. | ||
8205 | .It Fl in Ar response.tsr | 7897 | .It Fl in Ar response.tsr |
8206 | Specifies a previously created time stamp response or time stamp token, if | 7898 | Specifies a previously created time stamp response or time stamp token, if |
8207 | .Fl token_in | 7899 | .Fl token_in |
@@ -8379,11 +8071,6 @@ This number is incremented by 1 for each response. | |||
8379 | If the file does not exist at the time of response | 8071 | If the file does not exist at the time of response |
8380 | generation a new file is created with serial number 1. | 8072 | generation a new file is created with serial number 1. |
8381 | This parameter is mandatory. | 8073 | This parameter is mandatory. |
8382 | .It Cm crypto_device | ||
8383 | Specifies the | ||
8384 | .Nm OpenSSL | ||
8385 | engine that will be set as the default for | ||
8386 | all available algorithms. | ||
8387 | .It Cm signer_cert | 8074 | .It Cm signer_cert |
8388 | TSA signing certificate, in PEM format. | 8075 | TSA signing certificate, in PEM format. |
8389 | The same as the | 8076 | The same as the |
@@ -8611,7 +8298,6 @@ OpenTSA project | |||
8611 | .Nm "openssl spkac" | 8298 | .Nm "openssl spkac" |
8612 | .Bk -words | 8299 | .Bk -words |
8613 | .Op Fl challenge Ar string | 8300 | .Op Fl challenge Ar string |
8614 | .Op Fl engine Ar id | ||
8615 | .Op Fl in Ar file | 8301 | .Op Fl in Ar file |
8616 | .Op Fl key Ar keyfile | 8302 | .Op Fl key Ar keyfile |
8617 | .Op Fl noout | 8303 | .Op Fl noout |
@@ -8636,14 +8322,6 @@ The options are as follows: | |||
8636 | .Bl -tag -width Ds | 8322 | .Bl -tag -width Ds |
8637 | .It Fl challenge Ar string | 8323 | .It Fl challenge Ar string |
8638 | Specifies the challenge string if an SPKAC is being created. | 8324 | Specifies the challenge string if an SPKAC is being created. |
8639 | .It Fl engine Ar id | ||
8640 | Specifying an engine (by its unique | ||
8641 | .Ar id | ||
8642 | string) will cause | ||
8643 | .Nm spkac | ||
8644 | to attempt to obtain a functional reference to the specified engine, | ||
8645 | thus initialising it if needed. | ||
8646 | The engine will then be set as the default for all available algorithms. | ||
8647 | .It Fl in Ar file | 8325 | .It Fl in Ar file |
8648 | This specifies the input | 8326 | This specifies the input |
8649 | .Ar file | 8327 | .Ar file |
@@ -8743,7 +8421,6 @@ to be used in a | |||
8743 | .Op Fl check_ss_sig | 8421 | .Op Fl check_ss_sig |
8744 | .Op Fl crl_check | 8422 | .Op Fl crl_check |
8745 | .Op Fl crl_check_all | 8423 | .Op Fl crl_check_all |
8746 | .Op Fl engine Ar id | ||
8747 | .Op Fl explicit_policy | 8424 | .Op Fl explicit_policy |
8748 | .Op Fl extended_crl | 8425 | .Op Fl extended_crl |
8749 | .Op Fl help | 8426 | .Op Fl help |
@@ -8800,14 +8477,6 @@ If a valid CRL cannot be found an error occurs. | |||
8800 | .It Fl crl_check_all | 8477 | .It Fl crl_check_all |
8801 | Checks the validity of all certificates in the chain by attempting | 8478 | Checks the validity of all certificates in the chain by attempting |
8802 | to look up valid CRLs. | 8479 | to look up valid CRLs. |
8803 | .It Fl engine Ar id | ||
8804 | Specifying an engine (by its unique | ||
8805 | .Ar id | ||
8806 | string) will cause | ||
8807 | .Nm verify | ||
8808 | to attempt to obtain a functional reference to the specified engine, | ||
8809 | thus initialising it if needed. | ||
8810 | The engine will then be set as the default for all available algorithms. | ||
8811 | .It Fl explicit_policy | 8480 | .It Fl explicit_policy |
8812 | Set policy variable require-explicit-policy (see RFC 3280 et al). | 8481 | Set policy variable require-explicit-policy (see RFC 3280 et al). |
8813 | .It Fl extended_crl | 8482 | .It Fl extended_crl |
@@ -9181,7 +8850,6 @@ option was added in | |||
9181 | .Op Fl days Ar arg | 8850 | .Op Fl days Ar arg |
9182 | .Op Fl email | 8851 | .Op Fl email |
9183 | .Op Fl enddate | 8852 | .Op Fl enddate |
9184 | .Op Fl engine Ar id | ||
9185 | .Op Fl extensions Ar section | 8853 | .Op Fl extensions Ar section |
9186 | .Op Fl extfile Ar file | 8854 | .Op Fl extfile Ar file |
9187 | .Op Fl fingerprint | 8855 | .Op Fl fingerprint |
@@ -9230,14 +8898,6 @@ Since there are a large number of options, they are split up into | |||
9230 | various sections. | 8898 | various sections. |
9231 | .Sh X509 INPUT, OUTPUT, AND GENERAL PURPOSE OPTIONS | 8899 | .Sh X509 INPUT, OUTPUT, AND GENERAL PURPOSE OPTIONS |
9232 | .Bl -tag -width "XXXX" | 8900 | .Bl -tag -width "XXXX" |
9233 | .It Fl engine Ar id | ||
9234 | Specifying an engine (by its unique | ||
9235 | .Ar id | ||
9236 | string) will cause | ||
9237 | .Nm x509 | ||
9238 | to attempt to obtain a functional reference to the specified engine, | ||
9239 | thus initialising it if needed. | ||
9240 | The engine will then be set as the default for all available algorithms. | ||
9241 | .It Fl in Ar file | 8901 | .It Fl in Ar file |
9242 | This specifies the input | 8902 | This specifies the input |
9243 | .Ar file | 8903 | .Ar file |