diff options
Diffstat (limited to '')
| -rw-r--r-- | src/usr.bin/openssl/openssl.1 | 242 | 
1 files changed, 63 insertions, 179 deletions
| diff --git a/src/usr.bin/openssl/openssl.1 b/src/usr.bin/openssl/openssl.1 index 301bc22694..c50dc37f68 100644 --- a/src/usr.bin/openssl/openssl.1 +++ b/src/usr.bin/openssl/openssl.1 | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | .\" $OpenBSD: openssl.1,v 1.57 2016/08/20 12:54:49 jmc Exp $ | 1 | .\" $OpenBSD: openssl.1,v 1.58 2016/08/22 13:39:52 jmc Exp $ | 
| 2 | .\" ==================================================================== | 2 | .\" ==================================================================== | 
| 3 | .\" Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. | 3 | .\" Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. | 
| 4 | .\" | 4 | .\" | 
| @@ -112,7 +112,7 @@ | |||
| 112 | .\" | 112 | .\" | 
| 113 | .\" OPENSSL | 113 | .\" OPENSSL | 
| 114 | .\" | 114 | .\" | 
| 115 | .Dd $Mdocdate: August 20 2016 $ | 115 | .Dd $Mdocdate: August 22 2016 $ | 
| 116 | .Dt OPENSSL 1 | 116 | .Dt OPENSSL 1 | 
| 117 | .Os | 117 | .Os | 
| 118 | .Sh NAME | 118 | .Sh NAME | 
| @@ -2539,240 +2539,124 @@ preceded by their subject and issuer names in a one-line format. | |||
| 2539 | .It Fl text | 2539 | .It Fl text | 
| 2540 | Print certificate details in full rather than just subject and issuer names. | 2540 | Print certificate details in full rather than just subject and issuer names. | 
| 2541 | .El | 2541 | .El | 
| 2542 | .\" | ||
| 2543 | .\" PKCS8 | ||
| 2544 | .\" | ||
| 2545 | .Sh PKCS8 | 2542 | .Sh PKCS8 | 
| 2546 | .nr nS 1 | 2543 | .nr nS 1 | 
| 2547 | .Nm "openssl pkcs8" | 2544 | .Nm "openssl pkcs8" | 
| 2548 | .Bk -words | ||
| 2549 | .Op Fl embed | 2545 | .Op Fl embed | 
| 2550 | .Op Fl in Ar file | 2546 | .Op Fl in Ar file | 
| 2551 | .Op Fl inform Ar DER | PEM | 2547 | .Op Fl inform Cm der | pem | 
| 2552 | .Op Fl nocrypt | 2548 | .Op Fl nocrypt | 
| 2553 | .Op Fl noiter | 2549 | .Op Fl noiter | 
| 2554 | .Op Fl nooct | 2550 | .Op Fl nooct | 
| 2555 | .Op Fl nsdb | 2551 | .Op Fl nsdb | 
| 2556 | .Op Fl out Ar file | 2552 | .Op Fl out Ar file | 
| 2557 | .Op Fl outform Ar DER | PEM | 2553 | .Op Fl outform Cm der | pem | 
| 2558 | .Op Fl passin Ar arg | 2554 | .Op Fl passin Ar arg | 
| 2559 | .Op Fl passout Ar arg | 2555 | .Op Fl passout Ar arg | 
| 2560 | .Op Fl topk8 | 2556 | .Op Fl topk8 | 
| 2561 | .Op Fl v1 Ar alg | 2557 | .Op Fl v1 Ar alg | 
| 2562 | .Op Fl v2 Ar alg | 2558 | .Op Fl v2 Ar alg | 
| 2563 | .Ek | ||
| 2564 | .nr nS 0 | 2559 | .nr nS 0 | 
| 2565 | .Pp | 2560 | .Pp | 
| 2566 | The | 2561 | The | 
| 2567 | .Nm pkcs8 | 2562 | .Nm pkcs8 | 
| 2568 | command processes private keys in PKCS#8 format. | 2563 | command processes private keys | 
| 2569 | It can handle both unencrypted PKCS#8 PrivateKeyInfo format | 2564 | (both encrypted and unencrypted) | 
| 2570 | and EncryptedPrivateKeyInfo format with a variety of PKCS#5 | 2565 | in PKCS#8 format | 
| 2571 | .Pq v1.5 and v2.0 | 2566 | with a variety of PKCS#5 (v1.5 and v2.0) and PKCS#12 algorithms. | 
| 2572 | and PKCS#12 algorithms. | 2567 | The default encryption is only 56 bits; | 
| 2568 | keys encrypted using PKCS#5 v2.0 algorithms and high iteration counts | ||
| 2569 | are more secure. | ||
| 2570 | .Pp | ||
| 2571 | The encrypted form of a PEM-encoded PKCS#8 file uses the following | ||
| 2572 | headers and footers: | ||
| 2573 | .Bd -unfilled -offset indent | ||
| 2574 | -----BEGIN ENCRYPTED PRIVATE KEY----- | ||
| 2575 | -----END ENCRYPTED PRIVATE KEY----- | ||
| 2576 | .Ed | ||
| 2577 | .Pp | ||
| 2578 | The unencrypted form uses: | ||
| 2579 | .Bd -unfilled -offset indent | ||
| 2580 | -----BEGIN PRIVATE KEY----- | ||
| 2581 | -----END PRIVATE KEY----- | ||
| 2582 | .Ed | ||
| 2573 | .Pp | 2583 | .Pp | 
| 2574 | The options are as follows: | 2584 | The options are as follows: | 
| 2575 | .Bl -tag -width Ds | 2585 | .Bl -tag -width Ds | 
| 2576 | .It Fl embed | 2586 | .It Fl embed | 
| 2577 | This option generates DSA keys in a broken format. | 2587 | Generate DSA keys in a broken format. | 
| 2578 | The DSA parameters are embedded inside the | 2588 | The DSA parameters are embedded inside the PrivateKey structure. | 
| 2579 | .Em PrivateKey | ||
| 2580 | structure. | ||
| 2581 | In this form the OCTET STRING contains an ASN1 SEQUENCE consisting of | 2589 | In this form the OCTET STRING contains an ASN1 SEQUENCE consisting of | 
| 2582 | two structures: | 2590 | two structures: | 
| 2583 | a SEQUENCE containing the parameters and an ASN1 INTEGER containing | 2591 | a SEQUENCE containing the parameters and an ASN1 INTEGER containing | 
| 2584 | the private key. | 2592 | the private key. | 
| 2585 | .It Fl in Ar file | 2593 | .It Fl in Ar file | 
| 2586 | This specifies the input | 2594 | The input file to read from, | 
| 2587 | .Ar file | 2595 | or standard input if not specified. | 
| 2588 | to read a key from, or standard input if this option is not specified. | ||
| 2589 | If the key is encrypted, a pass phrase will be prompted for. | 2596 | If the key is encrypted, a pass phrase will be prompted for. | 
| 2590 | .It Fl inform Ar DER | PEM | 2597 | .It Fl inform Cm der | pem | 
| 2591 | This specifies the input format. | 2598 | The input format. | 
| 2592 | If a PKCS#8 format key is expected on input, | 2599 | If a PKCS#8 format key is expected on input, | 
| 2593 | then either a | 2600 | then either a | 
| 2594 | DER- or PEM-encoded version of a PKCS#8 key will be expected. | 2601 | DER- or PEM-encoded version of a PKCS#8 key will be expected. | 
| 2595 | Otherwise the DER or PEM format of the traditional format private key is used. | 2602 | Otherwise the DER or PEM format of the traditional format private key is used. | 
| 2596 | .It Fl nocrypt | 2603 | .It Fl nocrypt | 
| 2597 | PKCS#8 keys generated or input are normally PKCS#8 | 2604 | Generate an unencrypted PrivateKeyInfo structure. | 
| 2598 | .Em EncryptedPrivateKeyInfo | 2605 | This option does not encrypt private keys at all | 
| 2599 | structures using an appropriate password-based encryption algorithm. | 2606 | and should only be used when absolutely necessary. | 
| 2600 | With this option, an unencrypted | ||
| 2601 | .Em PrivateKeyInfo | ||
| 2602 | structure is expected or output. | ||
| 2603 | This option does not encrypt private keys at all and should only be used | ||
| 2604 | when absolutely necessary. | ||
| 2605 | Certain software such as some versions of Java code signing software use | ||
| 2606 | unencrypted private keys. | ||
| 2607 | .It Fl noiter | 2607 | .It Fl noiter | 
| 2608 | Use an iteration count of 1. | 2608 | Use an iteration count of 1. | 
| 2609 | See the | 2609 | See the | 
| 2610 | .Sx PKCS12 | 2610 | .Sx PKCS12 | 
| 2611 | section below for a detailed explanation of this option. | 2611 | section below for a detailed explanation of this option. | 
| 2612 | .It Fl nooct | 2612 | .It Fl nooct | 
| 2613 | This option generates RSA private keys in a broken format that some software | 2613 | Generate RSA private keys in a broken format that some software uses. | 
| 2614 | uses. | ||
| 2615 | Specifically the private key should be enclosed in an OCTET STRING, | 2614 | Specifically the private key should be enclosed in an OCTET STRING, | 
| 2616 | but some software just includes the structure itself without the | 2615 | but some software just includes the structure itself without the | 
| 2617 | surrounding OCTET STRING. | 2616 | surrounding OCTET STRING. | 
| 2618 | .It Fl nsdb | 2617 | .It Fl nsdb | 
| 2619 | This option generates DSA keys in a broken format compatible with Netscape | 2618 | Generate DSA keys in a broken format compatible with Netscape | 
| 2620 | private key databases. | 2619 | private key databases. | 
| 2621 | The | 2620 | The PrivateKey contains a SEQUENCE | 
| 2622 | .Em PrivateKey | 2621 | consisting of the public and private keys, respectively. | 
| 2623 | contains a SEQUENCE consisting of the public and private keys, respectively. | ||
| 2624 | .It Fl out Ar file | 2622 | .It Fl out Ar file | 
| 2625 | This specifies the output | 2623 | The output file to write to, | 
| 2626 | .Ar file | 2624 | or standard output if none is specified. | 
| 2627 | to write a key to, or standard output by default. | ||
| 2628 | If any encryption options are set, a pass phrase will be prompted for. | 2625 | If any encryption options are set, a pass phrase will be prompted for. | 
| 2629 | The output filename should | 2626 | .It Fl outform Cm der | pem | 
| 2630 | .Em not | 2627 | The output format. | 
| 2631 | be the same as the input filename. | ||
| 2632 | .It Fl outform Ar DER | PEM | ||
| 2633 | This specifies the output format; the options have the same meaning as the | ||
| 2634 | .Fl inform | ||
| 2635 | option. | ||
| 2636 | .It Fl passin Ar arg | 2628 | .It Fl passin Ar arg | 
| 2637 | The key password source. | 2629 | The key password source. | 
| 2638 | .It Fl passout Ar arg | 2630 | .It Fl passout Ar arg | 
| 2639 | The output file password source. | 2631 | The output file password source. | 
| 2640 | .It Fl topk8 | 2632 | .It Fl topk8 | 
| 2641 | Normally, a PKCS#8 private key is expected on input and a traditional format | 2633 | Read a traditional format private key and write a PKCS#8 format key. | 
| 2642 | private key will be written. | ||
| 2643 | With the | ||
| 2644 | .Fl topk8 | ||
| 2645 | option the situation is reversed: | ||
| 2646 | it reads a traditional format private key and writes a PKCS#8 format key. | ||
| 2647 | .It Fl v1 Ar alg | 2634 | .It Fl v1 Ar alg | 
| 2648 | This option specifies a PKCS#5 v1.5 or PKCS#12 algorithm to use. | 2635 | Specify a PKCS#5 v1.5 or PKCS#12 algorithm to use. | 
| 2649 | A complete list of possible algorithms is included below. | ||
| 2650 | .It Fl v2 Ar alg | ||
| 2651 | This option enables the use of PKCS#5 v2.0 algorithms. | ||
| 2652 | Normally, PKCS#8 private keys are encrypted with the password-based | ||
| 2653 | encryption algorithm called | ||
| 2654 | .Em pbeWithMD5AndDES-CBC ; | ||
| 2655 | this uses 56-bit DES encryption but it was the strongest encryption | ||
| 2656 | algorithm supported in PKCS#5 v1.5. | ||
| 2657 | Using the | ||
| 2658 | .Fl v2 | ||
| 2659 | option PKCS#5 v2.0 algorithms are used which can use any | ||
| 2660 | encryption algorithm such as 168-bit triple DES or 128-bit RC2, however | ||
| 2661 | not many implementations support PKCS#5 v2.0 yet. | ||
| 2662 | If using private keys with | ||
| 2663 | .Nm OpenSSL | ||
| 2664 | then this doesn't matter. | ||
| 2665 | .Pp | ||
| 2666 | The | ||
| 2667 | .Ar alg | ||
| 2668 | argument is the encryption algorithm to use; valid values include | ||
| 2669 | .Ar des , des3 , | ||
| 2670 | and | ||
| 2671 | .Ar rc2 . | ||
| 2672 | It is recommended that | ||
| 2673 | .Ar des3 | ||
| 2674 | is used. | ||
| 2675 | .El | ||
| 2676 | .Sh PKCS8 NOTES | ||
| 2677 | The encrypted form of a PEM-encoded PKCS#8 file uses the following | ||
| 2678 | headers and footers: | ||
| 2679 | .Bd -unfilled -offset indent | ||
| 2680 | -----BEGIN ENCRYPTED PRIVATE KEY----- | ||
| 2681 | -----END ENCRYPTED PRIVATE KEY----- | ||
| 2682 | .Ed | ||
| 2683 | .Pp | ||
| 2684 | The unencrypted form uses: | ||
| 2685 | .Bd -unfilled -offset indent | ||
| 2686 | -----BEGIN PRIVATE KEY----- | ||
| 2687 | -----END PRIVATE KEY----- | ||
| 2688 | .Ed | ||
| 2689 | .Pp | ||
| 2690 | Private keys encrypted using PKCS#5 v2.0 algorithms and high iteration | ||
| 2691 | counts are more secure than those encrypted using the traditional | ||
| 2692 | .Nm SSLeay | ||
| 2693 | compatible formats. | ||
| 2694 | So if additional security is considered important, the keys should be converted. | ||
| 2695 | .Pp | ||
| 2696 | The default encryption is only 56 bits because this is the encryption | ||
| 2697 | that most current implementations of PKCS#8 support. | ||
| 2698 | .Pp | ||
| 2699 | Some software may use PKCS#12 password-based encryption algorithms | ||
| 2700 | with PKCS#8 format private keys: these are handled automatically | ||
| 2701 | but there is no option to produce them. | ||
| 2702 | .Pp | ||
| 2703 | It is possible to write out | ||
| 2704 | DER-encoded encrypted private keys in PKCS#8 format because the encryption | ||
| 2705 | details are included at an ASN1 | ||
| 2706 | level whereas the traditional format includes them at a PEM level. | ||
| 2707 | .Sh PKCS#5 V1.5 AND PKCS#12 ALGORITHMS | ||
| 2708 | Various algorithms can be used with the | ||
| 2709 | .Fl v1 | ||
| 2710 | command line option, including PKCS#5 v1.5 and PKCS#12. | ||
| 2711 | These are described in more detail below. | ||
| 2712 | .Pp | 2636 | .Pp | 
| 2713 | .Bl -tag -width "XXXX" -compact | 2637 | .Bl -tag -width "XXXX" -compact | 
| 2714 | .It Ar PBE-MD5-DES | 2638 | .It PBE-MD5-DES | 
| 2715 | These algorithms were included in the original PKCS#5 v1.5 specification. | 2639 | 56-bit DES. | 
| 2716 | They only offer 56 bits of protection since they both use DES. | 2640 | .It PBE-SHA1-RC2-64 | PBE-MD5-RC2-64 | PBE-SHA1-DES | 
| 2717 | .Pp | 2641 | 64-bit RC2 or 56-bit DES. | 
| 2718 | .It Ar PBE-SHA1-RC2-64 | PBE-MD5-RC2-64 | PBE-SHA1-DES | 2642 | .It PBE-SHA1-RC4-128 | PBE-SHA1-RC4-40 | PBE-SHA1-3DES | 
| 2719 | These algorithms are not mentioned in the original PKCS#5 v1.5 specification | 2643 | .It PBE-SHA1-2DES | PBE-SHA1-RC2-128 | PBE-SHA1-RC2-40 | 
| 2720 | but they use the same key derivation algorithm and are supported by some | 2644 | PKCS#12 password-based encryption algorithm, | 
| 2721 | software. | 2645 | which allow strong encryption algorithms like triple DES or 128-bit RC2. | 
| 2722 | They are mentioned in PKCS#5 v2.0. | ||
| 2723 | They use either 64-bit RC2 or 56-bit DES. | ||
| 2724 | .Pp | ||
| 2725 | .It Ar PBE-SHA1-RC4-128 | PBE-SHA1-RC4-40 | PBE-SHA1-3DES | PBE-SHA1-2DES | ||
| 2726 | .It Ar PBE-SHA1-RC2-128 | PBE-SHA1-RC2-40 | ||
| 2727 | These algorithms use the PKCS#12 password-based encryption algorithm and | ||
| 2728 | allow strong encryption algorithms like triple DES or 128-bit RC2 to be used. | ||
| 2729 | .El | 2646 | .El | 
| 2730 | .Sh PKCS8 EXAMPLES | 2647 | .It Fl v2 Ar alg | 
| 2731 | Convert a private key from traditional to PKCS#5 v2.0 format using triple DES: | 2648 | Use PKCS#5 v2.0 algorithms. | 
| 2732 | .Pp | 2649 | Supports algorithms such as 168-bit triple DES or 128-bit RC2, | 
| 2733 | .Dl "$ openssl pkcs8 -in key.pem -topk8 -v2 des3 -out enckey.pem" | 2650 | however not many implementations support PKCS#5 v2.0 yet | 
| 2734 | .Pp | 2651 | (if using private keys with | 
| 2735 | Convert a private key to PKCS#8 using a PKCS#5 1.5 compatible algorithm | 2652 | .Nm openssl | 
| 2736 | .Pq DES : | 2653 | this doesn't matter). | 
| 2737 | .Pp | ||
| 2738 | .Dl $ openssl pkcs8 -in key.pem -topk8 -out enckey.pem | ||
| 2739 | .Pp | ||
| 2740 | Convert a private key to PKCS#8 using a PKCS#12 compatible algorithm | ||
| 2741 | .Pq 3DES : | ||
| 2742 | .Bd -literal -offset indent | ||
| 2743 | $ openssl pkcs8 -in key.pem -topk8 -out enckey.pem \e | ||
| 2744 | -v1 PBE-SHA1-3DES | ||
| 2745 | .Ed | ||
| 2746 | .Pp | ||
| 2747 | Read a DER-unencrypted PKCS#8 format private key: | ||
| 2748 | .Pp | ||
| 2749 | .Dl "$ openssl pkcs8 -inform DER -nocrypt -in key.der -out key.pem" | ||
| 2750 | .Pp | ||
| 2751 | Convert a private key from any PKCS#8 format to traditional format: | ||
| 2752 | .Pp | ||
| 2753 | .Dl $ openssl pkcs8 -in pk8.pem -out key.pem | ||
| 2754 | .Sh PKCS8 STANDARDS | ||
| 2755 | Test vectors from this PKCS#5 v2.0 implementation were posted to the | ||
| 2756 | pkcs-tng mailing list using triple DES, DES and RC2 with high iteration counts; | ||
| 2757 | several people confirmed that they could decrypt the private | ||
| 2758 | keys produced and therefore it can be assumed that the PKCS#5 v2.0 | ||
| 2759 | implementation is reasonably accurate at least as far as these | ||
| 2760 | algorithms are concerned. | ||
| 2761 | .Pp | ||
| 2762 | The format of PKCS#8 DSA | ||
| 2763 | .Pq and other | ||
| 2764 | private keys is not well documented: | ||
| 2765 | it is hidden away in PKCS#11 v2.01, section 11.9; | ||
| 2766 | .Nm OpenSSL Ns Li 's | ||
| 2767 | default DSA PKCS#8 private key format complies with this standard. | ||
| 2768 | .Sh PKCS8 BUGS | ||
| 2769 | There should be an option that prints out the encryption algorithm | ||
| 2770 | in use and other details such as the iteration count. | ||
| 2771 | .Pp | 2654 | .Pp | 
| 2772 | PKCS#8 using triple DES and PKCS#5 v2.0 should be the default private | 2655 | .Ar alg | 
| 2773 | key format; for | 2656 | is the encryption algorithm to use; | 
| 2774 | .Nm OpenSSL | 2657 | valid values include des, des3, and rc2. | 
| 2775 | compatibility, several of the utilities use the old format at present. | 2658 | It is recommended that des3 is used. | 
| 2659 | .El | ||
| 2776 | .\" | 2660 | .\" | 
| 2777 | .\" PKCS12 | 2661 | .\" PKCS12 | 
| 2778 | .\" | 2662 | .\" | 
