1 files changed, 0 insertions, 6827 deletions

diff --git a/src/usr.bin/openssl/openssl.1 b/src/usr.bin/openssl/openssl.1
deleted file mode 100644
index a095c01f0a..0000000000
--- a/src/usr.bin/openssl/openssl.1
+++ /dev/null
@@ -1,6827 +0,0 @@
-.\" $OpenBSD: openssl.1,v 1.163 2025/04/14 08:40:10 tb Exp $
-.\" ====================================================================
-.\" Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in
-.\"    the documentation and/or other materials provided with the
-.\"    distribution.
-.\"
-.\" 3. All advertising materials mentioning features or use of this
-.\"    software must display the following acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-.\"
-.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-.\"    endorse or promote products derived from this software without
-.\"    prior written permission. For written permission, please contact
-.\"    openssl-core@openssl.org.
-.\"
-.\" 5. Products derived from this software may not be called "OpenSSL"
-.\"    nor may "OpenSSL" appear in their names without prior written
-.\"    permission of the OpenSSL Project.
-.\"
-.\" 6. Redistributions of any form whatsoever must retain the following
-.\"    acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
-.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-.\" OF THE POSSIBILITY OF SUCH DAMAGE.
-.\" ====================================================================
-.\"
-.\" This product includes cryptographic software written by Eric Young
-.\" (eay@cryptsoft.com).  This product includes software written by Tim
-.\" Hudson (tjh@cryptsoft.com).
-.\"
-.\"
-.\" Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
-.\" All rights reserved.
-.\"
-.\" This package is an SSL implementation written
-.\" by Eric Young (eay@cryptsoft.com).
-.\" The implementation was written so as to conform with Netscapes SSL.
-.\"
-.\" This library is free for commercial and non-commercial use as long as
-.\" the following conditions are aheared to.  The following conditions
-.\" apply to all code found in this distribution, be it the RC4, RSA,
-.\" lhash, DES, etc., code; not just the SSL code.  The SSL documentation
-.\" included with this distribution is covered by the same copyright terms
-.\" except that the holder is Tim Hudson (tjh@cryptsoft.com).
-.\"
-.\" Copyright remains Eric Young's, and as such any Copyright notices in
-.\" the code are not to be removed.
-.\" If this package is used in a product, Eric Young should be given attribution
-.\" as the author of the parts of the library used.
-.\" This can be in the form of a textual message at program startup or
-.\" in documentation (online or textual) provided with the package.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\" 1. Redistributions of source code must retain the copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in the
-.\"    documentation and/or other materials provided with the distribution.
-.\" 3. All advertising materials mentioning features or use of this software
-.\"    must display the following acknowledgement:
-.\"    "This product includes cryptographic software written by
-.\"     Eric Young (eay@cryptsoft.com)"
-.\"    The word 'cryptographic' can be left out if the rouines from the library
-.\"    being used are not cryptographic related :-).
-.\" 4. If you include any Windows specific code (or a derivative thereof) from
-.\"    the apps directory (application code) you must include an
-.\"    acknowledgement:
-.\"    "This product includes software written by Tim Hudson
-.\"     (tjh@cryptsoft.com)"
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-.\" SUCH DAMAGE.
-.\"
-.\" The licence and distribution terms for any publically available version or
-.\" derivative of this code cannot be changed.  i.e. this code cannot simply be
-.\" copied and put under another distribution licence
-.\" [including the GNU Public Licence.]
-.\"
-.Dd $Mdocdate: April 14 2025 $
-.Dt OPENSSL 1
-.Os
-.Sh NAME
-.Nm openssl
-.Nd OpenSSL command line tool
-.Sh SYNOPSIS
-.Nm
-.Ar command
-.Op Ar command_opt ...
-.Op Ar command_arg ...
-.Pp
-.Nm
-.Cm list-standard-commands |
-.Cm list-message-digest-commands |
-.Cm list-cipher-commands |
-.Cm list-cipher-algorithms |
-.Cm list-message-digest-algorithms |
-.Cm list-public-key-algorithms
-.Pp
-.Nm
-.Cm no- Ns Ar command
-.Sh DESCRIPTION
-.Nm OpenSSL
-is a cryptography toolkit implementing the
-Transport Layer Security
-.Pq TLS
-network protocol,
-as well as related cryptography standards.
-.Pp
-The
-.Nm
-program is a command line tool for using the various
-cryptography functions of
-.Nm openssl Ns 's
-crypto library from the shell.
-.Pp
-The pseudo-commands
-.Cm list-standard-commands , list-message-digest-commands ,
-and
-.Cm list-cipher-commands
-output a list
-.Pq one entry per line
-of the names of all standard commands, message digest commands,
-or cipher commands, respectively, that are available in the present
-.Nm
-utility.
-.Pp
-The pseudo-commands
-.Cm list-cipher-algorithms
-and
-.Cm list-message-digest-algorithms
-list all cipher and message digest names,
-one entry per line.
-Aliases are listed as:
-.Pp
-.D1 from => to
-.Pp
-The pseudo-command
-.Cm list-public-key-algorithms
-lists all supported public key algorithms.
-.Pp
-The pseudo-command
-.Cm no- Ns Ar command
-tests whether a command of the
-specified name is available.
-If
-.Ar command
-does not exist,
-it returns 0
-and prints
-.Cm no- Ns Ar command ;
-otherwise it returns 1 and prints
-.Ar command .
-In both cases, the output goes to stdout and nothing is printed to stderr.
-Additional command line arguments are always ignored.
-Since for each cipher there is a command of the same name,
-this provides an easy way for shell scripts to test for the
-availability of ciphers in the
-.Nm
-program.
-.Pp
-.Sy Note :
-.Cm no- Ns Ar command
-is not able to detect pseudo-commands such as
-.Cm quit ,
-.Cm list- Ns Ar ... Ns Cm -commands ,
-or
-.Cm no- Ns Ar command
-itself.
-.Tg asn1parse
-.Sh ASN1PARSE
-.Bl -hang -width "openssl asn1parse"
-.It Nm openssl asn1parse
-.Bk -words
-.Op Fl i
-.Op Fl dlimit Ar number
-.Op Fl dump
-.Op Fl genconf Ar file
-.Op Fl genstr Ar str
-.Op Fl in Ar file
-.Op Fl inform Cm der | pem | txt
-.Op Fl length Ar number
-.Op Fl noout
-.Op Fl offset Ar number
-.Op Fl oid Ar file
-.Op Fl out Ar file
-.Op Fl strparse Ar offset
-.Ek
-.El
-.Pp
-The
-.Nm asn1parse
-command is a diagnostic utility that can parse ASN.1 structures.
-It can also be used to extract data from ASN.1 formatted data.
-.Pp
-The options are as follows:
-.Bl -tag -width Ds
-.It Fl dlimit Ar number
-Dump the first
-.Ar number
-bytes of unknown data in hex form.
-.It Fl dump
-Dump unknown data in hex form.
-.It Fl genconf Ar file , Fl genstr Ar str
-Generate encoded data based on string
-.Ar str ,
-file
-.Ar file ,
-or both, using the format described in
-.Xr ASN1_generate_nconf 3 .
-If only
-.Ar file
-is present then the string is obtained from the default section
-using the name
-.Dq asn1 .
-The encoded data is passed through the ASN.1 parser and printed out as
-though it came from a file;
-the contents can thus be examined and written to a file using the
-.Fl out
-option.
-.It Fl i
-Indent the output according to the
-.Qq depth
-of the structures.
-.It Fl in Ar file
-The input file to read from, or standard input if not specified.
-.It Fl inform Cm der | pem | txt
-The input format.
-.It Fl length Ar number
-Number of bytes to parse; the default is until end of file.
-.It Fl noout
-Do not output the parsed version of the input file.
-.It Fl offset Ar number
-Starting offset to begin parsing; the default is start of file.
-.It Fl oid Ar file
-A file containing additional object identifiers
-.Pq OIDs .
-If an OID
-.Pq object identifier
-is not part of
-.Nm openssl Ns 's
-internal table, it will be represented in
-numerical form
-.Pq for example 1.2.3.4 .
-.Pp
-Each line consists of three columns:
-the first column is the OID in numerical format and should be followed by
-whitespace.
-The second column is the
-.Qq short name ,
-which is a single word followed by whitespace.
-The final column is the rest of the line and is the
-.Qq long name .
-.Nm asn1parse
-displays the long name.
-.It Fl out Ar file
-The DER-encoded output file; the default is no encoded output
-(useful when combined with
-.Fl strparse ) .
-.It Fl strparse Ar offset
-Parse the content octets of the ASN.1 object starting at
-.Ar offset .
-This option can be used multiple times to
-.Qq drill down
-into a nested structure.
-.El
-.Tg ca
-.Sh CA
-.Bl -hang -width "openssl ca"
-.It Nm openssl ca
-.Bk -words
-.Op Fl batch
-.Op Fl cert Ar file
-.Op Fl config Ar file
-.Op Fl create_serial
-.Op Fl crl_CA_compromise Ar time
-.Op Fl crl_compromise Ar time
-.Op Fl crl_hold Ar instruction
-.Op Fl crl_reason Ar reason
-.Op Fl crldays Ar days
-.Op Fl crlexts Ar section
-.Op Fl crlhours Ar hours
-.Op Fl crlsec Ar seconds
-.Op Fl days Ar arg
-.Op Fl enddate Ar date
-.Op Fl extensions Ar section
-.Op Fl extfile Ar file
-.Op Fl gencrl
-.Op Fl in Ar file
-.Op Fl infiles
-.Op Fl key Ar password
-.Op Fl keyfile Ar file
-.Op Fl keyform Cm pem | der
-.Op Fl md Ar alg
-.Op Fl multivalue-rdn
-.Op Fl name Ar section
-.Op Fl noemailDN
-.Op Fl notext
-.Op Fl out Ar file
-.Op Fl outdir Ar directory
-.Op Fl passin Ar arg
-.Op Fl policy Ar arg
-.Op Fl preserveDN
-.Op Fl revoke Ar file
-.Op Fl selfsign
-.Op Fl sigopt Ar nm:v
-.Op Fl ss_cert Ar file
-.Op Fl startdate Ar date
-.Op Fl status Ar serial
-.Op Fl subj Ar arg
-.Op Fl updatedb
-.Op Fl utf8
-.Op Fl verbose
-.Ek
-.El
-.Pp
-The
-.Nm ca
-command is a minimal certificate authority (CA) application.
-It can be used to sign certificate requests in a variety of forms
-and generate certificate revocation lists (CRLs).
-It also maintains a text database of issued certificates and their status.
-.Pp
-The options relevant to CAs are as follows:
-.Bl -tag -width "XXXX"
-.It Fl batch
-Batch mode.
-In this mode no questions will be asked
-and all certificates will be certified automatically.
-.It Fl cert Ar file
-The CA certificate file.
-.It Fl config Ar file
-Specify an alternative configuration file.
-.It Fl create_serial
-If reading the serial from the text file as specified in the
-configuration fails, create a new random serial to be used as the
-next serial number.
-.It Fl days Ar arg
-The number of days to certify the certificate for.
-.It Fl enddate Ar date
-Set the expiry date.
-The format of the date is [YY]YYMMDDHHMMSSZ,
-with all four year digits required for dates from 2050 onwards.
-.It Fl extensions Ar section
-The section of the configuration file containing certificate extensions
-to be added when a certificate is issued (defaults to
-.Cm x509_extensions
-unless the
-.Fl extfile
-option is used).
-If no extension section is present, a V1 certificate is created.
-If the extension section is present
-.Pq even if it is empty ,
-then a V3 certificate is created.
-See the
-.Xr x509v3.cnf 5
-manual page for details of the extension section format.
-.It Fl extfile Ar file
-An additional configuration
-.Ar file
-to read certificate extensions from
-(using the default section unless the
-.Fl extensions
-option is also used).
-.It Fl in Ar file
-An input
-.Ar file
-containing a single certificate request to be signed by the CA.
-.It Fl infiles
-If present, this should be the last option; all subsequent arguments
-are assumed to be the names of files containing certificate requests.
-.It Fl key Ar password
-The
-.Fa password
-used to encrypt the private key.
-Since on some systems the command line arguments are visible,
-this option should be used with caution.
-.It Fl keyfile Ar file
-The private key to sign requests with.
-.It Fl keyform Cm pem | der
-Private key file format.
-The default is
-.Cm pem .
-.It Fl md Ar alg
-The message digest to use.
-Possible values include
-.Ar md5
-and
-.Ar sha1 .
-This option also applies to CRLs.
-.It Fl multivalue-rdn
-This option causes the
-.Fl subj
-argument to be interpreted with full support for multivalued RDNs,
-for example
-.Qq "/DC=org/DC=OpenSSL/DC=users/UID=123456+CN=John Doe" .
-If
-.Fl multivalue-rdn
-is not used, the UID value is set to
-.Qq "123456+CN=John Doe" .
-.It Fl name Ar section
-Specifies the configuration file
-.Ar section
-to use (overrides
-.Cm default_ca
-in the
-.Cm ca
-section).
-.It Fl noemailDN
-The DN of a certificate can contain the EMAIL field if present in the
-request DN, however it is good policy just having the email set into
-the
-.Cm altName
-extension of the certificate.
-When this option is set, the EMAIL field is removed from the certificate's
-subject and set only in the, eventually present, extensions.
-The
-.Ar email_in_dn
-keyword can be used in the configuration file to enable this behaviour.
-.It Fl notext
-Don't output the text form of a certificate to the output file.
-.It Fl out Ar file
-The output file to output certificates to.
-The default is standard output.
-The certificate details will also be printed out to this file in
-PEM format.
-.It Fl outdir Ar directory
-The
-.Ar directory
-to output certificates to.
-The certificate will be written to a file consisting of the
-serial number in hex with
-.Qq .pem
-appended.
-.It Fl passin Ar arg
-The key password source.
-.It Fl policy Ar arg
-Define the CA
-.Qq policy
-to use.
-The policy section in the configuration file
-consists of a set of variables corresponding to certificate DN fields.
-The values may be one of
-.Qq match
-(the value must match the same field in the CA certificate),
-.Qq supplied
-(the value must be present), or
-.Qq optional
-(the value may be present).
-Any fields not mentioned in the policy section
-are silently deleted, unless the
-.Fl preserveDN
-option is set,
-but this can be regarded more of a quirk than intended behaviour.
-.It Fl preserveDN
-Normally, the DN order of a certificate is the same as the order of the
-fields in the relevant policy section.
-When this option is set, the order is the same as the request.
-This is largely for compatibility with the older IE enrollment control
-which would only accept certificates if their DNs matched the order of the
-request.
-This is not needed for Xenroll.
-.It Fl selfsign
-Indicates the issued certificates are to be signed with the key the
-certificate requests were signed with, given with
-.Fl keyfile .
-Certificate requests signed with a different key are ignored.
-If
-.Fl gencrl
-or
-.Fl ss_cert
-are given,
-.Fl selfsign
-is ignored.
-.Pp
-A consequence of using
-.Fl selfsign
-is that the self-signed certificate appears among the entries in
-the certificate database (see the configuration option
-.Cm database )
-and uses the same serial number counter as all other certificates
-signed with the self-signed certificate.
-.It Fl sigopt Ar nm:v
-Pass options to the signature algorithm during sign or certify operations.
-The names and values of these options are algorithm-specific.
-.It Fl ss_cert Ar file
-A single self-signed certificate to be signed by the CA.
-.It Fl startdate Ar date
-Set the start date.
-The format of the date is [YY]YYMMDDHHMMSSZ,
-with all four year digits required for dates from 2050 onwards.
-.It Fl subj Ar arg
-Supersedes the subject name given in the request.
-The
-.Ar arg
-must be formatted as
-.Sm off
-.Pf / Ar type0 Ns = Ar value0 Ns / Ar type 1 Ns = Ar value 1 Ns /
-.Ar type2 Ns = Ar ... ;
-.Sm on
-characters may be escaped by
-.Sq \e
-.Pq backslash ,
-no spaces are skipped.
-.It Fl utf8
-Interpret field values read from a terminal or obtained from a
-configuration file as UTF-8 strings.
-By default, they are interpreted as ASCII.
-.It Fl verbose
-Print extra details about the operations being performed.
-.El
-.Pp
-The options relevant to CRLs are as follows:
-.Bl -tag -width "XXXX"
-.It Fl crl_CA_compromise Ar time
-This is the same as
-.Fl crl_compromise ,
-except the revocation reason is set to CACompromise.
-.It Fl crl_compromise Ar time
-Set the revocation reason to keyCompromise and the compromise time to
-.Ar time .
-.Ar time
-should be in GeneralizedTime format, i.e. YYYYMMDDHHMMSSZ.
-.It Fl crl_hold Ar instruction
-Set the CRL revocation reason code to certificateHold and the hold
-instruction to
-.Ar instruction
-which must be an OID.
-Although any OID can be used, only holdInstructionNone
-(the use of which is discouraged by RFC 2459), holdInstructionCallIssuer or
-holdInstructionReject will normally be used.
-.It Fl crl_reason Ar reason
-Revocation reason, where
-.Ar reason
-is one of:
-unspecified, keyCompromise, CACompromise, affiliationChanged, superseded,
-cessationOfOperation, certificateHold or removeFromCRL.
-The matching of
-.Ar reason
-is case insensitive.
-Setting any revocation reason will make the CRL v2.
-In practice, removeFromCRL is not particularly useful because it is only used
-in delta CRLs which are not currently implemented.
-.It Fl crldays Ar days
-The number of days before the next CRL is due.
-This is the days from now to place in the CRL
-.Cm nextUpdate
-field.
-.It Fl crlexts Ar section
-The
-.Ar section
-of the configuration file containing CRL extensions to include.
-If no CRL extension section is present then a V1 CRL is created;
-if the CRL extension section is present
-(even if it is empty)
-then a V2 CRL is created.
-The CRL extensions specified are CRL extensions and not CRL entry extensions.
-It should be noted that some software can't handle V2 CRLs.
-See the
-.Xr x509v3.cnf 5
-manual page for details of the extension section format.
-.It Fl crlhours Ar hours
-The number of hours before the next CRL is due.
-.It Fl crlsec Ar seconds
-The number of seconds before the next CRL is due.
-.It Fl gencrl
-Generate a CRL based on information in the index file.
-.It Fl revoke Ar file
-A
-.Ar file
-containing a certificate to revoke.
-.It Fl status Ar serial
-Show the status of the certificate with serial number
-.Ar serial .
-.It Fl updatedb
-Update the database index to purge expired certificates.
-.El
-.Pp
-Many of the options can be set in the
-.Cm ca
-section of the configuration file
-(or in the default section of the configuration file),
-specified using
-.Cm default_ca
-or
-.Fl name .
-The
-.Cm preserve
-option is read directly from the
-.Cm ca
-section.
-.Pp
-Many of the configuration file options are identical to command line
-options.
-Where the option is present in the configuration file and the command line,
-the command line value is used.
-Where an option is described as mandatory, then it must be present in
-the configuration file or the command line equivalent
-.Pq if any
-used.
-.Bl -tag -width "XXXX"
-.It Cm certificate
-The same as
-.Fl cert .
-It gives the file containing the CA certificate.
-Mandatory.
-.It Cm copy_extensions
-Determines how extensions in certificate requests should be handled.
-If set to
-.Cm none
-or this option is not present, then extensions are
-ignored and not copied to the certificate.
-If set to
-.Cm copy ,
-then any extensions present in the request that are not already present
-are copied to the certificate.
-If set to
-.Cm copyall ,
-then all extensions in the request are copied to the certificate:
-if the extension is already present in the certificate it is deleted first.
-.Pp
-The
-.Cm copy_extensions
-option should be used with caution.
-If care is not taken, it can be a security risk.
-For example, if a certificate request contains a
-.Cm basicConstraints
-extension with CA:TRUE and the
-.Cm copy_extensions
-value is set to
-.Cm copyall
-and the user does not spot
-this when the certificate is displayed, then this will hand the requester
-a valid CA certificate.
-.Pp
-This situation can be avoided by setting
-.Cm copy_extensions
-to
-.Cm copy
-and including
-.Cm basicConstraints
-with CA:FALSE in the configuration file.
-Then if the request contains a
-.Cm basicConstraints
-extension, it will be ignored.
-.Pp
-The main use of this option is to allow a certificate request to supply
-values for certain extensions such as
-.Cm subjectAltName .
-.It Cm crl_extensions
-The same as
-.Fl crlexts .
-.It Cm crlnumber
-A text file containing the next CRL number to use in hex.
-The CRL number will be inserted in the CRLs only if this file exists.
-If this file is present, it must contain a valid CRL number.
-.It Cm database
-The text database file to use.
-Mandatory.
-This file must be present, though initially it will be empty.
-.It Cm default_crl_hours , default_crl_days
-The same as the
-.Fl crlhours
-and
-.Fl crldays
-options.
-These will only be used if neither command line option is present.
-At least one of these must be present to generate a CRL.
-.It Cm default_days
-The same as the
-.Fl days
-option.
-The number of days to certify a certificate for.
-.It Cm default_enddate
-The same as the
-.Fl enddate
-option.
-Either this option or
-.Cm default_days
-.Pq or the command line equivalents
-must be present.
-.It Cm default_md
-The same as the
-.Fl md
-option.
-The message digest to use.
-Mandatory.
-.It Cm default_startdate
-The same as the
-.Fl startdate
-option.
-The start date to certify a certificate for.
-If not set, the current time is used.
-.It Cm email_in_dn
-The same as
-.Fl noemailDN .
-If the EMAIL field is to be removed from the DN of the certificate,
-simply set this to
-.Qq no .
-If not present, the default is to allow for the EMAIL field in the
-certificate's DN.
-.It Cm name_opt , cert_opt
-These options allow the format used to display the certificate details
-when asking the user to confirm signing.
-All the options supported by the
-.Nm x509
-utilities'
-.Fl nameopt
-and
-.Fl certopt
-switches can be used here, except that
-.Cm no_signame
-and
-.Cm no_sigdump
-are permanently set and cannot be disabled
-(this is because the certificate signature cannot be displayed because
-the certificate has not been signed at this point).
-.Pp
-For convenience, the value
-.Cm ca_default
-is accepted by both to produce a reasonable output.
-.Pp
-If neither option is present, the format used in earlier versions of
-.Nm openssl
-is used.
-Use of the old format is strongly discouraged
-because it only displays fields mentioned in the
-.Cm policy
-section,
-mishandles multicharacter string types and does not display extensions.
-.It Cm new_certs_dir
-The same as the
-.Fl outdir
-command line option.
-It specifies the directory where new certificates will be placed.
-Mandatory.
-.It Cm oid_file
-This specifies a file containing additional object identifiers.
-Each line of the file should consist of the numerical form of the
-object identifier followed by whitespace, then the short name followed
-by whitespace and finally the long name.
-.It Cm oid_section
-This specifies a section in the configuration file containing extra
-object identifiers.
-Each line should consist of the short name of the object identifier
-followed by
-.Sq =
-and the numerical form.
-The short and long names are the same when this option is used.
-.It Cm policy
-The same as
-.Fl policy .
-Mandatory.
-.It Cm preserve
-The same as
-.Fl preserveDN .
-.It Cm private_key
-Same as the
-.Fl keyfile
-option.
-The file containing the CA private key.
-Mandatory.
-.It Cm serial
-A text file containing the next serial number to use in hex.
-Mandatory.
-This file must be present and contain a valid serial number.
-.It Cm unique_subject
-If the value
-.Cm yes
-is given, the valid certificate entries in the
-database must have unique subjects.
-If the value
-.Cm no
-is given,
-several valid certificate entries may have the exact same subject.
-The default value is
-.Cm yes .
-.Pp
-Note that it is valid in some circumstances for certificates to be created
-without any subject.
-In cases where there are multiple certificates without
-subjects this does not count as a duplicate.
-.It Cm x509_extensions
-The same as
-.Fl extensions .
-.El
-.Tg certhash
-.Sh CERTHASH
-.Bl -hang -width "openssl certhash"
-.It Nm openssl certhash
-.Bk -words
-.Op Fl nv
-.Ar dir ...
-.Ek
-.El
-.Pp
-The
-.Nm certhash
-command calculates a hash value of
-.Qq .pem
-file in the specified directory list and creates symbolic links for each file,
-where the name of the link is the hash value.
-See the
-.Xr SSL_CTX_load_verify_locations 3
-manual page for how hash links are used.
-.Pp
-The links created are of the form
-.Qq HHHHHHHH.D ,
-where each
-.Sq H
-is a hexadecimal character and
-.Sq D
-is a single decimal digit.
-The hashes for CRLs look similar, except the letter
-.Sq r
-appears after the period, like this:
-.Qq HHHHHHHH.rD .
-When processing a directory,
-.Nm certhash
-will first remove all links that have a name in that syntax and invalid
-reference.
-.Pp
-Multiple objects may have the same hash; they will be indicated by
-incrementing the
-.Sq D
-value.
-Duplicates are found by comparing the full SHA256 fingerprint.
-A warning will be displayed if a duplicate is found.
-.Pp
-A warning will also be displayed if there are files that cannot be parsed as
-either a certificate or a CRL.
-.Pp
-The options are as follows:
-.Bl -tag -width Ds
-.It Fl n
-Perform a dry-run, and do not make any changes.
-.It Fl v
-Print extra details about the processing.
-.It Ar dir ...
-Specify the directories to process.
-.El
-.Tg ciphers
-.Sh CIPHERS
-.Nm openssl ciphers
-.Op Fl hsVv
-.Op Fl tls1_2
-.Op Fl tls1_3
-.Op Ar control
-.Pp
-The
-.Nm ciphers
-command converts the
-.Ar control
-string from the format documented in
-.Xr SSL_CTX_set_cipher_list 3
-into an ordered SSL cipher suite preference list.
-If no
-.Ar control
-string is specified, the
-.Cm DEFAULT
-list is printed.
-.Pp
-The options are as follows:
-.Bl -tag -width Ds
-.It Fl h , \&?
-Print a brief usage message.
-.It Fl s
-Only list ciphers that are supported by the TLS method.
-.It Fl tls1_2 | tls1_3
-In combination with the
-.Fl s
-option, list the ciphers which could be used
-if the specified protocol version were negotiated.
-.It Fl V
-Verbose.
-List ciphers with cipher suite code in hex format,
-cipher name, and a complete description of protocol version,
-key exchange, authentication, encryption, and mac algorithms.
-.It Fl v
-Like
-.Fl V ,
-but without cipher suite codes.
-.El
-.Tg cms
-.Sh CMS
-.Bl -hang -width "openssl cms"
-.It Nm openssl cms
-.Bk -words
-.Oo
-.Fl aes128 | aes192 | aes256 | camellia128 |
-.Fl camellia192 | camellia256 | des | des3 |
-.Fl rc2-40 | rc2-64 | rc2-128
-.Oc
-.Op Fl CAfile Ar file
-.Op Fl CApath Ar directory
-.Op Fl CRLfile Ar file
-.Op Fl binary
-.Op Fl certfile Ar file
-.Op Fl certsout Ar file
-.Op Fl cmsout
-.Op Fl compress
-.Op Fl content Ar file
-.Op Fl crlfeol
-.Op Fl data_create
-.Op Fl data_out
-.Op Fl debug_decrypt
-.Op Fl decrypt
-.Op Fl digest_create
-.Op Fl digest_verify
-.Op Fl econtent_type Ar type
-.Op Fl encrypt
-.Op Fl EncryptedData_decrypt
-.Op Fl EncryptedData_encrypt
-.Op Fl from Ar addr
-.Op Fl in Ar file
-.Op Fl inform Cm der | pem | smime
-.Op Fl inkey Ar file
-.Op Fl keyform Cm der | pem
-.Op Fl keyid
-.Op Fl keyopt Ar nm:v
-.Op Fl md Ar digest
-.Op Fl no_attr_verify
-.Op Fl no_content_verify
-.Op Fl no_signer_cert_verify
-.Op Fl noattr
-.Op Fl nocerts
-.Op Fl nodetach
-.Op Fl nointern
-.Op Fl nooldmime
-.Op Fl noout
-.Op Fl nosigs
-.Op Fl nosmimecap
-.Op Fl noverify
-.Op Fl out Ar file
-.Op Fl outform Cm der | pem | smime
-.Op Fl passin Ar src
-.Op Fl print
-.Op Fl pwri_password Ar arg
-.Op Fl rctform Cm der | pem | smime
-.Op Fl receipt_request_all | receipt_request_first
-.Op Fl receipt_request_from Ar addr
-.Op Fl receipt_request_print
-.Op Fl receipt_request_to Ar addr
-.Op Fl recip Ar file
-.Op Fl resign
-.Op Fl secretkey Ar key
-.Op Fl secretkeyid Ar id
-.Op Fl sign
-.Op Fl sign_receipt
-.Op Fl signer Ar file
-.Op Fl stream | indef | noindef
-.Op Fl subject Ar s
-.Op Fl text
-.Op Fl to Ar addr
-.Op Fl uncompress
-.Op Fl verify
-.Op Fl verify_receipt Ar file
-.Op Fl verify_retcode
-.Op Ar cert.pem ...
-.Ek
-.El
-.Pp
-The
-.Nm cms
-command handles S/MIME v3.1 mail.
-It can encrypt, decrypt, sign and verify, compress and uncompress S/MIME
-messages.
-.Pp
-The MIME message must be sent without any blank lines between the headers and
-the output.
-Some mail programs will automatically add a blank line.
-Piping the mail directly to sendmail is one way to achieve the correct format.
-.Pp
-The supplied message to be signed or encrypted must include the necessary MIME
-headers or many S/MIME clients won't display it properly (if at all).
-You can use the
-.Fl text
-option to automatically add plain text headers.
-.Pp
-A "signed and encrypted" message is one where a signed message is then
-encrypted.
-This can be produced by encrypting an already signed message.
-.Pp
-There are various operation options that set the type of operation to be
-performed.
-The meaning of the other options varies according to the operation type.
-.Bl -tag -width "XXXX"
-.It Fl encrypt
-Encrypt mail for the given recipient certificates.
-Input file is the message to be encrypted.
-The output file is the encrypted mail in MIME format.
-The actual CMS type is EnvelopedData.
-Note that no revocation check is done for the recipient cert, so if that
-key has been compromised, others may be able to decrypt the text.
-.It Fl decrypt
-Decrypt mail using the supplied certificate and private key.
-Expects an encrypted mail message in MIME format for the input file.
-The decrypted mail is written to the output file.
-.It Fl sign
-Sign mail using the supplied certificate and private key.
-Input file is the message to be signed.
-The signed message in MIME format is written to the output file.
-.It Fl verify
-Verify signed mail.
-Expects a signed mail message on input and outputs the signed data.
-Both clear text and opaque signing are supported.
-.It Fl cmsout
-Take an input message and write out a PEM encoded CMS structure.
-.It Fl resign
-Resign a message.
-Take an existing message and one or more new signers.
-This operation uses an existing message digest when adding a new signer.
-This means that attributes must be present in at least one existing
-signer using the same message digest or this operation will fail.
-.It Fl data_create
-Create a CMS Data type.
-.It Fl data_out
-Output a content from the input CMS Data type.
-.It Fl digest_create
-Create a CMS DigestedData type.
-.It Fl digest_verify
-Verify a CMS DigestedData type and output the content.
-.It Fl compress
-Create a CMS CompressedData type.
-Must be compiled with zlib support for this option to work.
-.It Fl uncompress
-Uncompress a CMS CompressedData type and output the content.
-Must be compiled with zlib support for this option to work.
-.It Fl EncryptedData_encrypt
-Encrypt a content using supplied symmetric key and algorithm using a
-CMS EncryptedData type.
-.It Fl EncryptedData_decrypt
-Decrypt a CMS EncryptedData type using supplied symmetric key.
-.It Fl sign_receipt
-Generate and output a signed receipt for the supplied message.
-The input message must contain a signed receipt request.
-Functionality is otherwise similar to the
-.Fl sign
-operation.
-.It Xo
-.Fl verify_receipt Ar file
-.Xc
-Verify a signed receipt in file.
-The input message must contain the original receipt request.
-Functionality is otherwise similar to the
-.Fl verify
-operation.
-.El
-.Pp
-The remaining options are as follows:
-.Bl -tag -width "XXXX"
-.It Xo
-.Fl aes128 | aes192 | aes256 | camellia128 |
-.Fl camellia192 | camellia256 | des | des3 |
-.Fl rc2-40 | rc2-64 | rc2-128
-.Xc
-The encryption algorithm to use.
-128-, 192-, or 256-bit AES, 128-, 192-, or 256-bit CAMELLIA,
-DES (56 bits), triple DES (168 bits),
-or 40-, 64-, or 128-bit RC2, respectively;
-if not specified, triple DES is
-used.
-Only used with
-.Fl encrypt
-and
-.Fl EncryptedData_encrypt
-commands.
-.It Fl binary
-Normally the input message is converted to "canonical" format which is
-effectively using CR/LF as end of line, as required by the S/MIME specification.
-When this option is present, no translation occurs.
-This is useful when handling binary data which may not be in MIME format.
-.It Fl CAfile Ar file
-A file containing trusted CA certificates, used with
-.Fl verify
-and
-.Fl verify_receipt .
-.It Fl CApath Ar directory
-A directory containing trusted CA certificates, used with
-.Fl verify
-and
-.Fl verify_receipt .
-This directory must be a standard certificate directory: that is a hash
-of each subject name (using
-.Nm x509 Fl hash )
-should be linked to each certificate.
-.It Fl CRLfile Ar file
-Allows additional certificate revocation lists to be specified for verification.
-The CRLs should be in PEM format.
-.It Ar cert.pem ...
-One or more certificates of message recipients: used when encrypting a message.
-.It Fl certfile Ar file
-Allows additional certificates to be specified.
-When signing, these will be included with the message.
-When verifying, these will be searched for the signer's certificates.
-The certificates should be in PEM format.
-.It Fl certsout Ar file
-A file that any certificates contained in the message are written to.
-.It Xo
-.Fl check_ss_sig ,
-.Fl crl_check ,
-.Fl crl_check_all ,
-.Fl extended_crl ,
-.Fl ignore_critical ,
-.Fl issuer_checks ,
-.Fl policy ,
-.Fl policy_check ,
-.Fl purpose ,
-.Fl x509_strict
-.Xc
-Set various certificate chain validation options.
-See the
-.Nm verify
-command for details.
-.It Fl content Ar file
-A file containing the detached content.
-This is only useful with the
-.Fl verify
-command.
-This is only usable if the CMS structure is using the detached signature
-form where the content is not included.
-This option will override any content if the input format is S/MIME and
-it uses the multipart/signed MIME content type.
-.It Fl crlfeol
-Output a S/MIME message with CR/LF end of line.
-.It Fl debug_decrypt
-Set the CMS_DEBUG_DECRYPT flag when decrypting.
-This option should be used with caution, since this can be used to disable
-the MMA attack protection and return an error if no recipient can be found.
-See the
-.Xr CMS_decrypt 3
-manual page for details of the flag.
-.It Xo
-.Fl from Ar addr ,
-.Fl subject Ar s ,
-.Fl to Ar addr
-.Xc
-The relevant mail headers.
-These are included outside the signed portion of a message so they may
-be included manually.
-If signing then many S/MIME mail clients check the signer's certificate's
-email address matches that specified in the From: address.
-.It Fl econtent_type Ar type
-Set the encapsulated content type, used with
-.Fl sign .
-If not supplied, the Data type is used.
-The type argument can be any valid OID name in either text or numerical format.
-.It Fl in Ar file
-The input message to be encrypted or signed or the message to be decrypted or
-verified.
-.It Fl inform Cm der | pem | smime
-The input format for the CMS structure.
-The default is
-.Cm smime ,
-which reads an S/MIME format message.
-.Cm pem
-and
-.Cm der
-format change this to expect PEM and DER format CMS structures instead.
-This currently only affects the input format of the CMS structure; if no
-CMS structure is being input (for example with
-.Fl encrypt
-or
-.Fl sign )
-this option has no effect.
-.It Fl inkey Ar file
-The private key to use when signing or decrypting.
-This must match the corresponding certificate.
-If this option is not specified then the private key must be included in
-the certificate file specified with the
-.Fl recip
-or
-.Fl signer
-file.
-When signing, this option can be used multiple times to specify successive keys.
-.It Fl keyform Cm der | pem
-Input private key format.
-The default is
-.Cm pem .
-.It Fl keyid
-Use subject key identifier to identify certificates instead of issuer
-name and serial number.
-The supplied certificate must include a subject key identifier extension.
-Supported by
-.Fl sign
-and
-.Fl encrypt
-operations.
-.It Fl keyopt Ar nm:v
-Set customised parameters for the preceding key or certificate
-for encryption and signing.
-It can currently be used to set RSA-PSS for signing, RSA-OAEP for
-encryption or to modify default parameters for ECDH.
-This option can be used multiple times.
-.It Fl md Ar digest
-The digest algorithm to use when signing or resigning.
-If not present then the default digest algorithm for the signing key
-will be used (usually SHA1).
-.It Fl no_attr_verify
-Do not verify the signer's attribute of a signature.
-.It Fl no_content_verify
-Do not verify the content of a signed message.
-.It Fl no_signer_cert_verify
-Do not verify the signer's certificate of a signed message.
-.It Fl noattr
-Do not include attributes.
-Normally when a message is signed a set of attributes are included which
-include the signing time and supported symmetric algorithms.
-With this option they are not included.
-.It Fl nocerts
-Do not include the signer's certificate.
-This will reduce the size of the signed message but the verifier must
-have a copy of the signer's certificate available locally (passed using
-the
-.Fl certfile
-option for example).
-.It Fl nodetach
-When signing a message, use opaque signing.
-This form is more resistant to translation by mail relays but it cannot be
-read by mail agents that do not support S/MIME.
-Without this option cleartext signing with the MIME type multipart/signed is
-used.
-.It Fl nointern
-Only the certificates specified in the
-.Fl certfile
-option are used.
-When verifying a message, normally certificates (if any) included in the
-message are searched for the signing certificate.
-The supplied certificates can still be used as untrusted CAs however.
-.It Fl nooldmime
-Output an old S/MIME content type like "application/x-pkcs7-".
-.It Fl noout
-Do not output the parsed CMS structure for the
-.Fl cmsout
-operation.
-This is useful when combined with the
-.Fl print
-option or if the syntax of the CMS structure is being checked.
-.It Fl nosigs
-Do not try to verify the signatures on the message.
-.It Fl nosmimecap
-Exclude the list of supported algorithms from signed attributes; other
-options such as signing time and content type are still included.
-.It Fl noverify
-Do not verify the signer's certificate of a signed message.
-.It Fl out Ar file
-The message text that has been decrypted or verified or the output MIME
-format message that has been signed or verified.
-.It Fl outform Cm der | pem | smime
-This specifies the output format for the CMS structure.
-The default is
-.Cm smime ,
-which writes an S/MIME format message.
-.Cm pem
-and
-.Cm der
-format change this to write PEM and DER format CMS structures instead.
-This currently only affects the output format of the CMS structure; if
-no CMS structure is being output (for example with
-.Fl verify
-or
-.Fl decrypt )
-this option has no effect.
-.It Fl passin Ar src
-The private key password source.
-.It Fl print
-Print out all fields of the CMS structure for the
-.Fl cmsout
-operation.
-This is mainly useful for testing purposes.
-.It Fl pwri_password Ar arg
-Specify PasswordRecipientInfo (PWRI) password to use.
-Supported by the
-.Fl encrypt
-and
-.Fl decrypt
-operations.
-.It Fl rctform Cm der | pem | smime
-Specify the format for a signed receipt for use with the
-.Fl receipt_verify
-operation.
-The default is
-.Cm smime .
-.It Fl receipt_request_all | receipt_request_first
-Indicate requests should be provided by all recipient or first tier
-recipients (those mailed directly and not from a mailing list), for the
-.Fl sign
-operation to include a signed receipt request.
-Ignored if
-.Fl receipt_request_from
-is included.
-.It Fl receipt_request_from Ar addr
-Add an explicit email address where receipts should be supplied.
-.It Fl receipt_request_print
-Print out the contents of any signed receipt requests for the
-.Fl verify
-operation.
-.It Fl receipt_request_to Ar addr
-Add an explicit email address where signed receipts should be sent to.
-This option must be supplied if a signed receipt is requested.
-.It Fl recip Ar file
-When decrypting a message, this specifies the recipient's certificate.
-The certificate must match one of the recipients of the message or an
-error occurs.
-When encrypting a message, this option may be used multiple times to
-specify each recipient.
-This form must be used if customised parameters are required (for example to
-specify RSA-OAEP).
-Only certificates carrying RSA, Diffie-Hellman or EC keys are supported
-by this option.
-.It Fl secretkey Ar key
-Specify symmetric key to use.
-The key must be supplied in hex format and be consistent with the
-algorithm used.
-Supported by the
-.Fl EncryptedData_encrypt ,
-.Fl EncryptedData_decrypt ,
-.Fl encrypt
-and
-.Fl decrypt
-operations.
-When used with
-.Fl encrypt
-or
-.Fl decrypt ,
-the supplied key is used to wrap or unwrap the content encryption key
-using an AES key in the KEKRecipientInfo type.
-.It Fl secretkeyid Ar id
-The key identifier for the supplied symmetric key for KEKRecipientInfo type.
-This option must be present if the
-.Fl secretkey
-option is used with
-.Fl encrypt .
-With
-.Fl decrypt
-operations the id is used to locate the relevant key; if it is not supplied
-then an attempt is used to decrypt any KEKRecipientInfo structures.
-.It Fl signer Ar file
-A signing certificate when signing or resigning a message; this option
-can be used multiple times if more than one signer is required.
-If a message is being verified then the signers certificates will be
-written to this file if the verification was successful.
-.It Xo
-.Fl stream |
-.Fl indef |
-.Fl noindef
-.Xc
-The
-.Fl stream
-and
-.Fl indef
-options are equivalent and enable streaming I/O for encoding operations.
-This permits single pass processing of data without the need to hold the
-entire contents in memory, potentially supporting very large files.
-Streaming is automatically set for S/MIME signing with detached data if
-the output format is
-.Cm smime ;
-it is currently off by default for all other operations.
-.Fl noindef
-disable streaming I/O where it would produce an indefinite length
-constructed encoding.
-This option currently has no effect.
-.It Fl text
-Add plain text (text/plain) MIME headers to the supplied message if
-encrypting or signing.
-If decrypting or verifying, it strips off text headers: if the decrypted
-or verified message is not of MIME type text/plain then an error occurs.
-.It Fl verify_retcode
-Set verification error code to exit code to indicate what verification error
-has occurred.
-Supported by
-.Fl verify
-operation only.
-Exit code value minus 32 shows verification error code.
-See
-.Nm verify
-command for the list of verification error code.
-.El
-.Pp
-The exit codes for
-.Nm cms
-are as follows:
-.Pp
-.Bl -tag -width "XXXX" -offset 3n -compact
-.It 0
-The operation was completely successful.
-.It 1
-An error occurred parsing the command options.
-.It 2
-One of the input files could not be read.
-.It 3
-An error occurred creating the CMS file or when reading the MIME message.
-.It 4
-An error occurred decrypting or verifying the message.
-.It 5
-The message was verified correctly but an error occurred writing out the
-signer's certificates.
-.It 6
-An error occurred writing the output file.
-.It 32+
-A verify error occurred while
-.Fl verify_retcode
-is specified.
-.El
-.Tg crl
-.Sh CRL
-.Bl -hang -width "openssl crl"
-.It Nm openssl crl
-.Bk -words
-.Op Fl CAfile Ar file
-.Op Fl CApath Ar dir
-.Op Fl crlnumber
-.Op Fl fingerprint
-.Op Fl hash
-.Op Fl hash_old
-.Op Fl in Ar file
-.Op Fl inform Cm der | pem
-.Op Fl issuer
-.Op Fl lastupdate
-.Op Fl nameopt Ar option
-.Op Fl nextupdate
-.Op Fl noout
-.Op Fl out Ar file
-.Op Fl outform Cm der | pem
-.Op Fl text
-.Op Fl verify
-.Ek
-.El
-.Pp
-The
-.Nm crl
-command processes CRL files in DER or PEM format.
-.Pp
-The options are as follows:
-.Bl -tag -width Ds
-.It Fl CAfile Ar file
-Verify the signature on a CRL by looking up the issuing certificate in
-.Ar file .
-.It Fl CApath Ar directory
-Verify the signature on a CRL by looking up the issuing certificate in
-.Ar dir .
-This directory must be a standard certificate directory,
-i.e. a hash of each subject name (using
-.Cm x509 Fl hash )
-should be linked to each certificate.
-.It Fl crlnumber
-Print the CRL number.
-.It Fl fingerprint
-Print the CRL fingerprint.
-.It Fl hash
-Output a hash of the issuer name.
-This can be used to look up CRLs in a directory by issuer name.
-.It Fl hash_old
-Output an old-style (MD5) hash of the issuer name.
-.It Fl in Ar file
-The input file to read from, or standard input if not specified.
-.It Fl inform Cm der | pem
-The input format.
-.It Fl issuer
-Output the issuer name.
-.It Fl lastupdate
-Output the
-.Cm thisUpdate
-field.
-This option is misnamed for historical reasons.
-.It Fl nameopt Ar option
-Specify certificate name options.
-.It Fl nextupdate
-Output the
-.Cm nextUpdate
-field.
-.It Fl noout
-Do not output the encoded version of the CRL.
-.It Fl out Ar file
-The output file to write to, or standard output if not specified.
-.It Fl outform Cm der | pem
-The output format.
-.It Fl text
-Print the CRL in plain text.
-.It Fl verify
-Verify the signature on the CRL.
-.El
-.Tg crl2pkcs7
-.Sh CRL2PKCS7
-.Bl -hang -width "openssl crl2pkcs7"
-.It Nm openssl crl2pkcs7
-.Bk -words
-.Op Fl certfile Ar file
-.Op Fl in Ar file
-.Op Fl inform Cm der | pem
-.Op Fl nocrl
-.Op Fl out Ar file
-.Op Fl outform Cm der | pem
-.Ek
-.El
-.Pp
-The
-.Nm crl2pkcs7
-command takes an optional CRL and one or more
-certificates and converts them into a PKCS#7 degenerate
-.Qq certificates only
-structure.
-.Pp
-The options are as follows:
-.Bl -tag -width Ds
-.It Fl certfile Ar file
-Add the certificates in PEM
-.Ar file
-to the PKCS#7 structure.
-This option can be used more than once
-to read certificates from multiple files.
-.It Fl in Ar file
-Read the CRL from
-.Ar file ,
-or standard input if not specified.
-.It Fl inform Cm der | pem
-The input format.
-.It Fl nocrl
-Normally, a CRL is included in the output file.
-With this option, no CRL is
-included in the output file and a CRL is not read from the input file.
-.It Fl out Ar file
-Write the PKCS#7 structure to
-.Ar file ,
-or standard output if not specified.
-.It Fl outform Cm der | pem
-The output format.
-.El
-.Tg dgst
-.Sh DGST
-.Bl -hang -width "openssl dgst"
-.It Nm openssl dgst
-.Bk -words
-.Op Fl cdr
-.Op Fl binary
-.Op Fl Ar digest
-.Op Fl hex
-.Op Fl hmac Ar key
-.Op Fl keyform Cm pem
-.Op Fl mac Ar algorithm
-.Op Fl macopt Ar nm : Ns Ar v
-.Op Fl out Ar file
-.Op Fl passin Ar arg
-.Op Fl prverify Ar file
-.Op Fl sign Ar file
-.Op Fl signature Ar file
-.Op Fl sigopt Ar nm : Ns Ar v
-.Op Fl verify Ar file
-.Op Ar
-.Ek
-.El
-.Pp
-The digest functions output the message digest of a supplied
-.Ar file
-or
-.Ar files
-in hexadecimal form.
-They can also be used for digital signing and verification.
-.Pp
-The options are as follows:
-.Bl -tag -width Ds
-.It Fl binary
-Output the digest or signature in binary form.
-.It Fl c
-Print the digest in two-digit groups separated by colons.
-.It Fl d
-Print BIO debugging information.
-.It Fl Ar digest
-Use the specified message
-.Ar digest .
-The default is SHA256.
-The available digests can be displayed using
-.Nm openssl
-.Cm list-message-digest-commands .
-The following are equivalent:
-.Nm openssl dgst
-.Fl sha256
-and
-.Nm openssl
-.Cm sha256 .
-.It Fl hex
-Digest is to be output as a hex dump.
-This is the default case for a
-.Qq normal
-digest as opposed to a digital signature.
-.It Fl hmac Ar key
-Create a hashed MAC using
-.Ar key .
-.It Fl keyform Cm pem
-Specifies the key format to sign the digest with.
-.It Fl mac Ar algorithm
-Create a keyed Message Authentication Code (MAC).
-The most popular MAC algorithm is HMAC (hash-based MAC),
-but there are other MAC algorithms which are not based on hash.
-MAC keys and other options should be set via the
-.Fl macopt
-parameter.
-.It Fl macopt Ar nm : Ns Ar v
-Passes options to the MAC algorithm, specified by
-.Fl mac .
-The following options are supported by HMAC:
-.Bl -tag -width Ds
-.It Cm key : Ns Ar string
-Specifies the MAC key as an alphanumeric string
-(use if the key contain printable characters only).
-String length must conform to any restrictions of the MAC algorithm.
-.It Cm hexkey : Ns Ar string
-Specifies the MAC key in hexadecimal form (two hex digits per byte).
-Key length must conform to any restrictions of the MAC algorithm.
-.El
-.It Fl out Ar file
-The output file to write to,
-or standard output if not specified.
-.It Fl passin Ar arg
-The key password source.
-.It Fl prverify Ar file
-Verify the signature using the private key in
-.Ar file .
-The output is either
-.Qq Verification OK
-or
-.Qq Verification Failure .
-.It Fl r
-Print the digest in coreutils format.
-.It Fl sign Ar file
-Digitally sign the digest using the private key in
-.Ar file .
-.It Fl signature Ar file
-The actual signature to verify.
-.It Fl sigopt Ar nm : Ns Ar v
-Pass options to the signature algorithm during sign or verify operations.
-The names and values of these options are algorithm-specific.
-.It Fl verify Ar file
-Verify the signature using the public key in
-.Ar file .
-The output is either
-.Qq Verification OK
-or
-.Qq Verification Failure .
-.It Ar
-File or files to digest.
-If no files are specified then standard input is used.
-.El
-.Tg dhparam
-.Sh DHPARAM
-.Bl -hang -width "openssl dhparam"
-.It Nm openssl dhparam
-.Bk -words
-.Op Fl 2 | 5
-.Op Fl check
-.Op Fl dsaparam
-.Op Fl in Ar file
-.Op Fl inform Cm der | pem
-.Op Fl noout
-.Op Fl out Ar file
-.Op Fl outform Cm der | pem
-.Op Fl text
-.Op Ar numbits
-.Ek
-.El
-.Pp
-The
-.Nm dhparam
-command is used to manipulate DH parameter files.
-Only the older PKCS#3 DH is supported,
-not the newer X9.42 DH.
-.Pp
-The options are as follows:
-.Bl -tag -width Ds
-.It Fl 2 , 5
-The generator to use;
-2 is the default.
-If present, the input file is ignored and parameters are generated instead.
-.It Fl check
-Check the DH parameters.
-.It Fl dsaparam
-Read or create DSA parameters,
-converted to DH format on output.
-Otherwise,
-.Qq strong
-primes
-.Pq such that (p-1)/2 is also prime
-will be used for DH parameter generation.
-.Pp
-DH parameter generation with the
-.Fl dsaparam
-option is much faster,
-and the recommended exponent length is shorter,
-which makes DH key exchange more efficient.
-Beware that with such DSA-style DH parameters,
-a fresh DH key should be created for each use to
-avoid small-subgroup attacks that may be possible otherwise.
-.It Fl in Ar file
-The input file to read from,
-or standard input if not specified.
-.It Fl inform Cm der | pem
-The input format.
-.It Fl noout
-Do not output the encoded version of the parameters.
-.It Fl out Ar file
-The output file to write to,
-or standard output if not specified.
-.It Fl outform Cm der | pem
-The output format.
-.It Fl text
-Print the DH parameters in plain text.
-.It Ar numbits
-Generate a parameter set of size
-.Ar numbits .
-It must be the last option.
-If not present, a value of 2048 is used.
-If this value is present, the input file is ignored and
-parameters are generated instead.
-.El
-.Tg dsa
-.Sh DSA
-.Bl -hang -width "openssl dsa"
-.It Nm openssl dsa
-.Bk -words
-.Oo
-.Fl aes128 | aes192 | aes256 |
-.Fl des | des3
-.Oc
-.Op Fl in Ar file
-.Op Fl inform Cm der | pem | pvk
-.Op Fl modulus
-.Op Fl noout
-.Op Fl out Ar file
-.Op Fl outform Cm der | pem | pvk
-.Op Fl passin Ar arg
-.Op Fl passout Ar arg
-.Op Fl pubin
-.Op Fl pubout
-.Op Fl pvk-none | pvk-strong | pvk-weak
-.Op Fl text
-.Ek
-.El
-.Pp
-The
-.Nm dsa
-command processes DSA keys.
-They can be converted between various forms and their components printed out.
-.Pp
-.Sy Note :
-This command uses the traditional
-.Nm SSLeay
-compatible format for private key encryption:
-newer applications should use the more secure PKCS#8 format using the
-.Nm pkcs8
-command.
-.Pp
-The options are as follows:
-.Bl -tag -width Ds
-.It Xo
-.Fl aes128 | aes192 | aes256 |
-.Fl des | des3
-.Xc
-Encrypt the private key with the AES, DES, or the triple DES
-ciphers, respectively, before outputting it.
-A pass phrase is prompted for.
-If none of these options are specified, the key is written in plain text.
-This means that using the
-.Nm dsa
-utility to read an encrypted key with no encryption option can be used to
-remove the pass phrase from a key,
-or by setting the encryption options it can be used to add or change
-the pass phrase.
-These options can only be used with PEM format output files.
-.It Fl in Ar file
-The input file to read from,
-or standard input if not specified.
-If the key is encrypted, a pass phrase will be prompted for.
-.It Fl inform Cm der | pem | pvk
-The input format.
-.It Fl modulus
-Print the value of the public key component of the key.
-.It Fl noout
-Do not output the encoded version of the key.
-.It Fl out Ar file
-The output file to write to,
-or standard output if not specified.
-If any encryption options are set then a pass phrase will be
-prompted for.
-.It Fl outform Cm der | pem | pvk
-The output format.
-.It Fl passin Ar arg
-The key password source.
-.It Fl passout Ar arg
-The output file password source.
-.It Fl pubin
-Read in a public key, not a private key.
-.It Fl pubout
-Output a public key, not a private key.
-Automatically set if the input is a public key.
-.It Xo
-.Fl pvk-none | pvk-strong | pvk-weak
-.Xc
-Enable or disable PVK encoding.
-The default is
-.Fl pvk-strong .
-.It Fl text
-Print the public/private key in plain text.
-.El
-.Tg dsaparam
-.Sh DSAPARAM
-.Bl -hang -width "openssl dsaparam"
-.It Nm openssl dsaparam
-.Bk -words
-.Op Fl genkey
-.Op Fl in Ar file
-.Op Fl inform Cm der | pem
-.Op Fl noout
-.Op Fl out Ar file
-.Op Fl outform Cm der | pem
-.Op Fl text
-.Op Ar numbits
-.Ek
-.El
-.Pp
-The
-.Nm dsaparam
-command is used to manipulate or generate DSA parameter files.
-.Pp
-The options are as follows:
-.Bl -tag -width Ds
-.It Fl genkey
-Generate a DSA key either using the specified or generated
-parameters.
-.It Fl in Ar file
-The input file to read from,
-or standard input if not specified.
-If the
-.Ar numbits
-parameter is included, then this option is ignored.
-.It Fl inform Cm der | pem
-The input format.
-.It Fl noout
-Do not output the encoded version of the parameters.
-.It Fl out Ar file
-The output file to write to,
-or standard output if not specified.
-.It Fl outform Cm der | pem
-The output format.
-.It Fl text
-Print the DSA parameters in plain text.
-.It Ar numbits
-Generate a parameter set of size
-.Ar numbits .
-If this option is included, the input file is ignored.
-.El
-.Tg ec
-.Sh EC
-.Bl -hang -width "openssl ec"
-.It Nm openssl ec
-.Bk -words
-.Op Fl conv_form Ar arg
-.Op Fl des
-.Op Fl des3
-.Op Fl in Ar file
-.Op Fl inform Cm der | pem
-.Op Fl noout
-.Op Fl out Ar file
-.Op Fl outform Cm der | pem
-.Op Fl param_enc Ar arg
-.Op Fl param_out
-.Op Fl passin Ar arg
-.Op Fl passout Ar arg
-.Op Fl pubin
-.Op Fl pubout
-.Op Fl text
-.Ek
-.El
-.Pp
-The
-.Nm ec
-command processes EC keys.
-They can be converted between various
-forms and their components printed out.
-.Nm openssl
-uses the private key format specified in
-.Dq SEC 1: Elliptic Curve Cryptography
-.Pq Lk https://www.secg.org/ .
-To convert an
-EC private key into the PKCS#8 private key format use the
-.Nm pkcs8
-command.
-.Pp
-The options are as follows:
-.Bl -tag -width Ds
-.It Fl conv_form Ar arg
-Specify how the points on the elliptic curve are converted
-into octet strings.
-Possible values are:
-.Cm compressed ,
-.Cm uncompressed
-(the default),
-and
-.Cm hybrid .
-For more information regarding
-the point conversion forms see the X9.62 standard.
-Note:
-Due to patent issues the
-.Cm compressed
-option is disabled by default for binary curves
-and can be enabled by defining the preprocessor macro
-.Dv OPENSSL_EC_BIN_PT_COMP
-at compile time.
-.It Fl des | des3
-Encrypt the private key with DES, triple DES, or
-any other cipher supported by
-.Nm openssl .
-A pass phrase is prompted for.
-If none of these options are specified, the key is written in plain text.
-This means that using the
-.Nm ec
-utility to read in an encrypted key with no
-encryption option can be used to remove the pass phrase from a key,
-or by setting the encryption options
-it can be used to add or change the pass phrase.
-These options can only be used with PEM format output files.
-.It Fl in Ar file
-The input file to read a key from,
-or standard input if not specified.
-If the key is encrypted, a pass phrase will be prompted for.
-.It Fl inform Cm der | pem
-The input format.
-.It Fl noout
-Do not output the encoded version of the key.
-.It Fl out Ar file
-The output filename to write to,
-or standard output if not specified.
-If any encryption options are set then a pass phrase will be prompted for.
-.It Fl outform Cm der | pem
-The output format.
-.It Fl param_enc Ar arg
-Specify how the elliptic curve parameters are encoded.
-Possible value are:
-.Cm named_curve ,
-i.e. the EC parameters are specified by an OID; or
-.Cm explicit ,
-where the EC parameters are explicitly given
-(see RFC 3279 for the definition of the EC parameter structures).
-The default value is
-.Cm named_curve .
-Note: the
-.Cm implicitlyCA
-alternative,
-as specified in RFC 3279,
-is currently not implemented.
-.It Fl param_out
-Print the elliptic curve parameters.
-.It Fl passin Ar arg
-The key password source.
-.It Fl passout Ar arg
-The output file password source.
-.It Fl pubin
-Read in a public key, not a private key.
-.It Fl pubout
-Output a public key, not a private key.
-Automatically set if the input is a public key.
-.It Fl text
-Print the public/private key in plain text.
-.El
-.Tg ecparam
-.Sh ECPARAM
-.Bl -hang -width "openssl ecparam"
-.It Nm openssl ecparam
-.Bk -words
-.Op Fl check
-.Op Fl conv_form Ar arg
-.Op Fl genkey
-.Op Fl in Ar file
-.Op Fl inform Cm der | pem
-.Op Fl list_curves
-.Op Fl name Ar arg
-.Op Fl no_seed
-.Op Fl noout
-.Op Fl out Ar file
-.Op Fl outform Cm der | pem
-.Op Fl param_enc Ar arg
-.Op Fl text
-.Ek
-.El
-.Pp
-The
-.Nm ecparam
-command is used to manipulate or generate EC parameter files.
-.Nm openssl
-is not able to generate new groups so
-.Nm ecparam
-can only create EC parameters from known (named) curves.
-.Pp
-The options are as follows:
-.Bl -tag -width Ds
-.It Fl check
-Validate the elliptic curve parameters.
-.It Fl conv_form Ar arg
-Specify how the points on the elliptic curve are converted
-into octet strings.
-Possible values are:
-.Cm compressed ,
-.Cm uncompressed
-(the default),
-and
-.Cm hybrid .
-For more information regarding
-the point conversion forms see the X9.62 standard.
-Note:
-Due to patent issues the
-.Cm compressed
-option is disabled by default for binary curves
-and can be enabled by defining the preprocessor macro
-.Dv OPENSSL_EC_BIN_PT_COMP
-at compile time.
-.It Fl genkey
-Generate an EC private key using the specified parameters.
-.It Fl in Ar file
-The input file to read from,
-or standard input if not specified.
-.It Fl inform Cm der | pem
-The input format.
-.It Fl list_curves
-Print a list of all
-currently implemented EC parameter names and exit.
-.It Fl name Ar arg
-Use the EC parameters with the specified "short" name.
-.It Fl no_seed
-Do not include the seed for the parameter generation
-in the ECParameters structure (see RFC 3279).
-.It Fl noout
-Do not output the encoded version of the parameters.
-.It Fl out Ar file
-The output file to write to,
-or standard output if not specified.
-.It Fl outform Cm der | pem
-The output format.
-.It Fl param_enc Ar arg
-Specify how the elliptic curve parameters are encoded.
-Possible value are:
-.Cm named_curve ,
-i.e. the EC parameters are specified by an OID, or
-.Cm explicit ,
-where the EC parameters are explicitly given
-(see RFC 3279 for the definition of the EC parameter structures).
-The default value is
-.Cm named_curve .
-Note: the
-.Cm implicitlyCA
-alternative, as specified in RFC 3279,
-is currently not implemented.
-.It Fl text
-Print the EC parameters in plain text.
-.El
-.Tg enc
-.Sh ENC
-.Bl -hang -width "openssl enc"
-.It Nm openssl enc
-.Bk -words
-.Fl ciphername
-.Op Fl AadePpv
-.Op Fl base64
-.Op Fl bufsize Ar number
-.Op Fl debug
-.Op Fl in Ar file
-.Op Fl iter Ar iterations
-.Op Fl iv Ar IV
-.Op Fl K Ar key
-.Op Fl k Ar password
-.Op Fl kfile Ar file
-.Op Fl md Ar digest
-.Op Fl none
-.Op Fl nopad
-.Op Fl nosalt
-.Op Fl out Ar file
-.Op Fl pass Ar arg
-.Op Fl pbkdf2
-.Op Fl S Ar salt
-.Op Fl salt
-.Ek
-.El
-.Pp
-The symmetric cipher commands allow data to be encrypted or decrypted
-using various block and stream ciphers using keys based on passwords
-or explicitly provided.
-Base64 encoding or decoding can also be performed either by itself
-or in addition to the encryption or decryption.
-The program can be called either as
-.Nm openssl Ar ciphername
-or
-.Nm openssl enc - Ns Ar ciphername .
-.Pp
-Some of the ciphers do not have large keys and others have security
-implications if not used correctly.
-All the block ciphers normally use PKCS#5 padding,
-also known as standard block padding.
-If padding is disabled, the input data must be a multiple of the cipher
-block length.
-.Pp
-The options are as follows:
-.Bl -tag -width Ds
-.It Fl A
-If the
-.Fl a
-option is set, then base64 process the data on one line.
-.It Fl a , base64
-Base64 process the data.
-This means that if encryption is taking place, the data is base64-encoded
-after encryption.
-If decryption is set, the input data is base64-decoded before
-being decrypted.
-.It Fl bufsize Ar number
-Set the buffer size for I/O.
-.It Fl d
-Decrypt the input data.
-.It Fl debug
-Debug the BIOs used for I/O.
-.It Fl e
-Encrypt the input data.
-This is the default.
-.It Fl in Ar file
-The input file to read from,
-or standard input if not specified.
-.It Fl iter Ar iterations
-Use the pbkdf2 key derivation function, with
-.Ar iterations
-as the number of iterations.
-.It Fl iv Ar IV
-The actual
-.Ar IV
-.Pq initialisation vector
-to use:
-this must be represented as a string comprised only of hex digits.
-When only the
-.Ar key
-is specified using the
-.Fl K
-option,
-the IV must explicitly be defined.
-When a password is being specified using one of the other options,
-the IV is generated from this password.
-.It Fl K Ar key
-The actual
-.Ar key
-to use:
-this must be represented as a string comprised only of hex digits.
-If only the key is specified,
-the IV must also be specified using the
-.Fl iv
-option.
-When both a
-.Ar key
-and a
-.Ar password
-are specified, the
-.Ar key
-given with the
-.Fl K
-option will be used and the IV generated from the password will be taken.
-It probably does not make much sense to specify both
-.Ar key
-and
-.Ar password .
-.It Fl k Ar password
-The
-.Ar password
-to derive the key from.
-Superseded by the
-.Fl pass
-option.
-.It Fl kfile Ar file
-Read the password to derive the key from the first line of
-.Ar file .
-Superseded by the
-.Fl pass
-option.
-.It Fl md Ar digest
-Use
-.Ar digest
-to create a key from a pass phrase.
-Currently, the default value is
-.Cm sha256 .
-.It Fl none
-Use NULL cipher (no encryption or decryption of input).
-.It Fl nopad
-Disable standard block padding.
-.It Fl nosalt
-Don't use a salt in the key derivation routines.
-This option should never be used
-since it makes it possible to perform efficient dictionary
-attacks on the password and to attack stream cipher encrypted data.
-.It Fl out Ar file
-The output file to write to,
-or standard output if not specified.
-.It Fl P
-Print out the salt, key, and IV used, then immediately exit;
-don't do any encryption or decryption.
-.It Fl p
-Print out the salt, key, and IV used.
-.It Fl pass Ar arg
-The password source.
-.It Fl pbkdf2
-Use the pbkdf2 key derivation function, with
-the default of 10000 iterations.
-.It Fl S Ar salt
-The actual
-.Ar salt
-to use:
-this must be represented as a string comprised only of hex digits.
-.It Fl salt
-Use a salt in the key derivation routines (the default).
-When the salt is being used,
-the first eight bytes of the encrypted data are reserved for the salt:
-it is randomly generated when encrypting a file and read from the
-encrypted file when it is decrypted.
-.It Fl v
-Print extra details about the processing.
-.El
-.Tg errstr
-.Sh ERRSTR
-.Nm openssl errstr
-.Ar errno ...
-.Pp
-The
-.Nm errstr
-command performs error number to error string conversion,
-generating a human-readable string representing the error code
-.Ar errno .
-The string is obtained through the
-.Xr ERR_error_string_n 3
-function and has the following format:
-.Pp
-.Dl error:[error code]:[library name]:[function name]:[reason string]
-.Pp
-.Bq error code
-is an 8-digit hexadecimal number.
-The remaining fields
-.Bq library name ,
-.Bq function name ,
-and
-.Bq reason string
-are all ASCII text.
-.Tg gendsa
-.Sh GENDSA
-.Bl -hang -width "openssl gendsa"
-.It Nm openssl gendsa
-.Bk -words
-.Oo
-.Fl aes128 | aes192 | aes256 | camellia128 |
-.Fl camellia192 | camellia256 | des | des3 | idea
-.Oc
-.Op Fl out Ar file
-.Op Fl passout Ar arg
-.Ar paramfile
-.Ek
-.El
-.Pp
-The
-.Nm gendsa
-command generates a DSA private key from a DSA parameter file
-(typically generated by the
-.Nm openssl dsaparam
-command).
-DSA key generation is little more than random number generation so it is
-much quicker than,
-for example,
-RSA key generation.
-.Pp
-The options are as follows:
-.Bl -tag -width Ds
-.It Xo
-.Fl aes128 | aes192 | aes256 |
-.Fl camellia128 | camellia192 | camellia256 |
-.Fl des | des3 |
-.Fl idea
-.Xc
-Encrypt the private key with the AES, CAMELLIA, DES, triple DES
-or the IDEA ciphers, respectively, before outputting it.
-A pass phrase is prompted for.
-If none of these options are specified, no encryption is used.
-.It Fl out Ar file
-The output file to write to,
-or standard output if not specified.
-.It Fl passout Ar arg
-The output file password source.
-.It Ar paramfile
-Specify the DSA parameter file to use.
-The parameters in this file determine the size of the private key.
-.El
-.Tg genpkey
-.Sh GENPKEY
-.Bl -hang -width "openssl genpkey"
-.It Nm openssl genpkey
-.Bk -words
-.Op Fl algorithm Ar alg
-.Op Ar cipher
-.Op Fl genparam
-.Op Fl out Ar file
-.Op Fl outform Cm der | pem
-.Op Fl paramfile Ar file
-.Op Fl pass Ar arg
-.Op Fl pkeyopt Ar opt : Ns Ar value
-.Op Fl text
-.Ek
-.El
-.Pp
-The
-.Nm genpkey
-command generates private keys.
-The use of this
-program is encouraged over the algorithm specific utilities
-because additional algorithm options can be used.
-.Pp
-The options are as follows:
-.Bl -tag -width Ds
-.It Fl algorithm Ar alg
-The public key algorithm to use,
-such as RSA, DSA, or DH.
-This option must precede any
-.Fl pkeyopt
-options.
-The options
-.Fl paramfile
-and
-.Fl algorithm
-are mutually exclusive.
-.It Ar cipher
-Encrypt the private key with the supplied cipher.
-Any algorithm name accepted by
-.Xr EVP_get_cipherbyname 3
-is acceptable.
-.It Fl genparam
-Generate a set of parameters instead of a private key.
-This option must precede any
-.Fl algorithm ,
-.Fl paramfile ,
-or
-.Fl pkeyopt
-options.
-.It Fl out Ar file
-The output file to write to,
-or standard output if not specified.
-.It Fl outform Cm der | pem
-The output format.
-.It Fl paramfile Ar file
-Some public key algorithms generate a private key based on a set of parameters,
-which can be supplied using this option.
-If this option is used, the public key
-algorithm used is determined by the parameters.
-This option must precede any
-.Fl pkeyopt
-options.
-The options
-.Fl paramfile
-and
-.Fl algorithm
-are mutually exclusive.
-.It Fl pass Ar arg
-The output file password source.
-.It Fl pkeyopt Ar opt : Ns Ar value
-Set the public key algorithm option
-.Ar opt
-to
-.Ar value ,
-as follows:
-.Bl -tag -width Ds -offset indent
-.It rsa_keygen_bits : Ns Ar numbits
-(RSA)
-The number of bits in the generated key.
-The default is 2048.
-.It rsa_keygen_pubexp : Ns Ar value
-(RSA)
-The RSA public exponent value.
-This can be a large decimal or hexadecimal value if preceded by 0x.
-The default is 65537.
-.It dsa_paramgen_bits : Ns Ar numbits
-(DSA)
-The number of bits in the generated parameters.
-The default is 1024.
-.It dh_paramgen_prime_len : Ns Ar numbits
-(DH)
-The number of bits in the prime parameter
-.Ar p .
-.It dh_paramgen_generator : Ns Ar value
-(DH)
-The value to use for the generator
-.Ar g .
-.It ec_paramgen_curve : Ns Ar curve
-(EC)
-The elliptic curve to use.
-.El
-.It Fl text
-Print the private/public key in plain text.
-.El
-.Tg genrsa
-.Sh GENRSA
-.Bl -hang -width "openssl genrsa"
-.It Nm openssl genrsa
-.Bk -words
-.Op Fl 3 | f4
-.Oo
-.Fl aes128 | aes192 | aes256 | camellia128 |
-.Fl camellia192 | camellia256 | des | des3 | idea
-.Oc
-.Op Fl out Ar file
-.Op Fl passout Ar arg
-.Op Ar numbits
-.Ek
-.El
-.Pp
-The
-.Nm genrsa
-command generates an RSA private key,
-which essentially involves the generation of two prime numbers.
-When generating the key,
-various symbols will be output to indicate the progress of the generation.
-A
-.Sq \&.
-represents each number which has passed an initial sieve test;
-.Sq +
-means a number has passed a single round of the Miller-Rabin primality test;
-.Sq *
-means the number has failed primality testing
-and needs to be generated afresh.
-A newline means that the number has passed all the prime tests
-(the actual number depends on the key size).
-.Pp
-The options are as follows:
-.Bl -tag -width Ds
-.It Fl 3 | f4
-The public exponent to use, either 3 or 65537.
-The default is 65537.
-.It Xo
-.Fl aes128 | aes192 | aes256 |
-.Fl camellia128 | camellia192 | camellia256 |
-.Fl des | des3 |
-.Fl idea
-.Xc
-Encrypt the private key with the AES, CAMELLIA, DES, triple DES
-or the IDEA ciphers, respectively, before outputting it.
-If none of these options are specified, no encryption is used.
-If encryption is used, a pass phrase is prompted for,
-if it is not supplied via the
-.Fl passout
-option.
-.It Fl out Ar file
-The output file to write to,
-or standard output if not specified.
-.It Fl passout Ar arg
-The output file password source.
-.It Ar numbits
-The size of the private key to generate in bits.
-This must be the last option specified.
-The default is 2048.
-.El
-.Tg ocsp
-.Sh OCSP
-.Bl -hang -width "openssl ocsp"
-.It Nm openssl ocsp
-.Bk -words
-.Op Fl CA Ar file
-.Op Fl CAfile Ar file
-.Op Fl CApath Ar directory
-.Op Fl cert Ar file
-.Op Fl dgst Ar alg
-.Op Fl header Ar name value
-.Op Fl host Ar hostname : Ns Ar port
-.Op Fl ignore_err
-.Op Fl index Ar indexfile
-.Op Fl issuer Ar file
-.Op Fl ndays Ar days
-.Op Fl nmin Ar minutes
-.Op Fl no_cert_checks
-.Op Fl no_cert_verify
-.Op Fl no_certs
-.Op Fl no_chain
-.Op Fl no_explicit
-.Op Fl no_intern
-.Op Fl no_nonce
-.Op Fl no_signature_verify
-.Op Fl nonce
-.Op Fl noverify
-.Op Fl nrequest Ar number
-.Op Fl out Ar file
-.Op Fl path Ar path
-.Op Fl port Ar portnum
-.Op Fl req_text
-.Op Fl reqin Ar file
-.Op Fl reqout Ar file
-.Op Fl resp_key_id
-.Op Fl resp_no_certs
-.Op Fl resp_text
-.Op Fl respin Ar file
-.Op Fl respout Ar file
-.Op Fl rkey Ar file
-.Op Fl rother Ar file
-.Op Fl rsigner Ar file
-.Op Fl serial Ar num
-.Op Fl sign_other Ar file
-.Op Fl signer Ar file
-.Op Fl signkey Ar file
-.Op Fl status_age Ar age
-.Op Fl text
-.Op Fl timeout Ar seconds
-.Op Fl trust_other
-.Op Fl url Ar responder_url
-.Op Fl VAfile Ar file
-.Op Fl validity_period Ar nsec
-.Op Fl verify_other Ar file
-.Ek
-.El
-.Pp
-The Online Certificate Status Protocol (OCSP)
-enables applications to determine the (revocation) state
-of an identified certificate (RFC 2560).
-.Pp
-The
-.Nm ocsp
-command performs many common OCSP tasks.
-It can be used to print out requests and responses,
-create requests and send queries to an OCSP responder,
-and behave like a mini OCSP server itself.
-.Pp
-The options are as follows:
-.Bl -tag -width Ds
-.It Fl CAfile Ar file , Fl CApath Ar directory
-A file or path containing trusted CA certificates,
-used to verify the signature on the OCSP response.
-.It Fl cert Ar file
-Add the certificate
-.Ar file
-to the request.
-The issuer certificate is taken from the previous
-.Fl issuer
-option, or an error occurs if no issuer certificate is specified.
-.It Fl dgst Ar alg
-Use the digest algorithm
-.Ar alg
-for certificate identification in the OCSP request.
-By default SHA1 is used.
-.It Xo
-.Fl host Ar hostname : Ns Ar port ,
-.Fl path Ar path
-.Xc
-Send
-the OCSP request to
-.Ar hostname
-on
-.Ar port .
-.Fl path
-specifies the HTTP path name to use, or
-.Pa /
-by default.
-.It Fl header Ar name value
-Add the header name with the specified value to the OCSP request that is sent
-to the responder.
-This may be repeated.
-.It Fl issuer Ar file
-The current issuer certificate, in PEM format.
-Can be used multiple times and must come before any
-.Fl cert
-options.
-.It Fl no_cert_checks
-Don't perform any additional checks on the OCSP response signer's certificate.
-That is, do not make any checks to see if the signer's certificate is
-authorised to provide the necessary status information:
-as a result this option should only be used for testing purposes.
-.It Fl no_cert_verify
-Don't verify the OCSP response signer's certificate at all.
-Since this option allows the OCSP response to be signed by any certificate,
-it should only be used for testing purposes.
-.It Fl no_certs
-Don't include any certificates in the signed request.
-.It Fl no_chain
-Do not use certificates in the response as additional untrusted CA
-certificates.
-.It Fl no_explicit
-Don't check the explicit trust for OCSP signing in the root CA certificate.
-.It Fl no_intern
-Ignore certificates contained in the OCSP response
-when searching for the signer's certificate.
-The signer's certificate must be specified with either the
-.Fl verify_other
-or
-.Fl VAfile
-options.
-.It Fl no_signature_verify
-Don't check the signature on the OCSP response.
-Since this option tolerates invalid signatures on OCSP responses,
-it will normally only be used for testing purposes.
-.It Fl nonce , no_nonce
-Add an OCSP nonce extension to a request,
-or disable an OCSP nonce addition.
-Normally, if an OCSP request is input using the
-.Fl respin
-option no nonce is added:
-using the
-.Fl nonce
-option will force the addition of a nonce.
-If an OCSP request is being created (using the
-.Fl cert
-and
-.Fl serial
-options),
-a nonce is automatically added; specifying
-.Fl no_nonce
-overrides this.
-.It Fl noverify
-Don't attempt to verify the OCSP response signature or the nonce values.
-This is normally only be used for debugging
-since it disables all verification of the responder's certificate.
-.It Fl out Ar file
-Specify the output file to write to,
-or standard output if not specified.
-.It Fl req_text , resp_text , text
-Print out the text form of the OCSP request, response, or both, respectively.
-.It Fl reqin Ar file , Fl respin Ar file
-Read an OCSP request or response file from
-.Ar file .
-These options are ignored
-if an OCSP request or response creation is implied by other options
-(for example with the
-.Fl serial , cert ,
-and
-.Fl host
-options).
-.It Fl reqout Ar file , Fl respout Ar file
-Write out the DER-encoded certificate request or response to
-.Ar file .
-.It Fl serial Ar num
-Same as the
-.Fl cert
-option except the certificate with serial number
-.Ar num
-is added to the request.
-The serial number is interpreted as a decimal integer unless preceded by
-.Sq 0x .
-Negative integers can also be specified
-by preceding the value with a minus sign.
-.It Fl sign_other Ar file
-Additional certificates to include in the signed request.
-.It Fl signer Ar file , Fl signkey Ar file
-Sign the OCSP request using the certificate specified in the
-.Fl signer
-option and the private key specified by the
-.Fl signkey
-option.
-If the
-.Fl signkey
-option is not present, then the private key is read from the same file
-as the certificate.
-If neither option is specified, the OCSP request is not signed.
-.It Fl timeout Ar seconds
-Connection timeout to the OCSP responder in seconds.
-.It Fl trust_other
-The certificates specified by the
-.Fl verify_other
-option should be explicitly trusted and no additional checks will be
-performed on them.
-This is useful when the complete responder certificate chain is not available
-or trusting a root CA is not appropriate.
-.It Fl url Ar responder_url
-Specify the responder URL.
-Both HTTP and HTTPS
-.Pq SSL/TLS
-URLs can be specified.
-.It Fl VAfile Ar file
-A file containing explicitly trusted responder certificates.
-Equivalent to the
-.Fl verify_other
-and
-.Fl trust_other
-options.
-.It Fl validity_period Ar nsec , Fl status_age Ar age
-The range of times, in seconds, which will be tolerated in an OCSP response.
-Each certificate status response includes a notBefore time
-and an optional notAfter time.
-The current time should fall between these two values,
-but the interval between the two times may be only a few seconds.
-In practice the OCSP responder and clients' clocks may not be precisely
-synchronised and so such a check may fail.
-To avoid this the
-.Fl validity_period
-option can be used to specify an acceptable error range in seconds,
-the default value being 5 minutes.
-.Pp
-If the notAfter time is omitted from a response,
-it means that new status information is immediately available.
-In this case the age of the notBefore field is checked
-to see it is not older than
-.Ar age
-seconds old.
-By default, this additional check is not performed.
-.It Fl verify_other Ar file
-A file containing additional certificates to search
-when attempting to locate the OCSP response signing certificate.
-Some responders omit the actual signer's certificate from the response,
-so this can be used to supply the necessary certificate.
-.El
-.Pp
-The options for the OCSP server are as follows:
-.Bl -tag -width "XXXX"
-.It Fl CA Ar file
-CA certificate corresponding to the revocation information in
-.Ar indexfile .
-.It Fl ignore_err
-Ignore the invalid response.
-.It Fl index Ar indexfile
-.Ar indexfile
-is a text index file in ca format
-containing certificate revocation information.
-.Pp
-If this option is specified,
-.Nm ocsp
-is in responder mode, otherwise it is in client mode.
-The requests the responder processes can be either specified on
-the command line (using the
-.Fl issuer
-and
-.Fl serial
-options), supplied in a file (using the
-.Fl respin
-option), or via external OCSP clients (if
-.Ar port
-or
-.Ar url
-is specified).
-.Pp
-If this option is present, then the
-.Fl CA
-and
-.Fl rsigner
-options must also be present.
-.It Fl nmin Ar minutes , Fl ndays Ar days
-Number of
-.Ar minutes
-or
-.Ar days
-when fresh revocation information is available:
-used in the nextUpdate field.
-If neither option is present,
-the nextUpdate field is omitted,
-meaning fresh revocation information is immediately available.
-.It Fl nrequest Ar number
-Exit after receiving
-.Ar number
-requests (the default is unlimited).
-.It Fl port Ar portnum
-Port to listen for OCSP requests on.
-May also be specified using the
-.Fl url
-option.
-.It Fl resp_key_id
-Identify the signer certificate using the key ID;
-the default is to use the subject name.
-.It Fl resp_no_certs
-Don't include any certificates in the OCSP response.
-.It Fl rkey Ar file
-The private key to sign OCSP responses with;
-if not present, the file specified in the
-.Fl rsigner
-option is used.
-.It Fl rother Ar file
-Additional certificates to include in the OCSP response.
-.It Fl rsigner Ar file
-The certificate to sign OCSP responses with.
-.El
-.Pp
-Initially the OCSP responder certificate is located and the signature on
-the OCSP request checked using the responder certificate's public key.
-Then a normal certificate verify is performed on the OCSP responder certificate
-building up a certificate chain in the process.
-The locations of the trusted certificates used to build the chain can be
-specified by the
-.Fl CAfile
-and
-.Fl CApath
-options or they will be looked for in the standard
-.Nm openssl
-certificates directory.
-.Pp
-If the initial verify fails, the OCSP verify process halts with an error.
-Otherwise the issuing CA certificate in the request is compared to the OCSP
-responder certificate: if there is a match then the OCSP verify succeeds.
-.Pp
-Otherwise the OCSP responder certificate's CA is checked against the issuing
-CA certificate in the request.
-If there is a match and the OCSPSigning extended key usage is present
-in the OCSP responder certificate, then the OCSP verify succeeds.
-.Pp
-Otherwise the root CA of the OCSP responder's CA is checked to see if it
-is trusted for OCSP signing.
-If it is, the OCSP verify succeeds.
-.Pp
-If none of these checks is successful, the OCSP verify fails.
-What this effectively means is that if the OCSP responder certificate is
-authorised directly by the CA it is issuing revocation information about
-(and it is correctly configured),
-then verification will succeed.
-.Pp
-If the OCSP responder is a global responder,
-which can give details about multiple CAs
-and has its own separate certificate chain,
-then its root CA can be trusted for OCSP signing.
-Alternatively, the responder certificate itself can be explicitly trusted
-with the
-.Fl VAfile
-option.
-.Tg passwd
-.Sh PASSWD
-.Bl -hang -width "openssl passwd"
-.It Nm openssl passwd
-.Bk -words
-.Op Fl 1 | apr1 | crypt
-.Op Fl in Ar file
-.Op Fl noverify
-.Op Fl quiet
-.Op Fl reverse
-.Op Fl salt Ar string
-.Op Fl stdin
-.Op Fl table
-.Op Ar password
-.Ek
-.El
-.Pp
-The
-.Nm passwd
-command computes the hash of a password.
-.Pp
-The options are as follows:
-.Bl -tag -width Ds
-.It Fl 1
-Use the MD5 based
-.Bx
-password algorithm
-.Qq 1 .
-.It Fl apr1
-Use the
-.Qq apr1
-algorithm
-.Po
-Apache variant of the
-.Bx
-algorithm
-.Pc .
-.It Fl crypt
-Use the
-.Qq crypt
-algorithm (the default).
-.It Fl in Ar file
-Read passwords from
-.Ar file .
-.It Fl noverify
-Don't verify when reading a password from the terminal.
-.It Fl quiet
-Don't output warnings when passwords given on the command line are truncated.
-.It Fl reverse
-Switch table columns.
-This only makes sense in conjunction with the
-.Fl table
-option.
-.It Fl salt Ar string
-Use the salt specified by
-.Ar string .
-When reading a password from the terminal, this implies
-.Fl noverify .
-.It Fl stdin
-Read passwords from standard input.
-.It Fl table
-In the output list, prepend the cleartext password and a TAB character
-to each password hash.
-.El
-.Tg pkcs7
-.Sh PKCS7
-.Bl -hang -width "openssl pkcs7"
-.It Nm openssl pkcs7
-.Bk -words
-.Op Fl in Ar file
-.Op Fl inform Cm der | pem
-.Op Fl noout
-.Op Fl out Ar file
-.Op Fl outform Cm der | pem
-.Op Fl print
-.Op Fl print_certs
-.Op Fl text
-.Ek
-.El
-.Pp
-The
-.Nm pkcs7
-command processes PKCS#7 files in DER or PEM format.
-The PKCS#7 routines only understand PKCS#7 v 1.5 as specified in RFC 2315.
-.Pp
-The options are as follows:
-.Bl -tag -width Ds
-.It Fl in Ar file
-The input file to read from,
-or standard input if not specified.
-.It Fl inform Cm der | pem
-The input format.
-.It Fl noout
-Don't output the encoded version of the PKCS#7 structure
-(or certificates if
-.Fl print_certs
-is set).
-.It Fl out Ar file
-The output to write to,
-or standard output if not specified.
-.It Fl outform Cm der | pem
-The output format.
-.It Fl print
-Print the ASN.1 representation of PKCS#7 structure.
-.It Fl print_certs
-Print any certificates or CRLs contained in the file,
-preceded by their subject and issuer names in a one-line format.
-.It Fl text
-Print certificate details in full rather than just subject and issuer names.
-.El
-.Tg pkcs8
-.Sh PKCS8
-.Bl -hang -width "openssl pkcs8"
-.It Nm openssl pkcs8
-.Bk -words
-.Op Fl in Ar file
-.Op Fl inform Cm der | pem
-.Op Fl nocrypt
-.Op Fl noiter
-.Op Fl out Ar file
-.Op Fl outform Cm der | pem
-.Op Fl passin Ar arg
-.Op Fl passout Ar arg
-.Op Fl topk8
-.Op Fl v1 Ar alg
-.Op Fl v2 Ar alg
-.Ek
-.El
-.Pp
-The
-.Nm pkcs8
-command processes private keys
-(both encrypted and unencrypted)
-in PKCS#8 format
-with a variety of PKCS#5 (v1.5 and v2.0) and PKCS#12 algorithms.
-The default encryption is only 56 bits;
-keys encrypted using PKCS#5 v2.0 algorithms and high iteration counts
-are more secure.
-.Pp
-The options are as follows:
-.Bl -tag -width Ds
-.It Fl in Ar file
-The input file to read from,
-or standard input if not specified.
-If the key is encrypted, a pass phrase will be prompted for.
-.It Fl inform Cm der | pem
-The input format.
-.It Fl nocrypt
-Generate an unencrypted PrivateKeyInfo structure.
-This option does not encrypt private keys at all
-and should only be used when absolutely necessary.
-.It Fl noiter
-Use an iteration count of 1.
-See the
-.Sx PKCS12
-section below for a detailed explanation of this option.
-.It Fl out Ar file
-The output file to write to,
-or standard output if none is specified.
-If any encryption options are set, a pass phrase will be prompted for.
-.It Fl outform Cm der | pem
-The output format.
-.It Fl passin Ar arg
-The key password source.
-.It Fl passout Ar arg
-The output file password source.
-.It Fl topk8
-Read a traditional format private key and write a PKCS#8 format key.
-.It Fl v1 Ar alg
-Specify a PKCS#5 v1.5 or PKCS#12 algorithm to use.
-.Pp
-.Bl -tag -width "XXXX" -compact
-.It PBE-MD5-DES
-56-bit DES.
-.It PBE-SHA1-RC2-64 | PBE-MD5-RC2-64 | PBE-SHA1-DES
-64-bit RC2 or 56-bit DES.
-.It PBE-SHA1-RC4-128 | PBE-SHA1-RC4-40 | PBE-SHA1-3DES
-.It PBE-SHA1-2DES | PBE-SHA1-RC2-128 | PBE-SHA1-RC2-40
-PKCS#12 password-based encryption algorithm,
-which allow strong encryption algorithms like triple DES or 128-bit RC2.
-.El
-.It Fl v2 Ar alg
-Use PKCS#5 v2.0 algorithms.
-Supports algorithms such as 168-bit triple DES or 128-bit RC2,
-however not many implementations support PKCS#5 v2.0 yet
-(if using private keys with
-.Nm openssl
-this doesn't matter).
-.Pp
-.Ar alg
-is the encryption algorithm to use;
-valid values include des, des3, and rc2.
-It is recommended that des3 is used.
-.El
-.Tg pkcs12
-.Sh PKCS12
-.Bl -hang -width "openssl pkcs12"
-.It Nm openssl pkcs12
-.Bk -words
-.Oo
-.Fl aes128 | aes192 | aes256 | camellia128 |
-.Fl camellia192 | camellia256 | des | des3 | idea
-.Oc
-.Op Fl cacerts
-.Op Fl CAfile Ar file
-.Op Fl caname Ar name
-.Op Fl CApath Ar directory
-.Op Fl certfile Ar file
-.Op Fl certpbe Ar alg
-.Op Fl chain
-.Op Fl clcerts
-.Op Fl descert
-.Op Fl export
-.Op Fl in Ar file
-.Op Fl info
-.Op Fl inkey Ar file
-.Op Fl keyex
-.Op Fl keypbe Ar alg
-.Op Fl keysig
-.Op Fl macalg Ar alg
-.Op Fl maciter
-.Op Fl name Ar name
-.Op Fl nocerts
-.Op Fl nodes
-.Op Fl noiter
-.Op Fl nokeys
-.Op Fl nomac
-.Op Fl nomaciter
-.Op Fl nomacver
-.Op Fl noout
-.Op Fl out Ar file
-.Op Fl passin Ar arg
-.Op Fl passout Ar arg
-.Op Fl password Ar arg
-.Op Fl twopass
-.Ek
-.El
-.Pp
-The
-.Nm pkcs12
-command allows PKCS#12 files
-.Pq sometimes referred to as PFX files
-to be created and parsed.
-By default, a PKCS#12 file is parsed;
-a PKCS#12 file can be created by using the
-.Fl export
-option.
-.Pp
-The options for parsing a PKCS12 file are as follows:
-.Bl -tag -width "XXXX"
-.It Xo
-.Fl aes128 | aes192 | aes256 |
-.Fl camellia128 | camellia192 | camellia256 |
-.Fl des | des3 |
-.Fl idea
-.Xc
-Encrypt private keys using AES, CAMELLIA, DES, triple DES
-or the IDEA ciphers, respectively.
-The default is triple DES.
-.It Fl cacerts
-Only output CA certificates
-.Pq not client certificates .
-.It Fl clcerts
-Only output client certificates
-.Pq not CA certificates .
-.It Fl in Ar file
-The input file to read from,
-or standard input if not specified.
-.It Fl info
-Output additional information about the PKCS#12 file structure,
-algorithms used, and iteration counts.
-.It Fl nocerts
-Do not output certificates.
-.It Fl nodes
-Do not encrypt private keys.
-.It Fl nokeys
-Do not output private keys.
-.It Fl nomacver
-Do not attempt to verify the integrity MAC before reading the file.
-.It Fl noout
-Do not output the keys and certificates to the output file
-version of the PKCS#12 file.
-.It Fl out Ar file
-The output file to write to,
-or standard output if not specified.
-.It Fl passin Ar arg
-The key password source.
-.It Fl passout Ar arg
-The output file password source.
-.It Fl twopass
-Prompt for separate integrity and encryption passwords: most software
-always assumes these are the same so this option will render such
-PKCS#12 files unreadable.
-.El
-.Pp
-The options for PKCS12 file creation are as follows:
-.Bl -tag -width "XXXX"
-.It Fl CAfile Ar file
-CA storage as a file.
-.It Fl CApath Ar directory
-CA storage as a directory.
-The directory must be a standard certificate directory:
-that is, a hash of each subject name (using
-.Nm x509 Fl hash )
-should be linked to each certificate.
-.It Fl caname Ar name
-Specify the
-.Qq friendly name
-for other certificates.
-May be used multiple times to specify names for all certificates
-in the order they appear.
-.It Fl certfile Ar file
-A file to read additional certificates from.
-.It Fl certpbe Ar alg , Fl keypbe Ar alg
-Specify the algorithm used to encrypt the private key and
-certificates to be selected.
-Any PKCS#5 v1.5 or PKCS#12 PBE algorithm name can be used.
-If a cipher name
-(as output by the
-.Cm list-cipher-algorithms
-command) is specified then it
-is used with PKCS#5 v2.0.
-For interoperability reasons it is advisable to only use PKCS#12 algorithms.
-.It Fl chain
-Include the entire certificate chain of the user certificate.
-The standard CA store is used for this search.
-If the search fails, it is considered a fatal error.
-.It Fl descert
-Encrypt the certificate using triple DES; this may render the PKCS#12
-file unreadable by some
-.Qq export grade
-software.
-By default, the private key is encrypted using triple DES and the
-certificate using 40-bit RC2.
-.It Fl export
-Create a PKCS#12 file (rather than parsing one).
-.It Fl in Ar file
-The input file to read from,
-or standard input if not specified.
-The order doesn't matter but one private key and its corresponding
-certificate should be present.
-If additional certificates are present, they will also be included
-in the PKCS#12 file.
-.It Fl inkey Ar file
-File to read a private key from.
-If not present, a private key must be present in the input file.
-.It Fl keyex | keysig
-Specify whether the private key is to be used for key exchange or just signing.
-Normally,
-.Qq export grade
-software will only allow 512-bit RSA keys to be
-used for encryption purposes, but arbitrary length keys for signing.
-The
-.Fl keysig
-option marks the key for signing only.
-Signing only keys can be used for S/MIME signing, authenticode
-(ActiveX control signing)
-and SSL client authentication.
-.It Fl macalg Ar alg
-Specify the MAC digest algorithm.
-The default is SHA1.
-.It Fl maciter
-Included for compatibility only:
-it used to be needed to use MAC iterations counts
-but they are now used by default.
-.It Fl name Ar name
-Specify the
-.Qq friendly name
-for the certificate and private key.
-This name is typically displayed in list boxes by software importing the file.
-.It Fl nomac
-Don't attempt to provide the MAC integrity.
-.It Fl nomaciter , noiter
-Affect the iteration counts on the MAC and key algorithms.
-.Pp
-To discourage attacks by using large dictionaries of common passwords,
-the algorithm that derives keys from passwords can have an iteration count
-applied to it: this causes a certain part of the algorithm to be repeated
-and slows it down.
-The MAC is used to check the file integrity but since it will normally
-have the same password as the keys and certificates it could also be attacked.
-By default, both MAC and encryption iteration counts are set to 2048;
-using these options the MAC and encryption iteration counts can be set to 1.
-Since this reduces the file security, you should not use these options
-unless you really have to.
-Most software supports both MAC and key iteration counts.
-.It Fl out Ar file
-The output file to write to,
-or standard output if not specified.
-.It Fl passin Ar arg
-The key password source.
-.It Fl passout Ar arg
-The output file password source.
-.It Fl password Ar arg
-With
-.Fl export ,
-.Fl password
-is equivalent to
-.Fl passout .
-Otherwise,
-.Fl password
-is equivalent to
-.Fl passin .
-.El
-.Tg pkey
-.Sh PKEY
-.Bl -hang -width "openssl pkey"
-.It Nm openssl pkey
-.Bk -words
-.Op Ar cipher
-.Op Fl in Ar file
-.Op Fl inform Cm der | pem
-.Op Fl noout
-.Op Fl out Ar file
-.Op Fl outform Cm der | pem
-.Op Fl passin Ar arg
-.Op Fl passout Ar arg
-.Op Fl pubin
-.Op Fl pubout
-.Op Fl text
-.Op Fl text_pub
-.Ek
-.El
-.Pp
-The
-.Nm pkey
-command processes public or private keys.
-They can be converted between various forms
-and their components printed out.
-.Pp
-The options are as follows:
-.Bl -tag -width Ds
-.It Ar cipher
-Encrypt the private key with the specified cipher.
-Any algorithm name accepted by
-.Xr EVP_get_cipherbyname 3
-is acceptable, such as
-.Cm des3 .
-.It Fl in Ar file
-The input file to read from,
-or standard input if not specified.
-If the key is encrypted, a pass phrase will be prompted for.
-.It Fl inform Cm der | pem
-The input format.
-.It Fl noout
-Do not output the encoded version of the key.
-.It Fl out Ar file
-The output file to write to,
-or standard output if not specified.
-If any encryption options are set then a pass phrase
-will be prompted for.
-.It Fl outform Cm der | pem
-The output format.
-.It Fl passin Ar arg
-The key password source.
-.It Fl passout Ar arg
-The output file password source.
-.It Fl pubin
-Read in a public key, not a private key.
-.It Fl pubout
-Output a public key, not a private key.
-Automatically set if the input is a public key.
-.It Fl text
-Print the public/private key in plain text.
-.It Fl text_pub
-Print out only public key components
-even if a private key is being processed.
-.El
-.Tg pkeyparam
-.Sh PKEYPARAM
-.Cm openssl pkeyparam
-.Op Fl in Ar file
-.Op Fl noout
-.Op Fl out Ar file
-.Op Fl text
-.Pp
-The
-.Nm pkeyparam
-command processes public or private keys.
-The key type is determined by the PEM headers.
-.Pp
-The options are as follows:
-.Bl -tag -width Ds
-.It Fl in Ar file
-The input file to read from,
-or standard input if not specified.
-.It Fl noout
-Do not output the encoded version of the parameters.
-.It Fl out Ar file
-The output file to write to,
-or standard output if not specified.
-.It Fl text
-Print the parameters in plain text.
-.El
-.Tg pkeyutl
-.Sh PKEYUTL
-.Bl -hang -width "openssl pkeyutl"
-.It Nm openssl pkeyutl
-.Bk -words
-.Op Fl asn1parse
-.Op Fl certin
-.Op Fl decrypt
-.Op Fl derive
-.Op Fl encrypt
-.Op Fl hexdump
-.Op Fl in Ar file
-.Op Fl inkey Ar file
-.Op Fl keyform Cm der | pem
-.Op Fl out Ar file
-.Op Fl passin Ar arg
-.Op Fl peerform Cm der | pem
-.Op Fl peerkey Ar file
-.Op Fl pkeyopt Ar opt : Ns Ar value
-.Op Fl pubin
-.Op Fl rev
-.Op Fl sigfile Ar file
-.Op Fl sign
-.Op Fl verify
-.Op Fl verifyrecover
-.Ek
-.El
-.Pp
-The
-.Nm pkeyutl
-command can be used to perform public key operations using
-any supported algorithm.
-.Pp
-The options are as follows:
-.Bl -tag -width Ds
-.It Fl asn1parse
-ASN.1 parse the output data.
-This is useful when combined with the
-.Fl verifyrecover
-option when an ASN.1 structure is signed.
-.It Fl certin
-The input is a certificate containing a public key.
-.It Fl decrypt
-Decrypt the input data using a private key.
-.It Fl derive
-Derive a shared secret using the peer key.
-.It Fl encrypt
-Encrypt the input data using a public key.
-.It Fl hexdump
-Hex dump the output data.
-.It Fl in Ar file
-The input file to read from,
-or standard input if not specified.
-.It Fl inkey Ar file
-The input key file.
-By default it should be a private key.
-.It Fl keyform Cm der | pem
-The key format.
-.It Fl out Ar file
-The output file to write to,
-or standard output if not specified.
-.It Fl passin Ar arg
-The key password source.
-.It Fl peerform Cm der | pem
-The peer key format.
-.It Fl peerkey Ar file
-The peer key file, used by key derivation (agreement) operations.
-.It Fl pkeyopt Ar opt : Ns Ar value
-Set the public key algorithm option
-.Ar opt
-to
-.Ar value .
-Unless otherwise mentioned, all algorithms support the format
-.Ar digest : Ns Ar alg ,
-which specifies the digest to use
-for sign, verify, and verifyrecover operations.
-The value
-.Ar alg
-should represent a digest name as used in the
-.Xr EVP_get_digestbyname 3
-function.
-.Pp
-The RSA algorithm supports the
-encrypt, decrypt, sign, verify, and verifyrecover operations in general.
-Some padding modes only support some of these
-operations however.
-.Bl -tag -width Ds
-.It rsa_padding_mode : Ns Ar mode
-This sets the RSA padding mode.
-Acceptable values for
-.Ar mode
-are
-.Cm pkcs1
-for PKCS#1 padding;
-.Cm none
-for no padding;
-.Cm oaep
-for OAEP mode;
-.Cm x931
-for X9.31 mode;
-and
-.Cm pss
-for PSS.
-.Pp
-In PKCS#1 padding if the message digest is not set then the supplied data is
-signed or verified directly instead of using a DigestInfo structure.
-If a digest is set then a DigestInfo
-structure is used and its length
-must correspond to the digest type.
-For oeap mode only encryption and decryption is supported.
-For x931 if the digest type is set it is used to format the block data;
-otherwise the first byte is used to specify the X9.31 digest ID.
-Sign, verify, and verifyrecover can be performed in this mode.
-For pss mode only sign and verify are supported and the digest type must be
-specified.
-.It rsa_pss_saltlen : Ns Ar len
-For pss
-mode only this option specifies the salt length.
-Two special values are supported:
--1 sets the salt length to the digest length.
-When signing, -2 sets the salt length to the maximum permissible value.
-When verifying, -2 causes the salt length to be automatically determined
-based on the PSS block structure.
-.El
-.Pp
-The DSA algorithm supports the sign and verify operations.
-Currently there are no additional options other than
-.Ar digest .
-Only the SHA1 digest can be used and this digest is assumed by default.
-.Pp
-The DH algorithm supports the derive operation
-and no additional options.
-.Pp
-The EC algorithm supports the sign, verify, and derive operations.
-The sign and verify operations use ECDSA and derive uses ECDH.
-Currently there are no additional options other than
-.Ar digest .
-Only the SHA1 digest can be used and this digest is assumed by default.
-.It Fl pubin
-The input file is a public key.
-.It Fl rev
-Reverse the order of the input buffer.
-.It Fl sigfile Ar file
-Signature file (verify operation only).
-.It Fl sign
-Sign the input data and output the signed result.
-This requires a private key.
-.It Fl verify
-Verify the input data against the signature file and indicate if the
-verification succeeded or failed.
-.It Fl verifyrecover
-Verify the input data and output the recovered data.
-.El
-.Tg prime
-.Sh PRIME
-.Cm openssl prime
-.Op Fl bits Ar n
-.Op Fl checks Ar n
-.Op Fl generate
-.Op Fl hex
-.Op Fl safe
-.Ar p
-.Pp
-The
-.Nm prime
-command is used to generate prime numbers,
-or to check numbers for primality.
-Results are probabilistic:
-they have an exceedingly high likelihood of being correct,
-but are not guaranteed.
-.Pp
-The options are as follows:
-.Bl -tag -width Ds
-.It Fl bits Ar n
-Specify the number of bits in the generated prime number.
-Must be used in conjunction with
-.Fl generate .
-.It Fl checks Ar n
-Perform a Miller-Rabin probabilistic primality test with
-.Ar n
-iterations.
-The default is 20.
-.It Fl generate
-Generate a pseudo-random prime number.
-Must be used in conjunction with
-.Fl bits .
-.It Fl hex
-Output in hex format.
-.It Fl safe
-Generate only
-.Qq safe
-prime numbers
-(i.e. a prime p so that (p-1)/2 is also prime).
-.It Ar p
-Test if number
-.Ar p
-is prime.
-.El
-.Tg rand
-.Sh RAND
-.Bl -hang -width "openssl rand"
-.It Nm openssl rand
-.Bk -words
-.Op Fl base64
-.Op Fl hex
-.Op Fl out Ar file
-.Ar num
-.Ek
-.El
-.Pp
-The
-.Nm rand
-command outputs
-.Ar num
-pseudo-random bytes.
-.Pp
-The options are as follows:
-.Bl -tag -width Ds
-.It Fl base64
-Perform base64 encoding on the output.
-.It Fl hex
-Specify hexadecimal output.
-.It Fl out Ar file
-The output file to write to,
-or standard output if not specified.
-.El
-.Tg req
-.Sh REQ
-.Bl -hang -width "openssl req"
-.It Nm openssl req
-.Bk -words
-.Op Fl addext Ar ext
-.Op Fl batch
-.Op Fl config Ar file
-.Op Fl days Ar n
-.Op Fl extensions Ar section
-.Op Fl in Ar file
-.Op Fl inform Cm der | pem
-.Op Fl key Ar keyfile
-.Op Fl keyform Cm der | pem
-.Op Fl keyout Ar file
-.Op Fl md4 | md5 | sha1
-.Op Fl modulus
-.Op Fl multivalue-rdn
-.Op Fl nameopt Ar option
-.Op Fl new
-.Op Fl newhdr
-.Op Fl newkey Ar arg
-.Op Fl nodes
-.Op Fl noout
-.Op Fl out Ar file
-.Op Fl outform Cm der | pem
-.Op Fl passin Ar arg
-.Op Fl passout Ar arg
-.Op Fl pkeyopt Ar opt:value
-.Op Fl pubkey
-.Op Fl reqexts Ar section
-.Op Fl reqopt Ar option
-.Op Fl set_serial Ar n
-.Op Fl sigopt Ar nm:v
-.Op Fl subj Ar arg
-.Op Fl subject
-.Op Fl text
-.Op Fl utf8
-.Op Fl verbose
-.Op Fl verify
-.Op Fl x509
-.Ek
-.El
-.Pp
-The
-.Nm req
-command primarily creates and processes certificate requests
-in PKCS#10 format.
-It can additionally create self-signed certificates,
-for use as root CAs, for example.
-.Pp
-The options are as follows:
-.Bl -tag -width Ds
-.It Fl addext Ar ext
-Add a specific extension to the certificate (if the
-.Fl x509
-option is present) or certificate request.
-The argument must have the form of a key=value pair as it would appear in a
-config file.
-This option can be given multiple times.
-.It Fl batch
-Non-interactive mode.
-.It Fl config Ar file
-Specify an alternative configuration file.
-.It Fl days Ar n
-Specify the number of days to certify the certificate for.
-The default is 30 days.
-Used with the
-.Fl x509
-option.
-.It Fl extensions Ar section , Fl reqexts Ar section
-Specify alternative sections to include certificate
-extensions (with
-.Fl x509 )
-or certificate request extensions,
-allowing several different sections to be used in the same configuration file.
-.It Fl in Ar file
-The input file to read a request from,
-or standard input if not specified.
-A request is only read if the creation options
-.Fl new
-and
-.Fl newkey
-are not specified.
-.It Fl inform Cm der | pem
-The input format.
-.It Fl key Ar keyfile
-The file to read the private key from.
-It also accepts PKCS#8 format private keys for PEM format files.
-.It Fl keyform Cm der | pem
-The format of the private key file specified in the
-.Fl key
-argument.
-The default is
-.Cm pem .
-.It Fl keyout Ar file
-The file to write the newly created private key to.
-If this option is not specified,
-the filename present in the configuration file is used.
-.It Fl md5 | sha1 | sha256
-The message digest to sign the request with.
-This overrides the digest algorithm specified in the configuration file.
-.Pp
-Some public key algorithms may override this choice.
-For instance, DSA signatures always use SHA1.
-.It Fl modulus
-Print the value of the modulus of the public key contained in the request.
-.It Fl multivalue-rdn
-This option causes the
-.Fl subj
-argument to be interpreted with full support for multivalued RDNs,
-for example
-.Qq "/DC=org/DC=OpenSSL/DC=users/UID=123456+CN=John Doe" .
-If
-.Fl multivalue-rdn
-is not used, the UID value is set to
-.Qq "123456+CN=John Doe" .
-.It Fl nameopt Ar option , Fl reqopt Ar option
-Determine how the subject or issuer names are displayed.
-.Ar option
-can be a single option or multiple options separated by commas.
-Alternatively, these options may be used more than once to set multiple options.
-See the
-.Sx X509
-section below for details.
-.It Fl new
-Generate a new certificate request.
-The user is prompted for the relevant field values.
-The actual fields prompted for and their maximum and minimum sizes
-are specified in the configuration file and any requested extensions.
-.Pp
-If the
-.Fl key
-option is not used, it will generate a new RSA private
-key using information specified in the configuration file.
-.It Fl newhdr
-Add the word NEW to the PEM file header and footer lines
-on the outputted request.
-Some software and CAs need this.
-.It Fl newkey Ar arg
-Create a new certificate request and a new private key.
-The argument takes one of several forms.
-.Pp
-.No rsa : Ns Ar nbits
-generates an RSA key
-.Ar nbits
-in size.
-If
-.Ar nbits
-is omitted,
-the default key size is used.
-.Pp
-.No dsa : Ns Ar file
-generates a DSA key using the parameters in
-.Ar file .
-.Pp
-.No param : Ns Ar file
-generates a key using the parameters or certificate in
-.Ar file .
-.Pp
-All other algorithms support the form
-.Ar algorithm : Ns Ar file ,
-where file may be an algorithm parameter file,
-created by the
-.Cm genpkey -genparam
-command or an X.509 certificate for a key with appropriate algorithm.
-.Ar file
-can be omitted,
-in which case any parameters can be specified via the
-.Fl pkeyopt
-option.
-.It Fl nodes
-Do not encrypt the private key.
-.It Fl noout
-Do not output the encoded version of the request.
-.It Fl out Ar file
-The output file to write to,
-or standard output if not specified.
-.It Fl outform Cm der | pem
-The output format.
-.It Fl passin Ar arg
-The key password source.
-.It Fl passout Ar arg
-The output file password source.
-.It Fl pkeyopt Ar opt:value
-Set the public key algorithm option
-.Ar opt
-to
-.Ar value .
-.It Fl pubkey
-Output the public key.
-.It Fl reqopt Ar option
-Customise the output format used with
-.Fl text .
-The
-.Ar option
-argument can be a single option or multiple options separated by commas.
-See also the discussion of
-.Fl certopt
-in the
-.Nm x509
-command.
-.It Fl set_serial Ar n
-Serial number to use when outputting a self-signed certificate.
-This may be specified as a decimal value or a hex value if preceded by
-.Sq 0x .
-It is possible to use negative serial numbers but this is not recommended.
-.It Fl sigopt Ar nm:v
-Pass options to the signature algorithm during sign operation.
-The names and values of these options are algorithm-specific.
-.It Fl subj Ar arg
-Replaces the subject field of an input request
-with the specified data and output the modified request.
-.Ar arg
-must be formatted as /type0=value0/type1=value1/type2=...;
-characters may be escaped by
-.Sq \e
-(backslash);
-no spaces are skipped.
-.It Fl subject
-Print the request subject (or certificate subject if
-.Fl x509
-is specified).
-.It Fl text
-Print the certificate request in plain text.
-.It Fl utf8
-Interpret field values as UTF8 strings, not ASCII.
-.It Fl verbose
-Print extra details about the operations being performed.
-.It Fl verify
-Verify the signature on the request.
-.It Fl x509
-Output a self-signed certificate instead of a certificate request.
-This is typically used to generate a test certificate or a self-signed root CA.
-The extensions added to the certificate (if any)
-are specified in the configuration file.
-Unless specified using the
-.Fl set_serial
-option, 0 is used for the serial number.
-.El
-.Pp
-The configuration options are specified in the
-.Qq req
-section of the configuration file.
-The options available are as follows:
-.Bl -tag -width "XXXX"
-.It Cm attributes
-The section containing any request attributes: its format
-is the same as
-.Cm distinguished_name .
-Typically these may contain the challengePassword or unstructuredName types.
-They are currently ignored by the
-.Nm openssl
-request signing utilities, but some CAs might want them.
-.It Cm default_bits
-The default key size, in bits.
-The default is 2048.
-It is used if the
-.Fl new
-option is used and can be overridden by using the
-.Fl newkey
-option.
-.It Cm default_keyfile
-The default file to write a private key to,
-or standard output if not specified.
-It can be overridden by the
-.Fl keyout
-option.
-.It Cm default_md
-The digest algorithm to use.
-Possible values include
-.Cm md5 ,
-.Cm sha1
-and
-.Cm sha256
-(the default).
-It can be overridden on the command line.
-.It Cm distinguished_name
-The section containing the distinguished name fields to
-prompt for when generating a certificate or certificate request.
-The format is described below.
-.It Cm encrypt_key
-If set to
-.Qq no
-and a private key is generated, it is not encrypted.
-It is equivalent to the
-.Fl nodes
-option.
-For compatibility,
-.Cm encrypt_rsa_key
-is an equivalent option.
-.It Cm input_password | output_password
-The passwords for the input private key file (if present)
-and the output private key file (if one will be created).
-The command line options
-.Fl passin
-and
-.Fl passout
-override the configuration file values.
-.It Cm oid_file
-A file containing additional OBJECT IDENTIFIERS.
-Each line of the file should consist of the numerical form of the
-object identifier, followed by whitespace, then the short name followed
-by whitespace and finally the long name.
-.It Cm oid_section
-Specify a section in the configuration file containing extra
-object identifiers.
-Each line should consist of the short name of the
-object identifier followed by
-.Sq =
-and the numerical form.
-The short and long names are the same when this option is used.
-.It Cm prompt
-If set to
-.Qq no ,
-it disables prompting of certificate fields
-and just takes values from the config file directly.
-It also changes the expected format of the
-.Cm distinguished_name
-and
-.Cm attributes
-sections.
-.It Cm req_extensions
-The configuration file section containing a list of
-extensions to add to the certificate request.
-It can be overridden by the
-.Fl reqexts
-option.
-.It Cm string_mask
-Limit the string types for encoding certain fields.
-The following values may be used, limiting strings to the indicated types:
-.Bl -tag -width "MASK:number"
-.It Cm utf8only
-UTF8String.
-This is the default, as recommended by PKIX in RFC 2459.
-.It Cm default
-PrintableString, IA5String, T61String, BMPString, UTF8String.
-.It Cm pkix
-PrintableString, IA5String, BMPString, UTF8String.
-Inspired by the PKIX recommendation in RFC 2459 for certificates
-generated before 2004, but differs by also permitting IA5String.
-.It Cm nombstr
-PrintableString, IA5String, T61String, UniversalString.
-A workaround for some ancient software that had problems
-with the variable-sized BMPString and UTF8String types.
-.It Cm MASK : Ns Ar number
-An explicit bitmask of permitted types, where
-.Ar number
-is a C-style hex, decimal, or octal number that's a bit-wise OR of
-.Dv B_ASN1_*
-values from
-.In openssl/asn1.h .
-.El
-.It Cm utf8
-If set to
-.Qq yes ,
-field values are interpreted as UTF8 strings.
-.It Cm x509_extensions
-The configuration file section containing a list of
-extensions to add to a certificate generated when the
-.Fl x509
-switch is used.
-It can be overridden by the
-.Fl extensions
-command line switch.
-.El
-.Pp
-There are two separate formats for the distinguished name and attribute
-sections.
-If the
-.Fl prompt
-option is set to
-.Qq no ,
-then these sections just consist of field names and values.
-If the
-.Fl prompt
-option is absent or not set to
-.Qq no ,
-then the file contains field prompting information of the form:
-.Bd -unfilled -offset indent
-fieldName="prompt"
-fieldName_default="default field value"
-fieldName_min= 2
-fieldName_max= 4
-.Ed
-.Pp
-.Qq fieldName
-is the field name being used, for example
-.Cm commonName
-(or CN).
-The
-.Qq prompt
-string is used to ask the user to enter the relevant details.
-If the user enters nothing, the default value is used;
-if no default value is present, the field is omitted.
-A field can still be omitted if a default value is present,
-if the user just enters the
-.Sq \&.
-character.
-.Pp
-The number of characters entered must be between the
-fieldName_min and fieldName_max limits:
-there may be additional restrictions based on the field being used
-(for example
-.Cm countryName
-can only ever be two characters long and must fit in a
-.Cm PrintableString ) .
-.Pp
-Some fields (such as
-.Cm organizationName )
-can be used more than once in a DN.
-This presents a problem because configuration files will
-not recognize the same name occurring twice.
-To avoid this problem, if the
-.Cm fieldName
-contains some characters followed by a full stop, they will be ignored.
-So, for example, a second
-.Cm organizationName
-can be input by calling it
-.Qq 1.organizationName .
-.Pp
-The actual permitted field names are any object identifier short or
-long names.
-These are compiled into
-.Nm openssl
-and include the usual values such as
-.Cm commonName , countryName , localityName , organizationName ,
-.Cm organizationalUnitName , stateOrProvinceName .
-Additionally,
-.Cm emailAddress
-is included as well as
-.Cm name , surname , givenName , initials
-and
-.Cm dnQualifier .
-.Pp
-Additional object identifiers can be defined with the
-.Cm oid_file
-or
-.Cm oid_section
-options in the configuration file.
-Any additional fields will be treated as though they were a
-.Cm DirectoryString .
-.Tg rsa
-.Sh RSA
-.Bl -hang -width "openssl rsa"
-.It Nm openssl rsa
-.Bk -words
-.Op Fl aes128 | aes192 | aes256 | des | des3
-.Op Fl check
-.Op Fl in Ar file
-.Op Fl inform Cm der | net | pem | pvk
-.Op Fl modulus
-.Op Fl noout
-.Op Fl out Ar file
-.Op Fl outform Cm der | net | pem | pvk
-.Op Fl passin Ar arg
-.Op Fl passout Ar arg
-.Op Fl pubin
-.Op Fl pubout
-.Op Fl pvk-none | pvk-strong | pvk-weak
-.Op Fl RSAPublicKey_in
-.Op Fl RSAPublicKey_out
-.Op Fl text
-.Ek
-.El
-.Pp
-The
-.Nm rsa
-command processes RSA keys.
-They can be converted between various forms and their components printed out.
-.Nm rsa
-uses the traditional
-.Nm SSLeay
-compatible format for private key encryption:
-newer applications should use the more secure PKCS#8 format using the
-.Nm pkcs8
-utility.
-.Pp
-The options are as follows:
-.Bl -tag -width Ds
-.It Fl aes128 | aes192 | aes256 | des | des3
-Encrypt the private key with the AES, DES,
-or the triple DES ciphers, respectively, before outputting it.
-A pass phrase is prompted for.
-If none of these options are specified, the key is written in plain text.
-This means that using the
-.Nm rsa
-utility to read in an encrypted key with no encryption option can be used
-to remove the pass phrase from a key, or by setting the encryption options
-it can be used to add or change the pass phrase.
-These options can only be used with PEM format output files.
-.It Fl check
-Check the consistency of an RSA private key.
-.It Fl in Ar file
-The input file to read from,
-or standard input if not specified.
-If the key is encrypted, a pass phrase will be prompted for.
-.It Fl inform Cm der | net | pem | pvk
-The input format.
-.It Fl noout
-Do not output the encoded version of the key.
-.It Fl modulus
-Print the value of the modulus of the key.
-.It Fl out Ar file
-The output file to write to,
-or standard output if not specified.
-.It Fl outform Cm der | net | pem | pvk
-The output format.
-.It Fl passin Ar arg
-The key password source.
-.It Fl passout Ar arg
-The output file password source.
-.It Fl pubin
-Read in a public key,
-not a private key.
-.It Fl pubout
-Output a public key,
-not a private key.
-Automatically set if the input is a public key.
-.It Xo
-.Fl pvk-none | pvk-strong | pvk-weak
-.Xc
-Enable or disable PVK encoding.
-The default is
-.Fl pvk-strong .
-.It Fl RSAPublicKey_in , RSAPublicKey_out
-Same as
-.Fl pubin
-and
-.Fl pubout
-except
-.Cm RSAPublicKey
-format is used instead.
-.It Fl text
-Print the public/private key components in plain text.
-.El
-.Tg rsautl
-.Sh RSAUTL
-.Bl -hang -width "openssl rsautl"
-.It Nm openssl rsautl
-.Bk -words
-.Op Fl asn1parse
-.Op Fl certin
-.Op Fl decrypt
-.Op Fl encrypt
-.Op Fl hexdump
-.Op Fl in Ar file
-.Op Fl inkey Ar file
-.Op Fl keyform Cm der | pem
-.Op Fl oaep | pkcs | raw | x931
-.Op Fl out Ar file
-.Op Fl passin Ar arg
-.Op Fl pubin
-.Op Fl rev
-.Op Fl sign
-.Op Fl verify
-.Ek
-.El
-.Pp
-The
-.Nm rsautl
-command can be used to sign, verify, encrypt and decrypt
-data using the RSA algorithm.
-.Pp
-The options are as follows:
-.Bl -tag -width Ds
-.It Fl asn1parse
-Asn1parse the output data; this is useful when combined with the
-.Fl verify
-option.
-.It Fl certin
-The input is a certificate containing an RSA public key.
-.It Fl decrypt
-Decrypt the input data using an RSA private key.
-.It Fl encrypt
-Encrypt the input data using an RSA public key.
-.It Fl hexdump
-Hex dump the output data.
-.It Fl in Ar file
-The input to read from,
-or standard input if not specified.
-.It Fl inkey Ar file
-The input key file; by default an RSA private key.
-.It Fl keyform Cm der | pem
-The private key format.
-The default is
-.Cm pem .
-.It Fl oaep | pkcs | raw | x931
-The padding to use:
-PKCS#1 OAEP, PKCS#1 v1.5 (the default), no padding, or ANSI X9.31,
-respectively.
-For signatures, only
-.Fl pkcs
-and
-.Fl raw
-can be used.
-.It Fl out Ar file
-The output file to write to,
-or standard output if not specified.
-.It Fl passin Ar arg
-The key password source.
-.It Fl pubin
-The input file is an RSA public key.
-.It Fl rev
-Reverse the order of the input buffer.
-.It Fl sign
-Sign the input data and output the signed result.
-This requires an RSA private key.
-.It Fl verify
-Verify the input data and output the recovered data.
-.El
-.Tg s_client
-.Sh S_CLIENT
-.Bl -hang -width "openssl s_client"
-.It Nm openssl s_client
-.Bk -words
-.Op Fl 4 | 6
-.Op Fl alpn Ar protocols
-.Op Fl bugs
-.Op Fl CAfile Ar file
-.Op Fl CApath Ar directory
-.Op Fl cert Ar file
-.Op Fl certform Cm der | pem
-.Op Fl check_ss_sig
-.Op Fl cipher Ar cipherlist
-.Op Fl connect Ar host Ns Op : Ns Ar port
-.Op Fl crl_check
-.Op Fl crl_check_all
-.Op Fl crlf
-.Op Fl debug
-.Op Fl dtls
-.Op Fl dtls1_2
-.Op Fl extended_crl
-.Op Fl groups Ar list
-.Op Fl host Ar host
-.Op Fl ign_eof
-.Op Fl ignore_critical
-.Op Fl issuer_checks
-.Op Fl key Ar keyfile
-.Op Fl keyform Cm der | pem
-.Op Fl keymatexport Ar label
-.Op Fl keymatexportlen Ar len
-.Op Fl legacy_server_connect
-.Op Fl msg
-.Op Fl mtu Ar mtu
-.Op Fl nbio
-.Op Fl nbio_test
-.Op Fl no_comp
-.Op Fl no_ign_eof
-.Op Fl no_legacy_server_connect
-.Op Fl no_ticket
-.Op Fl no_tls1_2
-.Op Fl no_tls1_3
-.Op Fl pass Ar arg
-.Op Fl policy_check
-.Op Fl port Ar port
-.Op Fl prexit
-.Op Fl proxy Ar host : Ns Ar port
-.Op Fl quiet
-.Op Fl reconnect
-.Op Fl servername Ar name
-.Op Fl serverpref
-.Op Fl sess_in Ar file
-.Op Fl sess_out Ar file
-.Op Fl showcerts
-.Op Fl starttls Ar protocol
-.Op Fl state
-.Op Fl status
-.Op Fl timeout
-.Op Fl tls1_2
-.Op Fl tls1_3
-.Op Fl tlsextdebug
-.Op Fl use_srtp Ar profiles
-.Op Fl verify Ar depth
-.Op Fl verify_return_error
-.Op Fl x509_strict
-.Op Fl xmpphost Ar host
-.Ek
-.El
-.Pp
-The
-.Nm s_client
-command implements a generic SSL/TLS client which connects
-to a remote host using SSL/TLS.
-.Pp
-If a connection is established with an SSL server, any data received
-from the server is displayed and any key presses will be sent to the
-server.
-When used interactively (which means neither
-.Fl quiet
-nor
-.Fl ign_eof
-have been given), the session will be renegotiated if the line begins with an
-.Cm R ;
-if the line begins with a
-.Cm Q
-or if end of file is reached, the connection will be closed down.
-.Pp
-The options are as follows:
-.Bl -tag -width Ds
-.It Fl 4
-Attempt connections using IPv4 only.
-.It Fl 6
-Attempt connections using IPv6 only.
-.It Fl alpn Ar protocols
-Enable the Application-Layer Protocol Negotiation.
-.Ar protocols
-is a comma-separated list of protocol names that the client should advertise
-support for.
-.It Fl bugs
-Enable various workarounds for buggy implementations.
-.It Fl CAfile Ar file
-A
-.Ar file
-containing trusted certificates to use during server authentication
-and to use when attempting to build the client certificate chain.
-.It Fl CApath Ar directory
-The
-.Ar directory
-to use for server certificate verification.
-This directory must be in
-.Qq hash format ;
-see
-.Fl verify
-for more information.
-These are also used when building the client certificate chain.
-.It Fl cert Ar file
-The certificate to use, if one is requested by the server.
-The default is not to use a certificate.
-.It Fl certform Cm der | pem
-The certificate format.
-The default is
-.Cm pem .
-.It Xo
-.Fl check_ss_sig ,
-.Fl crl_check ,
-.Fl crl_check_all ,
-.Fl extended_crl ,
-.Fl ignore_critical ,
-.Fl issuer_checks ,
-.Fl policy_check ,
-.Fl x509_strict
-.Xc
-Set various certificate chain validation options.
-See the
-.Nm verify
-command for details.
-.It Fl cipher Ar cipherlist
-Modify the cipher list sent by the client.
-Although the server determines which cipher suite is used, it should take
-the first supported cipher in the list sent by the client.
-See the
-.Nm ciphers
-command for more information.
-.It Fl connect Ar host Ns Op : Ns Ar port
-The
-.Ar host
-and
-.Ar port
-to connect to.
-If not specified, an attempt is made to connect to the local host
-on port 4433.
-Alternatively, the host and port pair may be separated using a forward-slash
-character,
-which is useful for numeric IPv6 addresses.
-.It Fl crlf
-Translate a line feed from the terminal into CR+LF,
-as required by some servers.
-.It Fl debug
-Print extensive debugging information, including a hex dump of all traffic.
-.It Fl dtls
-Permit any version of DTLS.
-.It Fl dtls1_2
-Permit only DTLS1.2.
-.It Fl groups Ar list
-Set the supported elliptic curve groups to the colon separated
-.Ar list
-of group NIDs or names as documented in
-.Xr SSL_CTX_set1_groups_list 3 .
-.It Fl host Ar host
-The
-.Ar host
-to connect to.
-The default is localhost.
-.It Fl ign_eof
-Inhibit shutting down the connection when end of file is reached in the input.
-.It Fl key Ar keyfile
-The private key to use.
-If not specified, the certificate file will be used.
-.It Fl keyform Cm der | pem
-The private key format.
-The default is
-.Cm pem .
-.It Fl keymatexport Ar label
-Export keying material using label.
-.It Fl keymatexportlen Ar len
-Export len bytes of keying material (default 20).
-.It Fl legacy_server_connect , no_legacy_server_connect
-Allow or disallow initial connection to servers that don't support RI.
-.It Fl msg
-Show all protocol messages with hex dump.
-.It Fl mtu Ar mtu
-Set the link layer MTU.
-.It Fl nbio
-Turn on non-blocking I/O.
-.It Fl nbio_test
-Test non-blocking I/O.
-.It Fl no_ign_eof
-Shut down the connection when end of file is reached in the input.
-Can be used to override the implicit
-.Fl ign_eof
-after
-.Fl quiet .
-.It Fl no_tls1_2 | no_tls1_3
-Disable the use of TLS1.2 and 1.3, respectively.
-.It Fl no_ticket
-Disable RFC 4507 session ticket support.
-.It Fl pass Ar arg
-The private key password source.
-.It Fl port Ar port
-The
-.Ar port
-to connect to.
-The default is 4433.
-.It Fl prexit
-Print session information when the program exits.
-This will always attempt
-to print out information even if the connection fails.
-Normally, information will only be printed out once if the connection succeeds.
-This option is useful because the cipher in use may be renegotiated
-or the connection may fail because a client certificate is required or is
-requested only after an attempt is made to access a certain URL.
-Note that the output produced by this option is not always accurate
-because a connection might never have been established.
-.It Fl proxy Ar host : Ns Ar port
-Use the HTTP proxy at
-.Ar host
-and
-.Ar port .
-The connection to the proxy is done in cleartext and the
-.Fl connect
-argument is given to the proxy.
-If not specified, localhost is used as final destination.
-After that, switch the connection through the proxy to the destination
-to TLS.
-.It Fl quiet
-Inhibit printing of session and certificate information.
-This implicitly turns on
-.Fl ign_eof
-as well.
-.It Fl reconnect
-Reconnect to the same server 5 times using the same session ID; this can
-be used as a test that session caching is working.
-.It Fl servername Ar name
-Include the TLS Server Name Indication (SNI) extension in the ClientHello
-message, using the specified server
-.Ar name .
-.It Fl showcerts
-Display the whole server certificate chain: normally only the server
-certificate itself is displayed.
-.It Fl serverpref
-Use the server's cipher preferences.
-.It Fl sess_in Ar file
-Load TLS session from file.
-The client will attempt to resume a connection from this session.
-.It Fl sess_out Ar file
-Output TLS session to file.
-.It Fl starttls Ar protocol
-Send the protocol-specific messages to switch to TLS for communication.
-.Ar protocol
-is a keyword for the intended protocol.
-Currently, the supported keywords are
-.Qq ftp ,
-.Qq imap ,
-.Qq smtp ,
-.Qq pop3 ,
-and
-.Qq xmpp .
-.It Fl state
-Print the SSL session states.
-.It Fl status
-Send a certificate status request to the server (OCSP stapling).
-The server response (if any) is printed out.
-.It Fl timeout
-Enable send/receive timeout on DTLS connections.
-.It Fl tls1_2 | tls1_3
-Permit only TLS1.2 or 1.3 respectively.
-.It Fl tlsextdebug
-Print a hex dump of any TLS extensions received from the server.
-.It Fl use_srtp Ar profiles
-Offer SRTP key management with a colon-separated profile list.
-.It Fl verify Ar depth
-Turn on server certificate verification,
-with a maximum length of
-.Ar depth .
-Currently the verify operation continues after errors so all the problems
-with a certificate chain can be seen.
-As a side effect the connection will never fail due to a server
-certificate verify failure.
-.It Fl verify_return_error
-Return verification error.
-.It Fl xmpphost Ar hostname
-When used with
-.Fl starttls Ar xmpp ,
-specify the host for the "to" attribute of the stream element.
-If this option is not specified then the host specified with
-.Fl connect
-will be used.
-.El
-.Tg s_server
-.Sh S_SERVER
-.Bl -hang -width "openssl s_server"
-.It Nm openssl s_server
-.Bk -words
-.Op Fl accept Ar port
-.Op Fl alpn Ar protocols
-.Op Fl bugs
-.Op Fl CAfile Ar file
-.Op Fl CApath Ar directory
-.Op Fl cert Ar file
-.Op Fl cert2 Ar file
-.Op Fl certform Cm der | pem
-.Op Fl cipher Ar cipherlist
-.Op Fl context Ar id
-.Op Fl crl_check
-.Op Fl crl_check_all
-.Op Fl crlf
-.Op Fl dcert Ar file
-.Op Fl dcertform Cm der | pem
-.Op Fl debug
-.Op Fl dhparam Ar file
-.Op Fl dkey Ar file
-.Op Fl dkeyform Cm der | pem
-.Op Fl dpass Ar arg
-.Op Fl dtls
-.Op Fl dtls1
-.Op Fl dtls1_2
-.Op Fl groups Ar list
-.Op Fl HTTP
-.Op Fl id_prefix Ar arg
-.Op Fl key Ar keyfile
-.Op Fl key2 Ar keyfile
-.Op Fl keyform Cm der | pem
-.Op Fl keymatexport Ar label
-.Op Fl keymatexportlen Ar len
-.Op Fl msg
-.Op Fl mtu Ar mtu
-.Op Fl naccept Ar num
-.Op Fl named_curve Ar arg
-.Op Fl nbio
-.Op Fl nbio_test
-.Op Fl no_cache
-.Op Fl no_dhe
-.Op Fl no_ecdhe
-.Op Fl no_ticket
-.Op Fl no_tls1_2
-.Op Fl no_tls1_3
-.Op Fl no_tmp_rsa
-.Op Fl nocert
-.Op Fl pass Ar arg
-.Op Fl quiet
-.Op Fl servername Ar name
-.Op Fl servername_fatal
-.Op Fl serverpref
-.Op Fl state
-.Op Fl status
-.Op Fl status_timeout Ar nsec
-.Op Fl status_url Ar url
-.Op Fl status_verbose
-.Op Fl timeout
-.Op Fl tls1_2
-.Op Fl tls1_3
-.Op Fl tlsextdebug
-.Op Fl use_srtp Ar profiles
-.Op Fl Verify Ar depth
-.Op Fl verify Ar depth
-.Op Fl verify_return_error
-.Op Fl WWW
-.Op Fl www
-.Ek
-.El
-.Pp
-The
-.Nm s_server
-command implements a generic SSL/TLS server which listens
-for connections on a given port using SSL/TLS.
-.Pp
-If a connection request is established with a client and neither the
-.Fl www
-nor the
-.Fl WWW
-option has been used, then any data received
-from the client is displayed and any key presses are sent to the client.
-Certain single letter commands perform special operations:
-.Pp
-.Bl -tag -width "XXXX" -compact
-.It Ic P
-Send plain text, which should cause the client to disconnect.
-.It Ic Q
-End the current SSL connection and exit.
-.It Ic q
-End the current SSL connection, but still accept new connections.
-.It Ic R
-Renegotiate the SSL session and request a client certificate.
-.It Ic r
-Renegotiate the SSL session.
-.It Ic S
-Print out some session cache status information.
-.El
-.Pp
-The options are as follows:
-.Bl -tag -width Ds
-.It Fl accept Ar port
-Listen on TCP
-.Ar port
-for connections.
-The default is port 4433.
-.It Fl alpn Ar protocols
-Enable the Application-Layer Protocol Negotiation.
-.Ar protocols
-is a comma-separated list of supported protocol names.
-.It Fl bugs
-Enable various workarounds for buggy implementations.
-.It Fl CAfile Ar file
-A
-.Ar file
-containing trusted certificates to use during client authentication
-and to use when attempting to build the server certificate chain.
-The list is also used in the list of acceptable client CAs passed to the
-client when a certificate is requested.
-.It Fl CApath Ar directory
-The
-.Ar directory
-to use for client certificate verification.
-This directory must be in
-.Qq hash format ;
-see
-.Fl verify
-for more information.
-These are also used when building the server certificate chain.
-.It Fl cert Ar file
-The certificate to use: most server's cipher suites require the use of a
-certificate and some require a certificate with a certain public key type.
-For example, the DSS cipher suites require a certificate containing a DSS
-(DSA) key.
-If not specified, the file
-.Pa server.pem
-will be used.
-.It Fl cert2 Ar file
-The certificate to use for servername.
-.It Fl certform Cm der | pem
-The certificate format.
-The default is
-.Cm pem .
-.It Fl cipher Ar cipherlist
-Modify the cipher list used by the server.
-This allows the cipher list used by the server to be modified.
-When the client sends a list of supported ciphers, the first client cipher
-also included in the server list is used.
-Because the client specifies the preference order, the order of the server
-cipherlist is irrelevant.
-See the
-.Nm ciphers
-command for more information.
-.It Fl context Ar id
-Set the SSL context ID.
-It can be given any string value.
-.It Fl crl_check , crl_check_all
-Check the peer certificate has not been revoked by its CA.
-The CRLs are appended to the certificate file.
-.Fl crl_check_all
-checks all CRLs of all CAs in the chain.
-.It Fl crlf
-Translate a line feed from the terminal into CR+LF.
-.It Fl dcert Ar file , Fl dkey Ar file
-Specify an additional certificate and private key; these behave in the
-same manner as the
-.Fl cert
-and
-.Fl key
-options except there is no default if they are not specified
-(no additional certificate or key is used).
-By using RSA and DSS certificates and keys,
-a server can support clients which only support RSA or DSS cipher suites
-by using an appropriate certificate.
-.It Fl dcertform Cm der | pem , Fl dkeyform Cm der | pem , Fl dpass Ar arg
-Additional certificate and private key format, and private key password source,
-respectively.
-.It Fl debug
-Print extensive debugging information, including a hex dump of all traffic.
-.It Fl dhparam Ar file
-The DH parameter file to use.
-The ephemeral DH cipher suites generate keys
-using a set of DH parameters.
-If not specified, an attempt is made to
-load the parameters from the server certificate file.
-If this fails, a static set of parameters hard coded into the
-.Nm s_server
-program will be used.
-.It Fl dtls
-Permit any version of DTLS.
-.It Fl dtls1_2
-Permit only DTLS1.2.
-.It Fl groups Ar list
-Set the supported elliptic curve groups to the colon separated
-.Ar list
-of group NIDs or names as documented in
-.Xr SSL_CTX_set1_groups_list 3 .
-.It Fl HTTP
-Emulate a simple web server.
-Pages are resolved relative to the current directory.
-For example if the URL
-.Pa https://myhost/page.html
-is requested, the file
-.Pa ./page.html
-will be loaded.
-The files loaded are assumed to contain a complete and correct HTTP
-response (lines that are part of the HTTP response line and headers
-must end with CRLF).
-.It Fl id_prefix Ar arg
-Generate SSL/TLS session IDs prefixed by
-.Ar arg .
-This is mostly useful for testing any SSL/TLS code
-that wish to deal with multiple servers,
-when each of which might be generating a unique range of session IDs.
-.It Fl key Ar keyfile
-The private key to use.
-If not specified, the certificate file will be used.
-.It Fl key2 Ar keyfile
-The private key to use for servername.
-.It Fl keyform Cm der | pem
-The private key format.
-The default is
-.Cm pem .
-.It Fl keymatexport Ar label
-Export keying material using label.
-.It Fl keymatexportlen Ar len
-Export len bytes of keying material (default 20).
-.It Fl msg
-Show all protocol messages with hex dump.
-.It Fl mtu Ar mtu
-Set the link layer MTU.
-.It Fl naccept Ar num
-Terminate server after
-.Ar num
-connections.
-.It Fl named_curve Ar arg
-Specify the elliptic curve name to use for ephemeral ECDH keys.
-This option is deprecated; use
-.Fl groups
-instead.
-.It Fl nbio
-Turn on non-blocking I/O.
-.It Fl nbio_test
-Test non-blocking I/O.
-.It Fl no_cache
-Disable session caching.
-.It Fl no_dhe
-Disable ephemeral DH cipher suites.
-.It Fl no_ecdhe
-Disable ephemeral ECDH cipher suites.
-.It Fl no_ticket
-Disable RFC 4507 session ticket support.
-.It Fl no_tls1_2 | no_tls1_3
-Disable the use of TLS1.2 and 1.3, respectively.
-.It Fl no_tmp_rsa
-Disable temporary RSA key generation.
-.It Fl nocert
-Do not use a certificate.
-This restricts the cipher suites available to the anonymous ones
-(currently just anonymous DH).
-.It Fl pass Ar arg
-The private key password source.
-.It Fl quiet
-Inhibit printing of session and certificate information.
-.It Fl servername Ar name
-Set the TLS Server Name Indication (SNI) extension with
-.Ar name .
-.It Fl servername_fatal
-Send fatal alert if servername does not match.
-The default is warning alert.
-.It Fl serverpref
-Use server's cipher preferences.
-.It Fl state
-Print the SSL session states.
-.It Fl status
-Enables certificate status request support (OCSP stapling).
-.It Fl status_timeout Ar nsec
-Sets the timeout for OCSP response in seconds.
-.It Fl status_url Ar url
-Sets a fallback responder URL to use if no responder URL is present in the
-server certificate.
-Without this option, an error is returned if the server certificate does not
-contain a responder address.
-.It Fl status_verbose
-Enables certificate status request support (OCSP stapling) and gives a verbose
-printout of the OCSP response.
-.It Fl timeout
-Enable send/receive timeout on DTLS connections.
-.It Fl tls1_2 | tls1_3
-Permit only TLS1.2, or 1.3, respectively.
-.It Fl tlsextdebug
-Print a hex dump of any TLS extensions received from the server.
-.It Fl use_srtp Ar profiles
-Offer SRTP key management with a colon-separated profile list.
-.It Fl verify_return_error
-Return verification error.
-.It Fl WWW
-Emulate a simple web server.
-Pages are resolved relative to the current directory.
-For example if the URL
-.Pa https://myhost/page.html
-is requested, the file
-.Pa ./page.html
-will be loaded.
-.It Fl www
-Send a status message to the client when it connects,
-including information about the ciphers used and various session parameters.
-The output is in HTML format so this option will normally be used with a
-web browser.
-.It Fl Verify Ar depth , Fl verify Ar depth
-Request a certificate chain from the client,
-with a maximum length of
-.Ar depth .
-With
-.Fl Verify ,
-the client must supply a certificate or an error occurs;
-with
-.Fl verify ,
-a certificate is requested but the client does not have to send one.
-.El
-.Tg s_time
-.Sh S_TIME
-.Bl -hang -width "openssl s_time"
-.It Nm openssl s_time
-.Bk -words
-.Op Fl bugs
-.Op Fl CAfile Ar file
-.Op Fl CApath Ar directory
-.Op Fl cert Ar file
-.Op Fl cipher Ar cipherlist
-.Op Fl connect Ar host Ns Op : Ns Ar port
-.Op Fl key Ar keyfile
-.Op Fl nbio
-.Op Fl new
-.Op Fl no_shutdown
-.Op Fl reuse
-.Op Fl time Ar seconds
-.Op Fl verify Ar depth
-.Op Fl www Ar page
-.Ek
-.El
-.Pp
-The
-.Nm s_time
-command implements a generic SSL/TLS client which connects to a
-remote host using SSL/TLS.
-It can request a page from the server and includes
-the time to transfer the payload data in its timing measurements.
-It measures the number of connections within a given timeframe,
-the amount of data transferred
-.Pq if any ,
-and calculates the average time spent for one connection.
-.Pp
-The options are as follows:
-.Bl -tag -width Ds
-.It Fl bugs
-Enable various workarounds for buggy implementations.
-.It Fl CAfile Ar file
-A
-.Ar file
-containing trusted certificates to use during server authentication
-and to use when attempting to build the client certificate chain.
-.It Fl CApath Ar directory
-The directory to use for server certificate verification.
-This directory must be in
-.Qq hash format ;
-see
-.Nm verify
-for more information.
-These are also used when building the client certificate chain.
-.It Fl cert Ar file
-The certificate to use, if one is requested by the server.
-The default is not to use a certificate.
-.It Fl cipher Ar cipherlist
-Modify the cipher list sent by the client.
-Although the server determines which cipher suite is used,
-it should take the first supported cipher in the list sent by the client.
-See the
-.Nm ciphers
-command for more information.
-.It Fl connect Ar host Ns Op : Ns Ar port
-The host and port to connect to.
-.It Fl key Ar keyfile
-The private key to use.
-If not specified, the certificate file will be used.
-.It Fl nbio
-Turn on non-blocking I/O.
-.It Fl new
-Perform the timing test using a new session ID for each connection.
-If neither
-.Fl new
-nor
-.Fl reuse
-are specified,
-they are both on by default and executed in sequence.
-.It Fl no_shutdown
-Shut down the connection without sending a
-.Qq close notify
-shutdown alert to the server.
-.It Fl reuse
-Perform the timing test using the same session ID for each connection.
-If neither
-.Fl new
-nor
-.Fl reuse
-are specified,
-they are both on by default and executed in sequence.
-.It Fl time Ar seconds
-Limit
-.Nm s_time
-benchmarks to the number of
-.Ar seconds .
-The default is 30 seconds.
-.It Fl verify Ar depth
-Turn on server certificate verification,
-with a maximum length of
-.Ar depth .
-Currently the verify operation continues after errors, so all the problems
-with a certificate chain can be seen.
-As a side effect,
-the connection will never fail due to a server certificate verify failure.
-.It Fl www Ar page
-The page to GET from the server.
-A value of
-.Sq /
-gets the index.htm[l] page.
-If this parameter is not specified,
-.Nm s_time
-will only perform the handshake to establish SSL connections
-but not transfer any payload data.
-.El
-.Tg sess_id
-.Sh SESS_ID
-.Bl -hang -width "openssl sess_id"
-.It Nm openssl sess_id
-.Bk -words
-.Op Fl cert
-.Op Fl context Ar ID
-.Op Fl in Ar file
-.Op Fl inform Cm der | pem
-.Op Fl noout
-.Op Fl out Ar file
-.Op Fl outform Cm der | pem
-.Op Fl text
-.Ek
-.El
-.Pp
-The
-.Nm sess_id
-program processes the encoded version of the SSL session structure and
-optionally prints out SSL session details
-(for example the SSL session master key)
-in human-readable format.
-.Pp
-The options are as follows:
-.Bl -tag -width Ds
-.It Fl cert
-If a certificate is present in the session,
-it will be output using this option;
-if the
-.Fl text
-option is also present, then it will be printed out in text form.
-.It Fl context Ar ID
-Set the session
-.Ar ID .
-The ID can be any string of characters.
-.It Fl in Ar file
-The input file to read from,
-or standard input if not specified.
-.It Fl inform Cm der | pem
-The input format.
-.Cm der
-uses an ASN.1 DER-encoded format containing session details.
-The precise format can vary from one version to the next.
-.Cm pem
-is the default format: it consists of the DER
-format base64-encoded with additional header and footer lines.
-.It Fl noout
-Do not output the encoded version of the session.
-.It Fl out Ar file
-The output file to write to,
-or standard output if not specified.
-.It Fl outform Cm der | pem
-The output format.
-.It Fl text
-Print the various public or private key components in plain text,
-in addition to the encoded version.
-.El
-.Pp
-The output of
-.Nm sess_id
-is composed as follows:
-.Pp
-.Bl -tag -width "Verify return code " -offset 3n -compact
-.It Protocol
-The protocol in use.
-.It Cipher
-The actual raw SSL or TLS cipher code.
-.It Session-ID
-The SSL session ID, in hex format.
-.It Session-ID-ctx
-The session ID context, in hex format.
-.It Master-Key
-The SSL session master key.
-.It Key-Arg
-The key argument; this is only used in SSL v2.
-.It Start Time
-The session start time.
-.Ux
-format.
-.It Timeout
-The timeout, in seconds.
-.It Verify return code
-The return code when a certificate is verified.
-.El
-.Pp
-Since the SSL session output contains the master key, it is possible to read
-the contents of an encrypted session using this information.
-Therefore appropriate security precautions
-should be taken if the information is being output by a
-.Qq real
-application.
-This is, however, strongly discouraged and should only be used for
-debugging purposes.
-.Tg smime
-.Sh SMIME
-.Bl -hang -width "openssl smime"
-.It Nm openssl smime
-.Bk -words
-.Oo
-.Fl aes128 | aes192 | aes256 | des |
-.Fl des3 | rc2-40 | rc2-64 | rc2-128
-.Oc
-.Op Fl binary
-.Op Fl CAfile Ar file
-.Op Fl CApath Ar directory
-.Op Fl certfile Ar file
-.Op Fl check_ss_sig
-.Op Fl content Ar file
-.Op Fl crl_check
-.Op Fl crl_check_all
-.Op Fl decrypt
-.Op Fl encrypt
-.Op Fl extended_crl
-.Op Fl from Ar addr
-.Op Fl ignore_critical
-.Op Fl in Ar file
-.Op Fl indef
-.Op Fl inform Cm der | pem | smime
-.Op Fl inkey Ar file
-.Op Fl issuer_checks
-.Op Fl keyform Cm der | pem
-.Op Fl md Ar digest
-.Op Fl noattr
-.Op Fl nocerts
-.Op Fl nochain
-.Op Fl nodetach
-.Op Fl noindef
-.Op Fl nointern
-.Op Fl nosigs
-.Op Fl nosmimecap
-.Op Fl noverify
-.Op Fl out Ar file
-.Op Fl outform Cm der | pem | smime
-.Op Fl passin Ar arg
-.Op Fl pk7out
-.Op Fl policy_check
-.Op Fl recip Ar file
-.Op Fl resign
-.Op Fl sign
-.Op Fl signer Ar file
-.Op Fl stream
-.Op Fl subject Ar s
-.Op Fl text
-.Op Fl to Ar addr
-.Op Fl verify
-.Op Fl x509_strict
-.Op Ar cert.pem ...
-.Ek
-.El
-.Pp
-The
-.Nm smime
-command handles S/MIME mail.
-It can encrypt, decrypt, sign, and verify S/MIME messages.
-.Pp
-The MIME message must be sent without any blank lines between the
-headers and the output.
-Some mail programs will automatically add a blank line.
-Piping the mail directly to an MTA is one way to
-achieve the correct format.
-.Pp
-The supplied message to be signed or encrypted must include the necessary
-MIME headers or many S/MIME clients won't display it properly (if at all).
-Use the
-.Fl text
-option to automatically add plain text headers.
-.Pp
-A
-.Qq signed and encrypted
-message is one where a signed message is then encrypted.
-This can be produced by encrypting an already signed message.
-.Pp
-There are a number of operations that can be performed, as follows:
-.Bl -tag -width "XXXX"
-.It Fl decrypt
-Decrypt mail using the supplied certificate and private key.
-The input file is an encrypted mail message in MIME format.
-The decrypted mail is written to the output file.
-.It Fl encrypt
-Encrypt mail for the given recipient certificates.
-The input is the message to be encrypted.
-The output file is the encrypted mail, in MIME format.
-.It Fl pk7out
-Take an input message and write out a PEM-encoded PKCS#7 structure.
-.It Fl resign
-Resign a message: take an existing message and one or more new signers.
-.It Fl sign
-Sign mail using the supplied certificate and private key.
-The input file is the message to be signed.
-The signed message, in MIME format, is written to the output file.
-.It Fl verify
-Verify signed mail.
-The input is a signed mail message and the output is the signed data.
-Both clear text and opaque signing is supported.
-.El
-.Pp
-The remaining options are as follows:
-.Bl -tag -width "XXXX"
-.It Xo
-.Fl aes128 | aes192 | aes256 | des |
-.Fl des3 | rc2-40 | rc2-64 | rc2-128
-.Xc
-The encryption algorithm to use.
-128-, 192-, or 256-bit AES, DES (56 bits), triple DES (168 bits),
-or 40-, 64-, or 128-bit RC2, respectively;
-if not specified, 40-bit RC2 is
-used.
-Only used with
-.Fl encrypt .
-.It Fl binary
-Normally, the input message is converted to
-.Qq canonical
-format which uses CR/LF as end of line,
-as required by the S/MIME specification.
-When this option is present, no translation occurs.
-This is useful when handling binary data which may not be in MIME format.
-.It Fl CAfile Ar file
-A
-.Ar file
-containing trusted CA certificates; only used with
-.Fl verify .
-.It Fl CApath Ar directory
-A
-.Ar directory
-containing trusted CA certificates; only used with
-.Fl verify .
-This directory must be a standard certificate directory:
-that is, a hash of each subject name (using
-.Nm x509 -hash )
-should be linked to each certificate.
-.It Ar cert.pem ...
-One or more certificates of message recipients: used when encrypting
-a message.
-.It Fl certfile Ar file
-Allows additional certificates to be specified.
-When signing, these will be included with the message.
-When verifying, these will be searched for the signers' certificates.
-The certificates should be in PEM format.
-.It Xo
-.Fl check_ss_sig ,
-.Fl crl_check ,
-.Fl crl_check_all ,
-.Fl extended_crl ,
-.Fl ignore_critical ,
-.Fl issuer_checks ,
-.Fl policy_check ,
-.Fl x509_strict
-.Xc
-Set various certificate chain validation options.
-See the
-.Nm verify
-command for details.
-.It Fl content Ar file
-A file containing the detached content.
-This is only useful with the
-.Fl verify
-option,
-and only usable if the PKCS#7 structure is using the detached
-signature form where the content is not included.
-This option will override any content if the input format is S/MIME
-and it uses the multipart/signed MIME content type.
-.It Xo
-.Fl from Ar addr ,
-.Fl subject Ar s ,
-.Fl to Ar addr
-.Xc
-The relevant mail headers.
-These are included outside the signed
-portion of a message so they may be included manually.
-When signing, many S/MIME
-mail clients check that the signer's certificate email
-address matches the From: address.
-.It Fl in Ar file
-The input file to read from.
-.It Fl indef
-Enable streaming I/O for encoding operations.
-This permits single pass processing of data without
-the need to hold the entire contents in memory,
-potentially supporting very large files.
-Streaming is automatically set for S/MIME signing with detached
-data if the output format is SMIME;
-it is currently off by default for all other operations.
-.It Fl inform Cm der | pem | smime
-The input format.
-.It Fl inkey Ar file
-The private key to use when signing or decrypting,
-which must match the corresponding certificate.
-If this option is not specified, the private key must be included
-in the certificate file specified with
-the
-.Fl recip
-or
-.Fl signer
-file.
-When signing,
-this option can be used multiple times to specify successive keys.
-.It Fl keyform Cm der | pem
-Input private key format.
-The default is
-.Cm pem .
-.It Fl md Ar digest
-The digest algorithm to use when signing or resigning.
-If not present then the default digest algorithm for the signing key is used
-(usually SHA1).
-.It Fl noattr
-Do not include attributes.
-.It Fl nocerts
-Do not include the signer's certificate.
-This will reduce the size of the signed message but the verifier must
-have a copy of the signer's certificate available locally (passed using the
-.Fl certfile
-option, for example).
-.It Fl nochain
-Do not do chain verification of signers' certificates: that is,
-don't use the certificates in the signed message as untrusted CAs.
-.It Fl nodetach
-When signing a message, use opaque signing: this form is more resistant
-to translation by mail relays but it cannot be read by mail agents that
-do not support S/MIME.
-Without this option cleartext signing with the MIME type
-multipart/signed is used.
-.It Fl noindef
-Disable streaming I/O where it would produce an encoding of indefinite length
-(currently has no effect).
-.It Fl nointern
-Only use certificates specified in the
-.Fl certfile .
-The supplied certificates can still be used as untrusted CAs.
-.It Fl nosigs
-Do not try to verify the signatures on the message.
-.It Fl nosmimecap
-Exclude the list of supported algorithms from signed attributes,
-other options such as signing time and content type are still included.
-.It Fl noverify
-Do not verify the signer's certificate of a signed message.
-.It Fl out Ar file
-The output file to write to.
-.It Fl outform Cm der | pem | smime
-The output format.
-The default is smime, which writes an S/MIME format message.
-.Cm pem
-and
-.Cm der
-change this to write PEM and DER format PKCS#7 structures instead.
-This currently only affects the output format of the PKCS#7
-structure; if no PKCS#7 structure is being output (for example with
-.Fl verify
-or
-.Fl decrypt )
-this option has no effect.
-.It Fl passin Ar arg
-The key password source.
-.It Fl recip Ar file
-The recipients certificate when decrypting a message.
-This certificate
-must match one of the recipients of the message or an error occurs.
-.It Fl signer Ar file
-A signing certificate when signing or resigning a message;
-this option can be used multiple times if more than one signer is required.
-If a message is being verified, the signer's certificates will be
-written to this file if the verification was successful.
-.It Fl stream
-The same as
-.Fl indef .
-.It Fl text
-Add plain text (text/plain) MIME
-headers to the supplied message if encrypting or signing.
-If decrypting or verifying, it strips off text headers:
-if the decrypted or verified message is not of MIME type text/plain
-then an error occurs.
-.El
-.Pp
-The exit codes for
-.Nm smime
-are as follows:
-.Pp
-.Bl -tag -width "XXXX" -offset 3n -compact
-.It 0
-The operation was completely successful.
-.It 1
-An error occurred parsing the command options.
-.It 2
-One of the input files could not be read.
-.It 3
-An error occurred creating the file or when reading the message.
-.It 4
-An error occurred decrypting or verifying the message.
-.It 5
-An error occurred writing certificates.
-.El
-.Tg speed
-.Sh SPEED
-.Bl -hang -width "openssl speed"
-.It Nm openssl speed
-.Bk -words
-.Op Ar algorithm
-.Op Fl decrypt
-.Op Fl elapsed
-.Op Fl evp Ar algorithm
-.Op Fl mr
-.Op Fl multi Ar number
-.Op Fl unaligned Ar number
-.Ek
-.El
-.Pp
-The
-.Nm speed
-command is used to test the performance of cryptographic algorithms.
-.Bl -tag -width "XXXX"
-.It Ar algorithm
-Perform the test using
-.Ar algorithm .
-The default is to test all algorithms.
-.It Fl decrypt
-Time decryption instead of encryption;
-must be used with
-.Fl evp .
-.It Fl elapsed
-Measure time in real time instead of CPU user time.
-.It Fl evp Ar algorithm
-Perform the test using one of the algorithms accepted by
-.Xr EVP_get_cipherbyname 3 .
-.It Fl mr
-Produce machine readable output.
-.It Fl multi Ar number
-Run
-.Ar number
-benchmarks in parallel.
-.It Fl unaligned Ar number
-Use allocated buffers with an offset of
-.Ar number
-bytes from the alignment provided by
-.Xr malloc 3 .
-.Ar number
-should be between 0 and 16.
-.El
-.Tg ts
-.Sh TS
-.Bk -words
-.Bl -hang -width "openssl ts"
-.It Nm openssl ts
-.Fl query
-.Op Fl md4 | md5 | ripemd160 | sha1
-.Op Fl cert
-.Op Fl config Ar configfile
-.Op Fl data Ar file_to_hash
-.Op Fl digest Ar digest_bytes
-.Op Fl in Ar request.tsq
-.Op Fl no_nonce
-.Op Fl out Ar request.tsq
-.Op Fl policy Ar object_id
-.Op Fl text
-.It Nm openssl ts
-.Fl reply
-.Op Fl chain Ar certs_file.pem
-.Op Fl config Ar configfile
-.Op Fl in Ar response.tsr
-.Op Fl inkey Ar private.pem
-.Op Fl out Ar response.tsr
-.Op Fl passin Ar arg
-.Op Fl policy Ar object_id
-.Op Fl queryfile Ar request.tsq
-.Op Fl section Ar tsa_section
-.Op Fl signer Ar tsa_cert.pem
-.Op Fl text
-.Op Fl token_in
-.Op Fl token_out
-.It Nm openssl ts
-.Fl verify
-.Op Fl CAfile Ar trusted_certs.pem
-.Op Fl CApath Ar trusted_cert_path
-.Op Fl data Ar file_to_hash
-.Op Fl digest Ar digest_bytes
-.Op Fl in Ar response.tsr
-.Op Fl queryfile Ar request.tsq
-.Op Fl token_in
-.Op Fl untrusted Ar cert_file.pem
-.El
-.Ek
-.Pp
-The
-.Nm ts
-command is a basic Time Stamping Authority (TSA) client and server
-application as specified in RFC 3161 (Time-Stamp Protocol, TSP).
-A TSA can be part of a PKI deployment and its role is to provide long
-term proof of the existence of specific data.
-Here is a brief description of the protocol:
-.Bl -enum
-.It
-The TSA client computes a one-way hash value for a data file and sends
-the hash to the TSA.
-.It
-The TSA attaches the current date and time to the received hash value,
-signs them and sends the time stamp token back to the client.
-By creating this token the TSA certifies the existence of the original
-data file at the time of response generation.
-.It
-The TSA client receives the time stamp token and verifies the
-signature on it.
-It also checks if the token contains the same hash
-value that it had sent to the TSA.
-.El
-.Pp
-There is one DER-encoded protocol data unit defined for transporting a time
-stamp request to the TSA and one for sending the time stamp response
-back to the client.
-The
-.Nm ts
-command has three main functions:
-creating a time stamp request based on a data file;
-creating a time stamp response based on a request;
-and verifying if a response corresponds
-to a particular request or a data file.
-.Pp
-There is no support for sending the requests/responses automatically
-over HTTP or TCP yet as suggested in RFC 3161.
-Users must send the requests either by FTP or email.
-.Pp
-The
-.Fl query
-switch can be used for creating and printing a time stamp
-request with the following options:
-.Bl -tag -width Ds
-.It Fl cert
-Expect the TSA to include its signing certificate in the response.
-.It Fl config Ar configfile
-Specify an alternative configuration file.
-Only the OID section is used.
-.It Fl data Ar file_to_hash
-The data file for which the time stamp request needs to be created.
-The default is standard input.
-.It Fl digest Ar digest_bytes
-Specify the message imprint explicitly without the data file.
-The imprint must be specified in a hexadecimal format,
-two characters per byte,
-the bytes optionally separated by colons.
-The number of bytes must match the message digest algorithm in use.
-.It Fl in Ar request.tsq
-A previously created time stamp request in DER
-format that will be printed into the output file.
-Useful for examining the content of a request in human-readable format.
-.It Fl md4 | md5 | ripemd160 | sha | sha1
-The message digest to apply to the data file.
-It supports all the message digest algorithms that are supported by the
-.Nm dgst
-command.
-The default is SHA1.
-.It Fl no_nonce
-Specify no nonce in the request.
-The default, to include a 64-bit long pseudo-random nonce,
-is recommended to protect against replay attacks.
-.It Fl out Ar request.tsq
-The output file to write to,
-or standard output if not specified.
-.It Fl policy Ar object_id
-The policy that the client expects the TSA to use for creating the
-time stamp token.
-Either dotted OID notation or OID names defined
-in the config file can be used.
-If no policy is requested, the TSA uses its own default policy.
-.It Fl text
-Output in human-readable text format instead of DER.
-.El
-.Pp
-A time stamp response (TimeStampResp) consists of a response status
-and the time stamp token itself (ContentInfo),
-if the token generation was successful.
-The
-.Fl reply
-command is for creating a time stamp
-response or time stamp token based on a request and printing the
-response/token in human-readable format.
-If
-.Fl token_out
-is not specified the output is always a time stamp response (TimeStampResp),
-otherwise it is a time stamp token (ContentInfo).
-.Bl -tag -width Ds
-.It Fl chain Ar certs_file.pem
-The collection of PEM certificates
-that will be included in the response
-in addition to the signer certificate if the
-.Fl cert
-option was used for the request.
-This file is supposed to contain the certificate chain
-for the signer certificate from its issuer upwards.
-The
-.Fl reply
-command does not build a certificate chain automatically.
-.It Fl config Ar configfile
-Specify an alternative configuration file.
-.It Fl in Ar response.tsr
-Specify a previously created time stamp response (or time stamp token, if
-.Fl token_in
-is also specified)
-in DER format that will be written to the output file.
-This option does not require a request;
-it is useful, for example,
-to examine the content of a response or token
-or to extract the time stamp token from a response.
-If the input is a token and the output is a time stamp response, a default
-.Qq granted
-status info is added to the token.
-.It Fl inkey Ar private.pem
-The signer private key of the TSA in PEM format.
-Overrides the
-.Cm signer_key
-config file option.
-.It Fl out Ar response.tsr
-The response is written to this file.
-The format and content of the file depends on other options (see
-.Fl text
-and
-.Fl token_out ) .
-The default is stdout.
-.It Fl passin Ar arg
-The key password source.
-.It Fl policy Ar object_id
-The default policy to use for the response.
-Either dotted OID notation or OID names defined
-in the config file can be used.
-If no policy is requested, the TSA uses its own default policy.
-.It Fl queryfile Ar request.tsq
-The file containing a DER-encoded time stamp request.
-.It Fl section Ar tsa_section
-The config file section containing the settings for response generation.
-.It Fl signer Ar tsa_cert.pem
-The PEM signer certificate of the TSA.
-The TSA signing certificate must have exactly one extended key usage
-assigned to it: timeStamping.
-The extended key usage must also be critical,
-otherwise the certificate is going to be refused.
-Overrides the
-.Cm signer_cert
-variable of the config file.
-.It Fl text
-Output in human-readable text format instead of DER.
-.It Fl token_in
-The input is a DER-encoded time stamp token (ContentInfo)
-instead of a time stamp response (TimeStampResp).
-.It Fl token_out
-The output is a time stamp token (ContentInfo)
-instead of a time stamp response (TimeStampResp).
-.El
-.Pp
-The
-.Fl verify
-command is for verifying if a time stamp response or time stamp token
-is valid and matches a particular time stamp request or data file.
-The
-.Fl verify
-command does not use the configuration file.
-.Bl -tag -width Ds
-.It Fl CAfile Ar trusted_certs.pem
-The file containing a set of trusted self-signed PEM CA certificates.
-See
-.Nm verify
-for additional details.
-Either this option or
-.Fl CApath
-must be specified.
-.It Fl CApath Ar trusted_cert_path
-The directory containing the trusted CA certificates of the client.
-See
-.Nm verify
-for additional details.
-Either this option or
-.Fl CAfile
-must be specified.
-.It Fl data Ar file_to_hash
-The response or token must be verified against
-.Ar file_to_hash .
-The file is hashed with the message digest algorithm specified in the token.
-The
-.Fl digest
-and
-.Fl queryfile
-options must not be specified with this one.
-.It Fl digest Ar digest_bytes
-The response or token must be verified against the message digest specified
-with this option.
-The number of bytes must match the message digest algorithm
-specified in the token.
-The
-.Fl data
-and
-.Fl queryfile
-options must not be specified with this one.
-.It Fl in Ar response.tsr
-The time stamp response that needs to be verified, in DER format.
-This option in mandatory.
-.It Fl queryfile Ar request.tsq
-The original time stamp request, in DER format.
-The
-.Fl data
-and
-.Fl digest
-options must not be specified with this one.
-.It Fl token_in
-The input is a DER-encoded time stamp token (ContentInfo)
-instead of a time stamp response (TimeStampResp).
-.It Fl untrusted Ar cert_file.pem
-Additional untrusted PEM certificates which may be needed
-when building the certificate chain for the TSA's signing certificate.
-This file must contain the TSA signing certificate and
-all intermediate CA certificates unless the response includes them.
-.El
-.Pp
-Options specified on the command line always override
-the settings in the config file:
-.Bl -tag -width Ds
-.It Cm tsa Ar section , Cm default_tsa
-This is the main section and it specifies the name of another section
-that contains all the options for the
-.Fl reply
-option.
-This section can be overridden with the
-.Fl section
-command line switch.
-.It Cm oid_file
-See
-.Nm ca
-for a description.
-.It Cm oid_section
-See
-.Nm ca
-for a description.
-.It Cm serial
-The file containing the hexadecimal serial number of the
-last time stamp response created.
-This number is incremented by 1 for each response.
-If the file does not exist at the time of response generation,
-a new file is created with serial number 1.
-This parameter is mandatory.
-.It Cm signer_cert
-TSA signing certificate, in PEM format.
-The same as the
-.Fl signer
-command line option.
-.It Cm certs
-A set of PEM-encoded certificates that need to be
-included in the response.
-The same as the
-.Fl chain
-command line option.
-.It Cm signer_key
-The private key of the TSA, in PEM format.
-The same as the
-.Fl inkey
-command line option.
-.It Cm default_policy
-The default policy to use when the request does not mandate any policy.
-The same as the
-.Fl policy
-command line option.
-.It Cm other_policies
-Comma separated list of policies that are also acceptable by the TSA
-and used only if the request explicitly specifies one of them.
-.It Cm digests
-The list of message digest algorithms that the TSA accepts.
-At least one algorithm must be specified.
-This parameter is mandatory.
-.It Cm accuracy
-The accuracy of the time source of the TSA in seconds, milliseconds
-and microseconds.
-For example, secs:1, millisecs:500, microsecs:100.
-If any of the components is missing,
-zero is assumed for that field.
-.It Cm clock_precision_digits
-The maximum number of digits, which represent the fraction of seconds,
-that need to be included in the time field.
-The trailing zeroes must be removed from the time,
-so there might actually be fewer digits
-or no fraction of seconds at all.
-The maximum value is 6;
-the default is 0.
-.It Cm ordering
-If this option is yes,
-the responses generated by this TSA can always be ordered,
-even if the time difference between two responses is less
-than the sum of their accuracies.
-The default is no.
-.It Cm tsa_name
-Set this option to yes if the subject name of the TSA must be included in
-the TSA name field of the response.
-The default is no.
-.It Cm ess_cert_id_chain
-The SignedData objects created by the TSA always contain the
-certificate identifier of the signing certificate in a signed
-attribute (see RFC 2634, Enhanced Security Services).
-If this option is set to yes and either the
-.Cm certs
-variable or the
-.Fl chain
-option is specified then the certificate identifiers of the chain will also
-be included in the SigningCertificate signed attribute.
-If this variable is set to no,
-only the signing certificate identifier is included.
-The default is no.
-.El
-.Tg verify
-.Sh VERIFY
-.Bl -hang -width "openssl verify"
-.It Nm openssl verify
-.Bk -words
-.Op Fl CAfile Ar file
-.Op Fl CApath Ar directory
-.Op Fl check_ss_sig
-.Op Fl CRLfile Ar file
-.Op Fl crl_check
-.Op Fl crl_check_all
-.Op Fl explicit_policy
-.Op Fl extended_crl
-.Op Fl help
-.Op Fl ignore_critical
-.Op Fl inhibit_any
-.Op Fl inhibit_map
-.Op Fl issuer_checks
-.Op Fl legacy_verify
-.Op Fl policy_check
-.Op Fl purpose Ar purpose
-.Op Fl trusted Ar file
-.Op Fl untrusted Ar file
-.Op Fl verbose
-.Op Fl x509_strict
-.Op Ar certificates
-.Ek
-.El
-.Pp
-The
-.Nm verify
-command verifies certificate chains.
-.Pp
-The options are as follows:
-.Bl -tag -width Ds
-.It Fl CAfile Ar file
-A
-.Ar file
-of trusted certificates.
-The
-.Ar file
-should contain multiple certificates in PEM format, concatenated together.
-.It Fl CApath Ar directory
-A
-.Ar directory
-of trusted certificates.
-The certificates, or symbolic links to them,
-should have names of the form
-.Ar hash Ns .0 ,
-where
-.Ar hash
-is the hashed certificate subject name
-(see the
-.Fl hash
-option of the
-.Nm x509
-utility).
-.It Fl check_ss_sig
-Verify the signature on the self-signed root CA.
-This is disabled by default
-because it doesn't add any security.
-.It Fl CRLfile Ar file
-The
-.Ar file
-should contain one or more CRLs in PEM format.
-.It Fl crl_check
-Check end entity certificate validity by attempting to look up a valid CRL.
-If a valid CRL cannot be found, an error occurs.
-.It Fl crl_check_all
-Check the validity of all certificates in the chain by attempting
-to look up valid CRLs.
-.It Fl explicit_policy
-Set policy variable require-explicit-policy (RFC 3280).
-.It Fl extended_crl
-Enable extended CRL features such as indirect CRLs and alternate CRL
-signing keys.
-.It Fl help
-Print a usage message.
-.It Fl ignore_critical
-Ignore critical extensions instead of rejecting the certificate.
-.It Fl inhibit_any
-Set policy variable inhibit-any-policy (RFC 3280).
-.It Fl inhibit_map
-Set policy variable inhibit-policy-mapping (RFC 3280).
-.It Fl issuer_checks
-Print diagnostics relating to searches for the issuer certificate
-of the current certificate
-showing why each candidate issuer certificate was rejected.
-The presence of rejection messages
-does not itself imply that anything is wrong:
-during the normal verify process several rejections may take place.
-.It Fl legacy_verify
-Use the legacy X.509 certificate chain verification code.
-.It Fl policy_check
-Enable certificate policy processing.
-.It Fl purpose Ar purpose
-The intended use for the certificate.
-Without this option no chain verification will be done.
-Currently accepted uses are
-.Cm sslclient , sslserver ,
-.Cm nssslserver , smimesign ,
-.Cm smimeencrypt , crlsign ,
-.Cm any ,
-and
-.Cm ocsphelper .
-.It Fl trusted Ar file
-A
-.Ar file
-of trusted certificates.
-The
-.Ar file
-should contain multiple certificates.
-.It Fl untrusted Ar file
-A
-.Ar file
-of untrusted certificates.
-The
-.Ar file
-should contain multiple certificates.
-.It Fl verbose
-Print extra information about the operations being performed.
-.It Fl x509_strict
-Disable workarounds for broken certificates which have to be disabled
-for strict X.509 compliance.
-.It Ar certificates
-One or more PEM
-.Ar certificates
-to verify.
-If no certificate files are included, an attempt is made to read
-a certificate from standard input.
-If the first certificate filename begins with a dash,
-use a lone dash to mark the last option.
-.El
-.Pp
-The
-.Nm verify
-program uses the same functions as the internal SSL and S/MIME verification,
-with one crucial difference:
-wherever possible an attempt is made to continue after an error,
-whereas normally the verify operation would halt on the first error.
-This allows all the problems with a certificate chain to be determined.
-.Pp
-The verify operation consists of a number of separate steps.
-Firstly a certificate chain is built up starting from the supplied certificate
-and ending in the root CA.
-It is an error if the whole chain cannot be built up.
-The chain is built up by looking up the issuer's certificate of the current
-certificate.
-If a certificate is found which is its own issuer, it is assumed
-to be the root CA.
-.Pp
-All certificates whose subject name matches the issuer name
-of the current certificate are subject to further tests.
-The relevant authority key identifier components of the current certificate
-(if present) must match the subject key identifier (if present)
-and issuer and serial number of the candidate issuer;
-in addition the
-.Cm keyUsage
-extension of the candidate issuer (if present) must permit certificate signing.
-.Pp
-The lookup first looks in the list of untrusted certificates and if no match
-is found the remaining lookups are from the trusted certificates.
-The root CA is always looked up in the trusted certificate list:
-if the certificate to verify is a root certificate,
-then an exact match must be found in the trusted list.
-.Pp
-The second operation is to check every untrusted certificate's extensions for
-consistency with the supplied purpose.
-If the
-.Fl purpose
-option is not included, then no checks are done.
-The supplied or
-.Qq leaf
-certificate must have extensions compatible with the supplied purpose
-and all other certificates must also be valid CA certificates.
-The precise extensions required are described in more detail in
-the
-.Nm X509
-section below.
-.Pp
-The third operation is to check the trust settings on the root CA.
-The root CA should be trusted for the supplied purpose.
-A certificate with no trust settings is considered to be valid for
-all purposes.
-.Pp
-The final operation is to check the validity of the certificate chain.
-The validity period is checked against the current system time and the
-.Cm notBefore
-and
-.Cm notAfter
-dates in the certificate.
-The certificate signatures are also checked at this point.
-.Pp
-If all operations complete successfully, the certificate is considered
-valid.
-If any operation fails then the certificate is not valid.
-When a verify operation fails, the output messages can be somewhat cryptic.
-The general form of the error message is:
-.Bd -literal
-server.pem: /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test CA (1024-bit)
-error 24 at 1 depth lookup:invalid CA certificate
-.Ed
-.Pp
-The first line contains the name of the certificate being verified, followed by
-the subject name of the certificate.
-The second line contains the error number as defined by the
-.Dv X509_V_ERR_*
-constants in
-.In openssl/x509_vfy.h ,
-the associated error message documented in
-.Xr X509_STORE_CTX_get_error 3 ,
-and the depth.
-The depth is the number of the certificate being verified when a
-problem was detected starting with zero for the certificate being verified
-itself, then 1 for the CA that signed the certificate and so on.
-.Tg version
-.Sh VERSION
-.Nm openssl version
-.Op Fl abdfpv
-.Pp
-The
-.Nm version
-command is used to print out version information about
-.Nm openssl .
-.Pp
-The options are as follows:
-.Bl -tag -width Ds
-.It Fl a
-All information: this is the same as setting all the other flags.
-.It Fl b
-The date the current version of
-.Nm openssl
-was built.
-.It Fl d
-.Ev OPENSSLDIR
-setting.
-.It Fl f
-Compilation flags.
-.It Fl p
-Platform setting.
-.It Fl v
-The current
-.Nm openssl
-version.
-.El
-.Tg x509
-.Sh X509
-.Bl -hang -width "openssl x509"
-.It Nm openssl x509
-.Bk -words
-.Op Fl addreject Ar arg
-.Op Fl addtrust Ar arg
-.Op Fl alias
-.Op Fl CA Ar file
-.Op Fl CAcreateserial
-.Op Fl CAform Cm der | pem
-.Op Fl CAkey Ar file
-.Op Fl CAkeyform Cm der | pem
-.Op Fl CAserial Ar file
-.Op Fl certopt Ar option
-.Op Fl checkend Ar arg
-.Op Fl clrext
-.Op Fl clrreject
-.Op Fl clrtrust
-.Op Fl dates
-.Op Fl days Ar arg
-.Op Fl email
-.Op Fl enddate
-.Op Fl extensions Ar section
-.Op Fl extfile Ar file
-.Op Fl fingerprint
-.Op Fl force_pubkey Ar key
-.Op Fl hash
-.Op Fl in Ar file
-.Op Fl inform Cm der | net | pem
-.Op Fl issuer
-.Op Fl issuer_hash
-.Op Fl issuer_hash_old
-.Op Fl keyform Cm der | pem
-.Op Fl md5 | sha1
-.Op Fl modulus
-.Op Fl multivalue-rdn
-.Op Fl nameopt Ar option
-.Op Fl new
-.Op Fl next_serial
-.Op Fl noout
-.Op Fl ocsp_uri
-.Op Fl ocspid
-.Op Fl out Ar file
-.Op Fl outform Cm der | net | pem
-.Op Fl passin Ar arg
-.Op Fl pubkey
-.Op Fl purpose
-.Op Fl req
-.Op Fl serial
-.Op Fl set_issuer Ar name
-.Op Fl set_serial Ar n
-.Op Fl set_subject Ar name
-.Op Fl setalias Ar arg
-.Op Fl signkey Ar file
-.Op Fl sigopt Ar nm:v
-.Op Fl startdate
-.Op Fl subject
-.Op Fl subject_hash
-.Op Fl subject_hash_old
-.Op Fl text
-.Op Fl trustout
-.Op Fl utf8
-.Op Fl x509toreq
-.Ek
-.El
-.Pp
-The
-.Nm x509
-command is a multi-purpose certificate utility.
-It can be used to display certificate information, convert certificates to
-various forms, sign certificate requests like a
-.Qq mini CA ,
-or edit certificate trust settings.
-.Pp
-The following are x509 input, output, and general purpose options:
-.Bl -tag -width "XXXX"
-.It Fl in Ar file
-The input file to read from,
-or standard input if not specified.
-This option cannot be used with
-.Fl new .
-.It Fl inform Cm der | net | pem
-The input format.
-Normally, the command will expect an X.509 certificate,
-but this can change if other options such as
-.Fl in
-or
-.Fl req
-are present.
-.It Fl md5 | sha1
-The digest to use.
-This affects any signing or display option that uses a message digest,
-such as the
-.Fl fingerprint , signkey ,
-and
-.Fl CA
-options.
-If not specified, MD5 is used.
-SHA1 is always used with DSA keys.
-.It Fl out Ar file
-The output file to write to,
-or standard output if none is specified.
-.It Fl outform Cm der | net | pem
-The output format.
-.It Fl passin Ar arg
-The key password source.
-.El
-.Pp
-The following are x509 display options:
-.Bl -tag -width "XXXX"
-.It Fl certopt Ar option
-Customise the output format used with
-.Fl text ,
-either using a list of comma-separated options or by specifying
-.Fl certopt
-multiple times.
-The default behaviour is to print all fields.
-The options are as follows:
-.Pp
-.Bl -tag -width "no_extensions" -offset indent -compact
-.It Cm ca_default
-Equivalent to
-.Cm no_issuer , no_pubkey , no_header ,
-.Cm no_version , no_sigdump ,
-and
-.Cm no_signame .
-.It Cm compatible
-Equivalent to no output options at all.
-.It Cm ext_default
-Print unsupported certificate extensions.
-.It Cm ext_dump
-Hex dump unsupported extensions.
-.It Cm ext_error
-Print an error message for unsupported certificate extensions.
-.It Cm ext_parse
-ASN.1 parse unsupported extensions.
-.It Cm no_aux
-Do not print certificate trust information.
-.It Cm no_extensions
-Do not print X509V3 extensions.
-.It Cm no_header
-Do not print header (Certificate and Data) information.
-.It Cm no_issuer
-Do not print the issuer name.
-.It Cm no_pubkey
-Do not print the public key.
-.It Cm no_serial
-Do not print the serial number.
-.It Cm no_sigdump
-Do not give a hexadecimal dump of the certificate signature.
-.It Cm no_signame
-Do not print the signature algorithm used.
-.It Cm no_subject
-Do not print the subject name.
-.It Cm no_validity
-Do not print the
-.Cm notBefore
-and
-.Cm notAfter
-(validity) fields.
-.It Cm no_version
-Do not print the version number.
-.El
-.It Fl dates
-Print the start and expiry date of a certificate.
-.It Fl email
-Output the email addresses, if any.
-.It Fl enddate
-Print the expiry date of the certificate; that is, the
-.Cm notAfter
-date.
-.It Fl fingerprint
-Print the digest of the DER-encoded version of the whole certificate.
-.It Fl hash
-A synonym for
-.Fl subject_hash .
-.It Fl issuer
-Print the issuer name.
-.It Fl issuer_hash
-Print the hash of the certificate issuer name.
-.It Fl issuer_hash_old
-Print the hash of the certificate issuer name
-using the older algorithm as used by
-.Nm openssl
-versions before 1.0.0.
-.It Fl modulus
-Print the value of the modulus of the public key contained in the certificate.
-.It Fl multivalue-rdn
-This option causes the
-.Fl subj
-argument to be interpreted with full support for multivalued RDNs,
-for example
-.Qq "/DC=org/DC=OpenSSL/DC=users/UID=123456+CN=John Doe" .
-If
-.Fl multivalue-rdn
-is not used, the UID value is set to
-.Qq "123456+CN=John Doe" .
-.It Fl nameopt Ar option
-Customise how the subject or issuer names are displayed,
-either using a list of comma-separated options or by specifying
-.Fl nameopt
-multiple times.
-The default behaviour is to use the
-.Cm oneline
-format.
-The options,
-which can be preceded by a dash to turn them off,
-are as follows:
-.Bl -tag -width "XXXX"
-.It Cm align
-Align field values for a more readable output.
-Only usable with
-.Ar sep_multiline .
-.It Cm compat
-Use the old format,
-equivalent to specifying no options at all.
-.It Cm dn_rev
-Reverse the fields of the DN, as required by RFC 2253.
-As a side effect, this also reverses the order of multiple AVAs.
-.It Cm dump_all
-Dump all fields.
-When used with
-.Ar dump_der ,
-it allows the DER encoding of the structure to be unambiguously determined.
-.It Cm dump_der
-Any fields that need to be hexdumped are
-dumped using the DER encoding of the field.
-Otherwise just the content octets will be displayed.
-Both options use the RFC 2253 #XXXX... format.
-.It Cm dump_nostr
-Dump non-character string types
-(for example OCTET STRING);
-usually, non-character string types are displayed
-as though each content octet represents a single character.
-.It Cm dump_unknown
-Dump any field whose OID is not recognised by
-.Nm openssl .
-.It Cm esc_2253
-Escape the
-.Qq special
-characters required by RFC 2253 in a field that is
-.Dq \& ,+"<>; .
-Additionally,
-.Sq #
-is escaped at the beginning of a string
-and a space character at the beginning or end of a string.
-.It Cm esc_ctrl
-Escape control characters.
-That is, those with ASCII values less than 0x20 (space)
-and the delete (0x7f) character.
-They are escaped using the RFC 2253 \eXX notation (where XX are two hex
-digits representing the character value).
-.It Cm esc_msb
-Escape characters with the MSB set; that is, with ASCII values larger than
-127.
-.It Cm multiline
-A multiline format.
-Equivalent to
-.Cm esc_ctrl , esc_msb , sep_multiline ,
-.Cm space_eq , lname ,
-and
-.Cm align .
-.It Cm no_type
-Do not attempt to interpret multibyte characters.
-That is, content octets are merely dumped as though one octet
-represents each character.
-This is useful for diagnostic purposes
-but results in rather odd looking output.
-.It Cm nofname , sname , lname , oid
-Alter how the field name is displayed:
-.Cm nofname
-does not display the field at all;
-.Cm sname
-uses the short name form (CN for
-.Cm commonName ,
-for example);
-.Cm lname
-uses the long form.
-.Cm oid
-represents the OID in numerical form and is useful for diagnostic purpose.
-.It Cm oneline
-A one line format which is more readable than
-.Cm RFC2253 .
-Equivalent to
-.Cm esc_2253 , esc_ctrl , esc_msb , utf8 ,
-.Cm dump_nostr , dump_der , use_quote , sep_comma_plus_spc ,
-.Cm space_eq ,
-and
-.Cm sname .
-.It Cm RFC2253
-Displays names compatible with RFC 2253.
-Equivalent to
-.Cm esc_2253 , esc_ctrl ,
-.Cm esc_msb , utf8 , dump_nostr , dump_unknown ,
-.Cm dump_der , sep_comma_plus , dn_rev ,
-and
-.Cm sname .
-.It Cm sep_comma_plus , sep_comma_plus_space , sep_semi_plus_space , sep_multiline
-Determine the field separators:
-the first character is between RDNs and the second between multiple AVAs
-(multiple AVAs are very rare and their use is discouraged).
-The options ending in
-.Qq space
-additionally place a space after the separator to make it more readable.
-.Cm sep_multiline
-uses a linefeed character for the RDN separator and a spaced
-.Sq +
-for the AVA separator,
-as well as indenting the fields by four characters.
-If no field separator is specified then
-.Cm sep_comma_plus_space
-is used by default.
-.It Cm show_type
-Show the type of the ASN.1 character string.
-The type precedes the field contents.
-For example
-.Qq BMPSTRING: Hello World .
-.It Cm space_eq
-Place spaces round the
-.Sq =
-character which follows the field name.
-.It Cm use_quote
-Escape some characters by surrounding the whole string with
-.Sq \&"
-characters.
-Without the option, all escaping is done with the
-.Sq \e
-character.
-.It Cm utf8
-Convert all strings to UTF8 format first, as required by RFC 2253.
-On a UTF8 compatible terminal,
-the use of this option (and not setting
-.Cm esc_msb )
-may result in the correct display of multibyte characters.
-Usually, multibyte characters larger than 0xff
-are represented using the format \eUXXXX for 16 bits and \eWXXXXXXXX
-for 32 bits,
-and any UTF8Strings are converted to their character form first.
-.El
-.It Fl next_serial
-Print the next serial number.
-.It Fl noout
-Do not output the encoded version of the request.
-.It Fl ocsp_uri
-Print the OCSP responder addresses, if any.
-.It Fl ocspid
-Print OCSP hash values for the subject name and public key.
-.It Fl pubkey
-Print the public key.
-.It Fl serial
-Print the certificate serial number.
-.It Fl sigopt Ar nm:v
-Pass options to the signature algorithm during sign or certify operations.
-The names and values of these options are algorithm-specific.
-.It Fl startdate
-Print the start date of the certificate; that is, the
-.Cm notBefore
-date.
-.It Fl subject
-Print the subject name.
-.It Fl subject_hash
-Print the hash of the certificate subject name.
-This is used in
-.Nm openssl
-to form an index to allow certificates in a directory to be looked up
-by subject name.
-.It Fl subject_hash_old
-Print the hash of the certificate subject name
-using the older algorithm as used by
-.Nm openssl
-versions before 1.0.0.
-.It Fl text
-Print the full certificate in text form.
-.El
-.Pp
-A trusted certificate is a certificate which has several
-additional pieces of information attached to it such as the permitted
-and prohibited uses of the certificate and an alias.
-When a certificate is being verified, at least one certificate must be trusted.
-By default, a trusted certificate must be stored locally and be a root CA.
-The following are x509 trust settings options:
-.Bl -tag -width "XXXX"
-.It Fl addreject Ar arg
-Add a prohibited use.
-Accepts the same values as the
-.Fl addtrust
-option.
-.It Fl addtrust Ar arg
-Add a trusted certificate use.
-Any object name can be used here, but currently only
-.Cm clientAuth
-(SSL client use),
-.Cm serverAuth
-(SSL server use),
-and
-.Cm emailProtection
-(S/MIME email) are used.
-.It Fl alias
-Output the certificate alias.
-.It Fl clrreject
-Clear all the prohibited or rejected uses of the certificate.
-.It Fl clrtrust
-Clear all the permitted or trusted uses of the certificate.
-.It Fl purpose
-Perform tests on the certificate extensions.
-The same code is used when verifying untrusted certificates in chains,
-so this section is useful if a chain is rejected by the verify code.
-.Pp
-The
-.Cm basicConstraints
-extension CA flag is used to determine whether the
-certificate can be used as a CA.
-If the CA flag is true, it is a CA;
-if the CA flag is false, it is not a CA.
-All CAs should have the CA flag set to true.
-.Pp
-If the
-.Cm basicConstraints
-extension is absent, then the certificate is
-considered to be a possible CA;
-other extensions are checked according to the intended use of the certificate.
-A warning is given in this case because the certificate should really not
-be regarded as a CA.
-However it is allowed to be a CA to work around some broken software.
-.Pp
-If the certificate is a V1 certificate
-(and thus has no extensions) and it is self-signed,
-it is also assumed to be a CA but a warning is again given.
-This is to work around the problem of Verisign roots
-which are V1 self-signed certificates.
-.Pp
-If the
-.Cm keyUsage
-extension is present, then additional restraints are
-made on the uses of the certificate.
-A CA certificate must have the
-.Cm keyCertSign
-bit set if the
-.Cm keyUsage
-extension is present.
-.Pp
-The extended key usage extension places additional restrictions on the
-certificate uses.
-If this extension is present, whether critical or not,
-the key can only be used for the purposes specified.
-.Pp
-A complete description of each test is given below.
-The comments about
-.Cm basicConstraints
-and
-.Cm keyUsage
-and V1 certificates above apply to all CA certificates.
-.Bl -tag -width "XXXX"
-.It SSL Client
-The extended key usage extension must be absent or include the
-web client authentication OID.
-.Cm keyUsage
-must be absent or it must have the
-.Cm digitalSignature
-bit set.
-The Netscape certificate type must be absent
-or it must have the SSL client bit set.
-.It SSL Client CA
-The extended key usage extension must be absent or include the
-web client authentication OID.
-The Netscape certificate type must be absent
-or it must have the SSL CA bit set:
-this is used as a workaround if the
-.Cm basicConstraints
-extension is absent.
-.It SSL Server
-The extended key usage extension must be absent or include the
-web server authentication and/or one of the SGC OIDs.
-.Cm keyUsage
-must be absent or it must have the
-.Cm digitalSignature
-set, the
-.Cm keyEncipherment
-set, or both bits set.
-The Netscape certificate type must be absent or have the SSL server bit set.
-.It SSL Server CA
-The extended key usage extension must be absent or include the
-web server authentication and/or one of the SGC OIDs.
-The Netscape certificate type must be absent or the SSL CA bit must be set:
-this is used as a workaround if the
-.Cm basicConstraints
-extension is absent.
-.It Netscape SSL Server
-For Netscape SSL clients to connect to an SSL server; it must have the
-.Cm keyEncipherment
-bit set if the
-.Cm keyUsage
-extension is present.
-This isn't always valid because some cipher suites use the key for
-digital signing.
-Otherwise it is the same as a normal SSL server.
-.It Common S/MIME Client Tests
-The extended key usage extension must be absent or include the
-email protection OID.
-The Netscape certificate type must be absent or should have the S/MIME bit set.
-If the S/MIME bit is not set in Netscape certificate type, then the SSL
-client bit is tolerated as an alternative but a warning is shown:
-this is because some Verisign certificates don't set the S/MIME bit.
-.It S/MIME Signing
-In addition to the common S/MIME client tests, the
-.Cm digitalSignature
-bit must be set if the
-.Cm keyUsage
-extension is present.
-.It S/MIME Encryption
-In addition to the common S/MIME tests, the
-.Cm keyEncipherment
-bit must be set if the
-.Cm keyUsage
-extension is present.
-.It S/MIME CA
-The extended key usage extension must be absent or include the
-email protection OID.
-The Netscape certificate type must be absent
-or must have the S/MIME CA bit set:
-this is used as a workaround if the
-.Cm basicConstraints
-extension is absent.
-.It CRL Signing
-The
-.Cm keyUsage
-extension must be absent or it must have the CRL signing bit set.
-.It CRL Signing CA
-The normal CA tests apply, except the
-.Cm basicConstraints
-extension must be present.
-.El
-.It Fl setalias Ar arg
-Set the alias of the certificate,
-allowing the certificate to be referred to using a nickname,
-such as
-.Qq Steve's Certificate .
-.It Fl trustout
-Output a trusted certificate
-(the default if any trust settings are modified).
-An ordinary or trusted certificate can be input, but by default an ordinary
-certificate is output and any trust settings are discarded.
-.El
-.Pp
-The
-.Nm x509
-utility can be used to sign certificates and requests:
-it can thus behave like a mini CA.
-The following are x509 signing options:
-.Bl -tag -width "XXXX"
-.It Fl CA Ar file
-The CA certificate to be used for signing.
-When this option is present,
-.Nm x509
-behaves like a mini CA.
-The input file is signed by the CA using this option;
-that is, its issuer name is set to the subject name of the CA and it is
-digitally signed using the CA's private key.
-.Pp
-This option is normally combined with the
-.Fl req
-option.
-Without the
-.Fl req
-option, the input is a certificate which must be self-signed.
-.It Fl CAcreateserial
-Create the CA serial number file if it does not exist
-instead of generating an error.
-The file will contain the serial number
-.Sq 02
-and the certificate being signed will have
-.Sq 1
-as its serial number.
-.It Fl CAform Cm der | pem
-The format of the CA certificate file.
-The default is
-.Cm pem .
-.It Fl CAkey Ar file
-Set the CA private key to sign a certificate with.
-Otherwise it is assumed that the CA private key is present
-in the CA certificate file.
-.It Fl CAkeyform Cm der | pem
-The format of the CA private key.
-The default is
-.Cm pem .
-.It Fl CAserial Ar file
-Use the serial number in
-.Ar file
-to sign a certificate.
-The file should consist of one line containing an even number of hex digits
-with the serial number to use.
-After each use the serial number is incremented and written out
-to the file again.
-.Pp
-The default filename consists of the CA certificate file base name with
-.Pa .srl
-appended.
-For example, if the CA certificate file is called
-.Pa mycacert.pem ,
-it expects to find a serial number file called
-.Pa mycacert.srl .
-.It Fl checkend Ar arg
-Check whether the certificate expires in the next
-.Ar arg
-seconds.
-If so, exit with return value 1;
-otherwise exit with return value 0.
-.It Fl clrext
-Delete any extensions from a certificate.
-This option is used when a certificate is being created from another
-certificate (for example with the
-.Fl signkey
-or the
-.Fl CA
-options).
-Normally, all extensions are retained.
-.It Fl days Ar arg
-The number of days to make a certificate valid for.
-The default is 30 days.
-.It Fl extensions Ar section
-The section to add certificate extensions from.
-If this option is not specified, the extensions should either be
-contained in the unnamed (default) section
-or the default section should contain a variable called
-.Qq extensions
-which contains the section to use.
-.It Fl extfile Ar file
-File containing certificate extensions to use.
-If not specified, no extensions are added to the certificate.
-.It Fl force_pubkey Ar key
-Set the public key of the certificate to the public key contained in
-.Ar key .
-.It Fl keyform Cm der | pem
-The format of the key file used in the
-.Fl force_pubkey
-and
-.Fl signkey
-options.
-.It Fl new
-Generate a new certificate using the subject given by
-.Fl set_subject
-and signed by
-.Fl signkey .
-If no public key is provided with
-.Fl force_pubkey ,
-the resulting certificate is self-signed.
-This option cannot be used with
-.Fl in
-or
-.Fl req .
-.It Fl req
-Expect a certificate request on input instead of a certificate.
-This option cannot be used with
-.Fl new .
-.It Fl set_issuer Ar name
-The issuer name to use.
-.Ar name
-must be formatted as /type0=value0/type1=value1/type2=...;
-characters may be escaped by
-.Sq \e
-(backslash);
-no spaces are skipped.
-.It Fl set_serial Ar n
-The serial number to use.
-This option can be used with either the
-.Fl signkey
-or
-.Fl CA
-options.
-If used in conjunction with the
-.Fl CA
-option, the serial number file (as specified by the
-.Fl CAserial
-or
-.Fl CAcreateserial
-options) is not used.
-.Pp
-The serial number can be decimal or hex (if preceded by
-.Sq 0x ) .
-Negative serial numbers can also be specified but their use is not recommended.
-.It Fl set_subject Ar name
-The subject name to use.
-.Ar name
-must be formatted as /type0=value0/type1=value1/type2=...;
-characters may be escaped by
-.Sq \e
-(backslash);
-no spaces are skipped.
-.It Fl signkey Ar file
-Self-sign
-.Ar file
-using the supplied private key.
-.Pp
-If the input file is a certificate, it sets the issuer name to the
-subject name (i.e. makes it self-signed),
-changes the public key to the supplied value,
-and changes the start and end dates.
-The start date is set to the current time and the end date is set to
-a value determined by the
-.Fl days
-option.
-Any certificate extensions are retained unless the
-.Fl clrext
-option is supplied.
-.Pp
-If the input is a certificate request, a self-signed certificate
-is created using the supplied private key using the subject name in
-the request.
-.It Fl utf8
-Interpret field values read from a terminal or obtained from a configuration
-file as UTF-8 strings.
-By default, they are interpreted as ASCII.
-.It Fl x509toreq
-Convert a certificate into a certificate request.
-The
-.Fl signkey
-option is used to pass the required private key.
-.El
-.Sh COMMON NOTATION
-Several commands share a common syntax,
-as detailed below.
-.Pp
-Password arguments, typically specified using
-.Fl passin
-and
-.Fl passout
-for input and output passwords,
-allow passwords to be obtained from a variety of sources.
-Both of these options take a single argument, described below.
-If no password argument is given and a password is required,
-then the user is prompted to enter one:
-this will typically be read from the current terminal with echoing turned off.
-.Bl -tag -width "pass:password" -offset indent
-.It Cm pass : Ns Ar password
-The actual password is
-.Ar password .
-Since the password is visible to utilities,
-this form should only be used where security is not important.
-.It Cm env : Ns Ar var
-Obtain the password from the environment variable
-.Ar var .
-Since the environment of other processes is visible,
-this option should be used with caution.
-.It Cm file : Ns Ar path
-The first line of
-.Ar path
-is the password.
-If the same
-.Ar path
-argument is supplied to
-.Fl passin
-and
-.Fl passout ,
-then the first line will be used for the input password and the next line
-for the output password.
-.Ar path
-need not refer to a regular file:
-it could, for example, refer to a device or named pipe.
-.It Cm fd : Ns Ar number
-Read the password from the file descriptor
-.Ar number .
-This can be used to send the data via a pipe, for example.
-.It Cm stdin
-Read the password from standard input.
-.El
-.Pp
-Input/output formats,
-typically specified using
-.Fl inform
-and
-.Fl outform ,
-indicate the format being read from or written to.
-The argument is case insensitive.
-.Pp
-.Bl -tag -width Ds -offset indent -compact
-.It Cm der
-Distinguished Encoding Rules (DER)
-is a binary format.
-.It Cm net
-Insecure legacy format.
-.It Cm pem
-Privacy Enhanced Mail (PEM)
-is base64-encoded.
-.It Cm pvk
-Private Key format.
-.It Cm smime
-An SMIME format message.
-.It Cm txt
-Plain ASCII text.
-.El
-.Sh ENVIRONMENT
-The following environment variables affect the execution of
-.Nm openssl :
-.Bl -tag -width "/etc/ssl/openssl.cnf"
-.It Ev OPENSSL_CONF
-The location of the master configuration file.
-.El
-.Sh FILES
-.Bl -tag -width "/etc/ssl/openssl.cnf" -compact
-.It Pa /etc/ssl/
-Default config directory for
-.Nm openssl .
-.It Pa /etc/ssl/lib/
-Unused.
-.It Pa /etc/ssl/private/
-Default private key directory.
-.It Pa /etc/ssl/openssl.cnf
-Default configuration file for
-.Nm openssl .
-.It Pa /etc/ssl/x509v3.cnf
-Default configuration file for
-.Nm x509
-certificates.
-.El
-.Sh SEE ALSO
-.Xr acme-client 1 ,
-.Xr nc 1 ,
-.Xr openssl.cnf 5 ,
-.Xr x509v3.cnf 5 ,
-.Xr ssl 8 ,
-.Xr starttls 8
-.Sh STANDARDS
-.Rs
-.%A T. Dierks
-.%A C. Allen
-.%D January 1999
-.%R RFC 2246
-.%T The TLS Protocol Version 1.0
-.Re
-.Pp
-.Rs
-.%A M. Wahl
-.%A S. Killie
-.%A T. Howes
-.%D December 1997
-.%R RFC 2253
-.%T Lightweight Directory Access Protocol (v3): UTF-8 String Representation of Distinguished Names
-.Re
-.Pp
-.Rs
-.%A B. Kaliski
-.%D March 1998
-.%R RFC 2315
-.%T PKCS #7: Cryptographic Message Syntax Version 1.5
-.Re
-.Pp
-.Rs
-.%A R. Housley
-.%A W. Ford
-.%A W. Polk
-.%A D. Solo
-.%D January 1999
-.%R RFC 2459
-.%T Internet X.509 Public Key Infrastructure Certificate and CRL Profile
-.Re
-.Pp
-.Rs
-.%A M. Myers
-.%A R. Ankney
-.%A A. Malpani
-.%A S. Galperin
-.%A C. Adams
-.%D June 1999
-.%R RFC 2560
-.%T X.509 Internet Public Key Infrastructure Online Certificate Status Protocol \(en OCSP
-.Re
-.Pp
-.Rs
-.%A R. Housley
-.%D June 1999
-.%R RFC 2630
-.%T Cryptographic Message Syntax
-.Re
-.Pp
-.Rs
-.%A P. Chown
-.%D June 2002
-.%R RFC 3268
-.%T Advanced Encryption Standard (AES) Ciphersuites for Transport Layer Security (TLS)
-.Re