Upgrade to OpenSSL 0.9.8h.
[dragonfly.git] / secure / usr.bin / openssl / man / openssl.1
CommitLineData
aac4ff6f 1.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32
8b0cefbb
JR
2.\"
3.\" Standard preamble:
4.\" ========================================================================
5.de Sh \" Subsection heading
984263bc
MD
6.br
7.if t .Sp
8.ne 5
9.PP
10\fB\\$1\fR
11.PP
12..
8b0cefbb 13.de Sp \" Vertical space (when we can't use .PP)
984263bc
MD
14.if t .sp .5v
15.if n .sp
16..
8b0cefbb 17.de Vb \" Begin verbatim text
984263bc
MD
18.ft CW
19.nf
20.ne \\$1
21..
8b0cefbb 22.de Ve \" End verbatim text
984263bc 23.ft R
984263bc
MD
24.fi
25..
8b0cefbb
JR
26.\" Set up some character translations and predefined strings. \*(-- will
27.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
aac4ff6f
PA
28.\" double quote, and \*(R" will give a right double quote. | will give a
29.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to
30.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C'
31.\" expand to `' in nroff, nothing in troff, for use with C<>.
32.tr \(*W-|\(bv\*(Tr
8b0cefbb 33.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
984263bc 34.ie n \{\
8b0cefbb
JR
35. ds -- \(*W-
36. ds PI pi
37. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
38. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
39. ds L" ""
40. ds R" ""
41. ds C` ""
42. ds C' ""
984263bc
MD
43'br\}
44.el\{\
8b0cefbb
JR
45. ds -- \|\(em\|
46. ds PI \(*p
47. ds L" ``
48. ds R" ''
984263bc 49'br\}
8b0cefbb
JR
50.\"
51.\" If the F register is turned on, we'll generate index entries on stderr for
52.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index
53.\" entries marked with X<> in POD. Of course, you'll have to process the
54.\" output yourself in some meaningful fashion.
55.if \nF \{\
56. de IX
57. tm Index:\\$1\t\\n%\t"\\$2"
984263bc 58..
8b0cefbb
JR
59. nr % 0
60. rr F
984263bc 61.\}
8b0cefbb 62.\"
aac4ff6f
PA
63.\" For nroff, turn off justification. Always turn off hyphenation; it makes
64.\" way too many mistakes in technical documents.
65.hy 0
66.if n .na
67.\"
8b0cefbb
JR
68.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
69.\" Fear. Run. Save yourself. No user-serviceable parts.
70. \" fudge factors for nroff and troff
984263bc 71.if n \{\
8b0cefbb
JR
72. ds #H 0
73. ds #V .8m
74. ds #F .3m
75. ds #[ \f1
76. ds #] \fP
984263bc
MD
77.\}
78.if t \{\
8b0cefbb
JR
79. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
80. ds #V .6m
81. ds #F 0
82. ds #[ \&
83. ds #] \&
984263bc 84.\}
8b0cefbb 85. \" simple accents for nroff and troff
984263bc 86.if n \{\
8b0cefbb
JR
87. ds ' \&
88. ds ` \&
89. ds ^ \&
90. ds , \&
91. ds ~ ~
92. ds /
984263bc
MD
93.\}
94.if t \{\
8b0cefbb
JR
95. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
96. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
97. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
98. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
99. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
100. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
984263bc 101.\}
8b0cefbb 102. \" troff and (daisy-wheel) nroff accents
984263bc
MD
103.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
104.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
105.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
106.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
107.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
108.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
109.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
110.ds ae a\h'-(\w'a'u*4/10)'e
111.ds Ae A\h'-(\w'A'u*4/10)'E
8b0cefbb 112. \" corrections for vroff
984263bc
MD
113.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
114.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
8b0cefbb 115. \" for low resolution devices (crt and lpr)
984263bc
MD
116.if \n(.H>23 .if \n(.V>19 \
117\{\
8b0cefbb
JR
118. ds : e
119. ds 8 ss
120. ds o a
121. ds d- d\h'-1'\(ga
122. ds D- D\h'-1'\(hy
123. ds th \o'bp'
124. ds Th \o'LP'
125. ds ae ae
126. ds Ae AE
984263bc
MD
127.\}
128.rm #[ #] #H #V #F C
8b0cefbb
JR
129.\" ========================================================================
130.\"
131.IX Title "OPENSSL 1"
aac4ff6f 132.TH OPENSSL 1 "2008-09-06" "0.9.8h" "OpenSSL"
984263bc
MD
133.SH "NAME"
134openssl \- OpenSSL command line tool
135.SH "SYNOPSIS"
8b0cefbb
JR
136.IX Header "SYNOPSIS"
137\&\fBopenssl\fR
138\&\fIcommand\fR
984263bc
MD
139[ \fIcommand_opts\fR ]
140[ \fIcommand_args\fR ]
141.PP
8b0cefbb 142\&\fBopenssl\fR [ \fBlist-standard-commands\fR | \fBlist-message-digest-commands\fR | \fBlist-cipher-commands\fR ]
984263bc 143.PP
8b0cefbb 144\&\fBopenssl\fR \fBno\-\fR\fI\s-1XXX\s0\fR [ \fIarbitrary options\fR ]
984263bc 145.SH "DESCRIPTION"
8b0cefbb
JR
146.IX Header "DESCRIPTION"
147OpenSSL is a cryptography toolkit implementing the Secure Sockets Layer (\s-1SSL\s0
148v2/v3) and Transport Layer Security (\s-1TLS\s0 v1) network protocols and related
984263bc
MD
149cryptography standards required by them.
150.PP
151The \fBopenssl\fR program is a command line tool for using the various
152cryptography functions of OpenSSL's \fBcrypto\fR library from the shell.
aac4ff6f 153It can be used for
984263bc
MD
154.PP
155.Vb 6
156\& o Creation of RSA, DH and DSA key parameters
157\& o Creation of X.509 certificates, CSRs and CRLs
158\& o Calculation of Message Digests
159\& o Encryption and Decryption with Ciphers
160\& o SSL/TLS Client and Server Tests
161\& o Handling of S/MIME signed or encrypted mail
162.Ve
163.SH "COMMAND SUMMARY"
8b0cefbb 164.IX Header "COMMAND SUMMARY"
984263bc 165The \fBopenssl\fR program provides a rich variety of commands (\fIcommand\fR in the
8b0cefbb
JR
166\&\s-1SYNOPSIS\s0 above), each of which often has a wealth of options and arguments
167(\fIcommand_opts\fR and \fIcommand_args\fR in the \s-1SYNOPSIS\s0).
984263bc
MD
168.PP
169The pseudo-commands \fBlist-standard-commands\fR, \fBlist-message-digest-commands\fR,
170and \fBlist-cipher-commands\fR output a list (one entry per line) of the names
171of all standard commands, message digest commands, or cipher commands,
172respectively, that are available in the present \fBopenssl\fR utility.
173.PP
8b0cefbb
JR
174The pseudo-command \fBno\-\fR\fI\s-1XXX\s0\fR tests whether a command of the
175specified name is available. If no command named \fI\s-1XXX\s0\fR exists, it
176returns 0 (success) and prints \fBno\-\fR\fI\s-1XXX\s0\fR; otherwise it returns 1
177and prints \fI\s-1XXX\s0\fR. In both cases, the output goes to \fBstdout\fR and
984263bc
MD
178nothing is printed to \fBstderr\fR. Additional command line arguments
179are always ignored. Since for each cipher there is a command of the
180same name, this provides an easy way for shell scripts to test for the
8b0cefbb 181availability of ciphers in the \fBopenssl\fR program. (\fBno\-\fR\fI\s-1XXX\s0\fR is
984263bc 182not able to detect pseudo-commands such as \fBquit\fR,
8b0cefbb 183\&\fBlist\-\fR\fI...\fR\fB\-commands\fR, or \fBno\-\fR\fI\s-1XXX\s0\fR itself.)
984263bc 184.Sh "\s-1STANDARD\s0 \s-1COMMANDS\s0"
8b0cefbb
JR
185.IX Subsection "STANDARD COMMANDS"
186.IP "\fBasn1parse\fR" 10
187.IX Item "asn1parse"
984263bc 188Parse an \s-1ASN\s0.1 sequence.
8b0cefbb
JR
189.IP "\fBca\fR" 10
190.IX Item "ca"
aac4ff6f 191Certificate Authority (\s-1CA\s0) Management.
8b0cefbb
JR
192.IP "\fBciphers\fR" 10
193.IX Item "ciphers"
984263bc 194Cipher Suite Description Determination.
8b0cefbb
JR
195.IP "\fBcrl\fR" 10
196.IX Item "crl"
984263bc 197Certificate Revocation List (\s-1CRL\s0) Management.
8b0cefbb
JR
198.IP "\fBcrl2pkcs7\fR" 10
199.IX Item "crl2pkcs7"
200\&\s-1CRL\s0 to PKCS#7 Conversion.
201.IP "\fBdgst\fR" 10
202.IX Item "dgst"
984263bc 203Message Digest Calculation.
8b0cefbb
JR
204.IP "\fBdh\fR" 10
205.IX Item "dh"
984263bc
MD
206Diffie-Hellman Parameter Management.
207Obsoleted by \fBdhparam\fR.
8b0cefbb
JR
208.IP "\fBdsa\fR" 10
209.IX Item "dsa"
210\&\s-1DSA\s0 Data Management.
211.IP "\fBdsaparam\fR" 10
212.IX Item "dsaparam"
213\&\s-1DSA\s0 Parameter Generation.
214.IP "\fBenc\fR" 10
215.IX Item "enc"
984263bc 216Encoding with Ciphers.
8b0cefbb
JR
217.IP "\fBerrstr\fR" 10
218.IX Item "errstr"
984263bc 219Error Number to Error String Conversion.
8b0cefbb
JR
220.IP "\fBdhparam\fR" 10
221.IX Item "dhparam"
984263bc 222Generation and Management of Diffie-Hellman Parameters.
8b0cefbb
JR
223.IP "\fBgendh\fR" 10
224.IX Item "gendh"
984263bc
MD
225Generation of Diffie-Hellman Parameters.
226Obsoleted by \fBdhparam\fR.
8b0cefbb
JR
227.IP "\fBgendsa\fR" 10
228.IX Item "gendsa"
984263bc 229Generation of \s-1DSA\s0 Parameters.
8b0cefbb
JR
230.IP "\fBgenrsa\fR" 10
231.IX Item "genrsa"
984263bc 232Generation of \s-1RSA\s0 Parameters.
8b0cefbb
JR
233.IP "\fBocsp\fR" 10
234.IX Item "ocsp"
984263bc 235Online Certificate Status Protocol utility.
8b0cefbb
JR
236.IP "\fBpasswd\fR" 10
237.IX Item "passwd"
984263bc 238Generation of hashed passwords.
8b0cefbb
JR
239.IP "\fBpkcs12\fR" 10
240.IX Item "pkcs12"
241PKCS#12 Data Management.
242.IP "\fBpkcs7\fR" 10
243.IX Item "pkcs7"
244PKCS#7 Data Management.
245.IP "\fBrand\fR" 10
246.IX Item "rand"
984263bc 247Generate pseudo-random bytes.
8b0cefbb
JR
248.IP "\fBreq\fR" 10
249.IX Item "req"
984263bc 250X.509 Certificate Signing Request (\s-1CSR\s0) Management.
8b0cefbb
JR
251.IP "\fBrsa\fR" 10
252.IX Item "rsa"
253\&\s-1RSA\s0 Data Management.
254.IP "\fBrsautl\fR" 10
255.IX Item "rsautl"
256\&\s-1RSA\s0 utility for signing, verification, encryption, and decryption.
257.IP "\fBs_client\fR" 10
258.IX Item "s_client"
984263bc
MD
259This implements a generic \s-1SSL/TLS\s0 client which can establish a transparent
260connection to a remote server speaking \s-1SSL/TLS\s0. It's intended for testing
261purposes only and provides only rudimentary interface functionality but
262internally uses mostly all functionality of the OpenSSL \fBssl\fR library.
8b0cefbb
JR
263.IP "\fBs_server\fR" 10
264.IX Item "s_server"
984263bc
MD
265This implements a generic \s-1SSL/TLS\s0 server which accepts connections from remote
266clients speaking \s-1SSL/TLS\s0. It's intended for testing purposes only and provides
267only rudimentary interface functionality but internally uses mostly all
268functionality of the OpenSSL \fBssl\fR library. It provides both an own command
269line oriented protocol for testing \s-1SSL\s0 functions and a simple \s-1HTTP\s0 response
8b0cefbb
JR
270facility to emulate an SSL/TLS\-aware webserver.
271.IP "\fBs_time\fR" 10
272.IX Item "s_time"
273\&\s-1SSL\s0 Connection Timer.
274.IP "\fBsess_id\fR" 10
275.IX Item "sess_id"
276\&\s-1SSL\s0 Session Data Management.
277.IP "\fBsmime\fR" 10
278.IX Item "smime"
279S/MIME mail processing.
280.IP "\fBspeed\fR" 10
281.IX Item "speed"
984263bc 282Algorithm Speed Measurement.
8b0cefbb
JR
283.IP "\fBverify\fR" 10
284.IX Item "verify"
984263bc 285X.509 Certificate Verification.
8b0cefbb
JR
286.IP "\fBversion\fR" 10
287.IX Item "version"
984263bc 288OpenSSL Version Information.
8b0cefbb
JR
289.IP "\fBx509\fR" 10
290.IX Item "x509"
984263bc
MD
291X.509 Certificate Data Management.
292.Sh "\s-1MESSAGE\s0 \s-1DIGEST\s0 \s-1COMMANDS\s0"
8b0cefbb
JR
293.IX Subsection "MESSAGE DIGEST COMMANDS"
294.IP "\fBmd2\fR" 10
295.IX Item "md2"
296\&\s-1MD2\s0 Digest
297.IP "\fBmd5\fR" 10
298.IX Item "md5"
299\&\s-1MD5\s0 Digest
300.IP "\fBmdc2\fR" 10
301.IX Item "mdc2"
302\&\s-1MDC2\s0 Digest
303.IP "\fBrmd160\fR" 10
304.IX Item "rmd160"
305\&\s-1RMD\-160\s0 Digest
306.IP "\fBsha\fR" 10
307.IX Item "sha"
308\&\s-1SHA\s0 Digest
309.IP "\fBsha1\fR" 10
310.IX Item "sha1"
311\&\s-1SHA\-1\s0 Digest
2c0715f4
PA
312.IP "\fBsha224\fR" 10
313.IX Item "sha224"
314\&\s-1SHA\-224\s0 Digest
315.IP "\fBsha256\fR" 10
316.IX Item "sha256"
317\&\s-1SHA\-256\s0 Digest
318.IP "\fBsha384\fR" 10
319.IX Item "sha384"
320\&\s-1SHA\-384\s0 Digest
321.IP "\fBsha512\fR" 10
322.IX Item "sha512"
323\&\s-1SHA\-512\s0 Digest
984263bc 324.Sh "\s-1ENCODING\s0 \s-1AND\s0 \s-1CIPHER\s0 \s-1COMMANDS\s0"
8b0cefbb
JR
325.IX Subsection "ENCODING AND CIPHER COMMANDS"
326.IP "\fBbase64\fR" 10
327.IX Item "base64"
984263bc 328Base64 Encoding
8b0cefbb
JR
329.IP "\fBbf bf-cbc bf-cfb bf-ecb bf-ofb\fR" 10
330.IX Item "bf bf-cbc bf-cfb bf-ecb bf-ofb"
984263bc 331Blowfish Cipher
8b0cefbb
JR
332.IP "\fBcast cast-cbc\fR" 10
333.IX Item "cast cast-cbc"
334\&\s-1CAST\s0 Cipher
335.IP "\fBcast5\-cbc cast5\-cfb cast5\-ecb cast5\-ofb\fR" 10
336.IX Item "cast5-cbc cast5-cfb cast5-ecb cast5-ofb"
337\&\s-1CAST5\s0 Cipher
338.IP "\fBdes des-cbc des-cfb des-ecb des-ede des-ede-cbc des-ede-cfb des-ede-ofb des-ofb\fR" 10
339.IX Item "des des-cbc des-cfb des-ecb des-ede des-ede-cbc des-ede-cfb des-ede-ofb des-ofb"
340\&\s-1DES\s0 Cipher
341.IP "\fBdes3 desx des\-ede3 des\-ede3\-cbc des\-ede3\-cfb des\-ede3\-ofb\fR" 10
342.IX Item "des3 desx des-ede3 des-ede3-cbc des-ede3-cfb des-ede3-ofb"
343Triple-DES Cipher
344.IP "\fBidea idea-cbc idea-cfb idea-ecb idea-ofb\fR" 10
345.IX Item "idea idea-cbc idea-cfb idea-ecb idea-ofb"
346\&\s-1IDEA\s0 Cipher
347.IP "\fBrc2 rc2\-cbc rc2\-cfb rc2\-ecb rc2\-ofb\fR" 10
348.IX Item "rc2 rc2-cbc rc2-cfb rc2-ecb rc2-ofb"
349\&\s-1RC2\s0 Cipher
350.IP "\fBrc4\fR" 10
351.IX Item "rc4"
352\&\s-1RC4\s0 Cipher
353.IP "\fBrc5 rc5\-cbc rc5\-cfb rc5\-ecb rc5\-ofb\fR" 10
354.IX Item "rc5 rc5-cbc rc5-cfb rc5-ecb rc5-ofb"
355\&\s-1RC5\s0 Cipher
984263bc 356.SH "PASS PHRASE ARGUMENTS"
8b0cefbb 357.IX Header "PASS PHRASE ARGUMENTS"
984263bc
MD
358Several commands accept password arguments, typically using \fB\-passin\fR
359and \fB\-passout\fR for input and output passwords respectively. These allow
360the password to be obtained from a variety of sources. Both of these
361options take a single argument whose format is described below. If no
362password argument is given and a password is required then the user is
363prompted to enter one: this will typically be read from the current
364terminal with echoing turned off.
8b0cefbb
JR
365.IP "\fBpass:password\fR" 10
366.IX Item "pass:password"
984263bc 367the actual password is \fBpassword\fR. Since the password is visible
8b0cefbb 368to utilities (like 'ps' under Unix) this form should only be used
984263bc 369where security is not important.
8b0cefbb
JR
370.IP "\fBenv:var\fR" 10
371.IX Item "env:var"
984263bc
MD
372obtain the password from the environment variable \fBvar\fR. Since
373the environment of other processes is visible on certain platforms
374(e.g. ps under certain Unix OSes) this option should be used with caution.
8b0cefbb
JR
375.IP "\fBfile:pathname\fR" 10
376.IX Item "file:pathname"
984263bc
MD
377the first line of \fBpathname\fR is the password. If the same \fBpathname\fR
378argument is supplied to \fB\-passin\fR and \fB\-passout\fR arguments then the first
379line will be used for the input password and the next line for the output
380password. \fBpathname\fR need not refer to a regular file: it could for example
381refer to a device or named pipe.
8b0cefbb
JR
382.IP "\fBfd:number\fR" 10
383.IX Item "fd:number"
984263bc
MD
384read the password from the file descriptor \fBnumber\fR. This can be used to
385send the data via a pipe for example.
8b0cefbb
JR
386.IP "\fBstdin\fR" 10
387.IX Item "stdin"
984263bc
MD
388read the password from standard input.
389.SH "SEE ALSO"
8b0cefbb
JR
390.IX Header "SEE ALSO"
391\&\fIasn1parse\fR\|(1), \fIca\fR\|(1), \fIconfig\fR\|(5),
392\&\fIcrl\fR\|(1), \fIcrl2pkcs7\fR\|(1), \fIdgst\fR\|(1),
393\&\fIdhparam\fR\|(1), \fIdsa\fR\|(1), \fIdsaparam\fR\|(1),
394\&\fIenc\fR\|(1), \fIgendsa\fR\|(1),
395\&\fIgenrsa\fR\|(1), \fInseq\fR\|(1), \fIopenssl\fR\|(1),
396\&\fIpasswd\fR\|(1),
397\&\fIpkcs12\fR\|(1), \fIpkcs7\fR\|(1), \fIpkcs8\fR\|(1),
398\&\fIrand\fR\|(1), \fIreq\fR\|(1), \fIrsa\fR\|(1),
399\&\fIrsautl\fR\|(1), \fIs_client\fR\|(1),
400\&\fIs_server\fR\|(1), \fIs_time\fR\|(1),
401\&\fIsmime\fR\|(1), \fIspkac\fR\|(1),
402\&\fIverify\fR\|(1), \fIversion\fR\|(1), \fIx509\fR\|(1),
aac4ff6f 403\&\fIcrypto\fR\|(3), \fIssl\fR\|(3)
984263bc 404.SH "HISTORY"
8b0cefbb 405.IX Header "HISTORY"
984263bc 406The \fIopenssl\fR\|(1) document appeared in OpenSSL 0.9.2.
8b0cefbb
JR
407The \fBlist\-\fR\fI\s-1XXX\s0\fR\fB\-commands\fR pseudo-commands were added in OpenSSL 0.9.3;
408the \fBno\-\fR\fI\s-1XXX\s0\fR pseudo-commands were added in OpenSSL 0.9.5a.
984263bc
MD
409For notes on the availability of other commands, see their individual
410manual pages.