Update build for OpenSSL-0.9.8j upgrade.
[dragonfly.git] / secure / usr.bin / openssl / man / openssl.1
CommitLineData
e257b235 1.\" Automatically generated by Pod::Man 2.16 (Pod::Simple 3.05)
8b0cefbb
JR
2.\"
3.\" Standard preamble:
4.\" ========================================================================
5.de Sh \" Subsection heading
984263bc
MD
6.br
7.if t .Sp
8.ne 5
9.PP
10\fB\\$1\fR
11.PP
12..
8b0cefbb 13.de Sp \" Vertical space (when we can't use .PP)
984263bc
MD
14.if t .sp .5v
15.if n .sp
16..
8b0cefbb 17.de Vb \" Begin verbatim text
984263bc
MD
18.ft CW
19.nf
20.ne \\$1
21..
8b0cefbb 22.de Ve \" End verbatim text
984263bc 23.ft R
984263bc
MD
24.fi
25..
8b0cefbb
JR
26.\" Set up some character translations and predefined strings. \*(-- will
27.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
e257b235
PA
28.\" double quote, and \*(R" will give a right double quote. \*(C+ will
29.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
30.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
31.\" nothing in troff, for use with C<>.
32.tr \(*W-
8b0cefbb 33.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
984263bc 34.ie n \{\
8b0cefbb
JR
35. ds -- \(*W-
36. ds PI pi
37. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
38. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
39. ds L" ""
40. ds R" ""
41. ds C` ""
42. ds C' ""
984263bc
MD
43'br\}
44.el\{\
8b0cefbb
JR
45. ds -- \|\(em\|
46. ds PI \(*p
47. ds L" ``
48. ds R" ''
984263bc 49'br\}
8b0cefbb 50.\"
e257b235
PA
51.\" Escape single quotes in literal strings from groff's Unicode transform.
52.ie \n(.g .ds Aq \(aq
53.el .ds Aq '
54.\"
8b0cefbb
JR
55.\" If the F register is turned on, we'll generate index entries on stderr for
56.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index
57.\" entries marked with X<> in POD. Of course, you'll have to process the
58.\" output yourself in some meaningful fashion.
e257b235 59.ie \nF \{\
8b0cefbb
JR
60. de IX
61. tm Index:\\$1\t\\n%\t"\\$2"
984263bc 62..
8b0cefbb
JR
63. nr % 0
64. rr F
984263bc 65.\}
e257b235
PA
66.el \{\
67. de IX
68..
69.\}
aac4ff6f 70.\"
8b0cefbb
JR
71.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
72.\" Fear. Run. Save yourself. No user-serviceable parts.
73. \" fudge factors for nroff and troff
984263bc 74.if n \{\
8b0cefbb
JR
75. ds #H 0
76. ds #V .8m
77. ds #F .3m
78. ds #[ \f1
79. ds #] \fP
984263bc
MD
80.\}
81.if t \{\
8b0cefbb
JR
82. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
83. ds #V .6m
84. ds #F 0
85. ds #[ \&
86. ds #] \&
984263bc 87.\}
8b0cefbb 88. \" simple accents for nroff and troff
984263bc 89.if n \{\
8b0cefbb
JR
90. ds ' \&
91. ds ` \&
92. ds ^ \&
93. ds , \&
94. ds ~ ~
95. ds /
984263bc
MD
96.\}
97.if t \{\
8b0cefbb
JR
98. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
99. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
100. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
101. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
102. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
103. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
984263bc 104.\}
8b0cefbb 105. \" troff and (daisy-wheel) nroff accents
984263bc
MD
106.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
107.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
108.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
109.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
110.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
111.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
112.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
113.ds ae a\h'-(\w'a'u*4/10)'e
114.ds Ae A\h'-(\w'A'u*4/10)'E
8b0cefbb 115. \" corrections for vroff
984263bc
MD
116.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
117.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
8b0cefbb 118. \" for low resolution devices (crt and lpr)
984263bc
MD
119.if \n(.H>23 .if \n(.V>19 \
120\{\
8b0cefbb
JR
121. ds : e
122. ds 8 ss
123. ds o a
124. ds d- d\h'-1'\(ga
125. ds D- D\h'-1'\(hy
126. ds th \o'bp'
127. ds Th \o'LP'
128. ds ae ae
129. ds Ae AE
984263bc
MD
130.\}
131.rm #[ #] #H #V #F C
8b0cefbb
JR
132.\" ========================================================================
133.\"
134.IX Title "OPENSSL 1"
e257b235
PA
135.TH OPENSSL 1 "2009-01-11" "0.9.8j" "OpenSSL"
136.\" For nroff, turn off justification. Always turn off hyphenation; it makes
137.\" way too many mistakes in technical documents.
138.if n .ad l
139.nh
984263bc
MD
140.SH "NAME"
141openssl \- OpenSSL command line tool
142.SH "SYNOPSIS"
8b0cefbb
JR
143.IX Header "SYNOPSIS"
144\&\fBopenssl\fR
145\&\fIcommand\fR
984263bc
MD
146[ \fIcommand_opts\fR ]
147[ \fIcommand_args\fR ]
148.PP
8b0cefbb 149\&\fBopenssl\fR [ \fBlist-standard-commands\fR | \fBlist-message-digest-commands\fR | \fBlist-cipher-commands\fR ]
984263bc 150.PP
8b0cefbb 151\&\fBopenssl\fR \fBno\-\fR\fI\s-1XXX\s0\fR [ \fIarbitrary options\fR ]
984263bc 152.SH "DESCRIPTION"
8b0cefbb
JR
153.IX Header "DESCRIPTION"
154OpenSSL is a cryptography toolkit implementing the Secure Sockets Layer (\s-1SSL\s0
155v2/v3) and Transport Layer Security (\s-1TLS\s0 v1) network protocols and related
984263bc
MD
156cryptography standards required by them.
157.PP
158The \fBopenssl\fR program is a command line tool for using the various
159cryptography functions of OpenSSL's \fBcrypto\fR library from the shell.
e257b235 160It can be used for
984263bc
MD
161.PP
162.Vb 6
163\& o Creation of RSA, DH and DSA key parameters
164\& o Creation of X.509 certificates, CSRs and CRLs
165\& o Calculation of Message Digests
166\& o Encryption and Decryption with Ciphers
167\& o SSL/TLS Client and Server Tests
168\& o Handling of S/MIME signed or encrypted mail
169.Ve
170.SH "COMMAND SUMMARY"
8b0cefbb 171.IX Header "COMMAND SUMMARY"
984263bc 172The \fBopenssl\fR program provides a rich variety of commands (\fIcommand\fR in the
8b0cefbb
JR
173\&\s-1SYNOPSIS\s0 above), each of which often has a wealth of options and arguments
174(\fIcommand_opts\fR and \fIcommand_args\fR in the \s-1SYNOPSIS\s0).
984263bc
MD
175.PP
176The pseudo-commands \fBlist-standard-commands\fR, \fBlist-message-digest-commands\fR,
177and \fBlist-cipher-commands\fR output a list (one entry per line) of the names
178of all standard commands, message digest commands, or cipher commands,
179respectively, that are available in the present \fBopenssl\fR utility.
180.PP
8b0cefbb
JR
181The pseudo-command \fBno\-\fR\fI\s-1XXX\s0\fR tests whether a command of the
182specified name is available. If no command named \fI\s-1XXX\s0\fR exists, it
183returns 0 (success) and prints \fBno\-\fR\fI\s-1XXX\s0\fR; otherwise it returns 1
184and prints \fI\s-1XXX\s0\fR. In both cases, the output goes to \fBstdout\fR and
984263bc
MD
185nothing is printed to \fBstderr\fR. Additional command line arguments
186are always ignored. Since for each cipher there is a command of the
187same name, this provides an easy way for shell scripts to test for the
8b0cefbb 188availability of ciphers in the \fBopenssl\fR program. (\fBno\-\fR\fI\s-1XXX\s0\fR is
984263bc 189not able to detect pseudo-commands such as \fBquit\fR,
8b0cefbb 190\&\fBlist\-\fR\fI...\fR\fB\-commands\fR, or \fBno\-\fR\fI\s-1XXX\s0\fR itself.)
984263bc 191.Sh "\s-1STANDARD\s0 \s-1COMMANDS\s0"
8b0cefbb
JR
192.IX Subsection "STANDARD COMMANDS"
193.IP "\fBasn1parse\fR" 10
194.IX Item "asn1parse"
984263bc 195Parse an \s-1ASN\s0.1 sequence.
8b0cefbb
JR
196.IP "\fBca\fR" 10
197.IX Item "ca"
e257b235 198Certificate Authority (\s-1CA\s0) Management.
8b0cefbb
JR
199.IP "\fBciphers\fR" 10
200.IX Item "ciphers"
984263bc 201Cipher Suite Description Determination.
8b0cefbb
JR
202.IP "\fBcrl\fR" 10
203.IX Item "crl"
984263bc 204Certificate Revocation List (\s-1CRL\s0) Management.
8b0cefbb
JR
205.IP "\fBcrl2pkcs7\fR" 10
206.IX Item "crl2pkcs7"
207\&\s-1CRL\s0 to PKCS#7 Conversion.
208.IP "\fBdgst\fR" 10
209.IX Item "dgst"
984263bc 210Message Digest Calculation.
8b0cefbb
JR
211.IP "\fBdh\fR" 10
212.IX Item "dh"
984263bc
MD
213Diffie-Hellman Parameter Management.
214Obsoleted by \fBdhparam\fR.
8b0cefbb
JR
215.IP "\fBdsa\fR" 10
216.IX Item "dsa"
217\&\s-1DSA\s0 Data Management.
218.IP "\fBdsaparam\fR" 10
219.IX Item "dsaparam"
220\&\s-1DSA\s0 Parameter Generation.
221.IP "\fBenc\fR" 10
222.IX Item "enc"
984263bc 223Encoding with Ciphers.
8b0cefbb
JR
224.IP "\fBerrstr\fR" 10
225.IX Item "errstr"
984263bc 226Error Number to Error String Conversion.
8b0cefbb
JR
227.IP "\fBdhparam\fR" 10
228.IX Item "dhparam"
984263bc 229Generation and Management of Diffie-Hellman Parameters.
8b0cefbb
JR
230.IP "\fBgendh\fR" 10
231.IX Item "gendh"
984263bc
MD
232Generation of Diffie-Hellman Parameters.
233Obsoleted by \fBdhparam\fR.
8b0cefbb
JR
234.IP "\fBgendsa\fR" 10
235.IX Item "gendsa"
984263bc 236Generation of \s-1DSA\s0 Parameters.
8b0cefbb
JR
237.IP "\fBgenrsa\fR" 10
238.IX Item "genrsa"
984263bc 239Generation of \s-1RSA\s0 Parameters.
8b0cefbb
JR
240.IP "\fBocsp\fR" 10
241.IX Item "ocsp"
984263bc 242Online Certificate Status Protocol utility.
8b0cefbb
JR
243.IP "\fBpasswd\fR" 10
244.IX Item "passwd"
984263bc 245Generation of hashed passwords.
8b0cefbb
JR
246.IP "\fBpkcs12\fR" 10
247.IX Item "pkcs12"
248PKCS#12 Data Management.
249.IP "\fBpkcs7\fR" 10
250.IX Item "pkcs7"
251PKCS#7 Data Management.
252.IP "\fBrand\fR" 10
253.IX Item "rand"
984263bc 254Generate pseudo-random bytes.
8b0cefbb
JR
255.IP "\fBreq\fR" 10
256.IX Item "req"
984263bc 257X.509 Certificate Signing Request (\s-1CSR\s0) Management.
8b0cefbb
JR
258.IP "\fBrsa\fR" 10
259.IX Item "rsa"
260\&\s-1RSA\s0 Data Management.
261.IP "\fBrsautl\fR" 10
262.IX Item "rsautl"
263\&\s-1RSA\s0 utility for signing, verification, encryption, and decryption.
264.IP "\fBs_client\fR" 10
265.IX Item "s_client"
984263bc
MD
266This implements a generic \s-1SSL/TLS\s0 client which can establish a transparent
267connection to a remote server speaking \s-1SSL/TLS\s0. It's intended for testing
268purposes only and provides only rudimentary interface functionality but
269internally uses mostly all functionality of the OpenSSL \fBssl\fR library.
8b0cefbb
JR
270.IP "\fBs_server\fR" 10
271.IX Item "s_server"
984263bc
MD
272This implements a generic \s-1SSL/TLS\s0 server which accepts connections from remote
273clients speaking \s-1SSL/TLS\s0. It's intended for testing purposes only and provides
274only rudimentary interface functionality but internally uses mostly all
275functionality of the OpenSSL \fBssl\fR library. It provides both an own command
276line oriented protocol for testing \s-1SSL\s0 functions and a simple \s-1HTTP\s0 response
8b0cefbb
JR
277facility to emulate an SSL/TLS\-aware webserver.
278.IP "\fBs_time\fR" 10
279.IX Item "s_time"
280\&\s-1SSL\s0 Connection Timer.
281.IP "\fBsess_id\fR" 10
282.IX Item "sess_id"
283\&\s-1SSL\s0 Session Data Management.
284.IP "\fBsmime\fR" 10
285.IX Item "smime"
286S/MIME mail processing.
287.IP "\fBspeed\fR" 10
288.IX Item "speed"
984263bc 289Algorithm Speed Measurement.
8b0cefbb
JR
290.IP "\fBverify\fR" 10
291.IX Item "verify"
984263bc 292X.509 Certificate Verification.
8b0cefbb
JR
293.IP "\fBversion\fR" 10
294.IX Item "version"
984263bc 295OpenSSL Version Information.
8b0cefbb
JR
296.IP "\fBx509\fR" 10
297.IX Item "x509"
984263bc
MD
298X.509 Certificate Data Management.
299.Sh "\s-1MESSAGE\s0 \s-1DIGEST\s0 \s-1COMMANDS\s0"
8b0cefbb
JR
300.IX Subsection "MESSAGE DIGEST COMMANDS"
301.IP "\fBmd2\fR" 10
302.IX Item "md2"
303\&\s-1MD2\s0 Digest
304.IP "\fBmd5\fR" 10
305.IX Item "md5"
306\&\s-1MD5\s0 Digest
307.IP "\fBmdc2\fR" 10
308.IX Item "mdc2"
309\&\s-1MDC2\s0 Digest
310.IP "\fBrmd160\fR" 10
311.IX Item "rmd160"
312\&\s-1RMD\-160\s0 Digest
313.IP "\fBsha\fR" 10
314.IX Item "sha"
315\&\s-1SHA\s0 Digest
316.IP "\fBsha1\fR" 10
317.IX Item "sha1"
318\&\s-1SHA\-1\s0 Digest
2c0715f4
PA
319.IP "\fBsha224\fR" 10
320.IX Item "sha224"
321\&\s-1SHA\-224\s0 Digest
322.IP "\fBsha256\fR" 10
323.IX Item "sha256"
324\&\s-1SHA\-256\s0 Digest
325.IP "\fBsha384\fR" 10
326.IX Item "sha384"
327\&\s-1SHA\-384\s0 Digest
328.IP "\fBsha512\fR" 10
329.IX Item "sha512"
330\&\s-1SHA\-512\s0 Digest
984263bc 331.Sh "\s-1ENCODING\s0 \s-1AND\s0 \s-1CIPHER\s0 \s-1COMMANDS\s0"
8b0cefbb
JR
332.IX Subsection "ENCODING AND CIPHER COMMANDS"
333.IP "\fBbase64\fR" 10
334.IX Item "base64"
984263bc 335Base64 Encoding
8b0cefbb
JR
336.IP "\fBbf bf-cbc bf-cfb bf-ecb bf-ofb\fR" 10
337.IX Item "bf bf-cbc bf-cfb bf-ecb bf-ofb"
984263bc 338Blowfish Cipher
8b0cefbb
JR
339.IP "\fBcast cast-cbc\fR" 10
340.IX Item "cast cast-cbc"
341\&\s-1CAST\s0 Cipher
342.IP "\fBcast5\-cbc cast5\-cfb cast5\-ecb cast5\-ofb\fR" 10
343.IX Item "cast5-cbc cast5-cfb cast5-ecb cast5-ofb"
344\&\s-1CAST5\s0 Cipher
345.IP "\fBdes des-cbc des-cfb des-ecb des-ede des-ede-cbc des-ede-cfb des-ede-ofb des-ofb\fR" 10
346.IX Item "des des-cbc des-cfb des-ecb des-ede des-ede-cbc des-ede-cfb des-ede-ofb des-ofb"
347\&\s-1DES\s0 Cipher
348.IP "\fBdes3 desx des\-ede3 des\-ede3\-cbc des\-ede3\-cfb des\-ede3\-ofb\fR" 10
349.IX Item "des3 desx des-ede3 des-ede3-cbc des-ede3-cfb des-ede3-ofb"
350Triple-DES Cipher
351.IP "\fBidea idea-cbc idea-cfb idea-ecb idea-ofb\fR" 10
352.IX Item "idea idea-cbc idea-cfb idea-ecb idea-ofb"
353\&\s-1IDEA\s0 Cipher
354.IP "\fBrc2 rc2\-cbc rc2\-cfb rc2\-ecb rc2\-ofb\fR" 10
355.IX Item "rc2 rc2-cbc rc2-cfb rc2-ecb rc2-ofb"
356\&\s-1RC2\s0 Cipher
357.IP "\fBrc4\fR" 10
358.IX Item "rc4"
359\&\s-1RC4\s0 Cipher
360.IP "\fBrc5 rc5\-cbc rc5\-cfb rc5\-ecb rc5\-ofb\fR" 10
361.IX Item "rc5 rc5-cbc rc5-cfb rc5-ecb rc5-ofb"
362\&\s-1RC5\s0 Cipher
984263bc 363.SH "PASS PHRASE ARGUMENTS"
8b0cefbb 364.IX Header "PASS PHRASE ARGUMENTS"
984263bc
MD
365Several commands accept password arguments, typically using \fB\-passin\fR
366and \fB\-passout\fR for input and output passwords respectively. These allow
367the password to be obtained from a variety of sources. Both of these
368options take a single argument whose format is described below. If no
369password argument is given and a password is required then the user is
370prompted to enter one: this will typically be read from the current
371terminal with echoing turned off.
8b0cefbb
JR
372.IP "\fBpass:password\fR" 10
373.IX Item "pass:password"
984263bc 374the actual password is \fBpassword\fR. Since the password is visible
8b0cefbb 375to utilities (like 'ps' under Unix) this form should only be used
984263bc 376where security is not important.
8b0cefbb
JR
377.IP "\fBenv:var\fR" 10
378.IX Item "env:var"
984263bc
MD
379obtain the password from the environment variable \fBvar\fR. Since
380the environment of other processes is visible on certain platforms
381(e.g. ps under certain Unix OSes) this option should be used with caution.
8b0cefbb
JR
382.IP "\fBfile:pathname\fR" 10
383.IX Item "file:pathname"
984263bc
MD
384the first line of \fBpathname\fR is the password. If the same \fBpathname\fR
385argument is supplied to \fB\-passin\fR and \fB\-passout\fR arguments then the first
386line will be used for the input password and the next line for the output
387password. \fBpathname\fR need not refer to a regular file: it could for example
388refer to a device or named pipe.
8b0cefbb
JR
389.IP "\fBfd:number\fR" 10
390.IX Item "fd:number"
984263bc
MD
391read the password from the file descriptor \fBnumber\fR. This can be used to
392send the data via a pipe for example.
8b0cefbb
JR
393.IP "\fBstdin\fR" 10
394.IX Item "stdin"
984263bc
MD
395read the password from standard input.
396.SH "SEE ALSO"
8b0cefbb
JR
397.IX Header "SEE ALSO"
398\&\fIasn1parse\fR\|(1), \fIca\fR\|(1), \fIconfig\fR\|(5),
399\&\fIcrl\fR\|(1), \fIcrl2pkcs7\fR\|(1), \fIdgst\fR\|(1),
400\&\fIdhparam\fR\|(1), \fIdsa\fR\|(1), \fIdsaparam\fR\|(1),
401\&\fIenc\fR\|(1), \fIgendsa\fR\|(1),
402\&\fIgenrsa\fR\|(1), \fInseq\fR\|(1), \fIopenssl\fR\|(1),
403\&\fIpasswd\fR\|(1),
404\&\fIpkcs12\fR\|(1), \fIpkcs7\fR\|(1), \fIpkcs8\fR\|(1),
405\&\fIrand\fR\|(1), \fIreq\fR\|(1), \fIrsa\fR\|(1),
406\&\fIrsautl\fR\|(1), \fIs_client\fR\|(1),
407\&\fIs_server\fR\|(1), \fIs_time\fR\|(1),
408\&\fIsmime\fR\|(1), \fIspkac\fR\|(1),
409\&\fIverify\fR\|(1), \fIversion\fR\|(1), \fIx509\fR\|(1),
e257b235 410\&\fIcrypto\fR\|(3), \fIssl\fR\|(3)
984263bc 411.SH "HISTORY"
8b0cefbb 412.IX Header "HISTORY"
984263bc 413The \fIopenssl\fR\|(1) document appeared in OpenSSL 0.9.2.
8b0cefbb
JR
414The \fBlist\-\fR\fI\s-1XXX\s0\fR\fB\-commands\fR pseudo-commands were added in OpenSSL 0.9.3;
415the \fBno\-\fR\fI\s-1XXX\s0\fR pseudo-commands were added in OpenSSL 0.9.5a.
984263bc
MD
416For notes on the availability of other commands, see their individual
417manual pages.