2 ''' $RCSfile$$Revision$$Date$
20 .ie \\n(.$>=3 .ne \\$3
36 ''' Set up \*(-- to give an unbreakable dash;
37 ''' string Tr holds user defined translation string.
38 ''' Bell System Logo is used as a dummy character.
44 .if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
45 .if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
48 ''' \*(M", \*(S", \*(N" and \*(T" are the equivalent of
49 ''' \*(L" and \*(R", except that they are used on ".xx" lines,
50 ''' such as .IP and .SH, which do another additional levels of
51 ''' double-quote interpretation
80 .\" If the F register is turned on, we'll generate
81 .\" index entries out stderr for the following things:
86 .\" X<> Xref (embedded
87 .\" Of course, you have to process the output yourself
88 .\" in some meaninful fashion.
91 .tm Index:\\$1\t\\n%\t"\\$2"
96 .TH PKCS7 1 "0.9.7d" "2/Sep/2004" "OpenSSL"
100 .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
101 .de CQ \" put $1 in typewriter font
107 \\&\\$2 \\$3 \\$4 \\$5 \\$6 \\$7
110 .\" @(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2
111 . \" AM - accent mark definitions
113 . \" fudge factors for nroff and troff
122 . ds #H ((1u-(\\\\n(.fu%2u))*.13m)
128 . \" simple accents for nroff and troff
141 . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
142 . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
143 . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
144 . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
145 . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
146 . ds ? \s-2c\h'-\w'c'u*7/10'\u\h'\*(#H'\zi\d\s+2\h'\w'c'u*8/10'
147 . ds ! \s-2\(or\s+2\h'-\w'\(or'u'\v'-.8m'.\v'.8m'
148 . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
149 . ds q o\h'-\w'o'u*8/10'\s-4\v'.4m'\z\(*i\v'-.4m'\s+4\h'\w'o'u*8/10'
151 . \" troff and (daisy-wheel) nroff accents
152 .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
153 .ds 8 \h'\*(#H'\(*b\h'-\*(#H'
154 .ds v \\k:\h'-(\\n(.wu*9/10-\*(#H)'\v'-\*(#V'\*(#[\s-4v\s0\v'\*(#V'\h'|\\n:u'\*(#]
155 .ds _ \\k:\h'-(\\n(.wu*9/10-\*(#H+(\*(#F*2/3))'\v'-.4m'\z\(hy\v'.4m'\h'|\\n:u'
156 .ds . \\k:\h'-(\\n(.wu*8/10)'\v'\*(#V*4/10'\z.\v'-\*(#V*4/10'\h'|\\n:u'
157 .ds 3 \*(#[\v'.2m'\s-2\&3\s0\v'-.2m'\*(#]
158 .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
159 .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
160 .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
161 .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
162 .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
163 .ds ae a\h'-(\w'a'u*4/10)'e
164 .ds Ae A\h'-(\w'A'u*4/10)'E
165 .ds oe o\h'-(\w'o'u*4/10)'e
166 .ds Oe O\h'-(\w'O'u*4/10)'E
167 . \" corrections for vroff
168 .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
169 .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
170 . \" for low resolution devices (crt and lpr)
171 .if \n(.H>23 .if \n(.V>19 \
175 . ds v \h'-1'\o'\(aa\(ga'
191 pkcs7 \- PKCS#7 utility
193 \fBopenssl\fR \fBpkcs7\fR
194 [\fB\-inform PEM|DER\fR]
195 [\fB\-outform PEM|DER\fR]
196 [\fB\-in filename\fR]
197 [\fB\-out filename\fR]
198 [\fB\-print_certs\fR]
203 The \fBpkcs7\fR command processes PKCS#7 files in DER or PEM format.
204 .SH "COMMAND OPTIONS"
205 .Ip "\fB\-inform \s-1DER\s0|\s-1PEM\s0\fR" 4
206 This specifies the input format. \fB\s-1DER\s0\fR format is \s-1DER\s0 encoded \s-1PKCS\s0#7
207 v1.5 structure.\fB\s-1PEM\s0\fR (the default) is a base64 encoded version of
208 the \s-1DER\s0 form with header and footer lines.
209 .Ip "\fB\-outform \s-1DER\s0|\s-1PEM\s0\fR" 4
210 This specifies the output format, the options have the same meaning as the
211 \fB\-inform\fR option.
212 .Ip "\fB\-in filename\fR" 4
213 This specifies the input filename to read from or standard input if this
214 option is not specified.
215 .Ip "\fB\-out filename\fR" 4
216 specifies the output filename to write to or standard output by
218 .Ip "\fB\-print_certs\fR" 4
219 prints out any certificates or CRLs contained in the file. They are
220 preceded by their subject and issuer names in one line format.
222 prints out certificates details in full rather than just subject and
224 .Ip "\fB\-noout\fR" 4
225 don't output the encoded version of the \s-1PKCS\s0#7 structure (or certificates
226 is \fB\-print_certs\fR is set).
227 .Ip "\fB\-engine id\fR" 4
228 specifying an engine (by it's unique \fBid\fR string) will cause \fBreq\fR
229 to attempt to obtain a functional reference to the specified engine,
230 thus initialising it if needed. The engine will then be set as the default
231 for all available algorithms.
233 Convert a PKCS#7 file from PEM to DER:
236 \& openssl pkcs7 -in file.pem -outform DER -out file.der
238 Output all certificates in a file:
241 \& openssl pkcs7 -in file.pem -print_certs -out certs.pem
244 The PEM PKCS#7 format uses the header and footer lines:
247 \& -----BEGIN PKCS7-----
248 \& -----END PKCS7-----
250 For compatibility with some CAs it will also accept:
253 \& -----BEGIN CERTIFICATE-----
254 \& -----END CERTIFICATE-----
257 There is no option to print out all the fields of a PKCS#7 file.
259 This PKCS#7 routines only understand PKCS#7 v 1.5 as specified in RFC2315 they
260 cannot currently parse, for example, the new CMS as described in RFC2630.
266 .IX Name "pkcs7 - PKCS#7 utility"
270 .IX Header "SYNOPSIS"
272 .IX Header "DESCRIPTION"
274 .IX Header "COMMAND OPTIONS"
276 .IX Item "\fB\-inform \s-1DER\s0|\s-1PEM\s0\fR"
278 .IX Item "\fB\-outform \s-1DER\s0|\s-1PEM\s0\fR"
280 .IX Item "\fB\-in filename\fR"
282 .IX Item "\fB\-out filename\fR"
284 .IX Item "\fB\-print_certs\fR"
286 .IX Item "\fB\-text\fR"
288 .IX Item "\fB\-noout\fR"
290 .IX Item "\fB\-engine id\fR"
292 .IX Header "EXAMPLES"
296 .IX Header "RESTRICTIONS"
298 .IX Header "SEE ALSO"