Penguin
Recent Changes
Annotated edit history of openssl(1) version 1, including all changes. View license author blame.
Rev Author # Line
1 perry 1 OPENSSL
2 !!!OPENSSL
3 NAME
4 SYNOPSIS
5 DESCRIPTION
6 COMMAND SUMMARY
7 PASS PHRASE ARGUMENTS
8 SEE ALSO
9 HISTORY
10 ----
11 !!NAME
12
13
14 openssl - OpenSSL command line tool
15 !!SYNOPSIS
16
17
18 __openssl__ ''command'' [[ ''command_opts'' ] [[
19 ''command_args'' ]
20
21
22 __openssl__ [[ __list-standard-commands
23 list-message-digest-commands list-cipher-commands__
24 ]
25
26
27 __openssl no-__ ''XXX'' [[ ''arbitrary
28 options'' ]
29 !!DESCRIPTION
30
31
32 OpenSSL is a cryptography toolkit implementing the Secure
33 Sockets Layer ( SSL v2/v3) and Transport
34 Layer Security ( TLS v1) network protocols
35 and related cryptography standards required by
36 them.
37
38
39 The __openssl__ program is a command line tool for using
40 the various cryptography functions of OpenSSL's
41 __crypto__ library from the shell. It can be used
42 for
43
44
45 o Creation of RSA, DH and DSA key parameters
46 o Creation of X.509 certificates, CSRs and CRLs
47 o Calculation of Message Digests
48 o Encryption and Decryption with Ciphers
49 o SSL/TLS Client and Server Tests
50 o Handling of S/MIME signed or encrypted mail
51 !!COMMAND SUMMARY
52
53
54 The __openssl__ program provides a rich variety of
55 commands (''command'' in the SYNOPSIS
56 above), each of which often has a wealth of options and
57 arguments (''command_opts'' and ''command_args'' in
58 the SYNOPSIS ).
59
60
61 The pseudo-commands __list-standard-commands__,
62 __list-message-digest-commands__, and
63 __list-cipher-commands__ output a list (one entry per
64 line) of the names of all standard commands, message digest
65 commands, or cipher commands, respectively, that are
66 available in the present __openssl__
67 utility.
68
69
70 The pseudo-command __no-__ ''XXX''
71 tests whether a command of the specified name is available.
72 If no command named ''XXX'' exists, it
73 returns 0 (success) and prints __no-__
74 ''XXX'' ; otherwise it returns 1 and
75 prints ''XXX'' . In both cases, the output
76 goes to __stdout__ and nothing is printed to
77 __stderr__. Additional command line arguments are always
78 ignored. Since for each cipher there is a command of the
79 same name, this provides an easy way for shell scripts to
80 test for the availability of ciphers in the __openssl__
81 program. (__no-__ ''XXX'' is not able
82 to detect pseudo-commands such as __quit__,
83 __list-__''...''__-commands__, or __no-__
84 ''XXX'' itself.)
85
86
87 __STANDARD COMMANDS__
88
89
90 __asn1parse__
91
92
93 Parse an ASN .1 sequence.
94
95
96 __ca__ Certificate Authority ( CA )
97 Management.
98
99
100 __ciphers__
101
102
103 Cipher Suite Description Determination.
104
105
106 __crl__
107
108
109 Certificate Revocation List ( CRL )
110 Management.
111
112
113 __crl2pkcs7__
114
115
116 CRL to PKCS#7 Conversion.
117
118
119 __dgst__
120
121
122 Message Digest Calculation.
123
124
125 __dh__ Diffie-Hellman Parameter Management. Obsoleted by
126 __dhparam__.
127
128
129 __dsa__
130
131
132 DSA Data Management.
133
134
135 __dsaparam__
136
137
138 DSA Parameter Generation.
139
140
141 __enc__
142
143
144 Encoding with Ciphers.
145
146
147 __errstr__
148
149
150 Error Number to Error String Conversion.
151
152
153 __dhparam__
154
155
156 Generation and Management of Diffie-Hellman
157 Parameters.
158
159
160 __gendh__
161
162
163 Generation of Diffie-Hellman Parameters. Obsoleted by
164 __dhparam__.
165
166
167 __gendsa__
168
169
170 Generation of DSA Parameters.
171
172
173 __genrsa__
174
175
176 Generation of RSA Parameters.
177
178
179 __passwd__
180
181
182 Generation of hashed passwords.
183
184
185 __pkcs12__
186
187
188 PKCS#12 Data Management.
189
190
191 __pkcs7__
192
193
194 PKCS#7 Data Management.
195
196
197 __rand__
198
199
200 Generate pseudo-random bytes.
201
202
203 __req__
204
205
206 X.509 Certificate Signing Request ( CSR )
207 Management.
208
209
210 __rsa__
211
212
213 RSA Data Management.
214
215
216 __rsautl__
217
218
219 RSA utility for signing, verification,
220 encryption, and decryption.
221
222
223 __s_client__
224
225
226 This implements a generic SSL/TLS client
227 which can establish a transparent connection to a remote
228 server speaking SSL/TLS . It's intended for
229 testing purposes only and provides only rudimentary
230 interface functionality but internally uses mostly all
231 functionality of the OpenSSL __ssl__
232 library.
233
234
235 __s_server__
236
237
238 This implements a generic SSL/TLS server
239 which accepts connections from remote clients speaking
240 SSL/TLS . It's intended for testing purposes
241 only and provides only rudimentary interface functionality
242 but internally uses mostly all functionality of the OpenSSL
243 __ssl__ library. It provides both an own command line
244 oriented protocol for testing SSL functions
245 and a simple HTTP response facility to
246 emulate an SSL/TLS-aware webserver.
247
248
249 __s_time__
250
251
252 SSL Connection Timer.
253
254
255 __sess_id__
256
257
258 SSL Session Data Management.
259
260
261 __smime__
262
263
264 S/MIME mail processing.
265
266
267 __speed__
268
269
270 Algorithm Speed Measurement.
271
272
273 __verify__
274
275
276 X.509 Certificate Verification.
277
278
279 __version__
280
281
282 OpenSSL Version Information.
283
284
285 __x509__
286
287
288 X.509 Certificate Data Management.
289
290
291 __MESSAGE DIGEST COMMANDS__
292
293
294 __md2__
295
296
297 MD2 Digest
298
299
300 __md5__
301
302
303 MD5 Digest
304
305
306 __mdc2__
307
308
309 MDC2 Digest
310
311
312 __rmd160__
313
314
315 RMD-160 Digest
316
317
318 __sha__
319
320
321 SHA Digest
322
323
324 __sha1__
325
326
327 SHA-1 Digest
328
329
330 __ENCODING AND CIPHER
331 COMMANDS__
332
333
334 __base64__
335
336
337 Base64 Encoding
338
339
340 __bf bf-cbc bf-cfb bf-ecb bf-ofb__
341
342
343 Blowfish Cipher
344
345
346 __cast cast-cbc__
347
348
349 CAST Cipher
350
351
352 __cast5-cbc cast5-cfb cast5-ecb cast5-ofb__
353
354
355 CAST5 Cipher
356
357
358 __des des-cbc des-cfb des-ecb des-ede des-ede-cbc
359 des-ede-cfb des-ede-ofb des-ofb__
360
361
362 DES Cipher
363
364
365 __des3 desx des-ede3 des-ede3-cbc des-ede3-cfb
366 des-ede3-ofb__
367
368
369 Triple-DES Cipher
370
371
372 __idea idea-cbc idea-cfb idea-ecb idea-ofb__
373
374
375 IDEA Cipher
376
377
378 __rc2 rc2-cbc rc2-cfb rc2-ecb rc2-ofb__
379
380
381 RC2 Cipher
382
383
384 __rc4__
385
386
387 RC4 Cipher
388
389
390 __rc5 rc5-cbc rc5-cfb rc5-ecb rc5-ofb__
391
392
393 RC5 Cipher
394 !!PASS PHRASE ARGUMENTS
395
396
397 Several commands accept password arguments, typically using
398 __-passin__ and __-passout__ for input and output
399 passwords respectively. These allow the password to be
400 obtained from a variety of sources. Both of these options
401 take a single argument whose format is described below. If
402 no password argument is given and a password is required
403 then the user is prompted to enter one: this will typically
404 be read from the current terminal with echoing turned
405 off.
406
407
408 __pass:password__
409
410
411 the actual password is __password__. Since the password
412 is visible to utilities (like 'ps' under Unix) this form
413 should only be used where security is not
414 important.
415
416
417 __env:var__
418
419
420 obtain the password from the environment variable
421 __var__. Since the environment of other processes is
422 visible on certain platforms (e.g. ps under certain Unix
423 OSes) this option should be used with caution.
424
425
426 __file:pathname__
427
428
429 the first line of __pathname__ is the password. If the
430 same __pathname__ argument is supplied to __-passin__
431 and __-passout__ arguments then the first line will be
432 used for the input password and the next line for the output
433 password. __pathname__ need not refer to a regular file:
434 it could for example refer to a device or named
435 pipe.
436
437
438 __fd:number__
439
440
441 read the password from the file descriptor __number__.
442 This can be used to send the data via a pipe for
443 example.
444
445
446 __stdin__
447
448
449 read the password from standard input.
450 !!SEE ALSO
451
452
453 ''asn1parse''(1), ca(1), config(5),
454 crl(1), ''crl2pkcs7''(1), dgst(1),
455 dhparam(1), dsa(1), dsaparam(1),
456 enc(1), gendsa(1), genrsa(1),
457 nseq(1), openssl(1), passwd(1),
458 ''pkcs12''(1), ''pkcs7''(1), ''pkcs8''(1),
459 rand(1), req(1), rsa(1),
460 rsautl(1), ''s_client''(1), ''s_server''(1),
461 smime(1), spkac(1), verify(1),
462 version(1), ''x509''(1), crypto(3),
463 ssl(3)
464 !!HISTORY
465
466
467 The openssl(1) document appeared in OpenSSL 0.9.2.
468 The __list-__ ''XXX'' __-commands__
469 pseudo-commands were added in OpenSSL 0.9.3; the __no-__
470 ''XXX'' pseudo-commands were added in
471 OpenSSL 0.9.5a. For notes on the availability of other
472 commands, see their individual manual pages.
473 ----
This page is a man page (or other imported legacy content). We are unable to automatically determine the license status of this page.