View Source: openssl(1) - Waikato Linux Users Group

Edit PageHistory Diff Info LikePages
OPENSSL
!!!OPENSSL
NAME
SYNOPSIS
DESCRIPTION
COMMAND SUMMARY
PASS PHRASE ARGUMENTS
SEE ALSO
HISTORY
----
!!NAME


openssl - OpenSSL command line tool
!!SYNOPSIS


__openssl__ ''command'' [[ ''command_opts'' ] [[
''command_args'' ]


__openssl__ [[ __list-standard-commands
list-message-digest-commands list-cipher-commands__
]


__openssl no-__ ''XXX'' [[ ''arbitrary
options'' ]
!!DESCRIPTION


OpenSSL is a cryptography toolkit implementing the Secure
Sockets Layer ( SSL v2/v3) and Transport
Layer Security ( TLS v1) network protocols
and related cryptography standards required by
them.


The __openssl__ program is a command line tool for using
the various cryptography functions of OpenSSL's
__crypto__ library from the shell. It can be used
for


 o  Creation of RSA, DH and DSA key parameters
o  Creation of X.509 certificates, CSRs and CRLs
o  Calculation of Message Digests
o  Encryption and Decryption with Ciphers
o  SSL/TLS Client and Server Tests
o  Handling of S/MIME signed or encrypted mail
!!COMMAND SUMMARY


The __openssl__ program provides a rich variety of
commands (''command'' in the SYNOPSIS
above), each of which often has a wealth of options and
arguments (''command_opts'' and ''command_args'' in
the SYNOPSIS ).


The pseudo-commands __list-standard-commands__,
__list-message-digest-commands__, and
__list-cipher-commands__ output a list (one entry per
line) of the names of all standard commands, message digest
commands, or cipher commands, respectively, that are
available in the present __openssl__
utility.


The pseudo-command __no-__ ''XXX''
tests whether a command of the specified name is available.
If no command named ''XXX'' exists, it
returns 0 (success) and prints __no-__
''XXX'' ; otherwise it returns 1 and
prints ''XXX'' . In both cases, the output
goes to __stdout__ and nothing is printed to
__stderr__. Additional command line arguments are always
ignored. Since for each cipher there is a command of the
same name, this provides an easy way for shell scripts to
test for the availability of ciphers in the __openssl__
program. (__no-__ ''XXX'' is not able
to detect pseudo-commands such as __quit__,
__list-__''...''__-commands__, or __no-__
''XXX'' itself.)


__STANDARD COMMANDS__


__asn1parse__


Parse an ASN .1 sequence.


__ca__ Certificate Authority ( CA )
Management.


__ciphers__


Cipher Suite Description Determination.


__crl__


Certificate Revocation List ( CRL )
Management.


__crl2pkcs7__


CRL to PKCS#7 Conversion.


__dgst__


Message Digest Calculation.


__dh__ Diffie-Hellman Parameter Management. Obsoleted by
__dhparam__.


__dsa__


DSA Data Management.


__dsaparam__


DSA Parameter Generation.


__enc__


Encoding with Ciphers.


__errstr__


Error Number to Error String Conversion.


__dhparam__


Generation and Management of Diffie-Hellman
Parameters.


__gendh__


Generation of Diffie-Hellman Parameters. Obsoleted by
__dhparam__.


__gendsa__


Generation of DSA Parameters.


__genrsa__


Generation of RSA Parameters.


__passwd__


Generation of hashed passwords.


__pkcs12__


PKCS#12 Data Management.


__pkcs7__


PKCS#7 Data Management.


__rand__


Generate pseudo-random bytes.


__req__


X.509 Certificate Signing Request ( CSR )
Management.


__rsa__


RSA Data Management.


__rsautl__


RSA utility for signing, verification,
encryption, and decryption.


__s_client__


This implements a generic SSL/TLS client
which can establish a transparent connection to a remote
server speaking SSL/TLS . It's intended for
testing purposes only and provides only rudimentary
interface functionality but internally uses mostly all
functionality of the OpenSSL __ssl__
library.


__s_server__


This implements a generic SSL/TLS server
which accepts connections from remote clients speaking
SSL/TLS . It's intended for testing purposes
only and provides only rudimentary interface functionality
but internally uses mostly all functionality of the OpenSSL
__ssl__ library. It provides both an own command line
oriented protocol for testing SSL functions
and a simple HTTP response facility to
emulate an SSL/TLS-aware webserver.


__s_time__


SSL Connection Timer.


__sess_id__


SSL Session Data Management.


__smime__


S/MIME mail processing.


__speed__


Algorithm Speed Measurement.


__verify__


X.509 Certificate Verification.


__version__


OpenSSL Version Information.


__x509__


X.509 Certificate Data Management.


__MESSAGE DIGEST COMMANDS__


__md2__


MD2 Digest


__md5__


MD5 Digest


__mdc2__


MDC2 Digest


__rmd160__


RMD-160 Digest


__sha__


SHA Digest


__sha1__


SHA-1 Digest


__ENCODING AND CIPHER
COMMANDS__


__base64__


Base64 Encoding


__bf bf-cbc bf-cfb bf-ecb bf-ofb__


Blowfish Cipher


__cast cast-cbc__


CAST Cipher


__cast5-cbc cast5-cfb cast5-ecb cast5-ofb__


CAST5 Cipher


__des des-cbc des-cfb des-ecb des-ede des-ede-cbc
des-ede-cfb des-ede-ofb des-ofb__


DES Cipher


__des3 desx des-ede3 des-ede3-cbc des-ede3-cfb
des-ede3-ofb__


Triple-DES Cipher


__idea idea-cbc idea-cfb idea-ecb idea-ofb__


IDEA Cipher


__rc2 rc2-cbc rc2-cfb rc2-ecb rc2-ofb__


RC2 Cipher


__rc4__


RC4 Cipher


__rc5 rc5-cbc rc5-cfb rc5-ecb rc5-ofb__


RC5 Cipher
!!PASS PHRASE ARGUMENTS


Several commands accept password arguments, typically using
__-passin__ and __-passout__ for input and output
passwords respectively. These allow the password to be
obtained from a variety of sources. Both of these options
take a single argument whose format is described below. If
no password argument is given and a password is required
then the user is prompted to enter one: this will typically
be read from the current terminal with echoing turned
off.


__pass:password__


the actual password is __password__. Since the password
is visible to utilities (like 'ps' under Unix) this form
should only be used where security is not
important.


__env:var__


obtain the password from the environment variable
__var__. Since the environment of other processes is
visible on certain platforms (e.g. ps under certain Unix
OSes) this option should be used with caution.


__file:pathname__


the first line of __pathname__ is the password. If the
same __pathname__ argument is supplied to __-passin__
and __-passout__ arguments then the first line will be
used for the input password and the next line for the output
password. __pathname__ need not refer to a regular file:
it could for example refer to a device or named
pipe.


__fd:number__


read the password from the file descriptor __number__.
This can be used to send the data via a pipe for
example.


__stdin__


read the password from standard input.
!!SEE ALSO


''asn1parse''(1), ca(1), config(5),
crl(1), ''crl2pkcs7''(1), dgst(1),
dhparam(1), dsa(1), dsaparam(1),
enc(1), gendsa(1), genrsa(1),
nseq(1), openssl(1), passwd(1),
''pkcs12''(1), ''pkcs7''(1), ''pkcs8''(1),
rand(1), req(1), rsa(1),
rsautl(1), ''s_client''(1), ''s_server''(1),
smime(1), spkac(1), verify(1),
version(1), ''x509''(1), crypto(3),
ssl(3)
!!HISTORY


The openssl(1) document appeared in OpenSSL 0.9.2.
The __list-__ ''XXX'' __-commands__
pseudo-commands were added in OpenSSL 0.9.3; the __no-__
''XXX'' pseudo-commands were added in
OpenSSL 0.9.5a. For notes on the availability of other
commands, see their individual manual pages.
----
3 pages link to openssl(1):
This page is a man page (or other imported legacy content). We are unable to automatically determine the license status of this page.
Last edited on Tuesday, June 4, 2002 12:22:26 am by "perry"
Edit PageHistory Diff Info LikePages