diff -Naur a/apps/nc/CMakeLists.txt b/apps/nc/CMakeLists.txt --- a/apps/nc/CMakeLists.txt 2024-10-01 15:00:46.000000000 +0600 +++ b/apps/nc/CMakeLists.txt 2025-01-09 23:19:23.219620732 +0600 @@ -31,8 +31,8 @@ add_definitions(-DDEFAULT_CA_FILE=\"${OPENSSLDIR}/cert.pem\") -add_executable(nc ${NC_SRC}) -target_include_directories(nc +add_executable(nc-libre ${NC_SRC}) +target_include_directories(nc-libre PRIVATE . ./compat @@ -40,12 +40,12 @@ PUBLIC ../../include ${CMAKE_BINARY_DIR}/include) -target_link_libraries(nc ${LIBTLS_LIBS} compat_obj) +target_link_libraries(nc-libre ${LIBTLS_LIBS} compat_obj) if(ENABLE_NC) if(ENABLE_LIBRESSL_INSTALL) - install(TARGETS nc DESTINATION ${CMAKE_INSTALL_BINDIR}) - install(FILES nc.1 DESTINATION ${CMAKE_INSTALL_MANDIR}/man1) + install(TARGETS nc-libre DESTINATION ${CMAKE_INSTALL_BINDIR}) + install(FILES nc-libre.1 DESTINATION ${CMAKE_INSTALL_MANDIR}/man1) endif(ENABLE_LIBRESSL_INSTALL) endif() diff -Naur a/apps/nc/nc.1 b/apps/nc/nc.1 --- a/apps/nc/nc.1 2024-05-21 08:01:04.000000000 +0600 +++ b/apps/nc/nc.1 1970-01-01 06:00:00.000000000 +0600 @@ -1,589 +0,0 @@ -.\" $OpenBSD: nc.1,v 1.98 2024/04/01 12:40:18 deraadt Exp $ -.\" -.\" Copyright (c) 1996 David Sacerdote -.\" All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. -.\" 3. The name of the author may not be used to endorse or promote products -.\" derived from this software without specific prior written permission -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR -.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES -.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. -.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, -.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, -.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY -.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF -.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd $Mdocdate: April 1 2024 $ -.Dt NC 1 -.Os -.Sh NAME -.Nm nc -.Nd arbitrary TCP and UDP connections and listens -.Sh SYNOPSIS -.Nm nc -.Op Fl 46cDdFhklNnrStUuvz -.Op Fl C Ar certfile -.Op Fl e Ar name -.Op Fl H Ar hash -.Op Fl I Ar length -.Op Fl i Ar interval -.Op Fl K Ar keyfile -.Op Fl M Ar ttl -.Op Fl m Ar minttl -.Op Fl O Ar length -.Op Fl o Ar staplefile -.Op Fl P Ar proxy_username -.Op Fl p Ar source_port -.Op Fl R Ar CAfile -.Op Fl s Ar sourceaddr -.Op Fl T Ar keyword -.Op Fl V Ar rtable -.Op Fl W Ar recvlimit -.Op Fl w Ar timeout -.Op Fl X Ar proxy_protocol -.Op Fl x Ar proxy_address Ns Op : Ns Ar port -.Op Fl Z Ar peercertfile -.Op Ar destination -.Op Ar port -.Sh DESCRIPTION -The -.Nm -(or -.Nm netcat ) -utility is used for just about anything under the sun involving TCP, -UDP, or -.Ux Ns -domain -sockets. -It can open TCP connections, send UDP packets, listen on arbitrary -TCP and UDP ports, do port scanning, and deal with both IPv4 and -IPv6. -Unlike -.Xr telnet 1 , -.Nm -scripts nicely, and separates error messages onto standard error instead -of sending them to standard output, as -.Xr telnet 1 -does with some. -.Pp -Common uses include: -.Pp -.Bl -bullet -offset indent -compact -.It -simple TCP proxies -.It -shell-script based HTTP clients and servers -.It -network daemon testing -.It -a SOCKS or HTTP ProxyCommand for -.Xr ssh 1 -.It -and much, much more -.El -.Pp -The options are as follows: -.Bl -tag -width Ds -.It Fl 4 -Use IPv4 addresses only. -.It Fl 6 -Use IPv6 addresses only. -.It Fl C Ar certfile -Load the public key part of the TLS peer certificate from -.Ar certfile , -in PEM format. -Requires -.Fl c . -.It Fl c -Use TLS to connect or listen. -Cannot be used together with any of the options -.Fl FuU . -.It Fl D -Enable debugging on the socket. -.It Fl d -Do not attempt to read from stdin. -.It Fl e Ar name -Only accept the TLS peer certificate if it contains the -.Ar name . -Requires -.Fl c . -If not specified, -.Ar destination -is used. -.It Fl F -Pass the first connected socket using -.Xr sendmsg 2 -to stdout and exit. -This is useful in conjunction with -.Fl X -to have -.Nm -perform connection setup with a proxy but then leave the rest of the -connection to another program (e.g.\& -.Xr ssh 1 -using the -.Xr ssh_config 5 -.Cm ProxyUseFdpass -option). -Cannot be used with -.Fl c -or -.Fl U . -.It Fl H Ar hash -Only accept the TLS peer certificate if its hash returned from -.Xr tls_peer_cert_hash 3 -matches -.Ar hash . -Requires -.Fl c -and cannot be used with -.Fl T Cm noverify . -.It Fl h -Print out the -.Nm -help text and exit. -.It Fl I Ar length -Specify the size of the TCP receive buffer. -.It Fl i Ar interval -Sleep for -.Ar interval -seconds between lines of text sent and received. -Also causes a delay time between connections to multiple ports. -.It Fl K Ar keyfile -Load the TLS private key from -.Ar keyfile , -in PEM format. -Requires -.Fl c . -.It Fl k -When a connection is completed, listen for another one. -Requires -.Fl l . -When used together with the -.Fl u -option, the server socket is not connected and it can receive UDP datagrams from -multiple hosts. -.It Fl l -Listen for an incoming connection rather than initiating a -connection to a remote host. -Cannot be used together with any of the options -.Fl psxz . -Additionally, any timeouts specified with the -.Fl w -option are ignored. -.It Fl M Ar ttl -Set the TTL / hop limit of outgoing packets. -.It Fl m Ar minttl -Ask the kernel to drop incoming packets whose TTL / hop limit is under -.Ar minttl . -.It Fl N -.Xr shutdown 2 -the network socket after EOF on the input. -Some servers require this to finish their work. -.It Fl n -Do not perform domain name resolution. -If a name cannot be resolved without DNS, an error will be reported. -.It Fl O Ar length -Specify the size of the TCP send buffer. -.It Fl o Ar staplefile -During the TLS handshake, load data to be stapled from -.Ar staplefile , -which is expected to contain an OCSP response from an OCSP server in -DER format. -Requires -.Fl c -and -.Fl C . -.It Fl P Ar proxy_username -Specifies a username to present to a proxy server that requires authentication. -If no username is specified then authentication will not be attempted. -Proxy authentication is only supported for HTTP CONNECT proxies at present. -.It Fl p Ar source_port -Specify the source port -.Nm -should use, subject to privilege restrictions and availability. -Cannot be used together with -.Fl l . -.It Fl R Ar CAfile -Load the root CA bundle for TLS certificate verification from -.Ar CAfile , -in PEM format, instead of -.Pa /etc/ssl/cert.pem . -Requires -.Fl c . -.It Fl r -Choose source and/or destination ports randomly -instead of sequentially within a range or in the order that the system -assigns them. -.It Fl S -Enable the RFC 2385 TCP MD5 signature option. -.It Fl s Ar sourceaddr -Set the source address to send packets from, -which is useful on machines with multiple interfaces. -For -.Ux Ns -domain -datagram sockets, specifies the local temporary socket file -to create and use so that datagrams can be received. -Cannot be used together with -.Fl l -or -.Fl x . -.It Fl T Ar keyword -Change the IPv4 TOS/IPv6 traffic class value or the TLS options. -.Pp -For TLS options, -.Ar keyword -may be one of: -.Cm noverify , -which disables certificate verification; -.Cm noname , -which disables certificate name checking; -.Cm clientcert , -which requires a client certificate on incoming connections; or -.Cm muststaple , -which requires the peer to provide a valid stapled OCSP response -with the handshake. -The following TLS options specify a value in the form of a -.Ar key Ns = Ns Ar value -pair: -.Cm ciphers , -which allows the supported TLS ciphers to be specified (see -.Xr tls_config_set_ciphers 3 -for further details); -.Cm protocols , -which allows the supported TLS protocols to be specified (see -.Xr tls_config_parse_protocols 3 -for further details). -Specifying TLS options requires -.Fl c . -.Pp -For the IPv4 TOS/IPv6 traffic class value, -.Ar keyword -may be one of -.Cm critical , -.Cm inetcontrol , -.Cm lowdelay , -.Cm netcontrol , -.Cm throughput , -.Cm reliability , -or one of the DiffServ Code Points: -.Cm ef , -.Cm af11 No ... Cm af43 , -.Cm cs0 No ... Cm cs7 ; -or a number in either hex or decimal. -.It Fl t -Send RFC 854 DON'T and WON'T responses to RFC 854 DO and WILL requests. -This makes it possible to use -.Nm -to script telnet sessions. -.It Fl U -Use -.Ux Ns -domain -sockets. -Cannot be used together with any of the options -.Fl cFx . -.It Fl u -Use UDP instead of TCP. -Cannot be used together with -.Fl c -or -.Fl x . -For -.Ux Ns -domain -sockets, use a datagram socket instead of a stream socket. -If a -.Ux Ns -domain -socket is used, a temporary receiving socket is created in -.Pa /tmp -unless the -.Fl s -flag is given. -.It Fl V Ar rtable -Set the routing table to be used. -.It Fl v -Produce more verbose output. -.It Fl W Ar recvlimit -Terminate after receiving -.Ar recvlimit -packets from the network. -.It Fl w Ar timeout -Connections which cannot be established or are idle timeout after -.Ar timeout -seconds. -The -.Fl w -flag has no effect on the -.Fl l -option, i.e.\& -.Nm -will listen forever for a connection, with or without the -.Fl w -flag. -The default is no timeout. -.It Fl X Ar proxy_protocol -Use -.Ar proxy_protocol -when talking to the proxy server. -Supported protocols are -.Cm 4 -(SOCKS v.4), -.Cm 5 -(SOCKS v.5) -and -.Cm connect -(HTTPS proxy). -If the protocol is not specified, SOCKS version 5 is used. -.It Fl x Ar proxy_address Ns Op : Ns Ar port -Connect to -.Ar destination -using a proxy at -.Ar proxy_address -and -.Ar port . -If -.Ar port -is not specified, the well-known port for the proxy protocol is used (1080 -for SOCKS, 3128 for HTTPS). -An IPv6 address can be specified unambiguously by enclosing -.Ar proxy_address -in square brackets. -A proxy cannot be used with any of the options -.Fl lsuU . -.It Fl Z Ar peercertfile -Save the peer certificates to -.Ar peercertfile , -in PEM format. -Requires -.Fl c . -.It Fl z -Only scan for listening daemons, without sending any data to them. -Cannot be used together with -.Fl l . -.El -.Pp -.Ar destination -can be a numerical IP address or a symbolic hostname -(unless the -.Fl n -option is given). -In general, a destination must be specified, -unless the -.Fl l -option is given -(in which case the local host is used). -For -.Ux Ns -domain -sockets, a destination is required and is the socket path to connect to -(or listen on if the -.Fl l -option is given). -.Pp -.Ar port -can be specified as a numeric port number or as a service name. -Port ranges may be specified as numeric port numbers of the form -.Ar nn Ns - Ns Ar mm . -In general, -a destination port must be specified, -unless the -.Fl U -option is given. -For some options, the value 0 requests that the system choose a port number. -.Sh CLIENT/SERVER MODEL -It is quite simple to build a very basic client/server model using -.Nm . -On one console, start -.Nm -listening on a specific port for a connection. -For example: -.Pp -.Dl $ nc -l 1234 -.Pp -.Nm -is now listening on port 1234 for a connection. -On a second console -.Pq or a second machine , -connect to the machine and port being listened on: -.Pp -.Dl $ nc -N 127.0.0.1 1234 -.Pp -There should now be a connection between the ports. -Anything typed at the second console will be concatenated to the first, -and vice-versa. -After the connection has been set up, -.Nm -does not really care which side is being used as a -.Sq server -and which side is being used as a -.Sq client . -The connection may be terminated using an -.Dv EOF -.Pq Sq ^D , -as the -.Fl N -flag was given. -.Sh DATA TRANSFER -The example in the previous section can be expanded to build a -basic data transfer model. -Any information input into one end of the connection will be output -to the other end, and input and output can be easily captured in order to -emulate file transfer. -.Pp -Start by using -.Nm -to listen on a specific port, with output captured into a file: -.Pp -.Dl $ nc -l 1234 > filename.out -.Pp -Using a second machine, connect to the listening -.Nm -process, feeding it the file which is to be transferred: -.Pp -.Dl $ nc -N host.example.com 1234 < filename.in -.Pp -After the file has been transferred, the connection will close automatically. -.Sh TALKING TO SERVERS -It is sometimes useful to talk to servers -.Dq by hand -rather than through a user interface. -It can aid in troubleshooting, -when it might be necessary to verify what data a server is sending -in response to commands issued by the client. -For example, to retrieve the home page of a web site: -.Bd -literal -offset indent -$ printf "GET / HTTP/1.0\er\en\er\en" | nc host.example.com 80 -.Ed -.Pp -Note that this also displays the headers sent by the web server. -They can be filtered, using a tool such as -.Xr sed 1 , -if necessary. -.Pp -More complicated examples can be built up when the user knows the format -of requests required by the server. -As another example, an email may be submitted to an SMTP server using: -.Bd -literal -offset indent -$ nc localhost 25 << EOF -HELO host.example.com -MAIL FROM: -RCPT TO: -DATA -Body of email. -\&. -QUIT -EOF -.Ed -.Sh PORT SCANNING -It may be useful to know which ports are open and running services on -a target machine. -The -.Fl z -flag can be used to tell -.Nm -to report open ports, -rather than initiate a connection. -For example: -.Bd -literal -offset indent -$ nc -z host.example.com 20-30 -Connection to host.example.com 22 port [tcp/ssh] succeeded! -Connection to host.example.com 25 port [tcp/smtp] succeeded! -.Ed -.Pp -The port range was specified to limit the search to ports 20 \- 30. -.Pp -Alternatively, it might be useful to know which server software -is running, and which versions. -This information is often contained within the greeting banners. -In order to retrieve these, it is necessary to first make a connection, -and then break the connection when the banner has been retrieved. -This can be accomplished by specifying a small timeout with the -.Fl w -flag, or perhaps by issuing a -.Qq Dv QUIT -command to the server: -.Bd -literal -offset indent -$ echo "QUIT" | nc host.example.com 20-30 -SSH-1.99-OpenSSH_3.6.1p2 -Protocol mismatch. -220 host.example.com IMS SMTP Receiver Version 0.84 Ready -.Ed -.Sh EXAMPLES -Open a TCP connection to port 42 of host.example.com, using port 31337 as -the source port, with a timeout of 5 seconds: -.Pp -.Dl $ nc -p 31337 -w 5 host.example.com 42 -.Pp -Open a TCP connection to port 443 of www.example.com, and negotiate TLS with -any supported TLS protocol version and "compat" ciphers: -.Pp -.Dl $ nc -cv -T protocols=all -T ciphers=compat www.example.com 443 -.Pp -Open a TCP connection to port 443 of www.google.ca, and negotiate TLS. -Check for a different name in the certificate for validation: -.Pp -.Dl $ nc -cv -e adsf.au.doubleclick.net www.google.ca 443 -.Pp -Open a UDP connection to port 53 of host.example.com: -.Pp -.Dl $ nc -u host.example.com 53 -.Pp -Open a TCP connection to port 42 of host.example.com using 10.1.2.3 as the -IP for the local end of the connection: -.Pp -.Dl $ nc -s 10.1.2.3 host.example.com 42 -.Pp -Create and listen on a -.Ux Ns -domain -stream socket: -.Pp -.Dl $ nc -lU /var/tmp/dsocket -.Pp -Connect to port 42 of host.example.com via an HTTP proxy at 10.2.3.4, -port 8080. -This example could also be used by -.Xr ssh 1 ; -see the -.Cm ProxyCommand -directive in -.Xr ssh_config 5 -for more information. -.Pp -.Dl $ nc -x10.2.3.4:8080 -Xconnect host.example.com 42 -.Pp -The same example again, this time enabling proxy authentication with username -.Dq ruser -if the proxy requires it: -.Pp -.Dl $ nc -x10.2.3.4:8080 -Xconnect -Pruser host.example.com 42 -.Sh SEE ALSO -.Xr cat 1 , -.Xr ssh 1 -.Sh AUTHORS -Original implementation by -.An *Hobbit* Aq Mt hobbit@avian.org . -.br -Rewritten with IPv6 support by -.An Eric Jackson Aq Mt ericj@monkey.org . -.Sh CAVEATS -UDP port scans using the -.Fl uz -combination of flags will always report success irrespective of -the target machine's state. -However, -in conjunction with a traffic sniffer either on the target machine -or an intermediary device, -the -.Fl uz -combination could be useful for communications diagnostics. -Note that the amount of UDP traffic generated may be limited either -due to hardware resources and/or configuration settings. diff -Naur a/apps/nc/nc-libre.1 b/apps/nc/nc-libre.1 --- a/apps/nc/nc-libre.1 1970-01-01 06:00:00.000000000 +0600 +++ b/apps/nc/nc-libre.1 2024-05-21 08:01:04.000000000 +0600 @@ -0,0 +1,589 @@ +.\" $OpenBSD: nc.1,v 1.98 2024/04/01 12:40:18 deraadt Exp $ +.\" +.\" Copyright (c) 1996 David Sacerdote +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. The name of the author may not be used to endorse or promote products +.\" derived from this software without specific prior written permission +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR +.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES +.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. +.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, +.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF +.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.Dd $Mdocdate: April 1 2024 $ +.Dt NC 1 +.Os +.Sh NAME +.Nm nc +.Nd arbitrary TCP and UDP connections and listens +.Sh SYNOPSIS +.Nm nc +.Op Fl 46cDdFhklNnrStUuvz +.Op Fl C Ar certfile +.Op Fl e Ar name +.Op Fl H Ar hash +.Op Fl I Ar length +.Op Fl i Ar interval +.Op Fl K Ar keyfile +.Op Fl M Ar ttl +.Op Fl m Ar minttl +.Op Fl O Ar length +.Op Fl o Ar staplefile +.Op Fl P Ar proxy_username +.Op Fl p Ar source_port +.Op Fl R Ar CAfile +.Op Fl s Ar sourceaddr +.Op Fl T Ar keyword +.Op Fl V Ar rtable +.Op Fl W Ar recvlimit +.Op Fl w Ar timeout +.Op Fl X Ar proxy_protocol +.Op Fl x Ar proxy_address Ns Op : Ns Ar port +.Op Fl Z Ar peercertfile +.Op Ar destination +.Op Ar port +.Sh DESCRIPTION +The +.Nm +(or +.Nm netcat ) +utility is used for just about anything under the sun involving TCP, +UDP, or +.Ux Ns -domain +sockets. +It can open TCP connections, send UDP packets, listen on arbitrary +TCP and UDP ports, do port scanning, and deal with both IPv4 and +IPv6. +Unlike +.Xr telnet 1 , +.Nm +scripts nicely, and separates error messages onto standard error instead +of sending them to standard output, as +.Xr telnet 1 +does with some. +.Pp +Common uses include: +.Pp +.Bl -bullet -offset indent -compact +.It +simple TCP proxies +.It +shell-script based HTTP clients and servers +.It +network daemon testing +.It +a SOCKS or HTTP ProxyCommand for +.Xr ssh 1 +.It +and much, much more +.El +.Pp +The options are as follows: +.Bl -tag -width Ds +.It Fl 4 +Use IPv4 addresses only. +.It Fl 6 +Use IPv6 addresses only. +.It Fl C Ar certfile +Load the public key part of the TLS peer certificate from +.Ar certfile , +in PEM format. +Requires +.Fl c . +.It Fl c +Use TLS to connect or listen. +Cannot be used together with any of the options +.Fl FuU . +.It Fl D +Enable debugging on the socket. +.It Fl d +Do not attempt to read from stdin. +.It Fl e Ar name +Only accept the TLS peer certificate if it contains the +.Ar name . +Requires +.Fl c . +If not specified, +.Ar destination +is used. +.It Fl F +Pass the first connected socket using +.Xr sendmsg 2 +to stdout and exit. +This is useful in conjunction with +.Fl X +to have +.Nm +perform connection setup with a proxy but then leave the rest of the +connection to another program (e.g.\& +.Xr ssh 1 +using the +.Xr ssh_config 5 +.Cm ProxyUseFdpass +option). +Cannot be used with +.Fl c +or +.Fl U . +.It Fl H Ar hash +Only accept the TLS peer certificate if its hash returned from +.Xr tls_peer_cert_hash 3 +matches +.Ar hash . +Requires +.Fl c +and cannot be used with +.Fl T Cm noverify . +.It Fl h +Print out the +.Nm +help text and exit. +.It Fl I Ar length +Specify the size of the TCP receive buffer. +.It Fl i Ar interval +Sleep for +.Ar interval +seconds between lines of text sent and received. +Also causes a delay time between connections to multiple ports. +.It Fl K Ar keyfile +Load the TLS private key from +.Ar keyfile , +in PEM format. +Requires +.Fl c . +.It Fl k +When a connection is completed, listen for another one. +Requires +.Fl l . +When used together with the +.Fl u +option, the server socket is not connected and it can receive UDP datagrams from +multiple hosts. +.It Fl l +Listen for an incoming connection rather than initiating a +connection to a remote host. +Cannot be used together with any of the options +.Fl psxz . +Additionally, any timeouts specified with the +.Fl w +option are ignored. +.It Fl M Ar ttl +Set the TTL / hop limit of outgoing packets. +.It Fl m Ar minttl +Ask the kernel to drop incoming packets whose TTL / hop limit is under +.Ar minttl . +.It Fl N +.Xr shutdown 2 +the network socket after EOF on the input. +Some servers require this to finish their work. +.It Fl n +Do not perform domain name resolution. +If a name cannot be resolved without DNS, an error will be reported. +.It Fl O Ar length +Specify the size of the TCP send buffer. +.It Fl o Ar staplefile +During the TLS handshake, load data to be stapled from +.Ar staplefile , +which is expected to contain an OCSP response from an OCSP server in +DER format. +Requires +.Fl c +and +.Fl C . +.It Fl P Ar proxy_username +Specifies a username to present to a proxy server that requires authentication. +If no username is specified then authentication will not be attempted. +Proxy authentication is only supported for HTTP CONNECT proxies at present. +.It Fl p Ar source_port +Specify the source port +.Nm +should use, subject to privilege restrictions and availability. +Cannot be used together with +.Fl l . +.It Fl R Ar CAfile +Load the root CA bundle for TLS certificate verification from +.Ar CAfile , +in PEM format, instead of +.Pa /etc/ssl/cert.pem . +Requires +.Fl c . +.It Fl r +Choose source and/or destination ports randomly +instead of sequentially within a range or in the order that the system +assigns them. +.It Fl S +Enable the RFC 2385 TCP MD5 signature option. +.It Fl s Ar sourceaddr +Set the source address to send packets from, +which is useful on machines with multiple interfaces. +For +.Ux Ns -domain +datagram sockets, specifies the local temporary socket file +to create and use so that datagrams can be received. +Cannot be used together with +.Fl l +or +.Fl x . +.It Fl T Ar keyword +Change the IPv4 TOS/IPv6 traffic class value or the TLS options. +.Pp +For TLS options, +.Ar keyword +may be one of: +.Cm noverify , +which disables certificate verification; +.Cm noname , +which disables certificate name checking; +.Cm clientcert , +which requires a client certificate on incoming connections; or +.Cm muststaple , +which requires the peer to provide a valid stapled OCSP response +with the handshake. +The following TLS options specify a value in the form of a +.Ar key Ns = Ns Ar value +pair: +.Cm ciphers , +which allows the supported TLS ciphers to be specified (see +.Xr tls_config_set_ciphers 3 +for further details); +.Cm protocols , +which allows the supported TLS protocols to be specified (see +.Xr tls_config_parse_protocols 3 +for further details). +Specifying TLS options requires +.Fl c . +.Pp +For the IPv4 TOS/IPv6 traffic class value, +.Ar keyword +may be one of +.Cm critical , +.Cm inetcontrol , +.Cm lowdelay , +.Cm netcontrol , +.Cm throughput , +.Cm reliability , +or one of the DiffServ Code Points: +.Cm ef , +.Cm af11 No ... Cm af43 , +.Cm cs0 No ... Cm cs7 ; +or a number in either hex or decimal. +.It Fl t +Send RFC 854 DON'T and WON'T responses to RFC 854 DO and WILL requests. +This makes it possible to use +.Nm +to script telnet sessions. +.It Fl U +Use +.Ux Ns -domain +sockets. +Cannot be used together with any of the options +.Fl cFx . +.It Fl u +Use UDP instead of TCP. +Cannot be used together with +.Fl c +or +.Fl x . +For +.Ux Ns -domain +sockets, use a datagram socket instead of a stream socket. +If a +.Ux Ns -domain +socket is used, a temporary receiving socket is created in +.Pa /tmp +unless the +.Fl s +flag is given. +.It Fl V Ar rtable +Set the routing table to be used. +.It Fl v +Produce more verbose output. +.It Fl W Ar recvlimit +Terminate after receiving +.Ar recvlimit +packets from the network. +.It Fl w Ar timeout +Connections which cannot be established or are idle timeout after +.Ar timeout +seconds. +The +.Fl w +flag has no effect on the +.Fl l +option, i.e.\& +.Nm +will listen forever for a connection, with or without the +.Fl w +flag. +The default is no timeout. +.It Fl X Ar proxy_protocol +Use +.Ar proxy_protocol +when talking to the proxy server. +Supported protocols are +.Cm 4 +(SOCKS v.4), +.Cm 5 +(SOCKS v.5) +and +.Cm connect +(HTTPS proxy). +If the protocol is not specified, SOCKS version 5 is used. +.It Fl x Ar proxy_address Ns Op : Ns Ar port +Connect to +.Ar destination +using a proxy at +.Ar proxy_address +and +.Ar port . +If +.Ar port +is not specified, the well-known port for the proxy protocol is used (1080 +for SOCKS, 3128 for HTTPS). +An IPv6 address can be specified unambiguously by enclosing +.Ar proxy_address +in square brackets. +A proxy cannot be used with any of the options +.Fl lsuU . +.It Fl Z Ar peercertfile +Save the peer certificates to +.Ar peercertfile , +in PEM format. +Requires +.Fl c . +.It Fl z +Only scan for listening daemons, without sending any data to them. +Cannot be used together with +.Fl l . +.El +.Pp +.Ar destination +can be a numerical IP address or a symbolic hostname +(unless the +.Fl n +option is given). +In general, a destination must be specified, +unless the +.Fl l +option is given +(in which case the local host is used). +For +.Ux Ns -domain +sockets, a destination is required and is the socket path to connect to +(or listen on if the +.Fl l +option is given). +.Pp +.Ar port +can be specified as a numeric port number or as a service name. +Port ranges may be specified as numeric port numbers of the form +.Ar nn Ns - Ns Ar mm . +In general, +a destination port must be specified, +unless the +.Fl U +option is given. +For some options, the value 0 requests that the system choose a port number. +.Sh CLIENT/SERVER MODEL +It is quite simple to build a very basic client/server model using +.Nm . +On one console, start +.Nm +listening on a specific port for a connection. +For example: +.Pp +.Dl $ nc -l 1234 +.Pp +.Nm +is now listening on port 1234 for a connection. +On a second console +.Pq or a second machine , +connect to the machine and port being listened on: +.Pp +.Dl $ nc -N 127.0.0.1 1234 +.Pp +There should now be a connection between the ports. +Anything typed at the second console will be concatenated to the first, +and vice-versa. +After the connection has been set up, +.Nm +does not really care which side is being used as a +.Sq server +and which side is being used as a +.Sq client . +The connection may be terminated using an +.Dv EOF +.Pq Sq ^D , +as the +.Fl N +flag was given. +.Sh DATA TRANSFER +The example in the previous section can be expanded to build a +basic data transfer model. +Any information input into one end of the connection will be output +to the other end, and input and output can be easily captured in order to +emulate file transfer. +.Pp +Start by using +.Nm +to listen on a specific port, with output captured into a file: +.Pp +.Dl $ nc -l 1234 > filename.out +.Pp +Using a second machine, connect to the listening +.Nm +process, feeding it the file which is to be transferred: +.Pp +.Dl $ nc -N host.example.com 1234 < filename.in +.Pp +After the file has been transferred, the connection will close automatically. +.Sh TALKING TO SERVERS +It is sometimes useful to talk to servers +.Dq by hand +rather than through a user interface. +It can aid in troubleshooting, +when it might be necessary to verify what data a server is sending +in response to commands issued by the client. +For example, to retrieve the home page of a web site: +.Bd -literal -offset indent +$ printf "GET / HTTP/1.0\er\en\er\en" | nc host.example.com 80 +.Ed +.Pp +Note that this also displays the headers sent by the web server. +They can be filtered, using a tool such as +.Xr sed 1 , +if necessary. +.Pp +More complicated examples can be built up when the user knows the format +of requests required by the server. +As another example, an email may be submitted to an SMTP server using: +.Bd -literal -offset indent +$ nc localhost 25 << EOF +HELO host.example.com +MAIL FROM: +RCPT TO: +DATA +Body of email. +\&. +QUIT +EOF +.Ed +.Sh PORT SCANNING +It may be useful to know which ports are open and running services on +a target machine. +The +.Fl z +flag can be used to tell +.Nm +to report open ports, +rather than initiate a connection. +For example: +.Bd -literal -offset indent +$ nc -z host.example.com 20-30 +Connection to host.example.com 22 port [tcp/ssh] succeeded! +Connection to host.example.com 25 port [tcp/smtp] succeeded! +.Ed +.Pp +The port range was specified to limit the search to ports 20 \- 30. +.Pp +Alternatively, it might be useful to know which server software +is running, and which versions. +This information is often contained within the greeting banners. +In order to retrieve these, it is necessary to first make a connection, +and then break the connection when the banner has been retrieved. +This can be accomplished by specifying a small timeout with the +.Fl w +flag, or perhaps by issuing a +.Qq Dv QUIT +command to the server: +.Bd -literal -offset indent +$ echo "QUIT" | nc host.example.com 20-30 +SSH-1.99-OpenSSH_3.6.1p2 +Protocol mismatch. +220 host.example.com IMS SMTP Receiver Version 0.84 Ready +.Ed +.Sh EXAMPLES +Open a TCP connection to port 42 of host.example.com, using port 31337 as +the source port, with a timeout of 5 seconds: +.Pp +.Dl $ nc -p 31337 -w 5 host.example.com 42 +.Pp +Open a TCP connection to port 443 of www.example.com, and negotiate TLS with +any supported TLS protocol version and "compat" ciphers: +.Pp +.Dl $ nc -cv -T protocols=all -T ciphers=compat www.example.com 443 +.Pp +Open a TCP connection to port 443 of www.google.ca, and negotiate TLS. +Check for a different name in the certificate for validation: +.Pp +.Dl $ nc -cv -e adsf.au.doubleclick.net www.google.ca 443 +.Pp +Open a UDP connection to port 53 of host.example.com: +.Pp +.Dl $ nc -u host.example.com 53 +.Pp +Open a TCP connection to port 42 of host.example.com using 10.1.2.3 as the +IP for the local end of the connection: +.Pp +.Dl $ nc -s 10.1.2.3 host.example.com 42 +.Pp +Create and listen on a +.Ux Ns -domain +stream socket: +.Pp +.Dl $ nc -lU /var/tmp/dsocket +.Pp +Connect to port 42 of host.example.com via an HTTP proxy at 10.2.3.4, +port 8080. +This example could also be used by +.Xr ssh 1 ; +see the +.Cm ProxyCommand +directive in +.Xr ssh_config 5 +for more information. +.Pp +.Dl $ nc -x10.2.3.4:8080 -Xconnect host.example.com 42 +.Pp +The same example again, this time enabling proxy authentication with username +.Dq ruser +if the proxy requires it: +.Pp +.Dl $ nc -x10.2.3.4:8080 -Xconnect -Pruser host.example.com 42 +.Sh SEE ALSO +.Xr cat 1 , +.Xr ssh 1 +.Sh AUTHORS +Original implementation by +.An *Hobbit* Aq Mt hobbit@avian.org . +.br +Rewritten with IPv6 support by +.An Eric Jackson Aq Mt ericj@monkey.org . +.Sh CAVEATS +UDP port scans using the +.Fl uz +combination of flags will always report success irrespective of +the target machine's state. +However, +in conjunction with a traffic sniffer either on the target machine +or an intermediary device, +the +.Fl uz +combination could be useful for communications diagnostics. +Note that the amount of UDP traffic generated may be limited either +due to hardware resources and/or configuration settings. diff -Naur a/apps/ocspcheck/CMakeLists.txt b/apps/ocspcheck/CMakeLists.txt --- a/apps/ocspcheck/CMakeLists.txt 2024-04-09 07:28:30.000000000 +0600 +++ b/apps/ocspcheck/CMakeLists.txt 2025-01-09 23:18:56.061808128 +0600 @@ -13,17 +13,17 @@ add_definitions(-DDEFAULT_CA_FILE=\"${OPENSSLDIR}/cert.pem\") -add_executable(ocspcheck ${OCSPCHECK_SRC}) -target_include_directories(ocspcheck +add_executable(ocspcheck-libre ${OCSPCHECK_SRC}) +target_include_directories(ocspcheck-libre PRIVATE ../../include/compat PUBLIC ../../include ${CMAKE_BINARY_DIR}/include) -target_link_libraries(ocspcheck tls ${OPENSSL_LIBS} compat_obj tls_compat_obj) +target_link_libraries(ocspcheck-libre tls ${OPENSSL_LIBS} compat_obj tls_compat_obj) if(ENABLE_LIBRESSL_INSTALL) - install(TARGETS ocspcheck DESTINATION ${CMAKE_INSTALL_BINDIR}) - install(FILES ocspcheck.8 DESTINATION ${CMAKE_INSTALL_MANDIR}/man8) + install(TARGETS ocspcheck-libre DESTINATION ${CMAKE_INSTALL_BINDIR}) + install(FILES ocspcheck-libre.8 DESTINATION ${CMAKE_INSTALL_MANDIR}/man8) endif(ENABLE_LIBRESSL_INSTALL) diff -Naur a/apps/ocspcheck/ocspcheck.8 b/apps/ocspcheck/ocspcheck.8 --- a/apps/ocspcheck/ocspcheck.8 2023-07-05 14:08:29.000000000 +0600 +++ b/apps/ocspcheck/ocspcheck.8 1970-01-01 06:00:00.000000000 +0600 @@ -1,111 +0,0 @@ -.\" $OpenBSD: ocspcheck.8,v 1.9 2017/11/29 21:15:45 jmc Exp $ -.\" -.\" Copyright (c) 2017 Bob Beck -.\" -.\" Permission to use, copy, modify, and distribute this software for any -.\" purpose with or without fee is hereby granted, provided that the above -.\" copyright notice and this permission notice appear in all copies. -.\" -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.\" -.Dd $Mdocdate: November 29 2017 $ -.Dt OCSPCHECK 8 -.Os -.Sh NAME -.Nm ocspcheck -.Nd check a certificate for validity against its OCSP responder -.Sh SYNOPSIS -.Nm -.Op Fl Nv -.Op Fl C Ar CAfile -.Op Fl i Ar staplefile -.Op Fl o Ar staplefile -.Ar file -.Sh DESCRIPTION -The -.Nm -utility validates a PEM format certificate against the OCSP responder -encoded in the certificate specified by the -.Ar file -argument. -Normally it should be used for checking server certificates -and maintaining saved OCSP responses to be used for OCSP stapling. -.Pp -The options are as follows: -.Bl -tag -width Ds -.It Fl C Ar CAfile -Specify a PEM format root certificate bundle to use for the validation of -requests. -By default no certificates are used beyond those in the -certificate chain provided by the -.Ar file -argument. -.It Fl i Ar staplefile -Specify an input filename from which a DER-encoded OCSP response -will be read instead of fetching it from the OCSP server. -A filename -of -.Sq - -will read the response from standard input. -.It Fl N -Do not use a nonce value in the OCSP request, or validate that the -nonce was returned in the OCSP response. -By default a nonce is always used and validated when retrieving -a response from an OCSP server. -The use of this flag is a security risk as it will allow OCSP -responses to be replayed. -It should not be used unless the OCSP server does not support the -use of OCSP nonces. -.It Fl o Ar staplefile -Specify an output filename where the DER encoded response from the -OCSP server will be written, if the OCSP response validates. -A filename -of -.Sq - -will write the response to standard output. -By default the response is not saved. -.It Fl v -Increase verbosity. -This flag may be specified multiple times to get more verbose output. -The default behaviour is to be silent unless something goes wrong. -.El -.Sh EXIT STATUS -The -.Nm -utility exits 0 if the OCSP response validates for the certificate in -.Ar file -and all output is successfully written out. -.Nm -exits >0 if an error occurs or the OCSP response fails to validate. -.Sh SEE ALSO -.Xr nc 1 , -.Xr tls_config_set_ocsp_staple_file 3 , -.Xr tls_config_set_ocsp_staple_mem 3 , -.Xr httpd 8 -.Sh HISTORY -The -.Nm -utility first appeared in -.Ox 6.1 . -.Sh AUTHORS -.Nm -was written by -.An Bob Beck . -.Sh CAVEATS -While -.Nm -could possibly be used in scripts to query responders for server -certificates seen on client connections, this is almost always a bad -idea. -God kills a kitten every time you make an OCSP query from the -client side of a TLS connection. -.Sh BUGS -.Nm -will create the output file if it does not exist. -On failure a newly created output file will not be removed. diff -Naur a/apps/ocspcheck/ocspcheck-libre.8 b/apps/ocspcheck/ocspcheck-libre.8 --- a/apps/ocspcheck/ocspcheck-libre.8 1970-01-01 06:00:00.000000000 +0600 +++ b/apps/ocspcheck/ocspcheck-libre.8 2023-07-05 14:08:29.000000000 +0600 @@ -0,0 +1,111 @@ +.\" $OpenBSD: ocspcheck.8,v 1.9 2017/11/29 21:15:45 jmc Exp $ +.\" +.\" Copyright (c) 2017 Bob Beck +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.Dd $Mdocdate: November 29 2017 $ +.Dt OCSPCHECK 8 +.Os +.Sh NAME +.Nm ocspcheck +.Nd check a certificate for validity against its OCSP responder +.Sh SYNOPSIS +.Nm +.Op Fl Nv +.Op Fl C Ar CAfile +.Op Fl i Ar staplefile +.Op Fl o Ar staplefile +.Ar file +.Sh DESCRIPTION +The +.Nm +utility validates a PEM format certificate against the OCSP responder +encoded in the certificate specified by the +.Ar file +argument. +Normally it should be used for checking server certificates +and maintaining saved OCSP responses to be used for OCSP stapling. +.Pp +The options are as follows: +.Bl -tag -width Ds +.It Fl C Ar CAfile +Specify a PEM format root certificate bundle to use for the validation of +requests. +By default no certificates are used beyond those in the +certificate chain provided by the +.Ar file +argument. +.It Fl i Ar staplefile +Specify an input filename from which a DER-encoded OCSP response +will be read instead of fetching it from the OCSP server. +A filename +of +.Sq - +will read the response from standard input. +.It Fl N +Do not use a nonce value in the OCSP request, or validate that the +nonce was returned in the OCSP response. +By default a nonce is always used and validated when retrieving +a response from an OCSP server. +The use of this flag is a security risk as it will allow OCSP +responses to be replayed. +It should not be used unless the OCSP server does not support the +use of OCSP nonces. +.It Fl o Ar staplefile +Specify an output filename where the DER encoded response from the +OCSP server will be written, if the OCSP response validates. +A filename +of +.Sq - +will write the response to standard output. +By default the response is not saved. +.It Fl v +Increase verbosity. +This flag may be specified multiple times to get more verbose output. +The default behaviour is to be silent unless something goes wrong. +.El +.Sh EXIT STATUS +The +.Nm +utility exits 0 if the OCSP response validates for the certificate in +.Ar file +and all output is successfully written out. +.Nm +exits >0 if an error occurs or the OCSP response fails to validate. +.Sh SEE ALSO +.Xr nc 1 , +.Xr tls_config_set_ocsp_staple_file 3 , +.Xr tls_config_set_ocsp_staple_mem 3 , +.Xr httpd 8 +.Sh HISTORY +The +.Nm +utility first appeared in +.Ox 6.1 . +.Sh AUTHORS +.Nm +was written by +.An Bob Beck . +.Sh CAVEATS +While +.Nm +could possibly be used in scripts to query responders for server +certificates seen on client connections, this is almost always a bad +idea. +God kills a kitten every time you make an OCSP query from the +client side of a TLS connection. +.Sh BUGS +.Nm +will create the output file if it does not exist. +On failure a newly created output file will not be removed. diff -Naur a/apps/openssl/CMakeLists.txt b/apps/openssl/CMakeLists.txt --- a/apps/openssl/CMakeLists.txt 2024-09-25 09:27:29.000000000 +0600 +++ b/apps/openssl/CMakeLists.txt 2025-01-09 23:19:42.325488896 +0600 @@ -66,17 +66,17 @@ endif() endif() -add_executable(openssl ${OPENSSL_SRC}) -target_include_directories(openssl +add_executable(openssl-libre ${OPENSSL_SRC}) +target_include_directories(openssl-libre PRIVATE . ../../include/compat PUBLIC ../../include ${CMAKE_BINARY_DIR}/include) -target_link_libraries(openssl ${OPENSSL_LIBS} compat_obj) +target_link_libraries(openssl-libre ${OPENSSL_LIBS} compat_obj) if(ENABLE_LIBRESSL_INSTALL) - install(TARGETS openssl DESTINATION ${CMAKE_INSTALL_BINDIR}) - install(FILES openssl.1 DESTINATION ${CMAKE_INSTALL_MANDIR}/man1) + install(TARGETS openssl-libre DESTINATION ${CMAKE_INSTALL_BINDIR}) + install(FILES openssl-libre.1 DESTINATION ${CMAKE_INSTALL_MANDIR}/man1) endif(ENABLE_LIBRESSL_INSTALL) diff -Naur a/apps/openssl/openssl.1 b/apps/openssl/openssl.1 --- a/apps/openssl/openssl.1 2024-09-25 09:30:06.000000000 +0600 +++ b/apps/openssl/openssl.1 1970-01-01 06:00:00.000000000 +0600 @@ -1,6865 +0,0 @@ -.\" $OpenBSD: openssl.1,v 1.161 2024/08/30 06:05:10 jmc Exp $ -.\" ==================================================================== -.\" Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in -.\" the documentation and/or other materials provided with the -.\" distribution. -.\" -.\" 3. All advertising materials mentioning features or use of this -.\" software must display the following acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" -.\" -.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -.\" endorse or promote products derived from this software without -.\" prior written permission. For written permission, please contact -.\" openssl-core@openssl.org. -.\" -.\" 5. Products derived from this software may not be called "OpenSSL" -.\" nor may "OpenSSL" appear in their names without prior written -.\" permission of the OpenSSL Project. -.\" -.\" 6. Redistributions of any form whatsoever must retain the following -.\" acknowledgment: -.\" "This product includes software developed by the OpenSSL Project -.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -.\" OF THE POSSIBILITY OF SUCH DAMAGE. -.\" ==================================================================== -.\" -.\" This product includes cryptographic software written by Eric Young -.\" (eay@cryptsoft.com). This product includes software written by Tim -.\" Hudson (tjh@cryptsoft.com). -.\" -.\" -.\" Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -.\" All rights reserved. -.\" -.\" This package is an SSL implementation written -.\" by Eric Young (eay@cryptsoft.com). -.\" The implementation was written so as to conform with Netscapes SSL. -.\" -.\" This library is free for commercial and non-commercial use as long as -.\" the following conditions are aheared to. The following conditions -.\" apply to all code found in this distribution, be it the RC4, RSA, -.\" lhash, DES, etc., code; not just the SSL code. The SSL documentation -.\" included with this distribution is covered by the same copyright terms -.\" except that the holder is Tim Hudson (tjh@cryptsoft.com). -.\" -.\" Copyright remains Eric Young's, and as such any Copyright notices in -.\" the code are not to be removed. -.\" If this package is used in a product, Eric Young should be given attribution -.\" as the author of the parts of the library used. -.\" This can be in the form of a textual message at program startup or -.\" in documentation (online or textual) provided with the package. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" 1. Redistributions of source code must retain the copyright -.\" notice, this list of conditions and the following disclaimer. -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. -.\" 3. All advertising materials mentioning features or use of this software -.\" must display the following acknowledgement: -.\" "This product includes cryptographic software written by -.\" Eric Young (eay@cryptsoft.com)" -.\" The word 'cryptographic' can be left out if the rouines from the library -.\" being used are not cryptographic related :-). -.\" 4. If you include any Windows specific code (or a derivative thereof) from -.\" the apps directory (application code) you must include an -.\" acknowledgement: -.\" "This product includes software written by Tim Hudson -.\" (tjh@cryptsoft.com)" -.\" -.\" THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -.\" SUCH DAMAGE. -.\" -.\" The licence and distribution terms for any publically available version or -.\" derivative of this code cannot be changed. i.e. this code cannot simply be -.\" copied and put under another distribution licence -.\" [including the GNU Public Licence.] -.\" -.Dd $Mdocdate: August 30 2024 $ -.Dt OPENSSL 1 -.Os -.Sh NAME -.Nm openssl -.Nd OpenSSL command line tool -.Sh SYNOPSIS -.Nm -.Ar command -.Op Ar command_opt ... -.Op Ar command_arg ... -.Pp -.Nm -.Cm list-standard-commands | -.Cm list-message-digest-commands | -.Cm list-cipher-commands | -.Cm list-cipher-algorithms | -.Cm list-message-digest-algorithms | -.Cm list-public-key-algorithms -.Pp -.Nm -.Cm no- Ns Ar command -.Sh DESCRIPTION -.Nm OpenSSL -is a cryptography toolkit implementing the -Transport Layer Security -.Pq TLS -network protocol, -as well as related cryptography standards. -.Pp -The -.Nm -program is a command line tool for using the various -cryptography functions of -.Nm openssl Ns 's -crypto library from the shell. -.Pp -The pseudo-commands -.Cm list-standard-commands , list-message-digest-commands , -and -.Cm list-cipher-commands -output a list -.Pq one entry per line -of the names of all standard commands, message digest commands, -or cipher commands, respectively, that are available in the present -.Nm -utility. -.Pp -The pseudo-commands -.Cm list-cipher-algorithms -and -.Cm list-message-digest-algorithms -list all cipher and message digest names, -one entry per line. -Aliases are listed as: -.Pp -.D1 from => to -.Pp -The pseudo-command -.Cm list-public-key-algorithms -lists all supported public key algorithms. -.Pp -The pseudo-command -.Cm no- Ns Ar command -tests whether a command of the -specified name is available. -If -.Ar command -does not exist, -it returns 0 -and prints -.Cm no- Ns Ar command ; -otherwise it returns 1 and prints -.Ar command . -In both cases, the output goes to stdout and nothing is printed to stderr. -Additional command line arguments are always ignored. -Since for each cipher there is a command of the same name, -this provides an easy way for shell scripts to test for the -availability of ciphers in the -.Nm -program. -.Pp -.Sy Note : -.Cm no- Ns Ar command -is not able to detect pseudo-commands such as -.Cm quit , -.Cm list- Ns Ar ... Ns Cm -commands , -or -.Cm no- Ns Ar command -itself. -.Tg asn1parse -.Sh ASN1PARSE -.Bl -hang -width "openssl asn1parse" -.It Nm openssl asn1parse -.Bk -words -.Op Fl i -.Op Fl dlimit Ar number -.Op Fl dump -.Op Fl genconf Ar file -.Op Fl genstr Ar str -.Op Fl in Ar file -.Op Fl inform Cm der | pem | txt -.Op Fl length Ar number -.Op Fl noout -.Op Fl offset Ar number -.Op Fl oid Ar file -.Op Fl out Ar file -.Op Fl strparse Ar offset -.Ek -.El -.Pp -The -.Nm asn1parse -command is a diagnostic utility that can parse ASN.1 structures. -It can also be used to extract data from ASN.1 formatted data. -.Pp -The options are as follows: -.Bl -tag -width Ds -.It Fl dlimit Ar number -Dump the first -.Ar number -bytes of unknown data in hex form. -.It Fl dump -Dump unknown data in hex form. -.It Fl genconf Ar file , Fl genstr Ar str -Generate encoded data based on string -.Ar str , -file -.Ar file , -or both, using the format described in -.Xr ASN1_generate_nconf 3 . -If only -.Ar file -is present then the string is obtained from the default section -using the name -.Dq asn1 . -The encoded data is passed through the ASN.1 parser and printed out as -though it came from a file; -the contents can thus be examined and written to a file using the -.Fl out -option. -.It Fl i -Indent the output according to the -.Qq depth -of the structures. -.It Fl in Ar file -The input file to read from, or standard input if not specified. -.It Fl inform Cm der | pem | txt -The input format. -.It Fl length Ar number -Number of bytes to parse; the default is until end of file. -.It Fl noout -Do not output the parsed version of the input file. -.It Fl offset Ar number -Starting offset to begin parsing; the default is start of file. -.It Fl oid Ar file -A file containing additional object identifiers -.Pq OIDs . -If an OID -.Pq object identifier -is not part of -.Nm openssl Ns 's -internal table, it will be represented in -numerical form -.Pq for example 1.2.3.4 . -.Pp -Each line consists of three columns: -the first column is the OID in numerical format and should be followed by -whitespace. -The second column is the -.Qq short name , -which is a single word followed by whitespace. -The final column is the rest of the line and is the -.Qq long name . -.Nm asn1parse -displays the long name. -.It Fl out Ar file -The DER-encoded output file; the default is no encoded output -(useful when combined with -.Fl strparse ) . -.It Fl strparse Ar offset -Parse the content octets of the ASN.1 object starting at -.Ar offset . -This option can be used multiple times to -.Qq drill down -into a nested structure. -.El -.Tg ca -.Sh CA -.Bl -hang -width "openssl ca" -.It Nm openssl ca -.Bk -words -.Op Fl batch -.Op Fl cert Ar file -.Op Fl config Ar file -.Op Fl create_serial -.Op Fl crl_CA_compromise Ar time -.Op Fl crl_compromise Ar time -.Op Fl crl_hold Ar instruction -.Op Fl crl_reason Ar reason -.Op Fl crldays Ar days -.Op Fl crlexts Ar section -.Op Fl crlhours Ar hours -.Op Fl crlsec Ar seconds -.Op Fl days Ar arg -.Op Fl enddate Ar date -.Op Fl extensions Ar section -.Op Fl extfile Ar file -.Op Fl gencrl -.Op Fl in Ar file -.Op Fl infiles -.Op Fl key Ar password -.Op Fl keyfile Ar file -.Op Fl keyform Cm pem | der -.Op Fl md Ar alg -.Op Fl msie_hack -.Op Fl multivalue-rdn -.Op Fl name Ar section -.Op Fl noemailDN -.Op Fl notext -.Op Fl out Ar file -.Op Fl outdir Ar directory -.Op Fl passin Ar arg -.Op Fl policy Ar arg -.Op Fl preserveDN -.Op Fl revoke Ar file -.Op Fl selfsign -.Op Fl sigopt Ar nm:v -.Op Fl ss_cert Ar file -.Op Fl startdate Ar date -.Op Fl status Ar serial -.Op Fl subj Ar arg -.Op Fl updatedb -.Op Fl utf8 -.Op Fl verbose -.Ek -.El -.Pp -The -.Nm ca -command is a minimal certificate authority (CA) application. -It can be used to sign certificate requests in a variety of forms -and generate certificate revocation lists (CRLs). -It also maintains a text database of issued certificates and their status. -.Pp -The options relevant to CAs are as follows: -.Bl -tag -width "XXXX" -.It Fl batch -Batch mode. -In this mode no questions will be asked -and all certificates will be certified automatically. -.It Fl cert Ar file -The CA certificate file. -.It Fl config Ar file -Specify an alternative configuration file. -.It Fl create_serial -If reading the serial from the text file as specified in the -configuration fails, create a new random serial to be used as the -next serial number. -.It Fl days Ar arg -The number of days to certify the certificate for. -.It Fl enddate Ar date -Set the expiry date. -The format of the date is [YY]YYMMDDHHMMSSZ, -with all four year digits required for dates from 2050 onwards. -.It Fl extensions Ar section -The section of the configuration file containing certificate extensions -to be added when a certificate is issued (defaults to -.Cm x509_extensions -unless the -.Fl extfile -option is used). -If no extension section is present, a V1 certificate is created. -If the extension section is present -.Pq even if it is empty , -then a V3 certificate is created. -See the -.Xr x509v3.cnf 5 -manual page for details of the extension section format. -.It Fl extfile Ar file -An additional configuration -.Ar file -to read certificate extensions from -(using the default section unless the -.Fl extensions -option is also used). -.It Fl in Ar file -An input -.Ar file -containing a single certificate request to be signed by the CA. -.It Fl infiles -If present, this should be the last option; all subsequent arguments -are assumed to be the names of files containing certificate requests. -.It Fl key Ar password -The -.Fa password -used to encrypt the private key. -Since on some systems the command line arguments are visible, -this option should be used with caution. -.It Fl keyfile Ar file -The private key to sign requests with. -.It Fl keyform Cm pem | der -Private key file format. -The default is -.Cm pem . -.It Fl md Ar alg -The message digest to use. -Possible values include -.Ar md5 -and -.Ar sha1 . -This option also applies to CRLs. -.It Fl msie_hack -This is a legacy option to make -.Nm ca -work with very old versions of the IE certificate enrollment control -.Qq certenr3 . -It used UniversalStrings for almost everything. -Since the old control has various security bugs, -its use is strongly discouraged. -The newer control -.Qq Xenroll -does not need this option. -.It Fl multivalue-rdn -This option causes the -.Fl subj -argument to be interpreted with full support for multivalued RDNs, -for example -.Qq "/DC=org/DC=OpenSSL/DC=users/UID=123456+CN=John Doe" . -If -.Fl multivalue-rdn -is not used, the UID value is set to -.Qq "123456+CN=John Doe" . -.It Fl name Ar section -Specifies the configuration file -.Ar section -to use (overrides -.Cm default_ca -in the -.Cm ca -section). -.It Fl noemailDN -The DN of a certificate can contain the EMAIL field if present in the -request DN, however it is good policy just having the email set into -the -.Cm altName -extension of the certificate. -When this option is set, the EMAIL field is removed from the certificate's -subject and set only in the, eventually present, extensions. -The -.Ar email_in_dn -keyword can be used in the configuration file to enable this behaviour. -.It Fl notext -Don't output the text form of a certificate to the output file. -.It Fl out Ar file -The output file to output certificates to. -The default is standard output. -The certificate details will also be printed out to this file in -PEM format. -.It Fl outdir Ar directory -The -.Ar directory -to output certificates to. -The certificate will be written to a file consisting of the -serial number in hex with -.Qq .pem -appended. -.It Fl passin Ar arg -The key password source. -.It Fl policy Ar arg -Define the CA -.Qq policy -to use. -The policy section in the configuration file -consists of a set of variables corresponding to certificate DN fields. -The values may be one of -.Qq match -(the value must match the same field in the CA certificate), -.Qq supplied -(the value must be present), or -.Qq optional -(the value may be present). -Any fields not mentioned in the policy section -are silently deleted, unless the -.Fl preserveDN -option is set, -but this can be regarded more of a quirk than intended behaviour. -.It Fl preserveDN -Normally, the DN order of a certificate is the same as the order of the -fields in the relevant policy section. -When this option is set, the order is the same as the request. -This is largely for compatibility with the older IE enrollment control -which would only accept certificates if their DNs matched the order of the -request. -This is not needed for Xenroll. -.It Fl selfsign -Indicates the issued certificates are to be signed with the key the -certificate requests were signed with, given with -.Fl keyfile . -Certificate requests signed with a different key are ignored. -If -.Fl gencrl -or -.Fl ss_cert -are given, -.Fl selfsign -is ignored. -.Pp -A consequence of using -.Fl selfsign -is that the self-signed certificate appears among the entries in -the certificate database (see the configuration option -.Cm database ) -and uses the same serial number counter as all other certificates -signed with the self-signed certificate. -.It Fl sigopt Ar nm:v -Pass options to the signature algorithm during sign or certify operations. -The names and values of these options are algorithm-specific. -.It Fl ss_cert Ar file -A single self-signed certificate to be signed by the CA. -.It Fl startdate Ar date -Set the start date. -The format of the date is [YY]YYMMDDHHMMSSZ, -with all four year digits required for dates from 2050 onwards. -.It Fl subj Ar arg -Supersedes the subject name given in the request. -The -.Ar arg -must be formatted as -.Sm off -.Pf / Ar type0 Ns = Ar value0 Ns / Ar type 1 Ns = Ar value 1 Ns / -.Ar type2 Ns = Ar ... ; -.Sm on -characters may be escaped by -.Sq \e -.Pq backslash , -no spaces are skipped. -.It Fl utf8 -Interpret field values read from a terminal or obtained from a -configuration file as UTF-8 strings. -By default, they are interpreted as ASCII. -.It Fl verbose -Print extra details about the operations being performed. -.El -.Pp -The options relevant to CRLs are as follows: -.Bl -tag -width "XXXX" -.It Fl crl_CA_compromise Ar time -This is the same as -.Fl crl_compromise , -except the revocation reason is set to CACompromise. -.It Fl crl_compromise Ar time -Set the revocation reason to keyCompromise and the compromise time to -.Ar time . -.Ar time -should be in GeneralizedTime format, i.e. YYYYMMDDHHMMSSZ. -.It Fl crl_hold Ar instruction -Set the CRL revocation reason code to certificateHold and the hold -instruction to -.Ar instruction -which must be an OID. -Although any OID can be used, only holdInstructionNone -(the use of which is discouraged by RFC 2459), holdInstructionCallIssuer or -holdInstructionReject will normally be used. -.It Fl crl_reason Ar reason -Revocation reason, where -.Ar reason -is one of: -unspecified, keyCompromise, CACompromise, affiliationChanged, superseded, -cessationOfOperation, certificateHold or removeFromCRL. -The matching of -.Ar reason -is case insensitive. -Setting any revocation reason will make the CRL v2. -In practice, removeFromCRL is not particularly useful because it is only used -in delta CRLs which are not currently implemented. -.It Fl crldays Ar days -The number of days before the next CRL is due. -This is the days from now to place in the CRL -.Cm nextUpdate -field. -.It Fl crlexts Ar section -The -.Ar section -of the configuration file containing CRL extensions to include. -If no CRL extension section is present then a V1 CRL is created; -if the CRL extension section is present -(even if it is empty) -then a V2 CRL is created. -The CRL extensions specified are CRL extensions and not CRL entry extensions. -It should be noted that some software can't handle V2 CRLs. -See the -.Xr x509v3.cnf 5 -manual page for details of the extension section format. -.It Fl crlhours Ar hours -The number of hours before the next CRL is due. -.It Fl crlsec Ar seconds -The number of seconds before the next CRL is due. -.It Fl gencrl -Generate a CRL based on information in the index file. -.It Fl revoke Ar file -A -.Ar file -containing a certificate to revoke. -.It Fl status Ar serial -Show the status of the certificate with serial number -.Ar serial . -.It Fl updatedb -Update the database index to purge expired certificates. -.El -.Pp -Many of the options can be set in the -.Cm ca -section of the configuration file -(or in the default section of the configuration file), -specified using -.Cm default_ca -or -.Fl name . -The options -.Cm preserve -and -.Cm msie_hack -are read directly from the -.Cm ca -section. -.Pp -Many of the configuration file options are identical to command line -options. -Where the option is present in the configuration file and the command line, -the command line value is used. -Where an option is described as mandatory, then it must be present in -the configuration file or the command line equivalent -.Pq if any -used. -.Bl -tag -width "XXXX" -.It Cm certificate -The same as -.Fl cert . -It gives the file containing the CA certificate. -Mandatory. -.It Cm copy_extensions -Determines how extensions in certificate requests should be handled. -If set to -.Cm none -or this option is not present, then extensions are -ignored and not copied to the certificate. -If set to -.Cm copy , -then any extensions present in the request that are not already present -are copied to the certificate. -If set to -.Cm copyall , -then all extensions in the request are copied to the certificate: -if the extension is already present in the certificate it is deleted first. -.Pp -The -.Cm copy_extensions -option should be used with caution. -If care is not taken, it can be a security risk. -For example, if a certificate request contains a -.Cm basicConstraints -extension with CA:TRUE and the -.Cm copy_extensions -value is set to -.Cm copyall -and the user does not spot -this when the certificate is displayed, then this will hand the requester -a valid CA certificate. -.Pp -This situation can be avoided by setting -.Cm copy_extensions -to -.Cm copy -and including -.Cm basicConstraints -with CA:FALSE in the configuration file. -Then if the request contains a -.Cm basicConstraints -extension, it will be ignored. -.Pp -The main use of this option is to allow a certificate request to supply -values for certain extensions such as -.Cm subjectAltName . -.It Cm crl_extensions -The same as -.Fl crlexts . -.It Cm crlnumber -A text file containing the next CRL number to use in hex. -The CRL number will be inserted in the CRLs only if this file exists. -If this file is present, it must contain a valid CRL number. -.It Cm database -The text database file to use. -Mandatory. -This file must be present, though initially it will be empty. -.It Cm default_crl_hours , default_crl_days -The same as the -.Fl crlhours -and -.Fl crldays -options. -These will only be used if neither command line option is present. -At least one of these must be present to generate a CRL. -.It Cm default_days -The same as the -.Fl days -option. -The number of days to certify a certificate for. -.It Cm default_enddate -The same as the -.Fl enddate -option. -Either this option or -.Cm default_days -.Pq or the command line equivalents -must be present. -.It Cm default_md -The same as the -.Fl md -option. -The message digest to use. -Mandatory. -.It Cm default_startdate -The same as the -.Fl startdate -option. -The start date to certify a certificate for. -If not set, the current time is used. -.It Cm email_in_dn -The same as -.Fl noemailDN . -If the EMAIL field is to be removed from the DN of the certificate, -simply set this to -.Qq no . -If not present, the default is to allow for the EMAIL field in the -certificate's DN. -.It Cm msie_hack -The same as -.Fl msie_hack . -.It Cm name_opt , cert_opt -These options allow the format used to display the certificate details -when asking the user to confirm signing. -All the options supported by the -.Nm x509 -utilities' -.Fl nameopt -and -.Fl certopt -switches can be used here, except that -.Cm no_signame -and -.Cm no_sigdump -are permanently set and cannot be disabled -(this is because the certificate signature cannot be displayed because -the certificate has not been signed at this point). -.Pp -For convenience, the value -.Cm ca_default -is accepted by both to produce a reasonable output. -.Pp -If neither option is present, the format used in earlier versions of -.Nm openssl -is used. -Use of the old format is strongly discouraged -because it only displays fields mentioned in the -.Cm policy -section, -mishandles multicharacter string types and does not display extensions. -.It Cm new_certs_dir -The same as the -.Fl outdir -command line option. -It specifies the directory where new certificates will be placed. -Mandatory. -.It Cm oid_file -This specifies a file containing additional object identifiers. -Each line of the file should consist of the numerical form of the -object identifier followed by whitespace, then the short name followed -by whitespace and finally the long name. -.It Cm oid_section -This specifies a section in the configuration file containing extra -object identifiers. -Each line should consist of the short name of the object identifier -followed by -.Sq = -and the numerical form. -The short and long names are the same when this option is used. -.It Cm policy -The same as -.Fl policy . -Mandatory. -.It Cm preserve -The same as -.Fl preserveDN . -.It Cm private_key -Same as the -.Fl keyfile -option. -The file containing the CA private key. -Mandatory. -.It Cm serial -A text file containing the next serial number to use in hex. -Mandatory. -This file must be present and contain a valid serial number. -.It Cm unique_subject -If the value -.Cm yes -is given, the valid certificate entries in the -database must have unique subjects. -If the value -.Cm no -is given, -several valid certificate entries may have the exact same subject. -The default value is -.Cm yes . -.Pp -Note that it is valid in some circumstances for certificates to be created -without any subject. -In cases where there are multiple certificates without -subjects this does not count as a duplicate. -.It Cm x509_extensions -The same as -.Fl extensions . -.El -.Tg certhash -.Sh CERTHASH -.Bl -hang -width "openssl certhash" -.It Nm openssl certhash -.Bk -words -.Op Fl nv -.Ar dir ... -.Ek -.El -.Pp -The -.Nm certhash -command calculates a hash value of -.Qq .pem -file in the specified directory list and creates symbolic links for each file, -where the name of the link is the hash value. -See the -.Xr SSL_CTX_load_verify_locations 3 -manual page for how hash links are used. -.Pp -The links created are of the form -.Qq HHHHHHHH.D , -where each -.Sq H -is a hexadecimal character and -.Sq D -is a single decimal digit. -The hashes for CRLs look similar, except the letter -.Sq r -appears after the period, like this: -.Qq HHHHHHHH.rD . -When processing a directory, -.Nm certhash -will first remove all links that have a name in that syntax and invalid -reference. -.Pp -Multiple objects may have the same hash; they will be indicated by -incrementing the -.Sq D -value. -Duplicates are found by comparing the full SHA256 fingerprint. -A warning will be displayed if a duplicate is found. -.Pp -A warning will also be displayed if there are files that cannot be parsed as -either a certificate or a CRL. -.Pp -The options are as follows: -.Bl -tag -width Ds -.It Fl n -Perform a dry-run, and do not make any changes. -.It Fl v -Print extra details about the processing. -.It Ar dir ... -Specify the directories to process. -.El -.Tg ciphers -.Sh CIPHERS -.Nm openssl ciphers -.Op Fl hsVv -.Op Fl tls1_2 -.Op Fl tls1_3 -.Op Ar control -.Pp -The -.Nm ciphers -command converts the -.Ar control -string from the format documented in -.Xr SSL_CTX_set_cipher_list 3 -into an ordered SSL cipher suite preference list. -If no -.Ar control -string is specified, the -.Cm DEFAULT -list is printed. -.Pp -The options are as follows: -.Bl -tag -width Ds -.It Fl h , \&? -Print a brief usage message. -.It Fl s -Only list ciphers that are supported by the TLS method. -.It Fl tls1_2 | tls1_3 -In combination with the -.Fl s -option, list the ciphers which could be used -if the specified protocol version were negotiated. -.It Fl V -Verbose. -List ciphers with cipher suite code in hex format, -cipher name, and a complete description of protocol version, -key exchange, authentication, encryption, and mac algorithms. -.It Fl v -Like -.Fl V , -but without cipher suite codes. -.El -.Tg cms -.Sh CMS -.Bl -hang -width "openssl cms" -.It Nm openssl cms -.Bk -words -.Oo -.Fl aes128 | aes192 | aes256 | camellia128 | -.Fl camellia192 | camellia256 | des | des3 | -.Fl rc2-40 | rc2-64 | rc2-128 -.Oc -.Op Fl CAfile Ar file -.Op Fl CApath Ar directory -.Op Fl CRLfile Ar file -.Op Fl binary -.Op Fl certfile Ar file -.Op Fl certsout Ar file -.Op Fl cmsout -.Op Fl compress -.Op Fl content Ar file -.Op Fl crlfeol -.Op Fl data_create -.Op Fl data_out -.Op Fl debug_decrypt -.Op Fl decrypt -.Op Fl digest_create -.Op Fl digest_verify -.Op Fl econtent_type Ar type -.Op Fl encrypt -.Op Fl EncryptedData_decrypt -.Op Fl EncryptedData_encrypt -.Op Fl from Ar addr -.Op Fl in Ar file -.Op Fl inform Cm der | pem | smime -.Op Fl inkey Ar file -.Op Fl keyform Cm der | pem -.Op Fl keyid -.Op Fl keyopt Ar nm:v -.Op Fl md Ar digest -.Op Fl no_attr_verify -.Op Fl no_content_verify -.Op Fl no_signer_cert_verify -.Op Fl noattr -.Op Fl nocerts -.Op Fl nodetach -.Op Fl nointern -.Op Fl nooldmime -.Op Fl noout -.Op Fl nosigs -.Op Fl nosmimecap -.Op Fl noverify -.Op Fl out Ar file -.Op Fl outform Cm der | pem | smime -.Op Fl passin Ar src -.Op Fl print -.Op Fl pwri_password Ar arg -.Op Fl rctform Cm der | pem | smime -.Op Fl receipt_request_all | receipt_request_first -.Op Fl receipt_request_from Ar addr -.Op Fl receipt_request_print -.Op Fl receipt_request_to Ar addr -.Op Fl recip Ar file -.Op Fl resign -.Op Fl secretkey Ar key -.Op Fl secretkeyid Ar id -.Op Fl sign -.Op Fl sign_receipt -.Op Fl signer Ar file -.Op Fl stream | indef | noindef -.Op Fl subject Ar s -.Op Fl text -.Op Fl to Ar addr -.Op Fl uncompress -.Op Fl verify -.Op Fl verify_receipt Ar file -.Op Fl verify_retcode -.Op Ar cert.pem ... -.Ek -.El -.Pp -The -.Nm cms -command handles S/MIME v3.1 mail. -It can encrypt, decrypt, sign and verify, compress and uncompress S/MIME -messages. -.Pp -The MIME message must be sent without any blank lines between the headers and -the output. -Some mail programs will automatically add a blank line. -Piping the mail directly to sendmail is one way to achieve the correct format. -.Pp -The supplied message to be signed or encrypted must include the necessary MIME -headers or many S/MIME clients won't display it properly (if at all). -You can use the -.Fl text -option to automatically add plain text headers. -.Pp -A "signed and encrypted" message is one where a signed message is then -encrypted. -This can be produced by encrypting an already signed message. -.Pp -There are various operation options that set the type of operation to be -performed. -The meaning of the other options varies according to the operation type. -.Bl -tag -width "XXXX" -.It Fl encrypt -Encrypt mail for the given recipient certificates. -Input file is the message to be encrypted. -The output file is the encrypted mail in MIME format. -The actual CMS type is EnvelopedData. -Note that no revocation check is done for the recipient cert, so if that -key has been compromised, others may be able to decrypt the text. -.It Fl decrypt -Decrypt mail using the supplied certificate and private key. -Expects an encrypted mail message in MIME format for the input file. -The decrypted mail is written to the output file. -.It Fl sign -Sign mail using the supplied certificate and private key. -Input file is the message to be signed. -The signed message in MIME format is written to the output file. -.It Fl verify -Verify signed mail. -Expects a signed mail message on input and outputs the signed data. -Both clear text and opaque signing are supported. -.It Fl cmsout -Take an input message and write out a PEM encoded CMS structure. -.It Fl resign -Resign a message. -Take an existing message and one or more new signers. -This operation uses an existing message digest when adding a new signer. -This means that attributes must be present in at least one existing -signer using the same message digest or this operation will fail. -.It Fl data_create -Create a CMS Data type. -.It Fl data_out -Output a content from the input CMS Data type. -.It Fl digest_create -Create a CMS DigestedData type. -.It Fl digest_verify -Verify a CMS DigestedData type and output the content. -.It Fl compress -Create a CMS CompressedData type. -Must be compiled with zlib support for this option to work. -.It Fl uncompress -Uncompress a CMS CompressedData type and output the content. -Must be compiled with zlib support for this option to work. -.It Fl EncryptedData_encrypt -Encrypt a content using supplied symmetric key and algorithm using a -CMS EncryptedData type. -.It Fl EncryptedData_decrypt -Decrypt a CMS EncryptedData type using supplied symmetric key. -.It Fl sign_receipt -Generate and output a signed receipt for the supplied message. -The input message must contain a signed receipt request. -Functionality is otherwise similar to the -.Fl sign -operation. -.It Xo -.Fl verify_receipt Ar file -.Xc -Verify a signed receipt in file. -The input message must contain the original receipt request. -Functionality is otherwise similar to the -.Fl verify -operation. -.El -.Pp -The remaining options are as follows: -.Bl -tag -width "XXXX" -.It Xo -.Fl aes128 | aes192 | aes256 | camellia128 | -.Fl camellia192 | camellia256 | des | des3 | -.Fl rc2-40 | rc2-64 | rc2-128 -.Xc -The encryption algorithm to use. -128-, 192-, or 256-bit AES, 128-, 192-, or 256-bit CAMELLIA, -DES (56 bits), triple DES (168 bits), -or 40-, 64-, or 128-bit RC2, respectively; -if not specified, triple DES is -used. -Only used with -.Fl encrypt -and -.Fl EncryptedData_encrypt -commands. -.It Fl binary -Normally the input message is converted to "canonical" format which is -effectively using CR/LF as end of line, as required by the S/MIME specification. -When this option is present, no translation occurs. -This is useful when handling binary data which may not be in MIME format. -.It Fl CAfile Ar file -A file containing trusted CA certificates, used with -.Fl verify -and -.Fl verify_receipt . -.It Fl CApath Ar directory -A directory containing trusted CA certificates, used with -.Fl verify -and -.Fl verify_receipt . -This directory must be a standard certificate directory: that is a hash -of each subject name (using -.Nm x509 Fl hash ) -should be linked to each certificate. -.It Fl CRLfile Ar file -Allows additional certificate revocation lists to be specified for verification. -The CRLs should be in PEM format. -.It Ar cert.pem ... -One or more certificates of message recipients: used when encrypting a message. -.It Fl certfile Ar file -Allows additional certificates to be specified. -When signing, these will be included with the message. -When verifying, these will be searched for the signer's certificates. -The certificates should be in PEM format. -.It Fl certsout Ar file -A file that any certificates contained in the message are written to. -.It Xo -.Fl check_ss_sig , -.Fl crl_check , -.Fl crl_check_all , -.Fl extended_crl , -.Fl ignore_critical , -.Fl issuer_checks , -.Fl policy , -.Fl policy_check , -.Fl purpose , -.Fl x509_strict -.Xc -Set various certificate chain validation options. -See the -.Nm verify -command for details. -.It Fl content Ar file -A file containing the detached content. -This is only useful with the -.Fl verify -command. -This is only usable if the CMS structure is using the detached signature -form where the content is not included. -This option will override any content if the input format is S/MIME and -it uses the multipart/signed MIME content type. -.It Fl crlfeol -Output a S/MIME message with CR/LF end of line. -.It Fl debug_decrypt -Set the CMS_DEBUG_DECRYPT flag when decrypting. -This option should be used with caution, since this can be used to disable -the MMA attack protection and return an error if no recipient can be found. -See the -.Xr CMS_decrypt 3 -manual page for details of the flag. -.It Xo -.Fl from Ar addr , -.Fl subject Ar s , -.Fl to Ar addr -.Xc -The relevant mail headers. -These are included outside the signed portion of a message so they may -be included manually. -If signing then many S/MIME mail clients check the signer's certificate's -email address matches that specified in the From: address. -.It Fl econtent_type Ar type -Set the encapsulated content type, used with -.Fl sign . -If not supplied, the Data type is used. -The type argument can be any valid OID name in either text or numerical format. -.It Fl in Ar file -The input message to be encrypted or signed or the message to be decrypted or -verified. -.It Fl inform Cm der | pem | smime -The input format for the CMS structure. -The default is -.Cm smime , -which reads an S/MIME format message. -.Cm pem -and -.Cm der -format change this to expect PEM and DER format CMS structures instead. -This currently only affects the input format of the CMS structure; if no -CMS structure is being input (for example with -.Fl encrypt -or -.Fl sign ) -this option has no effect. -.It Fl inkey Ar file -The private key to use when signing or decrypting. -This must match the corresponding certificate. -If this option is not specified then the private key must be included in -the certificate file specified with the -.Fl recip -or -.Fl signer -file. -When signing, this option can be used multiple times to specify successive keys. -.It Fl keyform Cm der | pem -Input private key format. -The default is -.Cm pem . -.It Fl keyid -Use subject key identifier to identify certificates instead of issuer -name and serial number. -The supplied certificate must include a subject key identifier extension. -Supported by -.Fl sign -and -.Fl encrypt -operations. -.It Fl keyopt Ar nm:v -Set customised parameters for the preceding key or certificate -for encryption and signing. -It can currently be used to set RSA-PSS for signing, RSA-OAEP for -encryption or to modify default parameters for ECDH. -This option can be used multiple times. -.It Fl md Ar digest -The digest algorithm to use when signing or resigning. -If not present then the default digest algorithm for the signing key -will be used (usually SHA1). -.It Fl no_attr_verify -Do not verify the signer's attribute of a signature. -.It Fl no_content_verify -Do not verify the content of a signed message. -.It Fl no_signer_cert_verify -Do not verify the signer's certificate of a signed message. -.It Fl noattr -Do not include attributes. -Normally when a message is signed a set of attributes are included which -include the signing time and supported symmetric algorithms. -With this option they are not included. -.It Fl nocerts -Do not include the signer's certificate. -This will reduce the size of the signed message but the verifier must -have a copy of the signer's certificate available locally (passed using -the -.Fl certfile -option for example). -.It Fl nodetach -When signing a message, use opaque signing. -This form is more resistant to translation by mail relays but it cannot be -read by mail agents that do not support S/MIME. -Without this option cleartext signing with the MIME type multipart/signed is -used. -.It Fl nointern -Only the certificates specified in the -.Fl certfile -option are used. -When verifying a message, normally certificates (if any) included in the -message are searched for the signing certificate. -The supplied certificates can still be used as untrusted CAs however. -.It Fl nooldmime -Output an old S/MIME content type like "application/x-pkcs7-". -.It Fl noout -Do not output the parsed CMS structure for the -.Fl cmsout -operation. -This is useful when combined with the -.Fl print -option or if the syntax of the CMS structure is being checked. -.It Fl nosigs -Do not try to verify the signatures on the message. -.It Fl nosmimecap -Exclude the list of supported algorithms from signed attributes; other -options such as signing time and content type are still included. -.It Fl noverify -Do not verify the signer's certificate of a signed message. -.It Fl out Ar file -The message text that has been decrypted or verified or the output MIME -format message that has been signed or verified. -.It Fl outform Cm der | pem | smime -This specifies the output format for the CMS structure. -The default is -.Cm smime , -which writes an S/MIME format message. -.Cm pem -and -.Cm der -format change this to write PEM and DER format CMS structures instead. -This currently only affects the output format of the CMS structure; if -no CMS structure is being output (for example with -.Fl verify -or -.Fl decrypt ) -this option has no effect. -.It Fl passin Ar src -The private key password source. -.It Fl print -Print out all fields of the CMS structure for the -.Fl cmsout -operation. -This is mainly useful for testing purposes. -.It Fl pwri_password Ar arg -Specify PasswordRecipientInfo (PWRI) password to use. -Supported by the -.Fl encrypt -and -.Fl decrypt -operations. -.It Fl rctform Cm der | pem | smime -Specify the format for a signed receipt for use with the -.Fl receipt_verify -operation. -The default is -.Cm smime . -.It Fl receipt_request_all | receipt_request_first -Indicate requests should be provided by all recipient or first tier -recipients (those mailed directly and not from a mailing list), for the -.Fl sign -operation to include a signed receipt request. -Ignored if -.Fl receipt_request_from -is included. -.It Fl receipt_request_from Ar addr -Add an explicit email address where receipts should be supplied. -.It Fl receipt_request_print -Print out the contents of any signed receipt requests for the -.Fl verify -operation. -.It Fl receipt_request_to Ar addr -Add an explicit email address where signed receipts should be sent to. -This option must be supplied if a signed receipt is requested. -.It Fl recip Ar file -When decrypting a message, this specifies the recipient's certificate. -The certificate must match one of the recipients of the message or an -error occurs. -When encrypting a message, this option may be used multiple times to -specify each recipient. -This form must be used if customised parameters are required (for example to -specify RSA-OAEP). -Only certificates carrying RSA, Diffie-Hellman or EC keys are supported -by this option. -.It Fl secretkey Ar key -Specify symmetric key to use. -The key must be supplied in hex format and be consistent with the -algorithm used. -Supported by the -.Fl EncryptedData_encrypt , -.Fl EncryptedData_decrypt , -.Fl encrypt -and -.Fl decrypt -operations. -When used with -.Fl encrypt -or -.Fl decrypt , -the supplied key is used to wrap or unwrap the content encryption key -using an AES key in the KEKRecipientInfo type. -.It Fl secretkeyid Ar id -The key identifier for the supplied symmetric key for KEKRecipientInfo type. -This option must be present if the -.Fl secretkey -option is used with -.Fl encrypt . -With -.Fl decrypt -operations the id is used to locate the relevant key; if it is not supplied -then an attempt is used to decrypt any KEKRecipientInfo structures. -.It Fl signer Ar file -A signing certificate when signing or resigning a message; this option -can be used multiple times if more than one signer is required. -If a message is being verified then the signers certificates will be -written to this file if the verification was successful. -.It Xo -.Fl stream | -.Fl indef | -.Fl noindef -.Xc -The -.Fl stream -and -.Fl indef -options are equivalent and enable streaming I/O for encoding operations. -This permits single pass processing of data without the need to hold the -entire contents in memory, potentially supporting very large files. -Streaming is automatically set for S/MIME signing with detached data if -the output format is -.Cm smime ; -it is currently off by default for all other operations. -.Fl noindef -disable streaming I/O where it would produce an indefinite length -constructed encoding. -This option currently has no effect. -.It Fl text -Add plain text (text/plain) MIME headers to the supplied message if -encrypting or signing. -If decrypting or verifying, it strips off text headers: if the decrypted -or verified message is not of MIME type text/plain then an error occurs. -.It Fl verify_retcode -Set verification error code to exit code to indicate what verification error -has occurred. -Supported by -.Fl verify -operation only. -Exit code value minus 32 shows verification error code. -See -.Nm verify -command for the list of verification error code. -.El -.Pp -The exit codes for -.Nm cms -are as follows: -.Pp -.Bl -tag -width "XXXX" -offset 3n -compact -.It 0 -The operation was completely successful. -.It 1 -An error occurred parsing the command options. -.It 2 -One of the input files could not be read. -.It 3 -An error occurred creating the CMS file or when reading the MIME message. -.It 4 -An error occurred decrypting or verifying the message. -.It 5 -The message was verified correctly but an error occurred writing out the -signer's certificates. -.It 6 -An error occurred writing the output file. -.It 32+ -A verify error occurred while -.Fl verify_retcode -is specified. -.El -.Tg crl -.Sh CRL -.Bl -hang -width "openssl crl" -.It Nm openssl crl -.Bk -words -.Op Fl CAfile Ar file -.Op Fl CApath Ar dir -.Op Fl crlnumber -.Op Fl fingerprint -.Op Fl hash -.Op Fl hash_old -.Op Fl in Ar file -.Op Fl inform Cm der | pem -.Op Fl issuer -.Op Fl lastupdate -.Op Fl nameopt Ar option -.Op Fl nextupdate -.Op Fl noout -.Op Fl out Ar file -.Op Fl outform Cm der | pem -.Op Fl text -.Op Fl verify -.Ek -.El -.Pp -The -.Nm crl -command processes CRL files in DER or PEM format. -.Pp -The options are as follows: -.Bl -tag -width Ds -.It Fl CAfile Ar file -Verify the signature on a CRL by looking up the issuing certificate in -.Ar file . -.It Fl CApath Ar directory -Verify the signature on a CRL by looking up the issuing certificate in -.Ar dir . -This directory must be a standard certificate directory, -i.e. a hash of each subject name (using -.Cm x509 Fl hash ) -should be linked to each certificate. -.It Fl crlnumber -Print the CRL number. -.It Fl fingerprint -Print the CRL fingerprint. -.It Fl hash -Output a hash of the issuer name. -This can be used to look up CRLs in a directory by issuer name. -.It Fl hash_old -Output an old-style (MD5) hash of the issuer name. -.It Fl in Ar file -The input file to read from, or standard input if not specified. -.It Fl inform Cm der | pem -The input format. -.It Fl issuer -Output the issuer name. -.It Fl lastupdate -Output the -.Cm thisUpdate -field. -This option is misnamed for historical reasons. -.It Fl nameopt Ar option -Specify certificate name options. -.It Fl nextupdate -Output the -.Cm nextUpdate -field. -.It Fl noout -Do not output the encoded version of the CRL. -.It Fl out Ar file -The output file to write to, or standard output if not specified. -.It Fl outform Cm der | pem -The output format. -.It Fl text -Print the CRL in plain text. -.It Fl verify -Verify the signature on the CRL. -.El -.Tg crl2pkcs7 -.Sh CRL2PKCS7 -.Bl -hang -width "openssl crl2pkcs7" -.It Nm openssl crl2pkcs7 -.Bk -words -.Op Fl certfile Ar file -.Op Fl in Ar file -.Op Fl inform Cm der | pem -.Op Fl nocrl -.Op Fl out Ar file -.Op Fl outform Cm der | pem -.Ek -.El -.Pp -The -.Nm crl2pkcs7 -command takes an optional CRL and one or more -certificates and converts them into a PKCS#7 degenerate -.Qq certificates only -structure. -.Pp -The options are as follows: -.Bl -tag -width Ds -.It Fl certfile Ar file -Add the certificates in PEM -.Ar file -to the PKCS#7 structure. -This option can be used more than once -to read certificates from multiple files. -.It Fl in Ar file -Read the CRL from -.Ar file , -or standard input if not specified. -.It Fl inform Cm der | pem -The input format. -.It Fl nocrl -Normally, a CRL is included in the output file. -With this option, no CRL is -included in the output file and a CRL is not read from the input file. -.It Fl out Ar file -Write the PKCS#7 structure to -.Ar file , -or standard output if not specified. -.It Fl outform Cm der | pem -The output format. -.El -.Tg dgst -.Sh DGST -.Bl -hang -width "openssl dgst" -.It Nm openssl dgst -.Bk -words -.Op Fl cdr -.Op Fl binary -.Op Fl Ar digest -.Op Fl hex -.Op Fl hmac Ar key -.Op Fl keyform Cm pem -.Op Fl mac Ar algorithm -.Op Fl macopt Ar nm : Ns Ar v -.Op Fl out Ar file -.Op Fl passin Ar arg -.Op Fl prverify Ar file -.Op Fl sign Ar file -.Op Fl signature Ar file -.Op Fl sigopt Ar nm : Ns Ar v -.Op Fl verify Ar file -.Op Ar -.Ek -.El -.Pp -The digest functions output the message digest of a supplied -.Ar file -or -.Ar files -in hexadecimal form. -They can also be used for digital signing and verification. -.Pp -The options are as follows: -.Bl -tag -width Ds -.It Fl binary -Output the digest or signature in binary form. -.It Fl c -Print the digest in two-digit groups separated by colons. -.It Fl d -Print BIO debugging information. -.It Fl Ar digest -Use the specified message -.Ar digest . -The default is SHA256. -The available digests can be displayed using -.Nm openssl -.Cm list-message-digest-commands . -The following are equivalent: -.Nm openssl dgst -.Fl sha256 -and -.Nm openssl -.Cm sha256 . -.It Fl hex -Digest is to be output as a hex dump. -This is the default case for a -.Qq normal -digest as opposed to a digital signature. -.It Fl hmac Ar key -Create a hashed MAC using -.Ar key . -.It Fl keyform Cm pem -Specifies the key format to sign the digest with. -.It Fl mac Ar algorithm -Create a keyed Message Authentication Code (MAC). -The most popular MAC algorithm is HMAC (hash-based MAC), -but there are other MAC algorithms which are not based on hash. -MAC keys and other options should be set via the -.Fl macopt -parameter. -.It Fl macopt Ar nm : Ns Ar v -Passes options to the MAC algorithm, specified by -.Fl mac . -The following options are supported by HMAC: -.Bl -tag -width Ds -.It Cm key : Ns Ar string -Specifies the MAC key as an alphanumeric string -(use if the key contain printable characters only). -String length must conform to any restrictions of the MAC algorithm. -.It Cm hexkey : Ns Ar string -Specifies the MAC key in hexadecimal form (two hex digits per byte). -Key length must conform to any restrictions of the MAC algorithm. -.El -.It Fl out Ar file -The output file to write to, -or standard output if not specified. -.It Fl passin Ar arg -The key password source. -.It Fl prverify Ar file -Verify the signature using the private key in -.Ar file . -The output is either -.Qq Verification OK -or -.Qq Verification Failure . -.It Fl r -Print the digest in coreutils format. -.It Fl sign Ar file -Digitally sign the digest using the private key in -.Ar file . -.It Fl signature Ar file -The actual signature to verify. -.It Fl sigopt Ar nm : Ns Ar v -Pass options to the signature algorithm during sign or verify operations. -The names and values of these options are algorithm-specific. -.It Fl verify Ar file -Verify the signature using the public key in -.Ar file . -The output is either -.Qq Verification OK -or -.Qq Verification Failure . -.It Ar -File or files to digest. -If no files are specified then standard input is used. -.El -.Tg dhparam -.Sh DHPARAM -.Bl -hang -width "openssl dhparam" -.It Nm openssl dhparam -.Bk -words -.Op Fl 2 | 5 -.Op Fl C -.Op Fl check -.Op Fl dsaparam -.Op Fl in Ar file -.Op Fl inform Cm der | pem -.Op Fl noout -.Op Fl out Ar file -.Op Fl outform Cm der | pem -.Op Fl text -.Op Ar numbits -.Ek -.El -.Pp -The -.Nm dhparam -command is used to manipulate DH parameter files. -Only the older PKCS#3 DH is supported, -not the newer X9.42 DH. -.Pp -The options are as follows: -.Bl -tag -width Ds -.It Fl 2 , 5 -The generator to use; -2 is the default. -If present, the input file is ignored and parameters are generated instead. -.It Fl C -Convert the parameters into C code. -The parameters can then be loaded by calling the -.No get_dh Ns Ar numbits -function. -.It Fl check -Check the DH parameters. -.It Fl dsaparam -Read or create DSA parameters, -converted to DH format on output. -Otherwise, -.Qq strong -primes -.Pq such that (p-1)/2 is also prime -will be used for DH parameter generation. -.Pp -DH parameter generation with the -.Fl dsaparam -option is much faster, -and the recommended exponent length is shorter, -which makes DH key exchange more efficient. -Beware that with such DSA-style DH parameters, -a fresh DH key should be created for each use to -avoid small-subgroup attacks that may be possible otherwise. -.It Fl in Ar file -The input file to read from, -or standard input if not specified. -.It Fl inform Cm der | pem -The input format. -.It Fl noout -Do not output the encoded version of the parameters. -.It Fl out Ar file -The output file to write to, -or standard output if not specified. -.It Fl outform Cm der | pem -The output format. -.It Fl text -Print the DH parameters in plain text. -.It Ar numbits -Generate a parameter set of size -.Ar numbits . -It must be the last option. -If not present, a value of 2048 is used. -If this value is present, the input file is ignored and -parameters are generated instead. -.El -.Tg dsa -.Sh DSA -.Bl -hang -width "openssl dsa" -.It Nm openssl dsa -.Bk -words -.Oo -.Fl aes128 | aes192 | aes256 | -.Fl des | des3 -.Oc -.Op Fl in Ar file -.Op Fl inform Cm der | pem | pvk -.Op Fl modulus -.Op Fl noout -.Op Fl out Ar file -.Op Fl outform Cm der | pem | pvk -.Op Fl passin Ar arg -.Op Fl passout Ar arg -.Op Fl pubin -.Op Fl pubout -.Op Fl pvk-none | pvk-strong | pvk-weak -.Op Fl text -.Ek -.El -.Pp -The -.Nm dsa -command processes DSA keys. -They can be converted between various forms and their components printed out. -.Pp -.Sy Note : -This command uses the traditional -.Nm SSLeay -compatible format for private key encryption: -newer applications should use the more secure PKCS#8 format using the -.Nm pkcs8 -command. -.Pp -The options are as follows: -.Bl -tag -width Ds -.It Xo -.Fl aes128 | aes192 | aes256 | -.Fl des | des3 -.Xc -Encrypt the private key with the AES, DES, or the triple DES -ciphers, respectively, before outputting it. -A pass phrase is prompted for. -If none of these options are specified, the key is written in plain text. -This means that using the -.Nm dsa -utility to read an encrypted key with no encryption option can be used to -remove the pass phrase from a key, -or by setting the encryption options it can be used to add or change -the pass phrase. -These options can only be used with PEM format output files. -.It Fl in Ar file -The input file to read from, -or standard input if not specified. -If the key is encrypted, a pass phrase will be prompted for. -.It Fl inform Cm der | pem | pvk -The input format. -.It Fl modulus -Print the value of the public key component of the key. -.It Fl noout -Do not output the encoded version of the key. -.It Fl out Ar file -The output file to write to, -or standard output if not specified. -If any encryption options are set then a pass phrase will be -prompted for. -.It Fl outform Cm der | pem | pvk -The output format. -.It Fl passin Ar arg -The key password source. -.It Fl passout Ar arg -The output file password source. -.It Fl pubin -Read in a public key, not a private key. -.It Fl pubout -Output a public key, not a private key. -Automatically set if the input is a public key. -.It Xo -.Fl pvk-none | pvk-strong | pvk-weak -.Xc -Enable or disable PVK encoding. -The default is -.Fl pvk-strong . -.It Fl text -Print the public/private key in plain text. -.El -.Tg dsaparam -.Sh DSAPARAM -.Bl -hang -width "openssl dsaparam" -.It Nm openssl dsaparam -.Bk -words -.Op Fl C -.Op Fl genkey -.Op Fl in Ar file -.Op Fl inform Cm der | pem -.Op Fl noout -.Op Fl out Ar file -.Op Fl outform Cm der | pem -.Op Fl text -.Op Ar numbits -.Ek -.El -.Pp -The -.Nm dsaparam -command is used to manipulate or generate DSA parameter files. -.Pp -The options are as follows: -.Bl -tag -width Ds -.It Fl C -Convert the parameters into C code. -The parameters can then be loaded by calling the -.No get_dsa Ns Ar XXX -function. -.It Fl genkey -Generate a DSA key either using the specified or generated -parameters. -.It Fl in Ar file -The input file to read from, -or standard input if not specified. -If the -.Ar numbits -parameter is included, then this option is ignored. -.It Fl inform Cm der | pem -The input format. -.It Fl noout -Do not output the encoded version of the parameters. -.It Fl out Ar file -The output file to write to, -or standard output if not specified. -.It Fl outform Cm der | pem -The output format. -.It Fl text -Print the DSA parameters in plain text. -.It Ar numbits -Generate a parameter set of size -.Ar numbits . -If this option is included, the input file is ignored. -.El -.Tg ec -.Sh EC -.Bl -hang -width "openssl ec" -.It Nm openssl ec -.Bk -words -.Op Fl conv_form Ar arg -.Op Fl des -.Op Fl des3 -.Op Fl in Ar file -.Op Fl inform Cm der | pem -.Op Fl noout -.Op Fl out Ar file -.Op Fl outform Cm der | pem -.Op Fl param_enc Ar arg -.Op Fl param_out -.Op Fl passin Ar arg -.Op Fl passout Ar arg -.Op Fl pubin -.Op Fl pubout -.Op Fl text -.Ek -.El -.Pp -The -.Nm ec -command processes EC keys. -They can be converted between various -forms and their components printed out. -.Nm openssl -uses the private key format specified in -.Dq SEC 1: Elliptic Curve Cryptography -.Pq Lk https://www.secg.org/ . -To convert an -EC private key into the PKCS#8 private key format use the -.Nm pkcs8 -command. -.Pp -The options are as follows: -.Bl -tag -width Ds -.It Fl conv_form Ar arg -Specify how the points on the elliptic curve are converted -into octet strings. -Possible values are: -.Cm compressed , -.Cm uncompressed -(the default), -and -.Cm hybrid . -For more information regarding -the point conversion forms see the X9.62 standard. -Note: -Due to patent issues the -.Cm compressed -option is disabled by default for binary curves -and can be enabled by defining the preprocessor macro -.Dv OPENSSL_EC_BIN_PT_COMP -at compile time. -.It Fl des | des3 -Encrypt the private key with DES, triple DES, or -any other cipher supported by -.Nm openssl . -A pass phrase is prompted for. -If none of these options are specified, the key is written in plain text. -This means that using the -.Nm ec -utility to read in an encrypted key with no -encryption option can be used to remove the pass phrase from a key, -or by setting the encryption options -it can be used to add or change the pass phrase. -These options can only be used with PEM format output files. -.It Fl in Ar file -The input file to read a key from, -or standard input if not specified. -If the key is encrypted, a pass phrase will be prompted for. -.It Fl inform Cm der | pem -The input format. -.It Fl noout -Do not output the encoded version of the key. -.It Fl out Ar file -The output filename to write to, -or standard output if not specified. -If any encryption options are set then a pass phrase will be prompted for. -.It Fl outform Cm der | pem -The output format. -.It Fl param_enc Ar arg -Specify how the elliptic curve parameters are encoded. -Possible value are: -.Cm named_curve , -i.e. the EC parameters are specified by an OID; or -.Cm explicit , -where the EC parameters are explicitly given -(see RFC 3279 for the definition of the EC parameter structures). -The default value is -.Cm named_curve . -Note: the -.Cm implicitlyCA -alternative, -as specified in RFC 3279, -is currently not implemented. -.It Fl param_out -Print the elliptic curve parameters. -.It Fl passin Ar arg -The key password source. -.It Fl passout Ar arg -The output file password source. -.It Fl pubin -Read in a public key, not a private key. -.It Fl pubout -Output a public key, not a private key. -Automatically set if the input is a public key. -.It Fl text -Print the public/private key in plain text. -.El -.Tg ecparam -.Sh ECPARAM -.Bl -hang -width "openssl ecparam" -.It Nm openssl ecparam -.Bk -words -.Op Fl C -.Op Fl check -.Op Fl conv_form Ar arg -.Op Fl genkey -.Op Fl in Ar file -.Op Fl inform Cm der | pem -.Op Fl list_curves -.Op Fl name Ar arg -.Op Fl no_seed -.Op Fl noout -.Op Fl out Ar file -.Op Fl outform Cm der | pem -.Op Fl param_enc Ar arg -.Op Fl text -.Ek -.El -.Pp -The -.Nm ecparam -command is used to manipulate or generate EC parameter files. -.Nm openssl -is not able to generate new groups so -.Nm ecparam -can only create EC parameters from known (named) curves. -.Pp -The options are as follows: -.Bl -tag -width Ds -.It Fl C -Convert the EC parameters into C code. -The parameters can then be loaded by calling the -.No get_ec_group_ Ns Ar XXX -function. -.It Fl check -Validate the elliptic curve parameters. -.It Fl conv_form Ar arg -Specify how the points on the elliptic curve are converted -into octet strings. -Possible values are: -.Cm compressed , -.Cm uncompressed -(the default), -and -.Cm hybrid . -For more information regarding -the point conversion forms see the X9.62 standard. -Note: -Due to patent issues the -.Cm compressed -option is disabled by default for binary curves -and can be enabled by defining the preprocessor macro -.Dv OPENSSL_EC_BIN_PT_COMP -at compile time. -.It Fl genkey -Generate an EC private key using the specified parameters. -.It Fl in Ar file -The input file to read from, -or standard input if not specified. -.It Fl inform Cm der | pem -The input format. -.It Fl list_curves -Print a list of all -currently implemented EC parameter names and exit. -.It Fl name Ar arg -Use the EC parameters with the specified "short" name. -.It Fl no_seed -Do not include the seed for the parameter generation -in the ECParameters structure (see RFC 3279). -.It Fl noout -Do not output the encoded version of the parameters. -.It Fl out Ar file -The output file to write to, -or standard output if not specified. -.It Fl outform Cm der | pem -The output format. -.It Fl param_enc Ar arg -Specify how the elliptic curve parameters are encoded. -Possible value are: -.Cm named_curve , -i.e. the EC parameters are specified by an OID, or -.Cm explicit , -where the EC parameters are explicitly given -(see RFC 3279 for the definition of the EC parameter structures). -The default value is -.Cm named_curve . -Note: the -.Cm implicitlyCA -alternative, as specified in RFC 3279, -is currently not implemented. -.It Fl text -Print the EC parameters in plain text. -.El -.Tg enc -.Sh ENC -.Bl -hang -width "openssl enc" -.It Nm openssl enc -.Bk -words -.Fl ciphername -.Op Fl AadePpv -.Op Fl base64 -.Op Fl bufsize Ar number -.Op Fl debug -.Op Fl in Ar file -.Op Fl iter Ar iterations -.Op Fl iv Ar IV -.Op Fl K Ar key -.Op Fl k Ar password -.Op Fl kfile Ar file -.Op Fl md Ar digest -.Op Fl none -.Op Fl nopad -.Op Fl nosalt -.Op Fl out Ar file -.Op Fl pass Ar arg -.Op Fl pbkdf2 -.Op Fl S Ar salt -.Op Fl salt -.Ek -.El -.Pp -The symmetric cipher commands allow data to be encrypted or decrypted -using various block and stream ciphers using keys based on passwords -or explicitly provided. -Base64 encoding or decoding can also be performed either by itself -or in addition to the encryption or decryption. -The program can be called either as -.Nm openssl Ar ciphername -or -.Nm openssl enc - Ns Ar ciphername . -.Pp -Some of the ciphers do not have large keys and others have security -implications if not used correctly. -All the block ciphers normally use PKCS#5 padding, -also known as standard block padding. -If padding is disabled, the input data must be a multiple of the cipher -block length. -.Pp -The options are as follows: -.Bl -tag -width Ds -.It Fl A -If the -.Fl a -option is set, then base64 process the data on one line. -.It Fl a , base64 -Base64 process the data. -This means that if encryption is taking place, the data is base64-encoded -after encryption. -If decryption is set, the input data is base64-decoded before -being decrypted. -.It Fl bufsize Ar number -Set the buffer size for I/O. -.It Fl d -Decrypt the input data. -.It Fl debug -Debug the BIOs used for I/O. -.It Fl e -Encrypt the input data. -This is the default. -.It Fl in Ar file -The input file to read from, -or standard input if not specified. -.It Fl iter Ar iterations -Use the pbkdf2 key derivation function, with -.Ar iterations -as the number of iterations. -.It Fl iv Ar IV -The actual -.Ar IV -.Pq initialisation vector -to use: -this must be represented as a string comprised only of hex digits. -When only the -.Ar key -is specified using the -.Fl K -option, -the IV must explicitly be defined. -When a password is being specified using one of the other options, -the IV is generated from this password. -.It Fl K Ar key -The actual -.Ar key -to use: -this must be represented as a string comprised only of hex digits. -If only the key is specified, -the IV must also be specified using the -.Fl iv -option. -When both a -.Ar key -and a -.Ar password -are specified, the -.Ar key -given with the -.Fl K -option will be used and the IV generated from the password will be taken. -It probably does not make much sense to specify both -.Ar key -and -.Ar password . -.It Fl k Ar password -The -.Ar password -to derive the key from. -Superseded by the -.Fl pass -option. -.It Fl kfile Ar file -Read the password to derive the key from the first line of -.Ar file . -Superseded by the -.Fl pass -option. -.It Fl md Ar digest -Use -.Ar digest -to create a key from a pass phrase. -Currently, the default value is -.Cm sha256 . -.It Fl none -Use NULL cipher (no encryption or decryption of input). -.It Fl nopad -Disable standard block padding. -.It Fl nosalt -Don't use a salt in the key derivation routines. -This option should never be used -since it makes it possible to perform efficient dictionary -attacks on the password and to attack stream cipher encrypted data. -.It Fl out Ar file -The output file to write to, -or standard output if not specified. -.It Fl P -Print out the salt, key, and IV used, then immediately exit; -don't do any encryption or decryption. -.It Fl p -Print out the salt, key, and IV used. -.It Fl pass Ar arg -The password source. -.It Fl pbkdf2 -Use the pbkdf2 key derivation function, with -the default of 10000 iterations. -.It Fl S Ar salt -The actual -.Ar salt -to use: -this must be represented as a string comprised only of hex digits. -.It Fl salt -Use a salt in the key derivation routines (the default). -When the salt is being used, -the first eight bytes of the encrypted data are reserved for the salt: -it is randomly generated when encrypting a file and read from the -encrypted file when it is decrypted. -.It Fl v -Print extra details about the processing. -.El -.Tg errstr -.Sh ERRSTR -.Nm openssl errstr -.Ar errno ... -.Pp -The -.Nm errstr -command performs error number to error string conversion, -generating a human-readable string representing the error code -.Ar errno . -The string is obtained through the -.Xr ERR_error_string_n 3 -function and has the following format: -.Pp -.Dl error:[error code]:[library name]:[function name]:[reason string] -.Pp -.Bq error code -is an 8-digit hexadecimal number. -The remaining fields -.Bq library name , -.Bq function name , -and -.Bq reason string -are all ASCII text. -.Tg gendsa -.Sh GENDSA -.Bl -hang -width "openssl gendsa" -.It Nm openssl gendsa -.Bk -words -.Oo -.Fl aes128 | aes192 | aes256 | camellia128 | -.Fl camellia192 | camellia256 | des | des3 | idea -.Oc -.Op Fl out Ar file -.Op Fl passout Ar arg -.Ar paramfile -.Ek -.El -.Pp -The -.Nm gendsa -command generates a DSA private key from a DSA parameter file -(typically generated by the -.Nm openssl dsaparam -command). -DSA key generation is little more than random number generation so it is -much quicker than, -for example, -RSA key generation. -.Pp -The options are as follows: -.Bl -tag -width Ds -.It Xo -.Fl aes128 | aes192 | aes256 | -.Fl camellia128 | camellia192 | camellia256 | -.Fl des | des3 | -.Fl idea -.Xc -Encrypt the private key with the AES, CAMELLIA, DES, triple DES -or the IDEA ciphers, respectively, before outputting it. -A pass phrase is prompted for. -If none of these options are specified, no encryption is used. -.It Fl out Ar file -The output file to write to, -or standard output if not specified. -.It Fl passout Ar arg -The output file password source. -.It Ar paramfile -Specify the DSA parameter file to use. -The parameters in this file determine the size of the private key. -.El -.Tg genpkey -.Sh GENPKEY -.Bl -hang -width "openssl genpkey" -.It Nm openssl genpkey -.Bk -words -.Op Fl algorithm Ar alg -.Op Ar cipher -.Op Fl genparam -.Op Fl out Ar file -.Op Fl outform Cm der | pem -.Op Fl paramfile Ar file -.Op Fl pass Ar arg -.Op Fl pkeyopt Ar opt : Ns Ar value -.Op Fl text -.Ek -.El -.Pp -The -.Nm genpkey -command generates private keys. -The use of this -program is encouraged over the algorithm specific utilities -because additional algorithm options can be used. -.Pp -The options are as follows: -.Bl -tag -width Ds -.It Fl algorithm Ar alg -The public key algorithm to use, -such as RSA, DSA, or DH. -This option must precede any -.Fl pkeyopt -options. -The options -.Fl paramfile -and -.Fl algorithm -are mutually exclusive. -.It Ar cipher -Encrypt the private key with the supplied cipher. -Any algorithm name accepted by -.Xr EVP_get_cipherbyname 3 -is acceptable. -.It Fl genparam -Generate a set of parameters instead of a private key. -This option must precede any -.Fl algorithm , -.Fl paramfile , -or -.Fl pkeyopt -options. -.It Fl out Ar file -The output file to write to, -or standard output if not specified. -.It Fl outform Cm der | pem -The output format. -.It Fl paramfile Ar file -Some public key algorithms generate a private key based on a set of parameters, -which can be supplied using this option. -If this option is used, the public key -algorithm used is determined by the parameters. -This option must precede any -.Fl pkeyopt -options. -The options -.Fl paramfile -and -.Fl algorithm -are mutually exclusive. -.It Fl pass Ar arg -The output file password source. -.It Fl pkeyopt Ar opt : Ns Ar value -Set the public key algorithm option -.Ar opt -to -.Ar value , -as follows: -.Bl -tag -width Ds -offset indent -.It rsa_keygen_bits : Ns Ar numbits -(RSA) -The number of bits in the generated key. -The default is 2048. -.It rsa_keygen_pubexp : Ns Ar value -(RSA) -The RSA public exponent value. -This can be a large decimal or hexadecimal value if preceded by 0x. -The default is 65537. -.It dsa_paramgen_bits : Ns Ar numbits -(DSA) -The number of bits in the generated parameters. -The default is 1024. -.It dh_paramgen_prime_len : Ns Ar numbits -(DH) -The number of bits in the prime parameter -.Ar p . -.It dh_paramgen_generator : Ns Ar value -(DH) -The value to use for the generator -.Ar g . -.It ec_paramgen_curve : Ns Ar curve -(EC) -The elliptic curve to use. -.El -.It Fl text -Print the private/public key in plain text. -.El -.Tg genrsa -.Sh GENRSA -.Bl -hang -width "openssl genrsa" -.It Nm openssl genrsa -.Bk -words -.Op Fl 3 | f4 -.Oo -.Fl aes128 | aes192 | aes256 | camellia128 | -.Fl camellia192 | camellia256 | des | des3 | idea -.Oc -.Op Fl out Ar file -.Op Fl passout Ar arg -.Op Ar numbits -.Ek -.El -.Pp -The -.Nm genrsa -command generates an RSA private key, -which essentially involves the generation of two prime numbers. -When generating the key, -various symbols will be output to indicate the progress of the generation. -A -.Sq \&. -represents each number which has passed an initial sieve test; -.Sq + -means a number has passed a single round of the Miller-Rabin primality test; -.Sq * -means the number has failed primality testing -and needs to be generated afresh. -A newline means that the number has passed all the prime tests -(the actual number depends on the key size). -.Pp -The options are as follows: -.Bl -tag -width Ds -.It Fl 3 | f4 -The public exponent to use, either 3 or 65537. -The default is 65537. -.It Xo -.Fl aes128 | aes192 | aes256 | -.Fl camellia128 | camellia192 | camellia256 | -.Fl des | des3 | -.Fl idea -.Xc -Encrypt the private key with the AES, CAMELLIA, DES, triple DES -or the IDEA ciphers, respectively, before outputting it. -If none of these options are specified, no encryption is used. -If encryption is used, a pass phrase is prompted for, -if it is not supplied via the -.Fl passout -option. -.It Fl out Ar file -The output file to write to, -or standard output if not specified. -.It Fl passout Ar arg -The output file password source. -.It Ar numbits -The size of the private key to generate in bits. -This must be the last option specified. -The default is 2048. -.El -.Tg ocsp -.Sh OCSP -.Bl -hang -width "openssl ocsp" -.It Nm openssl ocsp -.Bk -words -.Op Fl CA Ar file -.Op Fl CAfile Ar file -.Op Fl CApath Ar directory -.Op Fl cert Ar file -.Op Fl dgst Ar alg -.Op Fl header Ar name value -.Op Fl host Ar hostname : Ns Ar port -.Op Fl ignore_err -.Op Fl index Ar indexfile -.Op Fl issuer Ar file -.Op Fl ndays Ar days -.Op Fl nmin Ar minutes -.Op Fl no_cert_checks -.Op Fl no_cert_verify -.Op Fl no_certs -.Op Fl no_chain -.Op Fl no_explicit -.Op Fl no_intern -.Op Fl no_nonce -.Op Fl no_signature_verify -.Op Fl nonce -.Op Fl noverify -.Op Fl nrequest Ar number -.Op Fl out Ar file -.Op Fl path Ar path -.Op Fl port Ar portnum -.Op Fl req_text -.Op Fl reqin Ar file -.Op Fl reqout Ar file -.Op Fl resp_key_id -.Op Fl resp_no_certs -.Op Fl resp_text -.Op Fl respin Ar file -.Op Fl respout Ar file -.Op Fl rkey Ar file -.Op Fl rother Ar file -.Op Fl rsigner Ar file -.Op Fl serial Ar num -.Op Fl sign_other Ar file -.Op Fl signer Ar file -.Op Fl signkey Ar file -.Op Fl status_age Ar age -.Op Fl text -.Op Fl timeout Ar seconds -.Op Fl trust_other -.Op Fl url Ar responder_url -.Op Fl VAfile Ar file -.Op Fl validity_period Ar nsec -.Op Fl verify_other Ar file -.Ek -.El -.Pp -The Online Certificate Status Protocol (OCSP) -enables applications to determine the (revocation) state -of an identified certificate (RFC 2560). -.Pp -The -.Nm ocsp -command performs many common OCSP tasks. -It can be used to print out requests and responses, -create requests and send queries to an OCSP responder, -and behave like a mini OCSP server itself. -.Pp -The options are as follows: -.Bl -tag -width Ds -.It Fl CAfile Ar file , Fl CApath Ar directory -A file or path containing trusted CA certificates, -used to verify the signature on the OCSP response. -.It Fl cert Ar file -Add the certificate -.Ar file -to the request. -The issuer certificate is taken from the previous -.Fl issuer -option, or an error occurs if no issuer certificate is specified. -.It Fl dgst Ar alg -Use the digest algorithm -.Ar alg -for certificate identification in the OCSP request. -By default SHA1 is used. -.It Xo -.Fl host Ar hostname : Ns Ar port , -.Fl path Ar path -.Xc -Send -the OCSP request to -.Ar hostname -on -.Ar port . -.Fl path -specifies the HTTP path name to use, or -.Pa / -by default. -.It Fl header Ar name value -Add the header name with the specified value to the OCSP request that is sent -to the responder. -This may be repeated. -.It Fl issuer Ar file -The current issuer certificate, in PEM format. -Can be used multiple times and must come before any -.Fl cert -options. -.It Fl no_cert_checks -Don't perform any additional checks on the OCSP response signer's certificate. -That is, do not make any checks to see if the signer's certificate is -authorised to provide the necessary status information: -as a result this option should only be used for testing purposes. -.It Fl no_cert_verify -Don't verify the OCSP response signer's certificate at all. -Since this option allows the OCSP response to be signed by any certificate, -it should only be used for testing purposes. -.It Fl no_certs -Don't include any certificates in the signed request. -.It Fl no_chain -Do not use certificates in the response as additional untrusted CA -certificates. -.It Fl no_explicit -Don't check the explicit trust for OCSP signing in the root CA certificate. -.It Fl no_intern -Ignore certificates contained in the OCSP response -when searching for the signer's certificate. -The signer's certificate must be specified with either the -.Fl verify_other -or -.Fl VAfile -options. -.It Fl no_signature_verify -Don't check the signature on the OCSP response. -Since this option tolerates invalid signatures on OCSP responses, -it will normally only be used for testing purposes. -.It Fl nonce , no_nonce -Add an OCSP nonce extension to a request, -or disable an OCSP nonce addition. -Normally, if an OCSP request is input using the -.Fl respin -option no nonce is added: -using the -.Fl nonce -option will force the addition of a nonce. -If an OCSP request is being created (using the -.Fl cert -and -.Fl serial -options), -a nonce is automatically added; specifying -.Fl no_nonce -overrides this. -.It Fl noverify -Don't attempt to verify the OCSP response signature or the nonce values. -This is normally only be used for debugging -since it disables all verification of the responder's certificate. -.It Fl out Ar file -Specify the output file to write to, -or standard output if not specified. -.It Fl req_text , resp_text , text -Print out the text form of the OCSP request, response, or both, respectively. -.It Fl reqin Ar file , Fl respin Ar file -Read an OCSP request or response file from -.Ar file . -These options are ignored -if an OCSP request or response creation is implied by other options -(for example with the -.Fl serial , cert , -and -.Fl host -options). -.It Fl reqout Ar file , Fl respout Ar file -Write out the DER-encoded certificate request or response to -.Ar file . -.It Fl serial Ar num -Same as the -.Fl cert -option except the certificate with serial number -.Ar num -is added to the request. -The serial number is interpreted as a decimal integer unless preceded by -.Sq 0x . -Negative integers can also be specified -by preceding the value with a minus sign. -.It Fl sign_other Ar file -Additional certificates to include in the signed request. -.It Fl signer Ar file , Fl signkey Ar file -Sign the OCSP request using the certificate specified in the -.Fl signer -option and the private key specified by the -.Fl signkey -option. -If the -.Fl signkey -option is not present, then the private key is read from the same file -as the certificate. -If neither option is specified, the OCSP request is not signed. -.It Fl timeout Ar seconds -Connection timeout to the OCSP responder in seconds. -.It Fl trust_other -The certificates specified by the -.Fl verify_other -option should be explicitly trusted and no additional checks will be -performed on them. -This is useful when the complete responder certificate chain is not available -or trusting a root CA is not appropriate. -.It Fl url Ar responder_url -Specify the responder URL. -Both HTTP and HTTPS -.Pq SSL/TLS -URLs can be specified. -.It Fl VAfile Ar file -A file containing explicitly trusted responder certificates. -Equivalent to the -.Fl verify_other -and -.Fl trust_other -options. -.It Fl validity_period Ar nsec , Fl status_age Ar age -The range of times, in seconds, which will be tolerated in an OCSP response. -Each certificate status response includes a notBefore time -and an optional notAfter time. -The current time should fall between these two values, -but the interval between the two times may be only a few seconds. -In practice the OCSP responder and clients' clocks may not be precisely -synchronised and so such a check may fail. -To avoid this the -.Fl validity_period -option can be used to specify an acceptable error range in seconds, -the default value being 5 minutes. -.Pp -If the notAfter time is omitted from a response, -it means that new status information is immediately available. -In this case the age of the notBefore field is checked -to see it is not older than -.Ar age -seconds old. -By default, this additional check is not performed. -.It Fl verify_other Ar file -A file containing additional certificates to search -when attempting to locate the OCSP response signing certificate. -Some responders omit the actual signer's certificate from the response, -so this can be used to supply the necessary certificate. -.El -.Pp -The options for the OCSP server are as follows: -.Bl -tag -width "XXXX" -.It Fl CA Ar file -CA certificate corresponding to the revocation information in -.Ar indexfile . -.It Fl ignore_err -Ignore the invalid response. -.It Fl index Ar indexfile -.Ar indexfile -is a text index file in ca format -containing certificate revocation information. -.Pp -If this option is specified, -.Nm ocsp -is in responder mode, otherwise it is in client mode. -The requests the responder processes can be either specified on -the command line (using the -.Fl issuer -and -.Fl serial -options), supplied in a file (using the -.Fl respin -option), or via external OCSP clients (if -.Ar port -or -.Ar url -is specified). -.Pp -If this option is present, then the -.Fl CA -and -.Fl rsigner -options must also be present. -.It Fl nmin Ar minutes , Fl ndays Ar days -Number of -.Ar minutes -or -.Ar days -when fresh revocation information is available: -used in the nextUpdate field. -If neither option is present, -the nextUpdate field is omitted, -meaning fresh revocation information is immediately available. -.It Fl nrequest Ar number -Exit after receiving -.Ar number -requests (the default is unlimited). -.It Fl port Ar portnum -Port to listen for OCSP requests on. -May also be specified using the -.Fl url -option. -.It Fl resp_key_id -Identify the signer certificate using the key ID; -the default is to use the subject name. -.It Fl resp_no_certs -Don't include any certificates in the OCSP response. -.It Fl rkey Ar file -The private key to sign OCSP responses with; -if not present, the file specified in the -.Fl rsigner -option is used. -.It Fl rother Ar file -Additional certificates to include in the OCSP response. -.It Fl rsigner Ar file -The certificate to sign OCSP responses with. -.El -.Pp -Initially the OCSP responder certificate is located and the signature on -the OCSP request checked using the responder certificate's public key. -Then a normal certificate verify is performed on the OCSP responder certificate -building up a certificate chain in the process. -The locations of the trusted certificates used to build the chain can be -specified by the -.Fl CAfile -and -.Fl CApath -options or they will be looked for in the standard -.Nm openssl -certificates directory. -.Pp -If the initial verify fails, the OCSP verify process halts with an error. -Otherwise the issuing CA certificate in the request is compared to the OCSP -responder certificate: if there is a match then the OCSP verify succeeds. -.Pp -Otherwise the OCSP responder certificate's CA is checked against the issuing -CA certificate in the request. -If there is a match and the OCSPSigning extended key usage is present -in the OCSP responder certificate, then the OCSP verify succeeds. -.Pp -Otherwise the root CA of the OCSP responder's CA is checked to see if it -is trusted for OCSP signing. -If it is, the OCSP verify succeeds. -.Pp -If none of these checks is successful, the OCSP verify fails. -What this effectively means is that if the OCSP responder certificate is -authorised directly by the CA it is issuing revocation information about -(and it is correctly configured), -then verification will succeed. -.Pp -If the OCSP responder is a global responder, -which can give details about multiple CAs -and has its own separate certificate chain, -then its root CA can be trusted for OCSP signing. -Alternatively, the responder certificate itself can be explicitly trusted -with the -.Fl VAfile -option. -.Tg passwd -.Sh PASSWD -.Bl -hang -width "openssl passwd" -.It Nm openssl passwd -.Bk -words -.Op Fl 1 | apr1 | crypt -.Op Fl in Ar file -.Op Fl noverify -.Op Fl quiet -.Op Fl reverse -.Op Fl salt Ar string -.Op Fl stdin -.Op Fl table -.Op Ar password -.Ek -.El -.Pp -The -.Nm passwd -command computes the hash of a password. -.Pp -The options are as follows: -.Bl -tag -width Ds -.It Fl 1 -Use the MD5 based -.Bx -password algorithm -.Qq 1 . -.It Fl apr1 -Use the -.Qq apr1 -algorithm -.Po -Apache variant of the -.Bx -algorithm -.Pc . -.It Fl crypt -Use the -.Qq crypt -algorithm (the default). -.It Fl in Ar file -Read passwords from -.Ar file . -.It Fl noverify -Don't verify when reading a password from the terminal. -.It Fl quiet -Don't output warnings when passwords given on the command line are truncated. -.It Fl reverse -Switch table columns. -This only makes sense in conjunction with the -.Fl table -option. -.It Fl salt Ar string -Use the salt specified by -.Ar string . -When reading a password from the terminal, this implies -.Fl noverify . -.It Fl stdin -Read passwords from standard input. -.It Fl table -In the output list, prepend the cleartext password and a TAB character -to each password hash. -.El -.Tg pkcs7 -.Sh PKCS7 -.Bl -hang -width "openssl pkcs7" -.It Nm openssl pkcs7 -.Bk -words -.Op Fl in Ar file -.Op Fl inform Cm der | pem -.Op Fl noout -.Op Fl out Ar file -.Op Fl outform Cm der | pem -.Op Fl print -.Op Fl print_certs -.Op Fl text -.Ek -.El -.Pp -The -.Nm pkcs7 -command processes PKCS#7 files in DER or PEM format. -The PKCS#7 routines only understand PKCS#7 v 1.5 as specified in RFC 2315. -.Pp -The options are as follows: -.Bl -tag -width Ds -.It Fl in Ar file -The input file to read from, -or standard input if not specified. -.It Fl inform Cm der | pem -The input format. -.It Fl noout -Don't output the encoded version of the PKCS#7 structure -(or certificates if -.Fl print_certs -is set). -.It Fl out Ar file -The output to write to, -or standard output if not specified. -.It Fl outform Cm der | pem -The output format. -.It Fl print -Print the ASN.1 representation of PKCS#7 structure. -.It Fl print_certs -Print any certificates or CRLs contained in the file, -preceded by their subject and issuer names in a one-line format. -.It Fl text -Print certificate details in full rather than just subject and issuer names. -.El -.Tg pkcs8 -.Sh PKCS8 -.Bl -hang -width "openssl pkcs8" -.It Nm openssl pkcs8 -.Bk -words -.Op Fl in Ar file -.Op Fl inform Cm der | pem -.Op Fl nocrypt -.Op Fl noiter -.Op Fl out Ar file -.Op Fl outform Cm der | pem -.Op Fl passin Ar arg -.Op Fl passout Ar arg -.Op Fl topk8 -.Op Fl v1 Ar alg -.Op Fl v2 Ar alg -.Ek -.El -.Pp -The -.Nm pkcs8 -command processes private keys -(both encrypted and unencrypted) -in PKCS#8 format -with a variety of PKCS#5 (v1.5 and v2.0) and PKCS#12 algorithms. -The default encryption is only 56 bits; -keys encrypted using PKCS#5 v2.0 algorithms and high iteration counts -are more secure. -.Pp -The options are as follows: -.Bl -tag -width Ds -.It Fl in Ar file -The input file to read from, -or standard input if not specified. -If the key is encrypted, a pass phrase will be prompted for. -.It Fl inform Cm der | pem -The input format. -.It Fl nocrypt -Generate an unencrypted PrivateKeyInfo structure. -This option does not encrypt private keys at all -and should only be used when absolutely necessary. -.It Fl noiter -Use an iteration count of 1. -See the -.Sx PKCS12 -section below for a detailed explanation of this option. -.It Fl out Ar file -The output file to write to, -or standard output if none is specified. -If any encryption options are set, a pass phrase will be prompted for. -.It Fl outform Cm der | pem -The output format. -.It Fl passin Ar arg -The key password source. -.It Fl passout Ar arg -The output file password source. -.It Fl topk8 -Read a traditional format private key and write a PKCS#8 format key. -.It Fl v1 Ar alg -Specify a PKCS#5 v1.5 or PKCS#12 algorithm to use. -.Pp -.Bl -tag -width "XXXX" -compact -.It PBE-MD5-DES -56-bit DES. -.It PBE-SHA1-RC2-64 | PBE-MD5-RC2-64 | PBE-SHA1-DES -64-bit RC2 or 56-bit DES. -.It PBE-SHA1-RC4-128 | PBE-SHA1-RC4-40 | PBE-SHA1-3DES -.It PBE-SHA1-2DES | PBE-SHA1-RC2-128 | PBE-SHA1-RC2-40 -PKCS#12 password-based encryption algorithm, -which allow strong encryption algorithms like triple DES or 128-bit RC2. -.El -.It Fl v2 Ar alg -Use PKCS#5 v2.0 algorithms. -Supports algorithms such as 168-bit triple DES or 128-bit RC2, -however not many implementations support PKCS#5 v2.0 yet -(if using private keys with -.Nm openssl -this doesn't matter). -.Pp -.Ar alg -is the encryption algorithm to use; -valid values include des, des3, and rc2. -It is recommended that des3 is used. -.El -.Tg pkcs12 -.Sh PKCS12 -.Bl -hang -width "openssl pkcs12" -.It Nm openssl pkcs12 -.Bk -words -.Oo -.Fl aes128 | aes192 | aes256 | camellia128 | -.Fl camellia192 | camellia256 | des | des3 | idea -.Oc -.Op Fl cacerts -.Op Fl CAfile Ar file -.Op Fl caname Ar name -.Op Fl CApath Ar directory -.Op Fl certfile Ar file -.Op Fl certpbe Ar alg -.Op Fl chain -.Op Fl clcerts -.Op Fl descert -.Op Fl export -.Op Fl in Ar file -.Op Fl info -.Op Fl inkey Ar file -.Op Fl keyex -.Op Fl keypbe Ar alg -.Op Fl keysig -.Op Fl macalg Ar alg -.Op Fl maciter -.Op Fl name Ar name -.Op Fl nocerts -.Op Fl nodes -.Op Fl noiter -.Op Fl nokeys -.Op Fl nomac -.Op Fl nomaciter -.Op Fl nomacver -.Op Fl noout -.Op Fl out Ar file -.Op Fl passin Ar arg -.Op Fl passout Ar arg -.Op Fl password Ar arg -.Op Fl twopass -.Ek -.El -.Pp -The -.Nm pkcs12 -command allows PKCS#12 files -.Pq sometimes referred to as PFX files -to be created and parsed. -By default, a PKCS#12 file is parsed; -a PKCS#12 file can be created by using the -.Fl export -option. -.Pp -The options for parsing a PKCS12 file are as follows: -.Bl -tag -width "XXXX" -.It Xo -.Fl aes128 | aes192 | aes256 | -.Fl camellia128 | camellia192 | camellia256 | -.Fl des | des3 | -.Fl idea -.Xc -Encrypt private keys using AES, CAMELLIA, DES, triple DES -or the IDEA ciphers, respectively. -The default is triple DES. -.It Fl cacerts -Only output CA certificates -.Pq not client certificates . -.It Fl clcerts -Only output client certificates -.Pq not CA certificates . -.It Fl in Ar file -The input file to read from, -or standard input if not specified. -.It Fl info -Output additional information about the PKCS#12 file structure, -algorithms used, and iteration counts. -.It Fl nocerts -Do not output certificates. -.It Fl nodes -Do not encrypt private keys. -.It Fl nokeys -Do not output private keys. -.It Fl nomacver -Do not attempt to verify the integrity MAC before reading the file. -.It Fl noout -Do not output the keys and certificates to the output file -version of the PKCS#12 file. -.It Fl out Ar file -The output file to write to, -or standard output if not specified. -.It Fl passin Ar arg -The key password source. -.It Fl passout Ar arg -The output file password source. -.It Fl twopass -Prompt for separate integrity and encryption passwords: most software -always assumes these are the same so this option will render such -PKCS#12 files unreadable. -.El -.Pp -The options for PKCS12 file creation are as follows: -.Bl -tag -width "XXXX" -.It Fl CAfile Ar file -CA storage as a file. -.It Fl CApath Ar directory -CA storage as a directory. -The directory must be a standard certificate directory: -that is, a hash of each subject name (using -.Nm x509 Fl hash ) -should be linked to each certificate. -.It Fl caname Ar name -Specify the -.Qq friendly name -for other certificates. -May be used multiple times to specify names for all certificates -in the order they appear. -.It Fl certfile Ar file -A file to read additional certificates from. -.It Fl certpbe Ar alg , Fl keypbe Ar alg -Specify the algorithm used to encrypt the private key and -certificates to be selected. -Any PKCS#5 v1.5 or PKCS#12 PBE algorithm name can be used. -If a cipher name -(as output by the -.Cm list-cipher-algorithms -command) is specified then it -is used with PKCS#5 v2.0. -For interoperability reasons it is advisable to only use PKCS#12 algorithms. -.It Fl chain -Include the entire certificate chain of the user certificate. -The standard CA store is used for this search. -If the search fails, it is considered a fatal error. -.It Fl descert -Encrypt the certificate using triple DES; this may render the PKCS#12 -file unreadable by some -.Qq export grade -software. -By default, the private key is encrypted using triple DES and the -certificate using 40-bit RC2. -.It Fl export -Create a PKCS#12 file (rather than parsing one). -.It Fl in Ar file -The input file to read from, -or standard input if not specified. -The order doesn't matter but one private key and its corresponding -certificate should be present. -If additional certificates are present, they will also be included -in the PKCS#12 file. -.It Fl inkey Ar file -File to read a private key from. -If not present, a private key must be present in the input file. -.It Fl keyex | keysig -Specify whether the private key is to be used for key exchange or just signing. -Normally, -.Qq export grade -software will only allow 512-bit RSA keys to be -used for encryption purposes, but arbitrary length keys for signing. -The -.Fl keysig -option marks the key for signing only. -Signing only keys can be used for S/MIME signing, authenticode -(ActiveX control signing) -and SSL client authentication. -.It Fl macalg Ar alg -Specify the MAC digest algorithm. -The default is SHA1. -.It Fl maciter -Included for compatibility only: -it used to be needed to use MAC iterations counts -but they are now used by default. -.It Fl name Ar name -Specify the -.Qq friendly name -for the certificate and private key. -This name is typically displayed in list boxes by software importing the file. -.It Fl nomac -Don't attempt to provide the MAC integrity. -.It Fl nomaciter , noiter -Affect the iteration counts on the MAC and key algorithms. -.Pp -To discourage attacks by using large dictionaries of common passwords, -the algorithm that derives keys from passwords can have an iteration count -applied to it: this causes a certain part of the algorithm to be repeated -and slows it down. -The MAC is used to check the file integrity but since it will normally -have the same password as the keys and certificates it could also be attacked. -By default, both MAC and encryption iteration counts are set to 2048; -using these options the MAC and encryption iteration counts can be set to 1. -Since this reduces the file security, you should not use these options -unless you really have to. -Most software supports both MAC and key iteration counts. -.It Fl out Ar file -The output file to write to, -or standard output if not specified. -.It Fl passin Ar arg -The key password source. -.It Fl passout Ar arg -The output file password source. -.It Fl password Ar arg -With -.Fl export , -.Fl password -is equivalent to -.Fl passout . -Otherwise, -.Fl password -is equivalent to -.Fl passin . -.El -.Tg pkey -.Sh PKEY -.Bl -hang -width "openssl pkey" -.It Nm openssl pkey -.Bk -words -.Op Ar cipher -.Op Fl in Ar file -.Op Fl inform Cm der | pem -.Op Fl noout -.Op Fl out Ar file -.Op Fl outform Cm der | pem -.Op Fl passin Ar arg -.Op Fl passout Ar arg -.Op Fl pubin -.Op Fl pubout -.Op Fl text -.Op Fl text_pub -.Ek -.El -.Pp -The -.Nm pkey -command processes public or private keys. -They can be converted between various forms -and their components printed out. -.Pp -The options are as follows: -.Bl -tag -width Ds -.It Ar cipher -Encrypt the private key with the specified cipher. -Any algorithm name accepted by -.Xr EVP_get_cipherbyname 3 -is acceptable, such as -.Cm des3 . -.It Fl in Ar file -The input file to read from, -or standard input if not specified. -If the key is encrypted, a pass phrase will be prompted for. -.It Fl inform Cm der | pem -The input format. -.It Fl noout -Do not output the encoded version of the key. -.It Fl out Ar file -The output file to write to, -or standard output if not specified. -If any encryption options are set then a pass phrase -will be prompted for. -.It Fl outform Cm der | pem -The output format. -.It Fl passin Ar arg -The key password source. -.It Fl passout Ar arg -The output file password source. -.It Fl pubin -Read in a public key, not a private key. -.It Fl pubout -Output a public key, not a private key. -Automatically set if the input is a public key. -.It Fl text -Print the public/private key in plain text. -.It Fl text_pub -Print out only public key components -even if a private key is being processed. -.El -.Tg pkeyparam -.Sh PKEYPARAM -.Cm openssl pkeyparam -.Op Fl in Ar file -.Op Fl noout -.Op Fl out Ar file -.Op Fl text -.Pp -The -.Nm pkeyparam -command processes public or private keys. -The key type is determined by the PEM headers. -.Pp -The options are as follows: -.Bl -tag -width Ds -.It Fl in Ar file -The input file to read from, -or standard input if not specified. -.It Fl noout -Do not output the encoded version of the parameters. -.It Fl out Ar file -The output file to write to, -or standard output if not specified. -.It Fl text -Print the parameters in plain text. -.El -.Tg pkeyutl -.Sh PKEYUTL -.Bl -hang -width "openssl pkeyutl" -.It Nm openssl pkeyutl -.Bk -words -.Op Fl asn1parse -.Op Fl certin -.Op Fl decrypt -.Op Fl derive -.Op Fl encrypt -.Op Fl hexdump -.Op Fl in Ar file -.Op Fl inkey Ar file -.Op Fl keyform Cm der | pem -.Op Fl out Ar file -.Op Fl passin Ar arg -.Op Fl peerform Cm der | pem -.Op Fl peerkey Ar file -.Op Fl pkeyopt Ar opt : Ns Ar value -.Op Fl pubin -.Op Fl rev -.Op Fl sigfile Ar file -.Op Fl sign -.Op Fl verify -.Op Fl verifyrecover -.Ek -.El -.Pp -The -.Nm pkeyutl -command can be used to perform public key operations using -any supported algorithm. -.Pp -The options are as follows: -.Bl -tag -width Ds -.It Fl asn1parse -ASN.1 parse the output data. -This is useful when combined with the -.Fl verifyrecover -option when an ASN.1 structure is signed. -.It Fl certin -The input is a certificate containing a public key. -.It Fl decrypt -Decrypt the input data using a private key. -.It Fl derive -Derive a shared secret using the peer key. -.It Fl encrypt -Encrypt the input data using a public key. -.It Fl hexdump -Hex dump the output data. -.It Fl in Ar file -The input file to read from, -or standard input if not specified. -.It Fl inkey Ar file -The input key file. -By default it should be a private key. -.It Fl keyform Cm der | pem -The key format. -.It Fl out Ar file -The output file to write to, -or standard output if not specified. -.It Fl passin Ar arg -The key password source. -.It Fl peerform Cm der | pem -The peer key format. -.It Fl peerkey Ar file -The peer key file, used by key derivation (agreement) operations. -.It Fl pkeyopt Ar opt : Ns Ar value -Set the public key algorithm option -.Ar opt -to -.Ar value . -Unless otherwise mentioned, all algorithms support the format -.Ar digest : Ns Ar alg , -which specifies the digest to use -for sign, verify, and verifyrecover operations. -The value -.Ar alg -should represent a digest name as used in the -.Xr EVP_get_digestbyname 3 -function. -.Pp -The RSA algorithm supports the -encrypt, decrypt, sign, verify, and verifyrecover operations in general. -Some padding modes only support some of these -operations however. -.Bl -tag -width Ds -.It rsa_padding_mode : Ns Ar mode -This sets the RSA padding mode. -Acceptable values for -.Ar mode -are -.Cm pkcs1 -for PKCS#1 padding; -.Cm none -for no padding; -.Cm oaep -for OAEP mode; -.Cm x931 -for X9.31 mode; -and -.Cm pss -for PSS. -.Pp -In PKCS#1 padding if the message digest is not set then the supplied data is -signed or verified directly instead of using a DigestInfo structure. -If a digest is set then a DigestInfo -structure is used and its length -must correspond to the digest type. -For oeap mode only encryption and decryption is supported. -For x931 if the digest type is set it is used to format the block data; -otherwise the first byte is used to specify the X9.31 digest ID. -Sign, verify, and verifyrecover can be performed in this mode. -For pss mode only sign and verify are supported and the digest type must be -specified. -.It rsa_pss_saltlen : Ns Ar len -For pss -mode only this option specifies the salt length. -Two special values are supported: --1 sets the salt length to the digest length. -When signing, -2 sets the salt length to the maximum permissible value. -When verifying, -2 causes the salt length to be automatically determined -based on the PSS block structure. -.El -.Pp -The DSA algorithm supports the sign and verify operations. -Currently there are no additional options other than -.Ar digest . -Only the SHA1 digest can be used and this digest is assumed by default. -.Pp -The DH algorithm supports the derive operation -and no additional options. -.Pp -The EC algorithm supports the sign, verify, and derive operations. -The sign and verify operations use ECDSA and derive uses ECDH. -Currently there are no additional options other than -.Ar digest . -Only the SHA1 digest can be used and this digest is assumed by default. -.It Fl pubin -The input file is a public key. -.It Fl rev -Reverse the order of the input buffer. -.It Fl sigfile Ar file -Signature file (verify operation only). -.It Fl sign -Sign the input data and output the signed result. -This requires a private key. -.It Fl verify -Verify the input data against the signature file and indicate if the -verification succeeded or failed. -.It Fl verifyrecover -Verify the input data and output the recovered data. -.El -.Tg prime -.Sh PRIME -.Cm openssl prime -.Op Fl bits Ar n -.Op Fl checks Ar n -.Op Fl generate -.Op Fl hex -.Op Fl safe -.Ar p -.Pp -The -.Nm prime -command is used to generate prime numbers, -or to check numbers for primality. -Results are probabilistic: -they have an exceedingly high likelihood of being correct, -but are not guaranteed. -.Pp -The options are as follows: -.Bl -tag -width Ds -.It Fl bits Ar n -Specify the number of bits in the generated prime number. -Must be used in conjunction with -.Fl generate . -.It Fl checks Ar n -Perform a Miller-Rabin probabilistic primality test with -.Ar n -iterations. -The default is 20. -.It Fl generate -Generate a pseudo-random prime number. -Must be used in conjunction with -.Fl bits . -.It Fl hex -Output in hex format. -.It Fl safe -Generate only -.Qq safe -prime numbers -(i.e. a prime p so that (p-1)/2 is also prime). -.It Ar p -Test if number -.Ar p -is prime. -.El -.Tg rand -.Sh RAND -.Bl -hang -width "openssl rand" -.It Nm openssl rand -.Bk -words -.Op Fl base64 -.Op Fl hex -.Op Fl out Ar file -.Ar num -.Ek -.El -.Pp -The -.Nm rand -command outputs -.Ar num -pseudo-random bytes. -.Pp -The options are as follows: -.Bl -tag -width Ds -.It Fl base64 -Perform base64 encoding on the output. -.It Fl hex -Specify hexadecimal output. -.It Fl out Ar file -The output file to write to, -or standard output if not specified. -.El -.Tg req -.Sh REQ -.Bl -hang -width "openssl req" -.It Nm openssl req -.Bk -words -.Op Fl addext Ar ext -.Op Fl batch -.Op Fl config Ar file -.Op Fl days Ar n -.Op Fl extensions Ar section -.Op Fl in Ar file -.Op Fl inform Cm der | pem -.Op Fl key Ar keyfile -.Op Fl keyform Cm der | pem -.Op Fl keyout Ar file -.Op Fl md4 | md5 | sha1 -.Op Fl modulus -.Op Fl multivalue-rdn -.Op Fl nameopt Ar option -.Op Fl new -.Op Fl newhdr -.Op Fl newkey Ar arg -.Op Fl nodes -.Op Fl noout -.Op Fl out Ar file -.Op Fl outform Cm der | pem -.Op Fl passin Ar arg -.Op Fl passout Ar arg -.Op Fl pkeyopt Ar opt:value -.Op Fl pubkey -.Op Fl reqexts Ar section -.Op Fl reqopt Ar option -.Op Fl set_serial Ar n -.Op Fl sigopt Ar nm:v -.Op Fl subj Ar arg -.Op Fl subject -.Op Fl text -.Op Fl utf8 -.Op Fl verbose -.Op Fl verify -.Op Fl x509 -.Ek -.El -.Pp -The -.Nm req -command primarily creates and processes certificate requests -in PKCS#10 format. -It can additionally create self-signed certificates, -for use as root CAs, for example. -.Pp -The options are as follows: -.Bl -tag -width Ds -.It Fl addext Ar ext -Add a specific extension to the certificate (if the -.Fl x509 -option is present) or certificate request. -The argument must have the form of a key=value pair as it would appear in a -config file. -This option can be given multiple times. -.It Fl batch -Non-interactive mode. -.It Fl config Ar file -Specify an alternative configuration file. -.It Fl days Ar n -Specify the number of days to certify the certificate for. -The default is 30 days. -Used with the -.Fl x509 -option. -.It Fl extensions Ar section , Fl reqexts Ar section -Specify alternative sections to include certificate -extensions (with -.Fl x509 ) -or certificate request extensions, -allowing several different sections to be used in the same configuration file. -.It Fl in Ar file -The input file to read a request from, -or standard input if not specified. -A request is only read if the creation options -.Fl new -and -.Fl newkey -are not specified. -.It Fl inform Cm der | pem -The input format. -.It Fl key Ar keyfile -The file to read the private key from. -It also accepts PKCS#8 format private keys for PEM format files. -.It Fl keyform Cm der | pem -The format of the private key file specified in the -.Fl key -argument. -The default is -.Cm pem . -.It Fl keyout Ar file -The file to write the newly created private key to. -If this option is not specified, -the filename present in the configuration file is used. -.It Fl md5 | sha1 | sha256 -The message digest to sign the request with. -This overrides the digest algorithm specified in the configuration file. -.Pp -Some public key algorithms may override this choice. -For instance, DSA signatures always use SHA1. -.It Fl modulus -Print the value of the modulus of the public key contained in the request. -.It Fl multivalue-rdn -This option causes the -.Fl subj -argument to be interpreted with full support for multivalued RDNs, -for example -.Qq "/DC=org/DC=OpenSSL/DC=users/UID=123456+CN=John Doe" . -If -.Fl multivalue-rdn -is not used, the UID value is set to -.Qq "123456+CN=John Doe" . -.It Fl nameopt Ar option , Fl reqopt Ar option -Determine how the subject or issuer names are displayed. -.Ar option -can be a single option or multiple options separated by commas. -Alternatively, these options may be used more than once to set multiple options. -See the -.Sx X509 -section below for details. -.It Fl new -Generate a new certificate request. -The user is prompted for the relevant field values. -The actual fields prompted for and their maximum and minimum sizes -are specified in the configuration file and any requested extensions. -.Pp -If the -.Fl key -option is not used, it will generate a new RSA private -key using information specified in the configuration file. -.It Fl newhdr -Add the word NEW to the PEM file header and footer lines -on the outputted request. -Some software and CAs need this. -.It Fl newkey Ar arg -Create a new certificate request and a new private key. -The argument takes one of several forms. -.Pp -.No rsa : Ns Ar nbits -generates an RSA key -.Ar nbits -in size. -If -.Ar nbits -is omitted, -the default key size is used. -.Pp -.No dsa : Ns Ar file -generates a DSA key using the parameters in -.Ar file . -.Pp -.No param : Ns Ar file -generates a key using the parameters or certificate in -.Ar file . -.Pp -All other algorithms support the form -.Ar algorithm : Ns Ar file , -where file may be an algorithm parameter file, -created by the -.Cm genpkey -genparam -command or an X.509 certificate for a key with appropriate algorithm. -.Ar file -can be omitted, -in which case any parameters can be specified via the -.Fl pkeyopt -option. -.It Fl nodes -Do not encrypt the private key. -.It Fl noout -Do not output the encoded version of the request. -.It Fl out Ar file -The output file to write to, -or standard output if not specified. -.It Fl outform Cm der | pem -The output format. -.It Fl passin Ar arg -The key password source. -.It Fl passout Ar arg -The output file password source. -.It Fl pkeyopt Ar opt:value -Set the public key algorithm option -.Ar opt -to -.Ar value . -.It Fl pubkey -Output the public key. -.It Fl reqopt Ar option -Customise the output format used with -.Fl text . -The -.Ar option -argument can be a single option or multiple options separated by commas. -See also the discussion of -.Fl certopt -in the -.Nm x509 -command. -.It Fl set_serial Ar n -Serial number to use when outputting a self-signed certificate. -This may be specified as a decimal value or a hex value if preceded by -.Sq 0x . -It is possible to use negative serial numbers but this is not recommended. -.It Fl sigopt Ar nm:v -Pass options to the signature algorithm during sign operation. -The names and values of these options are algorithm-specific. -.It Fl subj Ar arg -Replaces the subject field of an input request -with the specified data and output the modified request. -.Ar arg -must be formatted as /type0=value0/type1=value1/type2=...; -characters may be escaped by -.Sq \e -(backslash); -no spaces are skipped. -.It Fl subject -Print the request subject (or certificate subject if -.Fl x509 -is specified). -.It Fl text -Print the certificate request in plain text. -.It Fl utf8 -Interpret field values as UTF8 strings, not ASCII. -.It Fl verbose -Print extra details about the operations being performed. -.It Fl verify -Verify the signature on the request. -.It Fl x509 -Output a self-signed certificate instead of a certificate request. -This is typically used to generate a test certificate or a self-signed root CA. -The extensions added to the certificate (if any) -are specified in the configuration file. -Unless specified using the -.Fl set_serial -option, 0 is used for the serial number. -.El -.Pp -The configuration options are specified in the -.Qq req -section of the configuration file. -The options available are as follows: -.Bl -tag -width "XXXX" -.It Cm attributes -The section containing any request attributes: its format -is the same as -.Cm distinguished_name . -Typically these may contain the challengePassword or unstructuredName types. -They are currently ignored by the -.Nm openssl -request signing utilities, but some CAs might want them. -.It Cm default_bits -The default key size, in bits. -The default is 2048. -It is used if the -.Fl new -option is used and can be overridden by using the -.Fl newkey -option. -.It Cm default_keyfile -The default file to write a private key to, -or standard output if not specified. -It can be overridden by the -.Fl keyout -option. -.It Cm default_md -The digest algorithm to use. -Possible values include -.Cm md5 , -.Cm sha1 -and -.Cm sha256 -(the default). -It can be overridden on the command line. -.It Cm distinguished_name -The section containing the distinguished name fields to -prompt for when generating a certificate or certificate request. -The format is described below. -.It Cm encrypt_key -If set to -.Qq no -and a private key is generated, it is not encrypted. -It is equivalent to the -.Fl nodes -option. -For compatibility, -.Cm encrypt_rsa_key -is an equivalent option. -.It Cm input_password | output_password -The passwords for the input private key file (if present) -and the output private key file (if one will be created). -The command line options -.Fl passin -and -.Fl passout -override the configuration file values. -.It Cm oid_file -A file containing additional OBJECT IDENTIFIERS. -Each line of the file should consist of the numerical form of the -object identifier, followed by whitespace, then the short name followed -by whitespace and finally the long name. -.It Cm oid_section -Specify a section in the configuration file containing extra -object identifiers. -Each line should consist of the short name of the -object identifier followed by -.Sq = -and the numerical form. -The short and long names are the same when this option is used. -.It Cm prompt -If set to -.Qq no , -it disables prompting of certificate fields -and just takes values from the config file directly. -It also changes the expected format of the -.Cm distinguished_name -and -.Cm attributes -sections. -.It Cm req_extensions -The configuration file section containing a list of -extensions to add to the certificate request. -It can be overridden by the -.Fl reqexts -option. -.It Cm string_mask -Limit the string types for encoding certain fields. -The following values may be used, limiting strings to the indicated types: -.Bl -tag -width "MASK:number" -.It Cm utf8only -UTF8String. -This is the default, as recommended by PKIX in RFC 2459. -.It Cm default -PrintableString, IA5String, T61String, BMPString, UTF8String. -.It Cm pkix -PrintableString, IA5String, BMPString, UTF8String. -Inspired by the PKIX recommendation in RFC 2459 for certificates -generated before 2004, but differs by also permitting IA5String. -.It Cm nombstr -PrintableString, IA5String, T61String, UniversalString. -A workaround for some ancient software that had problems -with the variable-sized BMPString and UTF8String types. -.It Cm MASK : Ns Ar number -An explicit bitmask of permitted types, where -.Ar number -is a C-style hex, decimal, or octal number that's a bit-wise OR of -.Dv B_ASN1_* -values from -.In openssl/asn1.h . -.El -.It Cm utf8 -If set to -.Qq yes , -field values are interpreted as UTF8 strings. -.It Cm x509_extensions -The configuration file section containing a list of -extensions to add to a certificate generated when the -.Fl x509 -switch is used. -It can be overridden by the -.Fl extensions -command line switch. -.El -.Pp -There are two separate formats for the distinguished name and attribute -sections. -If the -.Fl prompt -option is set to -.Qq no , -then these sections just consist of field names and values. -If the -.Fl prompt -option is absent or not set to -.Qq no , -then the file contains field prompting information of the form: -.Bd -unfilled -offset indent -fieldName="prompt" -fieldName_default="default field value" -fieldName_min= 2 -fieldName_max= 4 -.Ed -.Pp -.Qq fieldName -is the field name being used, for example -.Cm commonName -(or CN). -The -.Qq prompt -string is used to ask the user to enter the relevant details. -If the user enters nothing, the default value is used; -if no default value is present, the field is omitted. -A field can still be omitted if a default value is present, -if the user just enters the -.Sq \&. -character. -.Pp -The number of characters entered must be between the -fieldName_min and fieldName_max limits: -there may be additional restrictions based on the field being used -(for example -.Cm countryName -can only ever be two characters long and must fit in a -.Cm PrintableString ) . -.Pp -Some fields (such as -.Cm organizationName ) -can be used more than once in a DN. -This presents a problem because configuration files will -not recognize the same name occurring twice. -To avoid this problem, if the -.Cm fieldName -contains some characters followed by a full stop, they will be ignored. -So, for example, a second -.Cm organizationName -can be input by calling it -.Qq 1.organizationName . -.Pp -The actual permitted field names are any object identifier short or -long names. -These are compiled into -.Nm openssl -and include the usual values such as -.Cm commonName , countryName , localityName , organizationName , -.Cm organizationalUnitName , stateOrProvinceName . -Additionally, -.Cm emailAddress -is included as well as -.Cm name , surname , givenName , initials -and -.Cm dnQualifier . -.Pp -Additional object identifiers can be defined with the -.Cm oid_file -or -.Cm oid_section -options in the configuration file. -Any additional fields will be treated as though they were a -.Cm DirectoryString . -.Tg rsa -.Sh RSA -.Bl -hang -width "openssl rsa" -.It Nm openssl rsa -.Bk -words -.Op Fl aes128 | aes192 | aes256 | des | des3 -.Op Fl check -.Op Fl in Ar file -.Op Fl inform Cm der | net | pem | pvk -.Op Fl modulus -.Op Fl noout -.Op Fl out Ar file -.Op Fl outform Cm der | net | pem | pvk -.Op Fl passin Ar arg -.Op Fl passout Ar arg -.Op Fl pubin -.Op Fl pubout -.Op Fl pvk-none | pvk-strong | pvk-weak -.Op Fl RSAPublicKey_in -.Op Fl RSAPublicKey_out -.Op Fl text -.Ek -.El -.Pp -The -.Nm rsa -command processes RSA keys. -They can be converted between various forms and their components printed out. -.Nm rsa -uses the traditional -.Nm SSLeay -compatible format for private key encryption: -newer applications should use the more secure PKCS#8 format using the -.Nm pkcs8 -utility. -.Pp -The options are as follows: -.Bl -tag -width Ds -.It Fl aes128 | aes192 | aes256 | des | des3 -Encrypt the private key with the AES, DES, -or the triple DES ciphers, respectively, before outputting it. -A pass phrase is prompted for. -If none of these options are specified, the key is written in plain text. -This means that using the -.Nm rsa -utility to read in an encrypted key with no encryption option can be used -to remove the pass phrase from a key, or by setting the encryption options -it can be used to add or change the pass phrase. -These options can only be used with PEM format output files. -.It Fl check -Check the consistency of an RSA private key. -.It Fl in Ar file -The input file to read from, -or standard input if not specified. -If the key is encrypted, a pass phrase will be prompted for. -.It Fl inform Cm der | net | pem | pvk -The input format. -.It Fl noout -Do not output the encoded version of the key. -.It Fl modulus -Print the value of the modulus of the key. -.It Fl out Ar file -The output file to write to, -or standard output if not specified. -.It Fl outform Cm der | net | pem | pvk -The output format. -.It Fl passin Ar arg -The key password source. -.It Fl passout Ar arg -The output file password source. -.It Fl pubin -Read in a public key, -not a private key. -.It Fl pubout -Output a public key, -not a private key. -Automatically set if the input is a public key. -.It Xo -.Fl pvk-none | pvk-strong | pvk-weak -.Xc -Enable or disable PVK encoding. -The default is -.Fl pvk-strong . -.It Fl RSAPublicKey_in , RSAPublicKey_out -Same as -.Fl pubin -and -.Fl pubout -except -.Cm RSAPublicKey -format is used instead. -.It Fl text -Print the public/private key components in plain text. -.El -.Tg rsautl -.Sh RSAUTL -.Bl -hang -width "openssl rsautl" -.It Nm openssl rsautl -.Bk -words -.Op Fl asn1parse -.Op Fl certin -.Op Fl decrypt -.Op Fl encrypt -.Op Fl hexdump -.Op Fl in Ar file -.Op Fl inkey Ar file -.Op Fl keyform Cm der | pem -.Op Fl oaep | pkcs | raw | x931 -.Op Fl out Ar file -.Op Fl passin Ar arg -.Op Fl pubin -.Op Fl rev -.Op Fl sign -.Op Fl verify -.Ek -.El -.Pp -The -.Nm rsautl -command can be used to sign, verify, encrypt and decrypt -data using the RSA algorithm. -.Pp -The options are as follows: -.Bl -tag -width Ds -.It Fl asn1parse -Asn1parse the output data; this is useful when combined with the -.Fl verify -option. -.It Fl certin -The input is a certificate containing an RSA public key. -.It Fl decrypt -Decrypt the input data using an RSA private key. -.It Fl encrypt -Encrypt the input data using an RSA public key. -.It Fl hexdump -Hex dump the output data. -.It Fl in Ar file -The input to read from, -or standard input if not specified. -.It Fl inkey Ar file -The input key file; by default an RSA private key. -.It Fl keyform Cm der | pem -The private key format. -The default is -.Cm pem . -.It Fl oaep | pkcs | raw | x931 -The padding to use: -PKCS#1 OAEP, PKCS#1 v1.5 (the default), no padding, or ANSI X9.31, -respectively. -For signatures, only -.Fl pkcs -and -.Fl raw -can be used. -.It Fl out Ar file -The output file to write to, -or standard output if not specified. -.It Fl passin Ar arg -The key password source. -.It Fl pubin -The input file is an RSA public key. -.It Fl rev -Reverse the order of the input buffer. -.It Fl sign -Sign the input data and output the signed result. -This requires an RSA private key. -.It Fl verify -Verify the input data and output the recovered data. -.El -.Tg s_client -.Sh S_CLIENT -.Bl -hang -width "openssl s_client" -.It Nm openssl s_client -.Bk -words -.Op Fl 4 | 6 -.Op Fl alpn Ar protocols -.Op Fl bugs -.Op Fl CAfile Ar file -.Op Fl CApath Ar directory -.Op Fl cert Ar file -.Op Fl certform Cm der | pem -.Op Fl check_ss_sig -.Op Fl cipher Ar cipherlist -.Op Fl connect Ar host Ns Op : Ns Ar port -.Op Fl crl_check -.Op Fl crl_check_all -.Op Fl crlf -.Op Fl debug -.Op Fl dtls -.Op Fl dtls1_2 -.Op Fl extended_crl -.Op Fl groups Ar list -.Op Fl host Ar host -.Op Fl ign_eof -.Op Fl ignore_critical -.Op Fl issuer_checks -.Op Fl key Ar keyfile -.Op Fl keyform Cm der | pem -.Op Fl keymatexport Ar label -.Op Fl keymatexportlen Ar len -.Op Fl legacy_server_connect -.Op Fl msg -.Op Fl mtu Ar mtu -.Op Fl nbio -.Op Fl nbio_test -.Op Fl no_comp -.Op Fl no_ign_eof -.Op Fl no_legacy_server_connect -.Op Fl no_ticket -.Op Fl no_tls1_2 -.Op Fl no_tls1_3 -.Op Fl pass Ar arg -.Op Fl policy_check -.Op Fl port Ar port -.Op Fl prexit -.Op Fl proxy Ar host : Ns Ar port -.Op Fl quiet -.Op Fl reconnect -.Op Fl servername Ar name -.Op Fl serverpref -.Op Fl sess_in Ar file -.Op Fl sess_out Ar file -.Op Fl showcerts -.Op Fl starttls Ar protocol -.Op Fl state -.Op Fl status -.Op Fl timeout -.Op Fl tls1_2 -.Op Fl tls1_3 -.Op Fl tlsextdebug -.Op Fl use_srtp Ar profiles -.Op Fl verify Ar depth -.Op Fl verify_return_error -.Op Fl x509_strict -.Op Fl xmpphost Ar host -.Ek -.El -.Pp -The -.Nm s_client -command implements a generic SSL/TLS client which connects -to a remote host using SSL/TLS. -.Pp -If a connection is established with an SSL server, any data received -from the server is displayed and any key presses will be sent to the -server. -When used interactively (which means neither -.Fl quiet -nor -.Fl ign_eof -have been given), the session will be renegotiated if the line begins with an -.Cm R ; -if the line begins with a -.Cm Q -or if end of file is reached, the connection will be closed down. -.Pp -The options are as follows: -.Bl -tag -width Ds -.It Fl 4 -Attempt connections using IPv4 only. -.It Fl 6 -Attempt connections using IPv6 only. -.It Fl alpn Ar protocols -Enable the Application-Layer Protocol Negotiation. -.Ar protocols -is a comma-separated list of protocol names that the client should advertise -support for. -.It Fl bugs -Enable various workarounds for buggy implementations. -.It Fl CAfile Ar file -A -.Ar file -containing trusted certificates to use during server authentication -and to use when attempting to build the client certificate chain. -.It Fl CApath Ar directory -The -.Ar directory -to use for server certificate verification. -This directory must be in -.Qq hash format ; -see -.Fl verify -for more information. -These are also used when building the client certificate chain. -.It Fl cert Ar file -The certificate to use, if one is requested by the server. -The default is not to use a certificate. -.It Fl certform Cm der | pem -The certificate format. -The default is -.Cm pem . -.It Xo -.Fl check_ss_sig , -.Fl crl_check , -.Fl crl_check_all , -.Fl extended_crl , -.Fl ignore_critical , -.Fl issuer_checks , -.Fl policy_check , -.Fl x509_strict -.Xc -Set various certificate chain validation options. -See the -.Nm verify -command for details. -.It Fl cipher Ar cipherlist -Modify the cipher list sent by the client. -Although the server determines which cipher suite is used, it should take -the first supported cipher in the list sent by the client. -See the -.Nm ciphers -command for more information. -.It Fl connect Ar host Ns Op : Ns Ar port -The -.Ar host -and -.Ar port -to connect to. -If not specified, an attempt is made to connect to the local host -on port 4433. -Alternatively, the host and port pair may be separated using a forward-slash -character, -which is useful for numeric IPv6 addresses. -.It Fl crlf -Translate a line feed from the terminal into CR+LF, -as required by some servers. -.It Fl debug -Print extensive debugging information, including a hex dump of all traffic. -.It Fl dtls -Permit any version of DTLS. -.It Fl dtls1_2 -Permit only DTLS1.2. -.It Fl groups Ar list -Set the supported elliptic curve groups to the colon separated -.Ar list -of group NIDs or names as documented in -.Xr SSL_CTX_set1_groups_list 3 . -.It Fl host Ar host -The -.Ar host -to connect to. -The default is localhost. -.It Fl ign_eof -Inhibit shutting down the connection when end of file is reached in the input. -.It Fl key Ar keyfile -The private key to use. -If not specified, the certificate file will be used. -.It Fl keyform Cm der | pem -The private key format. -The default is -.Cm pem . -.It Fl keymatexport Ar label -Export keying material using label. -.It Fl keymatexportlen Ar len -Export len bytes of keying material (default 20). -.It Fl legacy_server_connect , no_legacy_server_connect -Allow or disallow initial connection to servers that don't support RI. -.It Fl msg -Show all protocol messages with hex dump. -.It Fl mtu Ar mtu -Set the link layer MTU. -.It Fl nbio -Turn on non-blocking I/O. -.It Fl nbio_test -Test non-blocking I/O. -.It Fl no_ign_eof -Shut down the connection when end of file is reached in the input. -Can be used to override the implicit -.Fl ign_eof -after -.Fl quiet . -.It Fl no_tls1_2 | no_tls1_3 -Disable the use of TLS1.2 and 1.3, respectively. -.It Fl no_ticket -Disable RFC 4507 session ticket support. -.It Fl pass Ar arg -The private key password source. -.It Fl port Ar port -The -.Ar port -to connect to. -The default is 4433. -.It Fl prexit -Print session information when the program exits. -This will always attempt -to print out information even if the connection fails. -Normally, information will only be printed out once if the connection succeeds. -This option is useful because the cipher in use may be renegotiated -or the connection may fail because a client certificate is required or is -requested only after an attempt is made to access a certain URL. -Note that the output produced by this option is not always accurate -because a connection might never have been established. -.It Fl proxy Ar host : Ns Ar port -Use the HTTP proxy at -.Ar host -and -.Ar port . -The connection to the proxy is done in cleartext and the -.Fl connect -argument is given to the proxy. -If not specified, localhost is used as final destination. -After that, switch the connection through the proxy to the destination -to TLS. -.It Fl quiet -Inhibit printing of session and certificate information. -This implicitly turns on -.Fl ign_eof -as well. -.It Fl reconnect -Reconnect to the same server 5 times using the same session ID; this can -be used as a test that session caching is working. -.It Fl servername Ar name -Include the TLS Server Name Indication (SNI) extension in the ClientHello -message, using the specified server -.Ar name . -.It Fl showcerts -Display the whole server certificate chain: normally only the server -certificate itself is displayed. -.It Fl serverpref -Use the server's cipher preferences. -.It Fl sess_in Ar file -Load TLS session from file. -The client will attempt to resume a connection from this session. -.It Fl sess_out Ar file -Output TLS session to file. -.It Fl starttls Ar protocol -Send the protocol-specific messages to switch to TLS for communication. -.Ar protocol -is a keyword for the intended protocol. -Currently, the supported keywords are -.Qq ftp , -.Qq imap , -.Qq smtp , -.Qq pop3 , -and -.Qq xmpp . -.It Fl state -Print the SSL session states. -.It Fl status -Send a certificate status request to the server (OCSP stapling). -The server response (if any) is printed out. -.It Fl timeout -Enable send/receive timeout on DTLS connections. -.It Fl tls1_2 | tls1_3 -Permit only TLS1.2 or 1.3 respectively. -.It Fl tlsextdebug -Print a hex dump of any TLS extensions received from the server. -.It Fl use_srtp Ar profiles -Offer SRTP key management with a colon-separated profile list. -.It Fl verify Ar depth -Turn on server certificate verification, -with a maximum length of -.Ar depth . -Currently the verify operation continues after errors so all the problems -with a certificate chain can be seen. -As a side effect the connection will never fail due to a server -certificate verify failure. -.It Fl verify_return_error -Return verification error. -.It Fl xmpphost Ar hostname -When used with -.Fl starttls Ar xmpp , -specify the host for the "to" attribute of the stream element. -If this option is not specified then the host specified with -.Fl connect -will be used. -.El -.Tg s_server -.Sh S_SERVER -.Bl -hang -width "openssl s_server" -.It Nm openssl s_server -.Bk -words -.Op Fl accept Ar port -.Op Fl alpn Ar protocols -.Op Fl bugs -.Op Fl CAfile Ar file -.Op Fl CApath Ar directory -.Op Fl cert Ar file -.Op Fl cert2 Ar file -.Op Fl certform Cm der | pem -.Op Fl cipher Ar cipherlist -.Op Fl context Ar id -.Op Fl crl_check -.Op Fl crl_check_all -.Op Fl crlf -.Op Fl dcert Ar file -.Op Fl dcertform Cm der | pem -.Op Fl debug -.Op Fl dhparam Ar file -.Op Fl dkey Ar file -.Op Fl dkeyform Cm der | pem -.Op Fl dpass Ar arg -.Op Fl dtls -.Op Fl dtls1 -.Op Fl dtls1_2 -.Op Fl groups Ar list -.Op Fl HTTP -.Op Fl id_prefix Ar arg -.Op Fl key Ar keyfile -.Op Fl key2 Ar keyfile -.Op Fl keyform Cm der | pem -.Op Fl keymatexport Ar label -.Op Fl keymatexportlen Ar len -.Op Fl msg -.Op Fl mtu Ar mtu -.Op Fl naccept Ar num -.Op Fl named_curve Ar arg -.Op Fl nbio -.Op Fl nbio_test -.Op Fl no_cache -.Op Fl no_dhe -.Op Fl no_ecdhe -.Op Fl no_ticket -.Op Fl no_tls1_2 -.Op Fl no_tls1_3 -.Op Fl no_tmp_rsa -.Op Fl nocert -.Op Fl pass Ar arg -.Op Fl quiet -.Op Fl servername Ar name -.Op Fl servername_fatal -.Op Fl serverpref -.Op Fl state -.Op Fl status -.Op Fl status_timeout Ar nsec -.Op Fl status_url Ar url -.Op Fl status_verbose -.Op Fl timeout -.Op Fl tls1_2 -.Op Fl tls1_3 -.Op Fl tlsextdebug -.Op Fl use_srtp Ar profiles -.Op Fl Verify Ar depth -.Op Fl verify Ar depth -.Op Fl verify_return_error -.Op Fl WWW -.Op Fl www -.Ek -.El -.Pp -The -.Nm s_server -command implements a generic SSL/TLS server which listens -for connections on a given port using SSL/TLS. -.Pp -If a connection request is established with a client and neither the -.Fl www -nor the -.Fl WWW -option has been used, then any data received -from the client is displayed and any key presses are sent to the client. -Certain single letter commands perform special operations: -.Pp -.Bl -tag -width "XXXX" -compact -.It Ic P -Send plain text, which should cause the client to disconnect. -.It Ic Q -End the current SSL connection and exit. -.It Ic q -End the current SSL connection, but still accept new connections. -.It Ic R -Renegotiate the SSL session and request a client certificate. -.It Ic r -Renegotiate the SSL session. -.It Ic S -Print out some session cache status information. -.El -.Pp -The options are as follows: -.Bl -tag -width Ds -.It Fl accept Ar port -Listen on TCP -.Ar port -for connections. -The default is port 4433. -.It Fl alpn Ar protocols -Enable the Application-Layer Protocol Negotiation. -.Ar protocols -is a comma-separated list of supported protocol names. -.It Fl bugs -Enable various workarounds for buggy implementations. -.It Fl CAfile Ar file -A -.Ar file -containing trusted certificates to use during client authentication -and to use when attempting to build the server certificate chain. -The list is also used in the list of acceptable client CAs passed to the -client when a certificate is requested. -.It Fl CApath Ar directory -The -.Ar directory -to use for client certificate verification. -This directory must be in -.Qq hash format ; -see -.Fl verify -for more information. -These are also used when building the server certificate chain. -.It Fl cert Ar file -The certificate to use: most server's cipher suites require the use of a -certificate and some require a certificate with a certain public key type. -For example, the DSS cipher suites require a certificate containing a DSS -(DSA) key. -If not specified, the file -.Pa server.pem -will be used. -.It Fl cert2 Ar file -The certificate to use for servername. -.It Fl certform Cm der | pem -The certificate format. -The default is -.Cm pem . -.It Fl cipher Ar cipherlist -Modify the cipher list used by the server. -This allows the cipher list used by the server to be modified. -When the client sends a list of supported ciphers, the first client cipher -also included in the server list is used. -Because the client specifies the preference order, the order of the server -cipherlist is irrelevant. -See the -.Nm ciphers -command for more information. -.It Fl context Ar id -Set the SSL context ID. -It can be given any string value. -.It Fl crl_check , crl_check_all -Check the peer certificate has not been revoked by its CA. -The CRLs are appended to the certificate file. -.Fl crl_check_all -checks all CRLs of all CAs in the chain. -.It Fl crlf -Translate a line feed from the terminal into CR+LF. -.It Fl dcert Ar file , Fl dkey Ar file -Specify an additional certificate and private key; these behave in the -same manner as the -.Fl cert -and -.Fl key -options except there is no default if they are not specified -(no additional certificate or key is used). -By using RSA and DSS certificates and keys, -a server can support clients which only support RSA or DSS cipher suites -by using an appropriate certificate. -.It Fl dcertform Cm der | pem , Fl dkeyform Cm der | pem , Fl dpass Ar arg -Additional certificate and private key format, and private key password source, -respectively. -.It Fl debug -Print extensive debugging information, including a hex dump of all traffic. -.It Fl dhparam Ar file -The DH parameter file to use. -The ephemeral DH cipher suites generate keys -using a set of DH parameters. -If not specified, an attempt is made to -load the parameters from the server certificate file. -If this fails, a static set of parameters hard coded into the -.Nm s_server -program will be used. -.It Fl dtls -Permit any version of DTLS. -.It Fl dtls1_2 -Permit only DTLS1.2. -.It Fl groups Ar list -Set the supported elliptic curve groups to the colon separated -.Ar list -of group NIDs or names as documented in -.Xr SSL_CTX_set1_groups_list 3 . -.It Fl HTTP -Emulate a simple web server. -Pages are resolved relative to the current directory. -For example if the URL -.Pa https://myhost/page.html -is requested, the file -.Pa ./page.html -will be loaded. -The files loaded are assumed to contain a complete and correct HTTP -response (lines that are part of the HTTP response line and headers -must end with CRLF). -.It Fl id_prefix Ar arg -Generate SSL/TLS session IDs prefixed by -.Ar arg . -This is mostly useful for testing any SSL/TLS code -that wish to deal with multiple servers, -when each of which might be generating a unique range of session IDs. -.It Fl key Ar keyfile -The private key to use. -If not specified, the certificate file will be used. -.It Fl key2 Ar keyfile -The private key to use for servername. -.It Fl keyform Cm der | pem -The private key format. -The default is -.Cm pem . -.It Fl keymatexport Ar label -Export keying material using label. -.It Fl keymatexportlen Ar len -Export len bytes of keying material (default 20). -.It Fl msg -Show all protocol messages with hex dump. -.It Fl mtu Ar mtu -Set the link layer MTU. -.It Fl naccept Ar num -Terminate server after -.Ar num -connections. -.It Fl named_curve Ar arg -Specify the elliptic curve name to use for ephemeral ECDH keys. -This option is deprecated; use -.Fl groups -instead. -.It Fl nbio -Turn on non-blocking I/O. -.It Fl nbio_test -Test non-blocking I/O. -.It Fl no_cache -Disable session caching. -.It Fl no_dhe -Disable ephemeral DH cipher suites. -.It Fl no_ecdhe -Disable ephemeral ECDH cipher suites. -.It Fl no_ticket -Disable RFC 4507 session ticket support. -.It Fl no_tls1_2 | no_tls1_3 -Disable the use of TLS1.2 and 1.3, respectively. -.It Fl no_tmp_rsa -Disable temporary RSA key generation. -.It Fl nocert -Do not use a certificate. -This restricts the cipher suites available to the anonymous ones -(currently just anonymous DH). -.It Fl pass Ar arg -The private key password source. -.It Fl quiet -Inhibit printing of session and certificate information. -.It Fl servername Ar name -Set the TLS Server Name Indication (SNI) extension with -.Ar name . -.It Fl servername_fatal -Send fatal alert if servername does not match. -The default is warning alert. -.It Fl serverpref -Use server's cipher preferences. -.It Fl state -Print the SSL session states. -.It Fl status -Enables certificate status request support (OCSP stapling). -.It Fl status_timeout Ar nsec -Sets the timeout for OCSP response in seconds. -.It Fl status_url Ar url -Sets a fallback responder URL to use if no responder URL is present in the -server certificate. -Without this option, an error is returned if the server certificate does not -contain a responder address. -.It Fl status_verbose -Enables certificate status request support (OCSP stapling) and gives a verbose -printout of the OCSP response. -.It Fl timeout -Enable send/receive timeout on DTLS connections. -.It Fl tls1_2 | tls1_3 -Permit only TLS1.2, or 1.3, respectively. -.It Fl tlsextdebug -Print a hex dump of any TLS extensions received from the server. -.It Fl use_srtp Ar profiles -Offer SRTP key management with a colon-separated profile list. -.It Fl verify_return_error -Return verification error. -.It Fl WWW -Emulate a simple web server. -Pages are resolved relative to the current directory. -For example if the URL -.Pa https://myhost/page.html -is requested, the file -.Pa ./page.html -will be loaded. -.It Fl www -Send a status message to the client when it connects, -including information about the ciphers used and various session parameters. -The output is in HTML format so this option will normally be used with a -web browser. -.It Fl Verify Ar depth , Fl verify Ar depth -Request a certificate chain from the client, -with a maximum length of -.Ar depth . -With -.Fl Verify , -the client must supply a certificate or an error occurs; -with -.Fl verify , -a certificate is requested but the client does not have to send one. -.El -.Tg s_time -.Sh S_TIME -.Bl -hang -width "openssl s_time" -.It Nm openssl s_time -.Bk -words -.Op Fl bugs -.Op Fl CAfile Ar file -.Op Fl CApath Ar directory -.Op Fl cert Ar file -.Op Fl cipher Ar cipherlist -.Op Fl connect Ar host Ns Op : Ns Ar port -.Op Fl key Ar keyfile -.Op Fl nbio -.Op Fl new -.Op Fl no_shutdown -.Op Fl reuse -.Op Fl time Ar seconds -.Op Fl verify Ar depth -.Op Fl www Ar page -.Ek -.El -.Pp -The -.Nm s_time -command implements a generic SSL/TLS client which connects to a -remote host using SSL/TLS. -It can request a page from the server and includes -the time to transfer the payload data in its timing measurements. -It measures the number of connections within a given timeframe, -the amount of data transferred -.Pq if any , -and calculates the average time spent for one connection. -.Pp -The options are as follows: -.Bl -tag -width Ds -.It Fl bugs -Enable various workarounds for buggy implementations. -.It Fl CAfile Ar file -A -.Ar file -containing trusted certificates to use during server authentication -and to use when attempting to build the client certificate chain. -.It Fl CApath Ar directory -The directory to use for server certificate verification. -This directory must be in -.Qq hash format ; -see -.Nm verify -for more information. -These are also used when building the client certificate chain. -.It Fl cert Ar file -The certificate to use, if one is requested by the server. -The default is not to use a certificate. -.It Fl cipher Ar cipherlist -Modify the cipher list sent by the client. -Although the server determines which cipher suite is used, -it should take the first supported cipher in the list sent by the client. -See the -.Nm ciphers -command for more information. -.It Fl connect Ar host Ns Op : Ns Ar port -The host and port to connect to. -.It Fl key Ar keyfile -The private key to use. -If not specified, the certificate file will be used. -.It Fl nbio -Turn on non-blocking I/O. -.It Fl new -Perform the timing test using a new session ID for each connection. -If neither -.Fl new -nor -.Fl reuse -are specified, -they are both on by default and executed in sequence. -.It Fl no_shutdown -Shut down the connection without sending a -.Qq close notify -shutdown alert to the server. -.It Fl reuse -Perform the timing test using the same session ID for each connection. -If neither -.Fl new -nor -.Fl reuse -are specified, -they are both on by default and executed in sequence. -.It Fl time Ar seconds -Limit -.Nm s_time -benchmarks to the number of -.Ar seconds . -The default is 30 seconds. -.It Fl verify Ar depth -Turn on server certificate verification, -with a maximum length of -.Ar depth . -Currently the verify operation continues after errors, so all the problems -with a certificate chain can be seen. -As a side effect, -the connection will never fail due to a server certificate verify failure. -.It Fl www Ar page -The page to GET from the server. -A value of -.Sq / -gets the index.htm[l] page. -If this parameter is not specified, -.Nm s_time -will only perform the handshake to establish SSL connections -but not transfer any payload data. -.El -.Tg sess_id -.Sh SESS_ID -.Bl -hang -width "openssl sess_id" -.It Nm openssl sess_id -.Bk -words -.Op Fl cert -.Op Fl context Ar ID -.Op Fl in Ar file -.Op Fl inform Cm der | pem -.Op Fl noout -.Op Fl out Ar file -.Op Fl outform Cm der | pem -.Op Fl text -.Ek -.El -.Pp -The -.Nm sess_id -program processes the encoded version of the SSL session structure and -optionally prints out SSL session details -(for example the SSL session master key) -in human-readable format. -.Pp -The options are as follows: -.Bl -tag -width Ds -.It Fl cert -If a certificate is present in the session, -it will be output using this option; -if the -.Fl text -option is also present, then it will be printed out in text form. -.It Fl context Ar ID -Set the session -.Ar ID . -The ID can be any string of characters. -.It Fl in Ar file -The input file to read from, -or standard input if not specified. -.It Fl inform Cm der | pem -The input format. -.Cm der -uses an ASN.1 DER-encoded format containing session details. -The precise format can vary from one version to the next. -.Cm pem -is the default format: it consists of the DER -format base64-encoded with additional header and footer lines. -.It Fl noout -Do not output the encoded version of the session. -.It Fl out Ar file -The output file to write to, -or standard output if not specified. -.It Fl outform Cm der | pem -The output format. -.It Fl text -Print the various public or private key components in plain text, -in addition to the encoded version. -.El -.Pp -The output of -.Nm sess_id -is composed as follows: -.Pp -.Bl -tag -width "Verify return code " -offset 3n -compact -.It Protocol -The protocol in use. -.It Cipher -The actual raw SSL or TLS cipher code. -.It Session-ID -The SSL session ID, in hex format. -.It Session-ID-ctx -The session ID context, in hex format. -.It Master-Key -The SSL session master key. -.It Key-Arg -The key argument; this is only used in SSL v2. -.It Start Time -The session start time. -.Ux -format. -.It Timeout -The timeout, in seconds. -.It Verify return code -The return code when a certificate is verified. -.El -.Pp -Since the SSL session output contains the master key, it is possible to read -the contents of an encrypted session using this information. -Therefore appropriate security precautions -should be taken if the information is being output by a -.Qq real -application. -This is, however, strongly discouraged and should only be used for -debugging purposes. -.Tg smime -.Sh SMIME -.Bl -hang -width "openssl smime" -.It Nm openssl smime -.Bk -words -.Oo -.Fl aes128 | aes192 | aes256 | des | -.Fl des3 | rc2-40 | rc2-64 | rc2-128 -.Oc -.Op Fl binary -.Op Fl CAfile Ar file -.Op Fl CApath Ar directory -.Op Fl certfile Ar file -.Op Fl check_ss_sig -.Op Fl content Ar file -.Op Fl crl_check -.Op Fl crl_check_all -.Op Fl decrypt -.Op Fl encrypt -.Op Fl extended_crl -.Op Fl from Ar addr -.Op Fl ignore_critical -.Op Fl in Ar file -.Op Fl indef -.Op Fl inform Cm der | pem | smime -.Op Fl inkey Ar file -.Op Fl issuer_checks -.Op Fl keyform Cm der | pem -.Op Fl md Ar digest -.Op Fl noattr -.Op Fl nocerts -.Op Fl nochain -.Op Fl nodetach -.Op Fl noindef -.Op Fl nointern -.Op Fl nosigs -.Op Fl nosmimecap -.Op Fl noverify -.Op Fl out Ar file -.Op Fl outform Cm der | pem | smime -.Op Fl passin Ar arg -.Op Fl pk7out -.Op Fl policy_check -.Op Fl recip Ar file -.Op Fl resign -.Op Fl sign -.Op Fl signer Ar file -.Op Fl stream -.Op Fl subject Ar s -.Op Fl text -.Op Fl to Ar addr -.Op Fl verify -.Op Fl x509_strict -.Op Ar cert.pem ... -.Ek -.El -.Pp -The -.Nm smime -command handles S/MIME mail. -It can encrypt, decrypt, sign, and verify S/MIME messages. -.Pp -The MIME message must be sent without any blank lines between the -headers and the output. -Some mail programs will automatically add a blank line. -Piping the mail directly to an MTA is one way to -achieve the correct format. -.Pp -The supplied message to be signed or encrypted must include the necessary -MIME headers or many S/MIME clients won't display it properly (if at all). -Use the -.Fl text -option to automatically add plain text headers. -.Pp -A -.Qq signed and encrypted -message is one where a signed message is then encrypted. -This can be produced by encrypting an already signed message. -.Pp -There are a number of operations that can be performed, as follows: -.Bl -tag -width "XXXX" -.It Fl decrypt -Decrypt mail using the supplied certificate and private key. -The input file is an encrypted mail message in MIME format. -The decrypted mail is written to the output file. -.It Fl encrypt -Encrypt mail for the given recipient certificates. -The input is the message to be encrypted. -The output file is the encrypted mail, in MIME format. -.It Fl pk7out -Take an input message and write out a PEM-encoded PKCS#7 structure. -.It Fl resign -Resign a message: take an existing message and one or more new signers. -.It Fl sign -Sign mail using the supplied certificate and private key. -The input file is the message to be signed. -The signed message, in MIME format, is written to the output file. -.It Fl verify -Verify signed mail. -The input is a signed mail message and the output is the signed data. -Both clear text and opaque signing is supported. -.El -.Pp -The remaining options are as follows: -.Bl -tag -width "XXXX" -.It Xo -.Fl aes128 | aes192 | aes256 | des | -.Fl des3 | rc2-40 | rc2-64 | rc2-128 -.Xc -The encryption algorithm to use. -128-, 192-, or 256-bit AES, DES (56 bits), triple DES (168 bits), -or 40-, 64-, or 128-bit RC2, respectively; -if not specified, 40-bit RC2 is -used. -Only used with -.Fl encrypt . -.It Fl binary -Normally, the input message is converted to -.Qq canonical -format which uses CR/LF as end of line, -as required by the S/MIME specification. -When this option is present, no translation occurs. -This is useful when handling binary data which may not be in MIME format. -.It Fl CAfile Ar file -A -.Ar file -containing trusted CA certificates; only used with -.Fl verify . -.It Fl CApath Ar directory -A -.Ar directory -containing trusted CA certificates; only used with -.Fl verify . -This directory must be a standard certificate directory: -that is, a hash of each subject name (using -.Nm x509 -hash ) -should be linked to each certificate. -.It Ar cert.pem ... -One or more certificates of message recipients: used when encrypting -a message. -.It Fl certfile Ar file -Allows additional certificates to be specified. -When signing, these will be included with the message. -When verifying, these will be searched for the signers' certificates. -The certificates should be in PEM format. -.It Xo -.Fl check_ss_sig , -.Fl crl_check , -.Fl crl_check_all , -.Fl extended_crl , -.Fl ignore_critical , -.Fl issuer_checks , -.Fl policy_check , -.Fl x509_strict -.Xc -Set various certificate chain validation options. -See the -.Nm verify -command for details. -.It Fl content Ar file -A file containing the detached content. -This is only useful with the -.Fl verify -option, -and only usable if the PKCS#7 structure is using the detached -signature form where the content is not included. -This option will override any content if the input format is S/MIME -and it uses the multipart/signed MIME content type. -.It Xo -.Fl from Ar addr , -.Fl subject Ar s , -.Fl to Ar addr -.Xc -The relevant mail headers. -These are included outside the signed -portion of a message so they may be included manually. -When signing, many S/MIME -mail clients check that the signer's certificate email -address matches the From: address. -.It Fl in Ar file -The input file to read from. -.It Fl indef -Enable streaming I/O for encoding operations. -This permits single pass processing of data without -the need to hold the entire contents in memory, -potentially supporting very large files. -Streaming is automatically set for S/MIME signing with detached -data if the output format is SMIME; -it is currently off by default for all other operations. -.It Fl inform Cm der | pem | smime -The input format. -.It Fl inkey Ar file -The private key to use when signing or decrypting, -which must match the corresponding certificate. -If this option is not specified, the private key must be included -in the certificate file specified with -the -.Fl recip -or -.Fl signer -file. -When signing, -this option can be used multiple times to specify successive keys. -.It Fl keyform Cm der | pem -Input private key format. -The default is -.Cm pem . -.It Fl md Ar digest -The digest algorithm to use when signing or resigning. -If not present then the default digest algorithm for the signing key is used -(usually SHA1). -.It Fl noattr -Do not include attributes. -.It Fl nocerts -Do not include the signer's certificate. -This will reduce the size of the signed message but the verifier must -have a copy of the signer's certificate available locally (passed using the -.Fl certfile -option, for example). -.It Fl nochain -Do not do chain verification of signers' certificates: that is, -don't use the certificates in the signed message as untrusted CAs. -.It Fl nodetach -When signing a message, use opaque signing: this form is more resistant -to translation by mail relays but it cannot be read by mail agents that -do not support S/MIME. -Without this option cleartext signing with the MIME type -multipart/signed is used. -.It Fl noindef -Disable streaming I/O where it would produce an encoding of indefinite length -(currently has no effect). -.It Fl nointern -Only use certificates specified in the -.Fl certfile . -The supplied certificates can still be used as untrusted CAs. -.It Fl nosigs -Do not try to verify the signatures on the message. -.It Fl nosmimecap -Exclude the list of supported algorithms from signed attributes, -other options such as signing time and content type are still included. -.It Fl noverify -Do not verify the signer's certificate of a signed message. -.It Fl out Ar file -The output file to write to. -.It Fl outform Cm der | pem | smime -The output format. -The default is smime, which writes an S/MIME format message. -.Cm pem -and -.Cm der -change this to write PEM and DER format PKCS#7 structures instead. -This currently only affects the output format of the PKCS#7 -structure; if no PKCS#7 structure is being output (for example with -.Fl verify -or -.Fl decrypt ) -this option has no effect. -.It Fl passin Ar arg -The key password source. -.It Fl recip Ar file -The recipients certificate when decrypting a message. -This certificate -must match one of the recipients of the message or an error occurs. -.It Fl signer Ar file -A signing certificate when signing or resigning a message; -this option can be used multiple times if more than one signer is required. -If a message is being verified, the signer's certificates will be -written to this file if the verification was successful. -.It Fl stream -The same as -.Fl indef . -.It Fl text -Add plain text (text/plain) MIME -headers to the supplied message if encrypting or signing. -If decrypting or verifying, it strips off text headers: -if the decrypted or verified message is not of MIME type text/plain -then an error occurs. -.El -.Pp -The exit codes for -.Nm smime -are as follows: -.Pp -.Bl -tag -width "XXXX" -offset 3n -compact -.It 0 -The operation was completely successful. -.It 1 -An error occurred parsing the command options. -.It 2 -One of the input files could not be read. -.It 3 -An error occurred creating the file or when reading the message. -.It 4 -An error occurred decrypting or verifying the message. -.It 5 -An error occurred writing certificates. -.El -.Tg speed -.Sh SPEED -.Bl -hang -width "openssl speed" -.It Nm openssl speed -.Bk -words -.Op Ar algorithm -.Op Fl decrypt -.Op Fl elapsed -.Op Fl evp Ar algorithm -.Op Fl mr -.Op Fl multi Ar number -.Op Fl unaligned Ar number -.Ek -.El -.Pp -The -.Nm speed -command is used to test the performance of cryptographic algorithms. -.Bl -tag -width "XXXX" -.It Ar algorithm -Perform the test using -.Ar algorithm . -The default is to test all algorithms. -.It Fl decrypt -Time decryption instead of encryption; -must be used with -.Fl evp . -.It Fl elapsed -Measure time in real time instead of CPU user time. -.It Fl evp Ar algorithm -Perform the test using one of the algorithms accepted by -.Xr EVP_get_cipherbyname 3 . -.It Fl mr -Produce machine readable output. -.It Fl multi Ar number -Run -.Ar number -benchmarks in parallel. -.It Fl unaligned Ar number -Use allocated buffers with an offset of -.Ar number -bytes from the alignment provided by -.Xr malloc 3 . -.Ar number -should be between 0 and 16. -.El -.Tg ts -.Sh TS -.Bk -words -.Bl -hang -width "openssl ts" -.It Nm openssl ts -.Fl query -.Op Fl md4 | md5 | ripemd160 | sha1 -.Op Fl cert -.Op Fl config Ar configfile -.Op Fl data Ar file_to_hash -.Op Fl digest Ar digest_bytes -.Op Fl in Ar request.tsq -.Op Fl no_nonce -.Op Fl out Ar request.tsq -.Op Fl policy Ar object_id -.Op Fl text -.It Nm openssl ts -.Fl reply -.Op Fl chain Ar certs_file.pem -.Op Fl config Ar configfile -.Op Fl in Ar response.tsr -.Op Fl inkey Ar private.pem -.Op Fl out Ar response.tsr -.Op Fl passin Ar arg -.Op Fl policy Ar object_id -.Op Fl queryfile Ar request.tsq -.Op Fl section Ar tsa_section -.Op Fl signer Ar tsa_cert.pem -.Op Fl text -.Op Fl token_in -.Op Fl token_out -.It Nm openssl ts -.Fl verify -.Op Fl CAfile Ar trusted_certs.pem -.Op Fl CApath Ar trusted_cert_path -.Op Fl data Ar file_to_hash -.Op Fl digest Ar digest_bytes -.Op Fl in Ar response.tsr -.Op Fl queryfile Ar request.tsq -.Op Fl token_in -.Op Fl untrusted Ar cert_file.pem -.El -.Ek -.Pp -The -.Nm ts -command is a basic Time Stamping Authority (TSA) client and server -application as specified in RFC 3161 (Time-Stamp Protocol, TSP). -A TSA can be part of a PKI deployment and its role is to provide long -term proof of the existence of specific data. -Here is a brief description of the protocol: -.Bl -enum -.It -The TSA client computes a one-way hash value for a data file and sends -the hash to the TSA. -.It -The TSA attaches the current date and time to the received hash value, -signs them and sends the time stamp token back to the client. -By creating this token the TSA certifies the existence of the original -data file at the time of response generation. -.It -The TSA client receives the time stamp token and verifies the -signature on it. -It also checks if the token contains the same hash -value that it had sent to the TSA. -.El -.Pp -There is one DER-encoded protocol data unit defined for transporting a time -stamp request to the TSA and one for sending the time stamp response -back to the client. -The -.Nm ts -command has three main functions: -creating a time stamp request based on a data file; -creating a time stamp response based on a request; -and verifying if a response corresponds -to a particular request or a data file. -.Pp -There is no support for sending the requests/responses automatically -over HTTP or TCP yet as suggested in RFC 3161. -Users must send the requests either by FTP or email. -.Pp -The -.Fl query -switch can be used for creating and printing a time stamp -request with the following options: -.Bl -tag -width Ds -.It Fl cert -Expect the TSA to include its signing certificate in the response. -.It Fl config Ar configfile -Specify an alternative configuration file. -Only the OID section is used. -.It Fl data Ar file_to_hash -The data file for which the time stamp request needs to be created. -The default is standard input. -.It Fl digest Ar digest_bytes -Specify the message imprint explicitly without the data file. -The imprint must be specified in a hexadecimal format, -two characters per byte, -the bytes optionally separated by colons. -The number of bytes must match the message digest algorithm in use. -.It Fl in Ar request.tsq -A previously created time stamp request in DER -format that will be printed into the output file. -Useful for examining the content of a request in human-readable format. -.It Fl md4 | md5 | ripemd160 | sha | sha1 -The message digest to apply to the data file. -It supports all the message digest algorithms that are supported by the -.Nm dgst -command. -The default is SHA1. -.It Fl no_nonce -Specify no nonce in the request. -The default, to include a 64-bit long pseudo-random nonce, -is recommended to protect against replay attacks. -.It Fl out Ar request.tsq -The output file to write to, -or standard output if not specified. -.It Fl policy Ar object_id -The policy that the client expects the TSA to use for creating the -time stamp token. -Either dotted OID notation or OID names defined -in the config file can be used. -If no policy is requested, the TSA uses its own default policy. -.It Fl text -Output in human-readable text format instead of DER. -.El -.Pp -A time stamp response (TimeStampResp) consists of a response status -and the time stamp token itself (ContentInfo), -if the token generation was successful. -The -.Fl reply -command is for creating a time stamp -response or time stamp token based on a request and printing the -response/token in human-readable format. -If -.Fl token_out -is not specified the output is always a time stamp response (TimeStampResp), -otherwise it is a time stamp token (ContentInfo). -.Bl -tag -width Ds -.It Fl chain Ar certs_file.pem -The collection of PEM certificates -that will be included in the response -in addition to the signer certificate if the -.Fl cert -option was used for the request. -This file is supposed to contain the certificate chain -for the signer certificate from its issuer upwards. -The -.Fl reply -command does not build a certificate chain automatically. -.It Fl config Ar configfile -Specify an alternative configuration file. -.It Fl in Ar response.tsr -Specify a previously created time stamp response (or time stamp token, if -.Fl token_in -is also specified) -in DER format that will be written to the output file. -This option does not require a request; -it is useful, for example, -to examine the content of a response or token -or to extract the time stamp token from a response. -If the input is a token and the output is a time stamp response, a default -.Qq granted -status info is added to the token. -.It Fl inkey Ar private.pem -The signer private key of the TSA in PEM format. -Overrides the -.Cm signer_key -config file option. -.It Fl out Ar response.tsr -The response is written to this file. -The format and content of the file depends on other options (see -.Fl text -and -.Fl token_out ) . -The default is stdout. -.It Fl passin Ar arg -The key password source. -.It Fl policy Ar object_id -The default policy to use for the response. -Either dotted OID notation or OID names defined -in the config file can be used. -If no policy is requested, the TSA uses its own default policy. -.It Fl queryfile Ar request.tsq -The file containing a DER-encoded time stamp request. -.It Fl section Ar tsa_section -The config file section containing the settings for response generation. -.It Fl signer Ar tsa_cert.pem -The PEM signer certificate of the TSA. -The TSA signing certificate must have exactly one extended key usage -assigned to it: timeStamping. -The extended key usage must also be critical, -otherwise the certificate is going to be refused. -Overrides the -.Cm signer_cert -variable of the config file. -.It Fl text -Output in human-readable text format instead of DER. -.It Fl token_in -The input is a DER-encoded time stamp token (ContentInfo) -instead of a time stamp response (TimeStampResp). -.It Fl token_out -The output is a time stamp token (ContentInfo) -instead of a time stamp response (TimeStampResp). -.El -.Pp -The -.Fl verify -command is for verifying if a time stamp response or time stamp token -is valid and matches a particular time stamp request or data file. -The -.Fl verify -command does not use the configuration file. -.Bl -tag -width Ds -.It Fl CAfile Ar trusted_certs.pem -The file containing a set of trusted self-signed PEM CA certificates. -See -.Nm verify -for additional details. -Either this option or -.Fl CApath -must be specified. -.It Fl CApath Ar trusted_cert_path -The directory containing the trusted CA certificates of the client. -See -.Nm verify -for additional details. -Either this option or -.Fl CAfile -must be specified. -.It Fl data Ar file_to_hash -The response or token must be verified against -.Ar file_to_hash . -The file is hashed with the message digest algorithm specified in the token. -The -.Fl digest -and -.Fl queryfile -options must not be specified with this one. -.It Fl digest Ar digest_bytes -The response or token must be verified against the message digest specified -with this option. -The number of bytes must match the message digest algorithm -specified in the token. -The -.Fl data -and -.Fl queryfile -options must not be specified with this one. -.It Fl in Ar response.tsr -The time stamp response that needs to be verified, in DER format. -This option in mandatory. -.It Fl queryfile Ar request.tsq -The original time stamp request, in DER format. -The -.Fl data -and -.Fl digest -options must not be specified with this one. -.It Fl token_in -The input is a DER-encoded time stamp token (ContentInfo) -instead of a time stamp response (TimeStampResp). -.It Fl untrusted Ar cert_file.pem -Additional untrusted PEM certificates which may be needed -when building the certificate chain for the TSA's signing certificate. -This file must contain the TSA signing certificate and -all intermediate CA certificates unless the response includes them. -.El -.Pp -Options specified on the command line always override -the settings in the config file: -.Bl -tag -width Ds -.It Cm tsa Ar section , Cm default_tsa -This is the main section and it specifies the name of another section -that contains all the options for the -.Fl reply -option. -This section can be overridden with the -.Fl section -command line switch. -.It Cm oid_file -See -.Nm ca -for a description. -.It Cm oid_section -See -.Nm ca -for a description. -.It Cm serial -The file containing the hexadecimal serial number of the -last time stamp response created. -This number is incremented by 1 for each response. -If the file does not exist at the time of response generation, -a new file is created with serial number 1. -This parameter is mandatory. -.It Cm signer_cert -TSA signing certificate, in PEM format. -The same as the -.Fl signer -command line option. -.It Cm certs -A set of PEM-encoded certificates that need to be -included in the response. -The same as the -.Fl chain -command line option. -.It Cm signer_key -The private key of the TSA, in PEM format. -The same as the -.Fl inkey -command line option. -.It Cm default_policy -The default policy to use when the request does not mandate any policy. -The same as the -.Fl policy -command line option. -.It Cm other_policies -Comma separated list of policies that are also acceptable by the TSA -and used only if the request explicitly specifies one of them. -.It Cm digests -The list of message digest algorithms that the TSA accepts. -At least one algorithm must be specified. -This parameter is mandatory. -.It Cm accuracy -The accuracy of the time source of the TSA in seconds, milliseconds -and microseconds. -For example, secs:1, millisecs:500, microsecs:100. -If any of the components is missing, -zero is assumed for that field. -.It Cm clock_precision_digits -The maximum number of digits, which represent the fraction of seconds, -that need to be included in the time field. -The trailing zeroes must be removed from the time, -so there might actually be fewer digits -or no fraction of seconds at all. -The maximum value is 6; -the default is 0. -.It Cm ordering -If this option is yes, -the responses generated by this TSA can always be ordered, -even if the time difference between two responses is less -than the sum of their accuracies. -The default is no. -.It Cm tsa_name -Set this option to yes if the subject name of the TSA must be included in -the TSA name field of the response. -The default is no. -.It Cm ess_cert_id_chain -The SignedData objects created by the TSA always contain the -certificate identifier of the signing certificate in a signed -attribute (see RFC 2634, Enhanced Security Services). -If this option is set to yes and either the -.Cm certs -variable or the -.Fl chain -option is specified then the certificate identifiers of the chain will also -be included in the SigningCertificate signed attribute. -If this variable is set to no, -only the signing certificate identifier is included. -The default is no. -.El -.Tg verify -.Sh VERIFY -.Bl -hang -width "openssl verify" -.It Nm openssl verify -.Bk -words -.Op Fl CAfile Ar file -.Op Fl CApath Ar directory -.Op Fl check_ss_sig -.Op Fl CRLfile Ar file -.Op Fl crl_check -.Op Fl crl_check_all -.Op Fl explicit_policy -.Op Fl extended_crl -.Op Fl help -.Op Fl ignore_critical -.Op Fl inhibit_any -.Op Fl inhibit_map -.Op Fl issuer_checks -.Op Fl legacy_verify -.Op Fl policy_check -.Op Fl purpose Ar purpose -.Op Fl trusted Ar file -.Op Fl untrusted Ar file -.Op Fl verbose -.Op Fl x509_strict -.Op Ar certificates -.Ek -.El -.Pp -The -.Nm verify -command verifies certificate chains. -.Pp -The options are as follows: -.Bl -tag -width Ds -.It Fl CAfile Ar file -A -.Ar file -of trusted certificates. -The -.Ar file -should contain multiple certificates in PEM format, concatenated together. -.It Fl CApath Ar directory -A -.Ar directory -of trusted certificates. -The certificates, or symbolic links to them, -should have names of the form -.Ar hash Ns .0 , -where -.Ar hash -is the hashed certificate subject name -(see the -.Fl hash -option of the -.Nm x509 -utility). -.It Fl check_ss_sig -Verify the signature on the self-signed root CA. -This is disabled by default -because it doesn't add any security. -.It Fl CRLfile Ar file -The -.Ar file -should contain one or more CRLs in PEM format. -.It Fl crl_check -Check end entity certificate validity by attempting to look up a valid CRL. -If a valid CRL cannot be found, an error occurs. -.It Fl crl_check_all -Check the validity of all certificates in the chain by attempting -to look up valid CRLs. -.It Fl explicit_policy -Set policy variable require-explicit-policy (RFC 3280). -.It Fl extended_crl -Enable extended CRL features such as indirect CRLs and alternate CRL -signing keys. -.It Fl help -Print a usage message. -.It Fl ignore_critical -Ignore critical extensions instead of rejecting the certificate. -.It Fl inhibit_any -Set policy variable inhibit-any-policy (RFC 3280). -.It Fl inhibit_map -Set policy variable inhibit-policy-mapping (RFC 3280). -.It Fl issuer_checks -Print diagnostics relating to searches for the issuer certificate -of the current certificate -showing why each candidate issuer certificate was rejected. -The presence of rejection messages -does not itself imply that anything is wrong: -during the normal verify process several rejections may take place. -.It Fl legacy_verify -Use the legacy X.509 certificate chain verification code. -.It Fl policy_check -Enable certificate policy processing. -.It Fl purpose Ar purpose -The intended use for the certificate. -Without this option no chain verification will be done. -Currently accepted uses are -.Cm sslclient , sslserver , -.Cm nssslserver , smimesign , -.Cm smimeencrypt , crlsign , -.Cm any , -and -.Cm ocsphelper . -.It Fl trusted Ar file -A -.Ar file -of trusted certificates. -The -.Ar file -should contain multiple certificates. -.It Fl untrusted Ar file -A -.Ar file -of untrusted certificates. -The -.Ar file -should contain multiple certificates. -.It Fl verbose -Print extra information about the operations being performed. -.It Fl x509_strict -Disable workarounds for broken certificates which have to be disabled -for strict X.509 compliance. -.It Ar certificates -One or more PEM -.Ar certificates -to verify. -If no certificate files are included, an attempt is made to read -a certificate from standard input. -If the first certificate filename begins with a dash, -use a lone dash to mark the last option. -.El -.Pp -The -.Nm verify -program uses the same functions as the internal SSL and S/MIME verification, -with one crucial difference: -wherever possible an attempt is made to continue after an error, -whereas normally the verify operation would halt on the first error. -This allows all the problems with a certificate chain to be determined. -.Pp -The verify operation consists of a number of separate steps. -Firstly a certificate chain is built up starting from the supplied certificate -and ending in the root CA. -It is an error if the whole chain cannot be built up. -The chain is built up by looking up the issuer's certificate of the current -certificate. -If a certificate is found which is its own issuer, it is assumed -to be the root CA. -.Pp -All certificates whose subject name matches the issuer name -of the current certificate are subject to further tests. -The relevant authority key identifier components of the current certificate -(if present) must match the subject key identifier (if present) -and issuer and serial number of the candidate issuer; -in addition the -.Cm keyUsage -extension of the candidate issuer (if present) must permit certificate signing. -.Pp -The lookup first looks in the list of untrusted certificates and if no match -is found the remaining lookups are from the trusted certificates. -The root CA is always looked up in the trusted certificate list: -if the certificate to verify is a root certificate, -then an exact match must be found in the trusted list. -.Pp -The second operation is to check every untrusted certificate's extensions for -consistency with the supplied purpose. -If the -.Fl purpose -option is not included, then no checks are done. -The supplied or -.Qq leaf -certificate must have extensions compatible with the supplied purpose -and all other certificates must also be valid CA certificates. -The precise extensions required are described in more detail in -the -.Nm X509 -section below. -.Pp -The third operation is to check the trust settings on the root CA. -The root CA should be trusted for the supplied purpose. -A certificate with no trust settings is considered to be valid for -all purposes. -.Pp -The final operation is to check the validity of the certificate chain. -The validity period is checked against the current system time and the -.Cm notBefore -and -.Cm notAfter -dates in the certificate. -The certificate signatures are also checked at this point. -.Pp -If all operations complete successfully, the certificate is considered -valid. -If any operation fails then the certificate is not valid. -When a verify operation fails, the output messages can be somewhat cryptic. -The general form of the error message is: -.Bd -literal -server.pem: /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test CA (1024-bit) -error 24 at 1 depth lookup:invalid CA certificate -.Ed -.Pp -The first line contains the name of the certificate being verified, followed by -the subject name of the certificate. -The second line contains the error number as defined by the -.Dv X509_V_ERR_* -constants in -.In openssl/x509_vfy.h , -the associated error message documented in -.Xr X509_STORE_CTX_get_error 3 , -and the depth. -The depth is the number of the certificate being verified when a -problem was detected starting with zero for the certificate being verified -itself, then 1 for the CA that signed the certificate and so on. -.Tg version -.Sh VERSION -.Nm openssl version -.Op Fl abdfpv -.Pp -The -.Nm version -command is used to print out version information about -.Nm openssl . -.Pp -The options are as follows: -.Bl -tag -width Ds -.It Fl a -All information: this is the same as setting all the other flags. -.It Fl b -The date the current version of -.Nm openssl -was built. -.It Fl d -.Ev OPENSSLDIR -setting. -.It Fl f -Compilation flags. -.It Fl p -Platform setting. -.It Fl v -The current -.Nm openssl -version. -.El -.Tg x509 -.Sh X509 -.Bl -hang -width "openssl x509" -.It Nm openssl x509 -.Bk -words -.Op Fl C -.Op Fl addreject Ar arg -.Op Fl addtrust Ar arg -.Op Fl alias -.Op Fl CA Ar file -.Op Fl CAcreateserial -.Op Fl CAform Cm der | pem -.Op Fl CAkey Ar file -.Op Fl CAkeyform Cm der | pem -.Op Fl CAserial Ar file -.Op Fl certopt Ar option -.Op Fl checkend Ar arg -.Op Fl clrext -.Op Fl clrreject -.Op Fl clrtrust -.Op Fl dates -.Op Fl days Ar arg -.Op Fl email -.Op Fl enddate -.Op Fl extensions Ar section -.Op Fl extfile Ar file -.Op Fl fingerprint -.Op Fl force_pubkey Ar key -.Op Fl hash -.Op Fl in Ar file -.Op Fl inform Cm der | net | pem -.Op Fl issuer -.Op Fl issuer_hash -.Op Fl issuer_hash_old -.Op Fl keyform Cm der | pem -.Op Fl md5 | sha1 -.Op Fl modulus -.Op Fl multivalue-rdn -.Op Fl nameopt Ar option -.Op Fl new -.Op Fl next_serial -.Op Fl noout -.Op Fl ocsp_uri -.Op Fl ocspid -.Op Fl out Ar file -.Op Fl outform Cm der | net | pem -.Op Fl passin Ar arg -.Op Fl pubkey -.Op Fl purpose -.Op Fl req -.Op Fl serial -.Op Fl set_issuer Ar name -.Op Fl set_serial Ar n -.Op Fl set_subject Ar name -.Op Fl setalias Ar arg -.Op Fl signkey Ar file -.Op Fl sigopt Ar nm:v -.Op Fl startdate -.Op Fl subject -.Op Fl subject_hash -.Op Fl subject_hash_old -.Op Fl text -.Op Fl trustout -.Op Fl utf8 -.Op Fl x509toreq -.Ek -.El -.Pp -The -.Nm x509 -command is a multi-purpose certificate utility. -It can be used to display certificate information, convert certificates to -various forms, sign certificate requests like a -.Qq mini CA , -or edit certificate trust settings. -.Pp -The following are x509 input, output, and general purpose options: -.Bl -tag -width "XXXX" -.It Fl in Ar file -The input file to read from, -or standard input if not specified. -This option cannot be used with -.Fl new . -.It Fl inform Cm der | net | pem -The input format. -Normally, the command will expect an X.509 certificate, -but this can change if other options such as -.Fl in -or -.Fl req -are present. -.It Fl md5 | sha1 -The digest to use. -This affects any signing or display option that uses a message digest, -such as the -.Fl fingerprint , signkey , -and -.Fl CA -options. -If not specified, MD5 is used. -SHA1 is always used with DSA keys. -.It Fl out Ar file -The output file to write to, -or standard output if none is specified. -.It Fl outform Cm der | net | pem -The output format. -.It Fl passin Ar arg -The key password source. -.El -.Pp -The following are x509 display options: -.Bl -tag -width "XXXX" -.It Fl C -Output the certificate in the form of a C source file. -.It Fl certopt Ar option -Customise the output format used with -.Fl text , -either using a list of comma-separated options or by specifying -.Fl certopt -multiple times. -The default behaviour is to print all fields. -The options are as follows: -.Pp -.Bl -tag -width "no_extensions" -offset indent -compact -.It Cm ca_default -Equivalent to -.Cm no_issuer , no_pubkey , no_header , -.Cm no_version , no_sigdump , -and -.Cm no_signame . -.It Cm compatible -Equivalent to no output options at all. -.It Cm ext_default -Print unsupported certificate extensions. -.It Cm ext_dump -Hex dump unsupported extensions. -.It Cm ext_error -Print an error message for unsupported certificate extensions. -.It Cm ext_parse -ASN.1 parse unsupported extensions. -.It Cm no_aux -Do not print certificate trust information. -.It Cm no_extensions -Do not print X509V3 extensions. -.It Cm no_header -Do not print header (Certificate and Data) information. -.It Cm no_issuer -Do not print the issuer name. -.It Cm no_pubkey -Do not print the public key. -.It Cm no_serial -Do not print the serial number. -.It Cm no_sigdump -Do not give a hexadecimal dump of the certificate signature. -.It Cm no_signame -Do not print the signature algorithm used. -.It Cm no_subject -Do not print the subject name. -.It Cm no_validity -Do not print the -.Cm notBefore -and -.Cm notAfter -(validity) fields. -.It Cm no_version -Do not print the version number. -.El -.It Fl dates -Print the start and expiry date of a certificate. -.It Fl email -Output the email addresses, if any. -.It Fl enddate -Print the expiry date of the certificate; that is, the -.Cm notAfter -date. -.It Fl fingerprint -Print the digest of the DER-encoded version of the whole certificate. -.It Fl hash -A synonym for -.Fl subject_hash . -.It Fl issuer -Print the issuer name. -.It Fl issuer_hash -Print the hash of the certificate issuer name. -.It Fl issuer_hash_old -Print the hash of the certificate issuer name -using the older algorithm as used by -.Nm openssl -versions before 1.0.0. -.It Fl modulus -Print the value of the modulus of the public key contained in the certificate. -.It Fl multivalue-rdn -This option causes the -.Fl subj -argument to be interpreted with full support for multivalued RDNs, -for example -.Qq "/DC=org/DC=OpenSSL/DC=users/UID=123456+CN=John Doe" . -If -.Fl multivalue-rdn -is not used, the UID value is set to -.Qq "123456+CN=John Doe" . -.It Fl nameopt Ar option -Customise how the subject or issuer names are displayed, -either using a list of comma-separated options or by specifying -.Fl nameopt -multiple times. -The default behaviour is to use the -.Cm oneline -format. -The options, -which can be preceded by a dash to turn them off, -are as follows: -.Bl -tag -width "XXXX" -.It Cm align -Align field values for a more readable output. -Only usable with -.Ar sep_multiline . -.It Cm compat -Use the old format, -equivalent to specifying no options at all. -.It Cm dn_rev -Reverse the fields of the DN, as required by RFC 2253. -As a side effect, this also reverses the order of multiple AVAs. -.It Cm dump_all -Dump all fields. -When used with -.Ar dump_der , -it allows the DER encoding of the structure to be unambiguously determined. -.It Cm dump_der -Any fields that need to be hexdumped are -dumped using the DER encoding of the field. -Otherwise just the content octets will be displayed. -Both options use the RFC 2253 #XXXX... format. -.It Cm dump_nostr -Dump non-character string types -(for example OCTET STRING); -usually, non-character string types are displayed -as though each content octet represents a single character. -.It Cm dump_unknown -Dump any field whose OID is not recognised by -.Nm openssl . -.It Cm esc_2253 -Escape the -.Qq special -characters required by RFC 2253 in a field that is -.Dq \& ,+"<>; . -Additionally, -.Sq # -is escaped at the beginning of a string -and a space character at the beginning or end of a string. -.It Cm esc_ctrl -Escape control characters. -That is, those with ASCII values less than 0x20 (space) -and the delete (0x7f) character. -They are escaped using the RFC 2253 \eXX notation (where XX are two hex -digits representing the character value). -.It Cm esc_msb -Escape characters with the MSB set; that is, with ASCII values larger than -127. -.It Cm multiline -A multiline format. -Equivalent to -.Cm esc_ctrl , esc_msb , sep_multiline , -.Cm space_eq , lname , -and -.Cm align . -.It Cm no_type -Do not attempt to interpret multibyte characters. -That is, content octets are merely dumped as though one octet -represents each character. -This is useful for diagnostic purposes -but results in rather odd looking output. -.It Cm nofname , sname , lname , oid -Alter how the field name is displayed: -.Cm nofname -does not display the field at all; -.Cm sname -uses the short name form (CN for -.Cm commonName , -for example); -.Cm lname -uses the long form. -.Cm oid -represents the OID in numerical form and is useful for diagnostic purpose. -.It Cm oneline -A one line format which is more readable than -.Cm RFC2253 . -Equivalent to -.Cm esc_2253 , esc_ctrl , esc_msb , utf8 , -.Cm dump_nostr , dump_der , use_quote , sep_comma_plus_spc , -.Cm space_eq , -and -.Cm sname . -.It Cm RFC2253 -Displays names compatible with RFC 2253. -Equivalent to -.Cm esc_2253 , esc_ctrl , -.Cm esc_msb , utf8 , dump_nostr , dump_unknown , -.Cm dump_der , sep_comma_plus , dn_rev , -and -.Cm sname . -.It Cm sep_comma_plus , sep_comma_plus_space , sep_semi_plus_space , sep_multiline -Determine the field separators: -the first character is between RDNs and the second between multiple AVAs -(multiple AVAs are very rare and their use is discouraged). -The options ending in -.Qq space -additionally place a space after the separator to make it more readable. -.Cm sep_multiline -uses a linefeed character for the RDN separator and a spaced -.Sq + -for the AVA separator, -as well as indenting the fields by four characters. -If no field separator is specified then -.Cm sep_comma_plus_space -is used by default. -.It Cm show_type -Show the type of the ASN.1 character string. -The type precedes the field contents. -For example -.Qq BMPSTRING: Hello World . -.It Cm space_eq -Place spaces round the -.Sq = -character which follows the field name. -.It Cm use_quote -Escape some characters by surrounding the whole string with -.Sq \&" -characters. -Without the option, all escaping is done with the -.Sq \e -character. -.It Cm utf8 -Convert all strings to UTF8 format first, as required by RFC 2253. -On a UTF8 compatible terminal, -the use of this option (and not setting -.Cm esc_msb ) -may result in the correct display of multibyte characters. -Usually, multibyte characters larger than 0xff -are represented using the format \eUXXXX for 16 bits and \eWXXXXXXXX -for 32 bits, -and any UTF8Strings are converted to their character form first. -.El -.It Fl next_serial -Print the next serial number. -.It Fl noout -Do not output the encoded version of the request. -.It Fl ocsp_uri -Print the OCSP responder addresses, if any. -.It Fl ocspid -Print OCSP hash values for the subject name and public key. -.It Fl pubkey -Print the public key. -.It Fl serial -Print the certificate serial number. -.It Fl sigopt Ar nm:v -Pass options to the signature algorithm during sign or certify operations. -The names and values of these options are algorithm-specific. -.It Fl startdate -Print the start date of the certificate; that is, the -.Cm notBefore -date. -.It Fl subject -Print the subject name. -.It Fl subject_hash -Print the hash of the certificate subject name. -This is used in -.Nm openssl -to form an index to allow certificates in a directory to be looked up -by subject name. -.It Fl subject_hash_old -Print the hash of the certificate subject name -using the older algorithm as used by -.Nm openssl -versions before 1.0.0. -.It Fl text -Print the full certificate in text form. -.El -.Pp -A trusted certificate is a certificate which has several -additional pieces of information attached to it such as the permitted -and prohibited uses of the certificate and an alias. -When a certificate is being verified, at least one certificate must be trusted. -By default, a trusted certificate must be stored locally and be a root CA. -The following are x509 trust settings options: -.Bl -tag -width "XXXX" -.It Fl addreject Ar arg -Add a prohibited use. -Accepts the same values as the -.Fl addtrust -option. -.It Fl addtrust Ar arg -Add a trusted certificate use. -Any object name can be used here, but currently only -.Cm clientAuth -(SSL client use), -.Cm serverAuth -(SSL server use), -and -.Cm emailProtection -(S/MIME email) are used. -.It Fl alias -Output the certificate alias. -.It Fl clrreject -Clear all the prohibited or rejected uses of the certificate. -.It Fl clrtrust -Clear all the permitted or trusted uses of the certificate. -.It Fl purpose -Perform tests on the certificate extensions. -The same code is used when verifying untrusted certificates in chains, -so this section is useful if a chain is rejected by the verify code. -.Pp -The -.Cm basicConstraints -extension CA flag is used to determine whether the -certificate can be used as a CA. -If the CA flag is true, it is a CA; -if the CA flag is false, it is not a CA. -All CAs should have the CA flag set to true. -.Pp -If the -.Cm basicConstraints -extension is absent, then the certificate is -considered to be a possible CA; -other extensions are checked according to the intended use of the certificate. -A warning is given in this case because the certificate should really not -be regarded as a CA. -However it is allowed to be a CA to work around some broken software. -.Pp -If the certificate is a V1 certificate -(and thus has no extensions) and it is self-signed, -it is also assumed to be a CA but a warning is again given. -This is to work around the problem of Verisign roots -which are V1 self-signed certificates. -.Pp -If the -.Cm keyUsage -extension is present, then additional restraints are -made on the uses of the certificate. -A CA certificate must have the -.Cm keyCertSign -bit set if the -.Cm keyUsage -extension is present. -.Pp -The extended key usage extension places additional restrictions on the -certificate uses. -If this extension is present, whether critical or not, -the key can only be used for the purposes specified. -.Pp -A complete description of each test is given below. -The comments about -.Cm basicConstraints -and -.Cm keyUsage -and V1 certificates above apply to all CA certificates. -.Bl -tag -width "XXXX" -.It SSL Client -The extended key usage extension must be absent or include the -web client authentication OID. -.Cm keyUsage -must be absent or it must have the -.Cm digitalSignature -bit set. -The Netscape certificate type must be absent -or it must have the SSL client bit set. -.It SSL Client CA -The extended key usage extension must be absent or include the -web client authentication OID. -The Netscape certificate type must be absent -or it must have the SSL CA bit set: -this is used as a workaround if the -.Cm basicConstraints -extension is absent. -.It SSL Server -The extended key usage extension must be absent or include the -web server authentication and/or one of the SGC OIDs. -.Cm keyUsage -must be absent or it must have the -.Cm digitalSignature -set, the -.Cm keyEncipherment -set, or both bits set. -The Netscape certificate type must be absent or have the SSL server bit set. -.It SSL Server CA -The extended key usage extension must be absent or include the -web server authentication and/or one of the SGC OIDs. -The Netscape certificate type must be absent or the SSL CA bit must be set: -this is used as a workaround if the -.Cm basicConstraints -extension is absent. -.It Netscape SSL Server -For Netscape SSL clients to connect to an SSL server; it must have the -.Cm keyEncipherment -bit set if the -.Cm keyUsage -extension is present. -This isn't always valid because some cipher suites use the key for -digital signing. -Otherwise it is the same as a normal SSL server. -.It Common S/MIME Client Tests -The extended key usage extension must be absent or include the -email protection OID. -The Netscape certificate type must be absent or should have the S/MIME bit set. -If the S/MIME bit is not set in Netscape certificate type, then the SSL -client bit is tolerated as an alternative but a warning is shown: -this is because some Verisign certificates don't set the S/MIME bit. -.It S/MIME Signing -In addition to the common S/MIME client tests, the -.Cm digitalSignature -bit must be set if the -.Cm keyUsage -extension is present. -.It S/MIME Encryption -In addition to the common S/MIME tests, the -.Cm keyEncipherment -bit must be set if the -.Cm keyUsage -extension is present. -.It S/MIME CA -The extended key usage extension must be absent or include the -email protection OID. -The Netscape certificate type must be absent -or must have the S/MIME CA bit set: -this is used as a workaround if the -.Cm basicConstraints -extension is absent. -.It CRL Signing -The -.Cm keyUsage -extension must be absent or it must have the CRL signing bit set. -.It CRL Signing CA -The normal CA tests apply, except the -.Cm basicConstraints -extension must be present. -.El -.It Fl setalias Ar arg -Set the alias of the certificate, -allowing the certificate to be referred to using a nickname, -such as -.Qq Steve's Certificate . -.It Fl trustout -Output a trusted certificate -(the default if any trust settings are modified). -An ordinary or trusted certificate can be input, but by default an ordinary -certificate is output and any trust settings are discarded. -.El -.Pp -The -.Nm x509 -utility can be used to sign certificates and requests: -it can thus behave like a mini CA. -The following are x509 signing options: -.Bl -tag -width "XXXX" -.It Fl CA Ar file -The CA certificate to be used for signing. -When this option is present, -.Nm x509 -behaves like a mini CA. -The input file is signed by the CA using this option; -that is, its issuer name is set to the subject name of the CA and it is -digitally signed using the CA's private key. -.Pp -This option is normally combined with the -.Fl req -option. -Without the -.Fl req -option, the input is a certificate which must be self-signed. -.It Fl CAcreateserial -Create the CA serial number file if it does not exist -instead of generating an error. -The file will contain the serial number -.Sq 02 -and the certificate being signed will have -.Sq 1 -as its serial number. -.It Fl CAform Cm der | pem -The format of the CA certificate file. -The default is -.Cm pem . -.It Fl CAkey Ar file -Set the CA private key to sign a certificate with. -Otherwise it is assumed that the CA private key is present -in the CA certificate file. -.It Fl CAkeyform Cm der | pem -The format of the CA private key. -The default is -.Cm pem . -.It Fl CAserial Ar file -Use the serial number in -.Ar file -to sign a certificate. -The file should consist of one line containing an even number of hex digits -with the serial number to use. -After each use the serial number is incremented and written out -to the file again. -.Pp -The default filename consists of the CA certificate file base name with -.Pa .srl -appended. -For example, if the CA certificate file is called -.Pa mycacert.pem , -it expects to find a serial number file called -.Pa mycacert.srl . -.It Fl checkend Ar arg -Check whether the certificate expires in the next -.Ar arg -seconds. -If so, exit with return value 1; -otherwise exit with return value 0. -.It Fl clrext -Delete any extensions from a certificate. -This option is used when a certificate is being created from another -certificate (for example with the -.Fl signkey -or the -.Fl CA -options). -Normally, all extensions are retained. -.It Fl days Ar arg -The number of days to make a certificate valid for. -The default is 30 days. -.It Fl extensions Ar section -The section to add certificate extensions from. -If this option is not specified, the extensions should either be -contained in the unnamed (default) section -or the default section should contain a variable called -.Qq extensions -which contains the section to use. -.It Fl extfile Ar file -File containing certificate extensions to use. -If not specified, no extensions are added to the certificate. -.It Fl force_pubkey Ar key -Set the public key of the certificate to the public key contained in -.Ar key . -.It Fl keyform Cm der | pem -The format of the key file used in the -.Fl force_pubkey -and -.Fl signkey -options. -.It Fl new -Generate a new certificate using the subject given by -.Fl set_subject -and signed by -.Fl signkey . -If no public key is provided with -.Fl force_pubkey , -the resulting certificate is self-signed. -This option cannot be used with -.Fl in -or -.Fl req . -.It Fl req -Expect a certificate request on input instead of a certificate. -This option cannot be used with -.Fl new . -.It Fl set_issuer Ar name -The issuer name to use. -.Ar name -must be formatted as /type0=value0/type1=value1/type2=...; -characters may be escaped by -.Sq \e -(backslash); -no spaces are skipped. -.It Fl set_serial Ar n -The serial number to use. -This option can be used with either the -.Fl signkey -or -.Fl CA -options. -If used in conjunction with the -.Fl CA -option, the serial number file (as specified by the -.Fl CAserial -or -.Fl CAcreateserial -options) is not used. -.Pp -The serial number can be decimal or hex (if preceded by -.Sq 0x ) . -Negative serial numbers can also be specified but their use is not recommended. -.It Fl set_subject Ar name -The subject name to use. -.Ar name -must be formatted as /type0=value0/type1=value1/type2=...; -characters may be escaped by -.Sq \e -(backslash); -no spaces are skipped. -.It Fl signkey Ar file -Self-sign -.Ar file -using the supplied private key. -.Pp -If the input file is a certificate, it sets the issuer name to the -subject name (i.e. makes it self-signed), -changes the public key to the supplied value, -and changes the start and end dates. -The start date is set to the current time and the end date is set to -a value determined by the -.Fl days -option. -Any certificate extensions are retained unless the -.Fl clrext -option is supplied. -.Pp -If the input is a certificate request, a self-signed certificate -is created using the supplied private key using the subject name in -the request. -.It Fl utf8 -Interpret field values read from a terminal or obtained from a configuration -file as UTF-8 strings. -By default, they are interpreted as ASCII. -.It Fl x509toreq -Convert a certificate into a certificate request. -The -.Fl signkey -option is used to pass the required private key. -.El -.Sh COMMON NOTATION -Several commands share a common syntax, -as detailed below. -.Pp -Password arguments, typically specified using -.Fl passin -and -.Fl passout -for input and output passwords, -allow passwords to be obtained from a variety of sources. -Both of these options take a single argument, described below. -If no password argument is given and a password is required, -then the user is prompted to enter one: -this will typically be read from the current terminal with echoing turned off. -.Bl -tag -width "pass:password" -offset indent -.It Cm pass : Ns Ar password -The actual password is -.Ar password . -Since the password is visible to utilities, -this form should only be used where security is not important. -.It Cm env : Ns Ar var -Obtain the password from the environment variable -.Ar var . -Since the environment of other processes is visible, -this option should be used with caution. -.It Cm file : Ns Ar path -The first line of -.Ar path -is the password. -If the same -.Ar path -argument is supplied to -.Fl passin -and -.Fl passout , -then the first line will be used for the input password and the next line -for the output password. -.Ar path -need not refer to a regular file: -it could, for example, refer to a device or named pipe. -.It Cm fd : Ns Ar number -Read the password from the file descriptor -.Ar number . -This can be used to send the data via a pipe, for example. -.It Cm stdin -Read the password from standard input. -.El -.Pp -Input/output formats, -typically specified using -.Fl inform -and -.Fl outform , -indicate the format being read from or written to. -The argument is case insensitive. -.Pp -.Bl -tag -width Ds -offset indent -compact -.It Cm der -Distinguished Encoding Rules (DER) -is a binary format. -.It Cm net -Insecure legacy format. -.It Cm pem -Privacy Enhanced Mail (PEM) -is base64-encoded. -.It Cm pvk -Private Key format. -.It Cm smime -An SMIME format message. -.It Cm txt -Plain ASCII text. -.El -.Sh ENVIRONMENT -The following environment variables affect the execution of -.Nm openssl : -.Bl -tag -width "/etc/ssl/openssl.cnf" -.It Ev OPENSSL_CONF -The location of the master configuration file. -.El -.Sh FILES -.Bl -tag -width "/etc/ssl/openssl.cnf" -compact -.It Pa /etc/ssl/ -Default config directory for -.Nm openssl . -.It Pa /etc/ssl/lib/ -Unused. -.It Pa /etc/ssl/private/ -Default private key directory. -.It Pa /etc/ssl/openssl.cnf -Default configuration file for -.Nm openssl . -.It Pa /etc/ssl/x509v3.cnf -Default configuration file for -.Nm x509 -certificates. -.El -.Sh SEE ALSO -.Xr acme-client 1 , -.Xr nc 1 , -.Xr openssl.cnf 5 , -.Xr x509v3.cnf 5 , -.Xr ssl 8 , -.Xr starttls 8 -.Sh STANDARDS -.Rs -.%A T. Dierks -.%A C. Allen -.%D January 1999 -.%R RFC 2246 -.%T The TLS Protocol Version 1.0 -.Re -.Pp -.Rs -.%A M. Wahl -.%A S. Killie -.%A T. Howes -.%D December 1997 -.%R RFC 2253 -.%T Lightweight Directory Access Protocol (v3): UTF-8 String Representation of Distinguished Names -.Re -.Pp -.Rs -.%A B. Kaliski -.%D March 1998 -.%R RFC 2315 -.%T PKCS #7: Cryptographic Message Syntax Version 1.5 -.Re -.Pp -.Rs -.%A R. Housley -.%A W. Ford -.%A W. Polk -.%A D. Solo -.%D January 1999 -.%R RFC 2459 -.%T Internet X.509 Public Key Infrastructure Certificate and CRL Profile -.Re -.Pp -.Rs -.%A M. Myers -.%A R. Ankney -.%A A. Malpani -.%A S. Galperin -.%A C. Adams -.%D June 1999 -.%R RFC 2560 -.%T X.509 Internet Public Key Infrastructure Online Certificate Status Protocol \(en OCSP -.Re -.Pp -.Rs -.%A R. Housley -.%D June 1999 -.%R RFC 2630 -.%T Cryptographic Message Syntax -.Re -.Pp -.Rs -.%A P. Chown -.%D June 2002 -.%R RFC 3268 -.%T Advanced Encryption Standard (AES) Ciphersuites for Transport Layer Security (TLS) -.Re diff -Naur a/apps/openssl/openssl-libre.1 b/apps/openssl/openssl-libre.1 --- a/apps/openssl/openssl-libre.1 1970-01-01 06:00:00.000000000 +0600 +++ b/apps/openssl/openssl-libre.1 2025-01-09 23:29:16.599526244 +0600 @@ -0,0 +1,6865 @@ +.\" $OpenBSD: openssl.1,v 1.161 2024/08/30 06:05:10 jmc Exp $ +.\" ==================================================================== +.\" Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in +.\" the documentation and/or other materials provided with the +.\" distribution. +.\" +.\" 3. All advertising materials mentioning features or use of this +.\" software must display the following acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" +.\" +.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +.\" endorse or promote products derived from this software without +.\" prior written permission. For written permission, please contact +.\" openssl-core@openssl.org. +.\" +.\" 5. Products derived from this software may not be called "OpenSSL" +.\" nor may "OpenSSL" appear in their names without prior written +.\" permission of the OpenSSL Project. +.\" +.\" 6. Redistributions of any form whatsoever must retain the following +.\" acknowledgment: +.\" "This product includes software developed by the OpenSSL Project +.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +.\" OF THE POSSIBILITY OF SUCH DAMAGE. +.\" ==================================================================== +.\" +.\" This product includes cryptographic software written by Eric Young +.\" (eay@cryptsoft.com). This product includes software written by Tim +.\" Hudson (tjh@cryptsoft.com). +.\" +.\" +.\" Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) +.\" All rights reserved. +.\" +.\" This package is an SSL implementation written +.\" by Eric Young (eay@cryptsoft.com). +.\" The implementation was written so as to conform with Netscapes SSL. +.\" +.\" This library is free for commercial and non-commercial use as long as +.\" the following conditions are aheared to. The following conditions +.\" apply to all code found in this distribution, be it the RC4, RSA, +.\" lhash, DES, etc., code; not just the SSL code. The SSL documentation +.\" included with this distribution is covered by the same copyright terms +.\" except that the holder is Tim Hudson (tjh@cryptsoft.com). +.\" +.\" Copyright remains Eric Young's, and as such any Copyright notices in +.\" the code are not to be removed. +.\" If this package is used in a product, Eric Young should be given attribution +.\" as the author of the parts of the library used. +.\" This can be in the form of a textual message at program startup or +.\" in documentation (online or textual) provided with the package. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. All advertising materials mentioning features or use of this software +.\" must display the following acknowledgement: +.\" "This product includes cryptographic software written by +.\" Eric Young (eay@cryptsoft.com)" +.\" The word 'cryptographic' can be left out if the rouines from the library +.\" being used are not cryptographic related :-). +.\" 4. If you include any Windows specific code (or a derivative thereof) from +.\" the apps directory (application code) you must include an +.\" acknowledgement: +.\" "This product includes software written by Tim Hudson +.\" (tjh@cryptsoft.com)" +.\" +.\" THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" The licence and distribution terms for any publically available version or +.\" derivative of this code cannot be changed. i.e. this code cannot simply be +.\" copied and put under another distribution licence +.\" [including the GNU Public Licence.] +.\" +.Dd $Mdocdate: August 30 2024 $ +.Dt OPENSSL 1 +.Os +.Sh NAME +.Nm openssl +.Nd OpenSSL command line tool +.Sh SYNOPSIS +.Nm +.Ar command +.Op Ar command_opt ... +.Op Ar command_arg ... +.Pp +.Nm +.Cm list-standard-commands | +.Cm list-message-digest-commands | +.Cm list-cipher-commands | +.Cm list-cipher-algorithms | +.Cm list-message-digest-algorithms | +.Cm list-public-key-algorithms +.Pp +.Nm +.Cm no- Ns Ar command +.Sh DESCRIPTION +.Nm OpenSSL +is a cryptography toolkit implementing the +Transport Layer Security +.Pq TLS +network protocol, +as well as related cryptography standards. +.Pp +The +.Nm +program is a command line tool for using the various +cryptography functions of +.Nm openssl Ns 's +crypto library from the shell. +.Pp +The pseudo-commands +.Cm list-standard-commands , list-message-digest-commands , +and +.Cm list-cipher-commands +output a list +.Pq one entry per line +of the names of all standard commands, message digest commands, +or cipher commands, respectively, that are available in the present +.Nm +utility. +.Pp +The pseudo-commands +.Cm list-cipher-algorithms +and +.Cm list-message-digest-algorithms +list all cipher and message digest names, +one entry per line. +Aliases are listed as: +.Pp +.D1 from => to +.Pp +The pseudo-command +.Cm list-public-key-algorithms +lists all supported public key algorithms. +.Pp +The pseudo-command +.Cm no- Ns Ar command +tests whether a command of the +specified name is available. +If +.Ar command +does not exist, +it returns 0 +and prints +.Cm no- Ns Ar command ; +otherwise it returns 1 and prints +.Ar command . +In both cases, the output goes to stdout and nothing is printed to stderr. +Additional command line arguments are always ignored. +Since for each cipher there is a command of the same name, +this provides an easy way for shell scripts to test for the +availability of ciphers in the +.Nm +program. +.Pp +.Sy Note : +.Cm no- Ns Ar command +is not able to detect pseudo-commands such as +.Cm quit , +.Cm list- Ns Ar ... Ns Cm -commands , +or +.Cm no- Ns Ar command +itself. +.Tg asn1parse +.Sh ASN1PARSE +.Bl -hang -width "openssl asn1parse" +.It Nm openssl asn1parse +.Bk -words +.Op Fl i +.Op Fl dlimit Ar number +.Op Fl dump +.Op Fl genconf Ar file +.Op Fl genstr Ar str +.Op Fl in Ar file +.Op Fl inform Cm der | pem | txt +.Op Fl length Ar number +.Op Fl noout +.Op Fl offset Ar number +.Op Fl oid Ar file +.Op Fl out Ar file +.Op Fl strparse Ar offset +.Ek +.El +.Pp +The +.Nm asn1parse +command is a diagnostic utility that can parse ASN.1 structures. +It can also be used to extract data from ASN.1 formatted data. +.Pp +The options are as follows: +.Bl -tag -width Ds +.It Fl dlimit Ar number +Dump the first +.Ar number +bytes of unknown data in hex form. +.It Fl dump +Dump unknown data in hex form. +.It Fl genconf Ar file , Fl genstr Ar str +Generate encoded data based on string +.Ar str , +file +.Ar file , +or both, using the format described in +.Xr ASN1_generate_nconf 3 . +If only +.Ar file +is present then the string is obtained from the default section +using the name +.Dq asn1 . +The encoded data is passed through the ASN.1 parser and printed out as +though it came from a file; +the contents can thus be examined and written to a file using the +.Fl out +option. +.It Fl i +Indent the output according to the +.Qq depth +of the structures. +.It Fl in Ar file +The input file to read from, or standard input if not specified. +.It Fl inform Cm der | pem | txt +The input format. +.It Fl length Ar number +Number of bytes to parse; the default is until end of file. +.It Fl noout +Do not output the parsed version of the input file. +.It Fl offset Ar number +Starting offset to begin parsing; the default is start of file. +.It Fl oid Ar file +A file containing additional object identifiers +.Pq OIDs . +If an OID +.Pq object identifier +is not part of +.Nm openssl Ns 's +internal table, it will be represented in +numerical form +.Pq for example 1.2.3.4 . +.Pp +Each line consists of three columns: +the first column is the OID in numerical format and should be followed by +whitespace. +The second column is the +.Qq short name , +which is a single word followed by whitespace. +The final column is the rest of the line and is the +.Qq long name . +.Nm asn1parse +displays the long name. +.It Fl out Ar file +The DER-encoded output file; the default is no encoded output +(useful when combined with +.Fl strparse ) . +.It Fl strparse Ar offset +Parse the content octets of the ASN.1 object starting at +.Ar offset . +This option can be used multiple times to +.Qq drill down +into a nested structure. +.El +.Tg ca +.Sh CA +.Bl -hang -width "openssl ca" +.It Nm openssl ca +.Bk -words +.Op Fl batch +.Op Fl cert Ar file +.Op Fl config Ar file +.Op Fl create_serial +.Op Fl crl_CA_compromise Ar time +.Op Fl crl_compromise Ar time +.Op Fl crl_hold Ar instruction +.Op Fl crl_reason Ar reason +.Op Fl crldays Ar days +.Op Fl crlexts Ar section +.Op Fl crlhours Ar hours +.Op Fl crlsec Ar seconds +.Op Fl days Ar arg +.Op Fl enddate Ar date +.Op Fl extensions Ar section +.Op Fl extfile Ar file +.Op Fl gencrl +.Op Fl in Ar file +.Op Fl infiles +.Op Fl key Ar password +.Op Fl keyfile Ar file +.Op Fl keyform Cm pem | der +.Op Fl md Ar alg +.Op Fl msie_hack +.Op Fl multivalue-rdn +.Op Fl name Ar section +.Op Fl noemailDN +.Op Fl notext +.Op Fl out Ar file +.Op Fl outdir Ar directory +.Op Fl passin Ar arg +.Op Fl policy Ar arg +.Op Fl preserveDN +.Op Fl revoke Ar file +.Op Fl selfsign +.Op Fl sigopt Ar nm:v +.Op Fl ss_cert Ar file +.Op Fl startdate Ar date +.Op Fl status Ar serial +.Op Fl subj Ar arg +.Op Fl updatedb +.Op Fl utf8 +.Op Fl verbose +.Ek +.El +.Pp +The +.Nm ca +command is a minimal certificate authority (CA) application. +It can be used to sign certificate requests in a variety of forms +and generate certificate revocation lists (CRLs). +It also maintains a text database of issued certificates and their status. +.Pp +The options relevant to CAs are as follows: +.Bl -tag -width "XXXX" +.It Fl batch +Batch mode. +In this mode no questions will be asked +and all certificates will be certified automatically. +.It Fl cert Ar file +The CA certificate file. +.It Fl config Ar file +Specify an alternative configuration file. +.It Fl create_serial +If reading the serial from the text file as specified in the +configuration fails, create a new random serial to be used as the +next serial number. +.It Fl days Ar arg +The number of days to certify the certificate for. +.It Fl enddate Ar date +Set the expiry date. +The format of the date is [YY]YYMMDDHHMMSSZ, +with all four year digits required for dates from 2050 onwards. +.It Fl extensions Ar section +The section of the configuration file containing certificate extensions +to be added when a certificate is issued (defaults to +.Cm x509_extensions +unless the +.Fl extfile +option is used). +If no extension section is present, a V1 certificate is created. +If the extension section is present +.Pq even if it is empty , +then a V3 certificate is created. +See the +.Xr x509v3.cnf 5 +manual page for details of the extension section format. +.It Fl extfile Ar file +An additional configuration +.Ar file +to read certificate extensions from +(using the default section unless the +.Fl extensions +option is also used). +.It Fl in Ar file +An input +.Ar file +containing a single certificate request to be signed by the CA. +.It Fl infiles +If present, this should be the last option; all subsequent arguments +are assumed to be the names of files containing certificate requests. +.It Fl key Ar password +The +.Fa password +used to encrypt the private key. +Since on some systems the command line arguments are visible, +this option should be used with caution. +.It Fl keyfile Ar file +The private key to sign requests with. +.It Fl keyform Cm pem | der +Private key file format. +The default is +.Cm pem . +.It Fl md Ar alg +The message digest to use. +Possible values include +.Ar md5 +and +.Ar sha1 . +This option also applies to CRLs. +.It Fl msie_hack +This is a legacy option to make +.Nm ca +work with very old versions of the IE certificate enrollment control +.Qq certenr3 . +It used UniversalStrings for almost everything. +Since the old control has various security bugs, +its use is strongly discouraged. +The newer control +.Qq Xenroll +does not need this option. +.It Fl multivalue-rdn +This option causes the +.Fl subj +argument to be interpreted with full support for multivalued RDNs, +for example +.Qq "/DC=org/DC=OpenSSL/DC=users/UID=123456+CN=John Doe" . +If +.Fl multivalue-rdn +is not used, the UID value is set to +.Qq "123456+CN=John Doe" . +.It Fl name Ar section +Specifies the configuration file +.Ar section +to use (overrides +.Cm default_ca +in the +.Cm ca +section). +.It Fl noemailDN +The DN of a certificate can contain the EMAIL field if present in the +request DN, however it is good policy just having the email set into +the +.Cm altName +extension of the certificate. +When this option is set, the EMAIL field is removed from the certificate's +subject and set only in the, eventually present, extensions. +The +.Ar email_in_dn +keyword can be used in the configuration file to enable this behaviour. +.It Fl notext +Don't output the text form of a certificate to the output file. +.It Fl out Ar file +The output file to output certificates to. +The default is standard output. +The certificate details will also be printed out to this file in +PEM format. +.It Fl outdir Ar directory +The +.Ar directory +to output certificates to. +The certificate will be written to a file consisting of the +serial number in hex with +.Qq .pem +appended. +.It Fl passin Ar arg +The key password source. +.It Fl policy Ar arg +Define the CA +.Qq policy +to use. +The policy section in the configuration file +consists of a set of variables corresponding to certificate DN fields. +The values may be one of +.Qq match +(the value must match the same field in the CA certificate), +.Qq supplied +(the value must be present), or +.Qq optional +(the value may be present). +Any fields not mentioned in the policy section +are silently deleted, unless the +.Fl preserveDN +option is set, +but this can be regarded more of a quirk than intended behaviour. +.It Fl preserveDN +Normally, the DN order of a certificate is the same as the order of the +fields in the relevant policy section. +When this option is set, the order is the same as the request. +This is largely for compatibility with the older IE enrollment control +which would only accept certificates if their DNs matched the order of the +request. +This is not needed for Xenroll. +.It Fl selfsign +Indicates the issued certificates are to be signed with the key the +certificate requests were signed with, given with +.Fl keyfile . +Certificate requests signed with a different key are ignored. +If +.Fl gencrl +or +.Fl ss_cert +are given, +.Fl selfsign +is ignored. +.Pp +A consequence of using +.Fl selfsign +is that the self-signed certificate appears among the entries in +the certificate database (see the configuration option +.Cm database ) +and uses the same serial number counter as all other certificates +signed with the self-signed certificate. +.It Fl sigopt Ar nm:v +Pass options to the signature algorithm during sign or certify operations. +The names and values of these options are algorithm-specific. +.It Fl ss_cert Ar file +A single self-signed certificate to be signed by the CA. +.It Fl startdate Ar date +Set the start date. +The format of the date is [YY]YYMMDDHHMMSSZ, +with all four year digits required for dates from 2050 onwards. +.It Fl subj Ar arg +Supersedes the subject name given in the request. +The +.Ar arg +must be formatted as +.Sm off +.Pf / Ar type0 Ns = Ar value0 Ns / Ar type 1 Ns = Ar value 1 Ns / +.Ar type2 Ns = Ar ... ; +.Sm on +characters may be escaped by +.Sq \e +.Pq backslash , +no spaces are skipped. +.It Fl utf8 +Interpret field values read from a terminal or obtained from a +configuration file as UTF-8 strings. +By default, they are interpreted as ASCII. +.It Fl verbose +Print extra details about the operations being performed. +.El +.Pp +The options relevant to CRLs are as follows: +.Bl -tag -width "XXXX" +.It Fl crl_CA_compromise Ar time +This is the same as +.Fl crl_compromise , +except the revocation reason is set to CACompromise. +.It Fl crl_compromise Ar time +Set the revocation reason to keyCompromise and the compromise time to +.Ar time . +.Ar time +should be in GeneralizedTime format, i.e. YYYYMMDDHHMMSSZ. +.It Fl crl_hold Ar instruction +Set the CRL revocation reason code to certificateHold and the hold +instruction to +.Ar instruction +which must be an OID. +Although any OID can be used, only holdInstructionNone +(the use of which is discouraged by RFC 2459), holdInstructionCallIssuer or +holdInstructionReject will normally be used. +.It Fl crl_reason Ar reason +Revocation reason, where +.Ar reason +is one of: +unspecified, keyCompromise, CACompromise, affiliationChanged, superseded, +cessationOfOperation, certificateHold or removeFromCRL. +The matching of +.Ar reason +is case insensitive. +Setting any revocation reason will make the CRL v2. +In practice, removeFromCRL is not particularly useful because it is only used +in delta CRLs which are not currently implemented. +.It Fl crldays Ar days +The number of days before the next CRL is due. +This is the days from now to place in the CRL +.Cm nextUpdate +field. +.It Fl crlexts Ar section +The +.Ar section +of the configuration file containing CRL extensions to include. +If no CRL extension section is present then a V1 CRL is created; +if the CRL extension section is present +(even if it is empty) +then a V2 CRL is created. +The CRL extensions specified are CRL extensions and not CRL entry extensions. +It should be noted that some software can't handle V2 CRLs. +See the +.Xr x509v3.cnf 5 +manual page for details of the extension section format. +.It Fl crlhours Ar hours +The number of hours before the next CRL is due. +.It Fl crlsec Ar seconds +The number of seconds before the next CRL is due. +.It Fl gencrl +Generate a CRL based on information in the index file. +.It Fl revoke Ar file +A +.Ar file +containing a certificate to revoke. +.It Fl status Ar serial +Show the status of the certificate with serial number +.Ar serial . +.It Fl updatedb +Update the database index to purge expired certificates. +.El +.Pp +Many of the options can be set in the +.Cm ca +section of the configuration file +(or in the default section of the configuration file), +specified using +.Cm default_ca +or +.Fl name . +The options +.Cm preserve +and +.Cm msie_hack +are read directly from the +.Cm ca +section. +.Pp +Many of the configuration file options are identical to command line +options. +Where the option is present in the configuration file and the command line, +the command line value is used. +Where an option is described as mandatory, then it must be present in +the configuration file or the command line equivalent +.Pq if any +used. +.Bl -tag -width "XXXX" +.It Cm certificate +The same as +.Fl cert . +It gives the file containing the CA certificate. +Mandatory. +.It Cm copy_extensions +Determines how extensions in certificate requests should be handled. +If set to +.Cm none +or this option is not present, then extensions are +ignored and not copied to the certificate. +If set to +.Cm copy , +then any extensions present in the request that are not already present +are copied to the certificate. +If set to +.Cm copyall , +then all extensions in the request are copied to the certificate: +if the extension is already present in the certificate it is deleted first. +.Pp +The +.Cm copy_extensions +option should be used with caution. +If care is not taken, it can be a security risk. +For example, if a certificate request contains a +.Cm basicConstraints +extension with CA:TRUE and the +.Cm copy_extensions +value is set to +.Cm copyall +and the user does not spot +this when the certificate is displayed, then this will hand the requester +a valid CA certificate. +.Pp +This situation can be avoided by setting +.Cm copy_extensions +to +.Cm copy +and including +.Cm basicConstraints +with CA:FALSE in the configuration file. +Then if the request contains a +.Cm basicConstraints +extension, it will be ignored. +.Pp +The main use of this option is to allow a certificate request to supply +values for certain extensions such as +.Cm subjectAltName . +.It Cm crl_extensions +The same as +.Fl crlexts . +.It Cm crlnumber +A text file containing the next CRL number to use in hex. +The CRL number will be inserted in the CRLs only if this file exists. +If this file is present, it must contain a valid CRL number. +.It Cm database +The text database file to use. +Mandatory. +This file must be present, though initially it will be empty. +.It Cm default_crl_hours , default_crl_days +The same as the +.Fl crlhours +and +.Fl crldays +options. +These will only be used if neither command line option is present. +At least one of these must be present to generate a CRL. +.It Cm default_days +The same as the +.Fl days +option. +The number of days to certify a certificate for. +.It Cm default_enddate +The same as the +.Fl enddate +option. +Either this option or +.Cm default_days +.Pq or the command line equivalents +must be present. +.It Cm default_md +The same as the +.Fl md +option. +The message digest to use. +Mandatory. +.It Cm default_startdate +The same as the +.Fl startdate +option. +The start date to certify a certificate for. +If not set, the current time is used. +.It Cm email_in_dn +The same as +.Fl noemailDN . +If the EMAIL field is to be removed from the DN of the certificate, +simply set this to +.Qq no . +If not present, the default is to allow for the EMAIL field in the +certificate's DN. +.It Cm msie_hack +The same as +.Fl msie_hack . +.It Cm name_opt , cert_opt +These options allow the format used to display the certificate details +when asking the user to confirm signing. +All the options supported by the +.Nm x509 +utilities' +.Fl nameopt +and +.Fl certopt +switches can be used here, except that +.Cm no_signame +and +.Cm no_sigdump +are permanently set and cannot be disabled +(this is because the certificate signature cannot be displayed because +the certificate has not been signed at this point). +.Pp +For convenience, the value +.Cm ca_default +is accepted by both to produce a reasonable output. +.Pp +If neither option is present, the format used in earlier versions of +.Nm openssl +is used. +Use of the old format is strongly discouraged +because it only displays fields mentioned in the +.Cm policy +section, +mishandles multicharacter string types and does not display extensions. +.It Cm new_certs_dir +The same as the +.Fl outdir +command line option. +It specifies the directory where new certificates will be placed. +Mandatory. +.It Cm oid_file +This specifies a file containing additional object identifiers. +Each line of the file should consist of the numerical form of the +object identifier followed by whitespace, then the short name followed +by whitespace and finally the long name. +.It Cm oid_section +This specifies a section in the configuration file containing extra +object identifiers. +Each line should consist of the short name of the object identifier +followed by +.Sq = +and the numerical form. +The short and long names are the same when this option is used. +.It Cm policy +The same as +.Fl policy . +Mandatory. +.It Cm preserve +The same as +.Fl preserveDN . +.It Cm private_key +Same as the +.Fl keyfile +option. +The file containing the CA private key. +Mandatory. +.It Cm serial +A text file containing the next serial number to use in hex. +Mandatory. +This file must be present and contain a valid serial number. +.It Cm unique_subject +If the value +.Cm yes +is given, the valid certificate entries in the +database must have unique subjects. +If the value +.Cm no +is given, +several valid certificate entries may have the exact same subject. +The default value is +.Cm yes . +.Pp +Note that it is valid in some circumstances for certificates to be created +without any subject. +In cases where there are multiple certificates without +subjects this does not count as a duplicate. +.It Cm x509_extensions +The same as +.Fl extensions . +.El +.Tg certhash +.Sh CERTHASH +.Bl -hang -width "openssl certhash" +.It Nm openssl certhash +.Bk -words +.Op Fl nv +.Ar dir ... +.Ek +.El +.Pp +The +.Nm certhash +command calculates a hash value of +.Qq .pem +file in the specified directory list and creates symbolic links for each file, +where the name of the link is the hash value. +See the +.Xr SSL_CTX_load_verify_locations 3 +manual page for how hash links are used. +.Pp +The links created are of the form +.Qq HHHHHHHH.D , +where each +.Sq H +is a hexadecimal character and +.Sq D +is a single decimal digit. +The hashes for CRLs look similar, except the letter +.Sq r +appears after the period, like this: +.Qq HHHHHHHH.rD . +When processing a directory, +.Nm certhash +will first remove all links that have a name in that syntax and invalid +reference. +.Pp +Multiple objects may have the same hash; they will be indicated by +incrementing the +.Sq D +value. +Duplicates are found by comparing the full SHA256 fingerprint. +A warning will be displayed if a duplicate is found. +.Pp +A warning will also be displayed if there are files that cannot be parsed as +either a certificate or a CRL. +.Pp +The options are as follows: +.Bl -tag -width Ds +.It Fl n +Perform a dry-run, and do not make any changes. +.It Fl v +Print extra details about the processing. +.It Ar dir ... +Specify the directories to process. +.El +.Tg ciphers +.Sh CIPHERS +.Nm openssl ciphers +.Op Fl hsVv +.Op Fl tls1_2 +.Op Fl tls1_3 +.Op Ar control +.Pp +The +.Nm ciphers +command converts the +.Ar control +string from the format documented in +.Xr SSL_CTX_set_cipher_list 3 +into an ordered SSL cipher suite preference list. +If no +.Ar control +string is specified, the +.Cm DEFAULT +list is printed. +.Pp +The options are as follows: +.Bl -tag -width Ds +.It Fl h , \&? +Print a brief usage message. +.It Fl s +Only list ciphers that are supported by the TLS method. +.It Fl tls1_2 | tls1_3 +In combination with the +.Fl s +option, list the ciphers which could be used +if the specified protocol version were negotiated. +.It Fl V +Verbose. +List ciphers with cipher suite code in hex format, +cipher name, and a complete description of protocol version, +key exchange, authentication, encryption, and mac algorithms. +.It Fl v +Like +.Fl V , +but without cipher suite codes. +.El +.Tg cms +.Sh CMS +.Bl -hang -width "openssl cms" +.It Nm openssl cms +.Bk -words +.Oo +.Fl aes128 | aes192 | aes256 | camellia128 | +.Fl camellia192 | camellia256 | des | des3 | +.Fl rc2-40 | rc2-64 | rc2-128 +.Oc +.Op Fl CAfile Ar file +.Op Fl CApath Ar directory +.Op Fl CRLfile Ar file +.Op Fl binary +.Op Fl certfile Ar file +.Op Fl certsout Ar file +.Op Fl cmsout +.Op Fl compress +.Op Fl content Ar file +.Op Fl crlfeol +.Op Fl data_create +.Op Fl data_out +.Op Fl debug_decrypt +.Op Fl decrypt +.Op Fl digest_create +.Op Fl digest_verify +.Op Fl econtent_type Ar type +.Op Fl encrypt +.Op Fl EncryptedData_decrypt +.Op Fl EncryptedData_encrypt +.Op Fl from Ar addr +.Op Fl in Ar file +.Op Fl inform Cm der | pem | smime +.Op Fl inkey Ar file +.Op Fl keyform Cm der | pem +.Op Fl keyid +.Op Fl keyopt Ar nm:v +.Op Fl md Ar digest +.Op Fl no_attr_verify +.Op Fl no_content_verify +.Op Fl no_signer_cert_verify +.Op Fl noattr +.Op Fl nocerts +.Op Fl nodetach +.Op Fl nointern +.Op Fl nooldmime +.Op Fl noout +.Op Fl nosigs +.Op Fl nosmimecap +.Op Fl noverify +.Op Fl out Ar file +.Op Fl outform Cm der | pem | smime +.Op Fl passin Ar src +.Op Fl print +.Op Fl pwri_password Ar arg +.Op Fl rctform Cm der | pem | smime +.Op Fl receipt_request_all | receipt_request_first +.Op Fl receipt_request_from Ar addr +.Op Fl receipt_request_print +.Op Fl receipt_request_to Ar addr +.Op Fl recip Ar file +.Op Fl resign +.Op Fl secretkey Ar key +.Op Fl secretkeyid Ar id +.Op Fl sign +.Op Fl sign_receipt +.Op Fl signer Ar file +.Op Fl stream | indef | noindef +.Op Fl subject Ar s +.Op Fl text +.Op Fl to Ar addr +.Op Fl uncompress +.Op Fl verify +.Op Fl verify_receipt Ar file +.Op Fl verify_retcode +.Op Ar cert.pem ... +.Ek +.El +.Pp +The +.Nm cms +command handles S/MIME v3.1 mail. +It can encrypt, decrypt, sign and verify, compress and uncompress S/MIME +messages. +.Pp +The MIME message must be sent without any blank lines between the headers and +the output. +Some mail programs will automatically add a blank line. +Piping the mail directly to sendmail is one way to achieve the correct format. +.Pp +The supplied message to be signed or encrypted must include the necessary MIME +headers or many S/MIME clients won't display it properly (if at all). +You can use the +.Fl text +option to automatically add plain text headers. +.Pp +A "signed and encrypted" message is one where a signed message is then +encrypted. +This can be produced by encrypting an already signed message. +.Pp +There are various operation options that set the type of operation to be +performed. +The meaning of the other options varies according to the operation type. +.Bl -tag -width "XXXX" +.It Fl encrypt +Encrypt mail for the given recipient certificates. +Input file is the message to be encrypted. +The output file is the encrypted mail in MIME format. +The actual CMS type is EnvelopedData. +Note that no revocation check is done for the recipient cert, so if that +key has been compromised, others may be able to decrypt the text. +.It Fl decrypt +Decrypt mail using the supplied certificate and private key. +Expects an encrypted mail message in MIME format for the input file. +The decrypted mail is written to the output file. +.It Fl sign +Sign mail using the supplied certificate and private key. +Input file is the message to be signed. +The signed message in MIME format is written to the output file. +.It Fl verify +Verify signed mail. +Expects a signed mail message on input and outputs the signed data. +Both clear text and opaque signing are supported. +.It Fl cmsout +Take an input message and write out a PEM encoded CMS structure. +.It Fl resign +Resign a message. +Take an existing message and one or more new signers. +This operation uses an existing message digest when adding a new signer. +This means that attributes must be present in at least one existing +signer using the same message digest or this operation will fail. +.It Fl data_create +Create a CMS Data type. +.It Fl data_out +Output a content from the input CMS Data type. +.It Fl digest_create +Create a CMS DigestedData type. +.It Fl digest_verify +Verify a CMS DigestedData type and output the content. +.It Fl compress +Create a CMS CompressedData type. +Must be compiled with zlib support for this option to work. +.It Fl uncompress +Uncompress a CMS CompressedData type and output the content. +Must be compiled with zlib support for this option to work. +.It Fl EncryptedData_encrypt +Encrypt a content using supplied symmetric key and algorithm using a +CMS EncryptedData type. +.It Fl EncryptedData_decrypt +Decrypt a CMS EncryptedData type using supplied symmetric key. +.It Fl sign_receipt +Generate and output a signed receipt for the supplied message. +The input message must contain a signed receipt request. +Functionality is otherwise similar to the +.Fl sign +operation. +.It Xo +.Fl verify_receipt Ar file +.Xc +Verify a signed receipt in file. +The input message must contain the original receipt request. +Functionality is otherwise similar to the +.Fl verify +operation. +.El +.Pp +The remaining options are as follows: +.Bl -tag -width "XXXX" +.It Xo +.Fl aes128 | aes192 | aes256 | camellia128 | +.Fl camellia192 | camellia256 | des | des3 | +.Fl rc2-40 | rc2-64 | rc2-128 +.Xc +The encryption algorithm to use. +128-, 192-, or 256-bit AES, 128-, 192-, or 256-bit CAMELLIA, +DES (56 bits), triple DES (168 bits), +or 40-, 64-, or 128-bit RC2, respectively; +if not specified, triple DES is +used. +Only used with +.Fl encrypt +and +.Fl EncryptedData_encrypt +commands. +.It Fl binary +Normally the input message is converted to "canonical" format which is +effectively using CR/LF as end of line, as required by the S/MIME specification. +When this option is present, no translation occurs. +This is useful when handling binary data which may not be in MIME format. +.It Fl CAfile Ar file +A file containing trusted CA certificates, used with +.Fl verify +and +.Fl verify_receipt . +.It Fl CApath Ar directory +A directory containing trusted CA certificates, used with +.Fl verify +and +.Fl verify_receipt . +This directory must be a standard certificate directory: that is a hash +of each subject name (using +.Nm x509 Fl hash ) +should be linked to each certificate. +.It Fl CRLfile Ar file +Allows additional certificate revocation lists to be specified for verification. +The CRLs should be in PEM format. +.It Ar cert.pem ... +One or more certificates of message recipients: used when encrypting a message. +.It Fl certfile Ar file +Allows additional certificates to be specified. +When signing, these will be included with the message. +When verifying, these will be searched for the signer's certificates. +The certificates should be in PEM format. +.It Fl certsout Ar file +A file that any certificates contained in the message are written to. +.It Xo +.Fl check_ss_sig , +.Fl crl_check , +.Fl crl_check_all , +.Fl extended_crl , +.Fl ignore_critical , +.Fl issuer_checks , +.Fl policy , +.Fl policy_check , +.Fl purpose , +.Fl x509_strict +.Xc +Set various certificate chain validation options. +See the +.Nm verify +command for details. +.It Fl content Ar file +A file containing the detached content. +This is only useful with the +.Fl verify +command. +This is only usable if the CMS structure is using the detached signature +form where the content is not included. +This option will override any content if the input format is S/MIME and +it uses the multipart/signed MIME content type. +.It Fl crlfeol +Output a S/MIME message with CR/LF end of line. +.It Fl debug_decrypt +Set the CMS_DEBUG_DECRYPT flag when decrypting. +This option should be used with caution, since this can be used to disable +the MMA attack protection and return an error if no recipient can be found. +See the +.Xr CMS_decrypt 3 +manual page for details of the flag. +.It Xo +.Fl from Ar addr , +.Fl subject Ar s , +.Fl to Ar addr +.Xc +The relevant mail headers. +These are included outside the signed portion of a message so they may +be included manually. +If signing then many S/MIME mail clients check the signer's certificate's +email address matches that specified in the From: address. +.It Fl econtent_type Ar type +Set the encapsulated content type, used with +.Fl sign . +If not supplied, the Data type is used. +The type argument can be any valid OID name in either text or numerical format. +.It Fl in Ar file +The input message to be encrypted or signed or the message to be decrypted or +verified. +.It Fl inform Cm der | pem | smime +The input format for the CMS structure. +The default is +.Cm smime , +which reads an S/MIME format message. +.Cm pem +and +.Cm der +format change this to expect PEM and DER format CMS structures instead. +This currently only affects the input format of the CMS structure; if no +CMS structure is being input (for example with +.Fl encrypt +or +.Fl sign ) +this option has no effect. +.It Fl inkey Ar file +The private key to use when signing or decrypting. +This must match the corresponding certificate. +If this option is not specified then the private key must be included in +the certificate file specified with the +.Fl recip +or +.Fl signer +file. +When signing, this option can be used multiple times to specify successive keys. +.It Fl keyform Cm der | pem +Input private key format. +The default is +.Cm pem . +.It Fl keyid +Use subject key identifier to identify certificates instead of issuer +name and serial number. +The supplied certificate must include a subject key identifier extension. +Supported by +.Fl sign +and +.Fl encrypt +operations. +.It Fl keyopt Ar nm:v +Set customised parameters for the preceding key or certificate +for encryption and signing. +It can currently be used to set RSA-PSS for signing, RSA-OAEP for +encryption or to modify default parameters for ECDH. +This option can be used multiple times. +.It Fl md Ar digest +The digest algorithm to use when signing or resigning. +If not present then the default digest algorithm for the signing key +will be used (usually SHA1). +.It Fl no_attr_verify +Do not verify the signer's attribute of a signature. +.It Fl no_content_verify +Do not verify the content of a signed message. +.It Fl no_signer_cert_verify +Do not verify the signer's certificate of a signed message. +.It Fl noattr +Do not include attributes. +Normally when a message is signed a set of attributes are included which +include the signing time and supported symmetric algorithms. +With this option they are not included. +.It Fl nocerts +Do not include the signer's certificate. +This will reduce the size of the signed message but the verifier must +have a copy of the signer's certificate available locally (passed using +the +.Fl certfile +option for example). +.It Fl nodetach +When signing a message, use opaque signing. +This form is more resistant to translation by mail relays but it cannot be +read by mail agents that do not support S/MIME. +Without this option cleartext signing with the MIME type multipart/signed is +used. +.It Fl nointern +Only the certificates specified in the +.Fl certfile +option are used. +When verifying a message, normally certificates (if any) included in the +message are searched for the signing certificate. +The supplied certificates can still be used as untrusted CAs however. +.It Fl nooldmime +Output an old S/MIME content type like "application/x-pkcs7-". +.It Fl noout +Do not output the parsed CMS structure for the +.Fl cmsout +operation. +This is useful when combined with the +.Fl print +option or if the syntax of the CMS structure is being checked. +.It Fl nosigs +Do not try to verify the signatures on the message. +.It Fl nosmimecap +Exclude the list of supported algorithms from signed attributes; other +options such as signing time and content type are still included. +.It Fl noverify +Do not verify the signer's certificate of a signed message. +.It Fl out Ar file +The message text that has been decrypted or verified or the output MIME +format message that has been signed or verified. +.It Fl outform Cm der | pem | smime +This specifies the output format for the CMS structure. +The default is +.Cm smime , +which writes an S/MIME format message. +.Cm pem +and +.Cm der +format change this to write PEM and DER format CMS structures instead. +This currently only affects the output format of the CMS structure; if +no CMS structure is being output (for example with +.Fl verify +or +.Fl decrypt ) +this option has no effect. +.It Fl passin Ar src +The private key password source. +.It Fl print +Print out all fields of the CMS structure for the +.Fl cmsout +operation. +This is mainly useful for testing purposes. +.It Fl pwri_password Ar arg +Specify PasswordRecipientInfo (PWRI) password to use. +Supported by the +.Fl encrypt +and +.Fl decrypt +operations. +.It Fl rctform Cm der | pem | smime +Specify the format for a signed receipt for use with the +.Fl receipt_verify +operation. +The default is +.Cm smime . +.It Fl receipt_request_all | receipt_request_first +Indicate requests should be provided by all recipient or first tier +recipients (those mailed directly and not from a mailing list), for the +.Fl sign +operation to include a signed receipt request. +Ignored if +.Fl receipt_request_from +is included. +.It Fl receipt_request_from Ar addr +Add an explicit email address where receipts should be supplied. +.It Fl receipt_request_print +Print out the contents of any signed receipt requests for the +.Fl verify +operation. +.It Fl receipt_request_to Ar addr +Add an explicit email address where signed receipts should be sent to. +This option must be supplied if a signed receipt is requested. +.It Fl recip Ar file +When decrypting a message, this specifies the recipient's certificate. +The certificate must match one of the recipients of the message or an +error occurs. +When encrypting a message, this option may be used multiple times to +specify each recipient. +This form must be used if customised parameters are required (for example to +specify RSA-OAEP). +Only certificates carrying RSA, Diffie-Hellman or EC keys are supported +by this option. +.It Fl secretkey Ar key +Specify symmetric key to use. +The key must be supplied in hex format and be consistent with the +algorithm used. +Supported by the +.Fl EncryptedData_encrypt , +.Fl EncryptedData_decrypt , +.Fl encrypt +and +.Fl decrypt +operations. +When used with +.Fl encrypt +or +.Fl decrypt , +the supplied key is used to wrap or unwrap the content encryption key +using an AES key in the KEKRecipientInfo type. +.It Fl secretkeyid Ar id +The key identifier for the supplied symmetric key for KEKRecipientInfo type. +This option must be present if the +.Fl secretkey +option is used with +.Fl encrypt . +With +.Fl decrypt +operations the id is used to locate the relevant key; if it is not supplied +then an attempt is used to decrypt any KEKRecipientInfo structures. +.It Fl signer Ar file +A signing certificate when signing or resigning a message; this option +can be used multiple times if more than one signer is required. +If a message is being verified then the signers certificates will be +written to this file if the verification was successful. +.It Xo +.Fl stream | +.Fl indef | +.Fl noindef +.Xc +The +.Fl stream +and +.Fl indef +options are equivalent and enable streaming I/O for encoding operations. +This permits single pass processing of data without the need to hold the +entire contents in memory, potentially supporting very large files. +Streaming is automatically set for S/MIME signing with detached data if +the output format is +.Cm smime ; +it is currently off by default for all other operations. +.Fl noindef +disable streaming I/O where it would produce an indefinite length +constructed encoding. +This option currently has no effect. +.It Fl text +Add plain text (text/plain) MIME headers to the supplied message if +encrypting or signing. +If decrypting or verifying, it strips off text headers: if the decrypted +or verified message is not of MIME type text/plain then an error occurs. +.It Fl verify_retcode +Set verification error code to exit code to indicate what verification error +has occurred. +Supported by +.Fl verify +operation only. +Exit code value minus 32 shows verification error code. +See +.Nm verify +command for the list of verification error code. +.El +.Pp +The exit codes for +.Nm cms +are as follows: +.Pp +.Bl -tag -width "XXXX" -offset 3n -compact +.It 0 +The operation was completely successful. +.It 1 +An error occurred parsing the command options. +.It 2 +One of the input files could not be read. +.It 3 +An error occurred creating the CMS file or when reading the MIME message. +.It 4 +An error occurred decrypting or verifying the message. +.It 5 +The message was verified correctly but an error occurred writing out the +signer's certificates. +.It 6 +An error occurred writing the output file. +.It 32+ +A verify error occurred while +.Fl verify_retcode +is specified. +.El +.Tg crl +.Sh CRL +.Bl -hang -width "openssl crl" +.It Nm openssl crl +.Bk -words +.Op Fl CAfile Ar file +.Op Fl CApath Ar dir +.Op Fl crlnumber +.Op Fl fingerprint +.Op Fl hash +.Op Fl hash_old +.Op Fl in Ar file +.Op Fl inform Cm der | pem +.Op Fl issuer +.Op Fl lastupdate +.Op Fl nameopt Ar option +.Op Fl nextupdate +.Op Fl noout +.Op Fl out Ar file +.Op Fl outform Cm der | pem +.Op Fl text +.Op Fl verify +.Ek +.El +.Pp +The +.Nm crl +command processes CRL files in DER or PEM format. +.Pp +The options are as follows: +.Bl -tag -width Ds +.It Fl CAfile Ar file +Verify the signature on a CRL by looking up the issuing certificate in +.Ar file . +.It Fl CApath Ar directory +Verify the signature on a CRL by looking up the issuing certificate in +.Ar dir . +This directory must be a standard certificate directory, +i.e. a hash of each subject name (using +.Cm x509 Fl hash ) +should be linked to each certificate. +.It Fl crlnumber +Print the CRL number. +.It Fl fingerprint +Print the CRL fingerprint. +.It Fl hash +Output a hash of the issuer name. +This can be used to look up CRLs in a directory by issuer name. +.It Fl hash_old +Output an old-style (MD5) hash of the issuer name. +.It Fl in Ar file +The input file to read from, or standard input if not specified. +.It Fl inform Cm der | pem +The input format. +.It Fl issuer +Output the issuer name. +.It Fl lastupdate +Output the +.Cm thisUpdate +field. +This option is misnamed for historical reasons. +.It Fl nameopt Ar option +Specify certificate name options. +.It Fl nextupdate +Output the +.Cm nextUpdate +field. +.It Fl noout +Do not output the encoded version of the CRL. +.It Fl out Ar file +The output file to write to, or standard output if not specified. +.It Fl outform Cm der | pem +The output format. +.It Fl text +Print the CRL in plain text. +.It Fl verify +Verify the signature on the CRL. +.El +.Tg crl2pkcs7 +.Sh CRL2PKCS7 +.Bl -hang -width "openssl crl2pkcs7" +.It Nm openssl crl2pkcs7 +.Bk -words +.Op Fl certfile Ar file +.Op Fl in Ar file +.Op Fl inform Cm der | pem +.Op Fl nocrl +.Op Fl out Ar file +.Op Fl outform Cm der | pem +.Ek +.El +.Pp +The +.Nm crl2pkcs7 +command takes an optional CRL and one or more +certificates and converts them into a PKCS#7 degenerate +.Qq certificates only +structure. +.Pp +The options are as follows: +.Bl -tag -width Ds +.It Fl certfile Ar file +Add the certificates in PEM +.Ar file +to the PKCS#7 structure. +This option can be used more than once +to read certificates from multiple files. +.It Fl in Ar file +Read the CRL from +.Ar file , +or standard input if not specified. +.It Fl inform Cm der | pem +The input format. +.It Fl nocrl +Normally, a CRL is included in the output file. +With this option, no CRL is +included in the output file and a CRL is not read from the input file. +.It Fl out Ar file +Write the PKCS#7 structure to +.Ar file , +or standard output if not specified. +.It Fl outform Cm der | pem +The output format. +.El +.Tg dgst +.Sh DGST +.Bl -hang -width "openssl dgst" +.It Nm openssl dgst +.Bk -words +.Op Fl cdr +.Op Fl binary +.Op Fl Ar digest +.Op Fl hex +.Op Fl hmac Ar key +.Op Fl keyform Cm pem +.Op Fl mac Ar algorithm +.Op Fl macopt Ar nm : Ns Ar v +.Op Fl out Ar file +.Op Fl passin Ar arg +.Op Fl prverify Ar file +.Op Fl sign Ar file +.Op Fl signature Ar file +.Op Fl sigopt Ar nm : Ns Ar v +.Op Fl verify Ar file +.Op Ar +.Ek +.El +.Pp +The digest functions output the message digest of a supplied +.Ar file +or +.Ar files +in hexadecimal form. +They can also be used for digital signing and verification. +.Pp +The options are as follows: +.Bl -tag -width Ds +.It Fl binary +Output the digest or signature in binary form. +.It Fl c +Print the digest in two-digit groups separated by colons. +.It Fl d +Print BIO debugging information. +.It Fl Ar digest +Use the specified message +.Ar digest . +The default is SHA256. +The available digests can be displayed using +.Nm openssl +.Cm list-message-digest-commands . +The following are equivalent: +.Nm openssl dgst +.Fl sha256 +and +.Nm openssl +.Cm sha256 . +.It Fl hex +Digest is to be output as a hex dump. +This is the default case for a +.Qq normal +digest as opposed to a digital signature. +.It Fl hmac Ar key +Create a hashed MAC using +.Ar key . +.It Fl keyform Cm pem +Specifies the key format to sign the digest with. +.It Fl mac Ar algorithm +Create a keyed Message Authentication Code (MAC). +The most popular MAC algorithm is HMAC (hash-based MAC), +but there are other MAC algorithms which are not based on hash. +MAC keys and other options should be set via the +.Fl macopt +parameter. +.It Fl macopt Ar nm : Ns Ar v +Passes options to the MAC algorithm, specified by +.Fl mac . +The following options are supported by HMAC: +.Bl -tag -width Ds +.It Cm key : Ns Ar string +Specifies the MAC key as an alphanumeric string +(use if the key contain printable characters only). +String length must conform to any restrictions of the MAC algorithm. +.It Cm hexkey : Ns Ar string +Specifies the MAC key in hexadecimal form (two hex digits per byte). +Key length must conform to any restrictions of the MAC algorithm. +.El +.It Fl out Ar file +The output file to write to, +or standard output if not specified. +.It Fl passin Ar arg +The key password source. +.It Fl prverify Ar file +Verify the signature using the private key in +.Ar file . +The output is either +.Qq Verification OK +or +.Qq Verification Failure . +.It Fl r +Print the digest in coreutils format. +.It Fl sign Ar file +Digitally sign the digest using the private key in +.Ar file . +.It Fl signature Ar file +The actual signature to verify. +.It Fl sigopt Ar nm : Ns Ar v +Pass options to the signature algorithm during sign or verify operations. +The names and values of these options are algorithm-specific. +.It Fl verify Ar file +Verify the signature using the public key in +.Ar file . +The output is either +.Qq Verification OK +or +.Qq Verification Failure . +.It Ar +File or files to digest. +If no files are specified then standard input is used. +.El +.Tg dhparam +.Sh DHPARAM +.Bl -hang -width "openssl dhparam" +.It Nm openssl dhparam +.Bk -words +.Op Fl 2 | 5 +.Op Fl C +.Op Fl check +.Op Fl dsaparam +.Op Fl in Ar file +.Op Fl inform Cm der | pem +.Op Fl noout +.Op Fl out Ar file +.Op Fl outform Cm der | pem +.Op Fl text +.Op Ar numbits +.Ek +.El +.Pp +The +.Nm dhparam +command is used to manipulate DH parameter files. +Only the older PKCS#3 DH is supported, +not the newer X9.42 DH. +.Pp +The options are as follows: +.Bl -tag -width Ds +.It Fl 2 , 5 +The generator to use; +2 is the default. +If present, the input file is ignored and parameters are generated instead. +.It Fl C +Convert the parameters into C code. +The parameters can then be loaded by calling the +.No get_dh Ns Ar numbits +function. +.It Fl check +Check the DH parameters. +.It Fl dsaparam +Read or create DSA parameters, +converted to DH format on output. +Otherwise, +.Qq strong +primes +.Pq such that (p-1)/2 is also prime +will be used for DH parameter generation. +.Pp +DH parameter generation with the +.Fl dsaparam +option is much faster, +and the recommended exponent length is shorter, +which makes DH key exchange more efficient. +Beware that with such DSA-style DH parameters, +a fresh DH key should be created for each use to +avoid small-subgroup attacks that may be possible otherwise. +.It Fl in Ar file +The input file to read from, +or standard input if not specified. +.It Fl inform Cm der | pem +The input format. +.It Fl noout +Do not output the encoded version of the parameters. +.It Fl out Ar file +The output file to write to, +or standard output if not specified. +.It Fl outform Cm der | pem +The output format. +.It Fl text +Print the DH parameters in plain text. +.It Ar numbits +Generate a parameter set of size +.Ar numbits . +It must be the last option. +If not present, a value of 2048 is used. +If this value is present, the input file is ignored and +parameters are generated instead. +.El +.Tg dsa +.Sh DSA +.Bl -hang -width "openssl dsa" +.It Nm openssl dsa +.Bk -words +.Oo +.Fl aes128 | aes192 | aes256 | +.Fl des | des3 +.Oc +.Op Fl in Ar file +.Op Fl inform Cm der | pem | pvk +.Op Fl modulus +.Op Fl noout +.Op Fl out Ar file +.Op Fl outform Cm der | pem | pvk +.Op Fl passin Ar arg +.Op Fl passout Ar arg +.Op Fl pubin +.Op Fl pubout +.Op Fl pvk-none | pvk-strong | pvk-weak +.Op Fl text +.Ek +.El +.Pp +The +.Nm dsa +command processes DSA keys. +They can be converted between various forms and their components printed out. +.Pp +.Sy Note : +This command uses the traditional +.Nm SSLeay +compatible format for private key encryption: +newer applications should use the more secure PKCS#8 format using the +.Nm pkcs8 +command. +.Pp +The options are as follows: +.Bl -tag -width Ds +.It Xo +.Fl aes128 | aes192 | aes256 | +.Fl des | des3 +.Xc +Encrypt the private key with the AES, DES, or the triple DES +ciphers, respectively, before outputting it. +A pass phrase is prompted for. +If none of these options are specified, the key is written in plain text. +This means that using the +.Nm dsa +utility to read an encrypted key with no encryption option can be used to +remove the pass phrase from a key, +or by setting the encryption options it can be used to add or change +the pass phrase. +These options can only be used with PEM format output files. +.It Fl in Ar file +The input file to read from, +or standard input if not specified. +If the key is encrypted, a pass phrase will be prompted for. +.It Fl inform Cm der | pem | pvk +The input format. +.It Fl modulus +Print the value of the public key component of the key. +.It Fl noout +Do not output the encoded version of the key. +.It Fl out Ar file +The output file to write to, +or standard output if not specified. +If any encryption options are set then a pass phrase will be +prompted for. +.It Fl outform Cm der | pem | pvk +The output format. +.It Fl passin Ar arg +The key password source. +.It Fl passout Ar arg +The output file password source. +.It Fl pubin +Read in a public key, not a private key. +.It Fl pubout +Output a public key, not a private key. +Automatically set if the input is a public key. +.It Xo +.Fl pvk-none | pvk-strong | pvk-weak +.Xc +Enable or disable PVK encoding. +The default is +.Fl pvk-strong . +.It Fl text +Print the public/private key in plain text. +.El +.Tg dsaparam +.Sh DSAPARAM +.Bl -hang -width "openssl dsaparam" +.It Nm openssl dsaparam +.Bk -words +.Op Fl C +.Op Fl genkey +.Op Fl in Ar file +.Op Fl inform Cm der | pem +.Op Fl noout +.Op Fl out Ar file +.Op Fl outform Cm der | pem +.Op Fl text +.Op Ar numbits +.Ek +.El +.Pp +The +.Nm dsaparam +command is used to manipulate or generate DSA parameter files. +.Pp +The options are as follows: +.Bl -tag -width Ds +.It Fl C +Convert the parameters into C code. +The parameters can then be loaded by calling the +.No get_dsa Ns Ar XXX +function. +.It Fl genkey +Generate a DSA key either using the specified or generated +parameters. +.It Fl in Ar file +The input file to read from, +or standard input if not specified. +If the +.Ar numbits +parameter is included, then this option is ignored. +.It Fl inform Cm der | pem +The input format. +.It Fl noout +Do not output the encoded version of the parameters. +.It Fl out Ar file +The output file to write to, +or standard output if not specified. +.It Fl outform Cm der | pem +The output format. +.It Fl text +Print the DSA parameters in plain text. +.It Ar numbits +Generate a parameter set of size +.Ar numbits . +If this option is included, the input file is ignored. +.El +.Tg ec +.Sh EC +.Bl -hang -width "openssl ec" +.It Nm openssl ec +.Bk -words +.Op Fl conv_form Ar arg +.Op Fl des +.Op Fl des3 +.Op Fl in Ar file +.Op Fl inform Cm der | pem +.Op Fl noout +.Op Fl out Ar file +.Op Fl outform Cm der | pem +.Op Fl param_enc Ar arg +.Op Fl param_out +.Op Fl passin Ar arg +.Op Fl passout Ar arg +.Op Fl pubin +.Op Fl pubout +.Op Fl text +.Ek +.El +.Pp +The +.Nm ec +command processes EC keys. +They can be converted between various +forms and their components printed out. +.Nm openssl +uses the private key format specified in +.Dq SEC 1: Elliptic Curve Cryptography +.Pq Lk https://www.secg.org/ . +To convert an +EC private key into the PKCS#8 private key format use the +.Nm pkcs8 +command. +.Pp +The options are as follows: +.Bl -tag -width Ds +.It Fl conv_form Ar arg +Specify how the points on the elliptic curve are converted +into octet strings. +Possible values are: +.Cm compressed , +.Cm uncompressed +(the default), +and +.Cm hybrid . +For more information regarding +the point conversion forms see the X9.62 standard. +Note: +Due to patent issues the +.Cm compressed +option is disabled by default for binary curves +and can be enabled by defining the preprocessor macro +.Dv OPENSSL_EC_BIN_PT_COMP +at compile time. +.It Fl des | des3 +Encrypt the private key with DES, triple DES, or +any other cipher supported by +.Nm openssl . +A pass phrase is prompted for. +If none of these options are specified, the key is written in plain text. +This means that using the +.Nm ec +utility to read in an encrypted key with no +encryption option can be used to remove the pass phrase from a key, +or by setting the encryption options +it can be used to add or change the pass phrase. +These options can only be used with PEM format output files. +.It Fl in Ar file +The input file to read a key from, +or standard input if not specified. +If the key is encrypted, a pass phrase will be prompted for. +.It Fl inform Cm der | pem +The input format. +.It Fl noout +Do not output the encoded version of the key. +.It Fl out Ar file +The output filename to write to, +or standard output if not specified. +If any encryption options are set then a pass phrase will be prompted for. +.It Fl outform Cm der | pem +The output format. +.It Fl param_enc Ar arg +Specify how the elliptic curve parameters are encoded. +Possible value are: +.Cm named_curve , +i.e. the EC parameters are specified by an OID; or +.Cm explicit , +where the EC parameters are explicitly given +(see RFC 3279 for the definition of the EC parameter structures). +The default value is +.Cm named_curve . +Note: the +.Cm implicitlyCA +alternative, +as specified in RFC 3279, +is currently not implemented. +.It Fl param_out +Print the elliptic curve parameters. +.It Fl passin Ar arg +The key password source. +.It Fl passout Ar arg +The output file password source. +.It Fl pubin +Read in a public key, not a private key. +.It Fl pubout +Output a public key, not a private key. +Automatically set if the input is a public key. +.It Fl text +Print the public/private key in plain text. +.El +.Tg ecparam +.Sh ECPARAM +.Bl -hang -width "openssl ecparam" +.It Nm openssl ecparam +.Bk -words +.Op Fl C +.Op Fl check +.Op Fl conv_form Ar arg +.Op Fl genkey +.Op Fl in Ar file +.Op Fl inform Cm der | pem +.Op Fl list_curves +.Op Fl name Ar arg +.Op Fl no_seed +.Op Fl noout +.Op Fl out Ar file +.Op Fl outform Cm der | pem +.Op Fl param_enc Ar arg +.Op Fl text +.Ek +.El +.Pp +The +.Nm ecparam +command is used to manipulate or generate EC parameter files. +.Nm openssl +is not able to generate new groups so +.Nm ecparam +can only create EC parameters from known (named) curves. +.Pp +The options are as follows: +.Bl -tag -width Ds +.It Fl C +Convert the EC parameters into C code. +The parameters can then be loaded by calling the +.No get_ec_group_ Ns Ar XXX +function. +.It Fl check +Validate the elliptic curve parameters. +.It Fl conv_form Ar arg +Specify how the points on the elliptic curve are converted +into octet strings. +Possible values are: +.Cm compressed , +.Cm uncompressed +(the default), +and +.Cm hybrid . +For more information regarding +the point conversion forms see the X9.62 standard. +Note: +Due to patent issues the +.Cm compressed +option is disabled by default for binary curves +and can be enabled by defining the preprocessor macro +.Dv OPENSSL_EC_BIN_PT_COMP +at compile time. +.It Fl genkey +Generate an EC private key using the specified parameters. +.It Fl in Ar file +The input file to read from, +or standard input if not specified. +.It Fl inform Cm der | pem +The input format. +.It Fl list_curves +Print a list of all +currently implemented EC parameter names and exit. +.It Fl name Ar arg +Use the EC parameters with the specified "short" name. +.It Fl no_seed +Do not include the seed for the parameter generation +in the ECParameters structure (see RFC 3279). +.It Fl noout +Do not output the encoded version of the parameters. +.It Fl out Ar file +The output file to write to, +or standard output if not specified. +.It Fl outform Cm der | pem +The output format. +.It Fl param_enc Ar arg +Specify how the elliptic curve parameters are encoded. +Possible value are: +.Cm named_curve , +i.e. the EC parameters are specified by an OID, or +.Cm explicit , +where the EC parameters are explicitly given +(see RFC 3279 for the definition of the EC parameter structures). +The default value is +.Cm named_curve . +Note: the +.Cm implicitlyCA +alternative, as specified in RFC 3279, +is currently not implemented. +.It Fl text +Print the EC parameters in plain text. +.El +.Tg enc +.Sh ENC +.Bl -hang -width "openssl enc" +.It Nm openssl enc +.Bk -words +.Fl ciphername +.Op Fl AadePpv +.Op Fl base64 +.Op Fl bufsize Ar number +.Op Fl debug +.Op Fl in Ar file +.Op Fl iter Ar iterations +.Op Fl iv Ar IV +.Op Fl K Ar key +.Op Fl k Ar password +.Op Fl kfile Ar file +.Op Fl md Ar digest +.Op Fl none +.Op Fl nopad +.Op Fl nosalt +.Op Fl out Ar file +.Op Fl pass Ar arg +.Op Fl pbkdf2 +.Op Fl S Ar salt +.Op Fl salt +.Ek +.El +.Pp +The symmetric cipher commands allow data to be encrypted or decrypted +using various block and stream ciphers using keys based on passwords +or explicitly provided. +Base64 encoding or decoding can also be performed either by itself +or in addition to the encryption or decryption. +The program can be called either as +.Nm openssl Ar ciphername +or +.Nm openssl enc - Ns Ar ciphername . +.Pp +Some of the ciphers do not have large keys and others have security +implications if not used correctly. +All the block ciphers normally use PKCS#5 padding, +also known as standard block padding. +If padding is disabled, the input data must be a multiple of the cipher +block length. +.Pp +The options are as follows: +.Bl -tag -width Ds +.It Fl A +If the +.Fl a +option is set, then base64 process the data on one line. +.It Fl a , base64 +Base64 process the data. +This means that if encryption is taking place, the data is base64-encoded +after encryption. +If decryption is set, the input data is base64-decoded before +being decrypted. +.It Fl bufsize Ar number +Set the buffer size for I/O. +.It Fl d +Decrypt the input data. +.It Fl debug +Debug the BIOs used for I/O. +.It Fl e +Encrypt the input data. +This is the default. +.It Fl in Ar file +The input file to read from, +or standard input if not specified. +.It Fl iter Ar iterations +Use the pbkdf2 key derivation function, with +.Ar iterations +as the number of iterations. +.It Fl iv Ar IV +The actual +.Ar IV +.Pq initialisation vector +to use: +this must be represented as a string comprised only of hex digits. +When only the +.Ar key +is specified using the +.Fl K +option, +the IV must explicitly be defined. +When a password is being specified using one of the other options, +the IV is generated from this password. +.It Fl K Ar key +The actual +.Ar key +to use: +this must be represented as a string comprised only of hex digits. +If only the key is specified, +the IV must also be specified using the +.Fl iv +option. +When both a +.Ar key +and a +.Ar password +are specified, the +.Ar key +given with the +.Fl K +option will be used and the IV generated from the password will be taken. +It probably does not make much sense to specify both +.Ar key +and +.Ar password . +.It Fl k Ar password +The +.Ar password +to derive the key from. +Superseded by the +.Fl pass +option. +.It Fl kfile Ar file +Read the password to derive the key from the first line of +.Ar file . +Superseded by the +.Fl pass +option. +.It Fl md Ar digest +Use +.Ar digest +to create a key from a pass phrase. +Currently, the default value is +.Cm sha256 . +.It Fl none +Use NULL cipher (no encryption or decryption of input). +.It Fl nopad +Disable standard block padding. +.It Fl nosalt +Don't use a salt in the key derivation routines. +This option should never be used +since it makes it possible to perform efficient dictionary +attacks on the password and to attack stream cipher encrypted data. +.It Fl out Ar file +The output file to write to, +or standard output if not specified. +.It Fl P +Print out the salt, key, and IV used, then immediately exit; +don't do any encryption or decryption. +.It Fl p +Print out the salt, key, and IV used. +.It Fl pass Ar arg +The password source. +.It Fl pbkdf2 +Use the pbkdf2 key derivation function, with +the default of 10000 iterations. +.It Fl S Ar salt +The actual +.Ar salt +to use: +this must be represented as a string comprised only of hex digits. +.It Fl salt +Use a salt in the key derivation routines (the default). +When the salt is being used, +the first eight bytes of the encrypted data are reserved for the salt: +it is randomly generated when encrypting a file and read from the +encrypted file when it is decrypted. +.It Fl v +Print extra details about the processing. +.El +.Tg errstr +.Sh ERRSTR +.Nm openssl errstr +.Ar errno ... +.Pp +The +.Nm errstr +command performs error number to error string conversion, +generating a human-readable string representing the error code +.Ar errno . +The string is obtained through the +.Xr ERR_error_string_n 3 +function and has the following format: +.Pp +.Dl error:[error code]:[library name]:[function name]:[reason string] +.Pp +.Bq error code +is an 8-digit hexadecimal number. +The remaining fields +.Bq library name , +.Bq function name , +and +.Bq reason string +are all ASCII text. +.Tg gendsa +.Sh GENDSA +.Bl -hang -width "openssl gendsa" +.It Nm openssl gendsa +.Bk -words +.Oo +.Fl aes128 | aes192 | aes256 | camellia128 | +.Fl camellia192 | camellia256 | des | des3 | idea +.Oc +.Op Fl out Ar file +.Op Fl passout Ar arg +.Ar paramfile +.Ek +.El +.Pp +The +.Nm gendsa +command generates a DSA private key from a DSA parameter file +(typically generated by the +.Nm openssl dsaparam +command). +DSA key generation is little more than random number generation so it is +much quicker than, +for example, +RSA key generation. +.Pp +The options are as follows: +.Bl -tag -width Ds +.It Xo +.Fl aes128 | aes192 | aes256 | +.Fl camellia128 | camellia192 | camellia256 | +.Fl des | des3 | +.Fl idea +.Xc +Encrypt the private key with the AES, CAMELLIA, DES, triple DES +or the IDEA ciphers, respectively, before outputting it. +A pass phrase is prompted for. +If none of these options are specified, no encryption is used. +.It Fl out Ar file +The output file to write to, +or standard output if not specified. +.It Fl passout Ar arg +The output file password source. +.It Ar paramfile +Specify the DSA parameter file to use. +The parameters in this file determine the size of the private key. +.El +.Tg genpkey +.Sh GENPKEY +.Bl -hang -width "openssl genpkey" +.It Nm openssl genpkey +.Bk -words +.Op Fl algorithm Ar alg +.Op Ar cipher +.Op Fl genparam +.Op Fl out Ar file +.Op Fl outform Cm der | pem +.Op Fl paramfile Ar file +.Op Fl pass Ar arg +.Op Fl pkeyopt Ar opt : Ns Ar value +.Op Fl text +.Ek +.El +.Pp +The +.Nm genpkey +command generates private keys. +The use of this +program is encouraged over the algorithm specific utilities +because additional algorithm options can be used. +.Pp +The options are as follows: +.Bl -tag -width Ds +.It Fl algorithm Ar alg +The public key algorithm to use, +such as RSA, DSA, or DH. +This option must precede any +.Fl pkeyopt +options. +The options +.Fl paramfile +and +.Fl algorithm +are mutually exclusive. +.It Ar cipher +Encrypt the private key with the supplied cipher. +Any algorithm name accepted by +.Xr EVP_get_cipherbyname 3 +is acceptable. +.It Fl genparam +Generate a set of parameters instead of a private key. +This option must precede any +.Fl algorithm , +.Fl paramfile , +or +.Fl pkeyopt +options. +.It Fl out Ar file +The output file to write to, +or standard output if not specified. +.It Fl outform Cm der | pem +The output format. +.It Fl paramfile Ar file +Some public key algorithms generate a private key based on a set of parameters, +which can be supplied using this option. +If this option is used, the public key +algorithm used is determined by the parameters. +This option must precede any +.Fl pkeyopt +options. +The options +.Fl paramfile +and +.Fl algorithm +are mutually exclusive. +.It Fl pass Ar arg +The output file password source. +.It Fl pkeyopt Ar opt : Ns Ar value +Set the public key algorithm option +.Ar opt +to +.Ar value , +as follows: +.Bl -tag -width Ds -offset indent +.It rsa_keygen_bits : Ns Ar numbits +(RSA) +The number of bits in the generated key. +The default is 2048. +.It rsa_keygen_pubexp : Ns Ar value +(RSA) +The RSA public exponent value. +This can be a large decimal or hexadecimal value if preceded by 0x. +The default is 65537. +.It dsa_paramgen_bits : Ns Ar numbits +(DSA) +The number of bits in the generated parameters. +The default is 1024. +.It dh_paramgen_prime_len : Ns Ar numbits +(DH) +The number of bits in the prime parameter +.Ar p . +.It dh_paramgen_generator : Ns Ar value +(DH) +The value to use for the generator +.Ar g . +.It ec_paramgen_curve : Ns Ar curve +(EC) +The elliptic curve to use. +.El +.It Fl text +Print the private/public key in plain text. +.El +.Tg genrsa +.Sh GENRSA +.Bl -hang -width "openssl genrsa" +.It Nm openssl genrsa +.Bk -words +.Op Fl 3 | f4 +.Oo +.Fl aes128 | aes192 | aes256 | camellia128 | +.Fl camellia192 | camellia256 | des | des3 | idea +.Oc +.Op Fl out Ar file +.Op Fl passout Ar arg +.Op Ar numbits +.Ek +.El +.Pp +The +.Nm genrsa +command generates an RSA private key, +which essentially involves the generation of two prime numbers. +When generating the key, +various symbols will be output to indicate the progress of the generation. +A +.Sq \&. +represents each number which has passed an initial sieve test; +.Sq + +means a number has passed a single round of the Miller-Rabin primality test; +.Sq * +means the number has failed primality testing +and needs to be generated afresh. +A newline means that the number has passed all the prime tests +(the actual number depends on the key size). +.Pp +The options are as follows: +.Bl -tag -width Ds +.It Fl 3 | f4 +The public exponent to use, either 3 or 65537. +The default is 65537. +.It Xo +.Fl aes128 | aes192 | aes256 | +.Fl camellia128 | camellia192 | camellia256 | +.Fl des | des3 | +.Fl idea +.Xc +Encrypt the private key with the AES, CAMELLIA, DES, triple DES +or the IDEA ciphers, respectively, before outputting it. +If none of these options are specified, no encryption is used. +If encryption is used, a pass phrase is prompted for, +if it is not supplied via the +.Fl passout +option. +.It Fl out Ar file +The output file to write to, +or standard output if not specified. +.It Fl passout Ar arg +The output file password source. +.It Ar numbits +The size of the private key to generate in bits. +This must be the last option specified. +The default is 2048. +.El +.Tg ocsp +.Sh OCSP +.Bl -hang -width "openssl ocsp" +.It Nm openssl ocsp +.Bk -words +.Op Fl CA Ar file +.Op Fl CAfile Ar file +.Op Fl CApath Ar directory +.Op Fl cert Ar file +.Op Fl dgst Ar alg +.Op Fl header Ar name value +.Op Fl host Ar hostname : Ns Ar port +.Op Fl ignore_err +.Op Fl index Ar indexfile +.Op Fl issuer Ar file +.Op Fl ndays Ar days +.Op Fl nmin Ar minutes +.Op Fl no_cert_checks +.Op Fl no_cert_verify +.Op Fl no_certs +.Op Fl no_chain +.Op Fl no_explicit +.Op Fl no_intern +.Op Fl no_nonce +.Op Fl no_signature_verify +.Op Fl nonce +.Op Fl noverify +.Op Fl nrequest Ar number +.Op Fl out Ar file +.Op Fl path Ar path +.Op Fl port Ar portnum +.Op Fl req_text +.Op Fl reqin Ar file +.Op Fl reqout Ar file +.Op Fl resp_key_id +.Op Fl resp_no_certs +.Op Fl resp_text +.Op Fl respin Ar file +.Op Fl respout Ar file +.Op Fl rkey Ar file +.Op Fl rother Ar file +.Op Fl rsigner Ar file +.Op Fl serial Ar num +.Op Fl sign_other Ar file +.Op Fl signer Ar file +.Op Fl signkey Ar file +.Op Fl status_age Ar age +.Op Fl text +.Op Fl timeout Ar seconds +.Op Fl trust_other +.Op Fl url Ar responder_url +.Op Fl VAfile Ar file +.Op Fl validity_period Ar nsec +.Op Fl verify_other Ar file +.Ek +.El +.Pp +The Online Certificate Status Protocol (OCSP) +enables applications to determine the (revocation) state +of an identified certificate (RFC 2560). +.Pp +The +.Nm ocsp +command performs many common OCSP tasks. +It can be used to print out requests and responses, +create requests and send queries to an OCSP responder, +and behave like a mini OCSP server itself. +.Pp +The options are as follows: +.Bl -tag -width Ds +.It Fl CAfile Ar file , Fl CApath Ar directory +A file or path containing trusted CA certificates, +used to verify the signature on the OCSP response. +.It Fl cert Ar file +Add the certificate +.Ar file +to the request. +The issuer certificate is taken from the previous +.Fl issuer +option, or an error occurs if no issuer certificate is specified. +.It Fl dgst Ar alg +Use the digest algorithm +.Ar alg +for certificate identification in the OCSP request. +By default SHA1 is used. +.It Xo +.Fl host Ar hostname : Ns Ar port , +.Fl path Ar path +.Xc +Send +the OCSP request to +.Ar hostname +on +.Ar port . +.Fl path +specifies the HTTP path name to use, or +.Pa / +by default. +.It Fl header Ar name value +Add the header name with the specified value to the OCSP request that is sent +to the responder. +This may be repeated. +.It Fl issuer Ar file +The current issuer certificate, in PEM format. +Can be used multiple times and must come before any +.Fl cert +options. +.It Fl no_cert_checks +Don't perform any additional checks on the OCSP response signer's certificate. +That is, do not make any checks to see if the signer's certificate is +authorised to provide the necessary status information: +as a result this option should only be used for testing purposes. +.It Fl no_cert_verify +Don't verify the OCSP response signer's certificate at all. +Since this option allows the OCSP response to be signed by any certificate, +it should only be used for testing purposes. +.It Fl no_certs +Don't include any certificates in the signed request. +.It Fl no_chain +Do not use certificates in the response as additional untrusted CA +certificates. +.It Fl no_explicit +Don't check the explicit trust for OCSP signing in the root CA certificate. +.It Fl no_intern +Ignore certificates contained in the OCSP response +when searching for the signer's certificate. +The signer's certificate must be specified with either the +.Fl verify_other +or +.Fl VAfile +options. +.It Fl no_signature_verify +Don't check the signature on the OCSP response. +Since this option tolerates invalid signatures on OCSP responses, +it will normally only be used for testing purposes. +.It Fl nonce , no_nonce +Add an OCSP nonce extension to a request, +or disable an OCSP nonce addition. +Normally, if an OCSP request is input using the +.Fl respin +option no nonce is added: +using the +.Fl nonce +option will force the addition of a nonce. +If an OCSP request is being created (using the +.Fl cert +and +.Fl serial +options), +a nonce is automatically added; specifying +.Fl no_nonce +overrides this. +.It Fl noverify +Don't attempt to verify the OCSP response signature or the nonce values. +This is normally only be used for debugging +since it disables all verification of the responder's certificate. +.It Fl out Ar file +Specify the output file to write to, +or standard output if not specified. +.It Fl req_text , resp_text , text +Print out the text form of the OCSP request, response, or both, respectively. +.It Fl reqin Ar file , Fl respin Ar file +Read an OCSP request or response file from +.Ar file . +These options are ignored +if an OCSP request or response creation is implied by other options +(for example with the +.Fl serial , cert , +and +.Fl host +options). +.It Fl reqout Ar file , Fl respout Ar file +Write out the DER-encoded certificate request or response to +.Ar file . +.It Fl serial Ar num +Same as the +.Fl cert +option except the certificate with serial number +.Ar num +is added to the request. +The serial number is interpreted as a decimal integer unless preceded by +.Sq 0x . +Negative integers can also be specified +by preceding the value with a minus sign. +.It Fl sign_other Ar file +Additional certificates to include in the signed request. +.It Fl signer Ar file , Fl signkey Ar file +Sign the OCSP request using the certificate specified in the +.Fl signer +option and the private key specified by the +.Fl signkey +option. +If the +.Fl signkey +option is not present, then the private key is read from the same file +as the certificate. +If neither option is specified, the OCSP request is not signed. +.It Fl timeout Ar seconds +Connection timeout to the OCSP responder in seconds. +.It Fl trust_other +The certificates specified by the +.Fl verify_other +option should be explicitly trusted and no additional checks will be +performed on them. +This is useful when the complete responder certificate chain is not available +or trusting a root CA is not appropriate. +.It Fl url Ar responder_url +Specify the responder URL. +Both HTTP and HTTPS +.Pq SSL/TLS +URLs can be specified. +.It Fl VAfile Ar file +A file containing explicitly trusted responder certificates. +Equivalent to the +.Fl verify_other +and +.Fl trust_other +options. +.It Fl validity_period Ar nsec , Fl status_age Ar age +The range of times, in seconds, which will be tolerated in an OCSP response. +Each certificate status response includes a notBefore time +and an optional notAfter time. +The current time should fall between these two values, +but the interval between the two times may be only a few seconds. +In practice the OCSP responder and clients' clocks may not be precisely +synchronised and so such a check may fail. +To avoid this the +.Fl validity_period +option can be used to specify an acceptable error range in seconds, +the default value being 5 minutes. +.Pp +If the notAfter time is omitted from a response, +it means that new status information is immediately available. +In this case the age of the notBefore field is checked +to see it is not older than +.Ar age +seconds old. +By default, this additional check is not performed. +.It Fl verify_other Ar file +A file containing additional certificates to search +when attempting to locate the OCSP response signing certificate. +Some responders omit the actual signer's certificate from the response, +so this can be used to supply the necessary certificate. +.El +.Pp +The options for the OCSP server are as follows: +.Bl -tag -width "XXXX" +.It Fl CA Ar file +CA certificate corresponding to the revocation information in +.Ar indexfile . +.It Fl ignore_err +Ignore the invalid response. +.It Fl index Ar indexfile +.Ar indexfile +is a text index file in ca format +containing certificate revocation information. +.Pp +If this option is specified, +.Nm ocsp +is in responder mode, otherwise it is in client mode. +The requests the responder processes can be either specified on +the command line (using the +.Fl issuer +and +.Fl serial +options), supplied in a file (using the +.Fl respin +option), or via external OCSP clients (if +.Ar port +or +.Ar url +is specified). +.Pp +If this option is present, then the +.Fl CA +and +.Fl rsigner +options must also be present. +.It Fl nmin Ar minutes , Fl ndays Ar days +Number of +.Ar minutes +or +.Ar days +when fresh revocation information is available: +used in the nextUpdate field. +If neither option is present, +the nextUpdate field is omitted, +meaning fresh revocation information is immediately available. +.It Fl nrequest Ar number +Exit after receiving +.Ar number +requests (the default is unlimited). +.It Fl port Ar portnum +Port to listen for OCSP requests on. +May also be specified using the +.Fl url +option. +.It Fl resp_key_id +Identify the signer certificate using the key ID; +the default is to use the subject name. +.It Fl resp_no_certs +Don't include any certificates in the OCSP response. +.It Fl rkey Ar file +The private key to sign OCSP responses with; +if not present, the file specified in the +.Fl rsigner +option is used. +.It Fl rother Ar file +Additional certificates to include in the OCSP response. +.It Fl rsigner Ar file +The certificate to sign OCSP responses with. +.El +.Pp +Initially the OCSP responder certificate is located and the signature on +the OCSP request checked using the responder certificate's public key. +Then a normal certificate verify is performed on the OCSP responder certificate +building up a certificate chain in the process. +The locations of the trusted certificates used to build the chain can be +specified by the +.Fl CAfile +and +.Fl CApath +options or they will be looked for in the standard +.Nm openssl +certificates directory. +.Pp +If the initial verify fails, the OCSP verify process halts with an error. +Otherwise the issuing CA certificate in the request is compared to the OCSP +responder certificate: if there is a match then the OCSP verify succeeds. +.Pp +Otherwise the OCSP responder certificate's CA is checked against the issuing +CA certificate in the request. +If there is a match and the OCSPSigning extended key usage is present +in the OCSP responder certificate, then the OCSP verify succeeds. +.Pp +Otherwise the root CA of the OCSP responder's CA is checked to see if it +is trusted for OCSP signing. +If it is, the OCSP verify succeeds. +.Pp +If none of these checks is successful, the OCSP verify fails. +What this effectively means is that if the OCSP responder certificate is +authorised directly by the CA it is issuing revocation information about +(and it is correctly configured), +then verification will succeed. +.Pp +If the OCSP responder is a global responder, +which can give details about multiple CAs +and has its own separate certificate chain, +then its root CA can be trusted for OCSP signing. +Alternatively, the responder certificate itself can be explicitly trusted +with the +.Fl VAfile +option. +.Tg passwd +.Sh PASSWD +.Bl -hang -width "openssl passwd" +.It Nm openssl passwd +.Bk -words +.Op Fl 1 | apr1 | crypt +.Op Fl in Ar file +.Op Fl noverify +.Op Fl quiet +.Op Fl reverse +.Op Fl salt Ar string +.Op Fl stdin +.Op Fl table +.Op Ar password +.Ek +.El +.Pp +The +.Nm passwd +command computes the hash of a password. +.Pp +The options are as follows: +.Bl -tag -width Ds +.It Fl 1 +Use the MD5 based +.Bx +password algorithm +.Qq 1 . +.It Fl apr1 +Use the +.Qq apr1 +algorithm +.Po +Apache variant of the +.Bx +algorithm +.Pc . +.It Fl crypt +Use the +.Qq crypt +algorithm (the default). +.It Fl in Ar file +Read passwords from +.Ar file . +.It Fl noverify +Don't verify when reading a password from the terminal. +.It Fl quiet +Don't output warnings when passwords given on the command line are truncated. +.It Fl reverse +Switch table columns. +This only makes sense in conjunction with the +.Fl table +option. +.It Fl salt Ar string +Use the salt specified by +.Ar string . +When reading a password from the terminal, this implies +.Fl noverify . +.It Fl stdin +Read passwords from standard input. +.It Fl table +In the output list, prepend the cleartext password and a TAB character +to each password hash. +.El +.Tg pkcs7 +.Sh PKCS7 +.Bl -hang -width "openssl pkcs7" +.It Nm openssl pkcs7 +.Bk -words +.Op Fl in Ar file +.Op Fl inform Cm der | pem +.Op Fl noout +.Op Fl out Ar file +.Op Fl outform Cm der | pem +.Op Fl print +.Op Fl print_certs +.Op Fl text +.Ek +.El +.Pp +The +.Nm pkcs7 +command processes PKCS#7 files in DER or PEM format. +The PKCS#7 routines only understand PKCS#7 v 1.5 as specified in RFC 2315. +.Pp +The options are as follows: +.Bl -tag -width Ds +.It Fl in Ar file +The input file to read from, +or standard input if not specified. +.It Fl inform Cm der | pem +The input format. +.It Fl noout +Don't output the encoded version of the PKCS#7 structure +(or certificates if +.Fl print_certs +is set). +.It Fl out Ar file +The output to write to, +or standard output if not specified. +.It Fl outform Cm der | pem +The output format. +.It Fl print +Print the ASN.1 representation of PKCS#7 structure. +.It Fl print_certs +Print any certificates or CRLs contained in the file, +preceded by their subject and issuer names in a one-line format. +.It Fl text +Print certificate details in full rather than just subject and issuer names. +.El +.Tg pkcs8 +.Sh PKCS8 +.Bl -hang -width "openssl pkcs8" +.It Nm openssl pkcs8 +.Bk -words +.Op Fl in Ar file +.Op Fl inform Cm der | pem +.Op Fl nocrypt +.Op Fl noiter +.Op Fl out Ar file +.Op Fl outform Cm der | pem +.Op Fl passin Ar arg +.Op Fl passout Ar arg +.Op Fl topk8 +.Op Fl v1 Ar alg +.Op Fl v2 Ar alg +.Ek +.El +.Pp +The +.Nm pkcs8 +command processes private keys +(both encrypted and unencrypted) +in PKCS#8 format +with a variety of PKCS#5 (v1.5 and v2.0) and PKCS#12 algorithms. +The default encryption is only 56 bits; +keys encrypted using PKCS#5 v2.0 algorithms and high iteration counts +are more secure. +.Pp +The options are as follows: +.Bl -tag -width Ds +.It Fl in Ar file +The input file to read from, +or standard input if not specified. +If the key is encrypted, a pass phrase will be prompted for. +.It Fl inform Cm der | pem +The input format. +.It Fl nocrypt +Generate an unencrypted PrivateKeyInfo structure. +This option does not encrypt private keys at all +and should only be used when absolutely necessary. +.It Fl noiter +Use an iteration count of 1. +See the +.Sx PKCS12 +section below for a detailed explanation of this option. +.It Fl out Ar file +The output file to write to, +or standard output if none is specified. +If any encryption options are set, a pass phrase will be prompted for. +.It Fl outform Cm der | pem +The output format. +.It Fl passin Ar arg +The key password source. +.It Fl passout Ar arg +The output file password source. +.It Fl topk8 +Read a traditional format private key and write a PKCS#8 format key. +.It Fl v1 Ar alg +Specify a PKCS#5 v1.5 or PKCS#12 algorithm to use. +.Pp +.Bl -tag -width "XXXX" -compact +.It PBE-MD5-DES +56-bit DES. +.It PBE-SHA1-RC2-64 | PBE-MD5-RC2-64 | PBE-SHA1-DES +64-bit RC2 or 56-bit DES. +.It PBE-SHA1-RC4-128 | PBE-SHA1-RC4-40 | PBE-SHA1-3DES +.It PBE-SHA1-2DES | PBE-SHA1-RC2-128 | PBE-SHA1-RC2-40 +PKCS#12 password-based encryption algorithm, +which allow strong encryption algorithms like triple DES or 128-bit RC2. +.El +.It Fl v2 Ar alg +Use PKCS#5 v2.0 algorithms. +Supports algorithms such as 168-bit triple DES or 128-bit RC2, +however not many implementations support PKCS#5 v2.0 yet +(if using private keys with +.Nm openssl +this doesn't matter). +.Pp +.Ar alg +is the encryption algorithm to use; +valid values include des, des3, and rc2. +It is recommended that des3 is used. +.El +.Tg pkcs12 +.Sh PKCS12 +.Bl -hang -width "openssl pkcs12" +.It Nm openssl pkcs12 +.Bk -words +.Oo +.Fl aes128 | aes192 | aes256 | camellia128 | +.Fl camellia192 | camellia256 | des | des3 | idea +.Oc +.Op Fl cacerts +.Op Fl CAfile Ar file +.Op Fl caname Ar name +.Op Fl CApath Ar directory +.Op Fl certfile Ar file +.Op Fl certpbe Ar alg +.Op Fl chain +.Op Fl clcerts +.Op Fl descert +.Op Fl export +.Op Fl in Ar file +.Op Fl info +.Op Fl inkey Ar file +.Op Fl keyex +.Op Fl keypbe Ar alg +.Op Fl keysig +.Op Fl macalg Ar alg +.Op Fl maciter +.Op Fl name Ar name +.Op Fl nocerts +.Op Fl nodes +.Op Fl noiter +.Op Fl nokeys +.Op Fl nomac +.Op Fl nomaciter +.Op Fl nomacver +.Op Fl noout +.Op Fl out Ar file +.Op Fl passin Ar arg +.Op Fl passout Ar arg +.Op Fl password Ar arg +.Op Fl twopass +.Ek +.El +.Pp +The +.Nm pkcs12 +command allows PKCS#12 files +.Pq sometimes referred to as PFX files +to be created and parsed. +By default, a PKCS#12 file is parsed; +a PKCS#12 file can be created by using the +.Fl export +option. +.Pp +The options for parsing a PKCS12 file are as follows: +.Bl -tag -width "XXXX" +.It Xo +.Fl aes128 | aes192 | aes256 | +.Fl camellia128 | camellia192 | camellia256 | +.Fl des | des3 | +.Fl idea +.Xc +Encrypt private keys using AES, CAMELLIA, DES, triple DES +or the IDEA ciphers, respectively. +The default is triple DES. +.It Fl cacerts +Only output CA certificates +.Pq not client certificates . +.It Fl clcerts +Only output client certificates +.Pq not CA certificates . +.It Fl in Ar file +The input file to read from, +or standard input if not specified. +.It Fl info +Output additional information about the PKCS#12 file structure, +algorithms used, and iteration counts. +.It Fl nocerts +Do not output certificates. +.It Fl nodes +Do not encrypt private keys. +.It Fl nokeys +Do not output private keys. +.It Fl nomacver +Do not attempt to verify the integrity MAC before reading the file. +.It Fl noout +Do not output the keys and certificates to the output file +version of the PKCS#12 file. +.It Fl out Ar file +The output file to write to, +or standard output if not specified. +.It Fl passin Ar arg +The key password source. +.It Fl passout Ar arg +The output file password source. +.It Fl twopass +Prompt for separate integrity and encryption passwords: most software +always assumes these are the same so this option will render such +PKCS#12 files unreadable. +.El +.Pp +The options for PKCS12 file creation are as follows: +.Bl -tag -width "XXXX" +.It Fl CAfile Ar file +CA storage as a file. +.It Fl CApath Ar directory +CA storage as a directory. +The directory must be a standard certificate directory: +that is, a hash of each subject name (using +.Nm x509 Fl hash ) +should be linked to each certificate. +.It Fl caname Ar name +Specify the +.Qq friendly name +for other certificates. +May be used multiple times to specify names for all certificates +in the order they appear. +.It Fl certfile Ar file +A file to read additional certificates from. +.It Fl certpbe Ar alg , Fl keypbe Ar alg +Specify the algorithm used to encrypt the private key and +certificates to be selected. +Any PKCS#5 v1.5 or PKCS#12 PBE algorithm name can be used. +If a cipher name +(as output by the +.Cm list-cipher-algorithms +command) is specified then it +is used with PKCS#5 v2.0. +For interoperability reasons it is advisable to only use PKCS#12 algorithms. +.It Fl chain +Include the entire certificate chain of the user certificate. +The standard CA store is used for this search. +If the search fails, it is considered a fatal error. +.It Fl descert +Encrypt the certificate using triple DES; this may render the PKCS#12 +file unreadable by some +.Qq export grade +software. +By default, the private key is encrypted using triple DES and the +certificate using 40-bit RC2. +.It Fl export +Create a PKCS#12 file (rather than parsing one). +.It Fl in Ar file +The input file to read from, +or standard input if not specified. +The order doesn't matter but one private key and its corresponding +certificate should be present. +If additional certificates are present, they will also be included +in the PKCS#12 file. +.It Fl inkey Ar file +File to read a private key from. +If not present, a private key must be present in the input file. +.It Fl keyex | keysig +Specify whether the private key is to be used for key exchange or just signing. +Normally, +.Qq export grade +software will only allow 512-bit RSA keys to be +used for encryption purposes, but arbitrary length keys for signing. +The +.Fl keysig +option marks the key for signing only. +Signing only keys can be used for S/MIME signing, authenticode +(ActiveX control signing) +and SSL client authentication. +.It Fl macalg Ar alg +Specify the MAC digest algorithm. +The default is SHA1. +.It Fl maciter +Included for compatibility only: +it used to be needed to use MAC iterations counts +but they are now used by default. +.It Fl name Ar name +Specify the +.Qq friendly name +for the certificate and private key. +This name is typically displayed in list boxes by software importing the file. +.It Fl nomac +Don't attempt to provide the MAC integrity. +.It Fl nomaciter , noiter +Affect the iteration counts on the MAC and key algorithms. +.Pp +To discourage attacks by using large dictionaries of common passwords, +the algorithm that derives keys from passwords can have an iteration count +applied to it: this causes a certain part of the algorithm to be repeated +and slows it down. +The MAC is used to check the file integrity but since it will normally +have the same password as the keys and certificates it could also be attacked. +By default, both MAC and encryption iteration counts are set to 2048; +using these options the MAC and encryption iteration counts can be set to 1. +Since this reduces the file security, you should not use these options +unless you really have to. +Most software supports both MAC and key iteration counts. +.It Fl out Ar file +The output file to write to, +or standard output if not specified. +.It Fl passin Ar arg +The key password source. +.It Fl passout Ar arg +The output file password source. +.It Fl password Ar arg +With +.Fl export , +.Fl password +is equivalent to +.Fl passout . +Otherwise, +.Fl password +is equivalent to +.Fl passin . +.El +.Tg pkey +.Sh PKEY +.Bl -hang -width "openssl pkey" +.It Nm openssl pkey +.Bk -words +.Op Ar cipher +.Op Fl in Ar file +.Op Fl inform Cm der | pem +.Op Fl noout +.Op Fl out Ar file +.Op Fl outform Cm der | pem +.Op Fl passin Ar arg +.Op Fl passout Ar arg +.Op Fl pubin +.Op Fl pubout +.Op Fl text +.Op Fl text_pub +.Ek +.El +.Pp +The +.Nm pkey +command processes public or private keys. +They can be converted between various forms +and their components printed out. +.Pp +The options are as follows: +.Bl -tag -width Ds +.It Ar cipher +Encrypt the private key with the specified cipher. +Any algorithm name accepted by +.Xr EVP_get_cipherbyname 3 +is acceptable, such as +.Cm des3 . +.It Fl in Ar file +The input file to read from, +or standard input if not specified. +If the key is encrypted, a pass phrase will be prompted for. +.It Fl inform Cm der | pem +The input format. +.It Fl noout +Do not output the encoded version of the key. +.It Fl out Ar file +The output file to write to, +or standard output if not specified. +If any encryption options are set then a pass phrase +will be prompted for. +.It Fl outform Cm der | pem +The output format. +.It Fl passin Ar arg +The key password source. +.It Fl passout Ar arg +The output file password source. +.It Fl pubin +Read in a public key, not a private key. +.It Fl pubout +Output a public key, not a private key. +Automatically set if the input is a public key. +.It Fl text +Print the public/private key in plain text. +.It Fl text_pub +Print out only public key components +even if a private key is being processed. +.El +.Tg pkeyparam +.Sh PKEYPARAM +.Cm openssl pkeyparam +.Op Fl in Ar file +.Op Fl noout +.Op Fl out Ar file +.Op Fl text +.Pp +The +.Nm pkeyparam +command processes public or private keys. +The key type is determined by the PEM headers. +.Pp +The options are as follows: +.Bl -tag -width Ds +.It Fl in Ar file +The input file to read from, +or standard input if not specified. +.It Fl noout +Do not output the encoded version of the parameters. +.It Fl out Ar file +The output file to write to, +or standard output if not specified. +.It Fl text +Print the parameters in plain text. +.El +.Tg pkeyutl +.Sh PKEYUTL +.Bl -hang -width "openssl pkeyutl" +.It Nm openssl pkeyutl +.Bk -words +.Op Fl asn1parse +.Op Fl certin +.Op Fl decrypt +.Op Fl derive +.Op Fl encrypt +.Op Fl hexdump +.Op Fl in Ar file +.Op Fl inkey Ar file +.Op Fl keyform Cm der | pem +.Op Fl out Ar file +.Op Fl passin Ar arg +.Op Fl peerform Cm der | pem +.Op Fl peerkey Ar file +.Op Fl pkeyopt Ar opt : Ns Ar value +.Op Fl pubin +.Op Fl rev +.Op Fl sigfile Ar file +.Op Fl sign +.Op Fl verify +.Op Fl verifyrecover +.Ek +.El +.Pp +The +.Nm pkeyutl +command can be used to perform public key operations using +any supported algorithm. +.Pp +The options are as follows: +.Bl -tag -width Ds +.It Fl asn1parse +ASN.1 parse the output data. +This is useful when combined with the +.Fl verifyrecover +option when an ASN.1 structure is signed. +.It Fl certin +The input is a certificate containing a public key. +.It Fl decrypt +Decrypt the input data using a private key. +.It Fl derive +Derive a shared secret using the peer key. +.It Fl encrypt +Encrypt the input data using a public key. +.It Fl hexdump +Hex dump the output data. +.It Fl in Ar file +The input file to read from, +or standard input if not specified. +.It Fl inkey Ar file +The input key file. +By default it should be a private key. +.It Fl keyform Cm der | pem +The key format. +.It Fl out Ar file +The output file to write to, +or standard output if not specified. +.It Fl passin Ar arg +The key password source. +.It Fl peerform Cm der | pem +The peer key format. +.It Fl peerkey Ar file +The peer key file, used by key derivation (agreement) operations. +.It Fl pkeyopt Ar opt : Ns Ar value +Set the public key algorithm option +.Ar opt +to +.Ar value . +Unless otherwise mentioned, all algorithms support the format +.Ar digest : Ns Ar alg , +which specifies the digest to use +for sign, verify, and verifyrecover operations. +The value +.Ar alg +should represent a digest name as used in the +.Xr EVP_get_digestbyname 3 +function. +.Pp +The RSA algorithm supports the +encrypt, decrypt, sign, verify, and verifyrecover operations in general. +Some padding modes only support some of these +operations however. +.Bl -tag -width Ds +.It rsa_padding_mode : Ns Ar mode +This sets the RSA padding mode. +Acceptable values for +.Ar mode +are +.Cm pkcs1 +for PKCS#1 padding; +.Cm none +for no padding; +.Cm oaep +for OAEP mode; +.Cm x931 +for X9.31 mode; +and +.Cm pss +for PSS. +.Pp +In PKCS#1 padding if the message digest is not set then the supplied data is +signed or verified directly instead of using a DigestInfo structure. +If a digest is set then a DigestInfo +structure is used and its length +must correspond to the digest type. +For oeap mode only encryption and decryption is supported. +For x931 if the digest type is set it is used to format the block data; +otherwise the first byte is used to specify the X9.31 digest ID. +Sign, verify, and verifyrecover can be performed in this mode. +For pss mode only sign and verify are supported and the digest type must be +specified. +.It rsa_pss_saltlen : Ns Ar len +For pss +mode only this option specifies the salt length. +Two special values are supported: +-1 sets the salt length to the digest length. +When signing, -2 sets the salt length to the maximum permissible value. +When verifying, -2 causes the salt length to be automatically determined +based on the PSS block structure. +.El +.Pp +The DSA algorithm supports the sign and verify operations. +Currently there are no additional options other than +.Ar digest . +Only the SHA1 digest can be used and this digest is assumed by default. +.Pp +The DH algorithm supports the derive operation +and no additional options. +.Pp +The EC algorithm supports the sign, verify, and derive operations. +The sign and verify operations use ECDSA and derive uses ECDH. +Currently there are no additional options other than +.Ar digest . +Only the SHA1 digest can be used and this digest is assumed by default. +.It Fl pubin +The input file is a public key. +.It Fl rev +Reverse the order of the input buffer. +.It Fl sigfile Ar file +Signature file (verify operation only). +.It Fl sign +Sign the input data and output the signed result. +This requires a private key. +.It Fl verify +Verify the input data against the signature file and indicate if the +verification succeeded or failed. +.It Fl verifyrecover +Verify the input data and output the recovered data. +.El +.Tg prime +.Sh PRIME +.Cm openssl prime +.Op Fl bits Ar n +.Op Fl checks Ar n +.Op Fl generate +.Op Fl hex +.Op Fl safe +.Ar p +.Pp +The +.Nm prime +command is used to generate prime numbers, +or to check numbers for primality. +Results are probabilistic: +they have an exceedingly high likelihood of being correct, +but are not guaranteed. +.Pp +The options are as follows: +.Bl -tag -width Ds +.It Fl bits Ar n +Specify the number of bits in the generated prime number. +Must be used in conjunction with +.Fl generate . +.It Fl checks Ar n +Perform a Miller-Rabin probabilistic primality test with +.Ar n +iterations. +The default is 20. +.It Fl generate +Generate a pseudo-random prime number. +Must be used in conjunction with +.Fl bits . +.It Fl hex +Output in hex format. +.It Fl safe +Generate only +.Qq safe +prime numbers +(i.e. a prime p so that (p-1)/2 is also prime). +.It Ar p +Test if number +.Ar p +is prime. +.El +.Tg rand +.Sh RAND +.Bl -hang -width "openssl rand" +.It Nm openssl rand +.Bk -words +.Op Fl base64 +.Op Fl hex +.Op Fl out Ar file +.Ar num +.Ek +.El +.Pp +The +.Nm rand +command outputs +.Ar num +pseudo-random bytes. +.Pp +The options are as follows: +.Bl -tag -width Ds +.It Fl base64 +Perform base64 encoding on the output. +.It Fl hex +Specify hexadecimal output. +.It Fl out Ar file +The output file to write to, +or standard output if not specified. +.El +.Tg req +.Sh REQ +.Bl -hang -width "openssl req" +.It Nm openssl req +.Bk -words +.Op Fl addext Ar ext +.Op Fl batch +.Op Fl config Ar file +.Op Fl days Ar n +.Op Fl extensions Ar section +.Op Fl in Ar file +.Op Fl inform Cm der | pem +.Op Fl key Ar keyfile +.Op Fl keyform Cm der | pem +.Op Fl keyout Ar file +.Op Fl md4 | md5 | sha1 +.Op Fl modulus +.Op Fl multivalue-rdn +.Op Fl nameopt Ar option +.Op Fl new +.Op Fl newhdr +.Op Fl newkey Ar arg +.Op Fl nodes +.Op Fl noout +.Op Fl out Ar file +.Op Fl outform Cm der | pem +.Op Fl passin Ar arg +.Op Fl passout Ar arg +.Op Fl pkeyopt Ar opt:value +.Op Fl pubkey +.Op Fl reqexts Ar section +.Op Fl reqopt Ar option +.Op Fl set_serial Ar n +.Op Fl sigopt Ar nm:v +.Op Fl subj Ar arg +.Op Fl subject +.Op Fl text +.Op Fl utf8 +.Op Fl verbose +.Op Fl verify +.Op Fl x509 +.Ek +.El +.Pp +The +.Nm req +command primarily creates and processes certificate requests +in PKCS#10 format. +It can additionally create self-signed certificates, +for use as root CAs, for example. +.Pp +The options are as follows: +.Bl -tag -width Ds +.It Fl addext Ar ext +Add a specific extension to the certificate (if the +.Fl x509 +option is present) or certificate request. +The argument must have the form of a key=value pair as it would appear in a +config file. +This option can be given multiple times. +.It Fl batch +Non-interactive mode. +.It Fl config Ar file +Specify an alternative configuration file. +.It Fl days Ar n +Specify the number of days to certify the certificate for. +The default is 30 days. +Used with the +.Fl x509 +option. +.It Fl extensions Ar section , Fl reqexts Ar section +Specify alternative sections to include certificate +extensions (with +.Fl x509 ) +or certificate request extensions, +allowing several different sections to be used in the same configuration file. +.It Fl in Ar file +The input file to read a request from, +or standard input if not specified. +A request is only read if the creation options +.Fl new +and +.Fl newkey +are not specified. +.It Fl inform Cm der | pem +The input format. +.It Fl key Ar keyfile +The file to read the private key from. +It also accepts PKCS#8 format private keys for PEM format files. +.It Fl keyform Cm der | pem +The format of the private key file specified in the +.Fl key +argument. +The default is +.Cm pem . +.It Fl keyout Ar file +The file to write the newly created private key to. +If this option is not specified, +the filename present in the configuration file is used. +.It Fl md5 | sha1 | sha256 +The message digest to sign the request with. +This overrides the digest algorithm specified in the configuration file. +.Pp +Some public key algorithms may override this choice. +For instance, DSA signatures always use SHA1. +.It Fl modulus +Print the value of the modulus of the public key contained in the request. +.It Fl multivalue-rdn +This option causes the +.Fl subj +argument to be interpreted with full support for multivalued RDNs, +for example +.Qq "/DC=org/DC=OpenSSL/DC=users/UID=123456+CN=John Doe" . +If +.Fl multivalue-rdn +is not used, the UID value is set to +.Qq "123456+CN=John Doe" . +.It Fl nameopt Ar option , Fl reqopt Ar option +Determine how the subject or issuer names are displayed. +.Ar option +can be a single option or multiple options separated by commas. +Alternatively, these options may be used more than once to set multiple options. +See the +.Sx X509 +section below for details. +.It Fl new +Generate a new certificate request. +The user is prompted for the relevant field values. +The actual fields prompted for and their maximum and minimum sizes +are specified in the configuration file and any requested extensions. +.Pp +If the +.Fl key +option is not used, it will generate a new RSA private +key using information specified in the configuration file. +.It Fl newhdr +Add the word NEW to the PEM file header and footer lines +on the outputted request. +Some software and CAs need this. +.It Fl newkey Ar arg +Create a new certificate request and a new private key. +The argument takes one of several forms. +.Pp +.No rsa : Ns Ar nbits +generates an RSA key +.Ar nbits +in size. +If +.Ar nbits +is omitted, +the default key size is used. +.Pp +.No dsa : Ns Ar file +generates a DSA key using the parameters in +.Ar file . +.Pp +.No param : Ns Ar file +generates a key using the parameters or certificate in +.Ar file . +.Pp +All other algorithms support the form +.Ar algorithm : Ns Ar file , +where file may be an algorithm parameter file, +created by the +.Cm genpkey -genparam +command or an X.509 certificate for a key with appropriate algorithm. +.Ar file +can be omitted, +in which case any parameters can be specified via the +.Fl pkeyopt +option. +.It Fl nodes +Do not encrypt the private key. +.It Fl noout +Do not output the encoded version of the request. +.It Fl out Ar file +The output file to write to, +or standard output if not specified. +.It Fl outform Cm der | pem +The output format. +.It Fl passin Ar arg +The key password source. +.It Fl passout Ar arg +The output file password source. +.It Fl pkeyopt Ar opt:value +Set the public key algorithm option +.Ar opt +to +.Ar value . +.It Fl pubkey +Output the public key. +.It Fl reqopt Ar option +Customise the output format used with +.Fl text . +The +.Ar option +argument can be a single option or multiple options separated by commas. +See also the discussion of +.Fl certopt +in the +.Nm x509 +command. +.It Fl set_serial Ar n +Serial number to use when outputting a self-signed certificate. +This may be specified as a decimal value or a hex value if preceded by +.Sq 0x . +It is possible to use negative serial numbers but this is not recommended. +.It Fl sigopt Ar nm:v +Pass options to the signature algorithm during sign operation. +The names and values of these options are algorithm-specific. +.It Fl subj Ar arg +Replaces the subject field of an input request +with the specified data and output the modified request. +.Ar arg +must be formatted as /type0=value0/type1=value1/type2=...; +characters may be escaped by +.Sq \e +(backslash); +no spaces are skipped. +.It Fl subject +Print the request subject (or certificate subject if +.Fl x509 +is specified). +.It Fl text +Print the certificate request in plain text. +.It Fl utf8 +Interpret field values as UTF8 strings, not ASCII. +.It Fl verbose +Print extra details about the operations being performed. +.It Fl verify +Verify the signature on the request. +.It Fl x509 +Output a self-signed certificate instead of a certificate request. +This is typically used to generate a test certificate or a self-signed root CA. +The extensions added to the certificate (if any) +are specified in the configuration file. +Unless specified using the +.Fl set_serial +option, 0 is used for the serial number. +.El +.Pp +The configuration options are specified in the +.Qq req +section of the configuration file. +The options available are as follows: +.Bl -tag -width "XXXX" +.It Cm attributes +The section containing any request attributes: its format +is the same as +.Cm distinguished_name . +Typically these may contain the challengePassword or unstructuredName types. +They are currently ignored by the +.Nm openssl +request signing utilities, but some CAs might want them. +.It Cm default_bits +The default key size, in bits. +The default is 2048. +It is used if the +.Fl new +option is used and can be overridden by using the +.Fl newkey +option. +.It Cm default_keyfile +The default file to write a private key to, +or standard output if not specified. +It can be overridden by the +.Fl keyout +option. +.It Cm default_md +The digest algorithm to use. +Possible values include +.Cm md5 , +.Cm sha1 +and +.Cm sha256 +(the default). +It can be overridden on the command line. +.It Cm distinguished_name +The section containing the distinguished name fields to +prompt for when generating a certificate or certificate request. +The format is described below. +.It Cm encrypt_key +If set to +.Qq no +and a private key is generated, it is not encrypted. +It is equivalent to the +.Fl nodes +option. +For compatibility, +.Cm encrypt_rsa_key +is an equivalent option. +.It Cm input_password | output_password +The passwords for the input private key file (if present) +and the output private key file (if one will be created). +The command line options +.Fl passin +and +.Fl passout +override the configuration file values. +.It Cm oid_file +A file containing additional OBJECT IDENTIFIERS. +Each line of the file should consist of the numerical form of the +object identifier, followed by whitespace, then the short name followed +by whitespace and finally the long name. +.It Cm oid_section +Specify a section in the configuration file containing extra +object identifiers. +Each line should consist of the short name of the +object identifier followed by +.Sq = +and the numerical form. +The short and long names are the same when this option is used. +.It Cm prompt +If set to +.Qq no , +it disables prompting of certificate fields +and just takes values from the config file directly. +It also changes the expected format of the +.Cm distinguished_name +and +.Cm attributes +sections. +.It Cm req_extensions +The configuration file section containing a list of +extensions to add to the certificate request. +It can be overridden by the +.Fl reqexts +option. +.It Cm string_mask +Limit the string types for encoding certain fields. +The following values may be used, limiting strings to the indicated types: +.Bl -tag -width "MASK:number" +.It Cm utf8only +UTF8String. +This is the default, as recommended by PKIX in RFC 2459. +.It Cm default +PrintableString, IA5String, T61String, BMPString, UTF8String. +.It Cm pkix +PrintableString, IA5String, BMPString, UTF8String. +Inspired by the PKIX recommendation in RFC 2459 for certificates +generated before 2004, but differs by also permitting IA5String. +.It Cm nombstr +PrintableString, IA5String, T61String, UniversalString. +A workaround for some ancient software that had problems +with the variable-sized BMPString and UTF8String types. +.It Cm MASK : Ns Ar number +An explicit bitmask of permitted types, where +.Ar number +is a C-style hex, decimal, or octal number that's a bit-wise OR of +.Dv B_ASN1_* +values from +.In openssl/asn1.h . +.El +.It Cm utf8 +If set to +.Qq yes , +field values are interpreted as UTF8 strings. +.It Cm x509_extensions +The configuration file section containing a list of +extensions to add to a certificate generated when the +.Fl x509 +switch is used. +It can be overridden by the +.Fl extensions +command line switch. +.El +.Pp +There are two separate formats for the distinguished name and attribute +sections. +If the +.Fl prompt +option is set to +.Qq no , +then these sections just consist of field names and values. +If the +.Fl prompt +option is absent or not set to +.Qq no , +then the file contains field prompting information of the form: +.Bd -unfilled -offset indent +fieldName="prompt" +fieldName_default="default field value" +fieldName_min= 2 +fieldName_max= 4 +.Ed +.Pp +.Qq fieldName +is the field name being used, for example +.Cm commonName +(or CN). +The +.Qq prompt +string is used to ask the user to enter the relevant details. +If the user enters nothing, the default value is used; +if no default value is present, the field is omitted. +A field can still be omitted if a default value is present, +if the user just enters the +.Sq \&. +character. +.Pp +The number of characters entered must be between the +fieldName_min and fieldName_max limits: +there may be additional restrictions based on the field being used +(for example +.Cm countryName +can only ever be two characters long and must fit in a +.Cm PrintableString ) . +.Pp +Some fields (such as +.Cm organizationName ) +can be used more than once in a DN. +This presents a problem because configuration files will +not recognize the same name occurring twice. +To avoid this problem, if the +.Cm fieldName +contains some characters followed by a full stop, they will be ignored. +So, for example, a second +.Cm organizationName +can be input by calling it +.Qq 1.organizationName . +.Pp +The actual permitted field names are any object identifier short or +long names. +These are compiled into +.Nm openssl +and include the usual values such as +.Cm commonName , countryName , localityName , organizationName , +.Cm organizationalUnitName , stateOrProvinceName . +Additionally, +.Cm emailAddress +is included as well as +.Cm name , surname , givenName , initials +and +.Cm dnQualifier . +.Pp +Additional object identifiers can be defined with the +.Cm oid_file +or +.Cm oid_section +options in the configuration file. +Any additional fields will be treated as though they were a +.Cm DirectoryString . +.Tg rsa +.Sh RSA +.Bl -hang -width "openssl rsa" +.It Nm openssl rsa +.Bk -words +.Op Fl aes128 | aes192 | aes256 | des | des3 +.Op Fl check +.Op Fl in Ar file +.Op Fl inform Cm der | net | pem | pvk +.Op Fl modulus +.Op Fl noout +.Op Fl out Ar file +.Op Fl outform Cm der | net | pem | pvk +.Op Fl passin Ar arg +.Op Fl passout Ar arg +.Op Fl pubin +.Op Fl pubout +.Op Fl pvk-none | pvk-strong | pvk-weak +.Op Fl RSAPublicKey_in +.Op Fl RSAPublicKey_out +.Op Fl text +.Ek +.El +.Pp +The +.Nm rsa +command processes RSA keys. +They can be converted between various forms and their components printed out. +.Nm rsa +uses the traditional +.Nm SSLeay +compatible format for private key encryption: +newer applications should use the more secure PKCS#8 format using the +.Nm pkcs8 +utility. +.Pp +The options are as follows: +.Bl -tag -width Ds +.It Fl aes128 | aes192 | aes256 | des | des3 +Encrypt the private key with the AES, DES, +or the triple DES ciphers, respectively, before outputting it. +A pass phrase is prompted for. +If none of these options are specified, the key is written in plain text. +This means that using the +.Nm rsa +utility to read in an encrypted key with no encryption option can be used +to remove the pass phrase from a key, or by setting the encryption options +it can be used to add or change the pass phrase. +These options can only be used with PEM format output files. +.It Fl check +Check the consistency of an RSA private key. +.It Fl in Ar file +The input file to read from, +or standard input if not specified. +If the key is encrypted, a pass phrase will be prompted for. +.It Fl inform Cm der | net | pem | pvk +The input format. +.It Fl noout +Do not output the encoded version of the key. +.It Fl modulus +Print the value of the modulus of the key. +.It Fl out Ar file +The output file to write to, +or standard output if not specified. +.It Fl outform Cm der | net | pem | pvk +The output format. +.It Fl passin Ar arg +The key password source. +.It Fl passout Ar arg +The output file password source. +.It Fl pubin +Read in a public key, +not a private key. +.It Fl pubout +Output a public key, +not a private key. +Automatically set if the input is a public key. +.It Xo +.Fl pvk-none | pvk-strong | pvk-weak +.Xc +Enable or disable PVK encoding. +The default is +.Fl pvk-strong . +.It Fl RSAPublicKey_in , RSAPublicKey_out +Same as +.Fl pubin +and +.Fl pubout +except +.Cm RSAPublicKey +format is used instead. +.It Fl text +Print the public/private key components in plain text. +.El +.Tg rsautl +.Sh RSAUTL +.Bl -hang -width "openssl rsautl" +.It Nm openssl rsautl +.Bk -words +.Op Fl asn1parse +.Op Fl certin +.Op Fl decrypt +.Op Fl encrypt +.Op Fl hexdump +.Op Fl in Ar file +.Op Fl inkey Ar file +.Op Fl keyform Cm der | pem +.Op Fl oaep | pkcs | raw | x931 +.Op Fl out Ar file +.Op Fl passin Ar arg +.Op Fl pubin +.Op Fl rev +.Op Fl sign +.Op Fl verify +.Ek +.El +.Pp +The +.Nm rsautl +command can be used to sign, verify, encrypt and decrypt +data using the RSA algorithm. +.Pp +The options are as follows: +.Bl -tag -width Ds +.It Fl asn1parse +Asn1parse the output data; this is useful when combined with the +.Fl verify +option. +.It Fl certin +The input is a certificate containing an RSA public key. +.It Fl decrypt +Decrypt the input data using an RSA private key. +.It Fl encrypt +Encrypt the input data using an RSA public key. +.It Fl hexdump +Hex dump the output data. +.It Fl in Ar file +The input to read from, +or standard input if not specified. +.It Fl inkey Ar file +The input key file; by default an RSA private key. +.It Fl keyform Cm der | pem +The private key format. +The default is +.Cm pem . +.It Fl oaep | pkcs | raw | x931 +The padding to use: +PKCS#1 OAEP, PKCS#1 v1.5 (the default), no padding, or ANSI X9.31, +respectively. +For signatures, only +.Fl pkcs +and +.Fl raw +can be used. +.It Fl out Ar file +The output file to write to, +or standard output if not specified. +.It Fl passin Ar arg +The key password source. +.It Fl pubin +The input file is an RSA public key. +.It Fl rev +Reverse the order of the input buffer. +.It Fl sign +Sign the input data and output the signed result. +This requires an RSA private key. +.It Fl verify +Verify the input data and output the recovered data. +.El +.Tg s_client +.Sh S_CLIENT +.Bl -hang -width "openssl s_client" +.It Nm openssl s_client +.Bk -words +.Op Fl 4 | 6 +.Op Fl alpn Ar protocols +.Op Fl bugs +.Op Fl CAfile Ar file +.Op Fl CApath Ar directory +.Op Fl cert Ar file +.Op Fl certform Cm der | pem +.Op Fl check_ss_sig +.Op Fl cipher Ar cipherlist +.Op Fl connect Ar host Ns Op : Ns Ar port +.Op Fl crl_check +.Op Fl crl_check_all +.Op Fl crlf +.Op Fl debug +.Op Fl dtls +.Op Fl dtls1_2 +.Op Fl extended_crl +.Op Fl groups Ar list +.Op Fl host Ar host +.Op Fl ign_eof +.Op Fl ignore_critical +.Op Fl issuer_checks +.Op Fl key Ar keyfile +.Op Fl keyform Cm der | pem +.Op Fl keymatexport Ar label +.Op Fl keymatexportlen Ar len +.Op Fl legacy_server_connect +.Op Fl msg +.Op Fl mtu Ar mtu +.Op Fl nbio +.Op Fl nbio_test +.Op Fl no_comp +.Op Fl no_ign_eof +.Op Fl no_legacy_server_connect +.Op Fl no_ticket +.Op Fl no_tls1_2 +.Op Fl no_tls1_3 +.Op Fl pass Ar arg +.Op Fl policy_check +.Op Fl port Ar port +.Op Fl prexit +.Op Fl proxy Ar host : Ns Ar port +.Op Fl quiet +.Op Fl reconnect +.Op Fl servername Ar name +.Op Fl serverpref +.Op Fl sess_in Ar file +.Op Fl sess_out Ar file +.Op Fl showcerts +.Op Fl starttls Ar protocol +.Op Fl state +.Op Fl status +.Op Fl timeout +.Op Fl tls1_2 +.Op Fl tls1_3 +.Op Fl tlsextdebug +.Op Fl use_srtp Ar profiles +.Op Fl verify Ar depth +.Op Fl verify_return_error +.Op Fl x509_strict +.Op Fl xmpphost Ar host +.Ek +.El +.Pp +The +.Nm s_client +command implements a generic SSL/TLS client which connects +to a remote host using SSL/TLS. +.Pp +If a connection is established with an SSL server, any data received +from the server is displayed and any key presses will be sent to the +server. +When used interactively (which means neither +.Fl quiet +nor +.Fl ign_eof +have been given), the session will be renegotiated if the line begins with an +.Cm R ; +if the line begins with a +.Cm Q +or if end of file is reached, the connection will be closed down. +.Pp +The options are as follows: +.Bl -tag -width Ds +.It Fl 4 +Attempt connections using IPv4 only. +.It Fl 6 +Attempt connections using IPv6 only. +.It Fl alpn Ar protocols +Enable the Application-Layer Protocol Negotiation. +.Ar protocols +is a comma-separated list of protocol names that the client should advertise +support for. +.It Fl bugs +Enable various workarounds for buggy implementations. +.It Fl CAfile Ar file +A +.Ar file +containing trusted certificates to use during server authentication +and to use when attempting to build the client certificate chain. +.It Fl CApath Ar directory +The +.Ar directory +to use for server certificate verification. +This directory must be in +.Qq hash format ; +see +.Fl verify +for more information. +These are also used when building the client certificate chain. +.It Fl cert Ar file +The certificate to use, if one is requested by the server. +The default is not to use a certificate. +.It Fl certform Cm der | pem +The certificate format. +The default is +.Cm pem . +.It Xo +.Fl check_ss_sig , +.Fl crl_check , +.Fl crl_check_all , +.Fl extended_crl , +.Fl ignore_critical , +.Fl issuer_checks , +.Fl policy_check , +.Fl x509_strict +.Xc +Set various certificate chain validation options. +See the +.Nm verify +command for details. +.It Fl cipher Ar cipherlist +Modify the cipher list sent by the client. +Although the server determines which cipher suite is used, it should take +the first supported cipher in the list sent by the client. +See the +.Nm ciphers +command for more information. +.It Fl connect Ar host Ns Op : Ns Ar port +The +.Ar host +and +.Ar port +to connect to. +If not specified, an attempt is made to connect to the local host +on port 4433. +Alternatively, the host and port pair may be separated using a forward-slash +character, +which is useful for numeric IPv6 addresses. +.It Fl crlf +Translate a line feed from the terminal into CR+LF, +as required by some servers. +.It Fl debug +Print extensive debugging information, including a hex dump of all traffic. +.It Fl dtls +Permit any version of DTLS. +.It Fl dtls1_2 +Permit only DTLS1.2. +.It Fl groups Ar list +Set the supported elliptic curve groups to the colon separated +.Ar list +of group NIDs or names as documented in +.Xr SSL_CTX_set1_groups_list 3 . +.It Fl host Ar host +The +.Ar host +to connect to. +The default is localhost. +.It Fl ign_eof +Inhibit shutting down the connection when end of file is reached in the input. +.It Fl key Ar keyfile +The private key to use. +If not specified, the certificate file will be used. +.It Fl keyform Cm der | pem +The private key format. +The default is +.Cm pem . +.It Fl keymatexport Ar label +Export keying material using label. +.It Fl keymatexportlen Ar len +Export len bytes of keying material (default 20). +.It Fl legacy_server_connect , no_legacy_server_connect +Allow or disallow initial connection to servers that don't support RI. +.It Fl msg +Show all protocol messages with hex dump. +.It Fl mtu Ar mtu +Set the link layer MTU. +.It Fl nbio +Turn on non-blocking I/O. +.It Fl nbio_test +Test non-blocking I/O. +.It Fl no_ign_eof +Shut down the connection when end of file is reached in the input. +Can be used to override the implicit +.Fl ign_eof +after +.Fl quiet . +.It Fl no_tls1_2 | no_tls1_3 +Disable the use of TLS1.2 and 1.3, respectively. +.It Fl no_ticket +Disable RFC 4507 session ticket support. +.It Fl pass Ar arg +The private key password source. +.It Fl port Ar port +The +.Ar port +to connect to. +The default is 4433. +.It Fl prexit +Print session information when the program exits. +This will always attempt +to print out information even if the connection fails. +Normally, information will only be printed out once if the connection succeeds. +This option is useful because the cipher in use may be renegotiated +or the connection may fail because a client certificate is required or is +requested only after an attempt is made to access a certain URL. +Note that the output produced by this option is not always accurate +because a connection might never have been established. +.It Fl proxy Ar host : Ns Ar port +Use the HTTP proxy at +.Ar host +and +.Ar port . +The connection to the proxy is done in cleartext and the +.Fl connect +argument is given to the proxy. +If not specified, localhost is used as final destination. +After that, switch the connection through the proxy to the destination +to TLS. +.It Fl quiet +Inhibit printing of session and certificate information. +This implicitly turns on +.Fl ign_eof +as well. +.It Fl reconnect +Reconnect to the same server 5 times using the same session ID; this can +be used as a test that session caching is working. +.It Fl servername Ar name +Include the TLS Server Name Indication (SNI) extension in the ClientHello +message, using the specified server +.Ar name . +.It Fl showcerts +Display the whole server certificate chain: normally only the server +certificate itself is displayed. +.It Fl serverpref +Use the server's cipher preferences. +.It Fl sess_in Ar file +Load TLS session from file. +The client will attempt to resume a connection from this session. +.It Fl sess_out Ar file +Output TLS session to file. +.It Fl starttls Ar protocol +Send the protocol-specific messages to switch to TLS for communication. +.Ar protocol +is a keyword for the intended protocol. +Currently, the supported keywords are +.Qq ftp , +.Qq imap , +.Qq smtp , +.Qq pop3 , +and +.Qq xmpp . +.It Fl state +Print the SSL session states. +.It Fl status +Send a certificate status request to the server (OCSP stapling). +The server response (if any) is printed out. +.It Fl timeout +Enable send/receive timeout on DTLS connections. +.It Fl tls1_2 | tls1_3 +Permit only TLS1.2 or 1.3 respectively. +.It Fl tlsextdebug +Print a hex dump of any TLS extensions received from the server. +.It Fl use_srtp Ar profiles +Offer SRTP key management with a colon-separated profile list. +.It Fl verify Ar depth +Turn on server certificate verification, +with a maximum length of +.Ar depth . +Currently the verify operation continues after errors so all the problems +with a certificate chain can be seen. +As a side effect the connection will never fail due to a server +certificate verify failure. +.It Fl verify_return_error +Return verification error. +.It Fl xmpphost Ar hostname +When used with +.Fl starttls Ar xmpp , +specify the host for the "to" attribute of the stream element. +If this option is not specified then the host specified with +.Fl connect +will be used. +.El +.Tg s_server +.Sh S_SERVER +.Bl -hang -width "openssl s_server" +.It Nm openssl s_server +.Bk -words +.Op Fl accept Ar port +.Op Fl alpn Ar protocols +.Op Fl bugs +.Op Fl CAfile Ar file +.Op Fl CApath Ar directory +.Op Fl cert Ar file +.Op Fl cert2 Ar file +.Op Fl certform Cm der | pem +.Op Fl cipher Ar cipherlist +.Op Fl context Ar id +.Op Fl crl_check +.Op Fl crl_check_all +.Op Fl crlf +.Op Fl dcert Ar file +.Op Fl dcertform Cm der | pem +.Op Fl debug +.Op Fl dhparam Ar file +.Op Fl dkey Ar file +.Op Fl dkeyform Cm der | pem +.Op Fl dpass Ar arg +.Op Fl dtls +.Op Fl dtls1 +.Op Fl dtls1_2 +.Op Fl groups Ar list +.Op Fl HTTP +.Op Fl id_prefix Ar arg +.Op Fl key Ar keyfile +.Op Fl key2 Ar keyfile +.Op Fl keyform Cm der | pem +.Op Fl keymatexport Ar label +.Op Fl keymatexportlen Ar len +.Op Fl msg +.Op Fl mtu Ar mtu +.Op Fl naccept Ar num +.Op Fl named_curve Ar arg +.Op Fl nbio +.Op Fl nbio_test +.Op Fl no_cache +.Op Fl no_dhe +.Op Fl no_ecdhe +.Op Fl no_ticket +.Op Fl no_tls1_2 +.Op Fl no_tls1_3 +.Op Fl no_tmp_rsa +.Op Fl nocert +.Op Fl pass Ar arg +.Op Fl quiet +.Op Fl servername Ar name +.Op Fl servername_fatal +.Op Fl serverpref +.Op Fl state +.Op Fl status +.Op Fl status_timeout Ar nsec +.Op Fl status_url Ar url +.Op Fl status_verbose +.Op Fl timeout +.Op Fl tls1_2 +.Op Fl tls1_3 +.Op Fl tlsextdebug +.Op Fl use_srtp Ar profiles +.Op Fl Verify Ar depth +.Op Fl verify Ar depth +.Op Fl verify_return_error +.Op Fl WWW +.Op Fl www +.Ek +.El +.Pp +The +.Nm s_server +command implements a generic SSL/TLS server which listens +for connections on a given port using SSL/TLS. +.Pp +If a connection request is established with a client and neither the +.Fl www +nor the +.Fl WWW +option has been used, then any data received +from the client is displayed and any key presses are sent to the client. +Certain single letter commands perform special operations: +.Pp +.Bl -tag -width "XXXX" -compact +.It Ic P +Send plain text, which should cause the client to disconnect. +.It Ic Q +End the current SSL connection and exit. +.It Ic q +End the current SSL connection, but still accept new connections. +.It Ic R +Renegotiate the SSL session and request a client certificate. +.It Ic r +Renegotiate the SSL session. +.It Ic S +Print out some session cache status information. +.El +.Pp +The options are as follows: +.Bl -tag -width Ds +.It Fl accept Ar port +Listen on TCP +.Ar port +for connections. +The default is port 4433. +.It Fl alpn Ar protocols +Enable the Application-Layer Protocol Negotiation. +.Ar protocols +is a comma-separated list of supported protocol names. +.It Fl bugs +Enable various workarounds for buggy implementations. +.It Fl CAfile Ar file +A +.Ar file +containing trusted certificates to use during client authentication +and to use when attempting to build the server certificate chain. +The list is also used in the list of acceptable client CAs passed to the +client when a certificate is requested. +.It Fl CApath Ar directory +The +.Ar directory +to use for client certificate verification. +This directory must be in +.Qq hash format ; +see +.Fl verify +for more information. +These are also used when building the server certificate chain. +.It Fl cert Ar file +The certificate to use: most server's cipher suites require the use of a +certificate and some require a certificate with a certain public key type. +For example, the DSS cipher suites require a certificate containing a DSS +(DSA) key. +If not specified, the file +.Pa server.pem +will be used. +.It Fl cert2 Ar file +The certificate to use for servername. +.It Fl certform Cm der | pem +The certificate format. +The default is +.Cm pem . +.It Fl cipher Ar cipherlist +Modify the cipher list used by the server. +This allows the cipher list used by the server to be modified. +When the client sends a list of supported ciphers, the first client cipher +also included in the server list is used. +Because the client specifies the preference order, the order of the server +cipherlist is irrelevant. +See the +.Nm ciphers +command for more information. +.It Fl context Ar id +Set the SSL context ID. +It can be given any string value. +.It Fl crl_check , crl_check_all +Check the peer certificate has not been revoked by its CA. +The CRLs are appended to the certificate file. +.Fl crl_check_all +checks all CRLs of all CAs in the chain. +.It Fl crlf +Translate a line feed from the terminal into CR+LF. +.It Fl dcert Ar file , Fl dkey Ar file +Specify an additional certificate and private key; these behave in the +same manner as the +.Fl cert +and +.Fl key +options except there is no default if they are not specified +(no additional certificate or key is used). +By using RSA and DSS certificates and keys, +a server can support clients which only support RSA or DSS cipher suites +by using an appropriate certificate. +.It Fl dcertform Cm der | pem , Fl dkeyform Cm der | pem , Fl dpass Ar arg +Additional certificate and private key format, and private key password source, +respectively. +.It Fl debug +Print extensive debugging information, including a hex dump of all traffic. +.It Fl dhparam Ar file +The DH parameter file to use. +The ephemeral DH cipher suites generate keys +using a set of DH parameters. +If not specified, an attempt is made to +load the parameters from the server certificate file. +If this fails, a static set of parameters hard coded into the +.Nm s_server +program will be used. +.It Fl dtls +Permit any version of DTLS. +.It Fl dtls1_2 +Permit only DTLS1.2. +.It Fl groups Ar list +Set the supported elliptic curve groups to the colon separated +.Ar list +of group NIDs or names as documented in +.Xr SSL_CTX_set1_groups_list 3 . +.It Fl HTTP +Emulate a simple web server. +Pages are resolved relative to the current directory. +For example if the URL +.Pa https://myhost/page.html +is requested, the file +.Pa ./page.html +will be loaded. +The files loaded are assumed to contain a complete and correct HTTP +response (lines that are part of the HTTP response line and headers +must end with CRLF). +.It Fl id_prefix Ar arg +Generate SSL/TLS session IDs prefixed by +.Ar arg . +This is mostly useful for testing any SSL/TLS code +that wish to deal with multiple servers, +when each of which might be generating a unique range of session IDs. +.It Fl key Ar keyfile +The private key to use. +If not specified, the certificate file will be used. +.It Fl key2 Ar keyfile +The private key to use for servername. +.It Fl keyform Cm der | pem +The private key format. +The default is +.Cm pem . +.It Fl keymatexport Ar label +Export keying material using label. +.It Fl keymatexportlen Ar len +Export len bytes of keying material (default 20). +.It Fl msg +Show all protocol messages with hex dump. +.It Fl mtu Ar mtu +Set the link layer MTU. +.It Fl naccept Ar num +Terminate server after +.Ar num +connections. +.It Fl named_curve Ar arg +Specify the elliptic curve name to use for ephemeral ECDH keys. +This option is deprecated; use +.Fl groups +instead. +.It Fl nbio +Turn on non-blocking I/O. +.It Fl nbio_test +Test non-blocking I/O. +.It Fl no_cache +Disable session caching. +.It Fl no_dhe +Disable ephemeral DH cipher suites. +.It Fl no_ecdhe +Disable ephemeral ECDH cipher suites. +.It Fl no_ticket +Disable RFC 4507 session ticket support. +.It Fl no_tls1_2 | no_tls1_3 +Disable the use of TLS1.2 and 1.3, respectively. +.It Fl no_tmp_rsa +Disable temporary RSA key generation. +.It Fl nocert +Do not use a certificate. +This restricts the cipher suites available to the anonymous ones +(currently just anonymous DH). +.It Fl pass Ar arg +The private key password source. +.It Fl quiet +Inhibit printing of session and certificate information. +.It Fl servername Ar name +Set the TLS Server Name Indication (SNI) extension with +.Ar name . +.It Fl servername_fatal +Send fatal alert if servername does not match. +The default is warning alert. +.It Fl serverpref +Use server's cipher preferences. +.It Fl state +Print the SSL session states. +.It Fl status +Enables certificate status request support (OCSP stapling). +.It Fl status_timeout Ar nsec +Sets the timeout for OCSP response in seconds. +.It Fl status_url Ar url +Sets a fallback responder URL to use if no responder URL is present in the +server certificate. +Without this option, an error is returned if the server certificate does not +contain a responder address. +.It Fl status_verbose +Enables certificate status request support (OCSP stapling) and gives a verbose +printout of the OCSP response. +.It Fl timeout +Enable send/receive timeout on DTLS connections. +.It Fl tls1_2 | tls1_3 +Permit only TLS1.2, or 1.3, respectively. +.It Fl tlsextdebug +Print a hex dump of any TLS extensions received from the server. +.It Fl use_srtp Ar profiles +Offer SRTP key management with a colon-separated profile list. +.It Fl verify_return_error +Return verification error. +.It Fl WWW +Emulate a simple web server. +Pages are resolved relative to the current directory. +For example if the URL +.Pa https://myhost/page.html +is requested, the file +.Pa ./page.html +will be loaded. +.It Fl www +Send a status message to the client when it connects, +including information about the ciphers used and various session parameters. +The output is in HTML format so this option will normally be used with a +web browser. +.It Fl Verify Ar depth , Fl verify Ar depth +Request a certificate chain from the client, +with a maximum length of +.Ar depth . +With +.Fl Verify , +the client must supply a certificate or an error occurs; +with +.Fl verify , +a certificate is requested but the client does not have to send one. +.El +.Tg s_time +.Sh S_TIME +.Bl -hang -width "openssl s_time" +.It Nm openssl s_time +.Bk -words +.Op Fl bugs +.Op Fl CAfile Ar file +.Op Fl CApath Ar directory +.Op Fl cert Ar file +.Op Fl cipher Ar cipherlist +.Op Fl connect Ar host Ns Op : Ns Ar port +.Op Fl key Ar keyfile +.Op Fl nbio +.Op Fl new +.Op Fl no_shutdown +.Op Fl reuse +.Op Fl time Ar seconds +.Op Fl verify Ar depth +.Op Fl www Ar page +.Ek +.El +.Pp +The +.Nm s_time +command implements a generic SSL/TLS client which connects to a +remote host using SSL/TLS. +It can request a page from the server and includes +the time to transfer the payload data in its timing measurements. +It measures the number of connections within a given timeframe, +the amount of data transferred +.Pq if any , +and calculates the average time spent for one connection. +.Pp +The options are as follows: +.Bl -tag -width Ds +.It Fl bugs +Enable various workarounds for buggy implementations. +.It Fl CAfile Ar file +A +.Ar file +containing trusted certificates to use during server authentication +and to use when attempting to build the client certificate chain. +.It Fl CApath Ar directory +The directory to use for server certificate verification. +This directory must be in +.Qq hash format ; +see +.Nm verify +for more information. +These are also used when building the client certificate chain. +.It Fl cert Ar file +The certificate to use, if one is requested by the server. +The default is not to use a certificate. +.It Fl cipher Ar cipherlist +Modify the cipher list sent by the client. +Although the server determines which cipher suite is used, +it should take the first supported cipher in the list sent by the client. +See the +.Nm ciphers +command for more information. +.It Fl connect Ar host Ns Op : Ns Ar port +The host and port to connect to. +.It Fl key Ar keyfile +The private key to use. +If not specified, the certificate file will be used. +.It Fl nbio +Turn on non-blocking I/O. +.It Fl new +Perform the timing test using a new session ID for each connection. +If neither +.Fl new +nor +.Fl reuse +are specified, +they are both on by default and executed in sequence. +.It Fl no_shutdown +Shut down the connection without sending a +.Qq close notify +shutdown alert to the server. +.It Fl reuse +Perform the timing test using the same session ID for each connection. +If neither +.Fl new +nor +.Fl reuse +are specified, +they are both on by default and executed in sequence. +.It Fl time Ar seconds +Limit +.Nm s_time +benchmarks to the number of +.Ar seconds . +The default is 30 seconds. +.It Fl verify Ar depth +Turn on server certificate verification, +with a maximum length of +.Ar depth . +Currently the verify operation continues after errors, so all the problems +with a certificate chain can be seen. +As a side effect, +the connection will never fail due to a server certificate verify failure. +.It Fl www Ar page +The page to GET from the server. +A value of +.Sq / +gets the index.htm[l] page. +If this parameter is not specified, +.Nm s_time +will only perform the handshake to establish SSL connections +but not transfer any payload data. +.El +.Tg sess_id +.Sh SESS_ID +.Bl -hang -width "openssl sess_id" +.It Nm openssl sess_id +.Bk -words +.Op Fl cert +.Op Fl context Ar ID +.Op Fl in Ar file +.Op Fl inform Cm der | pem +.Op Fl noout +.Op Fl out Ar file +.Op Fl outform Cm der | pem +.Op Fl text +.Ek +.El +.Pp +The +.Nm sess_id +program processes the encoded version of the SSL session structure and +optionally prints out SSL session details +(for example the SSL session master key) +in human-readable format. +.Pp +The options are as follows: +.Bl -tag -width Ds +.It Fl cert +If a certificate is present in the session, +it will be output using this option; +if the +.Fl text +option is also present, then it will be printed out in text form. +.It Fl context Ar ID +Set the session +.Ar ID . +The ID can be any string of characters. +.It Fl in Ar file +The input file to read from, +or standard input if not specified. +.It Fl inform Cm der | pem +The input format. +.Cm der +uses an ASN.1 DER-encoded format containing session details. +The precise format can vary from one version to the next. +.Cm pem +is the default format: it consists of the DER +format base64-encoded with additional header and footer lines. +.It Fl noout +Do not output the encoded version of the session. +.It Fl out Ar file +The output file to write to, +or standard output if not specified. +.It Fl outform Cm der | pem +The output format. +.It Fl text +Print the various public or private key components in plain text, +in addition to the encoded version. +.El +.Pp +The output of +.Nm sess_id +is composed as follows: +.Pp +.Bl -tag -width "Verify return code " -offset 3n -compact +.It Protocol +The protocol in use. +.It Cipher +The actual raw SSL or TLS cipher code. +.It Session-ID +The SSL session ID, in hex format. +.It Session-ID-ctx +The session ID context, in hex format. +.It Master-Key +The SSL session master key. +.It Key-Arg +The key argument; this is only used in SSL v2. +.It Start Time +The session start time. +.Ux +format. +.It Timeout +The timeout, in seconds. +.It Verify return code +The return code when a certificate is verified. +.El +.Pp +Since the SSL session output contains the master key, it is possible to read +the contents of an encrypted session using this information. +Therefore appropriate security precautions +should be taken if the information is being output by a +.Qq real +application. +This is, however, strongly discouraged and should only be used for +debugging purposes. +.Tg smime +.Sh SMIME +.Bl -hang -width "openssl smime" +.It Nm openssl smime +.Bk -words +.Oo +.Fl aes128 | aes192 | aes256 | des | +.Fl des3 | rc2-40 | rc2-64 | rc2-128 +.Oc +.Op Fl binary +.Op Fl CAfile Ar file +.Op Fl CApath Ar directory +.Op Fl certfile Ar file +.Op Fl check_ss_sig +.Op Fl content Ar file +.Op Fl crl_check +.Op Fl crl_check_all +.Op Fl decrypt +.Op Fl encrypt +.Op Fl extended_crl +.Op Fl from Ar addr +.Op Fl ignore_critical +.Op Fl in Ar file +.Op Fl indef +.Op Fl inform Cm der | pem | smime +.Op Fl inkey Ar file +.Op Fl issuer_checks +.Op Fl keyform Cm der | pem +.Op Fl md Ar digest +.Op Fl noattr +.Op Fl nocerts +.Op Fl nochain +.Op Fl nodetach +.Op Fl noindef +.Op Fl nointern +.Op Fl nosigs +.Op Fl nosmimecap +.Op Fl noverify +.Op Fl out Ar file +.Op Fl outform Cm der | pem | smime +.Op Fl passin Ar arg +.Op Fl pk7out +.Op Fl policy_check +.Op Fl recip Ar file +.Op Fl resign +.Op Fl sign +.Op Fl signer Ar file +.Op Fl stream +.Op Fl subject Ar s +.Op Fl text +.Op Fl to Ar addr +.Op Fl verify +.Op Fl x509_strict +.Op Ar cert.pem ... +.Ek +.El +.Pp +The +.Nm smime +command handles S/MIME mail. +It can encrypt, decrypt, sign, and verify S/MIME messages. +.Pp +The MIME message must be sent without any blank lines between the +headers and the output. +Some mail programs will automatically add a blank line. +Piping the mail directly to an MTA is one way to +achieve the correct format. +.Pp +The supplied message to be signed or encrypted must include the necessary +MIME headers or many S/MIME clients won't display it properly (if at all). +Use the +.Fl text +option to automatically add plain text headers. +.Pp +A +.Qq signed and encrypted +message is one where a signed message is then encrypted. +This can be produced by encrypting an already signed message. +.Pp +There are a number of operations that can be performed, as follows: +.Bl -tag -width "XXXX" +.It Fl decrypt +Decrypt mail using the supplied certificate and private key. +The input file is an encrypted mail message in MIME format. +The decrypted mail is written to the output file. +.It Fl encrypt +Encrypt mail for the given recipient certificates. +The input is the message to be encrypted. +The output file is the encrypted mail, in MIME format. +.It Fl pk7out +Take an input message and write out a PEM-encoded PKCS#7 structure. +.It Fl resign +Resign a message: take an existing message and one or more new signers. +.It Fl sign +Sign mail using the supplied certificate and private key. +The input file is the message to be signed. +The signed message, in MIME format, is written to the output file. +.It Fl verify +Verify signed mail. +The input is a signed mail message and the output is the signed data. +Both clear text and opaque signing is supported. +.El +.Pp +The remaining options are as follows: +.Bl -tag -width "XXXX" +.It Xo +.Fl aes128 | aes192 | aes256 | des | +.Fl des3 | rc2-40 | rc2-64 | rc2-128 +.Xc +The encryption algorithm to use. +128-, 192-, or 256-bit AES, DES (56 bits), triple DES (168 bits), +or 40-, 64-, or 128-bit RC2, respectively; +if not specified, 40-bit RC2 is +used. +Only used with +.Fl encrypt . +.It Fl binary +Normally, the input message is converted to +.Qq canonical +format which uses CR/LF as end of line, +as required by the S/MIME specification. +When this option is present, no translation occurs. +This is useful when handling binary data which may not be in MIME format. +.It Fl CAfile Ar file +A +.Ar file +containing trusted CA certificates; only used with +.Fl verify . +.It Fl CApath Ar directory +A +.Ar directory +containing trusted CA certificates; only used with +.Fl verify . +This directory must be a standard certificate directory: +that is, a hash of each subject name (using +.Nm x509 -hash ) +should be linked to each certificate. +.It Ar cert.pem ... +One or more certificates of message recipients: used when encrypting +a message. +.It Fl certfile Ar file +Allows additional certificates to be specified. +When signing, these will be included with the message. +When verifying, these will be searched for the signers' certificates. +The certificates should be in PEM format. +.It Xo +.Fl check_ss_sig , +.Fl crl_check , +.Fl crl_check_all , +.Fl extended_crl , +.Fl ignore_critical , +.Fl issuer_checks , +.Fl policy_check , +.Fl x509_strict +.Xc +Set various certificate chain validation options. +See the +.Nm verify +command for details. +.It Fl content Ar file +A file containing the detached content. +This is only useful with the +.Fl verify +option, +and only usable if the PKCS#7 structure is using the detached +signature form where the content is not included. +This option will override any content if the input format is S/MIME +and it uses the multipart/signed MIME content type. +.It Xo +.Fl from Ar addr , +.Fl subject Ar s , +.Fl to Ar addr +.Xc +The relevant mail headers. +These are included outside the signed +portion of a message so they may be included manually. +When signing, many S/MIME +mail clients check that the signer's certificate email +address matches the From: address. +.It Fl in Ar file +The input file to read from. +.It Fl indef +Enable streaming I/O for encoding operations. +This permits single pass processing of data without +the need to hold the entire contents in memory, +potentially supporting very large files. +Streaming is automatically set for S/MIME signing with detached +data if the output format is SMIME; +it is currently off by default for all other operations. +.It Fl inform Cm der | pem | smime +The input format. +.It Fl inkey Ar file +The private key to use when signing or decrypting, +which must match the corresponding certificate. +If this option is not specified, the private key must be included +in the certificate file specified with +the +.Fl recip +or +.Fl signer +file. +When signing, +this option can be used multiple times to specify successive keys. +.It Fl keyform Cm der | pem +Input private key format. +The default is +.Cm pem . +.It Fl md Ar digest +The digest algorithm to use when signing or resigning. +If not present then the default digest algorithm for the signing key is used +(usually SHA1). +.It Fl noattr +Do not include attributes. +.It Fl nocerts +Do not include the signer's certificate. +This will reduce the size of the signed message but the verifier must +have a copy of the signer's certificate available locally (passed using the +.Fl certfile +option, for example). +.It Fl nochain +Do not do chain verification of signers' certificates: that is, +don't use the certificates in the signed message as untrusted CAs. +.It Fl nodetach +When signing a message, use opaque signing: this form is more resistant +to translation by mail relays but it cannot be read by mail agents that +do not support S/MIME. +Without this option cleartext signing with the MIME type +multipart/signed is used. +.It Fl noindef +Disable streaming I/O where it would produce an encoding of indefinite length +(currently has no effect). +.It Fl nointern +Only use certificates specified in the +.Fl certfile . +The supplied certificates can still be used as untrusted CAs. +.It Fl nosigs +Do not try to verify the signatures on the message. +.It Fl nosmimecap +Exclude the list of supported algorithms from signed attributes, +other options such as signing time and content type are still included. +.It Fl noverify +Do not verify the signer's certificate of a signed message. +.It Fl out Ar file +The output file to write to. +.It Fl outform Cm der | pem | smime +The output format. +The default is smime, which writes an S/MIME format message. +.Cm pem +and +.Cm der +change this to write PEM and DER format PKCS#7 structures instead. +This currently only affects the output format of the PKCS#7 +structure; if no PKCS#7 structure is being output (for example with +.Fl verify +or +.Fl decrypt ) +this option has no effect. +.It Fl passin Ar arg +The key password source. +.It Fl recip Ar file +The recipients certificate when decrypting a message. +This certificate +must match one of the recipients of the message or an error occurs. +.It Fl signer Ar file +A signing certificate when signing or resigning a message; +this option can be used multiple times if more than one signer is required. +If a message is being verified, the signer's certificates will be +written to this file if the verification was successful. +.It Fl stream +The same as +.Fl indef . +.It Fl text +Add plain text (text/plain) MIME +headers to the supplied message if encrypting or signing. +If decrypting or verifying, it strips off text headers: +if the decrypted or verified message is not of MIME type text/plain +then an error occurs. +.El +.Pp +The exit codes for +.Nm smime +are as follows: +.Pp +.Bl -tag -width "XXXX" -offset 3n -compact +.It 0 +The operation was completely successful. +.It 1 +An error occurred parsing the command options. +.It 2 +One of the input files could not be read. +.It 3 +An error occurred creating the file or when reading the message. +.It 4 +An error occurred decrypting or verifying the message. +.It 5 +An error occurred writing certificates. +.El +.Tg speed +.Sh SPEED +.Bl -hang -width "openssl speed" +.It Nm openssl speed +.Bk -words +.Op Ar algorithm +.Op Fl decrypt +.Op Fl elapsed +.Op Fl evp Ar algorithm +.Op Fl mr +.Op Fl multi Ar number +.Op Fl unaligned Ar number +.Ek +.El +.Pp +The +.Nm speed +command is used to test the performance of cryptographic algorithms. +.Bl -tag -width "XXXX" +.It Ar algorithm +Perform the test using +.Ar algorithm . +The default is to test all algorithms. +.It Fl decrypt +Time decryption instead of encryption; +must be used with +.Fl evp . +.It Fl elapsed +Measure time in real time instead of CPU user time. +.It Fl evp Ar algorithm +Perform the test using one of the algorithms accepted by +.Xr EVP_get_cipherbyname 3 . +.It Fl mr +Produce machine readable output. +.It Fl multi Ar number +Run +.Ar number +benchmarks in parallel. +.It Fl unaligned Ar number +Use allocated buffers with an offset of +.Ar number +bytes from the alignment provided by +.Xr malloc 3 . +.Ar number +should be between 0 and 16. +.El +.Tg ts +.Sh TS +.Bk -words +.Bl -hang -width "openssl ts" +.It Nm openssl ts +.Fl query +.Op Fl md4 | md5 | ripemd160 | sha1 +.Op Fl cert +.Op Fl config Ar configfile +.Op Fl data Ar file_to_hash +.Op Fl digest Ar digest_bytes +.Op Fl in Ar request.tsq +.Op Fl no_nonce +.Op Fl out Ar request.tsq +.Op Fl policy Ar object_id +.Op Fl text +.It Nm openssl ts +.Fl reply +.Op Fl chain Ar certs_file.pem +.Op Fl config Ar configfile +.Op Fl in Ar response.tsr +.Op Fl inkey Ar private.pem +.Op Fl out Ar response.tsr +.Op Fl passin Ar arg +.Op Fl policy Ar object_id +.Op Fl queryfile Ar request.tsq +.Op Fl section Ar tsa_section +.Op Fl signer Ar tsa_cert.pem +.Op Fl text +.Op Fl token_in +.Op Fl token_out +.It Nm openssl ts +.Fl verify +.Op Fl CAfile Ar trusted_certs.pem +.Op Fl CApath Ar trusted_cert_path +.Op Fl data Ar file_to_hash +.Op Fl digest Ar digest_bytes +.Op Fl in Ar response.tsr +.Op Fl queryfile Ar request.tsq +.Op Fl token_in +.Op Fl untrusted Ar cert_file.pem +.El +.Ek +.Pp +The +.Nm ts +command is a basic Time Stamping Authority (TSA) client and server +application as specified in RFC 3161 (Time-Stamp Protocol, TSP). +A TSA can be part of a PKI deployment and its role is to provide long +term proof of the existence of specific data. +Here is a brief description of the protocol: +.Bl -enum +.It +The TSA client computes a one-way hash value for a data file and sends +the hash to the TSA. +.It +The TSA attaches the current date and time to the received hash value, +signs them and sends the time stamp token back to the client. +By creating this token the TSA certifies the existence of the original +data file at the time of response generation. +.It +The TSA client receives the time stamp token and verifies the +signature on it. +It also checks if the token contains the same hash +value that it had sent to the TSA. +.El +.Pp +There is one DER-encoded protocol data unit defined for transporting a time +stamp request to the TSA and one for sending the time stamp response +back to the client. +The +.Nm ts +command has three main functions: +creating a time stamp request based on a data file; +creating a time stamp response based on a request; +and verifying if a response corresponds +to a particular request or a data file. +.Pp +There is no support for sending the requests/responses automatically +over HTTP or TCP yet as suggested in RFC 3161. +Users must send the requests either by FTP or email. +.Pp +The +.Fl query +switch can be used for creating and printing a time stamp +request with the following options: +.Bl -tag -width Ds +.It Fl cert +Expect the TSA to include its signing certificate in the response. +.It Fl config Ar configfile +Specify an alternative configuration file. +Only the OID section is used. +.It Fl data Ar file_to_hash +The data file for which the time stamp request needs to be created. +The default is standard input. +.It Fl digest Ar digest_bytes +Specify the message imprint explicitly without the data file. +The imprint must be specified in a hexadecimal format, +two characters per byte, +the bytes optionally separated by colons. +The number of bytes must match the message digest algorithm in use. +.It Fl in Ar request.tsq +A previously created time stamp request in DER +format that will be printed into the output file. +Useful for examining the content of a request in human-readable format. +.It Fl md4 | md5 | ripemd160 | sha | sha1 +The message digest to apply to the data file. +It supports all the message digest algorithms that are supported by the +.Nm dgst +command. +The default is SHA1. +.It Fl no_nonce +Specify no nonce in the request. +The default, to include a 64-bit long pseudo-random nonce, +is recommended to protect against replay attacks. +.It Fl out Ar request.tsq +The output file to write to, +or standard output if not specified. +.It Fl policy Ar object_id +The policy that the client expects the TSA to use for creating the +time stamp token. +Either dotted OID notation or OID names defined +in the config file can be used. +If no policy is requested, the TSA uses its own default policy. +.It Fl text +Output in human-readable text format instead of DER. +.El +.Pp +A time stamp response (TimeStampResp) consists of a response status +and the time stamp token itself (ContentInfo), +if the token generation was successful. +The +.Fl reply +command is for creating a time stamp +response or time stamp token based on a request and printing the +response/token in human-readable format. +If +.Fl token_out +is not specified the output is always a time stamp response (TimeStampResp), +otherwise it is a time stamp token (ContentInfo). +.Bl -tag -width Ds +.It Fl chain Ar certs_file.pem +The collection of PEM certificates +that will be included in the response +in addition to the signer certificate if the +.Fl cert +option was used for the request. +This file is supposed to contain the certificate chain +for the signer certificate from its issuer upwards. +The +.Fl reply +command does not build a certificate chain automatically. +.It Fl config Ar configfile +Specify an alternative configuration file. +.It Fl in Ar response.tsr +Specify a previously created time stamp response (or time stamp token, if +.Fl token_in +is also specified) +in DER format that will be written to the output file. +This option does not require a request; +it is useful, for example, +to examine the content of a response or token +or to extract the time stamp token from a response. +If the input is a token and the output is a time stamp response, a default +.Qq granted +status info is added to the token. +.It Fl inkey Ar private.pem +The signer private key of the TSA in PEM format. +Overrides the +.Cm signer_key +config file option. +.It Fl out Ar response.tsr +The response is written to this file. +The format and content of the file depends on other options (see +.Fl text +and +.Fl token_out ) . +The default is stdout. +.It Fl passin Ar arg +The key password source. +.It Fl policy Ar object_id +The default policy to use for the response. +Either dotted OID notation or OID names defined +in the config file can be used. +If no policy is requested, the TSA uses its own default policy. +.It Fl queryfile Ar request.tsq +The file containing a DER-encoded time stamp request. +.It Fl section Ar tsa_section +The config file section containing the settings for response generation. +.It Fl signer Ar tsa_cert.pem +The PEM signer certificate of the TSA. +The TSA signing certificate must have exactly one extended key usage +assigned to it: timeStamping. +The extended key usage must also be critical, +otherwise the certificate is going to be refused. +Overrides the +.Cm signer_cert +variable of the config file. +.It Fl text +Output in human-readable text format instead of DER. +.It Fl token_in +The input is a DER-encoded time stamp token (ContentInfo) +instead of a time stamp response (TimeStampResp). +.It Fl token_out +The output is a time stamp token (ContentInfo) +instead of a time stamp response (TimeStampResp). +.El +.Pp +The +.Fl verify +command is for verifying if a time stamp response or time stamp token +is valid and matches a particular time stamp request or data file. +The +.Fl verify +command does not use the configuration file. +.Bl -tag -width Ds +.It Fl CAfile Ar trusted_certs.pem +The file containing a set of trusted self-signed PEM CA certificates. +See +.Nm verify +for additional details. +Either this option or +.Fl CApath +must be specified. +.It Fl CApath Ar trusted_cert_path +The directory containing the trusted CA certificates of the client. +See +.Nm verify +for additional details. +Either this option or +.Fl CAfile +must be specified. +.It Fl data Ar file_to_hash +The response or token must be verified against +.Ar file_to_hash . +The file is hashed with the message digest algorithm specified in the token. +The +.Fl digest +and +.Fl queryfile +options must not be specified with this one. +.It Fl digest Ar digest_bytes +The response or token must be verified against the message digest specified +with this option. +The number of bytes must match the message digest algorithm +specified in the token. +The +.Fl data +and +.Fl queryfile +options must not be specified with this one. +.It Fl in Ar response.tsr +The time stamp response that needs to be verified, in DER format. +This option in mandatory. +.It Fl queryfile Ar request.tsq +The original time stamp request, in DER format. +The +.Fl data +and +.Fl digest +options must not be specified with this one. +.It Fl token_in +The input is a DER-encoded time stamp token (ContentInfo) +instead of a time stamp response (TimeStampResp). +.It Fl untrusted Ar cert_file.pem +Additional untrusted PEM certificates which may be needed +when building the certificate chain for the TSA's signing certificate. +This file must contain the TSA signing certificate and +all intermediate CA certificates unless the response includes them. +.El +.Pp +Options specified on the command line always override +the settings in the config file: +.Bl -tag -width Ds +.It Cm tsa Ar section , Cm default_tsa +This is the main section and it specifies the name of another section +that contains all the options for the +.Fl reply +option. +This section can be overridden with the +.Fl section +command line switch. +.It Cm oid_file +See +.Nm ca +for a description. +.It Cm oid_section +See +.Nm ca +for a description. +.It Cm serial +The file containing the hexadecimal serial number of the +last time stamp response created. +This number is incremented by 1 for each response. +If the file does not exist at the time of response generation, +a new file is created with serial number 1. +This parameter is mandatory. +.It Cm signer_cert +TSA signing certificate, in PEM format. +The same as the +.Fl signer +command line option. +.It Cm certs +A set of PEM-encoded certificates that need to be +included in the response. +The same as the +.Fl chain +command line option. +.It Cm signer_key +The private key of the TSA, in PEM format. +The same as the +.Fl inkey +command line option. +.It Cm default_policy +The default policy to use when the request does not mandate any policy. +The same as the +.Fl policy +command line option. +.It Cm other_policies +Comma separated list of policies that are also acceptable by the TSA +and used only if the request explicitly specifies one of them. +.It Cm digests +The list of message digest algorithms that the TSA accepts. +At least one algorithm must be specified. +This parameter is mandatory. +.It Cm accuracy +The accuracy of the time source of the TSA in seconds, milliseconds +and microseconds. +For example, secs:1, millisecs:500, microsecs:100. +If any of the components is missing, +zero is assumed for that field. +.It Cm clock_precision_digits +The maximum number of digits, which represent the fraction of seconds, +that need to be included in the time field. +The trailing zeroes must be removed from the time, +so there might actually be fewer digits +or no fraction of seconds at all. +The maximum value is 6; +the default is 0. +.It Cm ordering +If this option is yes, +the responses generated by this TSA can always be ordered, +even if the time difference between two responses is less +than the sum of their accuracies. +The default is no. +.It Cm tsa_name +Set this option to yes if the subject name of the TSA must be included in +the TSA name field of the response. +The default is no. +.It Cm ess_cert_id_chain +The SignedData objects created by the TSA always contain the +certificate identifier of the signing certificate in a signed +attribute (see RFC 2634, Enhanced Security Services). +If this option is set to yes and either the +.Cm certs +variable or the +.Fl chain +option is specified then the certificate identifiers of the chain will also +be included in the SigningCertificate signed attribute. +If this variable is set to no, +only the signing certificate identifier is included. +The default is no. +.El +.Tg verify +.Sh VERIFY +.Bl -hang -width "openssl verify" +.It Nm openssl verify +.Bk -words +.Op Fl CAfile Ar file +.Op Fl CApath Ar directory +.Op Fl check_ss_sig +.Op Fl CRLfile Ar file +.Op Fl crl_check +.Op Fl crl_check_all +.Op Fl explicit_policy +.Op Fl extended_crl +.Op Fl help +.Op Fl ignore_critical +.Op Fl inhibit_any +.Op Fl inhibit_map +.Op Fl issuer_checks +.Op Fl legacy_verify +.Op Fl policy_check +.Op Fl purpose Ar purpose +.Op Fl trusted Ar file +.Op Fl untrusted Ar file +.Op Fl verbose +.Op Fl x509_strict +.Op Ar certificates +.Ek +.El +.Pp +The +.Nm verify +command verifies certificate chains. +.Pp +The options are as follows: +.Bl -tag -width Ds +.It Fl CAfile Ar file +A +.Ar file +of trusted certificates. +The +.Ar file +should contain multiple certificates in PEM format, concatenated together. +.It Fl CApath Ar directory +A +.Ar directory +of trusted certificates. +The certificates, or symbolic links to them, +should have names of the form +.Ar hash Ns .0 , +where +.Ar hash +is the hashed certificate subject name +(see the +.Fl hash +option of the +.Nm x509 +utility). +.It Fl check_ss_sig +Verify the signature on the self-signed root CA. +This is disabled by default +because it doesn't add any security. +.It Fl CRLfile Ar file +The +.Ar file +should contain one or more CRLs in PEM format. +.It Fl crl_check +Check end entity certificate validity by attempting to look up a valid CRL. +If a valid CRL cannot be found, an error occurs. +.It Fl crl_check_all +Check the validity of all certificates in the chain by attempting +to look up valid CRLs. +.It Fl explicit_policy +Set policy variable require-explicit-policy (RFC 3280). +.It Fl extended_crl +Enable extended CRL features such as indirect CRLs and alternate CRL +signing keys. +.It Fl help +Print a usage message. +.It Fl ignore_critical +Ignore critical extensions instead of rejecting the certificate. +.It Fl inhibit_any +Set policy variable inhibit-any-policy (RFC 3280). +.It Fl inhibit_map +Set policy variable inhibit-policy-mapping (RFC 3280). +.It Fl issuer_checks +Print diagnostics relating to searches for the issuer certificate +of the current certificate +showing why each candidate issuer certificate was rejected. +The presence of rejection messages +does not itself imply that anything is wrong: +during the normal verify process several rejections may take place. +.It Fl legacy_verify +Use the legacy X.509 certificate chain verification code. +.It Fl policy_check +Enable certificate policy processing. +.It Fl purpose Ar purpose +The intended use for the certificate. +Without this option no chain verification will be done. +Currently accepted uses are +.Cm sslclient , sslserver , +.Cm nssslserver , smimesign , +.Cm smimeencrypt , crlsign , +.Cm any , +and +.Cm ocsphelper . +.It Fl trusted Ar file +A +.Ar file +of trusted certificates. +The +.Ar file +should contain multiple certificates. +.It Fl untrusted Ar file +A +.Ar file +of untrusted certificates. +The +.Ar file +should contain multiple certificates. +.It Fl verbose +Print extra information about the operations being performed. +.It Fl x509_strict +Disable workarounds for broken certificates which have to be disabled +for strict X.509 compliance. +.It Ar certificates +One or more PEM +.Ar certificates +to verify. +If no certificate files are included, an attempt is made to read +a certificate from standard input. +If the first certificate filename begins with a dash, +use a lone dash to mark the last option. +.El +.Pp +The +.Nm verify +program uses the same functions as the internal SSL and S/MIME verification, +with one crucial difference: +wherever possible an attempt is made to continue after an error, +whereas normally the verify operation would halt on the first error. +This allows all the problems with a certificate chain to be determined. +.Pp +The verify operation consists of a number of separate steps. +Firstly a certificate chain is built up starting from the supplied certificate +and ending in the root CA. +It is an error if the whole chain cannot be built up. +The chain is built up by looking up the issuer's certificate of the current +certificate. +If a certificate is found which is its own issuer, it is assumed +to be the root CA. +.Pp +All certificates whose subject name matches the issuer name +of the current certificate are subject to further tests. +The relevant authority key identifier components of the current certificate +(if present) must match the subject key identifier (if present) +and issuer and serial number of the candidate issuer; +in addition the +.Cm keyUsage +extension of the candidate issuer (if present) must permit certificate signing. +.Pp +The lookup first looks in the list of untrusted certificates and if no match +is found the remaining lookups are from the trusted certificates. +The root CA is always looked up in the trusted certificate list: +if the certificate to verify is a root certificate, +then an exact match must be found in the trusted list. +.Pp +The second operation is to check every untrusted certificate's extensions for +consistency with the supplied purpose. +If the +.Fl purpose +option is not included, then no checks are done. +The supplied or +.Qq leaf +certificate must have extensions compatible with the supplied purpose +and all other certificates must also be valid CA certificates. +The precise extensions required are described in more detail in +the +.Nm X509 +section below. +.Pp +The third operation is to check the trust settings on the root CA. +The root CA should be trusted for the supplied purpose. +A certificate with no trust settings is considered to be valid for +all purposes. +.Pp +The final operation is to check the validity of the certificate chain. +The validity period is checked against the current system time and the +.Cm notBefore +and +.Cm notAfter +dates in the certificate. +The certificate signatures are also checked at this point. +.Pp +If all operations complete successfully, the certificate is considered +valid. +If any operation fails then the certificate is not valid. +When a verify operation fails, the output messages can be somewhat cryptic. +The general form of the error message is: +.Bd -literal +server.pem: /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test CA (1024-bit) +error 24 at 1 depth lookup:invalid CA certificate +.Ed +.Pp +The first line contains the name of the certificate being verified, followed by +the subject name of the certificate. +The second line contains the error number as defined by the +.Dv X509_V_ERR_* +constants in +.In openssl/x509_vfy.h , +the associated error message documented in +.Xr X509_STORE_CTX_get_error 3 , +and the depth. +The depth is the number of the certificate being verified when a +problem was detected starting with zero for the certificate being verified +itself, then 1 for the CA that signed the certificate and so on. +.Tg version +.Sh VERSION +.Nm openssl version +.Op Fl abdfpv +.Pp +The +.Nm version +command is used to print out version information about +.Nm openssl . +.Pp +The options are as follows: +.Bl -tag -width Ds +.It Fl a +All information: this is the same as setting all the other flags. +.It Fl b +The date the current version of +.Nm openssl +was built. +.It Fl d +.Ev OPENSSLDIR +setting. +.It Fl f +Compilation flags. +.It Fl p +Platform setting. +.It Fl v +The current +.Nm openssl +version. +.El +.Tg x509 +.Sh X509 +.Bl -hang -width "openssl x509" +.It Nm openssl x509 +.Bk -words +.Op Fl C +.Op Fl addreject Ar arg +.Op Fl addtrust Ar arg +.Op Fl alias +.Op Fl CA Ar file +.Op Fl CAcreateserial +.Op Fl CAform Cm der | pem +.Op Fl CAkey Ar file +.Op Fl CAkeyform Cm der | pem +.Op Fl CAserial Ar file +.Op Fl certopt Ar option +.Op Fl checkend Ar arg +.Op Fl clrext +.Op Fl clrreject +.Op Fl clrtrust +.Op Fl dates +.Op Fl days Ar arg +.Op Fl email +.Op Fl enddate +.Op Fl extensions Ar section +.Op Fl extfile Ar file +.Op Fl fingerprint +.Op Fl force_pubkey Ar key +.Op Fl hash +.Op Fl in Ar file +.Op Fl inform Cm der | net | pem +.Op Fl issuer +.Op Fl issuer_hash +.Op Fl issuer_hash_old +.Op Fl keyform Cm der | pem +.Op Fl md5 | sha1 +.Op Fl modulus +.Op Fl multivalue-rdn +.Op Fl nameopt Ar option +.Op Fl new +.Op Fl next_serial +.Op Fl noout +.Op Fl ocsp_uri +.Op Fl ocspid +.Op Fl out Ar file +.Op Fl outform Cm der | net | pem +.Op Fl passin Ar arg +.Op Fl pubkey +.Op Fl purpose +.Op Fl req +.Op Fl serial +.Op Fl set_issuer Ar name +.Op Fl set_serial Ar n +.Op Fl set_subject Ar name +.Op Fl setalias Ar arg +.Op Fl signkey Ar file +.Op Fl sigopt Ar nm:v +.Op Fl startdate +.Op Fl subject +.Op Fl subject_hash +.Op Fl subject_hash_old +.Op Fl text +.Op Fl trustout +.Op Fl utf8 +.Op Fl x509toreq +.Ek +.El +.Pp +The +.Nm x509 +command is a multi-purpose certificate utility. +It can be used to display certificate information, convert certificates to +various forms, sign certificate requests like a +.Qq mini CA , +or edit certificate trust settings. +.Pp +The following are x509 input, output, and general purpose options: +.Bl -tag -width "XXXX" +.It Fl in Ar file +The input file to read from, +or standard input if not specified. +This option cannot be used with +.Fl new . +.It Fl inform Cm der | net | pem +The input format. +Normally, the command will expect an X.509 certificate, +but this can change if other options such as +.Fl in +or +.Fl req +are present. +.It Fl md5 | sha1 +The digest to use. +This affects any signing or display option that uses a message digest, +such as the +.Fl fingerprint , signkey , +and +.Fl CA +options. +If not specified, MD5 is used. +SHA1 is always used with DSA keys. +.It Fl out Ar file +The output file to write to, +or standard output if none is specified. +.It Fl outform Cm der | net | pem +The output format. +.It Fl passin Ar arg +The key password source. +.El +.Pp +The following are x509 display options: +.Bl -tag -width "XXXX" +.It Fl C +Output the certificate in the form of a C source file. +.It Fl certopt Ar option +Customise the output format used with +.Fl text , +either using a list of comma-separated options or by specifying +.Fl certopt +multiple times. +The default behaviour is to print all fields. +The options are as follows: +.Pp +.Bl -tag -width "no_extensions" -offset indent -compact +.It Cm ca_default +Equivalent to +.Cm no_issuer , no_pubkey , no_header , +.Cm no_version , no_sigdump , +and +.Cm no_signame . +.It Cm compatible +Equivalent to no output options at all. +.It Cm ext_default +Print unsupported certificate extensions. +.It Cm ext_dump +Hex dump unsupported extensions. +.It Cm ext_error +Print an error message for unsupported certificate extensions. +.It Cm ext_parse +ASN.1 parse unsupported extensions. +.It Cm no_aux +Do not print certificate trust information. +.It Cm no_extensions +Do not print X509V3 extensions. +.It Cm no_header +Do not print header (Certificate and Data) information. +.It Cm no_issuer +Do not print the issuer name. +.It Cm no_pubkey +Do not print the public key. +.It Cm no_serial +Do not print the serial number. +.It Cm no_sigdump +Do not give a hexadecimal dump of the certificate signature. +.It Cm no_signame +Do not print the signature algorithm used. +.It Cm no_subject +Do not print the subject name. +.It Cm no_validity +Do not print the +.Cm notBefore +and +.Cm notAfter +(validity) fields. +.It Cm no_version +Do not print the version number. +.El +.It Fl dates +Print the start and expiry date of a certificate. +.It Fl email +Output the email addresses, if any. +.It Fl enddate +Print the expiry date of the certificate; that is, the +.Cm notAfter +date. +.It Fl fingerprint +Print the digest of the DER-encoded version of the whole certificate. +.It Fl hash +A synonym for +.Fl subject_hash . +.It Fl issuer +Print the issuer name. +.It Fl issuer_hash +Print the hash of the certificate issuer name. +.It Fl issuer_hash_old +Print the hash of the certificate issuer name +using the older algorithm as used by +.Nm openssl +versions before 1.0.0. +.It Fl modulus +Print the value of the modulus of the public key contained in the certificate. +.It Fl multivalue-rdn +This option causes the +.Fl subj +argument to be interpreted with full support for multivalued RDNs, +for example +.Qq "/DC=org/DC=OpenSSL/DC=users/UID=123456+CN=John Doe" . +If +.Fl multivalue-rdn +is not used, the UID value is set to +.Qq "123456+CN=John Doe" . +.It Fl nameopt Ar option +Customise how the subject or issuer names are displayed, +either using a list of comma-separated options or by specifying +.Fl nameopt +multiple times. +The default behaviour is to use the +.Cm oneline +format. +The options, +which can be preceded by a dash to turn them off, +are as follows: +.Bl -tag -width "XXXX" +.It Cm align +Align field values for a more readable output. +Only usable with +.Ar sep_multiline . +.It Cm compat +Use the old format, +equivalent to specifying no options at all. +.It Cm dn_rev +Reverse the fields of the DN, as required by RFC 2253. +As a side effect, this also reverses the order of multiple AVAs. +.It Cm dump_all +Dump all fields. +When used with +.Ar dump_der , +it allows the DER encoding of the structure to be unambiguously determined. +.It Cm dump_der +Any fields that need to be hexdumped are +dumped using the DER encoding of the field. +Otherwise just the content octets will be displayed. +Both options use the RFC 2253 #XXXX... format. +.It Cm dump_nostr +Dump non-character string types +(for example OCTET STRING); +usually, non-character string types are displayed +as though each content octet represents a single character. +.It Cm dump_unknown +Dump any field whose OID is not recognised by +.Nm openssl . +.It Cm esc_2253 +Escape the +.Qq special +characters required by RFC 2253 in a field that is +.Dq \& ,+"<>; . +Additionally, +.Sq # +is escaped at the beginning of a string +and a space character at the beginning or end of a string. +.It Cm esc_ctrl +Escape control characters. +That is, those with ASCII values less than 0x20 (space) +and the delete (0x7f) character. +They are escaped using the RFC 2253 \eXX notation (where XX are two hex +digits representing the character value). +.It Cm esc_msb +Escape characters with the MSB set; that is, with ASCII values larger than +127. +.It Cm multiline +A multiline format. +Equivalent to +.Cm esc_ctrl , esc_msb , sep_multiline , +.Cm space_eq , lname , +and +.Cm align . +.It Cm no_type +Do not attempt to interpret multibyte characters. +That is, content octets are merely dumped as though one octet +represents each character. +This is useful for diagnostic purposes +but results in rather odd looking output. +.It Cm nofname , sname , lname , oid +Alter how the field name is displayed: +.Cm nofname +does not display the field at all; +.Cm sname +uses the short name form (CN for +.Cm commonName , +for example); +.Cm lname +uses the long form. +.Cm oid +represents the OID in numerical form and is useful for diagnostic purpose. +.It Cm oneline +A one line format which is more readable than +.Cm RFC2253 . +Equivalent to +.Cm esc_2253 , esc_ctrl , esc_msb , utf8 , +.Cm dump_nostr , dump_der , use_quote , sep_comma_plus_spc , +.Cm space_eq , +and +.Cm sname . +.It Cm RFC2253 +Displays names compatible with RFC 2253. +Equivalent to +.Cm esc_2253 , esc_ctrl , +.Cm esc_msb , utf8 , dump_nostr , dump_unknown , +.Cm dump_der , sep_comma_plus , dn_rev , +and +.Cm sname . +.It Cm sep_comma_plus , sep_comma_plus_space , sep_semi_plus_space , sep_multiline +Determine the field separators: +the first character is between RDNs and the second between multiple AVAs +(multiple AVAs are very rare and their use is discouraged). +The options ending in +.Qq space +additionally place a space after the separator to make it more readable. +.Cm sep_multiline +uses a linefeed character for the RDN separator and a spaced +.Sq + +for the AVA separator, +as well as indenting the fields by four characters. +If no field separator is specified then +.Cm sep_comma_plus_space +is used by default. +.It Cm show_type +Show the type of the ASN.1 character string. +The type precedes the field contents. +For example +.Qq BMPSTRING: Hello World . +.It Cm space_eq +Place spaces round the +.Sq = +character which follows the field name. +.It Cm use_quote +Escape some characters by surrounding the whole string with +.Sq \&" +characters. +Without the option, all escaping is done with the +.Sq \e +character. +.It Cm utf8 +Convert all strings to UTF8 format first, as required by RFC 2253. +On a UTF8 compatible terminal, +the use of this option (and not setting +.Cm esc_msb ) +may result in the correct display of multibyte characters. +Usually, multibyte characters larger than 0xff +are represented using the format \eUXXXX for 16 bits and \eWXXXXXXXX +for 32 bits, +and any UTF8Strings are converted to their character form first. +.El +.It Fl next_serial +Print the next serial number. +.It Fl noout +Do not output the encoded version of the request. +.It Fl ocsp_uri +Print the OCSP responder addresses, if any. +.It Fl ocspid +Print OCSP hash values for the subject name and public key. +.It Fl pubkey +Print the public key. +.It Fl serial +Print the certificate serial number. +.It Fl sigopt Ar nm:v +Pass options to the signature algorithm during sign or certify operations. +The names and values of these options are algorithm-specific. +.It Fl startdate +Print the start date of the certificate; that is, the +.Cm notBefore +date. +.It Fl subject +Print the subject name. +.It Fl subject_hash +Print the hash of the certificate subject name. +This is used in +.Nm openssl +to form an index to allow certificates in a directory to be looked up +by subject name. +.It Fl subject_hash_old +Print the hash of the certificate subject name +using the older algorithm as used by +.Nm openssl +versions before 1.0.0. +.It Fl text +Print the full certificate in text form. +.El +.Pp +A trusted certificate is a certificate which has several +additional pieces of information attached to it such as the permitted +and prohibited uses of the certificate and an alias. +When a certificate is being verified, at least one certificate must be trusted. +By default, a trusted certificate must be stored locally and be a root CA. +The following are x509 trust settings options: +.Bl -tag -width "XXXX" +.It Fl addreject Ar arg +Add a prohibited use. +Accepts the same values as the +.Fl addtrust +option. +.It Fl addtrust Ar arg +Add a trusted certificate use. +Any object name can be used here, but currently only +.Cm clientAuth +(SSL client use), +.Cm serverAuth +(SSL server use), +and +.Cm emailProtection +(S/MIME email) are used. +.It Fl alias +Output the certificate alias. +.It Fl clrreject +Clear all the prohibited or rejected uses of the certificate. +.It Fl clrtrust +Clear all the permitted or trusted uses of the certificate. +.It Fl purpose +Perform tests on the certificate extensions. +The same code is used when verifying untrusted certificates in chains, +so this section is useful if a chain is rejected by the verify code. +.Pp +The +.Cm basicConstraints +extension CA flag is used to determine whether the +certificate can be used as a CA. +If the CA flag is true, it is a CA; +if the CA flag is false, it is not a CA. +All CAs should have the CA flag set to true. +.Pp +If the +.Cm basicConstraints +extension is absent, then the certificate is +considered to be a possible CA; +other extensions are checked according to the intended use of the certificate. +A warning is given in this case because the certificate should really not +be regarded as a CA. +However it is allowed to be a CA to work around some broken software. +.Pp +If the certificate is a V1 certificate +(and thus has no extensions) and it is self-signed, +it is also assumed to be a CA but a warning is again given. +This is to work around the problem of Verisign roots +which are V1 self-signed certificates. +.Pp +If the +.Cm keyUsage +extension is present, then additional restraints are +made on the uses of the certificate. +A CA certificate must have the +.Cm keyCertSign +bit set if the +.Cm keyUsage +extension is present. +.Pp +The extended key usage extension places additional restrictions on the +certificate uses. +If this extension is present, whether critical or not, +the key can only be used for the purposes specified. +.Pp +A complete description of each test is given below. +The comments about +.Cm basicConstraints +and +.Cm keyUsage +and V1 certificates above apply to all CA certificates. +.Bl -tag -width "XXXX" +.It SSL Client +The extended key usage extension must be absent or include the +web client authentication OID. +.Cm keyUsage +must be absent or it must have the +.Cm digitalSignature +bit set. +The Netscape certificate type must be absent +or it must have the SSL client bit set. +.It SSL Client CA +The extended key usage extension must be absent or include the +web client authentication OID. +The Netscape certificate type must be absent +or it must have the SSL CA bit set: +this is used as a workaround if the +.Cm basicConstraints +extension is absent. +.It SSL Server +The extended key usage extension must be absent or include the +web server authentication and/or one of the SGC OIDs. +.Cm keyUsage +must be absent or it must have the +.Cm digitalSignature +set, the +.Cm keyEncipherment +set, or both bits set. +The Netscape certificate type must be absent or have the SSL server bit set. +.It SSL Server CA +The extended key usage extension must be absent or include the +web server authentication and/or one of the SGC OIDs. +The Netscape certificate type must be absent or the SSL CA bit must be set: +this is used as a workaround if the +.Cm basicConstraints +extension is absent. +.It Netscape SSL Server +For Netscape SSL clients to connect to an SSL server; it must have the +.Cm keyEncipherment +bit set if the +.Cm keyUsage +extension is present. +This isn't always valid because some cipher suites use the key for +digital signing. +Otherwise it is the same as a normal SSL server. +.It Common S/MIME Client Tests +The extended key usage extension must be absent or include the +email protection OID. +The Netscape certificate type must be absent or should have the S/MIME bit set. +If the S/MIME bit is not set in Netscape certificate type, then the SSL +client bit is tolerated as an alternative but a warning is shown: +this is because some Verisign certificates don't set the S/MIME bit. +.It S/MIME Signing +In addition to the common S/MIME client tests, the +.Cm digitalSignature +bit must be set if the +.Cm keyUsage +extension is present. +.It S/MIME Encryption +In addition to the common S/MIME tests, the +.Cm keyEncipherment +bit must be set if the +.Cm keyUsage +extension is present. +.It S/MIME CA +The extended key usage extension must be absent or include the +email protection OID. +The Netscape certificate type must be absent +or must have the S/MIME CA bit set: +this is used as a workaround if the +.Cm basicConstraints +extension is absent. +.It CRL Signing +The +.Cm keyUsage +extension must be absent or it must have the CRL signing bit set. +.It CRL Signing CA +The normal CA tests apply, except the +.Cm basicConstraints +extension must be present. +.El +.It Fl setalias Ar arg +Set the alias of the certificate, +allowing the certificate to be referred to using a nickname, +such as +.Qq Steve's Certificate . +.It Fl trustout +Output a trusted certificate +(the default if any trust settings are modified). +An ordinary or trusted certificate can be input, but by default an ordinary +certificate is output and any trust settings are discarded. +.El +.Pp +The +.Nm x509 +utility can be used to sign certificates and requests: +it can thus behave like a mini CA. +The following are x509 signing options: +.Bl -tag -width "XXXX" +.It Fl CA Ar file +The CA certificate to be used for signing. +When this option is present, +.Nm x509 +behaves like a mini CA. +The input file is signed by the CA using this option; +that is, its issuer name is set to the subject name of the CA and it is +digitally signed using the CA's private key. +.Pp +This option is normally combined with the +.Fl req +option. +Without the +.Fl req +option, the input is a certificate which must be self-signed. +.It Fl CAcreateserial +Create the CA serial number file if it does not exist +instead of generating an error. +The file will contain the serial number +.Sq 02 +and the certificate being signed will have +.Sq 1 +as its serial number. +.It Fl CAform Cm der | pem +The format of the CA certificate file. +The default is +.Cm pem . +.It Fl CAkey Ar file +Set the CA private key to sign a certificate with. +Otherwise it is assumed that the CA private key is present +in the CA certificate file. +.It Fl CAkeyform Cm der | pem +The format of the CA private key. +The default is +.Cm pem . +.It Fl CAserial Ar file +Use the serial number in +.Ar file +to sign a certificate. +The file should consist of one line containing an even number of hex digits +with the serial number to use. +After each use the serial number is incremented and written out +to the file again. +.Pp +The default filename consists of the CA certificate file base name with +.Pa .srl +appended. +For example, if the CA certificate file is called +.Pa mycacert.pem , +it expects to find a serial number file called +.Pa mycacert.srl . +.It Fl checkend Ar arg +Check whether the certificate expires in the next +.Ar arg +seconds. +If so, exit with return value 1; +otherwise exit with return value 0. +.It Fl clrext +Delete any extensions from a certificate. +This option is used when a certificate is being created from another +certificate (for example with the +.Fl signkey +or the +.Fl CA +options). +Normally, all extensions are retained. +.It Fl days Ar arg +The number of days to make a certificate valid for. +The default is 30 days. +.It Fl extensions Ar section +The section to add certificate extensions from. +If this option is not specified, the extensions should either be +contained in the unnamed (default) section +or the default section should contain a variable called +.Qq extensions +which contains the section to use. +.It Fl extfile Ar file +File containing certificate extensions to use. +If not specified, no extensions are added to the certificate. +.It Fl force_pubkey Ar key +Set the public key of the certificate to the public key contained in +.Ar key . +.It Fl keyform Cm der | pem +The format of the key file used in the +.Fl force_pubkey +and +.Fl signkey +options. +.It Fl new +Generate a new certificate using the subject given by +.Fl set_subject +and signed by +.Fl signkey . +If no public key is provided with +.Fl force_pubkey , +the resulting certificate is self-signed. +This option cannot be used with +.Fl in +or +.Fl req . +.It Fl req +Expect a certificate request on input instead of a certificate. +This option cannot be used with +.Fl new . +.It Fl set_issuer Ar name +The issuer name to use. +.Ar name +must be formatted as /type0=value0/type1=value1/type2=...; +characters may be escaped by +.Sq \e +(backslash); +no spaces are skipped. +.It Fl set_serial Ar n +The serial number to use. +This option can be used with either the +.Fl signkey +or +.Fl CA +options. +If used in conjunction with the +.Fl CA +option, the serial number file (as specified by the +.Fl CAserial +or +.Fl CAcreateserial +options) is not used. +.Pp +The serial number can be decimal or hex (if preceded by +.Sq 0x ) . +Negative serial numbers can also be specified but their use is not recommended. +.It Fl set_subject Ar name +The subject name to use. +.Ar name +must be formatted as /type0=value0/type1=value1/type2=...; +characters may be escaped by +.Sq \e +(backslash); +no spaces are skipped. +.It Fl signkey Ar file +Self-sign +.Ar file +using the supplied private key. +.Pp +If the input file is a certificate, it sets the issuer name to the +subject name (i.e. makes it self-signed), +changes the public key to the supplied value, +and changes the start and end dates. +The start date is set to the current time and the end date is set to +a value determined by the +.Fl days +option. +Any certificate extensions are retained unless the +.Fl clrext +option is supplied. +.Pp +If the input is a certificate request, a self-signed certificate +is created using the supplied private key using the subject name in +the request. +.It Fl utf8 +Interpret field values read from a terminal or obtained from a configuration +file as UTF-8 strings. +By default, they are interpreted as ASCII. +.It Fl x509toreq +Convert a certificate into a certificate request. +The +.Fl signkey +option is used to pass the required private key. +.El +.Sh COMMON NOTATION +Several commands share a common syntax, +as detailed below. +.Pp +Password arguments, typically specified using +.Fl passin +and +.Fl passout +for input and output passwords, +allow passwords to be obtained from a variety of sources. +Both of these options take a single argument, described below. +If no password argument is given and a password is required, +then the user is prompted to enter one: +this will typically be read from the current terminal with echoing turned off. +.Bl -tag -width "pass:password" -offset indent +.It Cm pass : Ns Ar password +The actual password is +.Ar password . +Since the password is visible to utilities, +this form should only be used where security is not important. +.It Cm env : Ns Ar var +Obtain the password from the environment variable +.Ar var . +Since the environment of other processes is visible, +this option should be used with caution. +.It Cm file : Ns Ar path +The first line of +.Ar path +is the password. +If the same +.Ar path +argument is supplied to +.Fl passin +and +.Fl passout , +then the first line will be used for the input password and the next line +for the output password. +.Ar path +need not refer to a regular file: +it could, for example, refer to a device or named pipe. +.It Cm fd : Ns Ar number +Read the password from the file descriptor +.Ar number . +This can be used to send the data via a pipe, for example. +.It Cm stdin +Read the password from standard input. +.El +.Pp +Input/output formats, +typically specified using +.Fl inform +and +.Fl outform , +indicate the format being read from or written to. +The argument is case insensitive. +.Pp +.Bl -tag -width Ds -offset indent -compact +.It Cm der +Distinguished Encoding Rules (DER) +is a binary format. +.It Cm net +Insecure legacy format. +.It Cm pem +Privacy Enhanced Mail (PEM) +is base64-encoded. +.It Cm pvk +Private Key format. +.It Cm smime +An SMIME format message. +.It Cm txt +Plain ASCII text. +.El +.Sh ENVIRONMENT +The following environment variables affect the execution of +.Nm openssl : +.Bl -tag -width "/etc/pki/tls/libressl.cnf" +.It Ev OPENSSL_CONF +The location of the master configuration file. +.El +.Sh FILES +.Bl -tag -width "/etc/pki/tls/libressl.cnf" -compact +.It Pa /etc/ssl/ +Default config directory for +.Nm openssl . +.It Pa /etc/ssl/lib/ +Unused. +.It Pa /etc/ssl/private/ +Default private key directory. +.It Pa /etc/ssl/libressl.cnf +Default configuration file for +.Nm openssl . +.It Pa /etc/ssl/x509v3.cnf +Default configuration file for +.Nm x509 +certificates. +.El +.Sh SEE ALSO +.Xr acme-client 1 , +.Xr nc 1 , +.Xr libressl.cnf 5 , +.Xr x509v3.cnf 5 , +.Xr ssl 8 , +.Xr starttls 8 +.Sh STANDARDS +.Rs +.%A T. Dierks +.%A C. Allen +.%D January 1999 +.%R RFC 2246 +.%T The TLS Protocol Version 1.0 +.Re +.Pp +.Rs +.%A M. Wahl +.%A S. Killie +.%A T. Howes +.%D December 1997 +.%R RFC 2253 +.%T Lightweight Directory Access Protocol (v3): UTF-8 String Representation of Distinguished Names +.Re +.Pp +.Rs +.%A B. Kaliski +.%D March 1998 +.%R RFC 2315 +.%T PKCS #7: Cryptographic Message Syntax Version 1.5 +.Re +.Pp +.Rs +.%A R. Housley +.%A W. Ford +.%A W. Polk +.%A D. Solo +.%D January 1999 +.%R RFC 2459 +.%T Internet X.509 Public Key Infrastructure Certificate and CRL Profile +.Re +.Pp +.Rs +.%A M. Myers +.%A R. Ankney +.%A A. Malpani +.%A S. Galperin +.%A C. Adams +.%D June 1999 +.%R RFC 2560 +.%T X.509 Internet Public Key Infrastructure Online Certificate Status Protocol \(en OCSP +.Re +.Pp +.Rs +.%A R. Housley +.%D June 1999 +.%R RFC 2630 +.%T Cryptographic Message Syntax +.Re +.Pp +.Rs +.%A P. Chown +.%D June 2002 +.%R RFC 3268 +.%T Advanced Encryption Standard (AES) Ciphersuites for Transport Layer Security (TLS) +.Re