OPENSSL(1) | General Commands Manual | OPENSSL(1) |
openssl
— OpenSSL
command line tool
openssl |
command [command_opts] [command_args] |
openssl |
list-standard-commands |
list-message-digest-commands |
list-cipher-commands |
list-cipher-algorithms |
list-message-digest-algorithms |
list-public-key-algorithms |
openssl |
no- command |
OpenSSL
is a cryptography toolkit
implementing the Transport Layer Security (TLS v1) network protocol, as well
as related cryptography standards.
The openssl
program is a command line tool
for using the various cryptography functions of
openssl
's crypto library from the shell.
The pseudo-commands
list-standard-commands
,
list-message-digest-commands
, and
list-cipher-commands
output a list (one entry per
line) of the names of all standard commands, message digest commands, or
cipher commands, respectively, that are available in the present
openssl
utility.
The pseudo-commands list-cipher-algorithms
and list-message-digest-algorithms
list all cipher
and message digest names, one entry per line. Aliases are listed as:
The pseudo-command
list-public-key-algorithms
lists all supported
public key algorithms.
The pseudo-command
no-
command tests whether a
command of the specified name is available. If command
does not exist, it returns 0 and prints
no-
command; otherwise it
returns 1 and prints command. In both cases, the
output goes to stdout and nothing is printed to stderr. Additional command
line arguments are always ignored. Since for each cipher there is a command
of the same name, this provides an easy way for shell scripts to test for
the availability of ciphers in the openssl
program.
Note:
no-
command is not able to
detect pseudo-commands such as quit
,
list-
...-commands
,
or no-
command itself.
openssl asn1parse
-i
]
[-dlimit
number]
[-dump
]
[-genconf
file]
[-genstr
str]
[-in
file]
[-inform
der
| pem
| txt
]
[-length
number]
[-noout
]
[-offset
number]
[-oid
file]
[-out
file]
[-strparse
offset]The asn1parse
command is a diagnostic
utility that can parse ASN.1 structures. It can also be used to extract data
from ASN.1 formatted data.
The options are as follows:
-dlimit
number-dump
-genconf
file, -genstr
str-out
option.-i
-in
file-inform
der
|
pem
|
txt
-length
number-noout
-offset
number-oid
fileopenssl
's internal
table it will be represented in numerical form (for example 1.2.3.4).
Each line consists of three columns: the first column is the
OID in numerical format and should be followed by whitespace. The second
column is the "short name", which is a single word followed by
whitespace. The final column is the rest of the line and is the
"long name". asn1parse
displays the
long name.
-out
file-strparse
).-strparse
offsetopenssl ca
-batch
]
[-cert
file]
[-config
file]
[-create_serial
]
[-crl_CA_compromise
time]
[-crl_compromise
time]
[-crl_hold
instruction]
[-crl_reason
reason]
[-crldays
days]
[-crlexts
section]
[-crlhours
hours]
[-crlsec
seconds]
[-days
arg]
[-enddate
date]
[-extensions
section]
[-extfile
file]
[-gencrl
]
[-in
file]
[-infiles
]
[-key
password]
[-keyfile
file]
[-keyform
pem
| der
]
[-md
alg]
[-msie_hack
]
[-multivalue-rdn
]
[-name
section]
[-noemailDN
] [-notext
]
[-out
file]
[-outdir
directory]
[-passin
arg]
[-policy
arg]
[-preserveDN
]
[-revoke
file]
[-selfsign
]
[-sigopt
nm:v]
[-spkac
file]
[-ss_cert
file]
[-startdate
date]
[-status
serial]
[-subj
arg]
[-updatedb
] [-utf8
]
[-verbose
]The ca
command is a minimal certificate
authority (CA) application. It can be used to sign certificate requests in a
variety of forms and generate certificate revocation lists (CRLs). It also
maintains a text database of issued certificates and their status.
The options relevant to CAs are as follows:
-batch
-cert
file-config
file-create_serial
-days
arg-enddate
date-extensions
sectionx509_extensions
unless the
-extfile
option is used). If no extension section
is present, a V1 certificate is created. If the extension section is
present (even if it is empty), then a V3 certificate is created. See the
x509v3.cnf(5) manual
page for details of the extension section format.-extfile
file-extensions
option is also used).-in
file-infiles
-key
password-keyfile
file-keyform
pem
|
der
pem
.-md
alg-msie_hack
ca
work with very
old versions of the IE certificate enrollment control
"certenr3". It used UniversalStrings for almost everything.
Since the old control has various security bugs, its use is strongly
discouraged. The newer control "Xenroll" does not need this
option.-multivalue-rdn
-subj
argument to be
interpreted with full support for multivalued RDNs, for example
"/DC=org/DC=OpenSSL/DC=users/UID=123456+CN=John Doe". If
-multivalue-rdn
is not used, the UID value is set
to "123456+CN=John Doe".-name
sectiondefault_ca
in the
ca
section).-noemailDN
altName
extension of the certificate. When this
option is set, the EMAIL field is removed from the certificate's subject
and set only in the, eventually present, extensions. The
email_in_dn keyword can be used in the configuration
file to enable this behaviour.-notext
-out
file-spkac
outputs DER
format.-outdir
directory-passin
arg-policy
arg-preserveDN
option is set, but this can be regarded more of a quirk than intended
behaviour.-preserveDN
-selfsign
-keyfile
. Certificate requests signed with a
different key are ignored. If -gencrl
,
-spkac
, or -ss_cert
are
given, -selfsign
is ignored.
A consequence of using -selfsign
is
that the self-signed certificate appears among the entries in the
certificate database (see the configuration option
database
) and uses the same serial number
counter as all other certificates signed with the self-signed
certificate.
-sigopt
nm:v-spkac
filespkac
utility.
The file should contain the variable SPKAC set to the value of the SPKAC and also the required DN components as name value pairs. If it's necessary to include the same component twice, then it can be preceded by a number and a ‘.’.
-ss_cert
file-startdate
date-subj
arg-utf8
-verbose
The options relevant to CRLs are as follows:
-crl_CA_compromise
time-crl_compromise
, except the
revocation reason is set to CACompromise.-crl_compromise
time-crl_hold
instruction-crl_reason
reason-crldays
daysnextUpdate
field.-crlexts
section-crlhours
hours-crlsec
seconds-gencrl
-revoke
file-status
serial-updatedb
Many of the options can be set in the ca
section of the configuration file (or in the default section of the
configuration file), specified using default_ca
or
-name
. The options preserve
and msie_hack
are read directly from the
ca
section.
Many of the configuration file options are identical to command line options. Where the option is present in the configuration file and the command line, the command line value is used. Where an option is described as mandatory, then it must be present in the configuration file or the command line equivalent (if any) used.
certificate
-cert
. It gives the file containing
the CA certificate. Mandatory.copy_extensions
none
or this option is not present, then
extensions are ignored and not copied to the certificate. If set to
copy
, then any extensions present in the request
that are not already present are copied to the certificate. If set to
copyall
, then all extensions in the request are
copied to the certificate: if the extension is already present in the
certificate it is deleted first.
The copy_extensions
option should be
used with caution. If care is not taken, it can be a security risk. For
example, if a certificate request contains a
basicConstraints
extension with CA:TRUE and the
copy_extensions
value is set to
copyall
and the user does not spot this when the
certificate is displayed, then this will hand the requester a valid CA
certificate.
This situation can be avoided by setting
copy_extensions
to copy
and including basicConstraints
with CA:FALSE in
the configuration file. Then if the request contains a
basicConstraints
extension, it will be
ignored.
The main use of this option is to allow a certificate request
to supply values for certain extensions such as
subjectAltName
.
crl_extensions
-crlexts
.crlnumber
database
default_crl_hours
,
default_crl_days
-crlhours
and
-crldays
options. These will only be used if
neither command line option is present. At least one of these must be
present to generate a CRL.default_days
-days
option. The number of days
to certify a certificate for.default_enddate
-enddate
option. Either this
option or default_days
(or the command line
equivalents) must be present.default_md
-md
option. The message digest to
use. Mandatory.default_startdate
-startdate
option. The start date
to certify a certificate for. If not set, the current time is used.email_in_dn
-noemailDN
. If the EMAIL field is to
be removed from the DN of the certificate, simply set this to
"no". If not present, the default is to allow for the EMAIL
field in the certificate's DN.msie_hack
-msie_hack
.name_opt
,
cert_opt
x509
utilities' -nameopt
and -certopt
switches can be used here, except
that no_signame
and
no_sigdump
are permanently set and cannot be
disabled (this is because the certificate signature cannot be displayed
because the certificate has not been signed at this point).
For convenience, the value ca_default
is accepted by both to produce a reasonable output.
If neither option is present, the format used in earlier
versions of openssl
is used. Use of the old
format is strongly discouraged because it only displays fields mentioned
in the policy
section, mishandles multicharacter
string types and does not display extensions.
new_certs_dir
-outdir
command line option. It
specifies the directory where new certificates will be placed.
Mandatory.oid_file
oid_section
policy
-policy
. Mandatory.preserve
-preserveDN
.private_key
-keyfile
option. The file containing
the CA private key. Mandatory.serial
unique_subject
yes
is given, the valid certificate
entries in the database must have unique subjects. If the value
no
is given, several valid certificate entries may
have the exact same subject. The default value is
yes
.x509_extensions
-extensions
.openssl certhash
-nv
] dir ...The certhash
command calculates a hash
value of ".pem" file in the specified directory list and creates
symbolic links for each file, where the name of the link is the hash value.
See the
SSL_CTX_load_verify_locations(3)
manual page for how hash links are used.
The links created are of the form "HHHHHHHH.D", where
each ‘H’ is a hexadecimal character and ‘D’ is a
single decimal digit. The hashes for CRLs look similar, except the letter
‘r’ appears after the period, like this:
"HHHHHHHH.rD". When processing a directory,
certhash
will first remove all links that have a
name in that syntax and invalid reference.
Multiple objects may have the same hash; they will be indicated by incrementing the ‘D’ value. Duplicates are found by comparing the full SHA256 fingerprint. A warning will be displayed if a duplicate is found.
A warning will also be displayed if there are files that cannot be parsed as either a certificate or a CRL.
The options are as follows:
openssl ciphers
[-hVv
] [control]
The ciphers
command converts the
control string from the format documented in
SSL_CTX_set_cipher_list(3)
into an ordered SSL cipher suite preference list. If no
control string is specified, the
DEFAULT
list is printed.
The options are as follows:
openssl cms
-aes128
| -aes192
| -aes256
| -camellia128
| -camellia192
| -camellia256
| -des
| -des3
| -rc2-40
| -rc2-64
| -rc2-128
]
[-CAfile
file]
[-CApath
directory]
[-binary
]
[-certfile
file]
[-certsout
file]
[-cmsout
] [-compress
]
[-content
file]
[-crlfeol
] [-data_create
]
[-data_out
]
[-debug_decrypt
]
[-decrypt
]
[-digest_create
]
[-digest_verify
]
[-econtent_type
type]
[-encrypt
]
[-EncryptedData_decrypt
]
[-EncryptedData_encrypt
]
[-from
addr]
[-in
file]
[-inform
der
| pem
| smime
]
[-inkey
file]
[-keyform
der
| pem
]
[-keyid
]
[-keyopt
nm:v]
[-md
digest]
[-no_attr_verify
]
[-no_content_verify
]
[-no_signer_cert_verify
]
[-noattr
] [-nocerts
]
[-nodetach
] [-nointern
]
[-nooldmime
] [-noout
]
[-nosigs
] [-nosmimecap
]
[-noverify
]
[-out
file]
[-outform
der
| pem
| smime
]
[-passin
src]
[-print
]
[-pwri_password
arg]
[-rctform
der
| pem
| smime
]
[-receipt_request_all
| -receipt_request_first
]
[-receipt_request_from
addr]
[-receipt_request_print
]
[-receipt_request_to
addr]
[-recip
file]
[-resign
]
[-secretkey
key]
[-secretkeyid
id]
[-sign
] [-sign_receipt
]
[-signer
file]
[-stream
| -indef
| -noindef
]
[-subject
s]
[-text
]
[-to
addr]
[-uncompress
] [-verify
]
[-verify_receipt
file]
[-verify_retcode
]
[cert.pem ...]The cms
command handles S/MIME v3.1 mail.
It can encrypt, decrypt, sign and verify, compress and uncompress S/MIME
messages.
The MIME message must be sent without any blank lines between the headers and the output. Some mail programs will automatically add a blank line. Piping the mail directly to sendmail is one way to achieve the correct format.
The supplied message to be signed or encrypted must include the
necessary MIME headers or many S/MIME clients won't display it properly (if
at all). You can use the -text
option to
automatically add plain text headers.
A "signed and encrypted" message is one where a signed message is then encrypted. This can be produced by encrypting an already signed message.
There are various operation options that set the type of operation to be performed. The meaning of the other options varies according to the operation type.
-encrypt
-decrypt
-sign
-verify
-cmsout
-resign
-data_create
-data_out
-digest_create
-digest_verify
-compress
-uncompress
-EncryptedData_encrypt
-EncryptedData_decrypt
-sign_receipt
-sign
operation.-verify_receipt
file-verify
operation.The remaining options are as follows:
-aes128
|
-aes192
|
-aes256
|
-camellia128
|
-camellia192
|
-camellia256
| -des
|
-des3
|
-rc2-40
|
-rc2-64
|
-rc2-128
-encrypt
and
-EncryptedData_encrypt
commands.-binary
-CAfile
file-verify
and
-verify_receipt
.-CApath
directory-verify
and
-verify_receipt
. This directory must be a standard
certificate directory: that is a hash of each subject name (using
x509
-hash
) should be
linked to each certificate.-certfile
file-certsout
file-check_ss_sig
,
-crl_check
, -crl_check_all
,
-extended_crl
,
-ignore_critical
,
-issuer_checks
, -policy
,
-policy_check
, -purpose
,
-x509_strict
verify
command for details.-content
file-verify
command. This is only usable if the CMS
structure is using the detached signature form where the content is not
included. This option will override any content if the input format is
S/MIME and it uses the multipart/signed MIME content type.-crlfeol
-debug_decrypt
-from
addr, -subject
s, -to
addr-econtent_type
type-sign
. If not supplied the Data type is used. The
type argument can be any valid OID name in either text or numerical
format.-in
file-inform
der
|
pem
| smime
smime
, which reads an S/MIME format message.
pem
and der
format change
this to expect PEM and DER format CMS structures instead. This currently
only affects the input format of the CMS structure; if no CMS structure is
being input (for example with -encrypt
or
-sign
) this option has no effect.-inkey
file-recip
or -signer
file.
When signing this option can be used multiple times to specify successive
keys.-keyform
der
|
pem
pem
.-keyid
-sign
and
-encrypt
operations.-keyopt
nm:v-md
digest-no_attr_verify
-no_content_verify
-no_signer_cert_verify
-noattr
-nocerts
-certfile
option for example).-nodetach
-nointern
-certfile
option are used. When verifying a message normally certificates (if any)
included in the message are searched for the signing certificate. The
supplied certificates can still be used as untrusted CAs however.-nooldmime
-noout
-cmsout
operation. This is useful when combined
with the -print
option or if the syntax of the CMS
structure is being checked.-nosigs
-nosmimecap
-noverify
-out
file-outform
der
|
pem
| smime
smime
, which writes an S/MIME format message.
pem
and der
format change
this to write PEM and DER format CMS structures instead. This currently
only affects the output format of the CMS structure; if no CMS structure
is being output (for example with -verify
or
-decrypt
) this option has no effect.-passin
src-print
-cmsout
operation. This is mainly useful for
testing purposes.-pwri_password
arg-encrypt
and -decrypt
operations.-rctform
der
|
pem
| smime
-receipt_verify
operation. The default is
smime
.-receipt_request_all
|
-receipt_request_first
-sign
operation to include a signed receipt
request. Ignored if -receipt_request_from
is
included.-receipt_request_from
addr-receipt_request_print
-verify
operation.-receipt_request_to
addr-recip
file-secretkey
key-EncryptedData_encrypt
,
-EncryptedData_decrypt
,
-encrypt
and -decrypt
operations. When used with -encrypt
or
-decrypt
the supplied key is used to wrap or
unwrap the content encryption key using an AES key in the KEKRecipientInfo
type.-secretkeyid
id-secretkey
option is used with
-encrypt
. With -decrypt
operations the id is used to locate the relevant key; if it is not
supplied then an attempt is used to decrypt any KEKRecipientInfo
structures.-signer
file-stream
|
-indef
|
-noindef
-stream
and -indef
options are equivalent and enable streaming I/O for encoding operations.
This permits single pass processing of data without the need to hold the
entire contents in memory, potentially supporting very large files.
Streaming is automatically set for S/MIME signing with detached data if
the output format is smime
; it is currently off by
default for all other operations. -noindef
disable
streaming I/O where it would produce an indefinite length constructed
encoding. This option currently has no effect.-text
-verify_retcode
-verify
operation
only. Exit code value minus 32 shows verification error code. See
verify
command for the list of verification error
code.The exit codes for cms
are as follows:
-verify_retcode
is
specified.openssl crl
-CAfile
file]
[-CApath
dir]
[-crlnumber
]
[-fingerprint
] [-hash
]
[-hash_old
]
[-in
file]
[-inform
der
| pem
]
[-issuer
] [-lastupdate
]
[-nameopt
option]
[-nextupdate
] [-noout
]
[-out
file]
[-outform
der
| pem
]
[-text
] [-verify
]The crl
command processes CRL files in DER
or PEM format.
The options are as follows:
-CAfile
file-CApath
directoryx509
-hash
) should be
linked to each certificate.-crlnumber
-fingerprint
-hash
-hash_old
-in
file-inform
der
|
pem
-issuer
-lastupdate
lastUpdate
field.-nameopt
option-nextupdate
nextUpdate
field.-noout
-out
file-outform
der
|
pem
-text
-verify
openssl crl2pkcs7
-certfile
file]
[-in
file]
[-inform
der
| pem
]
[-nocrl
]
[-out
file]
[-outform
der
| pem
]The crl2pkcs7
command takes an optional
CRL and one or more certificates and converts them into a PKCS#7 degenerate
"certificates only" structure.
The options are as follows:
-certfile
file-in
file-inform
der
|
pem
-nocrl
-out
file-outform
der
|
pem
openssl dgst
-cdr
] [-binary
]
[-
digest]
[-hex
]
[-hmac
key]
[-keyform
pem
]
[-mac
algorithm]
[-macopt
nm:v]
[-out
file]
[-passin
arg]
[-prverify
file]
[-sign
file]
[-signature
file]
[-sigopt
nm:v]
[-verify
file]
[file ...]The digest functions output the message digest of a supplied file or files in hexadecimal form. They can also be used for digital signing and verification.
The options are as follows:
-binary
-c
-d
-
digestopenssl
list-message-digest-commands
. The following are
equivalent: openssl dgst
-sha256
and openssl
sha256
.-hex
-hmac
key-keyform
pem
-mac
algorithm-macopt
parameter.-macopt
nm:v-mac
. The following options are supported by HMAC:
key
:stringhexkey
:string-out
file-passin
arg-prverify
file-r
-sign
file-signature
file-sigopt
nm:v-verify
fileopenssl dhparam
-2
| -5
]
[-C
] [-check
]
[-dsaparam
]
[-in
file]
[-inform
der
| pem
]
[-noout
]
[-out
file]
[-outform
der
| pem
]
[-text
] [numbits]The dhparam
command is used to manipulate
DH parameter files. Only the older PKCS#3 DH is supported, not the newer
X9.42 DH.
The options are as follows:
-2
,
-5
-C
-check
-dsaparam
DH parameter generation with the
-dsaparam
option is much faster, and the
recommended exponent length is shorter, which makes DH key exchange more
efficient. Beware that with such DSA-style DH parameters, a fresh DH key
should be created for each use to avoid small-subgroup attacks that may
be possible otherwise.
-in
file-inform
der
|
pem
-noout
-out
file-outform
der
|
pem
-text
openssl dsa
-aes128
| -aes192
| -aes256
| -des
| -des3
]
[-in
file]
[-inform
der
| pem
| pvk
]
[-modulus
] [-noout
]
[-out
file]
[-outform
der
| pem
| pvk
]
[-passin
arg]
[-passout
arg]
[-pubin
] [-pubout
]
[-pvk-none
| -pvk-strong
| -pvk-weak
]
[-text
]The dsa
command processes DSA keys. They
can be converted between various forms and their components printed out.
Note: This command uses the traditional
SSLeay
compatible format for private key encryption:
newer applications should use the more secure PKCS#8 format using the
pkcs8
command.
The options are as follows:
-aes128
|
-aes192
|
-aes256
|
-des
|
-des3
dsa
utility to read an
encrypted key with no encryption option can be used to remove the pass
phrase from a key, or by setting the encryption options it can be used to
add or change the pass phrase. These options can only be used with PEM
format output files.-in
file-inform
der
|
pem
|
pvk
-modulus
-noout
-out
file-outform
der
|
pem
|
pvk
-passin
arg-passout
arg-pubin
-pubout
-pvk-none
|
-pvk-strong
|
-pvk-weak
-pvk-strong
.-text
openssl dsaparam
-C
] [-genkey
]
[-in
file]
[-inform
der
| pem
]
[-noout
]
[-out
file]
[-outform
der
| pem
]
[-text
] [numbits]The dsaparam
command is used to manipulate
or generate DSA parameter files.
The options are as follows:
-C
-genkey
-in
file-inform
der
|
pem
-noout
-out
file-outform
der
|
pem
-text
openssl ec
-conv_form
arg]
[-des
] [-des3
]
[-in
file]
[-inform
der
| pem
]
[-noout
]
[-out
file]
[-outform
der
| pem
]
[-param_enc
arg]
[-param_out
]
[-passin
arg]
[-passout
arg]
[-pubin
] [-pubout
]
[-text
]The ec
command processes EC keys. They can
be converted between various forms and their components printed out.
openssl
uses the private key format specified in
“SEC 1: Elliptic Curve Cryptography”
(http://www.secg.org/). To
convert an EC private key into the PKCS#8 private key format use the
pkcs8
command.
The options are as follows:
-conv_form
argcompressed
,
uncompressed
(the default), and
hybrid
. For more information regarding the point
conversion forms see the X9.62 standard. Note: Due to patent issues the
compressed
option is disabled by default for
binary curves and can be enabled by defining the preprocessor macro
OPENSSL_EC_BIN_PT_COMP
at compile time.-des
|
-des3
openssl
. A pass phrase is prompted
for. If none of these options are specified, the key is written in plain
text. This means that using the ec
utility to read
in an encrypted key with no encryption option can be used to remove the
pass phrase from a key, or by setting the encryption options it can be
used to add or change the pass phrase. These options can only be used with
PEM format output files.-in
file-inform
der
|
pem
-noout
-out
file-outform
der
|
pem
-param_enc
argnamed_curve
, i.e. the EC parameters are specified
by an OID; or explicit
, where the EC parameters
are explicitly given (see RFC 3279 for the definition of the EC parameter
structures). The default value is named_curve
.
Note: the implicitlyCA
alternative, as specified
in RFC 3279, is currently not implemented.-param_out
-passin
arg-passout
arg-pubin
-pubout
-text
openssl ecparam
-C
] [-check
]
[-conv_form
arg]
[-genkey
]
[-in
file]
[-inform
der
| pem
]
[-list_curves
]
[-name
arg]
[-no_seed
] [-noout
]
[-out
file]
[-outform
der
| pem
]
[-param_enc
arg]
[-text
]The ecparam
command is used to manipulate
or generate EC parameter files. openssl
is not able
to generate new groups so ecparam
can only create EC
parameters from known (named) curves.
The options are as follows:
-C
-check
-conv_form
argcompressed
,
uncompressed
(the default), and
hybrid
. For more information regarding the point
conversion forms see the X9.62 standard. Note: Due to patent issues the
compressed
option is disabled by default for
binary curves and can be enabled by defining the preprocessor macro
OPENSSL_EC_BIN_PT_COMP
at compile time.-genkey
-in
file-inform
der
|
pem
-list_curves
-name
arg-no_seed
-noout
-out
file-outform
der
|
pem
-param_enc
argnamed_curve
, i.e. the EC parameters are specified
by an OID, or explicit
, where the EC parameters
are explicitly given (see RFC 3279 for the definition of the EC parameter
structures). The default value is named_curve
.
Note: the implicitlyCA
alternative, as specified
in RFC 3279, is currently not implemented.-text
openssl enc
-ciphername
[-AadePpv
]
[-base64
]
[-bufsize
number]
[-debug
]
[-in
file]
[-iter
iterations]
[-iv
IV]
[-K
key]
[-k
password]
[-kfile
file]
[-md
digest]
[-none
] [-nopad
]
[-nosalt
]
[-out
file]
[-pass
arg]
[-pbkdf2
]
[-S
salt]
[-salt
]The symmetric cipher commands allow data to be encrypted or
decrypted using various block and stream ciphers using keys based on
passwords or explicitly provided. Base64 encoding or decoding can also be
performed either by itself or in addition to the encryption or decryption.
The program can be called either as openssl
ciphername or openssl enc
-
ciphername.
Some of the ciphers do not have large keys and others have security implications if not used correctly. All the block ciphers normally use PKCS#5 padding, also known as standard block padding. If padding is disabled, the input data must be a multiple of the cipher block length.
The options are as follows:
-A
-a
option is set, then base64 process the
data on one line.-a
,
-base64
-bufsize
number-d
-debug
-e
-in
file-iter
iterations-iv
IV-K
option, the IV must explicitly be defined. When
a password is being specified using one of the other options, the IV is
generated from this password.-K
key-iv
option. When
both a key and a password are
specified, the key given with the
-K
option will be used and the IV generated from
the password will be taken. It probably does not make much sense to
specify both key and
password.-k
password-pass
option.-kfile
file-pass
option.-md
digestsha256
.-none
-nopad
-nosalt
-out
file-P
-p
-pass
arg-pbkdf2
-S
salt-salt
-v
openssl errstr
[-stats
] errno ...
The errstr
command performs error number
to error string conversion, generating a human-readable string representing
the error code errno. The string is obtained through
the
ERR_error_string_n(3)
function and has the following format:
error:[error code]:[library
name]:[function name]:[reason string]
[error code] is an 8-digit hexadecimal number. The remaining fields [library name], [function name], and [reason string] are all ASCII text.
The options are as follows:
-stats
openssl gendsa
-aes128
| -aes192
| -aes256
| -camellia128
| -camellia192
| -camellia256
| -des
| -des3
| -idea
]
[-out
file]
[-passout
arg] paramfileThe gendsa
command generates a DSA private
key from a DSA parameter file (typically generated by the
openssl dsaparam
command). DSA key generation is
little more than random number generation so it is much quicker than, for
example, RSA key generation.
The options are as follows:
-aes128
|
-aes192
|
-aes256
|
-camellia128
|
-camellia192
|
-camellia256
|
-des
|
-des3
|
-idea
-out
file-passout
argopenssl genpkey
-algorithm
alg]
[cipher] [-genparam
]
[-out
file]
[-outform
der
| pem
]
[-paramfile
file]
[-pass
arg]
[-pkeyopt
opt:value]
[-text
]The genpkey
command generates private
keys. The use of this program is encouraged over the algorithm specific
utilities because additional algorithm options can be used.
The options are as follows:
-algorithm
alg-pkeyopt
options. The options
-paramfile
and -algorithm
are mutually exclusive.-genparam
-algorithm
,
-paramfile
, or -pkeyopt
options.-out
file-outform
der
|
pem
-paramfile
file-pkeyopt
options. The
options -paramfile
and
-algorithm
are mutually exclusive.-pass
arg-pkeyopt
opt:value-text
openssl genrsa
-3
| -f4
]
[-aes128
| -aes192
| -aes256
| -camellia128
| -camellia192
| -camellia256
| -des
| -des3
| -idea
]
[-out
file]
[-passout
arg]
[numbits]The genrsa
command generates an RSA
private key, which essentially involves the generation of two prime numbers.
When generating the key, various symbols will be output to indicate the
progress of the generation. A ‘.’ represents each number which
has passed an initial sieve test; ‘+’ means a number has
passed a single round of the Miller-Rabin primality test; ‘*’
means the number has failed primality testing and needs to be generated
afresh. A newline means that the number has passed all the prime tests (the
actual number depends on the key size).
The options are as follows:
-3
|
-f4
-aes128
|
-aes192
|
-aes256
|
-camellia128
|
-camellia192
|
-camellia256
|
-des
|
-des3
|
-idea
-passout
option.-out
file-passout
argopenssl nseq
[-in
file] [-out
file] [-toseq
]
The nseq
command takes a file containing a
Netscape certificate sequence (an alternative to the standard PKCS#7 format)
and prints out the certificates contained in it, or takes a file of
certificates and converts it into a Netscape certificate sequence.
The options are as follows:
-in
file-out
file-toseq
-toseq
option the situation is reversed: a Netscape certificate sequence is
created from a file of certificates.openssl ocsp
-CA
file]
[-CAfile
file]
[-CApath
directory]
[-cert
file]
[-dgst
alg]
[-header
name value]
[-host
hostname:port]
[-ignore_err
]
[-index
indexfile]
[-issuer
file]
[-ndays
days]
[-nmin
minutes]
[-no_cert_checks
]
[-no_cert_verify
]
[-no_certs
] [-no_chain
]
[-no_explicit
]
[-no_intern
] [-no_nonce
]
[-no_signature_verify
]
[-nonce
] [-noverify
]
[-nrequest
number]
[-out
file]
[-path
path]
[-port
portnum]
[-req_text
]
[-reqin
file]
[-reqout
file]
[-resp_key_id
]
[-resp_no_certs
]
[-resp_text
]
[-respin
file]
[-respout
file]
[-rkey
file]
[-rother
file]
[-rsigner
file]
[-serial
num]
[-sign_other
file]
[-signer
file]
[-signkey
file]
[-status_age
age]
[-text
]
[-timeout
seconds]
[-trust_other
]
[-url
responder_url]
[-VAfile
file]
[-validity_period
nsec]
[-verify_other
file]The Online Certificate Status Protocol (OCSP) enables applications to determine the (revocation) state of an identified certificate (RFC 2560).
The ocsp
command performs many common OCSP
tasks. It can be used to print out requests and responses, create requests
and send queries to an OCSP responder, and behave like a mini OCSP server
itself.
The options are as follows:
-CAfile
file, -CApath
directory-cert
file-issuer
option, or an error occurs if no issuer certificate is specified.-dgst
alg-host
hostname:port,
-path
path-path
specifies the
HTTP path name to use, or / by default.-header
name value-issuer
file-cert
options.-no_cert_checks
-no_cert_verify
-no_certs
-no_chain
-no_explicit
-no_intern
-verify_other
or
-VAfile
options.-no_signature_verify
-nonce
,
-no_nonce
-respin
option no nonce is added: using the
-nonce
option will force the addition of a nonce.
If an OCSP request is being created (using the
-cert
and -serial
options)
a nonce is automatically added; specifying
-no_nonce
overrides this.-noverify
-out
file-req_text
,
-resp_text
, -text
-reqin
file, -respin
file-serial
, -cert
, and
-host
options).-reqout
file, -respout
file-serial
num-cert
option except the certificate
with serial number num is added to the request. The
serial number is interpreted as a decimal integer unless preceded by
‘0x’. Negative integers can also be specified by preceding
the value with a minus sign.-sign_other
file-signer
file, -signkey
file-signer
option and the private key specified by
the -signkey
option. If the
-signkey
option is not present, then the private
key is read from the same file as the certificate. If neither option is
specified, the OCSP request is not signed.-timeout
seconds-trust_other
-verify_other
option should be explicitly trusted and no additional checks will be
performed on them. This is useful when the complete responder certificate
chain is not available or trusting a root CA is not appropriate.-url
responder_url-VAfile
file-verify_other
and
-trust_other
options.-validity_period
nsec, -status_age
age-validity_period
option can be used to specify an
acceptable error range in seconds, the default value being 5 minutes.
If the notAfter time is omitted from a response, it means that new status information is immediately available. In this case the age of the notBefore field is checked to see it is not older than age seconds old. By default, this additional check is not performed.
-verify_other
fileThe options for the OCSP server are as follows:
-CA
file-ignore_err
-index
indexfileIf this option is specified, ocsp
is
in responder mode, otherwise it is in client mode. The requests the
responder processes can be either specified on the command line (using
the -issuer
and -serial
options), supplied in a file (using the -respin
option), or via external OCSP clients (if port or
url is specified).
If this option is present, then the
-CA
and -rsigner
options
must also be present.
-nmin
minutes, -ndays
days-nrequest
number-port
portnum-url
option.-resp_key_id
-resp_no_certs
-rkey
file-rsigner
option is used.-rother
file-rsigner
fileInitially the OCSP responder certificate is located and the
signature on the OCSP request checked using the responder certificate's
public key. Then a normal certificate verify is performed on the OCSP
responder certificate building up a certificate chain in the process. The
locations of the trusted certificates used to build the chain can be
specified by the -CAfile
and
-CApath
options or they will be looked for in the
standard openssl
certificates directory.
If the initial verify fails, the OCSP verify process halts with an error. Otherwise the issuing CA certificate in the request is compared to the OCSP responder certificate: if there is a match then the OCSP verify succeeds.
Otherwise the OCSP responder certificate's CA is checked against the issuing CA certificate in the request. If there is a match and the OCSPSigning extended key usage is present in the OCSP responder certificate, then the OCSP verify succeeds.
Otherwise the root CA of the OCSP responder's CA is checked to see if it is trusted for OCSP signing. If it is, the OCSP verify succeeds.
If none of these checks is successful, the OCSP verify fails. What this effectively means is that if the OCSP responder certificate is authorised directly by the CA it is issuing revocation information about (and it is correctly configured), then verification will succeed.
If the OCSP responder is a global responder, which can give
details about multiple CAs and has its own separate certificate chain, then
its root CA can be trusted for OCSP signing. Alternatively, the responder
certificate itself can be explicitly trusted with the
-VAfile
option.
openssl passwd
-1
| -apr1
| -crypt
]
[-in
file]
[-noverify
] [-quiet
]
[-reverse
]
[-salt
string]
[-stdin
] [-table
]
[password]The passwd
command computes the hash of a
password.
The options are as follows:
-1
-apr1
-crypt
-in
file-noverify
-quiet
-reverse
-table
option.-salt
string-noverify
.-stdin
-table
openssl pkcs7
-in
file]
[-inform
der
| pem
]
[-noout
]
[-out
file]
[-outform
der
| pem
]
[-print
] [-print_certs
]
[-text
]The pkcs7
command processes PKCS#7 files
in DER or PEM format. The PKCS#7 routines only understand PKCS#7 v 1.5 as
specified in RFC 2315.
The options are as follows:
-in
file-inform
der
|
pem
-noout
-print_certs
is set).-out
file-outform
der
|
pem
-print
-print_certs
-text
openssl pkcs8
-in
file]
[-inform
der
| pem
]
[-nocrypt
] [-noiter
]
[-out
file]
[-outform
der
| pem
]
[-passin
arg]
[-passout
arg]
[-topk8
]
[-v1
alg]
[-v2
alg]The pkcs8
command processes private keys
(both encrypted and unencrypted) in PKCS#8 format with a variety of PKCS#5
(v1.5 and v2.0) and PKCS#12 algorithms. The default encryption is only 56
bits; keys encrypted using PKCS#5 v2.0 algorithms and high iteration counts
are more secure.
The options are as follows:
-in
file-inform
der
|
pem
-nocrypt
-noiter
-out
file-outform
der
|
pem
-passin
arg-passout
arg-topk8
-v1
alg-v2
algopenssl
this doesn't
matter).
alg is the encryption algorithm to use; valid values include des, des3, and rc2. It is recommended that des3 is used.
openssl pkcs12
-aes128
| -aes192
| -aes256
| -camellia128
| -camellia192
| -camellia256
| -des
| -des3
| -idea
]
[-cacerts
]
[-CAfile
file]
[-caname
name]
[-CApath
directory]
[-certfile
file]
[-certpbe
alg]
[-chain
] [-clcerts
]
[-CSP
name]
[-descert
] [-export
]
[-in
file]
[-info
]
[-inkey
file]
[-keyex
]
[-keypbe
alg]
[-keysig
] [-LMK
]
[-macalg
alg]
[-maciter
]
[-name
name]
[-nocerts
] [-nodes
]
[-noiter
] [-nokeys
]
[-nomac
] [-nomaciter
]
[-nomacver
] [-noout
]
[-out
file]
[-passin
arg]
[-passout
arg]
[-password
arg]
[-twopass
]The pkcs12
command allows PKCS#12 files
(sometimes referred to as PFX files) to be created and parsed. By default, a
PKCS#12 file is parsed; a PKCS#12 file can be created by using the
-export
option.
The options for parsing a PKCS12 file are as follows:
-aes128
|
-aes192
|
-aes256
|
-camellia128
|
-camellia192
|
-camellia256
|
-des
|
-des3
|
-idea
-cacerts
-clcerts
-in
file-info
-nocerts
-nodes
-nokeys
-nomacver
-noout
-out
file-passin
arg-passout
arg-twopass
The options for PKCS12 file creation are as follows:
-CAfile
file-CApath
directoryx509
-hash
) should be
linked to each certificate.-caname
name-certfile
file-certpbe
alg, -keypbe
alglist-cipher-algorithms
command) is specified then
it is used with PKCS#5 v2.0. For interoperability reasons it is advisable
to only use PKCS#12 algorithms.-chain
-CSP
name-descert
-export
-in
file-inkey
file-keyex
|
-keysig
-keysig
option marks the key
for signing only. Signing only keys can be used for S/MIME signing,
authenticode (ActiveX control signing) and SSL client authentication.-LMK
-macalg
alg-maciter
-name
name-nomac
-nomaciter
,
-noiter
To discourage attacks by using large dictionaries of common passwords, the algorithm that derives keys from passwords can have an iteration count applied to it: this causes a certain part of the algorithm to be repeated and slows it down. The MAC is used to check the file integrity but since it will normally have the same password as the keys and certificates it could also be attacked. By default, both MAC and encryption iteration counts are set to 2048; using these options the MAC and encryption iteration counts can be set to 1. Since this reduces the file security you should not use these options unless you really have to. Most software supports both MAC and key iteration counts.
-out
file-passin
arg-passout
arg-password
arg-export
, -password
is
equivalent to -passout
. Otherwise,
-password
is equivalent to
-passin
.openssl pkey
-in
file]
[-inform
der
| pem
]
[-noout
]
[-out
file]
[-outform
der
| pem
]
[-passin
arg]
[-passout
arg]
[-pubin
] [-pubout
]
[-text
] [-text_pub
]The pkey
command processes public or
private keys. They can be converted between various forms and their
components printed out.
The options are as follows:
des3
.-in
file-inform
der
|
pem
-noout
-out
file-outform
der
|
pem
-passin
arg-passout
arg-pubin
-pubout
-text
-text_pub
openssl pkeyparam
[-in
file]
[-noout
] [-out
file] [-text
]
The pkeyparam
command processes public or
private keys. The key type is determined by the PEM headers.
The options are as follows:
openssl pkeyutl
-asn1parse
] [-certin
]
[-decrypt
] [-derive
]
[-encrypt
] [-hexdump
]
[-in
file]
[-inkey
file]
[-keyform
der
| pem
]
[-out
file]
[-passin
arg]
[-peerform
der
| pem
]
[-peerkey
file]
[-pkeyopt
opt:value]
[-pubin
] [-rev
]
[-sigfile
file]
[-sign
] [-verify
]
[-verifyrecover
]The pkeyutl
command can be used to perform
public key operations using any supported algorithm.
The options are as follows:
-asn1parse
-verifyrecover
option when an ASN.1 structure is
signed.-certin
-decrypt
-derive
-encrypt
-hexdump
-in
file-inkey
file-keyform
der
|
pem
-out
file-passin
arg-peerform
der
|
pem
-peerkey
file-pkeyopt
opt:valueThe RSA algorithm supports the encrypt, decrypt, sign, verify, and verifyrecover operations in general. Some padding modes only support some of these operations however.
pkcs1
for
PKCS#1 padding; none
for no padding;
oaep
for OAEP mode;
x931
for X9.31 mode; and
pss
for PSS.
In PKCS#1 padding if the message digest is not set then the supplied data is signed or verified directly instead of using a DigestInfo structure. If a digest is set then a DigestInfo structure is used and its length must correspond to the digest type. For oeap mode only encryption and decryption is supported. For x931 if the digest type is set it is used to format the block data; otherwise the first byte is used to specify the X9.31 digest ID. Sign, verify, and verifyrecover can be performed in this mode. For pss mode only sign and verify are supported and the digest type must be specified.
The DSA algorithm supports the sign and verify operations. Currently there are no additional options other than digest. Only the SHA1 digest can be used and this digest is assumed by default.
The DH algorithm supports the derive operation and no additional options.
The EC algorithm supports the sign, verify, and derive operations. The sign and verify operations use ECDSA and derive uses ECDH. Currently there are no additional options other than digest. Only the SHA1 digest can be used and this digest is assumed by default.
-pubin
-rev
-sigfile
file-sign
-verify
-verifyrecover
openssl prime
[-bits
n]
[-checks
n]
[-generate
] [-hex
]
[-safe
] p
The prime
command is used to generate
prime numbers, or to check numbers for primality. Results are probabilistic:
they have an exceedingly high likelihood of being correct, but are not
guaranteed.
The options are as follows:
-bits
n-generate
.-checks
n-generate
-bits
.-hex
-safe
openssl rand
-base64
] [-hex
]
[-out
file] numThe rand
command outputs
num pseudo-random bytes.
The options are as follows:
openssl req
-addext
ext]
[-asn1-kludge
] [-batch
]
[-config
file]
[-days
n]
[-extensions
section]
[-in
file]
[-inform
der
| pem
]
[-key
keyfile]
[-keyform
der
| pem
]
[-keyout
file]
[-md4
| -md5
| -sha1
]
[-modulus
]
[-multivalue-rdn
]
[-nameopt
option]
[-new
] [-newhdr
]
[-newkey
arg]
[-no-asn1-kludge
] [-nodes
]
[-noout
]
[-out
file]
[-outform
der
| pem
]
[-passin
arg]
[-passout
arg]
[-pkeyopt
opt:value]
[-pubkey
]
[-reqexts
section]
[-reqopt
option]
[-set_serial
n]
[-sigopt
nm:v]
[-subj
arg]
[-subject
] [-text
]
[-utf8
] [-verbose
]
[-verify
] [-x509
]The req
command primarily creates and
processes certificate requests in PKCS#10 format. It can additionally create
self-signed certificates, for use as root CAs, for example.
The options are as follows:
-addext
ext-x509
option is present) or certificate request.
The argument must have the form of a key=value pair as it would appear in
a config file. This option can be given multiple times.-asn1-kludge
-batch
-config
file-days
n-x509
option.-extensions
section, -reqexts
section-x509
) or certificate request extensions, allowing
several different sections to be used in the same configuration file.-in
file-new
and -newkey
are not
specified.-inform
der
|
pem
-key
keyfile-keyform
der
|
pem
-key
argument. The default is
pem
.-keyout
file-md5
|
-sha1
|
-sha256
Some public key algorithms may override this choice. For instance, DSA signatures always use SHA1.
-modulus
-multivalue-rdn
-subj
argument to be
interpreted with full support for multivalued RDNs, for example
"/DC=org/DC=OpenSSL/DC=users/UID=123456+CN=John Doe". If
-multivalue-rdn
is not used, the UID value is set
to "123456+CN=John Doe".-nameopt
option, -reqopt
option-new
If the -key
option is not used, it
will generate a new RSA private key using information specified in the
configuration file.
-newhdr
-newkey
argrsa:nbits generates an RSA key nbits in size. If nbits is omitted the default key size is used.
dsa:file generates a DSA key using the parameters in file.
param:file generates a key using the parameters or certificate in file.
All other algorithms support the form
algorithm:file, where file
may be an algorithm parameter file, created by the
genpkey -genparam
command or an X.509
certificate for a key with appropriate algorithm.
file can be omitted, in which case any parameters
can be specified via the -pkeyopt
option.
-no-asn1-kludge
-asn1-kludge
.-nodes
-noout
-out
file-outform
der
|
pem
-passin
arg-passout
arg-pkeyopt
opt:value-pubkey
-reqopt
option-text
. The
option argument can be a single option or multiple
options separated by commas. See also the discussion of
-certopt
in the x509
command.-set_serial
n-sigopt
nm:v-subj
arg-subject
-x509
is specified).-text
-utf8
-verbose
-verify
-x509
-set_serial
option, 0 is used for the serial
number.The configuration options are specified in the "req" section of the configuration file. The options available are as follows:
attributes
distinguished_name
. Typically these may contain
the challengePassword or unstructuredName types. They are currently
ignored by the openssl
request signing utilities,
but some CAs might want them.default_bits
-new
option is used and can be overridden by using
the -newkey
option.default_keyfile
-keyout
option.default_md
md5
, sha1
and
sha256
(the default). It can be overridden on the
command line.distinguished_name
encrypt_key
-nodes
option.
For compatibility, encrypt_rsa_key
is an
equivalent option.input_password
|
output_password
-passin
and -passout
override the configuration file values.oid_file
oid_section
prompt
distinguished_name
and
attributes
sections.req_extensions
-reqexts
option.string_mask
utf8only
default
pkix
nombstr
MASK
:numberB_ASN1_*
values
from
<openssl/asn1.h>
.utf8
x509_extensions
-x509
switch is
used. It can be overridden by the -extensions
command line switch.There are two separate formats for the distinguished name and
attribute sections. If the -prompt
option is set to
"no", then these sections just consist of field names and values.
If the -prompt
option is absent or not set to
"no", then the file contains field prompting information of the
form:
fieldName="prompt" fieldName_default="default field value" fieldName_min= 2 fieldName_max= 4
"fieldName" is the field name being used, for example
commonName
(or CN). The "prompt" string is
used to ask the user to enter the relevant details. If the user enters
nothing, the default value is used; if no default value is present, the
field is omitted. A field can still be omitted if a default value is
present, if the user just enters the ‘.’ character.
The number of characters entered must be between the fieldName_min
and fieldName_max limits: there may be additional restrictions based on the
field being used (for example countryName
can only
ever be two characters long and must fit in a
PrintableString
).
Some fields (such as organizationName
) can
be used more than once in a DN. This presents a problem because
configuration files will not recognize the same name occurring twice. To
avoid this problem, if the fieldName
contains some
characters followed by a full stop, they will be ignored. So, for example, a
second organizationName
can be input by calling it
"1.organizationName".
The actual permitted field names are any object identifier short
or long names. These are compiled into openssl
and
include the usual values such as commonName
,
countryName
, localityName
,
organizationName
,
organizationalUnitName
,
stateOrProvinceName
. Additionally,
emailAddress
is included as well as
name
, surname
,
givenName
, initials
and
dnQualifier
.
Additional object identifiers can be defined with the
oid_file
or oid_section
options in the configuration file. Any additional fields will be treated as
though they were a DirectoryString
.
openssl rsa
-aes128
| -aes192
| -aes256
| -des
| -des3
]
[-check
]
[-in
file]
[-inform
der
| net
| pem
| pvk
]
[-modulus
] [-noout
]
[-out
file]
[-outform
der
| net
| pem
| pvk
]
[-passin
arg]
[-passout
arg]
[-pubin
] [-pubout
]
[-pvk-none
| -pvk-strong
| -pvk-weak
]
[-RSAPublicKey_in
]
[-RSAPublicKey_out
]
[-sgckey
] [-text
]The rsa
command processes RSA keys. They
can be converted between various forms and their components printed out.
rsa
uses the traditional
SSLeay
compatible format for private key encryption:
newer applications should use the more secure PKCS#8 format using the
pkcs8
utility.
The options are as follows:
-aes128
|
-aes192
|
-aes256
|
-des
|
-des3
rsa
utility to read in an
encrypted key with no encryption option can be used to remove the pass
phrase from a key, or by setting the encryption options it can be used to
add or change the pass phrase. These options can only be used with PEM
format output files.-check
-in
file-inform
der
|
net
|
pem
|
pvk
-noout
-modulus
-out
file-outform
der
|
net
|
pem
|
pvk
-passin
arg-passout
arg-pubin
-pubout
-pvk-none
|
-pvk-strong
|
-pvk-weak
-pvk-strong
.-RSAPublicKey_in
,
-RSAPublicKey_out
-pubin
and -pubout
except RSAPublicKey
format is used instead.-sgckey
-text
openssl rsautl
-asn1parse
] [-certin
]
[-decrypt
] [-encrypt
]
[-hexdump
]
[-in
file]
[-inkey
file]
[-keyform
der
| pem
]
[-oaep
| -pkcs
| -raw
| -x931
]
[-out
file]
[-passin
arg]
[-pubin
] [-rev
]
[-sign
] [-verify
]The rsautl
command can be used to sign,
verify, encrypt and decrypt data using the RSA algorithm.
The options are as follows:
-asn1parse
-verify
option.-certin
-decrypt
-encrypt
-hexdump
-in
file-inkey
file-keyform
der
|
pem
pem
.-oaep
|
-pkcs
| -raw
|
-x931
-pkcs
and -raw
can be
used.-out
file-passin
arg-pubin
-rev
-sign
-verify
openssl s_client
-4
| -6
]
[-alpn
protocols]
[-bugs
]
[-CAfile
file]
[-CApath
directory]
[-cert
file]
[-certform
der
| pem
]
[-check_ss_sig
]
[-cipher
cipherlist]
[-connect
host[:port]]
[-crl_check
]
[-crl_check_all
] [-crlf
]
[-debug
] [-dtls
]
[-dtls1
] [-dtls1_2
]
[-extended_crl
]
[-groups
list]
[-host
host]
[-ign_eof
]
[-ignore_critical
]
[-issuer_checks
]
[-key
keyfile]
[-keyform
der
| pem
]
[-keymatexport
label]
[-keymatexportlen
len]
[-legacy_server_connect
]
[-msg
]
[-mtu
mtu]
[-nbio
] [-nbio_test
]
[-no_comp
] [-no_ign_eof
]
[-no_legacy_server_connect
]
[-no_ticket
] [-no_tls1
]
[-no_tls1_1
] [-no_tls1_2
]
[-no_tls1_3
]
[-pass
arg]
[-pause
] [-policy_check
]
[-port
port]
[-prexit
]
[-proxy
host:port]
[-quiet
] [-reconnect
]
[-servername
name]
[-serverpref
]
[-sess_in
file]
[-sess_out
file]
[-showcerts
]
[-starttls
protocol]
[-state
] [-status
]
[-timeout
] [-tls1
]
[-tls1_1
] [-tls1_2
]
[-tls1_3
] [-tlsextdebug
]
[-use_srtp
profiles]
[-verify
depth]
[-verify_return_error
]
[-x509_strict
]
[-xmpphost
host]The s_client
command implements a generic
SSL/TLS client which connects to a remote host using SSL/TLS.
If a connection is established with an SSL server, any data
received from the server is displayed and any key presses will be sent to
the server. When used interactively (which means neither
-quiet
nor -ign_eof
have
been given), the session will be renegotiated if the line begins with an
R
; if the line begins with a
Q
or if end of file is reached, the connection will
be closed down.
The options are as follows:
-4
-6
-alpn
protocols-bugs
-CAfile
file-CApath
directory-verify
for more information. These are also used
when building the client certificate chain.-cert
file-certform
der
|
pem
pem
.-check_ss_sig
,
-crl_check
, -crl_check_all
,
-extended_crl
,
-ignore_critical
,
-issuer_checks
,
-policy_check
,
-x509_strict
verify
command for details.-cipher
cipherlistciphers
command for more information.-connect
host[:port]-crlf
-debug
-dtls
-dtls1
-dtls1_2
-groups
list-host
host-ign_eof
-key
keyfile-keyform
der
|
pem
pem
.-keymatexport
label-keymatexportlen
len-legacy_server_connect
,
-no_legacy_server_connect
-msg
-mtu
mtu-nbio
-nbio_test
-no_ign_eof
-ign_eof
after
-quiet
.-no_tls1
|
-no_tls1_1
|
-no_tls1_2
|
-no_tls1_3
-no_ticket
-pass
arg-pause
-port
port-prexit
-proxy
host:port-connect
argument is given to
the proxy. If not specified, localhost is used as final destination. After
that, switch the connection through the proxy to the destination to
TLS.-quiet
-ign_eof
as well.-reconnect
-servername
name-showcerts
-serverpref
-sess_in
file-sess_out
file-starttls
protocol-state
-status
-timeout
-tls1
|
-tls1_1
|
-tls1_2
|
-tls1_3
-tlsextdebug
-use_srtp
profiles-verify
depth-verify_return_error
-xmpphost
hostname-starttls
xmpp, specify the host for the "to"
attribute of the stream element. If this option is not specified then the
host specified with -connect
will be used.openssl s_server
-accept
port]
[-alpn
protocols]
[-bugs
]
[-CAfile
file]
[-CApath
directory]
[-cert
file]
[-cert2
file]
[-certform
der
| pem
]
[-cipher
cipherlist]
[-context
id]
[-crl_check
]
[-crl_check_all
] [-crlf
]
[-dcert
file]
[-dcertform
der
| pem
]
[-debug
]
[-dhparam
file]
[-dkey
file]
[-dkeyform
der
| pem
]
[-dpass
arg]
[-dtls
] [-dtls1
]
[-dtls1_2
]
[-groups
list]
[-HTTP
]
[-id_prefix
arg]
[-key
keyfile]
[-key2
keyfile]
[-keyform
der
| pem
]
[-keymatexport
label]
[-keymatexportlen
len]
[-msg
]
[-mtu
mtu]
[-named_curve
arg]
[-nbio
] [-nbio_test
]
[-no_cache
] [-no_dhe
]
[-no_ecdhe
] [-no_ticket
]
[-no_tls1
] [-no_tls1_1
]
[-no_tls1_2
] [-no_tls1_3
]
[-no_tmp_rsa
] [-nocert
]
[-pass
arg]
[-quiet
]
[-servername
name]
[-servername_fatal
]
[-serverpref
] [-state
]
[-status
]
[-status_timeout
nsec]
[-status_url
url]
[-status_verbose
]
[-timeout
] [-tls1
]
[-tls1_1
] [-tls1_2
]
[-tls1_3
] [-tlsextdebug
]
[-use_srtp
profiles]
[-Verify
depth]
[-verify
depth]
[-verify_return_error
]
[-WWW
] [-www
]The s_server
command implements a generic
SSL/TLS server which listens for connections on a given port using
SSL/TLS.
If a connection request is established with a client and neither
the -www
nor the -WWW
option
has been used, then any data received from the client is displayed and any
key presses are sent to the client. Certain single letter commands perform
special operations:
P
Q
q
R
r
S
The options are as follows:
-accept
port-alpn
protocols-bugs
-CAfile
file-CApath
directory-verify
for more information. These are also used
when building the server certificate chain.-cert
file-cert2
file-certform
der
|
pem
pem
.-cipher
cipherlistciphers
command for more information.-context
id-crl_check
,
-crl_check_all
-crl_check_all
checks all CRLs of all CAs in the chain.-crlf
-dcert
file, -dkey
file-cert
and
-key
options except there is no default if they
are not specified (no additional certificate or key is used). By using RSA
and DSS certificates and keys, a server can support clients which only
support RSA or DSS cipher suites by using an appropriate certificate.-dcertform
der
|
pem
,
-dkeyform
der
|
pem
,
-dpass
arg-debug
-dhparam
files_server
program will be used.-dtls
-dtls1
-dtls1_2
-groups
list-HTTP
-id_prefix
arg-key
keyfile-key2
keyfile-keyform
der
|
pem
pem
.-keymatexport
label-keymatexportlen
len-msg
-mtu
mtu-named_curve
arg-groups
instead.-nbio
-nbio_test
-no_cache
-no_dhe
-no_ecdhe
-no_ticket
-no_tls1
|
-no_tls1_1
|
-no_tls1_2
|
-no_tls1_3
-no_tmp_rsa
-nocert
-pass
arg-quiet
-servername
name-servername_fatal
-serverpref
-state
-status
-status_timeout
nsec-status_url
url-status_verbose
-timeout
-tls1
|
-tls1_1
|
-tls1_2
|
-tls1_3
-tlsextdebug
-use_srtp
profiles-verify_return_error
-WWW
-www
-Verify
depth, -verify
depth-Verify
, the
client must supply a certificate or an error occurs; with
-verify
, a certificate is requested but the client
does not have to send one.openssl s_time
-bugs
]
[-CAfile
file]
[-CApath
directory]
[-cert
file]
[-cipher
cipherlist]
[-connect
host[:port]]
[-key
keyfile]
[-nbio
] [-new
]
[-no_shutdown
] [-reuse
]
[-time
seconds]
[-verify
depth]
[-www
page]The s_time
command implements a generic
SSL/TLS client which connects to a remote host using SSL/TLS. It can request
a page from the server and includes the time to transfer the payload data in
its timing measurements. It measures the number of connections within a
given timeframe, the amount of data transferred (if any), and calculates the
average time spent for one connection.
The options are as follows:
-bugs
-CAfile
file-CApath
directoryverify
for
more information. These are also used when building the client certificate
chain.-cert
file-cipher
cipherlistciphers
command for more information.-connect
host[:port]-key
keyfile-nbio
-new
-new
nor -reuse
are specified, they are both on by default and executed in sequence.-no_shutdown
-reuse
-new
nor -reuse
are specified, they are both on by default and executed in sequence.-time
secondss_time
benchmarks to the number of
seconds. The default is 30 seconds.-verify
depth-www
pages_time
will only perform the handshake to
establish SSL connections but not transfer any payload data.openssl sess_id
-cert
]
[-context
ID]
[-in
file]
[-inform
der
| pem
]
[-noout
]
[-out
file]
[-outform
der
| pem
]
[-text
]The sess_id
program processes the encoded
version of the SSL session structure and optionally prints out SSL session
details (for example the SSL session master key) in human-readable
format.
The options are as follows:
-cert
-text
option is also present, then
it will be printed out in text form.-context
ID-in
file-inform
der
|
pem
der
uses an ASN.1 DER-encoded
format containing session details. The precise format can vary from one
version to the next. pem
is the default format: it
consists of the DER format base64-encoded with additional header and
footer lines.-noout
-out
file-outform
der
|
pem
-text
The output of sess_id
is composed as
follows:
Since the SSL session output contains the master key, it is possible to read the contents of an encrypted session using this information. Therefore appropriate security precautions should be taken if the information is being output by a "real" application. This is, however, strongly discouraged and should only be used for debugging purposes.
openssl smime
-aes128
| -aes192
| -aes256
| -des
| -des3
| -rc2-40
| -rc2-64
| -rc2-128
]
[-binary
]
[-CAfile
file]
[-CApath
directory]
[-certfile
file]
[-check_ss_sig
]
[-content
file]
[-crl_check
]
[-crl_check_all
]
[-decrypt
] [-encrypt
]
[-extended_crl
]
[-from
addr]
[-ignore_critical
]
[-in
file]
[-indef
]
[-inform
der
| pem
| smime
]
[-inkey
file]
[-issuer_checks
]
[-keyform
der
| pem
]
[-md
digest]
[-noattr
] [-nocerts
]
[-nochain
] [-nodetach
]
[-noindef
] [-nointern
]
[-nosigs
] [-nosmimecap
]
[-noverify
]
[-out
file]
[-outform
der
| pem
| smime
]
[-passin
arg]
[-pk7out
] [-policy_check
]
[-recip
file]
[-resign
] [-sign
]
[-signer
file]
[-stream
]
[-subject
s]
[-text
]
[-to
addr]
[-verify
] [-x509_strict
]
[cert.pem ...]The smime
command handles S/MIME mail. It
can encrypt, decrypt, sign, and verify S/MIME messages.
The MIME message must be sent without any blank lines between the headers and the output. Some mail programs will automatically add a blank line. Piping the mail directly to an MTA is one way to achieve the correct format.
The supplied message to be signed or encrypted must include the
necessary MIME headers or many S/MIME clients won't display it properly (if
at all). Use the -text
option to automatically add
plain text headers.
A "signed and encrypted" message is one where a signed message is then encrypted. This can be produced by encrypting an already signed message.
There are a number of operations that can be performed, as follows:
-decrypt
-encrypt
-pk7out
-resign
-sign
-verify
The remaining options are as follows:
-aes128
|
-aes192
|
-aes256
|
-des
|
-des3
|
-rc2-40
|
-rc2-64
|
-rc2-128
-encrypt
.-binary
-CAfile
file-verify
.-CApath
directory-verify
. This directory must be a
standard certificate directory: that is, a hash of each subject name
(using x509 -hash
) should be linked to each
certificate.-certfile
file-check_ss_sig
,
-crl_check
, -crl_check_all
,
-extended_crl
,
-ignore_critical
,
-issuer_checks
,
-policy_check
,
-x509_strict
verify
command for details.-content
file-verify
option, and only usable if the PKCS#7
structure is using the detached signature form where the content is not
included. This option will override any content if the input format is
S/MIME and it uses the multipart/signed MIME content type.-from
addr, -subject
s, -to
addr-in
file-indef
-inform
der
|
pem
| smime
-inkey
file-recip
or -signer
file.
When signing, this option can be used multiple times to specify successive
keys.-keyform
der
|
pem
pem
.-md
digest-noattr
-nocerts
-certfile
option, for example).-nochain
-nodetach
-noindef
-nointern
-certfile
.
The supplied certificates can still be used as untrusted CAs.-nosigs
-nosmimecap
-noverify
-out
file-outform
der
|
pem
| smime
pem
and der
change this to write PEM and DER format PKCS#7 structures instead. This
currently only affects the output format of the PKCS#7 structure; if no
PKCS#7 structure is being output (for example with
-verify
or -decrypt
) this
option has no effect.-passin
arg-recip
file-signer
file-stream
-indef
.-text
The exit codes for smime
are as
follows:
openssl speed
-decrypt
]
[-elapsed
]
[-evp
algorithm]
[-mr
]
[-multi
number]The speed
command is used to test the
performance of cryptographic algorithms.
-decrypt
-evp
.-elapsed
-evp
algorithm-mr
-multi
numberopenssl spkac
-challenge
string]
[-in
file]
[-key
keyfile]
[-noout
]
[-out
file]
[-passin
arg]
[-pubkey
]
[-spkac
spkacname]
[-spksect
section]
[-verify
]The spkac
command processes signed public
key and challenge (SPKAC) files. It can print out their contents, verify the
signature, and produce its own SPKACs from a supplied private key.
The options are as follows:
-challenge
string-in
file-key
option is used.-key
keyfile-in
,
-noout
, -spksect
, and
-verify
options are ignored, if present.-noout
-out
file-passin
arg-pubkey
-spkac
spkacname-spksect
section-verify
openssl ts
-query
[-md4
| -md5
| -ripemd160
| -sha1
]
[-cert
]
[-config
configfile]
[-data
file_to_hash]
[-digest
digest_bytes]
[-in
request.tsq]
[-no_nonce
]
[-out
request.tsq]
[-policy
object_id]
[-text
]openssl ts
-reply
[-chain
certs_file.pem]
[-config
configfile]
[-in
response.tsr]
[-inkey
private.pem]
[-out
response.tsr]
[-passin
arg]
[-policy
object_id]
[-queryfile
request.tsq]
[-section
tsa_section]
[-signer
tsa_cert.pem]
[-text
] [-token_in
]
[-token_out
]openssl ts
-verify
[-CAfile
trusted_certs.pem]
[-CApath
trusted_cert_path]
[-data
file_to_hash]
[-digest
digest_bytes]
[-in
response.tsr]
[-queryfile
request.tsq]
[-token_in
]
[-untrusted
cert_file.pem]The ts
command is a basic Time Stamping
Authority (TSA) client and server application as specified in RFC 3161
(Time-Stamp Protocol, TSP). A TSA can be part of a PKI deployment and its
role is to provide long term proof of the existence of specific data. Here
is a brief description of the protocol:
There is one DER-encoded protocol data unit defined for
transporting a time stamp request to the TSA and one for sending the time
stamp response back to the client. The ts
command
has three main functions: creating a time stamp request based on a data
file; creating a time stamp response based on a request; and verifying if a
response corresponds to a particular request or a data file.
There is no support for sending the requests/responses automatically over HTTP or TCP yet as suggested in RFC 3161. Users must send the requests either by FTP or email.
The -query
switch can be used for creating
and printing a time stamp request with the following options:
-cert
-config
configfile-data
file_to_hash-digest
digest_bytes-in
request.tsq-md4
|
-md5
|
-ripemd160
| -sha
|
-sha1
dgst
command. The default is SHA1.-no_nonce
-out
request.tsq-policy
object_id-text
A time stamp response (TimeStampResp) consists of a response
status and the time stamp token itself (ContentInfo), if the token
generation was successful. The -reply
command is for
creating a time stamp response or time stamp token based on a request and
printing the response/token in human-readable format. If
-token_out
is not specified the output is always a
time stamp response (TimeStampResp), otherwise it is a time stamp token
(ContentInfo).
-chain
certs_file.pem-cert
option was used for the request. This file is supposed to contain the
certificate chain for the signer certificate from its issuer upwards. The
-reply
command does not build a certificate chain
automatically.-config
configfile-in
response.tsr-token_in
is also specified) in DER format that
will be written to the output file. This option does not require a
request; it is useful, for example, to examine the content of a response
or token or to extract the time stamp token from a response. If the input
is a token and the output is a time stamp response a default
"granted" status info is added to the token.-inkey
private.pemsigner_key
config file option.-out
response.tsr-text
and
-token_out
). The default is stdout.-passin
arg-policy
object_id-queryfile
request.tsq-section
tsa_section-signer
tsa_cert.pemsigner_cert
variable of the config file.-text
-token_in
-token_out
The -verify
command is for verifying if a
time stamp response or time stamp token is valid and matches a particular
time stamp request or data file. The -verify
command
does not use the configuration file.
-CAfile
trusted_certs.pemverify
for additional details. Either this option
or -CApath
must be specified.-CApath
trusted_cert_pathverify
for additional details. Either this option
or -CAfile
must be specified.-data
file_to_hash-digest
and -queryfile
options must not be specified with this one.-digest
digest_bytes-data
and -queryfile
options must not be specified with
this one.-in
response.tsr-queryfile
request.tsq-data
and -digest
options
must not be specified with this one.-token_in
-untrusted
cert_file.pemOptions specified on the command line always override the settings in the config file:
tsa
section, default_tsa
-reply
option.
This section can be overridden with the -section
command line switch.oid_file
ca
for a description.oid_section
ca
for a description.serial
signer_cert
-signer
command line option.certs
-chain
command line
option.signer_key
-inkey
command line option.default_policy
-policy
command line option.other_policies
digests
accuracy
clock_precision_digits
ordering
tsa_name
ess_cert_id_chain
certs
variable or the
-chain
option is specified then the certificate
identifiers of the chain will also be included in the SigningCertificate
signed attribute. If this variable is set to no, only the signing
certificate identifier is included. The default is no.openssl verify
-CAfile
file]
[-CApath
directory]
[-check_ss_sig
]
[-CRLfile
file]
[-crl_check
]
[-crl_check_all
]
[-explicit_policy
]
[-extended_crl
] [-help
]
[-ignore_critical
]
[-inhibit_any
]
[-inhibit_map
]
[-issuer_checks
]
[-legacy_verify
]
[-policy_check
]
[-purpose
purpose]
[-trusted
file]
[-untrusted
file]
[-verbose
] [-x509_strict
]
[certificates]The verify
command verifies certificate
chains.
The options are as follows:
-CAfile
file-CApath
directory-hash
option of the x509
utility).-check_ss_sig
-CRLfile
file-crl_check
-crl_check_all
-explicit_policy
-extended_crl
-help
-ignore_critical
-inhibit_any
-inhibit_map
-issuer_checks
-legacy_verify
-policy_check
-purpose
purposesslclient
, sslserver
,
nssslserver
, smimesign
,
smimeencrypt
, crlsign
,
any
, and ocsphelper
.-trusted
file-untrusted
file-verbose
-x509_strict
The verify
program uses the same functions
as the internal SSL and S/MIME verification, with one crucial difference:
wherever possible an attempt is made to continue after an error, whereas
normally the verify operation would halt on the first error. This allows all
the problems with a certificate chain to be determined.
The verify operation consists of a number of separate steps. Firstly a certificate chain is built up starting from the supplied certificate and ending in the root CA. It is an error if the whole chain cannot be built up. The chain is built up by looking up the issuer's certificate of the current certificate. If a certificate is found which is its own issuer, it is assumed to be the root CA.
All certificates whose subject name matches the issuer name of the
current certificate are subject to further tests. The relevant authority key
identifier components of the current certificate (if present) must match the
subject key identifier (if present) and issuer and serial number of the
candidate issuer; in addition the keyUsage
extension
of the candidate issuer (if present) must permit certificate signing.
The lookup first looks in the list of untrusted certificates and if no match is found the remaining lookups are from the trusted certificates. The root CA is always looked up in the trusted certificate list: if the certificate to verify is a root certificate, then an exact match must be found in the trusted list.
The second operation is to check every untrusted certificate's
extensions for consistency with the supplied purpose. If the
-purpose
option is not included, then no checks are
done. The supplied or "leaf" certificate must have extensions
compatible with the supplied purpose and all other certificates must also be
valid CA certificates. The precise extensions required are described in more
detail in the X509
section below.
The third operation is to check the trust settings on the root CA. The root CA should be trusted for the supplied purpose. A certificate with no trust settings is considered to be valid for all purposes.
The final operation is to check the validity of the certificate
chain. The validity period is checked against the current system time and
the notBefore
and notAfter
dates in the certificate. The certificate signatures are also checked at
this point.
If all operations complete successfully, the certificate is considered valid. If any operation fails then the certificate is not valid. When a verify operation fails, the output messages can be somewhat cryptic. The general form of the error message is:
server.pem: /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test CA (1024-bit) error 24 at 1 depth lookup:invalid CA certificate
The first line contains the name of the certificate being verified, followed by the subject name of the certificate. The second line contains the error number and the depth. The depth is the number of the certificate being verified when a problem was detected starting with zero for the certificate being verified itself, then 1 for the CA that signed the certificate and so on. Finally a text version of the error number is presented.
An exhaustive list of the error codes and messages is shown below;
this also includes the name of the error code as defined in the header file
<openssl/x509_vfy.h>
. Some
of the error codes are defined but never returned: these are described as
"unused".
SubjectPublicKeyInfo
could not be read.notBefore
date is after the current time.notAfter
date is before the current time.notBefore
field contains an
invalid time.notAfter
field contains an invalid
time.lastUpdate
field contains an invalid
time.nextUpdate
field contains an invalid
time.basicConstraints
pathlength parameter has been
exceeded.-issuer_checks
option is
set.-issuer_checks
option is set.-issuer_checks
option is set.keyUsage
extension does not permit certificate
signing.openssl version
[-abdfopv
]
The version
command is used to print out
version information about openssl
.
The options are as follows:
openssl x509
-C
]
[-addreject
arg]
[-addtrust
arg]
[-alias
]
[-CA
file]
[-CAcreateserial
]
[-CAform
der
| pem
]
[-CAkey
file]
[-CAkeyform
der
| pem
]
[-CAserial
file]
[-certopt
option]
[-checkend
arg]
[-clrext
] [-clrreject
]
[-clrtrust
] [-dates
]
[-days
arg]
[-email
] [-enddate
]
[-extensions
section]
[-extfile
file]
[-fingerprint
] [-hash
]
[-in
file]
[-inform
der
| net
| pem
]
[-issuer
] [-issuer_hash
]
[-issuer_hash_old
]
[-keyform
der
| pem
]
[-md5
| -sha1
]
[-modulus
]
[-nameopt
option]
[-next_serial
] [-noout
]
[-ocsp_uri
] [-ocspid
]
[-out
file]
[-outform
der
| net
| pem
]
[-passin
arg]
[-pubkey
] [-purpose
]
[-req
] [-serial
]
[-set_serial
n]
[-setalias
arg]
[-signkey
file]
[-sigopt
nm:v]
[-startdate
] [-subject
]
[-subject_hash
]
[-subject_hash_old
]
[-text
] [-trustout
]
[-x509toreq
]The x509
command is a multi-purpose
certificate utility. It can be used to display certificate information,
convert certificates to various forms, sign certificate requests like a
"mini CA", or edit certificate trust settings.
The following are x509 input, output, and general purpose options:
-in
file-inform
der
|
net
|
pem
-req
are present.-md5
|
-sha1
-fingerprint
,
-signkey
, and -CA
options.
If not specified, MD5 is used. SHA1 is always used with DSA keys.-out
file-outform
der
|
net
|
pem
-passin
argThe following are x509 display options:
-C
-certopt
option-text
,
either using a list of comma-separated options or by specifying
-certopt
multiple times. The default behaviour is
to print all fields. The options are as follows:
ca_default
no_issuer
,
no_pubkey
, no_header
,
no_version
,
no_sigdump
, and
no_signame
.compatible
ext_default
ext_dump
ext_error
ext_parse
no_aux
no_extensions
no_header
no_issuer
no_pubkey
no_serial
no_sigdump
no_signame
no_subject
no_validity
notBefore
and
notAfter
(validity) fields.no_version
-dates
-email
-enddate
notAfter
date.-fingerprint
-hash
-subject_hash
.-issuer
-issuer_hash
-issuer_hash_old
openssl
versions before 1.0.0.-modulus
-nameopt
option-nameopt
multiple times. The default behaviour is
to use the oneline
format. The options, which can
be preceded by a dash to turn them off, are as follows:
align
compat
dn_rev
dump_all
dump_der
dump_nostr
dump_unknown
openssl
.esc_2253
esc_ctrl
esc_msb
multiline
esc_ctrl
,
esc_msb
,
sep_multiline
,
space_eq
, lname
, and
align
.no_type
nofname
,
sname
, lname
,
oid
nofname
does not display the field at all; sname
uses
the short name form (CN for commonName
, for
example); lname
uses the long form.
oid
represents the OID in numerical form and
is useful for diagnostic purpose.oneline
RFC2253
. Equivalent to
esc_2253
, esc_ctrl
,
esc_msb
, utf8
,
dump_nostr
, dump_der
,
use_quote
,
sep_comma_plus_spc
,
space_eq
, and
sname
.RFC2253
esc_2253
, esc_ctrl
,
esc_msb
, utf8
,
dump_nostr
,
dump_unknown
,
dump_der
,
sep_comma_plus
,
dn_rev
, and
sname
.sep_comma_plus
,
sep_comma_plus_space
,
sep_semi_plus_space
,
sep_multiline
sep_multiline
uses a linefeed
character for the RDN separator and a spaced ‘+’ for the
AVA separator, as well as indenting the fields by four
characters.show_type
space_eq
use_quote
utf8
esc_msb
) may result in the correct display of
multibyte characters. Usually, multibyte characters larger than 0xff
are represented using the format \UXXXX for 16 bits and \WXXXXXXXX for
32 bits, and any UTF8Strings are converted to their character form
first.-next_serial
-noout
-ocsp_uri
-ocspid
-pubkey
-serial
-sigopt
nm:v-startdate
notBefore
date.-subject
-subject_hash
openssl
to form an index to allow certificates in
a directory to be looked up by subject name.-subject_hash_old
openssl
versions before 1.0.0.-text
A trusted certificate is a certificate which has several additional pieces of information attached to it such as the permitted and prohibited uses of the certificate and an alias. When a certificate is being verified, at least one certificate must be trusted. By default, a trusted certificate must be stored locally and be a root CA. The following are x509 trust settings options:
-addreject
arg-addtrust
option.-addtrust
argclientAuth
(SSL client use),
serverAuth
(SSL server use), and
emailProtection
(S/MIME email) are used.-alias
-clrreject
-clrtrust
-purpose
The basicConstraints
extension CA flag
is used to determine whether the certificate can be used as a CA. If the
CA flag is true, it is a CA; if the CA flag is false, it is not a CA.
All CAs should have the CA flag set to true.
If the basicConstraints
extension is
absent, then the certificate is considered to be a possible CA; other
extensions are checked according to the intended use of the certificate.
A warning is given in this case because the certificate should really
not be regarded as a CA. However it is allowed to be a CA to work around
some broken software.
If the certificate is a V1 certificate (and thus has no extensions) and it is self-signed, it is also assumed to be a CA but a warning is again given. This is to work around the problem of Verisign roots which are V1 self-signed certificates.
If the keyUsage
extension is present,
then additional restraints are made on the uses of the certificate. A CA
certificate must have the keyCertSign
bit set if
the keyUsage
extension is present.
The extended key usage extension places additional restrictions on the certificate uses. If this extension is present, whether critical or not, the key can only be used for the purposes specified.
A complete description of each test is given below. The
comments about basicConstraints
and
keyUsage
and V1 certificates above apply to all
CA certificates.
keyUsage
must be
absent or it must have the digitalSignature
bit set. The Netscape certificate type must be absent or it must have
the SSL client bit set.basicConstraints
extension
is absent.keyUsage
must be absent or it must have the
digitalSignature
set, the
keyEncipherment
set, or both bits set. The
Netscape certificate type must be absent or have the SSL server bit
set.basicConstraints
extension is absent.keyEncipherment
bit set if the
keyUsage
extension is present. This isn't
always valid because some cipher suites use the key for digital
signing. Otherwise it is the same as a normal SSL server.digitalSignature
bit must be set if the
keyUsage
extension is present.keyEncipherment
bit must be set if the
keyUsage
extension is present.basicConstraints
extension is absent.keyUsage
extension must be absent or it
must have the CRL signing bit set.basicConstraints
extension must be
present.-setalias
arg-trustout
The x509
utility can be used to sign
certificates and requests: it can thus behave like a mini CA. The following
are x509 signing options:
-CA
filex509
behaves like a mini CA. The input file is
signed by the CA using this option; that is, its issuer name is set to the
subject name of the CA and it is digitally signed using the CA's private
key.
This option is normally combined with the
-req
option. Without the
-req
option, the input is a certificate which
must be self-signed.
-CAcreateserial
-CAform
der
|
pem
pem
.-CAkey
file-CAkeyform
der
|
pem
pem
.-CAserial
fileThe default filename consists of the CA certificate file base name with .srl appended. For example, if the CA certificate file is called mycacert.pem, it expects to find a serial number file called mycacert.srl.
-checkend
arg-clrext
-signkey
or the -CA
options). Normally, all extensions are retained.-days
arg-extensions
section-extfile
file-keyform
der
|
pem
-signkey
option.-req
-set_serial
n-signkey
or -CA
options.
If used in conjunction with the -CA
option, the
serial number file (as specified by the -CAserial
or -CAcreateserial
options) is not used.
The serial number can be decimal or hex (if preceded by ‘0x’). Negative serial numbers can also be specified but their use is not recommended.
-signkey
fileIf the input file is a certificate, it sets the issuer name to
the subject name (i.e. makes it self-signed), changes the public key to
the supplied value, and changes the start and end dates. The start date
is set to the current time and the end date is set to a value determined
by the -days
option. Any certificate extensions
are retained unless the -clrext
option is
supplied.
If the input is a certificate request, a self-signed certificate is created using the supplied private key using the subject name in the request.
-x509toreq
-signkey
option is used to pass the required
private key.Several commands share a common syntax, as detailed below.
Password arguments, typically specified using
-passin
and -passout
for
input and output passwords, allow passwords to be obtained from a variety of
sources. Both of these options take a single argument, described below. If
no password argument is given and a password is required, then the user is
prompted to enter one: this will typically be read from the current terminal
with echoing turned off.
pass
:passwordenv
:varfile
:path-passin
and -passout
, then
the first line will be used for the input password and the next line for
the output password. path need not refer to a
regular file: it could, for example, refer to a device or named pipe.fd
:numberstdin
Input/output formats, typically specified using
-inform
and -outform
,
indicate the format being read from or written to. The argument is case
insensitive.
The following environment variables affect the execution of
openssl
:
OPENSSL_CONF
openssl
.openssl
.x509
certificates.acme-client(1), nc(1), openssl.cnf(5), x509v3.cnf(5), ssl(8), starttls(8)
T. Dierks and C. Allen, The TLS Protocol Version 1.0, RFC 2246, January 1999.
M. Wahl, S. Killie, and T. Howes, Lightweight Directory Access Protocol (v3): UTF-8 String Representation of Distinguished Names, RFC 2253, December 1997.
B. Kaliski, PKCS #7: Cryptographic Message Syntax Version 1.5, RFC 2315, March 1998.
R. Housley, W. Ford, W. Polk, and D. Solo, Internet X.509 Public Key Infrastructure Certificate and CRL Profile, RFC 2459, January 1999.
M. Myers, R. Ankney, A. Malpani, S. Galperin, and C. Adams, X.509 Internet Public Key Infrastructure Online Certificate Status Protocol – OCSP, RFC 2560, June 1999.
R. Housley, Cryptographic Message Syntax, RFC 2630, June 1999.
P. Chown, Advanced Encryption Standard (AES) Ciphersuites for Transport Layer Security (TLS), RFC 3268, June 2002.
March 17, 2021 | OpenBSD-6.9 |