pkey.pod revision 325337
1 2=pod 3 4=head1 NAME 5 6openssl-pkey, 7pkey - public or private key processing tool 8 9=head1 SYNOPSIS 10 11B<openssl> B<pkey> 12[B<-inform PEM|DER>] 13[B<-outform PEM|DER>] 14[B<-in filename>] 15[B<-passin arg>] 16[B<-out filename>] 17[B<-passout arg>] 18[B<-cipher>] 19[B<-text>] 20[B<-text_pub>] 21[B<-noout>] 22[B<-pubin>] 23[B<-pubout>] 24[B<-engine id>] 25 26=head1 DESCRIPTION 27 28The B<pkey> command processes public or private keys. They can be converted 29between various forms and their components printed out. 30 31=head1 COMMAND OPTIONS 32 33=over 4 34 35=item B<-inform DER|PEM> 36 37This specifies the input format DER or PEM. 38 39=item B<-outform DER|PEM> 40 41This specifies the output format, the options have the same meaning as the 42B<-inform> option. 43 44=item B<-in filename> 45 46This specifies the input filename to read a key from or standard input if this 47option is not specified. If the key is encrypted a pass phrase will be 48prompted for. 49 50=item B<-passin arg> 51 52the input file password source. For more information about the format of B<arg> 53see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)|openssl(1)>. 54 55=item B<-out filename> 56 57This specifies the output filename to write a key to or standard output if this 58option is not specified. If any encryption options are set then a pass phrase 59will be prompted for. The output filename should B<not> be the same as the input 60filename. 61 62=item B<-passout password> 63 64the output file password source. For more information about the format of B<arg> 65see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)|openssl(1)>. 66 67=item B<-cipher> 68 69These options encrypt the private key with the supplied cipher. Any algorithm 70name accepted by EVP_get_cipherbyname() is acceptable such as B<des3>. 71 72=item B<-text> 73 74prints out the various public or private key components in 75plain text in addition to the encoded version. 76 77=item B<-text_pub> 78 79print out only public key components even if a private key is being processed. 80 81=item B<-noout> 82 83do not output the encoded version of the key. 84 85=item B<-pubin> 86 87by default a private key is read from the input file: with this 88option a public key is read instead. 89 90=item B<-pubout> 91 92by default a private key is output: with this option a public 93key will be output instead. This option is automatically set if 94the input is a public key. 95 96=item B<-engine id> 97 98specifying an engine (by its unique B<id> string) will cause B<pkey> 99to attempt to obtain a functional reference to the specified engine, 100thus initialising it if needed. The engine will then be set as the default 101for all available algorithms. 102 103=back 104 105=head1 EXAMPLES 106 107To remove the pass phrase on an RSA private key: 108 109 openssl pkey -in key.pem -out keyout.pem 110 111To encrypt a private key using triple DES: 112 113 openssl pkey -in key.pem -des3 -out keyout.pem 114 115To convert a private key from PEM to DER format: 116 117 openssl pkey -in key.pem -outform DER -out keyout.der 118 119To print out the components of a private key to standard output: 120 121 openssl pkey -in key.pem -text -noout 122 123To print out the public components of a private key to standard output: 124 125 openssl pkey -in key.pem -text_pub -noout 126 127To just output the public part of a private key: 128 129 openssl pkey -in key.pem -pubout -out pubkey.pem 130 131=head1 SEE ALSO 132 133L<genpkey(1)|genpkey(1)>, L<rsa(1)|rsa(1)>, L<pkcs8(1)|pkcs8(1)>, 134L<dsa(1)|dsa(1)>, L<genrsa(1)|genrsa(1)>, L<gendsa(1)|gendsa(1)> 135 136=cut 137