1126261Smlaier 2126258Smlaier=pod 3126258Smlaier 4126258Smlaier=head1 NAME 5126258Smlaier 6126258Smlaieropenssl - OpenSSL command line tool 7126258Smlaier 8126258Smlaier=head1 SYNOPSIS 9126258Smlaier 10126258SmlaierB<openssl> 11126258SmlaierI<command> 12126258Smlaier[ I<command_opts> ] 13126258Smlaier[ I<command_args> ] 14126258Smlaier 15126258SmlaierB<openssl> [ B<list-standard-commands> | B<list-message-digest-commands> | B<list-cipher-commands> ] 16126258Smlaier 17126258SmlaierB<openssl> B<no->I<XXX> [ I<arbitrary options> ] 18126258Smlaier 19126258Smlaier=head1 DESCRIPTION 20126258Smlaier 21126258SmlaierOpenSSL is a cryptography toolkit implementing the Secure Sockets Layer (SSL 22126258Smlaierv2/v3) and Transport Layer Security (TLS v1) network protocols and related 23126258Smlaiercryptography standards required by them. 24126258Smlaier 25126258SmlaierThe B<openssl> program is a command line tool for using the various 26126258Smlaiercryptography functions of OpenSSL's B<crypto> library from the shell. 27126258SmlaierIt can be used for 28126258Smlaier 29126258Smlaier o Creation of RSA, DH and DSA key parameters 30126258Smlaier o Creation of X.509 certificates, CSRs and CRLs 31126258Smlaier o Calculation of Message Digests 32126258Smlaier o Encryption and Decryption with Ciphers 33126258Smlaier o SSL/TLS Client and Server Tests 34126258Smlaier o Handling of S/MIME signed or encrypted mail 35126258Smlaier 36126258Smlaier=head1 COMMAND SUMMARY 37126258Smlaier 38126261SmlaierThe B<openssl> program provides a rich variety of commands (I<command> in the 39126261SmlaierSYNOPSIS above), each of which often has a wealth of options and arguments 40126261Smlaier(I<command_opts> and I<command_args> in the SYNOPSIS). 41126261Smlaier 42126261SmlaierThe pseudo-commands B<list-standard-commands>, B<list-message-digest-commands>, 43126261Smlaierand B<list-cipher-commands> output a list (one entry per line) of the names 44126261Smlaierof all standard commands, message digest commands, or cipher commands, 45126261Smlaierrespectively, that are available in the present B<openssl> utility. 46126261Smlaier 47126261SmlaierThe pseudo-command B<no->I<XXX> tests whether a command of the 48126261Smlaierspecified name is available. If no command named I<XXX> exists, it 49126261Smlaierreturns 0 (success) and prints B<no->I<XXX>; otherwise it returns 1 50126258Smlaierand prints I<XXX>. In both cases, the output goes to B<stdout> and 51126258Smlaiernothing is printed to B<stderr>. Additional command line arguments 52126258Smlaierare always ignored. Since for each cipher there is a command of the 53126261Smlaiersame name, this provides an easy way for shell scripts to test for the 54126258Smlaieravailability of ciphers in the B<openssl> program. (B<no->I<XXX> is 55126258Smlaiernot able to detect pseudo-commands such as B<quit>, 56126258SmlaierB<list->I<...>B<-commands>, or B<no->I<XXX> itself.) 57126258Smlaier 58126258Smlaier=head2 STANDARD COMMANDS 59126258Smlaier 60126258Smlaier=over 10 61126258Smlaier 62126258Smlaier=item L<B<asn1parse>|asn1parse(1)> 63126261Smlaier 64126261SmlaierParse an ASN.1 sequence. 65126261Smlaier 66126258Smlaier=item L<B<ca>|ca(1)> 67126261Smlaier 68126258SmlaierCertificate Authority (CA) Management. 69126258Smlaier 70126258Smlaier=item L<B<ciphers>|ciphers(1)> 71126258Smlaier 72126258SmlaierCipher Suite Description Determination. 73126258Smlaier 74126258Smlaier=item L<B<crl>|crl(1)> 75126258Smlaier 76126258SmlaierCertificate Revocation List (CRL) Management. 77126258Smlaier 78126258Smlaier=item L<B<crl2pkcs7>|crl2pkcs7(1)> 79126258Smlaier 80126258SmlaierCRL to PKCS#7 Conversion. 81126258Smlaier 82126258Smlaier=item L<B<dgst>|dgst(1)> 83126258Smlaier 84126258SmlaierMessage Digest Calculation. 85126258Smlaier 86126258Smlaier=item B<dh> 87126258Smlaier 88126258SmlaierDiffie-Hellman Parameter Management. 89126261SmlaierObsoleted by L<B<dhparam>|dhparam(1)>. 90126258Smlaier 91126261Smlaier=item L<B<dsa>|dsa(1)> 92126258Smlaier 93126258SmlaierDSA Data Management. 94126258Smlaier 95126258Smlaier=item L<B<dsaparam>|dsaparam(1)> 96126258Smlaier 97126258SmlaierDSA Parameter Generation. 98126258Smlaier 99126258Smlaier=item L<B<enc>|enc(1)> 100126258Smlaier 101126261SmlaierEncoding with Ciphers. 102126261Smlaier 103126261Smlaier=item L<B<errstr>|errstr(1)> 104126261Smlaier 105126258SmlaierError Number to Error String Conversion. 106126258Smlaier 107126258Smlaier=item L<B<dhparam>|dhparam(1)> 108126258Smlaier 109126258SmlaierGeneration and Management of Diffie-Hellman Parameters. 110126258Smlaier 111126261Smlaier=item B<gendh> 112126261Smlaier 113126261SmlaierGeneration of Diffie-Hellman Parameters. 114126261SmlaierObsoleted by L<B<dhparam>|dhparam(1)>. 115126261Smlaier 116126261Smlaier=item L<B<gendsa>|gendsa(1)> 117126261Smlaier 118126261SmlaierGeneration of DSA Parameters. 119126261Smlaier 120126258Smlaier=item L<B<genrsa>|genrsa(1)> 121126261Smlaier 122126261SmlaierGeneration of RSA Parameters. 123126261Smlaier 124126261Smlaier=item L<B<ocsp>|ocsp(1)> 125126261Smlaier 126126261SmlaierOnline Certificate Status Protocol utility. 127126261Smlaier 128126261Smlaier=item L<B<passwd>|passwd(1)> 129126258Smlaier 130126258SmlaierGeneration of hashed passwords. 131126258Smlaier 132126258Smlaier=item L<B<pkcs12>|pkcs12(1)> 133126258Smlaier 134126258SmlaierPKCS#12 Data Management. 135126258Smlaier 136126258Smlaier=item L<B<pkcs7>|pkcs7(1)> 137126258Smlaier 138126258SmlaierPKCS#7 Data Management. 139126258Smlaier 140126258Smlaier=item L<B<rand>|rand(1)> 141126258Smlaier 142126258SmlaierGenerate pseudo-random bytes. 143126258Smlaier 144126258Smlaier=item L<B<req>|req(1)> 145126258Smlaier 146126258SmlaierX.509 Certificate Signing Request (CSR) Management. 147126258Smlaier 148126258Smlaier=item L<B<rsa>|rsa(1)> 149126261Smlaier 150126261SmlaierRSA Data Management. 151126261Smlaier 152126258Smlaier=item L<B<rsautl>|rsautl(1)> 153126261Smlaier 154126258SmlaierRSA utility for signing, verification, encryption, and decryption. 155126261Smlaier 156126261Smlaier=item L<B<s_client>|s_client(1)> 157126261Smlaier 158126261SmlaierThis implements a generic SSL/TLS client which can establish a transparent 159126261Smlaierconnection to a remote server speaking SSL/TLS. It's intended for testing 160126258Smlaierpurposes only and provides only rudimentary interface functionality but 161126258Smlaierinternally uses mostly all functionality of the OpenSSL B<ssl> library. 162126261Smlaier 163126258Smlaier=item L<B<s_server>|s_server(1)> 164126258Smlaier 165126261SmlaierThis implements a generic SSL/TLS server which accepts connections from remote 166126261Smlaierclients speaking SSL/TLS. It's intended for testing purposes only and provides 167126261Smlaieronly rudimentary interface functionality but internally uses mostly all 168126258Smlaierfunctionality of the OpenSSL B<ssl> library. It provides both an own command 169126258Smlaierline oriented protocol for testing SSL functions and a simple HTTP response 170126258Smlaierfacility to emulate an SSL/TLS-aware webserver. 171126258Smlaier 172126258Smlaier=item L<B<s_time>|s_time(1)> 173126258Smlaier 174126258SmlaierSSL Connection Timer. 175126258Smlaier 176126258Smlaier=item L<B<sess_id>|sess_id(1)> 177126258Smlaier 178126258SmlaierSSL Session Data Management. 179126258Smlaier 180126258Smlaier=item L<B<smime>|smime(1)> 181126258Smlaier 182126258SmlaierS/MIME mail processing. 183126258Smlaier 184126258Smlaier=item L<B<speed>|speed(1)> 185126258Smlaier 186126258SmlaierAlgorithm Speed Measurement. 187126258Smlaier 188126258Smlaier=item L<B<verify>|verify(1)> 189126258Smlaier 190126258SmlaierX.509 Certificate Verification. 191126258Smlaier 192126258Smlaier=item L<B<version>|version(1)> 193126258Smlaier 194126258SmlaierOpenSSL Version Information. 195126258Smlaier 196126258Smlaier=item L<B<x509>|x509(1)> 197126258Smlaier 198126258SmlaierX.509 Certificate Data Management. 199126258Smlaier 200126258Smlaier=back 201126258Smlaier 202126258Smlaier=head2 MESSAGE DIGEST COMMANDS 203126258Smlaier 204126258Smlaier=over 10 205126258Smlaier 206126258Smlaier=item B<md2> 207126258Smlaier 208126258SmlaierMD2 Digest 209126258Smlaier 210126258Smlaier=item B<md5> 211126258Smlaier 212126258SmlaierMD5 Digest 213126258Smlaier 214126258Smlaier=item B<mdc2> 215126258Smlaier 216126258SmlaierMDC2 Digest 217126258Smlaier 218126258Smlaier=item B<rmd160> 219126258Smlaier 220126258SmlaierRMD-160 Digest 221126258Smlaier 222126258Smlaier=item B<sha> 223126258Smlaier 224126258SmlaierSHA Digest 225126258Smlaier 226126258Smlaier=item B<sha1> 227126258Smlaier 228126258SmlaierSHA-1 Digest 229126258Smlaier 230126258Smlaier=item B<sha224> 231126258Smlaier 232126258SmlaierSHA-224 Digest 233126258Smlaier 234126258Smlaier=item B<sha256> 235126258Smlaier 236126258SmlaierSHA-256 Digest 237126258Smlaier 238126258Smlaier=item B<sha384> 239126258Smlaier 240126258SmlaierSHA-384 Digest 241126258Smlaier 242126258Smlaier=item B<sha512> 243126258Smlaier 244126258SmlaierSHA-512 Digest 245126258Smlaier 246126258Smlaier=back 247126258Smlaier 248126258Smlaier=head2 ENCODING AND CIPHER COMMANDS 249126258Smlaier 250126258Smlaier=over 10 251126258Smlaier 252126258Smlaier=item B<base64> 253126258Smlaier 254126258SmlaierBase64 Encoding 255126258Smlaier 256126258Smlaier=item B<bf bf-cbc bf-cfb bf-ecb bf-ofb> 257126258Smlaier 258126258SmlaierBlowfish Cipher 259126258Smlaier 260126258Smlaier=item B<cast cast-cbc> 261126258Smlaier 262126261SmlaierCAST Cipher 263126261Smlaier 264126261Smlaier=item B<cast5-cbc cast5-cfb cast5-ecb cast5-ofb> 265126258Smlaier 266126261SmlaierCAST5 Cipher 267126261Smlaier 268126261Smlaier=item B<des des-cbc des-cfb des-ecb des-ede des-ede-cbc des-ede-cfb des-ede-ofb des-ofb> 269126258Smlaier 270126258SmlaierDES Cipher 271126261Smlaier 272126258Smlaier=item B<des3 desx des-ede3 des-ede3-cbc des-ede3-cfb des-ede3-ofb> 273126258Smlaier 274126258SmlaierTriple-DES Cipher 275126258Smlaier 276126258Smlaier=item B<idea idea-cbc idea-cfb idea-ecb idea-ofb> 277126258Smlaier 278126258SmlaierIDEA Cipher 279126258Smlaier 280126258Smlaier=item B<rc2 rc2-cbc rc2-cfb rc2-ecb rc2-ofb> 281126258Smlaier 282126258SmlaierRC2 Cipher 283126258Smlaier 284126258Smlaier=item B<rc4> 285126258Smlaier 286126258SmlaierRC4 Cipher 287126258Smlaier 288126258Smlaier=item B<rc5 rc5-cbc rc5-cfb rc5-ecb rc5-ofb> 289126258Smlaier 290126258SmlaierRC5 Cipher 291126258Smlaier 292126258Smlaier=back 293126258Smlaier 294126258Smlaier=head1 PASS PHRASE ARGUMENTS 295126258Smlaier 296126258SmlaierSeveral commands accept password arguments, typically using B<-passin> 297126258Smlaierand B<-passout> for input and output passwords respectively. These allow 298126258Smlaierthe password to be obtained from a variety of sources. Both of these 299126258Smlaieroptions take a single argument whose format is described below. If no 300126258Smlaierpassword argument is given and a password is required then the user is 301126258Smlaierprompted to enter one: this will typically be read from the current 302126258Smlaierterminal with echoing turned off. 303126258Smlaier 304126258Smlaier=over 10 305126258Smlaier 306126258Smlaier=item B<pass:password> 307126258Smlaier 308126258Smlaierthe actual password is B<password>. Since the password is visible 309126258Smlaierto utilities (like 'ps' under Unix) this form should only be used 310126258Smlaierwhere security is not important. 311126258Smlaier 312126258Smlaier=item B<env:var> 313126258Smlaier 314126258Smlaierobtain the password from the environment variable B<var>. Since 315126258Smlaierthe environment of other processes is visible on certain platforms 316126258Smlaier(e.g. ps under certain Unix OSes) this option should be used with caution. 317126258Smlaier 318126258Smlaier=item B<file:pathname> 319126258Smlaier 320126258Smlaierthe first line of B<pathname> is the password. If the same B<pathname> 321126258Smlaierargument is supplied to B<-passin> and B<-passout> arguments then the first 322126258Smlaierline will be used for the input password and the next line for the output 323126258Smlaierpassword. B<pathname> need not refer to a regular file: it could for example 324126258Smlaierrefer to a device or named pipe. 325126258Smlaier 326126258Smlaier=item B<fd:number> 327126258Smlaier 328126258Smlaierread the password from the file descriptor B<number>. This can be used to 329126258Smlaiersend the data via a pipe for example. 330126258Smlaier 331126258Smlaier=item B<stdin> 332126258Smlaier 333126258Smlaierread the password from standard input. 334126258Smlaier 335126258Smlaier=back 336126258Smlaier 337126258Smlaier=head1 SEE ALSO 338126258Smlaier 339126258SmlaierL<asn1parse(1)|asn1parse(1)>, L<ca(1)|ca(1)>, L<config(5)|config(5)>, 340126258SmlaierL<crl(1)|crl(1)>, L<crl2pkcs7(1)|crl2pkcs7(1)>, L<dgst(1)|dgst(1)>, 341126258SmlaierL<dhparam(1)|dhparam(1)>, L<dsa(1)|dsa(1)>, L<dsaparam(1)|dsaparam(1)>, 342126258SmlaierL<enc(1)|enc(1)>, L<gendsa(1)|gendsa(1)>, 343126258SmlaierL<genrsa(1)|genrsa(1)>, L<nseq(1)|nseq(1)>, L<openssl(1)|openssl(1)>, 344126258SmlaierL<passwd(1)|passwd(1)>, 345126258SmlaierL<pkcs12(1)|pkcs12(1)>, L<pkcs7(1)|pkcs7(1)>, L<pkcs8(1)|pkcs8(1)>, 346126258SmlaierL<rand(1)|rand(1)>, L<req(1)|req(1)>, L<rsa(1)|rsa(1)>, 347126258SmlaierL<rsautl(1)|rsautl(1)>, L<s_client(1)|s_client(1)>, 348126258SmlaierL<s_server(1)|s_server(1)>, L<s_time(1)|s_time(1)>, 349126258SmlaierL<smime(1)|smime(1)>, L<spkac(1)|spkac(1)>, 350126258SmlaierL<verify(1)|verify(1)>, L<version(1)|version(1)>, L<x509(1)|x509(1)>, 351126258SmlaierL<crypto(3)|crypto(3)>, L<ssl(3)|ssl(3)> 352126258Smlaier 353126258Smlaier=head1 HISTORY 354126258Smlaier 355126258SmlaierThe openssl(1) document appeared in OpenSSL 0.9.2. 356126258SmlaierThe B<list->I<XXX>B<-commands> pseudo-commands were added in OpenSSL 0.9.3; 357126258Smlaierthe B<no->I<XXX> pseudo-commands were added in OpenSSL 0.9.5a. 358126258SmlaierFor notes on the availability of other commands, see their individual 359126258Smlaiermanual pages. 360126258Smlaier 361126258Smlaier=cut 362126258Smlaier