1 2=pod 3 4=head1 NAME 5 6pkey - public or private key processing tool 7 8=head1 SYNOPSIS 9 10B<openssl> B<pkey> 11[B<-inform PEM|DER>] 12[B<-outform PEM|DER>] 13[B<-in filename>] 14[B<-passin arg>] 15[B<-out filename>] 16[B<-passout arg>] 17[B<-cipher>] 18[B<-text>] 19[B<-text_pub>] 20[B<-noout>] 21[B<-pubin>] 22[B<-pubout>] 23[B<-engine id>] 24 25=head1 DESCRIPTION 26 27The B<pkey> command processes public or private keys. They can be converted 28between various forms and their components printed out. 29 30=head1 COMMAND OPTIONS 31 32=over 4 33 34=item B<-inform DER|PEM> 35 36This specifies the input format DER or PEM. 37 38=item B<-outform DER|PEM> 39 40This specifies the output format, the options have the same meaning as the 41B<-inform> option. 42 43=item B<-in filename> 44 45This specifies the input filename to read a key from or standard input if this 46option is not specified. If the key is encrypted a pass phrase will be 47prompted for. 48 49=item B<-passin arg> 50 51the input file password source. For more information about the format of B<arg> 52see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)|openssl(1)>. 53 54=item B<-out filename> 55 56This specifies the output filename to write a key to or standard output if this 57option is not specified. If any encryption options are set then a pass phrase 58will be prompted for. The output filename should B<not> be the same as the input 59filename. 60 61=item B<-passout password> 62 63the output file password source. For more information about the format of B<arg> 64see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)|openssl(1)>. 65 66=item B<-cipher> 67 68These options encrypt the private key with the supplied cipher. Any algorithm 69name accepted by EVP_get_cipherbyname() is acceptable such as B<des3>. 70 71=item B<-text> 72 73prints out the various public or private key components in 74plain text in addition to the encoded version. 75 76=item B<-text_pub> 77 78print out only public key components even if a private key is being processed. 79 80=item B<-noout> 81 82do not output the encoded version of the key. 83 84=item B<-pubin> 85 86by default a private key is read from the input file: with this 87option a public key is read instead. 88 89=item B<-pubout> 90 91by default a private key is output: with this option a public 92key will be output instead. This option is automatically set if 93the input is a public key. 94 95=item B<-engine id> 96 97specifying an engine (by its unique B<id> string) will cause B<pkey> 98to attempt to obtain a functional reference to the specified engine, 99thus initialising it if needed. The engine will then be set as the default 100for all available algorithms. 101 102=back 103 104=head1 EXAMPLES 105 106To remove the pass phrase on an RSA private key: 107 108 openssl pkey -in key.pem -out keyout.pem 109 110To encrypt a private key using triple DES: 111 112 openssl pkey -in key.pem -des3 -out keyout.pem 113 114To convert a private key from PEM to DER format: 115 116 openssl pkey -in key.pem -outform DER -out keyout.der 117 118To print out the components of a private key to standard output: 119 120 openssl pkey -in key.pem -text -noout 121 122To print out the public components of a private key to standard output: 123 124 openssl pkey -in key.pem -text_pub -noout 125 126To just output the public part of a private key: 127 128 openssl pkey -in key.pem -pubout -out pubkey.pem 129 130=head1 SEE ALSO 131 132L<genpkey(1)|genpkey(1)>, L<rsa(1)|rsa(1)>, L<pkcs8(1)|pkcs8(1)>, 133L<dsa(1)|dsa(1)>, L<genrsa(1)|genrsa(1)>, L<gendsa(1)|gendsa(1)> 134 135=cut 136