[thirdparty/openssl.git] / doc / apps / pkey.pod


=pod

=head1 NAME

pkey - public or private key processing tool

=head1 SYNOPSIS

B<openssl> B<pkey>
[B<-help>]
[B<-inform PEM|DER>]
[B<-outform PEM|DER>]
[B<-in filename>]
[B<-passin arg>]
[B<-out filename>]
[B<-passout arg>]
[B<-cipher>]
[B<-text>]
[B<-text_pub>]
[B<-noout>]
[B<-pubin>]
[B<-pubout>]
[B<-engine id>]

=head1 DESCRIPTION

The B<pkey> command processes public or private keys. They can be converted
between various forms and their components printed out.

=head1 COMMAND OPTIONS

=over 4

=item B<-help>

Print out a usage message.

=item B<-inform DER|PEM>

This specifies the input format DER or PEM.

=item B<-outform DER|PEM>

This specifies the output format, the options have the same meaning as the 
B<-inform> option.

=item B<-in filename>

This specifies the input filename to read a key from or standard input if this
option is not specified. If the key is encrypted a pass phrase will be
prompted for.

=item B<-passin arg>

the input file password source. For more information about the format of B<arg>
see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)>.

=item B<-out filename>

This specifies the output filename to write a key to or standard output if this
option is not specified. If any encryption options are set then a pass phrase
will be prompted for. The output filename should B<not> be the same as the input
filename.

=item B<-passout password>

the output file password source. For more information about the format of B<arg>
see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)>.

=item B<-cipher>

These options encrypt the private key with the supplied cipher. Any algorithm
name accepted by EVP_get_cipherbyname() is acceptable such as B<des3>.

=item B<-text>

prints out the various public or private key components in
plain text in addition to the encoded version. 

=item B<-text_pub>

print out only public key components even if a private key is being processed.

=item B<-noout>

do not output the encoded version of the key.

=item B<-pubin>

by default a private key is read from the input file: with this
option a public key is read instead.

=item B<-pubout>

by default a private key is output: with this option a public
key will be output instead. This option is automatically set if
the input is a public key.

=item B<-engine id>

specifying an engine (by its unique B<id> string) will cause B<pkey>
to attempt to obtain a functional reference to the specified engine,
thus initialising it if needed. The engine will then be set as the default
for all available algorithms.

=back

=head1 EXAMPLES

To remove the pass phrase on an RSA private key:

 openssl pkey -in key.pem -out keyout.pem

To encrypt a private key using triple DES:

 openssl pkey -in key.pem -des3 -out keyout.pem

To convert a private key from PEM to DER format: 

 openssl pkey -in key.pem -outform DER -out keyout.der

To print out the components of a private key to standard output:

 openssl pkey -in key.pem -text -noout

To print out the public components of a private key to standard output:

 openssl pkey -in key.pem -text_pub -noout

To just output the public part of a private key:

 openssl pkey -in key.pem -pubout -out pubkey.pem

=head1 SEE ALSO

L<genpkey(1)>, L<rsa(1)>, L<pkcs8(1)>,
L<dsa(1)>, L<genrsa(1)>, L<gendsa(1)> 

=cut
Commit	Line	Data
49131a7d DSH	1
	2	=pod
	3
	4	=head1 NAME
	5
	6	pkey - public or private key processing tool
	7
	8	=head1 SYNOPSIS
	9
	10	B<openssl> B<pkey>
169394d4	11	[B<-help>]
49131a7d DSH	12	[B<-inform PEM\|DER>]
	13	[B<-outform PEM\|DER>]
	14	[B<-in filename>]
	15	[B<-passin arg>]
	16	[B<-out filename>]
	17	[B<-passout arg>]
	18	[B<-cipher>]
	19	[B<-text>]
	20	[B<-text_pub>]
	21	[B<-noout>]
	22	[B<-pubin>]
	23	[B<-pubout>]
	24	[B<-engine id>]
	25
	26	=head1 DESCRIPTION
	27
	28	The B<pkey> command processes public or private keys. They can be converted
	29	between various forms and their components printed out.
	30
	31	=head1 COMMAND OPTIONS
	32
	33	=over 4
	34
169394d4 MR	35	=item B<-help>
	36
	37	Print out a usage message.
	38
49131a7d DSH	39	=item B<-inform DER\|PEM>
	40
	41	This specifies the input format DER or PEM.
	42
	43	=item B<-outform DER\|PEM>
	44
	45	This specifies the output format, the options have the same meaning as the
	46	B<-inform> option.
	47
	48	=item B<-in filename>
	49
	50	This specifies the input filename to read a key from or standard input if this
	51	option is not specified. If the key is encrypted a pass phrase will be
	52	prompted for.
	53
	54	=item B<-passin arg>
	55
	56	the input file password source. For more information about the format of B<arg>
9b86974e	57	see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)>.
49131a7d DSH	58
	59	=item B<-out filename>
	60
	61	This specifies the output filename to write a key to or standard output if this
	62	option is not specified. If any encryption options are set then a pass phrase
	63	will be prompted for. The output filename should B<not> be the same as the input
	64	filename.
	65
	66	=item B<-passout password>
	67
	68	the output file password source. For more information about the format of B<arg>
9b86974e	69	see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)>.
49131a7d DSH	70
	71	=item B<-cipher>
	72
	73	These options encrypt the private key with the supplied cipher. Any algorithm
	74	name accepted by EVP_get_cipherbyname() is acceptable such as B<des3>.
	75
	76	=item B<-text>
	77
	78	prints out the various public or private key components in
	79	plain text in addition to the encoded version.
	80
	81	=item B<-text_pub>
	82
	83	print out only public key components even if a private key is being processed.
	84
	85	=item B<-noout>
	86
	87	do not output the encoded version of the key.
	88
	89	=item B<-pubin>
	90
	91	by default a private key is read from the input file: with this
	92	option a public key is read instead.
	93
	94	=item B<-pubout>
	95
	96	by default a private key is output: with this option a public
	97	key will be output instead. This option is automatically set if
	98	the input is a public key.
	99
	100	=item B<-engine id>
	101
e5fa864f	102	specifying an engine (by its unique B<id> string) will cause B<pkey>
49131a7d DSH	103	to attempt to obtain a functional reference to the specified engine,
	104	thus initialising it if needed. The engine will then be set as the default
	105	for all available algorithms.
	106
	107	=back
	108
	109	=head1 EXAMPLES
	110
	111	To remove the pass phrase on an RSA private key:
	112
	113	openssl pkey -in key.pem -out keyout.pem
	114
	115	To encrypt a private key using triple DES:
	116
	117	openssl pkey -in key.pem -des3 -out keyout.pem
	118
	119	To convert a private key from PEM to DER format:
	120
	121	openssl pkey -in key.pem -outform DER -out keyout.der
	122
	123	To print out the components of a private key to standard output:
	124
	125	openssl pkey -in key.pem -text -noout
	126
	127	To print out the public components of a private key to standard output:
	128
	129	openssl pkey -in key.pem -text_pub -noout
	130
	131	To just output the public part of a private key:
	132
	133	openssl pkey -in key.pem -pubout -out pubkey.pem
	134
	135	=head1 SEE ALSO
	136
9b86974e RS	137	L<genpkey(1)>, L<rsa(1)>, L<pkcs8(1)>,
9b86974e RS	138	L<dsa(1)>, L<genrsa(1)>, L<gendsa(1)>
49131a7d DSH	139
49131a7d DSH	140	=cut