[thirdparty/openssl.git] / doc / man1 / openssl-pkey.pod

=pod

=head1 NAME

openssl-pkey - public or private key processing tool

=head1 SYNOPSIS

B<openssl> B<pkey>
[B<-help>]
[B<-inform> B<DER>|B<PEM>]
[B<-outform> B<DER>|B<PEM>]
[B<-in> I<filename>]
[B<-passin> I<arg>]
[B<-out> I<filename>]
[B<-passout> I<arg>]
[B<-traditional>]
[B<-I<cipher>>]
[B<-text>]
[B<-text_pub>]
[B<-noout>]
[B<-pubin>]
[B<-pubout>]
[B<-engine> I<id>]
[B<-check>]
[B<-pubcheck>]

=for comment ifdef engine

=head1 DESCRIPTION

This command processes public or private keys. They can be
converted between various forms and their components printed out.

=head1 OPTIONS

=over 4

=item B<-help>

Print out a usage message.

=item B<-inform> B<DER>|B<PEM>

This specifies the input format DER or PEM. The default format is PEM.

=item B<-outform> B<DER>|B<PEM>

This specifies the output format, the options have the same meaning and default
as the B<-inform> option.

=item B<-in> I<filename>

This specifies the input filename to read a key from or standard input if this
option is not specified. If the key is encrypted a pass phrase will be
prompted for.

=item B<-passin> I<arg>

The input file password source. For more information about the format of I<arg>
see L<openssl(1)/Pass phrase options>.

=item B<-out> I<filename>

This specifies the output filename to write a key to or standard output if this
option is not specified. If any encryption options are set then a pass phrase
will be prompted for. The output filename should B<not> be the same as the input
filename.

=item B<-passout> I<arg>

The output file password source. For more information about the format of I<arg>
see L<openssl(1)/Pass phrase options>.

=item B<-traditional>

Normally a private key is written using standard format: this is PKCS#8 form
with the appropriate encryption algorithm (if any). If the B<-traditional>
option is specified then the older "traditional" format is used instead.

=item B<-I<cipher>>

These options encrypt the private key with the supplied cipher. Any algorithm
name accepted by EVP_get_cipherbyname() is acceptable such as B<des3>.

=item B<-text>

Prints out the various public or private key components in
plain text in addition to the encoded version.

=item B<-text_pub>

Print out only public key components even if a private key is being processed.

=item B<-noout>

Do not output the encoded version of the key.

=item B<-pubin>

By default a private key is read from the input file: with this
option a public key is read instead.

=item B<-pubout>

By default a private key is output: with this option a public
key will be output instead. This option is automatically set if
the input is a public key.

=item B<-engine> I<id>

Specifying an engine (by its unique I<id> string) will cause this command
to attempt to obtain a functional reference to the specified engine,
thus initialising it if needed. The engine will then be set as the default
for all available algorithms.

=item B<-check>

This option checks the consistency of a key pair for both public and private
components.

=item B<-pubcheck>

This option checks the correctness of either a public key or the public component
of a key pair.

=back

=head1 EXAMPLES

To remove the pass phrase on an RSA private key:

 openssl pkey -in key.pem -out keyout.pem

To encrypt a private key using triple DES:

 openssl pkey -in key.pem -des3 -out keyout.pem

To convert a private key from PEM to DER format:

 openssl pkey -in key.pem -outform DER -out keyout.der

To print out the components of a private key to standard output:

 openssl pkey -in key.pem -text -noout

To print out the public components of a private key to standard output:

 openssl pkey -in key.pem -text_pub -noout

To just output the public part of a private key:

 openssl pkey -in key.pem -pubout -out pubkey.pem

=head1 SEE ALSO

L<openssl(1)>,
L<openssl-genpkey(1)>,
L<openssl-rsa(1)>,
L<openssl-pkcs8(1)>,
L<openssl-dsa(1)>,
L<openssl-genrsa(1)>,
L<openssl-gendsa(1)>

=head1 COPYRIGHT

Copyright 2006-2019 The OpenSSL Project Authors. All Rights Reserved.

Licensed under the Apache License 2.0 (the "License").  You may not use
this file except in compliance with the License.  You can obtain a copy
in the file LICENSE in the source distribution or at
L<https://www.openssl.org/source/license.html>.

=cut
Commit	Line	Data
49131a7d DSH	1	=pod
	2
	3	=head1 NAME
	4
b6b66573	5	openssl-pkey - public or private key processing tool
49131a7d DSH	6
	7	=head1 SYNOPSIS
	8
	9	B<openssl> B<pkey>
169394d4	10	[B<-help>]
e8769719 RS	11	[B<-inform> B<DER>\|B<PEM>]
	12	[B<-outform> B<DER>\|B<PEM>]
	13	[B<-in> I<filename>]
	14	[B<-passin> I<arg>]
	15	[B<-out> I<filename>]
	16	[B<-passout> I<arg>]
05dba815	17	[B<-traditional>]
8dc57d76	18	[B<-I<cipher>>]
49131a7d DSH	19	[B<-text>]
	20	[B<-text_pub>]
	21	[B<-noout>]
	22	[B<-pubin>]
	23	[B<-pubout>]
e8769719	24	[B<-engine> I<id>]
2aee35d3	25	[B<-check>]
b0004708	26	[B<-pubcheck>]
49131a7d	27
1738c0ce RS	28	=for comment ifdef engine
1738c0ce RS	29
49131a7d DSH	30	=head1 DESCRIPTION
49131a7d DSH	31
35a810bb RL	32	This command processes public or private keys. They can be
35a810bb RL	33	converted between various forms and their components printed out.
49131a7d	34
3dfda1a6	35	=head1 OPTIONS
49131a7d DSH	36
	37	=over 4
	38
169394d4 MR	39	=item B<-help>
	40
	41	Print out a usage message.
	42
e8769719	43	=item B<-inform> B<DER>\|B<PEM>
49131a7d	44
7477c83e	45	This specifies the input format DER or PEM. The default format is PEM.
49131a7d	46
e8769719	47	=item B<-outform> B<DER>\|B<PEM>
49131a7d	48
7477c83e TM	49	This specifies the output format, the options have the same meaning and default
7477c83e TM	50	as the B<-inform> option.
49131a7d	51
e8769719	52	=item B<-in> I<filename>
49131a7d DSH	53
	54	This specifies the input filename to read a key from or standard input if this
	55	option is not specified. If the key is encrypted a pass phrase will be
	56	prompted for.
	57
e8769719	58	=item B<-passin> I<arg>
49131a7d	59
2f0ea936	60	The input file password source. For more information about the format of I<arg>
e8769719	61	see L<openssl(1)/Pass phrase options>.
49131a7d	62
e8769719	63	=item B<-out> I<filename>
49131a7d DSH	64
	65	This specifies the output filename to write a key to or standard output if this
	66	option is not specified. If any encryption options are set then a pass phrase
	67	will be prompted for. The output filename should B<not> be the same as the input
	68	filename.
	69
2f0ea936	70	=item B<-passout> I<arg>
49131a7d	71
2f0ea936	72	The output file password source. For more information about the format of I<arg>
f5c14c63	73	see L<openssl(1)/Pass phrase options>.
49131a7d	74
05dba815 DSH	75	=item B<-traditional>
05dba815 DSH	76
c4de074e	77	Normally a private key is written using standard format: this is PKCS#8 form
05dba815 DSH	78	with the appropriate encryption algorithm (if any). If the B<-traditional>
	79	option is specified then the older "traditional" format is used instead.
	80
8dc57d76	81	=item B<-I<cipher>>
49131a7d DSH	82
	83	These options encrypt the private key with the supplied cipher. Any algorithm
	84	name accepted by EVP_get_cipherbyname() is acceptable such as B<des3>.
	85
	86	=item B<-text>
	87
c4de074e	88	Prints out the various public or private key components in
1bc74519	89	plain text in addition to the encoded version.
49131a7d DSH	90
	91	=item B<-text_pub>
	92
c4de074e	93	Print out only public key components even if a private key is being processed.
49131a7d DSH	94
	95	=item B<-noout>
	96
c4de074e	97	Do not output the encoded version of the key.
49131a7d DSH	98
	99	=item B<-pubin>
	100
c4de074e	101	By default a private key is read from the input file: with this
49131a7d DSH	102	option a public key is read instead.
	103
	104	=item B<-pubout>
	105
c4de074e	106	By default a private key is output: with this option a public
49131a7d DSH	107	key will be output instead. This option is automatically set if
	108	the input is a public key.
	109
e8769719	110	=item B<-engine> I<id>
49131a7d	111
35a810bb	112	Specifying an engine (by its unique I<id> string) will cause this command
49131a7d DSH	113	to attempt to obtain a functional reference to the specified engine,
	114	thus initialising it if needed. The engine will then be set as the default
	115	for all available algorithms.
	116
2aee35d3 PY	117	=item B<-check>
	118
	119	This option checks the consistency of a key pair for both public and private
	120	components.
	121
b0004708 PY	122	=item B<-pubcheck>
	123
	124	This option checks the correctness of either a public key or the public component
	125	of a key pair.
	126
49131a7d DSH	127	=back
	128
	129	=head1 EXAMPLES
	130
	131	To remove the pass phrase on an RSA private key:
	132
	133	openssl pkey -in key.pem -out keyout.pem
	134
	135	To encrypt a private key using triple DES:
	136
	137	openssl pkey -in key.pem -des3 -out keyout.pem
	138
1bc74519	139	To convert a private key from PEM to DER format:
49131a7d DSH	140
	141	openssl pkey -in key.pem -outform DER -out keyout.der
	142
	143	To print out the components of a private key to standard output:
	144
	145	openssl pkey -in key.pem -text -noout
	146
	147	To print out the public components of a private key to standard output:
	148
	149	openssl pkey -in key.pem -text_pub -noout
	150
	151	To just output the public part of a private key:
	152
	153	openssl pkey -in key.pem -pubout -out pubkey.pem
	154
	155	=head1 SEE ALSO
	156
b6b66573 DMSP	157	L<openssl(1)>,
	158	L<openssl-genpkey(1)>,
	159	L<openssl-rsa(1)>,
	160	L<openssl-pkcs8(1)>,
	161	L<openssl-dsa(1)>,
	162	L<openssl-genrsa(1)>,
	163	L<openssl-gendsa(1)>
49131a7d	164
e2f92610 RS	165	=head1 COPYRIGHT
e2f92610 RS	166
b6b66573	167	Copyright 2006-2019 The OpenSSL Project Authors. All Rights Reserved.
e2f92610	168
449040b4	169	Licensed under the Apache License 2.0 (the "License"). You may not use
e2f92610 RS	170	this file except in compliance with the License. You can obtain a copy
	171	in the file LICENSE in the source distribution or at
	172	L<https://www.openssl.org/source/license.html>.
	173
	174	=cut