]>
Commit | Line | Data |
---|---|---|
aba3e65f DSH |
1 | =pod |
2 | ||
3 | =head1 NAME | |
4 | ||
5 | openssl - OpenSSL command line tool | |
6 | ||
7 | =head1 SYNOPSIS | |
8 | ||
9 | B<openssl> | |
10 | I<command> | |
2f0ea936 RL |
11 | [ I<command_opts> ... ] |
12 | [ I<command_args> ... ] | |
aba3e65f | 13 | |
b2bdfb63 RL |
14 | B<openssl> |
15 | B<list> | |
16 | B<-standard-commands> | | |
17 | B<-digest-commands> | | |
18 | B<-cipher-commands> | | |
19 | B<-cipher-algorithms> | | |
20 | B<-digest-algorithms> | | |
21 | B<-mac-algorithms> | | |
22 | B<-public-key-algorithms> | |
88220dcb BM |
23 | |
24 | B<openssl> B<no->I<XXX> [ I<arbitrary options> ] | |
25 | ||
aba3e65f DSH |
26 | =head1 DESCRIPTION |
27 | ||
28 | OpenSSL is a cryptography toolkit implementing the Secure Sockets Layer (SSL | |
29 | v2/v3) and Transport Layer Security (TLS v1) network protocols and related | |
30 | cryptography standards required by them. | |
31 | ||
32 | The B<openssl> program is a command line tool for using the various | |
4c583c36 AM |
33 | cryptography functions of OpenSSL's B<crypto> library from the shell. |
34 | It can be used for | |
aba3e65f | 35 | |
e4549295 DSH |
36 | o Creation and management of private keys, public keys and parameters |
37 | o Public key cryptographic operations | |
4c583c36 | 38 | o Creation of X.509 certificates, CSRs and CRLs |
4d768e96 | 39 | o Calculation of Message Digests and Message Authentication Codes |
aba3e65f DSH |
40 | o Encryption and Decryption with Ciphers |
41 | o SSL/TLS Client and Server Tests | |
54a34aec | 42 | o Handling of S/MIME signed or encrypted mail |
9c0586d5 | 43 | o Timestamp requests, generation and verification |
aba3e65f DSH |
44 | |
45 | =head1 COMMAND SUMMARY | |
46 | ||
b2bdfb63 RL |
47 | The B<openssl> program provides a rich variety of sub-commands (I<command> in |
48 | the SYNOPSIS above), each of which often has a wealth of options and arguments | |
aba3e65f DSH |
49 | (I<command_opts> and I<command_args> in the SYNOPSIS). |
50 | ||
1362190b AS |
51 | Detailed documentation and use cases for most standard subcommands are available |
52 | (e.g., L<x509(1)> or L<openssl-x509(1)>). | |
53 | ||
e9681f83 RS |
54 | Many commands use an external configuration file for some or all of their |
55 | arguments and have a B<-config> option to specify that file. | |
56 | The environment variable B<OPENSSL_CONF> can be used to specify | |
57 | the location of the file. | |
58 | If the environment variable is not specified, then the file is named | |
1948394d | 59 | F<openssl.cnf> in the default certificate storage area, whose value |
e9681f83 RS |
60 | depends on the configuration flags specified when the OpenSSL |
61 | was built. | |
62 | ||
2f0ea936 RL |
63 | The list options B<-standard-commands>, B<-digest-commands>, |
64 | and B<-cipher-commands> output a list (one entry per line) of the names | |
88220dcb | 65 | of all standard commands, message digest commands, or cipher commands, |
35a810bb | 66 | respectively, that are available. |
88220dcb | 67 | |
2f0ea936 RL |
68 | The list parameters B<-cipher-algorithms>, B<-digest-algorithms>, |
69 | and B<-mac-algorithms> list all cipher, message digest, and message | |
4d768e96 | 70 | authentication code names, one entry per line. Aliases are listed as: |
112161bd DSH |
71 | |
72 | from => to | |
73 | ||
2f0ea936 | 74 | The list parameter B<-public-key-algorithms> lists all supported public |
112161bd DSH |
75 | key algorithms. |
76 | ||
c03726ca | 77 | The command B<no->I<XXX> tests whether a command of the |
88220dcb BM |
78 | specified name is available. If no command named I<XXX> exists, it |
79 | returns 0 (success) and prints B<no->I<XXX>; otherwise it returns 1 | |
80 | and prints I<XXX>. In both cases, the output goes to B<stdout> and | |
81 | nothing is printed to B<stderr>. Additional command line arguments | |
82 | are always ignored. Since for each cipher there is a command of the | |
83 | same name, this provides an easy way for shell scripts to test for the | |
84 | availability of ciphers in the B<openssl> program. (B<no->I<XXX> is | |
85 | not able to detect pseudo-commands such as B<quit>, | |
c03726ca | 86 | B<list>, or B<no->I<XXX> itself.) |
88220dcb | 87 | |
b2bdfb63 | 88 | =head2 Standard Sub-commands |
aba3e65f | 89 | |
e1271ac2 | 90 | =over 4 |
aba3e65f | 91 | |
dfee8626 | 92 | =item B<asn1parse> |
aba3e65f DSH |
93 | |
94 | Parse an ASN.1 sequence. | |
95 | ||
dfee8626 | 96 | =item B<ca> |
aba3e65f | 97 | |
4c583c36 | 98 | Certificate Authority (CA) Management. |
aba3e65f | 99 | |
dfee8626 | 100 | =item B<ciphers> |
aba3e65f DSH |
101 | |
102 | Cipher Suite Description Determination. | |
103 | ||
dfee8626 | 104 | =item B<cms> |
e5fa864f | 105 | |
c4de074e | 106 | CMS (Cryptographic Message Syntax) utility. |
e5fa864f | 107 | |
dfee8626 | 108 | =item B<crl> |
aba3e65f DSH |
109 | |
110 | Certificate Revocation List (CRL) Management. | |
111 | ||
dfee8626 | 112 | =item B<crl2pkcs7> |
aba3e65f DSH |
113 | |
114 | CRL to PKCS#7 Conversion. | |
115 | ||
dfee8626 | 116 | =item B<dgst> |
aba3e65f | 117 | |
4d768e96 | 118 | Message Digest calculation. MAC calculations are superseded by |
8bc93d2f | 119 | L<openssl-mac(1)>. |
aba3e65f | 120 | |
727daea7 | 121 | =item B<dh> |
aba3e65f | 122 | |
727daea7 | 123 | Diffie-Hellman Parameter Management. |
8bc93d2f | 124 | Obsoleted by L<openssl-dhparam(1)>. |
aba3e65f | 125 | |
dfee8626 | 126 | =item B<dhparam> |
e5fa864f | 127 | |
4c583c36 | 128 | Generation and Management of Diffie-Hellman Parameters. Superseded by |
8bc93d2f | 129 | L<openssl-genpkey(1)> and L<openssl-pkeyparam(1)>. |
e5fa864f | 130 | |
dfee8626 | 131 | =item B<dsa> |
aba3e65f DSH |
132 | |
133 | DSA Data Management. | |
134 | ||
dfee8626 | 135 | =item B<dsaparam> |
aba3e65f | 136 | |
4c583c36 | 137 | DSA Parameter Generation and Management. Superseded by |
8bc93d2f | 138 | L<openssl-genpkey(1)> and L<openssl-pkeyparam(1)>. |
aba3e65f | 139 | |
dfee8626 | 140 | =item B<ec> |
e5fa864f | 141 | |
c4de074e | 142 | EC (Elliptic curve) key processing. |
e5fa864f | 143 | |
dfee8626 | 144 | =item B<ecparam> |
e5fa864f | 145 | |
c4de074e | 146 | EC parameter manipulation and generation. |
e5fa864f | 147 | |
dfee8626 | 148 | =item B<enc> |
aba3e65f DSH |
149 | |
150 | Encoding with Ciphers. | |
151 | ||
dfee8626 | 152 | =item B<engine> |
aba3e65f | 153 | |
4c583c36 | 154 | Engine (loadable module) information and manipulation. |
aba3e65f | 155 | |
dfee8626 | 156 | =item B<errstr> |
727daea7 | 157 | |
e5fa864f | 158 | Error Number to Error String Conversion. |
727daea7 BM |
159 | |
160 | =item B<gendh> | |
aba3e65f DSH |
161 | |
162 | Generation of Diffie-Hellman Parameters. | |
8bc93d2f | 163 | Obsoleted by L<openssl-dhparam(1)>. |
aba3e65f | 164 | |
dfee8626 | 165 | =item B<gendsa> |
aba3e65f | 166 | |
4c583c36 | 167 | Generation of DSA Private Key from Parameters. Superseded by |
8bc93d2f | 168 | L<openssl-genpkey(1)> and L<openssl-pkey(1)>. |
e4549295 | 169 | |
dfee8626 | 170 | =item B<genpkey> |
e4549295 DSH |
171 | |
172 | Generation of Private Key or Parameters. | |
aba3e65f | 173 | |
dfee8626 | 174 | =item B<genrsa> |
aba3e65f | 175 | |
8bc93d2f | 176 | Generation of RSA Private Key. Superseded by L<openssl-genpkey(1)>. |
aba3e65f | 177 | |
0109e030 RL |
178 | =item B<info> |
179 | ||
180 | Display diverse information built into the OpenSSL libraries. | |
181 | ||
c54492ec SL |
182 | =item B<kdf> |
183 | ||
184 | Key Derivation Functions. | |
185 | ||
4d768e96 SL |
186 | =item B<mac> |
187 | ||
188 | Message Authentication Code Calculation. | |
189 | ||
dfee8626 | 190 | =item B<nseq> |
e5fa864f | 191 | |
c4de074e | 192 | Create or examine a Netscape certificate sequence. |
e5fa864f | 193 | |
dfee8626 | 194 | =item B<ocsp> |
a068630a UM |
195 | |
196 | Online Certificate Status Protocol utility. | |
197 | ||
dfee8626 | 198 | =item B<passwd> |
5160448b RL |
199 | |
200 | Generation of hashed passwords. | |
201 | ||
dfee8626 | 202 | =item B<pkcs12> |
3f1c4e49 BM |
203 | |
204 | PKCS#12 Data Management. | |
205 | ||
dfee8626 | 206 | =item B<pkcs7> |
aba3e65f DSH |
207 | |
208 | PKCS#7 Data Management. | |
209 | ||
dfee8626 | 210 | =item B<pkcs8> |
f0b843c1 RL |
211 | |
212 | PKCS#8 format private key conversion tool. | |
213 | ||
dfee8626 | 214 | =item B<pkey> |
e4549295 DSH |
215 | |
216 | Public and private key management. | |
217 | ||
dfee8626 | 218 | =item B<pkeyparam> |
e4549295 DSH |
219 | |
220 | Public key algorithm parameter management. | |
221 | ||
dfee8626 | 222 | =item B<pkeyutl> |
e5fa864f DSH |
223 | |
224 | Public key algorithm cryptographic operation utility. | |
225 | ||
dfee8626 | 226 | =item B<prime> |
f0b843c1 RL |
227 | |
228 | Compute prime numbers. | |
229 | ||
dfee8626 | 230 | =item B<rand> |
afbd0746 BM |
231 | |
232 | Generate pseudo-random bytes. | |
233 | ||
dfee8626 | 234 | =item B<rehash> |
f0b843c1 | 235 | |
24c34608 | 236 | Create symbolic links to certificate and CRL files named by the hash values. |
f0b843c1 | 237 | |
dfee8626 | 238 | =item B<req> |
aba3e65f | 239 | |
e4549295 | 240 | PKCS#10 X.509 Certificate Signing Request (CSR) Management. |
aba3e65f | 241 | |
dfee8626 | 242 | =item B<rsa> |
aba3e65f | 243 | |
e4549295 | 244 | RSA key management. |
aba3e65f | 245 | |
dfee8626 | 246 | =item B<rsautl> |
34417732 | 247 | |
e4549295 | 248 | RSA utility for signing, verification, encryption, and decryption. Superseded |
8bc93d2f | 249 | by L<openssl-pkeyutl(1)>. |
34417732 | 250 | |
dfee8626 | 251 | =item B<s_client> |
aba3e65f DSH |
252 | |
253 | This implements a generic SSL/TLS client which can establish a transparent | |
254 | connection to a remote server speaking SSL/TLS. It's intended for testing | |
255 | purposes only and provides only rudimentary interface functionality but | |
256 | internally uses mostly all functionality of the OpenSSL B<ssl> library. | |
257 | ||
dfee8626 | 258 | =item B<s_server> |
aba3e65f DSH |
259 | |
260 | This implements a generic SSL/TLS server which accepts connections from remote | |
261 | clients speaking SSL/TLS. It's intended for testing purposes only and provides | |
262 | only rudimentary interface functionality but internally uses mostly all | |
263 | functionality of the OpenSSL B<ssl> library. It provides both an own command | |
264 | line oriented protocol for testing SSL functions and a simple HTTP response | |
265 | facility to emulate an SSL/TLS-aware webserver. | |
266 | ||
dfee8626 | 267 | =item B<s_time> |
aba3e65f DSH |
268 | |
269 | SSL Connection Timer. | |
270 | ||
dfee8626 | 271 | =item B<sess_id> |
aba3e65f DSH |
272 | |
273 | SSL Session Data Management. | |
274 | ||
dfee8626 | 275 | =item B<smime> |
54a34aec DSH |
276 | |
277 | S/MIME mail processing. | |
278 | ||
dfee8626 | 279 | =item B<speed> |
aba3e65f DSH |
280 | |
281 | Algorithm Speed Measurement. | |
282 | ||
dfee8626 | 283 | =item B<spkac> |
e5fa864f | 284 | |
c4de074e | 285 | SPKAC printing and generating utility. |
e5fa864f | 286 | |
dfee8626 | 287 | =item B<srp> |
f0b843c1 RL |
288 | |
289 | Maintain SRP password file. | |
290 | ||
dfee8626 | 291 | =item B<storeutl> |
f0b843c1 RL |
292 | |
293 | Utility to list and display certificates, keys, CRLs, etc. | |
294 | ||
dfee8626 | 295 | =item B<ts> |
21e8bbf2 | 296 | |
c4de074e | 297 | Time Stamping Authority tool (client/server). |
21e8bbf2 | 298 | |
dfee8626 | 299 | =item B<verify> |
aba3e65f DSH |
300 | |
301 | X.509 Certificate Verification. | |
302 | ||
dfee8626 | 303 | =item B<version> |
aba3e65f DSH |
304 | |
305 | OpenSSL Version Information. | |
306 | ||
dfee8626 | 307 | =item B<x509> |
aba3e65f DSH |
308 | |
309 | X.509 Certificate Data Management. | |
310 | ||
311 | =back | |
312 | ||
05ea606a | 313 | =head2 Message Digest Commands |
aba3e65f | 314 | |
e1271ac2 | 315 | =over 4 |
aba3e65f | 316 | |
4b7c6385 KR |
317 | =item B<blake2b512> |
318 | ||
319 | BLAKE2b-512 Digest | |
320 | ||
321 | =item B<blake2s256> | |
322 | ||
323 | BLAKE2s-256 Digest | |
324 | ||
aba3e65f DSH |
325 | =item B<md2> |
326 | ||
327 | MD2 Digest | |
328 | ||
4b7c6385 KR |
329 | =item B<md4> |
330 | ||
331 | MD4 Digest | |
332 | ||
aba3e65f DSH |
333 | =item B<md5> |
334 | ||
335 | MD5 Digest | |
336 | ||
337 | =item B<mdc2> | |
338 | ||
339 | MDC2 Digest | |
340 | ||
341 | =item B<rmd160> | |
342 | ||
343 | RMD-160 Digest | |
344 | ||
4c583c36 | 345 | =item B<sha1> |
aba3e65f DSH |
346 | |
347 | SHA-1 Digest | |
348 | ||
c7503f52 AP |
349 | =item B<sha224> |
350 | ||
4b7c6385 | 351 | SHA-2 224 Digest |
c7503f52 AP |
352 | |
353 | =item B<sha256> | |
354 | ||
4b7c6385 | 355 | SHA-2 256 Digest |
c7503f52 AP |
356 | |
357 | =item B<sha384> | |
358 | ||
4b7c6385 | 359 | SHA-2 384 Digest |
c7503f52 AP |
360 | |
361 | =item B<sha512> | |
362 | ||
4b7c6385 KR |
363 | SHA-2 512 Digest |
364 | ||
365 | =item B<sha3-224> | |
366 | ||
367 | SHA-3 224 Digest | |
368 | ||
369 | =item B<sha3-256> | |
370 | ||
371 | SHA-3 256 Digest | |
372 | ||
373 | =item B<sha3-384> | |
374 | ||
375 | SHA-3 384 Digest | |
376 | ||
377 | =item B<sha3-512> | |
378 | ||
379 | SHA-3 512 Digest | |
380 | ||
381 | =item B<shake128> | |
382 | ||
383 | SHA-3 SHAKE128 Digest | |
384 | ||
385 | =item B<shake256> | |
386 | ||
387 | SHA-3 SHAKE256 Digest | |
388 | ||
389 | =item B<sm3> | |
390 | ||
391 | SM3 Digest | |
c7503f52 | 392 | |
677741f8 AP |
393 | =back |
394 | ||
05ea606a | 395 | =head2 Encoding and Cipher Commands |
aba3e65f | 396 | |
1362190b AS |
397 | The following aliases provide convenient access to the most used encodings |
398 | and ciphers. | |
399 | ||
400 | Depending on how OpenSSL was configured and built, not all ciphers listed | |
8bc93d2f RL |
401 | here may be present. See L<openssl-enc(1)> for more information and command |
402 | usage. | |
1362190b | 403 | |
e1271ac2 | 404 | =over 4 |
aba3e65f | 405 | |
1362190b AS |
406 | =item B<aes128>, B<aes-128-cbc>, B<aes-128-cfb>, B<aes-128-ctr>, B<aes-128-ecb>, B<aes-128-ofb> |
407 | ||
408 | AES-128 Cipher | |
409 | ||
410 | =item B<aes192>, B<aes-192-cbc>, B<aes-192-cfb>, B<aes-192-ctr>, B<aes-192-ecb>, B<aes-192-ofb> | |
411 | ||
412 | AES-192 Cipher | |
413 | ||
414 | =item B<aes256>, B<aes-256-cbc>, B<aes-256-cfb>, B<aes-256-ctr>, B<aes-256-ecb>, B<aes-256-ofb> | |
415 | ||
416 | AES-256 Cipher | |
417 | ||
418 | =item B<aria128>, B<aria-128-cbc>, B<aria-128-cfb>, B<aria-128-ctr>, B<aria-128-ecb>, B<aria-128-ofb> | |
419 | ||
420 | Aria-128 Cipher | |
421 | ||
422 | =item B<aria192>, B<aria-192-cbc>, B<aria-192-cfb>, B<aria-192-ctr>, B<aria-192-ecb>, B<aria-192-ofb> | |
423 | ||
424 | Aria-192 Cipher | |
425 | ||
426 | =item B<aria256>, B<aria-256-cbc>, B<aria-256-cfb>, B<aria-256-ctr>, B<aria-256-ecb>, B<aria-256-ofb> | |
427 | ||
428 | Aria-256 Cipher | |
429 | ||
aba3e65f DSH |
430 | =item B<base64> |
431 | ||
432 | Base64 Encoding | |
433 | ||
dfee8626 | 434 | =item B<bf>, B<bf-cbc>, B<bf-cfb>, B<bf-ecb>, B<bf-ofb> |
aba3e65f DSH |
435 | |
436 | Blowfish Cipher | |
437 | ||
1362190b AS |
438 | =item B<camellia128>, B<camellia-128-cbc>, B<camellia-128-cfb>, B<camellia-128-ctr>, B<camellia-128-ecb>, B<camellia-128-ofb> |
439 | ||
440 | Camellia-128 Cipher | |
441 | ||
442 | =item B<camellia192>, B<camellia-192-cbc>, B<camellia-192-cfb>, B<camellia-192-ctr>, B<camellia-192-ecb>, B<camellia-192-ofb> | |
443 | ||
444 | Camellia-192 Cipher | |
445 | ||
446 | =item B<camellia256>, B<camellia-256-cbc>, B<camellia-256-cfb>, B<camellia-256-ctr>, B<camellia-256-ecb>, B<camellia-256-ofb> | |
447 | ||
448 | Camellia-256 Cipher | |
449 | ||
dfee8626 | 450 | =item B<cast>, B<cast-cbc> |
aba3e65f DSH |
451 | |
452 | CAST Cipher | |
453 | ||
dfee8626 | 454 | =item B<cast5-cbc>, B<cast5-cfb>, B<cast5-ecb>, B<cast5-ofb> |
aba3e65f DSH |
455 | |
456 | CAST5 Cipher | |
457 | ||
1362190b AS |
458 | =item B<chacha20> |
459 | ||
460 | Chacha20 Cipher | |
461 | ||
dfee8626 | 462 | =item B<des>, B<des-cbc>, B<des-cfb>, B<des-ecb>, B<des-ede>, B<des-ede-cbc>, B<des-ede-cfb>, B<des-ede-ofb>, B<des-ofb> |
aba3e65f DSH |
463 | |
464 | DES Cipher | |
465 | ||
dfee8626 | 466 | =item B<des3>, B<desx>, B<des-ede3>, B<des-ede3-cbc>, B<des-ede3-cfb>, B<des-ede3-ofb> |
aba3e65f DSH |
467 | |
468 | Triple-DES Cipher | |
469 | ||
dfee8626 | 470 | =item B<idea>, B<idea-cbc>, B<idea-cfb>, B<idea-ecb>, B<idea-ofb> |
aba3e65f DSH |
471 | |
472 | IDEA Cipher | |
473 | ||
dfee8626 | 474 | =item B<rc2>, B<rc2-cbc>, B<rc2-cfb>, B<rc2-ecb>, B<rc2-ofb> |
aba3e65f DSH |
475 | |
476 | RC2 Cipher | |
477 | ||
478 | =item B<rc4> | |
479 | ||
480 | RC4 Cipher | |
481 | ||
dfee8626 | 482 | =item B<rc5>, B<rc5-cbc>, B<rc5-cfb>, B<rc5-ecb>, B<rc5-ofb> |
aba3e65f DSH |
483 | |
484 | RC5 Cipher | |
485 | ||
1362190b AS |
486 | =item B<seed>, B<seed-cbc>, B<seed-cfb>, B<seed-ecb>, B<seed-ofb> |
487 | ||
488 | SEED Cipher | |
489 | ||
490 | =item B<sm4>, B<sm4-cbc>, B<sm4-cfb>, B<sm4-ctr>, B<sm4-ecb>, B<sm4-ofb> | |
491 | ||
492 | SM4 Cipher | |
493 | ||
aba3e65f DSH |
494 | =back |
495 | ||
3dfda1a6 | 496 | =head1 OPTIONS |
0634424f RS |
497 | |
498 | Details of which options are available depend on the specific command. | |
77a795e4 | 499 | This section describes some common options with common behavior. |
0634424f RS |
500 | |
501 | =head2 Common Options | |
502 | ||
e1271ac2 | 503 | =over 4 |
0634424f RS |
504 | |
505 | =item B<-help> | |
506 | ||
507 | Provides a terse summary of all options. | |
508 | ||
509 | =back | |
510 | ||
511 | =head2 Pass Phrase Options | |
a3fe382e DSH |
512 | |
513 | Several commands accept password arguments, typically using B<-passin> | |
514 | and B<-passout> for input and output passwords respectively. These allow | |
515 | the password to be obtained from a variety of sources. Both of these | |
516 | options take a single argument whose format is described below. If no | |
517 | password argument is given and a password is required then the user is | |
518 | prompted to enter one: this will typically be read from the current | |
519 | terminal with echoing turned off. | |
520 | ||
84814344 RL |
521 | Note that character encoding may be relevant, please see |
522 | L<passphrase-encoding(7)>. | |
523 | ||
e1271ac2 | 524 | =over 4 |
a3fe382e | 525 | |
2f0ea936 | 526 | =item B<pass:>I<password> |
a3fe382e | 527 | |
2f0ea936 | 528 | The actual password is I<password>. Since the password is visible |
a3fe382e DSH |
529 | to utilities (like 'ps' under Unix) this form should only be used |
530 | where security is not important. | |
531 | ||
2f0ea936 | 532 | =item B<env:>I<var> |
a3fe382e | 533 | |
2f0ea936 | 534 | Obtain the password from the environment variable I<var>. Since |
a3fe382e DSH |
535 | the environment of other processes is visible on certain platforms |
536 | (e.g. ps under certain Unix OSes) this option should be used with caution. | |
537 | ||
2f0ea936 | 538 | =item B<file:>I<pathname> |
a3fe382e | 539 | |
2f0ea936 | 540 | The first line of I<pathname> is the password. If the same I<pathname> |
a3fe382e DSH |
541 | argument is supplied to B<-passin> and B<-passout> arguments then the first |
542 | line will be used for the input password and the next line for the output | |
2f0ea936 | 543 | password. I<pathname> need not refer to a regular file: it could for example |
a3fe382e DSH |
544 | refer to a device or named pipe. |
545 | ||
2f0ea936 | 546 | =item B<fd:>I<number> |
a3fe382e | 547 | |
2f0ea936 | 548 | Read the password from the file descriptor I<number>. This can be used to |
a3fe382e DSH |
549 | send the data via a pipe for example. |
550 | ||
551 | =item B<stdin> | |
552 | ||
c4de074e | 553 | Read the password from standard input. |
a3fe382e DSH |
554 | |
555 | =back | |
556 | ||
0b836c21 RL |
557 | =head1 ENVIRONMENT |
558 | ||
559 | =over 4 | |
560 | ||
fed8bd90 | 561 | =item B<OPENSSL_TRACE=>I<name>[,...] |
0b836c21 RL |
562 | |
563 | Enable tracing output of OpenSSL library, by name. | |
564 | This output will only make sense if you know OpenSSL internals well. | |
565 | Also, it might not give you any output at all, depending on how | |
566 | OpenSSL was built. | |
567 | ||
568 | The value is a comma separated list of names, with the following | |
569 | available: | |
570 | ||
571 | =over 4 | |
572 | ||
573 | =item B<TRACE> | |
574 | ||
575 | The tracing functionality. | |
576 | ||
577 | =item B<TLS> | |
578 | ||
579 | General SSL/TLS. | |
580 | ||
581 | =item B<TLS_CIPHER> | |
582 | ||
583 | SSL/TLS cipher. | |
584 | ||
585 | =item B<ENGINE_CONF> | |
586 | ||
587 | ENGINE configuration. | |
588 | ||
589 | =item B<ENGINE_TABLE> | |
590 | ||
591 | The function that is used by RSA, DSA (etc) code to select registered | |
592 | ENGINEs, cache defaults and functional references (etc), will generate | |
593 | debugging summaries. | |
594 | ||
595 | =item B<ENGINE_REF_COUNT> | |
596 | ||
597 | Reference counts in the ENGINE structure will be monitored with a line | |
598 | of generated for each change. | |
599 | ||
600 | =item B<PKCS5V2> | |
601 | ||
602 | PKCS#5 v2 keygen. | |
603 | ||
604 | =item B<PKCS12_KEYGEN> | |
605 | ||
606 | PKCS#12 key generation. | |
607 | ||
608 | =item B<PKCS12_DECRYPT> | |
609 | ||
610 | PKCS#12 decryption. | |
611 | ||
612 | =item B<X509V3_POLICY> | |
613 | ||
614 | Generates the complete policy tree at various point during X.509 v3 | |
615 | policy evaluation. | |
616 | ||
617 | =item B<BN_CTX> | |
618 | ||
619 | BIGNUM context. | |
620 | ||
621 | =back | |
622 | ||
623 | =back | |
624 | ||
aba3e65f DSH |
625 | =head1 SEE ALSO |
626 | ||
b6b66573 DMSP |
627 | L<openssl-asn1parse(1)>, |
628 | L<openssl-ca(1)>, | |
629 | L<openssl-ciphers(1)>, | |
630 | L<openssl-cms(1)>, | |
631 | L<openssl-crl(1)>, | |
632 | L<openssl-crl2pkcs7(1)>, | |
633 | L<openssl-dgst(1)>, | |
634 | L<openssl-dhparam(1)>, | |
635 | L<openssl-dsa(1)>, | |
636 | L<openssl-dsaparam(1)>, | |
637 | L<openssl-ec(1)>, | |
638 | L<openssl-ecparam(1)>, | |
639 | L<openssl-enc(1)>, | |
640 | L<openssl-engine(1)>, | |
641 | L<openssl-errstr(1)>, | |
642 | L<openssl-gendsa(1)>, | |
643 | L<openssl-genpkey(1)>, | |
644 | L<openssl-genrsa(1)>, | |
645 | L<openssl-kdf(1)>, | |
646 | L<openssl-mac(1)>, | |
647 | L<openssl-nseq(1)>, | |
648 | L<openssl-ocsp(1)>, | |
649 | L<openssl-passwd(1)>, | |
650 | L<openssl-pkcs12(1)>, | |
651 | L<openssl-pkcs7(1)>, | |
652 | L<openssl-pkcs8(1)>, | |
653 | L<openssl-pkey(1)>, | |
654 | L<openssl-pkeyparam(1)>, | |
655 | L<openssl-pkeyutl(1)>, | |
656 | L<openssl-prime(1)>, | |
657 | L<openssl-rand(1)>, | |
658 | L<openssl-rehash(1)>, | |
659 | L<openssl-req(1)>, | |
660 | L<openssl-rsa(1)>, | |
661 | L<openssl-rsautl(1)>, | |
662 | L<openssl-s_client(1)>, | |
663 | L<openssl-s_server(1)>, | |
664 | L<openssl-s_time(1)>, | |
665 | L<openssl-sess_id(1)>, | |
666 | L<openssl-smime(1)>, | |
667 | L<openssl-speed(1)>, | |
668 | L<openssl-spkac(1)>, | |
669 | L<openssl-srp(1)>, | |
670 | L<openssl-storeutl(1)>, | |
671 | L<openssl-ts(1)>, | |
672 | L<openssl-verify(1)>, | |
673 | L<openssl-version(1)>, | |
674 | L<openssl-x509(1)>, | |
675 | L<config(5)>, | |
676 | L<crypto(7)>, | |
677 | L<ssl(7)>, | |
678 | L<x509v3_config(5)> | |
679 | ||
aba3e65f DSH |
680 | |
681 | =head1 HISTORY | |
682 | ||
2f0ea936 | 683 | The B<list> -I<XXX>B<-algorithms> options were added in OpenSSL 1.0.0; |
88220dcb BM |
684 | For notes on the availability of other commands, see their individual |
685 | manual pages. | |
aba3e65f | 686 | |
e2f92610 RS |
687 | =head1 COPYRIGHT |
688 | ||
c54492ec | 689 | Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved. |
e2f92610 | 690 | |
449040b4 | 691 | Licensed under the Apache License 2.0 (the "License"). You may not use |
e2f92610 RS |
692 | this file except in compliance with the License. You can obtain a copy |
693 | in the file LICENSE in the source distribution or at | |
694 | L<https://www.openssl.org/source/license.html>. | |
695 | ||
696 | =cut |