[thirdparty/openssl.git] / doc / man1 / openssl.pod

=pod

=head1 NAME

openssl - OpenSSL command line tool

=head1 SYNOPSIS

B<openssl>
I<command>
[ I<command_opts> ]
[ I<command_args> ]

B<openssl> B<list> [ B<standard-commands> | B<digest-commands> | B<cipher-commands> | B<cipher-algorithms> | B<digest-algorithms> | B<public-key-algorithms>]

B<openssl> B<no->I<XXX> [ I<arbitrary options> ]

=head1 DESCRIPTION

OpenSSL is a cryptography toolkit implementing the Secure Sockets Layer (SSL
v2/v3) and Transport Layer Security (TLS v1) network protocols and related
cryptography standards required by them.

The B<openssl> program is a command line tool for using the various
cryptography functions of OpenSSL's B<crypto> library from the shell.
It can be used for

 o  Creation and management of private keys, public keys and parameters
 o  Public key cryptographic operations
 o  Creation of X.509 certificates, CSRs and CRLs
 o  Calculation of Message Digests
 o  Encryption and Decryption with Ciphers
 o  SSL/TLS Client and Server Tests
 o  Handling of S/MIME signed or encrypted mail
 o  Time Stamp requests, generation and verification

=head1 COMMAND SUMMARY

The B<openssl> program provides a rich variety of commands (I<command> in the
SYNOPSIS above), each of which often has a wealth of options and arguments
(I<command_opts> and I<command_args> in the SYNOPSIS).

Many commands use an external configuration file for some or all of their
arguments and have a B<-config> option to specify that file.
The environment variable B<OPENSSL_CONF> can be used to specify
the location of the file.
If the environment variable is not specified, then the file is named
B<openssl.cnf> in the default certificate storage area, whose value
depends on the configuration flags specified when the OpenSSL
was built.

The list parameters B<standard-commands>, B<digest-commands>,
and B<cipher-commands> output a list (one entry per line) of the names
of all standard commands, message digest commands, or cipher commands,
respectively, that are available in the present B<openssl> utility.

The list parameters B<cipher-algorithms> and
B<digest-algorithms> list all cipher and message digest names, one entry per line. Aliases are listed as:

 from => to

The list parameter B<public-key-algorithms> lists all supported public
key algorithms.

The command B<no->I<XXX> tests whether a command of the
specified name is available.  If no command named I<XXX> exists, it
returns 0 (success) and prints B<no->I<XXX>; otherwise it returns 1
and prints I<XXX>.  In both cases, the output goes to B<stdout> and
nothing is printed to B<stderr>.  Additional command line arguments
are always ignored.  Since for each cipher there is a command of the
same name, this provides an easy way for shell scripts to test for the
availability of ciphers in the B<openssl> program.  (B<no->I<XXX> is
not able to detect pseudo-commands such as B<quit>,
B<list>, or B<no->I<XXX> itself.)

=head2 Standard Commands

=over 4

=item L<B<asn1parse>|asn1parse(1)>

Parse an ASN.1 sequence.

=item L<B<ca>|ca(1)>

Certificate Authority (CA) Management.

=item L<B<ciphers>|ciphers(1)>

Cipher Suite Description Determination.

=item L<B<cms>|cms(1)>

CMS (Cryptographic Message Syntax) utility.

=item L<B<crl>|crl(1)>

Certificate Revocation List (CRL) Management.

=item L<B<crl2pkcs7>|crl2pkcs7(1)>

CRL to PKCS#7 Conversion.

=item L<B<dgst>|dgst(1)>

Message Digest Calculation.

=item B<dh>

Diffie-Hellman Parameter Management.
Obsoleted by L<B<dhparam>|dhparam(1)>.

=item L<B<dhparam>|dhparam(1)>

Generation and Management of Diffie-Hellman Parameters. Superseded by
L<B<genpkey>|genpkey(1)> and L<B<pkeyparam>|pkeyparam(1)>.

=item L<B<dsa>|dsa(1)>

DSA Data Management.

=item L<B<dsaparam>|dsaparam(1)>

DSA Parameter Generation and Management. Superseded by
L<B<genpkey>|genpkey(1)> and L<B<pkeyparam>|pkeyparam(1)>.

=item L<B<ec>|ec(1)>

EC (Elliptic curve) key processing.

=item L<B<ecparam>|ecparam(1)>

EC parameter manipulation and generation.

=item L<B<enc>|enc(1)>

Encoding with Ciphers.

=item L<B<engine>|engine(1)>

Engine (loadable module) information and manipulation.

=item L<B<errstr>|errstr(1)>

Error Number to Error String Conversion.

=item B<gendh>

Generation of Diffie-Hellman Parameters.
Obsoleted by L<B<dhparam>|dhparam(1)>.

=item L<B<gendsa>|gendsa(1)>

Generation of DSA Private Key from Parameters. Superseded by
L<B<genpkey>|genpkey(1)> and L<B<pkey>|pkey(1)>.

=item L<B<genpkey>|genpkey(1)>

Generation of Private Key or Parameters.

=item L<B<genrsa>|genrsa(1)>

Generation of RSA Private Key. Superseded by L<B<genpkey>|genpkey(1)>.

=item L<B<nseq>|nseq(1)>

Create or examine a Netscape certificate sequence.

=item L<B<ocsp>|ocsp(1)>

Online Certificate Status Protocol utility.

=item L<B<passwd>|passwd(1)>

Generation of hashed passwords.

=item L<B<pkcs12>|pkcs12(1)>

PKCS#12 Data Management.

=item L<B<pkcs7>|pkcs7(1)>

PKCS#7 Data Management.

=item L<B<pkcs8>|pkcs8(1)>

PKCS#8 format private key conversion tool.

=item L<B<pkey>|pkey(1)>

Public and private key management.

=item L<B<pkeyparam>|pkeyparam(1)>

Public key algorithm parameter management.

=item L<B<pkeyutl>|pkeyutl(1)>

Public key algorithm cryptographic operation utility.

=item L<B<prime>|prime(1)>

Compute prime numbers.

=item L<B<rand>|rand(1)>

Generate pseudo-random bytes.

=item L<B<rehash>|rehash(1)>

Create symbolic links to certificate and CRL files named by the hash values.

=item L<B<req>|req(1)>

PKCS#10 X.509 Certificate Signing Request (CSR) Management.

=item L<B<rsa>|rsa(1)>

RSA key management.


=item L<B<rsautl>|rsautl(1)>

RSA utility for signing, verification, encryption, and decryption. Superseded
by  L<B<pkeyutl>|pkeyutl(1)>.

=item L<B<s_client>|s_client(1)>

This implements a generic SSL/TLS client which can establish a transparent
connection to a remote server speaking SSL/TLS. It's intended for testing
purposes only and provides only rudimentary interface functionality but
internally uses mostly all functionality of the OpenSSL B<ssl> library.

=item L<B<s_server>|s_server(1)>

This implements a generic SSL/TLS server which accepts connections from remote
clients speaking SSL/TLS. It's intended for testing purposes only and provides
only rudimentary interface functionality but internally uses mostly all
functionality of the OpenSSL B<ssl> library.  It provides both an own command
line oriented protocol for testing SSL functions and a simple HTTP response
facility to emulate an SSL/TLS-aware webserver.

=item L<B<s_time>|s_time(1)>

SSL Connection Timer.

=item L<B<sess_id>|sess_id(1)>

SSL Session Data Management.

=item L<B<smime>|smime(1)>

S/MIME mail processing.

=item L<B<speed>|speed(1)>

Algorithm Speed Measurement.

=item L<B<spkac>|spkac(1)>

SPKAC printing and generating utility.

=item L<B<srp>|srp(1)>

Maintain SRP password file.

=item L<B<storeutl>|storeutl(1)>

Utility to list and display certificates, keys, CRLs, etc.

=item L<B<ts>|ts(1)>

Time Stamping Authority tool (client/server).

=item L<B<verify>|verify(1)>

X.509 Certificate Verification.

=item L<B<version>|version(1)>

OpenSSL Version Information.

=item L<B<x509>|x509(1)>

X.509 Certificate Data Management.

=back

=head2 Message Digest Commands

=over 4

=item B<md2>

MD2 Digest

=item B<md5>

MD5 Digest

=item B<mdc2>

MDC2 Digest

=item B<rmd160>

RMD-160 Digest

=item B<sha>

SHA Digest

=item B<sha1>

SHA-1 Digest

=item B<sha224>

SHA-224 Digest

=item B<sha256>

SHA-256 Digest

=item B<sha384>

SHA-384 Digest

=item B<sha512>

SHA-512 Digest

=back

=head2 Encoding and Cipher Commands

=over 4

=item B<base64>

Base64 Encoding

=item B<bf bf-cbc bf-cfb bf-ecb bf-ofb>

Blowfish Cipher

=item B<cast cast-cbc>

CAST Cipher

=item B<cast5-cbc cast5-cfb cast5-ecb cast5-ofb>

CAST5 Cipher

=item B<des des-cbc des-cfb des-ecb des-ede des-ede-cbc des-ede-cfb des-ede-ofb des-ofb>

DES Cipher

=item B<des3 desx des-ede3 des-ede3-cbc des-ede3-cfb des-ede3-ofb>

Triple-DES Cipher

=item B<idea idea-cbc idea-cfb idea-ecb idea-ofb>

IDEA Cipher

=item B<rc2 rc2-cbc rc2-cfb rc2-ecb rc2-ofb>

RC2 Cipher

=item B<rc4>

RC4 Cipher

=item B<rc5 rc5-cbc rc5-cfb rc5-ecb rc5-ofb>

RC5 Cipher

=back

=head1 OPTIONS

Details of which options are available depend on the specific command.
This section describes some common options with common behavior.

=head2 Common Options

=over 4

=item B<-help>

Provides a terse summary of all options.

=back

=head2 Pass Phrase Options

Several commands accept password arguments, typically using B<-passin>
and B<-passout> for input and output passwords respectively. These allow
the password to be obtained from a variety of sources. Both of these
options take a single argument whose format is described below. If no
password argument is given and a password is required then the user is
prompted to enter one: this will typically be read from the current
terminal with echoing turned off.

=over 4

=item B<pass:password>

The actual password is B<password>. Since the password is visible
to utilities (like 'ps' under Unix) this form should only be used
where security is not important.

=item B<env:var>

Obtain the password from the environment variable B<var>. Since
the environment of other processes is visible on certain platforms
(e.g. ps under certain Unix OSes) this option should be used with caution.

=item B<file:pathname>

The first line of B<pathname> is the password. If the same B<pathname>
argument is supplied to B<-passin> and B<-passout> arguments then the first
line will be used for the input password and the next line for the output
password. B<pathname> need not refer to a regular file: it could for example
refer to a device or named pipe.

=item B<fd:number>

Read the password from the file descriptor B<number>. This can be used to
send the data via a pipe for example.

=item B<stdin>

Read the password from standard input.

=back

=head1 SEE ALSO

L<asn1parse(1)>, L<ca(1)>, L<ciphers(1)>, L<cms(1)>, L<config(5)>,
L<crl(1)>, L<crl2pkcs7(1)>, L<dgst(1)>,
L<dhparam(1)>, L<dsa(1)>, L<dsaparam(1)>,
L<ec(1)>, L<ecparam(1)>,
L<enc(1)>, L<engine(1)>, L<errstr(1)>, L<gendsa(1)>, L<genpkey(1)>,
L<genrsa(1)>, L<nseq(1)>, L<ocsp(1)>,
L<passwd(1)>,
L<pkcs12(1)>, L<pkcs7(1)>, L<pkcs8(1)>,
L<pkey(1)>, L<pkeyparam(1)>, L<pkeyutl(1)>, L<prime(1)>,
L<rand(1)>, L<rehash(1)>, L<req(1)>, L<rsa(1)>,
L<rsautl(1)>, L<s_client(1)>,
L<s_server(1)>, L<s_time(1)>, L<sess_id(1)>,
L<smime(1)>, L<speed(1)>, L<spkac(1)>, L<srp(1)>, L<storeutl(1)>,
L<ts(1)>,
L<verify(1)>, L<version(1)>, L<x509(1)>,
L<crypto(7)>, L<ssl(7)>, L<x509v3_config(5)>

=head1 HISTORY

The B<list->I<XXX>B<-algorithms> pseudo-commands were added in OpenSSL 1.0.0;
For notes on the availability of other commands, see their individual
manual pages.

=head1 COPYRIGHT

Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.

Licensed under the OpenSSL license (the "License").  You may not use
this file except in compliance with the License.  You can obtain a copy
in the file LICENSE in the source distribution or at
L<https://www.openssl.org/source/license.html>.

=cut
Commit	Line	Data
aba3e65f DSH	1	=pod
	2
	3	=head1 NAME
	4
	5	openssl - OpenSSL command line tool
	6
	7	=head1 SYNOPSIS
	8
	9	B<openssl>
	10	I<command>
	11	[ I<command_opts> ]
	12	[ I<command_args> ]
	13
c03726ca	14	B<openssl> B<list> [ B<standard-commands> \| B<digest-commands> \| B<cipher-commands> \| B<cipher-algorithms> \| B<digest-algorithms> \| B<public-key-algorithms>]
88220dcb BM	15
	16	B<openssl> B<no->I<XXX> [ I<arbitrary options> ]
	17
aba3e65f DSH	18	=head1 DESCRIPTION
	19
	20	OpenSSL is a cryptography toolkit implementing the Secure Sockets Layer (SSL
	21	v2/v3) and Transport Layer Security (TLS v1) network protocols and related
	22	cryptography standards required by them.
	23
	24	The B<openssl> program is a command line tool for using the various
4c583c36 AM	25	cryptography functions of OpenSSL's B<crypto> library from the shell.
4c583c36 AM	26	It can be used for
aba3e65f	27
e4549295 DSH	28	o Creation and management of private keys, public keys and parameters
e4549295 DSH	29	o Public key cryptographic operations
4c583c36	30	o Creation of X.509 certificates, CSRs and CRLs
aba3e65f DSH	31	o Calculation of Message Digests
	32	o Encryption and Decryption with Ciphers
	33	o SSL/TLS Client and Server Tests
54a34aec	34	o Handling of S/MIME signed or encrypted mail
21e8bbf2	35	o Time Stamp requests, generation and verification
aba3e65f DSH	36
	37	=head1 COMMAND SUMMARY
	38
	39	The B<openssl> program provides a rich variety of commands (I<command> in the
	40	SYNOPSIS above), each of which often has a wealth of options and arguments
	41	(I<command_opts> and I<command_args> in the SYNOPSIS).
	42
e9681f83 RS	43	Many commands use an external configuration file for some or all of their
	44	arguments and have a B<-config> option to specify that file.
	45	The environment variable B<OPENSSL_CONF> can be used to specify
	46	the location of the file.
	47	If the environment variable is not specified, then the file is named
	48	B<openssl.cnf> in the default certificate storage area, whose value
	49	depends on the configuration flags specified when the OpenSSL
	50	was built.
	51
c03726ca RS	52	The list parameters B<standard-commands>, B<digest-commands>,
c03726ca RS	53	and B<cipher-commands> output a list (one entry per line) of the names
88220dcb BM	54	of all standard commands, message digest commands, or cipher commands,
	55	respectively, that are available in the present B<openssl> utility.
	56
c03726ca RS	57	The list parameters B<cipher-algorithms> and
c03726ca RS	58	B<digest-algorithms> list all cipher and message digest names, one entry per line. Aliases are listed as:
112161bd DSH	59
	60	from => to
	61
c03726ca	62	The list parameter B<public-key-algorithms> lists all supported public
112161bd DSH	63	key algorithms.
112161bd DSH	64
c03726ca	65	The command B<no->I<XXX> tests whether a command of the
88220dcb BM	66	specified name is available. If no command named I<XXX> exists, it
	67	returns 0 (success) and prints B<no->I<XXX>; otherwise it returns 1
	68	and prints I<XXX>. In both cases, the output goes to B<stdout> and
	69	nothing is printed to B<stderr>. Additional command line arguments
	70	are always ignored. Since for each cipher there is a command of the
	71	same name, this provides an easy way for shell scripts to test for the
	72	availability of ciphers in the B<openssl> program. (B<no->I<XXX> is
	73	not able to detect pseudo-commands such as B<quit>,
c03726ca	74	B<list>, or B<no->I<XXX> itself.)
88220dcb	75
05ea606a	76	=head2 Standard Commands
aba3e65f	77
e1271ac2	78	=over 4
aba3e65f	79
c1ce32f1	80	=item L<B<asn1parse>\|asn1parse(1)>
aba3e65f DSH	81
	82	Parse an ASN.1 sequence.
	83
c1ce32f1	84	=item L<B<ca>\|ca(1)>
aba3e65f	85
4c583c36	86	Certificate Authority (CA) Management.
aba3e65f	87
c1ce32f1	88	=item L<B<ciphers>\|ciphers(1)>
aba3e65f DSH	89
	90	Cipher Suite Description Determination.
	91
e5fa864f DSH	92	=item L<B<cms>\|cms(1)>
e5fa864f DSH	93
c4de074e	94	CMS (Cryptographic Message Syntax) utility.
e5fa864f	95
c1ce32f1	96	=item L<B<crl>\|crl(1)>
aba3e65f DSH	97
	98	Certificate Revocation List (CRL) Management.
	99
c1ce32f1	100	=item L<B<crl2pkcs7>\|crl2pkcs7(1)>
aba3e65f DSH	101
	102	CRL to PKCS#7 Conversion.
	103
c1ce32f1	104	=item L<B<dgst>\|dgst(1)>
aba3e65f DSH	105
	106	Message Digest Calculation.
	107
727daea7	108	=item B<dh>
aba3e65f	109
727daea7 BM	110	Diffie-Hellman Parameter Management.
727daea7 BM	111	Obsoleted by L<B<dhparam>\|dhparam(1)>.
aba3e65f	112
e5fa864f DSH	113	=item L<B<dhparam>\|dhparam(1)>
e5fa864f DSH	114
4c583c36	115	Generation and Management of Diffie-Hellman Parameters. Superseded by
c4de074e	116	L<B<genpkey>\|genpkey(1)> and L<B<pkeyparam>\|pkeyparam(1)>.
e5fa864f	117
c1ce32f1	118	=item L<B<dsa>\|dsa(1)>
aba3e65f DSH	119
	120	DSA Data Management.
	121
c1ce32f1	122	=item L<B<dsaparam>\|dsaparam(1)>
aba3e65f	123
4c583c36	124	DSA Parameter Generation and Management. Superseded by
c4de074e	125	L<B<genpkey>\|genpkey(1)> and L<B<pkeyparam>\|pkeyparam(1)>.
aba3e65f	126
e5fa864f DSH	127	=item L<B<ec>\|ec(1)>
e5fa864f DSH	128
c4de074e	129	EC (Elliptic curve) key processing.
e5fa864f DSH	130
	131	=item L<B<ecparam>\|ecparam(1)>
	132
c4de074e	133	EC parameter manipulation and generation.
e5fa864f	134
c1ce32f1	135	=item L<B<enc>\|enc(1)>
aba3e65f DSH	136
	137	Encoding with Ciphers.
	138
e5fa864f	139	=item L<B<engine>\|engine(1)>
aba3e65f	140
4c583c36	141	Engine (loadable module) information and manipulation.
aba3e65f	142
e5fa864f	143	=item L<B<errstr>\|errstr(1)>
727daea7	144
e5fa864f	145	Error Number to Error String Conversion.
727daea7 BM	146
727daea7 BM	147	=item B<gendh>
aba3e65f DSH	148
aba3e65f DSH	149	Generation of Diffie-Hellman Parameters.
727daea7	150	Obsoleted by L<B<dhparam>\|dhparam(1)>.
aba3e65f	151
c1ce32f1	152	=item L<B<gendsa>\|gendsa(1)>
aba3e65f	153
4c583c36	154	Generation of DSA Private Key from Parameters. Superseded by
c4de074e	155	L<B<genpkey>\|genpkey(1)> and L<B<pkey>\|pkey(1)>.
e4549295 DSH	156
	157	=item L<B<genpkey>\|genpkey(1)>
	158
	159	Generation of Private Key or Parameters.
aba3e65f	160
c1ce32f1	161	=item L<B<genrsa>\|genrsa(1)>
aba3e65f	162
478b50cf	163	Generation of RSA Private Key. Superseded by L<B<genpkey>\|genpkey(1)>.
aba3e65f	164
3243698f	165	=item L<B<nseq>\|nseq(1)>
e5fa864f	166
c4de074e	167	Create or examine a Netscape certificate sequence.
e5fa864f	168
a068630a UM	169	=item L<B<ocsp>\|ocsp(1)>
	170
	171	Online Certificate Status Protocol utility.
	172
c1ce32f1	173	=item L<B<passwd>\|passwd(1)>
5160448b RL	174
	175	Generation of hashed passwords.
	176
3f1c4e49 BM	177	=item L<B<pkcs12>\|pkcs12(1)>
	178
	179	PKCS#12 Data Management.
	180
c1ce32f1	181	=item L<B<pkcs7>\|pkcs7(1)>
aba3e65f DSH	182
	183	PKCS#7 Data Management.
	184
f0b843c1 RL	185	=item L<B<pkcs8>\|pkcs8(1)>
	186
	187	PKCS#8 format private key conversion tool.
	188
e4549295 DSH	189	=item L<B<pkey>\|pkey(1)>
	190
	191	Public and private key management.
	192
e4549295 DSH	193	=item L<B<pkeyparam>\|pkeyparam(1)>
	194
	195	Public key algorithm parameter management.
	196
e5fa864f DSH	197	=item L<B<pkeyutl>\|pkeyutl(1)>
	198
	199	Public key algorithm cryptographic operation utility.
	200
f0b843c1 RL	201	=item L<B<prime>\|prime(1)>
	202
	203	Compute prime numbers.
	204
afbd0746 BM	205	=item L<B<rand>\|rand(1)>
	206
	207	Generate pseudo-random bytes.
	208
f0b843c1 RL	209	=item L<B<rehash>\|rehash(1)>
f0b843c1 RL	210
24c34608	211	Create symbolic links to certificate and CRL files named by the hash values.
f0b843c1	212
c1ce32f1	213	=item L<B<req>\|req(1)>
aba3e65f	214
e4549295	215	PKCS#10 X.509 Certificate Signing Request (CSR) Management.
aba3e65f	216
c1ce32f1	217	=item L<B<rsa>\|rsa(1)>
aba3e65f	218
e4549295	219	RSA key management.
aba3e65f	220
e5fa864f	221
34417732 BM	222	=item L<B<rsautl>\|rsautl(1)>
34417732 BM	223
e4549295	224	RSA utility for signing, verification, encryption, and decryption. Superseded
c4de074e	225	by L<B<pkeyutl>\|pkeyutl(1)>.
34417732	226
c1ce32f1	227	=item L<B<s_client>\|s_client(1)>
aba3e65f DSH	228
	229	This implements a generic SSL/TLS client which can establish a transparent
	230	connection to a remote server speaking SSL/TLS. It's intended for testing
	231	purposes only and provides only rudimentary interface functionality but
	232	internally uses mostly all functionality of the OpenSSL B<ssl> library.
	233
c1ce32f1	234	=item L<B<s_server>\|s_server(1)>
aba3e65f DSH	235
	236	This implements a generic SSL/TLS server which accepts connections from remote
	237	clients speaking SSL/TLS. It's intended for testing purposes only and provides
	238	only rudimentary interface functionality but internally uses mostly all
	239	functionality of the OpenSSL B<ssl> library. It provides both an own command
	240	line oriented protocol for testing SSL functions and a simple HTTP response
	241	facility to emulate an SSL/TLS-aware webserver.
	242
c1ce32f1	243	=item L<B<s_time>\|s_time(1)>
aba3e65f DSH	244
	245	SSL Connection Timer.
	246
c1ce32f1	247	=item L<B<sess_id>\|sess_id(1)>
aba3e65f DSH	248
	249	SSL Session Data Management.
	250
c1ce32f1	251	=item L<B<smime>\|smime(1)>
54a34aec DSH	252
	253	S/MIME mail processing.
	254
c1ce32f1	255	=item L<B<speed>\|speed(1)>
aba3e65f DSH	256
	257	Algorithm Speed Measurement.
	258
e5fa864f DSH	259	=item L<B<spkac>\|spkac(1)>
e5fa864f DSH	260
c4de074e	261	SPKAC printing and generating utility.
e5fa864f	262
f0b843c1 RL	263	=item L<B<srp>\|srp(1)>
	264
	265	Maintain SRP password file.
	266
	267	=item L<B<storeutl>\|storeutl(1)>
	268
	269	Utility to list and display certificates, keys, CRLs, etc.
	270
f1845cbe	271	=item L<B<ts>\|ts(1)>
21e8bbf2	272
c4de074e	273	Time Stamping Authority tool (client/server).
21e8bbf2	274
c1ce32f1	275	=item L<B<verify>\|verify(1)>
aba3e65f DSH	276
	277	X.509 Certificate Verification.
	278
c1ce32f1	279	=item L<B<version>\|version(1)>
aba3e65f DSH	280
	281	OpenSSL Version Information.
	282
c1ce32f1	283	=item L<B<x509>\|x509(1)>
aba3e65f DSH	284
	285	X.509 Certificate Data Management.
	286
	287	=back
	288
05ea606a	289	=head2 Message Digest Commands
aba3e65f	290
e1271ac2	291	=over 4
aba3e65f DSH	292
	293	=item B<md2>
	294
	295	MD2 Digest
	296
	297	=item B<md5>
	298
	299	MD5 Digest
	300
	301	=item B<mdc2>
	302
	303	MDC2 Digest
	304
	305	=item B<rmd160>
	306
	307	RMD-160 Digest
	308
4c583c36	309	=item B<sha>
aba3e65f DSH	310
	311	SHA Digest
	312
4c583c36	313	=item B<sha1>
aba3e65f DSH	314
	315	SHA-1 Digest
	316
c7503f52 AP	317	=item B<sha224>
	318
	319	SHA-224 Digest
	320
	321	=item B<sha256>
	322
	323	SHA-256 Digest
	324
	325	=item B<sha384>
	326
	327	SHA-384 Digest
	328
	329	=item B<sha512>
	330
	331	SHA-512 Digest
	332
677741f8 AP	333	=back
677741f8 AP	334
05ea606a	335	=head2 Encoding and Cipher Commands
aba3e65f	336
e1271ac2	337	=over 4
aba3e65f DSH	338
	339	=item B<base64>
	340
	341	Base64 Encoding
	342
	343	=item B<bf bf-cbc bf-cfb bf-ecb bf-ofb>
	344
	345	Blowfish Cipher
	346
	347	=item B<cast cast-cbc>
	348
	349	CAST Cipher
	350
	351	=item B<cast5-cbc cast5-cfb cast5-ecb cast5-ofb>
	352
	353	CAST5 Cipher
	354
	355	=item B<des des-cbc des-cfb des-ecb des-ede des-ede-cbc des-ede-cfb des-ede-ofb des-ofb>
	356
	357	DES Cipher
	358
	359	=item B<des3 desx des-ede3 des-ede3-cbc des-ede3-cfb des-ede3-ofb>
	360
	361	Triple-DES Cipher
	362
	363	=item B<idea idea-cbc idea-cfb idea-ecb idea-ofb>
	364
	365	IDEA Cipher
	366
	367	=item B<rc2 rc2-cbc rc2-cfb rc2-ecb rc2-ofb>
	368
	369	RC2 Cipher
	370
	371	=item B<rc4>
	372
	373	RC4 Cipher
	374
	375	=item B<rc5 rc5-cbc rc5-cfb rc5-ecb rc5-ofb>
	376
	377	RC5 Cipher
	378
	379	=back
	380
3dfda1a6	381	=head1 OPTIONS
0634424f RS	382
0634424f RS	383	Details of which options are available depend on the specific command.
77a795e4	384	This section describes some common options with common behavior.
0634424f RS	385
	386	=head2 Common Options
	387
e1271ac2	388	=over 4
0634424f RS	389
	390	=item B<-help>
	391
	392	Provides a terse summary of all options.
	393
	394	=back
	395
	396	=head2 Pass Phrase Options
a3fe382e DSH	397
	398	Several commands accept password arguments, typically using B<-passin>
	399	and B<-passout> for input and output passwords respectively. These allow
	400	the password to be obtained from a variety of sources. Both of these
	401	options take a single argument whose format is described below. If no
	402	password argument is given and a password is required then the user is
	403	prompted to enter one: this will typically be read from the current
	404	terminal with echoing turned off.
	405
e1271ac2	406	=over 4
a3fe382e DSH	407
	408	=item B<pass:password>
	409
c4de074e	410	The actual password is B<password>. Since the password is visible
a3fe382e DSH	411	to utilities (like 'ps' under Unix) this form should only be used
	412	where security is not important.
	413
	414	=item B<env:var>
	415
c4de074e	416	Obtain the password from the environment variable B<var>. Since
a3fe382e DSH	417	the environment of other processes is visible on certain platforms
	418	(e.g. ps under certain Unix OSes) this option should be used with caution.
	419
	420	=item B<file:pathname>
	421
c4de074e	422	The first line of B<pathname> is the password. If the same B<pathname>
a3fe382e DSH	423	argument is supplied to B<-passin> and B<-passout> arguments then the first
	424	line will be used for the input password and the next line for the output
	425	password. B<pathname> need not refer to a regular file: it could for example
	426	refer to a device or named pipe.
	427
	428	=item B<fd:number>
	429
c4de074e	430	Read the password from the file descriptor B<number>. This can be used to
a3fe382e DSH	431	send the data via a pipe for example.
	432
	433	=item B<stdin>
	434
c4de074e	435	Read the password from standard input.
a3fe382e DSH	436
	437	=back
	438
aba3e65f DSH	439	=head1 SEE ALSO
aba3e65f DSH	440
f0b843c1	441	L<asn1parse(1)>, L<ca(1)>, L<ciphers(1)>, L<cms(1)>, L<config(5)>,
9b86974e RS	442	L<crl(1)>, L<crl2pkcs7(1)>, L<dgst(1)>,
9b86974e RS	443	L<dhparam(1)>, L<dsa(1)>, L<dsaparam(1)>,
f0b843c1 RL	444	L<ec(1)>, L<ecparam(1)>,
	445	L<enc(1)>, L<engine(1)>, L<errstr(1)>, L<gendsa(1)>, L<genpkey(1)>,
	446	L<genrsa(1)>, L<nseq(1)>, L<ocsp(1)>,
9b86974e RS	447	L<passwd(1)>,
9b86974e RS	448	L<pkcs12(1)>, L<pkcs7(1)>, L<pkcs8(1)>,
f0b843c1 RL	449	L<pkey(1)>, L<pkeyparam(1)>, L<pkeyutl(1)>, L<prime(1)>,
f0b843c1 RL	450	L<rand(1)>, L<rehash(1)>, L<req(1)>, L<rsa(1)>,
9b86974e	451	L<rsautl(1)>, L<s_client(1)>,
f0b843c1 RL	452	L<s_server(1)>, L<s_time(1)>, L<sess_id(1)>,
	453	L<smime(1)>, L<speed(1)>, L<spkac(1)>, L<srp(1)>, L<storeutl(1)>,
	454	L<ts(1)>,
9b86974e	455	L<verify(1)>, L<version(1)>, L<x509(1)>,
b275f3b6	456	L<crypto(7)>, L<ssl(7)>, L<x509v3_config(5)>
aba3e65f DSH	457
	458	=head1 HISTORY
	459
fb552ac6	460	The B<list->I<XXX>B<-algorithms> pseudo-commands were added in OpenSSL 1.0.0;
88220dcb BM	461	For notes on the availability of other commands, see their individual
88220dcb BM	462	manual pages.
aba3e65f	463
e2f92610 RS	464	=head1 COPYRIGHT
e2f92610 RS	465
b0edda11	466	Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
e2f92610 RS	467
	468	Licensed under the OpenSSL license (the "License"). You may not use
	469	this file except in compliance with the License. You can obtain a copy
	470	in the file LICENSE in the source distribution or at
	471	L<https://www.openssl.org/source/license.html>.
	472
	473	=cut