laantungir/nostr_core_lib
1
1
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Updated build.sh to build curl, openssl, and 256k1 if needed

Browse Source
This commit is contained in:
Laan Tungir
2025-08-16 10:26:39 -04:00
parent 00df0cad99
commit 40dd3aa20b
9429 changed files with 407781 additions and 47716 deletions
Download Patch File Download Diff File Expand all files Collapse all files

226
openssl-3.4.2/doc/man1/openssl-asn1parse.pod Normal file
View File

@@ -0,0 +1,226 @@
=pod
=begin comment
WARNING: do not edit!
Generated by Makefile from doc/man1/openssl-asn1parse.pod.in
=end comment
=head1 NAME
openssl-asn1parse - ASN.1 parsing command
=head1 SYNOPSIS
B<openssl> B<asn1parse>
[B<-help>]
[B<-inform> B<DER>|B<PEM>|B<B64>]
[B<-in> I<filename>]
[B<-out> I<filename>]
[B<-noout>]
[B<-offset> I<number>]
[B<-length> I<number>]
[B<-i>]
[B<-oid> I<filename>]
[B<-dump>]
[B<-dlimit> I<num>]
[B<-strparse> I<offset>]
[B<-genstr> I<string>]
[B<-genconf> I<file>]
[B<-strictpem>]
[B<-item> I<name>]
=head1 DESCRIPTION
This command is a diagnostic utility that can parse ASN.1 structures.
It can also be used to extract data from ASN.1 formatted data.
=head1 OPTIONS
=over 4
=item B<-help>
Print out a usage message.
=item B<-inform> B<DER>|B<PEM>|B<B64>
The input format; the default is B<PEM>.
See L<openssl-format-options(1)> for details.
=item B<-in> I<filename>
The input file, default is standard input.
=item B<-out> I<filename>
Output file to place the DER encoded data into. If this
option is not present then no data will be output. This is most useful when
combined with the B<-strparse> option.
=item B<-noout>
Don't output the parsed version of the input file.
=item B<-offset> I<number>
Starting offset to begin parsing, default is start of file.
=item B<-length> I<number>
Number of bytes to parse, default is until end of file.
=item B<-i>
Indents the output according to the "depth" of the structures.
=item B<-oid> I<filename>
A file containing additional OBJECT IDENTIFIERs (OIDs). The format of this
file is described in the NOTES section below.
=item B<-dump>
Dump unknown data in hex format.
=item B<-dlimit> I<num>
Like B<-dump>, but only the first B<num> bytes are output.
=item B<-strparse> I<offset>
Parse the contents octets of the ASN.1 object starting at B<offset>. This
option can be used multiple times to "drill down" into a nested structure.
=item B<-genstr> I<string>, B<-genconf> I<file>
Generate encoded data based on I<string>, I<file> or both using
L<ASN1_generate_nconf(3)> format. If I<file> only is
present then the string is obtained from the default section using the name
B<asn1>. The encoded data is passed through the ASN1 parser and printed out as
though it came from a file, the contents can thus be examined and written to a
file using the B<-out> option.
=item B<-strictpem>
If this option is used then B<-inform> will be ignored. Without this option any
data in a PEM format input file will be treated as being base64 encoded and
processed whether it has the normal PEM BEGIN and END markers or not. This
option will ignore any data prior to the start of the BEGIN marker, or after an
END marker in a PEM file.
=item B<-item> I<name>
Attempt to decode and print the data as an B<ASN1_ITEM> I<name>. This can be
used to print out the fields of any supported ASN.1 structure if the type is
known.
=back
=head2 Output
The output will typically contain lines like this:
0:d=0 hl=4 l= 681 cons: SEQUENCE
.....
229:d=3 hl=3 l= 141 prim: BIT STRING
373:d=2 hl=3 l= 162 cons: cont [ 3 ]
376:d=3 hl=3 l= 159 cons: SEQUENCE
379:d=4 hl=2 l= 29 cons: SEQUENCE
381:d=5 hl=2 l= 3 prim: OBJECT :X509v3 Subject Key Identifier
386:d=5 hl=2 l= 22 prim: OCTET STRING
410:d=4 hl=2 l= 112 cons: SEQUENCE
412:d=5 hl=2 l= 3 prim: OBJECT :X509v3 Authority Key Identifier
417:d=5 hl=2 l= 105 prim: OCTET STRING
524:d=4 hl=2 l= 12 cons: SEQUENCE
.....
This example is part of a self-signed certificate. Each line starts with the
offset in decimal. C<d=XX> specifies the current depth. The depth is increased
within the scope of any SET or SEQUENCE. C<hl=XX> gives the header length
(tag and length octets) of the current type. C<l=XX> gives the length of
the contents octets.
The B<-i> option can be used to make the output more readable.
Some knowledge of the ASN.1 structure is needed to interpret the output.
In this example the BIT STRING at offset 229 is the certificate public key.
The contents octets of this will contain the public key information. This can
be examined using the option C<-strparse 229> to yield:
0:d=0 hl=3 l= 137 cons: SEQUENCE
3:d=1 hl=3 l= 129 prim: INTEGER :E5D21E1F5C8D208EA7A2166C7FAF9F6BDF2059669C60876DDB70840F1A5AAFA59699FE471F379F1DD6A487E7D5409AB6A88D4A9746E24B91D8CF55DB3521015460C8EDE44EE8A4189F7A7BE77D6CD3A9AF2696F486855CF58BF0EDF2B4068058C7A947F52548DDF7E15E96B385F86422BEA9064A3EE9E1158A56E4A6F47E5897
135:d=1 hl=2 l= 3 prim: INTEGER :010001
=head1 NOTES
If an OID is not part of OpenSSL's internal table it will be represented in
numerical form (for example 1.2.3.4). The file passed to the B<-oid> option
allows additional OIDs to be included. Each line consists of three columns,
the first column is the OID in numerical format and should be followed by white
space. The second column is the "short name" which is a single word followed
by whitespace. The final column is the rest of the line and is the
"long name". Example:
C<1.2.3.4 shortName A long name>
For any OID with an associated short and long name, this command will display
the long name.
=head1 EXAMPLES
Parse a file:
openssl asn1parse -in file.pem
Parse a DER file:
openssl asn1parse -inform DER -in file.der
Generate a simple UTF8String:
openssl asn1parse -genstr 'UTF8:Hello World'
Generate and write out a UTF8String, don't print parsed output:
openssl asn1parse -genstr 'UTF8:Hello World' -noout -out utf8.der
Generate using a config file:
openssl asn1parse -genconf asn1.cnf -noout -out asn1.der
Example config file:
asn1=SEQUENCE:seq_sect
[seq_sect]
field1=BOOL:TRUE
field2=EXP:0, UTF8:some random string
=head1 BUGS
There should be options to change the format of output lines. The output of some
ASN.1 types is not well handled (if at all).
=head1 SEE ALSO
L<openssl(1)>,
L<ASN1_generate_nconf(3)>
=head1 COPYRIGHT
Copyright 2000-2023 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
in the file LICENSE in the source distribution or at
L<https://www.openssl.org/source/license.html>.
=cut

895
openssl-3.4.2/doc/man1/openssl-ca.pod Normal file
View File

@@ -0,0 +1,895 @@
=pod
=begin comment
WARNING: do not edit!
Generated by Makefile from doc/man1/openssl-ca.pod.in
=end comment
=head1 NAME
openssl-ca - sample minimal CA application
=head1 SYNOPSIS
B<openssl> B<ca>
[B<-help>]
[B<-verbose>]
[B<-quiet>]
[B<-config> I<filename>]
[B<-name> I<section>]
[B<-section> I<section>]
[B<-gencrl>]
[B<-revoke> I<file>]
[B<-valid> I<file>]
[B<-status> I<serial>]
[B<-updatedb>]
[B<-crl_reason> I<reason>]
[B<-crl_hold> I<instruction>]
[B<-crl_compromise> I<time>]
[B<-crl_CA_compromise> I<time>]
[B<-crl_lastupdate> I<date>]
[B<-crl_nextupdate> I<date>]
[B<-crldays> I<days>]
[B<-crlhours> I<hours>]
[B<-crlsec> I<seconds>]
[B<-crlexts> I<section>]
[B<-startdate> I<date>]
[B<-not_before> I<date>]
[B<-enddate> I<date>]
[B<-not_after> I<date>]
[B<-days> I<arg>]
[B<-md> I<arg>]
[B<-policy> I<arg>]
[B<-keyfile> I<filename>|I<uri>]
[B<-keyform> B<DER>|B<PEM>|B<P12>|B<ENGINE>]
[B<-key> I<arg>]
[B<-passin> I<arg>]
[B<-cert> I<file>]
[B<-certform> B<DER>|B<PEM>|B<P12>]
[B<-selfsign>]
[B<-in> I<file>]
[B<-inform> B<DER>|<PEM>]
[B<-out> I<file>]
[B<-notext>]
[B<-dateopt>]
[B<-outdir> I<dir>]
[B<-infiles>]
[B<-spkac> I<file>]
[B<-ss_cert> I<file>]
[B<-preserveDN>]
[B<-noemailDN>]
[B<-batch>]
[B<-msie_hack>]
[B<-extensions> I<section>]
[B<-extfile> I<section>]
[B<-subj> I<arg>]
[B<-utf8>]
[B<-sigopt> I<nm>:I<v>]
[B<-vfyopt> I<nm>:I<v>]
[B<-create_serial>]
[B<-rand_serial>]
[B<-multivalue-rdn>]
[B<-rand> I<files>]
[B<-writerand> I<file>]
[B<-engine> I<id>]
[B<-provider> I<name>]
[B<-provider-path> I<path>]
[B<-propquery> I<propq>]
[I<certreq>...]
=head1 DESCRIPTION
This command emulates a CA application.
See the B<WARNINGS> especially when considering to use it productively.
It generates certificates bearing X.509 version 3.
Unless specified otherwise,
key identifier extensions are included as described in L<x509v3_config(5)>.
It can be used to sign certificate requests (CSRs) in a variety of forms
and generate certificate revocation lists (CRLs).
It also maintains a text database of issued certificates and their status.
When signing certificates, a single request can be specified
with the B<-in> option, or multiple requests can be processed by
specifying a set of B<certreq> files after all options.
Note that there are also very lean ways of generating certificates:
the B<req> and B<x509> commands can be used for directly creating certificates.
See L<openssl-req(1)> and L<openssl-x509(1)> for details.
The descriptions of the B<ca> command options are divided into each purpose.
=head1 OPTIONS
=over 4
=item B<-help>
Print out a usage message.
=item B<-verbose>
This prints extra details about the operations being performed.
=item B<-quiet>
This prints fewer details about the operations being performed, which may
be handy during batch scripts or pipelines.
=item B<-config> I<filename>
Specifies the configuration file to use.
Optional; for a description of the default value,
see L<openssl(1)/COMMAND SUMMARY>.
=item B<-name> I<section>, B<-section> I<section>
Specifies the configuration file section to use (overrides
B<default_ca> in the B<ca> section).
=item B<-in> I<filename>
An input filename containing a single certificate request (CSR) to be
signed by the CA.
=item B<-inform> B<DER>|B<PEM>
The format to use when loading certificate request (CSR) input files;
by default PEM is tried first.
See L<openssl-format-options(1)> for details.
=item B<-ss_cert> I<filename>
A single self-signed certificate to be signed by the CA.
=item B<-spkac> I<filename>
A file containing a single Netscape signed public key and challenge
and additional field values to be signed by the CA. See the B<SPKAC FORMAT>
section for information on the required input and output format.
=item B<-infiles>
If present this should be the last option, all subsequent arguments
are taken as the names of files containing certificate requests.
=item B<-out> I<filename>
The output file to output certificates to. The default is standard
output. The certificate details will also be printed out to this
file in PEM format (except that B<-spkac> outputs DER format).
=item B<-outdir> I<directory>
The directory to output certificates to. The certificate will be
written to a filename consisting of the serial number in hex with
F<.pem> appended.
=item B<-cert> I<filename>
The CA certificate, which must match with B<-keyfile>.
=item B<-certform> B<DER>|B<PEM>|B<P12>
The format of the data in certificate input files; unspecified by default.
See L<openssl-format-options(1)> for details.
=item B<-keyfile> I<filename>|I<uri>
The CA private key to sign certificate requests with.
This must match with B<-cert>.
=item B<-keyform> B<DER>|B<PEM>|B<P12>|B<ENGINE>
The format of the private key input file; unspecified by default.
See L<openssl-format-options(1)> for details.
=item B<-sigopt> I<nm>:I<v>
Pass options to the signature algorithm during sign operations.
Names and values of these options are algorithm-specific and
documented in L<provider-signature(7)/Signature parameters>.
=item B<-vfyopt> I<nm>:I<v>
Pass options to the signature algorithm during verify operations.
Names and values of these options are algorithm-specific.
This often needs to be given while signing too, because the self-signature of
a certificate signing request (CSR) is verified against the included public key,
and that verification may need its own set of options.
=item B<-key> I<password>
=for openssl foreign manual ps(1)
The password used to encrypt the private key. Since on some
systems the command line arguments are visible (e.g., when using
L<ps(1)> on Unix),
this option should be used with caution.
Better use B<-passin>.
=item B<-passin> I<arg>
The key password source for key files and certificate PKCS#12 files.
For more information about the format of B<arg>
see L<openssl-passphrase-options(1)>.
=item B<-selfsign>
Indicates the issued certificates are to be signed with the key
the certificate requests were signed with (given with B<-keyfile>).
Certificate requests signed with a different key are ignored.
If B<-spkac>, B<-ss_cert> or B<-gencrl> are given, B<-selfsign> is ignored.
A consequence of using B<-selfsign> is that the self-signed
certificate appears among the entries in the certificate database
(see the configuration option B<database>), and uses the same
serial number counter as all other certificates sign with the
self-signed certificate.
=item B<-notext>
Don't output the text form of a certificate to the output file.
=item B<-dateopt>
Specify the date output format. Values are: rfc_822 and iso_8601.
Defaults to rfc_822.
=item B<-startdate> I<date>, B<-not_before> I<date>
This allows the start date to be explicitly set. The format of the
date is YYMMDDHHMMSSZ (the same as an ASN1 UTCTime structure), or
YYYYMMDDHHMMSSZ (the same as an ASN1 GeneralizedTime structure). In
both formats, seconds SS and timezone Z must be present.
Alternatively, you can also use "today".
=item B<-enddate> I<date>, B<-not_after> I<date>
This allows the expiry date to be explicitly set. The format of the
date is YYMMDDHHMMSSZ (the same as an ASN1 UTCTime structure), or
YYYYMMDDHHMMSSZ (the same as an ASN1 GeneralizedTime structure). In
both formats, seconds SS and timezone Z must be present.
Alternatively, you can also use "today".
This overrides the B<-days> option.
=item B<-days> I<arg>
The number of days from today to certify the certificate for.
Regardless of the option B<-not_before>, the days are always counted from
today.
When used together with the option B<-not_after>/B<-startdate>, the explicit
expiry date takes precedence.
=item B<-md> I<alg>
The message digest to use.
Any digest supported by the L<openssl-dgst(1)> command can be used. For signing
algorithms that do not support a digest (i.e. Ed25519 and Ed448) any message
digest that is set is ignored. This option also applies to CRLs.
=item B<-policy> I<arg>
This option defines the CA "policy" to use. This is a section in
the configuration file which decides which fields should be mandatory
or match the CA certificate. Check out the B<POLICY FORMAT> section
for more information.
=item B<-msie_hack>
This is a deprecated option to make this command work with very old versions
of the IE certificate enrollment control "certenr3". It used UniversalStrings
for almost everything. Since the old control has various security bugs
its use is strongly discouraged.
=item B<-preserveDN>
Normally the DN order of a certificate is the same as the order of the
fields in the relevant policy section. When this option is set the order
is the same as the request. This is largely for compatibility with the
older IE enrollment control which would only accept certificates if their
DNs match the order of the request. This is not needed for Xenroll.
=item B<-noemailDN>
The DN of a certificate can contain the EMAIL field if present in the
request DN, however, it is good policy just having the e-mail set into
the altName extension of the certificate. When this option is set the
EMAIL field is removed from the certificate' subject and set only in
the, eventually present, extensions. The B<email_in_dn> keyword can be
used in the configuration file to enable this behaviour.
=item B<-batch>
This sets the batch mode. In this mode no questions will be asked
and all certificates will be certified automatically.
=item B<-extensions> I<section>
The section of the configuration file containing certificate extensions
to be added when a certificate is issued (defaults to B<x509_extensions>
unless the B<-extfile> option is used).
See the L<x509v3_config(5)> manual page for details of the
extension section format.
=item B<-extfile> I<file>
An additional configuration file to read certificate extensions from
(using the default section unless the B<-extensions> option is also
used).
=item B<-subj> I<arg>
Supersedes subject name given in the request.
The arg must be formatted as C</type0=value0/type1=value1/type2=...>.
Special characters may be escaped by C<\> (backslash), whitespace is retained.
Empty values are permitted, but the corresponding type will not be included
in the resulting certificate.
Giving a single C</> will lead to an empty sequence of RDNs (a NULL-DN).
Multi-valued RDNs can be formed by placing a C<+> character instead of a C</>
between the AttributeValueAssertions (AVAs) that specify the members of the set.
Example:
C</DC=org/DC=OpenSSL/DC=users/UID=123456+CN=John Doe>
=item B<-utf8>
This option causes field values to be interpreted as UTF8 strings, by
default they are interpreted as ASCII. This means that the field
values, whether prompted from a terminal or obtained from a
configuration file, must be valid UTF8 strings.
=item B<-create_serial>
If reading serial from the text file as specified in the configuration
fails, specifying this option creates a new random serial to be used as next
serial number.
To get random serial numbers, use the B<-rand_serial> flag instead; this
should only be used for simple error-recovery.
=item B<-rand_serial>
Generate a large random number to use as the serial number.
This overrides any option or configuration to use a serial number file.
=item B<-multivalue-rdn>
This option has been deprecated and has no effect.
=item B<-rand> I<files>, B<-writerand> I<file>
See L<openssl(1)/Random State Options> for details.
=item B<-engine> I<id>
See L<openssl(1)/Engine Options>.
This option is deprecated.
=item B<-provider> I<name>
=item B<-provider-path> I<path>
=item B<-propquery> I<propq>
See L<openssl(1)/Provider Options>, L<provider(7)>, and L<property(7)>.
=back
=head1 CRL OPTIONS
=over 4
=item B<-gencrl>
This option generates a CRL based on information in the index file.
=item B<-crl_lastupdate> I<time>
Allows the value of the CRL's lastUpdate field to be explicitly set; if
this option is not present, the current time is used. Accepts times in
YYMMDDHHMMSSZ format (the same as an ASN1 UTCTime structure) or
YYYYMMDDHHMMSSZ format (the same as an ASN1 GeneralizedTime structure).
=item B<-crl_nextupdate> I<time>
Allows the value of the CRL's nextUpdate field to be explicitly set; if
this option is present, any values given for B<-crldays>, B<-crlhours>
and B<-crlsec> are ignored. Accepts times in the same formats as
B<-crl_lastupdate>.
=item B<-crldays> I<num>
The number of days before the next CRL is due. That is the days from
now to place in the CRL nextUpdate field.
=item B<-crlhours> I<num>
The number of hours before the next CRL is due.
=item B<-crlsec> I<num>
The number of seconds before the next CRL is due.
=item B<-revoke> I<filename>
A filename containing a certificate to revoke.
=item B<-valid> I<filename>
A filename containing a certificate to add a Valid certificate entry.
=item B<-status> I<serial>
Displays the revocation status of the certificate with the specified
serial number and exits.
=item B<-updatedb>
Updates the database index to purge expired certificates.
=item B<-crl_reason> I<reason>
Revocation reason, where I<reason> is one of: B<unspecified>, B<keyCompromise>,
B<CACompromise>, B<affiliationChanged>, B<superseded>, B<cessationOfOperation>,
B<certificateHold> or B<removeFromCRL>. The matching of I<reason> is case
insensitive. Setting any revocation reason will make the CRL v2.
In practice B<removeFromCRL> is not particularly useful because it is only used
in delta CRLs which are not currently implemented.
=item B<-crl_hold> I<instruction>
This sets the CRL revocation reason code to B<certificateHold> and the hold
instruction to I<instruction> which must be an OID. Although any OID can be
used only B<holdInstructionNone> (the use of which is discouraged by RFC2459)
B<holdInstructionCallIssuer> or B<holdInstructionReject> will normally be used.
=item B<-crl_compromise> I<time>
This sets the revocation reason to B<keyCompromise> and the compromise time to
I<time>. I<time> should be in GeneralizedTime format that is I<YYYYMMDDHHMMSSZ>.
=item B<-crl_CA_compromise> I<time>
This is the same as B<crl_compromise> except the revocation reason is set to
B<CACompromise>.
=item B<-crlexts> I<section>
The section of the configuration file containing CRL extensions to
include. If no CRL extension section is present then a V1 CRL is
created, if the CRL extension section is present (even if it is
empty) then a V2 CRL is created. The CRL extensions specified are
CRL extensions and B<not> CRL entry extensions. It should be noted
that some software (for example Netscape) can't handle V2 CRLs. See
L<x509v3_config(5)> manual page for details of the
extension section format.
=back
=head1 CONFIGURATION FILE OPTIONS
The section of the configuration file containing options for this command
is found as follows: If the B<-name> command line option is used,
then it names the section to be used. Otherwise the section to
be used must be named in the B<default_ca> option of the B<ca> section
of the configuration file (or in the default section of the
configuration file). Besides B<default_ca>, the following options are
read directly from the B<ca> section:
RANDFILE
preserve
msie_hack
With the exception of B<RANDFILE>, this is probably a bug and may
change in future releases.
Many of the configuration file options are identical to command line
options. Where the option is present in the configuration file
and the command line the command line value is used. Where an
option is described as mandatory then it must be present in
the configuration file or the command line equivalent (if
any) used.
=over 4
=item B<oid_file>
This specifies a file containing additional B<OBJECT IDENTIFIERS>.
Each line of the file should consist of the numerical form of the
object identifier followed by whitespace then the short name followed
by whitespace and finally the long name.
=item B<oid_section>
This specifies a section in the configuration file containing extra
object identifiers. Each line should consist of the short name of the
object identifier followed by B<=> and the numerical form. The short
and long names are the same when this option is used.
=item B<new_certs_dir>
The same as the B<-outdir> command line option. It specifies
the directory where new certificates will be placed. Mandatory.
=item B<certificate>
The same as B<-cert>. It gives the file containing the CA
certificate. Mandatory.
=item B<private_key>
Same as the B<-keyfile> option. The file containing the
CA private key. Mandatory.
=item B<RANDFILE>
At startup the specified file is loaded into the random number generator,
and at exit 256 bytes will be written to it. (Note: Using a RANDFILE is
not necessary anymore, see the L</HISTORY> section.
=item B<default_days>
The same as the B<-days> option. The number of days from today to certify
a certificate for.
=item B<default_startdate>
The same as the B<-startdate> option. The start date to certify
a certificate for. If not set the current time is used.
=item B<default_enddate>
The same as the B<-enddate> option. Either this option or
B<default_days> (or the command line equivalents) must be
present.
=item B<default_crl_hours default_crl_days>
The same as the B<-crlhours> and the B<-crldays> options. These
will only be used if neither command line option is present. At
least one of these must be present to generate a CRL.
=item B<default_md>
The same as the B<-md> option. Mandatory except where the signing algorithm does
not require a digest (i.e. Ed25519 and Ed448).
=item B<database>
The text database file to use. Mandatory. This file must be present
though initially it will be empty.
=item B<unique_subject>
If the value B<yes> is given, the valid certificate entries in the
database must have unique subjects. if the value B<no> is given,
several valid certificate entries may have the exact same subject.
The default value is B<yes>, to be compatible with older (pre 0.9.8)
versions of OpenSSL. However, to make CA certificate roll-over easier,
it's recommended to use the value B<no>, especially if combined with
the B<-selfsign> command line option.
Note that it is valid in some circumstances for certificates to be created
without any subject. In the case where there are multiple certificates without
subjects this does not count as a duplicate.
=item B<serial>
A text file containing the next serial number to use in hex. Mandatory.
This file must be present and contain a valid serial number.
=item B<crlnumber>
A text file containing the next CRL number to use in hex. The crl number
will be inserted in the CRLs only if this file exists. If this file is
present, it must contain a valid CRL number.
=item B<x509_extensions>
A fallback to the B<-extensions> option.
=item B<crl_extensions>
A fallback to the B<-crlexts> option.
=item B<preserve>
The same as B<-preserveDN>
=item B<email_in_dn>
The same as B<-noemailDN>. If you want the EMAIL field to be removed
from the DN of the certificate simply set this to 'no'. If not present
the default is to allow for the EMAIL filed in the certificate's DN.
=item B<msie_hack>
The same as B<-msie_hack>
=item B<policy>
The same as B<-policy>. Mandatory. See the B<POLICY FORMAT> section
for more information.
=item B<name_opt>, B<cert_opt>
These options allow the format used to display the certificate details
when asking the user to confirm signing. All the options supported by
the B<x509> utilities B<-nameopt> and B<-certopt> switches can be used
here, except the B<no_signame> and B<no_sigdump> are permanently set
and cannot be disabled (this is because the certificate signature cannot
be displayed because the certificate has not been signed at this point).
For convenience the values B<ca_default> are accepted by both to produce
a reasonable output.
If neither option is present the format used in earlier versions of
OpenSSL is used. Use of the old format is B<strongly> discouraged because
it only displays fields mentioned in the B<policy> section, mishandles
multicharacter string types and does not display extensions.
=item B<copy_extensions>
Determines how extensions in certificate requests should be handled.
If set to B<none> or this option is not present then extensions are
ignored and not copied to the certificate. If set to B<copy> then any
extensions present in the request that are not already present are copied
to the certificate. If set to B<copyall> then all extensions in the
request are copied to the certificate: if the extension is already present
in the certificate it is deleted first. See the B<WARNINGS> section before
using this option.
The main use of this option is to allow a certificate request to supply
values for certain extensions such as subjectAltName.
=back
=head1 POLICY FORMAT
The policy section consists of a set of variables corresponding to
certificate DN fields. If the value is "match" then the field value
must match the same field in the CA certificate. If the value is
"supplied" then it must be present. If the value is "optional" then
it may be present. Any fields not mentioned in the policy section
are silently deleted, unless the B<-preserveDN> option is set but
this can be regarded more of a quirk than intended behaviour.
=head1 SPKAC FORMAT
The input to the B<-spkac> command line option is a Netscape
signed public key and challenge. This will usually come from
the B<KEYGEN> tag in an HTML form to create a new private key.
It is however possible to create SPKACs using L<openssl-spkac(1)>.
The file should contain the variable SPKAC set to the value of
the SPKAC and also the required DN components as name value pairs.
If you need to include the same component twice then it can be
preceded by a number and a '.'.
When processing SPKAC format, the output is DER if the B<-out>
flag is used, but PEM format if sending to stdout or the B<-outdir>
flag is used.
=head1 EXAMPLES
Note: these examples assume that the directory structure this command
assumes is already set up and the relevant files already exist. This
usually involves creating a CA certificate and private key with
L<openssl-req(1)>, a serial number file and an empty index file and
placing them in the relevant directories.
To use the sample configuration file below the directories F<demoCA>,
F<demoCA/private> and F<demoCA/newcerts> would be created. The CA
certificate would be copied to F<demoCA/cacert.pem> and its private
key to F<demoCA/private/cakey.pem>. A file F<demoCA/serial> would be
created containing for example "01" and the empty index file
F<demoCA/index.txt>.
Sign a certificate request:
openssl ca -in req.pem -out newcert.pem
Sign an SM2 certificate request:
openssl ca -in sm2.csr -out sm2.crt -md sm3 \
-sigopt "distid:1234567812345678" \
-vfyopt "distid:1234567812345678"
Sign a certificate request, using CA extensions:
openssl ca -in req.pem -extensions v3_ca -out newcert.pem
Generate a CRL
openssl ca -gencrl -out crl.pem
Sign several requests:
openssl ca -infiles req1.pem req2.pem req3.pem
Certify a Netscape SPKAC:
openssl ca -spkac spkac.txt
A sample SPKAC file (the SPKAC line has been truncated for clarity):
SPKAC=MIG0MGAwXDANBgkqhkiG9w0BAQEFAANLADBIAkEAn7PDhCeV/xIxUg8V70YRxK2A5
CN=Steve Test
emailAddress=steve@openssl.org
0.OU=OpenSSL Group
1.OU=Another Group
A sample configuration file with the relevant sections for this command:
[ ca ]
default_ca = CA_default # The default ca section
[ CA_default ]
dir = ./demoCA # top dir
database = $dir/index.txt # index file.
new_certs_dir = $dir/newcerts # new certs dir
certificate = $dir/cacert.pem # The CA cert
serial = $dir/serial # serial no file
#rand_serial = yes # for random serial#'s
private_key = $dir/private/cakey.pem# CA private key
default_days = 365 # how long to certify for
default_crl_days= 30 # how long before next CRL
default_md = sha256 # md to use
policy = policy_any # default policy
email_in_dn = no # Don't add the email into cert DN
name_opt = ca_default # Subject name display option
cert_opt = ca_default # Certificate display option
copy_extensions = none # Don't copy extensions from request
[ policy_any ]
countryName = supplied
stateOrProvinceName = optional
organizationName = optional
organizationalUnitName = optional
commonName = supplied
emailAddress = optional
=head1 FILES
Note: the location of all files can change either by compile time options,
configuration file entries, environment variables or command line options.
The values below reflect the default values.
/usr/local/ssl/lib/openssl.cnf - master configuration file
./demoCA - main CA directory
./demoCA/cacert.pem - CA certificate
./demoCA/private/cakey.pem - CA private key
./demoCA/serial - CA serial number file
./demoCA/serial.old - CA serial number backup file
./demoCA/index.txt - CA text database file
./demoCA/index.txt.old - CA text database backup file
./demoCA/certs - certificate output file
=head1 RESTRICTIONS
The text database index file is a critical part of the process and
if corrupted it can be difficult to fix. It is theoretically possible
to rebuild the index file from all the issued certificates and a current
CRL: however there is no option to do this.
V2 CRL features like delta CRLs are not currently supported.
Although several requests can be input and handled at once it is only
possible to include one SPKAC or self-signed certificate.
=head1 BUGS
This command is quirky and at times downright unfriendly.
The use of an in-memory text database can cause problems when large
numbers of certificates are present because, as the name implies
the database has to be kept in memory.
This command really needs rewriting or the required functionality
exposed at either a command or interface level so that a more user-friendly
replacement could handle things properly. The script
B<CA.pl> helps a little but not very much.
Any fields in a request that are not present in a policy are silently
deleted. This does not happen if the B<-preserveDN> option is used. To
enforce the absence of the EMAIL field within the DN, as suggested by
RFCs, regardless the contents of the request' subject the B<-noemailDN>
option can be used. The behaviour should be more friendly and
configurable.
Canceling some commands by refusing to certify a certificate can
create an empty file.
=head1 WARNINGS
This command was originally meant as an example of how to do things in a CA.
Its code does not have production quality.
It was not supposed to be used as a full blown CA itself,
nevertheless some people are using it for this purpose at least internally.
When doing so, specific care should be taken to
properly secure the private key(s) used for signing certificates.
It is advisable to keep them in a secure HW storage such as a smart card or HSM
and access them via a suitable engine or crypto provider.
This command is effectively a single user command: no locking
is done on the various files and attempts to run more than one B<openssl ca>
command on the same database can have unpredictable results.
The B<copy_extensions> option should be used with caution. If care is
not taken then it can be a security risk. For example if a certificate
request contains a basicConstraints extension with CA:TRUE and the
B<copy_extensions> value is set to B<copyall> and the user does not spot
this when the certificate is displayed then this will hand the requester
a valid CA certificate.
This situation can be avoided by setting B<copy_extensions> to B<copy>
and including basicConstraints with CA:FALSE in the configuration file.
Then if the request contains a basicConstraints extension it will be
ignored.
It is advisable to also include values for other extensions such
as B<keyUsage> to prevent a request supplying its own values.
Additional restrictions can be placed on the CA certificate itself.
For example if the CA certificate has:
basicConstraints = CA:TRUE, pathlen:0
then even if a certificate is issued with CA:TRUE it will not be valid.
=head1 HISTORY
Since OpenSSL 1.1.1, the program follows RFC5280. Specifically,
certificate validity period (specified by any of B<-startdate>,
B<-enddate> and B<-days>) and CRL last/next update time (specified by
any of B<-crl_lastupdate>, B<-crl_nextupdate>, B<-crldays>, B<-crlhours>
and B<-crlsec>) will be encoded as UTCTime if the dates are
earlier than year 2049 (included), and as GeneralizedTime if the dates
are in year 2050 or later.
OpenSSL 1.1.1 introduced a new random generator (CSPRNG) with an improved
seeding mechanism. The new seeding mechanism makes it unnecessary to
define a RANDFILE for saving and restoring randomness. This option is
retained mainly for compatibility reasons.
The B<-section> option was added in OpenSSL 3.0.0.
The B<-multivalue-rdn> option has become obsolete in OpenSSL 3.0.0 and
has no effect.
The B<-engine> option was deprecated in OpenSSL 3.0.
Since OpenSSL 3.2, generated certificates bear X.509 version 3,
and key identifier extensions are included by default.
=head1 SEE ALSO
L<openssl(1)>,
L<openssl-req(1)>,
L<openssl-spkac(1)>,
L<openssl-x509(1)>,
L<CA.pl(1)>,
L<config(5)>,
L<x509v3_config(5)>
=head1 COPYRIGHT
Copyright 2000-2024 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
in the file LICENSE in the source distribution or at
L<https://www.openssl.org/source/license.html>.
=cut

839
openssl-3.4.2/doc/man1/openssl-ciphers.pod Normal file
View File

@@ -0,0 +1,839 @@
=pod
=begin comment
WARNING: do not edit!
Generated by Makefile from doc/man1/openssl-ciphers.pod.in
=end comment
=head1 NAME
openssl-ciphers - SSL cipher display and cipher list command
=head1 SYNOPSIS
B<openssl> B<ciphers>
[B<-help>]
[B<-s>]
[B<-v>]
[B<-V>]
[B<-ssl3>]
[B<-tls1>]
[B<-tls1_1>]
[B<-tls1_2>]
[B<-tls1_3>]
[B<-s>]
[B<-psk>]
[B<-srp>]
[B<-stdname>]
[B<-convert> I<name>]
[B<-ciphersuites> I<val>]
[B<-provider> I<name>]
[B<-provider-path> I<path>]
[B<-propquery> I<propq>]
[I<cipherlist>]
=head1 DESCRIPTION
This command converts textual OpenSSL cipher lists into
ordered SSL cipher preference lists. It can be used to
determine the appropriate cipherlist.
=head1 OPTIONS
=over 4
=item B<-help>
Print a usage message.
=item B<-provider> I<name>
=item B<-provider-path> I<path>
=item B<-propquery> I<propq>
See L<openssl(1)/Provider Options>, L<provider(7)>, and L<property(7)>.
=item B<-s>
Only list supported ciphers: those consistent with the security level, and
minimum and maximum protocol version. This is closer to the actual cipher list
an application will support.
PSK and SRP ciphers are not enabled by default: they require B<-psk> or B<-srp>
to enable them.
It also does not change the default list of supported signature algorithms.
On a server the list of supported ciphers might also exclude other ciphers
depending on the configured certificates and presence of DH parameters.
If this option is not used then all ciphers that match the cipherlist will be
listed.
=item B<-psk>
When combined with B<-s> includes cipher suites which require PSK.
=item B<-srp>
When combined with B<-s> includes cipher suites which require SRP. This option
is deprecated.
=item B<-v>
Verbose output: For each cipher suite, list details as provided by
L<SSL_CIPHER_description(3)>.
=item B<-V>
Like B<-v>, but include the official cipher suite values in hex.
=item B<-tls1_3>, B<-tls1_2>, B<-tls1_1>, B<-tls1>, B<-ssl3>
In combination with the B<-s> option, list the ciphers which could be used if
the specified protocol were negotiated.
Note that not all protocols and flags may be available, depending on how
OpenSSL was built.
=item B<-stdname>
Precede each cipher suite by its standard name.
=item B<-convert> I<name>
Convert a standard cipher I<name> to its OpenSSL name.
=item B<-ciphersuites> I<val>
Sets the list of TLSv1.3 ciphersuites. This list will be combined with any
TLSv1.2 and below ciphersuites that have been configured. The format for this
list is a simple colon (":") separated list of TLSv1.3 ciphersuite names. By
default this value is:
TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256
=item B<cipherlist>
A cipher list of TLSv1.2 and below ciphersuites to convert to a cipher
preference list. This list will be combined with any TLSv1.3 ciphersuites that
have been configured. If it is not included then the default cipher list will be
used. The format is described below.
=back
=head1 CIPHER LIST FORMAT
The cipher list consists of one or more I<cipher strings> separated by colons.
Commas or spaces are also acceptable separators but colons are normally used.
The cipher string may reference a cipher using its standard name from
the IANA TLS Cipher Suites Registry
(L<https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-4>).
The actual cipher string can take several different forms.
It can consist of a single cipher suite such as B<RC4-SHA>.
It can represent a list of cipher suites containing a certain algorithm, or
cipher suites of a certain type. For example B<SHA1> represents all ciphers
suites using the digest algorithm SHA1 and B<SSLv3> represents all SSL v3
algorithms.
Lists of cipher suites can be combined in a single cipher string using the
B<+> character. This is used as a logical B<and> operation. For example
B<SHA1+DES> represents all cipher suites containing the SHA1 B<and> the DES
algorithms.
Each cipher string can be optionally preceded by the characters B<!>,
B<-> or B<+>.
If B<!> is used then the ciphers are permanently deleted from the list.
The ciphers deleted can never reappear in the list even if they are
explicitly stated.
If B<-> is used then the ciphers are deleted from the list, but some or
all of the ciphers can be added again by later options.
If B<+> is used then the ciphers are moved to the end of the list. This
option doesn't add any new ciphers it just moves matching existing ones.
If none of these characters is present then the string is just interpreted
as a list of ciphers to be appended to the current preference list. If the
list includes any ciphers already present they will be ignored: that is they
will not moved to the end of the list.
The cipher string B<@STRENGTH> can be used at any point to sort the current
cipher list in order of encryption algorithm key length.
The cipher string B<@SECLEVEL>=I<n> can be used at any point to set the security
level to I<n>, which should be a number between zero and five, inclusive.
See L<SSL_CTX_set_security_level(3)> for a description of what each level means.
The cipher list can be prefixed with the B<DEFAULT> keyword, which enables
the default cipher list as defined below. Unlike cipher strings,
this prefix may not be combined with other strings using B<+> character.
For example, B<DEFAULT+DES> is not valid.
The content of the default list is determined at compile time and normally
corresponds to B<ALL:!COMPLEMENTOFDEFAULT:!eNULL>.
=head1 CIPHER STRINGS
The following is a list of all permitted cipher strings and their meanings.
=over 4
=item B<COMPLEMENTOFDEFAULT>
The ciphers included in B<ALL>, but not enabled by default. Currently
this includes all RC4 and anonymous ciphers. Note that this rule does
not cover B<eNULL>, which is not included by B<ALL> (use B<COMPLEMENTOFALL> if
necessary). Note that RC4 based cipher suites are not built into OpenSSL by
default (see the enable-weak-ssl-ciphers option to Configure).
=item B<ALL>
All cipher suites except the B<eNULL> ciphers (which must be explicitly enabled
if needed).
As of OpenSSL 1.0.0, the B<ALL> cipher suites are sensibly ordered by default.
=item B<COMPLEMENTOFALL>
The cipher suites not enabled by B<ALL>, currently B<eNULL>.
=item B<HIGH>
"High" encryption cipher suites. This currently means those with key lengths
larger than 128 bits, and some cipher suites with 128-bit keys.
=item B<MEDIUM>
"Medium" encryption cipher suites, currently some of those using 128 bit
encryption.
=item B<LOW>
"Low" encryption cipher suites, currently those using 64 or 56 bit
encryption algorithms but excluding export cipher suites. All these
cipher suites have been removed as of OpenSSL 1.1.0.
=item B<eNULL>, B<NULL>
The "NULL" ciphers that is those offering no encryption. Because these offer no
encryption at all and are a security risk they are not enabled via either the
B<DEFAULT> or B<ALL> cipher strings.
Be careful when building cipherlists out of lower-level primitives such as
B<kRSA> or B<aECDSA> as these do overlap with the B<eNULL> ciphers. When in
doubt, include B<!eNULL> in your cipherlist.
=item B<aNULL>
The cipher suites offering no authentication. This is currently the anonymous
DH algorithms and anonymous ECDH algorithms. These cipher suites are vulnerable
to "man in the middle" attacks and so their use is discouraged.
These are excluded from the B<DEFAULT> ciphers, but included in the B<ALL>
ciphers.
Be careful when building cipherlists out of lower-level primitives such as
B<kDHE> or B<AES> as these do overlap with the B<aNULL> ciphers.
When in doubt, include B<!aNULL> in your cipherlist.
=item B<kRSA>, B<aRSA>, B<RSA>
Cipher suites using RSA key exchange or authentication. B<RSA> is an alias for
B<kRSA>.
=item B<kDHr>, B<kDHd>, B<kDH>
Cipher suites using static DH key agreement and DH certificates signed by CAs
with RSA and DSS keys or either respectively.
All these cipher suites have been removed in OpenSSL 1.1.0.
=item B<kDHE>, B<kEDH>, B<DH>
Cipher suites using ephemeral DH key agreement, including anonymous cipher
suites.
=item B<DHE>, B<EDH>
Cipher suites using authenticated ephemeral DH key agreement.
=item B<ADH>
Anonymous DH cipher suites, note that this does not include anonymous Elliptic
Curve DH (ECDH) cipher suites.
=item B<kEECDH>, B<kECDHE>, B<ECDH>
Cipher suites using ephemeral ECDH key agreement, including anonymous
cipher suites.
=item B<ECDHE>, B<EECDH>
Cipher suites using authenticated ephemeral ECDH key agreement.
=item B<AECDH>
Anonymous Elliptic Curve Diffie-Hellman cipher suites.
=item B<aDSS>, B<DSS>
Cipher suites using DSS authentication, i.e. the certificates carry DSS keys.
=item B<aDH>
Cipher suites effectively using DH authentication, i.e. the certificates carry
DH keys.
All these cipher suites have been removed in OpenSSL 1.1.0.
=item B<aECDSA>, B<ECDSA>
Cipher suites using ECDSA authentication, i.e. the certificates carry ECDSA
keys.
=item B<TLSv1.2>, B<TLSv1.0>, B<SSLv3>
Lists cipher suites which are only supported in at least TLS v1.2, TLS v1.0 or
SSL v3.0 respectively.
Note: there are no cipher suites specific to TLS v1.1.
Since this is only the minimum version, if, for example, TLSv1.0 is negotiated
then both TLSv1.0 and SSLv3.0 cipher suites are available.
Note: these cipher strings B<do not> change the negotiated version of SSL or
TLS, they only affect the list of available cipher suites.
=item B<AES128>, B<AES256>, B<AES>
cipher suites using 128 bit AES, 256 bit AES or either 128 or 256 bit AES.
=item B<AESGCM>
AES in Galois Counter Mode (GCM): these cipher suites are only supported
in TLS v1.2.
=item B<AESCCM>, B<AESCCM8>
AES in Cipher Block Chaining - Message Authentication Mode (CCM): these
cipher suites are only supported in TLS v1.2. B<AESCCM> references CCM
cipher suites using both 16 and 8 octet Integrity Check Value (ICV)
while B<AESCCM8> only references 8 octet ICV.
=item B<ARIA128>, B<ARIA256>, B<ARIA>
Cipher suites using 128 bit ARIA, 256 bit ARIA or either 128 or 256 bit
ARIA.
=item B<CAMELLIA128>, B<CAMELLIA256>, B<CAMELLIA>
Cipher suites using 128 bit CAMELLIA, 256 bit CAMELLIA or either 128 or 256 bit
CAMELLIA.
=item B<CHACHA20>
Cipher suites using ChaCha20.
=item B<3DES>
Cipher suites using triple DES.
=item B<DES>
Cipher suites using DES (not triple DES).
All these cipher suites have been removed in OpenSSL 1.1.0.
=item B<RC4>
Cipher suites using RC4.
=item B<RC2>
Cipher suites using RC2.
=item B<IDEA>
Cipher suites using IDEA.
=item B<SEED>
Cipher suites using SEED.
=item B<MD5>
Cipher suites using MD5.
=item B<SHA1>, B<SHA>
Cipher suites using SHA1.
=item B<SHA256>, B<SHA384>
Cipher suites using SHA256 or SHA384.
=item B<aGOST>
Cipher suites using GOST R 34.10 (either 2001 or 94) for authentication
(needs an engine supporting GOST algorithms).
=item B<aGOST01>
Cipher suites using GOST R 34.10-2001 authentication.
=item B<kGOST>
Cipher suites, using VKO 34.10 key exchange, specified in the RFC 4357.
=item B<GOST94>
Cipher suites, using HMAC based on GOST R 34.11-94.
=item B<GOST89MAC>
Cipher suites using GOST 28147-89 MAC B<instead of> HMAC.
=item B<PSK>
All cipher suites using pre-shared keys (PSK).
=item B<kPSK>, B<kECDHEPSK>, B<kDHEPSK>, B<kRSAPSK>
Cipher suites using PSK key exchange, ECDHE_PSK, DHE_PSK or RSA_PSK.
=item B<aPSK>
Cipher suites using PSK authentication (currently all PSK modes apart from
RSA_PSK).
=item B<SUITEB128>, B<SUITEB128ONLY>, B<SUITEB192>
Enables suite B mode of operation using 128 (permitting 192 bit mode by peer)
128 bit (not permitting 192 bit by peer) or 192 bit level of security
respectively.
If used these cipherstrings should appear first in the cipher
list and anything after them is ignored.
Setting Suite B mode has additional consequences required to comply with
RFC6460.
In particular the supported signature algorithms is reduced to support only
ECDSA and SHA256 or SHA384, only the elliptic curves P-256 and P-384 can be
used and only the two suite B compliant cipher suites
(ECDHE-ECDSA-AES128-GCM-SHA256 and ECDHE-ECDSA-AES256-GCM-SHA384) are
permissible.
=item B<CBC>
All cipher suites using encryption algorithm in Cipher Block Chaining (CBC)
mode. These cipher suites are only supported in TLS v1.2 and earlier. Currently
it's an alias for the following cipherstrings: B<SSL_DES>, B<SSL_3DES>, B<SSL_RC2>,
B<SSL_IDEA>, B<SSL_AES128>, B<SSL_AES256>, B<SSL_CAMELLIA128>, B<SSL_CAMELLIA256>, B<SSL_SEED>.
=back
=head1 CIPHER SUITE NAMES
The following lists give the standard SSL or TLS cipher suites names from the
relevant specification and their OpenSSL equivalents. You can use either
standard names or OpenSSL names in cipher lists, or a mix of both.
It should be noted, that several cipher suite names do not include the
authentication used, e.g. DES-CBC3-SHA. In these cases, RSA authentication
is used.
=head2 SSL v3.0 cipher suites
SSL_RSA_WITH_NULL_MD5 NULL-MD5
SSL_RSA_WITH_NULL_SHA NULL-SHA
SSL_RSA_WITH_RC4_128_MD5 RC4-MD5
SSL_RSA_WITH_RC4_128_SHA RC4-SHA
SSL_RSA_WITH_IDEA_CBC_SHA IDEA-CBC-SHA
SSL_RSA_WITH_3DES_EDE_CBC_SHA DES-CBC3-SHA
SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA DH-DSS-DES-CBC3-SHA
SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA DH-RSA-DES-CBC3-SHA
SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA DHE-DSS-DES-CBC3-SHA
SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA DHE-RSA-DES-CBC3-SHA
SSL_DH_anon_WITH_RC4_128_MD5 ADH-RC4-MD5
SSL_DH_anon_WITH_3DES_EDE_CBC_SHA ADH-DES-CBC3-SHA
SSL_FORTEZZA_KEA_WITH_NULL_SHA Not implemented.
SSL_FORTEZZA_KEA_WITH_FORTEZZA_CBC_SHA Not implemented.
SSL_FORTEZZA_KEA_WITH_RC4_128_SHA Not implemented.
=head2 TLS v1.0 cipher suites
TLS_RSA_WITH_NULL_MD5 NULL-MD5
TLS_RSA_WITH_NULL_SHA NULL-SHA
TLS_RSA_WITH_RC4_128_MD5 RC4-MD5
TLS_RSA_WITH_RC4_128_SHA RC4-SHA
TLS_RSA_WITH_IDEA_CBC_SHA IDEA-CBC-SHA
TLS_RSA_WITH_3DES_EDE_CBC_SHA DES-CBC3-SHA
TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA Not implemented.
TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA Not implemented.
TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA DHE-DSS-DES-CBC3-SHA
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA DHE-RSA-DES-CBC3-SHA
TLS_DH_anon_WITH_RC4_128_MD5 ADH-RC4-MD5
TLS_DH_anon_WITH_3DES_EDE_CBC_SHA ADH-DES-CBC3-SHA
=head2 AES cipher suites from RFC3268, extending TLS v1.0
TLS_RSA_WITH_AES_128_CBC_SHA AES128-SHA
TLS_RSA_WITH_AES_256_CBC_SHA AES256-SHA
TLS_DH_DSS_WITH_AES_128_CBC_SHA DH-DSS-AES128-SHA
TLS_DH_DSS_WITH_AES_256_CBC_SHA DH-DSS-AES256-SHA
TLS_DH_RSA_WITH_AES_128_CBC_SHA DH-RSA-AES128-SHA
TLS_DH_RSA_WITH_AES_256_CBC_SHA DH-RSA-AES256-SHA
TLS_DHE_DSS_WITH_AES_128_CBC_SHA DHE-DSS-AES128-SHA
TLS_DHE_DSS_WITH_AES_256_CBC_SHA DHE-DSS-AES256-SHA
TLS_DHE_RSA_WITH_AES_128_CBC_SHA DHE-RSA-AES128-SHA
TLS_DHE_RSA_WITH_AES_256_CBC_SHA DHE-RSA-AES256-SHA
TLS_DH_anon_WITH_AES_128_CBC_SHA ADH-AES128-SHA
TLS_DH_anon_WITH_AES_256_CBC_SHA ADH-AES256-SHA
=head2 Camellia cipher suites from RFC4132, extending TLS v1.0
TLS_RSA_WITH_CAMELLIA_128_CBC_SHA CAMELLIA128-SHA
TLS_RSA_WITH_CAMELLIA_256_CBC_SHA CAMELLIA256-SHA
TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA DH-DSS-CAMELLIA128-SHA
TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA DH-DSS-CAMELLIA256-SHA
TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA DH-RSA-CAMELLIA128-SHA
TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA DH-RSA-CAMELLIA256-SHA
TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA DHE-DSS-CAMELLIA128-SHA
TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA DHE-DSS-CAMELLIA256-SHA
TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA DHE-RSA-CAMELLIA128-SHA
TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA DHE-RSA-CAMELLIA256-SHA
TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA ADH-CAMELLIA128-SHA
TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA ADH-CAMELLIA256-SHA
=head2 SEED cipher suites from RFC4162, extending TLS v1.0
TLS_RSA_WITH_SEED_CBC_SHA SEED-SHA
TLS_DH_DSS_WITH_SEED_CBC_SHA DH-DSS-SEED-SHA
TLS_DH_RSA_WITH_SEED_CBC_SHA DH-RSA-SEED-SHA
TLS_DHE_DSS_WITH_SEED_CBC_SHA DHE-DSS-SEED-SHA
TLS_DHE_RSA_WITH_SEED_CBC_SHA DHE-RSA-SEED-SHA
TLS_DH_anon_WITH_SEED_CBC_SHA ADH-SEED-SHA
=head2 GOST cipher suites from draft-chudov-cryptopro-cptls, extending TLS v1.0
Note: these ciphers require an engine which including GOST cryptographic
algorithms, such as the B<gost> engine, which isn't part of the OpenSSL
distribution.
TLS_GOSTR341094_WITH_28147_CNT_IMIT GOST94-GOST89-GOST89
TLS_GOSTR341001_WITH_28147_CNT_IMIT GOST2001-GOST89-GOST89
TLS_GOSTR341094_WITH_NULL_GOSTR3411 GOST94-NULL-GOST94
TLS_GOSTR341001_WITH_NULL_GOSTR3411 GOST2001-NULL-GOST94
=head2 GOST cipher suites, extending TLS v1.2
Note: these ciphers require an engine which including GOST cryptographic
algorithms, such as the B<gost> engine, which isn't part of the OpenSSL
distribution.
TLS_GOSTR341112_256_WITH_28147_CNT_IMIT GOST2012-GOST8912-GOST8912
TLS_GOSTR341112_256_WITH_NULL_GOSTR3411 GOST2012-NULL-GOST12
Note: GOST2012-GOST8912-GOST8912 is an alias for two ciphers ID
old LEGACY-GOST2012-GOST8912-GOST8912 and new IANA-GOST2012-GOST8912-GOST8912
=head2 Additional Export 1024 and other cipher suites
Note: these ciphers can also be used in SSL v3.
TLS_DHE_DSS_WITH_RC4_128_SHA DHE-DSS-RC4-SHA
=head2 Elliptic curve cipher suites
TLS_ECDHE_RSA_WITH_NULL_SHA ECDHE-RSA-NULL-SHA
TLS_ECDHE_RSA_WITH_RC4_128_SHA ECDHE-RSA-RC4-SHA
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA ECDHE-RSA-DES-CBC3-SHA
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA ECDHE-RSA-AES128-SHA
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA ECDHE-RSA-AES256-SHA
TLS_ECDHE_ECDSA_WITH_NULL_SHA ECDHE-ECDSA-NULL-SHA
TLS_ECDHE_ECDSA_WITH_RC4_128_SHA ECDHE-ECDSA-RC4-SHA
TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA ECDHE-ECDSA-DES-CBC3-SHA
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA ECDHE-ECDSA-AES128-SHA
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA ECDHE-ECDSA-AES256-SHA
TLS_ECDH_anon_WITH_NULL_SHA AECDH-NULL-SHA
TLS_ECDH_anon_WITH_RC4_128_SHA AECDH-RC4-SHA
TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA AECDH-DES-CBC3-SHA
TLS_ECDH_anon_WITH_AES_128_CBC_SHA AECDH-AES128-SHA
TLS_ECDH_anon_WITH_AES_256_CBC_SHA AECDH-AES256-SHA
=head2 TLS v1.2 cipher suites
TLS_RSA_WITH_NULL_SHA256 NULL-SHA256
TLS_RSA_WITH_AES_128_CBC_SHA256 AES128-SHA256
TLS_RSA_WITH_AES_256_CBC_SHA256 AES256-SHA256
TLS_RSA_WITH_AES_128_GCM_SHA256 AES128-GCM-SHA256
TLS_RSA_WITH_AES_256_GCM_SHA384 AES256-GCM-SHA384
TLS_DH_RSA_WITH_AES_128_CBC_SHA256 DH-RSA-AES128-SHA256
TLS_DH_RSA_WITH_AES_256_CBC_SHA256 DH-RSA-AES256-SHA256
TLS_DH_RSA_WITH_AES_128_GCM_SHA256 DH-RSA-AES128-GCM-SHA256
TLS_DH_RSA_WITH_AES_256_GCM_SHA384 DH-RSA-AES256-GCM-SHA384
TLS_DH_DSS_WITH_AES_128_CBC_SHA256 DH-DSS-AES128-SHA256
TLS_DH_DSS_WITH_AES_256_CBC_SHA256 DH-DSS-AES256-SHA256
TLS_DH_DSS_WITH_AES_128_GCM_SHA256 DH-DSS-AES128-GCM-SHA256
TLS_DH_DSS_WITH_AES_256_GCM_SHA384 DH-DSS-AES256-GCM-SHA384
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 DHE-RSA-AES128-SHA256
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 DHE-RSA-AES256-SHA256
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 DHE-RSA-AES128-GCM-SHA256
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 DHE-RSA-AES256-GCM-SHA384
TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 DHE-DSS-AES128-SHA256
TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 DHE-DSS-AES256-SHA256
TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 DHE-DSS-AES128-GCM-SHA256
TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 DHE-DSS-AES256-GCM-SHA384
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 ECDHE-RSA-AES128-SHA256
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 ECDHE-RSA-AES256-SHA384
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 ECDHE-RSA-AES128-GCM-SHA256
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDHE-RSA-AES256-GCM-SHA384
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 ECDHE-ECDSA-AES128-SHA256
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 ECDHE-ECDSA-AES256-SHA384
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 ECDHE-ECDSA-AES128-GCM-SHA256
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 ECDHE-ECDSA-AES256-GCM-SHA384
TLS_DH_anon_WITH_AES_128_CBC_SHA256 ADH-AES128-SHA256
TLS_DH_anon_WITH_AES_256_CBC_SHA256 ADH-AES256-SHA256
TLS_DH_anon_WITH_AES_128_GCM_SHA256 ADH-AES128-GCM-SHA256
TLS_DH_anon_WITH_AES_256_GCM_SHA384 ADH-AES256-GCM-SHA384
RSA_WITH_AES_128_CCM AES128-CCM
RSA_WITH_AES_256_CCM AES256-CCM
DHE_RSA_WITH_AES_128_CCM DHE-RSA-AES128-CCM
DHE_RSA_WITH_AES_256_CCM DHE-RSA-AES256-CCM
RSA_WITH_AES_128_CCM_8 AES128-CCM8
RSA_WITH_AES_256_CCM_8 AES256-CCM8
DHE_RSA_WITH_AES_128_CCM_8 DHE-RSA-AES128-CCM8
DHE_RSA_WITH_AES_256_CCM_8 DHE-RSA-AES256-CCM8
ECDHE_ECDSA_WITH_AES_128_CCM ECDHE-ECDSA-AES128-CCM
ECDHE_ECDSA_WITH_AES_256_CCM ECDHE-ECDSA-AES256-CCM
ECDHE_ECDSA_WITH_AES_128_CCM_8 ECDHE-ECDSA-AES128-CCM8
ECDHE_ECDSA_WITH_AES_256_CCM_8 ECDHE-ECDSA-AES256-CCM8
=head2 ARIA cipher suites from RFC6209, extending TLS v1.2
Note: the CBC modes mentioned in this RFC are not supported.
TLS_RSA_WITH_ARIA_128_GCM_SHA256 ARIA128-GCM-SHA256
TLS_RSA_WITH_ARIA_256_GCM_SHA384 ARIA256-GCM-SHA384
TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256 DHE-RSA-ARIA128-GCM-SHA256
TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384 DHE-RSA-ARIA256-GCM-SHA384
TLS_DHE_DSS_WITH_ARIA_128_GCM_SHA256 DHE-DSS-ARIA128-GCM-SHA256
TLS_DHE_DSS_WITH_ARIA_256_GCM_SHA384 DHE-DSS-ARIA256-GCM-SHA384
TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256 ECDHE-ECDSA-ARIA128-GCM-SHA256
TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384 ECDHE-ECDSA-ARIA256-GCM-SHA384
TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256 ECDHE-ARIA128-GCM-SHA256
TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384 ECDHE-ARIA256-GCM-SHA384
TLS_PSK_WITH_ARIA_128_GCM_SHA256 PSK-ARIA128-GCM-SHA256
TLS_PSK_WITH_ARIA_256_GCM_SHA384 PSK-ARIA256-GCM-SHA384
TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256 DHE-PSK-ARIA128-GCM-SHA256
TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384 DHE-PSK-ARIA256-GCM-SHA384
TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256 RSA-PSK-ARIA128-GCM-SHA256
TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384 RSA-PSK-ARIA256-GCM-SHA384
=head2 Camellia HMAC-Based cipher suites from RFC6367, extending TLS v1.2
TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 ECDHE-ECDSA-CAMELLIA128-SHA256
TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 ECDHE-ECDSA-CAMELLIA256-SHA384
TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 ECDHE-RSA-CAMELLIA128-SHA256
TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 ECDHE-RSA-CAMELLIA256-SHA384
=head2 Pre-shared keying (PSK) cipher suites
PSK_WITH_NULL_SHA PSK-NULL-SHA
DHE_PSK_WITH_NULL_SHA DHE-PSK-NULL-SHA
RSA_PSK_WITH_NULL_SHA RSA-PSK-NULL-SHA
PSK_WITH_RC4_128_SHA PSK-RC4-SHA
PSK_WITH_3DES_EDE_CBC_SHA PSK-3DES-EDE-CBC-SHA
PSK_WITH_AES_128_CBC_SHA PSK-AES128-CBC-SHA
PSK_WITH_AES_256_CBC_SHA PSK-AES256-CBC-SHA
DHE_PSK_WITH_RC4_128_SHA DHE-PSK-RC4-SHA
DHE_PSK_WITH_3DES_EDE_CBC_SHA DHE-PSK-3DES-EDE-CBC-SHA
DHE_PSK_WITH_AES_128_CBC_SHA DHE-PSK-AES128-CBC-SHA
DHE_PSK_WITH_AES_256_CBC_SHA DHE-PSK-AES256-CBC-SHA
RSA_PSK_WITH_RC4_128_SHA RSA-PSK-RC4-SHA
RSA_PSK_WITH_3DES_EDE_CBC_SHA RSA-PSK-3DES-EDE-CBC-SHA
RSA_PSK_WITH_AES_128_CBC_SHA RSA-PSK-AES128-CBC-SHA
RSA_PSK_WITH_AES_256_CBC_SHA RSA-PSK-AES256-CBC-SHA
PSK_WITH_AES_128_GCM_SHA256 PSK-AES128-GCM-SHA256
PSK_WITH_AES_256_GCM_SHA384 PSK-AES256-GCM-SHA384
DHE_PSK_WITH_AES_128_GCM_SHA256 DHE-PSK-AES128-GCM-SHA256
DHE_PSK_WITH_AES_256_GCM_SHA384 DHE-PSK-AES256-GCM-SHA384
RSA_PSK_WITH_AES_128_GCM_SHA256 RSA-PSK-AES128-GCM-SHA256
RSA_PSK_WITH_AES_256_GCM_SHA384 RSA-PSK-AES256-GCM-SHA384
PSK_WITH_AES_128_CBC_SHA256 PSK-AES128-CBC-SHA256
PSK_WITH_AES_256_CBC_SHA384 PSK-AES256-CBC-SHA384
PSK_WITH_NULL_SHA256 PSK-NULL-SHA256
PSK_WITH_NULL_SHA384 PSK-NULL-SHA384
DHE_PSK_WITH_AES_128_CBC_SHA256 DHE-PSK-AES128-CBC-SHA256
DHE_PSK_WITH_AES_256_CBC_SHA384 DHE-PSK-AES256-CBC-SHA384
DHE_PSK_WITH_NULL_SHA256 DHE-PSK-NULL-SHA256
DHE_PSK_WITH_NULL_SHA384 DHE-PSK-NULL-SHA384
RSA_PSK_WITH_AES_128_CBC_SHA256 RSA-PSK-AES128-CBC-SHA256
RSA_PSK_WITH_AES_256_CBC_SHA384 RSA-PSK-AES256-CBC-SHA384
RSA_PSK_WITH_NULL_SHA256 RSA-PSK-NULL-SHA256
RSA_PSK_WITH_NULL_SHA384 RSA-PSK-NULL-SHA384
PSK_WITH_AES_128_GCM_SHA256 PSK-AES128-GCM-SHA256
PSK_WITH_AES_256_GCM_SHA384 PSK-AES256-GCM-SHA384
ECDHE_PSK_WITH_RC4_128_SHA ECDHE-PSK-RC4-SHA
ECDHE_PSK_WITH_3DES_EDE_CBC_SHA ECDHE-PSK-3DES-EDE-CBC-SHA
ECDHE_PSK_WITH_AES_128_CBC_SHA ECDHE-PSK-AES128-CBC-SHA
ECDHE_PSK_WITH_AES_256_CBC_SHA ECDHE-PSK-AES256-CBC-SHA
ECDHE_PSK_WITH_AES_128_CBC_SHA256 ECDHE-PSK-AES128-CBC-SHA256
ECDHE_PSK_WITH_AES_256_CBC_SHA384 ECDHE-PSK-AES256-CBC-SHA384
ECDHE_PSK_WITH_NULL_SHA ECDHE-PSK-NULL-SHA
ECDHE_PSK_WITH_NULL_SHA256 ECDHE-PSK-NULL-SHA256
ECDHE_PSK_WITH_NULL_SHA384 ECDHE-PSK-NULL-SHA384
PSK_WITH_CAMELLIA_128_CBC_SHA256 PSK-CAMELLIA128-SHA256
PSK_WITH_CAMELLIA_256_CBC_SHA384 PSK-CAMELLIA256-SHA384
DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 DHE-PSK-CAMELLIA128-SHA256
DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 DHE-PSK-CAMELLIA256-SHA384
RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256 RSA-PSK-CAMELLIA128-SHA256
RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384 RSA-PSK-CAMELLIA256-SHA384
ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 ECDHE-PSK-CAMELLIA128-SHA256
ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 ECDHE-PSK-CAMELLIA256-SHA384
PSK_WITH_AES_128_CCM PSK-AES128-CCM
PSK_WITH_AES_256_CCM PSK-AES256-CCM
DHE_PSK_WITH_AES_128_CCM DHE-PSK-AES128-CCM
DHE_PSK_WITH_AES_256_CCM DHE-PSK-AES256-CCM
PSK_WITH_AES_128_CCM_8 PSK-AES128-CCM8
PSK_WITH_AES_256_CCM_8 PSK-AES256-CCM8
DHE_PSK_WITH_AES_128_CCM_8 DHE-PSK-AES128-CCM8
DHE_PSK_WITH_AES_256_CCM_8 DHE-PSK-AES256-CCM8
=head2 ChaCha20-Poly1305 cipher suites, extending TLS v1.2
TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 ECDHE-RSA-CHACHA20-POLY1305
TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 ECDHE-ECDSA-CHACHA20-POLY1305
TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 DHE-RSA-CHACHA20-POLY1305
TLS_PSK_WITH_CHACHA20_POLY1305_SHA256 PSK-CHACHA20-POLY1305
TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256 ECDHE-PSK-CHACHA20-POLY1305
TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256 DHE-PSK-CHACHA20-POLY1305
TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256 RSA-PSK-CHACHA20-POLY1305
=head2 TLS v1.3 cipher suites
TLS_AES_128_GCM_SHA256 TLS_AES_128_GCM_SHA256
TLS_AES_256_GCM_SHA384 TLS_AES_256_GCM_SHA384
TLS_CHACHA20_POLY1305_SHA256 TLS_CHACHA20_POLY1305_SHA256
TLS_AES_128_CCM_SHA256 TLS_AES_128_CCM_SHA256
TLS_AES_128_CCM_8_SHA256 TLS_AES_128_CCM_8_SHA256
=head2 TLS v1.3 integrity-only cipher suites according to RFC 9150
TLS_SHA256_SHA256 TLS_SHA256_SHA256
TLS_SHA384_SHA384 TLS_SHA384_SHA384
Note: these ciphers are purely HMAC based and do not provide any confidentiality
and thus are disabled by default.
These ciphers are only available at security level 0.
=head2 Older names used by OpenSSL
The following names are accepted by older releases:
SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA EDH-RSA-DES-CBC3-SHA (DHE-RSA-DES-CBC3-SHA)
SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA EDH-DSS-DES-CBC3-SHA (DHE-DSS-DES-CBC3-SHA)
=head1 NOTES
Some compiled versions of OpenSSL may not include all the ciphers
listed here because some ciphers were excluded at compile time.
=head1 EXAMPLES
Verbose listing of all OpenSSL ciphers including NULL ciphers:
openssl ciphers -v 'ALL:eNULL'
Include all ciphers except NULL and anonymous DH then sort by
strength:
openssl ciphers -v 'ALL:!ADH:@STRENGTH'
Include all ciphers except ones with no encryption (eNULL) or no
authentication (aNULL):
openssl ciphers -v 'ALL:!aNULL'
Include only 3DES ciphers and then place RSA ciphers last:
openssl ciphers -v '3DES:+RSA'
Include all RC4 ciphers but leave out those without authentication:
openssl ciphers -v 'RC4:!COMPLEMENTOFDEFAULT'
Include all ciphers with RSA authentication but leave out ciphers without
encryption.
openssl ciphers -v 'RSA:!COMPLEMENTOFALL'
Set security level to 2 and display all ciphers consistent with level 2:
openssl ciphers -s -v 'ALL:@SECLEVEL=2'
=head1 SEE ALSO
L<openssl(1)>,
L<openssl-s_client(1)>,
L<openssl-s_server(1)>,
L<ssl(7)>
=head1 HISTORY
The B<-V> option was added in OpenSSL 1.0.0.
The B<-stdname> is only available if OpenSSL is built with tracing enabled
(B<enable-ssl-trace> argument to Configure) before OpenSSL 1.1.1.
The B<-convert> option was added in OpenSSL 1.1.1.
Support for standard IANA names in cipher lists was added in
OpenSSL 3.2.0.
The support for TLS v1.3 integrity-only cipher suites was added in OpenSSL 3.4.
=head1 COPYRIGHT
Copyright 2000-2024 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
in the file LICENSE in the source distribution or at
L<https://www.openssl.org/source/license.html>.
=cut

168
openssl-3.4.2/doc/man1/openssl-cmds.pod Normal file
View File

@@ -0,0 +1,168 @@
=pod
=begin comment
WARNING: do not edit!
Generated by Makefile from doc/man1/openssl-cmds.pod.in
=end comment
=head1 NAME
=for openssl names: openssl-cmds
asn1parse,
ca,
ciphers,
cmp,
cms,
crl,
crl2pkcs7,
dgst,
dhparam,
dsa,
dsaparam,
ec,
ecparam,
enc,
engine,
errstr,
gendsa,
genpkey,
genrsa,
info,
kdf,
mac,
nseq,
ocsp,
passwd,
pkcs12,
pkcs7,
pkcs8,
pkey,
pkeyparam,
pkeyutl,
prime,
rand,
rehash,
req,
rsa,
rsautl,
s_client,
s_server,
s_time,
sess_id,
smime,
speed,
spkac,
srp,
storeutl,
ts,
verify,
version,
x509
- OpenSSL application commands
=for openssl foreign manual apropos(1)
=head1 SYNOPSIS
=for openssl generic
B<openssl> I<cmd> B<-help> | [I<-option> | I<-option> I<arg>] ... [I<arg>] ...
=head1 DESCRIPTION
Every I<cmd> listed above is a (sub-)command of the L<openssl(1)> application.
It has its own detailed manual page at B<openssl-I<cmd>>(1). For example, to
view the manual page for the B<openssl dgst> command, type C<man openssl-dgst>.
=head1 OPTIONS
Among others, every subcommand has a help option.
=over 4
=item B<-help>
Print out a usage message for the subcommand.
=back
=head1 SEE ALSO
L<openssl(1)>,
L<openssl-asn1parse(1)>,
L<openssl-ca(1)>,
L<openssl-ciphers(1)>,
L<openssl-cmp(1)>,
L<openssl-cms(1)>,
L<openssl-crl(1)>,
L<openssl-crl2pkcs7(1)>,
L<openssl-dgst(1)>,
L<openssl-dhparam(1)>,
L<openssl-dsa(1)>,
L<openssl-dsaparam(1)>,
L<openssl-ec(1)>,
L<openssl-ecparam(1)>,
L<openssl-enc(1)>,
L<openssl-engine(1)>,
L<openssl-errstr(1)>,
L<openssl-gendsa(1)>,
L<openssl-genpkey(1)>,
L<openssl-genrsa(1)>,
L<openssl-info(1)>,
L<openssl-kdf(1)>,
L<openssl-mac(1)>,
L<openssl-nseq(1)>,
L<openssl-ocsp(1)>,
L<openssl-passwd(1)>,
L<openssl-pkcs12(1)>,
L<openssl-pkcs7(1)>,
L<openssl-pkcs8(1)>,
L<openssl-pkey(1)>,
L<openssl-pkeyparam(1)>,
L<openssl-pkeyutl(1)>,
L<openssl-prime(1)>,
L<openssl-rand(1)>,
L<openssl-rehash(1)>,
L<openssl-req(1)>,
L<openssl-rsa(1)>,
L<openssl-rsautl(1)>,
L<openssl-s_client(1)>,
L<openssl-s_server(1)>,
L<openssl-s_time(1)>,
L<openssl-sess_id(1)>,
L<openssl-smime(1)>,
L<openssl-speed(1)>,
L<openssl-spkac(1)>,
L<openssl-srp(1)>,
L<openssl-storeutl(1)>,
L<openssl-ts(1)>,
L<openssl-verify(1)>,
L<openssl-version(1)>,
L<openssl-x509(1)>,
=head1 HISTORY
=for openssl foreign manual apropos(1)
Initially, the manual page entry for the C<openssl I<cmd>> command used
to be available at I<cmd>(1). Later, the alias B<openssl-I<cmd>>(1) was
introduced, which made it easier to group the openssl commands using
the L<apropos(1)> command or the shell's tab completion.
In order to reduce cluttering of the global manual page namespace,
the manual page entries without the 'openssl-' prefix have been
deprecated in OpenSSL 3.0 and will be removed in OpenSSL 4.0.
=head1 COPYRIGHT
Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
in the file LICENSE in the source distribution or at
L<https://www.openssl.org/source/license.html>.
=cut

1570
openssl-3.4.2/doc/man1/openssl-cmp.pod Normal file
View File

File diff suppressed because it is too large Load Diff

1001
openssl-3.4.2/doc/man1/openssl-cms.pod Normal file
View File

File diff suppressed because it is too large Load Diff

206
openssl-3.4.2/doc/man1/openssl-crl.pod Normal file
View File

@@ -0,0 +1,206 @@
=pod
=begin comment
WARNING: do not edit!
Generated by Makefile from doc/man1/openssl-crl.pod.in
=end comment
=head1 NAME
openssl-crl - CRL command
=head1 SYNOPSIS
B<openssl> B<crl>
[B<-help>]
[B<-inform> B<DER>|B<PEM>]
[B<-outform> B<DER>|B<PEM>]
[B<-key> I<filename>]
[B<-keyform> B<DER>|B<PEM>|B<P12>]
[B<-dateopt>]
[B<-text>]
[B<-in> I<filename>]
[B<-out> I<filename>]
[B<-gendelta> I<filename>]
[B<-badsig>]
[B<-verify>]
[B<-noout>]
[B<-hash>]
[B<-hash_old>]
[B<-fingerprint>]
[B<-crlnumber>]
[B<-issuer>]
[B<-lastupdate>]
[B<-nextupdate>]
[B<-nameopt> I<option>]
[B<-CAfile> I<file>]
[B<-no-CAfile>]
[B<-CApath> I<dir>]
[B<-no-CApath>]
[B<-CAstore> I<uri>]
[B<-no-CAstore>]
[B<-provider> I<name>]
[B<-provider-path> I<path>]
[B<-propquery> I<propq>]
=head1 DESCRIPTION
This command processes CRL files in DER or PEM format.
=head1 OPTIONS
=over 4
=item B<-help>
Print out a usage message.
=item B<-inform> B<DER>|B<PEM>
The CRL input format; unspecified by default.
See L<openssl-format-options(1)> for details.
=item B<-outform> B<DER>|B<PEM>
The CRL output format; the default is B<PEM>.
See L<openssl-format-options(1)> for details.
=item B<-key> I<filename>
The private key to be used to sign the CRL.
=item B<-keyform> B<DER>|B<PEM>|B<P12>
The format of the private key file; unspecified by default.
See L<openssl-format-options(1)> for details.
=item B<-in> I<filename>
This specifies the input filename to read from or standard input if this
option is not specified.
=item B<-out> I<filename>
Specifies the output filename to write to or standard output by
default.
=item B<-gendelta> I<filename>
Output a comparison of the main CRL and the one specified here.
=item B<-badsig>
Corrupt the signature before writing it; this can be useful
for testing.
=item B<-dateopt>
Specify the date output format. Values are: rfc_822 and iso_8601.
Defaults to rfc_822.
=item B<-text>
Print out the CRL in text form.
=item B<-verify>
Verify the signature in the CRL. If the verification fails,
the program will immediately exit, i.e. further option processing
(e.g. B<-gendelta>) is skipped.
This option is implicitly enabled if any of B<-CApath>, B<-CAfile>
or B<-CAstore> is specified.
=item B<-noout>
Don't output the encoded version of the CRL.
=item B<-fingerprint>
Output the fingerprint of the CRL.
=item B<-crlnumber>
Output the number of the CRL.
=item B<-hash>
Output a hash of the issuer name. This can be use to lookup CRLs in
a directory by issuer name.
=item B<-hash_old>
Outputs the "hash" of the CRL issuer name using the older algorithm
as used by OpenSSL before version 1.0.0.
=item B<-issuer>
Output the issuer name.
=item B<-lastupdate>
Output the lastUpdate field.
=item B<-nextupdate>
Output the nextUpdate field.
=item B<-nameopt> I<option>
This specifies how the subject or issuer names are displayed.
See L<openssl-namedisplay-options(1)> for details.
=item B<-CAfile> I<file>, B<-no-CAfile>, B<-CApath> I<dir>, B<-no-CApath>,
B<-CAstore> I<uri>, B<-no-CAstore>
See L<openssl-verification-options(1)/Trusted Certificate Options> for details.
=item B<-provider> I<name>
=item B<-provider-path> I<path>
=item B<-propquery> I<propq>
See L<openssl(1)/Provider Options>, L<provider(7)>, and L<property(7)>.
=back
=head1 EXAMPLES
Convert a CRL file from PEM to DER:
openssl crl -in crl.pem -outform DER -out crl.der
Output the text form of a DER encoded certificate:
openssl crl -in crl.der -text -noout
=head1 BUGS
Ideally it should be possible to create a CRL using appropriate options
and files too.
=head1 SEE ALSO
L<openssl(1)>,
L<openssl-crl2pkcs7(1)>,
L<openssl-ca(1)>,
L<openssl-x509(1)>,
L<ossl_store-file(7)>
=head1 HISTORY
Since OpenSSL 3.3, the B<-verify> option will exit with 1 on failure.
=head1 COPYRIGHT
Copyright 2000-2024 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
in the file LICENSE in the source distribution or at
L<https://www.openssl.org/source/license.html>.
=cut

122
openssl-3.4.2/doc/man1/openssl-crl2pkcs7.pod Normal file
View File

@@ -0,0 +1,122 @@
=pod
=begin comment
WARNING: do not edit!
Generated by Makefile from doc/man1/openssl-crl2pkcs7.pod.in
=end comment
=head1 NAME
openssl-crl2pkcs7 - Create a PKCS#7 structure from a CRL and certificates
=head1 SYNOPSIS
B<openssl> B<crl2pkcs7>
[B<-help>]
[B<-inform> B<DER>|B<PEM>]
[B<-outform> B<DER>|B<PEM>]
[B<-in> I<filename>]
[B<-out> I<filename>]
[B<-certfile> I<filename>]
[B<-nocrl>]
[B<-provider> I<name>]
[B<-provider-path> I<path>]
[B<-propquery> I<propq>]
=head1 DESCRIPTION
This command takes an optional CRL and one or more
certificates and converts them into a PKCS#7 degenerate "certificates
only" structure.
=head1 OPTIONS
=over 4
=item B<-help>
Print out a usage message.
=item B<-inform> B<DER>|B<PEM>
The input format of the CRL; the default is B<PEM>.
See L<openssl-format-options(1)> for details.
=item B<-outform> B<DER>|B<PEM>
The output format of the PKCS#7 object; the default is B<PEM>.
See L<openssl-format-options(1)> for details.
=item B<-in> I<filename>
This specifies the input filename to read a CRL from or standard input if this
option is not specified.
=item B<-out> I<filename>
Specifies the output filename to write the PKCS#7 structure to or standard
output by default.
=item B<-certfile> I<filename>
Specifies a filename containing one or more certificates in B<PEM> format.
All certificates in the file will be added to the PKCS#7 structure. This
option can be used more than once to read certificates from multiple
files.
=item B<-nocrl>
Normally a CRL is included in the output file. With this option no CRL is
included in the output file and a CRL is not read from the input file.
=item B<-provider> I<name>
=item B<-provider-path> I<path>
=item B<-propquery> I<propq>
See L<openssl(1)/Provider Options>, L<provider(7)>, and L<property(7)>.
=back
=head1 EXAMPLES
Create a PKCS#7 structure from a certificate and CRL:
openssl crl2pkcs7 -in crl.pem -certfile cert.pem -out p7.pem
Creates a PKCS#7 structure in DER format with no CRL from several
different certificates:
openssl crl2pkcs7 -nocrl -certfile newcert.pem
-certfile demoCA/cacert.pem -outform DER -out p7.der
=head1 NOTES
The output file is a PKCS#7 signed data structure containing no signers and
just certificates and an optional CRL.
This command can be used to send certificates and CAs to Netscape as part of
the certificate enrollment process. This involves sending the DER encoded output
as MIME type application/x-x509-user-cert.
The B<PEM> encoded form with the header and footer lines removed can be used to
install user certificates and CAs in MSIE using the Xenroll control.
=head1 SEE ALSO
L<openssl(1)>,
L<openssl-pkcs7(1)>
=head1 COPYRIGHT
Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
in the file LICENSE in the source distribution or at
L<https://www.openssl.org/source/license.html>.
=cut

310
openssl-3.4.2/doc/man1/openssl-dgst.pod Normal file
View File

@@ -0,0 +1,310 @@
=pod
=begin comment
WARNING: do not edit!
Generated by Makefile from doc/man1/openssl-dgst.pod.in
=end comment
=head1 NAME
openssl-dgst - perform digest operations
=head1 SYNOPSIS
B<openssl> B<dgst>|I<digest>
[B<-I<digest>>]
[B<-list>]
[B<-help>]
[B<-c>]
[B<-d>]
[B<-debug>]
[B<-hex>]
[B<-binary>]
[B<-xoflen> I<length>]
[B<-r>]
[B<-out> I<filename>]
[B<-sign> I<filename>|I<uri>]
[B<-keyform> B<DER>|B<PEM>|B<P12>|B<ENGINE>]
[B<-passin> I<arg>]
[B<-verify> I<filename>]
[B<-prverify> I<filename>]
[B<-signature> I<filename>]
[B<-sigopt> I<nm>:I<v>]
[B<-hmac> I<key>]
[B<-mac> I<alg>]
[B<-macopt> I<nm>:I<v>]
[B<-fips-fingerprint>]
[B<-engine> I<id>]
[B<-engine_impl> I<id>]
[B<-rand> I<files>]
[B<-writerand> I<file>]
[B<-provider> I<name>]
[B<-provider-path> I<path>]
[B<-propquery> I<propq>]
[I<file> ...]
=head1 DESCRIPTION
This command output the message digest of a supplied file or files
in hexadecimal, and also generates and verifies digital
signatures using message digests.
The generic name, B<openssl dgst>, may be used with an option specifying the
algorithm to be used.
The default digest is B<sha256>.
A supported I<digest> name may also be used as the sub-command name.
To see the list of supported algorithms, use C<openssl list -digest-algorithms>
=head1 OPTIONS
=over 4
=item B<-help>
Print out a usage message.
=item B<-I<digest>>
Specifies name of a supported digest to be used. See option B<-list> below :
=item B<-list>
Prints out a list of supported message digests.
=item B<-c>
Print out the digest in two digit groups separated by colons, only relevant if
the B<-hex> option is given as well.
=item B<-d>, B<-debug>
Print out BIO debugging information.
=item B<-hex>
Digest is to be output as a hex dump. This is the default case for a "normal"
digest as opposed to a digital signature. See NOTES below for digital
signatures using B<-hex>.
=item B<-binary>
Output the digest or signature in binary form.
=item B<-xoflen> I<length>
Set the output length for XOF algorithms, such as B<shake128> and B<shake256>.
This option is not supported for signing operations.
For OpenSSL providers it is required to set this value for shake algorithms,
since the previous default values were only set to supply half of the maximum
security strength.
To ensure the maximum security strength of 128 bits, the xoflen for B<shake128>
should be set to at least 32 (bytes). For compatibility with previous versions
of OpenSSL, it may be set to 16, resulting in a security strength of only 64
bits.
To ensure the maximum security strength of 256 bits, the xoflen for B<shake256>
should be set to at least 64 (bytes). For compatibility with previous versions
of OpenSSL, it may be set to 32, resulting in a security strength of only 128
bits.
=item B<-r>
=for openssl foreign manual sha1sum(1)
Output the digest in the "coreutils" format, including newlines.
Used by programs like L<sha1sum(1)>.
=item B<-out> I<filename>
Filename to output to, or standard output by default.
=item B<-sign> I<filename>|I<uri>
Digitally sign the digest using the given private key. Note this option
does not support Ed25519 or Ed448 private keys. Use the L<openssl-pkeyutl(1)>
command instead for this.
=item B<-keyform> B<DER>|B<PEM>|B<P12>|B<ENGINE>
The format of the key to sign with; unspecified by default.
See L<openssl-format-options(1)> for details.
=item B<-sigopt> I<nm>:I<v>
Pass options to the signature algorithm during sign or verify operations.
Names and values of these options are algorithm-specific and documented
in L<provider-signature(7)/Signature parameters>.
=item B<-passin> I<arg>
The private key password source. For more information about the format of I<arg>
see L<openssl-passphrase-options(1)>.
=item B<-verify> I<filename>
Verify the signature using the public key in "filename".
The output is either "Verified OK" or "Verification Failure".
=item B<-prverify> I<filename>
Verify the signature using the private key in "filename".
=item B<-signature> I<filename>
The actual signature to verify.
=item B<-hmac> I<key>
Create a hashed MAC using "key".
The L<openssl-mac(1)> command should be preferred to using this command line
option.
=item B<-mac> I<alg>
Create MAC (keyed Message Authentication Code). The most popular MAC
algorithm is HMAC (hash-based MAC), but there are other MAC algorithms
which are not based on hash, for instance B<gost-mac> algorithm,
supported by the B<gost> engine. MAC keys and other options should be set
via B<-macopt> parameter.
The L<openssl-mac(1)> command should be preferred to using this command line
option.
=item B<-macopt> I<nm>:I<v>
Passes options to MAC algorithm, specified by B<-mac> key.
Following options are supported by both by B<HMAC> and B<gost-mac>:
=over 4
=item B<key>:I<string>
Specifies MAC key as alphanumeric string (use if key contain printable
characters only). String length must conform to any restrictions of
the MAC algorithm for example exactly 32 chars for gost-mac.
=item B<hexkey>:I<string>
Specifies MAC key in hexadecimal form (two hex digits per byte).
Key length must conform to any restrictions of the MAC algorithm
for example exactly 32 chars for gost-mac.
=back
The L<openssl-mac(1)> command should be preferred to using this command line
option.
=item B<-fips-fingerprint>
Compute HMAC using a specific key for certain OpenSSL-FIPS operations.
=item B<-rand> I<files>, B<-writerand> I<file>
See L<openssl(1)/Random State Options> for details.
=item B<-engine> I<id>
See L<openssl(1)/Engine Options>.
This option is deprecated.
The engine is not used for digests unless the B<-engine_impl> option is
used or it is configured to do so, see L<config(5)/Engine Configuration Module>.
=item B<-engine_impl> I<id>
When used with the B<-engine> option, it specifies to also use
engine I<id> for digest operations.
=item B<-provider> I<name>
=item B<-provider-path> I<path>
=item B<-propquery> I<propq>
See L<openssl(1)/Provider Options>, L<provider(7)>, and L<property(7)>.
=item I<file> ...
File or files to digest. If no files are specified then standard input is
used.
=back
=head1 EXAMPLES
To create a hex-encoded message digest of a file:
openssl dgst -md5 -hex file.txt
or
openssl md5 file.txt
To sign a file using SHA-256 with binary file output:
openssl dgst -sha256 -sign privatekey.pem -out signature.sign file.txt
or
openssl sha256 -sign privatekey.pem -out signature.sign file.txt
To verify a signature:
openssl dgst -sha256 -verify publickey.pem \
-signature signature.sign \
file.txt
=head1 NOTES
The digest mechanisms that are available will depend on the options
used when building OpenSSL.
The C<openssl list -digest-algorithms> command can be used to list them.
New or agile applications should use probably use SHA-256. Other digests,
particularly SHA-1 and MD5, are still widely used for interoperating
with existing formats and protocols.
When signing a file, this command will automatically determine the algorithm
(RSA, ECC, etc) to use for signing based on the private key's ASN.1 info.
When verifying signatures, it only handles the RSA, DSA, or ECDSA signature
itself, not the related data to identify the signer and algorithm used in
formats such as x.509, CMS, and S/MIME.
A source of random numbers is required for certain signing algorithms, in
particular ECDSA and DSA.
The signing and verify options should only be used if a single file is
being signed or verified.
Hex signatures cannot be verified using B<openssl>. Instead, use "xxd -r"
or similar program to transform the hex signature into a binary signature
prior to verification.
The L<openssl-mac(1)> command is preferred over the B<-hmac>, B<-mac> and
B<-macopt> command line options.
=head1 SEE ALSO
L<openssl-mac(1)>
=head1 HISTORY
The default digest was changed from MD5 to SHA256 in OpenSSL 1.1.0.
The FIPS-related options were removed in OpenSSL 1.1.0.
The B<-engine> and B<-engine_impl> options were deprecated in OpenSSL 3.0.
=head1 COPYRIGHT
Copyright 2000-2024 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
in the file LICENSE in the source distribution or at
L<https://www.openssl.org/source/license.html>.
=cut

168
openssl-3.4.2/doc/man1/openssl-dhparam.pod Normal file
View File

@@ -0,0 +1,168 @@
=pod
=begin comment
WARNING: do not edit!
Generated by Makefile from doc/man1/openssl-dhparam.pod.in
=end comment
=head1 NAME
openssl-dhparam - DH parameter manipulation and generation
=head1 SYNOPSIS
B<openssl dhparam>
[B<-help>]
[B<-inform> B<DER>|B<PEM>]
[B<-outform> B<DER>|B<PEM>]
[B<-in> I<filename>]
[B<-out> I<filename>]
[B<-dsaparam>]
[B<-check>]
[B<-noout>]
[B<-text>]
[B<-verbose>]
[B<-quiet>]
[B<-2>]
[B<-3>]
[B<-5>]
[B<-engine> I<id>]
[B<-rand> I<files>]
[B<-writerand> I<file>]
[B<-provider> I<name>]
[B<-provider-path> I<path>]
[B<-propquery> I<propq>]
[I<numbits>]
=head1 DESCRIPTION
This command is used to manipulate DH parameter files.
See L<openssl-genpkey(1)/EXAMPLES> for examples on how to generate
a key using a named safe prime group without generating intermediate
parameters.
=head1 OPTIONS
=over 4
=item B<-help>
Print out a usage message.
=item B<-inform> B<DER>|B<PEM>, B<-outform> B<DER>|B<PEM>
The input format and output format; the default is B<PEM>.
The object is compatible with the PKCS#3 B<DHparameter> structure.
See L<openssl-format-options(1)> for details.
=item B<-in> I<filename>
This specifies the input filename to read parameters from or standard input if
this option is not specified.
=item B<-out> I<filename>
This specifies the output filename parameters to. Standard output is used
if this option is not present. The output filename should B<not> be the same
as the input filename.
=item B<-dsaparam>
If this option is used, DSA rather than DH parameters are read or created;
they are converted to DH format. Otherwise, safe primes (such
that (p-1)/2 is also prime) will be used for DH parameter generation.
DH parameter generation with the B<-dsaparam> option is much faster.
Beware that with such DSA-style DH parameters, a fresh DH key should be
created for each use to avoid small-subgroup attacks that may be possible
otherwise.
=item B<-check>
Performs numerous checks to see if the supplied parameters are valid and
displays a warning if not.
=item B<-2>, B<-3>, B<-5>
The generator to use, either 2, 3 or 5. If present then the
input file is ignored and parameters are generated instead. If not
present but I<numbits> is present, parameters are generated with the
default generator 2.
=item I<numbits>
This option specifies that a parameter set should be generated of size
I<numbits>. It must be the last option. If this option is present then
the input file is ignored and parameters are generated instead. If
this option is not present but a generator (B<-2>, B<-3> or B<-5>) is
present, parameters are generated with a default length of 2048 bits.
The minimum length is 512 bits. The maximum length is 10000 bits.
=item B<-noout>
This option inhibits the output of the encoded version of the parameters.
=item B<-text>
This option prints out the DH parameters in human readable form.
=item B<-engine> I<id>
See L<openssl(1)/Engine Options>.
This option is deprecated.
=item B<-rand> I<files>, B<-writerand> I<file>
See L<openssl(1)/Random State Options> for details.
=item B<-provider> I<name>
=item B<-provider-path> I<path>
=item B<-propquery> I<propq>
See L<openssl(1)/Provider Options>, L<provider(7)>, and L<property(7)>.
=item B<-verbose>
This option enables the output of progress messages, which is handy when
running commands interactively that may take a long time to execute.
=item B<-quiet>
This option suppresses the output of progress messages, which may be
undesirable in batch scripts or pipelines.
=back
=head1 NOTES
This command replaces the B<dh> and B<gendh> commands of previous
releases.
=head1 SEE ALSO
L<openssl(1)>,
L<openssl-pkeyparam(1)>,
L<openssl-dsaparam(1)>,
L<openssl-genpkey(1)>.
=head1 HISTORY
The B<-engine> option was deprecated in OpenSSL 3.0.
The B<-C> option was removed in OpenSSL 3.0.
=head1 COPYRIGHT
Copyright 2000-2023 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
in the file LICENSE in the source distribution or at
L<https://www.openssl.org/source/license.html>.
=cut

209
openssl-3.4.2/doc/man1/openssl-dsa.pod Normal file
View File

@@ -0,0 +1,209 @@
=pod
=begin comment
WARNING: do not edit!
Generated by Makefile from doc/man1/openssl-dsa.pod.in
=end comment
=head1 NAME
openssl-dsa - DSA key processing
=head1 SYNOPSIS
B<openssl> B<dsa>
[B<-help>]
[B<-inform> B<DER>|B<PEM>]
[B<-outform> B<DER>|B<PEM>]
[B<-in> I<filename>]
[B<-passin> I<arg>]
[B<-out> I<filename>]
[B<-passout> I<arg>]
[B<-aes128>]
[B<-aes192>]
[B<-aes256>]
[B<-aria128>]
[B<-aria192>]
[B<-aria256>]
[B<-camellia128>]
[B<-camellia192>]
[B<-camellia256>]
[B<-des>]
[B<-des3>]
[B<-idea>]
[B<-text>]
[B<-noout>]
[B<-modulus>]
[B<-pubin>]
[B<-pubout>]
[B<-pvk-strong>]
[B<-pvk-weak>]
[B<-pvk-none>]
[B<-engine> I<id>]
[B<-provider> I<name>]
[B<-provider-path> I<path>]
[B<-propquery> I<propq>]
=head1 DESCRIPTION
This command processes DSA keys. They can be converted between various
forms and their components printed out. B<Note> This command uses the
traditional SSLeay compatible format for private key encryption: newer
applications should use the more secure PKCS#8 format using the B<pkcs8>
=head1 OPTIONS
=over 4
=item B<-help>
Print out a usage message.
=item B<-inform> B<DER>|B<PEM>
The key input format; unspecified by default.
See L<openssl-format-options(1)> for details.
=item B<-outform> B<DER>|B<PEM>
The key output format; the default is B<PEM>.
See L<openssl-format-options(1)> for details.
Private keys are a sequence of B<ASN.1 INTEGERS>: the version (zero), B<p>,
B<q>, B<g>, and the public and private key components. Public keys
are a B<SubjectPublicKeyInfo> structure with the B<DSA> type.
The B<PEM> format also accepts PKCS#8 data.
=item B<-in> I<filename>
This specifies the input filename to read a key from or standard input if this
option is not specified. If the key is encrypted a pass phrase will be
prompted for.
=item B<-out> I<filename>
This specifies the output filename to write a key to or standard output by
is not specified. If any encryption options are set then a pass phrase will be
prompted for. The output filename should B<not> be the same as the input
filename.
=item B<-passin> I<arg>, B<-passout> I<arg>
The password source for the input and output file.
For more information about the format of B<arg>
see L<openssl-passphrase-options(1)>.
=item B<-aes128>, B<-aes192>, B<-aes256>, B<-aria128>, B<-aria192>, B<-aria256>, B<-camellia128>, B<-camellia192>, B<-camellia256>, B<-des>, B<-des3>, B<-idea>
These options encrypt the private key with the specified
cipher before outputting it. A pass phrase is prompted for.
If none of these options is specified the key is written in plain text. This
means that this command can be used to remove the pass phrase from a key
by not giving any encryption option is given, or to add or change the pass
phrase by setting them.
These options can only be used with PEM format output files.
=item B<-text>
Prints out the public, private key components and parameters.
=item B<-noout>
This option prevents output of the encoded version of the key.
=item B<-modulus>
This option prints out the value of the public key component of the key.
=item B<-pubin>
By default, a private key is read from the input.
With this option a public key is read instead.
If the input contains no public key but a private key, its public part is used.
=item B<-pubout>
By default, a private key is output. With this option a public
key will be output instead. This option is automatically set if the input is
a public key.
=item B<-pvk-strong>
Enable 'Strong' PVK encoding level (default).
=item B<-pvk-weak>
Enable 'Weak' PVK encoding level.
=item B<-pvk-none>
Don't enforce PVK encoding.
=item B<-engine> I<id>
See L<openssl(1)/Engine Options>.
This option is deprecated.
=item B<-provider> I<name>
=item B<-provider-path> I<path>
=item B<-propquery> I<propq>
See L<openssl(1)/Provider Options>, L<provider(7)>, and L<property(7)>.
=back
The L<openssl-pkey(1)> command is capable of performing all the operations
this command can, as well as supporting other public key types.
=head1 EXAMPLES
The documentation for the L<openssl-pkey(1)> command contains examples
equivalent to the ones listed here.
To remove the pass phrase on a DSA private key:
openssl dsa -in key.pem -out keyout.pem
To encrypt a private key using triple DES:
openssl dsa -in key.pem -des3 -out keyout.pem
To convert a private key from PEM to DER format:
openssl dsa -in key.pem -outform DER -out keyout.der
To print out the components of a private key to standard output:
openssl dsa -in key.pem -text -noout
To just output the public part of a private key:
openssl dsa -in key.pem -pubout -out pubkey.pem
=head1 SEE ALSO
L<openssl(1)>,
L<openssl-pkey(1)>,
L<openssl-dsaparam(1)>,
L<openssl-gendsa(1)>,
L<openssl-rsa(1)>,
L<openssl-genrsa(1)>
=head1 HISTORY
The B<-engine> option was deprecated in OpenSSL 3.0.
=head1 COPYRIGHT
Copyright 2000-2023 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
in the file LICENSE in the source distribution or at
L<https://www.openssl.org/source/license.html>.
=cut

154
openssl-3.4.2/doc/man1/openssl-dsaparam.pod Normal file
View File

@@ -0,0 +1,154 @@
=pod
=begin comment
WARNING: do not edit!
Generated by Makefile from doc/man1/openssl-dsaparam.pod.in
=end comment
=head1 NAME
openssl-dsaparam - DSA parameter manipulation and generation
=head1 SYNOPSIS
B<openssl dsaparam>
[B<-help>]
[B<-inform> B<DER>|B<PEM>]
[B<-outform> B<DER>|B<PEM>]
[B<-in> I<filename>]
[B<-out> I<filename>]
[B<-noout>]
[B<-text>]
[B<-genkey>]
[B<-verbose>]
[B<-quiet>]
[B<-rand> I<files>]
[B<-writerand> I<file>]
[B<-engine> I<id>]
[B<-provider> I<name>]
[B<-provider-path> I<path>]
[B<-propquery> I<propq>]
[I<numbits>]
[I<numqbits>]
=head1 DESCRIPTION
This command is used to manipulate or generate DSA parameter files.
DSA parameter generation can be a slow process and as a result the same set of
DSA parameters is often used to generate several distinct keys.
=head1 OPTIONS
=over 4
=item B<-help>
Print out a usage message.
=item B<-inform> B<DER>|B<PEM>
The DSA parameters input format; unspecified by default.
See L<openssl-format-options(1)> for details.
=item B<-outform> B<DER>|B<PEM>
The DSA parameters output format; the default is B<PEM>.
See L<openssl-format-options(1)> for details.
Parameters are a sequence of B<ASN.1 INTEGER>s: B<p>, B<q>, and B<g>.
This is compatible with RFC 2459 B<DSS-Parms> structure.
=item B<-in> I<filename>
This specifies the input filename to read parameters from or standard input if
this option is not specified. If the I<numbits> parameter is included then
this option will be ignored.
=item B<-out> I<filename>
This specifies the output filename parameters to. Standard output is used
if this option is not present. The output filename should B<not> be the same
as the input filename.
=item B<-noout>
This option inhibits the output of the encoded version of the parameters.
=item B<-text>
This option prints out the DSA parameters in human readable form.
=item B<-genkey>
This option will generate a DSA either using the specified or generated
parameters.
=item B<-verbose>
Print extra details about the operations being performed.
=item B<-quiet>
Print fewer details about the operations being performed, which may
be handy during batch scripts and pipelines.
=item B<-rand> I<files>, B<-writerand> I<file>
See L<openssl(1)/Random State Options> for details.
=item B<-engine> I<id>
See L<openssl(1)/Engine Options>.
This option is deprecated.
=item I<numbits>
This optional argument specifies that a parameter set should be generated of
size I<numbits>. If this argument is included then the input file (if any) is
ignored.
=item I<numqbits>
This optional argument specifies that a parameter set should be generated with
a subprime parameter q of size I<numqbits>. It must be the last argument. If
this argument is included then the input file (if any) is ignored.
=item B<-provider> I<name>
=item B<-provider-path> I<path>
=item B<-propquery> I<propq>
See L<openssl(1)/Provider Options>, L<provider(7)>, and L<property(7)>.
=back
=head1 SEE ALSO
L<openssl(1)>,
L<openssl-pkeyparam(1)>,
L<openssl-gendsa(1)>,
L<openssl-dsa(1)>,
L<openssl-genrsa(1)>,
L<openssl-rsa(1)>
=head1 HISTORY
The B<-engine> option was deprecated in OpenSSL 3.0.
The B<-C> option was removed in OpenSSL 3.0.
=head1 COPYRIGHT
Copyright 2000-2023 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
in the file LICENSE in the source distribution or at
L<https://www.openssl.org/source/license.html>.
=cut

222
openssl-3.4.2/doc/man1/openssl-ec.pod Normal file
View File

@@ -0,0 +1,222 @@
=pod
=begin comment
WARNING: do not edit!
Generated by Makefile from doc/man1/openssl-ec.pod.in
=end comment
=head1 NAME
openssl-ec - EC key processing
=head1 SYNOPSIS
B<openssl> B<ec>
[B<-help>]
[B<-inform> B<DER>|B<PEM>|B<P12>|B<ENGINE>]
[B<-outform> B<DER>|B<PEM>]
[B<-in> I<filename>|I<uri>]
[B<-passin> I<arg>]
[B<-out> I<filename>]
[B<-passout> I<arg>]
[B<-des>]
[B<-des3>]
[B<-idea>]
[B<-text>]
[B<-noout>]
[B<-param_out>]
[B<-pubin>]
[B<-pubout>]
[B<-conv_form> I<arg>]
[B<-param_enc> I<arg>]
[B<-no_public>]
[B<-check>]
[B<-engine> I<id>]
[B<-provider> I<name>]
[B<-provider-path> I<path>]
[B<-propquery> I<propq>]
=head1 DESCRIPTION
The L<openssl-ec(1)> command processes EC keys. They can be converted between
various forms and their components printed out. B<Note> OpenSSL uses the
private key format specified in 'SEC 1: Elliptic Curve Cryptography'
(http://www.secg.org/). To convert an OpenSSL EC private key into the
PKCS#8 private key format use the L<openssl-pkcs8(1)> command.
=head1 OPTIONS
=over 4
=item B<-help>
Print out a usage message.
=item B<-inform> B<DER>|B<PEM>|B<P12>|B<ENGINE>
The key input format; unspecified by default.
See L<openssl-format-options(1)> for details.
=item B<-outform> B<DER>|B<PEM>
The key output format; the default is B<PEM>.
See L<openssl-format-options(1)> for details.
Private keys are an SEC1 private key or PKCS#8 format.
Public keys are a B<SubjectPublicKeyInfo> as specified in IETF RFC 3280.
=item B<-in> I<filename>|I<uri>
This specifies the input to read a key from or standard input if this
option is not specified. If the key is encrypted a pass phrase will be
prompted for.
=item B<-out> I<filename>
This specifies the output filename to write a key to or standard output by
is not specified. If any encryption options are set then a pass phrase will be
prompted for. The output filename should B<not> be the same as the input
filename.
=item B<-passin> I<arg>, B<-passout> I<arg>
The password source for the input and output file.
For more information about the format of B<arg>
see L<openssl-passphrase-options(1)>.
=item B<-des>|B<-des3>|B<-idea>
These options encrypt the private key with the DES, triple DES, IDEA or
any other cipher supported by OpenSSL before outputting it. A pass phrase is
prompted for.
If none of these options is specified the key is written in plain text. This
means that using this command to read in an encrypted key with no
encryption option can be used to remove the pass phrase from a key, or by
setting the encryption options it can be use to add or change the pass phrase.
These options can only be used with PEM format output files.
=item B<-text>
Prints out the public, private key components and parameters.
=item B<-noout>
This option prevents output of the encoded version of the key.
=item B<-param_out>
Print the elliptic curve parameters.
=item B<-pubin>
By default a private key is read from the input.
With this option a public key is read instead.
If the input contains no public key but a private key, its public part is used.
=item B<-pubout>
By default a private key is output. With this option a public
key will be output instead. This option is automatically set if the input is
a public key.
=item B<-conv_form> I<arg>
This specifies how the points on the elliptic curve are converted
into octet strings. Possible values are: B<compressed>, B<uncompressed> (the
default value) and B<hybrid>. For more information regarding
the point conversion forms please read the X9.62 standard.
B<Note> Due to patent issues the B<compressed> option is disabled
by default for binary curves and can be enabled by defining
the preprocessor macro B<OPENSSL_EC_BIN_PT_COMP> at compile time.
=item B<-param_enc> I<arg>
This specifies how the elliptic curve parameters are encoded.
Possible value are: B<named_curve>, i.e. the ec parameters are
specified by an OID, or B<explicit> where the ec parameters are
explicitly given (see RFC 3279 for the definition of the
EC parameters structures). The default value is B<named_curve>.
B<Note> the B<implicitlyCA> alternative, as specified in RFC 3279,
is currently not implemented in OpenSSL.
=item B<-no_public>
This option omits the public key components from the private key output.
=item B<-check>
This option checks the consistency of an EC private or public key.
=item B<-engine> I<id>
See L<openssl(1)/Engine Options>.
This option is deprecated.
=item B<-provider> I<name>
=item B<-provider-path> I<path>
=item B<-propquery> I<propq>
See L<openssl(1)/Provider Options>, L<provider(7)>, and L<property(7)>.
=back
The L<openssl-pkey(1)> command is capable of performing all the operations
this command can, as well as supporting other public key types.
=head1 EXAMPLES
The documentation for the L<openssl-pkey(1)> command contains examples
equivalent to the ones listed here.
To encrypt a private key using triple DES:
openssl ec -in key.pem -des3 -out keyout.pem
To convert a private key from PEM to DER format:
openssl ec -in key.pem -outform DER -out keyout.der
To print out the components of a private key to standard output:
openssl ec -in key.pem -text -noout
To just output the public part of a private key:
openssl ec -in key.pem -pubout -out pubkey.pem
To change the parameters encoding to B<explicit>:
openssl ec -in key.pem -param_enc explicit -out keyout.pem
To change the point conversion form to B<compressed>:
openssl ec -in key.pem -conv_form compressed -out keyout.pem
=head1 SEE ALSO
L<openssl(1)>,
L<openssl-pkey(1)>,
L<openssl-ecparam(1)>,
L<openssl-dsa(1)>,
L<openssl-rsa(1)>
=head1 HISTORY
The B<-engine> option was deprecated in OpenSSL 3.0.
The B<-conv_form> and B<-no_public> options are no longer supported
with keys loaded from an engine in OpenSSL 3.0.
=head1 COPYRIGHT
Copyright 2003-2023 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
in the file LICENSE in the source distribution or at
L<https://www.openssl.org/source/license.html>.
=cut

207
openssl-3.4.2/doc/man1/openssl-ecparam.pod Normal file
View File

@@ -0,0 +1,207 @@
=pod
=begin comment
WARNING: do not edit!
Generated by Makefile from doc/man1/openssl-ecparam.pod.in
=end comment
=head1 NAME
openssl-ecparam - EC parameter manipulation and generation
=head1 SYNOPSIS
B<openssl ecparam>
[B<-help>]
[B<-inform> B<DER>|B<PEM>]
[B<-outform> B<DER>|B<PEM>]
[B<-in> I<filename>]
[B<-out> I<filename>]
[B<-noout>]
[B<-text>]
[B<-check>]
[B<-check_named>]
[B<-name> I<arg>]
[B<-list_curves>]
[B<-conv_form> I<arg>]
[B<-param_enc> I<arg>]
[B<-no_seed>]
[B<-genkey>]
[B<-engine> I<id>]
[B<-rand> I<files>]
[B<-writerand> I<file>]
[B<-provider> I<name>]
[B<-provider-path> I<path>]
[B<-propquery> I<propq>]
=head1 DESCRIPTION
This command is used to manipulate or generate EC parameter files.
OpenSSL is currently not able to generate new groups and therefore
this command can only create EC parameters from known (named) curves.
=head1 OPTIONS
=over 4
=item B<-help>
Print out a usage message.
=item B<-inform> B<DER>|B<PEM>
The EC parameters input format; unspecified by default.
See L<openssl-format-options(1)> for details.
=item B<-outform> B<DER>|B<PEM>
The EC parameters output format; the default is B<PEM>.
See L<openssl-format-options(1)> for details.
Parameters are encoded as B<EcpkParameters> as specified in IETF RFC 3279.
=item B<-in> I<filename>
This specifies the input filename to read parameters from or standard input if
this option is not specified.
=item B<-out> I<filename>
This specifies the output filename parameters to. Standard output is used
if this option is not present. The output filename should B<not> be the same
as the input filename.
=item B<-noout>
This option inhibits the output of the encoded version of the parameters.
=item B<-text>
This option prints out the EC parameters in human readable form.
=item B<-check>
Validate the elliptic curve parameters.
=item B<-check_named>
Validate the elliptic name curve parameters by checking if the curve parameters
match any built-in curves.
=item B<-name> I<arg>
Use the EC parameters with the specified 'short' name. Use B<-list_curves>
to get a list of all currently implemented EC parameters.
=item B<-list_curves>
Print out a list of all currently implemented EC parameters names and exit.
=item B<-conv_form> I<arg>
This specifies how the points on the elliptic curve are converted
into octet strings. Possible values are: B<compressed>, B<uncompressed> (the
default value) and B<hybrid>. For more information regarding
the point conversion forms please read the X9.62 standard.
B<Note> Due to patent issues the B<compressed> option is disabled
by default for binary curves and can be enabled by defining
the preprocessor macro B<OPENSSL_EC_BIN_PT_COMP> at compile time.
=item B<-param_enc> I<arg>
This specifies how the elliptic curve parameters are encoded.
Possible value are: B<named_curve>, i.e. the ec parameters are
specified by an OID, or B<explicit> where the ec parameters are
explicitly given (see RFC 3279 for the definition of the
EC parameters structures). The default value is B<named_curve>.
B<Note> the B<implicitlyCA> alternative, as specified in RFC 3279,
is currently not implemented in OpenSSL.
=item B<-no_seed>
This option inhibits that the 'seed' for the parameter generation
is included in the ECParameters structure (see RFC 3279).
=item B<-genkey>
This option will generate an EC private key using the specified parameters.
=item B<-engine> I<id>
See L<openssl(1)/Engine Options>.
This option is deprecated.
=item B<-rand> I<files>, B<-writerand> I<file>
See L<openssl(1)/Random State Options> for details.
=item B<-provider> I<name>
=item B<-provider-path> I<path>
=item B<-propquery> I<propq>
See L<openssl(1)/Provider Options>, L<provider(7)>, and L<property(7)>.
=back
The L<openssl-genpkey(1)> and L<openssl-pkeyparam(1)> commands are capable
of performing all the operations this command can, as well as supporting
other public key types.
=head1 EXAMPLES
The documentation for the L<openssl-genpkey(1)> and L<openssl-pkeyparam(1)>
commands contains examples equivalent to the ones listed here.
To create EC parameters with the group 'prime192v1':
openssl ecparam -out ec_param.pem -name prime192v1
To create EC parameters with explicit parameters:
openssl ecparam -out ec_param.pem -name prime192v1 -param_enc explicit
To validate given EC parameters:
openssl ecparam -in ec_param.pem -check
To create EC parameters and a private key:
openssl ecparam -out ec_key.pem -name prime192v1 -genkey
To change the point encoding to 'compressed':
openssl ecparam -in ec_in.pem -out ec_out.pem -conv_form compressed
To print out the EC parameters to standard output:
openssl ecparam -in ec_param.pem -noout -text
=head1 SEE ALSO
L<openssl(1)>,
L<openssl-pkeyparam(1)>,
L<openssl-genpkey(1)>,
L<openssl-ec(1)>,
L<openssl-dsaparam(1)>
=head1 HISTORY
The B<-engine> option was deprecated in OpenSSL 3.0.
The B<-C> option was removed in OpenSSL 3.0.
=head1 COPYRIGHT
Copyright 2003-2021 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
in the file LICENSE in the source distribution or at
L<https://www.openssl.org/source/license.html>.
=cut

520
openssl-3.4.2/doc/man1/openssl-enc.pod Normal file
View File

@@ -0,0 +1,520 @@
=pod
=begin comment
WARNING: do not edit!
Generated by Makefile from doc/man1/openssl-enc.pod.in
=end comment
=head1 NAME
openssl-enc - symmetric cipher routines
=head1 SYNOPSIS
B<openssl> B<enc>|I<cipher>
[B<-I<cipher>>]
[B<-help>]
[B<-list>]
[B<-ciphers>]
[B<-in> I<filename>]
[B<-out> I<filename>]
[B<-pass> I<arg>]
[B<-e>]
[B<-d>]
[B<-a>]
[B<-base64>]
[B<-A>]
[B<-k> I<password>]
[B<-kfile> I<filename>]
[B<-K> I<key>]
[B<-iv> I<IV>]
[B<-S> I<salt>]
[B<-salt>]
[B<-nosalt>]
[B<-z>]
[B<-md> I<digest>]
[B<-iter> I<count>]
[B<-pbkdf2>]
[B<-saltlen> I<size>]
[B<-p>]
[B<-P>]
[B<-bufsize> I<number>]
[B<-nopad>]
[B<-v>]
[B<-debug>]
[B<-none>]
[B<-engine> I<id>]
[B<-rand> I<files>]
[B<-writerand> I<file>]
[B<-provider> I<name>]
[B<-provider-path> I<path>]
[B<-propquery> I<propq>]
B<openssl> I<cipher> [B<...>]
=head1 DESCRIPTION
The symmetric cipher commands allow data to be encrypted or decrypted
using various block and stream ciphers using keys based on passwords
or explicitly provided. Base64 encoding or decoding can also be performed
either by itself or in addition to the encryption or decryption.
=head1 OPTIONS
=over 4
=item B<-I<cipher>>
The cipher to use.
=item B<-help>
Print out a usage message.
=item B<-list>
List all supported ciphers.
=item B<-ciphers>
Alias of -list to display all supported ciphers.
=item B<-in> I<filename>
The input filename, standard input by default.
=item B<-out> I<filename>
The output filename, standard output by default.
=item B<-pass> I<arg>
The password source. For more information about the format of I<arg>
see L<openssl-passphrase-options(1)>.
=item B<-e>
Encrypt the input data: this is the default.
=item B<-d>
Decrypt the input data.
=item B<-a>
Base64 process the data. This means that if encryption is taking place
the data is base64 encoded after encryption. If decryption is set then
the input data is base64 decoded before being decrypted.
When the B<-A> option not given,
on encoding a newline is inserted after each 64 characters, and
on decoding a newline is expected among the first 1024 bytes of input.
=item B<-base64>
Same as B<-a>
=item B<-A>
If the B<-a> option is set then base64 encoding produces output without any
newline character, and base64 decoding does not require any newlines.
Therefore it can be helpful to use the B<-A> option when decoding unknown input.
=item B<-k> I<password>
The password to derive the key from. This is for compatibility with previous
versions of OpenSSL. Superseded by the B<-pass> argument.
=item B<-kfile> I<filename>
Read the password to derive the key from the first line of I<filename>.
This is for compatibility with previous versions of OpenSSL. Superseded by
the B<-pass> argument.
=item B<-md> I<digest>
Use the specified digest to create the key from the passphrase.
The default algorithm is sha-256.
=item B<-iter> I<count>
Use a given number of iterations on the password in deriving the encryption key.
High values increase the time required to brute-force the resulting file.
This option enables the use of PBKDF2 algorithm to derive the key.
=item B<-pbkdf2>
Use PBKDF2 algorithm with a default iteration count of 10000
unless otherwise specified by the B<-iter> command line option.
=item B<-saltlen>
Set the salt length to use when using the B<-pbkdf2> option.
For compatibility reasons, the default is 8 bytes.
The maximum value is currently 16 bytes.
If the B<-pbkdf2> option is not used, then this option is ignored
and a fixed salt length of 8 is used. The salt length used when
encrypting must also be used when decrypting.
=item B<-nosalt>
Don't use a salt in the key derivation routines. This option B<SHOULD NOT> be
used except for test purposes or compatibility with ancient versions of
OpenSSL.
=item B<-salt>
Use salt (randomly generated or provide with B<-S> option) when
encrypting, this is the default.
=item B<-S> I<salt>
The actual salt to use: this must be represented as a string of hex digits.
If this option is used while encrypting, the same exact value will be needed
again during decryption. This salt may be truncated or zero padded to
match the salt length (See B<-saltlen>).
=item B<-K> I<key>
The actual key to use: this must be represented as a string comprised only
of hex digits. If only the key is specified, the IV must additionally specified
using the B<-iv> option. When both a key and a password are specified, the
key given with the B<-K> option will be used and the IV generated from the
password will be taken. It does not make much sense to specify both key
and password.
=item B<-iv> I<IV>
The actual IV to use: this must be represented as a string comprised only
of hex digits. When only the key is specified using the B<-K> option, the
IV must explicitly be defined. When a password is being specified using
one of the other options, the IV is generated from this password.
=item B<-p>
Print out the key and IV used.
=item B<-P>
Print out the key and IV used then immediately exit: don't do any encryption
or decryption.
=item B<-bufsize> I<number>
Set the buffer size for I/O.
=item B<-nopad>
Disable standard block padding.
=item B<-v>
Verbose print; display some statistics about I/O and buffer sizes.
=item B<-debug>
Debug the BIOs used for I/O.
=item B<-z>
Compress or decompress encrypted data using zlib after encryption or before
decryption. This option exists only if OpenSSL was compiled with the zlib
or zlib-dynamic option.
=item B<-none>
Use NULL cipher (no encryption or decryption of input).
=item B<-rand> I<files>, B<-writerand> I<file>
See L<openssl(1)/Random State Options> for details.
=item B<-provider> I<name>
=item B<-provider-path> I<path>
=item B<-propquery> I<propq>
See L<openssl(1)/Provider Options>, L<provider(7)>, and L<property(7)>.
=item B<-engine> I<id>
See L<openssl(1)/Engine Options>.
This option is deprecated.
=back
=head1 NOTES
The program can be called either as C<openssl I<cipher>> or
C<openssl enc -I<cipher>>. The first form doesn't work with
engine-provided ciphers, because this form is processed before the
configuration file is read and any ENGINEs loaded.
Use the L<openssl-list(1)> command to get a list of supported ciphers.
Engines which provide entirely new encryption algorithms (such as the ccgost
engine which provides gost89 algorithm) should be configured in the
configuration file. Engines specified on the command line using B<-engine>
option can only be used for hardware-assisted implementations of
ciphers which are supported by the OpenSSL core or another engine specified
in the configuration file.
When the enc command lists supported ciphers, ciphers provided by engines,
specified in the configuration files are listed too.
A password will be prompted for to derive the key and IV if necessary.
The B<-salt> option should B<ALWAYS> be used if the key is being derived
from a password unless you want compatibility with previous versions of
OpenSSL.
Without the B<-salt> option it is possible to perform efficient dictionary
attacks on the password and to attack stream cipher encrypted data. The reason
for this is that without the salt the same password always generates the same
encryption key.
When the salt is generated at random (that means when encrypting using a
passphrase without explicit salt given using B<-S> option), the first bytes
of the encrypted data are reserved to store the salt for later decrypting.
Some of the ciphers do not have large keys and others have security
implications if not used correctly. A beginner is advised to just use
a strong block cipher, such as AES, in CBC mode.
All the block ciphers normally use PKCS#5 padding, also known as standard
block padding. This allows a rudimentary integrity or password check to
be performed. However, since the chance of random data passing the test
is better than 1 in 256 it isn't a very good test.
If padding is disabled then the input data must be a multiple of the cipher
block length.
All RC2 ciphers have the same key and effective key length.
Blowfish and RC5 algorithms use a 128 bit key.
Please note that OpenSSL 3.0 changed the effect of the B<-S> option.
Any explicit salt value specified via this option is no longer prepended to the
ciphertext when encrypting, and must again be explicitly provided when decrypting.
Conversely, when the B<-S> option is used during decryption, the ciphertext
is expected to not have a prepended salt value.
When using OpenSSL 3.0 or later to decrypt data that was encrypted with an
explicit salt under OpenSSL 1.1.1 do not use the B<-S> option, the salt will
then be read from the ciphertext.
To generate ciphertext that can be decrypted with OpenSSL 1.1.1 do not use
the B<-S> option, the salt will be then be generated randomly and prepended
to the output.
=head1 SUPPORTED CIPHERS
Note that some of these ciphers can be disabled at compile time
and some are available only if an appropriate engine is configured
in the configuration file. The output when invoking this command
with the B<-list> option (that is C<openssl enc -list>) is
a list of ciphers, supported by your version of OpenSSL, including
ones provided by configured engines.
This command does not support authenticated encryption modes
like CCM and GCM, and will not support such modes in the future.
This is due to having to begin streaming output (e.g., to standard output
when B<-out> is not used) before the authentication tag could be validated.
When this command is used in a pipeline, the receiving end will not be
able to roll back upon authentication failure. The AEAD modes currently in
common use also suffer from catastrophic failure of confidentiality and/or
integrity upon reuse of key/iv/nonce, and since B<openssl enc> places the
entire burden of key/iv/nonce management upon the user, the risk of
exposing AEAD modes is too great to allow. These key/iv/nonce
management issues also affect other modes currently exposed in this command,
but the failure modes are less extreme in these cases, and the
functionality cannot be removed with a stable release branch.
For bulk encryption of data, whether using authenticated encryption
modes or other modes, L<openssl-cms(1)> is recommended, as it provides a
standard data format and performs the needed key/iv/nonce management.
When enc is used with key wrapping modes the input data cannot be streamed,
meaning it must be processed in a single pass.
Consequently, the input data size must be less than
the buffer size (-bufsize arg, default to 8*1024 bytes).
The '*-wrap' ciphers require the input to be a multiple of 8 bytes long,
because no padding is involved.
The '*-wrap-pad' ciphers allow any input length.
In both cases, no IV is needed. See example below.
base64 Base 64
bf-cbc Blowfish in CBC mode
bf Alias for bf-cbc
blowfish Alias for bf-cbc
bf-cfb Blowfish in CFB mode
bf-ecb Blowfish in ECB mode
bf-ofb Blowfish in OFB mode
cast-cbc CAST in CBC mode
cast Alias for cast-cbc
cast5-cbc CAST5 in CBC mode
cast5-cfb CAST5 in CFB mode
cast5-ecb CAST5 in ECB mode
cast5-ofb CAST5 in OFB mode
chacha20 ChaCha20 algorithm
des-cbc DES in CBC mode
des Alias for des-cbc
des-cfb DES in CFB mode
des-ofb DES in OFB mode
des-ecb DES in ECB mode
des-ede-cbc Two key triple DES EDE in CBC mode
des-ede Two key triple DES EDE in ECB mode
des-ede-cfb Two key triple DES EDE in CFB mode
des-ede-ofb Two key triple DES EDE in OFB mode
des-ede3-cbc Three key triple DES EDE in CBC mode
des-ede3 Three key triple DES EDE in ECB mode
des3 Alias for des-ede3-cbc
des-ede3-cfb Three key triple DES EDE CFB mode
des-ede3-ofb Three key triple DES EDE in OFB mode
desx DESX algorithm.
gost89 GOST 28147-89 in CFB mode (provided by ccgost engine)
gost89-cnt GOST 28147-89 in CNT mode (provided by ccgost engine)
idea-cbc IDEA algorithm in CBC mode
idea same as idea-cbc
idea-cfb IDEA in CFB mode
idea-ecb IDEA in ECB mode
idea-ofb IDEA in OFB mode
rc2-cbc 128 bit RC2 in CBC mode
rc2 Alias for rc2-cbc
rc2-cfb 128 bit RC2 in CFB mode
rc2-ecb 128 bit RC2 in ECB mode
rc2-ofb 128 bit RC2 in OFB mode
rc2-64-cbc 64 bit RC2 in CBC mode
rc2-40-cbc 40 bit RC2 in CBC mode
rc4 128 bit RC4
rc4-64 64 bit RC4
rc4-40 40 bit RC4
rc5-cbc RC5 cipher in CBC mode
rc5 Alias for rc5-cbc
rc5-cfb RC5 cipher in CFB mode
rc5-ecb RC5 cipher in ECB mode
rc5-ofb RC5 cipher in OFB mode
seed-cbc SEED cipher in CBC mode
seed Alias for seed-cbc
seed-cfb SEED cipher in CFB mode
seed-ecb SEED cipher in ECB mode
seed-ofb SEED cipher in OFB mode
sm4-cbc SM4 cipher in CBC mode
sm4 Alias for sm4-cbc
sm4-cfb SM4 cipher in CFB mode
sm4-ctr SM4 cipher in CTR mode
sm4-ecb SM4 cipher in ECB mode
sm4-ofb SM4 cipher in OFB mode
aes-[128|192|256]-cbc 128/192/256 bit AES in CBC mode
aes[128|192|256] Alias for aes-[128|192|256]-cbc
aes-[128|192|256]-cfb 128/192/256 bit AES in 128 bit CFB mode
aes-[128|192|256]-cfb1 128/192/256 bit AES in 1 bit CFB mode
aes-[128|192|256]-cfb8 128/192/256 bit AES in 8 bit CFB mode
aes-[128|192|256]-ctr 128/192/256 bit AES in CTR mode
aes-[128|192|256]-ecb 128/192/256 bit AES in ECB mode
aes-[128|192|256]-ofb 128/192/256 bit AES in OFB mode
aes-[128|192|256]-wrap key wrapping using 128/192/256 bit AES
aes-[128|192|256]-wrap-pad key wrapping with padding using 128/192/256 bit AES
aria-[128|192|256]-cbc 128/192/256 bit ARIA in CBC mode
aria[128|192|256] Alias for aria-[128|192|256]-cbc
aria-[128|192|256]-cfb 128/192/256 bit ARIA in 128 bit CFB mode
aria-[128|192|256]-cfb1 128/192/256 bit ARIA in 1 bit CFB mode
aria-[128|192|256]-cfb8 128/192/256 bit ARIA in 8 bit CFB mode
aria-[128|192|256]-ctr 128/192/256 bit ARIA in CTR mode
aria-[128|192|256]-ecb 128/192/256 bit ARIA in ECB mode
aria-[128|192|256]-ofb 128/192/256 bit ARIA in OFB mode
camellia-[128|192|256]-cbc 128/192/256 bit Camellia in CBC mode
camellia[128|192|256] Alias for camellia-[128|192|256]-cbc
camellia-[128|192|256]-cfb 128/192/256 bit Camellia in 128 bit CFB mode
camellia-[128|192|256]-cfb1 128/192/256 bit Camellia in 1 bit CFB mode
camellia-[128|192|256]-cfb8 128/192/256 bit Camellia in 8 bit CFB mode
camellia-[128|192|256]-ctr 128/192/256 bit Camellia in CTR mode
camellia-[128|192|256]-ecb 128/192/256 bit Camellia in ECB mode
camellia-[128|192|256]-ofb 128/192/256 bit Camellia in OFB mode
=head1 EXAMPLES
Just base64 encode a binary file:
openssl base64 -in file.bin -out file.b64
Decode the same file
openssl base64 -d -in file.b64 -out file.bin
Encrypt a file using AES-128 using a prompted password
and PBKDF2 key derivation:
openssl enc -aes128 -pbkdf2 -in file.txt -out file.aes128
Decrypt a file using a supplied password:
openssl enc -aes128 -pbkdf2 -d -in file.aes128 -out file.txt \
-pass pass:<password>
Encrypt a file then base64 encode it (so it can be sent via mail for example)
using AES-256 in CTR mode and PBKDF2 key derivation:
openssl enc -aes-256-ctr -pbkdf2 -a -in file.txt -out file.aes256
Base64 decode a file then decrypt it using a password supplied in a file:
openssl enc -aes-256-ctr -pbkdf2 -d -a -in file.aes256 -out file.txt \
-pass file:<passfile>
AES key wrapping:
openssl enc -e -a -id-aes128-wrap-pad -K 000102030405060708090A0B0C0D0E0F -in file.bin
or
openssl aes128-wrap-pad -e -a -K 000102030405060708090A0B0C0D0E0F -in file.bin
=head1 BUGS
The B<-A> option when used with large files doesn't work properly.
On the other hand, when base64 decoding without the B<-A> option,
if the first 1024 bytes of input do not include a newline character
the first two lines of input are ignored.
The B<openssl enc> command only supports a fixed number of algorithms with
certain parameters. So if, for example, you want to use RC2 with a
76 bit key or RC4 with an 84 bit key you can't use this program.
=head1 HISTORY
The default digest was changed from MD5 to SHA256 in OpenSSL 1.1.0.
The B<-list> option was added in OpenSSL 1.1.1e.
The B<-ciphers> and B<-engine> options were deprecated in OpenSSL 3.0.
The B<-saltlen> option was added in OpenSSL 3.2.
=head1 COPYRIGHT
Copyright 2000-2024 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
in the file LICENSE in the source distribution or at
L<https://www.openssl.org/source/license.html>.
=cut

138
openssl-3.4.2/doc/man1/openssl-engine.pod Normal file
View File

@@ -0,0 +1,138 @@
=pod
=begin comment
WARNING: do not edit!
Generated by Makefile from doc/man1/openssl-engine.pod.in
=end comment
=head1 NAME
openssl-engine - load and query engines
=head1 SYNOPSIS
B<openssl engine>
[B<-help>]
[B<-v>]
[B<-vv>]
[B<-vvv>]
[B<-vvvv>]
[B<-c>]
[B<-t>]
[B<-tt>]
[B<-pre> I<command>] ...
[B<-post> I<command>] ...
[I<engine> ...]
=head1 DESCRIPTION
This command has been deprecated. Providers should be used instead of engines.
This command is used to query the status and capabilities
of the specified I<engine>s.
Engines may be specified before and after all other command-line flags.
Only those specified are queried.
=head1 OPTIONS
=over 4
=item B<-help>
Display an option summary.
=item B<-v> B<-vv> B<-vvv> B<-vvvv>
Provides information about each specified engine. The first flag lists
all the possible run-time control commands; the second adds a
description of each command; the third adds the input flags, and the
final option adds the internal input flags.
=item B<-c>
Lists the capabilities of each engine.
=item B<-t>
Tests if each specified engine is available, and displays the answer.
=item B<-tt>
Displays an error trace for any unavailable engine.
=item B<-pre> I<command>
=item B<-post> I<command>
Command-line configuration of engines.
The B<-pre> command is given to the engine before it is loaded and
the B<-post> command is given after the engine is loaded.
The I<command> is of the form I<cmd>:I<val> where I<cmd> is the command,
and I<val> is the value for the command.
See the example below.
These two options are cumulative, so they may be given more than once in the
same command.
=back
=head1 EXAMPLES
To list all the commands available to a dynamic engine:
$ openssl engine -t -tt -vvvv dynamic
(dynamic) Dynamic engine loading support
[ unavailable ]
SO_PATH: Specifies the path to the new ENGINE shared library
(input flags): STRING
NO_VCHECK: Specifies to continue even if version checking fails (boolean)
(input flags): NUMERIC
ID: Specifies an ENGINE id name for loading
(input flags): STRING
LIST_ADD: Whether to add a loaded ENGINE to the internal list (0=no,1=yes,2=mandatory)
(input flags): NUMERIC
DIR_LOAD: Specifies whether to load from 'DIR_ADD' directories (0=no,1=yes,2=mandatory)
(input flags): NUMERIC
DIR_ADD: Adds a directory from which ENGINEs can be loaded
(input flags): STRING
LOAD: Load up the ENGINE specified by other settings
(input flags): NO_INPUT
To list the capabilities of the B<rsax> engine:
$ openssl engine -c
(rsax) RSAX engine support
[RSA]
(dynamic) Dynamic engine loading support
=head1 ENVIRONMENT
=over 4
=item B<OPENSSL_ENGINES>
The path to the engines directory.
=back
=head1 SEE ALSO
L<openssl(1)>,
L<config(5)>
=head1 HISTORY
This command was deprecated in OpenSSL 3.0.
=head1 COPYRIGHT
Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
in the file LICENSE in the source distribution or at
L<https://www.openssl.org/source/license.html>.
=cut

60
openssl-3.4.2/doc/man1/openssl-errstr.pod Normal file
View File

@@ -0,0 +1,60 @@
=pod
=begin comment
WARNING: do not edit!
Generated by Makefile from doc/man1/openssl-errstr.pod.in
=end comment
=head1 NAME
openssl-errstr - lookup error codes
=head1 SYNOPSIS
B<openssl errstr>
[B<-help>]
I<error_code...>
=head1 DESCRIPTION
Sometimes an application will not load error message texts and only
numerical forms will be available. This command can be
used to display the meaning of the hex code. The hex code is the hex digits
after the second colon.
=head1 OPTIONS
=over 4
=item B<-help>
Display a usage message.
=back
=head1 EXAMPLES
The error code:
27594:error:2006D080:lib(32)::reason(128)::107:
can be displayed with:
openssl errstr 2006D080
to produce the error message:
error:2006D080:BIO routines::no such file
=head1 COPYRIGHT
Copyright 2004-2020 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
in the file LICENSE in the source distribution or at
L<https://www.openssl.org/source/license.html>.
=cut

506
openssl-3.4.2/doc/man1/openssl-fipsinstall.pod Normal file
View File

@@ -0,0 +1,506 @@
=pod
=begin comment
WARNING: do not edit!
Generated by Makefile from doc/man1/openssl-fipsinstall.pod.in
=end comment
=head1 NAME
openssl-fipsinstall - perform FIPS configuration installation
=head1 SYNOPSIS
B<openssl fipsinstall>
[B<-help>]
[B<-in> I<configfilename>]
[B<-out> I<configfilename>]
[B<-module> I<modulefilename>]
[B<-provider_name> I<providername>]
[B<-section_name> I<sectionname>]
[B<-verify>]
[B<-mac_name> I<macname>]
[B<-macopt> I<nm>:I<v>]
[B<-noout>]
[B<-quiet>]
[B<-pedantic>]
[B<-no_conditional_errors>]
[B<-no_security_checks>]
[B<-hmac_key_check>]
[B<-kmac_key_check>]
[B<-ems_check>]
[B<-no_drbg_truncated_digests>]
[B<-signature_digest_check>]
[B<-hkdf_digest_check>]
[B<-tls13_kdf_digest_check>]
[B<-tls1_prf_digest_check>]
[B<-sshkdf_digest_check>]
[B<-sskdf_digest_check>]
[B<-x963kdf_digest_check>]
[B<-dsa_sign_disabled>]
[B<-no_pbkdf2_lower_bound_check>]
[B<-no_short_mac>]
[B<-tdes_encrypt_disabled>]
[B<-rsa_pkcs15_padding_disabled>]
[B<-rsa_pss_saltlen_check>]
[B<-rsa_sign_x931_disabled>]
[B<-hkdf_key_check>]
[B<-kbkdf_key_check>]
[B<-tls13_kdf_key_check>]
[B<-tls1_prf_key_check>]
[B<-sshkdf_key_check>]
[B<-sskdf_key_check>]
[B<-x963kdf_key_check>]
[B<-x942kdf_key_check>]
[B<-ecdh_cofactor_check>]
[B<-self_test_onload>]
[B<-self_test_oninstall>]
[B<-corrupt_desc> I<selftest_description>]
[B<-corrupt_type> I<selftest_type>]
[B<-config> I<parent_config>]
=head1 DESCRIPTION
This command is used to generate a FIPS module configuration file.
This configuration file can be used each time a FIPS module is loaded
in order to pass data to the FIPS module self tests. The FIPS module always
verifies its MAC, but optionally only needs to run the KAT's once,
at installation.
The generated configuration file consists of:
=over 4
=item - A MAC of the FIPS module file.
=item - A test status indicator.
This indicates if the Known Answer Self Tests (KAT's) have successfully run.
=item - A MAC of the status indicator.
=item - A control for conditional self tests errors.
By default if a continuous test (e.g a key pair test) fails then the FIPS module
will enter an error state, and no services or cryptographic algorithms will be
able to be accessed after this point.
The default value of '1' will cause the fips module error state to be entered.
If the value is '0' then the module error state will not be entered.
Regardless of whether the error state is entered or not, the current operation
(e.g. key generation) will return an error. The user is responsible for retrying
the operation if the module error state is not entered.
=item - A control to indicate whether run-time security checks are done.
This indicates if run-time checks related to enforcement of security parameters
such as minimum security strength of keys and approved curve names are used.
The default value of '1' will perform the checks.
If the value is '0' the checks are not performed and FIPS compliance must
be done by procedures documented in the relevant Security Policy.
=back
This file is described in L<fips_config(5)>.
=head1 OPTIONS
=over 4
=item B<-help>
Print a usage message.
=item B<-module> I<filename>
Filename of the FIPS module to perform an integrity check on.
The path provided in the filename is used to load the module when it is
activated, and this overrides the environment variable B<OPENSSL_MODULES>.
=item B<-out> I<configfilename>
Filename to output the configuration data to; the default is standard output.
=item B<-in> I<configfilename>
Input filename to load configuration data from.
Must be used if the B<-verify> option is specified.
=item B<-verify>
Verify that the input configuration file contains the correct information.
=item B<-provider_name> I<providername>
Name of the provider inside the configuration file.
The default value is C<fips>.
=item B<-section_name> I<sectionname>
Name of the section inside the configuration file.
The default value is C<fips_sect>.
=item B<-mac_name> I<name>
Specifies the name of a supported MAC algorithm which will be used.
The MAC mechanisms that are available will depend on the options
used when building OpenSSL.
To see the list of supported MAC's use the command
C<openssl list -mac-algorithms>. The default is B<HMAC>.
=item B<-macopt> I<nm>:I<v>
Passes options to the MAC algorithm.
A comprehensive list of controls can be found in the EVP_MAC implementation
documentation.
Common control strings used for this command are:
=over 4
=item B<key>:I<string>
Specifies the MAC key as an alphanumeric string (use if the key contains
printable characters only).
The string length must conform to any restrictions of the MAC algorithm.
A key must be specified for every MAC algorithm.
If no key is provided, the default that was specified when OpenSSL was
configured is used.
=item B<hexkey>:I<string>
Specifies the MAC key in hexadecimal form (two hex digits per byte).
The key length must conform to any restrictions of the MAC algorithm.
A key must be specified for every MAC algorithm.
If no key is provided, the default that was specified when OpenSSL was
configured is used.
=item B<digest>:I<string>
Used by HMAC as an alphanumeric string (use if the key contains printable
characters only).
The string length must conform to any restrictions of the MAC algorithm.
To see the list of supported digests, use the command
C<openssl list -digest-commands>.
The default digest is SHA-256.
=back
=item B<-noout>
Disable logging of the self tests.
=item B<-pedantic>
Configure the module so that it is strictly FIPS compliant rather
than being backwards compatible. This enables conditional errors,
security checks etc. Note that any previous configuration options will
be overwritten and any subsequent configuration options that violate
FIPS compliance will result in an error.
=item B<-no_conditional_errors>
Configure the module to not enter an error state if a conditional self test
fails as described above.
=item B<-no_security_checks>
Configure the module to not perform run-time security checks as described above.
Enabling the configuration option "no-fips-securitychecks" provides another way to
turn off the check at compile time.
=item B<-ems_check>
Configure the module to enable a run-time Extended Master Secret (EMS) check
when using the TLS1_PRF KDF algorithm. This check is disabled by default.
See RFC 7627 for information related to EMS.
=item B<-no_short_mac>
Configure the module to not allow short MAC outputs.
See SP 800-185 8.4.2 and FIPS 140-3 ID C.D for details.
=item B<-hmac_key_check>
Configure the module to not allow small keys sizes when using HMAC.
See SP 800-131Ar2 for details.
=item B<-kmac_key_check>
Configure the module to not allow small keys sizes when using KMAC.
See SP 800-131Ar2 for details.
=item B<-no_drbg_truncated_digests>
Configure the module to not allow truncated digests to be used with Hash and
HMAC DRBGs. See FIPS 140-3 IG D.R for details.
=item B<-signature_digest_check>
Configure the module to enforce signature algorithms to use digests that are
explicitly permitted by the various standards.
=item B<-hkdf_digest_check>
Configure the module to enable a run-time digest check when deriving a key by
HKDF.
See NIST SP 800-56Cr2 for details.
=item B<-tls13_kdf_digest_check>
Configure the module to enable a run-time digest check when deriving a key by
TLS13 KDF.
See RFC 8446 for details.
=item B<-tls1_prf_digest_check>
Configure the module to enable a run-time digest check when deriving a key by
TLS_PRF.
See NIST SP 800-135r1 for details.
=item B<-sshkdf_digest_check>
Configure the module to enable a run-time digest check when deriving a key by
SSHKDF.
See NIST SP 800-135r1 for details.
=item B<-sskdf_digest_check>
Configure the module to enable a run-time digest check when deriving a key by
SSKDF.
See NIST SP 800-56Cr2 for details.
=item B<-x963kdf_digest_check>
Configure the module to enable a run-time digest check when deriving a key by
X963KDF.
See NIST SP 800-131Ar2 for details.
=item B<-dsa_sign_disabled>
Configure the module to not allow DSA signing (DSA signature verification is
still allowed). See FIPS 140-3 IG C.K for details.
=item B<-tdes_encrypt_disabled>
Configure the module to not allow Triple-DES encryption.
Triple-DES decryption is still allowed for legacy purposes.
See SP800-131Ar2 for details.
=item B<-rsa_pkcs15_padding_disabled>
Configure the module to not allow PKCS#1 version 1.5 padding to be used with
RSA for key transport and key agreement. See NIST's SP 800-131A Revision 2
for details.
=item B<-rsa_pss_saltlen_check>
Configure the module to enable a run-time salt length check when generating or
verifying a RSA-PSS signature.
See FIPS 186-5 5.4 (g) for details.
=item B<-rsa_sign_x931_disabled>
Configure the module to not allow X9.31 padding to be used when signing with
RSA. See FIPS 140-3 IG C.K for details.
=item B<-hkdf_key_check>
Configure the module to enable a run-time short key-derivation key check when
deriving a key by HKDF.
See NIST SP 800-131Ar2 for details.
=item B<-kbkdf_key_check>
Configure the module to enable a run-time short key-derivation key check when
deriving a key by KBKDF.
See NIST SP 800-131Ar2 for details.
=item B<-tls13_kdf_key_check>
Configure the module to enable a run-time short key-derivation key check when
deriving a key by TLS13 KDF.
See NIST SP 800-131Ar2 for details.
=item B<-tls1_prf_key_check>
Configure the module to enable a run-time short key-derivation key check when
deriving a key by TLS_PRF.
See NIST SP 800-131Ar2 for details.
=item B<-sshkdf_key_check>
Configure the module to enable a run-time short key-derivation key check when
deriving a key by SSHKDF.
See NIST SP 800-131Ar2 for details.
=item B<-sskdf_key_check>
Configure the module to enable a run-time short key-derivation key check when
deriving a key by SSKDF.
See NIST SP 800-131Ar2 for details.
=item B<-x963kdf_key_check>
Configure the module to enable a run-time short key-derivation key check when
deriving a key by X963KDF.
See NIST SP 800-131Ar2 for details.
=item B<-x942kdf_key_check>
Configure the module to enable a run-time short key-derivation key check when
deriving a key by X942KDF.
See NIST SP 800-131Ar2 for details.
=item B<-no_pbkdf2_lower_bound_check>
Configure the module to not perform run-time lower bound check for PBKDF2.
See NIST SP 800-132 for details.
=item B<-ecdh_cofactor_check>
Configure the module to enable a run-time check that ECDH uses the EC curves
cofactor value when deriving a key. This only affects the 'B' and 'K' curves.
See SP 800-56A r3 Section 5.7.1.2 for details.
=item B<-self_test_onload>
Do not write the two fields related to the "test status indicator" and
"MAC status indicator" to the output configuration file. Without these fields
the self tests KATS will run each time the module is loaded. This option could be
used for cross compiling, since the self tests need to run at least once on each
target machine. Once the self tests have run on the target machine the user
could possibly then add the 2 fields into the configuration using some other
mechanism.
This is the default.
=item B<-self_test_oninstall>
The converse of B<-self_test_oninstall>. The two fields related to the
"test status indicator" and "MAC status indicator" are written to the
output configuration file.
=item B<-quiet>
Do not output pass/fail messages. Implies B<-noout>.
=item B<-corrupt_desc> I<selftest_description>,
B<-corrupt_type> I<selftest_type>
The corrupt options can be used to test failure of one or more self tests by
name.
Either option or both may be used to select the tests to corrupt.
Refer to the entries for B<st-desc> and B<st-type> in L<OSSL_PROVIDER-FIPS(7)> for
values that can be used.
=item B<-config> I<parent_config>
Test that a FIPS provider can be loaded from the specified configuration file.
A previous call to this application needs to generate the extra configuration
data that is included by the base C<parent_config> configuration file.
See L<config(5)> for further information on how to set up a provider section.
All other options are ignored if '-config' is used.
=back
=head1 NOTES
Self tests results are logged by default if the options B<-quiet> and B<-noout>
are not specified, or if either of the options B<-corrupt_desc> or
B<-corrupt_type> are used.
If the base configuration file is set up to autoload the fips module, then the
fips module will be loaded and self tested BEFORE the fipsinstall application
has a chance to set up its own self test callback. As a result of this the self
test output and the options B<-corrupt_desc> and B<-corrupt_type> will be ignored.
For normal usage the base configuration file should use the default provider
when generating the fips configuration file.
The B<-self_test_oninstall> option was added and the
B<-self_test_onload> option was made the default in OpenSSL 3.1.
The command and all remaining options were added in OpenSSL 3.0.
=head1 EXAMPLES
Calculate the mac of a FIPS module F<fips.so> and run a FIPS self test
for the module, and save the F<fips.cnf> configuration file:
openssl fipsinstall -module ./fips.so -out fips.cnf -provider_name fips
Verify that the configuration file F<fips.cnf> contains the correct info:
openssl fipsinstall -module ./fips.so -in fips.cnf -provider_name fips -verify
Corrupt any self tests which have the description C<SHA1>:
openssl fipsinstall -module ./fips.so -out fips.cnf -provider_name fips \
-corrupt_desc 'SHA1'
Validate that the fips module can be loaded from a base configuration file:
export OPENSSL_CONF_INCLUDE=<path of configuration files>
export OPENSSL_MODULES=<provider-path>
openssl fipsinstall -config' 'default.cnf'
=head1 SEE ALSO
L<config(5)>,
L<fips_config(5)>,
L<OSSL_PROVIDER-FIPS(7)>,
L<EVP_MAC(3)>
=head1 HISTORY
The B<openssl-fipsinstall> application was added in OpenSSL 3.0.
The following options were added in OpenSSL 3.1:
B<-ems_check>,
B<-self_test_oninstall>
The following options were added in OpenSSL 3.2:
B<-pedantic>,
B<-no_drbg_truncated_digests>
The following options were added in OpenSSL 3.4:
B<-hmac_key_check>,
B<-kmac_key_check>,
B<-signature_digest_check>,
B<-hkdf_digest_check>,
B<-tls13_kdf_digest_check>,
B<-tls1_prf_digest_check>,
B<-sshkdf_digest_check>,
B<-sskdf_digest_check>,
B<-x963kdf_digest_check>,
B<-dsa_sign_disabled>,
B<-no_pbkdf2_lower_bound_check>,
B<-no_short_mac>,
B<-tdes_encrypt_disabled>,
B<-rsa_pkcs15_padding_disabled>,
B<-rsa_pss_saltlen_check>,
B<-rsa_sign_x931_disabled>,
B<-hkdf_key_check>,
B<-kbkdf_key_check>,
B<-tls13_kdf_key_check>,
B<-tls1_prf_key_check>,
B<-sshkdf_key_check>,
B<-sskdf_key_check>,
B<-x963kdf_key_check>,
B<-x942kdf_key_check>,
B<-ecdh_cofactor_check>
=head1 COPYRIGHT
Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
in the file LICENSE in the source distribution or at
L<https://www.openssl.org/source/license.html>.
=cut

134
openssl-3.4.2/doc/man1/openssl-gendsa.pod Normal file
View File

@@ -0,0 +1,134 @@
=pod
=begin comment
WARNING: do not edit!
Generated by Makefile from doc/man1/openssl-gendsa.pod.in
=end comment
=head1 NAME
openssl-gendsa - generate a DSA private key from a set of parameters
=head1 SYNOPSIS
B<openssl> B<gendsa>
[B<-help>]
[B<-out> I<filename>]
[B<-passout> I<arg>]
[B<-aes128>]
[B<-aes192>]
[B<-aes256>]
[B<-aria128>]
[B<-aria192>]
[B<-aria256>]
[B<-camellia128>]
[B<-camellia192>]
[B<-camellia256>]
[B<-des>]
[B<-des3>]
[B<-idea>]
[B<-verbose>]
[B<-quiet>]
[B<-rand> I<files>]
[B<-writerand> I<file>]
[B<-engine> I<id>]
[B<-provider> I<name>]
[B<-provider-path> I<path>]
[B<-propquery> I<propq>]
[I<paramfile>]
=head1 DESCRIPTION
This command generates a DSA private key from a DSA parameter file
(which will be typically generated by the L<openssl-dsaparam(1)> command).
=head1 OPTIONS
=over 4
=item B<-help>
Print out a usage message.
=item B<-out> I<filename>
Output the key to the specified file. If this argument is not specified then
standard output is used.
=item B<-passout> I<arg>
The passphrase used for the output file.
See L<openssl-passphrase-options(1)>.
=item B<-aes128>, B<-aes192>, B<-aes256>, B<-aria128>, B<-aria192>, B<-aria256>, B<-camellia128>, B<-camellia192>, B<-camellia256>, B<-des>, B<-des3>, B<-idea>
These options encrypt the private key with specified
cipher before outputting it. A pass phrase is prompted for.
If none of these options is specified no encryption is used.
Note that all options must be given before the I<paramfile> argument.
=item B<-verbose>
Print extra details about the operations being performed.
=item B<-quiet>
Print fewer details about the operations being performed, which may
be handy during batch scripts and pipelines.
=item B<-rand> I<files>, B<-writerand> I<file>
See L<openssl(1)/Random State Options> for details.
=item B<-engine> I<id>
See L<openssl(1)/Engine Options>.
This option is deprecated.
=item I<paramfile>
The DSA parameter file to use. The parameters in this file determine
the size of the private key. DSA parameters can be generated and
examined using the L<openssl-dsaparam(1)> command.
=item B<-provider> I<name>
=item B<-provider-path> I<path>
=item B<-propquery> I<propq>
See L<openssl(1)/Provider Options>, L<provider(7)>, and L<property(7)>.
=back
=head1 NOTES
DSA key generation is little more than random number generation so it is
much quicker that RSA key generation for example.
=head1 SEE ALSO
L<openssl(1)>,
L<openssl-genpkey(1)>,
L<openssl-dsaparam(1)>,
L<openssl-dsa(1)>,
L<openssl-genrsa(1)>,
L<openssl-rsa(1)>
=head1 HISTORY
The B<-engine> option was deprecated in OpenSSL 3.0.
=head1 COPYRIGHT
Copyright 2000-2023 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
in the file LICENSE in the source distribution or at
L<https://www.openssl.org/source/license.html>.
=cut

540
openssl-3.4.2/doc/man1/openssl-genpkey.pod Normal file
View File

@@ -0,0 +1,540 @@
=pod
=begin comment
WARNING: do not edit!
Generated by Makefile from doc/man1/openssl-genpkey.pod.in
=end comment
=head1 NAME
openssl-genpkey - generate a private key or key pair
=head1 SYNOPSIS
B<openssl> B<genpkey>
[B<-help>]
[B<-out> I<filename>]
[B<-outpubkey> I<filename>]
[B<-outform> B<DER>|B<PEM>]
[B<-verbose>]
[B<-quiet>]
[B<-pass> I<arg>]
[B<-I<cipher>>]
[B<-paramfile> I<file>]
[B<-algorithm> I<alg>]
[B<-pkeyopt> I<opt>:I<value>]
[B<-genparam>]
[B<-text>]
[B<-rand> I<files>]
[B<-writerand> I<file>]
[B<-engine> I<id>]
[B<-provider> I<name>]
[B<-provider-path> I<path>]
[B<-propquery> I<propq>]
[B<-config> I<configfile>]
=head1 DESCRIPTION
This command generates a private key or key pair.
=head1 OPTIONS
=over 4
=item B<-help>
Print out a usage message.
=item B<-out> I<filename>
Output the private key to the specified file. If this argument is not
specified then standard output is used.
=item B<-outpubkey> I<filename>
Output the public key to the specified file. If this argument is not
specified then the public key is not output.
=item B<-outform> B<DER>|B<PEM>
The output format, except when B<-genparam> is given; the default is B<PEM>.
See L<openssl-format-options(1)> for details.
When B<-genparam> is given, B<-outform> is ignored.
=item B<-verbose>
Output "status dots" while generating keys.
=item B<-quiet>
Do not output "status dots" while generating keys.
=item B<-pass> I<arg>
The output file password source. For more information about the format of I<arg>
see L<openssl-passphrase-options(1)>.
=item B<-I<cipher>>
This option encrypts the private key with the supplied cipher. Any algorithm
name accepted by EVP_get_cipherbyname() is acceptable such as B<des3>.
=item B<-algorithm> I<alg>
Public key algorithm to use such as RSA, DSA, DH or DHX. If used this option must
precede any B<-pkeyopt> options. The options B<-paramfile> and B<-algorithm>
are mutually exclusive. Engines or providers may add algorithms in addition to
the standard built-in ones.
Valid built-in algorithm names for private key generation are RSA, RSA-PSS, EC,
X25519, X448, ED25519 and ED448.
Valid built-in algorithm names for parameter generation (see the B<-genparam>
option) are DH, DSA and EC.
Note that the algorithm name X9.42 DH may be used as a synonym for DHX keys and
PKCS#3 refers to DH Keys. Some options are not shared between DH and DHX keys.
=item B<-pkeyopt> I<opt>:I<value>
Set the public key algorithm option I<opt> to I<value>. The precise set of
options supported depends on the public key algorithm used and its
implementation. See L</KEY GENERATION OPTIONS> and
L</PARAMETER GENERATION OPTIONS> below for more details.
To list the possible I<opt> values for an algorithm use:
B<openssl> B<genpkey> -algorithm XXX -help
=item B<-genparam>
Generate a set of parameters instead of a private key. If used this option must
precede any B<-algorithm>, B<-paramfile> or B<-pkeyopt> options.
=item B<-paramfile> I<filename>
Some public key algorithms generate a private key based on a set of parameters.
They can be supplied using this option. If this option is used the public key
algorithm used is determined by the parameters. If used this option must
precede any B<-pkeyopt> options. The options B<-paramfile> and B<-algorithm>
are mutually exclusive.
=item B<-text>
Print an (unencrypted) text representation of private and public keys and
parameters along with the PEM or DER structure.
=item B<-rand> I<files>, B<-writerand> I<file>
See L<openssl(1)/Random State Options> for details.
=item B<-engine> I<id>
See L<openssl(1)/Engine Options>.
This option is deprecated.
=item B<-provider> I<name>
=item B<-provider-path> I<path>
=item B<-propquery> I<propq>
See L<openssl(1)/Provider Options>, L<provider(7)>, and L<property(7)>.
=item B<-config> I<configfile>
See L<openssl(1)/Configuration Option>.
=back
=head1 KEY GENERATION OPTIONS
The options supported by each algorithm and indeed each implementation of an
algorithm can vary. The options for the OpenSSL implementations are detailed
below. There are no key generation options defined for the X25519, X448, ED25519
or ED448 algorithms.
=head2 RSA Key Generation Options
=over 4
=item B<rsa_keygen_bits:numbits>
The number of bits in the generated key. If not specified 2048 is used.
=item B<rsa_keygen_primes:numprimes>
The number of primes in the generated key. If not specified 2 is used.
=item B<rsa_keygen_pubexp:value>
The RSA public exponent value. This can be a large decimal or
hexadecimal value if preceded by C<0x>. Default value is 65537.
=back
=head2 RSA-PSS Key Generation Options
Note: by default an B<RSA-PSS> key has no parameter restrictions.
=over 4
=item B<rsa_keygen_bits>:I<numbits>, B<rsa_keygen_primes>:I<numprimes>,
B<rsa_keygen_pubexp>:I<value>
These options have the same meaning as the B<RSA> algorithm.
=item B<rsa_pss_keygen_md>:I<digest>
If set the key is restricted and can only use I<digest> for signing.
=item B<rsa_pss_keygen_mgf1_md>:I<digest>
If set the key is restricted and can only use I<digest> as it's MGF1
parameter.
=item B<rsa_pss_keygen_saltlen>:I<len>
If set the key is restricted and I<len> specifies the minimum salt length.
=back
=head2 EC Key Generation Options
The EC key generation options can also be used for parameter generation.
=over 4
=item B<ec_paramgen_curve>:I<curve>
The EC curve to use. OpenSSL supports NIST curve names such as "P-256".
=item B<ec_param_enc>:I<encoding>
The encoding to use for parameters. The I<encoding> parameter must be either
B<named_curve> or B<explicit>. The default value is B<named_curve>.
=back
=head2 DH Key Generation Options
=over 4
=item B<group>:I<name>
The B<paramfile> option is not required if a named group is used here.
See the L</DH Parameter Generation Options> section below.
=back
=head1 PARAMETER GENERATION OPTIONS
The options supported by each algorithm and indeed each implementation of an
algorithm can vary. The options for the OpenSSL implementations are detailed
below.
=head2 DSA Parameter Generation Options
=over 4
=item B<dsa_paramgen_bits>:I<numbits>
The number of bits in the generated prime. If not specified 2048 is used.
=item B<dsa_paramgen_q_bits>:I<numbits>
=item B<qbits>:I<numbits>
The number of bits in the q parameter. Must be one of 160, 224 or 256. If not
specified 224 is used.
=item B<dsa_paramgen_md>:I<digest>
=item B<digest>:I<digest>
The digest to use during parameter generation. Must be one of B<sha1>, B<sha224>
or B<sha256>. If set, then the number of bits in B<q> will match the output size
of the specified digest and the B<dsa_paramgen_q_bits> parameter will be
ignored. If not set, then a digest will be used that gives an output matching
the number of bits in B<q>, i.e. B<sha1> if q length is 160, B<sha224> if it 224
or B<sha256> if it is 256.
=item B<properties>:I<query>
The I<digest> property I<query> string to use when fetching a digest from a provider.
=item B<type>:I<type>
The type of generation to use. Set this to 1 to use legacy FIPS186-2 parameter
generation. The default of 0 uses FIPS186-4 parameter generation.
=item B<gindex>:I<index>
The index to use for canonical generation and verification of the generator g.
Set this to a positive value ranging from 0..255 to use this mode. Larger values
will only use the bottom byte.
This I<index> must then be reused during key validation to verify the value of g.
If this value is not set then g is not verifiable. The default value is -1.
=item B<hexseed>:I<seed>
The seed I<seed> data to use instead of generating a random seed internally.
This should be used for testing purposes only. This will either produced fixed
values for the generated parameters OR it will fail if the seed did not
generate valid primes.
=back
=head2 DH Parameter Generation Options
For most use cases it is recommended to use the B<group> option rather than
the B<type> options. Note that the B<group> option is not used by default if
no parameter generation options are specified.
=over 4
=item B<group>:I<name>
=item B<dh_param>:I<name>
Use a named DH group to select constant values for the DH parameters.
All other options will be ignored if this value is set.
Valid values that are associated with the B<algorithm> of B<"DH"> are:
"ffdhe2048", "ffdhe3072", "ffdhe4096", "ffdhe6144", "ffdhe8192",
"modp_1536", "modp_2048", "modp_3072", "modp_4096", "modp_6144", "modp_8192".
Valid values that are associated with the B<algorithm> of B<"DHX"> are the
RFC5114 names "dh_1024_160", "dh_2048_224", "dh_2048_256".
=item B<dh_rfc5114>:I<num>
If this option is set, then the appropriate RFC5114 parameters are used
instead of generating new parameters. The value I<num> can be one of
1, 2 or 3 that are equivalent to using the option B<group> with one of
"dh_1024_160", "dh_2048_224" or "dh_2048_256".
All other options will be ignored if this value is set.
=item B<pbits>:I<numbits>
=item B<dh_paramgen_prime_len>:I<numbits>
The number of bits in the prime parameter I<p>. The default is 2048.
=item B<qbits>:I<numbits>
=item B<dh_paramgen_subprime_len>:I<numbits>
The number of bits in the sub prime parameter I<q>. The default is 224.
Only relevant if used in conjunction with the B<dh_paramgen_type> option to
generate DHX parameters.
=item B<safeprime-generator>:I<value>
=item B<dh_paramgen_generator>:I<value>
The value to use for the generator I<g>. The default is 2.
The B<algorithm> option must be B<"DH"> for this parameter to be used.
=item B<type>:I<string>
The type name of DH parameters to generate. Valid values are:
=over 4
=item "generator"
Use a safe prime generator with the option B<safeprime_generator>
The B<algorithm> option must be B<"DH">.
=item "fips186_4"
FIPS186-4 parameter generation.
The B<algorithm> option must be B<"DHX">.
=item "fips186_2"
FIPS186-4 parameter generation.
The B<algorithm> option must be B<"DHX">.
=item "group"
Can be used with the option B<pbits> to select one of
"ffdhe2048", "ffdhe3072", "ffdhe4096", "ffdhe6144" or "ffdhe8192".
The B<algorithm> option must be B<"DH">.
=item "default"
Selects a default type based on the B<algorithm>. This is used by the
OpenSSL default provider to set the type for backwards compatibility.
If B<algorithm> is B<"DH"> then B<"generator"> is used.
If B<algorithm> is B<"DHX"> then B<"fips186_2"> is used.
=back
=item B<dh_paramgen_type>:I<value>
The type of DH parameters to generate. Valid values are 0, 1, 2 or 3
which correspond to setting the option B<type> to
"generator", "fips186_2", "fips186_4" or "group".
=item B<digest>:I<digest>
The digest to use during parameter generation. Must be one of B<sha1>, B<sha224>
or B<sha256>. If set, then the number of bits in B<qbits> will match the output
size of the specified digest and the B<qbits> parameter will be
ignored. If not set, then a digest will be used that gives an output matching
the number of bits in B<q>, i.e. B<sha1> if q length is 160, B<sha224> if it is
224 or B<sha256> if it is 256.
This is only used by "fips186_4" and "fips186_2" key generation.
=item B<properties>:I<query>
The I<digest> property I<query> string to use when fetching a digest from a provider.
This is only used by "fips186_4" and "fips186_2" key generation.
=item B<gindex>:I<index>
The index to use for canonical generation and verification of the generator g.
Set this to a positive value ranging from 0..255 to use this mode. Larger values
will only use the bottom byte.
This I<index> must then be reused during key validation to verify the value of g.
If this value is not set then g is not verifiable. The default value is -1.
This is only used by "fips186_4" and "fips186_2" key generation.
=item B<hexseed>:I<seed>
The seed I<seed> data to use instead of generating a random seed internally.
This should be used for testing purposes only. This will either produced fixed
values for the generated parameters OR it will fail if the seed did not
generate valid primes.
This is only used by "fips186_4" and "fips186_2" key generation.
=back
=head2 EC Parameter Generation Options
The EC parameter generation options are the same as for key generation. See
L</EC Key Generation Options> above.
=head1 NOTES
The use of the genpkey program is encouraged over the algorithm specific
utilities because additional algorithm options and ENGINE provided algorithms
can be used.
=head1 EXAMPLES
Generate an RSA private key using default parameters:
openssl genpkey -algorithm RSA -out key.pem
Encrypt output private key using 128 bit AES and the passphrase "hello":
openssl genpkey -algorithm RSA -out key.pem -aes-128-cbc -pass pass:hello
Generate a 2048 bit RSA key using 3 as the public exponent:
openssl genpkey -algorithm RSA -out key.pem \
-pkeyopt rsa_keygen_bits:2048 -pkeyopt rsa_keygen_pubexp:3
Generate 2048 bit DSA parameters that can be validated: The output values for
gindex and seed are required for key validation purposes and are not saved to
the output pem file).
openssl genpkey -genparam -algorithm DSA -out dsap.pem -pkeyopt pbits:2048 \
-pkeyopt qbits:224 -pkeyopt digest:SHA256 -pkeyopt gindex:1 -text
Generate DSA key from parameters:
openssl genpkey -paramfile dsap.pem -out dsakey.pem
Generate 4096 bit DH Key using safe prime group ffdhe4096:
openssl genpkey -algorithm DH -out dhkey.pem -pkeyopt group:ffdhe4096
Generate 2048 bit X9.42 DH key with 256 bit subgroup using RFC5114 group3:
openssl genpkey -algorithm DHX -out dhkey.pem -pkeyopt dh_rfc5114:3
Generate a DH key using a DH parameters file:
openssl genpkey -paramfile dhp.pem -out dhkey.pem
Output DH parameters for safe prime group ffdhe2048:
openssl genpkey -genparam -algorithm DH -out dhp.pem -pkeyopt group:ffdhe2048
Output 2048 bit X9.42 DH parameters with 224 bit subgroup using RFC5114 group2:
openssl genpkey -genparam -algorithm DHX -out dhp.pem -pkeyopt dh_rfc5114:2
Output 2048 bit X9.42 DH parameters with 224 bit subgroup using FIP186-4 keygen:
openssl genpkey -genparam -algorithm DHX -out dhp.pem -text \
-pkeyopt pbits:2048 -pkeyopt qbits:224 -pkeyopt digest:SHA256 \
-pkeyopt gindex:1 -pkeyopt dh_paramgen_type:2
Output 1024 bit X9.42 DH parameters with 160 bit subgroup using FIP186-2 keygen:
openssl genpkey -genparam -algorithm DHX -out dhp.pem -text \
-pkeyopt pbits:1024 -pkeyopt qbits:160 -pkeyopt digest:SHA1 \
-pkeyopt gindex:1 -pkeyopt dh_paramgen_type:1
Output 2048 bit DH parameters:
openssl genpkey -genparam -algorithm DH -out dhp.pem \
-pkeyopt dh_paramgen_prime_len:2048
Output 2048 bit DH parameters using a generator:
openssl genpkey -genparam -algorithm DH -out dhpx.pem \
-pkeyopt dh_paramgen_prime_len:2048 \
-pkeyopt dh_paramgen_type:1
Generate EC parameters:
openssl genpkey -genparam -algorithm EC -out ecp.pem \
-pkeyopt ec_paramgen_curve:secp384r1 \
-pkeyopt ec_param_enc:named_curve
Generate EC key from parameters:
openssl genpkey -paramfile ecp.pem -out eckey.pem
Generate EC key directly:
openssl genpkey -algorithm EC -out eckey.pem \
-pkeyopt ec_paramgen_curve:P-384 \
-pkeyopt ec_param_enc:named_curve
Generate an X25519 private key:
openssl genpkey -algorithm X25519 -out xkey.pem
Generate an ED448 private key:
openssl genpkey -algorithm ED448 -out xkey.pem
=head1 HISTORY
The ability to use NIST curve names, and to generate an EC key directly,
were added in OpenSSL 1.0.2.
The ability to generate X25519 keys was added in OpenSSL 1.1.0.
The ability to generate X448, ED25519 and ED448 keys was added in OpenSSL 1.1.1.
The B<-engine> option was deprecated in OpenSSL 3.0.
=head1 COPYRIGHT
Copyright 2006-2024 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
in the file LICENSE in the source distribution or at
L<https://www.openssl.org/source/license.html>.
=cut

154
openssl-3.4.2/doc/man1/openssl-genrsa.pod Normal file
View File

@@ -0,0 +1,154 @@
=pod
=begin comment
WARNING: do not edit!
Generated by Makefile from doc/man1/openssl-genrsa.pod.in
=end comment
=head1 NAME
openssl-genrsa - generate an RSA private key
=head1 SYNOPSIS
B<openssl> B<genrsa>
[B<-help>]
[B<-out> I<filename>]
[B<-passout> I<arg>]
[B<-aes128>]
[B<-aes192>]
[B<-aes256>]
[B<-aria128>]
[B<-aria192>]
[B<-aria256>]
[B<-camellia128>]
[B<-camellia192>]
[B<-camellia256>]
[B<-des>]
[B<-des3>]
[B<-idea>]
[B<-F4>]
[B<-f4>]
[B<-3>]
[B<-primes> I<num>]
[B<-verbose>]
[B<-quiet>]
[B<-traditional>]
[B<-rand> I<files>]
[B<-writerand> I<file>]
[B<-engine> I<id>]
[B<-provider> I<name>]
[B<-provider-path> I<path>]
[B<-propquery> I<propq>]
[B<numbits>]
=head1 DESCRIPTION
This command generates an RSA private key.
=head1 OPTIONS
=over 4
=item B<-help>
Print out a usage message.
=item B<-out> I<filename>
Output the key to the specified file. If this argument is not specified then
standard output is used.
=item B<-passout> I<arg>
The output file password source. For more information about the format
see L<openssl-passphrase-options(1)>.
=item B<-aes128>, B<-aes192>, B<-aes256>, B<-aria128>, B<-aria192>, B<-aria256>, B<-camellia128>, B<-camellia192>, B<-camellia256>, B<-des>, B<-des3>, B<-idea>
These options encrypt the private key with specified
cipher before outputting it. If none of these options is
specified no encryption is used. If encryption is used a pass phrase is prompted
for if it is not supplied via the B<-passout> argument.
=item B<-F4>, B<-f4>, B<-3>
The public exponent to use, either 65537 or 3. The default is 65537.
The B<-3> option has been deprecated.
=item B<-primes> I<num>
Specify the number of primes to use while generating the RSA key. The I<num>
parameter must be a positive integer that is greater than 1 and less than 16.
If I<num> is greater than 2, then the generated key is called a 'multi-prime'
RSA key, which is defined in RFC 8017.
=item B<-verbose>
Print extra details about the operations being performed.
=item B<-quiet>
Print fewer details about the operations being performed, which may
be handy during batch scripts and pipelines.
=item B<-traditional>
Write the key using the traditional PKCS#1 format instead of the PKCS#8 format.
=item B<-rand> I<files>, B<-writerand> I<file>
See L<openssl(1)/Random State Options> for details.
=item B<-engine> I<id>
See L<openssl(1)/Engine Options>.
This option is deprecated.
=item B<-provider> I<name>
=item B<-provider-path> I<path>
=item B<-propquery> I<propq>
See L<openssl(1)/Provider Options>, L<provider(7)>, and L<property(7)>.
=item B<numbits>
The size of the private key to generate in bits. This must be the last option
specified. The default is 2048 and values less than 512 are not allowed.
=back
=head1 NOTES
RSA private key generation essentially involves the generation of two or more
prime numbers. When generating a private key various symbols will be output to
indicate the progress of the generation. A B<.> represents each number which
has passed an initial sieve test, B<+> means a number has passed a single
round of the Miller-Rabin primality test, B<*> means the current prime starts
a regenerating progress due to some failed tests. A newline means that the number
has passed all the prime tests (the actual number depends on the key size).
Because key generation is a random process the time taken to generate a key
may vary somewhat. But in general, more primes lead to less generation time
of a key.
=head1 SEE ALSO
L<openssl(1)>,
L<openssl-genpkey(1)>,
L<openssl-gendsa(1)>
=head1 COPYRIGHT
Copyright 2000-2023 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
in the file LICENSE in the source distribution or at
L<https://www.openssl.org/source/license.html>.
=cut

104
openssl-3.4.2/doc/man1/openssl-info.pod Normal file
View File

@@ -0,0 +1,104 @@
=pod
=begin comment
WARNING: do not edit!
Generated by Makefile from doc/man1/openssl-info.pod.in
=end comment
=head1 NAME
openssl-info - print OpenSSL built-in information
=head1 SYNOPSIS
B<openssl info>
[B<-help>]
[B<-configdir>]
[B<-enginesdir>]
[B<-modulesdir> ]
[B<-dsoext>]
[B<-dirnamesep>]
[B<-listsep>]
[B<-seeds>]
[B<-cpusettings>]
[B<-windowscontext>]
=head1 DESCRIPTION
This command is used to print out information about OpenSSL.
The information is written exactly as it is with no extra text, which
makes useful for scripts.
As a consequence, only one item may be chosen for each run of this
command.
=head1 OPTIONS
=over 4
=item B<-help>
Print out a usage message.
=item B<-configdir>
Outputs the default directory for OpenSSL configuration files.
=item B<-enginesdir>
Outputs the default directory for OpenSSL engine modules.
=item B<-modulesdir>
Outputs the default directory for OpenSSL dynamically loadable modules
other than engine modules.
=item B<-dsoext>
Outputs the DSO extension OpenSSL uses.
=item B<-dirnamesep>
Outputs the separator character between a directory specification and
a filename.
Note that on some operating systems, this is not the same as the
separator between directory elements.
=item B<-listsep>
Outputs the OpenSSL list separator character.
This is typically used to construct C<$PATH> (C<%PATH%> on Windows)
style lists.
=item B<-seeds>
Outputs the randomness seed sources.
=item B<-cpusettings>
Outputs the OpenSSL CPU settings info.
=item B<-windowscontext>
Outputs the Windows install context.
=back
=head1 HISTORY
This command was added in OpenSSL 3.0.
The B<-windowscontext> option was added in OpenSSL 3.4.
=head1 COPYRIGHT
Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
in the file LICENSE in the source distribution or at
L<https://www.openssl.org/source/license.html>.
=cut

244
openssl-3.4.2/doc/man1/openssl-kdf.pod Normal file
View File

@@ -0,0 +1,244 @@
=pod
=begin comment
WARNING: do not edit!
Generated by Makefile from doc/man1/openssl-kdf.pod.in
=end comment
=head1 NAME
openssl-kdf - perform Key Derivation Function operations
=head1 SYNOPSIS
B<openssl kdf>
[B<-help>]
[B<-cipher>]
[B<-digest>]
[B<-mac>]
[B<-kdfopt> I<nm>:I<v>]
[B<-keylen> I<num>]
[B<-out> I<filename>]
[B<-binary>]
[B<-provider> I<name>]
[B<-provider-path> I<path>]
[B<-propquery> I<propq>]
I<kdf_name>
=head1 DESCRIPTION
The key derivation functions generate a derived key from either a secret or
password.
=head1 OPTIONS
=over 4
=item B<-help>
Print a usage message.
=item B<-keylen> I<num>
The output size of the derived key. This field is required.
=item B<-out> I<filename>
Filename to output to, or standard output by default.
=item B<-binary>
Output the derived key in binary form. Uses hexadecimal text format if not specified.
=item B<-cipher> I<name>
Specify the cipher to be used by the KDF.
Not all KDFs require a cipher and it is an error to use this option in such
cases.
=item B<-digest> I<name>
Specify the digest to be used by the KDF.
Not all KDFs require a digest and it is an error to use this option in such
cases.
To see the list of supported digests, use C<openssl list -digest-commands>.
=item B<-mac> I<name>
Specify the MAC to be used by the KDF.
Not all KDFs require a MAC and it is an error to use this option in such
cases.
=item B<-kdfopt> I<nm>:I<v>
Passes options to the KDF algorithm.
A comprehensive list of parameters can be found in L<EVP_KDF(3)/PARAMETERS>.
Common parameter names used by EVP_KDF_CTX_set_params() are:
=over 4
=item B<key:>I<string>
Specifies the secret key as an alphanumeric string (use if the key contains
printable characters only).
The string length must conform to any restrictions of the KDF algorithm.
A key must be specified for most KDF algorithms.
=item B<hexkey:>I<string>
Alternative to the B<key:> option where
the secret key is specified in hexadecimal form (two hex digits per byte).
=item B<pass:>I<string>
Specifies the password as an alphanumeric string (use if the password contains
printable characters only).
The password must be specified for PBKDF2 and scrypt.
=item B<hexpass:>I<string>
Alternative to the B<pass:> option where
the password is specified in hexadecimal form (two hex digits per byte).
=item B<salt:>I<string>
Specifies a non-secret unique cryptographic salt as an alphanumeric string
(use if it contains printable characters only).
The length must conform to any restrictions of the KDF algorithm.
A salt parameter is required for several KDF algorithms,
such as L<EVP_KDF-PBKDF2(7)>.
=item B<hexsalt:>I<string>
Alternative to the B<salt:> option where
the salt is specified in hexadecimal form (two hex digits per byte).
=item B<info:>I<string>
Some KDF implementations, such as L<EVP_KDF-HKDF(7)>, take an 'info' parameter
for binding the derived key material
to application- and context-specific information.
Specifies the info, fixed info, other info or shared info argument
as an alphanumeric string (use if it contains printable characters only).
The length must conform to any restrictions of the KDF algorithm.
=item B<hexinfo:>I<string>
Alternative to the B<info:> option where
the info is specified in hexadecimal form (two hex digits per byte).
=item B<digest:>I<string>
This option is identical to the B<-digest> option.
=item B<cipher:>I<string>
This option is identical to the B<-cipher> option.
=item B<mac:>I<string>
This option is identical to the B<-mac> option.
=back
=item B<-provider> I<name>
=item B<-provider-path> I<path>
=item B<-propquery> I<propq>
See L<openssl(1)/Provider Options>, L<provider(7)>, and L<property(7)>.
=item I<kdf_name>
Specifies the name of a supported KDF algorithm which will be used.
The supported algorithms names include TLS1-PRF, HKDF, SSKDF, PBKDF2,
SSHKDF, X942KDF-ASN1, X942KDF-CONCAT, X963KDF and SCRYPT.
=back
=head1 EXAMPLES
Use TLS1-PRF to create a hex-encoded derived key from a secret key and seed:
openssl kdf -keylen 16 -kdfopt digest:SHA2-256 -kdfopt key:secret \
-kdfopt seed:seed TLS1-PRF
Use HKDF to create a hex-encoded derived key from a secret key, salt and info:
openssl kdf -keylen 10 -kdfopt digest:SHA2-256 -kdfopt key:secret \
-kdfopt salt:salt -kdfopt info:label HKDF
Use SSKDF with KMAC to create a hex-encoded derived key from a secret key, salt and info:
openssl kdf -keylen 64 -kdfopt mac:KMAC-128 -kdfopt maclen:20 \
-kdfopt hexkey:b74a149a161545 -kdfopt hexinfo:348a37a2 \
-kdfopt hexsalt:3638271ccd68a2 SSKDF
Use SSKDF with HMAC to create a hex-encoded derived key from a secret key, salt and info:
openssl kdf -keylen 16 -kdfopt mac:HMAC -kdfopt digest:SHA2-256 \
-kdfopt hexkey:b74a149a -kdfopt hexinfo:348a37a2 \
-kdfopt hexsalt:3638271c SSKDF
Use SSKDF with Hash to create a hex-encoded derived key from a secret key, salt and info:
openssl kdf -keylen 14 -kdfopt digest:SHA2-256 \
-kdfopt hexkey:6dbdc23f045488 \
-kdfopt hexinfo:a1b2c3d4 SSKDF
Use SSHKDF to create a hex-encoded derived key from a secret key, hash and session_id:
openssl kdf -keylen 16 -kdfopt digest:SHA2-256 \
-kdfopt hexkey:0102030405 \
-kdfopt hexxcghash:06090A \
-kdfopt hexsession_id:01020304 \
-kdfopt type:A SSHKDF
Use PBKDF2 to create a hex-encoded derived key from a password and salt:
openssl kdf -keylen 32 -kdfopt digest:SHA256 -kdfopt pass:password \
-kdfopt salt:salt -kdfopt iter:2 PBKDF2
Use scrypt to create a hex-encoded derived key from a password and salt:
openssl kdf -keylen 64 -kdfopt pass:password -kdfopt salt:NaCl \
-kdfopt n:1024 -kdfopt r:8 -kdfopt p:16 \
-kdfopt maxmem_bytes:10485760 SCRYPT
=head1 NOTES
The KDF mechanisms that are available will depend on the options
used when building OpenSSL.
=head1 SEE ALSO
L<openssl(1)>,
L<openssl-pkeyutl(1)>,
L<EVP_KDF(3)>,
L<EVP_KDF-SCRYPT(7)>,
L<EVP_KDF-TLS1_PRF(7)>,
L<EVP_KDF-PBKDF2(7)>,
L<EVP_KDF-HKDF(7)>,
L<EVP_KDF-SS(7)>,
L<EVP_KDF-SSHKDF(7)>,
L<EVP_KDF-X942-ASN1(7)>,
L<EVP_KDF-X942-CONCAT(7)>,
L<EVP_KDF-X963(7)>
=head1 HISTORY
Added in OpenSSL 3.0
=head1 COPYRIGHT
Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
in the file LICENSE in the source distribution or at
L<https://www.openssl.org/source/license.html>.
=cut

298
openssl-3.4.2/doc/man1/openssl-list.pod Normal file
View File

@@ -0,0 +1,298 @@
=pod
=begin comment
WARNING: do not edit!
Generated by Makefile from doc/man1/openssl-list.pod.in
=end comment
=head1 NAME
openssl-list - list algorithms and features
=head1 SYNOPSIS
B<openssl list>
[B<-help>]
[B<-verbose>]
[B<-select> I<name>]
[B<-1>]
[B<-all-algorithms>]
[B<-commands>]
[B<-standard-commands>]
[B<-digest-algorithms>]
[B<-digest-commands>]
[B<-kdf-algorithms>]
[B<-mac-algorithms>]
[B<-random-instances>]
[B<-random-generators>]
[B<-cipher-algorithms>]
[B<-cipher-commands>]
[B<-encoders>]
[B<-decoders>]
[B<-key-managers>]
[B<-key-exchange-algorithms>]
[B<-kem-algorithms>]
[B<-signature-algorithms>]
[B<-tls-signature-algorithms>]
[B<-asymcipher-algorithms>]
[B<-public-key-algorithms>]
[B<-public-key-methods>]
[B<-store-loaders>]
[B<-providers>]
[B<-engines>]
[B<-disabled>]
[B<-objects>]
[B<-options> I<command>]
[B<-provider> I<name>]
[B<-provider-path> I<path>]
[B<-propquery> I<propq>]
=head1 DESCRIPTION
This command is used to generate list of algorithms or disabled
features.
=head1 OPTIONS
=over 4
=item B<-help>
Display a usage message.
=item B<-verbose>
Displays extra information.
The options below where verbosity applies say a bit more about what that means.
=item B<-select> I<name>
Only list algorithms that match this name.
=item B<-1>
List the commands, digest-commands, or cipher-commands in a single column.
If used, this option must be given first.
=item B<-all-algorithms>
Display lists of all algorithms. These include:
=over 4
=item Asymmetric ciphers
=item Decoders
=item Digests
=item Encoders
=item Key derivation algorithms (KDF)
=item Key encapsulation methods (KEM)
=item Key exchange algorithms (KEX)
=item Key managers
=item Message authentication code algorithms (MAC)
=item Random number generators (RNG, DRBG)
=item Signature algorithms
=item Store loaders
=item Symmetric ciphers
=back
=item B<-commands>
Display a list of standard commands.
=item B<-standard-commands>
List of standard commands.
=item B<-digest-commands>
This option is deprecated. Use B<digest-algorithms> instead.
Display a list of message digest commands, which are typically used
as input to the L<openssl-dgst(1)> or L<openssl-speed(1)> commands.
=item B<-cipher-commands>
This option is deprecated. Use B<cipher-algorithms> instead.
Display a list of cipher commands, which are typically used as input
to the L<openssl-enc(1)> or L<openssl-speed(1)> commands.
=item B<-cipher-algorithms>, B<-digest-algorithms>, B<-kdf-algorithms>,
B<-mac-algorithms>,
Display a list of symmetric cipher, digest, kdf and mac algorithms.
See L</Display of algorithm names> for a description of how names are
displayed.
In verbose mode, the algorithms provided by a provider will get additional
information on what parameters each implementation supports.
=item B<-random-instances>
List the primary, public and private random number generator details.
=item B<-random-generators>
Display a list of random number generators.
See L</Display of algorithm names> for a description of how names are
displayed.
=item B<-encoders>
Display a list of encoders.
See L</Display of algorithm names> for a description of how names are
displayed.
In verbose mode, the algorithms provided by a provider will get additional
information on what parameters each implementation supports.
=item B<-decoders>
Display a list of decoders.
See L</Display of algorithm names> for a description of how names are
displayed.
In verbose mode, the algorithms provided by a provider will get additional
information on what parameters each implementation supports.
=item B<-public-key-algorithms>
Display a list of public key algorithms, with each algorithm as
a block of multiple lines, all but the first are indented.
The options B<key-exchange-algorithms>, B<kem-algorithms>,
B<signature-algorithms>, and B<asymcipher-algorithms> will display similar info.
=item B<-public-key-methods>
Display a list of public key methods.
=item B<-key-managers>
Display a list of key managers.
=item B<-key-exchange-algorithms>
Display a list of key exchange algorithms.
=item B<-kem-algorithms>
Display a list of key encapsulation algorithms.
=item B<-signature-algorithms>
Display a list of signature algorithms.
=item B<-tls-signature-algorithms>
Display the list of signature algorithms available for TLS handshakes
made available by all currently active providers.
The output format is colon delimited in a form directly usable in
L<SSL_CONF_cmd(3)> specifying SignatureAlgorithms.
=item B<-asymcipher-algorithms>
Display a list of asymmetric cipher algorithms.
=item B<-store-loaders>
Display a list of store loaders.
=item B<-providers>
Display a list of all loaded providers with their names, version and status.
In verbose mode, the full version and all provider parameters will additionally
be displayed.
=item B<-engines>
This option is deprecated.
Display a list of loaded engines.
=item B<-disabled>
Display a list of disabled features, those that were compiled out
of the installation.
=item B<-objects>
Display a list of built in objects, i.e. OIDs with names. They're listed in the
format described in L<config(5)/ASN1 Object Configuration Module>.
=item B<-options> I<command>
Output a two-column list of the options accepted by the specified I<command>.
The first is the option name, and the second is a one-character indication
of what type of parameter it takes, if any.
This is an internal option, used for checking that the documentation
is complete.
=item B<-provider> I<name>
=item B<-provider-path> I<path>
=item B<-propquery> I<propq>
See L<openssl(1)/Provider Options>, L<provider(7)>, and L<property(7)>.
=back
=head2 Display of algorithm names
Algorithm names may be displayed in one of two manners:
=over 4
=item Legacy implementations
Legacy implementations will simply display the main name of the
algorithm on a line of its own, or in the form C<<foo > bar>> to show
that C<foo> is an alias for the main name, C<bar>
=item Provided implementations
Implementations from a provider are displayed like this if the
implementation is labeled with a single name:
foo @ bar
or like this if it's labeled with multiple names:
{ foo1, foo2 } @bar
In both cases, C<bar> is the name of the provider.
=back
=head1 HISTORY
The B<-engines>, B<-digest-commands>, and B<-cipher-commands> options
were deprecated in OpenSSL 3.0.
=head1 COPYRIGHT
Copyright 2016-2024 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
in the file LICENSE in the source distribution or at
L<https://www.openssl.org/source/license.html>.
=cut

193
openssl-3.4.2/doc/man1/openssl-mac.pod Normal file
View File

@@ -0,0 +1,193 @@
=pod
=begin comment
WARNING: do not edit!
Generated by Makefile from doc/man1/openssl-mac.pod.in
=end comment
=head1 NAME
openssl-mac - perform Message Authentication Code operations
=head1 SYNOPSIS
B<openssl mac>
[B<-help>]
[B<-cipher>]
[B<-digest>]
[B<-macopt>]
[B<-in> I<filename>]
[B<-out> I<filename>]
[B<-binary>]
[B<-provider> I<name>]
[B<-provider-path> I<path>]
[B<-propquery> I<propq>]
I<mac_name>
=head1 DESCRIPTION
The message authentication code functions output the MAC of a supplied input
file.
=head1 OPTIONS
=over 4
=item B<-help>
Print a usage message.
=item B<-in> I<filename>
Input filename to calculate a MAC for, or standard input by default.
Standard input is used if the filename is '-'.
Files and standard input are expected to be in binary format.
=item B<-out> I<filename>
Filename to output to, or standard output by default.
=item B<-binary>
Output the MAC in binary form. Uses hexadecimal text format if not specified.
=item B<-cipher> I<name>
Used by CMAC and GMAC to specify the cipher algorithm.
For CMAC it should be a CBC mode cipher e.g. AES-128-CBC.
For GMAC it should be a GCM mode cipher e.g. AES-128-GCM.
=item B<-digest> I<name>
Used by HMAC as an alphanumeric string (use if the key contains printable
characters only).
The string length must conform to any restrictions of the MAC algorithm.
To see the list of supported digests, use C<openssl list -digest-commands>.
=item B<-macopt> I<nm>:I<v>
Passes options to the MAC algorithm.
A comprehensive list of controls can be found in the EVP_MAC implementation
documentation.
Common parameter names used by EVP_MAC_CTX_get_params() are:
=over 4
=item B<key:>I<string>
Specifies the MAC key as an alphanumeric string (use if the key contains
printable characters only).
The string length must conform to any restrictions of the MAC algorithm.
A key must be specified for every MAC algorithm.
=item B<hexkey:>I<string>
Specifies the MAC key in hexadecimal form (two hex digits per byte).
The key length must conform to any restrictions of the MAC algorithm.
A key must be specified for every MAC algorithm.
=item B<iv:>I<string>
Used by GMAC to specify an IV as an alphanumeric string (use if the IV contains
printable characters only).
=item B<hexiv:>I<string>
Used by GMAC to specify an IV in hexadecimal form (two hex digits per byte).
=item B<size:>I<int>
Used by KMAC128 or KMAC256 to specify an output length.
The default sizes are 32 or 64 bytes respectively.
=item B<custom:>I<string>
Used by KMAC128 or KMAC256 to specify a customization string.
The default is the empty string "".
=item B<digest:>I<string>
This option is identical to the B<-digest> option.
=item B<cipher:>I<string>
This option is identical to the B<-cipher> option.
=back
=item B<-provider> I<name>
=item B<-provider-path> I<path>
=item B<-propquery> I<propq>
See L<openssl(1)/Provider Options>, L<provider(7)>, and L<property(7)>.
=item I<mac_name>
Specifies the name of a supported MAC algorithm which will be used.
To see the list of supported MAC's use the command C<openssl list
-mac-algorithms>.
=back
=head1 EXAMPLES
To create a hex-encoded HMAC-SHA1 MAC of a file and write to stdout:
openssl mac -digest SHA1 \
-macopt hexkey:000102030405060708090A0B0C0D0E0F10111213 \
-in msg.bin HMAC
To create a SipHash MAC from a file with a binary file output:
openssl mac -macopt hexkey:000102030405060708090A0B0C0D0E0F \
-in msg.bin -out out.bin -binary SipHash
To create a hex-encoded CMAC-AES-128-CBC MAC from a file:
openssl mac -cipher AES-128-CBC \
-macopt hexkey:77A77FAF290C1FA30C683DF16BA7A77B \
-in msg.bin CMAC
To create a hex-encoded KMAC128 MAC from a file with a Customisation String
'Tag' and output length of 16:
openssl mac -macopt custom:Tag -macopt hexkey:40414243444546 \
-macopt size:16 -in msg.bin KMAC128
To create a hex-encoded GMAC-AES-128-GCM with a IV from a file:
openssl mac -cipher AES-128-GCM -macopt hexiv:E0E00F19FED7BA0136A797F3 \
-macopt hexkey:77A77FAF290C1FA30C683DF16BA7A77B -in msg.bin GMAC
=head1 NOTES
The MAC mechanisms that are available will depend on the options
used when building OpenSSL.
Use C<openssl list -mac-algorithms> to list them.
=head1 SEE ALSO
L<openssl(1)>,
L<EVP_MAC(3)>,
L<EVP_MAC-CMAC(7)>,
L<EVP_MAC-GMAC(7)>,
L<EVP_MAC-HMAC(7)>,
L<EVP_MAC-KMAC(7)>,
L<EVP_MAC-Siphash(7)>,
L<EVP_MAC-Poly1305(7)>
=head1 COPYRIGHT
Copyright 2018-2024 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
in the file LICENSE in the source distribution or at
L<https://www.openssl.org/source/license.html>.
=cut

90
openssl-3.4.2/doc/man1/openssl-nseq.pod Normal file
View File

@@ -0,0 +1,90 @@
=pod
=begin comment
WARNING: do not edit!
Generated by Makefile from doc/man1/openssl-nseq.pod.in
=end comment
=head1 NAME
openssl-nseq - create or examine a Netscape certificate sequence
=head1 SYNOPSIS
B<openssl> B<nseq>
[B<-help>]
[B<-in> I<filename>]
[B<-out> I<filename>]
[B<-toseq>]
[B<-provider> I<name>]
[B<-provider-path> I<path>]
[B<-propquery> I<propq>]
=head1 DESCRIPTION
This command takes a file containing a Netscape certificate
sequence and prints out the certificates contained in it or takes a
file of certificates and converts it into a Netscape certificate
sequence.
A Netscape certificate sequence is an old Netscape-specific format that
can be sometimes be sent to browsers as an alternative to the standard PKCS#7
format when several certificates are sent to the browser, for example during
certificate enrollment. It was also used by Netscape certificate server.
=head1 OPTIONS
=over 4
=item B<-help>
Print out a usage message.
=item B<-in> I<filename>
This specifies the input filename to read or standard input if this
option is not specified.
=item B<-out> I<filename>
Specifies the output filename or standard output by default.
=item B<-toseq>
Normally a Netscape certificate sequence will be input and the output
is the certificates contained in it. With the B<-toseq> option the
situation is reversed: a Netscape certificate sequence is created from
a file of certificates.
=item B<-provider> I<name>
=item B<-provider-path> I<path>
=item B<-propquery> I<propq>
See L<openssl(1)/Provider Options>, L<provider(7)>, and L<property(7)>.
=back
=head1 EXAMPLES
Output the certificates in a Netscape certificate sequence
openssl nseq -in nseq.pem -out certs.pem
Create a Netscape certificate sequence
openssl nseq -in certs.pem -toseq -out nseq.pem
=head1 COPYRIGHT
Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
in the file LICENSE in the source distribution or at
L<https://www.openssl.org/source/license.html>.
=cut

594
openssl-3.4.2/doc/man1/openssl-ocsp.pod Normal file
View File

@@ -0,0 +1,594 @@
=pod
=begin comment
WARNING: do not edit!
Generated by Makefile from doc/man1/openssl-ocsp.pod.in
=end comment
=head1 NAME
openssl-ocsp - Online Certificate Status Protocol command
=head1 SYNOPSIS
=head2 OCSP Client
B<openssl> B<ocsp>
[B<-help>]
[B<-out> I<file>]
[B<-issuer> I<file>]
[B<-cert> I<file>]
[B<-no_certs>]
[B<-serial> I<n>]
[B<-signer> I<file>]
[B<-signkey> I<file>]
[B<-sign_other> I<file>]
[B<-nonce>]
[B<-no_nonce>]
[B<-req_text>]
[B<-resp_text>]
[B<-text>]
[B<-reqout> I<file>]
[B<-respout> I<file>]
[B<-reqin> I<file>]
[B<-respin> I<file>]
[B<-url> I<URL>]
[B<-host> I<host>:I<port>]
[B<-path> I<pathname>]
[B<-proxy> I<[http[s]://][userinfo@]host[:port][/path][?query][#fragment]>]
[B<-no_proxy> I<addresses>]
[B<-header>]
[B<-timeout> I<seconds>]
[B<-VAfile> I<file>]
[B<-validity_period> I<n>]
[B<-status_age> I<n>]
[B<-noverify>]
[B<-verify_other> I<file>]
[B<-trust_other>]
[B<-no_intern>]
[B<-no_signature_verify>]
[B<-no_cert_verify>]
[B<-no_chain>]
[B<-no_cert_checks>]
[B<-no_explicit>]
[B<-port> I<num>]
[B<-ignore_err>]
=head2 OCSP Server
B<openssl> B<ocsp>
[B<-index> I<file>]
[B<-CA> I<file>]
[B<-rsigner> I<file>]
[B<-rkey> I<file>]
[B<-passin> I<arg>]
[B<-rother> I<file>]
[B<-rsigopt> I<nm>:I<v>]
[B<-rmd> I<digest>]
[B<-badsig>]
[B<-resp_no_certs>]
[B<-nmin> I<n>]
[B<-ndays> I<n>]
[B<-resp_key_id>]
[B<-nrequest> I<n>]
[B<-multi> I<process-count>]
[B<-rcid> I<digest>]
[B<-I<digest>>]
[B<-CAfile> I<file>]
[B<-no-CAfile>]
[B<-CApath> I<dir>]
[B<-no-CApath>]
[B<-CAstore> I<uri>]
[B<-no-CAstore>]
[B<-allow_proxy_certs>]
[B<-attime> I<timestamp>]
[B<-no_check_time>]
[B<-check_ss_sig>]
[B<-crl_check>]
[B<-crl_check_all>]
[B<-explicit_policy>]
[B<-extended_crl>]
[B<-ignore_critical>]
[B<-inhibit_any>]
[B<-inhibit_map>]
[B<-partial_chain>]
[B<-policy> I<arg>]
[B<-policy_check>]
[B<-policy_print>]
[B<-purpose> I<purpose>]
[B<-suiteB_128>]
[B<-suiteB_128_only>]
[B<-suiteB_192>]
[B<-trusted_first>]
[B<-no_alt_chains>]
[B<-use_deltas>]
[B<-auth_level> I<num>]
[B<-verify_depth> I<num>]
[B<-verify_email> I<email>]
[B<-verify_hostname> I<hostname>]
[B<-verify_ip> I<ip>]
[B<-verify_name> I<name>]
[B<-x509_strict>]
[B<-issuer_checks>]
[B<-provider> I<name>]
[B<-provider-path> I<path>]
[B<-propquery> I<propq>]
=head1 DESCRIPTION
The Online Certificate Status Protocol (OCSP) enables applications to
determine the (revocation) state of an identified certificate (RFC 2560).
This command performs many common OCSP tasks. It can be used
to print out requests and responses, create requests and send queries
to an OCSP responder and behave like a mini OCSP server itself.
=head1 OPTIONS
This command operates as either a client or a server.
The options are described below, divided into those two modes.
=head2 OCSP Client Options
=over 4
=item B<-help>
Print out a usage message.
=item B<-out> I<filename>
specify output filename, default is standard output.
=item B<-issuer> I<filename>
This specifies the current issuer certificate.
The input can be in PEM, DER, or PKCS#12 format.
This option can be used multiple times.
This option B<MUST> come before any B<-cert> options.
=item B<-cert> I<filename>
Add the certificate I<filename> to the request.
The input can be in PEM, DER, or PKCS#12 format.
This option can be used multiple times.
The issuer certificate is taken from the previous B<-issuer> option,
or an error occurs if no issuer certificate is specified.
=item B<-no_certs>
Don't include any certificates in signed request.
=item B<-serial> I<num>
Same as the B<-cert> option except the certificate with serial number
B<num> is added to the request. The serial number is interpreted as a
decimal integer unless preceded by C<0x>. Negative integers can also
be specified by preceding the value by a C<-> sign.
=item B<-signer> I<filename>, B<-signkey> I<filename>
Sign the OCSP request using the certificate specified in the B<-signer>
option and the private key specified by the B<-signkey> option.
The input can be in PEM, DER, or PKCS#12 format.
If the B<-signkey> option is not present then the private key is read
from the same file as the certificate. If neither option is specified then
the OCSP request is not signed.
=item B<-sign_other> I<filename>
Additional certificates to include in the signed request.
The input can be in PEM, DER, or PKCS#12 format.
=item B<-nonce>, B<-no_nonce>
Add an OCSP nonce extension to a request or disable OCSP nonce addition.
Normally if an OCSP request is input using the B<-reqin> option no
nonce is added: using the B<-nonce> option will force addition of a nonce.
If an OCSP request is being created (using B<-cert> and B<-serial> options)
a nonce is automatically added specifying B<-no_nonce> overrides this.
=item B<-req_text>, B<-resp_text>, B<-text>
Print out the text form of the OCSP request, response or both respectively.
=item B<-reqout> I<file>, B<-respout> I<file>
Write out the DER encoded certificate request or response to I<file>.
=item B<-reqin> I<file>, B<-respin> I<file>
Read OCSP request or response file from I<file>. These option are ignored
if OCSP request or response creation is implied by other options (for example
with B<-serial>, B<-cert> and B<-host> options).
=item B<-url> I<responder_url>
Specify the responder host and optionally port and path via a URL.
Both HTTP and HTTPS (SSL/TLS) URLs can be specified.
The optional userinfo and fragment components are ignored.
Any given query component is handled as part of the path component.
For details, see the B<-host> and B<-path> options described next.
=item B<-host> I<host>:I<port>, B<-path> I<pathname>
If the B<-host> option is present then the OCSP request is sent to the host
I<host> on port I<port>.
The I<host> may be a domain name or an IP (v4 or v6) address,
such as C<127.0.0.1> or C<[::1]> for localhost.
If it is an IPv6 address, it must be enclosed in C<[> and C<]>.
The B<-path> option specifies the HTTP pathname to use or "/" by default.
This is equivalent to specifying B<-url> with scheme
http:// and the given I<host>, I<port>, and optional I<pathname>.
=item B<-proxy> I<[http[s]://][userinfo@]host[:port][/path][?query][#fragment]>
The HTTP(S) proxy server to use for reaching the OCSP server unless B<-no_proxy>
applies, see below.
If the host string is an IPv6 address, it must be enclosed in C<[> and C<]>.
The proxy port defaults to 80 or 443 if the scheme is C<https>; apart from that
the optional C<http://> or C<https://> prefix is ignored,
as well as any userinfo, path, query, and fragment components.
Defaults to the environment variable C<http_proxy> if set, else C<HTTP_PROXY>
in case no TLS is used, otherwise C<https_proxy> if set, else C<HTTPS_PROXY>.
=item B<-no_proxy> I<addresses>
List of IP addresses and/or DNS names of servers
not to use an HTTP(S) proxy for, separated by commas and/or whitespace
(where in the latter case the whole argument must be enclosed in "...").
Default is from the environment variable C<no_proxy> if set, else C<NO_PROXY>.
=item B<-header> I<name>=I<value>
Adds the header I<name> with the specified I<value> to the OCSP request
that is sent to the responder.
This may be repeated.
=item B<-timeout> I<seconds>
Connection timeout to the OCSP responder in seconds.
On POSIX systems, when running as an OCSP responder, this option also limits
the time that the responder is willing to wait for the client request.
This time is measured from the time the responder accepts the connection until
the complete request is received.
=item B<-verify_other> I<file>
File or URI containing additional certificates to search
when attempting to locate
the OCSP response signing certificate. Some responders omit the actual signer's
certificate from the response: this option can be used to supply the necessary
certificate in such cases.
The input can be in PEM, DER, or PKCS#12 format.
=item B<-trust_other>
The certificates specified by the B<-verify_other> option should be explicitly
trusted and no additional checks will be performed on them. This is useful
when the complete responder certificate chain is not available or trusting a
root CA is not appropriate.
=item B<-VAfile> I<file>
File or URI containing explicitly trusted responder certificates.
Equivalent to the B<-verify_other> and B<-trust_other> options.
The input can be in PEM, DER, or PKCS#12 format.
=item B<-noverify>
Don't attempt to verify the OCSP response signature or the nonce
values. This option will normally only be used for debugging since it
disables all verification of the responders certificate.
=item B<-no_intern>
Ignore certificates contained in the OCSP response when searching for the
signers certificate. With this option the signers certificate must be specified
with either the B<-verify_other> or B<-VAfile> options.
=item B<-no_signature_verify>
Don't check the signature on the OCSP response. Since this option
tolerates invalid signatures on OCSP responses it will normally only be
used for testing purposes.
=item B<-no_cert_verify>
Don't verify the OCSP response signers certificate at all. Since this
option allows the OCSP response to be signed by any certificate it should
only be used for testing purposes.
=item B<-no_chain>
Do not use certificates in the response as additional untrusted CA
certificates.
=item B<-no_explicit>
Do not explicitly trust the root CA if it is set to be trusted for OCSP signing.
=item B<-no_cert_checks>
Don't perform any additional checks on the OCSP response signers certificate.
That is do not make any checks to see if the signers certificate is authorised
to provide the necessary status information: as a result this option should
only be used for testing purposes.
=item B<-validity_period> I<nsec>, B<-status_age> I<age>
These options specify the range of times, in seconds, which will be tolerated
in an OCSP response. Each certificate status response includes a B<notBefore>
time and an optional B<notAfter> time. The current time should fall between
these two values, but the interval between the two times may be only a few
seconds. In practice the OCSP responder and clients clocks may not be precisely
synchronised and so such a check may fail. To avoid this the
B<-validity_period> option can be used to specify an acceptable error range in
seconds, the default value is 5 minutes.
If the B<notAfter> time is omitted from a response then this means that new
status information is immediately available. In this case the age of the
B<notBefore> field is checked to see it is not older than I<age> seconds old.
By default this additional check is not performed.
=item B<-rcid> I<digest>
This option sets the digest algorithm to use for certificate identification
in the OCSP response. Any digest supported by the L<openssl-dgst(1)> command can
be used. The default is the same digest algorithm used in the request.
=item B<-I<digest>>
This option sets digest algorithm to use for certificate identification in the
OCSP request. Any digest supported by the OpenSSL B<dgst> command can be used.
The default is SHA-1. This option may be used multiple times to specify the
digest used by subsequent certificate identifiers.
=item B<-CAfile> I<file>, B<-no-CAfile>, B<-CApath> I<dir>, B<-no-CApath>,
B<-CAstore> I<uri>, B<-no-CAstore>
See L<openssl-verification-options(1)/Trusted Certificate Options> for details.
=item B<-allow_proxy_certs>, B<-attime>, B<-no_check_time>,
B<-check_ss_sig>, B<-crl_check>, B<-crl_check_all>,
B<-explicit_policy>, B<-extended_crl>, B<-ignore_critical>, B<-inhibit_any>,
B<-inhibit_map>, B<-no_alt_chains>, B<-partial_chain>, B<-policy>,
B<-policy_check>, B<-policy_print>, B<-purpose>, B<-suiteB_128>,
B<-suiteB_128_only>, B<-suiteB_192>, B<-trusted_first>, B<-use_deltas>,
B<-auth_level>, B<-verify_depth>, B<-verify_email>, B<-verify_hostname>,
B<-verify_ip>, B<-verify_name>, B<-x509_strict> B<-issuer_checks>
Set various options of certificate chain verification.
See L<openssl-verification-options(1)/Verification Options> for details.
=item B<-provider> I<name>
=item B<-provider-path> I<path>
=item B<-propquery> I<propq>
See L<openssl(1)/Provider Options>, L<provider(7)>, and L<property(7)>.
=back
=head2 OCSP Server Options
=over 4
=item B<-index> I<indexfile>
The I<indexfile> parameter is the name of a text index file in B<ca>
format containing certificate revocation information.
If the B<-index> option is specified then this command switches to
responder mode, otherwise it is in client mode. The request(s) the responder
processes can be either specified on the command line (using B<-issuer>
and B<-serial> options), supplied in a file (using the B<-reqin> option)
or via external OCSP clients (if B<-port> or B<-url> is specified).
If the B<-index> option is present then the B<-CA> and B<-rsigner> options
must also be present.
=item B<-CA> I<file>
CA certificates corresponding to the revocation information in the index
file given with B<-index>.
The input can be in PEM, DER, or PKCS#12 format.
=item B<-rsigner> I<file>
The certificate to sign OCSP responses with.
The input can be in PEM, DER, or PKCS#12 format.
=item B<-rkey> I<file>
The private key to sign OCSP responses with: if not present the file
specified in the B<-rsigner> option is used.
=item B<-passin> I<arg>
The private key password source. For more information about the format of I<arg>
see L<openssl-passphrase-options(1)>.
=item B<-rother> I<file>
Additional certificates to include in the OCSP response.
The input can be in PEM, DER, or PKCS#12 format.
=item B<-rsigopt> I<nm>:I<v>
Pass options to the signature algorithm when signing OCSP responses.
Names and values of these options are algorithm-specific.
=item B<-rmd> I<digest>
The digest to use when signing the response.
=item B<-badsig>
Corrupt the response signature before writing it; this can be useful
for testing.
=item B<-resp_no_certs>
Don't include any certificates in the OCSP response.
=item B<-resp_key_id>
Identify the signer certificate using the key ID, default is to use the
subject name.
=item B<-port> I<portnum>
Port to listen for OCSP requests on. Both IPv4 and IPv6 are possible.
The port may also be specified using the B<-url> option.
A C<0> argument indicates that any available port shall be chosen automatically.
=item B<-ignore_err>
Ignore malformed requests or responses: When acting as an OCSP client, retry if
a malformed response is received. When acting as an OCSP responder, continue
running instead of terminating upon receiving a malformed request.
=item B<-nrequest> I<number>
The OCSP server will exit after receiving I<number> requests, default unlimited.
=item B<-multi> I<process-count>
Run the specified number of OCSP responder child processes, with the parent
process respawning child processes as needed.
Child processes will detect changes in the CA index file and automatically
reload it.
When running as a responder B<-timeout> option is recommended to limit the time
each child is willing to wait for the client's OCSP response.
This option is available on POSIX systems (that support the fork() and other
required unix system-calls).
=item B<-nmin> I<minutes>, B<-ndays> I<days>
Number of minutes or days when fresh revocation information is available:
used in the B<nextUpdate> field. If neither option is present then the
B<nextUpdate> field is omitted meaning fresh revocation information is
immediately available.
=back
=head1 OCSP RESPONSE VERIFICATION
OCSP Response follows the rules specified in RFC2560.
Initially the OCSP responder certificate is located and the signature on
the OCSP request checked using the responder certificate's public key.
Then a normal certificate verify is performed on the OCSP responder certificate
building up a certificate chain in the process. The locations of the trusted
certificates used to build the chain can be specified by the B<-CAfile>,
B<-CApath> or B<-CAstore> options or they will be looked for in the
standard OpenSSL certificates directory.
If the initial verify fails then the OCSP verify process halts with an
error.
Otherwise the issuing CA certificate in the request is compared to the OCSP
responder certificate: if there is a match then the OCSP verify succeeds.
Otherwise the OCSP responder certificate's CA is checked against the issuing
CA certificate in the request. If there is a match and the OCSPSigning
extended key usage is present in the OCSP responder certificate then the
OCSP verify succeeds.
Otherwise, if B<-no_explicit> is B<not> set the root CA of the OCSP responders
CA is checked to see if it is trusted for OCSP signing. If it is the OCSP
verify succeeds.
If none of these checks is successful then the OCSP verify fails.
What this effectively means if that if the OCSP responder certificate is
authorised directly by the CA it is issuing revocation information about
(and it is correctly configured) then verification will succeed.
If the OCSP responder is a "global responder" which can give details about
multiple CAs and has its own separate certificate chain then its root
CA can be trusted for OCSP signing. For example:
openssl x509 -in ocspCA.pem -addtrust OCSPSigning -out trustedCA.pem
Alternatively the responder certificate itself can be explicitly trusted
with the B<-VAfile> option.
=head1 NOTES
As noted, most of the verify options are for testing or debugging purposes.
Normally only the B<-CApath>, B<-CAfile>, B<-CAstore> and (if the responder
is a 'global VA') B<-VAfile> options need to be used.
The OCSP server is only useful for test and demonstration purposes: it is
not really usable as a full OCSP responder. It contains only a very
simple HTTP request handling and can only handle the POST form of OCSP
queries. It also handles requests serially meaning it cannot respond to
new requests until it has processed the current one. The text index file
format of revocation is also inefficient for large quantities of revocation
data.
It is possible to run this command in responder mode via a CGI
script using the B<-reqin> and B<-respout> options.
=head1 EXAMPLES
Create an OCSP request and write it to a file:
openssl ocsp -issuer issuer.pem -cert c1.pem -cert c2.pem -reqout req.der
Send a query to an OCSP responder with URL http://ocsp.myhost.com/ save the
response to a file, print it out in text form, and verify the response:
openssl ocsp -issuer issuer.pem -cert c1.pem -cert c2.pem \
-url http://ocsp.myhost.com/ -resp_text -respout resp.der
Read in an OCSP response and print out text form:
openssl ocsp -respin resp.der -text -noverify
OCSP server on port 8888 using a standard B<ca> configuration, and a separate
responder certificate. All requests and responses are printed to a file.
openssl ocsp -index demoCA/index.txt -port 8888 -rsigner rcert.pem -CA demoCA/cacert.pem
-text -out log.txt
As above but exit after processing one request:
openssl ocsp -index demoCA/index.txt -port 8888 -rsigner rcert.pem -CA demoCA/cacert.pem
-nrequest 1
Query status information using an internally generated request:
openssl ocsp -index demoCA/index.txt -rsigner rcert.pem -CA demoCA/cacert.pem
-issuer demoCA/cacert.pem -serial 1
Query status information using request read from a file, and write the response
to a second file.
openssl ocsp -index demoCA/index.txt -rsigner rcert.pem -CA demoCA/cacert.pem
-reqin req.der -respout resp.der
=head1 HISTORY
The -no_alt_chains option was added in OpenSSL 1.1.0.
=head1 COPYRIGHT
Copyright 2001-2024 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
in the file LICENSE in the source distribution or at
L<https://www.openssl.org/source/license.html>.
=cut

139
openssl-3.4.2/doc/man1/openssl-passwd.pod Normal file
View File

@@ -0,0 +1,139 @@
=pod
=begin comment
WARNING: do not edit!
Generated by Makefile from doc/man1/openssl-passwd.pod.in
=end comment
=head1 NAME
openssl-passwd - compute password hashes
=head1 SYNOPSIS
B<openssl passwd>
[B<-help>]
[B<-1>]
[B<-apr1>]
[B<-aixmd5>]
[B<-5>]
[B<-6>]
[B<-salt> I<string>]
[B<-in> I<file>]
[B<-stdin>]
[B<-noverify>]
[B<-quiet>]
[B<-table>]
[B<-reverse>]
[B<-rand> I<files>]
[B<-writerand> I<file>]
[B<-provider> I<name>]
[B<-provider-path> I<path>]
[B<-propquery> I<propq>]
[I<password>]
=head1 DESCRIPTION
This command computes the hash of a password typed at
run-time or the hash of each password in a list. The password list is
taken from the named file for option B<-in>, from stdin for
option B<-stdin>, or from the command line, or from the terminal otherwise.
=head1 OPTIONS
=over 4
=item B<-help>
Print out a usage message.
=item B<-1>
Use the MD5 based BSD password algorithm B<1> (default).
=item B<-apr1>
Use the B<apr1> algorithm (Apache variant of the BSD algorithm).
=item B<-aixmd5>
Use the B<AIX MD5> algorithm (AIX variant of the BSD algorithm).
=item B<-5>
=item B<-6>
Use the B<SHA256> / B<SHA512> based algorithms defined by Ulrich Drepper.
See L<https://www.akkadia.org/drepper/SHA-crypt.txt>.
=item B<-salt> I<string>
Use the specified salt.
When reading a password from the terminal, this implies B<-noverify>.
=item B<-in> I<file>
Read passwords from I<file>.
=item B<-stdin>
Read passwords from B<stdin>.
=item B<-noverify>
Don't verify when reading a password from the terminal.
=item B<-quiet>
Don't output warnings when passwords given at the command line are truncated.
=item B<-table>
In the output list, prepend the cleartext password and a TAB character
to each password hash.
=item B<-reverse>
When the B<-table> option is used, reverse the order of cleartext and hash.
=item B<-rand> I<files>, B<-writerand> I<file>
See L<openssl(1)/Random State Options> for details.
=item B<-provider> I<name>
=item B<-provider-path> I<path>
=item B<-propquery> I<propq>
See L<openssl(1)/Provider Options>, L<provider(7)>, and L<property(7)>.
=back
=head1 EXAMPLES
% openssl passwd -1 -salt xxxxxxxx password
$1$xxxxxxxx$UYCIxa628.9qXjpQCjM4a.
% openssl passwd -apr1 -salt xxxxxxxx password
$apr1$xxxxxxxx$dxHfLAsjHkDRmG83UXe8K0
% openssl passwd -aixmd5 -salt xxxxxxxx password
xxxxxxxx$8Oaipk/GPKhC64w/YVeFD/
=head1 HISTORY
The B<-crypt> option was removed in OpenSSL 3.0.
=head1 COPYRIGHT
Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
in the file LICENSE in the source distribution or at
L<https://www.openssl.org/source/license.html>.
=cut

527
openssl-3.4.2/doc/man1/openssl-pkcs12.pod Normal file
View File

@@ -0,0 +1,527 @@
=pod
=begin comment
WARNING: do not edit!
Generated by Makefile from doc/man1/openssl-pkcs12.pod.in
=end comment
=head1 NAME
openssl-pkcs12 - PKCS#12 file command
=head1 SYNOPSIS
B<openssl> B<pkcs12>
[B<-help>]
[B<-passin> I<arg>]
[B<-passout> I<arg>]
[B<-password> I<arg>]
[B<-twopass>]
[B<-in> I<filename>|I<uri>]
[B<-out> I<filename>]
[B<-nokeys>]
[B<-nocerts>]
[B<-noout>]
[B<-legacy>]
[B<-engine> I<id>]
[B<-provider> I<name>]
[B<-provider-path> I<path>]
[B<-propquery> I<propq>]
[B<-rand> I<files>]
[B<-writerand> I<file>]
PKCS#12 input (parsing) options:
[B<-info>]
[B<-nomacver>]
[B<-clcerts>]
[B<-cacerts>]
[B<-aes128>]
[B<-aes192>]
[B<-aes256>]
[B<-aria128>]
[B<-aria192>]
[B<-aria256>]
[B<-camellia128>]
[B<-camellia192>]
[B<-camellia256>]
[B<-des>]
[B<-des3>]
[B<-idea>]
[B<-noenc>]
[B<-nodes>]
PKCS#12 output (export) options:
[B<-export>]
[B<-inkey> I<filename>|I<uri>]
[B<-certfile> I<filename>]
[B<-passcerts> I<arg>]
[B<-chain>]
[B<-untrusted> I<filename>]
[B<-CAfile> I<file>]
[B<-no-CAfile>]
[B<-CApath> I<dir>]
[B<-no-CApath>]
[B<-CAstore> I<uri>]
[B<-no-CAstore>]
[B<-name> I<name>]
[B<-caname> I<name>]
[B<-CSP> I<name>]
[B<-LMK>]
[B<-keyex>]
[B<-keysig>]
[B<-keypbe> I<cipher>]
[B<-certpbe> I<cipher>]
[B<-descert>]
[B<-macalg> I<digest>]
[B<-pbmac1_pbkdf2>]
[B<-pbmac1_pbkdf2_md> I<digest>]
[B<-iter> I<count>]
[B<-noiter>]
[B<-nomaciter>]
[B<-maciter>]
[B<-macsaltlen>]
[B<-nomac>]
[B<-jdktrust> I<usage>]
=head1 DESCRIPTION
This command allows PKCS#12 files (sometimes referred to as
PFX files) to be created and parsed. PKCS#12 files are used by several
programs including Netscape, MSIE and MS Outlook.
=head1 OPTIONS
There are a lot of options the meaning of some depends of whether a PKCS#12 file
is being created or parsed. By default a PKCS#12 file is parsed.
A PKCS#12 file can be created by using the B<-export> option (see below).
The PKCS#12 export encryption and MAC options such as B<-certpbe> and B<-iter>
and many further options such as B<-chain> are relevant only with B<-export>.
Conversely, the options regarding encryption of private keys when outputting
PKCS#12 input are relevant only when the B<-export> option is not given.
The default encryption algorithm is AES-256-CBC with PBKDF2 for key derivation.
When encountering problems loading legacy PKCS#12 files that involve,
for example, RC2-40-CBC,
try using the B<-legacy> option and, if needed, the B<-provider-path> option.
=over 4
=item B<-help>
Print out a usage message.
=item B<-passin> I<arg>
The password source for the input, and for encrypting any private keys that
are output.
For more information about the format of B<arg>
see L<openssl-passphrase-options(1)>.
=item B<-passout> I<arg>
The password source for output files.
=item B<-password> I<arg>
With B<-export>, B<-password> is equivalent to B<-passout>,
otherwise it is equivalent to B<-passin>.
=item B<-twopass>
Prompt for separate integrity and encryption passwords: most software
always assumes these are the same so this option will render such
PKCS#12 files unreadable. Cannot be used in combination with the options
B<-password>, B<-passin> if importing from PKCS#12, or B<-passout> if exporting.
=item B<-nokeys>
No private keys will be output.
=item B<-nocerts>
No certificates will be output.
=item B<-noout>
This option inhibits all credentials output,
and so the input is just verified.
=item B<-legacy>
Use legacy mode of operation and automatically load the legacy provider.
If OpenSSL is not installed system-wide,
it is necessary to also use, for example, C<-provider-path ./providers>
or to set the environment variable B<OPENSSL_MODULES>
to point to the directory where the providers can be found.
In the legacy mode, the default algorithm for certificate encryption
is RC2_CBC or 3DES_CBC depending on whether the RC2 cipher is enabled
in the build. The default algorithm for private key encryption is 3DES_CBC.
If the legacy option is not specified, then the legacy provider is not loaded
and the default encryption algorithm for both certificates and private keys is
AES_256_CBC with PBKDF2 for key derivation.
=item B<-engine> I<id>
See L<openssl(1)/Engine Options>.
This option is deprecated.
=item B<-provider> I<name>
=item B<-provider-path> I<path>
=item B<-propquery> I<propq>
See L<openssl(1)/Provider Options>, L<provider(7)>, and L<property(7)>.
=item B<-rand> I<files>, B<-writerand> I<file>
See L<openssl(1)/Random State Options> for details.
=back
=head2 PKCS#12 input (parsing) options
=over 4
=item B<-in> I<filename>|I<uri>
This specifies the input filename or URI.
Standard input is used by default.
Without the B<-export> option this must be PKCS#12 file to be parsed.
For use with the B<-export> option
see the L</PKCS#12 output (export) options> section.
=item B<-out> I<filename>
The filename to write certificates and private keys to, standard output by
default. They are all written in PEM format.
=item B<-info>
Output additional information about the PKCS#12 file structure, algorithms
used and iteration counts.
=item B<-nomacver>
Don't attempt to verify the integrity MAC.
=item B<-clcerts>
Only output client certificates (not CA certificates).
=item B<-cacerts>
Only output CA certificates (not client certificates).
=item B<-aes128>, B<-aes192>, B<-aes256>
Use AES to encrypt private keys before outputting.
=item B<-aria128>, B<-aria192>, B<-aria256>
Use ARIA to encrypt private keys before outputting.
=item B<-camellia128>, B<-camellia192>, B<-camellia256>
Use Camellia to encrypt private keys before outputting.
=item B<-des>
Use DES to encrypt private keys before outputting.
=item B<-des3>
Use triple DES to encrypt private keys before outputting.
=item B<-idea>
Use IDEA to encrypt private keys before outputting.
=item B<-noenc>
Don't encrypt private keys at all.
=item B<-nodes>
This option is deprecated since OpenSSL 3.0; use B<-noenc> instead.
=back
=head2 PKCS#12 output (export) options
=over 4
=item B<-export>
This option specifies that a PKCS#12 file will be created rather than
parsed.
=item B<-out> I<filename>
This specifies filename to write the PKCS#12 file to. Standard output is used
by default.
=item B<-in> I<filename>|I<uri>
This specifies the input filename or URI.
Standard input is used by default.
With the B<-export> option this is a file with certificates and a key,
or a URI that refers to a key accessed via an engine.
The order of credentials in a file doesn't matter but one private key and
its corresponding certificate should be present. If additional
certificates are present they will also be included in the PKCS#12 output file.
=item B<-inkey> I<filename>|I<uri>
The private key input for PKCS12 output.
If this option is not specified then the input file (B<-in> argument) must
contain a private key.
If no engine is used, the argument is taken as a file.
If the B<-engine> option is used or the URI has prefix C<org.openssl.engine:>
then the rest of the URI is taken as key identifier for the given engine.
=item B<-certfile> I<filename>
An input file with extra certificates to be added to the PKCS#12 output
if the B<-export> option is given.
=item B<-passcerts> I<arg>
The password source for certificate input such as B<-certfile>
and B<-untrusted>.
For more information about the format of B<arg> see
L<openssl-passphrase-options(1)>.
=item B<-chain>
If this option is present then the certificate chain of the end entity
certificate is built and included in the PKCS#12 output file.
The end entity certificate is the first one read from the B<-in> file
if no key is given, else the first certificate matching the given key.
The standard CA trust store is used for chain building,
as well as any untrusted CA certificates given with the B<-untrusted> option.
=item B<-untrusted> I<filename>
An input file of untrusted certificates that may be used
for chain building, which is relevant only when a PKCS#12 file is created
with the B<-export> option and the B<-chain> option is given as well.
Any certificates that are actually part of the chain are added to the output.
=item B<-CAfile> I<file>, B<-no-CAfile>, B<-CApath> I<dir>, B<-no-CApath>,
B<-CAstore> I<uri>, B<-no-CAstore>
See L<openssl-verification-options(1)/Trusted Certificate Options> for details.
=item B<-name> I<friendlyname>
This specifies the "friendly name" for the certificates and private key. This
name is typically displayed in list boxes by software importing the file.
=item B<-caname> I<friendlyname>
This specifies the "friendly name" for other certificates. This option may be
used multiple times to specify names for all certificates in the order they
appear. Netscape ignores friendly names on other certificates whereas MSIE
displays them.
=item B<-CSP> I<name>
Write I<name> as a Microsoft CSP name.
The password source for the input, and for encrypting any private keys that
are output.
For more information about the format of B<arg>
see L<openssl-passphrase-options(1)>.
=item B<-LMK>
Add the "Local Key Set" identifier to the attributes.
=item B<-keyex>|B<-keysig>
Specifies that the private key is to be used for key exchange or just signing.
This option is only interpreted by MSIE and similar MS software. Normally
"export grade" software will only allow 512 bit RSA keys to be used for
encryption purposes but arbitrary length keys for signing. The B<-keysig>
option marks the key for signing only. Signing only keys can be used for
S/MIME signing, authenticode (ActiveX control signing) and SSL client
authentication, however, due to a bug only MSIE 5.0 and later support
the use of signing only keys for SSL client authentication.
=item B<-keypbe> I<alg>, B<-certpbe> I<alg>
These options allow the algorithm used to encrypt the private key and
certificates to be selected. Any PKCS#5 v1.5 or PKCS#12 PBE algorithm name
can be used (see L</NOTES> section for more information). If a cipher name
(as output by C<openssl list -cipher-algorithms>) is specified then it
is used with PKCS#5 v2.0. For interoperability reasons it is advisable to only
use PKCS#12 algorithms.
Special value C<NONE> disables encryption of the private key and certificates.
=item B<-descert>
Encrypt the certificates using triple DES. By default the private
key and the certificates are encrypted using AES-256-CBC unless
the '-legacy' option is used. If '-descert' is used with the '-legacy'
then both, the private key and the certificates are encrypted using triple DES.
=item B<-macalg> I<digest>
Specify the MAC digest algorithm. If not included SHA256 will be used.
=item B<-pbmac1_pbkdf2>
Use PBMAC1 with PBKDF2 for MAC protection of the PKCS#12 file.
=item B<-pbmac1_pbkdf2_md> I<digest>
Specify the PBKDF2 KDF digest algorithm. If not specified, SHA256 will be used.
Unless C<-pbmac1_pbkdf2> is specified, this parameter is ignored.
=item B<-iter> I<count>
This option specifies the iteration count for the encryption key and MAC. The
default value is 2048.
To discourage attacks by using large dictionaries of common passwords the
algorithm that derives keys from passwords can have an iteration count applied
to it: this causes a certain part of the algorithm to be repeated and slows it
down. The MAC is used to check the file integrity but since it will normally
have the same password as the keys and certificates it could also be attacked.
=item B<-noiter>, B<-nomaciter>
By default both encryption and MAC iteration counts are set to 2048, using
these options the MAC and encryption iteration counts can be set to 1, since
this reduces the file security you should not use these options unless you
really have to. Most software supports both MAC and encryption iteration counts.
MSIE 4.0 doesn't support MAC iteration counts so it needs the B<-nomaciter>
option.
=item B<-maciter>
This option is included for compatibility with previous versions, it used
to be needed to use MAC iterations counts but they are now used by default.
=item B<-macsaltlen>
This option specifies the salt length in bytes for the MAC. The salt length
should be at least 16 bytes as per NIST SP 800-132. The default value
is 8 bytes for backwards compatibility.
=item B<-nomac>
Do not attempt to provide the MAC integrity. This can be useful with the FIPS
provider as the PKCS12 MAC requires PKCS12KDF which is not an approved FIPS
algorithm and cannot be supported by the FIPS provider.
=item B<-jdktrust>
Export pkcs12 file in a format compatible with Java keystore usage. This option
accepts a string parameter indicating the trust oid name to be granted to the
certificate it is associated with. Currently only "anyExtendedKeyUsage" is
defined. Note that, as Java keystores do not accept PKCS12 files with both
trusted certificates and keypairs, use of this option implies the setting of the
B<-nokeys> option
=back
=head1 NOTES
Although there are a large number of options most of them are very rarely
used. For PKCS#12 file parsing only B<-in> and B<-out> need to be used
for PKCS#12 file creation B<-export> and B<-name> are also used.
If none of the B<-clcerts>, B<-cacerts> or B<-nocerts> options are present
then all certificates will be output in the order they appear in the input
PKCS#12 files. There is no guarantee that the first certificate present is
the one corresponding to the private key.
Certain software which tries to get a private key and the corresponding
certificate might assume that the first certificate in the file is the one
corresponding to the private key, but that may not always be the case.
Using the B<-clcerts> option will solve this problem by only
outputting the certificate corresponding to the private key. If the CA
certificates are required then they can be output to a separate file using
the B<-nokeys> B<-cacerts> options to just output CA certificates.
The B<-keypbe> and B<-certpbe> algorithms allow the precise encryption
algorithms for private keys and certificates to be specified. Normally
the defaults are fine but occasionally software can't handle triple DES
encrypted private keys, then the option B<-keypbe> I<PBE-SHA1-RC2-40> can
be used to reduce the private key encryption to 40 bit RC2. A complete
description of all algorithms is contained in L<openssl-pkcs8(1)>.
Prior 1.1 release passwords containing non-ASCII characters were encoded
in non-compliant manner, which limited interoperability, in first hand
with Windows. But switching to standard-compliant password encoding
poses problem accessing old data protected with broken encoding. For
this reason even legacy encodings is attempted when reading the
data. If you use PKCS#12 files in production application you are advised
to convert the data, because implemented heuristic approach is not
MT-safe, its sole goal is to facilitate the data upgrade with this
command.
=head1 EXAMPLES
Parse a PKCS#12 file and output it to a PEM file:
openssl pkcs12 -in file.p12 -out file.pem
Output only client certificates to a file:
openssl pkcs12 -in file.p12 -clcerts -out file.pem
Don't encrypt the private key:
openssl pkcs12 -in file.p12 -out file.pem -noenc
Print some info about a PKCS#12 file:
openssl pkcs12 -in file.p12 -info -noout
Print some info about a PKCS#12 file in legacy mode:
openssl pkcs12 -in file.p12 -info -noout -legacy
Create a PKCS#12 file from a PEM file that may contain a key and certificates:
openssl pkcs12 -export -in file.pem -out file.p12 -name "My PSE"
Include some extra certificates:
openssl pkcs12 -export -in file.pem -out file.p12 -name "My PSE" \
-certfile othercerts.pem
Export a PKCS#12 file with data from a certificate PEM file and from a further
PEM file containing a key, with default algorithms as in the legacy provider:
openssl pkcs12 -export -in cert.pem -inkey key.pem -out file.p12 -legacy
=head1 SEE ALSO
L<openssl(1)>,
L<openssl-pkcs8(1)>,
L<ossl_store-file(7)>
=head1 HISTORY
The B<-engine> option was deprecated in OpenSSL 3.0.
The B<-nodes> option was deprecated in OpenSSL 3.0, too; use B<-noenc> instead.
=head1 COPYRIGHT
Copyright 2000-2024 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
in the file LICENSE in the source distribution or at
L<https://www.openssl.org/source/license.html>.
=cut

129
openssl-3.4.2/doc/man1/openssl-pkcs7.pod Normal file
View File

@@ -0,0 +1,129 @@
=pod
=begin comment
WARNING: do not edit!
Generated by Makefile from doc/man1/openssl-pkcs7.pod.in
=end comment
=head1 NAME
openssl-pkcs7 - PKCS#7 command
=head1 SYNOPSIS
B<openssl> B<pkcs7>
[B<-help>]
[B<-inform> B<DER>|B<PEM>]
[B<-outform> B<DER>|B<PEM>]
[B<-in> I<filename>]
[B<-out> I<filename>]
[B<-print>]
[B<-print_certs>]
[B<-quiet>]
[B<-text>]
[B<-noout>]
[B<-engine> I<id>]
[B<-provider> I<name>]
[B<-provider-path> I<path>]
[B<-propquery> I<propq>]
=head1 DESCRIPTION
This command processes PKCS#7 files. Note that it only understands PKCS#7
v 1.5 as specified in IETF RFC 2315. It cannot currently parse CMS as
described in IETF RFC 2630.
=head1 OPTIONS
=over 4
=item B<-help>
Print out a usage message.
=item B<-inform> B<DER>|B<PEM>, B<-outform> B<DER>|B<PEM>
The input and formats; the default is B<PEM>.
See L<openssl-format-options(1)> for details.
The data is a PKCS#7 Version 1.5 structure.
=item B<-in> I<filename>
This specifies the input filename to read from or standard input if this
option is not specified.
=item B<-out> I<filename>
Specifies the output filename to write to or standard output by
default.
=item B<-print>
Print out the full PKCS7 object.
=item B<-print_certs>
Prints out any certificates or CRLs contained in the file. They are
preceded by their subject and issuer names in one line format.
=item B<-quiet>
When used with -print_certs, prints out just the PEM-encoded
certificates without any other output.
=item B<-text>
Prints out certificate details in full rather than just subject and
issuer names.
=item B<-noout>
Don't output the encoded version of the PKCS#7 structure (or certificates
if B<-print_certs> is set).
=item B<-engine> I<id>
See L<openssl(1)/Engine Options>.
This option is deprecated.
=item B<-provider> I<name>
=item B<-provider-path> I<path>
=item B<-propquery> I<propq>
See L<openssl(1)/Provider Options>, L<provider(7)>, and L<property(7)>.
=back
=head1 EXAMPLES
Convert a PKCS#7 file from PEM to DER:
openssl pkcs7 -in file.pem -outform DER -out file.der
Output all certificates in a file:
openssl pkcs7 -in file.pem -print_certs -out certs.pem
=head1 SEE ALSO
L<openssl(1)>,
L<openssl-crl2pkcs7(1)>
=head1 HISTORY
The B<-engine> option was deprecated in OpenSSL 3.0.
=head1 COPYRIGHT
Copyright 2000-2022 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
in the file LICENSE in the source distribution or at
L<https://www.openssl.org/source/license.html>.
=cut

316
openssl-3.4.2/doc/man1/openssl-pkcs8.pod Normal file
View File

@@ -0,0 +1,316 @@
=pod
=begin comment
WARNING: do not edit!
Generated by Makefile from doc/man1/openssl-pkcs8.pod.in
=end comment
=head1 NAME
openssl-pkcs8 - PKCS#8 format private key conversion command
=head1 SYNOPSIS
B<openssl> B<pkcs8>
[B<-help>]
[B<-topk8>]
[B<-inform> B<DER>|B<PEM>]
[B<-outform> B<DER>|B<PEM>]
[B<-in> I<filename>]
[B<-passin> I<arg>]
[B<-out> I<filename>]
[B<-passout> I<arg>]
[B<-iter> I<count>]
[B<-noiter>]
[B<-nocrypt>]
[B<-traditional>]
[B<-v2> I<alg>]
[B<-v2prf> I<alg>]
[B<-v1> I<alg>]
[B<-scrypt>]
[B<-scrypt_N> I<N>]
[B<-scrypt_r> I<r>]
[B<-scrypt_p> I<p>]
[B<-saltlen> I<size>]
[B<-rand> I<files>]
[B<-writerand> I<file>]
[B<-engine> I<id>]
[B<-provider> I<name>]
[B<-provider-path> I<path>]
[B<-propquery> I<propq>]
=head1 DESCRIPTION
This command processes private keys in PKCS#8 format. It can handle
both unencrypted PKCS#8 PrivateKeyInfo format and EncryptedPrivateKeyInfo
format with a variety of PKCS#5 (v1.5 and v2.0) and PKCS#12 algorithms.
=head1 OPTIONS
=over 4
=item B<-help>
Print out a usage message.
=item B<-topk8>
Normally a PKCS#8 private key is expected on input and a private key will be
written to the output file. With the B<-topk8> option the situation is
reversed: it reads a private key and writes a PKCS#8 format key.
=item B<-inform> B<DER>|B<PEM>, B<-outform> B<DER>|B<PEM>
The input and formats; the default is B<PEM>.
See L<openssl-format-options(1)> for details.
If a key is being converted from PKCS#8 form (i.e. the B<-topk8> option is
not used) then the input file must be in PKCS#8 format. An encrypted
key is expected unless B<-nocrypt> is included.
If B<-topk8> is not used and B<PEM> mode is set the output file will be an
unencrypted private key in PKCS#8 format. If the B<-traditional> option is
used then a traditional format private key is written instead.
If B<-topk8> is not used and B<DER> mode is set the output file will be an
unencrypted private key in traditional DER format.
If B<-topk8> is used then any supported private key can be used for the input
file in a format specified by B<-inform>. The output file will be encrypted
PKCS#8 format using the specified encryption parameters unless B<-nocrypt>
is included.
=item B<-traditional>
When this option is present and B<-topk8> is not a traditional format private
key is written.
=item B<-in> I<filename>
This specifies the input filename to read a key from or standard input if this
option is not specified. If the key is encrypted a pass phrase will be
prompted for.
=item B<-passin> I<arg>, B<-passout> I<arg>
The password source for the input and output file.
For more information about the format of B<arg>
see L<openssl-passphrase-options(1)>.
=item B<-out> I<filename>
This specifies the output filename to write a key to or standard output by
default. If any encryption options are set then a pass phrase will be
prompted for. The output filename should B<not> be the same as the input
filename.
=item B<-iter> I<count>
When creating new PKCS#8 containers, use a given number of iterations on
the password in deriving the encryption key for the PKCS#8 output.
High values increase the time required to brute-force a PKCS#8 container.
=item B<-noiter>
When creating new PKCS#8 containers, use 1 as iteration count.
=item B<-nocrypt>
PKCS#8 keys generated or input are normally PKCS#8 EncryptedPrivateKeyInfo
structures using an appropriate password based encryption algorithm. With
this option an unencrypted PrivateKeyInfo structure is expected or output.
This option does not encrypt private keys at all and should only be used
when absolutely necessary. Certain software such as some versions of Java
code signing software used unencrypted private keys.
=item B<-v2> I<alg>
This option sets the PKCS#5 v2.0 algorithm.
The I<alg> argument is the encryption algorithm to use, valid values include
B<aes128>, B<aes256> and B<des3>. If this option isn't specified then B<aes256>
is used.
=item B<-v2prf> I<alg>
This option sets the PRF algorithm to use with PKCS#5 v2.0. A typical value
value would be B<hmacWithSHA256>. If this option isn't set then the default
for the cipher is used or B<hmacWithSHA256> if there is no default.
Some implementations may not support custom PRF algorithms and may require
the B<hmacWithSHA1> option to work.
=item B<-v1> I<alg>
This option indicates a PKCS#5 v1.5 or PKCS#12 algorithm should be used. Some
older implementations may not support PKCS#5 v2.0 and may require this option.
If not specified PKCS#5 v2.0 form is used.
=item B<-scrypt>
Uses the B<scrypt> algorithm for private key encryption using default
parameters: currently N=16384, r=8 and p=1 and AES in CBC mode with a 256 bit
key. These parameters can be modified using the B<-scrypt_N>, B<-scrypt_r>,
B<-scrypt_p> and B<-v2> options.
=item B<-scrypt_N> I<N>, B<-scrypt_r> I<r>, B<-scrypt_p> I<p>
Sets the scrypt I<N>, I<r> or I<p> parameters.
=item B<-saltlen>
Sets the length (in bytes) of the salt to use for the PBE algorithm.
If this value is not specified, the default for PBES2 is 16 (128 bits)
and 8 (64 bits) for PBES1.
=item B<-rand> I<files>, B<-writerand> I<file>
See L<openssl(1)/Random State Options> for details.
=item B<-engine> I<id>
See L<openssl(1)/Engine Options>.
This option is deprecated.
=item B<-provider> I<name>
=item B<-provider-path> I<path>
=item B<-propquery> I<propq>
See L<openssl(1)/Provider Options>, L<provider(7)>, and L<property(7)>.
=back
=head1 NOTES
By default, when converting a key to PKCS#8 format, PKCS#5 v2.0 using 256 bit
AES with HMAC and SHA256 is used.
Some older implementations do not support PKCS#5 v2.0 format and require
the older PKCS#5 v1.5 form instead, possibly also requiring insecure weak
encryption algorithms such as 56 bit DES.
Private keys encrypted using PKCS#5 v2.0 algorithms and high iteration
counts are more secure that those encrypted using the traditional
SSLeay compatible formats. So if additional security is considered
important the keys should be converted.
It is possible to write out DER encoded encrypted private keys in
PKCS#8 format because the encryption details are included at an ASN1
level whereas the traditional format includes them at a PEM level.
=head1 PKCS#5 V1.5 AND PKCS#12 ALGORITHMS
Various algorithms can be used with the B<-v1> command line option,
including PKCS#5 v1.5 and PKCS#12. These are described in more detail
below.
=over 4
=item B<PBE-MD2-DES PBE-MD5-DES>
These algorithms were included in the original PKCS#5 v1.5 specification.
They only offer 56 bits of protection since they both use DES.
=item B<PBE-SHA1-RC2-64>, B<PBE-MD2-RC2-64>, B<PBE-MD5-RC2-64>, B<PBE-SHA1-DES>
These algorithms are not mentioned in the original PKCS#5 v1.5 specification
but they use the same key derivation algorithm and are supported by some
software. They are mentioned in PKCS#5 v2.0. They use either 64 bit RC2 or
56 bit DES.
=item B<PBE-SHA1-RC4-128>, B<PBE-SHA1-RC4-40>, B<PBE-SHA1-3DES>, B<PBE-SHA1-2DES>, B<PBE-SHA1-RC2-128>, B<PBE-SHA1-RC2-40>
These algorithms use the PKCS#12 password based encryption algorithm and
allow strong encryption algorithms like triple DES or 128 bit RC2 to be used.
=back
=head1 EXAMPLES
Convert a private key to PKCS#8 format using default parameters (AES with
256 bit key and B<hmacWithSHA256>):
openssl pkcs8 -in key.pem -topk8 -out enckey.pem
Convert a private key to PKCS#8 unencrypted format:
openssl pkcs8 -in key.pem -topk8 -nocrypt -out enckey.pem
Convert a private key to PKCS#5 v2.0 format using triple DES:
openssl pkcs8 -in key.pem -topk8 -v2 des3 -out enckey.pem
Convert a private key to PKCS#5 v2.0 format using AES with 256 bits in CBC
mode and B<hmacWithSHA512> PRF:
openssl pkcs8 -in key.pem -topk8 -v2 aes-256-cbc -v2prf hmacWithSHA512 -out enckey.pem
Convert a private key to PKCS#8 using a PKCS#5 1.5 compatible algorithm
(DES):
openssl pkcs8 -in key.pem -topk8 -v1 PBE-MD5-DES -out enckey.pem
Convert a private key to PKCS#8 using a PKCS#12 compatible algorithm
(3DES):
openssl pkcs8 -in key.pem -topk8 -out enckey.pem -v1 PBE-SHA1-3DES
Read a DER unencrypted PKCS#8 format private key:
openssl pkcs8 -inform DER -nocrypt -in key.der -out key.pem
Convert a private key from any PKCS#8 encrypted format to traditional format:
openssl pkcs8 -in pk8.pem -traditional -out key.pem
Convert a private key to PKCS#8 format, encrypting with AES-256 and with
one million iterations of the password:
openssl pkcs8 -in key.pem -topk8 -v2 aes-256-cbc -iter 1000000 -out pk8.pem
=head1 STANDARDS
Test vectors from this PKCS#5 v2.0 implementation were posted to the
pkcs-tng mailing list using triple DES, DES and RC2 with high iteration
counts, several people confirmed that they could decrypt the private
keys produced and therefore, it can be assumed that the PKCS#5 v2.0
implementation is reasonably accurate at least as far as these
algorithms are concerned.
The format of PKCS#8 DSA (and other) private keys is not well documented:
it is hidden away in PKCS#11 v2.01, section 11.9. OpenSSL's default DSA
PKCS#8 private key format complies with this standard.
=head1 BUGS
There should be an option that prints out the encryption algorithm
in use and other details such as the iteration count.
=head1 SEE ALSO
L<openssl(1)>,
L<openssl-dsa(1)>,
L<openssl-rsa(1)>,
L<openssl-genrsa(1)>,
L<openssl-gendsa(1)>
=head1 HISTORY
The B<-iter> option was added in OpenSSL 1.1.0.
The B<-engine> option was deprecated in OpenSSL 3.0.
=head1 COPYRIGHT
Copyright 2000-2023 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
in the file LICENSE in the source distribution or at
L<https://www.openssl.org/source/license.html>.
=cut

252
openssl-3.4.2/doc/man1/openssl-pkey.pod Normal file
View File

@@ -0,0 +1,252 @@
=pod
=begin comment
WARNING: do not edit!
Generated by Makefile from doc/man1/openssl-pkey.pod.in
=end comment
=head1 NAME
openssl-pkey - public or private key processing command
=head1 SYNOPSIS
B<openssl> B<pkey>
[B<-help>]
[B<-engine> I<id>]
[B<-provider> I<name>]
[B<-provider-path> I<path>]
[B<-propquery> I<propq>]
[B<-check>]
[B<-pubcheck>]
[B<-in> I<filename>|I<uri>]
[B<-inform> B<DER>|B<PEM>|B<P12>|B<ENGINE>]
[B<-passin> I<arg>]
[B<-pubin>]
[B<-out> I<filename>]
[B<-outform> B<DER>|B<PEM>]
[B<-I<cipher>>]
[B<-passout> I<arg>]
[B<-traditional>]
[B<-pubout>]
[B<-noout>]
[B<-text>]
[B<-text_pub>]
[B<-ec_conv_form> I<arg>]
[B<-ec_param_enc> I<arg>]
=head1 DESCRIPTION
This command processes public or private keys. They can be
converted between various forms and their components printed.
=head1 OPTIONS
=head2 General options
=over 4
=item B<-help>
Print out a usage message.
=item B<-engine> I<id>
See L<openssl(1)/Engine Options>.
This option is deprecated.
=item B<-provider> I<name>
=item B<-provider-path> I<path>
=item B<-propquery> I<propq>
See L<openssl(1)/Provider Options>, L<provider(7)>, and L<property(7)>.
=item B<-check>
This option checks the consistency of a key pair for both public and private
components.
=item B<-pubcheck>
This option checks the correctness of either a public key
or the public component of a key pair.
=back
=head2 Input options
=over 4
=item B<-in> I<filename>|I<uri>
This specifies the input to read a key from
or standard input if this option is not specified.
If the key input is encrypted and B<-passin> is not given
a pass phrase will be prompted for.
=item B<-inform> B<DER>|B<PEM>|B<P12>|B<ENGINE>
The key input format; unspecified by default.
See L<openssl-format-options(1)> for details.
=item B<-passin> I<arg>
The password source for the key input.
For more information about the format of B<arg>
see L<openssl-passphrase-options(1)>.
=item B<-pubin>
By default a private key is read from the input.
With this option a public key is read instead.
If the input contains no public key but a private key, its public part is used.
=back
=head2 Output options
=over 4
=item B<-out> I<filename>
This specifies the output filename to save the encoded and/or text output of key
or standard output if this option is not specified.
If any cipher option is set but no B<-passout> is given
then a pass phrase will be prompted for.
The output filename should B<not> be the same as the input filename.
=item B<-outform> B<DER>|B<PEM>
The key output format; the default is B<PEM>.
See L<openssl-format-options(1)> for details.
=item B<-I<cipher>>
Encrypt the PEM encoded private key with the supplied cipher. Any algorithm
name accepted by EVP_get_cipherbyname() is acceptable such as B<aes128>.
Encryption is not supported for DER output.
=item B<-passout> I<arg>
The password source for the output file.
For more information about the format of B<arg>
see L<openssl-passphrase-options(1)>.
=item B<-traditional>
Normally a private key is written using standard format: this is PKCS#8 form
with the appropriate encryption algorithm (if any). If the B<-traditional>
option is specified then the older "traditional" format is used instead.
=item B<-pubout>
By default the private and public key is output;
this option restricts the output to the public components.
This option is automatically set if the input is a public key.
When combined with B<-text>, this is equivalent to B<-text_pub>.
=item B<-noout>
Do not output the key in encoded form.
=item B<-text>
Output the various key components in plain text
(possibly in addition to the PEM encoded form).
This cannot be combined with encoded output in DER format.
=item B<-text_pub>
Output in text form only the public key components (also for private keys).
This cannot be combined with encoded output in DER format.
=item B<-ec_conv_form> I<arg>
This option only applies to elliptic-curve based keys.
This specifies how the points on the elliptic curve are converted
into octet strings. Possible values are: B<compressed> (the default
value), B<uncompressed> and B<hybrid>. For more information regarding
the point conversion forms please read the X9.62 standard.
B<Note> Due to patent issues the B<compressed> option is disabled
by default for binary curves and can be enabled by defining
the preprocessor macro B<OPENSSL_EC_BIN_PT_COMP> at compile time.
=item B<-ec_param_enc> I<arg>
This option only applies to elliptic curve based public and private keys.
This specifies how the elliptic curve parameters are encoded.
Possible value are: B<named_curve>, i.e. the ec parameters are
specified by an OID, or B<explicit> where the ec parameters are
explicitly given (see RFC 3279 for the definition of the
EC parameters structures). The default value is B<named_curve>.
B<Note> the B<implicitlyCA> alternative, as specified in RFC 3279,
is currently not implemented in OpenSSL.
=back
=head1 EXAMPLES
To remove the pass phrase on a private key:
openssl pkey -in key.pem -out keyout.pem
To encrypt a private key using triple DES:
openssl pkey -in key.pem -des3 -out keyout.pem
To convert a private key from PEM to DER format:
openssl pkey -in key.pem -outform DER -out keyout.der
To print out the components of a private key to standard output:
openssl pkey -in key.pem -text -noout
To print out the public components of a private key to standard output:
openssl pkey -in key.pem -text_pub -noout
To just output the public part of a private key:
openssl pkey -in key.pem -pubout -out pubkey.pem
To change the EC parameters encoding to B<explicit>:
openssl pkey -in key.pem -ec_param_enc explicit -out keyout.pem
To change the EC point conversion form to B<compressed>:
openssl pkey -in key.pem -ec_conv_form compressed -out keyout.pem
=head1 SEE ALSO
L<openssl(1)>,
L<openssl-genpkey(1)>,
L<openssl-rsa(1)>,
L<openssl-pkcs8(1)>,
L<openssl-dsa(1)>,
L<openssl-genrsa(1)>,
L<openssl-gendsa(1)>
=head1 HISTORY
The B<-engine> option was deprecated in OpenSSL 3.0.
=head1 COPYRIGHT
Copyright 2006-2023 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
in the file LICENSE in the source distribution or at
L<https://www.openssl.org/source/license.html>.
=cut

111
openssl-3.4.2/doc/man1/openssl-pkeyparam.pod Normal file
View File

@@ -0,0 +1,111 @@
=pod
=begin comment
WARNING: do not edit!
Generated by Makefile from doc/man1/openssl-pkeyparam.pod.in
=end comment
=head1 NAME
openssl-pkeyparam - public key algorithm parameter processing command
=head1 SYNOPSIS
B<openssl> B<pkeyparam>
[B<-help>]
[B<-in> I<filename>]
[B<-out> I<filename>]
[B<-text>]
[B<-noout>]
[B<-check>]
[B<-engine> I<id>]
[B<-provider> I<name>]
[B<-provider-path> I<path>]
[B<-propquery> I<propq>]
=head1 DESCRIPTION
This command processes public key algorithm parameters.
They can be checked for correctness and their components printed out.
=head1 OPTIONS
=over 4
=item B<-help>
Print out a usage message.
=item B<-in> I<filename>
This specifies the input filename to read parameters from or standard input if
this option is not specified.
=item B<-out> I<filename>
This specifies the output filename to write parameters to or standard output if
this option is not specified.
=item B<-text>
Prints out the parameters in plain text in addition to the encoded version.
=item B<-noout>
Do not output the encoded version of the parameters.
=item B<-check>
This option checks the correctness of parameters.
=item B<-engine> I<id>
See L<openssl(1)/Engine Options>.
This option is deprecated.
=item B<-provider> I<name>
=item B<-provider-path> I<path>
=item B<-propquery> I<propq>
See L<openssl(1)/Provider Options>, L<provider(7)>, and L<property(7)>.
=back
=head1 EXAMPLES
Print out text version of parameters:
openssl pkeyparam -in param.pem -text
=head1 NOTES
There are no B<-inform> or B<-outform> options for this command because only
PEM format is supported because the key type is determined by the PEM headers.
=head1 SEE ALSO
L<openssl(1)>,
L<openssl-genpkey(1)>,
L<openssl-rsa(1)>,
L<openssl-pkcs8(1)>,
L<openssl-dsa(1)>,
L<openssl-genrsa(1)>,
L<openssl-gendsa(1)>
=head1 HISTORY
The B<-engine> option was deprecated in OpenSSL 3.0.
=head1 COPYRIGHT
Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
in the file LICENSE in the source distribution or at
L<https://www.openssl.org/source/license.html>.
=cut

540
openssl-3.4.2/doc/man1/openssl-pkeyutl.pod Normal file
View File

@@ -0,0 +1,540 @@
=pod
=begin comment
WARNING: do not edit!
Generated by Makefile from doc/man1/openssl-pkeyutl.pod.in
=end comment
=head1 NAME
openssl-pkeyutl - asymmetric key command
=head1 SYNOPSIS
B<openssl> B<pkeyutl>
[B<-help>]
[B<-in> I<file>]
[B<-rawin>]
[B<-digest> I<algorithm>]
[B<-out> I<file>]
[B<-secret> I<file>]
[B<-sigfile> I<file>]
[B<-inkey> I<filename>|I<uri>]
[B<-keyform> B<DER>|B<PEM>|B<P12>|B<ENGINE>]
[B<-passin> I<arg>]
[B<-pubin>]
[B<-certin>]
[B<-rev>]
[B<-sign>]
[B<-verify>]
[B<-verifyrecover>]
[B<-encrypt>]
[B<-decrypt>]
[B<-derive>]
[B<-peerkey> I<file>]
[B<-peerform> B<DER>|B<PEM>|B<P12>|B<ENGINE>]
[B<-encap>]
[B<-decap>]
[B<-kdf> I<algorithm>]
[B<-kdflen> I<length>]
[B<-kemop> I<operation>]
[B<-pkeyopt> I<opt>:I<value>]
[B<-pkeyopt_passin> I<opt>[:I<passarg>]]
[B<-hexdump>]
[B<-asn1parse>]
[B<-engine> I<id>]
[B<-engine_impl>]
[B<-rand> I<files>]
[B<-writerand> I<file>]
[B<-provider> I<name>]
[B<-provider-path> I<path>]
[B<-propquery> I<propq>]
[B<-config> I<configfile>]
=head1 DESCRIPTION
This command can be used to perform low-level operations
on asymmetric (public or private) keys using any supported algorithm.
By default the signing operation (see B<-sign> option) is assumed.
=head1 OPTIONS
=over 4
=item B<-help>
Print out a usage message.
=item B<-in> I<filename>
This specifies the input filename to read data from or standard input
if this option is not specified.
=item B<-rawin>
This indicates that the signature or verification input data is raw data,
which is not hashed by any message digest algorithm.
Except with EdDSA,
the user can specify a digest algorithm by using the B<-digest> option.
For signature algorithms like RSA, DSA and ECDSA,
the default digest algorithm is SHA256. For SM2, it is SM3.
This option can only be used with B<-sign> and B<-verify>.
For EdDSA (the Ed25519 and Ed448 algorithms) this option is required.
=item B<-digest> I<algorithm>
This option can only be used with B<-sign> and B<-verify>.
It specifies the digest algorithm that is used to hash the input data
before signing or verifying it with the input key. This option could be omitted
if the signature algorithm does not require preprocessing the input through
a pluggable hash function before signing (for instance, EdDSA). If this option
is omitted but the signature algorithm requires one and the B<-rawin> option
is given, a default value will be used (see B<-rawin> for details).
If this option is present, then the B<-rawin> option is required.
At this time, HashEdDSA (the ph or "prehash" variant of EdDSA) is not supported,
so the B<-digest> option cannot be used with EdDSA.
=item B<-out> I<filename>
Specifies the output filename to write to or standard output by default.
=item B<-secret> I<filename>
Specifies the output filename to write the secret to on I<-encap>.
=item B<-sigfile> I<file>
Signature file, required and allowed for B<-verify> operations only.
=item B<-inkey> I<filename>|I<uri>
The input key, by default it should be a private key.
=item B<-keyform> B<DER>|B<PEM>|B<P12>|B<ENGINE>
The key format; unspecified by default.
See L<openssl-format-options(1)> for details.
=item B<-passin> I<arg>
The input key password source. For more information about the format of I<arg>
see L<openssl-passphrase-options(1)>.
=item B<-pubin>
By default a private key is read from the key input.
With this option a public key is read instead.
If the input contains no public key but a private key, its public part is used.
=item B<-certin>
The input is a certificate containing a public key.
=item B<-rev>
Reverse the order of the input buffer. This is useful for some libraries
(such as CryptoAPI) which represent the buffer in little-endian format.
This cannot be used in conjunction with B<-rawin>.
=item B<-sign>
Sign the input data and output the signed result. This requires a private key.
Using a message digest operation along with this is recommended,
when applicable, see the B<-rawin> and B<-digest> options for details.
Otherwise, the input data given with the B<-in> option is assumed to already
be a digest, but this may then require an additional B<-pkeyopt> C<digest:>I<md>
in some cases (e.g., RSA with the default PKCS#1 padding mode).
Even for other algorithms like ECDSA, where the additional B<-pkeyopt> option
does not affect signature output, it is recommended, as it enables
checking that the input length is consistent with the intended digest.
=item B<-verify>
Verify the input data against the signature given with the B<-sigfile> option
and indicate if the verification succeeded or failed.
The input data given with the B<-in> option is assumed to be a hash value
unless the B<-rawin> option is specified or implied.
With raw data, when a digest algorithm is applicable, though it may be inferred
from the signature or take a default value, it should also be specified.
=item B<-verifyrecover>
Verify the given signature and output the recovered data (signature payload).
For example, in case of RSA PKCS#1 the recovered data is the B<EMSA-PKCS-v1_5>
DER encoding of the digest algorithm OID and value as specified in
L<RFC8017 Section 9.2|https://datatracker.ietf.org/doc/html/rfc8017#section-9.2>.
Note that here the input given with the B<-in> option is not a signature input
(as with the B<-sign> and B<-verify> options) but a signature output value,
typically produced using the B<-sign> option.
This option is available only for use with RSA keys.
=item B<-encrypt>
Encrypt the input data using a public key.
=item B<-decrypt>
Decrypt the input data using a private key.
=item B<-derive>
Derive a shared secret using own private (EC)DH key and peer key.
=item B<-peerkey> I<file>
File containing the peer public or private (EC)DH key
to use with the key derivation (agreement) operation.
Its type must match the type of the own private key given with B<-inkey>.
=item B<-peerform> B<DER>|B<PEM>|B<P12>|B<ENGINE>
The peer key format; unspecified by default.
See L<openssl-format-options(1)> for details.
=item B<-encap>
Encapsulate a generated secret using a private key.
The encapsulated result (binary data) is written to standard output by default,
or else to the file specified with I<-out>.
The I<-secret> option must also be provided to specify the output file for the
secret value generated in the encapsulation process.
=item B<-decap>
Decapsulate the secret using a private key.
The result (binary data) is written to standard output by default, or else to
the file specified with I<-out>.
=item B<-kemop> I<operation>
This option is used for I<-encap>/I<-decap> commands and specifies the KEM
operation specific for the key algorithm when there is no default KEM
operation.
If the algorithm has the default KEM operation, this option can be omitted.
See L<EVP_PKEY_CTX_set_kem_op(3)> and algorithm-specific KEM documentation e.g.
L<EVP_KEM-RSA(7)>, L<EVP_KEM-EC(7)>, L<EVP_KEM-X25519(7)>, and
L<EVP_KEM-X448(7)>.
=item B<-kdf> I<algorithm>
Use key derivation function I<algorithm>. The supported algorithms are
at present B<TLS1-PRF> and B<HKDF>.
Note: additional parameters and the KDF output length will normally have to be
set for this to work.
See L<EVP_PKEY_CTX_set_hkdf_md(3)> and L<EVP_PKEY_CTX_set_tls1_prf_md(3)>
for the supported string parameters of each algorithm.
=item B<-kdflen> I<length>
Set the output length for KDF.
=item B<-pkeyopt> I<opt>:I<value>
Public key options specified as opt:value. See NOTES below for more details.
=item B<-pkeyopt_passin> I<opt>[:I<passarg>]
Allows reading a public key option I<opt> from stdin or a password source.
If only I<opt> is specified, the user will be prompted to enter a password on
stdin. Alternatively, I<passarg> can be specified which can be any value
supported by L<openssl-passphrase-options(1)>.
=item B<-hexdump>
hex dump the output data.
=item B<-asn1parse>
Parse the ASN.1 output data to check its DER encoding and print any errors.
When combined with the B<-verifyrecover> option, this may be useful in case
an ASN.1 DER-encoded structure had been signed directly (without hashing it)
and when checking a signature in PKCS#1 v1.5 format, which has a DER encoding.
=item B<-engine> I<id>
See L<openssl(1)/Engine Options>.
This option is deprecated.
=item B<-engine_impl>
When used with the B<-engine> option, it specifies to also use
engine I<id> for crypto operations.
=item B<-rand> I<files>, B<-writerand> I<file>
See L<openssl(1)/Random State Options> for details.
=item B<-provider> I<name>
=item B<-provider-path> I<path>
=item B<-propquery> I<propq>
See L<openssl(1)/Provider Options>, L<provider(7)>, and L<property(7)>.
=item B<-config> I<configfile>
See L<openssl(1)/Configuration Option>.
=back
=head1 NOTES
The operations and options supported vary according to the key algorithm
and its implementation. The OpenSSL operations and options are indicated below.
Unless otherwise mentioned, the B<-pkeyopt> option supports
for all public-key types the C<digest:>I<alg> argument,
which specifies the digest in use for the signing and verification operations.
The value I<alg> should represent a digest name as used in the
EVP_get_digestbyname() function for example B<sha256>. This value is not used to
hash the input data. It is used (by some algorithms) for sanity-checking the
lengths of data passed in and for creating the structures that make up the
signature (e.g., B<DigestInfo> in RSASSA PKCS#1 v1.5 signatures).
For instance,
if the value of the B<-pkeyopt> option C<digest> argument is B<sha256>,
the signature or verification input should be the 32 bytes long binary value
of the SHA256 hash function output.
Unless B<-rawin> is used or implied, this command does not hash the input data
but rather it will use the data directly as input to the signature algorithm.
Depending on the key type, signature type, and mode of padding, the maximum
sensible lengths of input data differ. With RSA the signed data cannot be longer
than the key modulus. In case of ECDSA and DSA the data should not be longer
than the field size, otherwise it will be silently truncated to the field size.
In any event the input size must not be larger than the largest supported digest
output size B<EVP_MAX_MD_SIZE>, which currently is 64 bytes.
=head1 RSA ALGORITHM
The RSA algorithm generally supports the encrypt, decrypt, sign,
verify and verifyrecover operations. However, some padding modes
support only a subset of these operations. The following additional
B<pkeyopt> values are supported:
=over 4
=item B<rsa_padding_mode:>I<mode>
This sets the RSA padding mode. Acceptable values for I<mode> are B<pkcs1> for
PKCS#1 padding, B<none> for no padding, B<oaep>
for B<OAEP> mode, B<x931> for X9.31 mode and B<pss> for PSS.
In PKCS#1 padding, if the message digest is not set, then the supplied data is
signed or verified directly instead of using a B<DigestInfo> structure. If a
digest is set, then the B<DigestInfo> structure is used and its length
must correspond to the digest type.
Note, for B<pkcs1> padding, as a protection against the Bleichenbacher attack,
the decryption will not fail in case of padding check failures. Use B<none>
and manual inspection of the decrypted message to verify if the decrypted
value has correct PKCS#1 v1.5 padding.
For B<oaep> mode only encryption and decryption is supported.
For B<x931> if the digest type is set it is used to format the block data
otherwise the first byte is used to specify the X9.31 digest ID. Sign,
verify and verifyrecover are can be performed in this mode.
For B<pss> mode only sign and verify are supported and the digest type must be
specified.
=item B<rsa_pss_saltlen:>I<len>
For B<pss> mode only this option specifies the salt length. Three special
values are supported: B<digest> sets the salt length to the digest length,
B<max> sets the salt length to the maximum permissible value. When verifying
B<auto> causes the salt length to be automatically determined based on the
B<PSS> block structure.
=item B<rsa_mgf1_md:>I<digest>
For PSS and OAEP padding sets the MGF1 digest. If the MGF1 digest is not
explicitly set in PSS mode then the signing digest is used.
=item B<rsa_oaep_md:>I<digest>
Sets the digest used for the OAEP hash function. If not explicitly set then
SHA256 is used.
=item B<rsa_pkcs1_implicit_rejection:>I<flag>
Disables (when set to 0) or enables (when set to 1) the use of implicit
rejection with PKCS#1 v1.5 decryption. When enabled (the default), as a
protection against Bleichenbacher attack, the library will generate a
deterministic random plaintext that it will return to the caller in case
of padding check failure.
When disabled, it's the callers' responsibility to handle the returned
errors in a side-channel free manner.
=back
=head1 RSA-PSS ALGORITHM
The RSA-PSS algorithm is a restricted version of the RSA algorithm which only
supports the sign and verify operations with PSS padding. The following
additional B<-pkeyopt> values are supported:
=over 4
=item B<rsa_padding_mode:>I<mode>, B<rsa_pss_saltlen:>I<len>,
B<rsa_mgf1_md:>I<digest>
These have the same meaning as the B<RSA> algorithm with some additional
restrictions. The padding mode can only be set to B<pss> which is the
default value.
If the key has parameter restrictions then the digest, MGF1
digest and salt length are set to the values specified in the parameters.
The digest and MG cannot be changed and the salt length cannot be set to a
value less than the minimum restriction.
=back
=head1 DSA ALGORITHM
The DSA algorithm supports signing and verification operations only. Currently
there are no additional B<-pkeyopt> options other than B<digest>. The SHA256
digest is assumed by default.
=head1 DH ALGORITHM
The DH algorithm only supports the derivation operation and no additional
B<-pkeyopt> options.
=head1 EC ALGORITHM
The EC algorithm supports sign, verify and derive operations. The sign and
verify operations use ECDSA and derive uses ECDH. SHA256 is assumed by default
for the B<-pkeyopt> B<digest> option.
=head1 X25519 AND X448 ALGORITHMS
The X25519 and X448 algorithms support key derivation only. Currently there are
no additional options.
=head1 ED25519 AND ED448 ALGORITHMS
These algorithms only support signing and verifying. OpenSSL only implements the
"pure" variants of these algorithms so raw data can be passed directly to them
without hashing them first. OpenSSL only supports
"oneshot" operation with these algorithms. This means that the entire file to
be signed/verified must be read into memory before processing it. Signing or
Verifying very large files should be avoided. Additionally the size of the file
must be known for this to work. If the size of the file cannot be determined
(for example if the input is stdin) then the sign or verify operation will fail.
=head1 SM2
The SM2 algorithm supports sign, verify, encrypt and decrypt operations. For
the sign and verify operations, SM2 requires an Distinguishing ID string to
be passed in. The following B<-pkeyopt> value is supported:
=over 4
=item B<distid:>I<string>
This sets the ID string used in SM2 sign or verify operations. While verifying
an SM2 signature, the ID string must be the same one used when signing the data.
Otherwise the verification will fail.
=item B<hexdistid:>I<hex_string>
This sets the ID string used in SM2 sign or verify operations. While verifying
an SM2 signature, the ID string must be the same one used when signing the data.
Otherwise the verification will fail. The ID string provided with this option
should be a valid hexadecimal value.
=back
=head1 EXAMPLES
Sign some data using a private key:
openssl pkeyutl -sign -in file -inkey key.pem -out sig
Recover the signed data (e.g. if an RSA key is used):
openssl pkeyutl -verifyrecover -in sig -inkey key.pem
Verify the signature (e.g. a DSA key):
openssl pkeyutl -verify -in file -sigfile sig -inkey key.pem
Sign data using a message digest value (this is currently only valid for RSA):
openssl pkeyutl -sign -in file -inkey key.pem -out sig -pkeyopt digest:sha256
Derive a shared secret value:
openssl pkeyutl -derive -inkey key.pem -peerkey pubkey.pem -out secret
Hexdump 48 bytes of TLS1 PRF using digest B<SHA256> and shared secret and
seed consisting of the single byte 0xFF:
openssl pkeyutl -kdf TLS1-PRF -kdflen 48 -pkeyopt md:SHA256 \
-pkeyopt hexsecret:ff -pkeyopt hexseed:ff -hexdump
Derive a key using B<scrypt> where the password is read from command line:
openssl pkeyutl -kdf scrypt -kdflen 16 -pkeyopt_passin pass \
-pkeyopt hexsalt:aabbcc -pkeyopt N:16384 -pkeyopt r:8 -pkeyopt p:1
Derive using the same algorithm, but read key from environment variable MYPASS:
openssl pkeyutl -kdf scrypt -kdflen 16 -pkeyopt_passin pass:env:MYPASS \
-pkeyopt hexsalt:aabbcc -pkeyopt N:16384 -pkeyopt r:8 -pkeyopt p:1
Sign some data using an L<SM2(7)> private key and a specific ID:
openssl pkeyutl -sign -in file -inkey sm2.key -out sig -rawin -digest sm3 \
-pkeyopt distid:someid
Verify some data using an L<SM2(7)> certificate and a specific ID:
openssl pkeyutl -verify -certin -in file -inkey sm2.cert -sigfile sig \
-rawin -digest sm3 -pkeyopt distid:someid
Decrypt some data using a private key with OAEP padding using SHA256:
openssl pkeyutl -decrypt -in file -inkey key.pem -out secret \
-pkeyopt rsa_padding_mode:oaep -pkeyopt rsa_oaep_md:sha256
=head1 SEE ALSO
L<openssl(1)>,
L<openssl-genpkey(1)>,
L<openssl-pkey(1)>,
L<openssl-rsautl(1)>
L<openssl-dgst(1)>,
L<openssl-rsa(1)>,
L<openssl-genrsa(1)>,
L<openssl-kdf(1)>
L<EVP_PKEY_CTX_set_hkdf_md(3)>,
L<EVP_PKEY_CTX_set_tls1_prf_md(3)>,
=head1 HISTORY
The B<-engine> option was deprecated in OpenSSL 3.0.
=head1 COPYRIGHT
Copyright 2006-2025 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
in the file LICENSE in the source distribution or at
L<https://www.openssl.org/source/license.html>.
=cut

84
openssl-3.4.2/doc/man1/openssl-prime.pod Normal file
View File

@@ -0,0 +1,84 @@
=pod
=begin comment
WARNING: do not edit!
Generated by Makefile from doc/man1/openssl-prime.pod.in
=end comment
=head1 NAME
openssl-prime - compute prime numbers
=head1 SYNOPSIS
B<openssl prime>
[B<-help>]
[B<-hex>]
[B<-generate>]
[B<-bits> I<num>]
[B<-safe>]
[B<-provider> I<name>]
[B<-provider-path> I<path>]
[B<-propquery> I<propq>]
[B<-checks> I<num>]
[I<number> ...]
=head1 DESCRIPTION
This command checks if the specified numbers are prime.
If no numbers are given on the command line, the B<-generate> flag should
be used to generate primes according to the requirements specified by the
rest of the flags.
=head1 OPTIONS
=over 4
=item B<-help>
Display an option summary.
=item B<-hex>
Generate hex output.
=item B<-generate>
Generate a prime number.
=item B<-bits> I<num>
Generate a prime with I<num> bits.
=item B<-safe>
When used with B<-generate>, generates a "safe" prime. If the number
generated is I<n>, then check that C<(I<n>-1)/2> is also prime.
=item B<-provider> I<name>
=item B<-provider-path> I<path>
=item B<-propquery> I<propq>
See L<openssl(1)/Provider Options>, L<provider(7)>, and L<property(7)>.
=item B<-checks> I<num>
This parameter is ignored.
=back
=head1 COPYRIGHT
Copyright 2017-2020 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
in the file LICENSE in the source distribution or at
L<https://www.openssl.org/source/license.html>.
=cut

107
openssl-3.4.2/doc/man1/openssl-rand.pod Normal file
View File

@@ -0,0 +1,107 @@
=pod
=begin comment
WARNING: do not edit!
Generated by Makefile from doc/man1/openssl-rand.pod.in
=end comment
=head1 NAME
openssl-rand - generate pseudo-random bytes
=head1 SYNOPSIS
B<openssl rand>
[B<-help>]
[B<-out> I<file>]
[B<-base64>]
[B<-hex>]
[B<-engine> I<id>]
[B<-rand> I<files>]
[B<-writerand> I<file>]
[B<-provider> I<name>]
[B<-provider-path> I<path>]
[B<-propquery> I<propq>]
I<num>[K|M|G|T]
=head1 DESCRIPTION
This command generates I<num> random bytes using a cryptographically
secure pseudo random number generator (CSPRNG). A suffix [K|M|G|T] may be
appended to the num value to indicate the requested value be scaled as a
multiple of KiB/MiB/GiB/TiB respectively. Note that suffixes are case
sensitive, and that the suffixes represent binary multiples
(K = 1024 bytes, M = 1024*1024 bytes, etc).
The string 'max' may be substituted for a numerical value in num, to request the
maximum number of bytes the CSPRNG can produce per instantiation. Currently,
this is restricted to 2^61 bytes as per NIST SP 800-90C.
The random bytes are generated using the L<RAND_bytes(3)> function,
which provides a security level of 256 bits, provided it managed to
seed itself successfully from a trusted operating system entropy source.
Otherwise, the command will fail with a nonzero error code.
For more details, see L<RAND_bytes(3)>, L<RAND(7)>, and L<EVP_RAND(7)>.
=head1 OPTIONS
=over 4
=item B<-help>
Print out a usage message.
=item B<-out> I<file>
Write to I<file> instead of standard output.
=item B<-base64>
Perform base64 encoding on the output.
=item B<-hex>
Show the output as a hex string.
=item B<-engine> I<id>
See L<openssl(1)/Engine Options>.
This option is deprecated.
=item B<-rand> I<files>, B<-writerand> I<file>
See L<openssl(1)/Random State Options> for details.
=item B<-provider> I<name>
=item B<-provider-path> I<path>
=item B<-propquery> I<propq>
See L<openssl(1)/Provider Options>, L<provider(7)>, and L<property(7)>.
=back
=head1 SEE ALSO
L<openssl(1)>,
L<RAND_bytes(3)>,
L<RAND(7)>,
L<EVP_RAND(7)>
=head1 HISTORY
The B<-engine> option was deprecated in OpenSSL 3.0.
=head1 COPYRIGHT
Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
in the file LICENSE in the source distribution or at
L<https://www.openssl.org/source/license.html>.
=cut

173
openssl-3.4.2/doc/man1/openssl-rehash.pod Normal file
View File

@@ -0,0 +1,173 @@
=pod
=begin comment
WARNING: do not edit!
Generated by Makefile from doc/man1/openssl-rehash.pod.in
=end comment
=for comment
Original text by James Westby.
=head1 NAME
openssl-rehash, c_rehash - Create symbolic links to files named by the hash
values
=head1 SYNOPSIS
B<openssl>
B<rehash>
[B<-h>]
[B<-help>]
[B<-old>]
[B<-compat>]
[B<-n>]
[B<-v>]
[B<-provider> I<name>]
[B<-provider-path> I<path>]
[B<-propquery> I<propq>]
[I<directory>] ...
B<c_rehash>
[B<-h>]
[B<-help>]
[B<-old>]
[B<-n>]
[B<-v>]
[B<-provider> I<name>]
[B<-provider-path> I<path>]
[B<-propquery> I<propq>]
[I<directory>] ...
=head1 DESCRIPTION
This command is generally equivalent to the external
script B<c_rehash>,
except for minor differences noted below.
B<openssl rehash> scans directories and calculates a hash value of
each F<.pem>, F<.crt>, F<.cer>, or F<.crl>
file in the specified directory list and creates symbolic links
for each file, where the name of the link is the hash value.
(If the platform does not support symbolic links, a copy is made.)
This command is useful as many programs that use OpenSSL require
directories to be set up like this in order to find certificates.
If any directories are named on the command line, then those are
processed in turn. If not, then the B<SSL_CERT_DIR> environment variable
is consulted; this should be a colon-separated list of directories,
like the Unix B<PATH> variable.
If that is not set then the default directory (installation-specific
but often F</usr/local/ssl/certs>) is processed.
In order for a directory to be processed, the user must have write
permissions on that directory, otherwise an error will be generated.
The links created are of the form I<HHHHHHHH.D>, where each I<H>
is a hexadecimal character and I<D> is a single decimal digit.
When a directory is processed, all links in it that have a name
in that syntax are first removed, even if they are being used for
some other purpose.
To skip the removal step, use the B<-n> flag.
Hashes for CRL's look similar except the letter B<r> appears after
the period, like this: I<HHHHHHHH.>B<r>I<D>.
Multiple objects may have the same hash; they will be indicated by
incrementing the I<D> value. Duplicates are found by comparing the
full SHA-1 fingerprint. A warning will be displayed if a duplicate
is found.
A warning will also be displayed if there are files that
cannot be parsed as either a certificate or a CRL or if
more than one such object appears in the file.
=head2 Script Configuration
The B<c_rehash> script
uses the B<openssl> program to compute the hashes and
fingerprints. If not found in the user's B<PATH>, then set the
B<OPENSSL> environment variable to the full pathname.
Any program can be used, it will be invoked as follows for either
a certificate or CRL:
$OPENSSL x509 -hash -fingerprint -noout -in FILENAME
$OPENSSL crl -hash -fingerprint -noout -in FILENAME
where I<FILENAME> is the filename. It must output the hash of the
file on the first line, and the fingerprint on the second,
optionally prefixed with some text and an equals sign.
=head1 OPTIONS
=over 4
=item B<-help> B<-h>
Display a brief usage message.
=item B<-old>
Use old-style hashing (MD5, as opposed to SHA-1) for generating
links to be used for releases before 1.0.0.
Note that current versions will not use the old style.
=item B<-n>
Do not remove existing links.
This is needed when keeping new and old-style links in the same directory.
=item B<-compat>
Generate links for both old-style (MD5) and new-style (SHA1) hashing.
This allows releases before 1.0.0 to use these links along-side newer
releases.
=item B<-v>
Print messages about old links removed and new links created.
By default, this command only lists each directory as it is processed.
=item B<-provider> I<name>
=item B<-provider-path> I<path>
=item B<-propquery> I<propq>
See L<openssl(1)/Provider Options>, L<provider(7)>, and L<property(7)>.
=back
=head1 ENVIRONMENT
=over 4
=item B<OPENSSL>
The path to an executable to use to generate hashes and
fingerprints (see above).
=item B<SSL_CERT_DIR>
Colon separated list of directories to operate on.
Ignored if directories are listed on the command line.
=back
=head1 SEE ALSO
L<openssl(1)>,
L<openssl-crl(1)>,
L<openssl-x509(1)>
=head1 COPYRIGHT
Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
in the file LICENSE in the source distribution or at
L<https://www.openssl.org/source/license.html>.
=cut

876
openssl-3.4.2/doc/man1/openssl-req.pod Normal file
View File

@@ -0,0 +1,876 @@
=pod
=begin comment
WARNING: do not edit!
Generated by Makefile from doc/man1/openssl-req.pod.in
=end comment
=head1 NAME
openssl-req - PKCS#10 certificate request and certificate generating command
=head1 SYNOPSIS
B<openssl> B<req>
[B<-help>]
[B<-inform> B<DER>|B<PEM>]
[B<-outform> B<DER>|B<PEM>]
[B<-in> I<filename>]
[B<-passin> I<arg>]
[B<-out> I<filename>]
[B<-passout> I<arg>]
[B<-text>]
[B<-pubkey>]
[B<-noout>]
[B<-verify>]
[B<-modulus>]
[B<-new>]
[B<-newkey> I<arg>]
[B<-pkeyopt> I<opt>:I<value>]
[B<-noenc>]
[B<-nodes>]
[B<-key> I<filename>|I<uri>]
[B<-keyform> B<DER>|B<PEM>|B<P12>|B<ENGINE>]
[B<-keyout> I<filename>]
[B<-keygen_engine> I<id>]
[B<-I<digest>>]
[B<-config> I<filename>]
[B<-section> I<name>]
[B<-x509>]
[B<-x509v1>]
[B<-CA> I<filename>|I<uri>]
[B<-CAkey> I<filename>|I<uri>]
[B<-not_before> I<date>]
[B<-not_after> I<date>]
[B<-days> I<n>]
[B<-set_serial> I<n>]
[B<-newhdr>]
[B<-copy_extensions> I<arg>]
[B<-extensions> I<section>]
[B<-reqexts> I<section>]
[B<-addext> I<ext>]
[B<-precert>]
[B<-utf8>]
[B<-reqopt>]
[B<-subject>]
[B<-subj> I<arg>]
[B<-multivalue-rdn>]
[B<-sigopt> I<nm>:I<v>]
[B<-vfyopt> I<nm>:I<v>]
[B<-batch>]
[B<-verbose>]
[B<-quiet>]
[B<-nameopt> I<option>]
[B<-rand> I<files>]
[B<-writerand> I<file>]
[B<-engine> I<id>]
[B<-provider> I<name>]
[B<-provider-path> I<path>]
[B<-propquery> I<propq>]
=head1 DESCRIPTION
This command primarily creates and processes certificate requests (CSRs)
in PKCS#10 format. It can additionally create self-signed certificates
for use as root CAs for example.
=head1 OPTIONS
=over 4
=item B<-help>
Print out a usage message.
=item B<-inform> B<DER>|B<PEM>
The CSR input file format to use; by default PEM is tried first.
See L<openssl-format-options(1)> for details.
=item B<-outform> B<DER>|B<PEM>
The output format; unspecified by default.
See L<openssl-format-options(1)> for details.
The data is a PKCS#10 object.
=item B<-in> I<filename>
This specifies the input filename to read a request from.
This defaults to standard input unless B<-x509> or B<-CA> is specified.
A request is only read if the creation options
(B<-new> or B<-newkey> or B<-precert>) are not specified.
=item B<-sigopt> I<nm>:I<v>
Pass options to the signature algorithm during sign operations.
Names and values of these options are algorithm-specific.
=item B<-vfyopt> I<nm>:I<v>
Pass options to the signature algorithm during verify operations.
Names and values of these options are algorithm-specific.
=begin comment
Maybe it would be preferable to only have -opts instead of -sigopt and
-vfyopt? They are both present here to be compatible with L<openssl-ca(1)>,
which supports both options for good reasons.
=end comment
=item B<-passin> I<arg>
The password source for private key and certificate input.
For more information about the format of B<arg>
see L<openssl-passphrase-options(1)>.
=item B<-passout> I<arg>
The password source for the output file.
For more information about the format of B<arg>
see L<openssl-passphrase-options(1)>.
=item B<-out> I<filename>
This specifies the output filename to write to or standard output by default.
=item B<-text>
Prints out the certificate request in text form.
=item B<-subject>
Prints out the certificate request subject
(or certificate subject if B<-x509> is in use).
=item B<-pubkey>
Prints out the public key.
=item B<-noout>
This option prevents output of the encoded version of the certificate request.
=item B<-modulus>
Prints out the value of the modulus of the public key contained in the request.
=item B<-verify>
Verifies the self-signature on the request. If the verification fails,
the program will immediately exit, i.e. further option processing
(e.g. B<-text>) is skipped.
=item B<-new>
This option generates a new certificate request. It will prompt
the user for the relevant field values. The actual fields
prompted for and their maximum and minimum sizes are specified
in the configuration file and any requested extensions.
If the B<-key> option is not given it will generate a new private key
using information specified in the configuration file or given with
the B<-newkey> and B<-pkeyopt> options,
else by default an RSA key with 2048 bits length.
=item B<-newkey> I<arg>
This option is used to generate a new private key unless B<-key> is given.
It is subsequently used as if it was given using the B<-key> option.
This option implies the B<-new> flag to create a new certificate request
or a new certificate in case B<-x509> is used.
The argument takes one of several forms.
[B<rsa:>]I<nbits> generates an RSA key I<nbits> in size.
If I<nbits> is omitted, i.e., B<-newkey> B<rsa> is specified,
the default key size specified in the configuration file
with the B<default_bits> option is used if present, else 2048.
All other algorithms support the B<-newkey> I<algname>:I<file> form, where
I<file> is an algorithm parameter file, created with C<openssl genpkey -genparam>
or an X.509 certificate for a key with appropriate algorithm.
B<param:>I<file> generates a key using the parameter file or certificate
I<file>, the algorithm is determined by the parameters.
I<algname>[:I<file>] generates a key using the given algorithm I<algname>.
If a parameter file I<file> is given then the parameters specified there
are used, where the algorithm parameters must match I<algname>.
If algorithm parameters are not given,
any necessary parameters should be specified via the B<-pkeyopt> option.
B<dsa:>I<filename> generates a DSA key using the parameters
in the file I<filename>. B<ec:>I<filename> generates EC key (usable both with
ECDSA or ECDH algorithms), B<gost2001:>I<filename> generates GOST R
34.10-2001 key (requires B<gost> engine configured in the configuration
file). If just B<gost2001> is specified a parameter set should be
specified by B<-pkeyopt> I<paramset:X>
=item B<-pkeyopt> I<opt>:I<value>
Set the public key algorithm option I<opt> to I<value>. The precise set of
options supported depends on the public key algorithm used and its
implementation.
See L<openssl-genpkey(1)/KEY GENERATION OPTIONS> for more details.
=item B<-key> I<filename>|I<uri>
This option provides the private key for signing a new certificate or
certificate request.
Unless B<-in> is given, the corresponding public key is placed in
the new certificate or certificate request, resulting in a self-signature.
For certificate signing this option is overridden by the B<-CA> option.
This option also accepts PKCS#8 format private keys for PEM format files.
=item B<-keyform> B<DER>|B<PEM>|B<P12>|B<ENGINE>
The format of the private key; unspecified by default.
See L<openssl-format-options(1)> for details.
=item B<-keyout> I<filename>
This gives the filename to write any private key to that has been newly created
or read from B<-key>. If neither the B<-keyout> option nor the B<-key> option
are given then the filename specified in the configuration file with the
B<default_keyfile> option is used, if present. Thus, if you want to write the
private key and the B<-key> option is provided, you should provide the
B<-keyout> option explicitly. If a new key is generated and no filename is
specified the key is written to standard output.
=item B<-noenc>
If this option is specified then if a private key is created it
will not be encrypted.
=item B<-nodes>
This option is deprecated since OpenSSL 3.0; use B<-noenc> instead.
=item B<-I<digest>>
This specifies the message digest to sign the request.
Any digest supported by the OpenSSL B<dgst> command can be used.
This overrides the digest algorithm specified in
the configuration file.
Some public key algorithms may override this choice. For instance, DSA
signatures always use SHA1, GOST R 34.10 signatures always use
GOST R 34.11-94 (B<-md_gost94>), Ed25519 and Ed448 never use any digest.
=item B<-config> I<filename>
This allows an alternative configuration file to be specified.
Optional; for a description of the default value,
see L<openssl(1)/COMMAND SUMMARY>.
=item B<-section> I<name>
Specifies the name of the section to use; the default is B<req>.
=item B<-subj> I<arg>
Sets subject name for new request or supersedes the subject name
when processing a certificate request.
The arg must be formatted as C</type0=value0/type1=value1/type2=...>.
Special characters may be escaped by C<\> (backslash), whitespace is retained.
Empty values are permitted, but the corresponding type will not be included
in the request.
Giving a single C</> will lead to an empty sequence of RDNs (a NULL-DN).
Multi-valued RDNs can be formed by placing a C<+> character instead of a C</>
between the AttributeValueAssertions (AVAs) that specify the members of the set.
Example:
C</DC=org/DC=OpenSSL/DC=users/UID=123456+CN=John Doe>
=item B<-multivalue-rdn>
This option has been deprecated and has no effect.
=item B<-x509>
This option outputs a certificate instead of a certificate request.
This is typically used to generate test certificates.
It is implied by the B<-CA> option.
This option implies the B<-new> flag if B<-in> is not given.
If an existing request is specified with the B<-in> option, it is converted
to a certificate; otherwise a request is created from scratch.
Unless specified using the B<-set_serial> option,
a large random number will be used for the serial number.
Unless the B<-copy_extensions> option is used,
X.509 extensions are not copied from any provided request input file.
X.509 extensions to be added can be specified in the configuration file,
possibly using the B<-config> and B<-extensions> options,
and/or using the B<-addext> option.
Unless B<-x509v1> is given, generated certificates bear X.509 version 3.
Unless specified otherwise,
key identifier extensions are included as described in L<x509v3_config(5)>.
=item B<-x509v1>
Request generation of certificates with X.509 version 1.
This implies B<-x509>.
If X.509 extensions are given, anyway X.509 version 3 is set.
=item B<-CA> I<filename>|I<uri>
Specifies the "CA" certificate to be used for signing a new certificate
and implies use of B<-x509>.
When present, this behaves like a "micro CA" as follows:
The subject name of the "CA" certificate is placed as issuer name in the new
certificate, which is then signed using the "CA" key given as specified below.
=item B<-CAkey> I<filename>|I<uri>
Sets the "CA" private key to sign a certificate with.
The private key must match the public key of the certificate given with B<-CA>.
If this option is not provided then the key must be present in the B<-CA> input.
=item B<-not_before> I<date>
When B<-x509> is in use this allows the start date to be explicitly set,
otherwise it is ignored. The format of I<date> is YYMMDDHHMMSSZ (the
same as an ASN1 UTCTime structure), or YYYYMMDDHHMMSSZ (the same as an
ASN1 GeneralizedTime structure). In both formats, seconds SS and
timezone Z must be present.
Alternatively, you can also use "today".
=item B<-not_after> I<date>
When B<-x509> is in use this allows the expiry date to be explicitly
set, otherwise it is ignored. The format of I<date> is YYMMDDHHMMSSZ
(the same as an ASN1 UTCTime structure), or YYYYMMDDHHMMSSZ (the same as
an ASN1 GeneralizedTime structure). In both formats, seconds SS and
timezone Z must be present.
Alternatively, you can also use "today".
This overrides the B<-days> option.
=item B<-days> I<n>
When B<-x509> is in use this specifies the number of days from today to
certify the certificate for, otherwise it is ignored. I<n> should
be a positive integer. The default is 30 days.
Regardless of the option B<-not_before>, the days are always counted from
today.
When used together with the option B<-not_after>, the explicit expiry
date takes precedence.
=item B<-set_serial> I<n>
Serial number to use when outputting a self-signed certificate.
This may be specified as a decimal value or a hex value if preceded by C<0x>.
If not given, a large random number will be used.
=item B<-copy_extensions> I<arg>
Determines how X.509 extensions in certificate requests should be handled
when B<-x509> is in use.
If I<arg> is B<none> or this option is not present then extensions are ignored.
If I<arg> is B<copy> or B<copyall> then
all extensions in the request are copied to the certificate.
The main use of this option is to allow a certificate request to supply
values for certain extensions such as subjectAltName.
=item B<-extensions> I<section>,
B<-reqexts> I<section>
Can be used to override the name of the configuration file section
from which X.509 extensions are included
in the certificate (when B<-x509> is in use) or certificate request.
This allows several different sections to be used in the same configuration
file to specify requests for a variety of purposes.
=item B<-addext> I<ext>
Add a specific extension to the certificate (if B<-x509> is in use)
or certificate request. The argument must have the form of
a C<key=value> pair as it would appear in a config file.
If an extension is added using this option that has the same OID as one
defined in the extension section of the config file, it overrides that one.
This option can be given multiple times.
Doing so, the same key most not be given more than once.
=item B<-precert>
A poison extension will be added to the certificate, making it a
"pre-certificate" (see RFC6962). This can be submitted to Certificate
Transparency logs in order to obtain signed certificate timestamps (SCTs).
These SCTs can then be embedded into the pre-certificate as an extension, before
removing the poison and signing the certificate.
This implies the B<-new> flag.
=item B<-utf8>
This option causes field values to be interpreted as UTF8 strings, by
default they are interpreted as ASCII. This means that the field
values, whether prompted from a terminal or obtained from a
configuration file, must be valid UTF8 strings.
=item B<-reqopt> I<option>
Customise the printing format used with B<-text>. The I<option> argument can be
a single option or multiple options separated by commas.
See discussion of the B<-certopt> parameter in the L<openssl-x509(1)>
command.
=item B<-newhdr>
Adds the word B<NEW> to the PEM file header and footer lines on the outputted
request. Some software (Netscape certificate server) and some CAs need this.
=item B<-batch>
Non-interactive mode.
=item B<-verbose>
Print extra details about the operations being performed.
=item B<-quiet>
Print fewer details about the operations being performed, which may be
handy during batch scripts or pipelines (specifically "progress dots"
during key generation are suppressed).
=item B<-keygen_engine> I<id>
Specifies an engine (by its unique I<id> string) which would be used
for key generation operations.
=item B<-nameopt> I<option>
This specifies how the subject or issuer names are displayed.
See L<openssl-namedisplay-options(1)> for details.
=item B<-rand> I<files>, B<-writerand> I<file>
See L<openssl(1)/Random State Options> for details.
=item B<-engine> I<id>
See L<openssl(1)/Engine Options>.
This option is deprecated.
=item B<-provider> I<name>
=item B<-provider-path> I<path>
=item B<-propquery> I<propq>
See L<openssl(1)/Provider Options>, L<provider(7)>, and L<property(7)>.
=back
=head1 CONFIGURATION FILE FORMAT
The configuration options are specified in the B<req> section of
the configuration file. An alternate name be specified by using the
B<-section> option.
As with all configuration files, if no
value is specified in the specific section then
the initial unnamed or B<default> section is searched too.
The options available are described in detail below.
=over 4
=item B<input_password>, B<output_password>
The passwords for the input private key file (if present) and
the output private key file (if one will be created). The
command line options B<passin> and B<passout> override the
configuration file values.
=item B<default_bits>
Specifies the default key size in bits.
This option is used in conjunction with the B<-new> option to generate
a new key. It can be overridden by specifying an explicit key size in
the B<-newkey> option. The smallest accepted key size is 512 bits. If
no key size is specified then 2048 bits is used.
=item B<default_keyfile>
This is the default filename to write a private key to. If not
specified the key is written to standard output. This can be
overridden by the B<-keyout> option.
=item B<oid_file>
This specifies a file containing additional B<OBJECT IDENTIFIERS>.
Each line of the file should consist of the numerical form of the
object identifier followed by whitespace then the short name followed
by whitespace and finally the long name.
=item B<oid_section>
This specifies a section in the configuration file containing extra
object identifiers. Each line should consist of the short name of the
object identifier followed by B<=> and the numerical form. The short
and long names are the same when this option is used.
=item B<RANDFILE>
At startup the specified file is loaded into the random number generator,
and at exit 256 bytes will be written to it.
It is used for private key generation.
=item B<encrypt_key>
If this is set to B<no> then if a private key is generated it is
B<not> encrypted. This is equivalent to the B<-noenc> command line
option. For compatibility B<encrypt_rsa_key> is an equivalent option.
=item B<default_md>
This option specifies the digest algorithm to use. Any digest supported by the
OpenSSL B<dgst> command can be used. This option can be overridden on the
command line. Certain signing algorithms (i.e. Ed25519 and Ed448) will ignore
any digest that has been set.
=item B<string_mask>
This option masks out the use of certain string types in certain
fields. Most users will not need to change this option. It can be set to
several values:
=over 4
=item B<utf8only>
- only UTF8Strings are used (this is the default value)
=item B<pkix>
- any string type except T61Strings
=item B<nombstr>
- any string type except BMPStrings and UTF8Strings
=item B<default>
- any kind of string type
=back
Note that B<utf8only> is the PKIX recommendation in RFC2459 after 2003, and the
default B<string_mask>; B<default> is not the default option. The B<nombstr>
value is a workaround for some software that has problems with variable-sized
BMPStrings and UTF8Strings.
=item B<req_extensions>
This specifies the configuration file section containing a list of
extensions to add to the certificate request. It can be overridden
by the B<-reqexts> (or B<-extensions>) command line switch. See the
L<x509v3_config(5)> manual page for details of the
extension section format.
=item B<x509_extensions>
This specifies the configuration file section containing a list of
extensions to add to certificate generated when B<-x509> is in use.
It can be overridden by the B<-extensions> command line switch.
=item B<prompt>
If set to the value B<no> this disables prompting of certificate fields
and just takes values from the config file directly. It also changes the
expected format of the B<distinguished_name> and B<attributes> sections.
=item B<utf8>
If set to the value B<yes> then field values to be interpreted as UTF8
strings, by default they are interpreted as ASCII. This means that
the field values, whether prompted from a terminal or obtained from a
configuration file, must be valid UTF8 strings.
=item B<attributes>
This specifies the section containing any request attributes: its format
is the same as B<distinguished_name>. Typically these may contain the
challengePassword or unstructuredName types. They are currently ignored
by OpenSSL's request signing utilities but some CAs might want them.
=item B<distinguished_name>
This specifies the section containing the distinguished name fields to
prompt for when generating a certificate or certificate request. The format
is described in the next section.
=back
=head1 DISTINGUISHED NAME AND ATTRIBUTE SECTION FORMAT
There are two separate formats for the distinguished name and attribute
sections. If the B<prompt> option is set to B<no> then these sections
just consist of field names and values: for example,
CN=My Name
OU=My Organization
emailAddress=someone@somewhere.org
This allows external programs (e.g. GUI based) to generate a template file with
all the field names and values and just pass it to this command. An example
of this kind of configuration file is contained in the B<EXAMPLES> section.
Alternatively if the B<prompt> option is absent or not set to B<no> then the
file contains field prompting information. It consists of lines of the form:
fieldName="prompt"
fieldName_default="default field value"
fieldName_min= 2
fieldName_max= 4
"fieldName" is the field name being used, for example commonName (or CN).
The "prompt" string is used to ask the user to enter the relevant
details. If the user enters nothing then the default value is used if no
default value is present then the field is omitted. A field can
still be omitted if a default value is present if the user just
enters the '.' character.
The number of characters entered must be between the fieldName_min and
fieldName_max limits: there may be additional restrictions based
on the field being used (for example countryName can only ever be
two characters long and must fit in a PrintableString).
Some fields (such as organizationName) can be used more than once
in a DN. This presents a problem because configuration files will
not recognize the same name occurring twice. To avoid this problem
if the fieldName contains some characters followed by a full stop
they will be ignored. So for example a second organizationName can
be input by calling it "1.organizationName".
The actual permitted field names are any object identifier short or
long names. These are compiled into OpenSSL and include the usual
values such as commonName, countryName, localityName, organizationName,
organizationalUnitName, stateOrProvinceName. Additionally emailAddress
is included as well as name, surname, givenName, initials, and dnQualifier.
Additional object identifiers can be defined with the B<oid_file> or
B<oid_section> options in the configuration file. Any additional fields
will be treated as though they were a DirectoryString.
=head1 EXAMPLES
Examine and verify certificate request:
openssl req -in req.pem -text -verify -noout
Create a private key and then generate a certificate request from it:
openssl genrsa -out key.pem 2048
openssl req -new -key key.pem -out req.pem
The same but just using req:
openssl req -newkey rsa:2048 -keyout key.pem -out req.pem
Generate a self-signed root certificate:
openssl req -x509 -newkey rsa:2048 -keyout key.pem -out req.pem
Create an SM2 private key and then generate a certificate request from it:
openssl ecparam -genkey -name SM2 -out sm2.key
openssl req -new -key sm2.key -out sm2.csr -sm3 -sigopt "distid:1234567812345678"
Examine and verify an SM2 certificate request:
openssl req -verify -in sm2.csr -sm3 -vfyopt "distid:1234567812345678"
Example of a file pointed to by the B<oid_file> option:
1.2.3.4 shortName A longer Name
1.2.3.6 otherName Other longer Name
Example of a section pointed to by B<oid_section> making use of variable
expansion:
testoid1=1.2.3.5
testoid2=${testoid1}.6
Sample configuration file prompting for field values:
[ req ]
default_bits = 2048
default_keyfile = privkey.pem
distinguished_name = req_distinguished_name
attributes = req_attributes
req_extensions = v3_ca
dirstring_type = nombstr
[ req_distinguished_name ]
countryName = Country Name (2 letter code)
countryName_default = AU
countryName_min = 2
countryName_max = 2
localityName = Locality Name (eg, city)
organizationalUnitName = Organizational Unit Name (eg, section)
commonName = Common Name (eg, YOUR name)
commonName_max = 64
emailAddress = Email Address
emailAddress_max = 40
[ req_attributes ]
challengePassword = A challenge password
challengePassword_min = 4
challengePassword_max = 20
[ v3_ca ]
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer:always
basicConstraints = critical, CA:true
Sample configuration containing all field values:
[ req ]
default_bits = 2048
default_keyfile = keyfile.pem
distinguished_name = req_distinguished_name
attributes = req_attributes
prompt = no
output_password = mypass
[ req_distinguished_name ]
C = GB
ST = Test State or Province
L = Test Locality
O = Organization Name
OU = Organizational Unit Name
CN = Common Name
emailAddress = test@email.address
[ req_attributes ]
challengePassword = A challenge password
Example of giving the most common attributes (subject and extensions)
on the command line:
openssl req -new -subj "/C=GB/CN=foo" \
-addext "subjectAltName = DNS:foo.co.uk" \
-addext "certificatePolicies = 1.2.3.4" \
-newkey rsa:2048 -keyout key.pem -out req.pem
=head1 NOTES
The certificate requests generated by B<Xenroll> with MSIE have extensions
added. It includes the B<keyUsage> extension which determines the type of
key (signature only or general purpose) and any additional OIDs entered
by the script in an B<extendedKeyUsage> extension.
=head1 DIAGNOSTICS
The following messages are frequently asked about:
Using configuration from /some/path/openssl.cnf
Unable to load config info
This is followed some time later by:
unable to find 'distinguished_name' in config
problems making Certificate Request
The first error message is the clue: it can't find the configuration
file! Certain operations (like examining a certificate request) don't
need a configuration file so its use isn't enforced. Generation of
certificates or requests however does need a configuration file. This
could be regarded as a bug.
Another puzzling message is this:
Attributes:
a0:00
this is displayed when no attributes are present and the request includes
the correct empty B<SET OF> structure (the DER encoding of which is 0xa0
0x00). If you just see:
Attributes:
then the B<SET OF> is missing and the encoding is technically invalid (but
it is tolerated). See the description of the command line option B<-asn1-kludge>
for more information.
=head1 BUGS
OpenSSL's handling of T61Strings (aka TeletexStrings) is broken: it effectively
treats them as ISO-8859-1 (Latin 1), Netscape and MSIE have similar behaviour.
This can cause problems if you need characters that aren't available in
PrintableStrings and you don't want to or can't use BMPStrings.
As a consequence of the T61String handling the only correct way to represent
accented characters in OpenSSL is to use a BMPString: unfortunately Netscape
currently chokes on these. If you have to use accented characters with Netscape
and MSIE then you currently need to use the invalid T61String form.
The current prompting is not very friendly. It doesn't allow you to confirm what
you've just entered. Other things like extensions in certificate requests are
statically defined in the configuration file. Some of these: like an email
address in subjectAltName should be input by the user.
=head1 SEE ALSO
L<openssl(1)>,
L<openssl-x509(1)>,
L<openssl-ca(1)>,
L<openssl-genrsa(1)>,
L<openssl-gendsa(1)>,
L<config(5)>,
L<x509v3_config(5)>
=head1 HISTORY
The B<-section> option was added in OpenSSL 3.0.0.
The B<-multivalue-rdn> option has become obsolete in OpenSSL 3.0.0 and
has no effect.
The B<-engine> option was deprecated in OpenSSL 3.0.
The <-nodes> option was deprecated in OpenSSL 3.0, too; use B<-noenc> instead.
The B<-reqexts> option has been made an alias of B<-extensions> in OpenSSL 3.2.
Since OpenSSL 3.2,
generated certificates bear X.509 version 3 unless B<-x509v1> is given,
and key identifier extensions are included by default.
Since OpenSSL 3.3, the B<-verify> option will exit with 1 on failure.
=head1 COPYRIGHT
Copyright 2000-2025 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
in the file LICENSE in the source distribution or at
L<https://www.openssl.org/source/license.html>.
=cut

230
openssl-3.4.2/doc/man1/openssl-rsa.pod Normal file
View File

@@ -0,0 +1,230 @@
=pod
=begin comment
WARNING: do not edit!
Generated by Makefile from doc/man1/openssl-rsa.pod.in
=end comment
=head1 NAME
openssl-rsa - RSA key processing command
=head1 SYNOPSIS
B<openssl> B<rsa>
[B<-help>]
[B<-inform> B<DER>|B<PEM>|B<P12>|B<ENGINE>]
[B<-outform> B<DER>|B<PEM>]
[B<-in> I<filename>|I<uri>]
[B<-passin> I<arg>]
[B<-out> I<filename>]
[B<-passout> I<arg>]
[B<-aes128>]
[B<-aes192>]
[B<-aes256>]
[B<-aria128>]
[B<-aria192>]
[B<-aria256>]
[B<-camellia128>]
[B<-camellia192>]
[B<-camellia256>]
[B<-des>]
[B<-des3>]
[B<-idea>]
[B<-text>]
[B<-noout>]
[B<-modulus>]
[B<-traditional>]
[B<-check>]
[B<-pubin>]
[B<-pubout>]
[B<-RSAPublicKey_in>]
[B<-RSAPublicKey_out>]
[B<-pvk-strong>]
[B<-pvk-weak>]
[B<-pvk-none>]
[B<-engine> I<id>]
[B<-provider> I<name>]
[B<-provider-path> I<path>]
[B<-propquery> I<propq>]
=head1 DESCRIPTION
This command processes RSA keys. They can be converted between
various forms and their components printed out.
=head1 OPTIONS
=over 4
=item B<-help>
Print out a usage message.
=item B<-inform> B<DER>|B<PEM>|B<P12>|B<ENGINE>
The key input format; unspecified by default.
See L<openssl-format-options(1)> for details.
=item B<-outform> B<DER>|B<PEM>
The key output format; the default is B<PEM>.
See L<openssl-format-options(1)> for details.
=item B<-traditional>
When writing a private key, use the traditional PKCS#1 format
instead of the PKCS#8 format.
=item B<-in> I<filename>|I<uri>
This specifies the input to read a key from or standard input if this
option is not specified. If the key is encrypted a pass phrase will be
prompted for.
=item B<-passin> I<arg>, B<-passout> I<arg>
The password source for the input and output file.
For more information about the format of B<arg>
see L<openssl-passphrase-options(1)>.
=item B<-out> I<filename>
This specifies the output filename to write a key to or standard output if this
option is not specified. If any encryption options are set then a pass phrase
will be prompted for. The output filename should B<not> be the same as the input
filename.
=item B<-aes128>, B<-aes192>, B<-aes256>, B<-aria128>, B<-aria192>, B<-aria256>, B<-camellia128>, B<-camellia192>, B<-camellia256>, B<-des>, B<-des3>, B<-idea>
These options encrypt the private key with the specified
cipher before outputting it. A pass phrase is prompted for.
If none of these options is specified the key is written in plain text. This
means that this command can be used to remove the pass phrase from a key
by not giving any encryption option is given, or to add or change the pass
phrase by setting them.
These options can only be used with PEM format output files.
=item B<-text>
Prints out the various public or private key components in
plain text in addition to the encoded version.
=item B<-noout>
This option prevents output of the encoded version of the key.
=item B<-modulus>
This option prints out the value of the modulus of the key.
=item B<-check>
This option checks the consistency of an RSA private key.
=item B<-pubin>
By default a private key is read from the input.
With this option a public key is read instead.
If the input contains no public key but a private key, its public part is used.
=item B<-pubout>
By default a private key is output: with this option a public
key will be output instead. This option is automatically set if
the input is a public key.
=item B<-RSAPublicKey_in>, B<-RSAPublicKey_out>
Like B<-pubin> and B<-pubout> except B<RSAPublicKey> format is used instead.
=item B<-pvk-strong>
Enable 'Strong' PVK encoding level (default).
=item B<-pvk-weak>
Enable 'Weak' PVK encoding level.
=item B<-pvk-none>
Don't enforce PVK encoding.
=item B<-engine> I<id>
See L<openssl(1)/Engine Options>.
This option is deprecated.
=item B<-provider> I<name>
=item B<-provider-path> I<path>
=item B<-propquery> I<propq>
See L<openssl(1)/Provider Options>, L<provider(7)>, and L<property(7)>.
=back
=head1 NOTES
The L<openssl-pkey(1)> command is capable of performing all the operations
this command can, as well as supporting other public key types.
=head1 EXAMPLES
The documentation for the L<openssl-pkey(1)> command contains examples
equivalent to the ones listed here.
To remove the pass phrase on an RSA private key:
openssl rsa -in key.pem -out keyout.pem
To encrypt a private key using triple DES:
openssl rsa -in key.pem -des3 -out keyout.pem
To convert a private key from PEM to DER format:
openssl rsa -in key.pem -outform DER -out keyout.der
To print out the components of a private key to standard output:
openssl rsa -in key.pem -text -noout
To just output the public part of a private key:
openssl rsa -in key.pem -pubout -out pubkey.pem
Output the public part of a private key in B<RSAPublicKey> format:
openssl rsa -in key.pem -RSAPublicKey_out -out pubkey.pem
=head1 BUGS
There should be an option that automatically handles F<.key> files,
without having to manually edit them.
=head1 SEE ALSO
L<openssl(1)>,
L<openssl-pkey(1)>,
L<openssl-pkcs8(1)>,
L<openssl-dsa(1)>,
L<openssl-genrsa(1)>,
L<openssl-gendsa(1)>
=head1 HISTORY
The B<-engine> option was deprecated in OpenSSL 3.0.
=head1 COPYRIGHT
Copyright 2000-2023 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
in the file LICENSE in the source distribution or at
L<https://www.openssl.org/source/license.html>.
=cut

270
openssl-3.4.2/doc/man1/openssl-rsautl.pod Normal file
View File

@@ -0,0 +1,270 @@
=pod
=begin comment
WARNING: do not edit!
Generated by Makefile from doc/man1/openssl-rsautl.pod.in
=end comment
=head1 NAME
openssl-rsautl - RSA command
=head1 SYNOPSIS
B<openssl> B<rsautl>
[B<-help>]
[B<-in> I<file>]
[B<-passin> I<arg>]
[B<-rev>]
[B<-out> I<file>]
[B<-inkey> I<filename>|I<uri>]
[B<-keyform> B<DER>|B<PEM>|B<P12>|B<ENGINE>]
[B<-pubin>]
[B<-certin>]
[B<-sign>]
[B<-verify>]
[B<-encrypt>]
[B<-decrypt>]
[B<-pkcs>]
[B<-x931>]
[B<-oaep>]
[B<-raw>]
[B<-hexdump>]
[B<-asn1parse>]
[B<-engine> I<id>]
[B<-rand> I<files>]
[B<-writerand> I<file>]
[B<-provider> I<name>]
[B<-provider-path> I<path>]
[B<-propquery> I<propq>]
=head1 DESCRIPTION
This command has been deprecated.
The L<openssl-pkeyutl(1)> command should be used instead.
This command can be used to sign, verify, encrypt and decrypt
data using the RSA algorithm.
=head1 OPTIONS
=over 4
=item B<-help>
Print out a usage message.
=item B<-in> I<filename>
This specifies the input filename to read data from or standard input
if this option is not specified.
=item B<-passin> I<arg>
The passphrase used in the output file.
See see L<openssl-passphrase-options(1)>.
=item B<-rev>
Reverse the order of the input.
=item B<-out> I<filename>
Specifies the output filename to write to or standard output by
default.
=item B<-inkey> I<filename>|I<uri>
The input key, by default it should be an RSA private key.
=item B<-keyform> B<DER>|B<PEM>|B<P12>|B<ENGINE>
The key format; unspecified by default.
See L<openssl-format-options(1)> for details.
=item B<-pubin>
By default a private key is read from the key input.
With this option a public key is read instead.
If the input contains no public key but a private key, its public part is used.
=item B<-certin>
The input is a certificate containing an RSA public key.
=item B<-sign>
Sign the input data and output the signed result. This requires
an RSA private key.
=item B<-verify>
Verify the input data and output the recovered data.
=item B<-encrypt>
Encrypt the input data using an RSA public key.
=item B<-decrypt>
Decrypt the input data using an RSA private key.
=item B<-pkcs>, B<-oaep>, B<-x931>, B<-raw>
The padding to use: PKCS#1 v1.5 (the default), PKCS#1 OAEP,
ANSI X9.31, or no padding, respectively.
For signatures, only B<-pkcs> and B<-raw> can be used.
Note: because of protection against Bleichenbacher attacks, decryption
using PKCS#1 v1.5 mode will not return errors in case padding check failed.
Use B<-raw> and inspect the returned value manually to check if the
padding is correct.
=item B<-hexdump>
Hex dump the output data.
=item B<-asn1parse>
Parse the ASN.1 output data, this is useful when combined with the
B<-verify> option.
=item B<-engine> I<id>
See L<openssl(1)/Engine Options>.
This option is deprecated.
=item B<-rand> I<files>, B<-writerand> I<file>
See L<openssl(1)/Random State Options> for details.
=item B<-provider> I<name>
=item B<-provider-path> I<path>
=item B<-propquery> I<propq>
See L<openssl(1)/Provider Options>, L<provider(7)>, and L<property(7)>.
=back
=head1 NOTES
Since this command uses the RSA algorithm directly, it can only be
used to sign or verify small pieces of data.
=head1 EXAMPLES
Examples equivalent to these can be found in the documentation for the
non-deprecated L<openssl-pkeyutl(1)> command.
Sign some data using a private key:
openssl rsautl -sign -in file -inkey key.pem -out sig
Recover the signed data
openssl rsautl -verify -in sig -inkey key.pem
Examine the raw signed data:
openssl rsautl -verify -in sig -inkey key.pem -raw -hexdump
0000 - 00 01 ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................
0010 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................
0020 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................
0030 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................
0040 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................
0050 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................
0060 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................
0070 - ff ff ff ff 00 68 65 6c-6c 6f 20 77 6f 72 6c 64 .....hello world
The PKCS#1 block formatting is evident from this. If this was done using
encrypt and decrypt the block would have been of type 2 (the second byte)
and random padding data visible instead of the 0xff bytes.
It is possible to analyse the signature of certificates using this
command in conjunction with L<openssl-asn1parse(1)>. Consider the self signed
example in F<certs/pca-cert.pem>. Running L<openssl-asn1parse(1)> as follows
yields:
openssl asn1parse -in pca-cert.pem
0:d=0 hl=4 l= 742 cons: SEQUENCE
4:d=1 hl=4 l= 591 cons: SEQUENCE
8:d=2 hl=2 l= 3 cons: cont [ 0 ]
10:d=3 hl=2 l= 1 prim: INTEGER :02
13:d=2 hl=2 l= 1 prim: INTEGER :00
16:d=2 hl=2 l= 13 cons: SEQUENCE
18:d=3 hl=2 l= 9 prim: OBJECT :md5WithRSAEncryption
29:d=3 hl=2 l= 0 prim: NULL
31:d=2 hl=2 l= 92 cons: SEQUENCE
33:d=3 hl=2 l= 11 cons: SET
35:d=4 hl=2 l= 9 cons: SEQUENCE
37:d=5 hl=2 l= 3 prim: OBJECT :countryName
42:d=5 hl=2 l= 2 prim: PRINTABLESTRING :AU
....
599:d=1 hl=2 l= 13 cons: SEQUENCE
601:d=2 hl=2 l= 9 prim: OBJECT :md5WithRSAEncryption
612:d=2 hl=2 l= 0 prim: NULL
614:d=1 hl=3 l= 129 prim: BIT STRING
The final BIT STRING contains the actual signature. It can be extracted with:
openssl asn1parse -in pca-cert.pem -out sig -noout -strparse 614
The certificate public key can be extracted with:
openssl x509 -in test/testx509.pem -pubkey -noout >pubkey.pem
The signature can be analysed with:
openssl rsautl -in sig -verify -asn1parse -inkey pubkey.pem -pubin
0:d=0 hl=2 l= 32 cons: SEQUENCE
2:d=1 hl=2 l= 12 cons: SEQUENCE
4:d=2 hl=2 l= 8 prim: OBJECT :md5
14:d=2 hl=2 l= 0 prim: NULL
16:d=1 hl=2 l= 16 prim: OCTET STRING
0000 - f3 46 9e aa 1a 4a 73 c9-37 ea 93 00 48 25 08 b5 .F...Js.7...H%..
This is the parsed version of an ASN1 DigestInfo structure. It can be seen that
the digest used was md5. The actual part of the certificate that was signed can
be extracted with:
openssl asn1parse -in pca-cert.pem -out tbs -noout -strparse 4
and its digest computed with:
openssl md5 -c tbs
MD5(tbs)= f3:46:9e:aa:1a:4a:73:c9:37:ea:93:00:48:25:08:b5
which it can be seen agrees with the recovered value above.
=head1 SEE ALSO
L<openssl(1)>,
L<openssl-pkeyutl(1)>,
L<openssl-dgst(1)>,
L<openssl-rsa(1)>,
L<openssl-genrsa(1)>
=head1 HISTORY
This command was deprecated in OpenSSL 3.0.
The B<-engine> option was deprecated in OpenSSL 3.0.
=head1 COPYRIGHT
Copyright 2000-2023 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
in the file LICENSE in the source distribution or at
L<https://www.openssl.org/source/license.html>.
=cut

1256
openssl-3.4.2/doc/man1/openssl-s_client.pod Normal file
View File

File diff suppressed because it is too large Load Diff

1171
openssl-3.4.2/doc/man1/openssl-s_server.pod Normal file
View File

File diff suppressed because it is too large Load Diff

224
openssl-3.4.2/doc/man1/openssl-s_time.pod Normal file
View File

@@ -0,0 +1,224 @@
=pod
=begin comment
WARNING: do not edit!
Generated by Makefile from doc/man1/openssl-s_time.pod.in
=end comment
=head1 NAME
openssl-s_time - SSL/TLS performance timing program
=head1 SYNOPSIS
B<openssl> B<s_time>
[B<-help>]
[B<-connect> I<host>:I<port>]
[B<-www> I<page>]
[B<-cert> I<filename>]
[B<-key> I<filename>]
[B<-reuse>]
[B<-new>]
[B<-verify> I<depth>]
[B<-time> I<seconds>]
[B<-ssl3>]
[B<-tls1>]
[B<-tls1_1>]
[B<-tls1_2>]
[B<-tls1_3>]
[B<-bugs>]
[B<-cipher> I<cipherlist>]
[B<-ciphersuites> I<val>]
[B<-nameopt> I<option>]
[B<-cafile> I<file>]
[B<-CAfile> I<file>]
[B<-no-CAfile>]
[B<-CApath> I<dir>]
[B<-no-CApath>]
[B<-CAstore> I<uri>]
[B<-no-CAstore>]
[B<-provider> I<name>]
[B<-provider-path> I<path>]
[B<-propquery> I<propq>]
=head1 DESCRIPTION
This command implements a generic SSL/TLS client which
connects to a remote host using SSL/TLS. It can request a page from the server
and includes the time to transfer the payload data in its timing measurements.
It measures the number of connections within a given timeframe, the amount of
data transferred (if any), and calculates the average time spent for one
connection.
=head1 OPTIONS
=over 4
=item B<-help>
Print out a usage message.
=item B<-connect> I<host>:I<port>
This specifies the host and optional port to connect to.
If the host string is an IPv6 address, it must be enclosed in C<[> and C<]>.
=item B<-www> I<page>
This specifies the page to GET from the server. A value of '/' gets the
F<index.html> page. If this parameter is not specified, then this command
will only perform the handshake to establish SSL connections but not transfer
any payload data.
=item B<-cert> I<certname>
The certificate to use, if one is requested by the server. The default is
not to use a certificate. The file is in PEM format.
=item B<-key> I<keyfile>
The private key to use. If not specified then the certificate file will
be used. The file is in PEM format.
=item B<-verify> I<depth>
The verify depth to use. This specifies the maximum length of the
server certificate chain and turns on server certificate verification.
Currently the verify operation continues after errors so all the problems
with a certificate chain can be seen. As a side effect the connection
will never fail due to a server certificate verify failure.
=item B<-new>
Performs the timing test using a new session ID for each connection.
If neither B<-new> nor B<-reuse> are specified, they are both on by default
and executed in sequence.
=item B<-reuse>
Performs the timing test using the same session ID; this can be used as a test
that session caching is working. If neither B<-new> nor B<-reuse> are
specified, they are both on by default and executed in sequence.
=item B<-bugs>
There are several known bugs in SSL and TLS implementations. Adding this
option enables various workarounds.
=item B<-cipher> I<cipherlist>
This allows the TLSv1.2 and below cipher list sent by the client to be modified.
This list will be combined with any TLSv1.3 ciphersuites that have been
configured. Although the server determines which cipher suite is used it should
take the first supported cipher in the list sent by the client. See
L<openssl-ciphers(1)> for more information.
=item B<-ciphersuites> I<val>
This allows the TLSv1.3 ciphersuites sent by the client to be modified. This
list will be combined with any TLSv1.2 and below ciphersuites that have been
configured. Although the server determines which cipher suite is used it should
take the first supported cipher in the list sent by the client. See
L<openssl-ciphers(1)> for more information. The format for this list is a
simple colon (":") separated list of TLSv1.3 ciphersuite names.
=item B<-time> I<length>
Specifies how long (in seconds) this command should establish connections
and optionally transfer payload data from a server. Server and client
performance and the link speed determine how many connections it
can establish.
=item B<-nameopt> I<option>
This specifies how the subject or issuer names are displayed.
See L<openssl-namedisplay-options(1)> for details.
=item B<-CAfile> I<file>, B<-no-CAfile>, B<-CApath> I<dir>, B<-no-CApath>,
B<-CAstore> I<uri>, B<-no-CAstore>
See L<openssl-verification-options(1)/Trusted Certificate Options> for details.
=item B<-provider> I<name>
=item B<-provider-path> I<path>
=item B<-propquery> I<propq>
See L<openssl(1)/Provider Options>, L<provider(7)>, and L<property(7)>.
=item B<-cafile> I<file>
This is an obsolete synonym for B<-CAfile>.
=item B<-ssl3>, B<-tls1>, B<-tls1_1>, B<-tls1_2>, B<-tls1_3>
See L<openssl(1)/TLS Version Options>.
=back
=head1 NOTES
This command can be used to measure the performance of an SSL connection.
To connect to an SSL HTTP server and get the default page the command
openssl s_time -connect servername:443 -www / -CApath yourdir -CAfile yourfile.pem -cipher commoncipher [-ssl3]
would typically be used (https uses port 443). I<commoncipher> is a cipher to
which both client and server can agree, see the L<openssl-ciphers(1)> command
for details.
If the handshake fails then there are several possible causes, if it is
nothing obvious like no client certificate then the B<-bugs> and
B<-ssl3> options can be tried
in case it is a buggy server. In particular you should play with these
options B<before> submitting a bug report to an OpenSSL mailing list.
A frequent problem when attempting to get client certificates working
is that a web client complains it has no certificates or gives an empty
list to choose from. This is normally because the server is not sending
the clients certificate authority in its "acceptable CA list" when it
requests a certificate. By using L<openssl-s_client(1)> the CA list can be
viewed and checked. However, some servers only request client authentication
after a specific URL is requested. To obtain the list in this case it
is necessary to use the B<-prexit> option of L<openssl-s_client(1)> and
send an HTTP request for an appropriate page.
If a certificate is specified on the command line using the B<-cert>
option it will not be used unless the server specifically requests
a client certificate. Therefore, merely including a client certificate
on the command line is no guarantee that the certificate works.
=head1 BUGS
Because this program does not have all the options of the
L<openssl-s_client(1)> program to turn protocols on and off, you may not
be able to measure the performance of all protocols with all servers.
The B<-verify> option should really exit if the server verification
fails.
=head1 HISTORY
The B<-cafile> option was deprecated in OpenSSL 3.0.
=head1 SEE ALSO
L<openssl(1)>,
L<openssl-s_client(1)>,
L<openssl-s_server(1)>,
L<openssl-ciphers(1)>,
L<ossl_store-file(7)>
=head1 COPYRIGHT
Copyright 2004-2024 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
in the file LICENSE in the source distribution or at
L<https://www.openssl.org/source/license.html>.
=cut

168
openssl-3.4.2/doc/man1/openssl-sess_id.pod Normal file
View File

@@ -0,0 +1,168 @@
=pod
=begin comment
WARNING: do not edit!
Generated by Makefile from doc/man1/openssl-sess_id.pod.in
=end comment
=head1 NAME
openssl-sess_id - SSL/TLS session handling command
=head1 SYNOPSIS
B<openssl> B<sess_id>
[B<-help>]
[B<-inform> B<DER>|B<PEM>]
[B<-outform> B<DER>|B<PEM>|B<NSS>]
[B<-in> I<filename>]
[B<-out> I<filename>]
[B<-text>]
[B<-cert>]
[B<-noout>]
[B<-context> I<ID>]
=head1 DESCRIPTION
This command processes the encoded version of the SSL session
structure and optionally prints out SSL session details (for example
the SSL session master key) in human readable format. Since this is a
diagnostic tool that needs some knowledge of the SSL protocol to use
properly, most users will not need to use it.
The precise format of the data can vary across OpenSSL versions and
is not documented.
=head1 OPTIONS
=over 4
=item B<-help>
Print out a usage message.
=item B<-inform> B<DER>|B<PEM>, B<-outform> B<DER>|B<PEM>|B<NSS>
The input and output formats; the default is PEM.
See L<openssl-format-options(1)> for details.
For B<NSS> output, the session ID and master key are reported in NSS "keylog"
format.
=item B<-in> I<filename>
This specifies the input filename to read session information from or standard
input by default.
=item B<-out> I<filename>
This specifies the output filename to write session information to or standard
output if this option is not specified.
=item B<-text>
Prints out the various public or private key components in
plain text in addition to the encoded version.
=item B<-cert>
If a certificate is present in the session it will be output using this option,
if the B<-text> option is also present then it will be printed out in text form.
=item B<-noout>
This option prevents output of the encoded version of the session.
=item B<-context> I<ID>
This option can set the session id so the output session information uses the
supplied ID. The ID can be any string of characters. This option won't normally
be used.
=back
=head1 OUTPUT
Typical output:
SSL-Session:
Protocol : TLSv1
Cipher : 0016
Session-ID: 871E62626C554CE95488823752CBD5F3673A3EF3DCE9C67BD916C809914B40ED
Session-ID-ctx: 01000000
Master-Key: A7CEFC571974BE02CAC305269DC59F76EA9F0B180CB6642697A68251F2D2BB57E51DBBB4C7885573192AE9AEE220FACD
Key-Arg : None
Start Time: 948459261
Timeout : 300 (sec)
Verify return code 0 (ok)
These are described below in more detail.
=over 4
=item B<Protocol>
This is the protocol in use TLSv1.3, TLSv1.2, TLSv1.1, TLSv1 or SSLv3.
=item B<Cipher>
The cipher used this is the actual raw SSL or TLS cipher code, see the SSL
or TLS specifications for more information.
=item B<Session-ID>
The SSL session ID in hex format.
=item B<Session-ID-ctx>
The session ID context in hex format.
=item B<Master-Key>
This is the SSL session master key.
=item B<Start Time>
This is the session start time represented as an integer in standard
Unix format.
=item B<Timeout>
The timeout in seconds.
=item B<Verify return code>
This is the return code when an SSL client certificate is verified.
=back
=head1 NOTES
Since the SSL session output contains the master key it is
possible to read the contents of an encrypted session using this
information. Therefore, appropriate security precautions should be taken if
the information is being output by a "real" application. This is however
strongly discouraged and should only be used for debugging purposes.
=head1 BUGS
The cipher and start time should be printed out in human readable form.
=head1 SEE ALSO
L<openssl(1)>,
L<openssl-ciphers(1)>,
L<openssl-s_server(1)>
=head1 COPYRIGHT
Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
in the file LICENSE in the source distribution or at
L<https://www.openssl.org/source/license.html>.
=cut

557
openssl-3.4.2/doc/man1/openssl-smime.pod Normal file
View File

@@ -0,0 +1,557 @@
=pod
=begin comment
WARNING: do not edit!
Generated by Makefile from doc/man1/openssl-smime.pod.in
=end comment
=head1 NAME
openssl-smime - S/MIME command
=head1 SYNOPSIS
B<openssl> B<smime>
[B<-help>]
[B<-encrypt>]
[B<-decrypt>]
[B<-sign>]
[B<-resign>]
[B<-verify>]
[B<-pk7out>]
[B<-binary>]
[B<-crlfeol>]
[B<-I<cipher>>]
[B<-in> I<file>]
[B<-certfile> I<file>]
[B<-signer> I<file>]
[B<-nointern>]
[B<-noverify>]
[B<-nochain>]
[B<-nosigs>]
[B<-nocerts>]
[B<-noattr>]
[B<-nodetach>]
[B<-nosmimecap>]
[B<-recip> I< file>]
[B<-inform> B<DER>|B<PEM>|B<SMIME>]
[B<-outform> B<DER>|B<PEM>|B<SMIME>]
[B<-keyform> B<DER>|B<PEM>|B<P12>|B<ENGINE>]
[B<-passin> I<arg>]
[B<-inkey> I<filename>|I<uri>]
[B<-out> I<file>]
[B<-content> I<file>]
[B<-to> I<addr>]
[B<-from> I<ad>]
[B<-subject> I<s>]
[B<-text>]
[B<-indef>]
[B<-noindef>]
[B<-stream>]
[B<-md> I<digest>]
[B<-CAfile> I<file>]
[B<-no-CAfile>]
[B<-CApath> I<dir>]
[B<-no-CApath>]
[B<-CAstore> I<uri>]
[B<-no-CAstore>]
[B<-engine> I<id>]
[B<-rand> I<files>]
[B<-writerand> I<file>]
[B<-allow_proxy_certs>]
[B<-attime> I<timestamp>]
[B<-no_check_time>]
[B<-check_ss_sig>]
[B<-crl_check>]
[B<-crl_check_all>]
[B<-explicit_policy>]
[B<-extended_crl>]
[B<-ignore_critical>]
[B<-inhibit_any>]
[B<-inhibit_map>]
[B<-partial_chain>]
[B<-policy> I<arg>]
[B<-policy_check>]
[B<-policy_print>]
[B<-purpose> I<purpose>]
[B<-suiteB_128>]
[B<-suiteB_128_only>]
[B<-suiteB_192>]
[B<-trusted_first>]
[B<-no_alt_chains>]
[B<-use_deltas>]
[B<-auth_level> I<num>]
[B<-verify_depth> I<num>]
[B<-verify_email> I<email>]
[B<-verify_hostname> I<hostname>]
[B<-verify_ip> I<ip>]
[B<-verify_name> I<name>]
[B<-x509_strict>]
[B<-issuer_checks>]
[B<-provider> I<name>]
[B<-provider-path> I<path>]
[B<-propquery> I<propq>]
[B<-config> I<configfile>]
I<recipcert> ...
=head1 DESCRIPTION
This command handles S/MIME mail. It can encrypt, decrypt, sign
and verify S/MIME messages.
=head1 OPTIONS
There are six operation options that set the type of operation to be performed:
B<-encrypt>, B<-decrypt>, B<-sign>, B<-resign>, B<-verify>, and B<-pk7out>.
These are mutually exclusive.
The meaning of the other options varies according to the operation type.
=over 4
=item B<-help>
Print out a usage message.
=item B<-encrypt>
Encrypt mail for the given recipient certificates. Input file is the message
to be encrypted. The output file is the encrypted mail in MIME format.
Note that no revocation check is done for the recipient cert, so if that
key has been compromised, others may be able to decrypt the text.
=item B<-decrypt>
Decrypt mail using the supplied certificate and private key. Expects an
encrypted mail message in MIME format for the input file. The decrypted mail
is written to the output file.
=item B<-sign>
Sign mail using the supplied certificate and private key. Input file is
the message to be signed. The signed message in MIME format is written
to the output file.
=item B<-resign>
Resign a message: take an existing message and one or more new signers.
=item B<-verify>
Verify signed mail. Expects a signed mail message on input and outputs
the signed data. Both clear text and opaque signing is supported.
=item B<-pk7out>
Takes an input message and writes out a PEM encoded PKCS#7 structure.
=item B<-in> I<filename>
The input message to be encrypted or signed or the MIME message to
be decrypted or verified.
=item B<-out> I<filename>
The message text that has been decrypted or verified or the output MIME
format message that has been signed or verified.
=item B<-inform> B<DER>|B<PEM>|B<SMIME>
The input format of the PKCS#7 (S/MIME) structure (if one is being read);
the default is B<SMIME>.
See L<openssl-format-options(1)> for details.
=item B<-outform> B<DER>|B<PEM>|B<SMIME>
The output format of the PKCS#7 (S/MIME) structure (if one is being written);
the default is B<SMIME>.
See L<openssl-format-options(1)> for details.
=item B<-keyform> B<DER>|B<PEM>|B<P12>|B<ENGINE>
The key format; unspecified by default.
See L<openssl-format-options(1)> for details.
=item B<-stream>, B<-indef>, B<-noindef>
The B<-stream> and B<-indef> options are equivalent and enable streaming I/O
for encoding operations. This permits single pass processing of data without
the need to hold the entire contents in memory, potentially supporting very
large files. Streaming is automatically set for S/MIME signing with detached
data if the output format is B<SMIME> it is currently off by default for all
other operations.
=item B<-noindef>
Disable streaming I/O where it would produce and indefinite length constructed
encoding. This option currently has no effect. In future streaming will be
enabled by default on all relevant operations and this option will disable it.
=item B<-content> I<filename>
This specifies a file containing the detached content, this is only
useful with the B<-verify> command. This is only usable if the PKCS#7
structure is using the detached signature form where the content is
not included. This option will override any content if the input format
is S/MIME and it uses the multipart/signed MIME content type.
=item B<-text>
This option adds plain text (text/plain) MIME headers to the supplied
message if encrypting or signing. If decrypting or verifying it strips
off text headers: if the decrypted or verified message is not of MIME
type text/plain then an error occurs.
=item B<-md> I<digest>
Digest algorithm to use when signing or resigning. If not present then the
default digest algorithm for the signing key will be used (usually SHA1).
=item B<-I<cipher>>
The encryption algorithm to use. For example DES (56 bits) - B<-des>,
triple DES (168 bits) - B<-des3>,
EVP_get_cipherbyname() function) can also be used preceded by a dash, for
example B<-aes-128-cbc>. See L<openssl-enc(1)> for list of ciphers
supported by your version of OpenSSL.
If not specified triple DES is used. Only used with B<-encrypt>.
=item B<-nointern>
When verifying a message normally certificates (if any) included in
the message are searched for the signing certificate. With this option
only the certificates specified in the B<-certfile> option are used.
The supplied certificates can still be used as untrusted CAs however.
=item B<-noverify>
Do not verify the signers certificate of a signed message.
=item B<-nochain>
Do not do chain verification of signers certificates; that is, do not
use the certificates in the signed message as untrusted CAs.
=item B<-nosigs>
Don't try to verify the signatures on the message.
=item B<-nocerts>
When signing a message, the signer's certificate is normally included.
With this option it is excluded. This will reduce the size of the
signed message, but the verifier must have a copy of the signers certificate
available locally (passed using the B<-certfile> option for example).
=item B<-noattr>
Normally, when a message is signed, a set of attributes are included which
include the signing time and supported symmetric algorithms. With this
option they are not included.
=item B<-nodetach>
When signing a message use opaque signing. This form is more resistant
to translation by mail relays but it cannot be read by mail agents that
do not support S/MIME. Without this option cleartext signing with
the MIME type multipart/signed is used.
=item B<-nosmimecap>
When signing a message, do not include the B<SMIMECapabilities> attribute.
=item B<-binary>
Normally the input message is converted to "canonical" format which is
effectively using CR and LF as end of line: as required by the S/MIME
specification. When this option is present no translation occurs. This
is useful when handling binary data which may not be in MIME format.
=item B<-crlfeol>
Normally the output file uses a single B<LF> as end of line. When this
option is present B<CRLF> is used instead.
=item B<-certfile> I<file>
Allows additional certificates to be specified. When signing these will
be included with the message. When verifying, these will be searched for
signer certificates and will be used for chain building.
The input can be in PEM, DER, or PKCS#12 format.
=item B<-signer> I<file>
A signing certificate when signing or resigning a message, this option can be
used multiple times if more than one signer is required. If a message is being
verified then the signers certificates will be written to this file if the
verification was successful.
=item B<-recip> I<file>
The recipients certificate when decrypting a message. This certificate
must match one of the recipients of the message or an error occurs.
=item B<-inkey> I<filename>|I<uri>
The private key to use when signing or decrypting. This must match the
corresponding certificate. If this option is not specified then the
private key must be included in the certificate file specified with
the B<-recip> or B<-signer> file. When signing this option can be used
multiple times to specify successive keys.
=item B<-passin> I<arg>
The private key password source. For more information about the format of I<arg>
see L<openssl-passphrase-options(1)>.
=item B<-to>, B<-from>, B<-subject>
The relevant mail headers. These are included outside the signed
portion of a message so they may be included manually. If signing
then many S/MIME mail clients check the signers certificate's email
address matches that specified in the From: address.
=item B<-allow_proxy_certs>, B<-attime>, B<-no_check_time>,
B<-check_ss_sig>, B<-crl_check>, B<-crl_check_all>,
B<-explicit_policy>, B<-extended_crl>, B<-ignore_critical>, B<-inhibit_any>,
B<-inhibit_map>, B<-no_alt_chains>, B<-partial_chain>, B<-policy>,
B<-policy_check>, B<-policy_print>, B<-purpose>, B<-suiteB_128>,
B<-suiteB_128_only>, B<-suiteB_192>, B<-trusted_first>, B<-use_deltas>,
B<-auth_level>, B<-verify_depth>, B<-verify_email>, B<-verify_hostname>,
B<-verify_ip>, B<-verify_name>, B<-x509_strict> B<-issuer_checks>
Set various options of certificate chain verification.
See L<openssl-verification-options(1)/Verification Options> for details.
Any verification errors cause the command to exit.
=item B<-CAfile> I<file>, B<-no-CAfile>, B<-CApath> I<dir>, B<-no-CApath>,
B<-CAstore> I<uri>, B<-no-CAstore>
See L<openssl-verification-options(1)/Trusted Certificate Options> for details.
=item B<-engine> I<id>
See L<openssl(1)/Engine Options>.
This option is deprecated.
=item B<-rand> I<files>, B<-writerand> I<file>
See L<openssl(1)/Random State Options> for details.
=item B<-provider> I<name>
=item B<-provider-path> I<path>
=item B<-propquery> I<propq>
See L<openssl(1)/Provider Options>, L<provider(7)>, and L<property(7)>.
=item B<-config> I<configfile>
See L<openssl(1)/Configuration Option>.
=item I<recipcert> ...
One or more certificates of message recipients, used when encrypting
a message.
=back
=head1 NOTES
The MIME message must be sent without any blank lines between the
headers and the output. Some mail programs will automatically add
a blank line. Piping the mail directly to sendmail is one way to
achieve the correct format.
The supplied message to be signed or encrypted must include the
necessary MIME headers or many S/MIME clients won't display it
properly (if at all). You can use the B<-text> option to automatically
add plain text headers.
A "signed and encrypted" message is one where a signed message is
then encrypted. This can be produced by encrypting an already signed
message: see the examples section.
This version of the program only allows one signer per message but it
will verify multiple signers on received messages. Some S/MIME clients
choke if a message contains multiple signers. It is possible to sign
messages "in parallel" by signing an already signed message.
The options B<-encrypt> and B<-decrypt> reflect common usage in S/MIME
clients. Strictly speaking these process PKCS#7 enveloped data: PKCS#7
encrypted data is used for other purposes.
The B<-resign> option uses an existing message digest when adding a new
signer. This means that attributes must be present in at least one existing
signer using the same message digest or this operation will fail.
The B<-stream> and B<-indef> options enable streaming I/O support.
As a result the encoding is BER using indefinite length constructed encoding
and no longer DER. Streaming is supported for the B<-encrypt> operation and the
B<-sign> operation if the content is not detached.
Streaming is always used for the B<-sign> operation with detached data but
since the content is no longer part of the PKCS#7 structure the encoding
remains DER.
=head1 EXIT CODES
=over 4
=item Z<>0
The operation was completely successfully.
=item Z<>1
An error occurred parsing the command options.
=item Z<>2
One of the input files could not be read.
=item Z<>3
An error occurred creating the PKCS#7 file or when reading the MIME
message.
=item Z<>4
An error occurred decrypting or verifying the message.
=item Z<>5
The message was verified correctly but an error occurred writing out
the signers certificates.
=back
=head1 EXAMPLES
Create a cleartext signed message:
openssl smime -sign -in message.txt -text -out mail.msg \
-signer mycert.pem
Create an opaque signed message:
openssl smime -sign -in message.txt -text -out mail.msg -nodetach \
-signer mycert.pem
Create a signed message, include some additional certificates and
read the private key from another file:
openssl smime -sign -in in.txt -text -out mail.msg \
-signer mycert.pem -inkey mykey.pem -certfile mycerts.pem
Create a signed message with two signers:
openssl smime -sign -in message.txt -text -out mail.msg \
-signer mycert.pem -signer othercert.pem
Send a signed message under Unix directly to sendmail, including headers:
openssl smime -sign -in in.txt -text -signer mycert.pem \
-from steve@openssl.org -to someone@somewhere \
-subject "Signed message" | sendmail someone@somewhere
Verify a message and extract the signer's certificate if successful:
openssl smime -verify -in mail.msg -signer user.pem -out signedtext.txt
Send encrypted mail using triple DES:
openssl smime -encrypt -in in.txt -out mail.msg -from steve@openssl.org \
-to someone@somewhere -subject "Encrypted message" \
-des3 user.pem
Sign and encrypt mail:
openssl smime -sign -in ml.txt -signer my.pem -text \
| openssl smime -encrypt -out mail.msg \
-from steve@openssl.org -to someone@somewhere \
-subject "Signed and Encrypted message" -des3 user.pem
Note: the encryption command does not include the B<-text> option because the
message being encrypted already has MIME headers.
Decrypt mail:
openssl smime -decrypt -in mail.msg -recip mycert.pem -inkey key.pem
The output from Netscape form signing is a PKCS#7 structure with the
detached signature format. You can use this program to verify the
signature by line wrapping the base64 encoded structure and surrounding
it with:
-----BEGIN PKCS7-----
-----END PKCS7-----
and using the command:
openssl smime -verify -inform PEM -in signature.pem -content content.txt
Alternatively you can base64 decode the signature and use:
openssl smime -verify -inform DER -in signature.der -content content.txt
Create an encrypted message using 128 bit Camellia:
openssl smime -encrypt -in plain.txt -camellia128 -out mail.msg cert.pem
Add a signer to an existing message:
openssl smime -resign -in mail.msg -signer newsign.pem -out mail2.msg
=head1 BUGS
The MIME parser isn't very clever: it seems to handle most messages that I've
thrown at it but it may choke on others.
The code currently will only write out the signer's certificate to a file: if
the signer has a separate encryption certificate this must be manually
extracted. There should be some heuristic that determines the correct
encryption certificate.
Ideally a database should be maintained of a certificates for each email
address.
The code doesn't currently take note of the permitted symmetric encryption
algorithms as supplied in the SMIMECapabilities signed attribute. This means the
user has to manually include the correct encryption algorithm. It should store
the list of permitted ciphers in a database and only use those.
No revocation checking is done on the signer's certificate.
The current code can only handle S/MIME v2 messages, the more complex S/MIME v3
structures may cause parsing errors.
=head1 SEE ALSO
L<ossl_store-file(7)>
=head1 HISTORY
The use of multiple B<-signer> options and the B<-resign> command were first
added in OpenSSL 1.0.0
The -no_alt_chains option was added in OpenSSL 1.1.0.
The B<-engine> option was deprecated in OpenSSL 3.0.
=head1 COPYRIGHT
Copyright 2000-2024 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
in the file LICENSE in the source distribution or at
L<https://www.openssl.org/source/license.html>.
=cut

200
openssl-3.4.2/doc/man1/openssl-speed.pod Normal file
View File

@@ -0,0 +1,200 @@
=pod
=begin comment
WARNING: do not edit!
Generated by Makefile from doc/man1/openssl-speed.pod.in
=end comment
=head1 NAME
openssl-speed - test library performance
=head1 SYNOPSIS
B<openssl speed>
[B<-help>]
[B<-config> I<filename>]
[B<-elapsed>]
[B<-evp> I<algo>]
[B<-hmac> I<algo>]
[B<-cmac> I<algo>]
[B<-mb>]
[B<-aead>]
[B<-kem-algorithms>]
[B<-signature-algorithms>]
[B<-multi> I<num>]
[B<-async_jobs> I<num>]
[B<-misalign> I<num>]
[B<-decrypt>]
[B<-primes> I<num>]
[B<-seconds> I<num>]
[B<-bytes> I<num>]
[B<-mr>]
[B<-mlock>]
[B<-testmode>]
[B<-rand> I<files>]
[B<-writerand> I<file>]
[B<-engine> I<id>]
[B<-provider> I<name>]
[B<-provider-path> I<path>]
[B<-propquery> I<propq>]
[I<algorithm> ...]
=head1 DESCRIPTION
This command is used to test the performance of cryptographic algorithms.
=head1 OPTIONS
=over 4
=item B<-help>
Print out a usage message.
=item B<-config> I<filename>
Specifies the configuration file to use.
Optional; for a description of the default value,
see L<openssl(1)/COMMAND SUMMARY>.
=item B<-elapsed>
When calculating operations- or bytes-per-second, use wall-clock time
instead of CPU user time as divisor. It can be useful when testing speed
of hardware engines.
=item B<-evp> I<algo>
Use the specified cipher or message digest algorithm via the EVP interface.
If I<algo> is an AEAD cipher, then you can pass B<-aead> to benchmark a
TLS-like sequence. And if I<algo> is a multi-buffer capable cipher, e.g.
aes-128-cbc-hmac-sha1, then B<-mb> will time multi-buffer operation.
To see the algorithms supported with this option, use
C<openssl list -digest-algorithms> or C<openssl list -cipher-algorithms>
command.
=item B<-multi> I<num>
Run multiple operations in parallel.
=item B<-async_jobs> I<num>
Enable async mode and start specified number of jobs.
=item B<-misalign> I<num>
Misalign the buffers by the specified number of bytes.
=item B<-hmac> I<digest>
Time the HMAC algorithm using the specified message digest.
=item B<-cmac> I<cipher>
Time the CMAC algorithm using the specified cipher e.g.
C<openssl speed -cmac aes128>.
=item B<-decrypt>
Time the decryption instead of encryption. Affects only the EVP testing.
=item B<-mb>
Enable multi-block mode on EVP-named cipher.
=item B<-aead>
Benchmark EVP-named AEAD cipher in TLS-like sequence.
=item B<-kem-algorithms>
Benchmark KEM algorithms: key generation, encapsulation, decapsulation.
=item B<-signature-algorithms>
Benchmark signature algorithms: key generation, signature, verification.
=item B<-primes> I<num>
Generate a I<num>-prime RSA key and use it to run the benchmarks. This option
is only effective if RSA algorithm is specified to test.
=item B<-seconds> I<num>
Run benchmarks for I<num> seconds.
=item B<-bytes> I<num>
Run benchmarks on I<num>-byte buffers. Affects ciphers, digests and the CSPRNG.
The limit on the size of the buffer is INT_MAX - 64 bytes, which for a 32-bit
int would be 2147483583 bytes.
=item B<-mr>
Produce the summary in a mechanical, machine-readable, format.
=item B<-mlock>
Lock memory into RAM for more deterministic measurements.
=item B<-testmode>
Runs the speed command in testmode. Runs only 1 iteration of each algorithm test
regardless of any B<-seconds> value. In the event that any operation fails then
the speed command will return with a failure result.
=item B<-rand> I<files>, B<-writerand> I<file>
See L<openssl(1)/Random State Options> for details.
=item B<-engine> I<id>
See L<openssl(1)/Engine Options>.
This option is deprecated.
=item B<-provider> I<name>
=item B<-provider-path> I<path>
=item B<-propquery> I<propq>
See L<openssl(1)/Provider Options>, L<provider(7)>, and L<property(7)>.
=item I<algorithm> ...
If any I<algorithm> is given, then those algorithms are tested, otherwise a
pre-compiled grand selection is tested.
=back
=head1 BUGS
The I<algorithm> can be selected only from a pre-compiled subset of things
that the C<openssl speed> command knows about. To test any additional digest
or cipher algorithm supported by OpenSSL use the C<-evp> option.
There is no way to test the speed of any additional public key algorithms
supported by third party providers with the C<openssl speed> command.
=head1 HISTORY
The B<-engine> option was deprecated in OpenSSL 3.0.
DSA512 was removed in OpenSSL 3.2.
The B<-testmode> option was added in OpenSSL 3.4.
=head1 COPYRIGHT
Copyright 2000-2024 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
in the file LICENSE in the source distribution or at
L<https://www.openssl.org/source/license.html>.
=cut

182
openssl-3.4.2/doc/man1/openssl-spkac.pod Normal file
View File

@@ -0,0 +1,182 @@
=pod
=begin comment
WARNING: do not edit!
Generated by Makefile from doc/man1/openssl-spkac.pod.in
=end comment
=head1 NAME
openssl-spkac - SPKAC printing and generating command
=head1 SYNOPSIS
B<openssl> B<spkac>
[B<-help>]
[B<-in> I<filename>]
[B<-out> I<filename>]
[B<-digest> I<digest>]
[B<-key> I<filename>|I<uri>]
[B<-keyform> B<DER>|B<PEM>|B<P12>|B<ENGINE>]
[B<-passin> I<arg>]
[B<-challenge> I<string>]
[B<-pubkey>]
[B<-spkac> I<spkacname>]
[B<-spksect> I<section>]
[B<-noout>]
[B<-verify>]
[B<-engine> I<id>]
[B<-provider> I<name>]
[B<-provider-path> I<path>]
[B<-propquery> I<propq>]
=head1 DESCRIPTION
This command processes Netscape signed public key and challenge
(SPKAC) files. It can print out their contents, verify the signature and
produce its own SPKACs from a supplied private key.
=head1 OPTIONS
=over 4
=item B<-help>
Print out a usage message.
=item B<-in> I<filename>
This specifies the input filename to read from or standard input if this
option is not specified. Ignored if the B<-key> option is used.
=item B<-out> I<filename>
Specifies the output filename to write to or standard output by
default.
=item B<-digest> I<digest>
Use the specified I<digest> to sign a created SPKAC file.
The default digest algorithm is MD5.
=item B<-key> I<filename>|I<uri>
Create an SPKAC file using the private key specified by I<filename> or I<uri>.
The B<-in>, B<-noout>, B<-spksect> and B<-verify> options are ignored if
present.
=item B<-keyform> B<DER>|B<PEM>|B<P12>|B<ENGINE>
The key format; unspecified by default.
See L<openssl-format-options(1)> for details.
=item B<-passin> I<arg>
The input file password source. For more information about the format of I<arg>
see L<openssl-passphrase-options(1)>.
=item B<-challenge> I<string>
Specifies the challenge string if an SPKAC is being created.
=item B<-spkac> I<spkacname>
Allows an alternative name form the variable containing the
SPKAC. The default is "SPKAC". This option affects both
generated and input SPKAC files.
=item B<-spksect> I<section>
Allows an alternative name form the section containing the
SPKAC. The default is the default section.
=item B<-noout>
Don't output the text version of the SPKAC (not used if an
SPKAC is being created).
=item B<-pubkey>
Output the public key of an SPKAC (not used if an SPKAC is
being created).
=item B<-verify>
Verifies the digital signature on the supplied SPKAC.
=item B<-engine> I<id>
See L<openssl(1)/Engine Options>.
This option is deprecated.
=item B<-provider> I<name>
=item B<-provider-path> I<path>
=item B<-propquery> I<propq>
See L<openssl(1)/Provider Options>, L<provider(7)>, and L<property(7)>.
=back
=head1 EXAMPLES
Print out the contents of an SPKAC:
openssl spkac -in spkac.cnf
Verify the signature of an SPKAC:
openssl spkac -in spkac.cnf -noout -verify
Create an SPKAC using the challenge string "hello":
openssl spkac -key key.pem -challenge hello -out spkac.cnf
Example of an SPKAC, (long lines split up for clarity):
SPKAC=MIG5MGUwXDANBgkqhkiG9w0BAQEFAANLADBIAkEA\
1cCoq2Wa3Ixs47uI7FPVwHVIPDx5yso105Y6zpozam135a\
8R0CpoRvkkigIyXfcCjiVi5oWk+6FfPaD03uPFoQIDAQAB\
FgVoZWxsbzANBgkqhkiG9w0BAQQFAANBAFpQtY/FojdwkJ\
h1bEIYuc2EeM2KHTWPEepWYeawvHD0gQ3DngSC75YCWnnD\
dq+NQ3F+X4deMx9AaEglZtULwV4=
=head1 NOTES
A created SPKAC with suitable DN components appended can be fed to
L<openssl-ca(1)>.
SPKACs are typically generated by Netscape when a form is submitted
containing the B<KEYGEN> tag as part of the certificate enrollment
process.
The challenge string permits a primitive form of proof of possession
of private key. By checking the SPKAC signature and a random challenge
string some guarantee is given that the user knows the private key
corresponding to the public key being certified. This is important in
some applications. Without this it is possible for a previous SPKAC
to be used in a "replay attack".
=head1 SEE ALSO
L<openssl(1)>,
L<openssl-ca(1)>
=head1 HISTORY
The B<-engine> option was deprecated in OpenSSL 3.0.
The B<-digest> option was added in OpenSSL 3.0.
=head1 COPYRIGHT
Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
in the file LICENSE in the source distribution or at
L<https://www.openssl.org/source/license.html>.
=cut

142
openssl-3.4.2/doc/man1/openssl-srp.pod Normal file
View File

@@ -0,0 +1,142 @@
=pod
=begin comment
WARNING: do not edit!
Generated by Makefile from doc/man1/openssl-srp.pod.in
=end comment
=head1 NAME
openssl-srp - maintain SRP password file
=head1 SYNOPSIS
B<openssl srp>
[B<-help>]
[B<-verbose>]
[B<-add>]
[B<-modify>]
[B<-delete>]
[B<-list>]
[B<-name> I<section>]
[B<-srpvfile> I<file>]
[B<-gn> I<identifier>]
[B<-userinfo> I<text>]
[B<-passin> I<arg>]
[B<-passout> I<arg>]
[B<-engine> I<id>]
[B<-rand> I<files>]
[B<-writerand> I<file>]
[B<-provider> I<name>]
[B<-provider-path> I<path>]
[B<-propquery> I<propq>]
[B<-config> I<configfile>]
[I<user> ...]
=head1 DESCRIPTION
This command is deprecated. It is used to maintain an SRP (secure remote
password) file. At most one of the B<-add>, B<-modify>, B<-delete>, and B<-list>
options can be specified.
These options take zero or more usernames as parameters and perform the
appropriate operation on the SRP file.
For B<-list>, if no I<user> is given then all users are displayed.
The configuration file to use, and the section within the file, can be
specified with the B<-config> and B<-name> flags, respectively.
=head1 OPTIONS
=over 4
=item B<-help>
Display an option summary.
=item B<-verbose>
Generate verbose output while processing.
=item B<-add>
Add a user and SRP verifier.
=item B<-modify>
Modify the SRP verifier of an existing user.
=item B<-delete>
Delete user from verifier file.
=item B<-list>
List users.
=item B<-name>
The particular SRP definition to use.
=item B<-srpvfile> I<file>
If the config file is not specified,
B<-srpvfile> can be used to specify the file to operate on.
=item B<-gn>
Specifies the B<g> and B<N> values, using one of
the strengths defined in IETF RFC 5054.
=item B<-userinfo>
specifies additional information to add when
adding or modifying a user.
=item B<-passin> I<arg>, B<-passout> I<arg>
The password source for the input and output file.
For more information about the format of B<arg>
see L<openssl-passphrase-options(1)>.
=item B<-engine> I<id>
See L<openssl(1)/Engine Options>.
This option is deprecated.
=item B<-rand> I<files>, B<-writerand> I<file>
See L<openssl(1)/Random State Options> for details.
=item B<-provider> I<name>
=item B<-provider-path> I<path>
=item B<-propquery> I<propq>
See L<openssl(1)/Provider Options>, L<provider(7)>, and L<property(7)>.
=item B<-config> I<configfile>
See L<openssl(1)/Configuration Option>.
[B<-rand> I<files>]
[B<-writerand> I<file>]
=back
=head1 HISTORY
The B<-engine> option was deprecated in OpenSSL 3.0.
=head1 COPYRIGHT
Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
in the file LICENSE in the source distribution or at
L<https://www.openssl.org/source/license.html>.
=cut

162
openssl-3.4.2/doc/man1/openssl-storeutl.pod Normal file
View File

@@ -0,0 +1,162 @@
=pod
=begin comment
WARNING: do not edit!
Generated by Makefile from doc/man1/openssl-storeutl.pod.in
=end comment
=head1 NAME
openssl-storeutl - STORE command
=head1 SYNOPSIS
B<openssl> B<storeutl>
[B<-help>]
[B<-out> I<file>]
[B<-noout>]
[B<-passin> I<arg>]
[B<-text> I<arg>]
[B<-r>]
[B<-certs>]
[B<-keys>]
[B<-crls>]
[B<-subject> I<arg>]
[B<-issuer> I<arg>]
[B<-serial> I<arg>]
[B<-alias> I<arg>]
[B<-fingerprint> I<arg>]
[B<-I<digest>>]
[B<-engine> I<id>]
[B<-provider> I<name>]
[B<-provider-path> I<path>]
[B<-propquery> I<propq>]
I<uri>
=head1 DESCRIPTION
This command can be used to display the contents (after
decryption as the case may be) fetched from the given URI.
=head1 OPTIONS
=over 4
=item B<-help>
Print out a usage message.
=item B<-out> I<filename>
specifies the output filename to write to or standard output by
default.
=item B<-noout>
this option prevents output of the PEM data.
=item B<-passin> I<arg>
the key password source. For more information about the format of I<arg>
see L<openssl-passphrase-options(1)>.
=item B<-text>
Prints out the objects in text form, similarly to the B<-text> output from
L<openssl-x509(1)>, L<openssl-pkey(1)>, etc.
=item B<-r>
Fetch objects recursively when possible.
=item B<-certs>
=item B<-keys>
=item B<-crls>
Only select the certificates, keys or CRLs from the given URI.
However, if this URI would return a set of names (URIs), those are always
returned.
Note that all options must be given before the I<uri> argument.
Note I<-keys> selects exclusively private keys, there is no selector for public
keys only.
=item B<-subject> I<arg>
Search for an object having the subject name I<arg>.
The arg must be formatted as C</type0=value0/type1=value1/type2=...>.
Special characters may be escaped by C<\> (backslash), whitespace is retained.
Empty values are permitted but are ignored for the search. That is,
a search with an empty value will have the same effect as not specifying
the type at all.
Giving a single C</> will lead to an empty sequence of RDNs (a NULL-DN).
Multi-valued RDNs can be formed by placing a C<+> character instead of a C</>
between the AttributeValueAssertions (AVAs) that specify the members of the set.
Example:
C</DC=org/DC=OpenSSL/DC=users/UID=123456+CN=John Doe>
=item B<-issuer> I<arg>
=item B<-serial> I<arg>
Search for an object having the given issuer name and serial number.
These two options I<must> be used together.
The issuer arg must be formatted as C</type0=value0/type1=value1/type2=...>,
characters may be escaped by \ (backslash), no spaces are skipped.
The serial arg may be specified as a decimal value or a hex value if preceded
by C<0x>.
=item B<-alias> I<arg>
Search for an object having the given alias.
=item B<-fingerprint> I<arg>
Search for an object having the given fingerprint.
=item B<-I<digest>>
The digest that was used to compute the fingerprint given with B<-fingerprint>.
=item B<-engine> I<id>
See L<openssl(1)/Engine Options>.
This option is deprecated.
=item B<-provider> I<name>
=item B<-provider-path> I<path>
=item B<-propquery> I<propq>
See L<openssl(1)/Provider Options>, L<provider(7)>, and L<property(7)>.
=back
=head1 SEE ALSO
L<openssl(1)>
=head1 HISTORY
This command was added in OpenSSL 1.1.1.
The B<-engine> option was deprecated in OpenSSL 3.0.
=head1 COPYRIGHT
Copyright 2016-2024 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
in the file LICENSE in the source distribution or at
L<https://www.openssl.org/source/license.html>.
=cut

728
openssl-3.4.2/doc/man1/openssl-ts.pod Normal file
View File

@@ -0,0 +1,728 @@
=pod
=begin comment
WARNING: do not edit!
Generated by Makefile from doc/man1/openssl-ts.pod.in
=end comment
=head1 NAME
openssl-ts - Time Stamping Authority command
=head1 SYNOPSIS
B<openssl> B<ts>
B<-help>
B<openssl> B<ts>
B<-query>
[B<-config> I<configfile>]
[B<-data> I<file_to_hash>]
[B<-digest> I<digest_bytes>]
[B<-I<digest>>]
[B<-tspolicy> I<object_id>]
[B<-no_nonce>]
[B<-cert>]
[B<-in> I<request.tsq>]
[B<-out> I<request.tsq>]
[B<-text>]
[B<-rand> I<files>]
[B<-writerand> I<file>]
[B<-provider> I<name>]
[B<-provider-path> I<path>]
[B<-propquery> I<propq>]
B<openssl> B<ts>
B<-reply>
[B<-config> I<configfile>]
[B<-section> I<tsa_section>]
[B<-queryfile> I<request.tsq>]
[B<-passin> I<password_src>]
[B<-signer> I<tsa_cert.pem>]
[B<-inkey> I<filename>|I<uri>]
[B<-I<digest>>]
[B<-chain> I<certs_file.pem>]
[B<-tspolicy> I<object_id>]
[B<-in> I<response.tsr>]
[B<-token_in>]
[B<-out> I<response.tsr>]
[B<-token_out>]
[B<-text>]
[B<-engine> I<id>]
[B<-provider> I<name>]
[B<-provider-path> I<path>]
[B<-propquery> I<propq>]
B<openssl> B<ts>
B<-verify>
[B<-data> I<file_to_hash>]
[B<-digest> I<digest_bytes>]
[B<-queryfile> I<request.tsq>]
[B<-in> I<response.tsr>]
[B<-token_in>]
[B<-untrusted> I<files>|I<uris>]
[B<-CAfile> I<file>]
[B<-CApath> I<dir>]
[B<-CAstore> I<uri>]
[B<-allow_proxy_certs>]
[B<-attime> I<timestamp>]
[B<-no_check_time>]
[B<-check_ss_sig>]
[B<-crl_check>]
[B<-crl_check_all>]
[B<-explicit_policy>]
[B<-extended_crl>]
[B<-ignore_critical>]
[B<-inhibit_any>]
[B<-inhibit_map>]
[B<-partial_chain>]
[B<-policy> I<arg>]
[B<-policy_check>]
[B<-policy_print>]
[B<-purpose> I<purpose>]
[B<-suiteB_128>]
[B<-suiteB_128_only>]
[B<-suiteB_192>]
[B<-trusted_first>]
[B<-no_alt_chains>]
[B<-use_deltas>]
[B<-auth_level> I<num>]
[B<-verify_depth> I<num>]
[B<-verify_email> I<email>]
[B<-verify_hostname> I<hostname>]
[B<-verify_ip> I<ip>]
[B<-verify_name> I<name>]
[B<-x509_strict>]
[B<-issuer_checks>]
[B<-provider> I<name>]
[B<-provider-path> I<path>]
[B<-propquery> I<propq>]
=head1 DESCRIPTION
This command is a basic Time Stamping Authority (TSA) client and
server application as specified in RFC 3161 (Time-Stamp Protocol, TSP). A
TSA can be part of a PKI deployment and its role is to provide long
term proof of the existence of a certain datum before a particular
time. Here is a brief description of the protocol:
=over 4
=item 1.
The TSA client computes a one-way hash value for a data file and sends
the hash to the TSA.
=item 2.
The TSA attaches the current date and time to the received hash value,
signs them and sends the timestamp token back to the client. By
creating this token the TSA certifies the existence of the original
data file at the time of response generation.
=item 3.
The TSA client receives the timestamp token and verifies the
signature on it. It also checks if the token contains the same hash
value that it had sent to the TSA.
=back
There is one DER encoded protocol data unit defined for transporting a
timestamp request to the TSA and one for sending the timestamp response
back to the client. This command has three main functions:
creating a timestamp request based on a data file,
creating a timestamp response based on a request, verifying if a
response corresponds to a particular request or a data file.
There is no support for sending the requests/responses automatically
over HTTP or TCP yet as suggested in RFC 3161. The users must send the
requests either by ftp or e-mail.
=head1 OPTIONS
=over 4
=item B<-help>
Print out a usage message.
=item B<-query>
Generate a TS query. For details see L</Timestamp Request generation>.
=item B<-reply>
Generate a TS reply. For details see L</Timestamp Response generation>.
=item B<-verify>
Verify a TS response. For details see L</Timestamp Response verification>.
=back
=head2 Timestamp Request generation
The B<-query> command can be used for creating and printing a timestamp
request with the following options:
=over 4
=item B<-config> I<configfile>
The configuration file to use.
Optional; for a description of the default value,
see L<openssl(1)/COMMAND SUMMARY>.
=item B<-data> I<file_to_hash>
The data file for which the timestamp request needs to be
created. stdin is the default if neither the B<-data> nor the B<-digest>
parameter is specified. (Optional)
=item B<-digest> I<digest_bytes>
It is possible to specify the message imprint explicitly without the data
file. The imprint must be specified in a hexadecimal format, two characters
per byte, the bytes optionally separated by colons (e.g. 1A:F6:01:... or
1AF601...). The number of bytes must match the message digest algorithm
in use. (Optional)
=item B<-I<digest>>
The message digest to apply to the data file.
Any digest supported by the L<openssl-dgst(1)> command can be used.
The default is SHA-256. (Optional)
=item B<-tspolicy> I<object_id>
The policy that the client expects the TSA to use for creating the
timestamp token. Either the dotted OID notation or OID names defined
in the config file can be used. If no policy is requested the TSA will
use its own default policy. (Optional)
=item B<-no_nonce>
No nonce is specified in the request if this option is
given. Otherwise, a 64-bit long pseudo-random nonce is
included in the request. It is recommended to use a nonce to
protect against replay attacks. (Optional)
=item B<-cert>
The TSA is expected to include its signing certificate in the
response. (Optional)
=item B<-in> I<request.tsq>
This option specifies a previously created timestamp request in DER
format that will be printed into the output file. Useful when you need
to examine the content of a request in human-readable
format. (Optional)
=item B<-out> I<request.tsq>
Name of the output file to which the request will be written. Default
is stdout. (Optional)
=item B<-text>
If this option is specified the output is human-readable text format
instead of DER. (Optional)
=item B<-rand> I<files>, B<-writerand> I<file>
See L<openssl(1)/Random State Options> for details.
=back
=head2 Timestamp Response generation
A timestamp response (TimeStampResp) consists of a response status
and the timestamp token itself (ContentInfo), if the token generation was
successful. The B<-reply> command is for creating a timestamp
response or timestamp token based on a request and printing the
response/token in human-readable format. If B<-token_out> is not
specified the output is always a timestamp response (TimeStampResp),
otherwise it is a timestamp token (ContentInfo).
=over 4
=item B<-config> I<configfile>
The configuration file to use.
Optional; for a description of the default value,
see L<openssl(1)/COMMAND SUMMARY>.
See L</CONFIGURATION FILE OPTIONS> for configurable variables.
=item B<-section> I<tsa_section>
The name of the config file section containing the settings for the
response generation. If not specified the default TSA section is
used, see L</CONFIGURATION FILE OPTIONS> for details. (Optional)
=item B<-queryfile> I<request.tsq>
The name of the file containing a DER encoded timestamp request. (Optional)
=item B<-passin> I<password_src>
Specifies the password source for the private key of the TSA. See
description in L<openssl(1)>. (Optional)
=item B<-signer> I<tsa_cert.pem>
The signer certificate of the TSA in PEM format. The TSA signing
certificate must have exactly one extended key usage assigned to it:
timeStamping. The extended key usage must also be critical, otherwise
the certificate is going to be refused. Overrides the B<signer_cert>
variable of the config file. (Optional)
=item B<-inkey> I<filename>|I<uri>
The signer private key of the TSA in PEM format. Overrides the
B<signer_key> config file option. (Optional)
=item B<-I<digest>>
Signing digest to use. Overrides the B<signer_digest> config file
option. (Mandatory unless specified in the config file)
=item B<-chain> I<certs_file.pem>
The collection of certificates in PEM format that will all
be included in the response in addition to the signer certificate if
the B<-cert> option was used for the request. This file is supposed to
contain the certificate chain for the signer certificate from its
issuer upwards. The B<-reply> command does not build a certificate
chain automatically. (Optional)
=item B<-tspolicy> I<object_id>
The default policy to use for the response unless the client
explicitly requires a particular TSA policy. The OID can be specified
either in dotted notation or with its name. Overrides the
B<default_policy> config file option. (Optional)
=item B<-in> I<response.tsr>
Specifies a previously created timestamp response or timestamp token
(if B<-token_in> is also specified) in DER format that will be written
to the output file. This option does not require a request, it is
useful e.g. when you need to examine the content of a response or
token or you want to extract the timestamp token from a response. If
the input is a token and the output is a timestamp response a default
'granted' status info is added to the token. (Optional)
=item B<-token_in>
This flag can be used together with the B<-in> option and indicates
that the input is a DER encoded timestamp token (ContentInfo) instead
of a timestamp response (TimeStampResp). (Optional)
=item B<-out> I<response.tsr>
The response is written to this file. The format and content of the
file depends on other options (see B<-text>, B<-token_out>). The default is
stdout. (Optional)
=item B<-token_out>
The output is a timestamp token (ContentInfo) instead of timestamp
response (TimeStampResp). (Optional)
=item B<-text>
If this option is specified the output is human-readable text format
instead of DER. (Optional)
=item B<-engine> I<id>
See L<openssl(1)/Engine Options>.
This option is deprecated.
=item B<-provider> I<name>
=item B<-provider-path> I<path>
=item B<-propquery> I<propq>
See L<openssl(1)/Provider Options>, L<provider(7)>, and L<property(7)>.
=back
=head2 Timestamp Response verification
The B<-verify> command is for verifying if a timestamp response or
timestamp token is valid and matches a particular timestamp request or
data file. The B<-verify> command does not use the configuration file.
=over 4
=item B<-data> I<file_to_hash>
The response or token must be verified against file_to_hash. The file
is hashed with the message digest algorithm specified in the token.
The B<-digest> and B<-queryfile> options must not be specified with this one.
(Optional)
=item B<-digest> I<digest_bytes>
The response or token must be verified against the message digest specified
with this option. The number of bytes must match the message digest algorithm
specified in the token. The B<-data> and B<-queryfile> options must not be
specified with this one. (Optional)
=item B<-queryfile> I<request.tsq>
The original timestamp request in DER format. The B<-data> and B<-digest>
options must not be specified with this one. (Optional)
=item B<-in> I<response.tsr>
The timestamp response that needs to be verified in DER format. (Mandatory)
=item B<-token_in>
This flag can be used together with the B<-in> option and indicates
that the input is a DER encoded timestamp token (ContentInfo) instead
of a timestamp response (TimeStampResp). (Optional)
=item B<-untrusted> I<files>|I<uris>
A set of additional untrusted certificates which may be
needed when building the certificate chain for the TSA's signing certificate.
These do not need to contain the TSA signing certificate and intermediate CA
certificates as far as the response already includes them.
(Optional)
Multiple sources may be given, separated by commas and/or whitespace.
Each file may contain multiple certificates.
=item B<-CAfile> I<file>, B<-CApath> I<dir>, B<-CAstore> I<uri>
See L<openssl-verification-options(1)/Trusted Certificate Options> for details.
At least one of B<-CAfile>, B<-CApath> or B<-CAstore> must be specified.
=item B<-allow_proxy_certs>, B<-attime>, B<-no_check_time>,
B<-check_ss_sig>, B<-crl_check>, B<-crl_check_all>,
B<-explicit_policy>, B<-extended_crl>, B<-ignore_critical>, B<-inhibit_any>,
B<-inhibit_map>, B<-no_alt_chains>, B<-partial_chain>, B<-policy>,
B<-policy_check>, B<-policy_print>, B<-purpose>, B<-suiteB_128>,
B<-suiteB_128_only>, B<-suiteB_192>, B<-trusted_first>, B<-use_deltas>,
B<-auth_level>, B<-verify_depth>, B<-verify_email>, B<-verify_hostname>,
B<-verify_ip>, B<-verify_name>, B<-x509_strict> B<-issuer_checks>
Set various options of certificate chain verification.
See L<openssl-verification-options(1)/Verification Options> for details.
Any verification errors cause the command to exit.
=back
=head1 CONFIGURATION FILE OPTIONS
The B<-query> and B<-reply> commands make use of a configuration file.
See L<config(5)>
for a general description of the syntax of the config file. The
B<-query> command uses only the symbolic OID names section
and it can work without it. However, the B<-reply> command needs the
config file for its operation.
When there is a command line switch equivalent of a variable the
switch always overrides the settings in the config file.
=over 4
=item B<tsa> section, B<default_tsa>
This is the main section and it specifies the name of another section
that contains all the options for the B<-reply> command. This default
section can be overridden with the B<-section> command line switch. (Optional)
=item B<oid_file>
This specifies a file containing additional B<OBJECT IDENTIFIERS>.
Each line of the file should consist of the numerical form of the
object identifier followed by whitespace then the short name followed
by whitespace and finally the long name. (Optional)
=item B<oid_section>
This specifies a section in the configuration file containing extra
object identifiers. Each line should consist of the short name of the
object identifier followed by B<=> and the numerical form. The short
and long names are the same when this option is used. (Optional)
=item B<RANDFILE>
At startup the specified file is loaded into the random number generator,
and at exit 256 bytes will be written to it. (Note: Using a RANDFILE is
not necessary anymore, see the L</HISTORY> section.
=item B<serial>
The name of the file containing the hexadecimal serial number of the
last timestamp response created. This number is incremented by 1 for
each response. If the file does not exist at the time of response
generation a new file is created with serial number 1. (Mandatory)
=item B<crypto_device>
Specifies the OpenSSL engine that will be set as the default for
all available algorithms. The default value is built-in, you can specify
any other engines supported by OpenSSL (e.g. use chil for the NCipher HSM).
(Optional)
=item B<signer_cert>
TSA signing certificate in PEM format. The same as the B<-signer>
command line option. (Optional)
=item B<certs>
A file containing a set of PEM encoded certificates that need to be
included in the response. The same as the B<-chain> command line
option. (Optional)
=item B<signer_key>
The private key of the TSA in PEM format. The same as the B<-inkey>
command line option. (Optional)
=item B<signer_digest>
Signing digest to use. The same as the
B<-I<digest>> command line option. (Mandatory unless specified on the command
line)
=item B<default_policy>
The default policy to use when the request does not mandate any
policy. The same as the B<-tspolicy> command line option. (Optional)
=item B<other_policies>
Comma separated list of policies that are also acceptable by the TSA
and used only if the request explicitly specifies one of them. (Optional)
=item B<digests>
The list of message digest algorithms that the TSA accepts. At least
one algorithm must be specified. (Mandatory)
=item B<accuracy>
The accuracy of the time source of the TSA in seconds, milliseconds
and microseconds. E.g. secs:1, millisecs:500, microsecs:100. If any of
the components is missing zero is assumed for that field. (Optional)
=item B<clock_precision_digits>
Specifies the maximum number of digits, which represent the fraction of
seconds, that need to be included in the time field. The trailing zeros
must be removed from the time, so there might actually be fewer digits,
or no fraction of seconds at all. Supported only on UNIX platforms.
The maximum value is 6, default is 0.
(Optional)
=item B<ordering>
If this option is yes the responses generated by this TSA can always
be ordered, even if the time difference between two responses is less
than the sum of their accuracies. Default is no. (Optional)
=item B<tsa_name>
Set this option to yes if the subject name of the TSA must be included in
the TSA name field of the response. Default is no. (Optional)
=item B<ess_cert_id_chain>
The SignedData objects created by the TSA always contain the
certificate identifier of the signing certificate in a signed
attribute (see RFC 2634, Enhanced Security Services).
If this variable is set to no, only this signing certificate identifier
is included in the SigningCertificate signed attribute.
If this variable is set to yes and the B<certs> variable or the B<-chain> option
is specified then the certificate identifiers of the chain will also
be included, where the B<-chain> option overrides the B<certs> variable.
Default is no. (Optional)
=item B<ess_cert_id_alg>
This option specifies the hash function to be used to calculate the TSA's
public key certificate identifier. Default is sha256. (Optional)
=back
=head1 EXAMPLES
All the examples below presume that B<OPENSSL_CONF> is set to a proper
configuration file, e.g. the example configuration file
F<openssl/apps/openssl.cnf> will do.
=head2 Timestamp Request
To create a timestamp request for F<design1.txt> with SHA-256 digest,
without nonce and policy, and without requirement for a certificate
in the response:
openssl ts -query -data design1.txt -no_nonce \
-out design1.tsq
To create a similar timestamp request with specifying the message imprint
explicitly:
openssl ts -query -digest b7e5d3f93198b38379852f2c04e78d73abdd0f4b \
-no_nonce -out design1.tsq
To print the content of the previous request in human readable format:
openssl ts -query -in design1.tsq -text
To create a timestamp request which includes the SHA-512 digest
of F<design2.txt>, requests the signer certificate and nonce, and
specifies a policy id (assuming the tsa_policy1 name is defined in the
OID section of the config file):
openssl ts -query -data design2.txt -sha512 \
-tspolicy tsa_policy1 -cert -out design2.tsq
=head2 Timestamp Response
Before generating a response a signing certificate must be created for
the TSA that contains the B<timeStamping> critical extended key usage extension
without any other key usage extensions. You can add this line to the
user certificate section of the config file to generate a proper certificate;
extendedKeyUsage = critical,timeStamping
See L<openssl-req(1)>, L<openssl-ca(1)>, and L<openssl-x509(1)> for
instructions. The examples below assume that F<cacert.pem> contains the
certificate of the CA, F<tsacert.pem> is the signing certificate issued
by F<cacert.pem> and F<tsakey.pem> is the private key of the TSA.
To create a timestamp response for a request:
openssl ts -reply -queryfile design1.tsq -inkey tsakey.pem \
-signer tsacert.pem -out design1.tsr
If you want to use the settings in the config file you could just write:
openssl ts -reply -queryfile design1.tsq -out design1.tsr
To print a timestamp reply to stdout in human readable format:
openssl ts -reply -in design1.tsr -text
To create a timestamp token instead of timestamp response:
openssl ts -reply -queryfile design1.tsq -out design1_token.der -token_out
To print a timestamp token to stdout in human readable format:
openssl ts -reply -in design1_token.der -token_in -text -token_out
To extract the timestamp token from a response:
openssl ts -reply -in design1.tsr -out design1_token.der -token_out
To add 'granted' status info to a timestamp token thereby creating a
valid response:
openssl ts -reply -in design1_token.der -token_in -out design1.tsr
=head2 Timestamp Verification
To verify a timestamp reply against a request:
openssl ts -verify -queryfile design1.tsq -in design1.tsr \
-CAfile cacert.pem -untrusted tsacert.pem
To verify a timestamp reply that includes the certificate chain:
openssl ts -verify -queryfile design2.tsq -in design2.tsr \
-CAfile cacert.pem
To verify a timestamp token against the original data file:
openssl ts -verify -data design2.txt -in design2.tsr \
-CAfile cacert.pem
To verify a timestamp token against a message imprint:
openssl ts -verify -digest b7e5d3f93198b38379852f2c04e78d73abdd0f4b \
-in design2.tsr -CAfile cacert.pem
You could also look at the 'test' directory for more examples.
=head1 BUGS
=for openssl foreign manual procmail(1) perl(1)
=over 2
=item *
No support for timestamps over SMTP, though it is quite easy
to implement an automatic e-mail based TSA with L<procmail(1)>
and L<perl(1)>. HTTP server support is provided in the form of
a separate apache module. HTTP client support is provided by
L<tsget(1)>. Pure TCP/IP protocol is not supported.
=item *
The file containing the last serial number of the TSA is not
locked when being read or written. This is a problem if more than one
instance of L<openssl(1)> is trying to create a timestamp
response at the same time. This is not an issue when using the apache
server module, it does proper locking.
=item *
Look for the FIXME word in the source files.
=item *
The source code should really be reviewed by somebody else, too.
=item *
More testing is needed, I have done only some basic tests (see
test/testtsa).
=back
=head1 HISTORY
OpenSSL 1.1.1 introduced a new random generator (CSPRNG) with an improved
seeding mechanism. The new seeding mechanism makes it unnecessary to
define a RANDFILE for saving and restoring randomness. This option is
retained mainly for compatibility reasons.
The B<-engine> option was deprecated in OpenSSL 3.0.
=head1 SEE ALSO
L<openssl(1)>,
L<tsget(1)>,
L<openssl-req(1)>,
L<openssl-x509(1)>,
L<openssl-ca(1)>,
L<openssl-genrsa(1)>,
L<config(5)>,
L<ossl_store-file(7)>
=head1 COPYRIGHT
Copyright 2006-2024 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
in the file LICENSE in the source distribution or at
L<https://www.openssl.org/source/license.html>.
=cut

218
openssl-3.4.2/doc/man1/openssl-verify.pod Normal file
View File

@@ -0,0 +1,218 @@
=pod
=begin comment
WARNING: do not edit!
Generated by Makefile from doc/man1/openssl-verify.pod.in
=end comment
=head1 NAME
openssl-verify - certificate verification command
=head1 SYNOPSIS
B<openssl> B<verify>
[B<-help>]
[B<-CRLfile> I<filename>|I<uri>]
[B<-crl_download>]
[B<-show_chain>]
[B<-verbose>]
[B<-trusted> I<filename>|I<uri>]
[B<-untrusted> I<filename>|I<uri>]
[B<-vfyopt> I<nm>:I<v>]
[B<-nameopt> I<option>]
[B<-CAfile> I<file>]
[B<-no-CAfile>]
[B<-CApath> I<dir>]
[B<-no-CApath>]
[B<-CAstore> I<uri>]
[B<-no-CAstore>]
[B<-engine> I<id>]
[B<-allow_proxy_certs>]
[B<-attime> I<timestamp>]
[B<-no_check_time>]
[B<-check_ss_sig>]
[B<-crl_check>]
[B<-crl_check_all>]
[B<-explicit_policy>]
[B<-extended_crl>]
[B<-ignore_critical>]
[B<-inhibit_any>]
[B<-inhibit_map>]
[B<-partial_chain>]
[B<-policy> I<arg>]
[B<-policy_check>]
[B<-policy_print>]
[B<-purpose> I<purpose>]
[B<-suiteB_128>]
[B<-suiteB_128_only>]
[B<-suiteB_192>]
[B<-trusted_first>]
[B<-no_alt_chains>]
[B<-use_deltas>]
[B<-auth_level> I<num>]
[B<-verify_depth> I<num>]
[B<-verify_email> I<email>]
[B<-verify_hostname> I<hostname>]
[B<-verify_ip> I<ip>]
[B<-verify_name> I<name>]
[B<-x509_strict>]
[B<-issuer_checks>]
[B<-provider> I<name>]
[B<-provider-path> I<path>]
[B<-propquery> I<propq>]
[B<-->]
[I<certificate> ...]
=head1 DESCRIPTION
This command verifies certificate chains. If a certificate chain has multiple
problems, this program attempts to display all of them.
=head1 OPTIONS
=over 4
=item B<-help>
Print out a usage message.
=item B<-CRLfile> I<filename>|I<uri>
The file or URI should contain one or more CRLs in PEM or DER format.
This option can be specified more than once to include CRLs from multiple
sources.
=item B<-crl_download>
Attempt to download CRL information for certificates via their CDP entries.
=item B<-show_chain>
Display information about the certificate chain that has been built (if
successful). Certificates in the chain that came from the untrusted list will be
flagged as "untrusted".
=item B<-verbose>
Print extra information about the operations being performed.
=item B<-trusted> I<filename>|I<uri>
A file or URI of (more or less) trusted certificates.
See L<openssl-verification-options(1)> for more information on trust settings.
This option can be specified more than once to load certificates from multiple
sources.
=item B<-untrusted> I<filename>|I<uri>
A file or URI of untrusted certificates to use for chain building.
This option can be specified more than once to load certificates from multiple
sources.
=item B<-vfyopt> I<nm>:I<v>
Pass options to the signature algorithm during verify operations.
Names and values of these options are algorithm-specific.
=item B<-nameopt> I<option>
This specifies how the subject or issuer names are displayed.
See L<openssl-namedisplay-options(1)> for details.
=item B<-engine> I<id>
See L<openssl(1)/Engine Options>.
This option is deprecated.
To load certificates or CRLs that require engine support, specify the
B<-engine> option before any of the
B<-trusted>, B<-untrusted> or B<-CRLfile> options.
=item B<-CAfile> I<file>, B<-no-CAfile>, B<-CApath> I<dir>, B<-no-CApath>,
B<-CAstore> I<uri>, B<-no-CAstore>
See L<openssl-verification-options(1)/Trusted Certificate Options> for details.
=item B<-allow_proxy_certs>, B<-attime>, B<-no_check_time>,
B<-check_ss_sig>, B<-crl_check>, B<-crl_check_all>,
B<-explicit_policy>, B<-extended_crl>, B<-ignore_critical>, B<-inhibit_any>,
B<-inhibit_map>, B<-no_alt_chains>, B<-partial_chain>, B<-policy>,
B<-policy_check>, B<-policy_print>, B<-purpose>, B<-suiteB_128>,
B<-suiteB_128_only>, B<-suiteB_192>, B<-trusted_first>, B<-use_deltas>,
B<-auth_level>, B<-verify_depth>, B<-verify_email>, B<-verify_hostname>,
B<-verify_ip>, B<-verify_name>, B<-x509_strict> B<-issuer_checks>
Set various options of certificate chain verification.
See L<openssl-verification-options(1)/Verification Options> for details.
=item B<-provider> I<name>
=item B<-provider-path> I<path>
=item B<-propquery> I<propq>
See L<openssl(1)/Provider Options>, L<provider(7)>, and L<property(7)>.
=item B<-->
Indicates the last option. All arguments following this are assumed to be
certificate files. This is useful if the first certificate filename begins
with a B<->.
=item I<certificate> ...
One or more target certificates to verify, one per file. If no certificates are
given, this command will attempt to read a single certificate from standard
input.
=back
=head1 DIAGNOSTICS
When a verify operation fails the output messages can be somewhat cryptic. The
general form of the error message is:
server.pem: /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test CA (1024 bit)
error 24 at 1 depth lookup:invalid CA certificate
The first line contains the name of the certificate being verified followed by
the subject name of the certificate. The second line contains the error number
and the depth. The depth is number of the certificate being verified when a
problem was detected starting with zero for the target ("leaf") certificate
itself then 1 for the CA that signed the target certificate and so on.
Finally a textual version of the error number is presented.
A list of the error codes and messages can be found in
L<X509_STORE_CTX_get_error(3)>; the full list is defined in the header file
F<< <openssl/x509_vfy.h> >>.
This command ignores many errors, in order to allow all the problems with a
certificate chain to be determined.
=head1 SEE ALSO
L<openssl-verification-options(1)>,
L<openssl-x509(1)>,
L<ossl_store-file(7)>
=head1 HISTORY
The B<-show_chain> option was added in OpenSSL 1.1.0.
The B<-engine option> was deprecated in OpenSSL 3.0.
=head1 COPYRIGHT
Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
in the file LICENSE in the source distribution or at
L<https://www.openssl.org/source/license.html>.
=cut

125
openssl-3.4.2/doc/man1/openssl-version.pod Normal file
View File

@@ -0,0 +1,125 @@
=pod
=begin comment
WARNING: do not edit!
Generated by Makefile from doc/man1/openssl-version.pod.in
=end comment
=head1 NAME
openssl-version - print OpenSSL version information
=head1 SYNOPSIS
B<openssl version>
[B<-help>]
[B<-a>]
[B<-v>]
[B<-b>]
[B<-o>]
[B<-f>]
[B<-p>]
[B<-d>]
[B<-e>]
[B<-m>]
[B<-r>]
[B<-c>]
[B<-w>]
=head1 DESCRIPTION
This command is used to print out version information about OpenSSL.
=head1 OPTIONS
=over 4
=item B<-help>
Print out a usage message.
=item B<-a>
All information, this is the same as setting all the other flags.
=item B<-v>
The current OpenSSL version.
=item B<-b>
The date the current version of OpenSSL was built.
=item B<-o>
Option information: various options set when the library was built.
=item B<-f>
Compilation flags.
=item B<-p>
Platform setting.
=item B<-d>
OPENSSLDIR setting.
=item B<-e>
ENGINESDIR settings.
=item B<-m>
MODULESDIR settings.
=item B<-r>
The random number generator source settings.
=item B<-c>
The OpenSSL CPU settings info.
=item B<-w>
The OpenSSL B<OSSL_WINCTX> build time variable, if set.
Used for computing Windows registry key names. This option is unavailable on
non-Windows platforms.
=back
=head1 HISTORY
In OpenSSL versions prior to 3.4, OpenSSL had a limitation regarding the
B<OPENSSLDIR>, B<MODULESDIR> and B<ENGINESDIR> build time macros. These macros
were defined at build time, and represented filesystem paths. This is common
practice on unix like systems, as there was an expectation that a given build
would be installed to a pre-determined location. On Windows however, there is
no such expectation, as libraries can be installed to arbitrary locations.
B<OSSL_WINCTX> was introduced as a new build time variable to define a set of
registry keys identified by the name openssl-<version>-<ctx>, in which the
<version> value is derived from the version string in the openssl source, and
the <ctx> extension is derived from the B<OSSL_WINCTX> variable. The values of
B<OPENSSLDIR>, B<ENGINESDIR> and B<MODULESDIR> can be set to various paths
underneath this key to break the requirement to predict the installation path at
build time.
=head1 NOTES
The output of C<openssl version -a> would typically be used when sending
in a bug report.
=head1 COPYRIGHT
Copyright 2000-2024 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
in the file LICENSE in the source distribution or at
L<https://www.openssl.org/source/license.html>.
=cut

870
openssl-3.4.2/doc/man1/openssl-x509.pod Normal file
View File

@@ -0,0 +1,870 @@
=pod
=begin comment
WARNING: do not edit!
Generated by Makefile from doc/man1/openssl-x509.pod.in
=end comment
=head1 NAME
openssl-x509 - Certificate display and signing command
=head1 SYNOPSIS
B<openssl> B<x509>
[B<-help>]
[B<-in> I<filename>|I<uri>]
[B<-passin> I<arg>]
[B<-new>]
[B<-x509toreq>]
[B<-req>]
[B<-copy_extensions> I<arg>]
[B<-inform> B<DER>|B<PEM>]
[B<-vfyopt> I<nm>:I<v>]
[B<-key> I<filename>|I<uri>]
[B<-keyform> B<DER>|B<PEM>|B<P12>|B<ENGINE>]
[B<-signkey> I<filename>|I<uri>]
[B<-out> I<filename>]
[B<-outform> B<DER>|B<PEM>]
[B<-nocert>]
[B<-noout>]
[B<-dateopt>]
[B<-text>]
[B<-certopt> I<option>]
[B<-fingerprint>]
[B<-alias>]
[B<-serial>]
[B<-startdate>]
[B<-enddate>]
[B<-dates>]
[B<-subject>]
[B<-issuer>]
[B<-nameopt> I<option>]
[B<-email>]
[B<-hash>]
[B<-subject_hash>]
[B<-subject_hash_old>]
[B<-issuer_hash>]
[B<-issuer_hash_old>]
[B<-ext> I<extensions>]
[B<-ocspid>]
[B<-ocsp_uri>]
[B<-purpose>]
[B<-pubkey>]
[B<-modulus>]
[B<-checkend> I<num>]
[B<-checkhost> I<host>]
[B<-checkemail> I<host>]
[B<-checkip> I<ipaddr>]
[B<-set_serial> I<n>]
[B<-next_serial>]
[B<-not_before> I<date>]
[B<-not_after> I<date>]
[B<-days> I<arg>]
[B<-preserve_dates>]
[B<-set_issuer> I<arg>]
[B<-set_subject> I<arg>]
[B<-subj> I<arg>]
[B<-force_pubkey> I<filename>]
[B<-clrext>]
[B<-extfile> I<filename>]
[B<-extensions> I<section>]
[B<-sigopt> I<nm>:I<v>]
[B<-badsig>]
[B<-I<digest>>]
[B<-CA> I<filename>|I<uri>]
[B<-CAform> B<DER>|B<PEM>|B<P12>]
[B<-CAkey> I<filename>|I<uri>]
[B<-CAkeyform> B<DER>|B<PEM>|B<P12>|B<ENGINE>]
[B<-CAserial> I<filename>]
[B<-CAcreateserial>]
[B<-trustout>]
[B<-setalias> I<arg>]
[B<-clrtrust>]
[B<-addtrust> I<arg>]
[B<-clrreject>]
[B<-addreject> I<arg>]
[B<-rand> I<files>]
[B<-writerand> I<file>]
[B<-engine> I<id>]
[B<-provider> I<name>]
[B<-provider-path> I<path>]
[B<-propquery> I<propq>]
=head1 DESCRIPTION
This command is a multi-purposes certificate handling command.
It can be used to print certificate information,
convert certificates to various forms, edit certificate trust settings,
generate certificates from scratch or from certification requests
and then self-signing them or signing them like a "micro CA".
Generated certificates bear X.509 version 3.
Unless specified otherwise,
key identifier extensions are included as described in L<x509v3_config(5)>.
Since there are a large number of options they will split up into
various sections.
=head1 OPTIONS
=head2 Input, Output, and General Purpose Options
=over 4
=item B<-help>
Print out a usage message.
=item B<-in> I<filename>|I<uri>
This specifies the input to read a certificate from
or the input file for reading a certificate request if the B<-req> flag is used.
In both cases this defaults to standard input.
This option cannot be combined with the B<-new> flag.
=item B<-passin> I<arg>
The key and certificate file password source.
For more information about the format of I<arg>
see L<openssl-passphrase-options(1)>.
=item B<-new>
Generate a certificate from scratch, not using an input certificate
or certificate request.
So this excludes the B<-in> and B<-req> options.
Instead, the B<-set_subject> option needs to be given.
The public key to include can be given with the B<-force_pubkey> option
and defaults to the key given with the B<-key> (or B<-signkey>) option,
which implies self-signature.
=item B<-x509toreq>
Output a PKCS#10 certificate request (rather than a certificate).
The B<-key> (or B<-signkey>) option must be used to provide the private key for
self-signing; the corresponding public key is placed in the subjectPKInfo field.
X.509 extensions included in a certificate input are not copied by default.
X.509 extensions to be added can be specified using the B<-extfile> option.
=item B<-req>
By default a certificate is expected on input.
With this option a PKCS#10 certificate request is expected instead,
which must be correctly self-signed.
X.509 extensions included in the request are not copied by default.
X.509 extensions to be added can be specified using the B<-extfile> option.
=item B<-copy_extensions> I<arg>
Determines how to handle X.509 extensions
when converting from a certificate to a request using the B<-x509toreq> option
or converting from a request to a certificate using the B<-req> option.
If I<arg> is B<none> or this option is not present then extensions are ignored.
If I<arg> is B<copy> or B<copyall> then all extensions are copied,
except that subject identifier and authority key identifier extensions
are not taken over when producing a certificate request.
The B<-ext> option can be used to further restrict which extensions to copy.
=item B<-inform> B<DER>|B<PEM>
The input file format to use; by default PEM is tried first.
See L<openssl-format-options(1)> for details.
=item B<-vfyopt> I<nm>:I<v>
Pass options to the signature algorithm during verify operations.
Names and values of these options are algorithm-specific.
=item B<-key> I<filename>|I<uri>
This option provides the private key for signing a new certificate or
certificate request.
Unless B<-force_pubkey> is given, the corresponding public key is placed in
the new certificate or certificate request, resulting in a self-signature.
This option cannot be used in conjunction with the B<-CA> option.
It sets the issuer name to the subject name (i.e., makes it self-issued).
Unless the B<-preserve_dates> option is supplied,
it sets the validity start date to the current time
and the end date to a value determined by the B<-days> option.
Start date and end date can also be explicitly supplied with options
B<-not_before> and B<-not_after>.
=item B<-signkey> I<filename>|I<uri>
This option is an alias of B<-key>.
=item B<-keyform> B<DER>|B<PEM>|B<P12>|B<ENGINE>
The key input format; unspecified by default.
See L<openssl-format-options(1)> for details.
=item B<-out> I<filename>
This specifies the output filename to write to or standard output by default.
=item B<-outform> B<DER>|B<PEM>
The output format; the default is B<PEM>.
See L<openssl-format-options(1)> for details.
=item B<-nocert>
Do not output a certificate (except for printing as requested by below options).
=item B<-noout>
This option prevents output except for printing as requested by below options.
=back
=head2 Certificate Printing Options
Note: the B<-alias> and B<-purpose> options are also printing options
but are described in the L</Trust Settings> section.
=over 4
=item B<-dateopt>
Specify the date output format. Values are: rfc_822 and iso_8601.
Defaults to rfc_822.
=item B<-text>
Prints out the certificate in text form. Full details are printed including the
public key, signature algorithms, issuer and subject names, serial number
any extensions present and any trust settings.
=item B<-certopt> I<option>
Customise the print format used with B<-text>. The I<option> argument
can be a single option or multiple options separated by commas.
The B<-certopt> switch may be also be used more than once to set multiple
options. See the L</Text Printing Flags> section for more information.
=item B<-fingerprint>
Calculates and prints the digest of the DER encoded version of the entire
certificate (see digest options).
This is commonly called a "fingerprint". Because of the nature of message
digests, the fingerprint of a certificate is unique to that certificate and
two certificates with the same fingerprint can be considered to be the same.
=item B<-alias>
Prints the certificate "alias" (nickname), if any.
=item B<-serial>
Prints the certificate serial number.
=item B<-startdate>
Prints out the start date of the certificate, that is the notBefore date.
=item B<-enddate>
Prints out the expiry date of the certificate, that is the notAfter date.
=item B<-dates>
Prints out the start and expiry dates of a certificate.
=item B<-subject>
Prints the subject name.
=item B<-issuer>
Prints the issuer name.
=item B<-nameopt> I<option>
This specifies how the subject or issuer names are displayed.
See L<openssl-namedisplay-options(1)> for details.
=item B<-email>
Prints the email address(es) if any.
=item B<-hash>
Synonym for "-subject_hash" for backward compatibility reasons.
=item B<-subject_hash>
Prints the "hash" of the certificate subject name. This is used in OpenSSL to
form an index to allow certificates in a directory to be looked up by subject
name.
=item B<-subject_hash_old>
Prints the "hash" of the certificate subject name using the older algorithm
as used by OpenSSL before version 1.0.0.
=item B<-issuer_hash>
Prints the "hash" of the certificate issuer name.
=item B<-issuer_hash_old>
Prints the "hash" of the certificate issuer name using the older algorithm
as used by OpenSSL before version 1.0.0.
=item B<-ext> I<extensions>
Prints out the certificate extensions in text form.
Can also be used to restrict which extensions to copy.
Extensions are specified
with a comma separated string, e.g., "subjectAltName, subjectKeyIdentifier".
See the L<x509v3_config(5)> manual page for the extension names.
=item B<-ocspid>
Prints the OCSP hash values for the subject name and public key.
=item B<-ocsp_uri>
Prints the OCSP responder address(es) if any.
=item B<-purpose>
This option performs tests on the certificate extensions and outputs
the results. For a more complete description see
L<openssl-verification-options(1)/Certificate Extensions>.
=item B<-pubkey>
Prints the certificate's SubjectPublicKeyInfo block in PEM format.
=item B<-modulus>
This option prints out the value of the modulus of the public key
contained in the certificate.
=back
=head2 Certificate Checking Options
=over 4
=item B<-checkend> I<arg>
Checks if the certificate expires within the next I<arg> seconds and exits
nonzero if yes it will expire or zero if not.
=item B<-checkhost> I<host>
Check that the certificate matches the specified host.
=item B<-checkemail> I<email>
Check that the certificate matches the specified email address.
=item B<-checkip> I<ipaddr>
Check that the certificate matches the specified IP address.
=back
=head2 Certificate Output Options
=over 4
=item B<-set_serial> I<n>
Specifies the serial number to use.
This option can be used with the B<-key>, B<-signkey>, or B<-CA> options.
If used in conjunction with the B<-CA> option
the serial number file (as specified by the B<-CAserial> option) is not used.
The serial number can be decimal or hex (if preceded by C<0x>).
=item B<-next_serial>
Set the serial to be one more than the number in the certificate.
=item B<-not_before> I<date>
This allows the start date to be explicitly set. The format of the
date is YYMMDDHHMMSSZ (the same as an ASN1 UTCTime structure), or
YYYYMMDDHHMMSSZ (the same as an ASN1 GeneralizedTime structure). In
both formats, seconds SS and timezone Z must be present.
Alternatively, you can also use "today".
Cannot be used together with the B<-preserve_dates> option.
=item B<-not_after> I<date>
This allows the expiry date to be explicitly set. The format of the
date is YYMMDDHHMMSSZ (the same as an ASN1 UTCTime structure), or
YYYYMMDDHHMMSSZ (the same as an ASN1 GeneralizedTime structure). In
both formats, seconds SS and timezone Z must be present.
Alternatively, you can also use "today".
Cannot be used together with the B<-preserve_dates> option.
This overrides the option B<-days>.
=item B<-days> I<arg>
Specifies the number of days from today until a newly generated certificate expires.
The default is 30.
Cannot be used together with the option B<-preserve_dates>.
If option B<-not_after> is set, the explicit expiry date takes precedence.
=item B<-preserve_dates>
When signing a certificate, preserve "notBefore" and "notAfter" dates of any
input certificate instead of adjusting them to current time and duration.
Cannot be used together with the options B<-days>, B<-not_before> and B<-not_after>.
=item B<-set_issuer> I<arg>
When a certificate is created set its issuer name to the given value.
See B<-set_subject> on how the arg must be formatted.
=item B<-set_subject> I<arg>
When a certificate is created set its subject name to the given value.
When the certificate is self-signed the issuer name is set to the same value,
unless the B<-set_issuer> option is given.
The arg must be formatted as C</type0=value0/type1=value1/type2=...>.
Special characters may be escaped by C<\> (backslash), whitespace is retained.
Empty values are permitted, but the corresponding type will not be included
in the certificate.
Giving a single C</> will lead to an empty sequence of RDNs (a NULL-DN).
Multi-valued RDNs can be formed by placing a C<+> character instead of a C</>
between the AttributeValueAssertions (AVAs) that specify the members of the set.
Example:
C</DC=org/DC=OpenSSL/DC=users/UID=123456+CN=John Doe>
This option can be used with the B<-new> and B<-force_pubkey> options to create
a new certificate without providing an input certificate or certificate request.
=item B<-subj> I<arg>
This option is an alias of B<-set_subject>.
=item B<-force_pubkey> I<filename>
When a new certificate or certificate request is created
set its public key to the given key
instead of the key contained in the input
or given with the B<-key> (or B<-signkey>) option.
If the input contains no public key but a private key, its public part is used.
This option can be used in conjunction with b<-new> and B<-set_subject>
to directly generate a certificate containing any desired public key.
This option is also useful for creating self-issued certificates that are not
self-signed, for instance when the key cannot be used for signing, such as DH.
=item B<-clrext>
When transforming a certificate to a new certificate
by default all certificate extensions are retained.
When transforming a certificate or certificate request,
the B<-clrext> option prevents taking over any extensions from the source.
In any case, when producing a certificate request,
neither subject identifier nor authority key identifier extensions are included.
=item B<-extfile> I<filename>
Configuration file containing certificate and request X.509 extensions to add.
=item B<-extensions> I<section>
The section in the extfile to add X.509 extensions from.
If this option is not
specified then the extensions should either be contained in the unnamed
(default) section or the default section should contain a variable called
"extensions" which contains the section to use.
See the L<x509v3_config(5)> manual page for details of the
extension section format.
Unless specified otherwise,
key identifier extensions are included as described in L<x509v3_config(5)>.
=item B<-sigopt> I<nm>:I<v>
Pass options to the signature algorithm during sign operations.
This option may be given multiple times.
Names and values provided using this option are algorithm-specific.
=item B<-badsig>
Corrupt the signature before writing it; this can be useful
for testing.
=item B<-I<digest>>
The digest to use.
This affects any signing or printing option that uses a message
digest, such as the B<-fingerprint>, B<-key>, and B<-CA> options.
Any digest supported by the L<openssl-dgst(1)> command can be used.
If not specified then SHA1 is used with B<-fingerprint> or
the default digest for the signing algorithm is used, typically SHA256.
=back
=head2 Micro-CA Options
=over 4
=item B<-CA> I<filename>|I<uri>
Specifies the "CA" certificate to be used for signing.
When present, this behaves like a "micro CA" as follows:
The subject name of the "CA" certificate is placed as issuer name in the new
certificate, which is then signed using the "CA" key given as detailed below.
This option cannot be used in conjunction with B<-key> (or B<-signkey>).
This option is normally combined with the B<-req> option referencing a CSR.
Without the B<-req> option the input must be an existing certificate
unless the B<-new> option is given, which generates a certificate from scratch.
=item B<-CAform> B<DER>|B<PEM>|B<P12>,
The format for the CA certificate; unspecified by default.
See L<openssl-format-options(1)> for details.
=item B<-CAkey> I<filename>|I<uri>
Sets the CA private key to sign a certificate with.
The private key must match the public key of the certificate given with B<-CA>.
If this option is not provided then the key must be present in the B<-CA> input.
=item B<-CAkeyform> B<DER>|B<PEM>|B<P12>|B<ENGINE>
The format for the CA key; unspecified by default.
See L<openssl-format-options(1)> for details.
=item B<-CAserial> I<filename>
Sets the CA serial number file to use.
When creating a certificate with this option and with the B<-CA> option,
the certificate serial number is stored in the given file.
This file consists of one line containing
an even number of hex digits with the serial number used last time.
After reading this number, it is incremented and used, and the file is updated.
The default filename consists of the CA certificate file base name with
F<.srl> appended. For example if the CA certificate file is called
F<mycacert.pem> it expects to find a serial number file called
F<mycacert.srl>.
If the B<-CA> option is specified and neither <-CAserial> or <-CAcreateserial>
is given and the default serial number file does not exist,
a random number is generated; this is the recommended practice.
=item B<-CAcreateserial>
With this option and the B<-CA> option
the CA serial number file is created if it does not exist.
A random number is generated, used for the certificate,
and saved into the serial number file determined as described above.
=back
=head2 Trust Settings
A B<trusted certificate> is an ordinary certificate which has several
additional pieces of information attached to it such as the permitted
and prohibited uses of the certificate and possibly an "alias" (nickname).
Normally when a certificate is being verified at least one certificate
must be "trusted". By default a trusted certificate must be stored
locally and must be a root CA: any certificate chain ending in this CA
is then usable for any purpose.
Trust settings currently are only used with a root CA.
They allow a finer control over the purposes the root CA can be used for.
For example, a CA may be trusted for SSL client but not SSL server use.
See L<openssl-verification-options(1)> for more information
on the meaning of trust settings.
Future versions of OpenSSL will recognize trust settings on any
certificate: not just root CAs.
=over 4
=item B<-trustout>
Mark any certificate PEM output as <trusted> certificate rather than ordinary.
An ordinary or trusted certificate can be input but by default an ordinary
certificate is output and any trust settings are discarded.
With the B<-trustout> option a trusted certificate is output. A trusted
certificate is automatically output if any trust settings are modified.
=item B<-setalias> I<arg>
Sets the "alias" of the certificate. This will allow the certificate
to be referred to using a nickname for example "Steve's Certificate".
=item B<-clrtrust>
Clears all the permitted or trusted uses of the certificate.
=item B<-addtrust> I<arg>
Adds a trusted certificate use.
Any object name can be used here but currently only B<clientAuth>,
B<serverAuth>, B<emailProtection>, and B<anyExtendedKeyUsage> are defined.
As of OpenSSL 1.1.0, the last of these blocks all purposes when rejected or
enables all purposes when trusted.
Other OpenSSL applications may define additional uses.
=item B<-clrreject>
Clears all the prohibited or rejected uses of the certificate.
=item B<-addreject> I<arg>
Adds a prohibited trust anchor purpose.
It accepts the same values as the B<-addtrust> option.
=back
=head2 Generic options
=over 4
=item B<-rand> I<files>, B<-writerand> I<file>
See L<openssl(1)/Random State Options> for details.
=item B<-engine> I<id>
See L<openssl(1)/Engine Options>.
This option is deprecated.
=item B<-provider> I<name>
=item B<-provider-path> I<path>
=item B<-propquery> I<propq>
See L<openssl(1)/Provider Options>, L<provider(7)>, and L<property(7)>.
=back
=head2 Text Printing Flags
As well as customising the name printing format, it is also possible to
customise the actual fields printed using the B<certopt> option when
the B<text> option is present. The default behaviour is to print all fields.
=over 4
=item B<compatible>
Use the old format. This is equivalent to specifying no printing options at all.
=item B<no_header>
Don't print header information: that is the lines saying "Certificate"
and "Data".
=item B<no_version>
Don't print out the version number.
=item B<no_serial>
Don't print out the serial number.
=item B<no_signame>
Don't print out the signature algorithm used.
=item B<no_validity>
Don't print the validity, that is the B<notBefore> and B<notAfter> fields.
=item B<no_subject>
Don't print out the subject name.
=item B<no_issuer>
Don't print out the issuer name.
=item B<no_pubkey>
Don't print out the public key.
=item B<no_sigdump>
Don't give a hexadecimal dump of the certificate signature.
=item B<no_aux>
Don't print out certificate trust information.
=item B<no_extensions>
Don't print out any X509V3 extensions.
=item B<ext_default>
Retain default extension behaviour: attempt to print out unsupported
certificate extensions.
=item B<ext_error>
Print an error message for unsupported certificate extensions.
=item B<ext_parse>
ASN1 parse unsupported extensions.
=item B<ext_dump>
Hex dump unsupported extensions.
=item B<ca_default>
The value used by L<openssl-ca(1)>, equivalent to B<no_issuer>, B<no_pubkey>,
B<no_header>, and B<no_version>.
=back
=head1 EXAMPLES
Note: in these examples the '\' means the example should be all on one
line.
Print the contents of a certificate:
openssl x509 -in cert.pem -noout -text
Print the "Subject Alternative Name" extension of a certificate:
openssl x509 -in cert.pem -noout -ext subjectAltName
Print more extensions of a certificate:
openssl x509 -in cert.pem -noout -ext subjectAltName,nsCertType
Print the certificate serial number:
openssl x509 -in cert.pem -noout -serial
Print the certificate subject name:
openssl x509 -in cert.pem -noout -subject
Print the certificate subject name in RFC2253 form:
openssl x509 -in cert.pem -noout -subject -nameopt RFC2253
Print the certificate subject name in oneline form on a terminal
supporting UTF8:
openssl x509 -in cert.pem -noout -subject -nameopt oneline,-esc_msb
Print the certificate SHA1 fingerprint:
openssl x509 -sha1 -in cert.pem -noout -fingerprint
Convert a certificate from PEM to DER format:
openssl x509 -in cert.pem -inform PEM -out cert.der -outform DER
Convert a certificate to a certificate request:
openssl x509 -x509toreq -in cert.pem -out req.pem -key key.pem
Convert a certificate request into a self-signed certificate using
extensions for a CA:
openssl x509 -req -in careq.pem -extfile openssl.cnf -extensions v3_ca \
-key key.pem -out cacert.pem
Sign a certificate request using the CA certificate above and add user
certificate extensions:
openssl x509 -req -in req.pem -extfile openssl.cnf -extensions v3_usr \
-CA cacert.pem -CAkey key.pem -CAcreateserial
Set a certificate to be trusted for SSL client use and change set its alias to
"Steve's Class 1 CA"
openssl x509 -in cert.pem -addtrust clientAuth \
-setalias "Steve's Class 1 CA" -out trust.pem
=head1 NOTES
The conversion to UTF8 format used with the name options assumes that
T61Strings use the ISO8859-1 character set. This is wrong but Netscape
and MSIE do this as do many certificates. So although this is incorrect
it is more likely to print the majority of certificates correctly.
The B<-email> option searches the subject name and the subject alternative
name extension. Only unique email addresses will be printed out: it will
not print the same address more than once.
=head1 BUGS
It is possible to produce invalid certificates or requests by specifying the
wrong private key, using unsuitable X.509 extensions,
or using inconsistent options in some cases: these should be checked.
There should be options to explicitly set such things as start and end
dates rather than an offset from the current time.
=head1 SEE ALSO
L<openssl(1)>,
L<openssl-req(1)>,
L<openssl-ca(1)>,
L<openssl-genrsa(1)>,
L<openssl-gendsa(1)>,
L<openssl-verify(1)>,
L<x509v3_config(5)>
=head1 HISTORY
The hash algorithm used in the B<-subject_hash> and B<-issuer_hash> options
before OpenSSL 1.0.0 was based on the deprecated MD5 algorithm and the encoding
of the distinguished name. In OpenSSL 1.0.0 and later it is based on a canonical
version of the DN using SHA1. This means that any directories using the old
form must have their links rebuilt using L<openssl-rehash(1)> or similar.
The B<-signkey> option has been renamed to B<-key> in OpenSSL 3.0,
keeping the old name as an alias.
The B<-engine> option was deprecated in OpenSSL 3.0.
The B<-C> option was removed in OpenSSL 3.0.
Since OpenSSL 3.2, generated certificates bear X.509 version 3,
and key identifier extensions are included by default.
=head1 COPYRIGHT
Copyright 2000-2024 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
in the file LICENSE in the source distribution or at
L<https://www.openssl.org/source/license.html>.
=cut