OPENSSL 1 2008-05-09 0.9.9-dev OpenSSL
NAME
openssl - OpenSSL command line tool
LIBRARY
libcrypto, -lcrypto
SYNOPSIS
ooppeennssssll
_c_o_m_m_a_n_d
[ _c_o_m_m_a_n_d___o_p_t_s ]
[ _c_o_m_m_a_n_d___a_r_g_s ]
ooppeennssssll [ lliisstt--ssttaannddaarrdd--ccoommmmaannddss | lliisstt--mmeessssaaggee--ddiiggeesstt--ccoommmmaannddss | lliisstt--cciipphheerr--ccoommmmaannddss | lliisstt--cciipphheerr--aallggoorriitthhmmss | lliisstt--mmeessssaaggee--ddiiggeesstt--aallggoorriitthhmmss | lliisstt--ppuubblliicc--kkeeyy--aallggoorriitthhmmss]
ooppeennssssll nnoo--_X_X_X [ _a_r_b_i_t_r_a_r_y _o_p_t_i_o_n_s ]
DESCRIPTION
OpenSSL is a cryptography toolkit implementing the Secure Sockets Layer (SSL
v2/v3) and Transport Layer Security (TLS v1) network protocols and related
cryptography standards required by them.
The ooppeennssssll program is a command line tool for using the various
cryptography functions of OpenSSL's ccrryyppttoo library from the shell.
It can be used for
o Creation and management of private keys, public keys and parameters
o Public key cryptographic operations
o Creation of X.509 certificates, CSRs and CRLs
o Calculation of Message Digests
o Encryption and Decryption with Ciphers
o SSL/TLS Client and Server Tests
o Handling of S/MIME signed or encrypted mail
o Time Stamp requests, generation and verification
COMMAND SUMMARY
The ooppeennssssll program provides a rich variety of commands (_c_o_m_m_a_n_d in the
SYNOPSIS above), each of which often has a wealth of options and arguments
(_c_o_m_m_a_n_d___o_p_t_s and _c_o_m_m_a_n_d___a_r_g_s in the SYNOPSIS).
The pseudo-commands lliisstt--ssttaannddaarrdd--ccoommmmaannddss, lliisstt--mmeessssaaggee--ddiiggeesstt--ccoommmmaannddss,
and lliisstt--cciipphheerr--ccoommmmaannddss output a list (one entry per line) of the names
of all standard commands, message digest commands, or cipher commands,
respectively, that are available in the present ooppeennssssll utility.
The pseudo-commands lliisstt--cciipphheerr--aallggoorriitthhmmss and
lliisstt--mmeessssaaggee--ddiiggeesstt--aallggoorriitthhmmss list all cipher and message digest names, one entry per line. Aliases are listed as:
from => to
The pseudo-command lliisstt--ppuubblliicc--kkeeyy--aallggoorriitthhmmss lists all supported public
key algorithms.
The pseudo-command nnoo--_X_X_X tests whether a command of the
specified name is available. If no command named _X_X_X exists, it
returns 0 (success) and prints nnoo--_X_X_X; otherwise it returns 1
and prints _X_X_X. In both cases, the output goes to ssttddoouutt and
nothing is printed to ssttddeerrrr. Additional command line arguments
are always ignored. Since for each cipher there is a command of the
same name, this provides an easy way for shell scripts to test for the
availability of ciphers in the ooppeennssssll program. (nnoo--_X_X_X is
not able to detect pseudo-commands such as qquuiitt,
lliisstt--_._._.--ccoommmmaannddss, or nnoo--_X_X_X itself.)
SSTTAANNDDAARRDD CCOOMMMMAANNDDSS
-
aassnn11ppaarrssee
Parse an ASN.1 sequence.
-
-
ccaa
Certificate Authority (CA) Management.
-
-
cciipphheerrss
Cipher Suite Description Determination.
-
-
ccrrll
Certificate Revocation List (CRL) Management.
-
-
ccrrll22ppkkccss77
CRL to PKCS#7 Conversion.
-
-
ddggsstt
Message Digest Calculation.
-
-
ddhh
Diffie-Hellman Parameter Management.
-
Obsoleted by ddhhppaarraamm.
-
ddssaa
DSA Data Management.
-
-
ddssaappaarraamm
DSA Parameter Generation and Management. Superseded by
-
ggeennppkkeeyy and ppkkeeyyppaarraamm
-
eenncc
Encoding with Ciphers.
-
-
eerrrrssttrr
Error Number to Error String Conversion.
-
-
ddhhppaarraamm
Generation and Management of Diffie-Hellman Parameters. Superseded by
-
ggeennppkkeeyy and ppkkeeyyppaarraamm
-
ggeennddhh
Generation of Diffie-Hellman Parameters.
-
Obsoleted by ddhhppaarraamm.
-
ggeennddssaa
Generation of DSA Private Key from Parameters. Superseded by
-
ggeennppkkeeyy and ppkkeeyy
-
ggeennppkkeeyy
Generation of Private Key or Parameters.
-
-
ggeennrrssaa
Generation of RSA Private Key. Superceded by ggeennppkkeeyy.
-
-
ooccsspp
Online Certificate Status Protocol utility.
-
-
ppaasssswwdd
Generation of hashed passwords.
-
-
ppkkccss1122
PKCS#12 Data Management.
-
-
ppkkccss77
PKCS#7 Data Management.
-
-
ppkkeeyy
Public and private key management.
-
-
ppkkeeyyuuttll
Public key algorithm cryptographic operation utility.
-
-
ppkkeeyyppaarraamm
Public key algorithm parameter management.
-
-
rraanndd
Generate pseudo-random bytes.
-
-
rreeqq
PKCS#10 X.509 Certificate Signing Request (CSR) Management.
-
-
rrssaa
RSA key management.
-
-
rrssaauuttll
RSA utility for signing, verification, encryption, and decryption. Superseded
-
by ppkkeeyyuuttll
-
ss__cclliieenntt
This implements a generic SSL/TLS client which can establish a transparent
-
connection to a remote server speaking SSL/TLS. It's intended for testing
purposes only and provides only rudimentary interface functionality but
internally uses mostly all functionality of the OpenSSL ssssll library.
-
ss__sseerrvveerr
This implements a generic SSL/TLS server which accepts connections from remote
-
clients speaking SSL/TLS. It's intended for testing purposes only and provides
only rudimentary interface functionality but internally uses mostly all
functionality of the OpenSSL ssssll library. It provides both an own command
line oriented protocol for testing SSL functions and a simple HTTP response
facility to emulate an SSL/TLS-aware webserver.
-
ss__ttiimmee
SSL Connection Timer.
-
-
sseessss__iidd
SSL Session Data Management.
-
-
ssmmiimmee
S/MIME mail processing.
-
-
ssppeeeedd
Algorithm Speed Measurement.
-
-
ttss
Time Stamping Authority tool (client/server)
-
-
vveerriiffyy
X.509 Certificate Verification.
-
-
vveerrssiioonn
OpenSSL Version Information.
-
-
xx550099
X.509 Certificate Data Management.
-
MMEESSSSAAGGEE DDIIGGEESSTT CCOOMMMMAANNDDSS
-
mmdd22
MD2 Digest
-
-
mmdd55
MD5 Digest
-
-
mmddcc22
MDC2 Digest
-
-
rrmmdd116600
RMD-160 Digest
-
-
sshhaa
SHA Digest
-
-
sshhaa11
SHA-1 Digest
-
-
sshhaa222244
SHA-224 Digest
-
-
sshhaa225566
SHA-256 Digest
-
-
sshhaa338844
SHA-384 Digest
-
-
sshhaa551122
SHA-512 Digest
-
EENNCCOODDIINNGG AANNDD CCIIPPHHEERR CCOOMMMMAANNDDSS
-
bbaassee6644
Base64 Encoding
-
-
bbff bbff--ccbbcc bbff--ccffbb bbff--eeccbb bbff--ooffbb
Blowfish Cipher
-
-
ccaasstt ccaasstt--ccbbcc
CAST Cipher
-
-
ccaasstt55--ccbbcc ccaasstt55--ccffbb ccaasstt55--eeccbb ccaasstt55--ooffbb
CAST5 Cipher
-
-
ddeess ddeess--ccbbcc ddeess--ccffbb ddeess--eeccbb ddeess--eeddee ddeess--eeddee--ccbbcc ddeess--eeddee--ccffbb ddeess--eeddee--ooffbb ddeess--ooffbb
DES Cipher
-
-
ddeess33 ddeessxx ddeess--eeddee33 ddeess--eeddee33--ccbbcc ddeess--eeddee33--ccffbb ddeess--eeddee33--ooffbb
Triple-DES Cipher
-
-
iiddeeaa iiddeeaa--ccbbcc iiddeeaa--ccffbb iiddeeaa--eeccbb iiddeeaa--ooffbb
IDEA Cipher
-
-
rrcc22 rrcc22--ccbbcc rrcc22--ccffbb rrcc22--eeccbb rrcc22--ooffbb
RC2 Cipher
-
-
rrcc44
RC4 Cipher
-
-
rrcc55 rrcc55--ccbbcc rrcc55--ccffbb rrcc55--eeccbb rrcc55--ooffbb
RC5 Cipher
-
PASS PHRASE ARGUMENTS
Several commands accept password arguments, typically using --ppaassssiinn
and --ppaassssoouutt for input and output passwords respectively. These allow
the password to be obtained from a variety of sources. Both of these
options take a single argument whose format is described below. If no
password argument is given and a password is required then the user is
prompted to enter one: this will typically be read from the current
terminal with echoing turned off.
-
ppaassss::ppaasssswwoorrdd
the actual password is ppaasssswwoorrdd. Since the password is visible
-
to utilities (like 'ps' under Unix) this form should only be used
where security is not important.
-
eennvv::vvaarr
obtain the password from the environment variable vvaarr. Since
-
the environment of other processes is visible on certain platforms
(e.g. ps under certain Unix OSes) this option should be used with caution.
-
ffiillee::ppaatthhnnaammee
the first line of ppaatthhnnaammee is the password. If the same ppaatthhnnaammee
-
argument is supplied to --ppaassssiinn and --ppaassssoouutt arguments then the first
line will be used for the input password and the next line for the output
password. ppaatthhnnaammee need not refer to a regular file: it could for example
refer to a device or named pipe.
-
ffdd::nnuummbbeerr
read the password from the file descriptor nnuummbbeerr. This can be used to
-
send the data via a pipe for example.
-
ssttddiinn
read the password from standard input.
-
SEE ALSO
_o_p_e_n_s_s_l___a_s_n_1_p_a_r_s_e(1), _o_p_e_n_s_s_l___c_a(1), _o_p_e_n_s_s_l_._c_n_f(5),
_o_p_e_n_s_s_l___c_r_l(1), _o_p_e_n_s_s_l___c_r_l_2_p_k_c_s_7(1), _o_p_e_n_s_s_l___d_g_s_t(1),
_o_p_e_n_s_s_l___d_h_p_a_r_a_m(1), _o_p_e_n_s_s_l___d_s_a(1), _o_p_e_n_s_s_l___d_s_a_p_a_r_a_m(1),
_o_p_e_n_s_s_l___e_n_c(1), _o_p_e_n_s_s_l___g_e_n_d_s_a(1), _g_e_n_p_k_e_y(1),
_o_p_e_n_s_s_l___g_e_n_r_s_a(1), _o_p_e_n_s_s_l___n_s_e_q(1), _o_p_e_n_s_s_l(1),
_o_p_e_n_s_s_l___p_a_s_s_w_d(1),
_o_p_e_n_s_s_l___p_k_c_s_1_2(1), _o_p_e_n_s_s_l___p_k_c_s_7(1), _o_p_e_n_s_s_l___p_k_c_s_8(1),
_o_p_e_n_s_s_l___r_a_n_d(1), _o_p_e_n_s_s_l___r_e_q(1), _o_p_e_n_s_s_l___r_s_a(1),
_o_p_e_n_s_s_l___r_s_a_u_t_l(1), _o_p_e_n_s_s_l___s___c_l_i_e_n_t(1),
_o_p_e_n_s_s_l___s___s_e_r_v_e_r(1), _s___t_i_m_e(1),
_o_p_e_n_s_s_l___s_m_i_m_e(1), _o_p_e_n_s_s_l___s_p_k_a_c(1),
_o_p_e_n_s_s_l___v_e_r_i_f_y(1), _o_p_e_n_s_s_l___v_e_r_s_i_o_n(1), _o_p_e_n_s_s_l___x_5_0_9(1),
_c_r_y_p_t_o(3), _s_s_l(3), _x_5_0_9_v_3___c_o_n_f_i_g(5)
HISTORY
The _o_p_e_n_s_s_l(1) document appeared in OpenSSL 0.9.2.
The lliisstt--_X_X_X--ccoommmmaannddss pseudo-commands were added in OpenSSL 0.9.3;
The lliisstt--_X_X_X--aallggoorriitthhmmss pseudo-commands were added in OpenSSL 0.9.9;
the nnoo--_X_X_X pseudo-commands were added in OpenSSL 0.9.5a.
For notes on the availability of other commands, see their individual
manual pages.