summaryrefslogtreecommitdiffstats
path: root/secure/usr.bin/openssl/man/openssl.1
diff options
context:
space:
mode:
Diffstat (limited to 'secure/usr.bin/openssl/man/openssl.1')
-rw-r--r--secure/usr.bin/openssl/man/openssl.1407
1 files changed, 407 insertions, 0 deletions
diff --git a/secure/usr.bin/openssl/man/openssl.1 b/secure/usr.bin/openssl/man/openssl.1
new file mode 100644
index 0000000..c88e763
--- /dev/null
+++ b/secure/usr.bin/openssl/man/openssl.1
@@ -0,0 +1,407 @@
+.\" Automatically generated by Pod::Man version 1.15
+.\" Sun Jan 12 18:05:15 2003
+.\"
+.\" Standard preamble:
+.\" ======================================================================
+.de Sh \" Subsection heading
+.br
+.if t .Sp
+.ne 5
+.PP
+\fB\\$1\fR
+.PP
+..
+.de Sp \" Vertical space (when we can't use .PP)
+.if t .sp .5v
+.if n .sp
+..
+.de Ip \" List item
+.br
+.ie \\n(.$>=3 .ne \\$3
+.el .ne 3
+.IP "\\$1" \\$2
+..
+.de Vb \" Begin verbatim text
+.ft CW
+.nf
+.ne \\$1
+..
+.de Ve \" End verbatim text
+.ft R
+
+.fi
+..
+.\" Set up some character translations and predefined strings. \*(-- will
+.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
+.\" double quote, and \*(R" will give a right double quote. | will give a
+.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used
+.\" to do unbreakable dashes and therefore won't be available. \*(C` and
+.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<>
+.tr \(*W-|\(bv\*(Tr
+.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
+.ie n \{\
+. ds -- \(*W-
+. ds PI pi
+. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
+. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
+. ds L" ""
+. ds R" ""
+. ds C` ""
+. ds C' ""
+'br\}
+.el\{\
+. ds -- \|\(em\|
+. ds PI \(*p
+. ds L" ``
+. ds R" ''
+'br\}
+.\"
+.\" If the F register is turned on, we'll generate index entries on stderr
+.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and
+.\" index entries marked with X<> in POD. Of course, you'll have to process
+.\" the output yourself in some meaningful fashion.
+.if \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
+..
+. nr % 0
+. rr F
+.\}
+.\"
+.\" For nroff, turn off justification. Always turn off hyphenation; it
+.\" makes way too many mistakes in technical documents.
+.hy 0
+.if n .na
+.\"
+.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
+.\" Fear. Run. Save yourself. No user-serviceable parts.
+.bd B 3
+. \" fudge factors for nroff and troff
+.if n \{\
+. ds #H 0
+. ds #V .8m
+. ds #F .3m
+. ds #[ \f1
+. ds #] \fP
+.\}
+.if t \{\
+. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
+. ds #V .6m
+. ds #F 0
+. ds #[ \&
+. ds #] \&
+.\}
+. \" simple accents for nroff and troff
+.if n \{\
+. ds ' \&
+. ds ` \&
+. ds ^ \&
+. ds , \&
+. ds ~ ~
+. ds /
+.\}
+.if t \{\
+. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
+. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
+. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
+. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
+. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
+. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
+.\}
+. \" troff and (daisy-wheel) nroff accents
+.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
+.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
+.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
+.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
+.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
+.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
+.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
+.ds ae a\h'-(\w'a'u*4/10)'e
+.ds Ae A\h'-(\w'A'u*4/10)'E
+. \" corrections for vroff
+.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
+.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
+. \" for low resolution devices (crt and lpr)
+.if \n(.H>23 .if \n(.V>19 \
+\{\
+. ds : e
+. ds 8 ss
+. ds o a
+. ds d- d\h'-1'\(ga
+. ds D- D\h'-1'\(hy
+. ds th \o'bp'
+. ds Th \o'LP'
+. ds ae ae
+. ds Ae AE
+.\}
+.rm #[ #] #H #V #F C
+.\" ======================================================================
+.\"
+.IX Title "openssl 3"
+.TH openssl 3 "0.9.7" "2003-01-12" "OpenSSL"
+.UC
+.SH "NAME"
+openssl \- OpenSSL command line tool
+.SH "SYNOPSIS"
+.IX Header "SYNOPSIS"
+\&\fBopenssl\fR
+\&\fIcommand\fR
+[ \fIcommand_opts\fR ]
+[ \fIcommand_args\fR ]
+.PP
+\&\fBopenssl\fR [ \fBlist-standard-commands\fR | \fBlist-message-digest-commands\fR | \fBlist-cipher-commands\fR ]
+.PP
+\&\fBopenssl\fR \fBno-\fR\fI\s-1XXX\s0\fR [ \fIarbitrary options\fR ]
+.SH "DESCRIPTION"
+.IX Header "DESCRIPTION"
+OpenSSL is a cryptography toolkit implementing the Secure Sockets Layer (\s-1SSL\s0
+v2/v3) and Transport Layer Security (\s-1TLS\s0 v1) network protocols and related
+cryptography standards required by them.
+.PP
+The \fBopenssl\fR program is a command line tool for using the various
+cryptography functions of OpenSSL's \fBcrypto\fR library from the shell.
+It can be used for
+.PP
+.Vb 6
+\& o Creation of RSA, DH and DSA key parameters
+\& o Creation of X.509 certificates, CSRs and CRLs
+\& o Calculation of Message Digests
+\& o Encryption and Decryption with Ciphers
+\& o SSL/TLS Client and Server Tests
+\& o Handling of S/MIME signed or encrypted mail
+.Ve
+.SH "COMMAND SUMMARY"
+.IX Header "COMMAND SUMMARY"
+The \fBopenssl\fR program provides a rich variety of commands (\fIcommand\fR in the
+\&\s-1SYNOPSIS\s0 above), each of which often has a wealth of options and arguments
+(\fIcommand_opts\fR and \fIcommand_args\fR in the \s-1SYNOPSIS\s0).
+.PP
+The pseudo-commands \fBlist-standard-commands\fR, \fBlist-message-digest-commands\fR,
+and \fBlist-cipher-commands\fR output a list (one entry per line) of the names
+of all standard commands, message digest commands, or cipher commands,
+respectively, that are available in the present \fBopenssl\fR utility.
+.PP
+The pseudo-command \fBno-\fR\fI\s-1XXX\s0\fR tests whether a command of the
+specified name is available. If no command named \fI\s-1XXX\s0\fR exists, it
+returns 0 (success) and prints \fBno-\fR\fI\s-1XXX\s0\fR; otherwise it returns 1
+and prints \fI\s-1XXX\s0\fR. In both cases, the output goes to \fBstdout\fR and
+nothing is printed to \fBstderr\fR. Additional command line arguments
+are always ignored. Since for each cipher there is a command of the
+same name, this provides an easy way for shell scripts to test for the
+availability of ciphers in the \fBopenssl\fR program. (\fBno-\fR\fI\s-1XXX\s0\fR is
+not able to detect pseudo-commands such as \fBquit\fR,
+\&\fBlist-\fR\fI...\fR\fB\-commands\fR, or \fBno-\fR\fI\s-1XXX\s0\fR itself.)
+.Sh "\s-1STANDARD\s0 \s-1COMMANDS\s0"
+.IX Subsection "STANDARD COMMANDS"
+.Ip "\fBasn1parse\fR" 10
+.IX Item "asn1parse"
+Parse an \s-1ASN\s0.1 sequence.
+.Ip "\fBca\fR" 10
+.IX Item "ca"
+Certificate Authority (\s-1CA\s0) Management.
+.Ip "\fBciphers\fR" 10
+.IX Item "ciphers"
+Cipher Suite Description Determination.
+.Ip "\fBcrl\fR" 10
+.IX Item "crl"
+Certificate Revocation List (\s-1CRL\s0) Management.
+.Ip "\fBcrl2pkcs7\fR" 10
+.IX Item "crl2pkcs7"
+\&\s-1CRL\s0 to PKCS#7 Conversion.
+.Ip "\fBdgst\fR" 10
+.IX Item "dgst"
+Message Digest Calculation.
+.Ip "\fBdh\fR" 10
+.IX Item "dh"
+Diffie-Hellman Parameter Management.
+Obsoleted by \fBdhparam\fR.
+.Ip "\fBdsa\fR" 10
+.IX Item "dsa"
+\&\s-1DSA\s0 Data Management.
+.Ip "\fBdsaparam\fR" 10
+.IX Item "dsaparam"
+\&\s-1DSA\s0 Parameter Generation.
+.Ip "\fBenc\fR" 10
+.IX Item "enc"
+Encoding with Ciphers.
+.Ip "\fBerrstr\fR" 10
+.IX Item "errstr"
+Error Number to Error String Conversion.
+.Ip "\fBdhparam\fR" 10
+.IX Item "dhparam"
+Generation and Management of Diffie-Hellman Parameters.
+.Ip "\fBgendh\fR" 10
+.IX Item "gendh"
+Generation of Diffie-Hellman Parameters.
+Obsoleted by \fBdhparam\fR.
+.Ip "\fBgendsa\fR" 10
+.IX Item "gendsa"
+Generation of \s-1DSA\s0 Parameters.
+.Ip "\fBgenrsa\fR" 10
+.IX Item "genrsa"
+Generation of \s-1RSA\s0 Parameters.
+.Ip "\fBocsp\fR" 10
+.IX Item "ocsp"
+Online Certificate Status Protocol utility.
+.Ip "\fBpasswd\fR" 10
+.IX Item "passwd"
+Generation of hashed passwords.
+.Ip "\fBpkcs12\fR" 10
+.IX Item "pkcs12"
+PKCS#12 Data Management.
+.Ip "\fBpkcs7\fR" 10
+.IX Item "pkcs7"
+PKCS#7 Data Management.
+.Ip "\fBrand\fR" 10
+.IX Item "rand"
+Generate pseudo-random bytes.
+.Ip "\fBreq\fR" 10
+.IX Item "req"
+X.509 Certificate Signing Request (\s-1CSR\s0) Management.
+.Ip "\fBrsa\fR" 10
+.IX Item "rsa"
+\&\s-1RSA\s0 Data Management.
+.Ip "\fBrsautl\fR" 10
+.IX Item "rsautl"
+\&\s-1RSA\s0 utility for signing, verification, encryption, and decryption.
+.Ip "\fBs_client\fR" 10
+.IX Item "s_client"
+This implements a generic \s-1SSL/TLS\s0 client which can establish a transparent
+connection to a remote server speaking \s-1SSL/TLS\s0. It's intended for testing
+purposes only and provides only rudimentary interface functionality but
+internally uses mostly all functionality of the OpenSSL \fBssl\fR library.
+.Ip "\fBs_server\fR" 10
+.IX Item "s_server"
+This implements a generic \s-1SSL/TLS\s0 server which accepts connections from remote
+clients speaking \s-1SSL/TLS\s0. It's intended for testing purposes only and provides
+only rudimentary interface functionality but internally uses mostly all
+functionality of the OpenSSL \fBssl\fR library. It provides both an own command
+line oriented protocol for testing \s-1SSL\s0 functions and a simple \s-1HTTP\s0 response
+facility to emulate an SSL/TLS-aware webserver.
+.Ip "\fBs_time\fR" 10
+.IX Item "s_time"
+\&\s-1SSL\s0 Connection Timer.
+.Ip "\fBsess_id\fR" 10
+.IX Item "sess_id"
+\&\s-1SSL\s0 Session Data Management.
+.Ip "\fBsmime\fR" 10
+.IX Item "smime"
+S/MIME mail processing.
+.Ip "\fBspeed\fR" 10
+.IX Item "speed"
+Algorithm Speed Measurement.
+.Ip "\fBverify\fR" 10
+.IX Item "verify"
+X.509 Certificate Verification.
+.Ip "\fBversion\fR" 10
+.IX Item "version"
+OpenSSL Version Information.
+.Ip "\fBx509\fR" 10
+.IX Item "x509"
+X.509 Certificate Data Management.
+.Sh "\s-1MESSAGE\s0 \s-1DIGEST\s0 \s-1COMMANDS\s0"
+.IX Subsection "MESSAGE DIGEST COMMANDS"
+.Ip "\fBmd2\fR" 10
+.IX Item "md2"
+\&\s-1MD2\s0 Digest
+.Ip "\fBmd5\fR" 10
+.IX Item "md5"
+\&\s-1MD5\s0 Digest
+.Ip "\fBmdc2\fR" 10
+.IX Item "mdc2"
+\&\s-1MDC2\s0 Digest
+.Ip "\fBrmd160\fR" 10
+.IX Item "rmd160"
+\&\s-1RMD-160\s0 Digest
+.Ip "\fBsha\fR" 10
+.IX Item "sha"
+\&\s-1SHA\s0 Digest
+.Ip "\fBsha1\fR" 10
+.IX Item "sha1"
+\&\s-1SHA-1\s0 Digest
+.Sh "\s-1ENCODING\s0 \s-1AND\s0 \s-1CIPHER\s0 \s-1COMMANDS\s0"
+.IX Subsection "ENCODING AND CIPHER COMMANDS"
+.Ip "\fBbase64\fR" 10
+.IX Item "base64"
+Base64 Encoding
+.Ip "\fBbf bf-cbc bf-cfb bf-ecb bf-ofb\fR" 10
+.IX Item "bf bf-cbc bf-cfb bf-ecb bf-ofb"
+Blowfish Cipher
+.Ip "\fBcast cast-cbc\fR" 10
+.IX Item "cast cast-cbc"
+\&\s-1CAST\s0 Cipher
+.Ip "\fBcast5\-cbc cast5\-cfb cast5\-ecb cast5\-ofb\fR" 10
+.IX Item "cast5-cbc cast5-cfb cast5-ecb cast5-ofb"
+\&\s-1CAST5\s0 Cipher
+.Ip "\fBdes des-cbc des-cfb des-ecb des-ede des-ede-cbc des-ede-cfb des-ede-ofb des-ofb\fR" 10
+.IX Item "des des-cbc des-cfb des-ecb des-ede des-ede-cbc des-ede-cfb des-ede-ofb des-ofb"
+\&\s-1DES\s0 Cipher
+.Ip "\fBdes3 desx des-ede3 des-ede3\-cbc des-ede3\-cfb des-ede3\-ofb\fR" 10
+.IX Item "des3 desx des-ede3 des-ede3-cbc des-ede3-cfb des-ede3-ofb"
+Triple-DES Cipher
+.Ip "\fBidea idea-cbc idea-cfb idea-ecb idea-ofb\fR" 10
+.IX Item "idea idea-cbc idea-cfb idea-ecb idea-ofb"
+\&\s-1IDEA\s0 Cipher
+.Ip "\fBrc2 rc2\-cbc rc2\-cfb rc2\-ecb rc2\-ofb\fR" 10
+.IX Item "rc2 rc2-cbc rc2-cfb rc2-ecb rc2-ofb"
+\&\s-1RC2\s0 Cipher
+.Ip "\fBrc4\fR" 10
+.IX Item "rc4"
+\&\s-1RC4\s0 Cipher
+.Ip "\fBrc5 rc5\-cbc rc5\-cfb rc5\-ecb rc5\-ofb\fR" 10
+.IX Item "rc5 rc5-cbc rc5-cfb rc5-ecb rc5-ofb"
+\&\s-1RC5\s0 Cipher
+.SH "PASS PHRASE ARGUMENTS"
+.IX Header "PASS PHRASE ARGUMENTS"
+Several commands accept password arguments, typically using \fB\-passin\fR
+and \fB\-passout\fR for input and output passwords respectively. These allow
+the password to be obtained from a variety of sources. Both of these
+options take a single argument whose format is described below. If no
+password argument is given and a password is required then the user is
+prompted to enter one: this will typically be read from the current
+terminal with echoing turned off.
+.Ip "\fBpass:password\fR" 10
+.IX Item "pass:password"
+the actual password is \fBpassword\fR. Since the password is visible
+to utilities (like 'ps' under Unix) this form should only be used
+where security is not important.
+.Ip "\fBenv:var\fR" 10
+.IX Item "env:var"
+obtain the password from the environment variable \fBvar\fR. Since
+the environment of other processes is visible on certain platforms
+(e.g. ps under certain Unix OSes) this option should be used with caution.
+.Ip "\fBfile:pathname\fR" 10
+.IX Item "file:pathname"
+the first line of \fBpathname\fR is the password. If the same \fBpathname\fR
+argument is supplied to \fB\-passin\fR and \fB\-passout\fR arguments then the first
+line will be used for the input password and the next line for the output
+password. \fBpathname\fR need not refer to a regular file: it could for example
+refer to a device or named pipe.
+.Ip "\fBfd:number\fR" 10
+.IX Item "fd:number"
+read the password from the file descriptor \fBnumber\fR. This can be used to
+send the data via a pipe for example.
+.Ip "\fBstdin\fR" 10
+.IX Item "stdin"
+read the password from standard input.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+asn1parse(1), ca(1), config(5),
+crl(1), crl2pkcs7(1), dgst(1),
+dhparam(1), dsa(1), dsaparam(1),
+enc(1), gendsa(1),
+genrsa(1), nseq(1), openssl(1),
+passwd(1),
+pkcs12(1), pkcs7(1), pkcs8(1),
+rand(1), req(1), rsa(1),
+rsautl(1), s_client(1),
+s_server(1), smime(1), spkac(1),
+verify(1), version(1), x509(1),
+crypto(3), ssl(3)
+.SH "HISTORY"
+.IX Header "HISTORY"
+The \fIopenssl\fR\|(1) document appeared in OpenSSL 0.9.2.
+The \fBlist-\fR\fI\s-1XXX\s0\fR\fB\-commands\fR pseudo-commands were added in OpenSSL 0.9.3;
+the \fBno-\fR\fI\s-1XXX\s0\fR pseudo-commands were added in OpenSSL 0.9.5a.
+For notes on the availability of other commands, see their individual
+manual pages.
OpenPOWER on IntegriCloud