OPENSSL(1)                          OpenSSL                         OPENSSL(1)


NNAAMMEE
       openssl - OpenSSL command line tool

SSYYNNOOPPSSIISS
       ooppeennssssll _c_o_m_m_a_n_d [ _c_o_m_m_a_n_d___o_p_t_s ] [ _c_o_m_m_a_n_d___a_r_g_s ]

       ooppeennssssll [ lliisstt--ssttaannddaarrdd--ccoommmmaannddss | lliisstt--mmeessssaaggee--ddiiggeesstt--ccoommmmaannddss | lliisstt--
       cciipphheerr--ccoommmmaannddss | lliisstt--cciipphheerr--aallggoorriitthhmmss | lliisstt--mmeessssaaggee--ddiiggeesstt--aallggoo--
       rriitthhmmss | lliisstt--ppuubblliicc--kkeeyy--aallggoorriitthhmmss]

       ooppeennssssll nnoo--_X_X_X [ _a_r_b_i_t_r_a_r_y _o_p_t_i_o_n_s ]

DDEESSCCRRIIPPTTIIOONN
       OpenSSL is a cryptography toolkit implementing the Secure Sockets Layer
       (SSL v2/v3) and Transport Layer Security (TLS v1) network protocols and
       related cryptography standards required by them.

       The ooppeennssssll program is a command line tool for using the various cryp-
       tography functions of OpenSSL's ccrryyppttoo library from the shell.  It can
       be used for

        o  Creation and management of private keys, public keys and parameters
        o  Public key cryptographic operations
        o  Creation of X.509 certificates, CSRs and CRLs
        o  Calculation of Message Digests
        o  Encryption and Decryption with Ciphers
        o  SSL/TLS Client and Server Tests
        o  Handling of S/MIME signed or encrypted mail
        o  Time Stamp requests, generation and verification

CCOOMMMMAANNDD SSUUMMMMAARRYY
       The ooppeennssssll program provides a rich variety of commands (_c_o_m_m_a_n_d in the
       SYNOPSIS above), each of which often has a wealth of options and argu-
       ments (_c_o_m_m_a_n_d___o_p_t_s and _c_o_m_m_a_n_d___a_r_g_s in the SYNOPSIS).

       The pseudo-commands lliisstt--ssttaannddaarrdd--ccoommmmaannddss, lliisstt--mmeessssaaggee--ddiiggeesstt--ccoomm--
       mmaannddss, and lliisstt--cciipphheerr--ccoommmmaannddss output a list (one entry per line) of
       the names of all standard commands, message digest commands, or cipher
       commands, respectively, that are available in the present ooppeennssssll util-
       ity.

       The pseudo-commands lliisstt--cciipphheerr--aallggoorriitthhmmss and lliisstt--mmeessssaaggee--ddiiggeesstt--
       aallggoorriitthhmmss list all cipher and message digest names, one entry per
       line. Aliases are listed as:

        from => to

       The pseudo-command lliisstt--ppuubblliicc--kkeeyy--aallggoorriitthhmmss lists all supported pub-
       lic key algorithms.

       The pseudo-command nnoo--_X_X_X tests whether a command of the specified name
       is available.  If no command named _X_X_X exists, it returns 0 (success)
       and prints nnoo--_X_X_X; otherwise it returns 1 and prints _X_X_X.  In both
       cases, the output goes to ssttddoouutt and nothing is printed to ssttddeerrrr.
       Additional command line arguments are always ignored.  Since for each
       cipher there is a command of the same name, this provides an easy way
       for shell scripts to test for the availability of ciphers in the
       ooppeennssssll program.  (nnoo--_X_X_X is not able to detect pseudo-commands such as
       qquuiitt, lliisstt--_._._.--ccoommmmaannddss, or nnoo--_X_X_X itself.)

       SSTTAANNDDAARRDD CCOOMMMMAANNDDSS

       aassnn11ppaarrssee Parse an ASN.1 sequence.

       ccaa        Certificate Authority (CA) Management.

       cciipphheerrss   Cipher Suite Description Determination.

       ccmmss       CMS (Cryptographic Message Syntax) utility

       ccrrll       Certificate Revocation List (CRL) Management.

       ccrrll22ppkkccss77 CRL to PKCS#7 Conversion.

       ddggsstt      Message Digest Calculation.

       ddhh        Diffie-Hellman Parameter Management.  Obsoleted by ddhhppaarraamm.

       ddhhppaarraamm   Generation and Management of Diffie-Hellman Parameters.
                 Superseded by ggeennppkkeeyy and ppkkeeyyppaarraamm

       ddssaa       DSA Data Management.

       ddssaappaarraamm  DSA Parameter Generation and Management. Superseded by
                 ggeennppkkeeyy and ppkkeeyyppaarraamm

       eecc        EC (Elliptic curve) key processing

       eeccppaarraamm   EC parameter manipulation and generation

       eenncc       Encoding with Ciphers.

       eennggiinnee    Engine (loadble module) information and manipulation.

       eerrrrssttrr    Error Number to Error String Conversion.

       ggeennddhh     Generation of Diffie-Hellman Parameters.  Obsoleted by
                 ddhhppaarraamm.

       ggeennddssaa    Generation of DSA Private Key from Parameters. Superseded by
                 ggeennppkkeeyy and ppkkeeyy

       ggeennppkkeeyy   Generation of Private Key or Parameters.

       ggeennrrssaa    Generation of RSA Private Key. Superceded by ggeennppkkeeyy.

       nnsseeqq      Create or examine a netscape certificate sequence

       ooccsspp      Online Certificate Status Protocol utility.

       ppaasssswwdd    Generation of hashed passwords.

       ppkkccss1122    PKCS#12 Data Management.

       ppkkccss77     PKCS#7 Data Management.

       ppkkeeyy      Public and private key management.

       ppkkeeyyppaarraamm Public key algorithm parameter management.

       ppkkeeyyuuttll   Public key algorithm cryptographic operation utility.

       rraanndd      Generate pseudo-random bytes.

       rreeqq       PKCS#10 X.509 Certificate Signing Request (CSR) Management.

       rrssaa       RSA key management.

       rrssaauuttll    RSA utility for signing, verification, encryption, and
                 decryption. Superseded by  ppkkeeyyuuttll

       ss__cclliieenntt  This implements a generic SSL/TLS client which can establish
                 a transparent connection to a remote server speaking SSL/TLS.
                 It's intended for testing purposes only and provides only
                 rudimentary interface functionality but internally uses
                 mostly all functionality of the OpenSSL ssssll library.

       ss__sseerrvveerr  This implements a generic SSL/TLS server which accepts con-
                 nections from remote clients speaking SSL/TLS. It's intended
                 for testing purposes only and provides only rudimentary
                 interface functionality but internally uses mostly all func-
                 tionality of the OpenSSL ssssll library.  It provides both an
                 own command line oriented protocol for testing SSL functions
                 and a simple HTTP response facility to emulate an
                 SSL/TLS-aware webserver.

       ss__ttiimmee    SSL Connection Timer.

       sseessss__iidd   SSL Session Data Management.

       ssmmiimmee     S/MIME mail processing.

       ssppeeeedd     Algorithm Speed Measurement.

       ssppkkaacc     SPKAC printing and generating utility

       ttss        Time Stamping Authority tool (client/server)

       vveerriiffyy    X.509 Certificate Verification.

       vveerrssiioonn   OpenSSL Version Information.

       xx550099      X.509 Certificate Data Management.

       MMEESSSSAAGGEE DDIIGGEESSTT CCOOMMMMAANNDDSS

       mmdd22       MD2 Digest

       mmdd55       MD5 Digest

       mmddcc22      MDC2 Digest

       rrmmdd116600    RMD-160 Digest

       sshhaa       SHA Digest

       sshhaa11      SHA-1 Digest

       sshhaa222244    SHA-224 Digest

       sshhaa225566    SHA-256 Digest

       sshhaa338844    SHA-384 Digest

       sshhaa551122    SHA-512 Digest

       EENNCCOODDIINNGG AANNDD CCIIPPHHEERR CCOOMMMMAANNDDSS

       bbaassee6644    Base64 Encoding

       bbff bbff--ccbbcc bbff--ccffbb bbff--eeccbb bbff--ooffbb
                 Blowfish Cipher

       ccaasstt ccaasstt--ccbbcc
                 CAST Cipher

       ccaasstt55--ccbbcc ccaasstt55--ccffbb ccaasstt55--eeccbb ccaasstt55--ooffbb
                 CAST5 Cipher

       ddeess ddeess--ccbbcc ddeess--ccffbb ddeess--eeccbb ddeess--eeddee ddeess--eeddee--ccbbcc ddeess--eeddee--ccffbb ddeess--eeddee--ooffbb
       ddeess--ooffbb
                 DES Cipher

       ddeess33 ddeessxx ddeess--eeddee33 ddeess--eeddee33--ccbbcc ddeess--eeddee33--ccffbb ddeess--eeddee33--ooffbb
                 Triple-DES Cipher

       iiddeeaa iiddeeaa--ccbbcc iiddeeaa--ccffbb iiddeeaa--eeccbb iiddeeaa--ooffbb
                 IDEA Cipher

       rrcc22 rrcc22--ccbbcc rrcc22--ccffbb rrcc22--eeccbb rrcc22--ooffbb
                 RC2 Cipher

       rrcc44       RC4 Cipher

       rrcc55 rrcc55--ccbbcc rrcc55--ccffbb rrcc55--eeccbb rrcc55--ooffbb
                 RC5 Cipher

PPAASSSS PPHHRRAASSEE AARRGGUUMMEENNTTSS
       Several commands accept password arguments, typically using --ppaassssiinn and
       --ppaassssoouutt for input and output passwords respectively. These allow the
       password to be obtained from a variety of sources. Both of these
       options take a single argument whose format is described below. If no
       password argument is given and a password is required then the user is
       prompted to enter one: this will typically be read from the current
       terminal with echoing turned off.

       ppaassss::ppaasssswwoorrdd
                 the actual password is ppaasssswwoorrdd. Since the password is visi-
                 ble to utilities (like 'ps' under Unix) this form should only
                 be used where security is not important.

       eennvv::vvaarr   obtain the password from the environment variable vvaarr. Since
                 the environment of other processes is visible on certain
                 platforms (e.g. ps under certain Unix OSes) this option
                 should be used with caution.

       ffiillee::ppaatthhnnaammee
                 the first line of ppaatthhnnaammee is the password. If the same ppaatthh--
                 nnaammee argument is supplied to --ppaassssiinn and --ppaassssoouutt arguments
                 then the first line will be used for the input password and
                 the next line for the output password. ppaatthhnnaammee need not
                 refer to a regular file: it could for example refer to a
                 device or named pipe.

       ffdd::nnuummbbeerr read the password from the file descriptor nnuummbbeerr. This can
                 be used to send the data via a pipe for example.

       ssttddiinn     read the password from standard input.

SSEEEE AALLSSOO
       _a_s_n_1_p_a_r_s_e(1), _c_a(1), _c_o_n_f_i_g(5), _c_r_l(1), _c_r_l_2_p_k_c_s_7(1), _d_g_s_t(1),
       _d_h_p_a_r_a_m(1), _d_s_a(1), _d_s_a_p_a_r_a_m(1), _e_n_c(1), _g_e_n_d_s_a(1), _g_e_n_p_k_e_y(1),
       _g_e_n_r_s_a(1), _n_s_e_q(1), _o_p_e_n_s_s_l(1), _p_a_s_s_w_d(1), _p_k_c_s_1_2(1), _p_k_c_s_7(1),
       _p_k_c_s_8(1), _r_a_n_d(1), _r_e_q(1), _r_s_a(1), _r_s_a_u_t_l(1), _s___c_l_i_e_n_t(1), _s___s_e_r_v_e_r(1),
       _s___t_i_m_e(1), _s_m_i_m_e(1), _s_p_k_a_c(1), _v_e_r_i_f_y(1), _v_e_r_s_i_o_n(1), _x_5_0_9(1),
       _c_r_y_p_t_o(3), _s_s_l(3), _x_5_0_9_v_3___c_o_n_f_i_g(5)

HHIISSTTOORRYY
       The _o_p_e_n_s_s_l(1) document appeared in OpenSSL 0.9.2.  The lliisstt--_X_X_X--ccoomm--
       mmaannddss pseudo-commands were added in OpenSSL 0.9.3; The lliisstt--_X_X_X--aallggoo--
       rriitthhmmss pseudo-commands were added in OpenSSL 1.0.0; the nnoo--_X_X_X pseudo-
       commands were added in OpenSSL 0.9.5a.  For notes on the availability
       of other commands, see their individual manual pages.


1.0.2u                            2019-12-20                        OPENSSL(1)