1=pod 2{- OpenSSL::safe::output_do_not_edit_headers(); -} 3 4=head1 NAME 5 6openssl-skeyutl - opaque symmetric keys routines 7 8=head1 SYNOPSIS 9 10B<openssl> B<skeyutl> 11[B<-help>] 12[B<-cipher> I<cipher>] 13[B<-skeymgmt> I<skeymgmt>] 14[B<-skeyopt> I<opt>:I<value>] 15[B<-genkey>] 16{- $OpenSSL::safe::opt_provider_synopsis -} 17 18=head1 DESCRIPTION 19 20Not all cipher implementations support keys as raw bytes. E.g. PKCS#11 tokens 21can store them internally without any option to get the raw byte representation. 22 23This tool is designed for managing opaque symmetric keys. 24 25=head1 OPTIONS 26 27=over 4 28 29=item B<-help> 30 31Print out a usage message. 32 33=item B<-cipher> I<cipher> 34 35The cipher to generate the key for. 36 37=item B<-skeymgmt> I<skeymgmt> 38 39Some providers may support opaque symmetric keys objects. To use them, we need 40to know the I<skeymgmt>. If not specified, the name of the cipher will be used. 41 42To find out the name of the suitable symmetric key management, 43please refer to the output of the C<openssl list -skey-managers> command. 44 45=item B<-skeyopt> I<opt>:I<value> 46 47To obtain an existing opaque symmetric key or to generate a new one, key 48options are specified as opt:value. These options can't be used together with 49any options implying raw key either directly or indirectly. 50 51=item B<-genkey> 52 53Generate a new opaque key object. 54 55{- $OpenSSL::safe::opt_provider_item -} 56 57=back 58 59=head1 SEE ALSO 60 61L<openssl-enc(1)>, L<EVP_SKEY(3)> 62 63=head1 HISTORY 64 65The B<skeyutl> command was added in OpenSSL 3.5. 66 67=head1 COPYRIGHT 68 69Copyright 2025 The OpenSSL Project Authors. All Rights Reserved. 70 71Licensed under the Apache License 2.0 (the "License"). You may not use 72this file except in compliance with the License. You can obtain a copy 73in the file LICENSE in the source distribution or at 74L<https://www.openssl.org/source/license.html>. 75 76=cut 77