1*b077aed3SPierre Pronchery=pod 2*b077aed3SPierre Pronchery{- OpenSSL::safe::output_do_not_edit_headers(); -} 3*b077aed3SPierre Pronchery 4*b077aed3SPierre Pronchery=head1 NAME 5*b077aed3SPierre Pronchery 6*b077aed3SPierre Proncheryopenssl-passwd - compute password hashes 7*b077aed3SPierre Pronchery 8*b077aed3SPierre Pronchery=head1 SYNOPSIS 9*b077aed3SPierre Pronchery 10*b077aed3SPierre ProncheryB<openssl passwd> 11*b077aed3SPierre Pronchery[B<-help>] 12*b077aed3SPierre Pronchery[B<-1>] 13*b077aed3SPierre Pronchery[B<-apr1>] 14*b077aed3SPierre Pronchery[B<-aixmd5>] 15*b077aed3SPierre Pronchery[B<-5>] 16*b077aed3SPierre Pronchery[B<-6>] 17*b077aed3SPierre Pronchery[B<-salt> I<string>] 18*b077aed3SPierre Pronchery[B<-in> I<file>] 19*b077aed3SPierre Pronchery[B<-stdin>] 20*b077aed3SPierre Pronchery[B<-noverify>] 21*b077aed3SPierre Pronchery[B<-quiet>] 22*b077aed3SPierre Pronchery[B<-table>] 23*b077aed3SPierre Pronchery[B<-reverse>] 24*b077aed3SPierre Pronchery{- $OpenSSL::safe::opt_r_synopsis -} 25*b077aed3SPierre Pronchery{- $OpenSSL::safe::opt_provider_synopsis -} 26*b077aed3SPierre Pronchery[I<password>] 27*b077aed3SPierre Pronchery 28*b077aed3SPierre Pronchery=head1 DESCRIPTION 29*b077aed3SPierre Pronchery 30*b077aed3SPierre ProncheryThis command computes the hash of a password typed at 31*b077aed3SPierre Proncheryrun-time or the hash of each password in a list. The password list is 32*b077aed3SPierre Proncherytaken from the named file for option B<-in>, from stdin for 33*b077aed3SPierre Proncheryoption B<-stdin>, or from the command line, or from the terminal otherwise. 34*b077aed3SPierre Pronchery 35*b077aed3SPierre Pronchery=head1 OPTIONS 36*b077aed3SPierre Pronchery 37*b077aed3SPierre Pronchery=over 4 38*b077aed3SPierre Pronchery 39*b077aed3SPierre Pronchery=item B<-help> 40*b077aed3SPierre Pronchery 41*b077aed3SPierre ProncheryPrint out a usage message. 42*b077aed3SPierre Pronchery 43*b077aed3SPierre Pronchery=item B<-1> 44*b077aed3SPierre Pronchery 45*b077aed3SPierre ProncheryUse the MD5 based BSD password algorithm B<1> (default). 46*b077aed3SPierre Pronchery 47*b077aed3SPierre Pronchery=item B<-apr1> 48*b077aed3SPierre Pronchery 49*b077aed3SPierre ProncheryUse the B<apr1> algorithm (Apache variant of the BSD algorithm). 50*b077aed3SPierre Pronchery 51*b077aed3SPierre Pronchery=item B<-aixmd5> 52*b077aed3SPierre Pronchery 53*b077aed3SPierre ProncheryUse the B<AIX MD5> algorithm (AIX variant of the BSD algorithm). 54*b077aed3SPierre Pronchery 55*b077aed3SPierre Pronchery=item B<-5> 56*b077aed3SPierre Pronchery 57*b077aed3SPierre Pronchery=item B<-6> 58*b077aed3SPierre Pronchery 59*b077aed3SPierre ProncheryUse the B<SHA256> / B<SHA512> based algorithms defined by Ulrich Drepper. 60*b077aed3SPierre ProncherySee L<https://www.akkadia.org/drepper/SHA-crypt.txt>. 61*b077aed3SPierre Pronchery 62*b077aed3SPierre Pronchery=item B<-salt> I<string> 63*b077aed3SPierre Pronchery 64*b077aed3SPierre ProncheryUse the specified salt. 65*b077aed3SPierre ProncheryWhen reading a password from the terminal, this implies B<-noverify>. 66*b077aed3SPierre Pronchery 67*b077aed3SPierre Pronchery=item B<-in> I<file> 68*b077aed3SPierre Pronchery 69*b077aed3SPierre ProncheryRead passwords from I<file>. 70*b077aed3SPierre Pronchery 71*b077aed3SPierre Pronchery=item B<-stdin> 72*b077aed3SPierre Pronchery 73*b077aed3SPierre ProncheryRead passwords from B<stdin>. 74*b077aed3SPierre Pronchery 75*b077aed3SPierre Pronchery=item B<-noverify> 76*b077aed3SPierre Pronchery 77*b077aed3SPierre ProncheryDon't verify when reading a password from the terminal. 78*b077aed3SPierre Pronchery 79*b077aed3SPierre Pronchery=item B<-quiet> 80*b077aed3SPierre Pronchery 81*b077aed3SPierre ProncheryDon't output warnings when passwords given at the command line are truncated. 82*b077aed3SPierre Pronchery 83*b077aed3SPierre Pronchery=item B<-table> 84*b077aed3SPierre Pronchery 85*b077aed3SPierre ProncheryIn the output list, prepend the cleartext password and a TAB character 86*b077aed3SPierre Proncheryto each password hash. 87*b077aed3SPierre Pronchery 88*b077aed3SPierre Pronchery=item B<-reverse> 89*b077aed3SPierre Pronchery 90*b077aed3SPierre ProncheryWhen the B<-table> option is used, reverse the order of cleartext and hash. 91*b077aed3SPierre Pronchery 92*b077aed3SPierre Pronchery{- $OpenSSL::safe::opt_r_item -} 93*b077aed3SPierre Pronchery 94*b077aed3SPierre Pronchery{- $OpenSSL::safe::opt_provider_item -} 95*b077aed3SPierre Pronchery 96*b077aed3SPierre Pronchery=back 97*b077aed3SPierre Pronchery 98*b077aed3SPierre Pronchery=head1 EXAMPLES 99*b077aed3SPierre Pronchery 100*b077aed3SPierre Pronchery % openssl passwd -1 -salt xxxxxxxx password 101*b077aed3SPierre Pronchery $1$xxxxxxxx$UYCIxa628.9qXjpQCjM4a. 102*b077aed3SPierre Pronchery 103*b077aed3SPierre Pronchery % openssl passwd -apr1 -salt xxxxxxxx password 104*b077aed3SPierre Pronchery $apr1$xxxxxxxx$dxHfLAsjHkDRmG83UXe8K0 105*b077aed3SPierre Pronchery 106*b077aed3SPierre Pronchery % openssl passwd -aixmd5 -salt xxxxxxxx password 107*b077aed3SPierre Pronchery xxxxxxxx$8Oaipk/GPKhC64w/YVeFD/ 108*b077aed3SPierre Pronchery 109*b077aed3SPierre Pronchery=head1 HISTORY 110*b077aed3SPierre Pronchery 111*b077aed3SPierre ProncheryThe B<-crypt> option was removed in OpenSSL 3.0. 112*b077aed3SPierre Pronchery 113*b077aed3SPierre Pronchery=head1 COPYRIGHT 114*b077aed3SPierre Pronchery 115*b077aed3SPierre ProncheryCopyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved. 116*b077aed3SPierre Pronchery 117*b077aed3SPierre ProncheryLicensed under the Apache License 2.0 (the "License"). You may not use 118*b077aed3SPierre Proncherythis file except in compliance with the License. You can obtain a copy 119*b077aed3SPierre Proncheryin the file LICENSE in the source distribution or at 120*b077aed3SPierre ProncheryL<https://www.openssl.org/source/license.html>. 121*b077aed3SPierre Pronchery 122*b077aed3SPierre Pronchery=cut 123