1*b077aed3SPierre Pronchery=pod 2*b077aed3SPierre Pronchery 3*b077aed3SPierre Pronchery=begin comment 4*b077aed3SPierre Pronchery{- join("\n", @autowarntext) -} 5*b077aed3SPierre Pronchery 6*b077aed3SPierre Pronchery=end comment 7*b077aed3SPierre Pronchery 8*b077aed3SPierre Pronchery=head1 NAME 9*b077aed3SPierre Pronchery 10*b077aed3SPierre Proncheryopenssl-rsa - RSA key processing command 11*b077aed3SPierre Pronchery 12*b077aed3SPierre Pronchery=head1 SYNOPSIS 13*b077aed3SPierre Pronchery 14*b077aed3SPierre ProncheryB<openssl> B<rsa> 15*b077aed3SPierre Pronchery[B<-help>] 16*b077aed3SPierre Pronchery[B<-inform> B<DER>|B<PEM>|B<P12>|B<ENGINE>] 17*b077aed3SPierre Pronchery[B<-outform> B<DER>|B<PEM>] 18*b077aed3SPierre Pronchery[B<-in> I<filename>|I<uri>] 19*b077aed3SPierre Pronchery[B<-passin> I<arg>] 20*b077aed3SPierre Pronchery[B<-out> I<filename>] 21*b077aed3SPierre Pronchery[B<-passout> I<arg>] 22*b077aed3SPierre Pronchery[B<-aes128>] 23*b077aed3SPierre Pronchery[B<-aes192>] 24*b077aed3SPierre Pronchery[B<-aes256>] 25*b077aed3SPierre Pronchery[B<-aria128>] 26*b077aed3SPierre Pronchery[B<-aria192>] 27*b077aed3SPierre Pronchery[B<-aria256>] 28*b077aed3SPierre Pronchery[B<-camellia128>] 29*b077aed3SPierre Pronchery[B<-camellia192>] 30*b077aed3SPierre Pronchery[B<-camellia256>] 31*b077aed3SPierre Pronchery[B<-des>] 32*b077aed3SPierre Pronchery[B<-des3>] 33*b077aed3SPierre Pronchery[B<-idea>] 34*b077aed3SPierre Pronchery[B<-text>] 35*b077aed3SPierre Pronchery[B<-noout>] 36*b077aed3SPierre Pronchery[B<-modulus>] 37*b077aed3SPierre Pronchery[B<-traditional>] 38*b077aed3SPierre Pronchery[B<-check>] 39*b077aed3SPierre Pronchery[B<-pubin>] 40*b077aed3SPierre Pronchery[B<-pubout>] 41*b077aed3SPierre Pronchery[B<-RSAPublicKey_in>] 42*b077aed3SPierre Pronchery[B<-RSAPublicKey_out>] 43*b077aed3SPierre Pronchery[B<-pvk-strong>] 44*b077aed3SPierre Pronchery[B<-pvk-weak>] 45*b077aed3SPierre Pronchery[B<-pvk-none>] 46*b077aed3SPierre Pronchery{- $OpenSSL::safe::opt_engine_synopsis -}{- $OpenSSL::safe::opt_provider_synopsis -} 47*b077aed3SPierre Pronchery 48*b077aed3SPierre Pronchery=head1 DESCRIPTION 49*b077aed3SPierre Pronchery 50*b077aed3SPierre ProncheryThis command processes RSA keys. They can be converted between 51*b077aed3SPierre Proncheryvarious forms and their components printed out. 52*b077aed3SPierre Pronchery 53*b077aed3SPierre Pronchery=head1 OPTIONS 54*b077aed3SPierre Pronchery 55*b077aed3SPierre Pronchery=over 4 56*b077aed3SPierre Pronchery 57*b077aed3SPierre Pronchery=item B<-help> 58*b077aed3SPierre Pronchery 59*b077aed3SPierre ProncheryPrint out a usage message. 60*b077aed3SPierre Pronchery 61*b077aed3SPierre Pronchery=item B<-inform> B<DER>|B<PEM>|B<P12>|B<ENGINE> 62*b077aed3SPierre Pronchery 63*b077aed3SPierre ProncheryThe key input format; unspecified by default. 64*b077aed3SPierre ProncherySee L<openssl-format-options(1)> for details. 65*b077aed3SPierre Pronchery 66*b077aed3SPierre Pronchery=item B<-outform> B<DER>|B<PEM> 67*b077aed3SPierre Pronchery 68*b077aed3SPierre ProncheryThe key output format; the default is B<PEM>. 69*b077aed3SPierre ProncherySee L<openssl-format-options(1)> for details. 70*b077aed3SPierre Pronchery 71*b077aed3SPierre Pronchery=item B<-traditional> 72*b077aed3SPierre Pronchery 73*b077aed3SPierre ProncheryWhen writing a private key, use the traditional PKCS#1 format 74*b077aed3SPierre Proncheryinstead of the PKCS#8 format. 75*b077aed3SPierre Pronchery 76*b077aed3SPierre Pronchery=item B<-in> I<filename>|I<uri> 77*b077aed3SPierre Pronchery 78*b077aed3SPierre ProncheryThis specifies the input to read a key from or standard input if this 79*b077aed3SPierre Proncheryoption is not specified. If the key is encrypted a pass phrase will be 80*b077aed3SPierre Proncheryprompted for. 81*b077aed3SPierre Pronchery 82*b077aed3SPierre Pronchery=item B<-passin> I<arg>, B<-passout> I<arg> 83*b077aed3SPierre Pronchery 84*b077aed3SPierre ProncheryThe password source for the input and output file. 85*b077aed3SPierre ProncheryFor more information about the format of B<arg> 86*b077aed3SPierre Proncherysee L<openssl-passphrase-options(1)>. 87*b077aed3SPierre Pronchery 88*b077aed3SPierre Pronchery=item B<-out> I<filename> 89*b077aed3SPierre Pronchery 90*b077aed3SPierre ProncheryThis specifies the output filename to write a key to or standard output if this 91*b077aed3SPierre Proncheryoption is not specified. If any encryption options are set then a pass phrase 92*b077aed3SPierre Proncherywill be prompted for. The output filename should B<not> be the same as the input 93*b077aed3SPierre Proncheryfilename. 94*b077aed3SPierre Pronchery 95*b077aed3SPierre Pronchery=item B<-aes128>, B<-aes192>, B<-aes256>, B<-aria128>, B<-aria192>, B<-aria256>, B<-camellia128>, B<-camellia192>, B<-camellia256>, B<-des>, B<-des3>, B<-idea> 96*b077aed3SPierre Pronchery 97*b077aed3SPierre ProncheryThese options encrypt the private key with the specified 98*b077aed3SPierre Proncherycipher before outputting it. A pass phrase is prompted for. 99*b077aed3SPierre ProncheryIf none of these options is specified the key is written in plain text. This 100*b077aed3SPierre Proncherymeans that this command can be used to remove the pass phrase from a key 101*b077aed3SPierre Proncheryby not giving any encryption option is given, or to add or change the pass 102*b077aed3SPierre Proncheryphrase by setting them. 103*b077aed3SPierre ProncheryThese options can only be used with PEM format output files. 104*b077aed3SPierre Pronchery 105*b077aed3SPierre Pronchery=item B<-text> 106*b077aed3SPierre Pronchery 107*b077aed3SPierre ProncheryPrints out the various public or private key components in 108*b077aed3SPierre Proncheryplain text in addition to the encoded version. 109*b077aed3SPierre Pronchery 110*b077aed3SPierre Pronchery=item B<-noout> 111*b077aed3SPierre Pronchery 112*b077aed3SPierre ProncheryThis option prevents output of the encoded version of the key. 113*b077aed3SPierre Pronchery 114*b077aed3SPierre Pronchery=item B<-modulus> 115*b077aed3SPierre Pronchery 116*b077aed3SPierre ProncheryThis option prints out the value of the modulus of the key. 117*b077aed3SPierre Pronchery 118*b077aed3SPierre Pronchery=item B<-check> 119*b077aed3SPierre Pronchery 120*b077aed3SPierre ProncheryThis option checks the consistency of an RSA private key. 121*b077aed3SPierre Pronchery 122*b077aed3SPierre Pronchery=item B<-pubin> 123*b077aed3SPierre Pronchery 124*b077aed3SPierre ProncheryBy default a private key is read from the input file: with this 125*b077aed3SPierre Proncheryoption a public key is read instead. 126*b077aed3SPierre Pronchery 127*b077aed3SPierre Pronchery=item B<-pubout> 128*b077aed3SPierre Pronchery 129*b077aed3SPierre ProncheryBy default a private key is output: with this option a public 130*b077aed3SPierre Proncherykey will be output instead. This option is automatically set if 131*b077aed3SPierre Proncherythe input is a public key. 132*b077aed3SPierre Pronchery 133*b077aed3SPierre Pronchery=item B<-RSAPublicKey_in>, B<-RSAPublicKey_out> 134*b077aed3SPierre Pronchery 135*b077aed3SPierre ProncheryLike B<-pubin> and B<-pubout> except B<RSAPublicKey> format is used instead. 136*b077aed3SPierre Pronchery 137*b077aed3SPierre Pronchery=item B<-pvk-strong> 138*b077aed3SPierre Pronchery 139*b077aed3SPierre ProncheryEnable 'Strong' PVK encoding level (default). 140*b077aed3SPierre Pronchery 141*b077aed3SPierre Pronchery=item B<-pvk-weak> 142*b077aed3SPierre Pronchery 143*b077aed3SPierre ProncheryEnable 'Weak' PVK encoding level. 144*b077aed3SPierre Pronchery 145*b077aed3SPierre Pronchery=item B<-pvk-none> 146*b077aed3SPierre Pronchery 147*b077aed3SPierre ProncheryDon't enforce PVK encoding. 148*b077aed3SPierre Pronchery 149*b077aed3SPierre Pronchery{- $OpenSSL::safe::opt_engine_item -} 150*b077aed3SPierre Pronchery 151*b077aed3SPierre Pronchery{- $OpenSSL::safe::opt_provider_item -} 152*b077aed3SPierre Pronchery 153*b077aed3SPierre Pronchery=back 154*b077aed3SPierre Pronchery 155*b077aed3SPierre Pronchery=head1 NOTES 156*b077aed3SPierre Pronchery 157*b077aed3SPierre ProncheryThe L<openssl-pkey(1)> command is capable of performing all the operations 158*b077aed3SPierre Proncherythis command can, as well as supporting other public key types. 159*b077aed3SPierre Pronchery 160*b077aed3SPierre Pronchery=head1 EXAMPLES 161*b077aed3SPierre Pronchery 162*b077aed3SPierre ProncheryThe documentation for the L<openssl-pkey(1)> command contains examples 163*b077aed3SPierre Proncheryequivalent to the ones listed here. 164*b077aed3SPierre Pronchery 165*b077aed3SPierre ProncheryTo remove the pass phrase on an RSA private key: 166*b077aed3SPierre Pronchery 167*b077aed3SPierre Pronchery openssl rsa -in key.pem -out keyout.pem 168*b077aed3SPierre Pronchery 169*b077aed3SPierre ProncheryTo encrypt a private key using triple DES: 170*b077aed3SPierre Pronchery 171*b077aed3SPierre Pronchery openssl rsa -in key.pem -des3 -out keyout.pem 172*b077aed3SPierre Pronchery 173*b077aed3SPierre ProncheryTo convert a private key from PEM to DER format: 174*b077aed3SPierre Pronchery 175*b077aed3SPierre Pronchery openssl rsa -in key.pem -outform DER -out keyout.der 176*b077aed3SPierre Pronchery 177*b077aed3SPierre ProncheryTo print out the components of a private key to standard output: 178*b077aed3SPierre Pronchery 179*b077aed3SPierre Pronchery openssl rsa -in key.pem -text -noout 180*b077aed3SPierre Pronchery 181*b077aed3SPierre ProncheryTo just output the public part of a private key: 182*b077aed3SPierre Pronchery 183*b077aed3SPierre Pronchery openssl rsa -in key.pem -pubout -out pubkey.pem 184*b077aed3SPierre Pronchery 185*b077aed3SPierre ProncheryOutput the public part of a private key in B<RSAPublicKey> format: 186*b077aed3SPierre Pronchery 187*b077aed3SPierre Pronchery openssl rsa -in key.pem -RSAPublicKey_out -out pubkey.pem 188*b077aed3SPierre Pronchery 189*b077aed3SPierre Pronchery=head1 BUGS 190*b077aed3SPierre Pronchery 191*b077aed3SPierre ProncheryThere should be an option that automatically handles F<.key> files, 192*b077aed3SPierre Proncherywithout having to manually edit them. 193*b077aed3SPierre Pronchery 194*b077aed3SPierre Pronchery=head1 SEE ALSO 195*b077aed3SPierre Pronchery 196*b077aed3SPierre ProncheryL<openssl(1)>, 197*b077aed3SPierre ProncheryL<openssl-pkey(1)>, 198*b077aed3SPierre ProncheryL<openssl-pkcs8(1)>, 199*b077aed3SPierre ProncheryL<openssl-dsa(1)>, 200*b077aed3SPierre ProncheryL<openssl-genrsa(1)>, 201*b077aed3SPierre ProncheryL<openssl-gendsa(1)> 202*b077aed3SPierre Pronchery 203*b077aed3SPierre Pronchery=head1 HISTORY 204*b077aed3SPierre Pronchery 205*b077aed3SPierre ProncheryThe B<-engine> option was deprecated in OpenSSL 3.0. 206*b077aed3SPierre Pronchery 207*b077aed3SPierre Pronchery=head1 COPYRIGHT 208*b077aed3SPierre Pronchery 209*b077aed3SPierre ProncheryCopyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved. 210*b077aed3SPierre Pronchery 211*b077aed3SPierre ProncheryLicensed under the Apache License 2.0 (the "License"). You may not use 212*b077aed3SPierre Proncherythis file except in compliance with the License. You can obtain a copy 213*b077aed3SPierre Proncheryin the file LICENSE in the source distribution or at 214*b077aed3SPierre ProncheryL<https://www.openssl.org/source/license.html>. 215*b077aed3SPierre Pronchery 216*b077aed3SPierre Pronchery=cut 217