xref: /freebsd/crypto/openssl/doc/man1/openssl-rsa.pod.in (revision a90b9d0159070121c221b966469c3e36d912bf82)
1=pod
2
3=begin comment
4{- join("\n", @autowarntext) -}
5
6=end comment
7
8=head1 NAME
9
10openssl-rsa - RSA key processing command
11
12=head1 SYNOPSIS
13
14B<openssl> B<rsa>
15[B<-help>]
16[B<-inform> B<DER>|B<PEM>|B<P12>|B<ENGINE>]
17[B<-outform> B<DER>|B<PEM>]
18[B<-in> I<filename>|I<uri>]
19[B<-passin> I<arg>]
20[B<-out> I<filename>]
21[B<-passout> I<arg>]
22[B<-aes128>]
23[B<-aes192>]
24[B<-aes256>]
25[B<-aria128>]
26[B<-aria192>]
27[B<-aria256>]
28[B<-camellia128>]
29[B<-camellia192>]
30[B<-camellia256>]
31[B<-des>]
32[B<-des3>]
33[B<-idea>]
34[B<-text>]
35[B<-noout>]
36[B<-modulus>]
37[B<-traditional>]
38[B<-check>]
39[B<-pubin>]
40[B<-pubout>]
41[B<-RSAPublicKey_in>]
42[B<-RSAPublicKey_out>]
43[B<-pvk-strong>]
44[B<-pvk-weak>]
45[B<-pvk-none>]
46{- $OpenSSL::safe::opt_engine_synopsis -}{- $OpenSSL::safe::opt_provider_synopsis -}
47
48=head1 DESCRIPTION
49
50This command processes RSA keys. They can be converted between
51various forms and their components printed out.
52
53=head1 OPTIONS
54
55=over 4
56
57=item B<-help>
58
59Print out a usage message.
60
61=item B<-inform> B<DER>|B<PEM>|B<P12>|B<ENGINE>
62
63The key input format; unspecified by default.
64See L<openssl-format-options(1)> for details.
65
66=item B<-outform> B<DER>|B<PEM>
67
68The key output format; the default is B<PEM>.
69See L<openssl-format-options(1)> for details.
70
71=item B<-traditional>
72
73When writing a private key, use the traditional PKCS#1 format
74instead of the PKCS#8 format.
75
76=item B<-in> I<filename>|I<uri>
77
78This specifies the input to read a key from or standard input if this
79option is not specified. If the key is encrypted a pass phrase will be
80prompted for.
81
82=item B<-passin> I<arg>, B<-passout> I<arg>
83
84The password source for the input and output file.
85For more information about the format of B<arg>
86see L<openssl-passphrase-options(1)>.
87
88=item B<-out> I<filename>
89
90This specifies the output filename to write a key to or standard output if this
91option is not specified. If any encryption options are set then a pass phrase
92will be prompted for. The output filename should B<not> be the same as the input
93filename.
94
95=item B<-aes128>, B<-aes192>, B<-aes256>, B<-aria128>, B<-aria192>, B<-aria256>, B<-camellia128>, B<-camellia192>, B<-camellia256>, B<-des>, B<-des3>, B<-idea>
96
97These options encrypt the private key with the specified
98cipher before outputting it. A pass phrase is prompted for.
99If none of these options is specified the key is written in plain text. This
100means that this command can be used to remove the pass phrase from a key
101by not giving any encryption option is given, or to add or change the pass
102phrase by setting them.
103These options can only be used with PEM format output files.
104
105=item B<-text>
106
107Prints out the various public or private key components in
108plain text in addition to the encoded version.
109
110=item B<-noout>
111
112This option prevents output of the encoded version of the key.
113
114=item B<-modulus>
115
116This option prints out the value of the modulus of the key.
117
118=item B<-check>
119
120This option checks the consistency of an RSA private key.
121
122=item B<-pubin>
123
124By default a private key is read from the input file: with this
125option a public key is read instead.
126
127=item B<-pubout>
128
129By default a private key is output: with this option a public
130key will be output instead. This option is automatically set if
131the input is a public key.
132
133=item B<-RSAPublicKey_in>, B<-RSAPublicKey_out>
134
135Like B<-pubin> and B<-pubout> except B<RSAPublicKey> format is used instead.
136
137=item B<-pvk-strong>
138
139Enable 'Strong' PVK encoding level (default).
140
141=item B<-pvk-weak>
142
143Enable 'Weak' PVK encoding level.
144
145=item B<-pvk-none>
146
147Don't enforce PVK encoding.
148
149{- $OpenSSL::safe::opt_engine_item -}
150
151{- $OpenSSL::safe::opt_provider_item -}
152
153=back
154
155=head1 NOTES
156
157The L<openssl-pkey(1)> command is capable of performing all the operations
158this command can, as well as supporting other public key types.
159
160=head1 EXAMPLES
161
162The documentation for the L<openssl-pkey(1)> command contains examples
163equivalent to the ones listed here.
164
165To remove the pass phrase on an RSA private key:
166
167 openssl rsa -in key.pem -out keyout.pem
168
169To encrypt a private key using triple DES:
170
171 openssl rsa -in key.pem -des3 -out keyout.pem
172
173To convert a private key from PEM to DER format:
174
175 openssl rsa -in key.pem -outform DER -out keyout.der
176
177To print out the components of a private key to standard output:
178
179 openssl rsa -in key.pem -text -noout
180
181To just output the public part of a private key:
182
183 openssl rsa -in key.pem -pubout -out pubkey.pem
184
185Output the public part of a private key in B<RSAPublicKey> format:
186
187 openssl rsa -in key.pem -RSAPublicKey_out -out pubkey.pem
188
189=head1 BUGS
190
191There should be an option that automatically handles F<.key> files,
192without having to manually edit them.
193
194=head1 SEE ALSO
195
196L<openssl(1)>,
197L<openssl-pkey(1)>,
198L<openssl-pkcs8(1)>,
199L<openssl-dsa(1)>,
200L<openssl-genrsa(1)>,
201L<openssl-gendsa(1)>
202
203=head1 HISTORY
204
205The B<-engine> option was deprecated in OpenSSL 3.0.
206
207=head1 COPYRIGHT
208
209Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
210
211Licensed under the Apache License 2.0 (the "License").  You may not use
212this file except in compliance with the License.  You can obtain a copy
213in the file LICENSE in the source distribution or at
214L<https://www.openssl.org/source/license.html>.
215
216=cut
217