1*e7be843bSPierre Pronchery=pod 2*e7be843bSPierre Pronchery{- OpenSSL::safe::output_do_not_edit_headers(); -} 3*e7be843bSPierre Pronchery 4*e7be843bSPierre Pronchery=head1 NAME 5*e7be843bSPierre Pronchery 6*e7be843bSPierre Proncheryopenssl-skeyutl - opaque symmetric keys routines 7*e7be843bSPierre Pronchery 8*e7be843bSPierre Pronchery=head1 SYNOPSIS 9*e7be843bSPierre Pronchery 10*e7be843bSPierre ProncheryB<openssl> B<skeyutl> 11*e7be843bSPierre Pronchery[B<-help>] 12*e7be843bSPierre Pronchery[B<-cipher> I<cipher>] 13*e7be843bSPierre Pronchery[B<-skeymgmt> I<skeymgmt>] 14*e7be843bSPierre Pronchery[B<-skeyopt> I<opt>:I<value>] 15*e7be843bSPierre Pronchery[B<-genkey>] 16*e7be843bSPierre Pronchery{- $OpenSSL::safe::opt_provider_synopsis -} 17*e7be843bSPierre Pronchery 18*e7be843bSPierre Pronchery=head1 DESCRIPTION 19*e7be843bSPierre Pronchery 20*e7be843bSPierre ProncheryNot all cipher implementations support keys as raw bytes. E.g. PKCS#11 tokens 21*e7be843bSPierre Proncherycan store them internally without any option to get the raw byte representation. 22*e7be843bSPierre Pronchery 23*e7be843bSPierre ProncheryThis tool is designed for managing opaque symmetric keys. 24*e7be843bSPierre Pronchery 25*e7be843bSPierre Pronchery=head1 OPTIONS 26*e7be843bSPierre Pronchery 27*e7be843bSPierre Pronchery=over 4 28*e7be843bSPierre Pronchery 29*e7be843bSPierre Pronchery=item B<-help> 30*e7be843bSPierre Pronchery 31*e7be843bSPierre ProncheryPrint out a usage message. 32*e7be843bSPierre Pronchery 33*e7be843bSPierre Pronchery=item B<-cipher> I<cipher> 34*e7be843bSPierre Pronchery 35*e7be843bSPierre ProncheryThe cipher to generate the key for. 36*e7be843bSPierre Pronchery 37*e7be843bSPierre Pronchery=item B<-skeymgmt> I<skeymgmt> 38*e7be843bSPierre Pronchery 39*e7be843bSPierre ProncherySome providers may support opaque symmetric keys objects. To use them, we need 40*e7be843bSPierre Proncheryto know the I<skeymgmt>. If not specified, the name of the cipher will be used. 41*e7be843bSPierre Pronchery 42*e7be843bSPierre ProncheryTo find out the name of the suitable symmetric key management, 43*e7be843bSPierre Proncheryplease refer to the output of the C<openssl list -skey-managers> command. 44*e7be843bSPierre Pronchery 45*e7be843bSPierre Pronchery=item B<-skeyopt> I<opt>:I<value> 46*e7be843bSPierre Pronchery 47*e7be843bSPierre ProncheryTo obtain an existing opaque symmetric key or to generate a new one, key 48*e7be843bSPierre Proncheryoptions are specified as opt:value. These options can't be used together with 49*e7be843bSPierre Proncheryany options implying raw key either directly or indirectly. 50*e7be843bSPierre Pronchery 51*e7be843bSPierre Pronchery=item B<-genkey> 52*e7be843bSPierre Pronchery 53*e7be843bSPierre ProncheryGenerate a new opaque key object. 54*e7be843bSPierre Pronchery 55*e7be843bSPierre Pronchery{- $OpenSSL::safe::opt_provider_item -} 56*e7be843bSPierre Pronchery 57*e7be843bSPierre Pronchery=back 58*e7be843bSPierre Pronchery 59*e7be843bSPierre Pronchery=head1 SEE ALSO 60*e7be843bSPierre Pronchery 61*e7be843bSPierre ProncheryL<openssl-enc(1)>, L<EVP_SKEY(3)> 62*e7be843bSPierre Pronchery 63*e7be843bSPierre Pronchery=head1 HISTORY 64*e7be843bSPierre Pronchery 65*e7be843bSPierre ProncheryThe B<skeyutl> command was added in OpenSSL 3.5. 66*e7be843bSPierre Pronchery 67*e7be843bSPierre Pronchery=head1 COPYRIGHT 68*e7be843bSPierre Pronchery 69*e7be843bSPierre ProncheryCopyright 2025 The OpenSSL Project Authors. All Rights Reserved. 70*e7be843bSPierre Pronchery 71*e7be843bSPierre ProncheryLicensed under the Apache License 2.0 (the "License"). You may not use 72*e7be843bSPierre Proncherythis file except in compliance with the License. You can obtain a copy 73*e7be843bSPierre Proncheryin the file LICENSE in the source distribution or at 74*e7be843bSPierre ProncheryL<https://www.openssl.org/source/license.html>. 75*e7be843bSPierre Pronchery 76*e7be843bSPierre Pronchery=cut 77