xref: /freebsd/crypto/openssl/doc/man1/openssl-storeutl.pod.in (revision 59c8e88e72633afbc47a4ace0d2170d00d51f7dc)
1=pod
2
3=begin comment
4{- join("\n", @autowarntext) -}
5
6=end comment
7
8=head1 NAME
9
10openssl-storeutl - STORE command
11
12=head1 SYNOPSIS
13
14B<openssl> B<storeutl>
15[B<-help>]
16[B<-out> I<file>]
17[B<-noout>]
18[B<-passin> I<arg>]
19[B<-text> I<arg>]
20[B<-r>]
21[B<-certs>]
22[B<-keys>]
23[B<-crls>]
24[B<-subject> I<arg>]
25[B<-issuer> I<arg>]
26[B<-serial> I<arg>]
27[B<-alias> I<arg>]
28[B<-fingerprint> I<arg>]
29[B<-I<digest>>]
30{- $OpenSSL::safe::opt_engine_synopsis -}{- $OpenSSL::safe::opt_provider_synopsis -}
31I<uri>
32
33=head1 DESCRIPTION
34
35This command can be used to display the contents (after
36decryption as the case may be) fetched from the given URI.
37
38=head1 OPTIONS
39
40=over 4
41
42=item B<-help>
43
44Print out a usage message.
45
46=item B<-out> I<filename>
47
48specifies the output filename to write to or standard output by
49default.
50
51=item B<-noout>
52
53this option prevents output of the PEM data.
54
55=item B<-passin> I<arg>
56
57the key password source. For more information about the format of I<arg>
58see L<openssl-passphrase-options(1)>.
59
60=item B<-text>
61
62Prints out the objects in text form, similarly to the B<-text> output from
63L<openssl-x509(1)>, L<openssl-pkey(1)>, etc.
64
65=item B<-r>
66
67Fetch objects recursively when possible.
68
69=item B<-certs>
70
71=item B<-keys>
72
73=item B<-crls>
74
75Only select the certificates, keys or CRLs from the given URI.
76However, if this URI would return a set of names (URIs), those are always
77returned.
78
79Note that all options must be given before the I<uri> argument.
80Otherwise they are ignored.
81
82=item B<-subject> I<arg>
83
84Search for an object having the subject name I<arg>.
85
86The arg must be formatted as C</type0=value0/type1=value1/type2=...>.
87Special characters may be escaped by C<\> (backslash), whitespace is retained.
88Empty values are permitted but are ignored for the search.  That is,
89a search with an empty value will have the same effect as not specifying
90the type at all.
91Giving a single C</> will lead to an empty sequence of RDNs (a NULL-DN).
92Multi-valued RDNs can be formed by placing a C<+> character instead of a C</>
93between the AttributeValueAssertions (AVAs) that specify the members of the set.
94
95Example:
96
97C</DC=org/DC=OpenSSL/DC=users/UID=123456+CN=John Doe>
98
99=item B<-issuer> I<arg>
100
101=item B<-serial> I<arg>
102
103Search for an object having the given issuer name and serial number.
104These two options I<must> be used together.
105The issuer arg must be formatted as C</type0=value0/type1=value1/type2=...>,
106characters may be escaped by \ (backslash), no spaces are skipped.
107The serial arg may be specified as a decimal value or a hex value if preceded
108by C<0x>.
109
110=item B<-alias> I<arg>
111
112Search for an object having the given alias.
113
114=item B<-fingerprint> I<arg>
115
116Search for an object having the given fingerprint.
117
118=item B<-I<digest>>
119
120The digest that was used to compute the fingerprint given with B<-fingerprint>.
121
122{- $OpenSSL::safe::opt_engine_item -}
123
124{- $OpenSSL::safe::opt_provider_item -}
125
126=back
127
128=head1 SEE ALSO
129
130L<openssl(1)>
131
132=head1 HISTORY
133
134This command was added in OpenSSL 1.1.1.
135
136The B<-engine> option was deprecated in OpenSSL 3.0.
137
138=head1 COPYRIGHT
139
140Copyright 2016-2023 The OpenSSL Project Authors. All Rights Reserved.
141
142Licensed under the Apache License 2.0 (the "License").  You may not use
143this file except in compliance with the License.  You can obtain a copy
144in the file LICENSE in the source distribution or at
145L<https://www.openssl.org/source/license.html>.
146
147=cut
148