xref: /freebsd/crypto/openssl/doc/man1/openssl-storeutl.pod.in (revision b64c5a0ace59af62eff52bfe110a521dc73c937b)
1=pod
2
3=begin comment
4{- join("\n", @autowarntext) -}
5
6=end comment
7
8=head1 NAME
9
10openssl-storeutl - STORE command
11
12=head1 SYNOPSIS
13
14B<openssl> B<storeutl>
15[B<-help>]
16[B<-out> I<file>]
17[B<-noout>]
18[B<-passin> I<arg>]
19[B<-text> I<arg>]
20[B<-r>]
21[B<-certs>]
22[B<-keys>]
23[B<-crls>]
24[B<-subject> I<arg>]
25[B<-issuer> I<arg>]
26[B<-serial> I<arg>]
27[B<-alias> I<arg>]
28[B<-fingerprint> I<arg>]
29[B<-I<digest>>]
30{- $OpenSSL::safe::opt_engine_synopsis -}{- $OpenSSL::safe::opt_provider_synopsis -}
31I<uri>
32
33=head1 DESCRIPTION
34
35This command can be used to display the contents (after
36decryption as the case may be) fetched from the given URI.
37
38=head1 OPTIONS
39
40=over 4
41
42=item B<-help>
43
44Print out a usage message.
45
46=item B<-out> I<filename>
47
48specifies the output filename to write to or standard output by
49default.
50
51=item B<-noout>
52
53this option prevents output of the PEM data.
54
55=item B<-passin> I<arg>
56
57the key password source. For more information about the format of I<arg>
58see L<openssl-passphrase-options(1)>.
59
60=item B<-text>
61
62Prints out the objects in text form, similarly to the B<-text> output from
63L<openssl-x509(1)>, L<openssl-pkey(1)>, etc.
64
65=item B<-r>
66
67Fetch objects recursively when possible.
68
69=item B<-certs>
70
71=item B<-keys>
72
73=item B<-crls>
74
75Only select the certificates, keys or CRLs from the given URI.
76However, if this URI would return a set of names (URIs), those are always
77returned.
78
79Note that all options must be given before the I<uri> argument.
80Otherwise they are ignored.
81
82Note I<-keys> selects exclusively private keys, there is no selector for public
83keys only.
84
85=item B<-subject> I<arg>
86
87Search for an object having the subject name I<arg>.
88
89The arg must be formatted as C</type0=value0/type1=value1/type2=...>.
90Special characters may be escaped by C<\> (backslash), whitespace is retained.
91Empty values are permitted but are ignored for the search.  That is,
92a search with an empty value will have the same effect as not specifying
93the type at all.
94Giving a single C</> will lead to an empty sequence of RDNs (a NULL-DN).
95Multi-valued RDNs can be formed by placing a C<+> character instead of a C</>
96between the AttributeValueAssertions (AVAs) that specify the members of the set.
97
98Example:
99
100C</DC=org/DC=OpenSSL/DC=users/UID=123456+CN=John Doe>
101
102=item B<-issuer> I<arg>
103
104=item B<-serial> I<arg>
105
106Search for an object having the given issuer name and serial number.
107These two options I<must> be used together.
108The issuer arg must be formatted as C</type0=value0/type1=value1/type2=...>,
109characters may be escaped by \ (backslash), no spaces are skipped.
110The serial arg may be specified as a decimal value or a hex value if preceded
111by C<0x>.
112
113=item B<-alias> I<arg>
114
115Search for an object having the given alias.
116
117=item B<-fingerprint> I<arg>
118
119Search for an object having the given fingerprint.
120
121=item B<-I<digest>>
122
123The digest that was used to compute the fingerprint given with B<-fingerprint>.
124
125{- $OpenSSL::safe::opt_engine_item -}
126
127{- $OpenSSL::safe::opt_provider_item -}
128
129=back
130
131=head1 SEE ALSO
132
133L<openssl(1)>
134
135=head1 HISTORY
136
137This command was added in OpenSSL 1.1.1.
138
139The B<-engine> option was deprecated in OpenSSL 3.0.
140
141=head1 COPYRIGHT
142
143Copyright 2016-2024 The OpenSSL Project Authors. All Rights Reserved.
144
145Licensed under the Apache License 2.0 (the "License").  You may not use
146this file except in compliance with the License.  You can obtain a copy
147in the file LICENSE in the source distribution or at
148L<https://www.openssl.org/source/license.html>.
149
150=cut
151