1e71b7053SJung-uk Kim=pod 2e71b7053SJung-uk Kim 3e71b7053SJung-uk Kim=head1 NAME 4e71b7053SJung-uk Kim 5*b077aed3SPierre Proncheryopenssl - OpenSSL command line program 6e71b7053SJung-uk Kim 7e71b7053SJung-uk Kim=head1 SYNOPSIS 8e71b7053SJung-uk Kim 9e71b7053SJung-uk KimB<openssl> 10e71b7053SJung-uk KimI<command> 11*b077aed3SPierre Pronchery[ I<options> ... ] 12*b077aed3SPierre Pronchery[ I<parameters> ... ] 13e71b7053SJung-uk Kim 14*b077aed3SPierre ProncheryB<openssl> B<no->I<XXX> [ I<options> ] 15e71b7053SJung-uk Kim 16e71b7053SJung-uk Kim=head1 DESCRIPTION 17e71b7053SJung-uk Kim 18e71b7053SJung-uk KimOpenSSL is a cryptography toolkit implementing the Secure Sockets Layer (SSL 19e71b7053SJung-uk Kimv2/v3) and Transport Layer Security (TLS v1) network protocols and related 20e71b7053SJung-uk Kimcryptography standards required by them. 21e71b7053SJung-uk Kim 22*b077aed3SPierre ProncheryThe B<openssl> program is a command line program for using the various 23e71b7053SJung-uk Kimcryptography functions of OpenSSL's B<crypto> library from the shell. 24e71b7053SJung-uk KimIt can be used for 25e71b7053SJung-uk Kim 26e71b7053SJung-uk Kim o Creation and management of private keys, public keys and parameters 27e71b7053SJung-uk Kim o Public key cryptographic operations 28e71b7053SJung-uk Kim o Creation of X.509 certificates, CSRs and CRLs 29*b077aed3SPierre Pronchery o Calculation of Message Digests and Message Authentication Codes 30e71b7053SJung-uk Kim o Encryption and Decryption with Ciphers 31e71b7053SJung-uk Kim o SSL/TLS Client and Server Tests 32e71b7053SJung-uk Kim o Handling of S/MIME signed or encrypted mail 33*b077aed3SPierre Pronchery o Timestamp requests, generation and verification 34e71b7053SJung-uk Kim 35e71b7053SJung-uk Kim=head1 COMMAND SUMMARY 36e71b7053SJung-uk Kim 37*b077aed3SPierre ProncheryThe B<openssl> program provides a rich variety of commands (I<command> in 38*b077aed3SPierre Proncherythe L</SYNOPSIS> above). 39*b077aed3SPierre ProncheryEach command can have many options and argument parameters, shown above as 40*b077aed3SPierre ProncheryI<options> and I<parameters>. 41e71b7053SJung-uk Kim 42c9cf7b5cSJung-uk KimDetailed documentation and use cases for most standard subcommands are available 43*b077aed3SPierre Pronchery(e.g., L<openssl-x509(1)>). The subcommand L<openssl-list(1)> may be used to list 44*b077aed3SPierre Proncherysubcommands. 45e71b7053SJung-uk Kim 46e71b7053SJung-uk KimThe command B<no->I<XXX> tests whether a command of the 47e71b7053SJung-uk Kimspecified name is available. If no command named I<XXX> exists, it 48e71b7053SJung-uk Kimreturns 0 (success) and prints B<no->I<XXX>; otherwise it returns 1 49e71b7053SJung-uk Kimand prints I<XXX>. In both cases, the output goes to B<stdout> and 50e71b7053SJung-uk Kimnothing is printed to B<stderr>. Additional command line arguments 51e71b7053SJung-uk Kimare always ignored. Since for each cipher there is a command of the 52e71b7053SJung-uk Kimsame name, this provides an easy way for shell scripts to test for the 53e71b7053SJung-uk Kimavailability of ciphers in the B<openssl> program. (B<no->I<XXX> is 54e71b7053SJung-uk Kimnot able to detect pseudo-commands such as B<quit>, 55e71b7053SJung-uk KimB<list>, or B<no->I<XXX> itself.) 56e71b7053SJung-uk Kim 57*b077aed3SPierre Pronchery=head2 Configuration Option 58*b077aed3SPierre Pronchery 59*b077aed3SPierre ProncheryMany commands use an external configuration file for some or all of their 60*b077aed3SPierre Proncheryarguments and have a B<-config> option to specify that file. 61*b077aed3SPierre ProncheryThe default name of the file is F<openssl.cnf> in the default certificate 62*b077aed3SPierre Proncherystorage area, which can be determined from the L<openssl-version(1)> 63*b077aed3SPierre Proncherycommand using the B<-d> or B<-a> option. 64*b077aed3SPierre ProncheryThe environment variable B<OPENSSL_CONF> can be used to specify a different 65*b077aed3SPierre Proncheryfile location or to disable loading a configuration (using the empty string). 66*b077aed3SPierre Pronchery 67*b077aed3SPierre ProncheryAmong others, the configuration file can be used to load modules 68*b077aed3SPierre Proncheryand to specify parameters for generating certificates and random numbers. 69*b077aed3SPierre ProncherySee L<config(5)> for details. 70*b077aed3SPierre Pronchery 71e71b7053SJung-uk Kim=head2 Standard Commands 72e71b7053SJung-uk Kim 73e71b7053SJung-uk Kim=over 4 74e71b7053SJung-uk Kim 75e71b7053SJung-uk Kim=item B<asn1parse> 76e71b7053SJung-uk Kim 77e71b7053SJung-uk KimParse an ASN.1 sequence. 78e71b7053SJung-uk Kim 79e71b7053SJung-uk Kim=item B<ca> 80e71b7053SJung-uk Kim 81e71b7053SJung-uk KimCertificate Authority (CA) Management. 82e71b7053SJung-uk Kim 83e71b7053SJung-uk Kim=item B<ciphers> 84e71b7053SJung-uk Kim 85e71b7053SJung-uk KimCipher Suite Description Determination. 86e71b7053SJung-uk Kim 87e71b7053SJung-uk Kim=item B<cms> 88e71b7053SJung-uk Kim 89*b077aed3SPierre ProncheryCMS (Cryptographic Message Syntax) command. 90e71b7053SJung-uk Kim 91e71b7053SJung-uk Kim=item B<crl> 92e71b7053SJung-uk Kim 93e71b7053SJung-uk KimCertificate Revocation List (CRL) Management. 94e71b7053SJung-uk Kim 95e71b7053SJung-uk Kim=item B<crl2pkcs7> 96e71b7053SJung-uk Kim 97e71b7053SJung-uk KimCRL to PKCS#7 Conversion. 98e71b7053SJung-uk Kim 99e71b7053SJung-uk Kim=item B<dgst> 100e71b7053SJung-uk Kim 101*b077aed3SPierre ProncheryMessage Digest calculation. MAC calculations are superseded by 102*b077aed3SPierre ProncheryL<openssl-mac(1)>. 103e71b7053SJung-uk Kim 104e71b7053SJung-uk Kim=item B<dhparam> 105e71b7053SJung-uk Kim 106e71b7053SJung-uk KimGeneration and Management of Diffie-Hellman Parameters. Superseded by 107*b077aed3SPierre ProncheryL<openssl-genpkey(1)> and L<openssl-pkeyparam(1)>. 108e71b7053SJung-uk Kim 109e71b7053SJung-uk Kim=item B<dsa> 110e71b7053SJung-uk Kim 111e71b7053SJung-uk KimDSA Data Management. 112e71b7053SJung-uk Kim 113e71b7053SJung-uk Kim=item B<dsaparam> 114e71b7053SJung-uk Kim 115e71b7053SJung-uk KimDSA Parameter Generation and Management. Superseded by 116*b077aed3SPierre ProncheryL<openssl-genpkey(1)> and L<openssl-pkeyparam(1)>. 117e71b7053SJung-uk Kim 118e71b7053SJung-uk Kim=item B<ec> 119e71b7053SJung-uk Kim 120e71b7053SJung-uk KimEC (Elliptic curve) key processing. 121e71b7053SJung-uk Kim 122e71b7053SJung-uk Kim=item B<ecparam> 123e71b7053SJung-uk Kim 124e71b7053SJung-uk KimEC parameter manipulation and generation. 125e71b7053SJung-uk Kim 126e71b7053SJung-uk Kim=item B<enc> 127e71b7053SJung-uk Kim 128*b077aed3SPierre ProncheryEncryption, decryption, and encoding. 129e71b7053SJung-uk Kim 130e71b7053SJung-uk Kim=item B<engine> 131e71b7053SJung-uk Kim 132e71b7053SJung-uk KimEngine (loadable module) information and manipulation. 133e71b7053SJung-uk Kim 134e71b7053SJung-uk Kim=item B<errstr> 135e71b7053SJung-uk Kim 136e71b7053SJung-uk KimError Number to Error String Conversion. 137e71b7053SJung-uk Kim 138*b077aed3SPierre Pronchery=item B<fipsinstall> 139e71b7053SJung-uk Kim 140*b077aed3SPierre ProncheryFIPS configuration installation. 141e71b7053SJung-uk Kim 142e71b7053SJung-uk Kim=item B<gendsa> 143e71b7053SJung-uk Kim 144e71b7053SJung-uk KimGeneration of DSA Private Key from Parameters. Superseded by 145*b077aed3SPierre ProncheryL<openssl-genpkey(1)> and L<openssl-pkey(1)>. 146e71b7053SJung-uk Kim 147e71b7053SJung-uk Kim=item B<genpkey> 148e71b7053SJung-uk Kim 149e71b7053SJung-uk KimGeneration of Private Key or Parameters. 150e71b7053SJung-uk Kim 151e71b7053SJung-uk Kim=item B<genrsa> 152e71b7053SJung-uk Kim 153*b077aed3SPierre ProncheryGeneration of RSA Private Key. Superseded by L<openssl-genpkey(1)>. 154*b077aed3SPierre Pronchery 155*b077aed3SPierre Pronchery=item B<help> 156*b077aed3SPierre Pronchery 157*b077aed3SPierre ProncheryDisplay information about a command's options. 158*b077aed3SPierre Pronchery 159*b077aed3SPierre Pronchery=item B<info> 160*b077aed3SPierre Pronchery 161*b077aed3SPierre ProncheryDisplay diverse information built into the OpenSSL libraries. 162*b077aed3SPierre Pronchery 163*b077aed3SPierre Pronchery=item B<kdf> 164*b077aed3SPierre Pronchery 165*b077aed3SPierre ProncheryKey Derivation Functions. 166*b077aed3SPierre Pronchery 167*b077aed3SPierre Pronchery=item B<list> 168*b077aed3SPierre Pronchery 169*b077aed3SPierre ProncheryList algorithms and features. 170*b077aed3SPierre Pronchery 171*b077aed3SPierre Pronchery=item B<mac> 172*b077aed3SPierre Pronchery 173*b077aed3SPierre ProncheryMessage Authentication Code Calculation. 174e71b7053SJung-uk Kim 175e71b7053SJung-uk Kim=item B<nseq> 176e71b7053SJung-uk Kim 177e71b7053SJung-uk KimCreate or examine a Netscape certificate sequence. 178e71b7053SJung-uk Kim 179e71b7053SJung-uk Kim=item B<ocsp> 180e71b7053SJung-uk Kim 181*b077aed3SPierre ProncheryOnline Certificate Status Protocol command. 182e71b7053SJung-uk Kim 183e71b7053SJung-uk Kim=item B<passwd> 184e71b7053SJung-uk Kim 185e71b7053SJung-uk KimGeneration of hashed passwords. 186e71b7053SJung-uk Kim 187e71b7053SJung-uk Kim=item B<pkcs12> 188e71b7053SJung-uk Kim 189e71b7053SJung-uk KimPKCS#12 Data Management. 190e71b7053SJung-uk Kim 191e71b7053SJung-uk Kim=item B<pkcs7> 192e71b7053SJung-uk Kim 193e71b7053SJung-uk KimPKCS#7 Data Management. 194e71b7053SJung-uk Kim 195e71b7053SJung-uk Kim=item B<pkcs8> 196e71b7053SJung-uk Kim 197*b077aed3SPierre ProncheryPKCS#8 format private key conversion command. 198e71b7053SJung-uk Kim 199e71b7053SJung-uk Kim=item B<pkey> 200e71b7053SJung-uk Kim 201e71b7053SJung-uk KimPublic and private key management. 202e71b7053SJung-uk Kim 203e71b7053SJung-uk Kim=item B<pkeyparam> 204e71b7053SJung-uk Kim 205e71b7053SJung-uk KimPublic key algorithm parameter management. 206e71b7053SJung-uk Kim 207e71b7053SJung-uk Kim=item B<pkeyutl> 208e71b7053SJung-uk Kim 209*b077aed3SPierre ProncheryPublic key algorithm cryptographic operation command. 210e71b7053SJung-uk Kim 211e71b7053SJung-uk Kim=item B<prime> 212e71b7053SJung-uk Kim 213e71b7053SJung-uk KimCompute prime numbers. 214e71b7053SJung-uk Kim 215e71b7053SJung-uk Kim=item B<rand> 216e71b7053SJung-uk Kim 217e71b7053SJung-uk KimGenerate pseudo-random bytes. 218e71b7053SJung-uk Kim 219e71b7053SJung-uk Kim=item B<rehash> 220e71b7053SJung-uk Kim 221e71b7053SJung-uk KimCreate symbolic links to certificate and CRL files named by the hash values. 222e71b7053SJung-uk Kim 223e71b7053SJung-uk Kim=item B<req> 224e71b7053SJung-uk Kim 225e71b7053SJung-uk KimPKCS#10 X.509 Certificate Signing Request (CSR) Management. 226e71b7053SJung-uk Kim 227e71b7053SJung-uk Kim=item B<rsa> 228e71b7053SJung-uk Kim 229e71b7053SJung-uk KimRSA key management. 230e71b7053SJung-uk Kim 231e71b7053SJung-uk Kim=item B<rsautl> 232e71b7053SJung-uk Kim 233*b077aed3SPierre ProncheryRSA command for signing, verification, encryption, and decryption. Superseded 234*b077aed3SPierre Proncheryby L<openssl-pkeyutl(1)>. 235e71b7053SJung-uk Kim 236e71b7053SJung-uk Kim=item B<s_client> 237e71b7053SJung-uk Kim 238e71b7053SJung-uk KimThis implements a generic SSL/TLS client which can establish a transparent 239e71b7053SJung-uk Kimconnection to a remote server speaking SSL/TLS. It's intended for testing 240e71b7053SJung-uk Kimpurposes only and provides only rudimentary interface functionality but 241e71b7053SJung-uk Kiminternally uses mostly all functionality of the OpenSSL B<ssl> library. 242e71b7053SJung-uk Kim 243e71b7053SJung-uk Kim=item B<s_server> 244e71b7053SJung-uk Kim 245e71b7053SJung-uk KimThis implements a generic SSL/TLS server which accepts connections from remote 246e71b7053SJung-uk Kimclients speaking SSL/TLS. It's intended for testing purposes only and provides 247e71b7053SJung-uk Kimonly rudimentary interface functionality but internally uses mostly all 248e71b7053SJung-uk Kimfunctionality of the OpenSSL B<ssl> library. It provides both an own command 249e71b7053SJung-uk Kimline oriented protocol for testing SSL functions and a simple HTTP response 250e71b7053SJung-uk Kimfacility to emulate an SSL/TLS-aware webserver. 251e71b7053SJung-uk Kim 252e71b7053SJung-uk Kim=item B<s_time> 253e71b7053SJung-uk Kim 254e71b7053SJung-uk KimSSL Connection Timer. 255e71b7053SJung-uk Kim 256e71b7053SJung-uk Kim=item B<sess_id> 257e71b7053SJung-uk Kim 258e71b7053SJung-uk KimSSL Session Data Management. 259e71b7053SJung-uk Kim 260e71b7053SJung-uk Kim=item B<smime> 261e71b7053SJung-uk Kim 262e71b7053SJung-uk KimS/MIME mail processing. 263e71b7053SJung-uk Kim 264e71b7053SJung-uk Kim=item B<speed> 265e71b7053SJung-uk Kim 266e71b7053SJung-uk KimAlgorithm Speed Measurement. 267e71b7053SJung-uk Kim 268e71b7053SJung-uk Kim=item B<spkac> 269e71b7053SJung-uk Kim 270*b077aed3SPierre ProncherySPKAC printing and generating command. 271e71b7053SJung-uk Kim 272e71b7053SJung-uk Kim=item B<srp> 273e71b7053SJung-uk Kim 274*b077aed3SPierre ProncheryMaintain SRP password file. This command is deprecated. 275e71b7053SJung-uk Kim 276e71b7053SJung-uk Kim=item B<storeutl> 277e71b7053SJung-uk Kim 278*b077aed3SPierre ProncheryCommand to list and display certificates, keys, CRLs, etc. 279e71b7053SJung-uk Kim 280e71b7053SJung-uk Kim=item B<ts> 281e71b7053SJung-uk Kim 282*b077aed3SPierre ProncheryTime Stamping Authority command. 283e71b7053SJung-uk Kim 284e71b7053SJung-uk Kim=item B<verify> 285e71b7053SJung-uk Kim 286e71b7053SJung-uk KimX.509 Certificate Verification. 287*b077aed3SPierre ProncherySee also the L<openssl-verification-options(1)> manual page. 288e71b7053SJung-uk Kim 289e71b7053SJung-uk Kim=item B<version> 290e71b7053SJung-uk Kim 291e71b7053SJung-uk KimOpenSSL Version Information. 292e71b7053SJung-uk Kim 293e71b7053SJung-uk Kim=item B<x509> 294e71b7053SJung-uk Kim 295e71b7053SJung-uk KimX.509 Certificate Data Management. 296e71b7053SJung-uk Kim 297e71b7053SJung-uk Kim=back 298e71b7053SJung-uk Kim 299e71b7053SJung-uk Kim=head2 Message Digest Commands 300e71b7053SJung-uk Kim 301e71b7053SJung-uk Kim=over 4 302e71b7053SJung-uk Kim 303e71b7053SJung-uk Kim=item B<blake2b512> 304e71b7053SJung-uk Kim 305e71b7053SJung-uk KimBLAKE2b-512 Digest 306e71b7053SJung-uk Kim 307e71b7053SJung-uk Kim=item B<blake2s256> 308e71b7053SJung-uk Kim 309e71b7053SJung-uk KimBLAKE2s-256 Digest 310e71b7053SJung-uk Kim 311e71b7053SJung-uk Kim=item B<md2> 312e71b7053SJung-uk Kim 313e71b7053SJung-uk KimMD2 Digest 314e71b7053SJung-uk Kim 315e71b7053SJung-uk Kim=item B<md4> 316e71b7053SJung-uk Kim 317e71b7053SJung-uk KimMD4 Digest 318e71b7053SJung-uk Kim 319e71b7053SJung-uk Kim=item B<md5> 320e71b7053SJung-uk Kim 321e71b7053SJung-uk KimMD5 Digest 322e71b7053SJung-uk Kim 323e71b7053SJung-uk Kim=item B<mdc2> 324e71b7053SJung-uk Kim 325e71b7053SJung-uk KimMDC2 Digest 326e71b7053SJung-uk Kim 327e71b7053SJung-uk Kim=item B<rmd160> 328e71b7053SJung-uk Kim 329e71b7053SJung-uk KimRMD-160 Digest 330e71b7053SJung-uk Kim 331e71b7053SJung-uk Kim=item B<sha1> 332e71b7053SJung-uk Kim 333e71b7053SJung-uk KimSHA-1 Digest 334e71b7053SJung-uk Kim 335e71b7053SJung-uk Kim=item B<sha224> 336e71b7053SJung-uk Kim 337e71b7053SJung-uk KimSHA-2 224 Digest 338e71b7053SJung-uk Kim 339e71b7053SJung-uk Kim=item B<sha256> 340e71b7053SJung-uk Kim 341e71b7053SJung-uk KimSHA-2 256 Digest 342e71b7053SJung-uk Kim 343e71b7053SJung-uk Kim=item B<sha384> 344e71b7053SJung-uk Kim 345e71b7053SJung-uk KimSHA-2 384 Digest 346e71b7053SJung-uk Kim 347e71b7053SJung-uk Kim=item B<sha512> 348e71b7053SJung-uk Kim 349e71b7053SJung-uk KimSHA-2 512 Digest 350e71b7053SJung-uk Kim 351e71b7053SJung-uk Kim=item B<sha3-224> 352e71b7053SJung-uk Kim 353e71b7053SJung-uk KimSHA-3 224 Digest 354e71b7053SJung-uk Kim 355e71b7053SJung-uk Kim=item B<sha3-256> 356e71b7053SJung-uk Kim 357e71b7053SJung-uk KimSHA-3 256 Digest 358e71b7053SJung-uk Kim 359e71b7053SJung-uk Kim=item B<sha3-384> 360e71b7053SJung-uk Kim 361e71b7053SJung-uk KimSHA-3 384 Digest 362e71b7053SJung-uk Kim 363e71b7053SJung-uk Kim=item B<sha3-512> 364e71b7053SJung-uk Kim 365e71b7053SJung-uk KimSHA-3 512 Digest 366e71b7053SJung-uk Kim 367e71b7053SJung-uk Kim=item B<shake128> 368e71b7053SJung-uk Kim 369e71b7053SJung-uk KimSHA-3 SHAKE128 Digest 370e71b7053SJung-uk Kim 371e71b7053SJung-uk Kim=item B<shake256> 372e71b7053SJung-uk Kim 373e71b7053SJung-uk KimSHA-3 SHAKE256 Digest 374e71b7053SJung-uk Kim 375e71b7053SJung-uk Kim=item B<sm3> 376e71b7053SJung-uk Kim 377e71b7053SJung-uk KimSM3 Digest 378e71b7053SJung-uk Kim 379e71b7053SJung-uk Kim=back 380e71b7053SJung-uk Kim 381*b077aed3SPierre Pronchery=head2 Encryption, Decryption, and Encoding Commands 382e71b7053SJung-uk Kim 383c9cf7b5cSJung-uk KimThe following aliases provide convenient access to the most used encodings 384c9cf7b5cSJung-uk Kimand ciphers. 385c9cf7b5cSJung-uk Kim 386c9cf7b5cSJung-uk KimDepending on how OpenSSL was configured and built, not all ciphers listed 387*b077aed3SPierre Proncheryhere may be present. See L<openssl-enc(1)> for more information. 388c9cf7b5cSJung-uk Kim 389e71b7053SJung-uk Kim=over 4 390e71b7053SJung-uk Kim 391c9cf7b5cSJung-uk Kim=item B<aes128>, B<aes-128-cbc>, B<aes-128-cfb>, B<aes-128-ctr>, B<aes-128-ecb>, B<aes-128-ofb> 392c9cf7b5cSJung-uk Kim 393c9cf7b5cSJung-uk KimAES-128 Cipher 394c9cf7b5cSJung-uk Kim 395c9cf7b5cSJung-uk Kim=item B<aes192>, B<aes-192-cbc>, B<aes-192-cfb>, B<aes-192-ctr>, B<aes-192-ecb>, B<aes-192-ofb> 396c9cf7b5cSJung-uk Kim 397c9cf7b5cSJung-uk KimAES-192 Cipher 398c9cf7b5cSJung-uk Kim 399c9cf7b5cSJung-uk Kim=item B<aes256>, B<aes-256-cbc>, B<aes-256-cfb>, B<aes-256-ctr>, B<aes-256-ecb>, B<aes-256-ofb> 400c9cf7b5cSJung-uk Kim 401c9cf7b5cSJung-uk KimAES-256 Cipher 402c9cf7b5cSJung-uk Kim 403c9cf7b5cSJung-uk Kim=item B<aria128>, B<aria-128-cbc>, B<aria-128-cfb>, B<aria-128-ctr>, B<aria-128-ecb>, B<aria-128-ofb> 404c9cf7b5cSJung-uk Kim 405c9cf7b5cSJung-uk KimAria-128 Cipher 406c9cf7b5cSJung-uk Kim 407c9cf7b5cSJung-uk Kim=item B<aria192>, B<aria-192-cbc>, B<aria-192-cfb>, B<aria-192-ctr>, B<aria-192-ecb>, B<aria-192-ofb> 408c9cf7b5cSJung-uk Kim 409c9cf7b5cSJung-uk KimAria-192 Cipher 410c9cf7b5cSJung-uk Kim 411c9cf7b5cSJung-uk Kim=item B<aria256>, B<aria-256-cbc>, B<aria-256-cfb>, B<aria-256-ctr>, B<aria-256-ecb>, B<aria-256-ofb> 412c9cf7b5cSJung-uk Kim 413c9cf7b5cSJung-uk KimAria-256 Cipher 414c9cf7b5cSJung-uk Kim 415e71b7053SJung-uk Kim=item B<base64> 416e71b7053SJung-uk Kim 417e71b7053SJung-uk KimBase64 Encoding 418e71b7053SJung-uk Kim 419e71b7053SJung-uk Kim=item B<bf>, B<bf-cbc>, B<bf-cfb>, B<bf-ecb>, B<bf-ofb> 420e71b7053SJung-uk Kim 421e71b7053SJung-uk KimBlowfish Cipher 422e71b7053SJung-uk Kim 423c9cf7b5cSJung-uk Kim=item B<camellia128>, B<camellia-128-cbc>, B<camellia-128-cfb>, B<camellia-128-ctr>, B<camellia-128-ecb>, B<camellia-128-ofb> 424c9cf7b5cSJung-uk Kim 425c9cf7b5cSJung-uk KimCamellia-128 Cipher 426c9cf7b5cSJung-uk Kim 427c9cf7b5cSJung-uk Kim=item B<camellia192>, B<camellia-192-cbc>, B<camellia-192-cfb>, B<camellia-192-ctr>, B<camellia-192-ecb>, B<camellia-192-ofb> 428c9cf7b5cSJung-uk Kim 429c9cf7b5cSJung-uk KimCamellia-192 Cipher 430c9cf7b5cSJung-uk Kim 431c9cf7b5cSJung-uk Kim=item B<camellia256>, B<camellia-256-cbc>, B<camellia-256-cfb>, B<camellia-256-ctr>, B<camellia-256-ecb>, B<camellia-256-ofb> 432c9cf7b5cSJung-uk Kim 433c9cf7b5cSJung-uk KimCamellia-256 Cipher 434c9cf7b5cSJung-uk Kim 435e71b7053SJung-uk Kim=item B<cast>, B<cast-cbc> 436e71b7053SJung-uk Kim 437e71b7053SJung-uk KimCAST Cipher 438e71b7053SJung-uk Kim 439e71b7053SJung-uk Kim=item B<cast5-cbc>, B<cast5-cfb>, B<cast5-ecb>, B<cast5-ofb> 440e71b7053SJung-uk Kim 441e71b7053SJung-uk KimCAST5 Cipher 442e71b7053SJung-uk Kim 443c9cf7b5cSJung-uk Kim=item B<chacha20> 444c9cf7b5cSJung-uk Kim 445c9cf7b5cSJung-uk KimChacha20 Cipher 446c9cf7b5cSJung-uk Kim 447e71b7053SJung-uk Kim=item B<des>, B<des-cbc>, B<des-cfb>, B<des-ecb>, B<des-ede>, B<des-ede-cbc>, B<des-ede-cfb>, B<des-ede-ofb>, B<des-ofb> 448e71b7053SJung-uk Kim 449e71b7053SJung-uk KimDES Cipher 450e71b7053SJung-uk Kim 451e71b7053SJung-uk Kim=item B<des3>, B<desx>, B<des-ede3>, B<des-ede3-cbc>, B<des-ede3-cfb>, B<des-ede3-ofb> 452e71b7053SJung-uk Kim 453e71b7053SJung-uk KimTriple-DES Cipher 454e71b7053SJung-uk Kim 455e71b7053SJung-uk Kim=item B<idea>, B<idea-cbc>, B<idea-cfb>, B<idea-ecb>, B<idea-ofb> 456e71b7053SJung-uk Kim 457e71b7053SJung-uk KimIDEA Cipher 458e71b7053SJung-uk Kim 459e71b7053SJung-uk Kim=item B<rc2>, B<rc2-cbc>, B<rc2-cfb>, B<rc2-ecb>, B<rc2-ofb> 460e71b7053SJung-uk Kim 461e71b7053SJung-uk KimRC2 Cipher 462e71b7053SJung-uk Kim 463e71b7053SJung-uk Kim=item B<rc4> 464e71b7053SJung-uk Kim 465e71b7053SJung-uk KimRC4 Cipher 466e71b7053SJung-uk Kim 467e71b7053SJung-uk Kim=item B<rc5>, B<rc5-cbc>, B<rc5-cfb>, B<rc5-ecb>, B<rc5-ofb> 468e71b7053SJung-uk Kim 469e71b7053SJung-uk KimRC5 Cipher 470e71b7053SJung-uk Kim 471c9cf7b5cSJung-uk Kim=item B<seed>, B<seed-cbc>, B<seed-cfb>, B<seed-ecb>, B<seed-ofb> 472c9cf7b5cSJung-uk Kim 473c9cf7b5cSJung-uk KimSEED Cipher 474c9cf7b5cSJung-uk Kim 475c9cf7b5cSJung-uk Kim=item B<sm4>, B<sm4-cbc>, B<sm4-cfb>, B<sm4-ctr>, B<sm4-ecb>, B<sm4-ofb> 476c9cf7b5cSJung-uk Kim 477c9cf7b5cSJung-uk KimSM4 Cipher 478c9cf7b5cSJung-uk Kim 479e71b7053SJung-uk Kim=back 480e71b7053SJung-uk Kim 481e71b7053SJung-uk Kim=head1 OPTIONS 482e71b7053SJung-uk Kim 483e71b7053SJung-uk KimDetails of which options are available depend on the specific command. 484e71b7053SJung-uk KimThis section describes some common options with common behavior. 485e71b7053SJung-uk Kim 486e71b7053SJung-uk Kim=head2 Common Options 487e71b7053SJung-uk Kim 488e71b7053SJung-uk Kim=over 4 489e71b7053SJung-uk Kim 490e71b7053SJung-uk Kim=item B<-help> 491e71b7053SJung-uk Kim 492e71b7053SJung-uk KimProvides a terse summary of all options. 493*b077aed3SPierre ProncheryIf an option takes an argument, the "type" of argument is also given. 494*b077aed3SPierre Pronchery 495*b077aed3SPierre Pronchery=item B<--> 496*b077aed3SPierre Pronchery 497*b077aed3SPierre ProncheryThis terminates the list of options. It is mostly useful if any filename 498*b077aed3SPierre Proncheryparameters start with a minus sign: 499*b077aed3SPierre Pronchery 500*b077aed3SPierre Pronchery openssl verify [flags...] -- -cert1.pem... 501e71b7053SJung-uk Kim 502e71b7053SJung-uk Kim=back 503e71b7053SJung-uk Kim 504*b077aed3SPierre Pronchery=head2 Format Options 505*b077aed3SPierre Pronchery 506*b077aed3SPierre ProncherySee L<openssl-format-options(1)> for manual page. 507*b077aed3SPierre Pronchery 508e71b7053SJung-uk Kim=head2 Pass Phrase Options 509e71b7053SJung-uk Kim 510*b077aed3SPierre ProncherySee the L<openssl-passphrase-options(1)> manual page. 511e71b7053SJung-uk Kim 512*b077aed3SPierre Pronchery=head2 Random State Options 513*b077aed3SPierre Pronchery 514*b077aed3SPierre ProncheryPrior to OpenSSL 1.1.1, it was common for applications to store information 515*b077aed3SPierre Proncheryabout the state of the random-number generator in a file that was loaded 516*b077aed3SPierre Proncheryat startup and rewritten upon exit. On modern operating systems, this is 517*b077aed3SPierre Proncherygenerally no longer necessary as OpenSSL will seed itself from a trusted 518*b077aed3SPierre Proncheryentropy source provided by the operating system. These flags are still 519*b077aed3SPierre Proncherysupported for special platforms or circumstances that might require them. 520*b077aed3SPierre Pronchery 521*b077aed3SPierre ProncheryIt is generally an error to use the same seed file more than once and 522*b077aed3SPierre Proncheryevery use of B<-rand> should be paired with B<-writerand>. 523e71b7053SJung-uk Kim 524e71b7053SJung-uk Kim=over 4 525e71b7053SJung-uk Kim 526*b077aed3SPierre Pronchery=item B<-rand> I<files> 527e71b7053SJung-uk Kim 528*b077aed3SPierre ProncheryA file or files containing random data used to seed the random number 529*b077aed3SPierre Proncherygenerator. 530*b077aed3SPierre ProncheryMultiple files can be specified separated by an OS-dependent character. 531*b077aed3SPierre ProncheryThe separator is C<;> for MS-Windows, C<,> for OpenVMS, and C<:> for 532*b077aed3SPierre Proncheryall others. Another way to specify multiple files is to repeat this flag 533*b077aed3SPierre Proncherywith different filenames. 534e71b7053SJung-uk Kim 535*b077aed3SPierre Pronchery=item B<-writerand> I<file> 536e71b7053SJung-uk Kim 537*b077aed3SPierre ProncheryWrites the seed data to the specified I<file> upon exit. 538*b077aed3SPierre ProncheryThis file can be used in a subsequent command invocation. 539e71b7053SJung-uk Kim 540*b077aed3SPierre Pronchery=back 541e71b7053SJung-uk Kim 542*b077aed3SPierre Pronchery=head2 Certificate Verification Options 543e71b7053SJung-uk Kim 544*b077aed3SPierre ProncherySee the L<openssl-verification-options(1)> manual page. 545e71b7053SJung-uk Kim 546*b077aed3SPierre Pronchery=head2 Name Format Options 547e71b7053SJung-uk Kim 548*b077aed3SPierre ProncherySee the L<openssl-namedisplay-options(1)> manual page. 549e71b7053SJung-uk Kim 550*b077aed3SPierre Pronchery=head2 TLS Version Options 551*b077aed3SPierre Pronchery 552*b077aed3SPierre ProncherySeveral commands use SSL, TLS, or DTLS. By default, the commands use TLS and 553*b077aed3SPierre Proncheryclients will offer the lowest and highest protocol version they support, 554*b077aed3SPierre Proncheryand servers will pick the highest version that the client offers that is also 555*b077aed3SPierre Proncherysupported by the server. 556*b077aed3SPierre Pronchery 557*b077aed3SPierre ProncheryThe options below can be used to limit which protocol versions are used, 558*b077aed3SPierre Proncheryand whether TCP (SSL and TLS) or UDP (DTLS) is used. 559*b077aed3SPierre ProncheryNote that not all protocols and flags may be available, depending on how 560*b077aed3SPierre ProncheryOpenSSL was built. 561*b077aed3SPierre Pronchery 562*b077aed3SPierre Pronchery=over 4 563*b077aed3SPierre Pronchery 564*b077aed3SPierre Pronchery=item B<-ssl3>, B<-tls1>, B<-tls1_1>, B<-tls1_2>, B<-tls1_3>, B<-no_ssl3>, B<-no_tls1>, B<-no_tls1_1>, B<-no_tls1_2>, B<-no_tls1_3> 565*b077aed3SPierre Pronchery 566*b077aed3SPierre ProncheryThese options require or disable the use of the specified SSL or TLS protocols. 567*b077aed3SPierre ProncheryWhen a specific TLS version is required, only that version will be offered or 568*b077aed3SPierre Proncheryaccepted. 569*b077aed3SPierre ProncheryOnly one specific protocol can be given and it cannot be combined with any of 570*b077aed3SPierre Proncherythe B<no_> options. 571*b077aed3SPierre ProncheryThe B<no_*> options do not work with B<s_time> and B<ciphers> commands but work with 572*b077aed3SPierre ProncheryB<s_client> and B<s_server> commands. 573*b077aed3SPierre Pronchery 574*b077aed3SPierre Pronchery=item B<-dtls>, B<-dtls1>, B<-dtls1_2> 575*b077aed3SPierre Pronchery 576*b077aed3SPierre ProncheryThese options specify to use DTLS instead of TLS. 577*b077aed3SPierre ProncheryWith B<-dtls>, clients will negotiate any supported DTLS protocol version. 578*b077aed3SPierre ProncheryUse the B<-dtls1> or B<-dtls1_2> options to support only DTLS1.0 or DTLS1.2, 579*b077aed3SPierre Proncheryrespectively. 580*b077aed3SPierre Pronchery 581*b077aed3SPierre Pronchery=back 582*b077aed3SPierre Pronchery 583*b077aed3SPierre Pronchery=head2 Engine Options 584*b077aed3SPierre Pronchery 585*b077aed3SPierre Pronchery=over 4 586*b077aed3SPierre Pronchery 587*b077aed3SPierre Pronchery=item B<-engine> I<id> 588*b077aed3SPierre Pronchery 589*b077aed3SPierre ProncheryLoad the engine identified by I<id> and use all the methods it implements 590*b077aed3SPierre Pronchery(algorithms, key storage, etc.), unless specified otherwise in the 591*b077aed3SPierre Proncherycommand-specific documentation or it is configured to do so, as described in 592*b077aed3SPierre ProncheryL<config(5)/Engine Configuration>. 593*b077aed3SPierre Pronchery 594*b077aed3SPierre ProncheryThe engine will be used for key ids specified with B<-key> and similar 595*b077aed3SPierre Proncheryoptions when an option like B<-keyform engine> is given. 596*b077aed3SPierre Pronchery 597*b077aed3SPierre ProncheryA special case is the C<loader_attic> engine, which 598*b077aed3SPierre Proncheryis meant just for internal OpenSSL testing purposes and 599*b077aed3SPierre Proncherysupports loading keys, parameters, certificates, and CRLs from files. 600*b077aed3SPierre ProncheryWhen this engine is used, files with such credentials are read via this engine. 601*b077aed3SPierre ProncheryUsing the C<file:> schema is optional; a plain file (path) name will do. 602*b077aed3SPierre Pronchery 603*b077aed3SPierre Pronchery=back 604*b077aed3SPierre Pronchery 605*b077aed3SPierre ProncheryOptions specifying keys, like B<-key> and similar, can use the generic 606*b077aed3SPierre ProncheryOpenSSL engine key loading URI scheme C<org.openssl.engine:> to retrieve 607*b077aed3SPierre Proncheryprivate keys and public keys. The URI syntax is as follows, in simplified 608*b077aed3SPierre Proncheryform: 609*b077aed3SPierre Pronchery 610*b077aed3SPierre Pronchery org.openssl.engine:{engineid}:{keyid} 611*b077aed3SPierre Pronchery 612*b077aed3SPierre ProncheryWhere C<{engineid}> is the identity/name of the engine, and C<{keyid}> is a 613*b077aed3SPierre Proncherykey identifier that's acceptable by that engine. For example, when using an 614*b077aed3SPierre Proncheryengine that interfaces against a PKCS#11 implementation, the generic key URI 615*b077aed3SPierre Proncherywould be something like this (this happens to be an example for the PKCS#11 616*b077aed3SPierre Proncheryengine that's part of OpenSC): 617*b077aed3SPierre Pronchery 618*b077aed3SPierre Pronchery -key org.openssl.engine:pkcs11:label_some-private-key 619*b077aed3SPierre Pronchery 620*b077aed3SPierre ProncheryAs a third possibility, for engines and providers that have implemented 621*b077aed3SPierre Proncherytheir own L<OSSL_STORE_LOADER(3)>, C<org.openssl.engine:> should not be 622*b077aed3SPierre Proncherynecessary. For a PKCS#11 implementation that has implemented such a loader, 623*b077aed3SPierre Proncherythe PKCS#11 URI as defined in RFC 7512 should be possible to use directly: 624*b077aed3SPierre Pronchery 625*b077aed3SPierre Pronchery -key pkcs11:object=some-private-key;pin-value=1234 626*b077aed3SPierre Pronchery 627*b077aed3SPierre Pronchery=head2 Provider Options 628*b077aed3SPierre Pronchery 629*b077aed3SPierre Pronchery=over 4 630*b077aed3SPierre Pronchery 631*b077aed3SPierre Pronchery=item B<-provider> I<name> 632*b077aed3SPierre Pronchery 633*b077aed3SPierre ProncheryLoad and initialize the provider identified by I<name>. The I<name> 634*b077aed3SPierre Proncherycan be also a path to the provider module. In that case the provider name 635*b077aed3SPierre Proncherywill be the specified path and not just the provider module name. 636*b077aed3SPierre ProncheryInterpretation of relative paths is platform specific. The configured 637*b077aed3SPierre Pronchery"MODULESDIR" path, B<OPENSSL_MODULES> environment variable, or the path 638*b077aed3SPierre Proncheryspecified by B<-provider-path> is prepended to relative paths. 639*b077aed3SPierre ProncherySee L<provider(7)> for a more detailed description. 640*b077aed3SPierre Pronchery 641*b077aed3SPierre Pronchery=item B<-provider-path> I<path> 642*b077aed3SPierre Pronchery 643*b077aed3SPierre ProncherySpecifies the search path that is to be used for looking for providers. 644*b077aed3SPierre ProncheryEquivalently, the B<OPENSSL_MODULES> environment variable may be set. 645*b077aed3SPierre Pronchery 646*b077aed3SPierre Pronchery=item B<-propquery> I<propq> 647*b077aed3SPierre Pronchery 648*b077aed3SPierre ProncherySpecifies the I<property query clause> to be used when fetching algorithms 649*b077aed3SPierre Proncheryfrom the loaded providers. 650*b077aed3SPierre ProncherySee L<property(7)> for a more detailed description. 651*b077aed3SPierre Pronchery 652*b077aed3SPierre Pronchery=back 653*b077aed3SPierre Pronchery 654*b077aed3SPierre Pronchery=head1 ENVIRONMENT 655*b077aed3SPierre Pronchery 656*b077aed3SPierre ProncheryThe OpenSSL library can be take some configuration parameters from the 657*b077aed3SPierre Proncheryenvironment. Some of these variables are listed below. For information 658*b077aed3SPierre Proncheryabout specific commands, see L<openssl-engine(1)>, 659*b077aed3SPierre ProncheryL<openssl-rehash(1)>, and L<tsget(1)>. 660*b077aed3SPierre Pronchery 661*b077aed3SPierre ProncheryFor information about the use of environment variables in configuration, 662*b077aed3SPierre Proncherysee L<config(5)/ENVIRONMENT>. 663*b077aed3SPierre Pronchery 664*b077aed3SPierre ProncheryFor information about querying or specifying CPU architecture flags, see 665*b077aed3SPierre ProncheryL<OPENSSL_ia32cap(3)>, and L<OPENSSL_s390xcap(3)>. 666*b077aed3SPierre Pronchery 667*b077aed3SPierre ProncheryFor information about all environment variables used by the OpenSSL libraries, 668*b077aed3SPierre Proncherysee L<openssl-env(7)>. 669*b077aed3SPierre Pronchery 670*b077aed3SPierre Pronchery=over 4 671*b077aed3SPierre Pronchery 672*b077aed3SPierre Pronchery=item B<OPENSSL_TRACE=>I<name>[,...] 673*b077aed3SPierre Pronchery 674*b077aed3SPierre ProncheryEnable tracing output of OpenSSL library, by name. 675*b077aed3SPierre ProncheryThis output will only make sense if you know OpenSSL internals well. 676*b077aed3SPierre ProncheryAlso, it might not give you any output at all, depending on how 677*b077aed3SPierre ProncheryOpenSSL was built. 678*b077aed3SPierre Pronchery 679*b077aed3SPierre ProncheryThe value is a comma separated list of names, with the following 680*b077aed3SPierre Proncheryavailable: 681*b077aed3SPierre Pronchery 682*b077aed3SPierre Pronchery=over 4 683*b077aed3SPierre Pronchery 684*b077aed3SPierre Pronchery=item B<TRACE> 685*b077aed3SPierre Pronchery 686*b077aed3SPierre ProncheryTraces the OpenSSL trace API itself. 687*b077aed3SPierre Pronchery 688*b077aed3SPierre Pronchery=item B<INIT> 689*b077aed3SPierre Pronchery 690*b077aed3SPierre ProncheryTraces OpenSSL library initialization and cleanup. 691*b077aed3SPierre Pronchery 692*b077aed3SPierre Pronchery=item B<TLS> 693*b077aed3SPierre Pronchery 694*b077aed3SPierre ProncheryTraces the TLS/SSL protocol. 695*b077aed3SPierre Pronchery 696*b077aed3SPierre Pronchery=item B<TLS_CIPHER> 697*b077aed3SPierre Pronchery 698*b077aed3SPierre ProncheryTraces the ciphers used by the TLS/SSL protocol. 699*b077aed3SPierre Pronchery 700*b077aed3SPierre Pronchery=item B<CONF> 701*b077aed3SPierre Pronchery 702*b077aed3SPierre ProncheryShow details about provider and engine configuration. 703*b077aed3SPierre Pronchery 704*b077aed3SPierre Pronchery=item B<ENGINE_TABLE> 705*b077aed3SPierre Pronchery 706*b077aed3SPierre ProncheryThe function that is used by RSA, DSA (etc) code to select registered 707*b077aed3SPierre ProncheryENGINEs, cache defaults and functional references (etc), will generate 708*b077aed3SPierre Proncherydebugging summaries. 709*b077aed3SPierre Pronchery 710*b077aed3SPierre Pronchery=item B<ENGINE_REF_COUNT> 711*b077aed3SPierre Pronchery 712*b077aed3SPierre ProncheryReference counts in the ENGINE structure will be monitored with a line 713*b077aed3SPierre Proncheryof generated for each change. 714*b077aed3SPierre Pronchery 715*b077aed3SPierre Pronchery=item B<PKCS5V2> 716*b077aed3SPierre Pronchery 717*b077aed3SPierre ProncheryTraces PKCS#5 v2 key generation. 718*b077aed3SPierre Pronchery 719*b077aed3SPierre Pronchery=item B<PKCS12_KEYGEN> 720*b077aed3SPierre Pronchery 721*b077aed3SPierre ProncheryTraces PKCS#12 key generation. 722*b077aed3SPierre Pronchery 723*b077aed3SPierre Pronchery=item B<PKCS12_DECRYPT> 724*b077aed3SPierre Pronchery 725*b077aed3SPierre ProncheryTraces PKCS#12 decryption. 726*b077aed3SPierre Pronchery 727*b077aed3SPierre Pronchery=item B<X509V3_POLICY> 728*b077aed3SPierre Pronchery 729*b077aed3SPierre ProncheryGenerates the complete policy tree at various points during X.509 v3 730*b077aed3SPierre Proncherypolicy evaluation. 731*b077aed3SPierre Pronchery 732*b077aed3SPierre Pronchery=item B<BN_CTX> 733*b077aed3SPierre Pronchery 734*b077aed3SPierre ProncheryTraces BIGNUM context operations. 735*b077aed3SPierre Pronchery 736*b077aed3SPierre Pronchery=item B<CMP> 737*b077aed3SPierre Pronchery 738*b077aed3SPierre ProncheryTraces CMP client and server activity. 739*b077aed3SPierre Pronchery 740*b077aed3SPierre Pronchery=item B<STORE> 741*b077aed3SPierre Pronchery 742*b077aed3SPierre ProncheryTraces STORE operations. 743*b077aed3SPierre Pronchery 744*b077aed3SPierre Pronchery=item B<DECODER> 745*b077aed3SPierre Pronchery 746*b077aed3SPierre ProncheryTraces decoder operations. 747*b077aed3SPierre Pronchery 748*b077aed3SPierre Pronchery=item B<ENCODER> 749*b077aed3SPierre Pronchery 750*b077aed3SPierre ProncheryTraces encoder operations. 751*b077aed3SPierre Pronchery 752*b077aed3SPierre Pronchery=item B<REF_COUNT> 753*b077aed3SPierre Pronchery 754*b077aed3SPierre ProncheryTraces decrementing certain ASN.1 structure references. 755*b077aed3SPierre Pronchery 756*b077aed3SPierre Pronchery=back 757e71b7053SJung-uk Kim 758e71b7053SJung-uk Kim=back 759e71b7053SJung-uk Kim 760e71b7053SJung-uk Kim=head1 SEE ALSO 761e71b7053SJung-uk Kim 762*b077aed3SPierre ProncheryL<openssl-asn1parse(1)>, 763*b077aed3SPierre ProncheryL<openssl-ca(1)>, 764*b077aed3SPierre ProncheryL<openssl-ciphers(1)>, 765*b077aed3SPierre ProncheryL<openssl-cms(1)>, 766*b077aed3SPierre ProncheryL<openssl-crl(1)>, 767*b077aed3SPierre ProncheryL<openssl-crl2pkcs7(1)>, 768*b077aed3SPierre ProncheryL<openssl-dgst(1)>, 769*b077aed3SPierre ProncheryL<openssl-dhparam(1)>, 770*b077aed3SPierre ProncheryL<openssl-dsa(1)>, 771*b077aed3SPierre ProncheryL<openssl-dsaparam(1)>, 772*b077aed3SPierre ProncheryL<openssl-ec(1)>, 773*b077aed3SPierre ProncheryL<openssl-ecparam(1)>, 774*b077aed3SPierre ProncheryL<openssl-enc(1)>, 775*b077aed3SPierre ProncheryL<openssl-engine(1)>, 776*b077aed3SPierre ProncheryL<openssl-errstr(1)>, 777*b077aed3SPierre ProncheryL<openssl-gendsa(1)>, 778*b077aed3SPierre ProncheryL<openssl-genpkey(1)>, 779*b077aed3SPierre ProncheryL<openssl-genrsa(1)>, 780*b077aed3SPierre ProncheryL<openssl-kdf(1)>, 781*b077aed3SPierre ProncheryL<openssl-list(1)>, 782*b077aed3SPierre ProncheryL<openssl-mac(1)>, 783*b077aed3SPierre ProncheryL<openssl-nseq(1)>, 784*b077aed3SPierre ProncheryL<openssl-ocsp(1)>, 785*b077aed3SPierre ProncheryL<openssl-passwd(1)>, 786*b077aed3SPierre ProncheryL<openssl-pkcs12(1)>, 787*b077aed3SPierre ProncheryL<openssl-pkcs7(1)>, 788*b077aed3SPierre ProncheryL<openssl-pkcs8(1)>, 789*b077aed3SPierre ProncheryL<openssl-pkey(1)>, 790*b077aed3SPierre ProncheryL<openssl-pkeyparam(1)>, 791*b077aed3SPierre ProncheryL<openssl-pkeyutl(1)>, 792*b077aed3SPierre ProncheryL<openssl-prime(1)>, 793*b077aed3SPierre ProncheryL<openssl-rand(1)>, 794*b077aed3SPierre ProncheryL<openssl-rehash(1)>, 795*b077aed3SPierre ProncheryL<openssl-req(1)>, 796*b077aed3SPierre ProncheryL<openssl-rsa(1)>, 797*b077aed3SPierre ProncheryL<openssl-rsautl(1)>, 798*b077aed3SPierre ProncheryL<openssl-s_client(1)>, 799*b077aed3SPierre ProncheryL<openssl-s_server(1)>, 800*b077aed3SPierre ProncheryL<openssl-s_time(1)>, 801*b077aed3SPierre ProncheryL<openssl-sess_id(1)>, 802*b077aed3SPierre ProncheryL<openssl-smime(1)>, 803*b077aed3SPierre ProncheryL<openssl-speed(1)>, 804*b077aed3SPierre ProncheryL<openssl-spkac(1)>, 805*b077aed3SPierre ProncheryL<openssl-srp(1)>, 806*b077aed3SPierre ProncheryL<openssl-storeutl(1)>, 807*b077aed3SPierre ProncheryL<openssl-ts(1)>, 808*b077aed3SPierre ProncheryL<openssl-verify(1)>, 809*b077aed3SPierre ProncheryL<openssl-version(1)>, 810*b077aed3SPierre ProncheryL<openssl-x509(1)>, 811*b077aed3SPierre ProncheryL<config(5)>, 812*b077aed3SPierre ProncheryL<crypto(7)>, 813*b077aed3SPierre ProncheryL<openssl-env(7)>. 814*b077aed3SPierre ProncheryL<ssl(7)>, 815*b077aed3SPierre ProncheryL<x509v3_config(5)> 816*b077aed3SPierre Pronchery 817e71b7053SJung-uk Kim 818e71b7053SJung-uk Kim=head1 HISTORY 819e71b7053SJung-uk Kim 820*b077aed3SPierre ProncheryThe B<list> -I<XXX>B<-algorithms> options were added in OpenSSL 1.0.0; 821e71b7053SJung-uk KimFor notes on the availability of other commands, see their individual 822e71b7053SJung-uk Kimmanual pages. 823e71b7053SJung-uk Kim 824*b077aed3SPierre ProncheryThe B<-issuer_checks> option is deprecated as of OpenSSL 1.1.0 and 825*b077aed3SPierre Proncheryis silently ignored. 826*b077aed3SPierre Pronchery 827*b077aed3SPierre ProncheryThe B<-xcertform> and B<-xkeyform> options 828*b077aed3SPierre Proncheryare obsolete since OpenSSL 3.0 and have no effect. 829*b077aed3SPierre Pronchery 830*b077aed3SPierre ProncheryThe interactive mode, which could be invoked by running C<openssl> 831*b077aed3SPierre Proncherywith no further arguments, was removed in OpenSSL 3.0, and running 832*b077aed3SPierre Proncherythat program with no arguments is now equivalent to C<openssl help>. 833*b077aed3SPierre Pronchery 834e71b7053SJung-uk Kim=head1 COPYRIGHT 835e71b7053SJung-uk Kim 836*b077aed3SPierre ProncheryCopyright 2000-2023 The OpenSSL Project Authors. All Rights Reserved. 837e71b7053SJung-uk Kim 838*b077aed3SPierre ProncheryLicensed under the Apache License 2.0 (the "License"). You may not use 839e71b7053SJung-uk Kimthis file except in compliance with the License. You can obtain a copy 840e71b7053SJung-uk Kimin the file LICENSE in the source distribution or at 841e71b7053SJung-uk KimL<https://www.openssl.org/source/license.html>. 842e71b7053SJung-uk Kim 843e71b7053SJung-uk Kim=cut 844