Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages


home | help
OPENSSL(1)                          OpenSSL                         OPENSSL(1)

       openssl - OpenSSL command line tool

       ooppeennssssll command [ command_opts ] [ command_args ]

       ooppeennssssll [ lliisstt--ssttaannddaarrdd--ccoommmmaannddss | lliisstt--mmeessssaaggee--ddiiggeesstt--ccoommmmaannddss | lliisstt--
       cciipphheerr--ccoommmmaannddss ]

       ooppeennssssll nnoo--XXX [ arbitrary options ]

       OpenSSL is a cryptography toolkit implementing the Secure Sockets Layer
       (SSL v2/v3) and Transport Layer Security (TLS v1) network protocols and
       related cryptography standards required by them.

       The ooppeennssssll program is a command line tool for using the various cryp-
       tography functions of OpenSSL's ccrryyppttoo library from the shell.  It can
       be used for

        o  Creation of RSA, DH and DSA key parameters
        o  Creation of X.509 certificates, CSRs and CRLs
        o  Calculation of Message Digests
        o  Encryption and Decryption with Ciphers
        o  SSL/TLS Client and Server Tests
        o  Handling of S/MIME signed or encrypted mail

       The ooppeennssssll program provides a rich variety of commands (command in the
       SYNOPSIS above), each of which often has a wealth of options and argu-
       ments (command_opts and command_args in the SYNOPSIS).

       The pseudo-commands lliisstt--ssttaannddaarrdd--ccoommmmaannddss, lliisstt--mmeessssaaggee--ddiiggeesstt--ccoomm--
       mmaannddss, and lliisstt--cciipphheerr--ccoommmmaannddss output a list (one entry per line) of
       the names of all standard commands, message digest commands, or cipher
       commands, respectively, that are available in the present ooppeennssssll util-

       The pseudo-command nnoo--XXX tests whether a command of the specified name
       is available.  If no command named XXX exists, it returns 0 (success)
       and prints nnoo--XXX; otherwise it returns 1 and prints XXX.  In both
       cases, the output goes to ssttddoouutt and nothing is printed to ssttddeerrrr.
       Additional command line arguments are always ignored.  Since for each
       cipher there is a command of the same name, this provides an easy way
       for shell scripts to test for the availability of ciphers in the
       ooppeennssssll program.  (nnoo--XXX is not able to detect pseudo-commands such as
       qquuiitt, lliisstt--...--ccoommmmaannddss, or nnoo--XXX itself.)


       aassnn11ppaarrssee Parse an ASN.1 sequence.

       ccaa        Certificate Authority (CA) Management.

       cciipphheerrss   Cipher Suite Description Determination.

       ccrrll       Certificate Revocation List (CRL) Management.

       ccrrll22ppkkccss77 CRL to PKCS#7 Conversion.

       ddggsstt      Message Digest Calculation.

       ddhh        Diffie-Hellman Parameter Management.  Obsoleted by ddhhppaarraamm.

       ddssaa       DSA Data Management.

       ddssaappaarraamm  DSA Parameter Generation.

       eenncc       Encoding with Ciphers.

       eerrrrssttrr    Error Number to Error String Conversion.

       ddhhppaarraamm   Generation and Management of Diffie-Hellman Parameters.

       ggeennddhh     Generation of Diffie-Hellman Parameters.  Obsoleted by

       ggeennddssaa    Generation of DSA Parameters.

       ggeennrrssaa    Generation of RSA Parameters.

       ooccsspp      Online Certificate Status Protocol utility.

       ppaasssswwdd    Generation of hashed passwords.

       ppkkccss1122    PKCS#12 Data Management.

       ppkkccss77     PKCS#7 Data Management.

       rraanndd      Generate pseudo-random bytes.

       rreeqq       X.509 Certificate Signing Request (CSR) Management.

       rrssaa       RSA Data Management.

       rrssaauuttll    RSA utility for signing, verification, encryption, and

       ss_cclliieenntt  This implements a generic SSL/TLS client which can establish
                 a transparent connection to a remote server speaking SSL/TLS.
                 It's intended for testing purposes only and provides only
                 rudimentary interface functionality but internally uses
                 mostly all functionality of the OpenSSL ssssll library.

       ss_sseerrvveerr  This implements a generic SSL/TLS server which accepts con-
                 nections from remote clients speaking SSL/TLS. It's intended
                 for testing purposes only and provides only rudimentary
                 interface functionality but internally uses mostly all func-
                 tionality of the OpenSSL ssssll library.  It provides both an
                 own command line oriented protocol for testing SSL functions
                 and a simple HTTP response facility to emulate an SSL/TLS-
                 aware webserver.

       ss_ttiimmee    SSL Connection Timer.

       sseessss_iidd   SSL Session Data Management.

       ssmmiimmee     S/MIME mail processing.

       ssppeeeedd     Algorithm Speed Measurement.

       vveerriiffyy    X.509 Certificate Verification.

       vveerrssiioonn   OpenSSL Version Information.

       xx550099      X.509 Certificate Data Management.


       mmdd22       MD2 Digest

       mmdd55       MD5 Digest

       mmddcc22      MDC2 Digest

       rrmmdd116600    RMD-160 Digest

       sshhaa       SHA Digest

       sshhaa11      SHA-1 Digest


       bbaassee6644    Base64 Encoding

       bbff bbff--ccbbcc bbff--ccffbb bbff--eeccbb bbff--ooffbb
                 Blowfish Cipher

       ccaasstt ccaasstt--ccbbcc
                 CAST Cipher

       ccaasstt55--ccbbcc ccaasstt55--ccffbb ccaasstt55--eeccbb ccaasstt55--ooffbb
                 CAST5 Cipher

       ddeess ddeess--ccbbcc ddeess--ccffbb ddeess--eeccbb ddeess--eeddee ddeess--eeddee--ccbbcc ddeess--eeddee--ccffbb ddeess--eeddee--ooffbb
                 DES Cipher

       ddeess33 ddeessxx ddeess--eeddee33 ddeess--eeddee33--ccbbcc ddeess--eeddee33--ccffbb ddeess--eeddee33--ooffbb
                 Triple-DES Cipher

       iiddeeaa iiddeeaa--ccbbcc iiddeeaa--ccffbb iiddeeaa--eeccbb iiddeeaa--ooffbb
                 IDEA Cipher

       rrcc22 rrcc22--ccbbcc rrcc22--ccffbb rrcc22--eeccbb rrcc22--ooffbb
                 RC2 Cipher

       rrcc44       RC4 Cipher

       rrcc55 rrcc55--ccbbcc rrcc55--ccffbb rrcc55--eeccbb rrcc55--ooffbb
                 RC5 Cipher

       Several commands accept password arguments, typically using --ppaassssiinn and
       --ppaassssoouutt for input and output passwords respectively. These allow the
       password to be obtained from a variety of sources. Both of these
       options take a single argument whose format is described below. If no
       password argument is given and a password is required then the user is
       prompted to enter one: this will typically be read from the current
       terminal with echoing turned off.

                 the actual password is ppaasssswwoorrdd. Since the password is visi-
                 ble to utilities (like 'ps' under Unix) this form should only
                 be used where security is not important.

       eennvv::vvaarr   obtain the password from the environment variable vvaarr. Since
                 the environment of other processes is visible on certain
                 platforms (e.g. ps under certain Unix OSes) this option
                 should be used with caution.

                 the first line of ppaatthhnnaammee is the password. If the same ppaatthh--
                 nnaammee argument is supplied to --ppaassssiinn and --ppaassssoouutt arguments
                 then the first line will be used for the input password and
                 the next line for the output password. ppaatthhnnaammee need not
                 refer to a regular file: it could for example refer to a
                 device or named pipe.

       ffdd::nnuummbbeerr read the password from the file descriptor nnuummbbeerr. This can
                 be used to send the data via a pipe for example.

       ssttddiinn     read the password from standard input.

       asn1parse(1), ca(1), config(5), crl(1), crl2pkcs7(1), dgst(1),
       dhparam(1), dsa(1), dsaparam(1), enc(1), gendsa(1), genrsa(1), nseq(1),
       openssl(1), passwd(1), pkcs12(1), pkcs7(1), pkcs8(1), rand(1), req(1),
       rsa(1), rsautl(1), s_client(1), s_server(1), smime(1), spkac(1), ver-
       ify(1), version(1), x509(1), crypto(3), ssl(3)

       The openssl(1) document appeared in OpenSSL 0.9.2.  The lliisstt--XXX--ccoomm--
       mmaannddss pseudo-commands were added in OpenSSL 0.9.3; the nnoo--XXX pseudo-
       commands were added in OpenSSL 0.9.5a.  For notes on the availability
       of other commands, see their individual manual pages.

3rd Berkeley Distribution           0.9.7a                          OPENSSL(1)

N | S | D | C | P | S | H

Want to link to this manual page? Use this URL:

home | help