docs: Added All OpenBSD Manuals

1 files changed, 6798 insertions, 0 deletions

diff --git a/static/openbsd/man1/openssl.1 b/static/openbsd/man1/openssl.1
new file mode 100644
index 00000000..20a1d690
--- /dev/null
+++ b/static/openbsd/man1/openssl.1
@@ -0,0 +1,6798 @@
+.\" $OpenBSD: openssl.1,v 1.170 2026/03/14 06:06:48 tb Exp $
+.\" ====================================================================
+.\" Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\"
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\"
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in
+.\"    the documentation and/or other materials provided with the
+.\"    distribution.
+.\"
+.\" 3. All advertising materials mentioning features or use of this
+.\"    software must display the following acknowledgment:
+.\"    "This product includes software developed by the OpenSSL Project
+.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+.\"
+.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+.\"    endorse or promote products derived from this software without
+.\"    prior written permission. For written permission, please contact
+.\"    openssl-core@openssl.org.
+.\"
+.\" 5. Products derived from this software may not be called "OpenSSL"
+.\"    nor may "OpenSSL" appear in their names without prior written
+.\"    permission of the OpenSSL Project.
+.\"
+.\" 6. Redistributions of any form whatsoever must retain the following
+.\"    acknowledgment:
+.\"    "This product includes software developed by the OpenSSL Project
+.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+.\" OF THE POSSIBILITY OF SUCH DAMAGE.
+.\" ====================================================================
+.\"
+.\" This product includes cryptographic software written by Eric Young
+.\" (eay@cryptsoft.com).  This product includes software written by Tim
+.\" Hudson (tjh@cryptsoft.com).
+.\"
+.\"
+.\" Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+.\" All rights reserved.
+.\"
+.\" This package is an SSL implementation written
+.\" by Eric Young (eay@cryptsoft.com).
+.\" The implementation was written so as to conform with Netscapes SSL.
+.\"
+.\" This library is free for commercial and non-commercial use as long as
+.\" the following conditions are aheared to.  The following conditions
+.\" apply to all code found in this distribution, be it the RC4, RSA,
+.\" lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+.\" included with this distribution is covered by the same copyright terms
+.\" except that the holder is Tim Hudson (tjh@cryptsoft.com).
+.\"
+.\" Copyright remains Eric Young's, and as such any Copyright notices in
+.\" the code are not to be removed.
+.\" If this package is used in a product, Eric Young should be given attribution
+.\" as the author of the parts of the library used.
+.\" This can be in the form of a textual message at program startup or
+.\" in documentation (online or textual) provided with the package.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in the
+.\"    documentation and/or other materials provided with the distribution.
+.\" 3. All advertising materials mentioning features or use of this software
+.\"    must display the following acknowledgement:
+.\"    "This product includes cryptographic software written by
+.\"     Eric Young (eay@cryptsoft.com)"
+.\"    The word 'cryptographic' can be left out if the rouines from the library
+.\"    being used are not cryptographic related :-).
+.\" 4. If you include any Windows specific code (or a derivative thereof) from
+.\"    the apps directory (application code) you must include an
+.\"    acknowledgement:
+.\"    "This product includes software written by Tim Hudson
+.\"     (tjh@cryptsoft.com)"
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\"
+.\" The licence and distribution terms for any publically available version or
+.\" derivative of this code cannot be changed.  i.e. this code cannot simply be
+.\" copied and put under another distribution licence
+.\" [including the GNU Public Licence.]
+.\"
+.Dd $Mdocdate: March 14 2026 $
+.Dt OPENSSL 1
+.Os
+.Sh NAME
+.Nm openssl
+.Nd OpenSSL command line tool
+.Sh SYNOPSIS
+.Nm
+.Ar command
+.Op Ar command_opt ...
+.Op Ar command_arg ...
+.Pp
+.Nm
+.Cm list-standard-commands |
+.Cm list-message-digest-commands |
+.Cm list-cipher-commands |
+.Cm list-cipher-algorithms |
+.Cm list-message-digest-algorithms |
+.Cm list-public-key-algorithms
+.Pp
+.Nm
+.Cm no- Ns Ar command
+.Sh DESCRIPTION
+.Nm OpenSSL
+is a cryptography toolkit implementing the
+Transport Layer Security
+.Pq TLS
+network protocol,
+as well as related cryptography standards.
+.Pp
+The
+.Nm
+program is a command line tool for using the various
+cryptography functions of
+.Nm openssl Ns 's
+crypto library from the shell.
+.Pp
+The pseudo-commands
+.Cm list-standard-commands , list-message-digest-commands ,
+and
+.Cm list-cipher-commands
+output a list
+.Pq one entry per line
+of the names of all standard commands, message digest commands,
+or cipher commands, respectively, that are available in the present
+.Nm
+utility.
+.Pp
+The pseudo-commands
+.Cm list-cipher-algorithms
+and
+.Cm list-message-digest-algorithms
+list all cipher and message digest names,
+one entry per line.
+Aliases are listed as:
+.Pp
+.D1 from => to
+.Pp
+The pseudo-command
+.Cm list-public-key-algorithms
+lists all supported public key algorithms.
+.Pp
+The pseudo-command
+.Cm no- Ns Ar command
+tests whether a command of the
+specified name is available.
+If
+.Ar command
+does not exist,
+it returns 0
+and prints
+.Cm no- Ns Ar command ;
+otherwise it returns 1 and prints
+.Ar command .
+In both cases, the output goes to stdout and nothing is printed to stderr.
+Additional command line arguments are always ignored.
+Since for each cipher there is a command of the same name,
+this provides an easy way for shell scripts to test for the
+availability of ciphers in the
+.Nm
+program.
+.Pp
+.Sy Note :
+.Cm no- Ns Ar command
+is not able to detect pseudo-commands such as
+.Cm quit ,
+.Cm list- Ns Ar ... Ns Cm -commands ,
+or
+.Cm no- Ns Ar command
+itself.
+.Tg asn1parse
+.Sh ASN1PARSE
+.Bl -hang -width "openssl asn1parse"
+.It Nm openssl asn1parse
+.Bk -words
+.Op Fl i
+.Op Fl dlimit Ar number
+.Op Fl dump
+.Op Fl genconf Ar file
+.Op Fl genstr Ar str
+.Op Fl in Ar file
+.Op Fl inform Cm der | pem | txt
+.Op Fl length Ar number
+.Op Fl noout
+.Op Fl offset Ar number
+.Op Fl oid Ar file
+.Op Fl out Ar file
+.Op Fl strparse Ar offset
+.Ek
+.El
+.Pp
+The
+.Nm asn1parse
+command is a diagnostic utility that can parse ASN.1 structures.
+It can also be used to extract data from ASN.1 formatted data.
+.Pp
+The options are as follows:
+.Bl -tag -width Ds
+.It Fl dlimit Ar number
+Dump the first
+.Ar number
+bytes of unknown data in hex form.
+.It Fl dump
+Dump unknown data in hex form.
+.It Fl genconf Ar file , Fl genstr Ar str
+Generate encoded data based on string
+.Ar str ,
+file
+.Ar file ,
+or both, using the format described in
+.Xr ASN1_generate_nconf 3 .
+If only
+.Ar file
+is present then the string is obtained from the default section
+using the name
+.Dq asn1 .
+The encoded data is passed through the ASN.1 parser and printed out as
+though it came from a file;
+the contents can thus be examined and written to a file using the
+.Fl out
+option.
+.It Fl i
+Indent the output according to the
+.Qq depth
+of the structures.
+.It Fl in Ar file
+The input file to read from, or standard input if not specified.
+.It Fl inform Cm der | pem | txt
+The input format.
+.It Fl length Ar number
+Number of bytes to parse; the default is until end of file.
+.It Fl noout
+Do not output the parsed version of the input file.
+.It Fl offset Ar number
+Starting offset to begin parsing; the default is start of file.
+.It Fl oid Ar file
+A file containing additional object identifiers
+.Pq OIDs .
+If an OID
+.Pq object identifier
+is not part of
+.Nm openssl Ns 's
+internal table, it will be represented in
+numerical form
+.Pq for example 1.2.3.4 .
+.Pp
+Each line consists of three columns:
+the first column is the OID in numerical format and should be followed by
+whitespace.
+The second column is the
+.Qq short name ,
+which is a single word followed by whitespace.
+The final column is the rest of the line and is the
+.Qq long name .
+.Nm asn1parse
+displays the long name.
+.It Fl out Ar file
+The DER-encoded output file; the default is no encoded output
+(useful when combined with
+.Fl strparse ) .
+.It Fl strparse Ar offset
+Parse the content octets of the ASN.1 object starting at
+.Ar offset .
+This option can be used multiple times to
+.Qq drill down
+into a nested structure.
+.El
+.Tg ca
+.Sh CA
+.Bl -hang -width "openssl ca"
+.It Nm openssl ca
+.Bk -words
+.Op Fl batch
+.Op Fl cert Ar file
+.Op Fl config Ar file
+.Op Fl create_serial
+.Op Fl crl_CA_compromise Ar time
+.Op Fl crl_compromise Ar time
+.Op Fl crl_hold Ar instruction
+.Op Fl crl_reason Ar reason
+.Op Fl crldays Ar days
+.Op Fl crlexts Ar section
+.Op Fl crlhours Ar hours
+.Op Fl crlsec Ar seconds
+.Op Fl days Ar arg
+.Op Fl enddate Ar date
+.Op Fl extensions Ar section
+.Op Fl extfile Ar file
+.Op Fl gencrl
+.Op Fl in Ar file
+.Op Fl infiles
+.Op Fl key Ar password
+.Op Fl keyfile Ar file
+.Op Fl keyform Cm pem | der
+.Op Fl md Ar alg
+.Op Fl multivalue-rdn
+.Op Fl name Ar section
+.Op Fl noemailDN
+.Op Fl notext
+.Op Fl out Ar file
+.Op Fl outdir Ar directory
+.Op Fl passin Ar arg
+.Op Fl policy Ar arg
+.Op Fl preserveDN
+.Op Fl revoke Ar file
+.Op Fl selfsign
+.Op Fl sigopt Ar nm:v
+.Op Fl ss_cert Ar file
+.Op Fl startdate Ar date
+.Op Fl status Ar serial
+.Op Fl subj Ar arg
+.Op Fl updatedb
+.Op Fl utf8
+.Op Fl verbose
+.Ek
+.El
+.Pp
+The
+.Nm ca
+command is a minimal certificate authority (CA) application.
+It can be used to sign certificate requests in a variety of forms
+and generate certificate revocation lists (CRLs).
+It also maintains a text database of issued certificates and their status.
+.Pp
+The options relevant to CAs are as follows:
+.Bl -tag -width "XXXX"
+.It Fl batch
+Batch mode.
+In this mode no questions will be asked
+and all certificates will be certified automatically.
+.It Fl cert Ar file
+The CA certificate file.
+.It Fl config Ar file
+Specify an alternative configuration file.
+.It Fl create_serial
+If reading the serial from the text file as specified in the
+configuration fails, create a new random serial to be used as the
+next serial number.
+.It Fl days Ar arg
+The number of days to certify the certificate for.
+.It Fl enddate Ar date
+Set the expiry date.
+The format of the date is [YY]YYMMDDHHMMSSZ,
+with all four year digits required for dates from 2050 onwards.
+.It Fl extensions Ar section
+The section of the configuration file containing certificate extensions
+to be added when a certificate is issued (defaults to
+.Cm x509_extensions
+unless the
+.Fl extfile
+option is used).
+If no extension section is present, a V1 certificate is created.
+If the extension section is present
+.Pq even if it is empty ,
+then a V3 certificate is created.
+See the
+.Xr x509v3.cnf 5
+manual page for details of the extension section format.
+.It Fl extfile Ar file
+An additional configuration
+.Ar file
+to read certificate extensions from
+(using the default section unless the
+.Fl extensions
+option is also used).
+.It Fl in Ar file
+An input
+.Ar file
+containing a single certificate request to be signed by the CA.
+.It Fl infiles
+If present, this should be the last option; all subsequent arguments
+are assumed to be the names of files containing certificate requests.
+.It Fl key Ar password
+The
+.Fa password
+used to encrypt the private key.
+Since on some systems the command line arguments are visible,
+this option should be used with caution.
+.It Fl keyfile Ar file
+The private key to sign requests with.
+.It Fl keyform Cm pem | der
+Private key file format.
+The default is
+.Cm pem .
+.It Fl md Ar alg
+The message digest to use.
+Possible values include
+.Ar md5
+and
+.Ar sha1 .
+This option also applies to CRLs.
+.It Fl multivalue-rdn
+This option causes the
+.Fl subj
+argument to be interpreted with full support for multivalued RDNs,
+for example
+.Qq "/DC=org/DC=OpenSSL/DC=users/UID=123456+CN=John Doe" .
+If
+.Fl multivalue-rdn
+is not used, the UID value is set to
+.Qq "123456+CN=John Doe" .
+.It Fl name Ar section
+Specifies the configuration file
+.Ar section
+to use (overrides
+.Cm default_ca
+in the
+.Cm ca
+section).
+.It Fl noemailDN
+The DN of a certificate can contain the EMAIL field if present in the
+request DN, however it is good policy just having the email set into
+the
+.Cm altName
+extension of the certificate.
+When this option is set, the EMAIL field is removed from the certificate's
+subject and set only in the, eventually present, extensions.
+The
+.Ar email_in_dn
+keyword can be used in the configuration file to enable this behaviour.
+.It Fl notext
+Don't output the text form of a certificate to the output file.
+.It Fl out Ar file
+The output file to output certificates to.
+The default is standard output.
+The certificate details will also be printed out to this file in
+PEM format.
+.It Fl outdir Ar directory
+The
+.Ar directory
+to output certificates to.
+The certificate will be written to a file consisting of the
+serial number in hex with
+.Qq .pem
+appended.
+.It Fl passin Ar arg
+The key password source.
+.It Fl policy Ar arg
+Define the CA
+.Qq policy
+to use.
+The policy section in the configuration file
+consists of a set of variables corresponding to certificate DN fields.
+The values may be one of
+.Qq match
+(the value must match the same field in the CA certificate),
+.Qq supplied
+(the value must be present), or
+.Qq optional
+(the value may be present).
+Any fields not mentioned in the policy section
+are silently deleted, unless the
+.Fl preserveDN
+option is set,
+but this can be regarded more of a quirk than intended behaviour.
+.It Fl preserveDN
+Normally, the DN order of a certificate is the same as the order of the
+fields in the relevant policy section.
+When this option is set, the order is the same as the request.
+This is largely for compatibility with the older IE enrollment control
+which would only accept certificates if their DNs matched the order of the
+request.
+This is not needed for Xenroll.
+.It Fl selfsign
+Indicates the issued certificates are to be signed with the key the
+certificate requests were signed with, given with
+.Fl keyfile .
+Certificate requests signed with a different key are ignored.
+If
+.Fl gencrl
+or
+.Fl ss_cert
+are given,
+.Fl selfsign
+is ignored.
+.Pp
+A consequence of using
+.Fl selfsign
+is that the self-signed certificate appears among the entries in
+the certificate database (see the configuration option
+.Cm database )
+and uses the same serial number counter as all other certificates
+signed with the self-signed certificate.
+.It Fl sigopt Ar nm:v
+Pass options to the signature algorithm during sign or certify operations.
+The names and values of these options are algorithm-specific.
+.It Fl ss_cert Ar file
+A single self-signed certificate to be signed by the CA.
+.It Fl startdate Ar date
+Set the start date.
+The format of the date is [YY]YYMMDDHHMMSSZ,
+with all four year digits required for dates from 2050 onwards.
+.It Fl subj Ar arg
+Supersedes the subject name given in the request.
+The
+.Ar arg
+must be formatted as
+.Sm off
+.Pf / Ar type0 Ns = Ar value0 Ns / Ar type 1 Ns = Ar value 1 Ns /
+.Ar type2 Ns = Ar ... ;
+.Sm on
+characters may be escaped by
+.Sq \e
+.Pq backslash ,
+no spaces are skipped.
+.It Fl utf8
+Interpret field values read from a terminal or obtained from a
+configuration file as UTF-8 strings.
+By default, they are interpreted as ASCII.
+.It Fl verbose
+Print extra details about the operations being performed.
+.El
+.Pp
+The options relevant to CRLs are as follows:
+.Bl -tag -width "XXXX"
+.It Fl crl_CA_compromise Ar time
+This is the same as
+.Fl crl_compromise ,
+except the revocation reason is set to CACompromise.
+.It Fl crl_compromise Ar time
+Set the revocation reason to keyCompromise and the compromise time to
+.Ar time .
+.Ar time
+should be in GeneralizedTime format, i.e. YYYYMMDDHHMMSSZ.
+.It Fl crl_hold Ar instruction
+Set the CRL revocation reason code to certificateHold and the hold
+instruction to
+.Ar instruction
+which must be an OID.
+Although any OID can be used, only holdInstructionNone
+(the use of which is discouraged by RFC 2459), holdInstructionCallIssuer or
+holdInstructionReject will normally be used.
+.It Fl crl_reason Ar reason
+Revocation reason, where
+.Ar reason
+is one of:
+unspecified, keyCompromise, CACompromise, affiliationChanged, superseded,
+cessationOfOperation, certificateHold or removeFromCRL.
+The matching of
+.Ar reason
+is case insensitive.
+Setting any revocation reason will make the CRL v2.
+In practice, removeFromCRL is not particularly useful because it is only used
+in delta CRLs which are not currently implemented.
+.It Fl crldays Ar days
+The number of days before the next CRL is due.
+This is the days from now to place in the CRL
+.Cm nextUpdate
+field.
+.It Fl crlexts Ar section
+The
+.Ar section
+of the configuration file containing CRL extensions to include.
+If no CRL extension section is present then a V1 CRL is created;
+if the CRL extension section is present
+(even if it is empty)
+then a V2 CRL is created.
+The CRL extensions specified are CRL extensions and not CRL entry extensions.
+It should be noted that some software can't handle V2 CRLs.
+See the
+.Xr x509v3.cnf 5
+manual page for details of the extension section format.
+.It Fl crlhours Ar hours
+The number of hours before the next CRL is due.
+.It Fl crlsec Ar seconds
+The number of seconds before the next CRL is due.
+.It Fl gencrl
+Generate a CRL based on information in the index file.
+.It Fl revoke Ar file
+A
+.Ar file
+containing a certificate to revoke.
+.It Fl status Ar serial
+Show the status of the certificate with serial number
+.Ar serial .
+.It Fl updatedb
+Update the database index to purge expired certificates.
+.El
+.Pp
+Many of the options can be set in the
+.Cm ca
+section of the configuration file
+(or in the default section of the configuration file),
+specified using
+.Cm default_ca
+or
+.Fl name .
+The
+.Cm preserve
+option is read directly from the
+.Cm ca
+section.
+.Pp
+Many of the configuration file options are identical to command line
+options.
+Where the option is present in the configuration file and the command line,
+the command line value is used.
+Where an option is described as mandatory, then it must be present in
+the configuration file or the command line equivalent
+.Pq if any
+used.
+.Bl -tag -width "XXXX"
+.It Cm certificate
+The same as
+.Fl cert .
+It gives the file containing the CA certificate.
+Mandatory.
+.It Cm copy_extensions
+Determines how extensions in certificate requests should be handled.
+If set to
+.Cm none
+or this option is not present, then extensions are
+ignored and not copied to the certificate.
+If set to
+.Cm copy ,
+then any extensions present in the request that are not already present
+are copied to the certificate.
+If set to
+.Cm copyall ,
+then all extensions in the request are copied to the certificate:
+if the extension is already present in the certificate it is deleted first.
+.Pp
+The
+.Cm copy_extensions
+option should be used with caution.
+If care is not taken, it can be a security risk.
+For example, if a certificate request contains a
+.Cm basicConstraints
+extension with CA:TRUE and the
+.Cm copy_extensions
+value is set to
+.Cm copyall
+and the user does not spot
+this when the certificate is displayed, then this will hand the requester
+a valid CA certificate.
+.Pp
+This situation can be avoided by setting
+.Cm copy_extensions
+to
+.Cm copy
+and including
+.Cm basicConstraints
+with CA:FALSE in the configuration file.
+Then if the request contains a
+.Cm basicConstraints
+extension, it will be ignored.
+.Pp
+The main use of this option is to allow a certificate request to supply
+values for certain extensions such as
+.Cm subjectAltName .
+.It Cm crl_extensions
+The same as
+.Fl crlexts .
+.It Cm crlnumber
+A text file containing the next CRL number to use in hex.
+The CRL number will be inserted in the CRLs only if this file exists.
+If this file is present, it must contain a valid CRL number.
+.It Cm database
+The text database file to use.
+Mandatory.
+This file must be present, though initially it will be empty.
+.It Cm default_crl_hours , default_crl_days
+The same as the
+.Fl crlhours
+and
+.Fl crldays
+options.
+These will only be used if neither command line option is present.
+At least one of these must be present to generate a CRL.
+.It Cm default_days
+The same as the
+.Fl days
+option.
+The number of days to certify a certificate for.
+.It Cm default_enddate
+The same as the
+.Fl enddate
+option.
+Either this option or
+.Cm default_days
+.Pq or the command line equivalents
+must be present.
+.It Cm default_md
+The same as the
+.Fl md
+option.
+The message digest to use.
+Mandatory.
+.It Cm default_startdate
+The same as the
+.Fl startdate
+option.
+The start date to certify a certificate for.
+If not set, the current time is used.
+.It Cm email_in_dn
+The same as
+.Fl noemailDN .
+If the EMAIL field is to be removed from the DN of the certificate,
+simply set this to
+.Qq no .
+If not present, the default is to allow for the EMAIL field in the
+certificate's DN.
+.It Cm name_opt , cert_opt
+These options allow the format used to display the certificate details
+when asking the user to confirm signing.
+All the options supported by the
+.Nm x509
+utilities'
+.Fl nameopt
+and
+.Fl certopt
+switches can be used here, except that
+.Cm no_signame
+and
+.Cm no_sigdump
+are permanently set and cannot be disabled
+(this is because the certificate signature cannot be displayed because
+the certificate has not been signed at this point).
+.Pp
+For convenience, the value
+.Cm ca_default
+is accepted by both to produce a reasonable output.
+.Pp
+If neither option is present, the format used in earlier versions of
+.Nm openssl
+is used.
+Use of the old format is strongly discouraged
+because it only displays fields mentioned in the
+.Cm policy
+section,
+mishandles multicharacter string types and does not display extensions.
+.It Cm new_certs_dir
+The same as the
+.Fl outdir
+command line option.
+It specifies the directory where new certificates will be placed.
+Mandatory.
+.It Cm oid_file
+This specifies a file containing additional object identifiers.
+Each line of the file should consist of the numerical form of the
+object identifier followed by whitespace, then the short name followed
+by whitespace and finally the long name.
+.It Cm oid_section
+This specifies a section in the configuration file containing extra
+object identifiers.
+Each line should consist of the short name of the object identifier
+followed by
+.Sq =
+and the numerical form.
+The short and long names are the same when this option is used.
+.It Cm policy
+The same as
+.Fl policy .
+Mandatory.
+.It Cm preserve
+The same as
+.Fl preserveDN .
+.It Cm private_key
+Same as the
+.Fl keyfile
+option.
+The file containing the CA private key.
+Mandatory.
+.It Cm serial
+A text file containing the next serial number to use in hex.
+Mandatory.
+This file must be present and contain a valid serial number.
+.It Cm unique_subject
+If the value
+.Cm yes
+is given, the valid certificate entries in the
+database must have unique subjects.
+If the value
+.Cm no
+is given,
+several valid certificate entries may have the exact same subject.
+The default value is
+.Cm yes .
+.Pp
+Note that it is valid in some circumstances for certificates to be created
+without any subject.
+In cases where there are multiple certificates without
+subjects this does not count as a duplicate.
+.It Cm x509_extensions
+The same as
+.Fl extensions .
+.El
+.Tg certhash
+.Sh CERTHASH
+.Bl -hang -width "openssl certhash"
+.It Nm openssl certhash
+.Bk -words
+.Op Fl nv
+.Ar dir ...
+.Ek
+.El
+.Pp
+The
+.Nm certhash
+command calculates a hash value of
+.Qq .pem
+file in the specified directory list and creates symbolic links for each file,
+where the name of the link is the hash value.
+See the
+.Xr SSL_CTX_load_verify_locations 3
+manual page for how hash links are used.
+.Pp
+The links created are of the form
+.Qq HHHHHHHH.D ,
+where each
+.Sq H
+is a hexadecimal character and
+.Sq D
+is a single decimal digit.
+The hashes for CRLs look similar, except the letter
+.Sq r
+appears after the period, like this:
+.Qq HHHHHHHH.rD .
+When processing a directory,
+.Nm certhash
+will first remove all links that have a name in that syntax and invalid
+reference.
+.Pp
+Multiple objects may have the same hash; they will be indicated by
+incrementing the
+.Sq D
+value.
+Duplicates are found by comparing the full SHA256 fingerprint.
+A warning will be displayed if a duplicate is found.
+.Pp
+A warning will also be displayed if there are files that cannot be parsed as
+either a certificate or a CRL.
+.Pp
+The options are as follows:
+.Bl -tag -width Ds
+.It Fl n
+Perform a dry-run, and do not make any changes.
+.It Fl v
+Print extra details about the processing.
+.It Ar dir ...
+Specify the directories to process.
+.El
+.Tg ciphers
+.Sh CIPHERS
+.Nm openssl ciphers
+.Op Fl hsVv
+.Op Fl tls1_2
+.Op Fl tls1_3
+.Op Ar control
+.Pp
+The
+.Nm ciphers
+command converts the
+.Ar control
+string from the format documented in
+.Xr SSL_CTX_set_cipher_list 3
+into an ordered SSL cipher suite preference list.
+If no
+.Ar control
+string is specified, the
+.Cm DEFAULT
+list is printed.
+.Pp
+The options are as follows:
+.Bl -tag -width Ds
+.It Fl h , \&?
+Print a brief usage message.
+.It Fl s
+Only list ciphers that are supported by the TLS method.
+.It Fl tls1_2 | tls1_3
+In combination with the
+.Fl s
+option, list the ciphers which could be used
+if the specified protocol version were negotiated.
+.It Fl V
+Verbose.
+List ciphers with cipher suite code in hex format,
+cipher name, and a complete description of protocol version,
+key exchange, authentication, encryption, and mac algorithms.
+.It Fl v
+Like
+.Fl V ,
+but without cipher suite codes.
+.El
+.Tg cms
+.Sh CMS
+.Bl -hang -width "openssl cms"
+.It Nm openssl cms
+.Bk -words
+.Oo
+.Fl aes128 | aes192 | aes256 | camellia128 |
+.Fl camellia192 | camellia256 | des | des3 |
+.Fl rc2-40 | rc2-64 | rc2-128
+.Oc
+.Op Fl CAfile Ar file
+.Op Fl CApath Ar directory
+.Op Fl CRLfile Ar file
+.Op Fl binary
+.Op Fl certfile Ar file
+.Op Fl certsout Ar file
+.Op Fl cmsout
+.Op Fl content Ar file
+.Op Fl crlfeol
+.Op Fl data_create
+.Op Fl data_out
+.Op Fl debug_decrypt
+.Op Fl decrypt
+.Op Fl digest_create
+.Op Fl digest_verify
+.Op Fl econtent_type Ar type
+.Op Fl encrypt
+.Op Fl EncryptedData_decrypt
+.Op Fl EncryptedData_encrypt
+.Op Fl from Ar addr
+.Op Fl in Ar file
+.Op Fl inform Cm der | pem | smime
+.Op Fl inkey Ar file
+.Op Fl keyform Cm der | pem
+.Op Fl keyid
+.Op Fl keyopt Ar nm:v
+.Op Fl md Ar digest
+.Op Fl no_attr_verify
+.Op Fl no_content_verify
+.Op Fl no_signer_cert_verify
+.Op Fl noattr
+.Op Fl nocerts
+.Op Fl nodetach
+.Op Fl nointern
+.Op Fl nooldmime
+.Op Fl noout
+.Op Fl nosigs
+.Op Fl nosmimecap
+.Op Fl noverify
+.Op Fl out Ar file
+.Op Fl outform Cm der | pem | smime
+.Op Fl passin Ar src
+.Op Fl print
+.Op Fl pwri_password Ar arg
+.Op Fl rctform Cm der | pem | smime
+.Op Fl receipt_request_all | receipt_request_first
+.Op Fl receipt_request_from Ar addr
+.Op Fl receipt_request_print
+.Op Fl receipt_request_to Ar addr
+.Op Fl recip Ar file
+.Op Fl resign
+.Op Fl secretkey Ar key
+.Op Fl secretkeyid Ar id
+.Op Fl sign
+.Op Fl sign_receipt
+.Op Fl signer Ar file
+.Op Fl stream | indef | noindef
+.Op Fl subject Ar s
+.Op Fl text
+.Op Fl to Ar addr
+.Op Fl verify
+.Op Fl verify_receipt Ar file
+.Op Fl verify_retcode
+.Op Ar cert.pem ...
+.Ek
+.El
+.Pp
+The
+.Nm cms
+command handles S/MIME v3.1 mail.
+It can encrypt, decrypt, sign and verify S/MIME messages.
+.Pp
+The MIME message must be sent without any blank lines between the headers and
+the output.
+Some mail programs will automatically add a blank line.
+Piping the mail directly to sendmail is one way to achieve the correct format.
+.Pp
+The supplied message to be signed or encrypted must include the necessary MIME
+headers or many S/MIME clients won't display it properly (if at all).
+You can use the
+.Fl text
+option to automatically add plain text headers.
+.Pp
+A "signed and encrypted" message is one where a signed message is then
+encrypted.
+This can be produced by encrypting an already signed message.
+.Pp
+There are various operation options that set the type of operation to be
+performed.
+The meaning of the other options varies according to the operation type.
+.Bl -tag -width "XXXX"
+.It Fl encrypt
+Encrypt mail for the given recipient certificates.
+Input file is the message to be encrypted.
+The output file is the encrypted mail in MIME format.
+The actual CMS type is EnvelopedData.
+Note that no revocation check is done for the recipient cert, so if that
+key has been compromised, others may be able to decrypt the text.
+.It Fl decrypt
+Decrypt mail using the supplied certificate and private key.
+Expects an encrypted mail message in MIME format for the input file.
+The decrypted mail is written to the output file.
+.It Fl sign
+Sign mail using the supplied certificate and private key.
+Input file is the message to be signed.
+The signed message in MIME format is written to the output file.
+.It Fl verify
+Verify signed mail.
+Expects a signed mail message on input and outputs the signed data.
+Both clear text and opaque signing are supported.
+.It Fl cmsout
+Take an input message and write out a PEM encoded CMS structure.
+.It Fl resign
+Resign a message.
+Take an existing message and one or more new signers.
+This operation uses an existing message digest when adding a new signer.
+This means that attributes must be present in at least one existing
+signer using the same message digest or this operation will fail.
+.It Fl data_create
+Create a CMS Data type.
+.It Fl data_out
+Output a content from the input CMS Data type.
+.It Fl digest_create
+Create a CMS DigestedData type.
+.It Fl digest_verify
+Verify a CMS DigestedData type and output the content.
+.It Fl EncryptedData_encrypt
+Encrypt a content using supplied symmetric key and algorithm using a
+CMS EncryptedData type.
+.It Fl EncryptedData_decrypt
+Decrypt a CMS EncryptedData type using supplied symmetric key.
+.It Fl sign_receipt
+Generate and output a signed receipt for the supplied message.
+The input message must contain a signed receipt request.
+Functionality is otherwise similar to the
+.Fl sign
+operation.
+.It Xo
+.Fl verify_receipt Ar file
+.Xc
+Verify a signed receipt in file.
+The input message must contain the original receipt request.
+Functionality is otherwise similar to the
+.Fl verify
+operation.
+.El
+.Pp
+The remaining options are as follows:
+.Bl -tag -width "XXXX"
+.It Xo
+.Fl aes128 | aes192 | aes256 | camellia128 |
+.Fl camellia192 | camellia256 | des | des3 |
+.Fl rc2-40 | rc2-64 | rc2-128
+.Xc
+The encryption algorithm to use.
+128-, 192-, or 256-bit AES, 128-, 192-, or 256-bit CAMELLIA,
+DES (56 bits), triple DES (168 bits),
+or 40-, 64-, or 128-bit RC2, respectively;
+if not specified, 256-bit AES is
+used.
+Only used with
+.Fl encrypt
+and
+.Fl EncryptedData_encrypt
+commands.
+.It Fl binary
+Normally the input message is converted to "canonical" format which is
+effectively using CR/LF as end of line, as required by the S/MIME specification.
+When this option is present, no translation occurs.
+This is useful when handling binary data which may not be in MIME format.
+.It Fl CAfile Ar file
+A file containing trusted CA certificates, used with
+.Fl verify
+and
+.Fl verify_receipt .
+.It Fl CApath Ar directory
+A directory containing trusted CA certificates, used with
+.Fl verify
+and
+.Fl verify_receipt .
+This directory must be a standard certificate directory: that is a hash
+of each subject name (using
+.Nm x509 Fl hash )
+should be linked to each certificate.
+.It Fl CRLfile Ar file
+Allows additional certificate revocation lists to be specified for verification.
+The CRLs should be in PEM format.
+.It Ar cert.pem ...
+One or more certificates of message recipients: used when encrypting a message.
+.It Fl certfile Ar file
+Allows additional certificates to be specified.
+When signing, these will be included with the message.
+When verifying, these will be searched for the signer's certificates.
+The certificates should be in PEM format.
+.It Fl certsout Ar file
+A file that any certificates contained in the message are written to.
+.It Xo
+.Fl check_ss_sig ,
+.Fl crl_check ,
+.Fl crl_check_all ,
+.Fl extended_crl ,
+.Fl ignore_critical ,
+.Fl issuer_checks ,
+.Fl policy ,
+.Fl policy_check ,
+.Fl purpose ,
+.Fl x509_strict
+.Xc
+Set various certificate chain validation options.
+See the
+.Nm verify
+command for details.
+.It Fl content Ar file
+A file containing the detached content.
+This is only useful with the
+.Fl verify
+command.
+This is only usable if the CMS structure is using the detached signature
+form where the content is not included.
+This option will override any content if the input format is S/MIME and
+it uses the multipart/signed MIME content type.
+.It Fl crlfeol
+Output a S/MIME message with CR/LF end of line.
+.It Fl debug_decrypt
+Set the CMS_DEBUG_DECRYPT flag when decrypting.
+This option should be used with caution, since this can be used to disable
+the MMA attack protection and return an error if no recipient can be found.
+See the
+.Xr CMS_decrypt 3
+manual page for details of the flag.
+.It Xo
+.Fl from Ar addr ,
+.Fl subject Ar s ,
+.Fl to Ar addr
+.Xc
+The relevant mail headers.
+These are included outside the signed portion of a message so they may
+be included manually.
+If signing then many S/MIME mail clients check the signer's certificate's
+email address matches that specified in the From: address.
+.It Fl econtent_type Ar type
+Set the encapsulated content type, used with
+.Fl sign .
+If not supplied, the Data type is used.
+The type argument can be any valid OID name in either text or numerical format.
+.It Fl in Ar file
+The input message to be encrypted or signed or the message to be decrypted or
+verified.
+.It Fl inform Cm der | pem | smime
+The input format for the CMS structure.
+The default is
+.Cm smime ,
+which reads an S/MIME format message.
+.Cm pem
+and
+.Cm der
+format change this to expect PEM and DER format CMS structures instead.
+This currently only affects the input format of the CMS structure; if no
+CMS structure is being input (for example with
+.Fl encrypt
+or
+.Fl sign )
+this option has no effect.
+.It Fl inkey Ar file
+The private key to use when signing or decrypting.
+This must match the corresponding certificate.
+If this option is not specified then the private key must be included in
+the certificate file specified with the
+.Fl recip
+or
+.Fl signer
+file.
+When signing, this option can be used multiple times to specify successive keys.
+.It Fl keyform Cm der | pem
+Input private key format.
+The default is
+.Cm pem .
+.It Fl keyid
+Use subject key identifier to identify certificates instead of issuer
+name and serial number.
+The supplied certificate must include a subject key identifier extension.
+Supported by
+.Fl sign
+and
+.Fl encrypt
+operations.
+.It Fl keyopt Ar nm:v
+Set customised parameters for the preceding key or certificate
+for encryption and signing.
+It can currently be used to set RSA-PSS for signing, RSA-OAEP for
+encryption or to modify default parameters for ECDH.
+This option can be used multiple times.
+.It Fl md Ar digest
+The digest algorithm to use when signing or resigning.
+If not present then the default digest algorithm for the signing key
+will be used (usually SHA1).
+.It Fl no_attr_verify
+Do not verify the signer's attribute of a signature.
+.It Fl no_content_verify
+Do not verify the content of a signed message.
+.It Fl no_signer_cert_verify
+Do not verify the signer's certificate of a signed message.
+.It Fl noattr
+Do not include attributes.
+Normally when a message is signed a set of attributes are included which
+include the signing time and supported symmetric algorithms.
+With this option they are not included.
+.It Fl nocerts
+Do not include the signer's certificate.
+This will reduce the size of the signed message but the verifier must
+have a copy of the signer's certificate available locally (passed using
+the
+.Fl certfile
+option for example).
+.It Fl nodetach
+When signing a message, use opaque signing.
+This form is more resistant to translation by mail relays but it cannot be
+read by mail agents that do not support S/MIME.
+Without this option cleartext signing with the MIME type multipart/signed is
+used.
+.It Fl nointern
+Only the certificates specified in the
+.Fl certfile
+option are used.
+When verifying a message, normally certificates (if any) included in the
+message are searched for the signing certificate.
+The supplied certificates can still be used as untrusted CAs however.
+.It Fl nooldmime
+Output an old S/MIME content type like "application/x-pkcs7-".
+.It Fl noout
+Do not output the parsed CMS structure for the
+.Fl cmsout
+operation.
+This is useful when combined with the
+.Fl print
+option or if the syntax of the CMS structure is being checked.
+.It Fl nosigs
+Do not try to verify the signatures on the message.
+.It Fl nosmimecap
+Exclude the list of supported algorithms from signed attributes; other
+options such as signing time and content type are still included.
+.It Fl noverify
+Do not verify the signer's certificate of a signed message.
+.It Fl out Ar file
+The message text that has been decrypted or verified or the output MIME
+format message that has been signed or verified.
+.It Fl outform Cm der | pem | smime
+This specifies the output format for the CMS structure.
+The default is
+.Cm smime ,
+which writes an S/MIME format message.
+.Cm pem
+and
+.Cm der
+format change this to write PEM and DER format CMS structures instead.
+This currently only affects the output format of the CMS structure; if
+no CMS structure is being output (for example with
+.Fl verify
+or
+.Fl decrypt )
+this option has no effect.
+.It Fl passin Ar src
+The private key password source.
+.It Fl print
+Print out all fields of the CMS structure for the
+.Fl cmsout
+operation.
+This is mainly useful for testing purposes.
+.It Fl pwri_password Ar arg
+Specify PasswordRecipientInfo (PWRI) password to use.
+Supported by the
+.Fl encrypt
+and
+.Fl decrypt
+operations.
+.It Fl rctform Cm der | pem | smime
+Specify the format for a signed receipt for use with the
+.Fl receipt_verify
+operation.
+The default is
+.Cm smime .
+.It Fl receipt_request_all | receipt_request_first
+Indicate requests should be provided by all recipient or first tier
+recipients (those mailed directly and not from a mailing list), for the
+.Fl sign
+operation to include a signed receipt request.
+Ignored if
+.Fl receipt_request_from
+is included.
+.It Fl receipt_request_from Ar addr
+Add an explicit email address where receipts should be supplied.
+.It Fl receipt_request_print
+Print out the contents of any signed receipt requests for the
+.Fl verify
+operation.
+.It Fl receipt_request_to Ar addr
+Add an explicit email address where signed receipts should be sent to.
+This option must be supplied if a signed receipt is requested.
+.It Fl recip Ar file
+When decrypting a message, this specifies the recipient's certificate.
+The certificate must match one of the recipients of the message or an
+error occurs.
+When encrypting a message, this option may be used multiple times to
+specify each recipient.
+This form must be used if customised parameters are required (for example to
+specify RSA-OAEP).
+Only certificates carrying RSA, Diffie-Hellman or EC keys are supported
+by this option.
+.It Fl secretkey Ar key
+Specify symmetric key to use.
+The key must be supplied in hex format and be consistent with the
+algorithm used.
+Supported by the
+.Fl EncryptedData_encrypt ,
+.Fl EncryptedData_decrypt ,
+.Fl encrypt
+and
+.Fl decrypt
+operations.
+When used with
+.Fl encrypt
+or
+.Fl decrypt ,
+the supplied key is used to wrap or unwrap the content encryption key
+using an AES key in the KEKRecipientInfo type.
+.It Fl secretkeyid Ar id
+The key identifier for the supplied symmetric key for KEKRecipientInfo type.
+This option must be present if the
+.Fl secretkey
+option is used with
+.Fl encrypt .
+With
+.Fl decrypt
+operations the id is used to locate the relevant key; if it is not supplied
+then an attempt is used to decrypt any KEKRecipientInfo structures.
+.It Fl signer Ar file
+A signing certificate when signing or resigning a message; this option
+can be used multiple times if more than one signer is required.
+If a message is being verified then the signers certificates will be
+written to this file if the verification was successful.
+.It Xo
+.Fl stream |
+.Fl indef |
+.Fl noindef
+.Xc
+The
+.Fl stream
+and
+.Fl indef
+options are equivalent and enable streaming I/O for encoding operations.
+This permits single pass processing of data without the need to hold the
+entire contents in memory, potentially supporting very large files.
+Streaming is automatically set for S/MIME signing with detached data if
+the output format is
+.Cm smime ;
+it is currently off by default for all other operations.
+.Fl noindef
+disable streaming I/O where it would produce an indefinite length
+constructed encoding.
+This option currently has no effect.
+.It Fl text
+Add plain text (text/plain) MIME headers to the supplied message if
+encrypting or signing.
+If decrypting or verifying, it strips off text headers: if the decrypted
+or verified message is not of MIME type text/plain then an error occurs.
+.It Fl verify_retcode
+Set verification error code to exit code to indicate what verification error
+has occurred.
+Supported by
+.Fl verify
+operation only.
+Exit code value minus 32 shows verification error code.
+See
+.Nm verify
+command for the list of verification error code.
+.El
+.Pp
+The exit codes for
+.Nm cms
+are as follows:
+.Pp
+.Bl -tag -width "XXXX" -offset 3n -compact
+.It 0
+The operation was completely successful.
+.It 1
+An error occurred parsing the command options.
+.It 2
+One of the input files could not be read.
+.It 3
+An error occurred creating the CMS file or when reading the MIME message.
+.It 4
+An error occurred decrypting or verifying the message.
+.It 5
+The message was verified correctly but an error occurred writing out the
+signer's certificates.
+.It 6
+An error occurred writing the output file.
+.It 32+
+A verify error occurred while
+.Fl verify_retcode
+is specified.
+.El
+.Tg crl
+.Sh CRL
+.Bl -hang -width "openssl crl"
+.It Nm openssl crl
+.Bk -words
+.Op Fl CAfile Ar file
+.Op Fl CApath Ar dir
+.Op Fl crlnumber
+.Op Fl fingerprint
+.Op Fl hash
+.Op Fl hash_old
+.Op Fl in Ar file
+.Op Fl inform Cm der | pem
+.Op Fl issuer
+.Op Fl lastupdate
+.Op Fl nameopt Ar option
+.Op Fl nextupdate
+.Op Fl noout
+.Op Fl out Ar file
+.Op Fl outform Cm der | pem
+.Op Fl text
+.Op Fl verify
+.Ek
+.El
+.Pp
+The
+.Nm crl
+command processes CRL files in DER or PEM format.
+.Pp
+The options are as follows:
+.Bl -tag -width Ds
+.It Fl CAfile Ar file
+Verify the signature on a CRL by looking up the issuing certificate in
+.Ar file .
+.It Fl CApath Ar directory
+Verify the signature on a CRL by looking up the issuing certificate in
+.Ar dir .
+This directory must be a standard certificate directory,
+i.e. a hash of each subject name (using
+.Cm x509 Fl hash )
+should be linked to each certificate.
+.It Fl crlnumber
+Print the CRL number.
+.It Fl fingerprint
+Print the CRL fingerprint.
+.It Fl hash
+Output a hash of the issuer name.
+This can be used to look up CRLs in a directory by issuer name.
+.It Fl hash_old
+Output an old-style (MD5) hash of the issuer name.
+.It Fl in Ar file
+The input file to read from, or standard input if not specified.
+.It Fl inform Cm der | pem
+The input format.
+.It Fl issuer
+Output the issuer name.
+.It Fl lastupdate
+Output the
+.Cm thisUpdate
+field.
+This option is misnamed for historical reasons.
+.It Fl nameopt Ar option
+Specify certificate name options.
+.It Fl nextupdate
+Output the
+.Cm nextUpdate
+field.
+.It Fl noout
+Do not output the encoded version of the CRL.
+.It Fl out Ar file
+The output file to write to, or standard output if not specified.
+.It Fl outform Cm der | pem
+The output format.
+.It Fl text
+Print the CRL in plain text.
+.It Fl verify
+Verify the signature on the CRL.
+.El
+.Tg crl2pkcs7
+.Sh CRL2PKCS7
+.Bl -hang -width "openssl crl2pkcs7"
+.It Nm openssl crl2pkcs7
+.Bk -words
+.Op Fl certfile Ar file
+.Op Fl in Ar file
+.Op Fl inform Cm der | pem
+.Op Fl nocrl
+.Op Fl out Ar file
+.Op Fl outform Cm der | pem
+.Ek
+.El
+.Pp
+The
+.Nm crl2pkcs7
+command takes an optional CRL and one or more
+certificates and converts them into a PKCS#7 degenerate
+.Qq certificates only
+structure.
+.Pp
+The options are as follows:
+.Bl -tag -width Ds
+.It Fl certfile Ar file
+Add the certificates in PEM
+.Ar file
+to the PKCS#7 structure.
+This option can be used more than once
+to read certificates from multiple files.
+.It Fl in Ar file
+Read the CRL from
+.Ar file ,
+or standard input if not specified.
+.It Fl inform Cm der | pem
+The input format.
+.It Fl nocrl
+Normally, a CRL is included in the output file.
+With this option, no CRL is
+included in the output file and a CRL is not read from the input file.
+.It Fl out Ar file
+Write the PKCS#7 structure to
+.Ar file ,
+or standard output if not specified.
+.It Fl outform Cm der | pem
+The output format.
+.El
+.Tg dgst
+.Sh DGST
+.Bl -hang -width "openssl dgst"
+.It Nm openssl dgst
+.Bk -words
+.Op Fl cdr
+.Op Fl binary
+.Op Fl Ar digest
+.Op Fl hex
+.Op Fl hmac Ar key
+.Op Fl keyform Cm pem
+.Op Fl mac Ar algorithm
+.Op Fl macopt Ar nm : Ns Ar v
+.Op Fl out Ar file
+.Op Fl passin Ar arg
+.Op Fl prverify Ar file
+.Op Fl sign Ar file
+.Op Fl signature Ar file
+.Op Fl sigopt Ar nm : Ns Ar v
+.Op Fl verify Ar file
+.Op Ar
+.Ek
+.El
+.Pp
+The digest functions output the message digest of a supplied
+.Ar file
+or
+.Ar files
+in hexadecimal form.
+They can also be used for digital signing and verification.
+.Pp
+The options are as follows:
+.Bl -tag -width Ds
+.It Fl binary
+Output the digest or signature in binary form.
+.It Fl c
+Print the digest in two-digit groups separated by colons.
+.It Fl d
+Print BIO debugging information.
+.It Fl Ar digest
+Use the specified message
+.Ar digest .
+The default is SHA256.
+The available digests can be displayed using
+.Nm openssl
+.Cm list-message-digest-commands .
+The following are equivalent:
+.Nm openssl dgst
+.Fl sha256
+and
+.Nm openssl
+.Cm sha256 .
+.It Fl hex
+Digest is to be output as a hex dump.
+This is the default case for a
+.Qq normal
+digest as opposed to a digital signature.
+.It Fl hmac Ar key
+Create a hashed MAC using
+.Ar key .
+.It Fl keyform Cm pem
+Specifies the key format to sign the digest with.
+.It Fl mac Ar algorithm
+Create a keyed Message Authentication Code (MAC).
+The most popular MAC algorithm is HMAC (hash-based MAC),
+but there are other MAC algorithms which are not based on hash.
+MAC keys and other options should be set via the
+.Fl macopt
+parameter.
+.It Fl macopt Ar nm : Ns Ar v
+Passes options to the MAC algorithm, specified by
+.Fl mac .
+The following options are supported by HMAC:
+.Bl -tag -width Ds
+.It Cm key : Ns Ar string
+Specifies the MAC key as an alphanumeric string
+(use if the key contain printable characters only).
+String length must conform to any restrictions of the MAC algorithm.
+.It Cm hexkey : Ns Ar string
+Specifies the MAC key in hexadecimal form (two hex digits per byte).
+Key length must conform to any restrictions of the MAC algorithm.
+.El
+.It Fl out Ar file
+The output file to write to,
+or standard output if not specified.
+.It Fl passin Ar arg
+The key password source.
+.It Fl prverify Ar file
+Verify the signature using the private key in
+.Ar file .
+The output is either
+.Qq Verification OK
+or
+.Qq Verification Failure .
+.It Fl r
+Print the digest in coreutils format.
+.It Fl sign Ar file
+Digitally sign the digest using the private key in
+.Ar file .
+.It Fl signature Ar file
+The actual signature to verify.
+.It Fl sigopt Ar nm : Ns Ar v
+Pass options to the signature algorithm during sign or verify operations.
+The names and values of these options are algorithm-specific.
+.It Fl verify Ar file
+Verify the signature using the public key in
+.Ar file .
+The output is either
+.Qq Verification OK
+or
+.Qq Verification Failure .
+.It Ar
+File or files to digest.
+If no files are specified then standard input is used.
+.El
+.Tg dhparam
+.Sh DHPARAM
+.Bl -hang -width "openssl dhparam"
+.It Nm openssl dhparam
+.Bk -words
+.Op Fl 2 | 5
+.Op Fl check
+.Op Fl dsaparam
+.Op Fl in Ar file
+.Op Fl inform Cm der | pem
+.Op Fl noout
+.Op Fl out Ar file
+.Op Fl outform Cm der | pem
+.Op Fl text
+.Op Ar numbits
+.Ek
+.El
+.Pp
+The
+.Nm dhparam
+command is used to manipulate DH parameter files.
+Only the older PKCS#3 DH is supported,
+not the newer X9.42 DH.
+.Pp
+The options are as follows:
+.Bl -tag -width Ds
+.It Fl 2 , 5
+The generator to use;
+2 is the default.
+If present, the input file is ignored and parameters are generated instead.
+.It Fl check
+Check the DH parameters.
+.It Fl dsaparam
+Read or create DSA parameters,
+converted to DH format on output.
+Otherwise,
+.Qq strong
+primes
+.Pq such that (p-1)/2 is also prime
+will be used for DH parameter generation.
+.Pp
+DH parameter generation with the
+.Fl dsaparam
+option is much faster,
+and the recommended exponent length is shorter,
+which makes DH key exchange more efficient.
+Beware that with such DSA-style DH parameters,
+a fresh DH key should be created for each use to
+avoid small-subgroup attacks that may be possible otherwise.
+.It Fl in Ar file
+The input file to read from,
+or standard input if not specified.
+.It Fl inform Cm der | pem
+The input format.
+.It Fl noout
+Do not output the encoded version of the parameters.
+.It Fl out Ar file
+The output file to write to,
+or standard output if not specified.
+.It Fl outform Cm der | pem
+The output format.
+.It Fl text
+Print the DH parameters in plain text.
+.It Ar numbits
+Generate a parameter set of size
+.Ar numbits .
+It must be the last option.
+If not present, a value of 2048 is used.
+If this value is present, the input file is ignored and
+parameters are generated instead.
+.El
+.Tg dsa
+.Sh DSA
+.Bl -hang -width "openssl dsa"
+.It Nm openssl dsa
+.Bk -words
+.Oo
+.Fl aes128 | aes192 | aes256 |
+.Fl des | des3
+.Oc
+.Op Fl in Ar file
+.Op Fl inform Cm der | pem | pvk
+.Op Fl modulus
+.Op Fl noout
+.Op Fl out Ar file
+.Op Fl outform Cm der | pem | pvk
+.Op Fl passin Ar arg
+.Op Fl passout Ar arg
+.Op Fl pubin
+.Op Fl pubout
+.Op Fl pvk-none | pvk-strong | pvk-weak
+.Op Fl text
+.Ek
+.El
+.Pp
+The
+.Nm dsa
+command processes DSA keys.
+They can be converted between various forms and their components printed out.
+.Pp
+.Sy Note :
+This command uses the traditional
+.Nm SSLeay
+compatible format for private key encryption:
+newer applications should use the more secure PKCS#8 format using the
+.Nm pkcs8
+command.
+.Pp
+The options are as follows:
+.Bl -tag -width Ds
+.It Xo
+.Fl aes128 | aes192 | aes256 |
+.Fl des | des3
+.Xc
+Encrypt the private key with the AES, DES, or the triple DES
+ciphers, respectively, before outputting it.
+A pass phrase is prompted for.
+If none of these options are specified, the key is written in plain text.
+This means that using the
+.Nm dsa
+utility to read an encrypted key with no encryption option can be used to
+remove the pass phrase from a key,
+or by setting the encryption options it can be used to add or change
+the pass phrase.
+These options can only be used with PEM format output files.
+.It Fl in Ar file
+The input file to read from,
+or standard input if not specified.
+If the key is encrypted, a pass phrase will be prompted for.
+.It Fl inform Cm der | pem | pvk
+The input format.
+.It Fl modulus
+Print the value of the public key component of the key.
+.It Fl noout
+Do not output the encoded version of the key.
+.It Fl out Ar file
+The output file to write to,
+or standard output if not specified.
+If any encryption options are set then a pass phrase will be
+prompted for.
+.It Fl outform Cm der | pem | pvk
+The output format.
+.It Fl passin Ar arg
+The key password source.
+.It Fl passout Ar arg
+The output file password source.
+.It Fl pubin
+Read in a public key, not a private key.
+.It Fl pubout
+Output a public key, not a private key.
+Automatically set if the input is a public key.
+.It Xo
+.Fl pvk-none | pvk-strong | pvk-weak
+.Xc
+Enable or disable PVK encoding.
+The default is
+.Fl pvk-strong .
+.It Fl text
+Print the public/private key in plain text.
+.El
+.Tg dsaparam
+.Sh DSAPARAM
+.Bl -hang -width "openssl dsaparam"
+.It Nm openssl dsaparam
+.Bk -words
+.Op Fl genkey
+.Op Fl in Ar file
+.Op Fl inform Cm der | pem
+.Op Fl noout
+.Op Fl out Ar file
+.Op Fl outform Cm der | pem
+.Op Fl text
+.Op Ar numbits
+.Ek
+.El
+.Pp
+The
+.Nm dsaparam
+command is used to manipulate or generate DSA parameter files.
+.Pp
+The options are as follows:
+.Bl -tag -width Ds
+.It Fl genkey
+Generate a DSA key either using the specified or generated
+parameters.
+.It Fl in Ar file
+The input file to read from,
+or standard input if not specified.
+If the
+.Ar numbits
+parameter is included, then this option is ignored.
+.It Fl inform Cm der | pem
+The input format.
+.It Fl noout
+Do not output the encoded version of the parameters.
+.It Fl out Ar file
+The output file to write to,
+or standard output if not specified.
+.It Fl outform Cm der | pem
+The output format.
+.It Fl text
+Print the DSA parameters in plain text.
+.It Ar numbits
+Generate a parameter set of size
+.Ar numbits .
+If this option is included, the input file is ignored.
+.El
+.Tg ec
+.Sh EC
+.Bl -hang -width "openssl ec"
+.It Nm openssl ec
+.Bk -words
+.Op Fl conv_form Ar arg
+.Op Fl des
+.Op Fl des3
+.Op Fl in Ar file
+.Op Fl inform Cm der | pem
+.Op Fl noout
+.Op Fl out Ar file
+.Op Fl outform Cm der | pem
+.Op Fl param_enc Ar arg
+.Op Fl param_out
+.Op Fl passin Ar arg
+.Op Fl passout Ar arg
+.Op Fl pubin
+.Op Fl pubout
+.Op Fl text
+.Ek
+.El
+.Pp
+The
+.Nm ec
+command processes EC keys.
+They can be converted between various
+forms and their components printed out.
+.Nm openssl
+uses the private key format specified in
+.Dq SEC 1: Elliptic Curve Cryptography
+.Pq Lk https://www.secg.org/ .
+To convert an
+EC private key into the PKCS#8 private key format use the
+.Nm pkcs8
+command.
+.Pp
+The options are as follows:
+.Bl -tag -width Ds
+.It Fl conv_form Ar arg
+Specify how the points on the elliptic curve are converted
+into octet strings.
+Possible values are:
+.Cm compressed ,
+.Cm uncompressed
+(the default),
+and
+.Cm hybrid .
+For more information regarding
+the point conversion forms see the X9.62 standard.
+.It Fl des | des3
+Encrypt the private key with DES, triple DES, or
+any other cipher supported by
+.Nm openssl .
+A pass phrase is prompted for.
+If none of these options are specified, the key is written in plain text.
+This means that using the
+.Nm ec
+utility to read in an encrypted key with no
+encryption option can be used to remove the pass phrase from a key,
+or by setting the encryption options
+it can be used to add or change the pass phrase.
+These options can only be used with PEM format output files.
+.It Fl in Ar file
+The input file to read a key from,
+or standard input if not specified.
+If the key is encrypted, a pass phrase will be prompted for.
+.It Fl inform Cm der | pem
+The input format.
+.It Fl noout
+Do not output the encoded version of the key.
+.It Fl out Ar file
+The output filename to write to,
+or standard output if not specified.
+If any encryption options are set then a pass phrase will be prompted for.
+.It Fl outform Cm der | pem
+The output format.
+.It Fl param_enc Ar arg
+Specify how the elliptic curve parameters are encoded.
+Possible value are:
+.Cm named_curve ,
+i.e. the EC parameters are specified by an OID; or
+.Cm explicit ,
+where the EC parameters are explicitly given
+(see RFC 3279 for the definition of the EC parameter structures).
+The default value is
+.Cm named_curve .
+Note: the
+.Cm implicitlyCA
+alternative,
+as specified in RFC 3279,
+is currently not implemented.
+.It Fl param_out
+Print the elliptic curve parameters.
+.It Fl passin Ar arg
+The key password source.
+.It Fl passout Ar arg
+The output file password source.
+.It Fl pubin
+Read in a public key, not a private key.
+.It Fl pubout
+Output a public key, not a private key.
+Automatically set if the input is a public key.
+.It Fl text
+Print the public/private key in plain text.
+.El
+.Tg ecparam
+.Sh ECPARAM
+.Bl -hang -width "openssl ecparam"
+.It Nm openssl ecparam
+.Bk -words
+.Op Fl check
+.Op Fl conv_form Ar arg
+.Op Fl genkey
+.Op Fl in Ar file
+.Op Fl inform Cm der | pem
+.Op Fl list_curves
+.Op Fl name Ar arg
+.Op Fl no_seed
+.Op Fl noout
+.Op Fl out Ar file
+.Op Fl outform Cm der | pem
+.Op Fl param_enc Ar arg
+.Op Fl text
+.Ek
+.El
+.Pp
+The
+.Nm ecparam
+command is used to manipulate or generate EC parameter files.
+.Nm openssl
+is not able to generate new groups so
+.Nm ecparam
+can only create EC parameters from known (named) curves.
+.Pp
+The options are as follows:
+.Bl -tag -width Ds
+.It Fl check
+Validate the elliptic curve parameters.
+.It Fl conv_form Ar arg
+Specify how the points on the elliptic curve are converted
+into octet strings.
+Possible values are:
+.Cm compressed ,
+.Cm uncompressed
+(the default),
+and
+.Cm hybrid .
+For more information regarding
+the point conversion forms see the X9.62 standard.
+.It Fl genkey
+Generate an EC private key using the specified parameters.
+.It Fl in Ar file
+The input file to read from,
+or standard input if not specified.
+.It Fl inform Cm der | pem
+The input format.
+.It Fl list_curves
+Print a list of all
+currently implemented EC parameter names and exit.
+.It Fl name Ar arg
+Use the EC parameters with the specified "short" name.
+.It Fl no_seed
+Do not include the seed for the parameter generation
+in the ECParameters structure (see RFC 3279).
+.It Fl noout
+Do not output the encoded version of the parameters.
+.It Fl out Ar file
+The output file to write to,
+or standard output if not specified.
+.It Fl outform Cm der | pem
+The output format.
+.It Fl param_enc Ar arg
+Specify how the elliptic curve parameters are encoded.
+Possible value are:
+.Cm named_curve ,
+i.e. the EC parameters are specified by an OID, or
+.Cm explicit ,
+where the EC parameters are explicitly given
+(see RFC 3279 for the definition of the EC parameter structures).
+The default value is
+.Cm named_curve .
+Note: the
+.Cm implicitlyCA
+alternative, as specified in RFC 3279,
+is currently not implemented.
+.It Fl text
+Print the EC parameters in plain text.
+.El
+.Tg enc
+.Sh ENC
+.Bl -hang -width "openssl enc"
+.It Nm openssl enc
+.Bk -words
+.Fl ciphername
+.Op Fl AadePpv
+.Op Fl base64
+.Op Fl bufsize Ar number
+.Op Fl debug
+.Op Fl in Ar file
+.Op Fl iter Ar iterations
+.Op Fl iv Ar IV
+.Op Fl K Ar key
+.Op Fl k Ar password
+.Op Fl kfile Ar file
+.Op Fl md Ar digest
+.Op Fl none
+.Op Fl nopad
+.Op Fl nosalt
+.Op Fl out Ar file
+.Op Fl pass Ar arg
+.Op Fl pbkdf2
+.Op Fl S Ar salt
+.Op Fl salt
+.Ek
+.El
+.Pp
+The symmetric cipher commands allow data to be encrypted or decrypted
+using various block and stream ciphers using keys based on passwords
+or explicitly provided.
+Base64 encoding or decoding can also be performed either by itself
+or in addition to the encryption or decryption.
+The program can be called either as
+.Nm openssl Ar ciphername
+or
+.Nm openssl enc - Ns Ar ciphername .
+.Pp
+Some of the ciphers do not have large keys and others have security
+implications if not used correctly.
+All the block ciphers normally use PKCS#5 padding,
+also known as standard block padding.
+If padding is disabled, the input data must be a multiple of the cipher
+block length.
+.Pp
+The options are as follows:
+.Bl -tag -width Ds
+.It Fl A
+If the
+.Fl a
+option is set, then base64 process the data on one line.
+.It Fl a , base64
+Base64 process the data.
+This means that if encryption is taking place, the data is base64-encoded
+after encryption.
+If decryption is set, the input data is base64-decoded before
+being decrypted.
+.It Fl bufsize Ar number
+Set the buffer size for I/O.
+.It Fl d
+Decrypt the input data.
+.It Fl debug
+Debug the BIOs used for I/O.
+.It Fl e
+Encrypt the input data.
+This is the default.
+.It Fl in Ar file
+The input file to read from,
+or standard input if not specified.
+.It Fl iter Ar iterations
+Use the pbkdf2 key derivation function, with
+.Ar iterations
+as the number of iterations.
+.It Fl iv Ar IV
+The actual
+.Ar IV
+.Pq initialisation vector
+to use:
+this must be represented as a string comprised only of hex digits.
+When only the
+.Ar key
+is specified using the
+.Fl K
+option,
+the IV must explicitly be defined.
+When a password is being specified using one of the other options,
+the IV is generated from this password.
+.It Fl K Ar key
+The actual
+.Ar key
+to use:
+this must be represented as a string comprised only of hex digits.
+If only the key is specified,
+the IV must also be specified using the
+.Fl iv
+option.
+When both a
+.Ar key
+and a
+.Ar password
+are specified, the
+.Ar key
+given with the
+.Fl K
+option will be used and the IV generated from the password will be taken.
+It probably does not make much sense to specify both
+.Ar key
+and
+.Ar password .
+.It Fl k Ar password
+The
+.Ar password
+to derive the key from.
+Superseded by the
+.Fl pass
+option.
+.It Fl kfile Ar file
+Read the password to derive the key from the first line of
+.Ar file .
+Superseded by the
+.Fl pass
+option.
+.It Fl md Ar digest
+Use
+.Ar digest
+to create a key from a pass phrase.
+Currently, the default value is
+.Cm sha256 .
+.It Fl none
+Use NULL cipher (no encryption or decryption of input).
+.It Fl nopad
+Disable standard block padding.
+.It Fl nosalt
+Don't use a salt in the key derivation routines.
+This option should never be used
+since it makes it possible to perform efficient dictionary
+attacks on the password and to attack stream cipher encrypted data.
+.It Fl out Ar file
+The output file to write to,
+or standard output if not specified.
+.It Fl P
+Print out the salt, key, and IV used, then immediately exit;
+don't do any encryption or decryption.
+.It Fl p
+Print out the salt, key, and IV used.
+.It Fl pass Ar arg
+The password source.
+.It Fl pbkdf2
+Use the pbkdf2 key derivation function, with
+the default of 10000 iterations.
+.It Fl S Ar salt
+The actual
+.Ar salt
+to use:
+this must be represented as a string comprised only of hex digits.
+.It Fl salt
+Use a salt in the key derivation routines (the default).
+When the salt is being used,
+the first eight bytes of the encrypted data are reserved for the salt:
+it is randomly generated when encrypting a file and read from the
+encrypted file when it is decrypted.
+.It Fl v
+Print extra details about the processing.
+.El
+.Tg errstr
+.Sh ERRSTR
+.Nm openssl errstr
+.Ar errno ...
+.Pp
+The
+.Nm errstr
+command performs error number to error string conversion,
+generating a human-readable string representing the error code
+.Ar errno .
+The string is obtained through the
+.Xr ERR_error_string_n 3
+function and has the following format:
+.Pp
+.Dl error:[error code]:[library name]:[function name]:[reason string]
+.Pp
+.Bq error code
+is an 8-digit hexadecimal number.
+The remaining fields
+.Bq library name ,
+.Bq function name ,
+and
+.Bq reason string
+are all ASCII text.
+.Tg gendsa
+.Sh GENDSA
+.Bl -hang -width "openssl gendsa"
+.It Nm openssl gendsa
+.Bk -words
+.Oo
+.Fl aes128 | aes192 | aes256 | camellia128 |
+.Fl camellia192 | camellia256 | des | des3 | idea
+.Oc
+.Op Fl out Ar file
+.Op Fl passout Ar arg
+.Ar paramfile
+.Ek
+.El
+.Pp
+The
+.Nm gendsa
+command generates a DSA private key from a DSA parameter file
+(typically generated by the
+.Nm openssl dsaparam
+command).
+DSA key generation is little more than random number generation so it is
+much quicker than,
+for example,
+RSA key generation.
+.Pp
+The options are as follows:
+.Bl -tag -width Ds
+.It Xo
+.Fl aes128 | aes192 | aes256 |
+.Fl camellia128 | camellia192 | camellia256 |
+.Fl des | des3 |
+.Fl idea
+.Xc
+Encrypt the private key with the AES, CAMELLIA, DES, triple DES
+or the IDEA ciphers, respectively, before outputting it.
+A pass phrase is prompted for.
+If none of these options are specified, no encryption is used.
+.It Fl out Ar file
+The output file to write to,
+or standard output if not specified.
+.It Fl passout Ar arg
+The output file password source.
+.It Ar paramfile
+Specify the DSA parameter file to use.
+The parameters in this file determine the size of the private key.
+.El
+.Tg genpkey
+.Sh GENPKEY
+.Bl -hang -width "openssl genpkey"
+.It Nm openssl genpkey
+.Bk -words
+.Op Fl algorithm Ar alg
+.Op Ar cipher
+.Op Fl genparam
+.Op Fl out Ar file
+.Op Fl outform Cm der | pem
+.Op Fl paramfile Ar file
+.Op Fl pass Ar arg
+.Op Fl pkeyopt Ar opt : Ns Ar value
+.Op Fl text
+.Ek
+.El
+.Pp
+The
+.Nm genpkey
+command generates private keys.
+The use of this
+program is encouraged over the algorithm specific utilities
+because additional algorithm options can be used.
+.Pp
+The options are as follows:
+.Bl -tag -width Ds
+.It Fl algorithm Ar alg
+The public key algorithm to use,
+such as RSA, DSA, or DH.
+This option must precede any
+.Fl pkeyopt
+options.
+The options
+.Fl paramfile
+and
+.Fl algorithm
+are mutually exclusive.
+.It Ar cipher
+Encrypt the private key with the supplied cipher.
+Any algorithm name accepted by
+.Xr EVP_get_cipherbyname 3
+is acceptable.
+.It Fl genparam
+Generate a set of parameters instead of a private key.
+This option must precede any
+.Fl algorithm ,
+.Fl paramfile ,
+or
+.Fl pkeyopt
+options.
+.It Fl out Ar file
+The output file to write to,
+or standard output if not specified.
+.It Fl outform Cm der | pem
+The output format.
+.It Fl paramfile Ar file
+Some public key algorithms generate a private key based on a set of parameters,
+which can be supplied using this option.
+If this option is used, the public key
+algorithm used is determined by the parameters.
+This option must precede any
+.Fl pkeyopt
+options.
+The options
+.Fl paramfile
+and
+.Fl algorithm
+are mutually exclusive.
+.It Fl pass Ar arg
+The output file password source.
+.It Fl pkeyopt Ar opt : Ns Ar value
+Set the public key algorithm option
+.Ar opt
+to
+.Ar value ,
+as follows:
+.Bl -tag -width Ds -offset indent
+.It rsa_keygen_bits : Ns Ar numbits
+(RSA)
+The number of bits in the generated key.
+The default is 2048.
+.It rsa_keygen_pubexp : Ns Ar value
+(RSA)
+The RSA public exponent value.
+This can be a large decimal or hexadecimal value if preceded by 0x.
+The default is 65537.
+.It dsa_paramgen_bits : Ns Ar numbits
+(DSA)
+The number of bits in the generated parameters.
+The default is 1024.
+.It dh_paramgen_prime_len : Ns Ar numbits
+(DH)
+The number of bits in the prime parameter
+.Ar p .
+.It dh_paramgen_generator : Ns Ar value
+(DH)
+The value to use for the generator
+.Ar g .
+.It ec_paramgen_curve : Ns Ar curve
+(EC)
+The elliptic curve to use.
+.El
+.It Fl text
+Print the private/public key in plain text.
+.El
+.Tg genrsa
+.Sh GENRSA
+.Bl -hang -width "openssl genrsa"
+.It Nm openssl genrsa
+.Bk -words
+.Op Fl 3 | f4
+.Oo
+.Fl aes128 | aes192 | aes256 | camellia128 |
+.Fl camellia192 | camellia256 | des | des3 | idea
+.Oc
+.Op Fl out Ar file
+.Op Fl passout Ar arg
+.Op Ar numbits
+.Ek
+.El
+.Pp
+The
+.Nm genrsa
+command generates an RSA private key,
+which essentially involves the generation of two prime numbers.
+When generating the key,
+various symbols will be output to indicate the progress of the generation.
+A
+.Sq \&.
+represents each number which has passed an initial sieve test;
+.Sq +
+means a number has passed a single round of the Miller-Rabin primality test;
+.Sq *
+means the number has failed primality testing
+and needs to be generated afresh.
+A newline means that the number has passed all the prime tests
+(the actual number depends on the key size).
+.Pp
+The options are as follows:
+.Bl -tag -width Ds
+.It Fl 3 | f4
+The public exponent to use, either 3 or 65537.
+The default is 65537.
+.It Xo
+.Fl aes128 | aes192 | aes256 |
+.Fl camellia128 | camellia192 | camellia256 |
+.Fl des | des3 |
+.Fl idea
+.Xc
+Encrypt the private key with the AES, CAMELLIA, DES, triple DES
+or the IDEA ciphers, respectively, before outputting it.
+If none of these options are specified, no encryption is used.
+If encryption is used, a pass phrase is prompted for,
+if it is not supplied via the
+.Fl passout
+option.
+.It Fl out Ar file
+The output file to write to,
+or standard output if not specified.
+.It Fl passout Ar arg
+The output file password source.
+.It Ar numbits
+The size of the private key to generate in bits.
+This must be the last option specified.
+The default is 2048.
+.El
+.Tg ocsp
+.Sh OCSP
+.Bl -hang -width "openssl ocsp"
+.It Nm openssl ocsp
+.Bk -words
+.Op Fl CA Ar file
+.Op Fl CAfile Ar file
+.Op Fl CApath Ar directory
+.Op Fl cert Ar file
+.Op Fl dgst Ar alg
+.Op Fl header Ar name value
+.Op Fl host Ar hostname : Ns Ar port
+.Op Fl ignore_err
+.Op Fl index Ar indexfile
+.Op Fl issuer Ar file
+.Op Fl ndays Ar days
+.Op Fl nmin Ar minutes
+.Op Fl no_cert_checks
+.Op Fl no_cert_verify
+.Op Fl no_certs
+.Op Fl no_chain
+.Op Fl no_explicit
+.Op Fl no_intern
+.Op Fl no_nonce
+.Op Fl no_signature_verify
+.Op Fl nonce
+.Op Fl noverify
+.Op Fl nrequest Ar number
+.Op Fl out Ar file
+.Op Fl path Ar path
+.Op Fl port Ar portnum
+.Op Fl req_text
+.Op Fl reqin Ar file
+.Op Fl reqout Ar file
+.Op Fl resp_key_id
+.Op Fl resp_no_certs
+.Op Fl resp_text
+.Op Fl respin Ar file
+.Op Fl respout Ar file
+.Op Fl rkey Ar file
+.Op Fl rother Ar file
+.Op Fl rsigner Ar file
+.Op Fl serial Ar num
+.Op Fl sign_other Ar file
+.Op Fl signer Ar file
+.Op Fl signkey Ar file
+.Op Fl status_age Ar age
+.Op Fl text
+.Op Fl timeout Ar seconds
+.Op Fl trust_other
+.Op Fl url Ar responder_url
+.Op Fl VAfile Ar file
+.Op Fl validity_period Ar nsec
+.Op Fl verify_other Ar file
+.Ek
+.El
+.Pp
+The Online Certificate Status Protocol (OCSP)
+enables applications to determine the (revocation) state
+of an identified certificate (RFC 2560).
+.Pp
+The
+.Nm ocsp
+command performs many common OCSP tasks.
+It can be used to print out requests and responses,
+create requests and send queries to an OCSP responder,
+and behave like a mini OCSP server itself.
+.Pp
+The options are as follows:
+.Bl -tag -width Ds
+.It Fl CAfile Ar file , Fl CApath Ar directory
+A file or path containing trusted CA certificates,
+used to verify the signature on the OCSP response.
+.It Fl cert Ar file
+Add the certificate
+.Ar file
+to the request.
+The issuer certificate is taken from the previous
+.Fl issuer
+option, or an error occurs if no issuer certificate is specified.
+.It Fl dgst Ar alg
+Use the digest algorithm
+.Ar alg
+for certificate identification in the OCSP request.
+By default SHA1 is used.
+.It Xo
+.Fl host Ar hostname : Ns Ar port ,
+.Fl path Ar path
+.Xc
+Send
+the OCSP request to
+.Ar hostname
+on
+.Ar port .
+.Fl path
+specifies the HTTP path name to use, or
+.Pa /
+by default.
+.It Fl header Ar name value
+Add the header name with the specified value to the OCSP request that is sent
+to the responder.
+This may be repeated.
+.It Fl issuer Ar file
+The current issuer certificate, in PEM format.
+Can be used multiple times and must come before any
+.Fl cert
+options.
+.It Fl no_cert_checks
+Don't perform any additional checks on the OCSP response signer's certificate.
+That is, do not make any checks to see if the signer's certificate is
+authorised to provide the necessary status information:
+as a result this option should only be used for testing purposes.
+.It Fl no_cert_verify
+Don't verify the OCSP response signer's certificate at all.
+Since this option allows the OCSP response to be signed by any certificate,
+it should only be used for testing purposes.
+.It Fl no_certs
+Don't include any certificates in the signed request.
+.It Fl no_chain
+Do not use certificates in the response as additional untrusted CA
+certificates.
+.It Fl no_explicit
+Don't check the explicit trust for OCSP signing in the root CA certificate.
+.It Fl no_intern
+Ignore certificates contained in the OCSP response
+when searching for the signer's certificate.
+The signer's certificate must be specified with either the
+.Fl verify_other
+or
+.Fl VAfile
+options.
+.It Fl no_signature_verify
+Don't check the signature on the OCSP response.
+Since this option tolerates invalid signatures on OCSP responses,
+it will normally only be used for testing purposes.
+.It Fl nonce , no_nonce
+Add an OCSP nonce extension to a request,
+or disable an OCSP nonce addition.
+Normally, if an OCSP request is input using the
+.Fl respin
+option no nonce is added:
+using the
+.Fl nonce
+option will force the addition of a nonce.
+If an OCSP request is being created (using the
+.Fl cert
+and
+.Fl serial
+options),
+a nonce is automatically added; specifying
+.Fl no_nonce
+overrides this.
+.It Fl noverify
+Don't attempt to verify the OCSP response signature or the nonce values.
+This is normally only be used for debugging
+since it disables all verification of the responder's certificate.
+.It Fl out Ar file
+Specify the output file to write to,
+or standard output if not specified.
+.It Fl req_text , resp_text , text
+Print out the text form of the OCSP request, response, or both, respectively.
+.It Fl reqin Ar file , Fl respin Ar file
+Read an OCSP request or response file from
+.Ar file .
+These options are ignored
+if an OCSP request or response creation is implied by other options
+(for example with the
+.Fl serial , cert ,
+and
+.Fl host
+options).
+.It Fl reqout Ar file , Fl respout Ar file
+Write out the DER-encoded certificate request or response to
+.Ar file .
+.It Fl serial Ar num
+Same as the
+.Fl cert
+option except the certificate with serial number
+.Ar num
+is added to the request.
+The serial number is interpreted as a decimal integer unless preceded by
+.Sq 0x .
+Negative integers can also be specified
+by preceding the value with a minus sign.
+.It Fl sign_other Ar file
+Additional certificates to include in the signed request.
+.It Fl signer Ar file , Fl signkey Ar file
+Sign the OCSP request using the certificate specified in the
+.Fl signer
+option and the private key specified by the
+.Fl signkey
+option.
+If the
+.Fl signkey
+option is not present, then the private key is read from the same file
+as the certificate.
+If neither option is specified, the OCSP request is not signed.
+.It Fl timeout Ar seconds
+Connection timeout to the OCSP responder in seconds.
+.It Fl trust_other
+The certificates specified by the
+.Fl verify_other
+option should be explicitly trusted and no additional checks will be
+performed on them.
+This is useful when the complete responder certificate chain is not available
+or trusting a root CA is not appropriate.
+.It Fl url Ar responder_url
+Specify the responder URL.
+Both HTTP and HTTPS
+.Pq SSL/TLS
+URLs can be specified.
+.It Fl VAfile Ar file
+A file containing explicitly trusted responder certificates.
+Equivalent to the
+.Fl verify_other
+and
+.Fl trust_other
+options.
+.It Fl validity_period Ar nsec , Fl status_age Ar age
+The range of times, in seconds, which will be tolerated in an OCSP response.
+Each certificate status response includes a notBefore time
+and an optional notAfter time.
+The current time should fall between these two values,
+but the interval between the two times may be only a few seconds.
+In practice the OCSP responder and clients' clocks may not be precisely
+synchronised and so such a check may fail.
+To avoid this the
+.Fl validity_period
+option can be used to specify an acceptable error range in seconds,
+the default value being 5 minutes.
+.Pp
+If the notAfter time is omitted from a response,
+it means that new status information is immediately available.
+In this case the age of the notBefore field is checked
+to see it is not older than
+.Ar age
+seconds old.
+By default, this additional check is not performed.
+.It Fl verify_other Ar file
+A file containing additional certificates to search
+when attempting to locate the OCSP response signing certificate.
+Some responders omit the actual signer's certificate from the response,
+so this can be used to supply the necessary certificate.
+.El
+.Pp
+The options for the OCSP server are as follows:
+.Bl -tag -width "XXXX"
+.It Fl CA Ar file
+CA certificate corresponding to the revocation information in
+.Ar indexfile .
+.It Fl ignore_err
+Ignore the invalid response.
+.It Fl index Ar indexfile
+.Ar indexfile
+is a text index file in ca format
+containing certificate revocation information.
+.Pp
+If this option is specified,
+.Nm ocsp
+is in responder mode, otherwise it is in client mode.
+The requests the responder processes can be either specified on
+the command line (using the
+.Fl issuer
+and
+.Fl serial
+options), supplied in a file (using the
+.Fl respin
+option), or via external OCSP clients (if
+.Ar port
+or
+.Ar url
+is specified).
+.Pp
+If this option is present, then the
+.Fl CA
+and
+.Fl rsigner
+options must also be present.
+.It Fl nmin Ar minutes , Fl ndays Ar days
+Number of
+.Ar minutes
+or
+.Ar days
+when fresh revocation information is available:
+used in the nextUpdate field.
+If neither option is present,
+the nextUpdate field is omitted,
+meaning fresh revocation information is immediately available.
+.It Fl nrequest Ar number
+Exit after receiving
+.Ar number
+requests (the default is unlimited).
+.It Fl port Ar portnum
+Port to listen for OCSP requests on.
+May also be specified using the
+.Fl url
+option.
+.It Fl resp_key_id
+Identify the signer certificate using the key ID;
+the default is to use the subject name.
+.It Fl resp_no_certs
+Don't include any certificates in the OCSP response.
+.It Fl rkey Ar file
+The private key to sign OCSP responses with;
+if not present, the file specified in the
+.Fl rsigner
+option is used.
+.It Fl rother Ar file
+Additional certificates to include in the OCSP response.
+.It Fl rsigner Ar file
+The certificate to sign OCSP responses with.
+.El
+.Pp
+Initially the OCSP responder certificate is located and the signature on
+the OCSP request checked using the responder certificate's public key.
+Then a normal certificate verify is performed on the OCSP responder certificate
+building up a certificate chain in the process.
+The locations of the trusted certificates used to build the chain can be
+specified by the
+.Fl CAfile
+and
+.Fl CApath
+options or they will be looked for in the standard
+.Nm openssl
+certificates directory.
+.Pp
+If the initial verify fails, the OCSP verify process halts with an error.
+Otherwise the issuing CA certificate in the request is compared to the OCSP
+responder certificate: if there is a match then the OCSP verify succeeds.
+.Pp
+Otherwise the OCSP responder certificate's CA is checked against the issuing
+CA certificate in the request.
+If there is a match and the OCSPSigning extended key usage is present
+in the OCSP responder certificate, then the OCSP verify succeeds.
+.Pp
+Otherwise the root CA of the OCSP responder's CA is checked to see if it
+is trusted for OCSP signing.
+If it is, the OCSP verify succeeds.
+.Pp
+If none of these checks is successful, the OCSP verify fails.
+What this effectively means is that if the OCSP responder certificate is
+authorised directly by the CA it is issuing revocation information about
+(and it is correctly configured),
+then verification will succeed.
+.Pp
+If the OCSP responder is a global responder,
+which can give details about multiple CAs
+and has its own separate certificate chain,
+then its root CA can be trusted for OCSP signing.
+Alternatively, the responder certificate itself can be explicitly trusted
+with the
+.Fl VAfile
+option.
+.Tg passwd
+.Sh PASSWD
+.Bl -hang -width "openssl passwd"
+.It Nm openssl passwd
+.Bk -words
+.Op Fl 1 | apr1 | crypt
+.Op Fl in Ar file
+.Op Fl noverify
+.Op Fl quiet
+.Op Fl reverse
+.Op Fl salt Ar string
+.Op Fl stdin
+.Op Fl table
+.Op Ar password
+.Ek
+.El
+.Pp
+The
+.Nm passwd
+command computes the hash of a password.
+.Pp
+The options are as follows:
+.Bl -tag -width Ds
+.It Fl 1
+Use the MD5 based
+.Bx
+password algorithm
+.Qq 1 .
+.It Fl apr1
+Use the
+.Qq apr1
+algorithm
+.Po
+Apache variant of the
+.Bx
+algorithm
+.Pc .
+.It Fl crypt
+Use the
+.Qq crypt
+algorithm (the default).
+.It Fl in Ar file
+Read passwords from
+.Ar file .
+.It Fl noverify
+Don't verify when reading a password from the terminal.
+.It Fl quiet
+Don't output warnings when passwords given on the command line are truncated.
+.It Fl reverse
+Switch table columns.
+This only makes sense in conjunction with the
+.Fl table
+option.
+.It Fl salt Ar string
+Use the salt specified by
+.Ar string .
+When reading a password from the terminal, this implies
+.Fl noverify .
+.It Fl stdin
+Read passwords from standard input.
+.It Fl table
+In the output list, prepend the cleartext password and a TAB character
+to each password hash.
+.El
+.Tg pkcs7
+.Sh PKCS7
+.Bl -hang -width "openssl pkcs7"
+.It Nm openssl pkcs7
+.Bk -words
+.Op Fl in Ar file
+.Op Fl inform Cm der | pem
+.Op Fl noout
+.Op Fl out Ar file
+.Op Fl outform Cm der | pem
+.Op Fl print
+.Op Fl print_certs
+.Op Fl text
+.Ek
+.El
+.Pp
+The
+.Nm pkcs7
+command processes PKCS#7 files in DER or PEM format.
+The PKCS#7 routines only understand PKCS#7 v 1.5 as specified in RFC 2315.
+.Pp
+The options are as follows:
+.Bl -tag -width Ds
+.It Fl in Ar file
+The input file to read from,
+or standard input if not specified.
+.It Fl inform Cm der | pem
+The input format.
+.It Fl noout
+Don't output the encoded version of the PKCS#7 structure
+(or certificates if
+.Fl print_certs
+is set).
+.It Fl out Ar file
+The output to write to,
+or standard output if not specified.
+.It Fl outform Cm der | pem
+The output format.
+.It Fl print
+Print the ASN.1 representation of PKCS#7 structure.
+.It Fl print_certs
+Print any certificates or CRLs contained in the file,
+preceded by their subject and issuer names in a one-line format.
+.It Fl text
+Print certificate details in full rather than just subject and issuer names.
+.El
+.Tg pkcs8
+.Sh PKCS8
+.Bl -hang -width "openssl pkcs8"
+.It Nm openssl pkcs8
+.Bk -words
+.Op Fl in Ar file
+.Op Fl inform Cm der | pem
+.Op Fl nocrypt
+.Op Fl noiter
+.Op Fl out Ar file
+.Op Fl outform Cm der | pem
+.Op Fl passin Ar arg
+.Op Fl passout Ar arg
+.Op Fl topk8
+.Op Fl v1 Ar alg
+.Op Fl v2 Ar alg
+.Ek
+.El
+.Pp
+The
+.Nm pkcs8
+command processes private keys
+(both encrypted and unencrypted)
+in PKCS#8 format
+with a variety of PKCS#5 (v1.5 and v2.0) and PKCS#12 algorithms.
+.Pp
+The options are as follows:
+.Bl -tag -width Ds
+.It Fl in Ar file
+The input file to read from,
+or standard input if not specified.
+If the key is encrypted, a pass phrase will be prompted for.
+.It Fl inform Cm der | pem
+The input format.
+.It Fl nocrypt
+Generate an unencrypted PrivateKeyInfo structure.
+This option does not encrypt private keys at all
+and should only be used when absolutely necessary.
+.It Fl noiter
+Use an iteration count of 1.
+See the
+.Sx PKCS12
+section below for a detailed explanation of this option.
+.It Fl out Ar file
+The output file to write to,
+or standard output if none is specified.
+If any encryption options are set, a pass phrase will be prompted for.
+.It Fl outform Cm der | pem
+The output format.
+.It Fl passin Ar arg
+The key password source.
+.It Fl passout Ar arg
+The output file password source.
+.It Fl topk8
+Read a traditional format private key and write a PKCS#8 format key.
+.It Fl v1 Ar alg
+Specify a PKCS#5 v1.5 or PKCS#12 algorithm to use.
+.Pp
+.Bl -tag -width "XXXX" -compact
+.It PBE-MD5-DES
+56-bit DES.
+.It PBE-SHA1-RC2-64 | PBE-MD5-RC2-64 | PBE-SHA1-DES
+64-bit RC2 or 56-bit DES.
+.It PBE-SHA1-RC4-128 | PBE-SHA1-RC4-40 | PBE-SHA1-3DES
+.It PBE-SHA1-2DES | PBE-SHA1-RC2-128 | PBE-SHA1-RC2-40
+PKCS#12 password-based encryption algorithm,
+which allow strong encryption algorithms like triple DES or 128-bit RC2.
+.El
+.It Fl v2 Ar alg
+Use PKCS#5 v2.0 algorithms.
+These are block ciphers used in CBC mode.
+The default is AES-256-CBC.
+With the exception of AES, the choices available in RFC 8018
+are considered decrepit.
+They can be enabled with des, des3, and rc2
+(rc5 is no longer supported).
+.El
+.Tg pkcs12
+.Sh PKCS12
+.Bl -hang -width "openssl pkcs12"
+.It Nm openssl pkcs12
+.Bk -words
+.Oo
+.Fl aes128 | aes192 | aes256 | camellia128 |
+.Fl camellia192 | camellia256 | des | des3 | idea
+.Oc
+.Op Fl cacerts
+.Op Fl CAfile Ar file
+.Op Fl caname Ar name
+.Op Fl CApath Ar directory
+.Op Fl certfile Ar file
+.Op Fl certpbe Ar alg
+.Op Fl chain
+.Op Fl clcerts
+.Op Fl descert
+.Op Fl export
+.Op Fl in Ar file
+.Op Fl info
+.Op Fl inkey Ar file
+.Op Fl keyex
+.Op Fl keypbe Ar alg
+.Op Fl keysig
+.Op Fl macalg Ar alg
+.Op Fl maciter
+.Op Fl name Ar name
+.Op Fl nocerts
+.Op Fl nodes
+.Op Fl noiter
+.Op Fl nokeys
+.Op Fl nomac
+.Op Fl nomaciter
+.Op Fl nomacver
+.Op Fl noout
+.Op Fl out Ar file
+.Op Fl passin Ar arg
+.Op Fl passout Ar arg
+.Op Fl password Ar arg
+.Op Fl twopass
+.Ek
+.El
+.Pp
+The
+.Nm pkcs12
+command allows PKCS#12 files
+.Pq sometimes referred to as PFX files
+to be created and parsed.
+By default, a PKCS#12 file is parsed;
+a PKCS#12 file can be created by using the
+.Fl export
+option.
+.Pp
+The options for parsing a PKCS12 file are as follows:
+.Bl -tag -width "XXXX"
+.It Xo
+.Fl aes128 | aes192 | aes256 |
+.Fl camellia128 | camellia192 | camellia256 |
+.Fl des | des3 |
+.Fl idea
+.Xc
+Encrypt private keys using AES, CAMELLIA, DES, triple DES
+or the IDEA ciphers, respectively.
+The default is triple DES.
+.It Fl cacerts
+Only output CA certificates
+.Pq not client certificates .
+.It Fl clcerts
+Only output client certificates
+.Pq not CA certificates .
+.It Fl in Ar file
+The input file to read from,
+or standard input if not specified.
+.It Fl info
+Output additional information about the PKCS#12 file structure,
+algorithms used, and iteration counts.
+.It Fl nocerts
+Do not output certificates.
+.It Fl nodes
+Do not encrypt private keys.
+.It Fl nokeys
+Do not output private keys.
+.It Fl nomacver
+Do not attempt to verify the integrity MAC before reading the file.
+.It Fl noout
+Do not output the keys and certificates to the output file
+version of the PKCS#12 file.
+.It Fl out Ar file
+The output file to write to,
+or standard output if not specified.
+.It Fl passin Ar arg
+The key password source.
+.It Fl passout Ar arg
+The output file password source.
+.It Fl twopass
+Prompt for separate integrity and encryption passwords: most software
+always assumes these are the same so this option will render such
+PKCS#12 files unreadable.
+.El
+.Pp
+The options for PKCS12 file creation are as follows:
+.Bl -tag -width "XXXX"
+.It Fl CAfile Ar file
+CA storage as a file.
+.It Fl CApath Ar directory
+CA storage as a directory.
+The directory must be a standard certificate directory:
+that is, a hash of each subject name (using
+.Nm x509 Fl hash )
+should be linked to each certificate.
+.It Fl caname Ar name
+Specify the
+.Qq friendly name
+for other certificates.
+May be used multiple times to specify names for all certificates
+in the order they appear.
+.It Fl certfile Ar file
+A file to read additional certificates from.
+.It Fl certpbe Ar alg , Fl keypbe Ar alg
+Specify the algorithm used to encrypt the private key and
+certificates to be selected.
+Any PKCS#5 v1.5 or PKCS#12 PBE algorithm name can be used.
+If a cipher name
+(as output by the
+.Cm list-cipher-algorithms
+command) is specified then it
+is used with PKCS#5 v2.0.
+For interoperability reasons it is advisable to only use PKCS#12 algorithms.
+.It Fl chain
+Include the entire certificate chain of the user certificate.
+The standard CA store is used for this search.
+If the search fails, it is considered a fatal error.
+.It Fl descert
+Encrypt the certificate using triple DES; this may render the PKCS#12
+file unreadable by some
+.Qq export grade
+software.
+By default, the private key is encrypted using triple DES and the
+certificate using 40-bit RC2.
+.It Fl export
+Create a PKCS#12 file (rather than parsing one).
+.It Fl in Ar file
+The input file to read from,
+or standard input if not specified.
+The order doesn't matter but one private key and its corresponding
+certificate should be present.
+If additional certificates are present, they will also be included
+in the PKCS#12 file.
+.It Fl inkey Ar file
+File to read a private key from.
+If not present, a private key must be present in the input file.
+.It Fl keyex | keysig
+Specify whether the private key is to be used for key exchange or just signing.
+Normally,
+.Qq export grade
+software will only allow 512-bit RSA keys to be
+used for encryption purposes, but arbitrary length keys for signing.
+The
+.Fl keysig
+option marks the key for signing only.
+Signing only keys can be used for S/MIME signing, authenticode
+(ActiveX control signing)
+and SSL client authentication.
+.It Fl macalg Ar alg
+Specify the MAC digest algorithm.
+The default is SHA1.
+.It Fl maciter
+Included for compatibility only:
+it used to be needed to use MAC iterations counts
+but they are now used by default.
+.It Fl name Ar name
+Specify the
+.Qq friendly name
+for the certificate and private key.
+This name is typically displayed in list boxes by software importing the file.
+.It Fl nomac
+Don't attempt to provide the MAC integrity.
+.It Fl nomaciter , noiter
+Affect the iteration counts on the MAC and key algorithms.
+.Pp
+To discourage attacks by using large dictionaries of common passwords,
+the algorithm that derives keys from passwords can have an iteration count
+applied to it: this causes a certain part of the algorithm to be repeated
+and slows it down.
+The MAC is used to check the file integrity but since it will normally
+have the same password as the keys and certificates it could also be attacked.
+By default, both MAC and encryption iteration counts are set to 2048;
+using these options the MAC and encryption iteration counts can be set to 1.
+Since this reduces the file security, you should not use these options
+unless you really have to.
+Most software supports both MAC and key iteration counts.
+.It Fl out Ar file
+The output file to write to,
+or standard output if not specified.
+.It Fl passin Ar arg
+The key password source.
+.It Fl passout Ar arg
+The output file password source.
+.It Fl password Ar arg
+With
+.Fl export ,
+.Fl password
+is equivalent to
+.Fl passout .
+Otherwise,
+.Fl password
+is equivalent to
+.Fl passin .
+.El
+.Tg pkey
+.Sh PKEY
+.Bl -hang -width "openssl pkey"
+.It Nm openssl pkey
+.Bk -words
+.Op Ar cipher
+.Op Fl in Ar file
+.Op Fl inform Cm der | pem
+.Op Fl noout
+.Op Fl out Ar file
+.Op Fl outform Cm der | pem
+.Op Fl passin Ar arg
+.Op Fl passout Ar arg
+.Op Fl pubin
+.Op Fl pubout
+.Op Fl text
+.Op Fl text_pub
+.Ek
+.El
+.Pp
+The
+.Nm pkey
+command processes public or private keys.
+They can be converted between various forms
+and their components printed out.
+.Pp
+The options are as follows:
+.Bl -tag -width Ds
+.It Ar cipher
+Encrypt the private key with the specified cipher.
+Any algorithm name accepted by
+.Xr EVP_get_cipherbyname 3
+is acceptable, such as
+.Cm des3 .
+.It Fl in Ar file
+The input file to read from,
+or standard input if not specified.
+If the key is encrypted, a pass phrase will be prompted for.
+.It Fl inform Cm der | pem
+The input format.
+.It Fl noout
+Do not output the encoded version of the key.
+.It Fl out Ar file
+The output file to write to,
+or standard output if not specified.
+If any encryption options are set then a pass phrase
+will be prompted for.
+.It Fl outform Cm der | pem
+The output format.
+.It Fl passin Ar arg
+The key password source.
+.It Fl passout Ar arg
+The output file password source.
+.It Fl pubin
+Read in a public key, not a private key.
+.It Fl pubout
+Output a public key, not a private key.
+Automatically set if the input is a public key.
+.It Fl text
+Print the public/private key in plain text.
+.It Fl text_pub
+Print out only public key components
+even if a private key is being processed.
+.El
+.Tg pkeyparam
+.Sh PKEYPARAM
+.Cm openssl pkeyparam
+.Op Fl in Ar file
+.Op Fl noout
+.Op Fl out Ar file
+.Op Fl text
+.Pp
+The
+.Nm pkeyparam
+command processes public or private keys.
+The key type is determined by the PEM headers.
+.Pp
+The options are as follows:
+.Bl -tag -width Ds
+.It Fl in Ar file
+The input file to read from,
+or standard input if not specified.
+.It Fl noout
+Do not output the encoded version of the parameters.
+.It Fl out Ar file
+The output file to write to,
+or standard output if not specified.
+.It Fl text
+Print the parameters in plain text.
+.El
+.Tg pkeyutl
+.Sh PKEYUTL
+.Bl -hang -width "openssl pkeyutl"
+.It Nm openssl pkeyutl
+.Bk -words
+.Op Fl asn1parse
+.Op Fl certin
+.Op Fl decrypt
+.Op Fl derive
+.Op Fl encrypt
+.Op Fl hexdump
+.Op Fl in Ar file
+.Op Fl inkey Ar file
+.Op Fl keyform Cm der | pem
+.Op Fl out Ar file
+.Op Fl passin Ar arg
+.Op Fl peerform Cm der | pem
+.Op Fl peerkey Ar file
+.Op Fl pkeyopt Ar opt : Ns Ar value
+.Op Fl pubin
+.Op Fl rev
+.Op Fl sigfile Ar file
+.Op Fl sign
+.Op Fl verify
+.Op Fl verifyrecover
+.Ek
+.El
+.Pp
+The
+.Nm pkeyutl
+command can be used to perform public key operations using
+any supported algorithm.
+.Pp
+The options are as follows:
+.Bl -tag -width Ds
+.It Fl asn1parse
+ASN.1 parse the output data.
+This is useful when combined with the
+.Fl verifyrecover
+option when an ASN.1 structure is signed.
+.It Fl certin
+The input is a certificate containing a public key.
+.It Fl decrypt
+Decrypt the input data using a private key.
+.It Fl derive
+Derive a shared secret using the peer key.
+.It Fl encrypt
+Encrypt the input data using a public key.
+.It Fl hexdump
+Hex dump the output data.
+.It Fl in Ar file
+The input file to read from,
+or standard input if not specified.
+.It Fl inkey Ar file
+The input key file.
+By default it should be a private key.
+.It Fl keyform Cm der | pem
+The key format.
+.It Fl out Ar file
+The output file to write to,
+or standard output if not specified.
+.It Fl passin Ar arg
+The key password source.
+.It Fl peerform Cm der | pem
+The peer key format.
+.It Fl peerkey Ar file
+The peer key file, used by key derivation (agreement) operations.
+.It Fl pkeyopt Ar opt : Ns Ar value
+Set the public key algorithm option
+.Ar opt
+to
+.Ar value .
+Unless otherwise mentioned, all algorithms support the format
+.Ar digest : Ns Ar alg ,
+which specifies the digest to use
+for sign, verify, and verifyrecover operations.
+The value
+.Ar alg
+should represent a digest name as used in the
+.Xr EVP_get_digestbyname 3
+function.
+.Pp
+The RSA algorithm supports the
+encrypt, decrypt, sign, verify, and verifyrecover operations in general.
+Some padding modes only support some of these
+operations however.
+.Bl -tag -width Ds
+.It rsa_padding_mode : Ns Ar mode
+This sets the RSA padding mode.
+Acceptable values for
+.Ar mode
+are
+.Cm pkcs1
+for PKCS#1 padding;
+.Cm none
+for no padding;
+.Cm oaep
+for OAEP mode;
+.Cm x931
+for X9.31 mode;
+and
+.Cm pss
+for PSS.
+.Pp
+In PKCS#1 padding if the message digest is not set then the supplied data is
+signed or verified directly instead of using a DigestInfo structure.
+If a digest is set then a DigestInfo
+structure is used and its length
+must correspond to the digest type.
+For oeap mode only encryption and decryption is supported.
+For x931 if the digest type is set it is used to format the block data;
+otherwise the first byte is used to specify the X9.31 digest ID.
+Sign, verify, and verifyrecover can be performed in this mode.
+For pss mode only sign and verify are supported and the digest type must be
+specified.
+.It rsa_pss_saltlen : Ns Ar len
+For pss
+mode only this option specifies the salt length.
+Two special values are supported:
+-1 sets the salt length to the digest length.
+When signing, -2 sets the salt length to the maximum permissible value.
+When verifying, -2 causes the salt length to be automatically determined
+based on the PSS block structure.
+.El
+.Pp
+The DSA algorithm supports the sign and verify operations.
+Currently there are no additional options other than
+.Ar digest .
+Only the SHA1 digest can be used and this digest is assumed by default.
+.Pp
+The DH algorithm supports the derive operation
+and no additional options.
+.Pp
+The EC algorithm supports the sign, verify, and derive operations.
+The sign and verify operations use ECDSA and derive uses ECDH.
+Currently there are no additional options other than
+.Ar digest .
+Only the SHA1 digest can be used and this digest is assumed by default.
+.It Fl pubin
+The input file is a public key.
+.It Fl rev
+Reverse the order of the input buffer.
+.It Fl sigfile Ar file
+Signature file (verify operation only).
+.It Fl sign
+Sign the input data and output the signed result.
+This requires a private key.
+.It Fl verify
+Verify the input data against the signature file and indicate if the
+verification succeeded or failed.
+.It Fl verifyrecover
+Verify the input data and output the recovered data.
+.El
+.Tg prime
+.Sh PRIME
+.Cm openssl prime
+.Op Fl bits Ar n
+.Op Fl checks Ar n
+.Op Fl generate
+.Op Fl hex
+.Op Fl safe
+.Ar p
+.Pp
+The
+.Nm prime
+command is used to generate prime numbers,
+or to check numbers for primality.
+Results are probabilistic:
+they have an exceedingly high likelihood of being correct,
+but are not guaranteed.
+.Pp
+The options are as follows:
+.Bl -tag -width Ds
+.It Fl bits Ar n
+Specify the number of bits in the generated prime number.
+Must be used in conjunction with
+.Fl generate .
+.It Fl checks Ar n
+Perform a Miller-Rabin probabilistic primality test with
+.Ar n
+iterations.
+The default is 20.
+.It Fl generate
+Generate a pseudo-random prime number.
+Must be used in conjunction with
+.Fl bits .
+.It Fl hex
+Output in hex format.
+.It Fl safe
+Generate only
+.Qq safe
+prime numbers
+(i.e. a prime p so that (p-1)/2 is also prime).
+.It Ar p
+Test if number
+.Ar p
+is prime.
+.El
+.Tg rand
+.Sh RAND
+.Bl -hang -width "openssl rand"
+.It Nm openssl rand
+.Bk -words
+.Op Fl base64
+.Op Fl hex
+.Op Fl out Ar file
+.Ar num
+.Ek
+.El
+.Pp
+The
+.Nm rand
+command outputs
+.Ar num
+pseudo-random bytes.
+.Pp
+The options are as follows:
+.Bl -tag -width Ds
+.It Fl base64
+Perform base64 encoding on the output.
+.It Fl hex
+Specify hexadecimal output.
+.It Fl out Ar file
+The output file to write to,
+or standard output if not specified.
+.El
+.Tg req
+.Sh REQ
+.Bl -hang -width "openssl req"
+.It Nm openssl req
+.Bk -words
+.Op Fl addext Ar ext
+.Op Fl batch
+.Op Fl config Ar file
+.Op Fl days Ar n
+.Op Fl extensions Ar section
+.Op Fl in Ar file
+.Op Fl inform Cm der | pem
+.Op Fl key Ar keyfile
+.Op Fl keyform Cm der | pem
+.Op Fl keyout Ar file
+.Op Fl md4 | md5 | sha1
+.Op Fl modulus
+.Op Fl multivalue-rdn
+.Op Fl nameopt Ar option
+.Op Fl new
+.Op Fl newhdr
+.Op Fl newkey Ar arg
+.Op Fl nodes
+.Op Fl noout
+.Op Fl out Ar file
+.Op Fl outform Cm der | pem
+.Op Fl passin Ar arg
+.Op Fl passout Ar arg
+.Op Fl pkeyopt Ar opt:value
+.Op Fl pubkey
+.Op Fl reqexts Ar section
+.Op Fl reqopt Ar option
+.Op Fl set_serial Ar n
+.Op Fl sigopt Ar nm:v
+.Op Fl subj Ar arg
+.Op Fl subject
+.Op Fl text
+.Op Fl utf8
+.Op Fl verbose
+.Op Fl verify
+.Op Fl x509
+.Ek
+.El
+.Pp
+The
+.Nm req
+command primarily creates and processes certificate requests
+in PKCS#10 format.
+It can additionally create self-signed certificates,
+for use as root CAs, for example.
+.Pp
+The options are as follows:
+.Bl -tag -width Ds
+.It Fl addext Ar ext
+Add a specific extension to the certificate (if the
+.Fl x509
+option is present) or certificate request.
+The argument must have the form of a key=value pair as it would appear in a
+config file.
+This option can be given multiple times.
+.It Fl batch
+Non-interactive mode.
+.It Fl config Ar file
+Specify an alternative configuration file.
+.It Fl days Ar n
+Specify the number of days to certify the certificate for.
+The default is 30 days.
+Used with the
+.Fl x509
+option.
+.It Fl extensions Ar section , Fl reqexts Ar section
+Specify alternative sections to include certificate
+extensions (with
+.Fl x509 )
+or certificate request extensions,
+allowing several different sections to be used in the same configuration file.
+.It Fl in Ar file
+The input file to read a request from,
+or standard input if not specified.
+A request is only read if the creation options
+.Fl new
+and
+.Fl newkey
+are not specified.
+.It Fl inform Cm der | pem
+The input format.
+.It Fl key Ar keyfile
+The file to read the private key from.
+It also accepts PKCS#8 format private keys for PEM format files.
+.It Fl keyform Cm der | pem
+The format of the private key file specified in the
+.Fl key
+argument.
+The default is
+.Cm pem .
+.It Fl keyout Ar file
+The file to write the newly created private key to.
+If this option is not specified,
+the filename present in the configuration file is used.
+.It Fl md5 | sha1 | sha256
+The message digest to sign the request with.
+This overrides the digest algorithm specified in the configuration file.
+.Pp
+Some public key algorithms may override this choice.
+For instance, DSA signatures always use SHA1.
+.It Fl modulus
+Print the value of the modulus of the public key contained in the request.
+.It Fl multivalue-rdn
+This option causes the
+.Fl subj
+argument to be interpreted with full support for multivalued RDNs,
+for example
+.Qq "/DC=org/DC=OpenSSL/DC=users/UID=123456+CN=John Doe" .
+If
+.Fl multivalue-rdn
+is not used, the UID value is set to
+.Qq "123456+CN=John Doe" .
+.It Fl nameopt Ar option , Fl reqopt Ar option
+Determine how the subject or issuer names are displayed.
+.Ar option
+can be a single option or multiple options separated by commas.
+Alternatively, these options may be used more than once to set multiple options.
+See the
+.Sx X509
+section below for details.
+.It Fl new
+Generate a new certificate request.
+The user is prompted for the relevant field values.
+The actual fields prompted for and their maximum and minimum sizes
+are specified in the configuration file and any requested extensions.
+.Pp
+If the
+.Fl key
+option is not used, it will generate a new RSA private
+key using information specified in the configuration file.
+.It Fl newhdr
+Add the word NEW to the PEM file header and footer lines
+on the outputted request.
+Some software and CAs need this.
+.It Fl newkey Ar arg
+Create a new certificate request and a new private key.
+The argument takes one of several forms.
+.Pp
+.No rsa : Ns Ar nbits
+generates an RSA key
+.Ar nbits
+in size.
+If
+.Ar nbits
+is omitted,
+the default key size is used.
+.Pp
+.No dsa : Ns Ar file
+generates a DSA key using the parameters in
+.Ar file .
+.Pp
+.No param : Ns Ar file
+generates a key using the parameters or certificate in
+.Ar file .
+.Pp
+All other algorithms support the form
+.Ar algorithm : Ns Ar file ,
+where file may be an algorithm parameter file,
+created by the
+.Cm genpkey -genparam
+command or an X.509 certificate for a key with appropriate algorithm.
+.Ar file
+can be omitted,
+in which case any parameters can be specified via the
+.Fl pkeyopt
+option.
+.It Fl nodes
+Do not encrypt the private key.
+.It Fl noout
+Do not output the encoded version of the request.
+.It Fl out Ar file
+The output file to write to,
+or standard output if not specified.
+.It Fl outform Cm der | pem
+The output format.
+.It Fl passin Ar arg
+The key password source.
+.It Fl passout Ar arg
+The output file password source.
+.It Fl pkeyopt Ar opt:value
+Set the public key algorithm option
+.Ar opt
+to
+.Ar value .
+.It Fl pubkey
+Output the public key.
+.It Fl reqopt Ar option
+Customise the output format used with
+.Fl text .
+The
+.Ar option
+argument can be a single option or multiple options separated by commas.
+See also the discussion of
+.Fl certopt
+in the
+.Nm x509
+command.
+.It Fl set_serial Ar n
+Serial number to use when outputting a self-signed certificate.
+This may be specified as a decimal value or a hex value if preceded by
+.Sq 0x .
+It is possible to use negative serial numbers but this is not recommended.
+.It Fl sigopt Ar nm:v
+Pass options to the signature algorithm during sign operation.
+The names and values of these options are algorithm-specific.
+.It Fl subj Ar arg
+Replaces the subject field of an input request
+with the specified data and output the modified request.
+.Ar arg
+must be formatted as /type0=value0/type1=value1/type2=...;
+characters may be escaped by
+.Sq \e
+(backslash);
+no spaces are skipped.
+.It Fl subject
+Print the request subject (or certificate subject if
+.Fl x509
+is specified).
+.It Fl text
+Print the certificate request in plain text.
+.It Fl utf8
+Interpret field values as UTF8 strings, not ASCII.
+.It Fl verbose
+Print extra details about the operations being performed.
+.It Fl verify
+Verify the signature on the request.
+.It Fl x509
+Output a self-signed certificate instead of a certificate request.
+This is typically used to generate a test certificate or a self-signed root CA.
+The extensions added to the certificate (if any)
+are specified in the configuration file.
+Unless specified using the
+.Fl set_serial
+option, 0 is used for the serial number.
+.El
+.Pp
+The configuration options are specified in the
+.Qq req
+section of the configuration file.
+The options available are as follows:
+.Bl -tag -width "XXXX"
+.It Cm attributes
+The section containing any request attributes: its format
+is the same as
+.Cm distinguished_name .
+Typically these may contain the challengePassword or unstructuredName types.
+They are currently ignored by the
+.Nm openssl
+request signing utilities, but some CAs might want them.
+.It Cm default_bits
+The default key size, in bits.
+The default is 2048.
+It is used if the
+.Fl new
+option is used and can be overridden by using the
+.Fl newkey
+option.
+.It Cm default_keyfile
+The default file to write a private key to,
+or standard output if not specified.
+It can be overridden by the
+.Fl keyout
+option.
+.It Cm default_md
+The digest algorithm to use.
+Possible values include
+.Cm md5 ,
+.Cm sha1
+and
+.Cm sha256
+(the default).
+It can be overridden on the command line.
+.It Cm distinguished_name
+The section containing the distinguished name fields to
+prompt for when generating a certificate or certificate request.
+The format is described below.
+.It Cm encrypt_key
+If set to
+.Qq no
+and a private key is generated, it is not encrypted.
+It is equivalent to the
+.Fl nodes
+option.
+For compatibility,
+.Cm encrypt_rsa_key
+is an equivalent option.
+.It Cm input_password | output_password
+The passwords for the input private key file (if present)
+and the output private key file (if one will be created).
+The command line options
+.Fl passin
+and
+.Fl passout
+override the configuration file values.
+.It Cm oid_file
+A file containing additional OBJECT IDENTIFIERS.
+Each line of the file should consist of the numerical form of the
+object identifier, followed by whitespace, then the short name followed
+by whitespace and finally the long name.
+.It Cm oid_section
+Specify a section in the configuration file containing extra
+object identifiers.
+Each line should consist of the short name of the
+object identifier followed by
+.Sq =
+and the numerical form.
+The short and long names are the same when this option is used.
+.It Cm prompt
+If set to
+.Qq no ,
+it disables prompting of certificate fields
+and just takes values from the config file directly.
+It also changes the expected format of the
+.Cm distinguished_name
+and
+.Cm attributes
+sections.
+.It Cm req_extensions
+The configuration file section containing a list of
+extensions to add to the certificate request.
+It can be overridden by the
+.Fl reqexts
+option.
+.It Cm string_mask
+Limit the string types for encoding certain fields.
+The following values may be used, limiting strings to the indicated types:
+.Bl -tag -width "MASK:number"
+.It Cm utf8only
+UTF8String.
+This is the default, as recommended by PKIX in RFC 2459.
+.It Cm default
+PrintableString, IA5String, T61String, BMPString, UTF8String.
+.It Cm pkix
+PrintableString, IA5String, BMPString, UTF8String.
+Inspired by the PKIX recommendation in RFC 2459 for certificates
+generated before 2004, but differs by also permitting IA5String.
+.It Cm nombstr
+PrintableString, IA5String, T61String, UniversalString.
+A workaround for some ancient software that had problems
+with the variable-sized BMPString and UTF8String types.
+.It Cm MASK : Ns Ar number
+An explicit bitmask of permitted types, where
+.Ar number
+is a C-style hex, decimal, or octal number that's a bit-wise OR of
+.Dv B_ASN1_*
+values from
+.In openssl/asn1.h .
+.El
+.It Cm utf8
+If set to
+.Qq yes ,
+field values are interpreted as UTF8 strings.
+.It Cm x509_extensions
+The configuration file section containing a list of
+extensions to add to a certificate generated when the
+.Fl x509
+switch is used.
+It can be overridden by the
+.Fl extensions
+command line switch.
+.El
+.Pp
+There are two separate formats for the distinguished name and attribute
+sections.
+If the
+.Fl prompt
+option is set to
+.Qq no ,
+then these sections just consist of field names and values.
+If the
+.Fl prompt
+option is absent or not set to
+.Qq no ,
+then the file contains field prompting information of the form:
+.Bd -unfilled -offset indent
+fieldName="prompt"
+fieldName_default="default field value"
+fieldName_min= 2
+fieldName_max= 4
+.Ed
+.Pp
+.Qq fieldName
+is the field name being used, for example
+.Cm commonName
+(or CN).
+The
+.Qq prompt
+string is used to ask the user to enter the relevant details.
+If the user enters nothing, the default value is used;
+if no default value is present, the field is omitted.
+A field can still be omitted if a default value is present,
+if the user just enters the
+.Sq \&.
+character.
+.Pp
+The number of characters entered must be between the
+fieldName_min and fieldName_max limits:
+there may be additional restrictions based on the field being used
+(for example
+.Cm countryName
+can only ever be two characters long and must fit in a
+.Cm PrintableString ) .
+.Pp
+Some fields (such as
+.Cm organizationName )
+can be used more than once in a DN.
+This presents a problem because configuration files will
+not recognize the same name occurring twice.
+To avoid this problem, if the
+.Cm fieldName
+contains some characters followed by a full stop, they will be ignored.
+So, for example, a second
+.Cm organizationName
+can be input by calling it
+.Qq 1.organizationName .
+.Pp
+The actual permitted field names are any object identifier short or
+long names.
+These are compiled into
+.Nm openssl
+and include the usual values such as
+.Cm commonName , countryName , localityName , organizationName ,
+.Cm organizationalUnitName , stateOrProvinceName .
+Additionally,
+.Cm emailAddress
+is included as well as
+.Cm name , surname , givenName , initials
+and
+.Cm dnQualifier .
+.Pp
+Additional object identifiers can be defined with the
+.Cm oid_file
+or
+.Cm oid_section
+options in the configuration file.
+Any additional fields will be treated as though they were a
+.Cm DirectoryString .
+.Tg rsa
+.Sh RSA
+.Bl -hang -width "openssl rsa"
+.It Nm openssl rsa
+.Bk -words
+.Op Fl aes128 | aes192 | aes256 | des | des3
+.Op Fl check
+.Op Fl in Ar file
+.Op Fl inform Cm der | net | pem | pvk
+.Op Fl modulus
+.Op Fl noout
+.Op Fl out Ar file
+.Op Fl outform Cm der | net | pem | pvk
+.Op Fl passin Ar arg
+.Op Fl passout Ar arg
+.Op Fl pubin
+.Op Fl pubout
+.Op Fl pvk-none | pvk-strong | pvk-weak
+.Op Fl RSAPublicKey_in
+.Op Fl RSAPublicKey_out
+.Op Fl text
+.Ek
+.El
+.Pp
+The
+.Nm rsa
+command processes RSA keys.
+They can be converted between various forms and their components printed out.
+.Nm rsa
+uses the traditional
+.Nm SSLeay
+compatible format for private key encryption:
+newer applications should use the more secure PKCS#8 format using the
+.Nm pkcs8
+utility.
+.Pp
+The options are as follows:
+.Bl -tag -width Ds
+.It Fl aes128 | aes192 | aes256 | des | des3
+Encrypt the private key with the AES, DES,
+or the triple DES ciphers, respectively, before outputting it.
+A pass phrase is prompted for.
+If none of these options are specified, the key is written in plain text.
+This means that using the
+.Nm rsa
+utility to read in an encrypted key with no encryption option can be used
+to remove the pass phrase from a key, or by setting the encryption options
+it can be used to add or change the pass phrase.
+These options can only be used with PEM format output files.
+.It Fl check
+Check the consistency of an RSA private key.
+.It Fl in Ar file
+The input file to read from,
+or standard input if not specified.
+If the key is encrypted, a pass phrase will be prompted for.
+.It Fl inform Cm der | net | pem | pvk
+The input format.
+.It Fl noout
+Do not output the encoded version of the key.
+.It Fl modulus
+Print the value of the modulus of the key.
+.It Fl out Ar file
+The output file to write to,
+or standard output if not specified.
+.It Fl outform Cm der | net | pem | pvk
+The output format.
+.It Fl passin Ar arg
+The key password source.
+.It Fl passout Ar arg
+The output file password source.
+.It Fl pubin
+Read in a public key,
+not a private key.
+.It Fl pubout
+Output a public key,
+not a private key.
+Automatically set if the input is a public key.
+.It Xo
+.Fl pvk-none | pvk-strong | pvk-weak
+.Xc
+Enable or disable PVK encoding.
+The default is
+.Fl pvk-strong .
+.It Fl RSAPublicKey_in , RSAPublicKey_out
+Same as
+.Fl pubin
+and
+.Fl pubout
+except
+.Cm RSAPublicKey
+format is used instead.
+.It Fl text
+Print the public/private key components in plain text.
+.El
+.Tg rsautl
+.Sh RSAUTL
+.Bl -hang -width "openssl rsautl"
+.It Nm openssl rsautl
+.Bk -words
+.Op Fl asn1parse
+.Op Fl certin
+.Op Fl decrypt
+.Op Fl encrypt
+.Op Fl hexdump
+.Op Fl in Ar file
+.Op Fl inkey Ar file
+.Op Fl keyform Cm der | pem
+.Op Fl oaep | pkcs | raw | x931
+.Op Fl out Ar file
+.Op Fl passin Ar arg
+.Op Fl pubin
+.Op Fl rev
+.Op Fl sign
+.Op Fl verify
+.Ek
+.El
+.Pp
+The
+.Nm rsautl
+command can be used to sign, verify, encrypt and decrypt
+data using the RSA algorithm.
+.Pp
+The options are as follows:
+.Bl -tag -width Ds
+.It Fl asn1parse
+Asn1parse the output data; this is useful when combined with the
+.Fl verify
+option.
+.It Fl certin
+The input is a certificate containing an RSA public key.
+.It Fl decrypt
+Decrypt the input data using an RSA private key.
+.It Fl encrypt
+Encrypt the input data using an RSA public key.
+.It Fl hexdump
+Hex dump the output data.
+.It Fl in Ar file
+The input to read from,
+or standard input if not specified.
+.It Fl inkey Ar file
+The input key file; by default an RSA private key.
+.It Fl keyform Cm der | pem
+The private key format.
+The default is
+.Cm pem .
+.It Fl oaep | pkcs | raw | x931
+The padding to use:
+PKCS#1 OAEP, PKCS#1 v1.5 (the default), no padding, or ANSI X9.31,
+respectively.
+For signatures, only
+.Fl pkcs
+and
+.Fl raw
+can be used.
+.It Fl out Ar file
+The output file to write to,
+or standard output if not specified.
+.It Fl passin Ar arg
+The key password source.
+.It Fl pubin
+The input file is an RSA public key.
+.It Fl rev
+Reverse the order of the input buffer.
+.It Fl sign
+Sign the input data and output the signed result.
+This requires an RSA private key.
+.It Fl verify
+Verify the input data and output the recovered data.
+.El
+.Tg s_client
+.Sh S_CLIENT
+.Bl -hang -width "openssl s_client"
+.It Nm openssl s_client
+.Bk -words
+.Op Fl 4 | 6
+.Op Fl alpn Ar protocols
+.Op Fl bugs
+.Op Fl CAfile Ar file
+.Op Fl CApath Ar directory
+.Op Fl cert Ar file
+.Op Fl certform Cm der | pem
+.Op Fl check_ss_sig
+.Op Fl cipher Ar cipherlist
+.Op Fl connect Ar host Ns Op : Ns Ar port
+.Op Fl crl_check
+.Op Fl crl_check_all
+.Op Fl crlf
+.Op Fl debug
+.Op Fl dtls
+.Op Fl dtls1_2
+.Op Fl extended_crl
+.Op Fl groups Ar list
+.Op Fl host Ar host
+.Op Fl ign_eof
+.Op Fl ignore_critical
+.Op Fl issuer_checks
+.Op Fl key Ar keyfile
+.Op Fl keyform Cm der | pem
+.Op Fl keymatexport Ar label
+.Op Fl keymatexportlen Ar len
+.Op Fl legacy_server_connect
+.Op Fl msg
+.Op Fl mtu Ar mtu
+.Op Fl nbio
+.Op Fl nbio_test
+.Op Fl no_comp
+.Op Fl no_ign_eof
+.Op Fl no_legacy_server_connect
+.Op Fl no_ticket
+.Op Fl no_tls1_2
+.Op Fl no_tls1_3
+.Op Fl pass Ar arg
+.Op Fl policy_check
+.Op Fl port Ar port
+.Op Fl prexit
+.Op Fl proxy Ar host : Ns Ar port
+.Op Fl quiet
+.Op Fl reconnect
+.Op Fl servername Ar name
+.Op Fl serverpref
+.Op Fl sess_in Ar file
+.Op Fl sess_out Ar file
+.Op Fl showcerts
+.Op Fl starttls Ar protocol
+.Op Fl state
+.Op Fl status
+.Op Fl timeout
+.Op Fl tls1_2
+.Op Fl tls1_3
+.Op Fl tlsextdebug
+.Op Fl use_srtp Ar profiles
+.Op Fl verify Ar depth
+.Op Fl verify_return_error
+.Op Fl x509_strict
+.Op Fl xmpphost Ar host
+.Ek
+.El
+.Pp
+The
+.Nm s_client
+command implements a generic SSL/TLS client which connects
+to a remote host using SSL/TLS.
+.Pp
+If a connection is established with an SSL server, any data received
+from the server is displayed and any key presses will be sent to the
+server.
+When used interactively (which means neither
+.Fl quiet
+nor
+.Fl ign_eof
+have been given), the session will be renegotiated if the line begins with an
+.Cm R ;
+if the line begins with a
+.Cm Q
+or if end of file is reached, the connection will be closed down.
+.Pp
+The options are as follows:
+.Bl -tag -width Ds
+.It Fl 4
+Attempt connections using IPv4 only.
+.It Fl 6
+Attempt connections using IPv6 only.
+.It Fl alpn Ar protocols
+Enable the Application-Layer Protocol Negotiation.
+.Ar protocols
+is a comma-separated list of protocol names that the client should advertise
+support for.
+.It Fl bugs
+Enable various workarounds for buggy implementations.
+.It Fl CAfile Ar file
+A
+.Ar file
+containing trusted certificates to use during server authentication
+and to use when attempting to build the client certificate chain.
+.It Fl CApath Ar directory
+The
+.Ar directory
+to use for server certificate verification.
+This directory must be in
+.Qq hash format ;
+see
+.Fl verify
+for more information.
+These are also used when building the client certificate chain.
+.It Fl cert Ar file
+The certificate to use, if one is requested by the server.
+The default is not to use a certificate.
+.It Fl certform Cm der | pem
+The certificate format.
+The default is
+.Cm pem .
+.It Xo
+.Fl check_ss_sig ,
+.Fl crl_check ,
+.Fl crl_check_all ,
+.Fl extended_crl ,
+.Fl ignore_critical ,
+.Fl issuer_checks ,
+.Fl policy_check ,
+.Fl x509_strict
+.Xc
+Set various certificate chain validation options.
+See the
+.Nm verify
+command for details.
+.It Fl cipher Ar cipherlist
+Modify the cipher list sent by the client.
+Although the server determines which cipher suite is used, it should take
+the first supported cipher in the list sent by the client.
+See the
+.Nm ciphers
+command for more information.
+.It Fl connect Ar host Ns Op : Ns Ar port
+The
+.Ar host
+and
+.Ar port
+to connect to.
+If not specified, an attempt is made to connect to the local host
+on port 4433.
+Alternatively, the host and port pair may be separated using a forward-slash
+character,
+which is useful for numeric IPv6 addresses.
+.It Fl crlf
+Translate a line feed from the terminal into CR+LF,
+as required by some servers.
+.It Fl debug
+Print extensive debugging information, including a hex dump of all traffic.
+.It Fl dtls
+Permit any version of DTLS.
+.It Fl dtls1_2
+Permit only DTLS1.2.
+.It Fl groups Ar list
+Set the supported elliptic curve groups to the colon separated
+.Ar list
+of group NIDs or names as documented in
+.Xr SSL_CTX_set1_groups_list 3 .
+.It Fl host Ar host
+The
+.Ar host
+to connect to.
+The default is localhost.
+.It Fl ign_eof
+Inhibit shutting down the connection when end of file is reached in the input.
+.It Fl key Ar keyfile
+The private key to use.
+If not specified, the certificate file will be used.
+.It Fl keyform Cm der | pem
+The private key format.
+The default is
+.Cm pem .
+.It Fl keymatexport Ar label
+Export keying material using label.
+.It Fl keymatexportlen Ar len
+Export len bytes of keying material (default 20).
+.It Fl legacy_server_connect , no_legacy_server_connect
+Allow or disallow initial connection to servers that don't support RI.
+.It Fl msg
+Show all protocol messages with hex dump.
+.It Fl mtu Ar mtu
+Set the link layer MTU.
+.It Fl nbio
+Turn on non-blocking I/O.
+.It Fl nbio_test
+Test non-blocking I/O.
+.It Fl no_ign_eof
+Shut down the connection when end of file is reached in the input.
+Can be used to override the implicit
+.Fl ign_eof
+after
+.Fl quiet .
+.It Fl no_tls1_2 | no_tls1_3
+Disable the use of TLS1.2 and 1.3, respectively.
+.It Fl no_ticket
+Disable RFC 4507 session ticket support.
+.It Fl pass Ar arg
+The private key password source.
+.It Fl port Ar port
+The
+.Ar port
+to connect to.
+The default is 4433.
+.It Fl prexit
+Print session information when the program exits.
+This will always attempt
+to print out information even if the connection fails.
+Normally, information will only be printed out once if the connection succeeds.
+This option is useful because the cipher in use may be renegotiated
+or the connection may fail because a client certificate is required or is
+requested only after an attempt is made to access a certain URL.
+Note that the output produced by this option is not always accurate
+because a connection might never have been established.
+.It Fl proxy Ar host : Ns Ar port
+Use the HTTP proxy at
+.Ar host
+and
+.Ar port .
+The connection to the proxy is done in cleartext and the
+.Fl connect
+argument is given to the proxy.
+If not specified, localhost is used as final destination.
+After that, switch the connection through the proxy to the destination
+to TLS.
+.It Fl quiet
+Inhibit printing of session and certificate information.
+This implicitly turns on
+.Fl ign_eof
+as well.
+.It Fl reconnect
+Reconnect to the same server 5 times using the same session ID; this can
+be used as a test that session caching is working.
+.It Fl servername Ar name
+Include the TLS Server Name Indication (SNI) extension in the ClientHello
+message, using the specified server
+.Ar name .
+.It Fl showcerts
+Display the whole server certificate chain: normally only the server
+certificate itself is displayed.
+.It Fl serverpref
+Use the server's cipher preferences.
+.It Fl sess_in Ar file
+Load TLS session from file.
+The client will attempt to resume a connection from this session.
+.It Fl sess_out Ar file
+Output TLS session to file.
+.It Fl starttls Ar protocol
+Send the protocol-specific messages to switch to TLS for communication.
+.Ar protocol
+is a keyword for the intended protocol.
+Currently, the supported keywords are
+.Qq ftp ,
+.Qq imap ,
+.Qq sieve ,
+.Qq smtp ,
+.Qq pop3 ,
+and
+.Qq xmpp .
+.It Fl state
+Print the SSL session states.
+.It Fl status
+Send a certificate status request to the server (OCSP stapling).
+The server response (if any) is printed out.
+.It Fl timeout
+Enable send/receive timeout on DTLS connections.
+.It Fl tls1_2 | tls1_3
+Permit only TLS1.2 or 1.3 respectively.
+.It Fl tlsextdebug
+Print a hex dump of any TLS extensions received from the server.
+.It Fl use_srtp Ar profiles
+Offer SRTP key management with a colon-separated profile list.
+.It Fl verify Ar depth
+Turn on server certificate verification,
+with a maximum length of
+.Ar depth .
+Currently the verify operation continues after errors so all the problems
+with a certificate chain can be seen.
+As a side effect the connection will never fail due to a server
+certificate verify failure.
+.It Fl verify_return_error
+Return verification error.
+.It Fl xmpphost Ar hostname
+When used with
+.Fl starttls Ar xmpp ,
+specify the host for the "to" attribute of the stream element.
+If this option is not specified then the host specified with
+.Fl connect
+will be used.
+.El
+.Tg s_server
+.Sh S_SERVER
+.Bl -hang -width "openssl s_server"
+.It Nm openssl s_server
+.Bk -words
+.Op Fl accept Ar port
+.Op Fl alpn Ar protocols
+.Op Fl bugs
+.Op Fl CAfile Ar file
+.Op Fl CApath Ar directory
+.Op Fl cert Ar file
+.Op Fl cert2 Ar file
+.Op Fl certform Cm der | pem
+.Op Fl cipher Ar cipherlist
+.Op Fl context Ar id
+.Op Fl crl_check
+.Op Fl crl_check_all
+.Op Fl crlf
+.Op Fl dcert Ar file
+.Op Fl dcertform Cm der | pem
+.Op Fl debug
+.Op Fl dhparam Ar file
+.Op Fl dkey Ar file
+.Op Fl dkeyform Cm der | pem
+.Op Fl dpass Ar arg
+.Op Fl dtls
+.Op Fl dtls1
+.Op Fl dtls1_2
+.Op Fl groups Ar list
+.Op Fl HTTP
+.Op Fl id_prefix Ar arg
+.Op Fl key Ar keyfile
+.Op Fl key2 Ar keyfile
+.Op Fl keyform Cm der | pem
+.Op Fl keymatexport Ar label
+.Op Fl keymatexportlen Ar len
+.Op Fl msg
+.Op Fl mtu Ar mtu
+.Op Fl naccept Ar num
+.Op Fl named_curve Ar arg
+.Op Fl nbio
+.Op Fl nbio_test
+.Op Fl no_cache
+.Op Fl no_dhe
+.Op Fl no_ecdhe
+.Op Fl no_ticket
+.Op Fl no_tls1_2
+.Op Fl no_tls1_3
+.Op Fl no_tmp_rsa
+.Op Fl nocert
+.Op Fl pass Ar arg
+.Op Fl quiet
+.Op Fl servername Ar name
+.Op Fl servername_fatal
+.Op Fl serverpref
+.Op Fl state
+.Op Fl status
+.Op Fl status_timeout Ar nsec
+.Op Fl status_url Ar url
+.Op Fl status_verbose
+.Op Fl timeout
+.Op Fl tls1_2
+.Op Fl tls1_3
+.Op Fl tlsextdebug
+.Op Fl use_srtp Ar profiles
+.Op Fl Verify Ar depth
+.Op Fl verify Ar depth
+.Op Fl verify_return_error
+.Op Fl WWW
+.Op Fl www
+.Ek
+.El
+.Pp
+The
+.Nm s_server
+command implements a generic SSL/TLS server which listens
+for connections on a given port using SSL/TLS.
+.Pp
+If a connection request is established with a client and neither the
+.Fl www
+nor the
+.Fl WWW
+option has been used, then any data received
+from the client is displayed and any key presses are sent to the client.
+Certain single letter commands perform special operations:
+.Pp
+.Bl -tag -width "XXXX" -compact
+.It Ic P
+Send plain text, which should cause the client to disconnect.
+.It Ic Q
+End the current SSL connection and exit.
+.It Ic q
+End the current SSL connection, but still accept new connections.
+.It Ic R
+Renegotiate the SSL session and request a client certificate.
+.It Ic r
+Renegotiate the SSL session.
+.It Ic S
+Print out some session cache status information.
+.El
+.Pp
+The options are as follows:
+.Bl -tag -width Ds
+.It Fl accept Ar port
+Listen on TCP
+.Ar port
+for connections.
+The default is port 4433.
+.It Fl alpn Ar protocols
+Enable the Application-Layer Protocol Negotiation.
+.Ar protocols
+is a comma-separated list of supported protocol names.
+.It Fl bugs
+Enable various workarounds for buggy implementations.
+.It Fl CAfile Ar file
+A
+.Ar file
+containing trusted certificates to use during client authentication
+and to use when attempting to build the server certificate chain.
+The list is also used in the list of acceptable client CAs passed to the
+client when a certificate is requested.
+.It Fl CApath Ar directory
+The
+.Ar directory
+to use for client certificate verification.
+This directory must be in
+.Qq hash format ;
+see
+.Fl verify
+for more information.
+These are also used when building the server certificate chain.
+.It Fl cert Ar file
+The certificate to use: most server's cipher suites require the use of a
+certificate and some require a certificate with a certain public key type.
+For example, the DSS cipher suites require a certificate containing a DSS
+(DSA) key.
+If not specified, the file
+.Pa server.pem
+will be used.
+.It Fl cert2 Ar file
+The certificate to use for servername.
+.It Fl certform Cm der | pem
+The certificate format.
+The default is
+.Cm pem .
+.It Fl cipher Ar cipherlist
+Modify the cipher list used by the server.
+This allows the cipher list used by the server to be modified.
+When the client sends a list of supported ciphers, the first client cipher
+also included in the server list is used.
+Because the client specifies the preference order, the order of the server
+cipherlist is irrelevant.
+See the
+.Nm ciphers
+command for more information.
+.It Fl context Ar id
+Set the SSL context ID.
+It can be given any string value.
+.It Fl crl_check , crl_check_all
+Check the peer certificate has not been revoked by its CA.
+The CRLs are appended to the certificate file.
+.Fl crl_check_all
+checks all CRLs of all CAs in the chain.
+.It Fl crlf
+Translate a line feed from the terminal into CR+LF.
+.It Fl dcert Ar file , Fl dkey Ar file
+Specify an additional certificate and private key; these behave in the
+same manner as the
+.Fl cert
+and
+.Fl key
+options except there is no default if they are not specified
+(no additional certificate or key is used).
+By using RSA and DSS certificates and keys,
+a server can support clients which only support RSA or DSS cipher suites
+by using an appropriate certificate.
+.It Fl dcertform Cm der | pem , Fl dkeyform Cm der | pem , Fl dpass Ar arg
+Additional certificate and private key format, and private key password source,
+respectively.
+.It Fl debug
+Print extensive debugging information, including a hex dump of all traffic.
+.It Fl dhparam Ar file
+The DH parameter file to use.
+The ephemeral DH cipher suites generate keys
+using a set of DH parameters.
+If not specified, an attempt is made to
+load the parameters from the server certificate file.
+If this fails, a static set of parameters hard coded into the
+.Nm s_server
+program will be used.
+.It Fl dtls
+Permit any version of DTLS.
+.It Fl dtls1_2
+Permit only DTLS1.2.
+.It Fl groups Ar list
+Set the supported elliptic curve groups to the colon separated
+.Ar list
+of group NIDs or names as documented in
+.Xr SSL_CTX_set1_groups_list 3 .
+.It Fl HTTP
+Emulate a simple web server.
+Pages are resolved relative to the current directory.
+For example if the URL
+.Pa https://myhost/page.html
+is requested, the file
+.Pa ./page.html
+will be loaded.
+The files loaded are assumed to contain a complete and correct HTTP
+response (lines that are part of the HTTP response line and headers
+must end with CRLF).
+.It Fl id_prefix Ar arg
+Generate SSL/TLS session IDs prefixed by
+.Ar arg .
+This is mostly useful for testing any SSL/TLS code
+that wish to deal with multiple servers,
+when each of which might be generating a unique range of session IDs.
+.It Fl key Ar keyfile
+The private key to use.
+If not specified, the certificate file will be used.
+.It Fl key2 Ar keyfile
+The private key to use for servername.
+.It Fl keyform Cm der | pem
+The private key format.
+The default is
+.Cm pem .
+.It Fl keymatexport Ar label
+Export keying material using label.
+.It Fl keymatexportlen Ar len
+Export len bytes of keying material (default 20).
+.It Fl msg
+Show all protocol messages with hex dump.
+.It Fl mtu Ar mtu
+Set the link layer MTU.
+.It Fl naccept Ar num
+Terminate server after
+.Ar num
+connections.
+.It Fl named_curve Ar arg
+Specify the elliptic curve name to use for ephemeral ECDH keys.
+This option is deprecated; use
+.Fl groups
+instead.
+.It Fl nbio
+Turn on non-blocking I/O.
+.It Fl nbio_test
+Test non-blocking I/O.
+.It Fl no_cache
+Disable session caching.
+.It Fl no_dhe
+Disable ephemeral DH cipher suites.
+.It Fl no_ecdhe
+Disable ephemeral ECDH cipher suites.
+.It Fl no_ticket
+Disable RFC 4507 session ticket support.
+.It Fl no_tls1_2 | no_tls1_3
+Disable the use of TLS1.2 and 1.3, respectively.
+.It Fl no_tmp_rsa
+Disable temporary RSA key generation.
+.It Fl nocert
+Do not use a certificate.
+This restricts the cipher suites available to the anonymous ones
+(currently just anonymous DH).
+.It Fl pass Ar arg
+The private key password source.
+.It Fl quiet
+Inhibit printing of session and certificate information.
+.It Fl servername Ar name
+Set the TLS Server Name Indication (SNI) extension with
+.Ar name .
+.It Fl servername_fatal
+Send fatal alert if servername does not match.
+The default is warning alert.
+.It Fl serverpref
+Use server's cipher preferences.
+.It Fl state
+Print the SSL session states.
+.It Fl status
+Enables certificate status request support (OCSP stapling).
+.It Fl status_timeout Ar nsec
+Sets the timeout for OCSP response in seconds.
+.It Fl status_url Ar url
+Sets a fallback responder URL to use if no responder URL is present in the
+server certificate.
+Without this option, an error is returned if the server certificate does not
+contain a responder address.
+.It Fl status_verbose
+Enables certificate status request support (OCSP stapling) and gives a verbose
+printout of the OCSP response.
+.It Fl timeout
+Enable send/receive timeout on DTLS connections.
+.It Fl tls1_2 | tls1_3
+Permit only TLS1.2, or 1.3, respectively.
+.It Fl tlsextdebug
+Print a hex dump of any TLS extensions received from the server.
+.It Fl use_srtp Ar profiles
+Offer SRTP key management with a colon-separated profile list.
+.It Fl verify_return_error
+Return verification error.
+.It Fl WWW
+Emulate a simple web server.
+Pages are resolved relative to the current directory.
+For example if the URL
+.Pa https://myhost/page.html
+is requested, the file
+.Pa ./page.html
+will be loaded.
+.It Fl www
+Send a status message to the client when it connects,
+including information about the ciphers used and various session parameters.
+The output is in HTML format so this option will normally be used with a
+web browser.
+.It Fl Verify Ar depth , Fl verify Ar depth
+Request a certificate chain from the client,
+with a maximum length of
+.Ar depth .
+With
+.Fl Verify ,
+the client must supply a certificate or an error occurs;
+with
+.Fl verify ,
+a certificate is requested but the client does not have to send one.
+.El
+.Tg s_time
+.Sh S_TIME
+.Bl -hang -width "openssl s_time"
+.It Nm openssl s_time
+.Bk -words
+.Op Fl bugs
+.Op Fl CAfile Ar file
+.Op Fl CApath Ar directory
+.Op Fl cert Ar file
+.Op Fl cipher Ar cipherlist
+.Op Fl connect Ar host Ns Op : Ns Ar port
+.Op Fl key Ar keyfile
+.Op Fl nbio
+.Op Fl new
+.Op Fl no_shutdown
+.Op Fl reuse
+.Op Fl time Ar seconds
+.Op Fl verify Ar depth
+.Op Fl www Ar page
+.Ek
+.El
+.Pp
+The
+.Nm s_time
+command implements a generic SSL/TLS client which connects to a
+remote host using SSL/TLS.
+It can request a page from the server and includes
+the time to transfer the payload data in its timing measurements.
+It measures the number of connections within a given timeframe,
+the amount of data transferred
+.Pq if any ,
+and calculates the average time spent for one connection.
+.Pp
+The options are as follows:
+.Bl -tag -width Ds
+.It Fl bugs
+Enable various workarounds for buggy implementations.
+.It Fl CAfile Ar file
+A
+.Ar file
+containing trusted certificates to use during server authentication
+and to use when attempting to build the client certificate chain.
+.It Fl CApath Ar directory
+The directory to use for server certificate verification.
+This directory must be in
+.Qq hash format ;
+see
+.Nm verify
+for more information.
+These are also used when building the client certificate chain.
+.It Fl cert Ar file
+The certificate to use, if one is requested by the server.
+The default is not to use a certificate.
+.It Fl cipher Ar cipherlist
+Modify the cipher list sent by the client.
+Although the server determines which cipher suite is used,
+it should take the first supported cipher in the list sent by the client.
+See the
+.Nm ciphers
+command for more information.
+.It Fl connect Ar host Ns Op : Ns Ar port
+The host and port to connect to.
+.It Fl key Ar keyfile
+The private key to use.
+If not specified, the certificate file will be used.
+.It Fl nbio
+Turn on non-blocking I/O.
+.It Fl new
+Perform the timing test using a new session ID for each connection.
+If neither
+.Fl new
+nor
+.Fl reuse
+are specified,
+they are both on by default and executed in sequence.
+.It Fl no_shutdown
+Shut down the connection without sending a
+.Qq close notify
+shutdown alert to the server.
+.It Fl reuse
+Perform the timing test using the same session ID for each connection.
+If neither
+.Fl new
+nor
+.Fl reuse
+are specified,
+they are both on by default and executed in sequence.
+.It Fl time Ar seconds
+Limit
+.Nm s_time
+benchmarks to the number of
+.Ar seconds .
+The default is 30 seconds.
+.It Fl verify Ar depth
+Turn on server certificate verification,
+with a maximum length of
+.Ar depth .
+Currently the verify operation continues after errors, so all the problems
+with a certificate chain can be seen.
+As a side effect,
+the connection will never fail due to a server certificate verify failure.
+.It Fl www Ar page
+The page to GET from the server.
+A value of
+.Sq /
+gets the index.htm[l] page.
+If this parameter is not specified,
+.Nm s_time
+will only perform the handshake to establish SSL connections
+but not transfer any payload data.
+.El
+.Tg sess_id
+.Sh SESS_ID
+.Bl -hang -width "openssl sess_id"
+.It Nm openssl sess_id
+.Bk -words
+.Op Fl cert
+.Op Fl context Ar ID
+.Op Fl in Ar file
+.Op Fl inform Cm der | pem
+.Op Fl noout
+.Op Fl out Ar file
+.Op Fl outform Cm der | pem
+.Op Fl text
+.Ek
+.El
+.Pp
+The
+.Nm sess_id
+program processes the encoded version of the SSL session structure and
+optionally prints out SSL session details
+(for example the SSL session master key)
+in human-readable format.
+.Pp
+The options are as follows:
+.Bl -tag -width Ds
+.It Fl cert
+If a certificate is present in the session,
+it will be output using this option;
+if the
+.Fl text
+option is also present, then it will be printed out in text form.
+.It Fl context Ar ID
+Set the session
+.Ar ID .
+The ID can be any string of characters.
+.It Fl in Ar file
+The input file to read from,
+or standard input if not specified.
+.It Fl inform Cm der | pem
+The input format.
+.Cm der
+uses an ASN.1 DER-encoded format containing session details.
+The precise format can vary from one version to the next.
+.Cm pem
+is the default format: it consists of the DER
+format base64-encoded with additional header and footer lines.
+.It Fl noout
+Do not output the encoded version of the session.
+.It Fl out Ar file
+The output file to write to,
+or standard output if not specified.
+.It Fl outform Cm der | pem
+The output format.
+.It Fl text
+Print the various public or private key components in plain text,
+in addition to the encoded version.
+.El
+.Pp
+The output of
+.Nm sess_id
+is composed as follows:
+.Pp
+.Bl -tag -width "Verify return code " -offset 3n -compact
+.It Protocol
+The protocol in use.
+.It Cipher
+The actual raw SSL or TLS cipher code.
+.It Session-ID
+The SSL session ID, in hex format.
+.It Session-ID-ctx
+The session ID context, in hex format.
+.It Master-Key
+The SSL session master key.
+.It Key-Arg
+The key argument; this is only used in SSL v2.
+.It Start Time
+The session start time.
+.Ux
+format.
+.It Timeout
+The timeout, in seconds.
+.It Verify return code
+The return code when a certificate is verified.
+.El
+.Pp
+Since the SSL session output contains the master key, it is possible to read
+the contents of an encrypted session using this information.
+Therefore appropriate security precautions
+should be taken if the information is being output by a
+.Qq real
+application.
+This is, however, strongly discouraged and should only be used for
+debugging purposes.
+.Tg smime
+.Sh SMIME
+.Bl -hang -width "openssl smime"
+.It Nm openssl smime
+.Bk -words
+.Oo
+.Fl aes128 | aes192 | aes256 | des |
+.Fl des3 | rc2-40 | rc2-64 | rc2-128
+.Oc
+.Op Fl binary
+.Op Fl CAfile Ar file
+.Op Fl CApath Ar directory
+.Op Fl certfile Ar file
+.Op Fl check_ss_sig
+.Op Fl content Ar file
+.Op Fl crl_check
+.Op Fl crl_check_all
+.Op Fl decrypt
+.Op Fl encrypt
+.Op Fl extended_crl
+.Op Fl from Ar addr
+.Op Fl ignore_critical
+.Op Fl in Ar file
+.Op Fl indef
+.Op Fl inform Cm der | pem | smime
+.Op Fl inkey Ar file
+.Op Fl issuer_checks
+.Op Fl keyform Cm der | pem
+.Op Fl md Ar digest
+.Op Fl noattr
+.Op Fl nocerts
+.Op Fl nochain
+.Op Fl nodetach
+.Op Fl noindef
+.Op Fl nointern
+.Op Fl nosigs
+.Op Fl nosmimecap
+.Op Fl noverify
+.Op Fl out Ar file
+.Op Fl outform Cm der | pem | smime
+.Op Fl passin Ar arg
+.Op Fl pk7out
+.Op Fl policy_check
+.Op Fl recip Ar file
+.Op Fl resign
+.Op Fl sign
+.Op Fl signer Ar file
+.Op Fl stream
+.Op Fl subject Ar s
+.Op Fl text
+.Op Fl to Ar addr
+.Op Fl verify
+.Op Fl x509_strict
+.Op Ar cert.pem ...
+.Ek
+.El
+.Pp
+The
+.Nm smime
+command handles S/MIME mail.
+It can encrypt, decrypt, sign, and verify S/MIME messages.
+.Pp
+The MIME message must be sent without any blank lines between the
+headers and the output.
+Some mail programs will automatically add a blank line.
+Piping the mail directly to an MTA is one way to
+achieve the correct format.
+.Pp
+The supplied message to be signed or encrypted must include the necessary
+MIME headers or many S/MIME clients won't display it properly (if at all).
+Use the
+.Fl text
+option to automatically add plain text headers.
+.Pp
+A
+.Qq signed and encrypted
+message is one where a signed message is then encrypted.
+This can be produced by encrypting an already signed message.
+.Pp
+There are a number of operations that can be performed, as follows:
+.Bl -tag -width "XXXX"
+.It Fl decrypt
+Decrypt mail using the supplied certificate and private key.
+The input file is an encrypted mail message in MIME format.
+The decrypted mail is written to the output file.
+.It Fl encrypt
+Encrypt mail for the given recipient certificates.
+The input is the message to be encrypted.
+The output file is the encrypted mail, in MIME format.
+.It Fl pk7out
+Take an input message and write out a PEM-encoded PKCS#7 structure.
+.It Fl resign
+Resign a message: take an existing message and one or more new signers.
+.It Fl sign
+Sign mail using the supplied certificate and private key.
+The input file is the message to be signed.
+The signed message, in MIME format, is written to the output file.
+.It Fl verify
+Verify signed mail.
+The input is a signed mail message and the output is the signed data.
+Both clear text and opaque signing is supported.
+.El
+.Pp
+The remaining options are as follows:
+.Bl -tag -width "XXXX"
+.It Xo
+.Fl aes128 | aes192 | aes256 | des |
+.Fl des3 | rc2-40 | rc2-64 | rc2-128
+.Xc
+The encryption algorithm to use.
+128-, 192-, or 256-bit AES, DES (56 bits), triple DES (168 bits),
+or 40-, 64-, or 128-bit RC2, respectively;
+if not specified, 256-bit AES is
+used.
+Only used with
+.Fl encrypt .
+.It Fl binary
+Normally, the input message is converted to
+.Qq canonical
+format which uses CR/LF as end of line,
+as required by the S/MIME specification.
+When this option is present, no translation occurs.
+This is useful when handling binary data which may not be in MIME format.
+.It Fl CAfile Ar file
+A
+.Ar file
+containing trusted CA certificates; only used with
+.Fl verify .
+.It Fl CApath Ar directory
+A
+.Ar directory
+containing trusted CA certificates; only used with
+.Fl verify .
+This directory must be a standard certificate directory:
+that is, a hash of each subject name (using
+.Nm x509 -hash )
+should be linked to each certificate.
+.It Ar cert.pem ...
+One or more certificates of message recipients: used when encrypting
+a message.
+.It Fl certfile Ar file
+Allows additional certificates to be specified.
+When signing, these will be included with the message.
+When verifying, these will be searched for the signers' certificates.
+The certificates should be in PEM format.
+.It Xo
+.Fl check_ss_sig ,
+.Fl crl_check ,
+.Fl crl_check_all ,
+.Fl extended_crl ,
+.Fl ignore_critical ,
+.Fl issuer_checks ,
+.Fl policy_check ,
+.Fl x509_strict
+.Xc
+Set various certificate chain validation options.
+See the
+.Nm verify
+command for details.
+.It Fl content Ar file
+A file containing the detached content.
+This is only useful with the
+.Fl verify
+option,
+and only usable if the PKCS#7 structure is using the detached
+signature form where the content is not included.
+This option will override any content if the input format is S/MIME
+and it uses the multipart/signed MIME content type.
+.It Xo
+.Fl from Ar addr ,
+.Fl subject Ar s ,
+.Fl to Ar addr
+.Xc
+The relevant mail headers.
+These are included outside the signed
+portion of a message so they may be included manually.
+When signing, many S/MIME
+mail clients check that the signer's certificate email
+address matches the From: address.
+.It Fl in Ar file
+The input file to read from.
+.It Fl indef
+Enable streaming I/O for encoding operations.
+This permits single pass processing of data without
+the need to hold the entire contents in memory,
+potentially supporting very large files.
+Streaming is automatically set for S/MIME signing with detached
+data if the output format is SMIME;
+it is currently off by default for all other operations.
+.It Fl inform Cm der | pem | smime
+The input format.
+.It Fl inkey Ar file
+The private key to use when signing or decrypting,
+which must match the corresponding certificate.
+If this option is not specified, the private key must be included
+in the certificate file specified with
+the
+.Fl recip
+or
+.Fl signer
+file.
+When signing,
+this option can be used multiple times to specify successive keys.
+.It Fl keyform Cm der | pem
+Input private key format.
+The default is
+.Cm pem .
+.It Fl md Ar digest
+The digest algorithm to use when signing or resigning.
+If not present then the default digest algorithm for the signing key is used
+(usually SHA1).
+.It Fl noattr
+Do not include attributes.
+.It Fl nocerts
+Do not include the signer's certificate.
+This will reduce the size of the signed message but the verifier must
+have a copy of the signer's certificate available locally (passed using the
+.Fl certfile
+option, for example).
+.It Fl nochain
+Do not do chain verification of signers' certificates: that is,
+don't use the certificates in the signed message as untrusted CAs.
+.It Fl nodetach
+When signing a message, use opaque signing: this form is more resistant
+to translation by mail relays but it cannot be read by mail agents that
+do not support S/MIME.
+Without this option cleartext signing with the MIME type
+multipart/signed is used.
+.It Fl noindef
+Disable streaming I/O where it would produce an encoding of indefinite length
+(currently has no effect).
+.It Fl nointern
+Only use certificates specified in the
+.Fl certfile .
+The supplied certificates can still be used as untrusted CAs.
+.It Fl nosigs
+Do not try to verify the signatures on the message.
+.It Fl nosmimecap
+Exclude the list of supported algorithms from signed attributes,
+other options such as signing time and content type are still included.
+.It Fl noverify
+Do not verify the signer's certificate of a signed message.
+.It Fl out Ar file
+The output file to write to.
+.It Fl outform Cm der | pem | smime
+The output format.
+The default is smime, which writes an S/MIME format message.
+.Cm pem
+and
+.Cm der
+change this to write PEM and DER format PKCS#7 structures instead.
+This currently only affects the output format of the PKCS#7
+structure; if no PKCS#7 structure is being output (for example with
+.Fl verify
+or
+.Fl decrypt )
+this option has no effect.
+.It Fl passin Ar arg
+The key password source.
+.It Fl recip Ar file
+The recipients certificate when decrypting a message.
+This certificate
+must match one of the recipients of the message or an error occurs.
+.It Fl signer Ar file
+A signing certificate when signing or resigning a message;
+this option can be used multiple times if more than one signer is required.
+If a message is being verified, the signer's certificates will be
+written to this file if the verification was successful.
+.It Fl stream
+The same as
+.Fl indef .
+.It Fl text
+Add plain text (text/plain) MIME
+headers to the supplied message if encrypting or signing.
+If decrypting or verifying, it strips off text headers:
+if the decrypted or verified message is not of MIME type text/plain
+then an error occurs.
+.El
+.Pp
+The exit codes for
+.Nm smime
+are as follows:
+.Pp
+.Bl -tag -width "XXXX" -offset 3n -compact
+.It 0
+The operation was completely successful.
+.It 1
+An error occurred parsing the command options.
+.It 2
+One of the input files could not be read.
+.It 3
+An error occurred creating the file or when reading the message.
+.It 4
+An error occurred decrypting or verifying the message.
+.It 5
+An error occurred writing certificates.
+.El
+.Tg speed
+.Sh SPEED
+.Bl -hang -width "openssl speed"
+.It Nm openssl speed
+.Bk -words
+.Op Ar algorithm
+.Op Fl decrypt
+.Op Fl elapsed
+.Op Fl evp Ar algorithm
+.Op Fl mr
+.Op Fl multi Ar number
+.Op Fl unaligned Ar number
+.Ek
+.El
+.Pp
+The
+.Nm speed
+command is used to test the performance of cryptographic algorithms.
+.Bl -tag -width "XXXX"
+.It Ar algorithm
+Perform the test using
+.Ar algorithm .
+The default is to test all algorithms.
+.It Fl decrypt
+Time decryption instead of encryption;
+must be used with
+.Fl evp .
+.It Fl elapsed
+Measure time in real time instead of CPU user time.
+.It Fl evp Ar algorithm
+Perform the test using one of the algorithms accepted by
+.Xr EVP_get_cipherbyname 3 .
+.It Fl mr
+Produce machine readable output.
+.It Fl multi Ar number
+Run
+.Ar number
+benchmarks in parallel.
+.It Fl unaligned Ar number
+Use allocated buffers with an offset of
+.Ar number
+bytes from the alignment provided by
+.Xr malloc 3 .
+.Ar number
+should be between 0 and 16.
+.El
+.Tg ts
+.Sh TS
+.Bk -words
+.Bl -hang -width "openssl ts"
+.It Nm openssl ts
+.Fl query
+.Op Fl md4 | md5 | ripemd160 | sha1
+.Op Fl cert
+.Op Fl config Ar configfile
+.Op Fl data Ar file_to_hash
+.Op Fl digest Ar digest_bytes
+.Op Fl in Ar request.tsq
+.Op Fl no_nonce
+.Op Fl out Ar request.tsq
+.Op Fl policy Ar object_id
+.Op Fl text
+.It Nm openssl ts
+.Fl reply
+.Op Fl chain Ar certs_file.pem
+.Op Fl config Ar configfile
+.Op Fl in Ar response.tsr
+.Op Fl inkey Ar private.pem
+.Op Fl out Ar response.tsr
+.Op Fl passin Ar arg
+.Op Fl policy Ar object_id
+.Op Fl queryfile Ar request.tsq
+.Op Fl section Ar tsa_section
+.Op Fl signer Ar tsa_cert.pem
+.Op Fl text
+.Op Fl token_in
+.Op Fl token_out
+.It Nm openssl ts
+.Fl verify
+.Op Fl CAfile Ar trusted_certs.pem
+.Op Fl CApath Ar trusted_cert_path
+.Op Fl data Ar file_to_hash
+.Op Fl digest Ar digest_bytes
+.Op Fl in Ar response.tsr
+.Op Fl queryfile Ar request.tsq
+.Op Fl token_in
+.Op Fl untrusted Ar cert_file.pem
+.El
+.Ek
+.Pp
+The
+.Nm ts
+command is a basic Time Stamping Authority (TSA) client and server
+application as specified in RFC 3161 (Time-Stamp Protocol, TSP).
+A TSA can be part of a PKI deployment and its role is to provide long
+term proof of the existence of specific data.
+Here is a brief description of the protocol:
+.Bl -enum
+.It
+The TSA client computes a one-way hash value for a data file and sends
+the hash to the TSA.
+.It
+The TSA attaches the current date and time to the received hash value,
+signs them and sends the time stamp token back to the client.
+By creating this token the TSA certifies the existence of the original
+data file at the time of response generation.
+.It
+The TSA client receives the time stamp token and verifies the
+signature on it.
+It also checks if the token contains the same hash
+value that it had sent to the TSA.
+.El
+.Pp
+There is one DER-encoded protocol data unit defined for transporting a time
+stamp request to the TSA and one for sending the time stamp response
+back to the client.
+The
+.Nm ts
+command has three main functions:
+creating a time stamp request based on a data file;
+creating a time stamp response based on a request;
+and verifying if a response corresponds
+to a particular request or a data file.
+.Pp
+There is no support for sending the requests/responses automatically
+over HTTP or TCP yet as suggested in RFC 3161.
+Users must send the requests either by FTP or email.
+.Pp
+The
+.Fl query
+switch can be used for creating and printing a time stamp
+request with the following options:
+.Bl -tag -width Ds
+.It Fl cert
+Expect the TSA to include its signing certificate in the response.
+.It Fl config Ar configfile
+Specify an alternative configuration file.
+Only the OID section is used.
+.It Fl data Ar file_to_hash
+The data file for which the time stamp request needs to be created.
+The default is standard input.
+.It Fl digest Ar digest_bytes
+Specify the message imprint explicitly without the data file.
+The imprint must be specified in a hexadecimal format,
+two characters per byte,
+the bytes optionally separated by colons.
+The number of bytes must match the message digest algorithm in use.
+.It Fl in Ar request.tsq
+A previously created time stamp request in DER
+format that will be printed into the output file.
+Useful for examining the content of a request in human-readable format.
+.It Fl md4 | md5 | ripemd160 | sha | sha1
+The message digest to apply to the data file.
+It supports all the message digest algorithms that are supported by the
+.Nm dgst
+command.
+The default is SHA1.
+.It Fl no_nonce
+Specify no nonce in the request.
+The default, to include a 64-bit long pseudo-random nonce,
+is recommended to protect against replay attacks.
+.It Fl out Ar request.tsq
+The output file to write to,
+or standard output if not specified.
+.It Fl policy Ar object_id
+The policy that the client expects the TSA to use for creating the
+time stamp token.
+Either dotted OID notation or OID names defined
+in the config file can be used.
+If no policy is requested, the TSA uses its own default policy.
+.It Fl text
+Output in human-readable text format instead of DER.
+.El
+.Pp
+A time stamp response (TimeStampResp) consists of a response status
+and the time stamp token itself (ContentInfo),
+if the token generation was successful.
+The
+.Fl reply
+command is for creating a time stamp
+response or time stamp token based on a request and printing the
+response/token in human-readable format.
+If
+.Fl token_out
+is not specified the output is always a time stamp response (TimeStampResp),
+otherwise it is a time stamp token (ContentInfo).
+.Bl -tag -width Ds
+.It Fl chain Ar certs_file.pem
+The collection of PEM certificates
+that will be included in the response
+in addition to the signer certificate if the
+.Fl cert
+option was used for the request.
+This file is supposed to contain the certificate chain
+for the signer certificate from its issuer upwards.
+The
+.Fl reply
+command does not build a certificate chain automatically.
+.It Fl config Ar configfile
+Specify an alternative configuration file.
+.It Fl in Ar response.tsr
+Specify a previously created time stamp response (or time stamp token, if
+.Fl token_in
+is also specified)
+in DER format that will be written to the output file.
+This option does not require a request;
+it is useful, for example,
+to examine the content of a response or token
+or to extract the time stamp token from a response.
+If the input is a token and the output is a time stamp response, a default
+.Qq granted
+status info is added to the token.
+.It Fl inkey Ar private.pem
+The signer private key of the TSA in PEM format.
+Overrides the
+.Cm signer_key
+config file option.
+.It Fl out Ar response.tsr
+The response is written to this file.
+The format and content of the file depends on other options (see
+.Fl text
+and
+.Fl token_out ) .
+The default is stdout.
+.It Fl passin Ar arg
+The key password source.
+.It Fl policy Ar object_id
+The default policy to use for the response.
+Either dotted OID notation or OID names defined
+in the config file can be used.
+If no policy is requested, the TSA uses its own default policy.
+.It Fl queryfile Ar request.tsq
+The file containing a DER-encoded time stamp request.
+.It Fl section Ar tsa_section
+The config file section containing the settings for response generation.
+.It Fl signer Ar tsa_cert.pem
+The PEM signer certificate of the TSA.
+The TSA signing certificate must have exactly one extended key usage
+assigned to it: timeStamping.
+The extended key usage must also be critical,
+otherwise the certificate is going to be refused.
+Overrides the
+.Cm signer_cert
+variable of the config file.
+.It Fl text
+Output in human-readable text format instead of DER.
+.It Fl token_in
+The input is a DER-encoded time stamp token (ContentInfo)
+instead of a time stamp response (TimeStampResp).
+.It Fl token_out
+The output is a time stamp token (ContentInfo)
+instead of a time stamp response (TimeStampResp).
+.El
+.Pp
+The
+.Fl verify
+command is for verifying if a time stamp response or time stamp token
+is valid and matches a particular time stamp request or data file.
+The
+.Fl verify
+command does not use the configuration file.
+.Bl -tag -width Ds
+.It Fl CAfile Ar trusted_certs.pem
+The file containing a set of trusted self-signed PEM CA certificates.
+See
+.Nm verify
+for additional details.
+Either this option or
+.Fl CApath
+must be specified.
+.It Fl CApath Ar trusted_cert_path
+The directory containing the trusted CA certificates of the client.
+See
+.Nm verify
+for additional details.
+Either this option or
+.Fl CAfile
+must be specified.
+.It Fl data Ar file_to_hash
+The response or token must be verified against
+.Ar file_to_hash .
+The file is hashed with the message digest algorithm specified in the token.
+The
+.Fl digest
+and
+.Fl queryfile
+options must not be specified with this one.
+.It Fl digest Ar digest_bytes
+The response or token must be verified against the message digest specified
+with this option.
+The number of bytes must match the message digest algorithm
+specified in the token.
+The
+.Fl data
+and
+.Fl queryfile
+options must not be specified with this one.
+.It Fl in Ar response.tsr
+The time stamp response that needs to be verified, in DER format.
+This option in mandatory.
+.It Fl queryfile Ar request.tsq
+The original time stamp request, in DER format.
+The
+.Fl data
+and
+.Fl digest
+options must not be specified with this one.
+.It Fl token_in
+The input is a DER-encoded time stamp token (ContentInfo)
+instead of a time stamp response (TimeStampResp).
+.It Fl untrusted Ar cert_file.pem
+Additional untrusted PEM certificates which may be needed
+when building the certificate chain for the TSA's signing certificate.
+This file must contain the TSA signing certificate and
+all intermediate CA certificates unless the response includes them.
+.El
+.Pp
+Options specified on the command line always override
+the settings in the config file:
+.Bl -tag -width Ds
+.It Cm tsa Ar section , Cm default_tsa
+This is the main section and it specifies the name of another section
+that contains all the options for the
+.Fl reply
+option.
+This section can be overridden with the
+.Fl section
+command line switch.
+.It Cm oid_file
+See
+.Nm ca
+for a description.
+.It Cm oid_section
+See
+.Nm ca
+for a description.
+.It Cm serial
+The file containing the hexadecimal serial number of the
+last time stamp response created.
+This number is incremented by 1 for each response.
+If the file does not exist at the time of response generation,
+a new file is created with serial number 1.
+This parameter is mandatory.
+.It Cm signer_cert
+TSA signing certificate, in PEM format.
+The same as the
+.Fl signer
+command line option.
+.It Cm certs
+A set of PEM-encoded certificates that need to be
+included in the response.
+The same as the
+.Fl chain
+command line option.
+.It Cm signer_key
+The private key of the TSA, in PEM format.
+The same as the
+.Fl inkey
+command line option.
+.It Cm default_policy
+The default policy to use when the request does not mandate any policy.
+The same as the
+.Fl policy
+command line option.
+.It Cm other_policies
+Comma separated list of policies that are also acceptable by the TSA
+and used only if the request explicitly specifies one of them.
+.It Cm digests
+The list of message digest algorithms that the TSA accepts.
+At least one algorithm must be specified.
+This parameter is mandatory.
+.It Cm accuracy
+The accuracy of the time source of the TSA in seconds, milliseconds
+and microseconds.
+For example, secs:1, millisecs:500, microsecs:100.
+If any of the components is missing,
+zero is assumed for that field.
+.It Cm clock_precision_digits
+The maximum number of digits, which represent the fraction of seconds,
+that need to be included in the time field.
+The trailing zeroes must be removed from the time,
+so there might actually be fewer digits
+or no fraction of seconds at all.
+The maximum value is 6;
+the default is 0.
+.It Cm ordering
+If this option is yes,
+the responses generated by this TSA can always be ordered,
+even if the time difference between two responses is less
+than the sum of their accuracies.
+The default is no.
+.It Cm tsa_name
+Set this option to yes if the subject name of the TSA must be included in
+the TSA name field of the response.
+The default is no.
+.It Cm ess_cert_id_chain
+The SignedData objects created by the TSA always contain the
+certificate identifier of the signing certificate in a signed
+attribute (see RFC 2634, Enhanced Security Services).
+If this option is set to yes and either the
+.Cm certs
+variable or the
+.Fl chain
+option is specified then the certificate identifiers of the chain will also
+be included in the SigningCertificate signed attribute.
+If this variable is set to no,
+only the signing certificate identifier is included.
+The default is no.
+.El
+.Tg verify
+.Sh VERIFY
+.Bl -hang -width "openssl verify"
+.It Nm openssl verify
+.Bk -words
+.Op Fl CAfile Ar file
+.Op Fl CApath Ar directory
+.Op Fl check_ss_sig
+.Op Fl CRLfile Ar file
+.Op Fl crl_check
+.Op Fl crl_check_all
+.Op Fl explicit_policy
+.Op Fl extended_crl
+.Op Fl help
+.Op Fl ignore_critical
+.Op Fl inhibit_any
+.Op Fl inhibit_map
+.Op Fl issuer_checks
+.Op Fl legacy_verify
+.Op Fl policy_check
+.Op Fl purpose Ar purpose
+.Op Fl trusted Ar file
+.Op Fl untrusted Ar file
+.Op Fl verbose
+.Op Fl x509_strict
+.Op Ar certificates
+.Ek
+.El
+.Pp
+The
+.Nm verify
+command verifies certificate chains.
+.Pp
+The options are as follows:
+.Bl -tag -width Ds
+.It Fl CAfile Ar file
+A
+.Ar file
+of trusted certificates.
+The
+.Ar file
+should contain multiple certificates in PEM format, concatenated together.
+.It Fl CApath Ar directory
+A
+.Ar directory
+of trusted certificates.
+The certificates, or symbolic links to them,
+should have names of the form
+.Ar hash Ns .0 ,
+where
+.Ar hash
+is the hashed certificate subject name
+(see the
+.Fl hash
+option of the
+.Nm x509
+utility).
+.It Fl check_ss_sig
+Verify the signature on the self-signed root CA.
+This is disabled by default
+because it doesn't add any security.
+.It Fl CRLfile Ar file
+The
+.Ar file
+should contain one or more CRLs in PEM format.
+.It Fl crl_check
+Check end entity certificate validity by attempting to look up a valid CRL.
+If a valid CRL cannot be found, an error occurs.
+.It Fl crl_check_all
+Check the validity of all certificates in the chain by attempting
+to look up valid CRLs.
+.It Fl explicit_policy
+Set policy variable require-explicit-policy (RFC 3280).
+.It Fl extended_crl
+Enable extended CRL features such as indirect CRLs and alternate CRL
+signing keys.
+.It Fl help
+Print a usage message.
+.It Fl ignore_critical
+Ignore critical extensions instead of rejecting the certificate.
+.It Fl inhibit_any
+Set policy variable inhibit-any-policy (RFC 3280).
+.It Fl inhibit_map
+Set policy variable inhibit-policy-mapping (RFC 3280).
+.It Fl issuer_checks
+Print diagnostics relating to searches for the issuer certificate
+of the current certificate
+showing why each candidate issuer certificate was rejected.
+The presence of rejection messages
+does not itself imply that anything is wrong:
+during the normal verify process several rejections may take place.
+.It Fl legacy_verify
+Use the legacy X.509 certificate chain verification code.
+.It Fl policy_check
+Enable certificate policy processing.
+.It Fl purpose Ar purpose
+The intended use for the certificate.
+Without this option no chain verification will be done.
+Currently accepted uses are
+.Cm sslclient , sslserver ,
+.Cm nssslserver , smimesign ,
+.Cm smimeencrypt , crlsign ,
+.Cm any ,
+and
+.Cm ocsphelper .
+.It Fl trusted Ar file
+A
+.Ar file
+of trusted certificates.
+The
+.Ar file
+should contain multiple certificates.
+.It Fl untrusted Ar file
+A
+.Ar file
+of untrusted certificates.
+The
+.Ar file
+should contain multiple certificates.
+.It Fl verbose
+Print extra information about the operations being performed.
+.It Fl x509_strict
+Disable workarounds for broken certificates which have to be disabled
+for strict X.509 compliance.
+.It Ar certificates
+One or more PEM
+.Ar certificates
+to verify.
+If no certificate files are included, an attempt is made to read
+a certificate from standard input.
+If the first certificate filename begins with a dash,
+use a lone dash to mark the last option.
+.El
+.Pp
+The
+.Nm verify
+program uses the same functions as the internal SSL and S/MIME verification,
+with one crucial difference:
+wherever possible an attempt is made to continue after an error,
+whereas normally the verify operation would halt on the first error.
+This allows all the problems with a certificate chain to be determined.
+.Pp
+The verify operation consists of a number of separate steps.
+Firstly a certificate chain is built up starting from the supplied certificate
+and ending in the root CA.
+It is an error if the whole chain cannot be built up.
+The chain is built up by looking up the issuer's certificate of the current
+certificate.
+If a certificate is found which is its own issuer, it is assumed
+to be the root CA.
+.Pp
+All certificates whose subject name matches the issuer name
+of the current certificate are subject to further tests.
+The relevant authority key identifier components of the current certificate
+(if present) must match the subject key identifier (if present)
+and issuer and serial number of the candidate issuer;
+in addition the
+.Cm keyUsage
+extension of the candidate issuer (if present) must permit certificate signing.
+.Pp
+The lookup first looks in the list of untrusted certificates and if no match
+is found the remaining lookups are from the trusted certificates.
+The root CA is always looked up in the trusted certificate list:
+if the certificate to verify is a root certificate,
+then an exact match must be found in the trusted list.
+.Pp
+The second operation is to check every untrusted certificate's extensions for
+consistency with the supplied purpose.
+If the
+.Fl purpose
+option is not included, then no checks are done.
+The supplied or
+.Qq leaf
+certificate must have extensions compatible with the supplied purpose
+and all other certificates must also be valid CA certificates.
+The precise extensions required are described in more detail in
+the
+.Nm X509
+section below.
+.Pp
+The third operation is to check the trust settings on the root CA.
+The root CA should be trusted for the supplied purpose.
+A certificate with no trust settings is considered to be valid for
+all purposes.
+.Pp
+The final operation is to check the validity of the certificate chain.
+The validity period is checked against the current system time and the
+.Cm notBefore
+and
+.Cm notAfter
+dates in the certificate.
+The certificate signatures are also checked at this point.
+.Pp
+If all operations complete successfully, the certificate is considered
+valid.
+If any operation fails then the certificate is not valid.
+When a verify operation fails, the output messages can be somewhat cryptic.
+The general form of the error message is:
+.Bd -literal
+server.pem: /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test CA (1024-bit)
+error 24 at 1 depth lookup:invalid CA certificate
+.Ed
+.Pp
+The first line contains the name of the certificate being verified, followed by
+the subject name of the certificate.
+The second line contains the error number as defined by the
+.Dv X509_V_ERR_*
+constants in
+.In openssl/x509_vfy.h ,
+the associated error message documented in
+.Xr X509_STORE_CTX_get_error 3 ,
+and the depth.
+The depth is the number of the certificate being verified when a
+problem was detected starting with zero for the certificate being verified
+itself, then 1 for the CA that signed the certificate and so on.
+.Tg version
+.Sh VERSION
+.Nm openssl version
+.Op Fl abdfpv
+.Pp
+The
+.Nm version
+command is used to print out version information about
+.Nm openssl .
+.Pp
+The options are as follows:
+.Bl -tag -width Ds
+.It Fl a
+All information: this is the same as setting all the other flags.
+.It Fl b
+The date the current version of
+.Nm openssl
+was built.
+.It Fl d
+.Ev OPENSSLDIR
+setting.
+.It Fl f
+Compilation flags.
+.It Fl p
+Platform setting.
+.It Fl v
+The current
+.Nm openssl
+version.
+.El
+.Tg x509
+.Sh X509
+.Bl -hang -width "openssl x509"
+.It Nm openssl x509
+.Bk -words
+.Op Fl addreject Ar arg
+.Op Fl addtrust Ar arg
+.Op Fl alias
+.Op Fl CA Ar file
+.Op Fl CAcreateserial
+.Op Fl CAform Cm der | pem
+.Op Fl CAkey Ar file
+.Op Fl CAkeyform Cm der | pem
+.Op Fl CAserial Ar file
+.Op Fl certopt Ar option
+.Op Fl checkend Ar arg
+.Op Fl clrext
+.Op Fl clrreject
+.Op Fl clrtrust
+.Op Fl dates
+.Op Fl days Ar arg
+.Op Fl email
+.Op Fl enddate
+.Op Fl extensions Ar section
+.Op Fl extfile Ar file
+.Op Fl fingerprint
+.Op Fl force_pubkey Ar key
+.Op Fl hash
+.Op Fl in Ar file
+.Op Fl inform Cm der | net | pem
+.Op Fl issuer
+.Op Fl issuer_hash
+.Op Fl issuer_hash_old
+.Op Fl keyform Cm der | pem
+.Op Fl md5 | sha1
+.Op Fl modulus
+.Op Fl multivalue-rdn
+.Op Fl nameopt Ar option
+.Op Fl new
+.Op Fl next_serial
+.Op Fl noout
+.Op Fl ocsp_uri
+.Op Fl ocspid
+.Op Fl out Ar file
+.Op Fl outform Cm der | net | pem
+.Op Fl passin Ar arg
+.Op Fl pubkey
+.Op Fl purpose
+.Op Fl req
+.Op Fl serial
+.Op Fl set_issuer Ar name
+.Op Fl set_serial Ar n
+.Op Fl set_subject Ar name
+.Op Fl setalias Ar arg
+.Op Fl signkey Ar file
+.Op Fl sigopt Ar nm:v
+.Op Fl startdate
+.Op Fl subject
+.Op Fl subject_hash
+.Op Fl subject_hash_old
+.Op Fl text
+.Op Fl trustout
+.Op Fl utf8
+.Op Fl x509toreq
+.Ek
+.El
+.Pp
+The
+.Nm x509
+command is a multi-purpose certificate utility.
+It can be used to display certificate information, convert certificates to
+various forms, sign certificate requests like a
+.Qq mini CA ,
+or edit certificate trust settings.
+.Pp
+The following are x509 input, output, and general purpose options:
+.Bl -tag -width "XXXX"
+.It Fl in Ar file
+The input file to read from,
+or standard input if not specified.
+This option cannot be used with
+.Fl new .
+.It Fl inform Cm der | net | pem
+The input format.
+Normally, the command will expect an X.509 certificate,
+but this can change if other options such as
+.Fl in
+or
+.Fl req
+are present.
+.It Fl md5 | sha1
+The digest to use.
+This affects any signing or display option that uses a message digest,
+such as the
+.Fl fingerprint , signkey ,
+and
+.Fl CA
+options.
+If not specified, MD5 is used.
+SHA1 is always used with DSA keys.
+.It Fl out Ar file
+The output file to write to,
+or standard output if none is specified.
+.It Fl outform Cm der | net | pem
+The output format.
+.It Fl passin Ar arg
+The key password source.
+.El
+.Pp
+The following are x509 display options:
+.Bl -tag -width "XXXX"
+.It Fl certopt Ar option
+Customise the output format used with
+.Fl text ,
+either using a list of comma-separated options or by specifying
+.Fl certopt
+multiple times.
+The default behaviour is to print all fields.
+The options are as follows:
+.Pp
+.Bl -tag -width "no_extensions" -offset indent -compact
+.It Cm ca_default
+Equivalent to
+.Cm no_issuer , no_pubkey , no_header ,
+.Cm no_version , no_sigdump ,
+and
+.Cm no_signame .
+.It Cm compatible
+Equivalent to no output options at all.
+.It Cm ext_default
+Print unsupported certificate extensions.
+.It Cm ext_dump
+Hex dump unsupported extensions.
+.It Cm ext_error
+Print an error message for unsupported certificate extensions.
+.It Cm ext_parse
+ASN.1 parse unsupported extensions.
+.It Cm no_aux
+Do not print certificate trust information.
+.It Cm no_extensions
+Do not print X509V3 extensions.
+.It Cm no_header
+Do not print header (Certificate and Data) information.
+.It Cm no_issuer
+Do not print the issuer name.
+.It Cm no_pubkey
+Do not print the public key.
+.It Cm no_serial
+Do not print the serial number.
+.It Cm no_sigdump
+Do not give a hexadecimal dump of the certificate signature.
+.It Cm no_signame
+Do not print the signature algorithm used.
+.It Cm no_subject
+Do not print the subject name.
+.It Cm no_validity
+Do not print the
+.Cm notBefore
+and
+.Cm notAfter
+(validity) fields.
+.It Cm no_version
+Do not print the version number.
+.El
+.It Fl dates
+Print the start and expiry date of a certificate.
+.It Fl email
+Output the email addresses, if any.
+.It Fl enddate
+Print the expiry date of the certificate; that is, the
+.Cm notAfter
+date.
+.It Fl fingerprint
+Print the digest of the DER-encoded version of the whole certificate.
+.It Fl hash
+A synonym for
+.Fl subject_hash .
+.It Fl issuer
+Print the issuer name.
+.It Fl issuer_hash
+Print the hash of the certificate issuer name.
+.It Fl issuer_hash_old
+Print the hash of the certificate issuer name
+using the older algorithm as used by
+.Nm openssl
+versions before 1.0.0.
+.It Fl modulus
+Print the value of the modulus of the public key contained in the certificate.
+.It Fl multivalue-rdn
+This option causes the
+.Fl subj
+argument to be interpreted with full support for multivalued RDNs,
+for example
+.Qq "/DC=org/DC=OpenSSL/DC=users/UID=123456+CN=John Doe" .
+If
+.Fl multivalue-rdn
+is not used, the UID value is set to
+.Qq "123456+CN=John Doe" .
+.It Fl nameopt Ar option
+Customise how the subject or issuer names are displayed,
+either using a list of comma-separated options or by specifying
+.Fl nameopt
+multiple times.
+The default behaviour is to use the
+.Cm compat
+format.
+The options,
+which can be preceded by a dash to turn them off,
+are as follows:
+.Bl -tag -width "XXXX"
+.It Cm align
+Align field values for a more readable output.
+Only usable with
+.Ar sep_multiline .
+.It Cm compat
+Use the old format,
+equivalent to specifying no options at all.
+.It Cm dn_rev
+Reverse the fields of the DN, as required by RFC 2253.
+As a side effect, this also reverses the order of multiple AVAs.
+.It Cm dump_all
+Dump all fields.
+When used with
+.Ar dump_der ,
+it allows the DER encoding of the structure to be unambiguously determined.
+.It Cm dump_der
+Any fields that need to be hexdumped are
+dumped using the DER encoding of the field.
+Otherwise just the content octets will be displayed.
+Both options use the RFC 2253 #XXXX... format.
+.It Cm dump_nostr
+Dump non-character string types
+(for example OCTET STRING);
+usually, non-character string types are displayed
+as though each content octet represents a single character.
+.It Cm dump_unknown
+Dump any field whose OID is not recognised by
+.Nm openssl .
+.It Cm esc_2253
+Escape the
+.Qq special
+characters required by RFC 2253 in a field that is
+.Dq \& ,+"<>; .
+Additionally,
+.Sq #
+is escaped at the beginning of a string
+and a space character at the beginning or end of a string.
+.It Cm esc_ctrl
+Escape control characters.
+That is, those with ASCII values less than 0x20 (space)
+and the delete (0x7f) character.
+They are escaped using the RFC 2253 \eXX notation (where XX are two hex
+digits representing the character value).
+.It Cm esc_msb
+Escape characters with the MSB set; that is, with ASCII values larger than
+127.
+.It Cm multiline
+A multiline format.
+Equivalent to
+.Cm esc_ctrl , esc_msb , sep_multiline ,
+.Cm space_eq , lname ,
+and
+.Cm align .
+.It Cm no_type
+Do not attempt to interpret multibyte characters.
+That is, content octets are merely dumped as though one octet
+represents each character.
+This is useful for diagnostic purposes
+but results in rather odd looking output.
+.It Cm nofname , sname , lname , oid
+Alter how the field name is displayed:
+.Cm nofname
+does not display the field at all;
+.Cm sname
+uses the short name form (CN for
+.Cm commonName ,
+for example);
+.Cm lname
+uses the long form.
+.Cm oid
+represents the OID in numerical form and is useful for diagnostic purpose.
+.It Cm oneline
+A one line format which is more readable than
+.Cm RFC2253 .
+Equivalent to
+.Cm esc_2253 , esc_ctrl , esc_msb , utf8 ,
+.Cm dump_nostr , dump_der , use_quote , sep_comma_plus_space ,
+.Cm space_eq ,
+and
+.Cm sname .
+.It Cm RFC2253
+Displays names compatible with RFC 2253.
+Equivalent to
+.Cm esc_2253 , esc_ctrl ,
+.Cm esc_msb , utf8 , dump_nostr , dump_unknown ,
+.Cm dump_der , sep_comma_plus , dn_rev ,
+and
+.Cm sname .
+.It Cm sep_comma_plus , sep_comma_plus_space , sep_semi_plus_space , sep_multiline
+Determine the field separators:
+the first character is between RDNs and the second between multiple AVAs
+(multiple AVAs are very rare and their use is discouraged).
+The options ending in
+.Qq space
+additionally place a space after the separator to make it more readable.
+.Cm sep_multiline
+uses a linefeed character for the RDN separator and a spaced
+.Sq +
+for the AVA separator,
+as well as indenting the fields by four characters.
+If no field separator is specified then
+.Cm sep_comma_plus_space
+is used by default.
+.It Cm show_type
+Show the type of the ASN.1 character string.
+The type precedes the field contents.
+For example
+.Qq BMPSTRING: Hello World .
+.It Cm space_eq
+Place spaces round the
+.Sq =
+character which follows the field name.
+.It Cm use_quote
+Escape some characters by surrounding the whole string with
+.Sq \&"
+characters.
+Without the option, all escaping is done with the
+.Sq \e
+character.
+.It Cm utf8
+Convert all strings to UTF8 format first, as required by RFC 2253.
+On a UTF8 compatible terminal,
+the use of this option (and not setting
+.Cm esc_msb )
+may result in the correct display of multibyte characters.
+Usually, multibyte characters larger than 0xff
+are represented using the format \eUXXXX for 16 bits and \eWXXXXXXXX
+for 32 bits,
+and any UTF8Strings are converted to their character form first.
+.El
+.It Fl next_serial
+Print the next serial number.
+.It Fl noout
+Do not output the encoded version of the request.
+.It Fl ocsp_uri
+Print the OCSP responder addresses, if any.
+.It Fl ocspid
+Print OCSP hash values for the subject name and public key.
+.It Fl pubkey
+Print the public key.
+.It Fl serial
+Print the certificate serial number.
+.It Fl sigopt Ar nm:v
+Pass options to the signature algorithm during sign or certify operations.
+The names and values of these options are algorithm-specific.
+.It Fl startdate
+Print the start date of the certificate; that is, the
+.Cm notBefore
+date.
+.It Fl subject
+Print the subject name.
+.It Fl subject_hash
+Print the hash of the certificate subject name.
+This is used in
+.Nm openssl
+to form an index to allow certificates in a directory to be looked up
+by subject name.
+.It Fl subject_hash_old
+Print the hash of the certificate subject name
+using the older algorithm as used by
+.Nm openssl
+versions before 1.0.0.
+.It Fl text
+Print the full certificate in text form.
+.El
+.Pp
+A trusted certificate is a certificate which has several
+additional pieces of information attached to it such as the permitted
+and prohibited uses of the certificate and an alias.
+When a certificate is being verified, at least one certificate must be trusted.
+By default, a trusted certificate must be stored locally and be a root CA.
+The following are x509 trust settings options:
+.Bl -tag -width "XXXX"
+.It Fl addreject Ar arg
+Add a prohibited use.
+Accepts the same values as the
+.Fl addtrust
+option.
+.It Fl addtrust Ar arg
+Add a trusted certificate use.
+Any object name can be used here, but currently only
+.Cm clientAuth
+(SSL client use),
+.Cm serverAuth
+(SSL server use),
+and
+.Cm emailProtection
+(S/MIME email) are used.
+.It Fl alias
+Output the certificate alias.
+.It Fl clrreject
+Clear all the prohibited or rejected uses of the certificate.
+.It Fl clrtrust
+Clear all the permitted or trusted uses of the certificate.
+.It Fl purpose
+Perform tests on the certificate extensions.
+The same code is used when verifying untrusted certificates in chains,
+so this section is useful if a chain is rejected by the verify code.
+.Pp
+The
+.Cm basicConstraints
+extension CA flag is used to determine whether the
+certificate can be used as a CA.
+If the CA flag is true, it is a CA;
+if the CA flag is false, it is not a CA.
+All CAs should have the CA flag set to true.
+.Pp
+If the
+.Cm basicConstraints
+extension is absent, then the certificate is
+considered to be a possible CA;
+other extensions are checked according to the intended use of the certificate.
+A warning is given in this case because the certificate should really not
+be regarded as a CA.
+However it is allowed to be a CA to work around some broken software.
+.Pp
+If the certificate is a V1 certificate
+(and thus has no extensions) and it is self-signed,
+it is also assumed to be a CA but a warning is again given.
+This is to work around the problem of Verisign roots
+which are V1 self-signed certificates.
+.Pp
+If the
+.Cm keyUsage
+extension is present, then additional restraints are
+made on the uses of the certificate.
+A CA certificate must have the
+.Cm keyCertSign
+bit set if the
+.Cm keyUsage
+extension is present.
+.Pp
+The extended key usage extension places additional restrictions on the
+certificate uses.
+If this extension is present, whether critical or not,
+the key can only be used for the purposes specified.
+.Pp
+A complete description of each test is given below.
+The comments about
+.Cm basicConstraints
+and
+.Cm keyUsage
+and V1 certificates above apply to all CA certificates.
+.Bl -tag -width "XXXX"
+.It SSL Client
+The extended key usage extension must be absent or include the
+web client authentication OID.
+.Cm keyUsage
+must be absent or it must have the
+.Cm digitalSignature
+bit set.
+The Netscape certificate type must be absent
+or it must have the SSL client bit set.
+.It SSL Client CA
+The extended key usage extension must be absent or include the
+web client authentication OID.
+The Netscape certificate type must be absent
+or it must have the SSL CA bit set:
+this is used as a workaround if the
+.Cm basicConstraints
+extension is absent.
+.It SSL Server
+The extended key usage extension must be absent or include the
+web server authentication and/or one of the SGC OIDs.
+.Cm keyUsage
+must be absent or it must have the
+.Cm digitalSignature
+set, the
+.Cm keyEncipherment
+set, or both bits set.
+The Netscape certificate type must be absent or have the SSL server bit set.
+.It SSL Server CA
+The extended key usage extension must be absent or include the
+web server authentication and/or one of the SGC OIDs.
+The Netscape certificate type must be absent or the SSL CA bit must be set:
+this is used as a workaround if the
+.Cm basicConstraints
+extension is absent.
+.It Netscape SSL Server
+For Netscape SSL clients to connect to an SSL server; it must have the
+.Cm keyEncipherment
+bit set if the
+.Cm keyUsage
+extension is present.
+This isn't always valid because some cipher suites use the key for
+digital signing.
+Otherwise it is the same as a normal SSL server.
+.It Common S/MIME Client Tests
+The extended key usage extension must be absent or include the
+email protection OID.
+The Netscape certificate type must be absent or should have the S/MIME bit set.
+If the S/MIME bit is not set in Netscape certificate type, then the SSL
+client bit is tolerated as an alternative but a warning is shown:
+this is because some Verisign certificates don't set the S/MIME bit.
+.It S/MIME Signing
+In addition to the common S/MIME client tests, the
+.Cm digitalSignature
+bit must be set if the
+.Cm keyUsage
+extension is present.
+.It S/MIME Encryption
+In addition to the common S/MIME tests, the
+.Cm keyEncipherment
+bit must be set if the
+.Cm keyUsage
+extension is present.
+.It S/MIME CA
+The extended key usage extension must be absent or include the
+email protection OID.
+The Netscape certificate type must be absent
+or must have the S/MIME CA bit set:
+this is used as a workaround if the
+.Cm basicConstraints
+extension is absent.
+.It CRL Signing
+The
+.Cm keyUsage
+extension must be absent or it must have the CRL signing bit set.
+.It CRL Signing CA
+The normal CA tests apply, except the
+.Cm basicConstraints
+extension must be present.
+.El
+.It Fl setalias Ar arg
+Set the alias of the certificate,
+allowing the certificate to be referred to using a nickname,
+such as
+.Qq Steve's Certificate .
+.It Fl trustout
+Output a trusted certificate
+(the default if any trust settings are modified).
+An ordinary or trusted certificate can be input, but by default an ordinary
+certificate is output and any trust settings are discarded.
+.El
+.Pp
+The
+.Nm x509
+utility can be used to sign certificates and requests:
+it can thus behave like a mini CA.
+The following are x509 signing options:
+.Bl -tag -width "XXXX"
+.It Fl CA Ar file
+The CA certificate to be used for signing.
+When this option is present,
+.Nm x509
+behaves like a mini CA.
+The input file is signed by the CA using this option;
+that is, its issuer name is set to the subject name of the CA and it is
+digitally signed using the CA's private key.
+.Pp
+This option is normally combined with the
+.Fl req
+option.
+Without the
+.Fl req
+option, the input is a certificate which must be self-signed.
+.It Fl CAcreateserial
+Create the CA serial number file if it does not exist
+instead of generating an error.
+The file will contain the serial number
+.Sq 02
+and the certificate being signed will have
+.Sq 1
+as its serial number.
+.It Fl CAform Cm der | pem
+The format of the CA certificate file.
+The default is
+.Cm pem .
+.It Fl CAkey Ar file
+Set the CA private key to sign a certificate with.
+Otherwise it is assumed that the CA private key is present
+in the CA certificate file.
+.It Fl CAkeyform Cm der | pem
+The format of the CA private key.
+The default is
+.Cm pem .
+.It Fl CAserial Ar file
+Use the serial number in
+.Ar file
+to sign a certificate.
+The file should consist of one line containing an even number of hex digits
+with the serial number to use.
+After each use the serial number is incremented and written out
+to the file again.
+.Pp
+The default filename consists of the CA certificate file base name with
+.Pa .srl
+appended.
+For example, if the CA certificate file is called
+.Pa mycacert.pem ,
+it expects to find a serial number file called
+.Pa mycacert.srl .
+.It Fl checkend Ar arg
+Check whether the certificate expires in the next
+.Ar arg
+seconds.
+If so, exit with return value 1;
+otherwise exit with return value 0.
+.It Fl clrext
+Delete any extensions from a certificate.
+This option is used when a certificate is being created from another
+certificate (for example with the
+.Fl signkey
+or the
+.Fl CA
+options).
+Normally, all extensions are retained.
+.It Fl days Ar arg
+The number of days to make a certificate valid for.
+The default is 30 days.
+.It Fl extensions Ar section
+The section to add certificate extensions from.
+If this option is not specified, the extensions should either be
+contained in the unnamed (default) section
+or the default section should contain a variable called
+.Qq extensions
+which contains the section to use.
+.It Fl extfile Ar file
+File containing certificate extensions to use.
+If not specified, no extensions are added to the certificate.
+.It Fl force_pubkey Ar key
+Set the public key of the certificate to the public key contained in
+.Ar key .
+.It Fl keyform Cm der | pem
+The format of the key file used in the
+.Fl force_pubkey
+and
+.Fl signkey
+options.
+.It Fl new
+Generate a new certificate using the subject given by
+.Fl set_subject
+and signed by
+.Fl signkey .
+If no public key is provided with
+.Fl force_pubkey ,
+the resulting certificate is self-signed.
+This option cannot be used with
+.Fl in
+or
+.Fl req .
+.It Fl req
+Expect a certificate request on input instead of a certificate.
+This option cannot be used with
+.Fl new .
+.It Fl set_issuer Ar name
+The issuer name to use.
+.Ar name
+must be formatted as /type0=value0/type1=value1/type2=...;
+characters may be escaped by
+.Sq \e
+(backslash);
+no spaces are skipped.
+.It Fl set_serial Ar n
+The serial number to use.
+This option can be used with either the
+.Fl signkey
+or
+.Fl CA
+options.
+If used in conjunction with the
+.Fl CA
+option, the serial number file (as specified by the
+.Fl CAserial
+or
+.Fl CAcreateserial
+options) is not used.
+.Pp
+The serial number can be decimal or hex (if preceded by
+.Sq 0x ) .
+Negative serial numbers can also be specified but their use is not recommended.
+.It Fl set_subject Ar name
+The subject name to use.
+.Ar name
+must be formatted as /type0=value0/type1=value1/type2=...;
+characters may be escaped by
+.Sq \e
+(backslash);
+no spaces are skipped.
+.It Fl signkey Ar file
+Self-sign
+.Ar file
+using the supplied private key.
+.Pp
+If the input file is a certificate, it sets the issuer name to the
+subject name (i.e. makes it self-signed),
+changes the public key to the supplied value,
+and changes the start and end dates.
+The start date is set to the current time and the end date is set to
+a value determined by the
+.Fl days
+option.
+Any certificate extensions are retained unless the
+.Fl clrext
+option is supplied.
+.Pp
+If the input is a certificate request, a self-signed certificate
+is created using the supplied private key using the subject name in
+the request.
+.It Fl utf8
+Interpret field values read from a terminal or obtained from a configuration
+file as UTF-8 strings.
+By default, they are interpreted as ASCII.
+.It Fl x509toreq
+Convert a certificate into a certificate request.
+The
+.Fl signkey
+option is used to pass the required private key.
+.El
+.Sh COMMON NOTATION
+Several commands share a common syntax,
+as detailed below.
+.Pp
+Password arguments, typically specified using
+.Fl passin
+and
+.Fl passout
+for input and output passwords,
+allow passwords to be obtained from a variety of sources.
+Both of these options take a single argument, described below.
+If no password argument is given and a password is required,
+then the user is prompted to enter one:
+this will typically be read from the current terminal with echoing turned off.
+.Bl -tag -width "pass:password" -offset indent
+.It Cm pass : Ns Ar password
+The actual password is
+.Ar password .
+Since the password is visible to utilities,
+this form should only be used where security is not important.
+.It Cm env : Ns Ar var
+Obtain the password from the environment variable
+.Ar var .
+Since the environment of other processes is visible,
+this option should be used with caution.
+.It Cm file : Ns Ar path
+The first line of
+.Ar path
+is the password.
+If the same
+.Ar path
+argument is supplied to
+.Fl passin
+and
+.Fl passout ,
+then the first line will be used for the input password and the next line
+for the output password.
+.Ar path
+need not refer to a regular file:
+it could, for example, refer to a device or named pipe.
+.It Cm fd : Ns Ar number
+Read the password from the file descriptor
+.Ar number .
+This can be used to send the data via a pipe, for example.
+.It Cm stdin
+Read the password from standard input.
+.El
+.Pp
+Input/output formats,
+typically specified using
+.Fl inform
+and
+.Fl outform ,
+indicate the format being read from or written to.
+The argument is case insensitive.
+.Pp
+.Bl -tag -width Ds -offset indent -compact
+.It Cm der
+Distinguished Encoding Rules (DER)
+is a binary format.
+.It Cm net
+Insecure legacy format.
+.It Cm pem
+Privacy Enhanced Mail (PEM)
+is base64-encoded.
+.It Cm pvk
+Private Key format.
+.It Cm smime
+An SMIME format message.
+.It Cm txt
+Plain ASCII text.
+.El
+.Sh ENVIRONMENT
+The following environment variables affect the execution of
+.Nm openssl :
+.Bl -tag -width "/etc/ssl/openssl.cnf"
+.It Ev OPENSSL_CONF
+The location of the master configuration file.
+.El
+.Sh FILES
+.Bl -tag -width "/etc/ssl/openssl.cnf" -compact
+.It Pa /etc/ssl/
+Default config directory for
+.Nm openssl .
+.It Pa /etc/ssl/lib/
+Unused.
+.It Pa /etc/ssl/private/
+Default private key directory.
+.It Pa /etc/ssl/openssl.cnf
+Default configuration file for
+.Nm openssl .
+.It Pa /etc/ssl/x509v3.cnf
+Default configuration file for
+.Nm x509
+certificates.
+.El
+.Sh SEE ALSO
+.Xr acme-client 1 ,
+.Xr nc 1 ,
+.Xr openssl.cnf 5 ,
+.Xr x509v3.cnf 5 ,
+.Xr ssl 8 ,
+.Xr starttls 8
+.Sh STANDARDS
+.Rs
+.%A T. Dierks
+.%A C. Allen
+.%D January 1999
+.%R RFC 2246
+.%T The TLS Protocol Version 1.0
+.Re
+.Pp
+.Rs
+.%A M. Wahl
+.%A S. Killie
+.%A T. Howes
+.%D December 1997
+.%R RFC 2253
+.%T Lightweight Directory Access Protocol (v3): UTF-8 String Representation of Distinguished Names
+.Re
+.Pp
+.Rs
+.%A B. Kaliski
+.%D March 1998
+.%R RFC 2315
+.%T PKCS #7: Cryptographic Message Syntax Version 1.5
+.Re
+.Pp
+.Rs
+.%A R. Housley
+.%A W. Ford
+.%A W. Polk
+.%A D. Solo
+.%D January 1999
+.%R RFC 2459
+.%T Internet X.509 Public Key Infrastructure Certificate and CRL Profile
+.Re
+.Pp
+.Rs
+.%A M. Myers
+.%A R. Ankney
+.%A A. Malpani
+.%A S. Galperin
+.%A C. Adams
+.%D June 1999
+.%R RFC 2560
+.%T X.509 Internet Public Key Infrastructure Online Certificate Status Protocol \(en OCSP
+.Re
+.Pp
+.Rs
+.%A R. Housley
+.%D June 1999
+.%R RFC 2630
+.%T Cryptographic Message Syntax
+.Re
+.Pp
+.Rs
+.%A P. Chown
+.%D June 2002
+.%R RFC 3268
+.%T Advanced Encryption Standard (AES) Ciphersuites for Transport Layer Security (TLS)
+.Re