=pod
=head1 NAME
openssl - OpenSSL command line program
=head1 SYNOPSIS
B<openssl>
I<command>
[ I<options> ... ]
[ I<parameters> ... ]
B<openssl>
B<list>
B<-standard-commands> |
B<-digest-commands> |
B<-cipher-commands> |
B<-cipher-algorithms> |
B<-digest-algorithms> |
B<-mac-algorithms> |
B<-public-key-algorithms>
B<openssl> B<no->I<XXX> [ I<options> ]
=head1 DESCRIPTION
OpenSSL is a cryptography toolkit implementing the Secure Sockets Layer (SSL
v2/v3) and Transport Layer Security (TLS v1) network protocols and related
cryptography standards required by them.
The B<openssl> program is a command line program for using the various
cryptography functions of OpenSSL's B<crypto> library from the shell.
It can be used for
o Creation and management of private keys, public keys and parameters
o Public key cryptographic operations
o Creation of X.509 certificates, CSRs and CRLs
o Calculation of Message Digests and Message Authentication Codes
o Encryption and Decryption with Ciphers
o SSL/TLS Client and Server Tests
o Handling of S/MIME signed or encrypted mail
o Timestamp requests, generation and verification
=head1 COMMAND SUMMARY
The B<openssl> program provides a rich variety of commands (I<command> in
the L</SYNOPSIS> above).
Each command can have many options and argument parameters, shown above as
I<options> and I<parameters>.
Detailed documentation and use cases for most standard subcommands are available
(e.g., L<openssl-x509(1)>).
Many commands use an external configuration file for some or all of their
arguments and have a B<-config> option to specify that file.
The default name of the file is F<openssl.cnf> in the default certificate
storage area, which can be determined from the L<openssl-version(1)>
command.
The environment variable B<OPENSSL_CONF> can be used to specify
a different location of the file.
See L<openssl-env(7)>.
The list options B<-standard-commands>, B<-digest-commands>,
and B<-cipher-commands> output a list (one entry per line) of the names
of all standard commands, message digest commands, or cipher commands,
respectively, that are available.
The list parameters B<-cipher-algorithms>, B<-digest-algorithms>,
and B<-mac-algorithms> list all cipher, message digest, and message
authentication code names, one entry per line. Aliases are listed as:
from => to
The list parameter B<-public-key-algorithms> lists all supported public
key algorithms.
The command B<no->I<XXX> tests whether a command of the
specified name is available. If no command named I<XXX> exists, it
returns 0 (success) and prints B<no->I<XXX>; otherwise it returns 1
and prints I<XXX>. In both cases, the output goes to B<stdout> and
nothing is printed to B<stderr>. Additional command line arguments
are always ignored. Since for each cipher there is a command of the
same name, this provides an easy way for shell scripts to test for the
availability of ciphers in the B<openssl> program. (B<no->I<XXX> is
not able to detect pseudo-commands such as B<quit>,
B<list>, or B<no->I<XXX> itself.)
=head2 Standard Commands
=over 4
=item B<asn1parse>
Parse an ASN.1 sequence.
=item B<ca>
Certificate Authority (CA) Management.
=item B<ciphers>
Cipher Suite Description Determination.
=item B<cms>
CMS (Cryptographic Message Syntax) command.
=item B<crl>
Certificate Revocation List (CRL) Management.
=item B<crl2pkcs7>
CRL to PKCS#7 Conversion.
=item B<dgst>
Message Digest calculation. MAC calculations are superseded by
L<openssl-mac(1)>.
=item B<dhparam>
Generation and Management of Diffie-Hellman Parameters. Superseded by
L<openssl-genpkey(1)> and L<openssl-pkeyparam(1)>.
=item B<dsa>
DSA Data Management.
=item B<dsaparam>
DSA Parameter Generation and Management. Superseded by
L<openssl-genpkey(1)> and L<openssl-pkeyparam(1)>.
=item B<ec>
EC (Elliptic curve) key processing.
=item B<ecparam>
EC parameter manipulation and generation.
=item B<enc>
Encryption, decryption, and encoding.
=item B<engine>
Engine (loadable module) information and manipulation.
=item B<errstr>
Error Number to Error String Conversion.
=item B<fipsinstall>
FIPS configuration installation.
=item B<gendsa>
Generation of DSA Private Key from Parameters. Superseded by
L<openssl-genpkey(1)> and L<openssl-pkey(1)>.
=item B&l