*nix Documentation Project
·  Home
 +   man pages
·  Linux HOWTOs
·  FreeBSD Tips
·  *niX Forums

  man pages->OpenBSD man pages -> openssl (1)              



NAME    [Toc]    [Back]

     openssl - OpenSSL command line tool

SYNOPSIS    [Toc]    [Back]

     openssl command [command_opts] [command_args]

     openssl              [list-standard-commands               |
list-message-digest-commands |

     openssl no-XXX [arbitrary options]

DESCRIPTION    [Toc]    [Back]

     OpenSSL  is  a  cryptography toolkit implementing the Secure
Sockets Layer
     (SSL v2/v3) and Transport Layer Security  (TLS  v1)  network
protocols and
     related cryptography standards required by them.

     The  openssl  program  is  a command line tool for using the
various cryptography
 functions of OpenSSL's crypto library from the  shell.
It can be
     used for

           +o   Creation of RSA, DH and DSA key parameters
           +o   Creation of X.509 certificates, CSRs and CRLs
           +o   Calculation of Message Digests
           +o   Encryption and Decryption with Ciphers
           +o   SSL/TLS Client and Server Tests
           +o   Handling of S/MIME signed or encrypted mail

COMMAND SUMMARY    [Toc]    [Back]

     The  openssl  program  provides  a  rich variety of commands
(command in the
     SYNOPSIS above), each of which often has a wealth of options
and arguments
 (command_opts and command_args in the SYNOPSIS).

     The          pseudo-commands         list-standard-commands,
     and list-cipher-commands output a list (one entry per  line)
of the names
     of all standard commands, message digest commands, or cipher
     respectively, that are  available  in  the  present  openssl

     The  pseudo-command  no-XXX  tests  whether a command of the
specified name
     is available.  If no command named XXX exists, it returns  0
(success) and
     prints  no-XXX;  otherwise  it returns 1 and prints XXX.  In
both cases, the
     output goes to stdout and nothing is printed to stderr.  Additional command
  line arguments are always ignored.  Since for each cipher there is a
     command of the same name, this  provides  an  easy  way  for
shell scripts to
     test for the availability of ciphers in the openssl program.

     Note: no-XXX is not able to detect pseudo-commands  such  as
     list-...-commands, or no-XXX itself.

STANDARD COMMANDS    [Toc]    [Back]

     asn1parse  Parse an ASN.1 sequence.

     ca         Certificate Authority (CA) Management.

     ciphers    Cipher Suite Description Determination.

     crl        Certificate Revocation List (CRL) Management.

     crl2pkcs7  CRL to PKCS#7 Conversion.

     dgst       Message Digest Calculation.

     dh          Diffie-Hellman  Parameter Management.  Obsoleted
by dhparam.

     dhparam    Generation and Management of  Diffie-Hellman  Parameters.

     dsa        DSA Data Management.

     dsaparam   DSA Parameter Generation.

     enc        Encoding with Ciphers.

     errstr     Error Number to Error String Conversion.

     gendh       Generation  of Diffie-Hellman Parameters.  Obsoleted by

     gendsa     Generation of DSA Parameters.

     genrsa     Generation of RSA Parameters.

     nseq       Create or  examine  a  Netscape  certificate  sequence.

     ocsp       Online Certificate Status Protocol utility.

     passwd     Generation of hashed passwords.

     pkcs7      PKCS#7 Data Management.

     pkcs8      PKCS#8 Data Management.

     pkcs12     PKCS#12 Data Management.

     rand       Generate pseudo-random bytes.

     req         X.509  Certificate Signing Request (CSR) Management.

     rsa        RSA Data Management.

     rsautl     RSA utility for  signing,  verification,  encryption, and decryption.

     s_client    This  implements  a generic SSL/TLS client which
can establish a
                transparent connection to a remote server  speaking SSL/TLS.
                It's  intended for testing purposes only and provides only
                rudimentary interface functionality but internally uses mostly
                all functionality of the OpenSSL ssl library.

     s_server    This  implements  a generic SSL/TLS server which
accepts connections
 from remote clients speaking SSL/TLS.  It's
intended for
                testing  purposes only and provides only rudimentary interface
                functionality  but  internally  uses  mostly  all
functionality of
                the OpenSSL ssl library.  It provides both an own
command line
                oriented protocol for testing SSL functions and a
simple HTTP
                response  facility  to  emulate  an SSL/TLS-aware

     s_time     SSL Connection Timer.

     sess_id    SSL Session Data Management.

     smime      S/MIME mail processing.

     speed      Algorithm Speed Measurement.

     spkac      SPKAC printing and generating utility.

     verify     X.509 Certificate Verification.

     version    OpenSSL Version Information.

     x509       X.509 Certificate Data Management.


     md2        MD2 Digest.

     md4        MD4 Digest.

     md5        MD5 Digest.

     ripemd160  RIPEMD-160 Digest.

     sha        SHA Digest.

     sha1       SHA-1 Digest.


     aes-128-cbc | aes-128-ecb | aes-192-cbc | aes-192-ecb |
     aes-256-cbc | aes-256-ecb
             AES Cipher.

     base64  Base64 Encoding.

     bf | bf-cbc | bf-cfb | bf-ecb | bf-ofb
             Blowfish Cipher.

     cast | cast-cbc
             CAST Cipher.

     cast5-cbc | cast5-cfb | cast5-ecb | cast5-ofb
             CAST5 Cipher.

     des | des-cbc | des-cfb | des-ecb | des-ede | des-ede-cbc
     des-ede-cfb | des-ede-ofb | des-ofb
             DES Cipher.

     des3 | desx |  des-ede3  |  des-ede3-cbc  |  des-ede3-cfb  |
             Triple DES Cipher.

     rc2  | rc2-40-cbc | rc2-64-cbc | rc2-cbc | rc2-cfb | rc2-ecb
| rc2-ofb
             RC2 Cipher.

     rc4 | rc4-40
             RC4 Cipher.


     Several commands accept password arguments, typically  using
-passin and
     -passout  for  input  and  output  passwords,  respectively.
These allow the
     password to be obtained from a variety of sources.  Both  of
these options
     take  a single argument whose format is described below.  If
no password
     argument is given and a password is required, then the  user
is prompted
     to  enter  one: this will typically be read from the current
terminal with
     echoing turned off.

                The actual password is password.  Since the password is visible
  to  utilities  (like  ps(1) under UNIX) this
form should only
                be used where security is not important.

     env:var    Obtain the password from the environment variable
var.  Since
                the  environment of other processes is visible on
certain platforms
 (e.g. ps(1) under certain UNIX  OSes)  this
option should
                be used with caution.

     file:path   The  first line of path is the password.  If the
same path argument
 is supplied to -passin and -passout,  then
the first
                line  will be used for the input password and the
next line for
                the output password.  path need not  refer  to  a
regular file:
                it could, for example, refer to a device or named

     fd:number   Read  the  password  from  the  file  descriptor
number.  This can
                be  used to send the data via a pipe for example.

     stdin      Read the password from standard input.

ASN1PARSE    [Toc]    [Back]

     openssl asn1parse [-dump]  [-i]  [-noout]  [-dlimit  number]
[-in file]
     [-inform  DER | PEM | TXT] [-length number] [-offset number]
[-oid file]
     [-out file] [-strparse offset]

     The asn1parse command is a diagnostic utility that can parse
ASN.1 structures.
   It can also be used to extract data from ASN.1 formatted data.

     The options are as follows:

     -dlimit number
             Dump the first number bytes of unknown data  in  hex

     -dump   Dump unknown data in hex form.

     -i       Indents  the output according to the "depth" of the

     -in file
             The input file; default is standard input.

     -inform DER | PEM | TXT
             The  input  format.   DER  (Distinguished   Encoding
Rules) is binary
             format and PEM (Privacy Enhanced Mail), the default,
             base64-encoded.  TXT is plain text.

     -length number
             Number of bytes to parse; default is  until  end  of

     -noout  Don't output the parsed version of the input file.

     -offset number
             Starting  offset  to begin parsing; default is start
of file.

     -oid file
             A  file  containing  additional  object  identifiers
(OIDs).  The format
 of this file is described in the ASN1PARSE NOTES
section below.

     -out file
             Output file to place the DER-encoded data into.   If
this option
             is  not  present,  no  encoded  data will be output.
This is most
             useful when combined with the -strparse option.

     -strparse offset
             Parse the content octets of the ASN.1 object  starting at offset.
             This  option  can  be  used multiple times to "drill
down" into a
             nested structure.

ASN1PARSE OUTPUT    [Toc]    [Back]

     The output will typically contain lines like this:

       0:d=0  hl=4 l= 681 cons: SEQUENCE


       229:d=3  hl=3 l= 141 prim: BIT STRING
       373:d=2  hl=3 l= 162 cons: cont [ 3 ]
       376:d=3  hl=3 l= 159 cons: SEQUENCE
       379:d=4  hl=2 l=  29 cons: SEQUENCE
       381:d=5  hl=2 l=   3 prim: OBJECT         :X509v3  Subject
Key Identifier
       386:d=5  hl=2 l=  22 prim: OCTET STRING
       410:d=4  hl=2 l= 112 cons: SEQUENCE
       412:d=5  hl=2 l=   3 prim: OBJECT        :X509v3 Authority
Key Identifier
       417:d=5  hl=2 l= 105 prim: OCTET STRING
       524:d=4  hl=2 l=  12 cons: SEQUENCE


     This example is part of  a  self-signed  certificate.   Each
line starts with
     the  offset  in  decimal.  d=XX specifies the current depth.
The depth is
     increased within the scope of any SET  or  SEQUENCE.   hl=XX
gives the header
 length (tag and length octets) of the current type.  l=XX
gives the
     length of the content octets.

     The -i option can be used to make the output more  readable.

     Some knowledge of the ASN.1 structure is needed to interpret
the output.

     In this example, the BIT STRING at offset 229  is  the  certificate public
     key.  The content octets of this will contain the public key
     This can be examined  using  the  option  -strparse  229  to

         0:d=0  hl=3 l= 137 cons: SEQUENCE
         3:d=1       hl=3      l=      129      prim:     INTEGER
       135:d=1  hl=2 l=   3 prim: INTEGER           :010001

ASN1PARSE NOTES    [Toc]    [Back]

     If an OID (object identifier) is not part of  OpenSSL's  internal table it
     will be represented in numerical form (for example
The file
     passed to the -oid option allows additional OIDs to  be  included.  Each
     line  consists of three columns: the first column is the OID
in numerical
     format and should be followed  by  whitespace.   The  second
column is the
     "short  name" which is a single word followed by whitespace.
The final
     column is the rest of the  line  and  is  the  "long  name".
asn1parse displays
 the long name.  Example:

           "  shortname A long name"

ASN1PARSE BUGS    [Toc]    [Back]

     There should be options to change the format of input lines.
The output
     of some ASN.1 types is not well handled (if at all).

CA    [Toc]    [Back]

     openssl  ca  [-batch]  [-gencrl]   [-infiles]   [-msie_hack]
     [-notext] [-preserveDN] [-updatedb] [-verbose] [-cert file]
     [-config  file]  [-crl_CA_compromise  time] [-crl_compromise
     [-crl_hold instruction] [-crl_reason reason] [-crldays days]
     [-crlexts  section]  [-crlhours hours] [-days arg] [-enddate
     [-engine id] [-extensions section] [-extfile  section]  [-in
     [-key  keyfile]  [-keyfile arg] [-keyform ENGINE | PEM] [-md
     [-name section] [-out  file]  [-outdir  dir]  [-passin  arg]
[-policy arg]
     [-revoke  file]  [-spkac  file]  [-ss_cert file] [-startdate
     [-status serial] [-subj arg]

     The ca command is a minimal CA application.  It can be  used
to sign certificate
  requests  in a variety of forms and generate CRLs.
It also maintains
 a text database of issued certificates and their  status.

     The  options descriptions will be divided into each purpose.

CA OPTIONS    [Toc]    [Back]

           This sets the batch mode.  In this mode  no  questions
will be asked
           and  all certificates will be certified automatically.

     -cert file
           The CA certificate file.

     -config file
           Specifies the configuration file to use.

     -days arg
           The number of days to certify the certificate for.

     -enddate date
           This allows the expiry date to be explicitly set.  The
format of
           the date is YYMMDDHHMMSSZ (the same as an ASN1 UTCTime

     -engine id
           Specifying an engine (by it's unique id  string)  will
cause ca to
           attempt to obtain a functional reference to the specified engine,
           thus initialising it if needed.  The engine will  then
be set as the
           default for all available algorithms.

     -extensions section
           The  section of the configuration file containing certificate extensions
 to be added when a certificate  is  issued  (defaults to
           X509_extensions  unless  the -extfile option is used).
If no extension
 section is present, a V1 certificate is  created.
If the extension
 section is present (even if it is empty), then
a V3 certificate
 is created.

     -extfile file
           An additional configuration file to  read  certificate
           from (using the default section unless the -extensions
option is
           also used).

     -in file
           An input file containing a single certificate  request
to be signed
           by the CA.

           If present, this should be the last option; all subsequent arguments
 are assumed to be the names of files  containing

     -key keyfile
           The  password  used to encrypt the private key.  Since
on some systems
 the command line arguments are visible (e.g. UNIX
with the
           ps(1)  utility)  this  option should be used with caution.

     -keyfile file
           The private key to sign requests with.

     -keyform ENGINE | PEM
           Private key file format.

     -md alg
           The message digest to use.   Possible  values  include
md5 and sha1.
           This option also applies to CRLs.

           This  is a legacy option to make ca work with very old
versions of
           the IE certificate enrollment control "certenr3".   It
used UniversalStrings
  for almost everything.  Since the old control has various
 security bugs, its use  is  strongly  discouraged.
The newer control
 "Xenroll" does not need this option.

     -name section
           Specifies the configuration file section to use (overrides
           default_ca in the ca section).

           The DN of a certificate can contain the EMAIL field if
present in
           the  request DN, however it is good policy just having
the e-mail
           set into the altName  extension  of  the  certificate.
When this option
  is set, the EMAIL field is removed from the certificate's subject
 and set only in the, eventually  present,  extensions.  The
           email_in_dn  keyword  can be used in the configuration
file to enable
           this behaviour.

           Don't output the text form of  a  certificate  to  the
output file.

     -out file
           The  output  file  to output certificates to.  The default is standard
           output.  The certificate details will also be  printed
out to this

     -outdir directory
           The directory to output certificates to.  The certificate will be
           written to a file consisting of the serial  number  in
hex with
           ".pem" appended.

     -passin arg
           The  key  password source.  For more information about
the format of
           arg, see the PASS PHRASE ARGUMENTS section above.

     -policy arg
           This option defines the CA "policy" to use.  This is a
section in
           the  configuration  file  which  decides  which fields
should be mandatory
 or match the CA certificate.  Check  out  the  CA
           section for more information.

           Normally, the DN order of a certificate is the same as
the order of
           the fields in the relevant policy section.  When  this
option is
           set,  the  order  is the same as the request.  This is
largely for
           compatibility with the  older  IE  enrollment  control
which would only
           accept  certificates if their DNs matched the order of
the request.
           This is not needed for Xenroll.

     -spkac file
           A file containing a single Netscape signed public  key
and challenge,
 and additional field values to be signed by the
CA.  See the
           SPKAC FORMAT section for information on  the  required

     -ss_cert file
           A  single  self-signed certificate to be signed by the

     -startdate date
           This allows the start date to be explicitly set.   The
format of the
           date  is  YYMMDDHHMMSSZ  (the  same as an ASN1 UTCTime

     -status serial
           Show status of certificate with serial number  serial.

           Update database for expired certificates.

           This  prints  extra details about the operations being

CRL OPTIONS    [Toc]    [Back]

     -crl_CA_compromise time
           This is the same as -crl_compromise, except the  revocation reason
           is set to CACompromise.

     -crl_compromise time
           This  sets  the revocation reason to keyCompromise and
the compromise
           time to time.  time should be in GeneralizedTime  format, i.e.

     -crl_hold instruction
           This  sets  the CRL revocation reason code to certificateHold and the
           hold instruction to instruction which must be an  OID.
Although any
           OID  can be used, only holdInstructionNone (the use of
which is discouraged
 by RFC  2459),  holdInstructionCallIssuer  or
 will normally be used.

     -crl_reason reason
           Revocation  reason,  where  reason is one of: unspecified, keyCompromise,
  CACompromise,  affiliationChanged,  superseded,
 certificateHold or removeFromCRL.  The matching of reason
           is case insensitive.  Setting  any  revocation  reason
will make the
           CRL v2.  In practice, removeFromCRL is not particularly useful because
 it is only used in delta CRLs which are not currently implemented.

     -crldays num
           The  number  of days before the next CRL is due.  This
is the days
           from now to place in the CRL nextUpdate field.

     -crlexts section
           The section of the configuration file  containing  CRL
extensions to
           include.   If no CRL extension section is present then
a V1 CRL is
           created; if the CRL extension section is present (even
if it is
           empty)  then  a V2 CRL is created.  The CRL extensions
specified are
           CRL extensions  and  not  CRL  entry  extensions.   It
should be noted
           that some software (for example Netscape) can't handle
V2 CRLs.

     -crlhours num
           The number of hours before the next CRL is due.

           This option generates a CRL based  on  information  in
the index file.

     -revoke file
           A file containing a certificate to revoke.

     -subj arg
           Supersedes the subject name given in the request.  The
arg must be
           formatted   as   /type0=value0/type1=value1/type2=...;
characters may
           be escaped by `' (backslash), no spaces are skipped.


     The section of the configuration file containing options for
ca is found
     as follows: If the -name command line option is  used,  then
it names the
     section  to  be used.  Otherwise the section to be used must
be named in
     the default_CA option of the CA section of the configuration
file (or in
     the  default  section  of  the configuration file).  Besides
default_CA, the
     following options are read directly from the CA section:


     With the exception of RANDFILE, this is probably a  bug  and
may change in
     future releases.

     Many of the configuration file options are identical to command line options.
  Where the option is  present  in  the  configuration
file and the
     command  line, the command line value is used.  Where an option is described
 as mandatory, then it must be present in the configuration file
     or the command line equivalent (if any) used.

           The  same  as -cert.  It gives the file containing the
CA certificate.

           Determines  how  extensions  in  certificate  requests
should be handled.
   If  set to none or this option is not present,
then extensions
 are ignored and not copied to  the  certificate.
If set to
           copy,  then any extensions present in the request that
are not already
 present are copied to the certificate.   If  set
to copyall,
           then  all  extensions in the request are copied to the
           if the extension is already present in the certificate
it is deleted
  first.   See  the CA WARNINGS section before using
this option.

           The main use of this option is to allow a  certificate
request to
           supply   values   for   certain   extensions  such  as

           The same as -crlexts.

           The text database file to use.  Mandatory.  This  file
must be present,
 though initially it will be empty.

     default_CRL_hours, default_CRL_days
           The same as the -crlhours and -crldays options.  These
will only be
           used if neither command line option  is  present.   At
least one of
           these must be present to generate a CRL.

           The  same  as the -days option.  The number of days to
certify a certificate

           The same as the -enddate option.  Either  this  option
           default_days (or the command line equivalents) must be

           The same as the -md option.   The  message  digest  to
use.  Mandatory.

           The  same as the -startdate option.  The start date to
certify a
           certificate for.  If not  set,  the  current  time  is

           The  same  as -noemailDN.  If the EMAIL field is to be
removed from
           the DN of the certificate, simply set  this  to  "no".
If not present,
  the  default is to allow for the EMAIL field in
the certificate's

           The same as -msie_hack.

     nameopt, certopt
           These options allow the format  used  to  display  the
certificate details
  when  asking  the user to confirm signing.  All
the options
           supported by the x509 utilities' -nameopt and -certopt
switches can
           be  used  here,  except that no_signame and no_sigdump
are permanently
           set and cannot be disabled (this is because  the  certificate signature
  cannot  be displayed because the certificate has
not been
           signed at this point).

           For convenience, the value CA_default is  accepted  by
both to produce
 a reasonable output.

           If  neither option is present, the format used in earlier versions
           of OpenSSL is used.  Use of the old format is strongly
           because  it  only  displays  fields  mentioned  in the
policy section,
           mishandles multicharacter string types  and  does  not
display extensions.

           The same as the -outdir command line option.  It specifies the directory
 where new certificates will be placed.  Mandatory.

           This  specifies  a  file  containing additional object
           Each line of the file should consist of the  numerical
form of the
           object  identifier  followed  by  whitespace, then the
short name followed
 by whitespace and finally the long name.

           This specifies a section  in  the  configuration  file
containing extra
           object  identifiers.   Each line should consist of the
short name of
           the object identifier followed by `=' and the  numerical form.  The
           short  and long names are the same when this option is

           The same as -policy.  Mandatory.  See  the  CA  POLICY
FORMAT section
           for more information.

           The same as -preserveDN.

           Same  as the -keyfile option.  The file containing the
CA private
           key.  Mandatory.

           A file used to read and write random number  seed  information, or an
           EGD socket (see RAND_egd(3)).

           A  text  file containing the next serial number to use
in hex.
           Mandatory.  This file must be present  and  contain  a
valid serial

           The same as -extensions.

CA POLICY FORMAT    [Toc]    [Back]

     The  policy  section  consists  of a set of variables corresponding to certificate
 DN fields.  If the value is "match", then the field
value must
     match the same field in the CA certificate.  If the value is
     then it must be present.  If the value is  "optional",  then
it may be present.
   Any  fields  not mentioned in the policy section are
silently deleted,
 unless the -preserveDN option is set, but  this  can  be
regarded more
     of a quirk than intended behaviour.

SPKAC FORMAT    [Toc]    [Back]

     The  input  to  the -spkac command line option is a Netscape
signed public
     key and challenge.  This will usually come from  the  KEYGEN
tag in an HTML
     form  to create a new private key.  It is, however, possible
to create SPKACs
 using the spkac utility.

     The file should contain the variable SPKAC set to the  value
of the SPKAC
     and also the required DN components as name value pairs.  If
it's necessary
 to include the same component twice,  then  it  can  be
preceded by a
     number and a `.'.

CA EXAMPLES    [Toc]    [Back]

     Note:  these examples assume that the ca directory structure
is already
     set up and the relevant files already exist.   This  usually
involves creating
  a  CA  certificate and private key with req, a serial
number file and
     an empty index file and placing them in the relevant  directories.

     To  use the sample configuration file below, the directories
     demoCA/private and demoCA/newcerts would be created.  The CA
     would be copied to demoCA/cacert.pem and its private key to
     demoCA/private/cakey.pem.   A  file  demoCA/serial  would be
created containing,
  for  example,  "01"   and   the   empty   index   file

     Sign a certificate request:

           $ openssl ca -in req.pem -out newcert.pem

     Sign a certificate request, using CA extensions:

           $  openssl  ca  -in  req.pem  -extensions  v3_ca  -out

     Generate a CRL:

           $ openssl ca -gencrl -out crl.pem

     Sign several requests:

           $ openssl ca -infiles req1.pem req2.pem req3.pem

     Certify a Netscape SPKAC:

           $ openssl ca -spkac spkac.txt

     A sample SPKAC file (the SPKAC line has been  truncated  for

           CN=Steve Test
           0.OU=OpenSSL Group
           1.OU=Another Group

     A sample configuration file with the relevant  sections  for

      [ ca ]
      default_ca       =  CA_default             # The default ca

      [ CA_default ]

      dir            = ./demoCA              # top dir
      database       = $dir/index.txt        # index file
      new_certs_dir  = $dir/newcerts         # new certs dir

      certificate    = $dir/cacert.pem       # The CA cert
      serial         = $dir/serial           # serial no file
      private_key    = $dir/private/cakey.pem# CA private key
      RANDFILE       = $dir/private/.rand    # random number file

      default_days   = 365                   # how long to certify for
      default_crl_days= 30                   #  how  long  before
next CRL
      default_md     = md5                   # md to use

      policy         = policy_any            # default policy
      email_in_dn     =  no                     #  Don't  add the
email into cert DN

      nameopt        = ca_default            # Subject name  display option
      certopt         =  ca_default            # Certificate display option
      copy_extensions = none                 #Don't  copy  extensions from request

      [ policy_any ]
      countryName            = supplied
      stateOrProvinceName    = optional
      organizationName       = optional
      organizationalUnitName = optional
      commonName             = supplied
      emailAddress           = optional

CA FILES    [Toc]    [Back]

     Note: the location of all files can change either by compile
time options,
 configuration file entries, environment variables, or
command line
     options.  The values below reflect the default values.

           /etc/ssl/openssl.cnf            - master configuration
           ./demoCA                       - main CA directory
           ./demoCA/cacert.pem            - CA certificate
           ./demoCA/private/cakey.pem     - CA private key
           ./demoCA/serial                - CA serial number file
           ./demoCA/serial.old              -  CA  serial  number
backup file
           ./demoCA/index.txt             - CA text database file
           ./demoCA/index.txt.old           -  CA  text  database
backup file
           ./demoCA/certs                  -  certificate  output
           ./demoCA/.rnd                  - CA random seed information


     OPENSSL_CONF reflects the location of the master  configuration file; it
     can be overridden by the -config command line option.

CA RESTRICTIONS    [Toc]    [Back]

     The  text database index file is a critical part of the process, and if
     corrupted it can be difficult to fix.  It  is  theoretically
possible to
     rebuild  the index file from all the issued certificates and
a current
     CRL; however there is no option to do this.

     V2 CRL features like delta CRL support and CRL  numbers  are
not currently

     Although  several requests can be input and handled at once,
it is only
     possible to include one SPKAC or self-signed certificate.

CA BUGS    [Toc]    [Back]

     The use of an in-memory text  database  can  cause  problems
when large numbers
  of  certificates  are present because, as the name implies, the
     database has to be kept in memory.

     It is not possible to certify two certificates with the same
DN; this is
     a  side  effect  of  how the text database is indexed and it
cannot easily be
     fixed  without  introducing  other  problems.   Some  S/MIME
clients can use
     two  certificates  with the same DN for separate signing and

     The ca command really needs rewriting or the required  functionality exposed
  at  either  a  command  or  interface level so a more
friendly utility
     (perl script  or  GUI)  can  handle  things  properly.   The
scripts CA.sh and
     CA.pl help a little but not very much.

     Any fields in a request that are not present in a policy are
     deleted.  This does not happen if the -preserveDN option  is
used.  To enforce
  the absence of the EMAIL field within the DN, as suggested by RFCs,
     regardless of the contents  of  the  request's  subject  the
-noemailDN option
     can be used.  The behaviour should be more friendly and configurable.

     Cancelling some commands by refusing to certify  a  certificate can create
     an empty file.

CA WARNINGS    [Toc]    [Back]

     The  ca command is quirky and at times downright unfriendly.

     The ca utility was originally meant as an example of how  to
do things in
     a CA.  It was not supposed to be used as a full blown CA itself: nevertheless
 some people are using it for this purpose.

     The ca command is effectively  a  single  user  command:  no
locking is done
     on  the  various files, and attempts to run more than one ca
command on the
     same database can have unpredictable results.

     The copy_extensions option should be used with caution.   If
care is not
     taken,  it  can  be a security risk.  For example, if a certificate request
     contains a basicConstraints extension with CA:TRUE and the
     copy_extensions value is set to copyall and  the  user  does
not spot this
     when  the  certificate is displayed, then this will hand the
requestor a
     valid CA certificate.

     This situation can be avoided by setting copy_extensions  to
copy and including
  basicConstraints with CA:FALSE in the configuration
file.  Then
     if the request contains  a  basicConstraints  extension,  it
will be ignored.

     It  is advisable to also include values for other extensions
such as
     keyUsage to prevent a request supplying its own values.

     Additional restrictions can be placed on the CA  certificate
itself.  For
     example if the CA certificate has:

           basicConstraints = CA:TRUE, pathlen:0

     then  even  if  a certificate is issued with CA:TRUE it will
not be valid.

CIPHERS    [Toc]    [Back]

     openssl  ciphers  [-h]  [-ssl2  |  -ssl3   |   -tls1]   [-v]

     The  ciphers  command converts OpenSSL cipher lists into ordered SSL cipher
     preference lists.  It can be used as a test tool  to  determine the appropriate

     The options are as follows:

     -h, -?  Print a brief usage message.

     -ssl2   Only include SSL v2 ciphers.

     -ssl3   Only include SSL v3 ciphers.

     -tls1   Only include TLS v1 ciphers.

     -v       Verbose  option.   List ciphers with a complete description of protocol
 version (SSLv2 or SSLv3; the  latter  includes
TLS), key exchange,
  authentication,  encryption  and  mac algorithms used along
             with any key size restrictions and whether the algorithm is
             classed  as an export cipher.  Note that without the
-v option,
             ciphers may seem to appear twice in a  cipher  list;
this is when
             similar ciphers are available for SSL v2 and for SSL
v3/TLS v1.

             A cipher list to  convert  to  a  cipher  preference
list.  If it is
             not  included, the default cipher list will be used.
The format
             is described below.

CIPHERS LIST FORMAT    [Toc]    [Back]

     The cipher list consists of one or more cipher strings separated by
     colons.   Commas  or  spaces are also acceptable separators,
but colons are
     normally used.

     The actual cipher string can take several different forms:

     It can consist of a single cipher suite such as RC4-SHA.

     It can represent a list of cipher suites containing  a  certain algorithm,
     or cipher suites of a certain type.  For example SHA1 represents all cipher
 suites using the digest algorithm SHA1, and SSLv3  represents all SSL
     v3 algorithms.

     Lists  of  cipher  suites can be combined in a single cipher
string using
     the `+' character.  This is used as a logical and operation.
For example,
  SHA1+DES  represents  all cipher suites containing the
SHA1 and the
     DES algorithms.

     Each cipher string can be optionally preceded by the characters `!', `-',
     or `+'.

     If  `!'  is  used,  then the ciphers are permanently deleted
from the list.
     The ciphers deleted can never reappear in the list  even  if
they are explicitly

     If  `-' is used, then the ciphers are deleted from the list,
but some or
     all of the ciphers can be added again by later options.

     If `+' is used, then the ciphers are moved to the end of the
list.  This
     option  doesn't  add any new ciphers, it just moves matching
existing ones.

     If none of these characters is present, the string  is  just
interpreted as
     a  list  of ciphers to be appended to the current preference
list.  If the
     list includes any ciphers already present, they will be  ignored; that is,
     they will not be moved to the end of the list.

     Additionally, the cipher string @STRENGTH can be used at any
point to
     sort the current cipher list in order  of  encryption  algorithm key length.

CIPHERS STRINGS    [Toc]    [Back]

     The  following is a list of all permitted cipher strings and
their meanings.

           The default cipher list.  This is determined  at  compile time and is
           normally ALL:!ADH:RC4+RSA:+SSLv2:@STRENGTH.  This must
be the first
           cipher string specified.

           The ciphers included in ALL, but not  enabled  by  default.  Currently
           this  is  ADH.   Note  that  this  rule does not cover
eNULL, which is
           not included by ALL  (use  COMPLEMENTOFALL  if  necessary).

     ALL    All cipher suites except the eNULL ciphers which must
be explicitly

           The cipher suites not enabled by ALL, currently  being

     HIGH  "High" encryption cipher suites.  This currently means
those with
           key lengths larger than 128 bits.

           "Medium" encryption cipher suites, currently those using 128-bit

     LOW    "Low" encryption cipher suites, currently those using
64- or 56-bit
           encryption algorithms,  but  excluding  export  cipher

           Export   encryption  algorithms.   Including  40-  and
56-bit algorithms.

           40-bit export encryption algorithms.

           56-bit export encryption algorithms.

     eNULL, NULL
           The "NULL" ciphers; that is, those offering no encryption.  Because
           these  offer  no  encryption at all and are a security
risk, they are
           disabled unless explicitly included.

           The cipher suites offering no authentication.  This is
           the  anonymous DH algorithms.  These cipher suites are
vulnerable to
           a "man in the middle" attack, so their use is normally

     kRSA, RSA
           Cipher suites using RSA key exchange.

     kEDH  Cipher suites using ephemeral DH key agreement.

     kDHr, kDHd
           Cipher  suites  using DH key agreement and DH certificates signed by
           CAs with RSA and DSS keys  respectively.   Not  implemented.

     aRSA   Cipher suites using RSA authentication, i.e. the certificates carry
           RSA keys.

     aDSS, DSS
           Cipher suites using DSS authentication, i.e. the  certificates carry
           DSS keys.

     aDH    Cipher  suites  effectively  using DH authentication,
i.e. the certificates
 carry DH keys.  Not implemented.

     kFZA, aFZA, eFZA, FZA
           Cipher suites using FORTEZZA key exchange, authentication, encryption
 or all FORTEZZA algorithms.  Not implemented.

     TLSv1, SSLv3, SSLv2
           TLS  v1.0, SSL v3.0 or SSL v2.0 cipher suites, respectively.

     DH    Cipher suites using DH, including anonymous DH.

     ADH   Anonymous DH cipher suites.

     AES   Cipher suites using AES.

     3DES  Cipher suites using triple DES.

     DES   Cipher suites using DES (not triple DES).

     RC4   Cipher suites using RC4.

     RC2   Cipher suites using RC2.

     MD5   Cipher suites using MD5.

     SHA1, SHA
           Cipher suites using SHA1.

CIPHERS SUITE NAMES    [Toc]    [Back]

     The following lists give the SSL or TLS cipher suites  names
from the relevant
  specification  and  their  OpenSSL  equivalents.   It
should be noted
     that several cipher suite names do not include the authentication used,
     e.g.  DES-CBC3-SHA.   In  these cases, RSA authentication is

   SSL v3.0 cipher suites    [Toc]    [Back]

           SSL_RSA_WITH_NULL_MD5                   NULL-MD5
           SSL_RSA_WITH_NULL_SHA                   NULL-SHA
           SSL_RSA_EXPORT_WITH_RC4_40_MD5          EXP-RC4-MD5
           SSL_RSA_WITH_RC4_128_MD5                RC4-MD5
           SSL_RSA_WITH_RC4_128_SHA                RC4-SHA
           SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5        EXP-RC2-CBCMD5
           SSL_RSA_WITH_IDEA_CBC_SHA               IDEA-CBC-SHA
           SSL_RSA_WITH_DES_CBC_SHA                DES-CBC-SHA
           SSL_RSA_WITH_3DES_EDE_CBC_SHA           DES-CBC3-SHA

           SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA    Not implemented.
           SSL_DH_DSS_WITH_DES_CBC_SHA             Not implemented.
           SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA        Not implemented.
           SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA    Not implemented.
           SSL_DH_RSA_WITH_DES_CBC_SHA             Not implemented.
           SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA        Not implemented.

           SSL_DH_anon_EXPORT_WITH_RC4_40_MD5            EXP-ADHRC4-MD5
           SSL_DH_anon_WITH_RC4_128_MD5            ADH-RC4-MD5
           SSL_DH_anon_WITH_DES_CBC_SHA              ADH-DES-CBCSHA
           SSL_DH_anon_WITH_3DES_EDE_CBC_SHA             ADH-DESCBC3-SHA

           SSL_FORTEZZA_KEA_WITH_NULL_SHA          Not implemented.
           SSL_FORTEZZA_KEA_WITH_FORTEZZA_CBC_SHA  Not implemented.
           SSL_FORTEZZA_KEA_WITH_RC4_128_SHA       Not implemented.

   TLS v1.0 cipher suites    [Toc]    [Back]

           TLS_RSA_WITH_NULL_MD5                   NULL-MD5
           TLS_RSA_WITH_NULL_SHA                   NULL-SHA
           TLS_RSA_EXPORT_WITH_RC4_40_MD5          EXP-RC4-MD5
           TLS_RSA_WITH_RC4_128_MD5                RC4-MD5
           TLS_RSA_WITH_RC4_128_SHA                RC4-SHA
           TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5        EXP-RC2-CBCMD5
           TLS_RSA_WITH_IDEA_CBC_SHA               IDEA-CBC-SHA
           TLS_RSA_WITH_DES_CBC_SHA                DES-CBC-SHA
           TLS_RSA_WITH_3DES_EDE_CBC_SHA           DES-CBC3-SHA

           TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA    Not implemented.
           TLS_DH_DSS_WITH_DES_CBC_SHA             Not implemented.
           TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA        Not implemented.
           TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA    Not implemented.
           TLS_DH_RSA_WITH_DES_CBC_SHA             Not implemented.
           TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA        Not implemented.

           TLS_DH_anon_EXPORT_WITH_RC4_40_MD5            EXP-ADHRC4-MD5
           TLS_DH_anon_WITH_RC4_128_MD5            ADH-RC4-MD5
           TLS_DH_anon_WITH_DES_CBC_SHA              ADH-DES-CBCSHA
           TLS_DH_anon_WITH_3DES_EDE_CBC_SHA             ADH-DESCBC3-SHA

   AES ciphersuites from RFC 3268, extending TLS v1.0

           TLS_RSA_WITH_AES_128_CBC_SHA            AES128-SHA
           TLS_RSA_WITH_AES_256_CBC_SHA            AES256-SHA

           TLS_DH_DSS_WITH_AES_128_CBC_SHA                DH-DSSAES128-SHA
           TLS_DH_DSS_WITH_AES_256_CBC_SHA                DH-DSSAES256-SHA
           TLS_DH_RSA_WITH_AES_128_CBC_SHA                DH-RSAAES128-SHA
           TLS_DH_RSA_WITH_AES_256_CBC_SHA                DH-RSAAES256-SHA

           TLS_DHE_DSS_WITH_AES_128_CBC_SHA              DHE-DSSAES128-SHA
           TLS_DHE_DSS_WITH_AES_256_CBC_SHA              DHE-DSSAES256-SHA
           TLS_DHE_RSA_WITH_AES_128_CBC_SHA              DHE-RSAAES128-SHA
           TLS_DHE_RSA_WITH_AES_256_CBC_SHA              DHE-RSAAES256-SHA

           TLS_DH_anon_WITH_AES_128_CBC_SHA        ADH-AES128-SHA
           TLS_DH_anon_WITH_AES_256_CBC_SHA        ADH-AES256-SHA

   Additional Export 1024 and other cipher suites    [Toc]    [Back]
     Note: These ciphers can also be used in SSL v3.

           TLS_DHE_DSS_WITH_RC4_128_SHA                  DHE-DSSRC4-SHA

   SSL v2.0 cipher suites    [Toc]    [Back]

           SSL_CK_RC4_128_WITH_MD5                 RC4-MD5
           SSL_CK_RC4_128_EXPORT40_WITH_MD5        EXP-RC4-MD5
           SSL_CK_RC2_128_CBC_WITH_MD5             RC2-MD5
           SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5    EXP-RC2-MD5
           SSL_CK_IDEA_128_CBC_WITH_MD5            IDEA-CBC-MD5
           SSL_CK_DES_64_CBC_WITH_MD5              DES-CBC-MD5
           SSL_CK_DES_192_EDE3_CBC_WITH_MD5        DES-CBC3-MD5

CIPHERS NOTES    [Toc]    [Back]

     The non-ephemeral DH modes are  currently  unimplemented  in
OpenSSL because
     there is no support for DH certificates.

     Some  compiled  versions  of OpenSSL may not include all the
ciphers listed
     here because some ciphers were excluded at compile time.

CIPHERS EXAMPLES    [Toc]    [Back]

     Verbose listing of all OpenSSL ciphers  including  NULL  ciphers:

           $ openssl c

 Similar pages
Name OS Title
keynote OpenBSD command line tool for keynote(3) operations
dhcptools HP-UX command line tool for DHCP elements of bootpd
smcmd IRIX command-line web content administration and publishing tool
prove OpenBSD A command-line tool for running tests against Test::Harness
edit Tru64 Edits a file line by line with a simplified command set
ipxfargc IRIX Returns the number of command-line arguments excluding the command name
VkForkIO IRIX Command-line interface to shell command component
tcl Tru64 Tool Command Language
tcl-tk Tru64 Tool Command Language
tk Tru64 Tool Command Language
Copyright © 2004-2005 DeniX Solutions SRL
newsletter delivery service