src - OpenBSD base system

diff options


context:
space:
mode:

author	Jason McIntyre <jmc@cvs.openbsd.org>	2003-08-30 17:30:55 +0000
committer	Jason McIntyre <jmc@cvs.openbsd.org>	2003-08-30 17:30:55 +0000
commit	f58b9a9b653c798bb12c243794ea5118e1d365fe (patch)
tree	37bd95d79e3077c3452904dc047a0b78c90e3665 /usr.sbin
parent	cb019b4f47a4fa68963cd98f0176817168481941 (diff)

- sync SYNOPSIS(es) and ciphers/digests available with reality

- remove non-OBSD details - indent examples - general macro/punctuation cleanup

Diffstat (limited to 'usr.sbin')

-rw-r--r--

usr.sbin/openssl/openssl.1

2992

1 files changed, 1684 insertions, 1308 deletions

diff --git a/usr.sbin/openssl/openssl.1 b/usr.sbin/openssl/openssl.1
index ad7e25ffbf5..1229888c166 100644
--- a/usr.sbin/openssl/openssl.1
+++ b/usr.sbin/openssl/openssl.1

@@ -1,4 +1,4 @@

-.\" $OpenBSD: openssl.1,v 1.11 2003/08/08 10:13:33 jmc Exp $

+.\" $OpenBSD: openssl.1,v 1.12 2003/08/30 17:30:54 jmc Exp $

.\" ====================================================================

.\"

@@ -128,7 +128,7 @@

.Bk -words

.Oo Cm list-standard-commands Li |\ \&

.Cm list-message-digest-commands |

-.Cm \ \ \ \ list-cipher-commands

+.Cm \ \&\ \&\ \&\ \&\ \&list-cipher-commands

.Oc

.Ek

.Pp

@@ -138,8 +138,10 @@

.Sh DESCRIPTION

.Nm OpenSSL

is a cryptography toolkit implementing the Secure Sockets Layer

-(SSL v2/v3) and Transport Layer Security (TLS v1) network protocols and

-related cryptography standards required by them.

+.Pq SSL v2/v3

+and Transport Layer Security

+.Pq TLS v1

+network protocols and related cryptography standards required by them.

.Pp

The

.Nm

@@ -150,7 +152,7 @@ cryptography functions of

library from the shell.

It can be used for

.Pp

-.Bl -bullet -compact

+.Bl -bullet -offset indent -compact

.It

Creation of RSA, DH and DSA key parameters

.It

@@ -185,9 +187,10 @@ The pseudo-commands

.Cm list-standard-commands , list-message-digest-commands ,

and

.Cm list-cipher-commands

-output a list (one entry per line) of the names

-of all standard commands, message digest commands, or cipher commands,

-respectively, that are available in the present

+output a list

+.Pq one entry per line

+of the names of all standard commands, message digest commands,

+or cipher commands, respectively, that are available in the present

.Nm

utility.

.Pp

@@ -198,7 +201,9 @@ specified name is available.

If no command named

.Ar XXX

exists,

-it returns 0 (success) and prints

+it returns 0

+.Pq success

+and prints

.Cm no- Ns Ar XXX ;

otherwise it returns 1 and prints

.Ar XXX .

@@ -226,11 +231,15 @@ itself.

.It Cm asn1parse

Parse an ASN.1 sequence.

.It Cm ca

-Certificate Authority (CA) Management.

+Certificate Authority

+.Pq CA

+Management.

.It Cm ciphers

Cipher Suite Description Determination.

.It Cm crl

-Certificate Revocation List (CRL) Management.

+Certificate Revocation List

+.Pq CRL

+Management.

.It Cm crl2pkcs7

CRL to PKCS#7 Conversion.

.It Cm dgst

@@ -258,7 +267,7 @@ Generation of DSA Parameters.

.It Cm genrsa

Generation of RSA Parameters.

.It Cm nseq

-Create or examine a netscape certificate sequence.

+Create or examine a Netscape certificate sequence.

.It Cm ocsp

Online Certificate Status Protocol utility.

.It Cm passwd

@@ -272,7 +281,9 @@ PKCS#12 Data Management.

.It Cm rand

Generate pseudo-random bytes.

.It Cm req

-X.509 Certificate Signing Request (CSR) Management.

+X.509 Certificate Signing Request

+.Pq CSR

+Management.

.It Cm rsa

RSA Data Management.

.It Cm rsautl

@@ -318,10 +329,10 @@ X.509 Certificate Data Management.

.Bl -tag -width "asn1parse"

.It Cm md2

MD2 Digest.

+.It Cm md4

+MD4 Digest.

.It Cm md5

MD5 Digest.

-.It Cm mdc2

-MDC2 Digest.

.It Cm rmd160

RMD-160 Digest.

.It Cm sha

@@ -330,28 +341,47 @@ SHA Digest.

SHA-1 Digest.

.El

.Sh ENCODING AND CIPHER COMMANDS

-.Bl -tag -width "asn1parse"

+.Bl -tag -width Ds -compact

+.It Cm aes-128-cbc | aes-128-ecb | aes-192-cbc | aes-192-ecb |

+.It Cm aes-256-cbc | aes-256-ecb

+AES Cipher.

+.Pp

.It Cm base64

Base64 Encoding.

-.It Cm bf bf-cbc bf-cfb bf-ecb bf-ofb

+.Pp

+.It Xo

+.Cm bf | bf-cbc | bf-cfb |

+.Cm bf-ecb | bf-ofb

+.Xc

Blowfish Cipher.

-.It Cm cast cast-cbc

+.Pp

+.It Cm cast | cast-cbc

CAST Cipher.

-.It Cm cast5-cbc cast5-cfb cast5-ecb cast5-ofb

+.Pp

+.It Cm cast5-cbc | cast5-cfb | cast5-ecb | cast5-ofb

CAST5 Cipher.

-.It Cm des des-cbc des-cfb des-ecb des-ede des-ede-cbc

-.It Cm des-ede-cfb des-ede-ofb des-ofb

+.Pp

+.It Xo

+.Cm des | des-cbc | des-cfb | des-ecb |

+.Cm des-ede | des-ede-cbc

+.Xc

+.It Cm des-ede-cfb | des-ede-ofb | des-ofb

DES Cipher.

-.It Cm des3 desx des-ede3 des-ede3-cbc des-ede3-cfb des-ede3-ofb

+.Pp

+.It Xo

+.Cm des3 | desx | des-ede3 |

+.Cm des-ede3-cbc | des-ede3-cfb | des-ede3-ofb

+.Xc

Triple-DES Cipher.

-.It Cm idea idea-cbc idea-cfb idea-ecb idea-ofb

-IDEA Cipher.

-.It Cm rc2 rc2-cbc rc2-cfb rc2-ecb rc2-ofb

+.Pp

+.It Xo

+.Cm rc2 | rc2-40-cbc | rc2-64-cbc | rc2-cbc |

+.Cm rc2-cfb | rc2-ecb | rc2-ofb

+.Xc

RC2 Cipher.

-.It Cm rc4

+.Pp

+.It Cm rc4 | rc4-40

RC4 Cipher.

-.It Cm rc5 rc5-cbc rc5-cfb rc5-ecb rc5-ofb

-RC5 Cipher.

.El

.Sh PASS PHRASE ARGUMENTS

Several commands accept password arguments, typically using

@@ -365,21 +395,25 @@ If no password argument is given and a password is required then the user is

prompted to enter one: this will typically be read from the current

terminal with echoing turned off.

.Bl -tag -width "fd:number"

-.It Ar pass:password

+.It Ar pass Ns : Ns Ar password

The actual password is

.Ar password .

Since the password is visible to utilities

(like

.Xr ps 1

-under Unix) this form should only be used where security is not important.

-.It Ar env:var

+under

+.Ux )

+this form should only be used where security is not important.

+.It Ar env Ns : Ns Ar var

Obtain the password from the environment variable

.Ar var .

Since the environment of other processes is visible on certain platforms

-(e.g.

+(e.g.\&

.Xr ps 1

-under certain Unix OSes) this option should be used with caution.

-.It Ar file:pathname

+under certain

+.Ux

+OSes) this option should be used with caution.

+.It Ar file Ns : Ns Ar pathname

The first line of

.Ar pathname

is the password.

@@ -388,13 +422,13 @@ If the same

argument is supplied to

.Fl passin

and

-.Fl passout

+.Fl passout ,

then the first line will be used for the input password and the next line

for the output password.

.Ar pathname

need not refer to a regular file:

it could, for example, refer to a device or named pipe.

-.It Ar fd:number

+.It Ar fd Ns : Ns Ar number

Read the password from the file descriptor

.Ar number .

This can be used to send the data via a pipe for example.

@@ -406,15 +440,19 @@ Read the password from standard input.

.\"

.Sh ASN1PARSE

.Nm "openssl asn1parse"

-.Op Fl inform Ar PEM|DER

+.Bk -words

+.Op Fl inform Ar DER | PEM | TXT

.Op Fl in Ar filename

.Op Fl out Ar filename

.Op Fl noout

.Op Fl offset Ar number

.Op Fl length Ar number

.Op Fl i

+.Op Fl dump

+.Op Fl dlimit Ar number

.Op Fl oid Ar filename

.Op Fl strparse Ar offset

+.Ek

.Pp

The

.Nm asn1parse

@@ -423,12 +461,15 @@ It can also be used to extract data from ASN.1 formatted data.

.Pp

The options are as follows:

.Bl -tag -width "XXXX"

-.It Fl inform Ar DER|PEM

+.It Fl inform Ar DER | PEM | TXT

The input format.

.Ar DER

is binary format and

.Ar PEM

-(the default) is base64 encoded.

+.Pq the default

+is base64 encoded.

+.Ar TXT

+is plain text.

.It Fl in Ar filename

The input file; default is standard input.

.It Fl out Ar filename

@@ -446,16 +487,27 @@ Starting offset to begin parsing; default is start of file.

.It Fl length Ar number

Number of bytes to parse; default is until end of file.

.It Fl i

-Indents the output according to the "depth" of the structures.

+Indents the output according to the

+.Qq depth

+of the structures.

+.It Fl dump

+Dump unknown data in hex form.

+.It Fl dlimit Ar number

+Dump the first

+.Ar number

+bytes of unknown data in hex form.

.It Fl oid Ar filename

-A file containing additional OBJECT IDENTIFIERs (OIDs).

+A file containing additional OBJECT IDENTIFIERs

+.Pq OIDs .

The format of this file is described in the

.Sx ASN1PARSE NOTES

section below.

.It Fl strparse Ar offset

Parse the contents octets of the ASN.1 object starting at

.Ar offset .

-This option can be used multiple times to "drill down" into a nested structure.

+This option can be used multiple times to

+.Qq drill down

+into a nested structure.

.El

.Sh ASN1PARSE OUTPUT

The output will typically contain lines like this:

@@ -468,10 +520,10 @@ The output will typically contain lines like this:

373:d=2 hl=3 l= 162 cons: cont [ 3 ]

376:d=3 hl=3 l= 159 cons: SEQUENCE

379:d=4 hl=2 l= 29 cons: SEQUENCE

- 381:d=5 hl=2 l= 3 prim: OBJECT :X509v3 Subject Key Identifier

+ 381:d=5 hl=2 l= 3 prim: OBJECT :X509v3 Subject Key Identifier

386:d=5 hl=2 l= 22 prim: OCTET STRING

410:d=4 hl=2 l= 112 cons: SEQUENCE

- 412:d=5 hl=2 l= 3 prim: OBJECT :X509v3 Authority Key Identifier

+ 412:d=5 hl=2 l= 3 prim: OBJECT :X509v3 Authority Key Identifier

417:d=5 hl=2 l= 105 prim: OCTET STRING

524:d=4 hl=2 l= 12 cons: SEQUENCE

@@ -484,7 +536,9 @@ Each line starts with the offset in decimal.

specifies the current depth.

The depth is increased within the scope of any SET or SEQUENCE.

.Cm hl=XX

-gives the header length (tag and length octets) of the current type.

+gives the header length

+.Pq tag and length octets

+of the current type.

.Cm l=XX

gives the length of the contents octets.

.Pp

@@ -508,24 +562,28 @@ to yield:

If an OID is not part of

.Nm OpenSSL Ns Li 's

internal table it will be represented in

-numerical form (for example 1.2.3.4).

+numerical form

+.Pq for example 1.2.3.4 .

The file passed to the

.Fl oid

option allows additional OIDs to be included.

-Each line consists of three columns,

+Each line consists of three columns;

the first column is the OID in numerical format and should be followed by

whitespace.

-The second column is the "short name" which is a single word followed

-by whitespace.

-The final column is the rest of the line and is the "long name".

+The second column is the

+.Qq short name

+which is a single word followed by whitespace.

+The final column is the rest of the line and is the

+.Qq long name .

.Nm asn1parse

displays the long name.

Example:

.Pp

-"1.2.3.4 shortName A long name"

+.Dl \&"1.2.3.4 shortName A long name\&"

.Sh ASN1PARSE BUGS

There should be options to change the format of input lines.

-The output of some ASN.1 types is not well handled (if at all).

+The output of some ASN.1 types is not well handled

+.Pq if at all .

.\"

.\" ca

.\"

@@ -551,6 +609,7 @@ The output of some ASN.1 types is not well handled (if at all).

.Op Fl md Ar arg

.Op Fl policy Ar arg

.Op Fl keyfile Ar arg

+.Op Fl keyform Ar PEM | ENGINE

.Op Fl key Ar arg

.Op Fl passin Ar arg

.Op Fl cert Ar file

@@ -567,6 +626,8 @@ The output of some ASN.1 types is not well handled (if at all).

.Op Fl msie_hack

.Op Fl extensions Ar section

.Op Fl extfile Ar section

+.Op Fl status Ar serial

+.Op Fl updatedb

.Op Fl engine Ar id

.Ek

.Pp

@@ -614,21 +675,27 @@ The

.Ar directory

to output certificates to.

The certificate will be written to a filename consisting of the

-serial number in hex with ".pem" appended.

+serial number in hex with

+.Qq .pem

+appended.

.It Fl cert

The CA certificate file.

.It Fl keyfile Ar filename

The private key to sign requests with.

+.It Fl keyform Ar PEM | ENGINE

+Private key file format.

.It Fl key Ar password

The password used to encrypt the private key.

Since on some systems the command line arguments are visible

-(e.g. Unix with the

+(e.g.\&

+.Ux

+with the

.Xr ps 1

utility) this option should be used with caution.

.It Fl passin Ar arg

The key password source.

For more information about the format of

-.Ar arg

+.Ar arg ,

see the

.Sx PASS PHRASE ARGUMENTS

section above.

@@ -639,22 +706,24 @@ Don't output the text form of a certificate to the output file.

.It Fl startdate Ar date

This allows the start date to be explicitly set.

The format of the date is YYMMDDHHMMSSZ

-(the same as an ASN1 UTCTime structure).

+.Pq the same as an ASN1 UTCTime structure .

.It Fl enddate Ar date

This allows the expiry date to be explicitly set.

The format of the date is YYMMDDHHMMSSZ

-(the same as an ASN1 UTCTime structure).

+.Pq the same as an ASN1 UTCTime structure .

.It Fl days Ar arg

The number of days to certify the certificate for.

.It Fl md Ar alg

The message digest to use.

Possible values include

-.Ar md5 , sha1

+.Ar md5

and

-.Ar mdc2 .

+.Ar sha1 .

This option also applies to CRLs.

.It Fl policy Ar arg

-This option defines the CA "policy" to use.

+This option defines the CA

+.Qq policy

+to use.

This is a section in the configuration file which decides which fields

should be mandatory or match the CA certificate.

Check out the

@@ -664,13 +733,15 @@ section for more information.

This is a legacy option to make

.Nm ca

work with very old versions of the IE certificate enrollment control

-"certenr3".

+.Qq certenr3 .

It used UniversalStrings for almost everything.

Since the old control has various security bugs,

its use is strongly discouraged.

-The newer control "Xenroll" does not need this option.

+The newer control

+.Qq Xenroll

+does not need this option.

.It Fl preserveDN

-Normally the DN order of a certificate is the same as the order of the

+Normally, the DN order of a certificate is the same as the order of the

fields in the relevant policy section.

When this option is set, the order is the same as the request.

This is largely for compatibility with the older IE enrollment control

@@ -683,7 +754,7 @@ request DN, however it is good policy just having the e-mail set into

the

.Em altName

extension of the certificate.

-When this option is set the EMAIL field is removed from the certificate's

+When this option is set, the EMAIL field is removed from the certificate's

subject and set only in the, eventually present, extensions.

The

.Ar email_in_dn

@@ -700,7 +771,8 @@ unless the

.Fl extfile

option is used).

If no extension section is present, then a V1 certificate is created.

-If the extension section is present (even if it is empty),

+If the extension section is present

+.Pq even if it is empty ,

then a V3 certificate is created.

.It Fl extfile Ar file

An additional configuration

@@ -709,11 +781,16 @@ to read certificate extensions from

(using the default section unless the

.Fl extensions

option is also used).

+.It Fl status Ar serial

+Show status of certificate with serial number

+.Ar serial .

+.It Fl updatedb

+Update database for expired certificates.

.It Fl engine Ar id

Specifying an engine (by it's unique

.Ar id

string) will cause

-.Nm req

+.Nm ca

to attempt to obtain a functional reference to the specified engine,

thus initialising it if needed.

The engine will then be set as the default for all available algorithms.

@@ -743,7 +820,7 @@ The matching of

.Ar reason

is case insensitive.

Setting any revocation reason will make the CRL v2.

-In practive removeFromCRL is not particularly useful because it is only used

+In practice, removeFromCRL is not particularly useful because it is only used

in delta CRLs which are not currently implemented.

.It Fl crl_hold Ar instruction

This sets the CRL revocation reason code to certificateHold and the hold

@@ -768,18 +845,23 @@ The

.Ar arg

must be formatted as

.Ar /type0=value0/type1=value1/type2=... ;

-characters may be escaped by \e (backslash), no spaces are skipped.

+characters may be escaped by

+.Sq \e

+.Pq backslash ,

+no spaces are skipped.

.It Fl crlexts Ar section

The

.Ar section

of the configuration file containing CRL extensions to include.

If no CRL extension section is present then a V1 CRL is created;

-if the CRL extension section is present (even if it is empty)

+if the CRL extension section is present

+.Pq even if it is empty

then a V2 CRL is created.

The CRL extensions specified are CRL extensions and

.Em not

CRL entry extensions.

-It should be noted that some software (for example Netscape)

+It should be noted that some software

+.Pq for example Netscape

can't handle V2 CRLs.

.El

.Sh CA CONFIGURATION FILE OPTIONS

@@ -801,9 +883,11 @@ the following options are read directly from the

.Em ca

section:

.Pp

- RANDFILE

- preserve

- msie_hack

+.Bl -tag -width Ds -offset indent -compact

+.It RANDFILE

+.It preserve

+.It msie_hack

+.El

.Pp

With the exception of RANDFILE, this is probably a bug and may

change in future releases.

@@ -813,7 +897,9 @@ options.

Where the option is present in the configuration file and the command line,

the command line value is used.

Where an option is described as mandatory, then it must be present in

-the configuration file or the command line equivalent (if any) used.

+the configuration file or the command line equivalent

+.Pq if any

+used.

.Bl -tag -width "XXXX"

.It Ar oid_file

This specifies a file containing additional OBJECT IDENTIFIERS.

@@ -825,7 +911,7 @@ This specifies a section in the configuration file containing extra

object identifiers.

Each line should consist of the short name of the object identifier

followed by

-.Cm =

+.Sq =

and the numerical form.

The short and long names are the same when this option is used.

.It Ar new_certs_dir

@@ -866,7 +952,8 @@ The same as the

option.

Either this option or

.Ar default_days

-(or the command line equivalents) must be present.

+.Pq or the command line equivalents

+must be present.

.It Ar default_crl_hours default_crl_days

The same as the

.Fl crlhours

@@ -902,8 +989,9 @@ The same as

The same as

.Fl noemailDN .

If the EMAIL field is to be removed from the DN of the certificate,

-simply set this to 'no'.

-If not present the default is to allow for the EMAIL field in the

+simply set this to

+.Qq no .

+If not present, the default is to allow for the EMAIL field in the

certificate's DN.

.It Ar msie_hack

The same as

@@ -932,11 +1020,11 @@ are permanently set and cannot be disabled

(this is because the certificate signature cannot be displayed because

the certificate has not been signed at this point).

.Pp

-For convenience the values

+For convenience, the value

.Em default_ca

-are accepted by both to produce a reasonable output.

+is accepted by both to produce a reasonable output.

.Pp

-If neither option is present the format used in earlier versions of

+If neither option is present, the format used in earlier versions of

.Nm OpenSSL

is used.

Use of the old format is

@@ -952,11 +1040,11 @@ If set to

or this option is not present, then extensions are

ignored and not copied to the certificate.

If set to

-.Ar copy

+.Ar copy ,

then any extensions present in the request that are not already present

are copied to the certificate.

If set to

-.Ar copyall

+.Ar copyall ,

then all extensions in the request are copied to the certificate:

if the extension is already present in the certificate it is deleted first.

See the

@@ -970,10 +1058,15 @@ values for certain extensions such as

.Sh CA POLICY FORMAT

The policy section consists of a set of variables corresponding to

certificate DN fields.

-If the value is "match" then the field value

-must match the same field in the CA certificate.

-If the value is "supplied" then it must be present.

-If the value is "optional" then it may be present.

+If the value is

+.Qq match ,

+then the field value must match the same field in the CA certificate.

+If the value is

+.Qq supplied ,

+then it must be present.

+If the value is

+.Qq optional ,

+then it may be present.

Any fields not mentioned in the policy section

are silently deleted, unless the

.Fl preserveDN

@@ -992,8 +1085,9 @@ utility.

.Pp

The file should contain the variable SPKAC set to the value of

the SPKAC and also the required DN components as name value pairs.

-If it's necessary to include the same component twice then it can be

-preceded by a number and a '.'.

+If it's necessary to include the same component twice,

+then it can be preceded by a number and a

+.Sq \&. .

.Sh CA EXAMPLES

.Sy Note :

these examples assume that the

@@ -1016,36 +1110,39 @@ and its private key to

.Pa demoCA/private/cakey.pem .

A file

.Pa demoCA/serial

-would be created containing, for example, "01" and the empty index file

+would be created containing, for example,

+.Qq 01

+and the empty index file

.Pa demoCA/index.txt .

.Pp

Sign a certificate request:

.Pp

-\& $ openssl ca -in req.pem -out newcert.pem

+.Dl $ openssl ca -in req.pem -out newcert.pem

.Pp

Sign a certificate request, using CA extensions:

.Pp

-\& $ openssl ca -in req.pem -extensions v3_ca -out newcert.pem

+.Dl $ openssl ca -in req.pem -extensions v3_ca -out newcert.pem

.Pp

Generate a CRL:

.Pp

-\& $ openssl ca -gencrl -out crl.pem

+.Dl $ openssl ca -gencrl -out crl.pem

.Pp

Sign several requests:

.Pp

-\& $ openssl ca -infiles req1.pem req2.pem req3.pem

+.Dl $ openssl ca -infiles req1.pem req2.pem req3.pem

.Pp

Certify a Netscape SPKAC:

.Pp

-\& $ openssl ca -spkac spkac.txt

+.Dl $ openssl ca -spkac spkac.txt

.Pp

-A sample SPKAC file (the SPKAC line has been truncated for clarity):

-.Bd -literal

-\& SPKAC=MIG0MGAwXDANBgkqhkiG9w0BAQEFAANLADBIAkEAn7PDhCeV/xIxUg8V70YRxK2A5

-\& CN=Steve Test

-\& emailAddress=steve@openssl.org

-\& 0.OU=OpenSSL Group

-\& 1.OU=Another Group

+A sample SPKAC file

+.Pq the SPKAC line has been truncated for clarity :

+.Bd -literal -offset indent

+SPKAC=MIG0MGAwXDANBgkqhkiG9w0BAQEFAANLADBIAkEAn7PDhCeV/xIxUg8V70YRxK

+CN=Steve Test

+emailAddress=steve@openssl.org

+0.OU=OpenSSL Group

+1.OU=Another Group

.Ed

.Pp

A sample configuration file with the relevant sections for

@@ -1053,29 +1150,29 @@ A sample configuration file with the relevant sections for

.Bd -literal

\& [ ca ]

\& default_ca = CA_default # The default ca section

-.Pp

\& [ CA_default ]

-.Pp

\& dir = ./demoCA # top dir

\& database = $dir/index.txt # index file

\& new_certs_dir = $dir/newcerts # new certs dir

-.Pp

\& certificate = $dir/cacert.pem # The CA cert

\& serial = $dir/serial # serial no file

\& private_key = $dir/private/cakey.pem# CA private key

\& RANDFILE = $dir/private/.rand # random number file

-.Pp

\& default_days = 365 # how long to certify for

\& default_crl_days= 30 # how long before next CRL

\& default_md = md5 # md to use

-.Pp

\& policy = policy_any # default policy

\& email_in_dn = no # Don't add the email into cert DN

-.Pp

\& nameopt = default_ca # Subject name display option

\& certopt = default_ca # Certificate display option

-\& copy_extensions = none # Don't copy extensions from request

-.Pp

+\& copy_extensions = none #Don't copy extensions from request

\& [ policy_any ]

\& countryName = supplied

\& stateOrProvinceName = optional

@@ -1087,9 +1184,9 @@ A sample configuration file with the relevant sections for

.Sh CA FILES

.Sy Note :

the location of all files can change either by compile time options,

-configuration file entries, environment variables or command line options.

+configuration file entries, environment variables, or command line options.

The values below reflect the default values.

-.Bd -literal

+.Bd -literal -offset indent

/usr/local/ssl/lib/openssl.cnf - master configuration file

\&./demoCA - main CA directory

\&./demoCA/cacert.pem - CA certificate

@@ -1102,7 +1199,7 @@ The values below reflect the default values.

\&./demoCA/.rnd - CA random seed information

.Ed

.Sh CA ENVIRONMENT VARIABLES

-.Em OPENSSL_CONF

+.Ev OPENSSL_CONF

reflects the location of the master configuration file;

it can be overridden by the

.Fl config

@@ -1133,7 +1230,8 @@ The

.Nm ca

command really needs rewriting or the required functionality

exposed at either a command or interface level so a more friendly utility

-(perl script or GUI) can handle things properly.

+.Pq perl script or GUI

+can handle things properly.

The scripts

.Nm CA.sh

and

@@ -1174,7 +1272,7 @@ command on the same database can have unpredictable results.

The

.Ar copy_extensions

option should be used with caution.

-If care is not taken then it can be a security risk.

+If care is not taken, then it can be a security risk.

For example, if a certificate request contains a

.Em basicConstraints

extension with CA:TRUE and the

@@ -1204,7 +1302,7 @@ to prevent a request supplying its own values.

Additional restrictions can be placed on the CA certificate itself.

For example if the CA certificate has:

.Pp

-\& basicConstraints = CA:TRUE, pathlen:0

+.D1 basicConstraints = CA:TRUE, pathlen:0

.Pp

then even if a certificate is issued with CA:TRUE it will not be valid.

.\"

@@ -1213,10 +1311,8 @@ then even if a certificate is issued with CA:TRUE it will not be valid.

.Sh CIPHERS

.Nm openssl ciphers

.Op Fl v

-.Op Fl ssl2

-.Op Fl ssl3

-.Op Fl tls1

-.Op Cm cipherlist

+.Op Fl ssl2 | ssl3 | tls1

+.Op Ar cipherlist

.Pp

The

.Nm cipherlist

@@ -1230,9 +1326,9 @@ The options are as follows:

.It Fl v

Verbose option.

List ciphers with a complete description of protocol version

-(SSLv2 or SSLv3; the latter includes TLS), key exchange,

-authentication, encryption and mac algorithms used along with any key size

-restrictions and whether the algorithm is classed as an

+.Pq SSLv2 or SSLv3; the latter includes TLS ,

+key exchange, authentication, encryption and mac algorithms used along with

+any key size restrictions and whether the algorithm is classed as an

.Em export

cipher.

Note that without the

@@ -1240,15 +1336,15 @@ Note that without the

option, ciphers may seem to appear twice in a cipher list;

this is when similar ciphers are available for

SSL v2 and for SSL v3/TLS v1.

-.It Fl ssl3

-Only include SSL v3 ciphers.

.It Fl ssl2

Only include SSL v2 ciphers.

+.It Fl ssl3

+Only include SSL v3 ciphers.

.It Fl tls1

Only include TLS v1 ciphers.

-.It Fl h , ?

+.It Fl h , \&?

Print a brief usage message.

-.It Fl cipherlist

+.It Ar cipherlist

A cipher list to convert to a cipher preference list.

If it is not included, then the default cipher list will be used.

The format is described below.

@@ -1277,7 +1373,7 @@ represents all SSL v3 algorithms.

Lists of cipher suites can be combined in a single

.Em cipher string

using the

-.Cm +

+.Sq +

character.

This is used as a logical

.Em and

@@ -1287,32 +1383,33 @@ For example,

represents all cipher suites containing the SHA1 and the DES algorithms.

.Pp

Each cipher string can be optionally preceded by the characters

-.Cm ! , -

+.Sq \&! ,

+.Sq - ,

-.Cm + .

+.Sq + .

.Pp

-.Cm !

+.Sq !\&

is used, then the ciphers are permanently deleted from the list.

The ciphers deleted can never reappear in the list even if they are

explicitly stated.

.Pp

-.Cm -

+.Sq -

is used, then the ciphers are deleted from the list, but some or

all of the ciphers can be added again by later options.

.Pp

-.Cm +

+.Sq +

is used, then the ciphers are moved to the end of the list.

This option doesn't add any new ciphers, it just moves matching existing ones.

.Pp

If none of these characters is present, then the string is just interpreted

as a list of ciphers to be appended to the current preference list.

-If the list includes any ciphers already present they will be ignored;

+If the list includes any ciphers already present, they will be ignored;

that is, they will not be moved to the end of the list.

.Pp

-Additionally the cipher string

+Additionally, the cipher string

.Em @STRENGTH

can be used at any point to sort the current cipher list in order of

encryption algorithm key length.

@@ -1349,29 +1446,35 @@ The cipher suites not enabled by

currently being

.Ar eNULL .

.It Ar HIGH

-"High" encryption cipher suites.

+.Qq High

+encryption cipher suites.

This currently means those with key lengths larger than 128 bits.

.It Ar MEDIUM

-"Medium" encryption cipher suites, currently those using 128 bit encryption.

+.Qq Medium

+encryption cipher suites, currently those using 128-bit encryption.

.It Ar LOW

-"Low" encryption cipher suites, currently those using 64 or 56 bit encryption

+.Qq Low

+encryption cipher suites, currently those using 64- or 56-bit encryption

algorithms, but excluding export cipher suites.

.It Ar EXP , EXPORT

Export encryption algorithms.

-Including 40 and 56 bits algorithms.

+Including 40- and 56-bit algorithms.

.It Ar EXPORT40

-40 bit export encryption algorithms

+40-bit export encryption algorithms

.It Ar EXPORT56

-56 bit export encryption algorithms.

+56-bit export encryption algorithms.

.It Ar eNULL , NULL

-The "NULL" ciphers; that is those offering no encryption.

-Because these offer no encryption at all and are a security risk

+The

+.Qq NULL

+ciphers; that is those offering no encryption.

+Because these offer no encryption at all and are a security risk,

they are disabled unless explicitly included.

.It Ar aNULL

The cipher suites offering no authentication.

This is currently the anonymous DH algorithms.

-These cipher suites are vulnerable to a "man in the middle"

-attack and so their use is normally discouraged.

+These cipher suites are vulnerable to a

+.Qq man in the middle

+attack, so their use is normally discouraged.

.It Ar kRSA , RSA

Cipher suites using RSA key exchange.

.It Ar kEDH

@@ -1389,7 +1492,7 @@ Cipher suites effectively using DH authentication, i.e. the certificates carry

DH keys.

Not implemented.

.It Ar kFZA , aFZA , eFZA , FZA

-Ciphers suites using FORTEZZA key exchange, authentication, encryption

+Cipher suites using FORTEZZA key exchange, authentication, encryption

or all FORTEZZA algorithms.

Not implemented.

.It Ar TLSv1 , SSLv3 , SSLv2

@@ -1403,13 +1506,12 @@ Cipher suites using AES.

.It Ar 3DES

Cipher suites using triple DES.

.It Ar DES

-Cipher suites using DES (not triple DES).

+Cipher suites using DES

+.Pq not triple DES .

.It Ar RC4

Cipher suites using RC4.

.It Ar RC2

Cipher suites using RC2.

-.It Ar IDEA

-Cipher suites using IDEA.

.It Ar MD5

Cipher suites using MD5.

.It Ar SHA1 , SHA

@@ -1423,122 +1525,111 @@ equivalents.

It should be noted that several cipher suite names do not include the

authentication used, e.g. DES-CBC3-SHA.

In these cases, RSA authentication is used.

-.Pp

-.Sy "SSL v3.0 cipher suites"

-.Bd -literal

- SSL_RSA_WITH_NULL_MD5 NULL-MD5

- SSL_RSA_WITH_NULL_SHA NULL-SHA

- SSL_RSA_EXPORT_WITH_RC4_40_MD5 EXP-RC4-MD5

- SSL_RSA_WITH_RC4_128_MD5 RC4-MD5

- SSL_RSA_WITH_RC4_128_SHA RC4-SHA

- SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5 EXP-RC2-CBC-MD5

- SSL_RSA_WITH_IDEA_CBC_SHA IDEA-CBC-SHA

- SSL_RSA_EXPORT_WITH_DES40_CBC_SHA EXP-DES-CBC-SHA

- SSL_RSA_WITH_DES_CBC_SHA DES-CBC-SHA

- SSL_RSA_WITH_3DES_EDE_CBC_SHA DES-CBC3-SHA

-.Ed

-.Bd -literal

- SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA Not implemented.

- SSL_DH_DSS_WITH_DES_CBC_SHA Not implemented.

- SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA Not implemented.

- SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA Not implemented.

- SSL_DH_RSA_WITH_DES_CBC_SHA Not implemented.

- SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA Not implemented.

- SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA EXP-EDH-DSS-DES-CBC-SHA

- SSL_DHE_DSS_WITH_DES_CBC_SHA EDH-DSS-CBC-SHA

- SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA EDH-DSS-DES-CBC3-SHA

- SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA EXP-EDH-RSA-DES-CBC-SHA

- SSL_DHE_RSA_WITH_DES_CBC_SHA EDH-RSA-DES-CBC-SHA

- SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA EDH-RSA-DES-CBC3-SHA

-.Ed

-.Bd -literal

- SSL_DH_anon_EXPORT_WITH_RC4_40_MD5 EXP-ADH-RC4-MD5

- SSL_DH_anon_WITH_RC4_128_MD5 ADH-RC4-MD5

- SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA EXP-ADH-DES-CBC-SHA

- SSL_DH_anon_WITH_DES_CBC_SHA ADH-DES-CBC-SHA

- SSL_DH_anon_WITH_3DES_EDE_CBC_SHA ADH-DES-CBC3-SHA

-.Ed

-.Bd -literal

- SSL_FORTEZZA_KEA_WITH_NULL_SHA Not implemented.

- SSL_FORTEZZA_KEA_WITH_FORTEZZA_CBC_SHA Not implemented.

- SSL_FORTEZZA_KEA_WITH_RC4_128_SHA Not implemented.

-.Ed

-.Pp

-.Sy "TLS v1.0 cipher suites"

-.Bd -literal

- TLS_RSA_WITH_NULL_MD5 NULL-MD5

- TLS_RSA_WITH_NULL_SHA NULL-SHA

- TLS_RSA_EXPORT_WITH_RC4_40_MD5 EXP-RC4-MD5

- TLS_RSA_WITH_RC4_128_MD5 RC4-MD5

- TLS_RSA_WITH_RC4_128_SHA RC4-SHA

- TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 EXP-RC2-CBC-MD5

- TLS_RSA_WITH_IDEA_CBC_SHA IDEA-CBC-SHA

- TLS_RSA_EXPORT_WITH_DES40_CBC_SHA EXP-DES-CBC-SHA

- TLS_RSA_WITH_DES_CBC_SHA DES-CBC-SHA

- TLS_RSA_WITH_3DES_EDE_CBC_SHA DES-CBC3-SHA

-.Ed

-.Bd -literal

- TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA Not implemented.

- TLS_DH_DSS_WITH_DES_CBC_SHA Not implemented.

- TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA Not implemented.

- TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA Not implemented.

- TLS_DH_RSA_WITH_DES_CBC_SHA Not implemented.

- TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA Not implemented.

- TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA EXP-EDH-DSS-DES-CBC-SHA

- TLS_DHE_DSS_WITH_DES_CBC_SHA EDH-DSS-CBC-SHA

- TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA EDH-DSS-DES-CBC3-SHA

- TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA EXP-EDH-RSA-DES-CBC-SHA

- TLS_DHE_RSA_WITH_DES_CBC_SHA EDH-RSA-DES-CBC-SHA

- TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA EDH-RSA-DES-CBC3-SHA

+.Ss SSL v3.0 cipher suites

+.Bd -unfilled -offset indent

+SSL_RSA_WITH_NULL_MD5 NULL-MD5

+SSL_RSA_WITH_NULL_SHA NULL-SHA

+SSL_RSA_EXPORT_WITH_RC4_40_MD5 EXP-RC4-MD5

+SSL_RSA_WITH_RC4_128_MD5 RC4-MD5

+SSL_RSA_WITH_RC4_128_SHA RC4-SHA

+SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5 EXP-RC2-CBC-MD5

+SSL_RSA_WITH_IDEA_CBC_SHA IDEA-CBC-SHA

+SSL_RSA_EXPORT_WITH_DES40_CBC_SHA EXP-DES-CBC-SHA

+SSL_RSA_WITH_DES_CBC_SHA DES-CBC-SHA

+SSL_RSA_WITH_3DES_EDE_CBC_SHA DES-CBC3-SHA

+SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA Not implemented.

+SSL_DH_DSS_WITH_DES_CBC_SHA Not implemented.

+SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA Not implemented.

+SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA Not implemented.

+SSL_DH_RSA_WITH_DES_CBC_SHA Not implemented.

+SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA Not implemented.

+SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA EXP-EDH-DSS-DES-CBC-SHA

+SSL_DHE_DSS_WITH_DES_CBC_SHA EDH-DSS-CBC-SHA

+SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA EDH-DSS-DES-CBC3-SHA

+SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA EXP-EDH-RSA-DES-CBC-SHA

+SSL_DHE_RSA_WITH_DES_CBC_SHA EDH-RSA-DES-CBC-SHA

+SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA EDH-RSA-DES-CBC3-SHA

+SSL_DH_anon_EXPORT_WITH_RC4_40_MD5 EXP-ADH-RC4-MD5

+SSL_DH_anon_WITH_RC4_128_MD5 ADH-RC4-MD5

+SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA EXP-ADH-DES-CBC-SHA

+SSL_DH_anon_WITH_DES_CBC_SHA ADH-DES-CBC-SHA

+SSL_DH_anon_WITH_3DES_EDE_CBC_SHA ADH-DES-CBC3-SHA

+SSL_FORTEZZA_KEA_WITH_NULL_SHA Not implemented.

+SSL_FORTEZZA_KEA_WITH_FORTEZZA_CBC_SHA Not implemented.

+SSL_FORTEZZA_KEA_WITH_RC4_128_SHA Not implemented.

.Ed

-.Bd -literal

- TLS_DH_anon_EXPORT_WITH_RC4_40_MD5 EXP-ADH-RC4-MD5

- TLS_DH_anon_WITH_RC4_128_MD5 ADH-RC4-MD5

- TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA EXP-ADH-DES-CBC-SHA

- TLS_DH_anon_WITH_DES_CBC_SHA ADH-DES-CBC-SHA

- TLS_DH_anon_WITH_3DES_EDE_CBC_SHA ADH-DES-CBC3-SHA

+.Ss TLS v1.0 cipher suites

+.Bd -unfilled -offset indent

+TLS_RSA_WITH_NULL_MD5 NULL-MD5

+TLS_RSA_WITH_NULL_SHA NULL-SHA

+TLS_RSA_EXPORT_WITH_RC4_40_MD5 EXP-RC4-MD5

+TLS_RSA_WITH_RC4_128_MD5 RC4-MD5

+TLS_RSA_WITH_RC4_128_SHA RC4-SHA

+TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 EXP-RC2-CBC-MD5

+TLS_RSA_WITH_IDEA_CBC_SHA IDEA-CBC-SHA

+TLS_RSA_EXPORT_WITH_DES40_CBC_SHA EXP-DES-CBC-SHA

+TLS_RSA_WITH_DES_CBC_SHA DES-CBC-SHA

+TLS_RSA_WITH_3DES_EDE_CBC_SHA DES-CBC3-SHA

+TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA Not implemented.

+TLS_DH_DSS_WITH_DES_CBC_SHA Not implemented.

+TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA Not implemented.

+TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA Not implemented.

+TLS_DH_RSA_WITH_DES_CBC_SHA Not implemented.

+TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA Not implemented.

+TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA EXP-EDH-DSS-DES-CBC-SHA

+TLS_DHE_DSS_WITH_DES_CBC_SHA EDH-DSS-CBC-SHA

+TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA EDH-DSS-DES-CBC3-SHA

+TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA EXP-EDH-RSA-DES-CBC-SHA

+TLS_DHE_RSA_WITH_DES_CBC_SHA EDH-RSA-DES-CBC-SHA

+TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA EDH-RSA-DES-CBC3-SHA

+TLS_DH_anon_EXPORT_WITH_RC4_40_MD5 EXP-ADH-RC4-MD5

+TLS_DH_anon_WITH_RC4_128_MD5 ADH-RC4-MD5

+TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA EXP-ADH-DES-CBC-SHA

+TLS_DH_anon_WITH_DES_CBC_SHA ADH-DES-CBC-SHA

+TLS_DH_anon_WITH_3DES_EDE_CBC_SHA ADH-DES-CBC3-SHA

.Ed

-.Pp

-.Sy "AES ciphersuites from RFC 3268, extending TLS v1.0"

-.Bd -literal

- TLS_RSA_WITH_AES_128_CBC_SHA AES128-SHA

- TLS_RSA_WITH_AES_256_CBC_SHA AES256-SHA

+.Ss AES ciphersuites from RFC 3268, extending TLS v1.0

+.Bd -unfilled -offset indent

+TLS_RSA_WITH_AES_128_CBC_SHA AES128-SHA

+TLS_RSA_WITH_AES_256_CBC_SHA AES256-SHA

- TLS_DH_DSS_WITH_AES_128_CBC_SHA DH-DSS-AES128-SHA

- TLS_DH_DSS_WITH_AES_256_CBC_SHA DH-DSS-AES256-SHA

- TLS_DH_RSA_WITH_AES_128_CBC_SHA DH-RSA-AES128-SHA

- TLS_DH_RSA_WITH_AES_256_CBC_SHA DH-RSA-AES256-SHA

+TLS_DH_DSS_WITH_AES_128_CBC_SHA DH-DSS-AES128-SHA

+TLS_DH_DSS_WITH_AES_256_CBC_SHA DH-DSS-AES256-SHA

+TLS_DH_RSA_WITH_AES_128_CBC_SHA DH-RSA-AES128-SHA

+TLS_DH_RSA_WITH_AES_256_CBC_SHA DH-RSA-AES256-SHA

- TLS_DHE_DSS_WITH_AES_128_CBC_SHA DHE-DSS-AES128-SHA

- TLS_DHE_DSS_WITH_AES_256_CBC_SHA DHE-DSS-AES256-SHA

- TLS_DHE_RSA_WITH_AES_128_CBC_SHA DHE-RSA-AES128-SHA

- TLS_DHE_RSA_WITH_AES_256_CBC_SHA DHE-RSA-AES256-SHA

+TLS_DHE_DSS_WITH_AES_128_CBC_SHA DHE-DSS-AES128-SHA

+TLS_DHE_DSS_WITH_AES_256_CBC_SHA DHE-DSS-AES256-SHA

+TLS_DHE_RSA_WITH_AES_128_CBC_SHA DHE-RSA-AES128-SHA

+TLS_DHE_RSA_WITH_AES_256_CBC_SHA DHE-RSA-AES256-SHA

- TLS_DH_anon_WITH_AES_128_CBC_SHA ADH-AES128-SHA

- TLS_DH_anon_WITH_AES_256_CBC_SHA ADH-AES256-SHA

+TLS_DH_anon_WITH_AES_128_CBC_SHA ADH-AES128-SHA

+TLS_DH_anon_WITH_AES_256_CBC_SHA ADH-AES256-SHA

.Ed

-.Pp

-.Sy "Additional Export 1024 and other cipher suites"

-.Pp

+.Ss Additional Export 1024 and other cipher suites

.Sy Note :

These ciphers can also be used in SSL v3.

-.Bd -literal

- TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA EXP1024-DES-CBC-SHA

- TLS_RSA_EXPORT1024_WITH_RC4_56_SHA EXP1024-RC4-SHA

- TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA EXP1024-DHE-DSS-DES-CBC-SHA

- TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA EXP1024-DHE-DSS-RC4-SHA

- TLS_DHE_DSS_WITH_RC4_128_SHA DHE-DSS-RC4-SHA

+.Bd -unfilled -offset indent

+TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA EXP1024-DES-CBC-SHA

+TLS_RSA_EXPORT1024_WITH_RC4_56_SHA EXP1024-RC4-SHA

+TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA EXP1024-DHE-DSS-DES-CBC-SHA

+TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA EXP1024-DHE-DSS-RC4-SHA

+TLS_DHE_DSS_WITH_RC4_128_SHA DHE-DSS-RC4-SHA

.Ed

-.Pp

-.Sy "SSL v2.0 cipher suites"

-.Bd -literal

- SSL_CK_RC4_128_WITH_MD5 RC4-MD5

- SSL_CK_RC4_128_EXPORT40_WITH_MD5 EXP-RC4-MD5

- SSL_CK_RC2_128_CBC_WITH_MD5 RC2-MD5

- SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5 EXP-RC2-MD5

- SSL_CK_IDEA_128_CBC_WITH_MD5 IDEA-CBC-MD5

- SSL_CK_DES_64_CBC_WITH_MD5 DES-CBC-MD5

- SSL_CK_DES_192_EDE3_CBC_WITH_MD5 DES-CBC3-MD5

+.Ss SSL v2.0 cipher suites

+.Bd -unfilled -offset indent

+SSL_CK_RC4_128_WITH_MD5 RC4-MD5

+SSL_CK_RC4_128_EXPORT40_WITH_MD5 EXP-RC4-MD5

+SSL_CK_RC2_128_CBC_WITH_MD5 RC2-MD5

+SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5 EXP-RC2-MD5

+SSL_CK_IDEA_128_CBC_WITH_MD5 IDEA-CBC-MD5

+SSL_CK_DES_64_CBC_WITH_MD5 DES-CBC-MD5

+SSL_CK_DES_192_EDE3_CBC_WITH_MD5 DES-CBC3-MD5

.Ed

.Sh CIPHERS NOTES

The non-ephemeral DH modes are currently unimplemented in

@@ -1554,25 +1645,25 @@ Verbose listing of all

.Nm OpenSSL

ciphers including NULL ciphers:

.Pp

-\& $ openssl ciphers -v 'ALL:eNULL'

+.Dl $ openssl ciphers -v 'ALL:eNULL'

.Pp

Include all ciphers except NULL and anonymous DH then sort by

strength:

.Pp

-\& $ openssl ciphers -v 'ALL:!ADH:@STRENGTH'

+.Dl $ openssl ciphers -v 'ALL:!ADH:@STRENGTH'

.Pp

Include only 3DES ciphers and then place RSA ciphers last:

.Pp

-\& $ openssl ciphers -v '3DES:+RSA'

+.Dl $ openssl ciphers -v '3DES:+RSA'

.Pp

Include all RC4 ciphers but leave out those without authentication:

.Pp

-\& $ openssl ciphers -v 'RC4:!COMPLEMENTOFDEFAULT'

+.Dl $ openssl ciphers -v 'RC4:!COMPLEMENTOFDEFAULT'

.Pp

Include all ciphers with RSA authentication but leave out ciphers without

encryption:

.Pp

-\& $ openssl ciphers -v 'RSA:!COMPLEMENTOFALL'

+.Dl $ openssl ciphers -v 'RSA:!COMPLEMENTOFALL'

.Sh CIPHERS HISTORY

The

.Ar COMPLENTOFALL

@@ -1584,18 +1675,21 @@ selection options were added in version 0.9.7.

.\"

.Sh CRL

.Nm openssl crl

-.Op Fl inform Ar PEM|DER

-.Op Fl outform Ar PEM|DER

+.Bk -words

+.Op Fl inform Ar DER | PEM

+.Op Fl outform Ar DER | PEM

.Op Fl text

.Op Fl in Ar filename

.Op Fl out Ar filename

.Op Fl noout

.Op Fl hash

+.Op Fl fingerprint

.Op Fl issuer

.Op Fl lastupdate

.Op Fl nextupdate

.Op Cm CAfile Ar file

.Op Cm CApath Ar dir

+.Ek

.Pp

The

.Nm crl

@@ -1607,14 +1701,14 @@ format.

.Pp

The options are as follows:

.Bl -tag -width "XXXX"

-.It Fl inform Ar DER|PEM

+.It Fl inform Ar DER | PEM

This specifies the input format.

.Ar DER

-format is DER encoded CRL structure.

+format is a DER encoded CRL structure.

.Ar PEM

-(the default) is a base64 encoded version of the DER form with header

-and footer lines.

-.It Fl outform Ar DER|PEM

+.Pq the default

+is a base64 encoded version of the DER form with header and footer lines.

+.It Fl outform Ar DER | PEM

This specifies the output format; the options have the same meaning as the

.Fl inform

option.

@@ -1631,6 +1725,8 @@ Don't output the encoded version of the CRL.

.It Fl hash

Output a hash of the issuer name.

This can be used to lookup CRLs in a directory by issuer name.

+.It Fl fingerprint

+Print the CRL fingerprint.

.It Fl issuer

Output the issuer name.

.It Fl lastupdate

@@ -1654,9 +1750,9 @@ should be linked to each certificate.

.El

.Sh CRL NOTES

The PEM CRL format uses the header and footer lines:

-.Bd -literal

-\& -----BEGIN X509 CRL-----

-\& -----END X509 CRL-----

+.Bd -unfilled -offset indent

+-----BEGIN X509 CRL-----

+-----END X509 CRL-----

.Ed

.Sh CRL EXAMPLES

Convert a CRL file from

@@ -1664,23 +1760,23 @@ Convert a CRL file from

.Ar DER :

.Pp

-\& $ openssl crl -in crl.pem -outform DER -out crl.der

+.Dl $ openssl crl -in crl.pem -outform DER -out crl.der

.Pp

Output the text form of a

.Ar DER

encoded certificate:

.Pp

-\& $ openssl crl -in crl.der -text -noout

+.Dl $ openssl crl -in crl.der -text -noout

.Sh CRL BUGS

-Ideally it should be possible to create a CRL using appropriate options

+Ideally, it should be possible to create a CRL using appropriate options

and files too.

.\"

.\" CRL2PKCS7

.\"

.Sh CRL2PKCS7

.Nm openssl crl2pkcs7

-.Op Fl inform Ar PEM|DER

-.Op Fl outform Ar PEM|DER

+.Op Fl inform Ar DER | PEM

+.Op Fl outform Ar DER | PEM

.Op Fl in Ar filename

.Op Fl out Ar filename

.Op Fl certfile Ar filename

@@ -1690,24 +1786,25 @@ The

.Nm crl2pkcs7

command takes an optional CRL and one or more

certificates and converts them into a PKCS#7 degenerate

-"certificates only" structure.

+.Qq certificates only

+structure.

.Pp

The options are as follows:

.Bl -tag -width "XXXX"

-.It Fl inform Ar DER|PEM

+.It Fl inform Ar DER | PEM

This specifies the CRL input format.

.Ar DER

-format is DER encoded CRL structure.

+format is a DER encoded CRL structure.

.Ar PEM

-(the default) is a base64 encoded version of the DER form with header

-and footer lines.

-.It Fl outform Ar DER|PEM

+.Pq the default

+is a base64 encoded version of the DER form with header and footer lines.

+.It Fl outform Ar DER | PEM

This specifies the PKCS#7 structure output format.

.Ar DER

-format is DER encoded PKCS#7 structure.

+format is a DER encoded PKCS#7 structure.

.Ar PEM

-(the default) is a base64 encoded version of the DER form with header

-and footer lines.

+.Pq the default

+is a base64 encoded version of the DER form with header and footer lines.

.It Fl in Ar filename

This specifies the input

.Ar filename

@@ -1723,25 +1820,25 @@ containing one or more certificates in

.Ar PEM

format.

All certificates in the file will be added to the PKCS#7 structure.

-This option can be used more than once to read certificates form multiple

+This option can be used more than once to read certificates from multiple

files.

.It Fl nocrl

-Normally a CRL is included in the output file.

+Normally, a CRL is included in the output file.

With this option, no CRL is

included in the output file and a CRL is not read from the input file.

.El

.Sh CRL2PKCS7 EXAMPLES

Create a PKCS#7 structure from a certificate and CRL:

.Pp

-\& $ openssl crl2pkcs7 -in crl.pem -certfile cert.pem -out p7.pem

+.Dl $ openssl crl2pkcs7 -in crl.pem -certfile cert.pem -out p7.pem

.Pp

-Creates a PKCS#7 structure in

+Create a PKCS#7 structure in

.Ar DER

format with no CRL from several

different certificates:

-.Bd -literal

-\& $ openssl crl2pkcs7 -nocrl -certfile newcert.pem

-\& -certfile demoCA/cacert.pem -outform DER -out p7.der

+.Bd -literal -offset indent

+$ openssl crl2pkcs7 -nocrl -certfile newcert.pem \e

+ -certfile demoCA/cacert.pem -outform DER -out p7.der

.Ed

.Sh CRL2PKCS7 NOTES

The output file is a PKCS#7 signed data structure containing no signers and

@@ -1762,7 +1859,11 @@ install user certificates and CAs in MSIE using the Xenroll control.

.\"

.Sh DGST

.Nm openssl dgst

-.Op Cm -md5|-md4|-md2|-sha1|-sha|-mdc2|-ripemd160|-dss1

+.Bk -words

+.Oo

+.Fl md5 | md4 | md2 | sha1 |

+.Fl sha | ripemd160 | dss1

+.Oc

.Op Fl c

.Op Fl d

.Op Fl hex

@@ -1773,9 +1874,16 @@ install user certificates and CAs in MSIE using the Xenroll control.

.Op Fl prverify Ar filename

.Op Fl rand Ar file ...

.Op Fl signature Ar filename

+.Op Fl engine Ar id

+.Op Fl keyform Ar PEM | ENGINE

.Op Ar file ...

+.Ek

.Pp

-.Cm md5|md4|md2|sha1|sha|mdc2|ripemd160

+.Nm openssl

+.Xo

+.Cm md5 | md4 | md2 | sha1 |

+.Cm sha | ripemd160

+.Xc

.Op Fl c

.Op Fl d

.Op Ar file ...

@@ -1790,14 +1898,15 @@ They can also be used for digital signing and verification.

The options are as follows:

.Bl -tag -width "XXXX"

.It Fl c

-Print out the digest in two digit groups separated by colons, only relevant if

+Print out the digest in two-digit groups separated by colons; only relevant if

.Em hex

format output is used.

.It Fl d

Print out BIO debugging information.

.It Fl hex

Digest is to be output as a hex dump.

-This is the default case for a "normal"

+This is the default case for a

+.Qq normal

digest as opposed to a digital signature.

.It Fl binary

Output the digest or signature in binary form.

@@ -1809,28 +1918,31 @@ Digitally sign the digest using the private key in

.It Fl verify Ar filename

Verify the signature using the public key in

.Ar filename .

-The output is either "Verification OK" or "Verification Failure".

+The output is either

+.Qq Verification OK

+or

+.Qq Verification Failure .

.It Fl prverify Ar filename

Verify the signature using the private key in

.Ar filename .

.It Fl rand Ar file ...

-A

-.Ar file

-or

-.Ar file Ns Li s

-containing random data used to seed the random number

+A file or files containing random data used to seed the random number

generator, or an EGD socket (see

.Xr RAND_egd 3 ) .

-Multiple files can be specified separated by an OS-dependent character.

-The separator is

-.Cm \&;

-for MS-Windows,

-.Cm \&,

-for OpenVMS, and

-.Cm \&:

-for all others.

+Multiple files can be specified separated by a

+.Sq \&: .

.It Fl signature Ar filename

The actual signature to verify.

+.It Fl engine Ar id

+Specifying an engine (by it's unique

+.Ar id

+string) will cause

+.Nm dgst

+to attempt to obtain a functional reference to the specified engine,

+thus initialising it if needed.

+The engine will then be set as the default for all available algorithms.

+.It Fl keyform Ar PEM | ENGINE

+Key file format.

.It Ar file ...

File or files to digest.

If no files are specified then standard input is used.

@@ -1839,7 +1951,7 @@ If no files are specified then standard input is used.

The digest of choice for all new applications is SHA1.

Other digests are, however, still widely used.

.Pp

-If you wish to sign or verify data using the DSA algorithm then the dss1

+If you wish to sign or verify data using the DSA algorithm, then the dss1

digest must be used.

.Pp

A source of random numbers is required for certain signing algorithms, in

@@ -1851,7 +1963,8 @@ being signed or verified.

.\" DH

.\"

.Sh DH

-Diffie-Hellman Parameter Management. The

+Diffie-Hellman Parameter Management.

+The

.Nm dh

command has been replaced by

.Nm dhparam .

@@ -1864,16 +1977,15 @@ below.

.Sh DHPARAM

.Nm openssl dhparam

.Bk -words

-.Op Fl inform Ar DER|PEM

-.Op Fl outform Ar DER|PEM

+.Op Fl inform Ar DER | PEM

+.Op Fl outform Ar DER | PEM

.Op Fl in Ar filename

.Op Fl out Ar filename

.Op Fl dsaparam

.Op Fl noout

.Op Fl text

.Op Fl C

-.Op Fl 2

-.Op Fl 5

+.Op Fl 2 | 5

.Op Fl rand Ar file ...

.Op Fl engine Ar id

.Op Ar numbits

@@ -1885,7 +1997,7 @@ command is used to manipulate DH parameter files.

.Pp

The options are as follows:

.Bl -tag -width "XXXX"

-.It Fl inform Ar DER|PEM

+.It Fl inform Ar DER | PEM

This specifies the input format.

The argument

.Ar DER

@@ -1896,8 +2008,8 @@ The

form is the default format:

it consists of the DER format base64 encoded with

additional header and footer lines.

-.It Fl outform Ar DER|PEM

-This specifies the output format, the options have the same meaning as the

+.It Fl outform Ar DER | PEM

+This specifies the output format; the options have the same meaning as the

.Fl inform

option.

.It Fl in Ar filename

@@ -1915,7 +2027,10 @@ be the same as the input filename.

.It Fl dsaparam

If this option is used, DSA rather than DH parameters are read or created;

they are converted to DH format.

-Otherwise, "strong" primes (such that (p-1)/2 is also prime)

+Otherwise,

+.Qq strong

+primes

+.Pq such that (p-1)/2 is also prime

will be used for DH parameter generation.

.Pp

DH parameter generation with the

@@ -1929,29 +2044,19 @@ avoid small-subgroup attacks that may be possible otherwise.

.It Fl 2 , 5

The generator to use, either 2 or 5.

2 is the default.

-If present then the input file is ignored and parameters are generated instead.

+If present, then the input file is ignored and parameters are generated instead.

.It Fl rand Ar file ...

-A

-.Ar file

-or

-.Ar file Ns Li s

-containing random data used to seed the random number generator,

+A file or files containing random data used to seed the random number generator,

or an EGD socket (see

.Xr RAND_egd 3 ) .

-Multiple files can be specified, separated by an OS-dependent character.

-The separator is

-.Cm \&;

-for MS-Windows,

-.Cm \&,

-for OpenVMS, and

-.Cm \&:

-for all others.

+Multiple files can be specified, separated by a

+.Sq \&: .

.It Ar numbits

This argument specifies that a parameter set should be generated of size

.Ar numbits .

It must be the last option.

If not present, then a value of 512 is used.

-If this value is present then the input file is ignored and

+If this value is present, then the input file is ignored and

parameters are generated instead.

.It Fl noout

This option inhibits the output of the encoded version of the parameters.

@@ -1966,7 +2071,7 @@ function.

Specifying an engine (by it's unique

.Ar id

string) will cause

-.Nm req

+.Nm dhparam

to attempt to obtain a functional reference to the specified engine,

thus initialising it if needed.

The engine will then be set as the default for all available algorithms.

@@ -1992,9 +2097,9 @@ versions of

.Sh DHPARAM NOTES

.Ar PEM

format DH parameters use the header and footer lines:

-.Bd -literal

-\& -----BEGIN DH PARAMETERS-----

-\& -----END DH PARAMETERS-----

+.Bd -unfilled -offset indent

+-----BEGIN DH PARAMETERS-----

+-----END DH PARAMETERS-----

.Ed

.Pp

.Nm OpenSSL

@@ -2021,20 +2126,21 @@ option was added in

.Sh DSA

.Nm openssl dsa

.Bk -words

-.Op Fl inform Ar PEM|DER

-.Op Fl outform Ar PEM|DER

+.Op Fl inform Ar DER | PEM

+.Op Fl outform Ar DER | PEM

.Op Fl in Ar filename

.Op Fl passin Ar arg

.Op Fl out Ar filename

.Op Fl passout Ar arg

-.Op Fl des

-.Op Fl des3

-.Op Fl idea

+.Op Fl pubin

+.Op Fl pubout

+.Oo

+.Fl des | des3 | aes128 | aes192 |

+.Fl aes256

+.Oc

.Op Fl text

.Op Fl noout

.Op Fl modulus

-.Op Fl pubin

-.Op Fl pubout

.Op Fl engine Ar id

.Ek

.Pp

@@ -2053,17 +2159,18 @@ command.

.Pp

The options are as follows:

.Bl -tag -width "XXXX"

-.It Fl inform Ar DER|PEM

+.It Fl inform Ar DER | PEM

This specifies the input format.

The

.Ar DER

argument with a private key uses an ASN1 DER encoded form of an ASN.1

-SEQUENCE consisting of the values of version (currently zero), p, q, g,

-the public and private key components respectively as ASN.1 INTEGERs.

+SEQUENCE consisting of the values of version

+.Pq currently zero ,

+p, q, g,

+the public and private key components, respectively, as ASN.1 INTEGERs.

When used with a public key it uses a

.Em SubjectPublicKeyInfo

-structure:

-It is an error if the key is not DSA.

+structure: it is an error if the key is not DSA.

.Pp

The

.Ar PEM

@@ -2071,19 +2178,19 @@ form is the default format:

It consists of the DER format base64

encoded with additional header and footer lines.

In the case of a private key, PKCS#8 format is also accepted.

-.It Fl outform Ar DER|PEM

-This specifies the output format, the options have the same meaning as the

+.It Fl outform Ar DER | PEM

+This specifies the output format; the options have the same meaning as the

.Fl inform

option.

.It Fl in Ar filename

This specifies the input

.Ar filename

to read a key from or standard input if this option is not specified.

-If the key is encrypted a pass phrase will be prompted for.

+If the key is encrypted, a pass phrase will be prompted for.

.It Fl passin Ar arg

The input file password source.

For more information about the format of

-.Ar arg

+.Ar arg ,

see the

.Sx PASS PHRASE ARGUMENTS

section above.

@@ -2099,13 +2206,16 @@ be the same as the input filename.

.It Fl passout Ar arg

The output file password source.

For more information about the format of

-.Ar arg

+.Ar arg ,

see the

.Sx PASS PHRASE ARGUMENTS

section above.

-.It Cm -des|-des3|-idea

+.It Xo

+.Fl des | des3 | aes128 |

+.Fl aes192 | aes256

+.Xc

These options encrypt the private key with the DES, triple DES, or the

-IDEA ciphers, respectively, before outputting it.

+AES ciphers, respectively, before outputting it.

A pass phrase is prompted for.

If none of these options is specified, the key is written in plain text.

This means that using the

@@ -2118,23 +2228,23 @@ These options can only be used with

.Ar PEM

format output files.

.It Fl text

-Prints out the public, private key components and parameters.

+Prints out the public/private key components and parameters.

.It Fl noout

This option prevents output of the encoded version of the key.

.It Fl modulus

This option prints out the value of the public key component of the key.

.It Fl pubin

-By default a private key is read from the input file.

+By default, a private key is read from the input file.

With this option a public key is read instead.

.It Fl pubout

-By default a private key is output.

+By default, a private key is output.

With this option a public key will be output instead.

This option is automatically set if the input is a public key.

.It Fl engine Ar id

Specifying an engine (by it's unique

.Ar id

string) will cause

-.Nm req

+.Nm dsa

to attempt to obtain a functional reference to the specified engine,

thus initialising it if needed.

The engine will then be set as the default for all available algorithms.

@@ -2143,46 +2253,46 @@ The engine will then be set as the default for all available algorithms.

The

.Ar PEM

private key format uses the header and footer lines:

-.Bd -literal

-\& -----BEGIN DSA PRIVATE KEY-----

-\& -----END DSA PRIVATE KEY-----

+.Bd -unfilled -offset indent

+-----BEGIN DSA PRIVATE KEY-----

+-----END DSA PRIVATE KEY-----

.Ed

.Pp

The

.Ar PEM

public key format uses the header and footer lines:

-.Bd -literal

-\& -----BEGIN PUBLIC KEY-----

-\& -----END PUBLIC KEY-----

+.Bd -unfilled -offset indent

+-----BEGIN PUBLIC KEY-----

+-----END PUBLIC KEY-----

.Ed

.Sh DSA EXAMPLES

To remove the pass phrase on a DSA private key:

.Pp

-\& $ openssl dsa -in key.pem -out keyout.pem

+.Dl $ openssl dsa -in key.pem -out keyout.pem

.Pp

To encrypt a private key using triple DES:

.Pp

-\& $ openssl dsa -in key.pem -des3 -out keyout.pem

+.Dl $ openssl dsa -in key.pem -des3 -out keyout.pem

.Pp

To convert a private key from PEM to DER format:

.Pp

-\& $ openssl dsa -in key.pem -outform DER -out keyout.der

+.Dl $ openssl dsa -in key.pem -outform DER -out keyout.der

.Pp

To print out the components of a private key to standard output:

.Pp

-\& $ openssl dsa -in key.pem -text -noout

+.Dl $ openssl dsa -in key.pem -text -noout

.Pp

To just output the public part of a private key:

.Pp

-\& $ openssl dsa -in key.pem -pubout -out pubkey.pem

+.Dl $ openssl dsa -in key.pem -pubout -out pubkey.pem

.\"

.\" DSAPARAM

.\"

.Sh DSAPARAM

.Nm openssl dsaparam

.Bk -words

-.Op Fl inform Ar DER|PEM

-.Op Fl outform Ar DER|PEM

+.Op Fl inform Ar DER | PEM

+.Op Fl outform Ar DER | PEM

.Op Fl in Ar filename

.Op Fl out Ar filename

.Op Fl noout

@@ -2196,22 +2306,23 @@ To just output the public part of a private key:

.Pp

The

.Nm dsaparam

-command is used to manipulate or generate \s-1DSA\s0 parameter files.

+command is used to manipulate or generate DSA parameter files.

.Pp

The options are as follows:

.Bl -tag -width "XXXX"

-.It Fl inform Ar DER|PEM

+.It Fl inform Ar DER | PEM

This specifies the input format.

The

.Ar DER

-argument uses an ASN1 DER encoded form compatible with RFC 2459 (PKIX)

+argument uses an ASN1 DER encoded form compatible with RFC 2459

+.Pq PKIX

DSS-Parms that is a SEQUENCE consisting of p, q and g, respectively.

The

.Ar PEM

form is the default format:

it consists of the DER format base64 encoded with additional header

and footer lines.

-.It Fl outform Ar DER|PEM

+.It Fl outform Ar DER | PEM

This specifies the output format; the options have the same meaning as the

.Fl inform

option.

@@ -2221,7 +2332,7 @@ This specifies the input

to read parameters from, or standard input if this option is not specified.

If the

.Ar numbits

-parameter is included then this option will be ignored.

+parameter is included, then this option will be ignored.

.It Fl out Ar filename

This specifies the output

.Ar filename

@@ -2243,31 +2354,23 @@ function.

This option will generate a DSA either using the specified or generated

parameters.

.It Fl rand Ar file ...

-A

-.Ar file

-or

-.Ar file Ns Li s

-containing random data used to seed the random number

+A file or files containing random data used to seed the random number

generator, or an EGD socket (see

.Xr RAND_egd 3 ) .

-Multiple files can be specified, separated by an OS-dependent character.

-The separator is

-.Cm \&;

-for MS-Windows,

-.Cm \&,

-for OpenVMS, and

-.Cm \&:

-for all others.

+Multiple files can be specified, separated by a

+.Sq \&: .

.It Ar numbits

This option specifies that a parameter set should be generated of size

.Ar numbits .

It must be the last option.

-If this option is included, then the input file (if any) is ignored.

+If this option is included, then the input file

+.Pq if any

+is ignored.

.It Fl engine Ar id

Specifying an engine (by it's unique

.Ar id

string) will cause

-.Nm req

+.Nm dsaparam

to attempt to obtain a functional reference to the specified engine,

thus initialising it if needed.

The engine will then be set as the default for all available algorithms.

@@ -2275,9 +2378,9 @@ The engine will then be set as the default for all available algorithms.

.Sh DSAPARAM NOTES

.Ar PEM

format DSA parameters use the header and footer lines:

-.Bd -literal

-\& -----BEGIN DSA PARAMETERS-----

-\& -----END DSA PARAMETERS-----

+.Bd -unfilled -offset indent

+-----BEGIN DSA PARAMETERS-----

+-----END DSA PARAMETERS-----

.Ed

.Pp

DSA parameter generation is a slow process and as a result the same set of

@@ -2287,16 +2390,20 @@ DSA parameters is often used to generate several distinct keys.

.\"

.Sh ENC

.Nm openssl enc

+.Bk -words

.Fl ciphername

.Op Fl in Ar filename

.Op Fl out Ar filename

.Op Fl pass Ar arg

+.Op Fl salt

+.Op Fl nosalt

.Op Fl e

.Op Fl d

.Op Fl a

.Op Fl A

.Op Fl k Ar password

.Op Fl kfile Ar filename

+.Op Fl S Ar salt

.Op Fl K Ar key

.Op Fl iv Ar IV

.Op Fl p

@@ -2304,11 +2411,14 @@ DSA parameters is often used to generate several distinct keys.

.Op Fl bufsize Ar number

.Op Fl nopad

.Op Fl debug

+.Op Fl engine Ar id

+.Ek

.Pp

The symmetric cipher commands allow data to be encrypted or decrypted

using various block and stream ciphers using keys based on passwords

-or explicitly provided. Base64 encoding or decoding can also be performed

-either by itself or in addition to the encryption or decryption.

+or explicitly provided.

+Base64 encoding or decoding can also be performed either by itself

+or in addition to the encryption or decryption.

.Pp

The options are as follows:

.Bl -tag -width "XXXX"

@@ -2323,7 +2433,7 @@ standard output by default.

.It Fl pass Ar arg

The password source.

For more information about the format of

-.Ar arg

+.Ar arg ,

see the

.Sx PASS PHRASE ARGUMENTS

section above.

@@ -2443,6 +2553,14 @@ Set the buffer size for I/O.

Disable standard block padding.

.It Fl debug

Debug the BIOs used for I/O.

+.It Fl engine Ar id

+Specifying an engine (by it's unique

+.Ar id

+string) will cause

+.Nm enc

+to attempt to obtain a functional reference to the specified engine,

+thus initialising it if needed.

+The engine will then be set as the default for all available algorithms.

.El

.Sh ENC NOTES

The program can be called either as

@@ -2493,111 +2611,109 @@ this allows a rudimentary integrity or password check to be performed.

However, since the chance of random data passing the test is

better than 1 in 256, it isn't a very good test.

.Pp

-If padding is disabled then the input data must be a multiple of the cipher

+If padding is disabled, then the input data must be a multiple of the cipher

block length.

.Pp

All RC2 ciphers have the same key and effective key length.

.Pp

-Blowfish and RC5 algorithms use a 128 bit key.

+Blowfish and RC5 algorithms use a 128-bit key.

.Sh ENC SUPPORTED CIPHERS

-.Bd -literal

-\& base64 Base 64

-.Ed

-.Bd -literal

-\& bf-cbc Blowfish in CBC mode

-\& bf Alias for bf-cbc

-\& bf-cfb Blowfish in CFB mode

-\& bf-ecb Blowfish in ECB mode

-\& bf-ofb Blowfish in OFB mode

-.Ed

-.Bd -literal

-\& cast-cbc CAST in CBC mode

-\& cast Alias for cast-cbc

-\& cast5-cbc CAST5 in CBC mode

-\& cast5-cfb CAST5 in CFB mode

-\& cast5-ecb CAST5 in ECB mode

-\& cast5-ofb CAST5 in OFB mode

-.Ed

-.Bd -literal

-\& des-cbc DES in CBC mode

-\& des Alias for des-cbc

-\& des-cfb DES in CBC mode

-\& des-ofb DES in OFB mode

-\& des-ecb DES in ECB mode

-.Ed

-.Bd -literal

-\& des-ede-cbc Two key triple DES EDE in CBC mode

-\& des-ede Alias for des-ede

-\& des-ede-cfb Two key triple DES EDE in CFB mode

-\& des-ede-ofb Two key triple DES EDE in OFB mode

-.Ed

-.Bd -literal

-\& des-ede3-cbc Three key triple DES EDE in CBC mode

-\& des-ede3 Alias for des-ede3-cbc

-\& des3 Alias for des-ede3-cbc

-\& des-ede3-cfb Three key triple DES EDE CFB mode

-\& des-ede3-ofb Three key triple DES EDE in OFB mode

-.Ed

-.Bd -literal

-\& desx DESX algorithm.

-.Ed

-.Bd -literal

-\& idea-cbc IDEA algorithm in CBC mode

-\& idea same as idea-cbc

-\& idea-cfb IDEA in CFB mode

-\& idea-ecb IDEA in ECB mode

-\& idea-ofb IDEA in OFB mode

-.Ed

-.Bd -literal

-\& rc2-cbc 128 bit RC2 in CBC mode

-\& rc2 Alias for rc2-cbc

-\& rc2-cfb 128 bit RC2 in CBC mode

-\& rc2-ecb 128 bit RC2 in CBC mode

-\& rc2-ofb 128 bit RC2 in CBC mode

-\& rc2-64-cbc 64 bit RC2 in CBC mode

-\& rc2-40-cbc 40 bit RC2 in CBC mode

-.Ed

-.Bd -literal

-\& rc4 128 bit RC4

-\& rc4-64 64 bit RC4

-\& rc4-40 40 bit RC4

-.Ed

-.Bd -literal

-\& rc5-cbc RC5 cipher in CBC mode

-\& rc5 Alias for rc5-cbc

-\& rc5-cfb RC5 cipher in CBC mode

-\& rc5-ecb RC5 cipher in CBC mode

-\& rc5-ofb RC5 cipher in CBC mode

+.Bd -unfilled -offset indent

+aes-128-cbc 128-bit AES in CBC mode

+aes128 Alias for aes-128-cbc

+aes-128-cfb 128-bit AES in CFB mode

+aes-128-ecb 128-bit AES in ECB mode

+aes-128-ofb 128-bit AES in OFB mode

+aes-192-cbc 192-bit AES in CBC mode

+aes192 Alias for aes-192-cbc

+aes-192-cfb 192-bit AES in CFB mode

+aes-192-ecb 192-bit AES in ECB mode

+aes-192-ofb 192-bit AES in OFB mode

+aes-256-cbc 256-bit AES in CBC mode

+aes256 Alias for aes-256-cbc

+aes-256-cfb 256-bit AES in CFB mode

+aes-256-ecb 256-bit AES in ECB mode

+aes-256-ofb 256-bit AES in OFB mode

+base64 Base 64

+bf-cbc Blowfish in CBC mode

+bf Alias for bf-cbc

+blowfish Alias for bf-cbc

+bf-cfb Blowfish in CFB mode

+bf-ecb Blowfish in ECB mode

+bf-ofb Blowfish in OFB mode

+cast-cbc CAST in CBC mode

+cast Alias for cast-cbc

+cast5-cbc CAST5 in CBC mode

+cast5-cfb CAST5 in CFB mode

+cast5-ecb CAST5 in ECB mode

+cast5-ofb CAST5 in OFB mode

+des-cbc DES in CBC mode

+des Alias for des-cbc

+des-cfb DES in CBC mode

+des-ofb DES in OFB mode

+des-ecb DES in ECB mode

+des-ede-cbc Two key triple DES EDE in CBC mode

+des-ede Alias for des-ede

+des-ede-cfb Two key triple DES EDE in CFB mode

+des-ede-ofb Two key triple DES EDE in OFB mode

+des-ede3-cbc Three key triple DES EDE in CBC mode

+des-ede3 Alias for des-ede3-cbc

+des3 Alias for des-ede3-cbc

+des-ede3-cfb Three key triple DES EDE CFB mode

+des-ede3-ofb Three key triple DES EDE in OFB mode

+desx-cbc DESX algorithm

+desx Alias for desx-cbc

+rc2-cbc 128-bit RC2 in CBC mode

+rc2 Alias for rc2-cbc

+rc2-cfb 128-bit RC2 in CBC mode

+rc2-ecb 128-bit RC2 in CBC mode

+rc2-ofb 128-bit RC2 in CBC mode

+rc2-64-cbc 64-bit RC2 in CBC mode

+rc2-40-cbc 40-bit RC2 in CBC mode

+rc4 128-bit RC4

+rc4-40 40-bit RC4

.Ed

.Sh ENC EXAMPLES

Just base64 encode a binary file:

.Pp

-\& $ openssl base64 -in file.bin -out file.b64

+.Dl $ openssl base64 -in file.bin -out file.b64

.Pp

Decode the same file:

.Pp

-\& $ openssl base64 -d -in file.b64 -out file.bin

+.Dl $ openssl base64 -d -in file.b64 -out file.bin

.Pp

Encrypt a file using triple DES in CBC mode using a prompted password:

.Pp

-\& $ openssl des3 -salt -in file.txt -out file.des3

+.Dl $ openssl des3 -salt -in file.txt -out file.des3

.Pp

Decrypt a file using a supplied password:

.Pp

-\& $ openssl des3 -d -salt -in file.des3 -out file.txt -k mypassword

+.Dl "$ openssl des3 -d -salt -in file.des3 -out file.txt -k mypassword"

.Pp

-Encrypt a file then base64 encode it (so it can be sent via mail for example)

+Encrypt a file then base64 encode it

+(so it can be sent via mail for example)

using Blowfish in CBC mode:

.Pp

-\& $ openssl bf -a -salt -in file.txt -out file.bf

+.Dl $ openssl bf -a -salt -in file.txt -out file.bf

.Pp

Base64 decode a file then decrypt it:

.Pp

-\& $ openssl bf -d -salt -a -in file.bf -out file.txt

+.Dl "$ openssl bf -d -salt -a -in file.bf -out file.txt"

.Pp

-Decrypt some data using a supplied 40 bit RC4 key:

+Decrypt some data using a supplied 40-bit RC4 key:

.Pp

-\& $ openssl rc4-40 -in file.rc4 -out file.txt -K 0102030405

+.Dl $ openssl rc4-40 -in file.rc4 -out file.txt -K 0102030405

.Sh ENC BUGS

The

.Fl A

@@ -2616,12 +2732,13 @@ or RC4 with an 84-bit key with this program.

.Sh ERRSTR

The

.Nm errstr

-utility is undocumented.

+utility is currently undocumented.

.\"

.\" GENDH

.\"

.Sh GENDH

-Generation of Diffie-Hellman Parameters. Replaced by

+Generation of Diffie-Hellman Parameters.

+Replaced by

.Nm dhparam .

See

.Sx DHPARAM

@@ -2631,49 +2748,45 @@ above.

.\"

.Sh GENDSA

.Nm openssl gendsa

+.Bk -words

.Op Fl out Ar filename

-.Op Fl des

-.Op Fl des3

-.Op Fl idea

.Op Fl rand Ar file ...

.Op Fl engine Ar id

+.Oo

+.Fl des | des3 | aes128 |

+.Fl aes192 | aes256

+.Oc

.Op Ar paramfile

+.Ek

.Pp

The

.Nm gendsa

command generates a DSA private key from a DSA parameter file

-(which will be typically generated by the

+(which will typically be generated by the

.Nm openssl dsaparam

command).

.Pp

The options are as follows:

.Bl -tag -width "XXXX"

-.It Cm -des|-des3|-idea

+.It Xo

+.Fl des | des3 | aes128 |

+.Fl aes192 | aes256

+.Xc

These options encrypt the private key with the DES, triple DES,

-or the IDEA ciphers, respectively, before outputting it.

+or the AES ciphers, respectively, before outputting it.

A pass phrase is prompted for.

If none of these options is specified, no encryption is used.

.It Fl rand Ar file ...

-A

-.Ar file

-or

-.Ar file Ns Li s

-containing random data used to seed the random number

+A file or files containing random data used to seed the random number

generator, or an EGD socket (see

.Xr RAND_egd 3 ) .

-Multiple files can be specified separated by an OS-dependent character.

-The separator is

-.Cm \&;

-for MS-Windows,

-.Cm \&,

-for OpenVMS, and

-.Cm \&:

-for all others.

+Multiple files can be specified separated by a

+.Sq \&: .

.It Fl engine Ar id

Specifying an engine (by it's unique

.Ar id

string) will cause

-.Nm req

+.Nm gendsa

to attempt to obtain a functional reference to the specified engine,

thus initialising it if needed.

The engine will then be set as the default for all available algorithms.

@@ -2692,16 +2805,18 @@ much quicker that RSA key generation for example.

.\"

.Sh GENRSA

.Nm openssl genrsa

+.Bk -words

+.Oo

+.Fl des | des3 | aes128 |

+.Fl aes192 | aes256

+.Oc

.Op Fl out Ar filename

.Op Fl passout Ar arg

-.Op Fl des

-.Op Fl des3

-.Op Fl idea

-.Op Fl f4

-.Op Fl 3

+.Op Fl f4 | 3

.Op Fl rand Ar file ...

.Op Fl engine Ar id

.Op Ar numbits

+.Ek

.Pp

The

.Nm genrsa

@@ -2716,42 +2831,36 @@ If this argument is not specified then standard output is used.

.It Fl passout Ar arg

The output file password source.

For more information about the format of

-.Ar arg

+.Ar arg ,

see the

.Sx PASS PHRASE ARGUMENTS

section above.

-.It Cm -des|-des3|-idea

+.It Xo

+.Fl des | des3 | aes128 |

+.Fl aes192 | aes256

+.Xc

These options encrypt the private key with the DES, triple DES, or the

-IDEA ciphers, respectively, before outputting it.

+AES ciphers, respectively, before outputting it.

If none of these options is specified, no encryption is used.

If encryption is used a pass phrase is prompted for,

if it is not supplied via the

.Fl passout

option.

-.It Cm -F4|-3

+.It Fl F4 | 3

The public exponent to use, either 65537 or 3.

The default is 65537.

.It Fl rand Ar file ...

-A

-.Ar file

-or

-.Ar file Ns Li s

+A file or files

containing random data used to seed the random number

generator, or an EGD socket (see

.Xr RAND_egd 3 ) .

-Multiple files can be specified separated by an OS-dependent character.

-The separator is

-.Cm \&;

-for MS-Windows,

-.Cm \&,

-for OpenVMS, and

-.Cm \&:

-for all others.

+Multiple files can be specified separated by a

+.Sq \&: .

.It Fl engine Ar id

Specifying an engine (by it's unique

.Ar id

string) will cause

-.Nm req

+.Nm genrsa

to attempt to obtain a functional reference to the specified engine,

thus initialising it if needed.

The engine will then be set as the default for all available algorithms.

@@ -2766,12 +2875,12 @@ numbers.

When generating a private key, various symbols will be output to

indicate the progress of the generation.

-.Em \&.

-represents each number which has passed an initial sieve test,

-.Em \&+

+.Sq \&.

+represents each number which has passed an initial sieve test;

+.Sq +

means a number has passed a single round of the Miller-Rabin primality test.

A newline means that the number has passed all the prime tests

-(the actual number depends on the key size).

+.Pq the actual number depends on the key size .

.Pp

Because key generation is a random process the time taken to generate a key

may vary somewhat.

@@ -2780,7 +2889,8 @@ A quirk of the prime generation algorithm is that it cannot generate small

primes.

Therefore the number of bits should not be less that 64.

For typical private keys this will not matter because for security reasons

-they will be much larger (typically 1024 bits).

+they will be much larger

+.Pq typically 1024 bits .

.\"

.\" NSEQ

.\"

@@ -2808,7 +2918,7 @@ Specifies the output

.Ar filename

or standard output by default.

.It Fl toseq

-Normally a Netscape certificate sequence will be input and the output

+Normally, a Netscape certificate sequence will be input and the output

is the certificates contained in it.

With the

.Fl toseq

@@ -2818,20 +2928,20 @@ a Netscape certificate sequence is created from a file of certificates.

.Sh NSEQ EXAMPLES

Output the certificates in a Netscape certificate sequence:

.Bd -literal

-\& $ openssl nseq -in nseq.pem -out certs.pem

+.Dl $ openssl nseq -in nseq.pem -out certs.pem

.Ed

.Pp

Create a Netscape certificate sequence:

.Bd -literal

-\& $ openssl nseq -in certs.pem -toseq -out nseq.pem

+.Dl $ openssl nseq -in certs.pem -toseq -out nseq.pem

.Ed

.Sh NSEQ NOTES

The

.Em PEM

encoded form uses the same headers and footers as a certificate:

-.Bd -literal

-\& -----BEGIN CERTIFICATE-----

-\& -----END CERTIFICATE-----

+.Bd -unfilled -offset indent

+-----BEGIN CERTIFICATE-----

+-----END CERTIFICATE-----

.Ed

.Pp

A Netscape certificate sequence is a Netscape specific form that can be sent

@@ -2870,7 +2980,10 @@ input and output files and allowing multiple certificate files to be used.

.Op Fl nonce

.Op Fl no_nonce

.Op Fl url Ar URL

-.Op Fl host Ar host:n

+.Oo

+.Fl host

+.Ar hostname Ns : Ns Ar port

+.Oc

.Op Fl path

.Op Fl CApath Ar dir

.Op Fl CAfile Ar file

@@ -2898,15 +3011,19 @@ input and output files and allowing multiple certificate files to be used.

.Op Fl nrequest Ar n

.Ek

.Pp

-The Online Certificate Status Protocol (OCSP) enables applications to

-determine the (revocation) state of an identified certificate (RFC 2560).

+The Online Certificate Status Protocol

+.Pq OCSP

+enables applications to determine the

+.Pq revocation

+state of an identified certificate

+.Pq RFC 2560 .

.Pp

The

.Nm ocsp

command performs many common OCSP tasks.

It can be used to print out requests and responses,

-create requests and send queries to an OCSP responder and behave like

-a mini OCSP server itself.

+create requests and send queries to an OCSP responder,

+and behave like a mini OCSP server itself.

.Pp

The options are as follows:

.Bl -tag -width "XXXX"

@@ -2936,8 +3053,10 @@ option except the certificate with serial number

.Ar num

is added to the request.

The serial number is interpreted as a decimal integer unless preceded by

-.Em 0x .

-Negative integers can also be specified by preceding the value by a `-' sign.

+.Sq 0x .

+Negative integers can also be specified by preceding the value with a

+.Sq -

+sign.

.It Fl signer Ar filename , Fl signkey Ar filename

Sign the OCSP request using the certificate specified in the

.Fl signer

@@ -2946,9 +3065,9 @@ option and the private key specified by the

option.

If the

.Fl signkey

-option is not present then the private key is read from the same file

+option is not present, then the private key is read from the same file

as the certificate.

-If neither option is specified then the OCSP request is not signed.

+If neither option is specified, then the OCSP request is not signed.

.It Fl sign_other Ar filename

Additional certificates to include in the signed request.

.It Fl nonce , no_nonce

@@ -2977,7 +3096,7 @@ is automatically added; specifying

.Fl no_nonce

overrides this.

.It Fl req_text , resp_text , text

-Print out the text form of the OCSP request, response or both, respectively.

+Print out the text form of the OCSP request, response, or both, respectively.

.It Fl reqout Ar file , Fl respout Ar file

Write out the DER encoded certificate request or response to

.Ar file .

@@ -2993,8 +3112,13 @@ and

options).

.It Fl url Ar responder_url

Specify the responder URL.

-Both HTTP and HTTPS (SSL/TLS) URLs can be specified.

-.It Fl host Ar hostname:port , Fl path Ar pathname

+Both HTTP and HTTPS

+.Pq SSL/TLS

+URLs can be specified.

+.It Xo

+.Fl host Ar hostname Ns : Ns Ar port ,

+.Fl path Ar pathname

+.Xc

If the

.Fl host

option is present, then the OCSP request is sent to the host

@@ -3002,7 +3126,9 @@ option is present, then the OCSP request is sent to the host

on port

.Ar port .

.Fl path

-specifies the HTTP path name to use, or "/" by default.

+specifies the HTTP path name to use, or

+.Sq /

+by default.

.It Fl CAfile Ar file , Fl CApath Ar pathname

.Ar file

@@ -3049,16 +3175,16 @@ Don't check the signature on the OCSP response.

Since this option tolerates invalid signatures on OCSP responses,

it will normally only be used for testing purposes.

.It Fl no_cert_verify

-Don't verify the OCSP response signers certificate at all.

+Don't verify the OCSP response signer's certificate at all.

Since this option allows the OCSP response to be signed by any certificate,

it should only be used for testing purposes.

.It Fl no_chain

Do not use certificates in the response as additional untrusted CA

certificates.

.It Fl no_cert_checks

-Don't perform any additional checks on the OCSP response signers certificate.

-That is, do not make any checks to see if the signers certificate is authorised

-to provide the necessary status information:

+Don't perform any additional checks on the OCSP response signer's certificate.

+That is, do not make any checks to see if the signer's certificate is

+authorised to provide the necessary status information:

as a result this option should only be used for testing purposes.

.It Fl validity_period Ar nsec , Fl status_age Ar age

These options specify the range of times, in seconds, which will be tolerated

@@ -3079,14 +3205,14 @@ the default value is 5 minutes.

.Pp

If the

.Em notAfter

-time is omitted from a response then this means that new status

+time is omitted from a response, then this means that new status

information is immediately available.

In this case the age of the

.Em notBefore

field is checked to see it is not older than

.Ar age

seconds old.

-By default this additional check is not performed.

+By default, this additional check is not performed.

.El

.Sh OCSP SERVER OPTIONS

.Bl -tag -width "XXXX"

@@ -3139,7 +3265,7 @@ Identify the signer certificate using the key ID,

default is to use the subject name.

.It Fl rkey Ar file

The private key to sign OCSP responses with;

-if not present the file specified in the

+if not present, the file specified in the

.Fl rsigner

option is used.

.It Fl port Ar portnum

@@ -3159,9 +3285,9 @@ or

when fresh revocation information is available: used in the

.Ar nextUpdate

field.

-If neither option is present then the

+If neither option is present, then the

.Em nextUpdate

-field is omitted meaning fresh revocation information is immediately available.

+field is omitted, meaning fresh revocation information is immediately available.

.El

.Sh OCSP RESPONSE VERIFICATION

OCSP Response follows the rules specified in RFC 2560.

@@ -3181,7 +3307,7 @@ options or they will be looked for in the standard

certificates

directory.

.Pp

-If the initial verify fails then the OCSP verify process halts with an

+If the initial verify fails, then the OCSP verify process halts with an

error.

.Pp

Otherwise the issuing CA certificate in the request is compared to the OCSP

@@ -3192,34 +3318,37 @@ CA certificate in the request.

If there is a match and the OCSPSigning extended key usage is present

in the OCSP responder certificate, then the OCSP verify succeeds.

.Pp

-Otherwise the root CA of the OCSP responders CA is checked to see if it

+Otherwise the root CA of the OCSP responder's CA is checked to see if it

is trusted for OCSP signing.

If it is, the OCSP verify succeeds.

.Pp

-If none of these checks is successful then the OCSP verify fails.

+If none of these checks is successful, then the OCSP verify fails.

.Pp

What this effectively means is that if the OCSP responder certificate is

authorised directly by the CA it is issuing revocation information about

-(and it is correctly configured) then verification will succeed.

+.Pq and it is correctly configured ,

+then verification will succeed.

.Pp

If the OCSP responder is a

.Em global responder

which can give details about multiple CAs and has its own separate

certificate chain, then its root CA can be trusted for OCSP signing.

For example:

-.Bd -literal

-\& $ openssl x509 -in ocspCA.pem -addtrust OCSPSigning -out trustedCA.pem

+.Bd -literal -offset indent

+$ openssl x509 -in ocspCA.pem -addtrust OCSPSigning \e

+ -out trustedCA.pem

.Ed

.Pp

-Alternatively the responder certificate itself can be explicitly trusted

+Alternatively, the responder certificate itself can be explicitly trusted

with the

.Fl VAfile

option.

.Sh OCSP NOTES

As noted, most of the verify options are for testing or debugging purposes.

-Normally only the

+Normally, only the

.Fl CApath , CAfile

-and (if the responder is a 'global VA')

+and

+.Pq if the responder is a `global VA'

.Fl VAfile

options need to be used.

.Pp

@@ -3243,49 +3372,48 @@ and

options.

.Sh OCSP EXAMPLES

Create an OCSP request and write it to a file:

-.Bd -literal

-\& $ openssl ocsp -issuer issuer.pem -cert c1.pem -cert c2.pem -reqout \e

- req.der

+.Bd -literal -offset indent

+$ openssl ocsp -issuer issuer.pem -cert c1.pem -cert c2.pem \e

+ -reqout req.der

.Ed

.Pp

Send a query to an OCSP responder with URL

.Pa http://ocsp.myhost.com/ ,

save the response to a file and print it out in text form:

-.Bd -literal

-\& $ openssl ocsp -issuer issuer.pem -cert c1.pem -cert c2.pem \e

-\& -url http://ocsp.myhost.com/ -resp_text -respout resp.der

+.Bd -literal -offset indent

+$ openssl ocsp -issuer issuer.pem -cert c1.pem -cert c2.pem \e

+ -url http://ocsp.myhost.com/ -resp_text -respout resp.der

.Ed

.Pp

Read in an OCSP response and print out text form:

-.Bd -literal

-\& $ openssl ocsp -respin resp.der -text

-.Ed

+.Pp

+.Dl $ openssl ocsp -respin resp.der -text

.Pp

OCSP server on port 8888 using a standard

.Nm ca

configuration, and a separate responder certificate.

All requests and responses are printed to a file:

-.Bd -literal

-\& $ openssl ocsp -index demoCA/index.txt -port 8888 -rsigner rcert.pem \e

- -CA demoCA/cacert.pem -text -out log.txt

+.Bd -literal -offset indent

+$ openssl ocsp -index demoCA/index.txt -port 8888 -rsigner \e

+ rcert.pem -CA demoCA/cacert.pem -text -out log.txt

.Ed

.Pp

As above, but exit after processing one request:

-.Bd -literal

-\& $ openssl ocsp -index demoCA/index.txt -port 8888 -rsigner rcert.pem \e

- -CA demoCA/cacert.pem -nrequest 1

+.Bd -literal -offset indent

+$ openssl ocsp -index demoCA/index.txt -port 8888 -rsigner \e

+ rcert.pem -CA demoCA/cacert.pem -nrequest 1

.Ed

.Pp

Query status information using internally generated request:

-.Bd -literal

-\& $ openssl ocsp -index demoCA/index.txt -rsigner rcert.pem -CA \e

+.Bd -literal -offset indent

+$ openssl ocsp -index demoCA/index.txt -rsigner rcert.pem -CA \e

demoCA/cacert.pem -issuer demoCA/cacert.pem -serial 1

.Ed

.Pp

Query status information using request read from a file, write response to a

second file:

-.Bd -literal

-\& $ openssl ocsp -index demoCA/index.txt -rsigner rcert.pem -CA \e

+.Bd -literal -offset indent

+$ openssl ocsp -index demoCA/index.txt -rsigner rcert.pem -CA \e

demoCA/cacert.pem -reqin req.der -respout resp.der

.Ed

.\"

@@ -3302,6 +3430,7 @@ second file:

.Op Fl noverify

.Op Fl quiet

.Op Fl table

+.Op Fl reverse

.Op Ar password

.Pp

The

@@ -3315,9 +3444,13 @@ for option

from stdin for option

.Fl stdin ,

or from the command line, or from the terminal otherwise.

-The Unix standard algorithm

+The

+.Ux

+standard algorithm

.Em crypt

-and the MD5-based BSD password algorithm

+and the MD5-based

+.Bx

+password algorithm

.Em 1

and its Apache variant

.Em apr1

@@ -3328,14 +3461,20 @@ The options are as follows:

.It Fl crypt

Use the

.Em crypt

-algorithm (default).

+algorithm

+.Pq default .

.It Fl 1

-Use the MD5 based BSD password algorithm

+Use the MD5 based

+.Bx

+password algorithm

.Em 1 .

.It Fl apr1

Use the

.Em apr1

-algorithm (Apache variant of the BSD algorithm).

+algorithm

+.Pq Apache variant of the

+.Bx

+algorithm.

.It Fl salt Ar string

Use the specified

.Ar salt .

@@ -3350,31 +3489,33 @@ Read passwords from

.It Fl noverify

Don't verify when reading a password from the terminal.

.It Fl quiet

-Don't output warnings when passwords given at the command line are truncated.

+Don't output warnings when passwords given on the command line are truncated.

.It Fl table

In the output list, prepend the cleartext password and a TAB character

to each password hash.

+.It Fl reverse

+Switch table columns.

.El

.Sh PASSWD EXAMPLES

-.Bl -tag -width "XXXX"

-.It $ openssl passwd -crypt -salt xx password

+.Dl $ openssl passwd -crypt -salt xx password

prints

-.Em xxj31ZMTZzkVA .

-.It $ openssl passwd -1 -salt xxxxxxxx password

+.Qq xxj31ZMTZzkVA .

+.Pp

+.Dl $ openssl passwd -1 -salt xxxxxxxx password

prints

-.Em $1$xxxxxxxx$UYCIxa628.9qXjpQCjM4a. .

-.It $ openssl passwd -apr1 -salt xxxxxxxx password

+.Qq $1$xxxxxxxx$UYCIxa628.9qXjpQCjM4a. .

+.Pp

+.Dl $ openssl passwd -apr1 -salt xxxxxxxx password

prints

-.Em $apr1$xxxxxxxx$dxHfLAsjHkDRmG83UXe8K0 .

-.El

+.Qq $apr1$xxxxxxxx$dxHfLAsjHkDRmG83UXe8K0 .

.\"

.\" PKCS7

.\"

.Sh PKCS7

.Nm openssl pkcs7

.Bk -words

-.Op Fl inform Ar PEM|DER

-.Op Fl outform Ar PEM|DER

+.Op Fl inform Ar DER | PEM

+.Op Fl outform Ar DER | PEM

.Op Fl in Ar filename

.Op Fl out Ar filename

.Op Fl print_certs

@@ -3393,15 +3534,15 @@ format.

.Pp

The options are as follows:

.Bl -tag -width "XXXX"

-.It Fl inform Ar DER|PEM

+.It Fl inform Ar DER | PEM

This specifies the input format.

.Ar DER

-format is DER encoded PKCS#7 v1.5 structure.

+format is a DER encoded PKCS#7 v1.5 structure.

.Ar PEM

-(the default) is a base64 encoded version of the DER form with header

-and footer lines.

-.It Fl outform Ar DER|PEM

-This specifies the output format, the options have the same meaning as the

+.Pq the default

+is a base64 encoded version of the DER form with header and footer lines.

+.It Fl outform Ar DER | PEM

+This specifies the output format; the options have the same meaning as the

.Fl inform

option.

.It Fl in Ar filename

@@ -3427,7 +3568,7 @@ is set).

Specifying an engine (by it's unique

.Ar id

string) will cause

-.Nm req

+.Nm pkcs7

to attempt to obtain a functional reference to the specified engine,

thus initialising it if needed.

The engine will then be set as the default for all available algorithms.

@@ -3438,24 +3579,24 @@ Convert a PKCS#7 file from

.Em DER :

.Pp

-\& $ openssl pkcs7 -in file.pem -outform DER -out file.der

+.Dl $ openssl pkcs7 -in file.pem -outform DER -out file.der

.Pp

Output all certificates in a file:

.Pp

-\& $ openssl pkcs7 -in file.pem -print_certs -out certs.pem

+.Dl $ openssl pkcs7 -in file.pem -print_certs -out certs.pem

.Sh PKCS7 NOTES

The

.Em PEM

PKCS#7 format uses the header and footer lines:

-.Bd -literal

-\& -----BEGIN PKCS7-----

-\& -----END PKCS7-----

+.Bd -unfilled -offset indent

+-----BEGIN PKCS7-----

+-----END PKCS7-----

.Ed

.Pp

For compatibility with some CAs it will also accept:

-.Bd -literal

-\& -----BEGIN CERTIFICATE-----

-\& -----END CERTIFICATE-----

+.Bd -unfilled -offset indent

+-----BEGIN CERTIFICATE-----

+-----END CERTIFICATE-----

.Ed

.Sh PKCS7 RESTRICTIONS

There is no option to print out all the fields of a PKCS#7 file.

@@ -3469,8 +3610,8 @@ They cannot currently parse, for example, the new CMS as described in RFC 2630.

.Nm openssl pkcs8

.Bk -words

.Op Fl topk8

-.Op Fl inform Ar PEM|DER

-.Op Fl outform Ar PEM|DER

+.Op Fl inform Ar DER | PEM

+.Op Fl outform Ar DER | PEM

.Op Fl in Ar filename

.Op Fl passin Ar arg

.Op Fl out Ar filename

@@ -3490,18 +3631,19 @@ The

command processes private keys in PKCS#8 format.

It can handle both unencrypted PKCS#8 PrivateKeyInfo format

and EncryptedPrivateKeyInfo format with a variety of PKCS#5

-(v1.5 and v2.0) and PKCS#12 algorithms.

+.Pq v1.5 and v2.0

+and PKCS#12 algorithms.

.Pp

The options are as follows:

.Bl -tag -width "XXXX"

.It Fl topk8

-Normally a PKCS#8 private key is expected on input and a traditional format

+Normally, a PKCS#8 private key is expected on input and a traditional format

private key will be written.

With the

.Fl topk8

option the situation is reversed:

it reads a traditional format private key and writes a PKCS#8 format key.

-.It Fl inform Ar DER|PEM

+.It Fl inform Ar DER | PEM

This specifies the input format.

If a PKCS#8 format key is expected on input,

then either a

@@ -3514,19 +3656,19 @@ Otherwise the

.Em PEM

format of the traditional format private key is used.

-.It Fl outform Ar DER|PEM

-This specifies the output format, the options have the same meaning as the

+.It Fl outform Ar DER | PEM

+This specifies the output format; the options have the same meaning as the

.Fl inform

option.

.It Fl in Ar filename

This specifies the input

.Ar filename

to read a key from or standard input if this option is not specified.

-If the key is encrypted a pass phrase will be prompted for.

+If the key is encrypted, a pass phrase will be prompted for.

.It Fl passin Ar arg

The input file password source.

For more information about the format of

-.Ar arg

+.Ar arg ,

see the

.Sx PASS PHRASE ARGUMENTS

section above.

@@ -3541,7 +3683,7 @@ be the same as the input filename.

.It Fl passout Ar arg

The output file password source.

For more information about the format of

-.Ar arg

+.Ar arg ,

see the

.Sx PASS PHRASE ARGUMENTS

section above.

@@ -3579,15 +3721,15 @@ The

contains a SEQUENCE consisting of the public and private keys, respectively.

.It Fl v2 Ar alg

This option enables the use of PKCS#5 v2.0 algorithms.

-Normally PKCS#8 private keys are encrypted with the password based

+Normally, PKCS#8 private keys are encrypted with the password based

encryption algorithm called

.Em pbeWithMD5AndDES-CBC ;

-this uses 56 bit DES encryption but it was the strongest encryption

+this uses 56-bit DES encryption but it was the strongest encryption

algorithm supported in PKCS#5 v1.5.

Using the

.Fl v2

option PKCS#5 v2.0 algorithms are used which can use any

-encryption algorithm such as 168 bit triple DES or 128 bit RC2, however

+encryption algorithm such as 168-bit triple DES or 128-bit RC2, however

not many implementations support PKCS#5 v2.0 yet.

If using private keys with

.Nm OpenSSL

@@ -3609,7 +3751,7 @@ A complete list of possible algorithms is included below.

Specifying an engine (by it's unique

.Ar id

string) will cause

-.Nm req

+.Nm pkcs8

to attempt to obtain a functional reference to the specified engine,

thus initialising it if needed.

The engine will then be set as the default for all available algorithms.

@@ -3619,15 +3761,15 @@ The encrypted form of a

.Em PEM

encoded PKCS#8 file uses the following

headers and footers:

-.Bd -literal

-\& -----BEGIN ENCRYPTED PRIVATE KEY-----

-\& -----END ENCRYPTED PRIVATE KEY-----

+.Bd -unfilled -offset indent

+-----BEGIN ENCRYPTED PRIVATE KEY-----

+-----END ENCRYPTED PRIVATE KEY-----

.Ed

.Pp

The unencrypted form uses:

-.Bd -literal

-\& -----BEGIN PRIVATE KEY-----

-\& -----END PRIVATE KEY-----

+.Bd -unfilled -offset indent

+-----BEGIN PRIVATE KEY-----

+-----END PRIVATE KEY-----

.Ed

.Pp

Private keys encrypted using PKCS#5 v2.0 algorithms and high iteration

@@ -3655,49 +3797,59 @@ Various algorithms can be used with the

.Fl v1

command line option, including PKCS#5 v1.5 and PKCS#12.

These are described in more detail below.

-.Bl -tag -width "XXXX"

-.It Ar PBE-MD2-DES PBE-MD5-DES

+.Pp

+.Bl -tag -width "XXXX" -compact

+.It Ar PBE-MD2-DES | PBE-MD5-DES

These algorithms were included in the original PKCS#5 v1.5 specification.

They only offer 56 bits of protection since they both use DES.

-.It Ar PBE-SHA1-RC2-64 PBE-MD2-RC2-64 PBE-MD5-RC2-64 PBE-SHA1-DES

+.Pp

+.It Ar PBE-SHA1-RC2-64 | PBE-MD2-RC2-64 | PBE-MD5-RC2-64 | PBE-SHA1-DES

These algorithms are not mentioned in the original PKCS#5 v1.5 specification

but they use the same key derivation algorithm and are supported by some

software.

They are mentioned in PKCS#5 v2.0.

-They use either 64 bit RC2 or 56 bit DES.

-.It Ar PBE-SHA1-RC4-128 PBE-SHA1-RC4-40 PBE-SHA1-3DES PBE-SHA1-2DES PBE-SHA1-RC2-128 PBE-SHA1-RC2-40

+They use either 64-bit RC2 or 56-bit DES.

+.Pp

+.It Ar PBE-SHA1-RC4-128 | PBE-SHA1-RC4-40 | PBE-SHA1-3DES | PBE-SHA1-2DES

+.It Ar PBE-SHA1-RC2-128 | PBE-SHA1-RC2-40

These algorithms use the PKCS#12 password based encryption algorithm and

-allow strong encryption algorithms like triple DES or 128 bit RC2 to be used.

+allow strong encryption algorithms like triple DES or 128-bit RC2 to be used.

.El

.Sh PKCS8 EXAMPLES

-Convert a private from traditional to PKCS#5 v2.0 format using triple DES:

+Convert a private key from traditional to PKCS#5 v2.0 format using triple DES:

.Pp

-\& $ openssl pkcs8 -in key.pem -topk8 -v2 des3 -out enckey.pem

+.Dl "$ openssl pkcs8 -in key.pem -topk8 -v2 des3 -out enckey.pem"

.Pp

-Convert a private key to PKCS#8 using a PKCS#5 1.5 compatible algorithm (DES):

+Convert a private key to PKCS#8 using a PKCS#5 1.5 compatible algorithm

+.Pq DES :

.Pp

-\& $ openssl pkcs8 -in key.pem -topk8 -out enckey.pem

+.Dl $ openssl pkcs8 -in key.pem -topk8 -out enckey.pem

.Pp

-Convert a private key to PKCS#8 using a PKCS#12 compatible algorithm (3DES):

-.Pp

-\& $ openssl pkcs8 -in key.pem -topk8 -out enckey.pem -v1 PBE-SHA1-3DES

+Convert a private key to PKCS#8 using a PKCS#12 compatible algorithm

+.Pq 3DES :

+.Bd -literal -offset indent

+$ openssl pkcs8 -in key.pem -topk8 -out enckey.pem \e

+ -v1 PBE-SHA1-3DES

+.Ed

.Pp

Read a DER unencrypted PKCS#8 format private key:

.Pp

-\& $ openssl pkcs8 -inform DER -nocrypt -in key.der -out key.pem

+.Dl "$ openssl pkcs8 -inform DER -nocrypt -in key.der -out key.pem"

.Pp

Convert a private key from any PKCS#8 format to traditional format:

.Pp

-\& $ openssl pkcs8 -in pk8.pem -out key.pem

+.Dl $ openssl pkcs8 -in pk8.pem -out key.pem

.Sh PKCS8 STANDARDS

Test vectors from this PKCS#5 v2.0 implementation were posted to the

-pkcs-tng mailing list using triple DES, DES and RC2 with high iteration

-counts, several people confirmed that they could decrypt the private

+pkcs-tng mailing list using triple DES, DES and RC2 with high iteration counts;

+several people confirmed that they could decrypt the private

keys produced and therefore it can be assumed that the PKCS#5 v2.0

implementation is reasonably accurate at least as far as these

algorithms are concerned.

.Pp

-The format of PKCS#8 DSA (and other) private keys is not well documented:

+The format of PKCS#8 DSA

+.Pq and other

+private keys is not well documented:

it is hidden away in PKCS#11 v2.01, section 11.9.;

.Nm OpenSSL Ns Li 's

default DSA PKCS#8 private key format complies with this standard.

@@ -3714,10 +3866,13 @@ compatibility, several of the utilities use the old format at present.

.\"

.Sh PKCS12

.Nm "openssl pkcs12"

+.Bk -words

.Op Fl export

.Op Fl chain

.Op Fl inkey Ar filename

.Op Fl certfile Ar filename

+.Op Fl CApath Ar directory

+.Op Fl CAfile Ar filename

.Op Fl name Ar name

.Op Fl caname Ar name

.Op Fl in Ar filename

@@ -3729,9 +3884,10 @@ compatibility, several of the utilities use the old format at present.

.Op Fl cacerts

.Op Fl nokeys

.Op Fl info

-.Op Fl des

-.Op Fl des3

-.Op Fl idea

+.Oo

+.Fl des | des3 | aes128 |

+.Fl aes192 | aes256

+.Oc

.Op Fl nodes

.Op Fl noiter

.Op Fl maciter

@@ -3745,20 +3901,24 @@ compatibility, several of the utilities use the old format at present.

.Op Fl passin Ar arg

.Op Fl passout Ar arg

.Op Fl rand Ar file ...

+.Op Fl engine Ar id

+.Ek

.Pp

The

.Nm pkcs12

-command allows PKCS#12 files (sometimes referred to as PFX files)

+command allows PKCS#12 files

+.Pq sometimes referred to as PFX files

to be created and parsed.

PKCS#12 files are used by several programs including Netscape, MSIE

and MS Outlook.

.Pp

There are a lot of options; the meaning of some depends on whether a

PKCS#12 file is being created or parsed.

-By default a PKCS#12 file is parsed;

+By default, a PKCS#12 file is parsed;

a PKCS#12 file can be created by using the

.Fl export

-option (see below).

+option

+.Pq see below .

.Sh PKCS12 PARSING OPTIONS

.Bl -tag -width "XXXX"

.It Fl in Ar filename

@@ -3774,16 +3934,18 @@ They are all written in

.Em PEM

format.

.It Fl pass Ar arg , Fl passin Ar arg

-The PKCS#12 file (i.e. input file) password source.

+The PKCS#12 file

+.Pq i.e. input file

+password source.

For more information about the format of

-.Ar arg

+.Ar arg ,

see the

.Sx PASS PHRASE ARGUMENTS

section above.

.It Fl passout Ar arg

Pass phrase source to encrypt any outputed private keys with.

For more information about the format of

-.Ar arg

+.Ar arg ,

see the

.Sx PASS PHRASE ARGUMENTS

section above.

@@ -3791,9 +3953,11 @@ section above.

This option inhibits output of the keys and certificates to the output file

version of the PKCS#12 file.

.It Fl clcerts

-Only output client certificates (not CA certificates).

+Only output client certificates

+.Pq not CA certificates .

.It Fl cacerts

-Only output CA certificates (not client certificates).

+Only output CA certificates

+.Pq not client certificates .

.It Fl nocerts

No certificates at all will be output.

.It Fl nokeys

@@ -3801,12 +3965,13 @@ No private keys will be output.

.It Fl info

Output additional information about the PKCS#12 file structure,

algorithms used and iteration counts.

-.It Fl des

-Use DES to encrypt private keys before outputting.

-.It Fl des3

-Use triple DES to encrypt private keys before outputting, this is the default.

-.It Fl idea

-Use IDEA to encrypt private keys before outputting.

+.It Xo

+.Fl des | des3 | aes128 |

+.Fl aes192 | aes256

+.Xc

+Use DES, triple DES, or AES, respectively,

+to encrypt private keys before outputting.

+The default is triple DES.

.It Fl nodes

Don't encrypt the private keys at all.

.It Fl nomacver

@@ -3841,72 +4006,89 @@ in the PKCS#12 file.

File to read private key from.

If not present then a private key must be present in the input file.

.It Fl name Ar friendlyname

-This specifies the "friendly name" for the certificate and private key.

+This specifies the

+.Qq friendly name

+for the certificate and private key.

This name is typically displayed in list boxes by software importing the file.

.It Fl certfile Ar filename

A filename to read additional certificates from.

+.It Fl CApath Ar directory

+Directory of CAs

+.Pq PEM format .

+.It Fl CAfile Ar filename

+File of CAs

+.Pq PEM format .

.It Fl caname Ar friendlyname

-This specifies the "friendly name" for other certificates.

+This specifies the

+.Qq friendly name

+for other certificates.

This option may be used multiple times to specify names for all certificates

in the order they appear.

Netscape ignores friendly names on other certificates,

whereas MSIE displays them.

.It Fl pass Ar arg , Fl passout Ar arg

-The PKCS#12 file (i.e. output file) password source.

+The PKCS#12 file

+.Pq i.e. output file

+password source.

For more information about the format of

-.Ar arg

+.Ar arg ,

see the

.Sx PASS PHRASE ARGUMENTS

section above.

.It Fl passin Ar password

Pass phrase source to decrypt any input private keys with.

For more information about the format of

-.Ar arg

+.Ar arg ,

see the

.Sx PASS PHRASE ARGUMENTS

section above.

.It Fl chain

-If this option is present then an attempt is made to include the entire

+If this option is present, then an attempt is made to include the entire

certificate chain of the user certificate.

The standard CA store is used for this search.

-If the search fails it is considered a fatal error.

+If the search fails, it is considered a fatal error.

.It Fl descert

Encrypt the certificate using triple DES; this may render the PKCS#12

-file unreadable by some "export grade" software.

-By default the private key is encrypted using triple DES and the

-certificate using 40 bit RC2.

+file unreadable by some

+.Qq export grade

+software.

+By default, the private key is encrypted using triple DES and the

+certificate using 40-bit RC2.

.It Fl keypbe Ar alg , Fl certpbe Ar alg

These options allow the algorithm used to encrypt the private key and

certificates to be selected.

Although any PKCS#5 v1.5 or PKCS#12 algorithms can be selected,

-it is advisable only to use PKCS#12 algorithms.

+it is advisable to only use PKCS#12 algorithms.

See the list in the

.Sx PKCS12 NOTES

section for more information.

.It Fl keyex | keysig

Specifies that the private key is to be used for key exchange or just signing.

This option is only interpreted by MSIE and similar MS software.

-Normally "export grade" software will only allow 512 bit RSA keys to be

+Normally,

+.Qq export grade

+software will only allow 512-bit RSA keys to be

used for encryption purposes, but arbitrary length keys for signing.

The

.Fl keysig

option marks the key for signing only.

-Signing only keys can be used for S/MIME signing,

-authenticode (ActiveX control signing) and SSL client authentication;

+Signing only keys can be used for S/MIME signing, authenticode

+.Pq ActiveX control signing

+and SSL client authentication;

however, due to a bug only MSIE 5.0 and later support

the use of signing only keys for SSL client authentication.

.It Fl nomaciter , noiter

These options affect the iteration counts on the MAC and key algorithms.

-Unless you wish to produce files compatible with MSIE 4.0 you should leave

+Unless you wish to produce files compatible with MSIE 4.0, you should leave

these options alone.

.Pp

-To discourage attacks by using large dictionaries of common passwords the

-algorithm that derives keys from passwords can have an iteration count applied

-to it: this causes a certain part of the algorithm to be repeated and slows it

-down.

+To discourage attacks by using large dictionaries of common passwords,

+the algorithm that derives keys from passwords can have an iteration count

+applied to it: this causes a certain part of the algorithm to be repeated

+and slows it down.

The MAC is used to check the file integrity but since it will normally

have the same password as the keys and certificates it could also be attacked.

-By default both MAC and encryption iteration counts are set to 2048;

+By default, both MAC and encryption iteration counts are set to 2048;

using these options the MAC and encryption iteration counts can be set to 1.

Since this reduces the file security you should not use these options

unless you really have to.

@@ -3915,29 +4097,28 @@ MSIE 4.0 doesn't support MAC iteration counts, so it needs the

.Fl nomaciter

option.

.It Fl maciter

-This option is included for compatibility with previous versions, it used

+This option is included for compatibility with previous versions; it used

to be needed to use MAC iterations counts but they are now used by default.

.It Fl rand Ar file ...

-A

-.Ar file

-or

-.Ar file Ns Li s

+A file or files

containing random data used to seed the random number generator,

or an EGD socket (see

.Xr RAND_egd 3 ) .

-Multiple files can be specified separated by an OS-dependent character.

-The separator is

-.Cm \&;

-for MS-Windows,

-.Cm \&,

-for OpenVMS, and

-.Cm \&:

-for all others.

+Multiple files can be specified separated by a

+.Sq \&: .

+.It Fl engine Ar id

+Specifying an engine (by it's unique

+.Ar id

+string) will cause

+.Nm pkcs12

+to attempt to obtain a functional reference to the specified engine,

+thus initialising it if needed.

+The engine will then be set as the default for all available algorithms.

.El

.Sh PKCS12 NOTES

Although there are a large number of options,

most of them are very rarely used.

-For PKCS#12 file parsing only

+For PKCS#12 file parsing, only

.Fl in

and

.Fl out

@@ -3948,10 +4129,10 @@ and

are also used.

.Pp

If none of the

-.Fl clcerts , cacerts

+.Fl clcerts , cacerts ,

.Fl nocerts

-options are present then all certificates will be output in the order

+options are present, then all certificates will be output in the order

they appear in the input PKCS#12 files.

There is no guarantee that the first certificate present is

the one corresponding to the private key.

@@ -3962,7 +4143,7 @@ Using the

.Fl clcerts

option will solve this problem by only outputting the certificate

corresponding to the private key.

-If the CA certificates are required then they can be output to a separate

+If the CA certificates are required, then they can be output to a separate

file using the

.Fl nokeys

and

@@ -3975,40 +4156,40 @@ and

.Fl certpbe

algorithms allow the precise encryption algorithms for private keys

and certificates to be specified.

-Normally the defaults are fine but occasionally software can't handle

+Normally, the defaults are fine but occasionally software can't handle

triple DES encrypted private keys;

then the option

.Fl keypbe Ar PBE-SHA1-RC2-40

-can be used to reduce the private key encryption to 40 bit RC2.

+can be used to reduce the private key encryption to 40-bit RC2.

A complete description of all algorithms is contained in the

.Sx PKCS8

section above.

.Sh PKCS12 EXAMPLES

Parse a PKCS#12 file and output it to a file:

.Pp

-\& $ openssl pkcs12 -in file.p12 -out file.pem

+.Dl $ openssl pkcs12 -in file.p12 -out file.pem

.Pp

Output only client certificates to a file:

.Pp

-\& $ openssl pkcs12 -in file.p12 -clcerts -out file.pem

+.Dl $ openssl pkcs12 -in file.p12 -clcerts -out file.pem

.Pp

Don't encrypt the private key:

.Pp

-\& $ openssl pkcs12 -in file.p12 -out file.pem -nodes

+.Dl $ openssl pkcs12 -in file.p12 -out file.pem -nodes

.Pp

Print some info about a PKCS#12 file:

.Pp

-\& $ openssl pkcs12 -in file.p12 -info -noout

+.Dl $ openssl pkcs12 -in file.p12 -info -noout

.Pp

Create a PKCS#12 file:

-.Bd -literal

-\& $ openssl pkcs12 -export -in file.pem -out file.p12 \e

+.Bd -literal -offset indent

+$ openssl pkcs12 -export -in file.pem -out file.p12 \e

-name "My Certificate"

.Ed

.Pp

Include some extra certificates:

-.Bd -literal

-\& $ openssl pkcs12 -export -in file.pem -out file.p12 \e

+.Bd -literal -offset indent

+$ openssl pkcs12 -export -in file.pem -out file.p12 \e

-name "My Certificate" -certfile othercerts.pem

.Ed

.Sh PKCS12 BUGS

@@ -4020,8 +4201,9 @@ before 0.9.6a had a bug in the PKCS#12 key generation routines.

Under rare circumstances this could produce a PKCS#12 file encrypted

with an invalid key.

As a result some PKCS#12 files which triggered this bug

-from other implementations (MSIE or Netscape) could not be decrypted

-by

+from other implementations

+.Pq MSIE or Netscape

+could not be decrypted by

.Nm OpenSSL

and similarly

.Nm OpenSSL

@@ -4043,9 +4225,10 @@ and recreating

the PKCS#12 file from the keys and certificates using a newer version of

.Nm OpenSSL .

For example:

-.Bd -literal

-\& $ old-openssl -in bad.p12 -out keycerts.pem

-\& $ openssl -in keycerts.pem -export -name "My PKCS#12 file" -out fixed.p12

+.Bd -literal -offset indent

+$ old-openssl -in bad.p12 -out keycerts.pem

+$ openssl -in keycerts.pem -export -name "My PKCS#12 file" \e

+ -out fixed.p12

.Ed

.\"

.\" RAND

@@ -4053,8 +4236,9 @@ For example:

.Sh RAND

.Cm openssl rand

.Op Fl out Ar file

-.Op Fl rand Ar file

+.Op Fl rand Ar file ...

.Op Fl base64

+.Op Fl engine Ar id

.Ar num

.Pp

The

@@ -4086,25 +4270,23 @@ Write to

.Ar file

instead of standard output.

.It Fl rand Ar file ...

-Use specified

-.Ar file

-or

-.Ar file Ns Li s

-or EGD socket (see

+Use specified file or files, or EGD socket (see

.Xr RAND_egd 3 )

for seeding the random number generator.

-Multiple files can be specified separated by an OS-dependent character.

-The separator is

-.Cm \&;

-for MS-Windows,

-.Cm \&,

-for OpenVMS, and

-.Cm \&:

-for all others.

+Multiple files can be specified separated by a

+.Sq \&: .

.It Fl base64

Perform

.Em base64

encoding on the output.

+.It Fl engine Ar id

+Specifying an engine (by it's unique

+.Ar id

+string) will cause

+.Nm rand

+to attempt to obtain a functional reference to the specified engine,

+thus initialising it if needed.

+The engine will then be set as the default for all available algorithms.

.El

.\"

.\" REQ

@@ -4112,8 +4294,8 @@ encoding on the output.

.Sh REQ

.Nm openssl req

.Bk -words

-.Op Fl inform Ar PEM|DER

-.Op Fl outform Ar PEM|DER

+.Op Fl inform Ar DER | PEM

+.Op Fl outform Ar DER | PEM

.Op Fl in Ar filename

.Op Fl passin Ar arg

.Op Fl out Ar filename

@@ -4125,13 +4307,22 @@ encoding on the output.

.Op Fl modulus

.Op Fl new

.Op Fl rand Ar file ...

-.Op Fl newkey Ar rsa:bits

-.Op Fl newkey Ar dsa:file

+.Oo Xo

+.Fl newkey

+.Ar rsa Ns : Ns Ar bits

+.Xc

+.Oc

+.Oo Xo

+.Fl newkey

+.Ar dsa Ns : Ns Ar file

+.Xc

+.Oc

.Op Fl nodes

+.Op Fl subject

.Op Fl key Ar filename

-.Op Fl keyform Ar PEM|DER

+.Op Fl keyform Ar DER | PEM

.Op Fl keyout Ar filename

-.Op Fl Op Cm md5|sha1|md2|mdc2

+.Op Fl md5 | sha1 | md2 | md4

.Op Fl config Ar filename

.Op Fl subj Ar arg

.Op Fl x509

@@ -4157,7 +4348,7 @@ for use as root CAs, for example.

.Pp

The options are as follows:

.Bl -tag -width "XXXX"

-.It Fl inform Ar DER|PEM

+.It Fl inform Ar DER | PEM

This specifies the input format.

The

.Ar DER

@@ -4168,8 +4359,8 @@ The

form is the default format:

it consists of the DER format base64 encoded with additional header and

footer lines.

-.It Fl outform Ar DER|PEM

-This specifies the output format, the options have the same meaning as the

+.It Fl outform Ar DER | PEM

+This specifies the output format; the options have the same meaning as the

.Fl inform

option.

.It Fl in Ar filename

@@ -4185,7 +4376,7 @@ are not specified.

.It Fl passin Ar arg

The input file password source.

For more information about the format of

-.Ar arg

+.Ar arg ,

see the

.Sx PASS PHRASE ARGUMENTS

section above.

@@ -4196,7 +4387,7 @@ to write to, or standard output by default.

.It Fl passout Ar arg

The output file password source.

For more information about the format of

-.Ar arg

+.Ar arg ,

see the

.Sx PASS PHRASE ARGUMENTS

section above.

@@ -4219,34 +4410,24 @@ are specified in the configuration file and any requested extensions.

.Pp

If the

.Fl key

-option is not used it will generate a new RSA private

+option is not used, it will generate a new RSA private

key using information specified in the configuration file.

.It Fl rand Ar file ...

-A

-.Ar file

-or

-.Ar file Ns Li s

-containing random data used to seed the random number generator,

+A file or files containing random data used to seed the random number generator,

or an EGD socket (see

.Xr RAND_egd 3 ) .

-Multiple files can be specified separated by an OS-dependent character.

-The separator is

-.Cm \&;

-for MS-Windows,

-.Cm \&,

-for OpenVMS, and

-.Cm \&:

-for all others.

+Multiple files can be specified separated by a

+.Sq \&: .

.It Fl newkey Ar arg

This option creates a new certificate request and a new private key.

The argument takes one of two forms:

-.Ar rsa:nbits ,

+.Ar rsa Ns : Ns Ar nbits ,

where

.Ar nbits

is the number of bits, generates an RSA key

.Ar nbits

in size.

-.Ar dsa:filename

+.Ar dsa Ns : Ns Ar filename

generates a DSA key using the parameters in the file

.Ar filename .

.It Fl key Ar filename

@@ -4254,11 +4435,11 @@ This specifies the file to read the private key from.

It also accepts PKCS#8 format private keys for

.Em PEM

format files.

-.It Fl keyform Ar PEM|DER

+.It Fl keyform Ar DER | PEM

The format of the private key file specified in the

.Fl key

argument.

-.AR PEM

+.Ar PEM

is the default.

.It Fl keyout Ar filename

This gives the

@@ -4267,9 +4448,11 @@ to write the newly created private key to.

If this option is not specified, then the filename present in the

configuration file is used.

.It Fl nodes

-If this option is specified then if a private key is created it

+If this option is specified and a private key is created, it

will not be encrypted.

-.It Fl md5|sha1|md2|mdc2

+.It Fl subject

+Output the request's subject.

+.It Fl md5 | sha1 | md2 | md4

This specifies the message digest to sign the request with.

This overrides the digest algorithm specified in the configuration file.

This option is ignored for DSA requests: they always use SHA1.

@@ -4277,34 +4460,38 @@ This option is ignored for DSA requests: they always use SHA1.

This allows an alternative configuration file to be specified;

this overrides the compile time filename or any specified in

the

-.Em OPENSSL_CONF

+.Ev OPENSSL_CONF

environment variable.

.It Fl subj Ar arg

Sets subject name for new request or supersedes the subject name

when processing a request.

The arg must be formatted as

-.Em /type0=value0/type1=value1/type2=... ,

-characters may be escaped by \e (backslash), no spaces are skipped.

+.Em /type0=value0/type1=value1/type2=... ;

+characters may be escaped by

+.Sq \e

+.Pq backslash ,

+no spaces are skipped.

.It Fl x509

This option outputs a self-signed certificate instead of a certificate

request.

This is typically used to generate a test certificate or

a self-signed root CA.

The extensions added to the certificate

-(if any) are specified in the configuration file.

+.Pq if any

+are specified in the configuration file.

Unless specified using the

.Fl set_serial

option, 0 will be used for the serial number.

.It Fl days Ar n

When the

.Fl x509

-option is being used this specifies the number of

+option is being used, this specifies the number of

days to certify the certificate for.

The default is 30 days.

.It Fl set_serial Ar n

Serial number to use when outputting a self-signed certificate.

This may be specified as a decimal value or a hex value if preceded by

-.Em 0x .

+.Sq 0x .

It is possible to use negative serial numbers but this is not recommended.

.It Fl extensions Ar section , Fl reqexts Ar section

These options specify alternative sections to include certificate

@@ -4315,8 +4502,8 @@ This allows several different sections to

be used in the same configuration file to specify requests for

a variety of purposes.

.It Fl utf8

-This option causes field values to be interpreted as UTF8 strings, by

-default they are interpreted as ASCII.

+This option causes field values to be interpreted as UTF8 strings;

+by default they are interpreted as ASCII.

This means that the field values, whether prompted from a terminal or

obtained from a configuration file, must be valid UTF8 strings.

.It Fl nameopt Ar option

@@ -4331,7 +4518,7 @@ See the

.Sx X509

section below for details.

.It Fl asn1-kludge

-By default the

+By default, the

.Nm req

command outputs certificate requests containing

no attributes in the correct PKCS#10 format.

@@ -4339,7 +4526,7 @@ However certain CAs will only

accept requests containing no attributes in an invalid form: this

option produces this invalid format.

.Pp

-More precisely the

+More precisely, the

.Em Attributes

in a PKCS#10 certificate request are defined as a SET OF Attribute.

They are

@@ -4354,7 +4541,9 @@ It should be noted that very few CAs still require the use of this option.

Adds the word NEW to the

.Em PEM

file header and footer lines on the outputed request.

-Some software (Netscape certificate server) and some CAs need this.

+Some software

+.Pq Netscape certificate server

+and some CAs need this.

.It Fl batch

Non-interactive mode.

.It Fl verbose

@@ -4373,7 +4562,7 @@ The configuration options are specified in the

.Em req

section of the configuration file.

As with all configuration files, if no value is specified in the specific

-section (i.e.

+section (i.e.\&

.Em req )

then the initial unnamed or

.Em default

@@ -4381,9 +4570,11 @@ section is searched too.

.Pp

The options available are described in detail below.

.Bl -tag -width "XXXX"

-.It Ar input_password output_password

-The passwords for the input private key file (if present) and

-the output private key file (if one will be created).

+.It Ar input_password | output_password

+The passwords for the input private key file

+.Pq if present

+and the output private key file

+.Pq if one will be created .

The command line options

.Fl passin

and

@@ -4414,7 +4605,7 @@ This specifies a section in the configuration file containing extra

object identifiers.

Each line should consist of the short name of the

object identifier followed by

-.Cm =

+.Sq =

and the numerical form.

The short and long names are the same when this option is used.

.It Ar RANDFILE

@@ -4425,7 +4616,7 @@ It is used for private key generation.

.It Ar encrypt_key

If this is set to

.Em no

-then if a private key is generated it is

+and a private key is generated, it is

.Em not

encrypted.

This is equivalent to the

@@ -4437,10 +4628,10 @@ is an equivalent option.

.It Ar default_md

This option specifies the digest algorithm to use.

Possible values include

-.Ar md5 , sha1

+.Ar md5

and

-.Ar mdc2 .

-If not present then MD5 is used.

+.Ar sha1 .

+If not present, then MD5 is used.

This option can be overridden on the command line.

.It Ar string_mask

This option masks out the use of certain string types in certain

@@ -4455,7 +4646,7 @@ and

.Em BMPStrings ;

if the

.Ar pkix

-value is used then only

+value is used, then only

.Em PrintableStrings

and

.Em BMPStrings

@@ -4463,7 +4654,7 @@ will be used.

This follows the PKIX recommendation in RFC 2459.

If the

.Fl utf8only

-option is used then only

+option is used, then only

.Em UTF8Strings

will be used: this is the PKIX recommendation in RFC 2459 after 2003.

Finally, the

@@ -4531,16 +4722,18 @@ sections.

If the

.Fl prompt

option is set to

-.Em no

+.Em no ,

then these sections just consist of field names and values: for example,

-.Bd -literal

-\& CN=My Name

-\& OU=My Organization

-\& emailAddress=someone@somewhere.org

+.Bd -unfilled -offset indent

+CN=My Name

+OU=My Organization

+emailAddress=someone@somewhere.org

.Ed

.Pp

-This allows external programs (e.g. GUI based) to generate a template file

-with all the field names and values and just pass it to

+This allows external programs

+.Pq e.g. GUI based

+to generate a template file with all the field names and values

+and just pass it to

.Nm req .

An example of this kind of configuration file is contained in the

.Sx REQ EXAMPLES

@@ -4552,21 +4745,26 @@ option is absent or not set to

.Em no ,

then the file contains field prompting information.

It consists of lines of the form:

-.Bd -literal

-\& fieldName="prompt"

-\& fieldName_default="default field value"

-\& fieldName_min= 2

-\& fieldName_max= 4

+.Bd -unfilled -offset indent

+fieldName="prompt"

+fieldName_default="default field value"

+fieldName_min= 2

+fieldName_max= 4

.Ed

.Pp

-"fieldName" is the field name being used, for example

+.Qq fieldName

+is the field name being used, for example

.Em commonName

-(or CN).

-The "prompt" string is used to ask the user to enter the relevant details.

+.Pq or CN .

+The

+.Qq prompt

+string is used to ask the user to enter the relevant details.

If the user enters nothing, then the default value is used;

-if no default value is present then the field is omitted.

+if no default value is present, then the field is omitted.

A field can still be omitted if a default value is present,

-if the user just enters the '.' character.

+if the user just enters the

+.Sq \&.

+character.

.Pp

The number of characters entered must be between the

.Em fieldName_min

@@ -4584,12 +4782,13 @@ Some fields (such as

can be used more than once in a DN.

This presents a problem because configuration files will

not recognize the same name occurring twice.

-To avoid this problem if the

+To avoid this problem, if the

.Em fieldName

-contains some characters followed by a full stop they will be ignored.

+contains some characters followed by a full stop, they will be ignored.

So, for example, a second

.Em organizationName

-can be input by calling it "1.organizationName".

+can be input by calling it

+.Qq 1.organizationName .

.Pp

The actual permitted field names are any object identifier short or

long names.

@@ -4598,7 +4797,7 @@ These are compiled into

and include the usual values such as

.Em commonName , countryName , localityName , organizationName ,

.Em organizationUnitName , stateOrProvinceName .

-Additionally

+Additionally,

.Em emailAddress

is included as well as

.Em name , surname , givenName initials

@@ -4615,36 +4814,36 @@ Any additional fields will be treated as though they were a

.Sh REQ EXAMPLES

Examine and verify certificate request:

.Pp

-\& $ openssl req -in req.pem -text -verify -noout

+.Dl $ openssl req -in req.pem -text -verify -noout

.Pp

Create a private key and then generate a certificate request from it:

-.Bd -literal

-\& $ openssl genrsa -out key.pem 1024

-\& $ openssl req -new -key key.pem -out req.pem

+.Bd -literal -offset indent

+$ openssl genrsa -out key.pem 1024

+$ openssl req -new -key key.pem -out req.pem

.Ed

.Pp

The same but just using req:

.Pp

-\& $ openssl req -newkey rsa:1024 -keyout key.pem -out req.pem

+.Dl $ openssl req -newkey rsa:1024 -keyout key.pem -out req.pem

.Pp

Generate a self-signed root certificate:

.Pp

-\& $ openssl req -x509 -newkey rsa:1024 -keyout key.pem -out req.pem

+.Dl "$ openssl req -x509 -newkey rsa:1024 -keyout key.pem -out req.pem"

.Pp

Example of a file pointed to by the

.Ar oid_file

option:

-.Bd -literal

-\& 1.2.3.4 shortName A longer Name

-\& 1.2.3.6 otherName Other longer Name

+.Bd -unfilled -offset indent

+1.2.3.4 shortName A longer Name

+1.2.3.6 otherName Other longer Name

.Ed

.Pp

Example of a section pointed to by

.Ar oid_section

making use of variable expansion:

-.Bd -literal

-\& testoid1=1.2.3.5

-\& testoid2=${testoid1}.6

+.Bd -unfilled -offset indent

+testoid1=1.2.3.5

+testoid2=${testoid1}.6

.Ed

.Pp

Sample configuration file prompting for field values:

@@ -4655,32 +4854,32 @@ Sample configuration file prompting for field values:

\& distinguished_name = req_distinguished_name

\& attributes = req_attributes

\& x509_extensions = v3_ca

-.Pp

\& dirstring_type = nobmp

-.Pp

\& [ req_distinguished_name ]

\& countryName = Country Name (2 letter code)

\& countryName_default = AU

\& countryName_min = 2

\& countryName_max = 2

-.Pp

\& localityName = Locality Name (eg, city)

-.Pp

\& organizationalUnitName = Organizational Unit Name (eg, section)

-.Pp

\& commonName = Common Name (eg, YOUR name)

\& commonName_max = 64

-.Pp

\& emailAddress = Email Address

\& emailAddress_max = 40

-.Pp

\& [ req_attributes ]

\& challengePassword = A challenge password

\& challengePassword_min = 4

\& challengePassword_max = 20

-.Pp

\& [ v3_ca ]

-.Pp

\& subjectKeyIdentifier=hash

\& authorityKeyIdentifier=keyid:always,issuer:always

\& basicConstraints = CA:true

@@ -4689,7 +4888,7 @@ Sample configuration file prompting for field values:

Sample configuration containing all field values:

.Bd -literal

\& RANDFILE = $ENV::HOME/.rnd

-.Pp

\& [ req ]

\& default_bits = 1024

\& default_keyfile = keyfile.pem

@@ -4697,7 +4896,7 @@ Sample configuration containing all field values:

\& attributes = req_attributes

\& prompt = no

\& output_password = mypass

-.Pp

\& [ req_distinguished_name ]

\& C = GB

\& ST = Test State or Province

@@ -4706,7 +4905,7 @@ Sample configuration containing all field values:

\& OU = Organizational Unit Name

\& CN = Common Name

\& emailAddress = test@email.address

-.Pp

\& [ req_attributes ]

\& challengePassword = A challenge password

.Ed

@@ -4714,15 +4913,17 @@ Sample configuration containing all field values:

The header and footer lines in the

.Ar PEM

format are normally:

-.Bd -literal

-\& -----BEGIN CERTIFICATE REQUEST-----

-\& -----END CERTIFICATE REQUEST-----

+.Bd -unfilled -offset indent

+-----BEGIN CERTIFICATE REQUEST-----

+-----END CERTIFICATE REQUEST-----

.Ed

.Pp

-Some software (some versions of Netscape certificate server) instead needs:

-.Bd -literal

-\& -----BEGIN NEW CERTIFICATE REQUEST-----

-\& -----END NEW CERTIFICATE REQUEST-----

+Some software

+.Pq some versions of Netscape certificate server

+instead needs:

+.Bd -unfilled -offset indent

+-----BEGIN NEW CERTIFICATE REQUEST-----

+-----END NEW CERTIFICATE REQUEST-----

.Ed

.Pp

which is produced with the

@@ -4733,69 +4934,73 @@ Either form is accepted transparently on input.

The certificate requests generated by Xenroll with MSIE have extensions added.

It includes the

.Em keyUsage

-extension which determines the type of

-key (signature only or general purpose) and any additional OIDs entered

-by the script in an

+extension which determines the type of key

+.Pq signature only or general purpose

+and any additional OIDs entered by the script in an

.Em extendedKeyUsage

extension.

.Sh REQ DIAGNOSTICS

The following messages are frequently asked about:

-.Bd -literal

-\& Using configuration from /some/path/openssl.cnf

-\& Unable to load config info

+.Bd -unfilled -offset indent

+Using configuration from /some/path/openssl.cnf

+Unable to load config info

.Ed

.Pp

This is followed some time later by...

-.Bd -literal

-\& unable to find 'distinguished_name' in config

-\& problems making Certificate Request

+.Bd -unfilled -offset indent

+unable to find 'distinguished_name' in config

+problems making Certificate Request

.Ed

.Pp

The first error message is the clue: it can't find the configuration

file!

-Certain operations (like examining a certificate request) don't

-need a configuration file so its use isn't enforced.

+Certain operations

+.Pq like examining a certificate request

+don't need a configuration file so its use isn't enforced.

Generation of certificates or requests, however, do need a configuration file.

This could be regarded as a bug.

.Pp

Another puzzling message is this:

-.Bd -literal

-\& Attributes:

-\& a0:00

+.Bd -unfilled -offset indent

+Attributes:

+ a0:00

.Ed

.Pp

This is displayed when no attributes are present and the request includes

-the correct empty SET OF structure (the DER encoding of which is 0xa0 0x00).

+the correct empty SET OF structure

+.Pq the DER encoding of which is 0xa0 0x00 .

If you just see:

.Pp

-\& Attributes:

+.D1 Attributes:

.Pp

-then the SET OF is missing and the encoding is technically invalid (but

-it is tolerated).

+then the SET OF is missing and the encoding is technically invalid

+.Pq but it is tolerated .

See the description of the command line option

.Fl asn1-kludge

for more information.

.Sh REQ ENVIRONMENT VARIABLES

The variable

-.Em OPENSSL_CONF ,

+.Ev OPENSSL_CONF ,

if defined, allows an alternative configuration

file location to be specified; it will be overridden by the

.Fl config

command line switch if it is present.

For compatibility reasons the

-.Em SSLEAY_CONF

+.Ev SSLEAY_CONF

environment variable serves the same purpose but its use is discouraged.

.Sh REQ BUGS

.Nm OpenSSL Ns Li 's

-handling of T61Strings (aka TeletexStrings) is broken: it effectively

-treats them as ISO-8859-1 (Latin 1);

+handling of T61Strings

+.Pq aka TeletexStrings

+is broken: it effectively treats them as ISO-8859-1

+.Pq Latin 1 ;

Netscape and MSIE have similar behaviour.

This can cause problems if you need characters that aren't available in

.Em PrintableStrings

and you don't want to or can't use

.Em BMPStrings .

.Pp

-As a consequence of the T61String handling the only correct way to represent

+As a consequence of the T61String handling, the only correct way to represent

accented characters in

.Nm OpenSSL

is to use a

@@ -4806,10 +5011,10 @@ and MSIE then you currently need to use the invalid T61String form.

.Pp

The current prompting is not very friendly.

It doesn't allow you to confirm what you've just entered.

-Other things like extensions in certificate requests are

+Other things, like extensions in certificate requests, are

statically defined in the configuration file.

Some of these, like an email address in

-.Em subjectAltName

+.Em subjectAltName ,

should be input by the user.

.\"

.\" RSA

@@ -4817,16 +5022,17 @@ should be input by the user.

.Sh RSA

.Cm openssl rsa

.Bk -words

-.Op Fl inform Ar PEM|NET|DER

-.Op Fl outform Ar PEM|NET|DER

+.Op Fl inform Ar DER | NET | PEM

+.Op Fl outform Ar DER | NET | PEM

.Op Fl in Ar filename

.Op Fl passin Ar arg

.Op Fl out Ar filename

.Op Fl passout Ar arg

.Op Fl sgckey

-.Op Fl des

-.Op Fl des3

-.Op Fl idea

+.Oo

+.Fl des | des3 | aes128 |

+.Fl aes192 | aes256

+.Oc

.Op Fl text

.Op Fl noout

.Op Fl modulus

@@ -4851,7 +5057,7 @@ utility.

.Pp

The options are as follows:

.Bl -tag -width "XXXX"

-.It Fl inform Ar DER|NET|PEM

+.It Fl inform Ar DER | NET | PEM

This specifies the input format.

The

.Ar DER

@@ -4868,8 +5074,8 @@ The

form is a format described in the

.Sx RSA NOTES

section.

-.It Fl outform Ar DER|NET|PEM

-This specifies the output format, the options have the same meaning as the

+.It Fl outform Ar DER | NET | PEM

+This specifies the output format; the options have the same meaning as the

.Fl inform

option.

.It Fl in Ar filename

@@ -4881,7 +5087,7 @@ If the key is encrypted, a pass phrase will be prompted for.

.It Fl passin Ar arg

The input file password source.

For more information about the format of

-.Ar arg

+.Ar arg ,

see the

.Sx PASS PHRASE ARGUMENTS

section above.

@@ -4889,14 +5095,14 @@ section above.

This specifies the output

.Ar filename

to write a key to, or standard output if this option is not specified.

-If any encryption options are set then a pass phrase will be prompted for.

+If any encryption options are set then, a pass phrase will be prompted for.

The output filename should

.Em not

be the same as the input filename.

.It Fl passout Ar password

The output file password source.

For more information about the format of

-.Ar arg

+.Ar arg ,

see the

.Sx PASS PHRASE ARGUMENTS

section above.

@@ -4904,9 +5110,12 @@ section above.

Use the modified

.Em NET

algorithm used with some versions of Microsoft IIS and SGC keys.

-.It Cm -des|-des3|-idea

+.It Xo

+.Fl des | des3 | aes128 |

+.Fl aes192 | aes256

+.Xc

These options encrypt the private key with the DES, triple DES, or the

-IDEA ciphers, respectively, before outputting it.

+AES ciphers, respectively, before outputting it.

A pass phrase is prompted for.

If none of these options is specified the key is written in plain text.

This means that using the

@@ -4927,17 +5136,17 @@ This option prints out the value of the modulus of the key.

.It Fl check

This option checks the consistency of an RSA private key.

.It Fl pubin

-By default a private key is read from the input file: with this

+By default, a private key is read from the input file: with this

option a public key is read instead.

.It Fl pubout

-By default a private key is output:

+By default, a private key is output:

with this option a public key will be output instead.

This option is automatically set if the input is a public key.

.It Fl engine Ar id

Specifying an engine (by it's unique

.Ar id

string) will cause

-.Nm req

+.Nm rsa

to attempt to obtain a functional reference to the specified engine,

thus initialising it if needed.

The engine will then be set as the default for all available algorithms.

@@ -4946,17 +5155,17 @@ The engine will then be set as the default for all available algorithms.

The

.Em PEM

private key format uses the header and footer lines:

-.Bd -literal

-\& -----BEGIN RSA PRIVATE KEY-----

-\& -----END RSA PRIVATE KEY-----

+.Bd -unfilled -offset indent

+-----BEGIN RSA PRIVATE KEY-----

+-----END RSA PRIVATE KEY-----

.Ed

.Pp

The

.Em PEM

public key format uses the header and footer lines:

-.Bd -literal

-\& -----BEGIN PUBLIC KEY-----

-\& -----END PUBLIC KEY-----

+.Bd -unfilled -offset indent

+-----BEGIN PUBLIC KEY-----

+-----END PUBLIC KEY-----

.Ed

.Pp

The

@@ -4969,8 +5178,10 @@ Some newer version of IIS have additional data in the exported .key files.

To use these with the

.Nm rsa

utility, view the file with a binary editor

-and look for the string "private-key", then trace back to the byte

-sequence 0x30, 0x82 (this is an ASN1 SEQUENCE).

+and look for the string

+.Qq private-key ,

+then trace back to the byte sequence 0x30, 0x82

+.Pq this is an ASN1 SEQUENCE .

Copy all the data from this point onwards to another file and use that as

the input to the

.Nm rsa

@@ -4983,11 +5194,11 @@ option.

.Sh RSA EXAMPLES

To remove the pass phrase on an RSA private key:

.Pp

-\& $ openssl rsa -in key.pem -out keyout.pem

+.Dl $ openssl rsa -in key.pem -out keyout.pem

.Pp

To encrypt a private key using triple DES:

.Pp

-\& $ openssl rsa -in key.pem -des3 -out keyout.pem

+.Dl $ openssl rsa -in key.pem -des3 -out keyout.pem

.Pp

To convert a private key from

.Em PEM

@@ -4995,15 +5206,15 @@ to

.Em DER

format:

.Pp

-\& $ openssl rsa -in key.pem -outform DER -out keyout.der

+.Dl $ openssl rsa -in key.pem -outform DER -out keyout.der

.Pp

To print out the components of a private key to standard output:

.Pp

-\& $ openssl rsa -in key.pem -text -noout

+.Dl $ openssl rsa -in key.pem -text -noout

.Pp

To just output the public part of a private key:

.Pp

-\& $ openssl rsa -in key.pem -pubout -out pubkey.pem

+.Dl $ openssl rsa -in key.pem -pubout -out pubkey.pem

.Sh RSA BUGS

The command line password arguments don't currently work with

.Em NET

@@ -5016,20 +5227,22 @@ without having to manually edit them.

.\"

.Sh RSAUTL

.Nm openssl rsautl

+.Bk -words

.Op Fl in Ar file

.Op Fl out Ar file

.Op Fl inkey Ar file

+.Op Fl keyform Ar DER | PEM

.Op Fl pubin

.Op Fl certin

.Op Fl sign

.Op Fl verify

.Op Fl encrypt

.Op Fl decrypt

-.Op Fl pkcs

-.Op Fl ssl

-.Op Fl raw

+.Op Fl pkcs | oaep | ssl | raw

.Op Fl hexdump

.Op Fl asn1parse

+.Op Fl engine Ar id

+.Ek

.Pp

The

.Nm rsautl

@@ -5050,6 +5263,10 @@ to write to or standard output by

default.

.It Fl inkey Ar file

The input key file, by default it should be an RSA private key.

+.It Fl keyform Ar DER | PEM

+Private ket format.

+Default is

+.Ar PEM .

.It Fl pubin

The input file is an RSA public key.

.It Fl certin

@@ -5063,9 +5280,10 @@ Verify the input data and output the recovered data.

Encrypt the input data using an RSA public key.

.It Fl decrypt

Decrypt the input data using an RSA private key.

-.It Fl pkcs , oaep , ssl , raw

-The padding to use: PKCS#1 v1.5 (the default), PKCS#1 OAEP,

-special padding used in SSL v2 backwards compatible handshakes,

+.It Fl pkcs | oaep | ssl | raw

+The padding to use: PKCS#1 v1.5

+.Pq the default ,

+PKCS#1 OAEP, special padding used in SSL v2 backwards compatible handshakes,

or no padding, respectively.

For signatures, only

.Fl pkcs

@@ -5075,9 +5293,17 @@ can be used.

.It Fl hexdump

Hex dump the output data.

.It Fl asn1parse

-Asn1parse the output data, this is useful when combined with the

+Asn1parse the output data; this is useful when combined with the

.Fl verify

option.

+.It Fl engine Ar id

+Specifying an engine (by it's unique

+.Ar id

+string) will cause

+.Nm rsautl

+to attempt to obtain a functional reference to the specified engine,

+thus initialising it if needed.

+The engine will then be set as the default for all available algorithms.

.El

.Sh RSAUTL NOTES

.Nm rsautl ,

@@ -5086,16 +5312,16 @@ used to sign or verify small pieces of data.

.Sh RSAUTL EXAMPLES

Sign some data using a private key:

.Pp

-\& $ openssl rsautl -sign -in file -inkey key.pem -out sig

+.Dl "$ openssl rsautl -sign -in file -inkey key.pem -out sig"

.Pp

Recover the signed data:

.Pp

-\& $ openssl rsautl -verify -in sig -inkey key.pem

+.Dl $ openssl rsautl -verify -in sig -inkey key.pem

.Pp

Examine the raw signed data:

.Pp

-\& $ openssl rsautl -verify -in file -inkey key.pem -raw -hexdump

-.Bd -literal

+.Li "\ \&$ openssl rsautl -verify -in file -inkey key.pem -raw -hexdump"

+.Bd -unfilled

\& 0000 - 00 01 ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................

\& 0010 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................

\& 0020 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff ................

@@ -5106,8 +5332,9 @@ Examine the raw signed data:

\& 0070 - ff ff ff ff 00 68 65 6c-6c 6f 20 77 6f 72 6c 64 .....hello world

.Ed

.Pp

-The PKCS#1 block formatting is evident from this. If this was done using

-encrypt and decrypt the block would have been of type 2 (the second byte)

+The PKCS#1 block formatting is evident from this.

+If this was done using encrypt and decrypt, the block would have been of type 2

+.Pq the second byte

and random padding data visible instead of the 0xff bytes.

.Pp

It is possible to analyse the signature of certificates using this

@@ -5115,12 +5342,12 @@ utility in conjunction with

.Nm asn1parse .

Consider the self-signed example in

.Pa certs/pca-cert.pem :

-Running

+running

.Nm asn1parse

as follows yields:

.Pp

-\& $ openssl asn1parse -in pca-cert.pem

-.Bd -literal

+.Li "\ \&$ openssl asn1parse -in pca-cert.pem"

+.Bd -unfilled

\& 0:d=0 hl=4 l= 742 cons: SEQUENCE

\& 4:d=1 hl=4 l= 591 cons: SEQUENCE

\& 8:d=2 hl=2 l= 3 cons: cont [ 0 ]

@@ -5144,22 +5371,22 @@ as follows yields:

The final BIT STRING contains the actual signature.

It can be extracted with:

.Pp

-\& $ openssl asn1parse -in pca-cert.pem -out sig -noout -strparse 614

+.Dl "$ openssl asn1parse -in pca-cert.pem -out sig -noout -strparse 614"

.Pp

The certificate public key can be extracted with:

.Pp

-\& $ openssl x509 -in test/testx509.pem -pubout -noout >pubkey.pem

+.Dl $ openssl x509 -in test/testx509.pem -pubout -noout >pubkey.pem

.Pp

The signature can be analysed with:

.Pp

-\& $ openssl rsautl -in sig -verify -asn1parse -inkey pubkey.pem -pubin

-.Bd -literal

+.Li "\ \&$ openssl rsautl -in sig -verify -asn1parse -inkey pubkey.pem -pubin"

+.Bd -unfilled

\& 0:d=0 hl=2 l= 32 cons: SEQUENCE

\& 2:d=1 hl=2 l= 12 cons: SEQUENCE

\& 4:d=2 hl=2 l= 8 prim: OBJECT :md5

\& 14:d=2 hl=2 l= 0 prim: NULL

\& 16:d=1 hl=2 l= 16 prim: OCTET STRING

-\& 0000 - f3 46 9e aa 1a 4a 73 c9-37 ea 93 00 48 25 08 b5 .F...Js.7...H%..

+\& 0000 - f3 46 9e aa 1a 4a 73 c9-37 ea 93 00 48 25 08 b5 .F...Js.7...H%..

.Ed

.Pp

This is the parsed version of an ASN1

@@ -5168,13 +5395,12 @@ structure.

It can be seen that the digest used was md5.

The actual part of the certificate that was signed can be extracted with:

.Pp

-\& $ openssl asn1parse -in pca-cert.pem -out tbs -noout -strparse 4

+.Dl "$ openssl asn1parse -in pca-cert.pem -out tbs -noout -strparse 4"

.Pp

and its digest computed with:

-.Bd -literal

-\& $ openssl md5 -c tbs

-\& MD5(tbs)= f3:46:9e:aa:1a:4a:73:c9:37:ea:93:00:48:25:08:b5

-.Ed

+.Pp

+.Dl $ openssl md5 -c tbs

+.D1 MD5(tbs)= f3:46:9e:aa:1a:4a:73:c9:37:ea:93:00:48:25:08:b5

.Pp

which it can be seen agrees with the recovered value above.

.\"

@@ -5183,7 +5409,9 @@ which it can be seen agrees with the recovered value above.

.Sh S_CLIENT

.Nm openssl s_client

.Bk -words

-.Op Fl connect Ar host:port>

+.Oo

+.Fl connect Ar host Ns : Ns Ar port

+.Oc

.Op Fl verify Ar depth

.Op Fl cert Ar filename

.Op Fl key Ar filename

@@ -5192,6 +5420,7 @@ which it can be seen agrees with the recovered value above.

.Op Fl reconnect

.Op Fl pause

.Op Fl showcerts

+.Op Fl prexit

.Op Fl debug

.Op Fl msg

.Op Fl nbio_test

@@ -5207,9 +5436,9 @@ which it can be seen agrees with the recovered value above.

.Op Fl no_ssl3

.Op Fl no_tls1

.Op Fl bugs

+.Op Fl serverpref

.Op Fl cipher Ar cipherlist

.Op Fl starttls Ar protocol

-.Op Fl starttls Ar protocol

.Op Fl engine Ar id

.Op Fl rand Ar file ...

.Ek

@@ -5224,20 +5453,22 @@ useful diagnostic tool for SSL servers.

.Pp

The options are as follows:

.Bl -tag -width "XXXX"

-.It Fl connect Ar host:port

+.It Xo

+.Fl connect Ar host Ns : Ns Ar port

+.Xc

This specifies the

.Ar host

and optional

.Ar port

to connect to.

-If not specified then an attempt is made to connect to the local host

+If not specified, then an attempt is made to connect to the local host

on port 4433.

.It Fl cert Ar certname

The certificate to use, if one is requested by the server.

The default is not to use a certificate.

.It Fl key Ar keyfile

The private key to use.

-If not specified then the certificate file will be used.

+If not specified, then the certificate file will be used.

.It Fl verify Ar depth

The verify

.Ar depth

@@ -5252,7 +5483,9 @@ certificate verify failure.

The

.Ar directory

to use for server certificate verification.

-This directory must be in "hash format", see

+This directory must be in

+.Qq hash format ;

+see

.Fl verify

for more information.

These are also used when building the client certificate chain.

@@ -5273,7 +5506,7 @@ certificate itself is displayed.

Print session information when the program exits.

This will always attempt

to print out information even if the connection fails.

-Normally information will only be printed out once if the connection succeeds.

+Normally, information will only be printed out once if the connection succeeds.

This option is useful because the cipher in use may be renegotiated

or the connection may fail because a client certificate is required or is

requested only after an attempt is made to access a certain URL.

@@ -5301,10 +5534,12 @@ Inhibit printing of session and certificate information.

This implicitly turns on

.Fl ign_eof

as well.

-.It Fl ssl2 , ssl3 , tls1 , no_ssl2 ,

-.It Fl no_ssl3 , no_tls1

+.It Xo

+.Fl ssl2 | ssl3 | tls1 |

+.Fl no_ssl2 | no_ssl3 | no_tls1

+.Xc

These options disable the use of certain SSL or TLS protocols.

-By default the initial handshake uses a method which should be compatible

+By default, the initial handshake uses a method which should be compatible

with all servers and permit them to use SSL v3, SSL v2 or TLS as appropriate.

.Pp

Unfortunately there are a lot of ancient and broken servers in use which

@@ -5317,9 +5552,12 @@ option.

.It Fl bugs

There are several known bugs in SSL and TLS implementations.

Adding this option enables various workarounds.

+.It Fl serverpref

+Use server's cipher preferences

+.Pq SSLv2 only .

.It Fl cipher Ar cipherlist

This allows the cipher list sent by the client to be modified.

-Although the server determines which cipher suite is used it should take

+Although the server determines which cipher suite is used, it should take

the first supported cipher in the list sent by the client.

See the

.Sx CIPHERS

@@ -5328,7 +5566,8 @@ section above for more information.

Send the protocol-specific message(s) to switch to TLS for communication.

.Ar protocol

is a keyword for the intended protocol.

-Currently, the only supported keyword is "smtp".

+Currently, the only supported keyword is

+.Qq smtp .

.It Fl engine Ar id

Specifying an engine (by it's unique

.Ar id

@@ -5338,25 +5577,14 @@ to attempt to obtain a functional reference to the specified engine,

thus initialising it if needed.

The engine will then be set as the default for all available algorithms.

.It Fl rand Ar file ...

-A

-.Ar file

-or

-.Ar file Ns Li s

-containing random data used to seed the random number generator,

+A file or files containing random data used to seed the random number generator,

or an EGD socket (see

.Xr RAND_egd 3 ) .

-Multiple files can be specified separated by an OS-dependent character.

-The separator is

-.Cm \&;

-for MS-Windows,

-.Cm \&,

-for OpenVMS, and

-.Cm \&:

-for

-all others.

+Multiple files can be specified separated by a

+.Sq \&: .

.El

.Sh S_CLIENT CONNECTED COMMANDS

-If a connection is established with an SSL server then any data received

+If a connection is established with an SSL server, then any data received

from the server is displayed and any key presses will be sent to the

server.

When used interactively (which means neither

@@ -5364,8 +5592,8 @@ When used interactively (which means neither

nor

.Fl ign_eof

have been given), the session will be renegotiated if the line begins with an

-.Em R ,

-and if the line begins with a

+.Em R ;

+if the line begins with a

.Em Q

or if end of file is reached, the connection will be closed down.

.Sh S_CLIENT NOTES

@@ -5373,14 +5601,16 @@ or if end of file is reached, the connection will be closed down.

can be used to debug SSL servers.

To connect to an SSL HTTP server the command:

.Pp

-\& $ openssl s_client -connect servername:443

+.Dl $ openssl s_client -connect servername:443

.Pp

-would typically be used (https uses port 443).

-If the connection succeeds then an HTTP command can be given such as

-"GET" to retrieve a web page.

+would typically be used

+.Pq HTTPS uses port 443 .

+If the connection succeeds, then an HTTP command can be given such as

+.Qq GET

+to retrieve a web page.

.Pp

-If the handshake fails then there are several possible causes; if it is

-nothing obvious like no client certificate then the

+If the handshake fails, then there are several possible causes; if it is

+nothing obvious like no client certificate, then the

.Fl bugs , ssl2 , ssl3 , tls1 ,

.Fl no_ssl2 , no_ssl3

and

@@ -5395,9 +5625,10 @@ mailing list.

A frequent problem when attempting to get client certificates working

is that a web client complains it has no certificates or gives an empty

list to choose from.

-This is normally because the server is not sending the clients certificate

-authority in its "acceptable CA list" when it

-requests a certificate.

+This is normally because the server is not sending the client's certificate

+authority in its

+.Qq acceptable CA list

+when it requests a certificate.

By using

.Nm s_client

the CA list can be viewed and checked.

@@ -5409,12 +5640,12 @@ command and send an HTTP request for an appropriate page.

.Pp

If a certificate is specified on the command line using the

.Fl cert

-option it will not be used unless the server specifically requests

+option, it will not be used unless the server specifically requests

a client certificate.

Therefore merely including a client certificate

on the command line is no guarantee that the certificate works.

.Pp

-If there are problems verifying a server certificate then the

+If there are problems verifying a server certificate, then the

.Fl showcerts

option can be used to show the whole chain.

.Sh S_CLIENT BUGS

@@ -5457,6 +5688,7 @@ We should really report information whenever a session is renegotiated.

.Op Fl CAfile Ar filename

.Op Fl nocert

.Op Fl cipher Ar cipherlist

+.Op Fl serverpref

.Op Fl quiet

.Op Fl no_tmp_rsa

.Op Fl ssl2

@@ -5493,16 +5725,17 @@ Sets the SSL context id.

It can be given any string value.

If this option is not present, a default value will be used.

.It Fl cert Ar certname

-The certificate to use; most servers cipher suites require the use of a

+The certificate to use; most server's cipher suites require the use of a

certificate and some require a certificate with a certain public key type:

for example the DSS cipher suites require a certificate containing a DSS

-(DSA) key.

-If not specified then the filename

+.Pq DSA

+key.

+If not specified, then the filename

.Pa server.pem

will be used.

.It Fl key Ar keyfile

The private key to use.

-If not specified then the certificate file will be used.

+If not specified, then the certificate file will be used.

.It Fl dcert Ar filename , Fl dkey Ar keyname

Specify an additional certificate and private key; these behave in the

same manner as the

@@ -5510,18 +5743,20 @@ same manner as the

and

.Fl key

options except there is no default if they are not specified

-(no additional certificate and key is used).

+.Pq no additional certificate and key is used .

As noted above some cipher suites require a certificate containing a key of

a certain type.

Some cipher suites need a certificate carrying an RSA key

-and some a DSS (DSA) key.

+and some a DSS

+.Pq DSA

+key.

By using RSA and DSS certificates and keys

a server can support clients which only support RSA or DSS cipher suites

by using an appropriate certificate.

.It Fl nocert

-If this option is set then no certificate is used.

+If this option is set, then no certificate is used.

This restricts the cipher suites available to the anonymous ones

-(currently just anonymous DH).

+.Pq currently just anonymous DH .

.It Fl dhparam Ar filename

The DH parameter file to use.

The ephemeral DH cipher suites generate keys

@@ -5545,15 +5780,17 @@ This specifies the maximum length of the client certificate chain

and makes the server request a certificate from the client.

With the

.Fl verify

-option a certificate is requested but the client does not have to send one.

+option, a certificate is requested but the client does not have to send one.

With the

.Fl Verify

-option the client must supply a certificate or an error occurs.

+option, the client must supply a certificate or an error occurs.

.It Fl CApath Ar directory

The

.Ar directory

to use for client certificate verification.

-This directory must be in "hash format", see

+This directory must be in

+.Qq hash format ;

+see

.Fl verify

for more information.

These are also used when building the server certificate chain.

@@ -5569,15 +5806,17 @@ Print extensive debugging information including a hex dump of all traffic.

.It Fl msg

Show all protocol messages with hex dump.

.It Fl nbio_test

-Tests non blocking I/O.

+Tests non-blocking I/O.

.It Fl nbio

-Turns on non blocking I/O.

+Turns on non-blocking I/O.

.It Fl crlf

This option translates a line feed from the terminal into CR+LF.

.It Fl quiet

Inhibit printing of session and certificate information.

-.It Fl ssl2 , ssl3 , tls1 , no_ssl2 ,

-.It Fl no_ssl3 , no_tls1

+.It Xo

+.Fl ssl2 | ssl3 | tls1 |

+.Fl no_ssl2 | no_ssl3 | no_tls1

+.Xc

These options disable the use of certain SSL or TLS protocols.

By default, the initial handshake uses a method which should be compatible

with all servers and permit them to use SSL v3, SSL v2 or TLS as appropriate.

@@ -5586,16 +5825,19 @@ There are several known bugs in SSL and TLS implementations.

Adding this option enables various workarounds.

.It Fl hack

This option enables a further workaround for some some early Netscape

-SSL code (?).

+SSL code

+.Pq \&? .

.It Fl cipher Ar cipherlist

This allows the cipher list used by the server to be modified.

When the client sends a list of supported ciphers, the first client cipher

also included in the server list is used.

Because the client specifies the preference order, the order of the server

-cipherlist irrelevant.

+cipherlist is irrelevant.

See the

.Sx CIPHERS

section for more information.

+.It Fl serverpref

+Use server's cipher preferences.

.It Fl www

Sends a status message back to the client when it connects.

This includes lots of information about the ciphers used and various

@@ -5632,25 +5874,17 @@ The engine will then be set as the default for all available algorithms.

.It Fl id_prefix Ar arg

Generate SSL/TLS session IDs prefixed by

.Ar arg .

-This is mostly useful for testing any SSL/TLS code (e.g. proxies) that wish

-to deal with multiple servers, when each of which might be generating a

-unique range of session IDs (e.g. with a certain prefix).

+This is mostly useful for testing any SSL/TLS code

+.Pq e.g. proxies

+that wish to deal with multiple servers, when each of which might be

+generating a unique range of session IDs

+.Pq e.g. with a certain prefix .

.It Fl rand Ar file ...

-A

-.Ar file

-or

-.Ar file Ns Li s

-containing random data used to seed the random number generator,

+A file or files containing random data used to seed the random number generator,

or an EGD socket (see

.Xr RAND_egd 3 ) .

-Multiple files can be specified separated by an OS-dependent character.

-The separator is

-.Cm \&;

-for MS-Windows,

-.Cm \&,

-for OpenVMS, and

-.Cm \&:

-for all others.

+Multiple files can be specified separated by a

+.Sq \&: .

.El

.Sh S_SERVER CONNECTED COMMANDS

If a connection request is established with an SSL client and neither the

@@ -5682,13 +5916,14 @@ Print out some session cache status information.

can be used to debug SSL clients.

To accept connections from a web browser the command:

.Pp

-\& $ openssl s_server -accept 443 -www

+.Dl $ openssl s_server -accept 443 -www

.Pp

can be used for example.

.Pp

-Most web browsers (in particular Netscape and MSIE) only support RSA cipher

-suites, so they cannot connect to servers which don't use a certificate

-carrying an RSA key or a version of

+Most web browsers

+.Pq in particular Netscape and MSIE

+only support RSA cipher suites, so they cannot connect to servers

+which don't use a certificate carrying an RSA key or a version of

.Nm OpenSSL

with RSA disabled.

.Pp

@@ -5721,34 +5956,35 @@ unknown cipher suites a client says it supports.

.Sh S_TIME

The

.Nm s_time

-utility is undocumented.

+utility is currently undocumented.

.\"

.\" SESS_ID

.\"

.Sh SESS_ID

.Nm openssl sess_id

.Bk -words

-.Op Fl inform Ar PEM|DER

-.Op Fl outform Ar PEM|DER

+.Op Fl inform Ar DER | PEM

+.Op Fl outform Ar DER | PEM

.Op Fl in Ar filename

.Op Fl out Ar filename

.Op Fl text

+.Op Fl cert

.Op Fl noout

.Op Fl context Ar ID

.Ek

.Pp

The

.Nm sess_id

-program processes the encoded version of the SSL

-session structure and optionally prints out SSL

-session details (for example the SSL

-session master key) in human readable format.

+program processes the encoded version of the SSL session structure and

+optionally prints out SSL session details

+.Pq for example the SSL session master key

+in human readable format.

Since this is a diagnostic tool that needs some knowledge of the SSL

protocol to use properly, most users will not need to use it.

.Pp

The options are as follows:

.Bl -tag -width "XXXX"

-.It Fl inform Ar DER|PEM

+.It Fl inform Ar DER | PEM

This specifies the input format.

The

.Ar DER

@@ -5759,8 +5995,8 @@ The

.Ar PEM

form is the default format: it consists of the DER

format base64 encoded with additional header and footer lines.

-.It Fl outform Ar DER|PEM

-This specifies the output format, the options have the same meaning as the

+.It Fl outform Ar DER | PEM

+This specifies the output format; the options have the same meaning as the

.Fl inform

option.

.It Fl in Ar filename

@@ -5776,14 +6012,15 @@ output if this option is not specified.

Prints out the various public or private key components in

plain text in addition to the encoded version.

.It Fl cert

-If a certificate is present in the session it will be output using this option,

+If a certificate is present in the session,

+it will be output using this option;

if the

.Fl text

-option is also present then it will be printed out in text form.

+option is also present, then it will be printed out in text form.

.It Fl noout

This option prevents output of the encoded version of the session.

.It Fl context Ar ID

-This option can set the session id so the output session information uses the

+This option can set the session ID so the output session information uses the

supplied

.Ar ID .

The

@@ -5793,7 +6030,7 @@ This option won't normally be used.

.El

.Sh SESS_ID OUTPUT

Typical output:

-.Bd -literal

+.Bd -unfilled

\& SSL-Session:

\& Protocol : TLSv1

\& Cipher : 0016

@@ -5820,10 +6057,11 @@ The session ID context in hex format.

.It Ar Master-Key

This is the SSL session master key.

.It Ar Key-Arg

-The key argument, this is only used in SSL v2.

+The key argument; this is only used in SSL v2.

.It Ar Start Time

-This is the session start time, represented as an integer

-in standard Unix format.

+This is the session start time, represented as an integer in standard

+.Ux

+format.

.It Ar Timeout

The timeout in seconds.

.It Ar Verify return code

@@ -5833,15 +6071,17 @@ This is the return code when an SSL client certificate is verified.

The

.Em PEM

encoded session format uses the header and footer lines:

-.Bd -literal

-\& -----BEGIN SSL SESSION PARAMETERS-----

-\& -----END SSL SESSION PARAMETERS-----

+.Bd -unfilled -offset indent

+-----BEGIN SSL SESSION PARAMETERS-----

+-----END SSL SESSION PARAMETERS-----

.Ed

.Pp

Since the SSL session output contains the master key, it is possible to read

the contents of an encrypted session using this information.

Therefore appropriate security precautions

-should be taken if the information is being output by a "real" application.

+should be taken if the information is being output by a

+.Qq real

+application.

This is, however, strongly discouraged and should only be used for

debugging purposes.

.Sh SESS_ID BUGS

@@ -5857,25 +6097,39 @@ The cipher and start time should be printed out in human readable form.

.Op Fl sign

.Op Fl verify

.Op Fl pk7out

-.Op Fl des

-.Op Fl des3

-.Op Fl rc2-40

-.Op Fl rc2-64

-.Op Fl rc2-128

+.Oo Xo

+.Fl des | des3 | rc2-40 | rc2-64 |

+.Fl rc2-128 | aes128 | aes192 | aes256

+.Xc

+.Oc

+.Op Fl nointern

+.Op Fl noverify

+.Op Fl nochain

+.Op Fl nosigs

+.Op Fl nocerts

+.Op Fl noattr

+.Op Fl binary

+.Op Fl nodetach

.Op Fl in Ar file

.Op Fl certfile Ar file

.Op Fl signer Ar file

.Op Fl recip Ar file

-.Op Fl inform Ar SMIME|PEM|DER

+.Op Fl inform Ar SMIME | DER | PEM

.Op Fl passin Ar arg

.Op Fl inkey Ar file

+.Op Fl keyform Ar PEM | ENGINE

.Op Fl out Ar file

-.Op Fl outform Ar SMIME|PEM|DER

+.Op Fl outform Ar SMIME | DER | PEM

.Op Fl content Ar file

.Op Fl to Ar addr

.Op Fl from Ar addr

.Op Fl subject Ar s

.Op Fl text

+.Op Fl CAfile Ar file

+.Op Fl CApath Ar directory

+.Op Fl crl_check

+.Op Fl crl_check_all

+.Op Fl engine Ar id

.Op Fl rand Ar file ...

.Op Ar cert.pem ...

.Ek

@@ -5925,7 +6179,7 @@ The input message to be encrypted or signed or the

.Em MIME

message to

be decrypted or verified.

-.It Fl inform Ar SMIME|PEM|DER

+.It Fl inform Ar SMIME | DER | PEM

This specifies the input format for the PKCS#7 structure.

The default is

.Em SMIME

@@ -5938,16 +6192,16 @@ and

format change this to expect PEM and DER format PKCS#7 structures

instead.

This currently only affects the input format of the PKCS#7

-structure, if no PKCS#7 structure is being input (for example with

+structure; if no PKCS#7 structure is being input (for example with

.Fl encrypt

-.Fl sign )

+.Fl sign ) ,

this option has no effect.

.It Fl out Ar filename

The message text that has been decrypted or verified, or the output

.Em MIME

format message that has been signed or verified.

-.It Fl outform Ar SMIME|PEM|DER

+.It Fl outform Ar SMIME | DER | PEM

This specifies the output format for the PKCS#7 structure.

The default is

.Em SMIME

@@ -5978,7 +6232,8 @@ and it uses the multipart/signed

.Em MIME

content type.

.It Fl text

-This option adds plain text (text/plain)

+This option adds plain text

+.Pq text/plain

.Em MIME

headers to the supplied message if encrypting or signing.

If decrypting or verifying it strips off text headers:

@@ -5988,36 +6243,44 @@ type text/plain then an error occurs.

.It Fl CAfile Ar file

.Ar file

-containing trusted CA certificates, only used with

+containing trusted CA certificates; only used with

.Fl verify .

.It Fl CApath Ar dir

.Ar directory

-containing trusted CA certificates, only used with

+containing trusted CA certificates; only used with

.Fl verify .

This directory must be a standard certificate directory;

that is, a hash of each subject name (using

.Nm x509 -hash )

should be linked to each certificate.

-.It Fl des des3 rc2-40 rc2-64 rc2-128

+.It Xo

+.Fl des | des3 | rc2-40 | rc2-64 |

+.Fl rc2-128 | aes128 | aes192 | aes256

+.Xc

The encryption algorithm to use.

-DES (56 bits), triple DES\s0 (168 bits)

-or 40, 64 or 128 bit RC2, respectively; if not specified 40 bit RC2 is

+DES

+.Pq 56 bits ,

+triple DES

+.Pq 168 bits ,

+40-, 64-, or 128-bit RC2, or 128-, 192-, or 256-bit AES, respectively;

+if not specified, 40-bit RC2 is

used.

Only used with

.Fl encrypt .

.It Fl nointern

-When verifying a message, normally certificates (if any) included in

-the message are searched for the signing certificate.

-With this option only the certificates specified in the

+When verifying a message, normally certificates

+.Pq if any

+included in the message are searched for the signing certificate.

+With this option, only the certificates specified in the

.Fl certfile

option are used.

The supplied certificates can still be used as untrusted CAs however.

.It Fl noverify

Do not verify the signer's certificate of a signed message.

.It Fl nochain

-Do not do chain verification of signers' certificates: that is don't

-use the certificates in the signed message as untrusted CAs.

+Do not do chain verification of signers' certificates: that is,

+don't use the certificates in the signed message as untrusted CAs.

.It Fl nosigs

Don't try to verify the signatures on the message.

.It Fl nocerts

@@ -6032,8 +6295,9 @@ Normally, when a message is signed a set of attributes are included which

include the signing time and supported symmetric algorithms.

With this option they are not included.

.It Fl binary

-Normally the input message is converted to "canonical" format which is

-effectively using CR and LF as end of line: as required by the

+Normally, the input message is converted to

+.Qq canonical

+format which is effectively using CR and LF as end of line: as required by the

.Em S/MIME

specification.

When this option is present no translation occurs.

@@ -6066,36 +6330,42 @@ must match one of the recipients of the message or an error occurs.

.It Fl inkey Ar file

The private key to use when signing or decrypting.

This must match the corresponding certificate.

-If this option is not specified then the private key must be included

+If this option is not specified, then the private key must be included

in the certificate file specified with

the

.Fl recip

.Fl signer

file.

+.It Fl keyform Ar PEM | ENGINE

+Input private key format.

.It Fl passin Ar arg

The private key password source.

For more information about the format of

-.Ar arg

+.Ar arg ,

see the

.Sx PASS PHRASE ARGUMENTS

section above.

+.It Fl crl_check

+Check revocation status of signer's certificate using CRLs.

+.It Fl crl_check_all

+Check revocation status of signer's certificate chain using CRLs.

+.It Fl engine Ar id

+Specifying an engine (by it's unique

+.Ar id

+string) will cause

+.Nm smime

+to attempt to obtain a functional reference to the specified engine,

+thus initialising it if needed.

+The engine will then be set as the default

+for all available algorithms.

.It Fl rand Ar file ...

-A

-.Ar file

-or

-.Ar file Ns Li s

+A file or files

containing random data used to seed the random number generator,

or an EGD socket (see

.Xr RAND_egd 3 ) .

-Multiple files can be specified separated by an OS-dependent character.

-The separator is

-.Cm \&;

-for MS-Windows,

-.Cm \&,

-for OpenVMS, and

-.Cm \&:

-for all others.

+Multiple files can be specified separated by a

+.Sq \&: .

.It Ar cert.pem ...

One or more certificates of message recipients: used when encrypting

a message.

@@ -6122,13 +6392,15 @@ necessary

.Em MIME

headers or many

.Em S/MIME

-clients won't display it properly (if at all).

+clients won't display it properly

+.Pq if at all .

You can use the

.Fl text

option to automatically add plain text headers.

.Pp

-A "signed and encrypted" message is one where a signed message is

-then encrypted.

+.Qq signed and encrypted

+message is one where a signed message is then encrypted.

This can be produced by encrypting an already signed message:

see the

.Sx SMIME EXAMPLES

@@ -6139,8 +6411,9 @@ will verify multiple signers on received messages.

Some

.Em S/MIME

clients choke if a message contains multiple signers.

-It is possible to sign messages "in parallel" by signing an already

-signed message.

+It is possible to sign messages

+.Qq in parallel

+by signing an already signed message.

.Pp

The options

.Fl encrypt

@@ -6167,56 +6440,58 @@ message.

An error occurred decrypting or verifying the message.

.It Ar 5

The message was verified correctly, but an error occurred writing out

-the signers certificates.

+the signer's certificates.

.El

.Sh SMIME EXAMPLES

Create a cleartext signed message:

-.Bd -literal

-\& $ openssl smime -sign -in message.txt -text -out mail.msg \e

-\& -signer mycert.pem

+.Bd -literal -offset indent

+$ openssl smime -sign -in message.txt -text -out mail.msg \e

+ -signer mycert.pem

.Ed

.Pp

Create an opaque signed message:

-.Bd -literal

-\& $ openssl smime -sign -in message.txt -text -out mail.msg -nodetach \e

-\& -signer mycert.pem

+.Bd -literal -offset indent

+$ openssl smime -sign -in message.txt -text -out mail.msg \e

+ -nodetach -signer mycert.pem

.Ed

.Pp

Create a signed message, include some additional certificates and

read the private key from another file:

-.Bd -literal

-\& $ openssl smime -sign -in in.txt -text -out mail.msg \e

-\& -signer mycert.pem -inkey mykey.pem -certfile mycerts.pem

+.Bd -literal -offset indent

+$ openssl smime -sign -in in.txt -text -out mail.msg \e

+ -signer mycert.pem -inkey mykey.pem -certfile mycerts.pem

.Ed

.Pp

-Send a signed message under Unix directly to

+Send a signed message under

+.Ux

+directly to

.Xr sendmail 8 ,

including headers:

-.Bd -literal

-\& $ openssl smime -sign -in in.txt -text -signer mycert.pem \e

-\& -from steve@openssl.org -to someone@somewhere \e

-\& -subject "Signed message" | sendmail someone@somewhere

+.Bd -literal -offset indent

+$ openssl smime -sign -in in.txt -text -signer mycert.pem \e

+ -from steve@openssl.org -to someone@somewhere \e

+ -subject "Signed message" | sendmail someone@somewhere

.Ed

.Pp

Verify a message and extract the signer's certificate if successful:

-.Bd -literal

-\& $ openssl smime -verify -in mail.msg -signer user.pem \e

-\& -out signedtext.txt

+.Bd -literal -offset indent

+$ openssl smime -verify -in mail.msg -signer user.pem \e

+ -out signedtext.txt

.Ed

.Pp

Send encrypted mail using triple DES:

-.Bd -literal

-\& $ openssl smime -encrypt -in in.txt -from steve@openssl.org \e

-\& -to someone@somewhere -subject "Encrypted message" \e

-\& -des3 user.pem -out mail.msg

+.Bd -literal -offset indent

+$ openssl smime -encrypt -in in.txt -from steve@openssl.org \e

+ -to someone@somewhere -subject "Encrypted message" \e

+ -des3 user.pem -out mail.msg

.Ed

.Pp

Sign and encrypt mail:

-.Bd -literal

-\& $ openssl smime -sign -in ml.txt -signer my.pem -text \e

-\& | openssl smime -encrypt -out mail.msg \e

-\& -from steve@openssl.org -to someone@somewhere \e

-\& -subject "Signed and Encrypted message" -des3 user.pem

+.Bd -literal -offset indent

+$ openssl smime -sign -in ml.txt -signer my.pem -text | \e

+ openssl smime -encrypt -out mail.msg \e

+ -from steve@openssl.org -to someone@somewhere \e

+ -subject "Signed and Encrypted message" -des3 user.pem

.Ed

.Pp

.Sy Note :

@@ -6227,28 +6502,30 @@ option because the message being encrypted already has

headers.

.Pp

Decrypt mail:

-.Pp

-\& $ openssl smime -decrypt -in mail.msg -recip mycert.pem -inkey key.pem

+.Bd -literal -offset indent

+$ openssl smime -decrypt -in mail.msg -recip mycert.pem \e

+ -inkey key.pem"

+.Ed

.Pp

The output from Netscape form signing is a PKCS#7 structure with the

detached signature format.

You can use this program to verify the signature by line wrapping the

base64 encoded structure and surrounding it with:

-.Bd -literal

-\& -----BEGIN PKCS7-----

-\& -----END PKCS7-----

+.Bd -unfilled -offset indent

+-----BEGIN PKCS7-----

+-----END PKCS7-----

.Ed

.Pp

and using the command:

-.Bd -literal

-\& $ openssl smime -verify -inform PEM -in signature.pem

-\& -content content.txt

+.Bd -literal -offset indent

+$ openssl smime -verify -inform PEM -in signature.pem \e

+ -content content.txt

.Ed

.Pp

Alternatively, you can base64 decode the signature and use:

-.Bd -literal

-\& $ openssl smime -verify -inform DER -in signature.der

-\& -content content.txt

+.Bd -literal -offset indent

+$ openssl smime -verify -inform DER -in signature.der \e

+ -content content.txt

.Ed

.Sh SMIME BUGS

The

@@ -6262,7 +6539,7 @@ extracted.

There should be some heuristic that determines the correct encryption

certificate.

.Pp

-Ideally a database should be maintained of a certificate for each email

+Ideally, a database should be maintained of a certificate for each email

address.

.Pp

The code doesn't currently take note of the permitted symmetric encryption

@@ -6276,7 +6553,7 @@ No revocation checking is done on the signer's certificate.

.Pp

The current code can only handle

.Em S/MIME

-v2 messages, the more complex

+v2 messages; the more complex

.Em S/MIME

v3 structures may cause parsing errors.

.\"

@@ -6284,37 +6561,63 @@ v3 structures may cause parsing errors.

.\"

.Sh SPEED

.Nm openssl speed

-.Op Fl engine Ar id

-.Op Cm md2

-.Op Cm mdc2

-.Op Cm md5

-.Op Cm hmac

-.Op Cm sha1

-.Op Cm rmd160

-.Op Cm idea-cbc

-.Op Cm rc2-cbc

-.Op Cm rc5-cbc

+.Bk -words

+.Op Cm aes

+.Op Cm aes-128-cbc

+.Op Cm aes-192-cbc

+.Op Cm aes-256-cbc

+.Op Cm blowfish

.Op Cm bf-cbc

+.Op Cm des

.Op Cm des-cbc

.Op Cm des-ede3

-.Op Cm rc4

-.Op Cm rsa512

-.Op Cm rsa1024

-.Op Cm rsa2048

-.Op Cm rsa4096

.Op Cm dsa512

.Op Cm dsa1024

.Op Cm dsa2048

-.Op Cm idea

+.Op Cm hmac

+.Op Cm md2

+.Op Cm md4

+.Op Cm md5

.Op Cm rc2

-.Op Cm des

+.Op Cm rc2-cbc

+.Op Cm rc4

+.Op Cm rmd160

.Op Cm rsa

-.Op Cm blowfish

+.Op Cm rsa512

+.Op Cm rsa1024

+.Op Cm rsa2048

+.Op Cm rsa4096

+.Op Cm sha1

+.Op Fl elapsed

+.Op Fl evp Ar e

+.Op Fl decrypt

+.Op Fl mr

+.Op Fl multi Ar number

+.Op Fl engine Ar id

+.Ek

.Pp

The

.Nm speed

command is used to test the performance of cryptographic algorithms.

.Bl -tag -width "XXXX"

+.It Cm [zero or more test algorithms]

+If any options are given,

+.Nm speed

+tests those algorithms, otherwise all of the above are tested.

+.It Fl elapsed

+Measure time in real time instead of CPU user time.

+.It Fl evp Ar e

+Use EVP

+.Ar e .

+.It Fl decrypt

+Time decryption instead of encryption

+.Pq only EVP .

+.It Fl mr

+Produce machine readable ouput.

+.It Fl multi Ar number

+Run

+.Ar number

+benchmarks in parallel.

.It Fl engine Ar id

Specifying an engine (by it's unique

.Ar id

@@ -6324,10 +6627,6 @@ to attempt to obtain a functional reference to the specified engine,

thus initialising it if needed.

The engine will then be set as the default

for all available algorithms.

-.It Cm [zero or more test algorithms]

-If any options are given,

-.Nm speed

-tests those algorithms, otherwise all of the above are tested.

.El

.\"

.\" SPKAC

@@ -6349,7 +6648,8 @@ tests those algorithms, otherwise all of the above are tested.

The

.Nm spkac

command processes Netscape signed public key and challenge

-(SPKAC) files.

+.Pq SPKAC

+files.

It can print out their contents, verify the signature and

produce its own SPKACs from a supplied private key.

.Pp

@@ -6377,7 +6677,7 @@ options are ignored if present.

.It Fl passin Ar password

The input file password source.

For more information about the format of

-.Ar arg

+.Ar arg ,

see the

.Sx PASS PHRASE ARGUMENTS

section above.

@@ -6393,18 +6693,18 @@ Allows an alternative name for the

containing the SPKAC.

The default is the default section.

.It Fl noout

-Don't output the text version of the SPKAC (not used if an

-SPKAC is being created).

+Don't output the text version of the SPKAC

+.Pq not used if an SPKAC is being created .

.It Fl pubkey

-Output the public key of an SPKAC (not used if an SPKAC is

-being created).

+Output the public key of an SPKAC

+.Pq not used if an SPKAC is being created .

.It Fl verify

Verifies the digital signature on the supplied SPKAC.

.It Fl engine Ar id

Specifying an engine (by it's unique

.Ar id

string) will cause

-.Nm req

+.Nm spkac

to attempt to obtain a functional reference to the specified engine,

thus initialising it if needed.

The engine will then be set as the default for all available algorithms.

@@ -6412,23 +6712,25 @@ The engine will then be set as the default for all available algorithms.

.Sh SPKAC EXAMPLES

Print out the contents of an SPKAC:

.Pp

-\& $ openssl spkac -in spkac.cnf

+.Dl $ openssl spkac -in spkac.cnf

.Pp

Verify the signature of an SPKAC:

.Pp

-\& $ openssl spkac -in spkac.cnf -noout -verify

+.Dl $ openssl spkac -in spkac.cnf -noout -verify

.Pp

-Create an SPKAC using the challenge string "hello":

+Create an SPKAC using the challenge string

+.Qq hello :

.Pp

-\& $ openssl spkac -key key.pem -challenge hello -out spkac.cnf

+.Dl $ openssl spkac -key key.pem -challenge hello -out spkac.cnf

.Pp

-Example of an SPKAC, (long lines split up for clarity):

-.Bd -literal

-\& SPKAC=MIG5MGUwXDANBgkqhkiG9w0BAQEFAANLADBIAkEA1cCoq2Wa3Ixs47uI7F\e

-\& PVwHVIPDx5yso105Y6zpozam135a8R0CpoRvkkigIyXfcCjiVi5oWk+6FfPaD03u\e

-\& PFoQIDAQABFgVoZWxsbzANBgkqhkiG9w0BAQQFAANBAFpQtY/FojdwkJh1bEIYuc\e

-\& 2EeM2KHTWPEepWYeawvHD0gQ3DngSC75YCWnnDdq+NQ3F+X4deMx9AaEglZtULwV\e

-\& 4=

+Example of an SPKAC,

+.Pq long lines split up for clarity :

+.Bd -unfilled -offset indent

+SPKAC=MIG5MGUwXDANBgkqhkiG9w0BAQEFAANLADBIAkEA1cCoq2Wa3Ixs47uI7F\e

+PVwHVIPDx5yso105Y6zpozam135a8R0CpoRvkkigIyXfcCjiVi5oWk+6FfPaD03u\e

+PFoQIDAQABFgVoZWxsbzANBgkqhkiG9w0BAQQFAANBAFpQtY/FojdwkJh1bEIYuc\e

+2EeM2KHTWPEepWYeawvHD0gQ3DngSC75YCWnnDdq+NQ3F+X4deMx9AaEglZtULwV\e

+4=

.Ed

.Sh SPKAC NOTES

A created SPKAC with suitable DN components appended can be fed into

@@ -6448,7 +6750,8 @@ string, some guarantee is given that the user knows the private key

corresponding to the public key being certified.

This is important in some applications.

Without this it is possible for a previous SPKAC

-to be used in a "replay attack".

+to be used in a

+.Qq replay attack .

.\"

.\" VERIFY

.\"

@@ -6461,6 +6764,8 @@ to be used in a "replay attack".

.Op Fl help

.Op Fl issuer_checks

.Op Fl verbose

+.Op Fl crl_check

+.Op Fl engine Ar id

.Op Fl

.Op Ar certificates

.Pp

@@ -6476,13 +6781,15 @@ A

of trusted certificates.

The certificates should have names of the form

.Em hash.0 ,

-or have symbolic links to them of this form.

+or have symbolic links to them of this form

("hash" is the hashed certificate subject name: see the

.Fl hash

option of the

.Nm x509

utility).

-Under Unix the

+Under

+.Ux ,

+the

.Nm c_rehash

script will automatically create symbolic links to a directory of certificates.

.It Fl CAfile Ar file

@@ -6523,16 +6830,26 @@ This shows why each candidate issuer certificate was rejected.

However the presence of rejection messages

does not itself imply that anything is wrong: during the normal

verify process several rejections may take place.

+.It Fl crl_check

+Check revocation status of signer's certificate using CRLs.

+.It Fl engine Ar id

+Specifying an engine (by it's unique

+.Ar id

+string) will cause

+.Nm verify

+to attempt to obtain a functional reference to the specified engine,

+thus initialising it if needed.

+The engine will then be set as the default for all available algorithms.

.It Fl

Marks the last option.

All arguments following this are assumed to be certificate files.

This is useful if the first certificate filename begins with a

-.Cm \&- .

+.Sq - .

.It Ar certificates

One or more

.Ar certificates

to verify.

-If no certificate filenames are included then an attempt is made to read

+If no certificate filenames are included, then an attempt is made to read

a certificate from standard input.

They should all be in

.Em PEM

@@ -6559,11 +6876,12 @@ and ending in the root CA.

It is an error if the whole chain cannot be built up.

The chain is built up by looking up the issuers certificate of the current

certificate.

-If a certificate is found which is its own issuer it is assumed

+If a certificate is found which is its own issuer, it is assumed

to be the root CA.

.Pp

-The process of 'looking up the issuers certificate' itself involves a number

-of steps.

+The process of

+.Qq looking up the issuers certificate

+itself involves a number of steps.

In versions of

.Nm OpenSSL

before 0.9.5a the first certificate whose subject name matched the issuer

@@ -6573,10 +6891,14 @@ In

0.9.6 and later all certificates whose subject name matches the issuer name

of the current certificate are subject to further tests.

The relevant authority key identifier components of the current certificate

-(if present) must match the subject key identifier (if present)

+.Pq if present

+must match the subject key identifier

+.Pq if present

and issuer and serial number of the candidate issuer; in addition the

.Em keyUsage

-extension of the candidate issuer (if present) must permit certificate signing.

+extension of the candidate issuer

+.Pq if present

+must permit certificate signing.

.Pp

The lookup first looks in the list of untrusted certificates and if no match

is found the remaining lookups are from the trusted certificates.

@@ -6589,9 +6911,10 @@ consistency with the supplied purpose.

If the

.Fl purpose

option is not included, then no checks are done.

-The supplied or "leaf" certificate must have extensions compatible with the

-supplied purpose and all other certificates must also be valid

-CA certificates.

+The supplied or

+.Qq leaf

+certificate must have extensions compatible with the supplied purpose

+and all other certificates must also be valid CA certificates.

The precise extensions required are described in more detail in

the

.Sx X509 CERTIFICATE EXTENSIONS

@@ -6620,15 +6943,15 @@ If any operation fails then the certificate is not valid.

.Sh VERIFY DIAGNOSTICS

When a verify operation fails, the output messages can be somewhat cryptic.

The general form of the error message is:

-.Bd -literal

-\& server.pem: /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test CA (1024 bit)

+.Bd -unfilled

+\& server.pem: /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Test CA (1024-bit)

\& error 24 at 1 depth lookup:invalid CA certificate

.Ed

.Pp

-The first line contains the name of the certificate being verified followed by

+The first line contains the name of the certificate being verified, followed by

the subject name of the certificate.

The second line contains the error number and the depth.

-The depth is number of the certificate being verified when a

+The depth is the number of the certificate being verified when a

problem was detected starting with zero for the certificate being verified

itself, then 1 for the CA that signed the certificate and so on.

Finally a text version of the error number is presented.

@@ -6637,7 +6960,8 @@ An exhaustive list of the error codes and messages is shown below; this also

includes the name of the error code as defined in the header file

.Aq Pa x509_vfy.h .

Some of the error codes are defined but never returned: these are described

-as "unused".

+as

+.Qq unused .

.Bl -tag -width "XXXX"

.It Ar "0 X509_V_OK: ok"

The operation was successful.

@@ -6782,12 +7106,7 @@ mishandled them.

.\"

.Sh VERSION

.Nm openssl version

-.Op Fl a

-.Op Fl v

-.Op Fl b

-.Op Fl o

-.Op Fl f

-.Op Fl p

+.Op Fl abdfopv

.Pp

The

.Nm version

@@ -6798,23 +7117,23 @@ The options are as follows:

.Bl -tag -width "XXXX"

.It Fl a

All information: this is the same as setting all the other flags.

-.It Fl v

-The current

-.Nm OpenSSL

-version.

.It Fl b

The date the current version of

.Nm OpenSSL

was built.

+.It Fl d

+.Ev OPENSSLDIR

+setting.

+.It Fl f

+Compilation flags.

.It Fl o

Option information: various options set when the library was built.

-.It Fl c

-Compilation flags.

.It Fl p

Platform setting.

-.It Fl d

-.Em OPENSSLDIR

-setting.

+.It Fl v

+The current

+.Nm OpenSSL

+version.

.El

.Sh VERSION NOTES

The output of

@@ -6832,13 +7151,14 @@ option was added in

.Sh X509

.Nm openssl x509

.Bk -words

-.Op Fl inform Ar DER|PEM|NET

-.Op Fl outform Ar DER|PEM|NET

-.Op Fl keyform Ar DER|PEM

-.Op Fl CAform Ar DER|PEM

-.Op Fl CAkeyform Ar DER|PEM

+.Op Fl inform Ar DER | PEM | NET

+.Op Fl outform Ar DER | PEM | NET

+.Op Fl keyform Ar DER | PEM

+.Op Fl CAform Ar DER | PEM

+.Op Fl CAkeyform Ar DER | PEM

.Op Fl in Ar filename

.Op Fl out Ar filename

+.Op Fl passin Ar arg

.Op Fl serial

.Op Fl hash

.Op Fl subject

@@ -6850,9 +7170,11 @@ option was added in

.Op Fl purpose

.Op Fl dates

.Op Fl modulus

+.Op Fl pubkey

.Op Fl fingerprint

.Op Fl alias

.Op Fl noout

+.Op Fl ocspid

.Op Fl trustout

.Op Fl clrtrust

.Op Fl clrreject

@@ -6860,6 +7182,7 @@ option was added in

.Op Fl addreject Ar arg

.Op Fl setalias Ar arg

.Op Fl days Ar arg

+.Op Fl checkend Ar arg

.Op Fl set_serial Ar n

.Op Fl signkey Ar filename

.Op Fl x509toreq

@@ -6870,7 +7193,7 @@ option was added in

.Op Fl CAserial Ar filename

.Op Fl text

.Op Fl C

-.Op Cm -md2|-md5|-sha1|-mdc2

+.Op Fl md2 | md5 | sha1

.Op Fl clrext

.Op Fl extfile Ar filename

.Op Fl extensions Ar section

@@ -6881,16 +7204,17 @@ The

.Nm x509

command is a multi-purpose certificate utility.

It can be used to display certificate information, convert certificates to

-various forms, sign certificate requests like a "mini CA" or edit

-certificate trust settings.

+various forms, sign certificate requests like a

+.Qq mini CA ,

+or edit certificate trust settings.

.Pp

Since there are a large number of options, they are split up into

various sections.

-.Sh X509 INPUT, OUTPUT AND GENERAL PURPOSE OPTIONS

+.Sh X509 INPUT, OUTPUT, AND GENERAL PURPOSE OPTIONS

.Bl -tag -width "XXXX"

-.It Fl inform Ar DER|PEM|NET

+.It Fl inform Ar DER | PEM | NET

This specifies the input format.

-Normally the command will expect an X509 certificate,

+Normally, the command will expect an X509 certificate,

but this can change if other options such as

.Fl req

are present.

@@ -6903,9 +7227,8 @@ The

.Ar NET

option is an obscure Netscape server format that is now

obsolete.

-.It Fl outform Ar DER|PEM|NET

-This specifies the output format;

-the options have the same meaning as the

+.It Fl outform Ar DER | PEM | NET

+This specifies the output format; the options have the same meaning as the

.Fl inform

option.

.It Fl in Ar filename

@@ -6916,22 +7239,29 @@ to read a certificate from or standard input if this option is not specified.

This specifies the output

.Ar filename

to write to or standard output by default.

-.It Fl md2|-md5|-sha1|-mdc2

+.It Fl passin Ar arg

+The key password source.

+For more information about the format of

+.Ar arg ,

+see the

+.Sx PASS PHRASE ARGUMENTS

+section above.

+.It Fl md2 | md5 | sha1

The digest to use.

This affects any signing or display option that uses a message digest,

such as the

-.Fl fingerprint , signkey

+.Fl fingerprint , signkey ,

and

.Fl CA

options.

-If not specified then MD5 is used.

-If the key being used to sign with is a DSA key then

+If not specified, then MD5 is used.

+If the key being used to sign with is a DSA key, then

this option has no effect: SHA1 is always used with DSA keys.

.It Fl engine Ar id

Specifying an engine (by it's unique

.Ar id

string) will cause

-.Nm req

+.Nm x509

to attempt to obtain a functional reference to the specified engine,

thus initialising it if needed.

The engine will then be set as the default for all available algorithms.

@@ -6959,19 +7289,25 @@ The

argument can be a single option or multiple options separated by commas.

The

.Fl certopt

-switch may be also be used more than once to set multiple options.

+switch may also be used more than once to set multiple options.

See the

.Sx X509 TEXT OPTIONS

section for more information.

.It Fl noout

This option prevents output of the encoded version of the request.

+.It Fl ocspid

+Print OCSP hash values for the subject name and public key.

.It Fl modulus

This option prints out the value of the modulus of the public key

contained in the certificate.

+.It Fl pubkey

+Ouput the public key.

.It Fl serial

Outputs the certificate serial number.

.It Fl hash

-Outputs the "hash" of the certificate subject name.

+Outputs the

+.Qq hash

+of the certificate subject name.

This is used in

.Nm OpenSSL

to form an index to allow certificates in a directory to be looked up

@@ -7017,11 +7353,13 @@ A

.Em trusted certificate

is an ordinary certificate which has several

additional pieces of information attached to it such as the permitted

-and prohibited uses of the certificate and an "alias".

+and prohibited uses of the certificate and an

+.Qq alias .

.Pp

-Normally when a certificate is being verified at least one certificate

-must be "trusted".

-By default a trusted certificate must be stored

+Normally, when a certificate is being verified at least one certificate

+must be

+.Qq trusted .

+By default, a trusted certificate must be stored

locally and must be a root CA: any certificate chain ending in this CA

is then usable for any purpose.

.Pp

@@ -7053,7 +7391,8 @@ are modified.

.It Fl setalias Ar arg

Sets the alias of the certificate.

This will allow the certificate to be referred to using a nickname,

-for example "Steve's Certificate".

+for example

+.Qq Steve's Certificate .

.It Fl alias

Outputs the certificate alias, if any.

.It Fl clrtrust

@@ -7064,18 +7403,12 @@ Clears all the prohibited or rejected uses of the certificate.

Adds a trusted certificate use.

Any object name can be used here, but currently only

.Ar clientAuth

-.Po Em SSL

- client use

-.Pc ,

+.Pq SSL client use ,

.Ar serverAuth

-.Po Em SSL

- server use

-.Pc

+.Pq SSL server use ,

and

.Ar emailProtection

-.Po Em S/MIME

- email

-.Pc

+.Pq S/MIME email

are used.

Other

.Nm OpenSSL

@@ -7088,7 +7421,7 @@ option.

.It Fl purpose

This option performs tests on the certificate extensions and outputs

the results.

-For a more complete description see the

+For a more complete description, see the

.Sx X509 CERTIFICATE EXTENSIONS

section.

.El

@@ -7096,15 +7429,18 @@ section.

The

.Nm x509

utility can be used to sign certificates and requests: it

-can thus behave like a "mini CA".

+can thus behave like a

+.Qq mini CA .

.Bl -tag -width "XXXX"

.It Fl signkey Ar filename

This option causes the input file to be self-signed using the supplied

private key.

.Pp

If the input file is a certificate, it sets the issuer name to the

-subject name (i.e. makes it self-signed), changes the public key to the

-supplied value and changes the start and end dates.

+subject name

+.Pq i.e. makes it self-signed ,

+changes the public key to the supplied value

+and changes the start and end dates.

The start date is set to the current time and the end date is set to

a value determined by the

.Fl days

@@ -7124,26 +7460,29 @@ certificate (for example with the

or the

.Fl CA

options).

-Normally all extensions are retained.

-.It Fl keyform Ar PEM|DER

+Normally, all extensions are retained.

+.It Fl keyform Ar DER | PEM

Specifies the format

-.Po Em DER

- or

-.Em PEM

-.Pc

+.Pq DER or PEM

of the private key file used in the

.Fl signkey

option.

.It Fl days Ar arg

Specifies the number of days to make a certificate valid for.

The default is 30 days.

+.It Fl checkend Ar arg

+Check whether the certificate expires in the next

+.Ar arg

+seconds.

+If so, exit with return value 1;

+otherwise exit with return value 0.

.It Fl x509toreq

Converts a certificate into a certificate request.

The

.Fl signkey

option is used to pass the required private key.

.It Fl req

-By default a certificate is expected on input.

+By default, a certificate is expected on input.

With this option a certificate request is expected instead.

.It Fl set_serial Ar n

Specifies the serial number to use.

@@ -7161,16 +7500,17 @@ or

options) is not used.

.Pp

The serial number can be decimal or hex (if preceded by

-.Em 0x ) .

+.Sq 0x ) .

Negative serial numbers can also be specified but their use is not recommended.

.It Fl CA Ar filename

Specifies the CA certificate to be used for signing.

-When this option is present

+When this option is present,

.Nm x509

-behaves like a "mini CA".

+behaves like a

+.Qq mini CA .

The input file is signed by the CA using this option;

that is, its issuer name is set to the subject name of the CA and it is

-digitally signed using the CAs private key.

+digitally signed using the CA's private key.

.Pp

This option is normally combined with the

.Fl req

@@ -7180,7 +7520,7 @@ Without the

option, the input is a certificate which must be self-signed.

.It Fl CAkey Ar filename

Sets the CA private key to sign a certificate with.

-If this option is not specified then it is assumed that the CA private key

+If this option is not specified, then it is assumed that the CA private key

is present in the CA certificate file.

.It Fl CAserial Ar filename

Sets the CA serial number file to use.

@@ -7197,25 +7537,31 @@ to the file again.

The default filename consists of the CA certificate file base name with

.Pa .srl

appended.

-For example if the CA certificate file is called

+For example, if the CA certificate file is called

.Pa mycacert.pem ,

it expects to find a serial number file called

.Pa mycacert.srl .

.It Fl CAcreateserial

With this option the CA serial number file is created if it does not exist:

-it will contain the serial number "02" and the certificate being signed will

-have 1 as its serial number.

-Normally if the

+it will contain the serial number

+.Sq 02

+and the certificate being signed will have

+.Sq 1

+as its serial number.

+Normally, if the

.Fl CA

-option is specified and the serial number file does not exist it is an error.

+option is specified and the serial number file does not exist, it is an error.

.It Fl extfile Ar filename

File containing certificate extensions to use.

If not specified, then no extensions are added to the certificate.

.It Fl extensions Ar section

The section to add certificate extensions from.

-If this option is not specified then the extensions should either be

-contained in the unnamed (default) section or the default section should

-contain a variable called "extensions" which contains the section to use.

+If this option is not specified, then the extensions should either be

+contained in the unnamed

+.Pq default

+section or the default section should contain a variable called

+.Qq extensions

+which contains the section to use.

.El

.Sh X509 NAME OPTIONS

The

@@ -7224,12 +7570,12 @@ command line switch determines how the subject and issuer

names are displayed.

If no

.Fl nameopt

-switch is present, the default "oneline"

+switch is present, the default

+.Qq oneline

format is used which is compatible with previous versions of

.Nm OpenSSL .

-Each option is described in detail below, all options can be preceded by

-a

-.Cm \&-

+Each option is described in detail below; all options can be preceded by a

+.Sq -

to turn the option off.

Only the first four will normally be used.

.Bl -tag -width "XXXX"

@@ -7258,37 +7604,44 @@ It is equivalent to

and

.Ar align .

.It Ar esc_2253

-Escape the "special" characters required by RFC 2253 in a field that is

-.Cm \& ,+"<>; .

+Escape the

+.Qq special

+characters required by RFC 2253 in a field that is

+.Dq \& ,+"<>; .

Additionally,

-.Cm \&#

+.Sq #

is escaped at the beginning of a string

and a space character at the beginning or end of a string.

.It Ar esc_ctrl

Escape control characters.

-That is, those with ASCII values less than

-0x20 (space) and the delete (0x7f) character.

-They are escaped using the RFC2253 \eXX notation (where XX are two hex

+That is, those with ASCII values less than 0x20

+.Pq space

+and the delete

+.Pq 0x7f

+character.

+They are escaped using the RFC 2253 \eXX notation (where XX are two hex

digits representing the character value).

.It Ar esc_msb

Escape characters with the MSB set; that is, with ASCII values larger than

127.

.It Ar use_quote

Escapes some characters by surrounding the whole string with

-.Cm \&"

+.Sq \&"

characters.

Without the option, all escaping is done with the

-.Cm \&\e

+.Sq \e

character.

.It Ar utf8

Convert all strings to UTF8 format first.

This is required by RFC 2253.

-If you are lucky enough to have a UTF8 compatible terminal then the use

+If you are lucky enough to have a UTF8 compatible terminal, then the use

of this option (and

.Em not

setting

.Ar esc_msb )

-may result in the correct display of multibyte (international) characters.

+may result in the correct display of multibyte

+.Pq international

+characters.

If this option is not present, then multibyte characters larger than 0xff

will be represented using the format \eUXXXX for 16 bits and \eWXXXXXXXX

for 32 bits.

@@ -7304,15 +7657,17 @@ looking output.

.It Ar show_type

Show the type of the ASN1 character string.

The type precedes the field contents.

-For example "BMPSTRING: Hello World".

+For example

+.Qq BMPSTRING: Hello World .

.It Ar dump_der

When this option is set, any fields that need to be hexdumped will

be dumped using the DER encoding of the field.

Otherwise just the content octets will be displayed.

-Both options use the RFC2253 #XXXX... format.

+Both options use the RFC 2253 #XXXX... format.

.It Ar dump_nostr

-Dump non-character string types (for example OCTET STRING); if this

-option is not set then non-character string types will be displayed

+Dump non-character string types

+.Pq for example OCTET STRING ;

+if this option is not set, then non-character string types will be displayed

as though each content octet represents a single character.

.It Ar dump_all

Dump all fields.

@@ -7326,12 +7681,13 @@ Dump any field whose OID is not recognised by

These options determine the field separators.

The first character is between RDNs and the second between multiple AVAs

(multiple AVAs are very rare and their use is discouraged).

-The options ending in "space" additionally place a space after the

-separator to make it more readable.

+The options ending in

+.Qq space

+additionally place a space after the separator to make it more readable.

The

.Ar sep_multiline

uses a linefeed character for the RDN separator and a spaced

-.Cm \&+

+.Sq +

for the AVA separator.

It also indents the fields by four characters.

.It Ar dn_rev

@@ -7344,7 +7700,9 @@ These options alter how the field name is displayed.

.Ar nofname

does not display the field at all.

.Ar sname

-uses the "short name" form (CN for

+uses the

+.Qq short name

+form (CN for

.Ar commonName ,

for example).

.Ar lname

@@ -7357,7 +7715,7 @@ Only usable with

.Ar sep_multiline .

.It Ar spc_eq

Places spaces round the

-.Cm \&=

+.Sq =

character which follows the field name.

.El

.Sh X509 TEXT OPTIONS

@@ -7373,8 +7731,10 @@ The default behaviour is to print all fields.

Use the old format.

This is equivalent to specifying no output options at all.

.It Ar no_header

-Don't print header information: that is, the lines saying "Certificate"

-and "Data".

+Don't print header information: that is, the lines saying

+.Qq Certificate

+and

+.Qq Data .

.It Ar no_version

Don't print out the version number.

.It Ar no_serial

@@ -7419,37 +7779,40 @@ and

.El

.Sh X509 EXAMPLES

.Sy Note :

-In these examples the '\e' means the example should be all on one

-line.

+In these examples the

+.Sq \e

+means the example should be all on one line.

.Pp

Display the contents of a certificate:

.Pp

-\& $ openssl x509 -in cert.pem -noout -text

+.Dl $ openssl x509 -in cert.pem -noout -text

.Pp

Display the certificate serial number:

.Pp

-\& $ openssl x509 -in cert.pem -noout -serial

+.Dl $ openssl x509 -in cert.pem -noout -serial

.Pp

Display the certificate subject name:

.Pp

-\& $ openssl x509 -in cert.pem -noout -subject

+.Dl $ openssl x509 -in cert.pem -noout -subject

.Pp

-Display the certificate subject name in RFC2253 form:

+Display the certificate subject name in RFC 2253 form:

.Pp

-\& $ openssl x509 -in cert.pem -noout -subject -nameopt RFC2253

+.Dl $ openssl x509 -in cert.pem -noout -subject -nameopt RFC2253

.Pp

Display the certificate subject name in oneline form on a terminal

supporting UTF8:

-.Pp

-\& $ openssl x509 -in cert.pem -noout -subject -nameopt oneline,-escmsb

+.Bd -literal -offset indent

+$ openssl x509 -in cert.pem -noout -subject \e

+ -nameopt oneline,-escmsb

+.Ed

.Pp

Display the certificate MD5 fingerprint:

.Pp

-\& $ openssl x509 -in cert.pem -noout -fingerprint

+.Dl $ openssl x509 -in cert.pem -noout -fingerprint

.Pp

Display the certificate SHA1 fingerprint:

.Pp

-\& $ openssl x509 -sha1 -in cert.pem -noout -fingerprint

+.Dl $ openssl x509 -sha1 -in cert.pem -noout -fingerprint

.Pp

Convert a certificate from

.Em PEM

@@ -7457,51 +7820,54 @@ to

.Em DER

format:

.Pp

-\& $ openssl x509 -in cert.pem -inform PEM -out cert.der -outform DER

+.Dl "$ openssl x509 -in cert.pem -inform PEM -out cert.der -outform DER"

.Pp

Convert a certificate to a certificate request:

-.Pp

-\& $ openssl x509 -x509toreq -in cert.pem -out req.pem -signkey key.pem

+.Bd -literal -offset indent

+$ openssl x509 -x509toreq -in cert.pem -out req.pem \e

+ -signkey key.pem

+.Ed

.Pp

Convert a certificate request into a self-signed certificate using

extensions for a CA:

-.Bd -literal

-\& $ openssl x509 -req -in careq.pem -extfile openssl.cnf -extensions \e

-\& v3_ca -signkey key.pem -out cacert.pem

+.Bd -literal -offset indent

+$ openssl x509 -req -in careq.pem -extfile openssl.cnf -extensions \e

+ v3_ca -signkey key.pem -out cacert.pem

.Ed

.Pp

Sign a certificate request using the CA certificate above and add user

certificate extensions:

-.Bd -literal

-\& $ openssl x509 -req -in req.pem -extfile openssl.cnf -extensions \e

+.Bd -literal -offset indent

+$ openssl x509 -req -in req.pem -extfile openssl.cnf -extensions \e

v3_usr -CA cacert.pem -CAkey key.pem -CAcreateserial

.Ed

.Pp

Set a certificate to be trusted for SSL

-client use and set its alias to "Steve's Class 1 CA":

-.Bd -literal

-\& $ openssl x509 -in cert.pem -addtrust clientAuth \e

-\& -setalias "Steve's Class 1 CA" -out trust.pem

+client use and set its alias to

+.Qq Steve's Class 1 CA :

+.Bd -literal -offset indent

+$ openssl x509 -in cert.pem -addtrust clientAuth \e

+ -setalias "Steve's Class 1 CA" -out trust.pem

.Ed

.Sh X509 NOTES

The

.Em PEM

format uses the header and footer lines:

-.Bd -literal

-\& -----BEGIN CERTIFICATE-----

-\& -----END CERTIFICATE-----

+.Bd -unfilled -offset indent

+-----BEGIN CERTIFICATE-----

+-----END CERTIFICATE-----

.Ed

.Pp

It will also handle files containing:

-.Bd -literal

-\& -----BEGIN X509 CERTIFICATE-----

-\& -----END X509 CERTIFICATE-----

+.Bd -unfilled -offset indent

+-----BEGIN X509 CERTIFICATE-----

+-----END X509 CERTIFICATE-----

.Ed

.Pp

Trusted certificates have the lines:

-.Bd -literal

-\& -----BEGIN TRUSTED CERTIFICATE-----

-\& -----END TRUSTED CERTIFICATE-----

+.Bd -unfilled -offset indent

+-----BEGIN TRUSTED CERTIFICATE-----

+-----END TRUSTED CERTIFICATE-----

.Ed

.Pp

The conversion to UTF8 format used with the name options assumes that

@@ -7513,7 +7879,8 @@ it is more likely to display the majority of certificates correctly.

The

.Fl fingerprint

option takes the digest of the DER encoded certificate.

-This is commonly called a "fingerprint".

+This is commonly called a

+.Qq fingerprint .

Because of the nature of message digests, the fingerprint of a certificate

is unique to that certificate and two certificates with the same fingerprint

can be considered to be the same.

@@ -7542,22 +7909,24 @@ The

.Em basicConstraints

extension CA flag is used to determine whether the

certificate can be used as a CA.

-If the CA flag is true then it is a CA,

-if the CA flag is false then it is not a CA.

+If the CA flag is true, then it is a CA;

+if the CA flag is false, then it is not a CA.

.Em All

CAs should have the CA flag set to true.

.Pp

If the

.Em basicConstraints

-extension is absent then the certificate is

-considered to be a "possible CA"; other extensions are checked according

-to the intended use of the certificate.

+extension is absent, then the certificate is

+considered to be a

+.Qq possible CA ;

+other extensions are checked according to the intended use of the certificate.

A warning is given in this case because the certificate should really not

be regarded as a CA: however,

it is allowed to be a CA to work around some broken software.

.Pp

-If the certificate is a V1 certificate (and thus has no extensions) and

-it is self-signed, it is also assumed to be a CA but a warning is again

+If the certificate is a V1 certificate

+.Pq and thus has no extensions

+and it is self-signed, it is also assumed to be a CA but a warning is again

given: this is to work around the problem of Verisign roots which are V1

self-signed certificates.

.Pp

@@ -7575,7 +7944,8 @@ extension is present.

.Pp

The extended key usage extension places additional restrictions on the

certificate uses.

-If this extension is present (whether critical or not)

+If this extension is present

+.Pq whether critical or not ,

the key can only be used for the purposes specified.

.Pp

A complete description of each test is given below.

@@ -7589,7 +7959,8 @@ CA certificates.

.Bl -tag -width "XXXX"

.It Ar SSL Client

The extended key usage extension must be absent or include the

-"web client authentication" OID.

+.Qq web client authentication

+OID.

.Ar keyUsage

must be absent or it must have the

.Em digitalSignature

@@ -7598,14 +7969,16 @@ Netscape certificate type must be absent or it must have the SSL

client bit set.

.It Ar SSL Client CA

The extended key usage extension must be absent or include the

-"web client authentication" OID.

+.Qq web client authentication

+OID.

Netscape certificate type must be absent or it must have the SSL CA

bit set: this is used as a work around if the

.Em basicConstraints

extension is absent.

.It Ar SSL Server

The extended key usage extension must be absent or include the

-"web server authentication" and/or one of the SGC OIDs.

+.Qq web server authentication

+and/or one of the SGC OIDs.

.Em keyUsage

must be absent or it must have the

.Em digitalSignature

@@ -7615,7 +7988,8 @@ set, or both bits set.

Netscape certificate type must be absent or have the SSL server bit set.

.It Ar SSL Server CA

The extended key usage extension must be absent or include the

-"web server authentication" and/or one of the SGC OIDs.

+.Qq web server authentication

+and/or one of the SGC OIDs.

Netscape certificate type must be absent or the SSL CA

bit must be set: this is used as a work around if the

.Em basicConstraints

@@ -7631,13 +8005,14 @@ digital signing.

Otherwise it is the same as a normal SSL server.

.It Ar Common S/MIME Client Tests

The extended key usage extension must be absent or include the

-"email protection" OID.

+.Qq email protection

+OID.

Netscape certificate type must be absent or should have the

.Em S/MIME

bit set.

If the

.Em S/MIME

-bit is not set in netscape certificate type, then the SSL

+bit is not set in Netscape certificate type, then the SSL

client bit is tolerated as an alternative but a warning is shown:

this is because some Verisign certificates don't set the

.Em S/MIME

@@ -7660,7 +8035,8 @@ bit must be set if the

extension is present.

.It Ar S/MIME CA

The extended key usage extension must be absent or include the

-"email protection" OID.

+.Qq email protection

+OID.

Netscape certificate type must be absent or must have the

.Em S/MIME CA

bit set: this is used as a work around if the