openssl - OpenSSL command line tool
openssl command [command_opts] [command_args]
openssl [list-standard-commands |
list-message-digest-commands |
list-cipher-commands]
openssl no-XXX [arbitrary options]
OpenSSL is a cryptography toolkit implementing the Secure
Sockets Layer
(SSL v2/v3) and Transport Layer Security (TLS v1) network
protocols and
related cryptography standards required by them.
The openssl program is a command line tool for using the
various cryptography
functions of OpenSSL's crypto library from the shell.
It can be
used for
+o Creation of RSA, DH and DSA key parameters
+o Creation of X.509 certificates, CSRs and CRLs
+o Calculation of Message Digests
+o Encryption and Decryption with Ciphers
+o SSL/TLS Client and Server Tests
+o Handling of S/MIME signed or encrypted mail
The openssl program provides a rich variety of commands
(command in the
SYNOPSIS above), each of which often has a wealth of options
and arguments
(command_opts and command_args in the SYNOPSIS).
The pseudo-commands list-standard-commands,
list-message-digest-commands,
and list-cipher-commands output a list (one entry per line)
of the names
of all standard commands, message digest commands, or cipher
commands,
respectively, that are available in the present openssl
utility.
The pseudo-command no-XXX tests whether a command of the
specified name
is available. If no command named XXX exists, it returns 0
(success) and
prints no-XXX; otherwise it returns 1 and prints XXX. In
both cases, the
output goes to stdout and nothing is printed to stderr. Additional command
line arguments are always ignored. Since for each cipher there is a
command of the same name, this provides an easy way for
shell scripts to
test for the availability of ciphers in the openssl program.
Note: no-XXX is not able to detect pseudo-commands such as
quit,
list-...-commands, or no-XXX itself.
asn1parse Parse an ASN.1 sequence.
ca Certificate Authority (CA) Management.
ciphers Cipher Suite Description Determination.
crl Certificate Revocation List (CRL) Management.
crl2pkcs7 CRL to PKCS#7 Conversion.
dgst Message Digest Calculation.
dh Diffie-Hellman Parameter Management. Obsoleted
by dhparam.
dhparam Generation and Management of Diffie-Hellman Parameters.
dsa DSA Data Management.
dsaparam DSA Parameter Generation.
enc Encoding with Ciphers.
errstr Error Number to Error String Conversion.
gendh Generation of Diffie-Hellman Parameters. Obsoleted by
dhparam.
gendsa Generation of DSA Parameters.
genrsa Generation of RSA Parameters.
nseq Create or examine a Netscape certificate sequence.
ocsp Online Certificate Status Protocol utility.
passwd Generation of hashed passwords.
pkcs7 PKCS#7 Data Management.
pkcs8 PKCS#8 Data Management.
pkcs12 PKCS#12 Data Management.
rand Generate pseudo-random bytes.
req X.509 Certificate Signing Request (CSR) Management.
rsa RSA Data Management.
rsautl RSA utility for signing, verification, encryption, and decryption.
s_client This implements a generic SSL/TLS client which
can establish a
transparent connection to a remote server speaking SSL/TLS.
It's intended for testing purposes only and provides only
rudimentary interface functionality but internally uses mostly
all functionality of the OpenSSL ssl library.
s_server This implements a generic SSL/TLS server which
accepts connections
from remote clients speaking SSL/TLS. It's
intended for
testing purposes only and provides only rudimentary interface
functionality but internally uses mostly all
functionality of
the OpenSSL ssl library. It provides both an own
command line
oriented protocol for testing SSL functions and a
simple HTTP
response facility to emulate an SSL/TLS-aware
webserver.
s_time SSL Connection Timer.
sess_id SSL Session Data Management.
smime S/MIME mail processing.
speed Algorithm Speed Measurement.
spkac SPKAC printing and generating utility.
verify X.509 Certificate Verification.
version OpenSSL Version Information.
x509 X.509 Certificate Data Management.
MESSAGE DIGEST COMMANDS [Toc] [Back] md2 MD2 Digest.
md4 MD4 Digest.
md5 MD5 Digest.
ripemd160 RIPEMD-160 Digest.
sha SHA Digest.
sha1 SHA-1 Digest.
ENCODING AND CIPHER COMMANDS [Toc] [Back] aes-128-cbc | aes-128-ecb | aes-192-cbc | aes-192-ecb |
aes-256-cbc | aes-256-ecb
AES Cipher.
base64 Base64 Encoding.
bf | bf-cbc | bf-cfb | bf-ecb | bf-ofb
Blowfish Cipher.
cast | cast-cbc
CAST Cipher.
cast5-cbc | cast5-cfb | cast5-ecb | cast5-ofb
CAST5 Cipher.
des | des-cbc | des-cfb | des-ecb | des-ede | des-ede-cbc
des-ede-cfb | des-ede-ofb | des-ofb
DES Cipher.
des3 | desx | des-ede3 | des-ede3-cbc | des-ede3-cfb |
des-ede3-ofb
Triple DES Cipher.
rc2 | rc2-40-cbc | rc2-64-cbc | rc2-cbc | rc2-cfb | rc2-ecb
| rc2-ofb
RC2 Cipher.
rc4 | rc4-40
RC4 Cipher.
PASS PHRASE ARGUMENTS [Toc] [Back] Several commands accept password arguments, typically using
-passin and
-passout for input and output passwords, respectively.
These allow the
password to be obtained from a variety of sources. Both of
these options
take a single argument whose format is described below. If
no password
argument is given and a password is required, then the user
is prompted
to enter one: this will typically be read from the current
terminal with
echoing turned off.
pass:password
The actual password is password. Since the password is visible
to utilities (like ps(1) under UNIX) this
form should only
be used where security is not important.
env:var Obtain the password from the environment variable
var. Since
the environment of other processes is visible on
certain platforms
(e.g. ps(1) under certain UNIX OSes) this
option should
be used with caution.
file:path The first line of path is the password. If the
same path argument
is supplied to -passin and -passout, then
the first
line will be used for the input password and the
next line for
the output password. path need not refer to a
regular file:
it could, for example, refer to a device or named
pipe.
fd:number Read the password from the file descriptor
number. This can
be used to send the data via a pipe for example.
stdin Read the password from standard input.
openssl asn1parse [-dump] [-i] [-noout] [-dlimit number]
[-in file]
[-inform DER | PEM | TXT] [-length number] [-offset number]
[-oid file]
[-out file] [-strparse offset]
The asn1parse command is a diagnostic utility that can parse
ASN.1 structures.
It can also be used to extract data from ASN.1 formatted data.
The options are as follows:
-dlimit number
Dump the first number bytes of unknown data in hex
form.
-dump Dump unknown data in hex form.
-i Indents the output according to the "depth" of the
structures.
-in file
The input file; default is standard input.
-inform DER | PEM | TXT
The input format. DER (Distinguished Encoding
Rules) is binary
format and PEM (Privacy Enhanced Mail), the default,
is
base64-encoded. TXT is plain text.
-length number
Number of bytes to parse; default is until end of
file.
-noout Don't output the parsed version of the input file.
-offset number
Starting offset to begin parsing; default is start
of file.
-oid file
A file containing additional object identifiers
(OIDs). The format
of this file is described in the ASN1PARSE NOTES
section below.
-out file
Output file to place the DER-encoded data into. If
this option
is not present, no encoded data will be output.
This is most
useful when combined with the -strparse option.
-strparse offset
Parse the content octets of the ASN.1 object starting at offset.
This option can be used multiple times to "drill
down" into a
nested structure.
The output will typically contain lines like this:
0:d=0 hl=4 l= 681 cons: SEQUENCE
.....
229:d=3 hl=3 l= 141 prim: BIT STRING
373:d=2 hl=3 l= 162 cons: cont [ 3 ]
376:d=3 hl=3 l= 159 cons: SEQUENCE
379:d=4 hl=2 l= 29 cons: SEQUENCE
381:d=5 hl=2 l= 3 prim: OBJECT :X509v3 Subject
Key Identifier
386:d=5 hl=2 l= 22 prim: OCTET STRING
410:d=4 hl=2 l= 112 cons: SEQUENCE
412:d=5 hl=2 l= 3 prim: OBJECT :X509v3 Authority
Key Identifier
417:d=5 hl=2 l= 105 prim: OCTET STRING
524:d=4 hl=2 l= 12 cons: SEQUENCE
.....
This example is part of a self-signed certificate. Each
line starts with
the offset in decimal. d=XX specifies the current depth.
The depth is
increased within the scope of any SET or SEQUENCE. hl=XX
gives the header
length (tag and length octets) of the current type. l=XX
gives the
length of the content octets.
The -i option can be used to make the output more readable.
Some knowledge of the ASN.1 structure is needed to interpret
the output.
In this example, the BIT STRING at offset 229 is the certificate public
key. The content octets of this will contain the public key
information.
This can be examined using the option -strparse 229 to
yield:
0:d=0 hl=3 l= 137 cons: SEQUENCE
3:d=1 hl=3 l= 129 prim: INTEGER
:E5D21E1F5C8D208EA7A2166C7FA
F9F6BDF2059669C60876DDB70840F1A5AAFA59699FE471F379F1DD6A487E7D5409AB6A88D4A
9746E24B91D8CF55DB3521015460C8EDE44EE8A4189F7A7BE77D6CD3A9AF2696F486855CF58
BF0EDF2B4068058C7A947F52548DDF7E15E96B385F86422BEA9064A3EE9
135:d=1 hl=2 l= 3 prim: INTEGER :010001
If an OID (object identifier) is not part of OpenSSL's internal table it
will be represented in numerical form (for example 1.2.3.4).
The file
passed to the -oid option allows additional OIDs to be included. Each
line consists of three columns: the first column is the OID
in numerical
format and should be followed by whitespace. The second
column is the
"short name" which is a single word followed by whitespace.
The final
column is the rest of the line and is the "long name".
asn1parse displays
the long name. Example:
"1.2.3.4 shortname A long name"
There should be options to change the format of input lines.
The output
of some ASN.1 types is not well handled (if at all).
openssl ca [-batch] [-gencrl] [-infiles] [-msie_hack]
[-noemailDN]
[-notext] [-preserveDN] [-updatedb] [-verbose] [-cert file]
[-config file] [-crl_CA_compromise time] [-crl_compromise
time]
[-crl_hold instruction] [-crl_reason reason] [-crldays days]
[-crlexts section] [-crlhours hours] [-days arg] [-enddate
date]
[-engine id] [-extensions section] [-extfile section] [-in
file]
[-key keyfile] [-keyfile arg] [-keyform ENGINE | PEM] [-md
arg]
[-name section] [-out file] [-outdir dir] [-passin arg]
[-policy arg]
[-revoke file] [-spkac file] [-ss_cert file] [-startdate
date]
[-status serial] [-subj arg]
The ca command is a minimal CA application. It can be used
to sign certificate
requests in a variety of forms and generate CRLs.
It also maintains
a text database of issued certificates and their status.
The options descriptions will be divided into each purpose.
-batch
This sets the batch mode. In this mode no questions
will be asked
and all certificates will be certified automatically.
-cert file
The CA certificate file.
-config file
Specifies the configuration file to use.
-days arg
The number of days to certify the certificate for.
-enddate date
This allows the expiry date to be explicitly set. The
format of
the date is YYMMDDHHMMSSZ (the same as an ASN1 UTCTime
structure).
-engine id
Specifying an engine (by it's unique id string) will
cause ca to
attempt to obtain a functional reference to the specified engine,
thus initialising it if needed. The engine will then
be set as the
default for all available algorithms.
-extensions section
The section of the configuration file containing certificate extensions
to be added when a certificate is issued (defaults to
X509_extensions unless the -extfile option is used).
If no extension
section is present, a V1 certificate is created.
If the extension
section is present (even if it is empty), then
a V3 certificate
is created.
-extfile file
An additional configuration file to read certificate
extensions
from (using the default section unless the -extensions
option is
also used).
-in file
An input file containing a single certificate request
to be signed
by the CA.
-infiles
If present, this should be the last option; all subsequent arguments
are assumed to be the names of files containing
certificate
requests.
-key keyfile
The password used to encrypt the private key. Since
on some systems
the command line arguments are visible (e.g. UNIX
with the
ps(1) utility) this option should be used with caution.
-keyfile file
The private key to sign requests with.
-keyform ENGINE | PEM
Private key file format.
-md alg
The message digest to use. Possible values include
md5 and sha1.
This option also applies to CRLs.
-msie_hack
This is a legacy option to make ca work with very old
versions of
the IE certificate enrollment control "certenr3". It
used UniversalStrings
for almost everything. Since the old control has various
security bugs, its use is strongly discouraged.
The newer control
"Xenroll" does not need this option.
-name section
Specifies the configuration file section to use (overrides
default_ca in the ca section).
-noemailDN
The DN of a certificate can contain the EMAIL field if
present in
the request DN, however it is good policy just having
the e-mail
set into the altName extension of the certificate.
When this option
is set, the EMAIL field is removed from the certificate's subject
and set only in the, eventually present, extensions. The
email_in_dn keyword can be used in the configuration
file to enable
this behaviour.
-notext
Don't output the text form of a certificate to the
output file.
-out file
The output file to output certificates to. The default is standard
output. The certificate details will also be printed
out to this
file.
-outdir directory
The directory to output certificates to. The certificate will be
written to a file consisting of the serial number in
hex with
".pem" appended.
-passin arg
The key password source. For more information about
the format of
arg, see the PASS PHRASE ARGUMENTS section above.
-policy arg
This option defines the CA "policy" to use. This is a
section in
the configuration file which decides which fields
should be mandatory
or match the CA certificate. Check out the CA
POLICY FORMAT
section for more information.
-preserveDN
Normally, the DN order of a certificate is the same as
the order of
the fields in the relevant policy section. When this
option is
set, the order is the same as the request. This is
largely for
compatibility with the older IE enrollment control
which would only
accept certificates if their DNs matched the order of
the request.
This is not needed for Xenroll.
-spkac file
A file containing a single Netscape signed public key
and challenge,
and additional field values to be signed by the
CA. See the
SPKAC FORMAT section for information on the required
format.
-ss_cert file
A single self-signed certificate to be signed by the
CA.
-startdate date
This allows the start date to be explicitly set. The
format of the
date is YYMMDDHHMMSSZ (the same as an ASN1 UTCTime
structure).
-status serial
Show status of certificate with serial number serial.
-updatedb
Update database for expired certificates.
-verbose
This prints extra details about the operations being
performed.
-crl_CA_compromise time
This is the same as -crl_compromise, except the revocation reason
is set to CACompromise.
-crl_compromise time
This sets the revocation reason to keyCompromise and
the compromise
time to time. time should be in GeneralizedTime format, i.e.
YYYYMMDDHHMMSSZ.
-crl_hold instruction
This sets the CRL revocation reason code to certificateHold and the
hold instruction to instruction which must be an OID.
Although any
OID can be used, only holdInstructionNone (the use of
which is discouraged
by RFC 2459), holdInstructionCallIssuer or
holdInstructionReject
will normally be used.
-crl_reason reason
Revocation reason, where reason is one of: unspecified, keyCompromise,
CACompromise, affiliationChanged, superseded,
cessationOfOperation,
certificateHold or removeFromCRL. The matching of reason
is case insensitive. Setting any revocation reason
will make the
CRL v2. In practice, removeFromCRL is not particularly useful because
it is only used in delta CRLs which are not currently implemented.
-crldays num
The number of days before the next CRL is due. This
is the days
from now to place in the CRL nextUpdate field.
-crlexts section
The section of the configuration file containing CRL
extensions to
include. If no CRL extension section is present then
a V1 CRL is
created; if the CRL extension section is present (even
if it is
empty) then a V2 CRL is created. The CRL extensions
specified are
CRL extensions and not CRL entry extensions. It
should be noted
that some software (for example Netscape) can't handle
V2 CRLs.
-crlhours num
The number of hours before the next CRL is due.
-gencrl
This option generates a CRL based on information in
the index file.
-revoke file
A file containing a certificate to revoke.
-subj arg
Supersedes the subject name given in the request. The
arg must be
formatted as /type0=value0/type1=value1/type2=...;
characters may
be escaped by `' (backslash), no spaces are skipped.
CA CONFIGURATION FILE OPTIONS [Toc] [Back] The section of the configuration file containing options for
ca is found
as follows: If the -name command line option is used, then
it names the
section to be used. Otherwise the section to be used must
be named in
the default_CA option of the CA section of the configuration
file (or in
the default section of the configuration file). Besides
default_CA, the
following options are read directly from the CA section:
RANDFILE
preserve
msie_hack
With the exception of RANDFILE, this is probably a bug and
may change in
future releases.
Many of the configuration file options are identical to command line options.
Where the option is present in the configuration
file and the
command line, the command line value is used. Where an option is described
as mandatory, then it must be present in the configuration file
or the command line equivalent (if any) used.
certificate
The same as -cert. It gives the file containing the
CA certificate.
Mandatory.
copy_extensions
Determines how extensions in certificate requests
should be handled.
If set to none or this option is not present,
then extensions
are ignored and not copied to the certificate.
If set to
copy, then any extensions present in the request that
are not already
present are copied to the certificate. If set
to copyall,
then all extensions in the request are copied to the
certificate:
if the extension is already present in the certificate
it is deleted
first. See the CA WARNINGS section before using
this option.
The main use of this option is to allow a certificate
request to
supply values for certain extensions such as
subjectAltName.
CRL_extensions
The same as -crlexts.
database
The text database file to use. Mandatory. This file
must be present,
though initially it will be empty.
default_CRL_hours, default_CRL_days
The same as the -crlhours and -crldays options. These
will only be
used if neither command line option is present. At
least one of
these must be present to generate a CRL.
default_days
The same as the -days option. The number of days to
certify a certificate
for.
default_enddate
The same as the -enddate option. Either this option
or
default_days (or the command line equivalents) must be
present.
default_md
The same as the -md option. The message digest to
use. Mandatory.
default_startdate
The same as the -startdate option. The start date to
certify a
certificate for. If not set, the current time is
used.
email_in_dn
The same as -noemailDN. If the EMAIL field is to be
removed from
the DN of the certificate, simply set this to "no".
If not present,
the default is to allow for the EMAIL field in
the certificate's
DN.
msie_hack
The same as -msie_hack.
nameopt, certopt
These options allow the format used to display the
certificate details
when asking the user to confirm signing. All
the options
supported by the x509 utilities' -nameopt and -certopt
switches can
be used here, except that no_signame and no_sigdump
are permanently
set and cannot be disabled (this is because the certificate signature
cannot be displayed because the certificate has
not been
signed at this point).
For convenience, the value CA_default is accepted by
both to produce
a reasonable output.
If neither option is present, the format used in earlier versions
of OpenSSL is used. Use of the old format is strongly
discouraged
because it only displays fields mentioned in the
policy section,
mishandles multicharacter string types and does not
display extensions.
new_certs_dir
The same as the -outdir command line option. It specifies the directory
where new certificates will be placed. Mandatory.
oid_file
This specifies a file containing additional object
identifiers.
Each line of the file should consist of the numerical
form of the
object identifier followed by whitespace, then the
short name followed
by whitespace and finally the long name.
oid_section
This specifies a section in the configuration file
containing extra
object identifiers. Each line should consist of the
short name of
the object identifier followed by `=' and the numerical form. The
short and long names are the same when this option is
used.
policy
The same as -policy. Mandatory. See the CA POLICY
FORMAT section
for more information.
preserve
The same as -preserveDN.
private_key
Same as the -keyfile option. The file containing the
CA private
key. Mandatory.
RANDFILE
A file used to read and write random number seed information, or an
EGD socket (see RAND_egd(3)).
serial
A text file containing the next serial number to use
in hex.
Mandatory. This file must be present and contain a
valid serial
number.
X509_extensions
The same as -extensions.
The policy section consists of a set of variables corresponding to certificate
DN fields. If the value is "match", then the field
value must
match the same field in the CA certificate. If the value is
"supplied",
then it must be present. If the value is "optional", then
it may be present.
Any fields not mentioned in the policy section are
silently deleted,
unless the -preserveDN option is set, but this can be
regarded more
of a quirk than intended behaviour.
The input to the -spkac command line option is a Netscape
signed public
key and challenge. This will usually come from the KEYGEN
tag in an HTML
form to create a new private key. It is, however, possible
to create SPKACs
using the spkac utility.
The file should contain the variable SPKAC set to the value
of the SPKAC
and also the required DN components as name value pairs. If
it's necessary
to include the same component twice, then it can be
preceded by a
number and a `.'.
Note: these examples assume that the ca directory structure
is already
set up and the relevant files already exist. This usually
involves creating
a CA certificate and private key with req, a serial
number file and
an empty index file and placing them in the relevant directories.
To use the sample configuration file below, the directories
demoCA,
demoCA/private and demoCA/newcerts would be created. The CA
certificate
would be copied to demoCA/cacert.pem and its private key to
demoCA/private/cakey.pem. A file demoCA/serial would be
created containing,
for example, "01" and the empty index file
demoCA/index.txt.
Sign a certificate request:
$ openssl ca -in req.pem -out newcert.pem
Sign a certificate request, using CA extensions:
$ openssl ca -in req.pem -extensions v3_ca -out
newcert.pem
Generate a CRL:
$ openssl ca -gencrl -out crl.pem
Sign several requests:
$ openssl ca -infiles req1.pem req2.pem req3.pem
Certify a Netscape SPKAC:
$ openssl ca -spkac spkac.txt
A sample SPKAC file (the SPKAC line has been truncated for
clarity):
SPKAC=MIG0MGAwXDANBgkqhkiG9w0BAQEFAANLADBIAkEAn7PDhCeV/xIxUg8V70YRxK
CN=Steve Test
emailAddress=[email protected]
0.OU=OpenSSL Group
1.OU=Another Group
A sample configuration file with the relevant sections for
ca:
[ ca ]
default_ca = CA_default # The default ca
section
[ CA_default ]
dir = ./demoCA # top dir
database = $dir/index.txt # index file
new_certs_dir = $dir/newcerts # new certs dir
certificate = $dir/cacert.pem # The CA cert
serial = $dir/serial # serial no file
private_key = $dir/private/cakey.pem# CA private key
RANDFILE = $dir/private/.rand # random number file
default_days = 365 # how long to certify for
default_crl_days= 30 # how long before
next CRL
default_md = md5 # md to use
policy = policy_any # default policy
email_in_dn = no # Don't add the
email into cert DN
nameopt = ca_default # Subject name display option
certopt = ca_default # Certificate display option
copy_extensions = none #Don't copy extensions from request
[ policy_any ]
countryName = supplied
stateOrProvinceName = optional
organizationName = optional
organizationalUnitName = optional
commonName = supplied
emailAddress = optional
Note: the location of all files can change either by compile
time options,
configuration file entries, environment variables, or
command line
options. The values below reflect the default values.
/etc/ssl/openssl.cnf - master configuration
file
./demoCA - main CA directory
./demoCA/cacert.pem - CA certificate
./demoCA/private/cakey.pem - CA private key
./demoCA/serial - CA serial number file
./demoCA/serial.old - CA serial number
backup file
./demoCA/index.txt - CA text database file
./demoCA/index.txt.old - CA text database
backup file
./demoCA/certs - certificate output
file
./demoCA/.rnd - CA random seed information
CA ENVIRONMENT VARIABLES [Toc] [Back] OPENSSL_CONF reflects the location of the master configuration file; it
can be overridden by the -config command line option.
The text database index file is a critical part of the process, and if
corrupted it can be difficult to fix. It is theoretically
possible to
rebuild the index file from all the issued certificates and
a current
CRL; however there is no option to do this.
V2 CRL features like delta CRL support and CRL numbers are
not currently
supported.
Although several requests can be input and handled at once,
it is only
possible to include one SPKAC or self-signed certificate.
The use of an in-memory text database can cause problems
when large numbers
of certificates are present because, as the name implies, the
database has to be kept in memory.
It is not possible to certify two certificates with the same
DN; this is
a side effect of how the text database is indexed and it
cannot easily be
fixed without introducing other problems. Some S/MIME
clients can use
two certificates with the same DN for separate signing and
encryption
keys.
The ca command really needs rewriting or the required functionality exposed
at either a command or interface level so a more
friendly utility
(perl script or GUI) can handle things properly. The
scripts CA.sh and
CA.pl help a little but not very much.
Any fields in a request that are not present in a policy are
silently
deleted. This does not happen if the -preserveDN option is
used. To enforce
the absence of the EMAIL field within the DN, as suggested by RFCs,
regardless of the contents of the request's subject the
-noemailDN option
can be used. The behaviour should be more friendly and configurable.
Cancelling some commands by refusing to certify a certificate can create
an empty file.
The ca command is quirky and at times downright unfriendly.
The ca utility was originally meant as an example of how to
do things in
a CA. It was not supposed to be used as a full blown CA itself: nevertheless
some people are using it for this purpose.
The ca command is effectively a single user command: no
locking is done
on the various files, and attempts to run more than one ca
command on the
same database can have unpredictable results.
The copy_extensions option should be used with caution. If
care is not
taken, it can be a security risk. For example, if a certificate request
contains a basicConstraints extension with CA:TRUE and the
copy_extensions value is set to copyall and the user does
not spot this
when the certificate is displayed, then this will hand the
requestor a
valid CA certificate.
This situation can be avoided by setting copy_extensions to
copy and including
basicConstraints with CA:FALSE in the configuration
file. Then
if the request contains a basicConstraints extension, it
will be ignored.
It is advisable to also include values for other extensions
such as
keyUsage to prevent a request supplying its own values.
Additional restrictions can be placed on the CA certificate
itself. For
example if the CA certificate has:
basicConstraints = CA:TRUE, pathlen:0
then even if a certificate is issued with CA:TRUE it will
not be valid.
openssl ciphers [-h] [-ssl2 | -ssl3 | -tls1] [-v]
[cipherlist]
The ciphers command converts OpenSSL cipher lists into ordered SSL cipher
preference lists. It can be used as a test tool to determine the appropriate
cipherlist.
The options are as follows:
-h, -? Print a brief usage message.
-ssl2 Only include SSL v2 ciphers.
-ssl3 Only include SSL v3 ciphers.
-tls1 Only include TLS v1 ciphers.
-v Verbose option. List ciphers with a complete description of protocol
version (SSLv2 or SSLv3; the latter includes
TLS), key exchange,
authentication, encryption and mac algorithms used along
with any key size restrictions and whether the algorithm is
classed as an export cipher. Note that without the
-v option,
ciphers may seem to appear twice in a cipher list;
this is when
similar ciphers are available for SSL v2 and for SSL
v3/TLS v1.
cipherlist
A cipher list to convert to a cipher preference
list. If it is
not included, the default cipher list will be used.
The format
is described below.
The cipher list consists of one or more cipher strings separated by
colons. Commas or spaces are also acceptable separators,
but colons are
normally used.
The actual cipher string can take several different forms:
It can consist of a single cipher suite such as RC4-SHA.
It can represent a list of cipher suites containing a certain algorithm,
or cipher suites of a certain type. For example SHA1 represents all cipher
suites using the digest algorithm SHA1, and SSLv3 represents all SSL
v3 algorithms.
Lists of cipher suites can be combined in a single cipher
string using
the `+' character. This is used as a logical and operation.
For example,
SHA1+DES represents all cipher suites containing the
SHA1 and the
DES algorithms.
Each cipher string can be optionally preceded by the characters `!', `-',
or `+'.
If `!' is used, then the ciphers are permanently deleted
from the list.
The ciphers deleted can never reappear in the list even if
they are explicitly
stated.
If `-' is used, then the ciphers are deleted from the list,
but some or
all of the ciphers can be added again by later options.
If `+' is used, then the ciphers are moved to the end of the
list. This
option doesn't add any new ciphers, it just moves matching
existing ones.
If none of these characters is present, the string is just
interpreted as
a list of ciphers to be appended to the current preference
list. If the
list includes any ciphers already present, they will be ignored; that is,
they will not be moved to the end of the list.
Additionally, the cipher string @STRENGTH can be used at any
point to
sort the current cipher list in order of encryption algorithm key length.
The following is a list of all permitted cipher strings and
their meanings.
DEFAULT
The default cipher list. This is determined at compile time and is
normally ALL:!ADH:RC4+RSA:+SSLv2:@STRENGTH. This must
be the first
cipher string specified.
COMPLEMENTOFDEFAULT
The ciphers included in ALL, but not enabled by default. Currently
this is ADH. Note that this rule does not cover
eNULL, which is
not included by ALL (use COMPLEMENTOFALL if necessary).
ALL All cipher suites except the eNULL ciphers which must
be explicitly
enabled.
COMPLEMENTOFALL
The cipher suites not enabled by ALL, currently being
eNULL.
HIGH "High" encryption cipher suites. This currently means
those with
key lengths larger than 128 bits.
MEDIUM
"Medium" encryption cipher suites, currently those using 128-bit
encryption.
LOW "Low" encryption cipher suites, currently those using
64- or 56-bit
encryption algorithms, but excluding export cipher
suites.
EXP, EXPORT
Export encryption algorithms. Including 40- and
56-bit algorithms.
EXPORT40
40-bit export encryption algorithms.
EXPORT56
56-bit export encryption algorithms.
eNULL, NULL
The "NULL" ciphers; that is, those offering no encryption. Because
these offer no encryption at all and are a security
risk, they are
disabled unless explicitly included.
aNULL
The cipher suites offering no authentication. This is
currently
the anonymous DH algorithms. These cipher suites are
vulnerable to
a "man in the middle" attack, so their use is normally
discouraged.
kRSA, RSA
Cipher suites using RSA key exchange.
kEDH Cipher suites using ephemeral DH key agreement.
kDHr, kDHd
Cipher suites using DH key agreement and DH certificates signed by
CAs with RSA and DSS keys respectively. Not implemented.
aRSA Cipher suites using RSA authentication, i.e. the certificates carry
RSA keys.
aDSS, DSS
Cipher suites using DSS authentication, i.e. the certificates carry
DSS keys.
aDH Cipher suites effectively using DH authentication,
i.e. the certificates
carry DH keys. Not implemented.
kFZA, aFZA, eFZA, FZA
Cipher suites using FORTEZZA key exchange, authentication, encryption
or all FORTEZZA algorithms. Not implemented.
TLSv1, SSLv3, SSLv2
TLS v1.0, SSL v3.0 or SSL v2.0 cipher suites, respectively.
DH Cipher suites using DH, including anonymous DH.
ADH Anonymous DH cipher suites.
AES Cipher suites using AES.
3DES Cipher suites using triple DES.
DES Cipher suites using DES (not triple DES).
RC4 Cipher suites using RC4.
RC2 Cipher suites using RC2.
MD5 Cipher suites using MD5.
SHA1, SHA
Cipher suites using SHA1.
The following lists give the SSL or TLS cipher suites names
from the relevant
specification and their OpenSSL equivalents. It
should be noted
that several cipher suite names do not include the authentication used,
e.g. DES-CBC3-SHA. In these cases, RSA authentication is
used.
SSL v3.0 cipher suites [Toc] [Back]
SSL_RSA_WITH_NULL_MD5 NULL-MD5
SSL_RSA_WITH_NULL_SHA NULL-SHA
SSL_RSA_EXPORT_WITH_RC4_40_MD5 EXP-RC4-MD5
SSL_RSA_WITH_RC4_128_MD5 RC4-MD5
SSL_RSA_WITH_RC4_128_SHA RC4-SHA
SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5 EXP-RC2-CBCMD5
SSL_RSA_WITH_IDEA_CBC_SHA IDEA-CBC-SHA
SSL_RSA_EXPORT_WITH_DES40_CBC_SHA EXP-DES-CBCSHA
SSL_RSA_WITH_DES_CBC_SHA DES-CBC-SHA
SSL_RSA_WITH_3DES_EDE_CBC_SHA DES-CBC3-SHA
SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA Not implemented.
SSL_DH_DSS_WITH_DES_CBC_SHA Not implemented.
SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA Not implemented.
SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA Not implemented.
SSL_DH_RSA_WITH_DES_CBC_SHA Not implemented.
SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA Not implemented.
SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA EXP-EDH-DSSDES-CBC-SHA
SSL_DHE_DSS_WITH_DES_CBC_SHA EDH-DSS-CBCSHA
SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA EDH-DSS-DESCBC3-SHA
SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA EXP-EDH-RSADES-CBC-SHA
SSL_DHE_RSA_WITH_DES_CBC_SHA EDH-RSA-DESCBC-SHA
SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA EDH-RSA-DESCBC3-SHA
SSL_DH_anon_EXPORT_WITH_RC4_40_MD5 EXP-ADHRC4-MD5
SSL_DH_anon_WITH_RC4_128_MD5 ADH-RC4-MD5
SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA EXP-ADH-DESCBC-SHA
SSL_DH_anon_WITH_DES_CBC_SHA ADH-DES-CBCSHA
SSL_DH_anon_WITH_3DES_EDE_CBC_SHA ADH-DESCBC3-SHA
SSL_FORTEZZA_KEA_WITH_NULL_SHA Not implemented.
SSL_FORTEZZA_KEA_WITH_FORTEZZA_CBC_SHA Not implemented.
SSL_FORTEZZA_KEA_WITH_RC4_128_SHA Not implemented.
TLS v1.0 cipher suites [Toc] [Back]
TLS_RSA_WITH_NULL_MD5 NULL-MD5
TLS_RSA_WITH_NULL_SHA NULL-SHA
TLS_RSA_EXPORT_WITH_RC4_40_MD5 EXP-RC4-MD5
TLS_RSA_WITH_RC4_128_MD5 RC4-MD5
TLS_RSA_WITH_RC4_128_SHA RC4-SHA
TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 EXP-RC2-CBCMD5
TLS_RSA_WITH_IDEA_CBC_SHA IDEA-CBC-SHA
TLS_RSA_EXPORT_WITH_DES40_CBC_SHA EXP-DES-CBCSHA
TLS_RSA_WITH_DES_CBC_SHA DES-CBC-SHA
TLS_RSA_WITH_3DES_EDE_CBC_SHA DES-CBC3-SHA
TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA Not implemented.
TLS_DH_DSS_WITH_DES_CBC_SHA Not implemented.
TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA Not implemented.
TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA Not implemented.
TLS_DH_RSA_WITH_DES_CBC_SHA Not implemented.
TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA Not implemented.
TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA EXP-EDH-DSSDES-CBC-SHA
TLS_DHE_DSS_WITH_DES_CBC_SHA EDH-DSS-CBCSHA
TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA EDH-DSS-DESCBC3-SHA
TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA EXP-EDH-RSADES-CBC-SHA
TLS_DHE_RSA_WITH_DES_CBC_SHA EDH-RSA-DESCBC-SHA
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA EDH-RSA-DESCBC3-SHA
TLS_DH_anon_EXPORT_WITH_RC4_40_MD5 EXP-ADHRC4-MD5
TLS_DH_anon_WITH_RC4_128_MD5 ADH-RC4-MD5
TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA EXP-ADH-DESCBC-SHA
TLS_DH_anon_WITH_DES_CBC_SHA ADH-DES-CBCSHA
TLS_DH_anon_WITH_3DES_EDE_CBC_SHA ADH-DESCBC3-SHA
AES ciphersuites from RFC 3268, extending TLS v1.0
TLS_RSA_WITH_AES_128_CBC_SHA AES128-SHA
TLS_RSA_WITH_AES_256_CBC_SHA AES256-SHA
TLS_DH_DSS_WITH_AES_128_CBC_SHA DH-DSSAES128-SHA
TLS_DH_DSS_WITH_AES_256_CBC_SHA DH-DSSAES256-SHA
TLS_DH_RSA_WITH_AES_128_CBC_SHA DH-RSAAES128-SHA
TLS_DH_RSA_WITH_AES_256_CBC_SHA DH-RSAAES256-SHA
TLS_DHE_DSS_WITH_AES_128_CBC_SHA DHE-DSSAES128-SHA
TLS_DHE_DSS_WITH_AES_256_CBC_SHA DHE-DSSAES256-SHA
TLS_DHE_RSA_WITH_AES_128_CBC_SHA DHE-RSAAES128-SHA
TLS_DHE_RSA_WITH_AES_256_CBC_SHA DHE-RSAAES256-SHA
TLS_DH_anon_WITH_AES_128_CBC_SHA ADH-AES128-SHA
TLS_DH_anon_WITH_AES_256_CBC_SHA ADH-AES256-SHA
Additional Export 1024 and other cipher suites [Toc] [Back]
Note: These ciphers can also be used in SSL v3.
TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA EXP1024-DESCBC-SHA
TLS_RSA_EXPORT1024_WITH_RC4_56_SHA
EXP1024-RC4-SHA
TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA EXP1024-DHEDSS-DES-CBC-SHA
TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA EXP1024-DHEDSS-RC4-SHA
TLS_DHE_DSS_WITH_RC4_128_SHA DHE-DSSRC4-SHA
SSL v2.0 cipher suites [Toc] [Back]
SSL_CK_RC4_128_WITH_MD5 RC4-MD5
SSL_CK_RC4_128_EXPORT40_WITH_MD5 EXP-RC4-MD5
SSL_CK_RC2_128_CBC_WITH_MD5 RC2-MD5
SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5 EXP-RC2-MD5
SSL_CK_IDEA_128_CBC_WITH_MD5 IDEA-CBC-MD5
SSL_CK_DES_64_CBC_WITH_MD5 DES-CBC-MD5
SSL_CK_DES_192_EDE3_CBC_WITH_MD5 DES-CBC3-MD5
The non-ephemeral DH modes are currently unimplemented in
OpenSSL because
there is no support for DH certificates.
Some compiled versions of OpenSSL may not include all the
ciphers listed
here because some ciphers were excluded at compile time.
Verbose listing of all OpenSSL ciphers including NULL ciphers:
$ openssl c
|
