openssl
Manage and use cryptography tools
TLDR
Display help
Display help for a specific subcommand
Display version
SYNOPSIS
openssl command [command_options] [command_arguments]
PARAMETERS
version
Displays the OpenSSL version information.
help
Displays a list of available commands.
enc
Encrypts or decrypts files using various ciphers. Requires specifying the cipher and key.
dgst
Calculates the message digest (hash) of a file or data using various algorithms like SHA256, MD5, etc.
genrsa
Generates an RSA private key.
req
Creates a Certificate Signing Request (CSR) for generating certificates.
x509
Manages X.509 certificates, allowing you to view, convert, and sign them.
verify
Verifies the validity of a certificate chain.
s_client
Acts as a TLS/SSL client to connect to a server and test secure connections.
s_server
Acts as a TLS/SSL server, listening for incoming connections.
pkcs12
Allows converting certificates and private keys to and from PKCS#12 format.
DESCRIPTION
The openssl command is a versatile command-line tool that provides a wide range of cryptographic functions. Primarily, it's used to work with Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols, which are fundamental for secure communication over networks like the internet.
openssl allows you to generate private keys, create and manage X.509 certificates (used for verifying identities), encrypt and decrypt data, calculate message digests (hashes), and perform various other cryptographic operations. It's a crucial tool for system administrators, developers, and anyone involved in securing data and communications. It is actively maintained and developed by OpenSSL Software Foundation.
The tool provides developers a robust way to implement SSL in the programs, using this library or command line options.
CAVEATS
The openssl command is very powerful but can be complex to use due to the large number of options and subcommands. Incorrect usage can lead to security vulnerabilities. Always double-check your commands and configuration files. Be aware that some older cipher options might be deprecated due to security concerns. Misconfiguration can expose services to security risks.
CONFIGURATION FILES
openssl relies on configuration files (typically openssl.cnf) to define default settings for various operations, such as certificate signing requests, and the format and content of generated certificates. These files allow for customization and control over the generated cryptographic material.
EXIT CODES
The openssl command returns different exit codes to indicate the success or failure of an operation. A zero exit code generally signifies success, while non-zero exit codes indicate errors. Consult the documentation for the specific meaning of different error codes for each command.
HISTORY
The OpenSSL project was created in 1998 as a fork of the SSLeay library. It was developed to provide a free and open-source implementation of the SSL and TLS protocols. OpenSSL has become a widely used and critical component of many systems and applications. Because of its pervasive use, the command, and the library, have been at the center of several high profile security incidents, which lead to improved security audits and stronger development processes.