LinuxCommandLibrary

openssl.1s

Manage OpenSSL cryptographic tools

SYNOPSIS

openssl command [command_options]

PARAMETERS

asn1parse
    Parses an ASN.1 structure.

ca
    Performs certificate authority functions.

ciphers
    Lists available ciphers.

cms
    Creates, signs, encrypts, decrypts and verifies CMS messages.

crl
    Handles certificate revocation lists (CRLs).

crl2pkcs7
    Converts a CRL to a PKCS#7 structure.

dgst
    Calculates message digests (hashes).

dh
    Manages Diffie-Hellman parameters.

dsa
    Manages DSA keys.

dsaparam
    Generates DSA parameters.

ec
    Manages elliptic curve keys.

ecparam
    Manages elliptic curve parameters.

enc
    Encrypts and decrypts data.

engine
    Engine (hardware acceleration) configuration.

errstr
    Looks up error codes.

gendh
    Generates Diffie-Hellman parameters.

gendsa
    Generates DSA parameters.

genpkey
    Generates private keys.

genrsa
    Generates RSA keys.

nseq
    Creates or examines Netscape sequence files.

ocsp
    OCSP client configuration.

openssl
    Main openssl help

passwd
    Generates password hashes.

pkcs12
    Manages PKCS#12 files.

pkcs7
    Creates or processes PKCS#7 structures.

pkey
    Performs various key operations.

pkeyparam
    Manages key parameters.

pkeyutl
    Performs public key operations.

prime
    Generates prime numbers.

rand
    Generates pseudo-random numbers.

req
    Manages X.509 certificate requests.

rsa
    Manages RSA keys.

rsautl
    Performs RSA operations.

s_client
    Acts as a TLS/SSL client.

s_server
    Acts as a TLS/SSL server.

s_time
    Measures TLS/SSL connection times.

sess_id
    Manages SSL session IDs.

smime
    S/MIME (signed and/or encrypted email).

speed
    Measures cryptographic algorithm performance.

spkac
    Creates or verifies SPKAC (signed public key and challenge) files.

verify
    Verifies X.509 certificates.

version
    Displays OpenSSL version information.

x509
    Manages X.509 certificates.

DESCRIPTION

The openssl command is a versatile command-line tool for using the OpenSSL cryptographic library. It can be used to perform a wide range of cryptographic tasks, including generating RSA keys, creating X.509 certificates, encrypting and decrypting data, creating and verifying digital signatures, and establishing TLS/SSL connections to other servers.

The openssl command provides a unified interface to various cryptographic algorithms and protocols implemented within the OpenSSL library. It is widely used for testing, debugging, and administration purposes, as well as for implementing security-related functionalities in scripts and other applications. It supports numerous ciphers, hash functions, and certificate formats. The command's behavior is highly customizable through a vast array of command-line options and configuration files, allowing users to tailor it to specific requirements.

CONFIGURATION FILES

The OpenSSL library makes use of configuration files to control various aspects of its behavior. These files allow for customization of cipher suites, certificate verification settings, and other parameters. The primary configuration file is typically located at /etc/ssl/openssl.cnf, though the specific path may vary depending on the system. Environment variables such as OPENSSL_CONF can be used to override the default configuration file location.

SECURITY CONSIDERATIONS

When using the openssl command, it is crucial to adhere to security best practices. Private keys should be stored securely and protected against unauthorized access. Strong passwords should be used for encryption and password-based key derivation. Certificate authorities should be chosen carefully, and certificates should be verified before being trusted. Regularly update OpenSSL to patch vulnerabilities.

SEE ALSO

ssh(1), gzip(1)

Copied to clipboard