openssl.1s
Manage OpenSSL cryptographic tools
SYNOPSIS
openssl command [command_options]
PARAMETERS
asn1parse
Parses an ASN.1 structure.
ca
Performs certificate authority functions.
ciphers
Lists available ciphers.
cms
Creates, signs, encrypts, decrypts and verifies CMS messages.
crl
Handles certificate revocation lists (CRLs).
crl2pkcs7
Converts a CRL to a PKCS#7 structure.
dgst
Calculates message digests (hashes).
dh
Manages Diffie-Hellman parameters.
dsa
Manages DSA keys.
dsaparam
Generates DSA parameters.
ec
Manages elliptic curve keys.
ecparam
Manages elliptic curve parameters.
enc
Encrypts and decrypts data.
engine
Engine (hardware acceleration) configuration.
errstr
Looks up error codes.
gendh
Generates Diffie-Hellman parameters.
gendsa
Generates DSA parameters.
genpkey
Generates private keys.
genrsa
Generates RSA keys.
nseq
Creates or examines Netscape sequence files.
ocsp
OCSP client configuration.
openssl
Main openssl help
passwd
Generates password hashes.
pkcs12
Manages PKCS#12 files.
pkcs7
Creates or processes PKCS#7 structures.
pkey
Performs various key operations.
pkeyparam
Manages key parameters.
pkeyutl
Performs public key operations.
prime
Generates prime numbers.
rand
Generates pseudo-random numbers.
req
Manages X.509 certificate requests.
rsa
Manages RSA keys.
rsautl
Performs RSA operations.
s_client
Acts as a TLS/SSL client.
s_server
Acts as a TLS/SSL server.
s_time
Measures TLS/SSL connection times.
sess_id
Manages SSL session IDs.
smime
S/MIME (signed and/or encrypted email).
speed
Measures cryptographic algorithm performance.
spkac
Creates or verifies SPKAC (signed public key and challenge) files.
verify
Verifies X.509 certificates.
version
Displays OpenSSL version information.
x509
Manages X.509 certificates.
DESCRIPTION
The openssl command is a versatile command-line tool for using the OpenSSL cryptographic library. It can be used to perform a wide range of cryptographic tasks, including generating RSA keys, creating X.509 certificates, encrypting and decrypting data, creating and verifying digital signatures, and establishing TLS/SSL connections to other servers.
The openssl command provides a unified interface to various cryptographic algorithms and protocols implemented within the OpenSSL library. It is widely used for testing, debugging, and administration purposes, as well as for implementing security-related functionalities in scripts and other applications. It supports numerous ciphers, hash functions, and certificate formats. The command's behavior is highly customizable through a vast array of command-line options and configuration files, allowing users to tailor it to specific requirements.
CONFIGURATION FILES
The OpenSSL library makes use of configuration files to control various aspects of its behavior. These files allow for customization of cipher suites, certificate verification settings, and other parameters. The primary configuration file is typically located at /etc/ssl/openssl.cnf, though the specific path may vary depending on the system. Environment variables such as OPENSSL_CONF can be used to override the default configuration file location.
SECURITY CONSIDERATIONS
When using the openssl command, it is crucial to adhere to security best practices. Private keys should be stored securely and protected against unauthorized access. Strong passwords should be used for encryption and password-based key derivation. Certificate authorities should be chosen carefully, and certificates should be verified before being trusted. Regularly update OpenSSL to patch vulnerabilities.