openssl-format-options.pod 3.7 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145
  1. =pod
  2. =head1 NAME
  3. openssl-format-options - OpenSSL command input and output format options
  4. =head1 SYNOPSIS
  5. B<openssl>
  6. I<command>
  7. [ I<options> ... ]
  8. [ I<parameters> ... ]
  9. =head1 DESCRIPTION
  10. Several OpenSSL commands can take input or generate output in a variety
  11. of formats.
  12. Since OpenSSL 3.0 keys, single certificates, and CRLs can be read from
  13. files in any of the B<DER>, B<PEM> or B<P12> formats. Specifying their input
  14. format is no more needed and the openssl commands will automatically try all
  15. the possible formats. However if the B<DER> or B<PEM> input format is specified
  16. it will be enforced.
  17. In order to access a key via an engine the input format B<ENGINE> may be used;
  18. alternatively the key identifier in the <uri> argument of the respective key
  19. option may be preceded by C<org.openssl.engine:>.
  20. See L<openssl(1)/Engine Options> for an example usage of the latter.
  21. =head1 OPTIONS
  22. =head2 Format Options
  23. The options to specify the format are as follows.
  24. Refer to the individual man page to see which options are accepted.
  25. =over 4
  26. =item B<-inform> I<format>, B<-outform> I<format>
  27. The format of the input or output streams.
  28. =item B<-keyform> I<format>
  29. Format of a private key input source.
  30. =item B<-CRLform> I<format>
  31. Format of a CRL input source.
  32. =back
  33. =head2 Format Option Arguments
  34. The possible format arguments are described below.
  35. Both uppercase and lowercase are accepted.
  36. The list of acceptable format arguments, and the default,
  37. is described in each command documentation.
  38. =over 4
  39. =item B<DER>
  40. A binary format, encoded or parsed according to Distinguished Encoding Rules
  41. (DER) of the ASN.1 data language.
  42. =item B<ENGINE>
  43. Used to specify that the cryptographic material is in an OpenSSL B<engine>.
  44. An engine must be configured or specified using the B<-engine> option.
  45. A password or PIN may be supplied to the engine using the B<-passin> option.
  46. =item B<P12>
  47. A DER-encoded file containing a PKCS#12 object.
  48. It might be necessary to provide a decryption password to retrieve
  49. the private key.
  50. =item B<PEM>
  51. A text format defined in IETF RFC 1421 and IETF RFC 7468. Briefly, this is
  52. a block of base-64 encoding (defined in IETF RFC 4648), with specific
  53. lines used to mark the start and end:
  54. Text before the BEGIN line is ignored.
  55. ----- BEGIN object-type -----
  56. OT43gQKBgQC/2OHZoko6iRlNOAQ/tMVFNq7fL81GivoQ9F1U0Qr+DH3ZfaH8eIkX
  57. xT0ToMPJUzWAn8pZv0snA0um6SIgvkCuxO84OkANCVbttzXImIsL7pFzfcwV/ERK
  58. UM6j0ZuSMFOCr/lGPAoOQU0fskidGEHi1/kW+suSr28TqsyYZpwBDQ==
  59. ----- END object-type -----
  60. Text after the END line is also ignored
  61. The I<object-type> must match the type of object that is expected.
  62. For example a C<BEGIN X509 CERTIFICATE> will not match if the command
  63. is trying to read a private key. The types supported include:
  64. ANY PRIVATE KEY
  65. CERTIFICATE
  66. CERTIFICATE REQUEST
  67. CMS
  68. DH PARAMETERS
  69. DSA PARAMETERS
  70. DSA PUBLIC KEY
  71. EC PARAMETERS
  72. EC PRIVATE KEY
  73. ECDSA PUBLIC KEY
  74. ENCRYPTED PRIVATE KEY
  75. PARAMETERS
  76. PKCS #7 SIGNED DATA
  77. PKCS7
  78. PRIVATE KEY
  79. PUBLIC KEY
  80. RSA PRIVATE KEY
  81. SSL SESSION PARAMETERS
  82. TRUSTED CERTIFICATE
  83. X509 CRL
  84. X9.42 DH PARAMETERS
  85. The following legacy I<object-type>'s are also supported for compatibility
  86. with earlier releases:
  87. DSA PRIVATE KEY
  88. NEW CERTIFICATE REQUEST
  89. RSA PUBLIC KEY
  90. X509 CERTIFICATE
  91. =item B<SMIME>
  92. An S/MIME object as described in IETF RFC 8551.
  93. Earlier versions were known as CMS and are compatible.
  94. Note that the parsing is simple and might fail to parse some legal data.
  95. =back
  96. =head1 COPYRIGHT
  97. Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
  98. Licensed under the Apache License 2.0 (the "License"). You may not use
  99. this file except in compliance with the License. You can obtain a copy
  100. in the file LICENSE in the source distribution or at
  101. L<https://www.openssl.org/source/license.html>.
  102. =cut