openssl-pkcs7.1ossl - Man Page

PKCS#7 command

Synopsis

openssl pkcs7 [-help] [-inform DER|PEM] [-outform DER|PEM] [-in filename] [-out filename] [-print] [-print_certs] [-text] [-noout] [-engine id] [-provider name] [-provider-path path] [-propquery propq]

Description

This command processes PKCS#7 files.  Note that it only understands PKCS#7 v 1.5 as specified in IETF RFC 2315.  It cannot currently parse CMS as described in IETF RFC 2630.

Options

-help

Print out a usage message.

-inform DER|PEM, -outform DER|PEM

The input and formats; the default is PEM. See openssl-format-options(1) for details.

The data is a PKCS#7 Version 1.5 structure.

-in filename

This specifies the input filename to read from or standard input if this option is not specified.

-out filename

Specifies the output filename to write to or standard output by default.

-print

Print out the full PKCS7 object.

-print_certs

Prints out any certificates or CRLs contained in the file. They are preceded by their subject and issuer names in one line format.

-text

Prints out certificate details in full rather than just subject and issuer names.

-noout

Don't output the encoded version of the PKCS#7 structure (or certificates if -print_certs is set).

-engine id

See “Engine Options” in openssl(1). This option is deprecated.

-provider name
-provider-path path
-propquery propq

See “Provider Options” in openssl(1), provider(7), and property(7).

Examples

Convert a PKCS#7 file from PEM to DER:

 openssl pkcs7 -in file.pem -outform DER -out file.der

Output all certificates in a file:

 openssl pkcs7 -in file.pem -print_certs -out certs.pem

See Also

openssl(1), openssl-crl2pkcs7(1)

History

The -engine option was deprecated in OpenSSL 3.0.

Referenced By

openssl.1ossl(1), openssl-cmds.1ossl(1), openssl-crl2pkcs7.1ossl(1).

2021-09-09 3.0.0 OpenSSL