The OpenSSL toolkit provides support for secure communications between
machines. OpenSSL includes a certificate management tool and shared
libraries which provide various cryptographic algorithms and
asn1parse.1ssl The asn1parse command is a diagnostic utility that can parse ASN.1 structures. It can also be used to extract data from ASN.1 formatted data. ca.1ssl The ca command is a minimal CA application. It can be used to sign certificate requests in a variety of forms and generate CRLs it also maintains a text... ciphers.1ssl The ciphers command converts textual OpenSSL cipher lists into ordered SSL cipher preference lists. It can be used as a test tool to determine the appropriate... cms.1ssl The cms command handles S/MIME v3.1 mail. It can encrypt, decrypt, sign and verify, compress and uncompress S/MIME messages. crl.1ssl The crl command processes CRL files in DER or PEM format. crl2pkcs7.1ssl The crl2pkcs7 command takes an optional CRL and one or more certificates and converts them into a PKCS#7 degenerate "certificates only" structure. dgst.1ssl The digest functions output the message digest of a supplied file or files in hexadecimal. The digest functions also generate and verify digital signatures... dhparam.1ssl This command is used to manipulate DH parameter files. dsa.1ssl The dsa command processes DSA keys. They can be converted between various forms and their components printed out. Note This command uses the traditional SSLeay... dsaparam.1ssl This command is used to manipulate or generate DSA parameter files. ec.1ssl The ec command processes EC keys. They can be converted between various forms and their components printed out. Note OpenSSL uses the private key format... ecparam.1ssl This command is used to manipulate or generate EC parameter files. enc.1ssl The symmetric cipher commands allow data to be encrypted or decrypted using various block and stream ciphers using keys based on passwords or explicitly... engine.1ssl The engine command is used to query the status and capabilities of the specified engine's. Engines may be specified before and after all other command-line... errstr.1ssl Sometimes an application will not load error message and only numerical forms will be available. The errstr utility can be used to display the meaning of the... gendsa.1ssl The gendsa command generates a DSA private key from a DSA parameter file (which will be typically generated by the openssl dsaparam command). genrsa.1ssl The genrsa command generates an RSA private key. list.1ssl This command is used to generate list of algorithms or disabled features. nseq.1ssl The nseq command takes a file containing a Netscape certificate sequence and prints out the certificates contained in it or takes a file of certificates and... ocsp.1ssl The Online Certificate Status Protocol (OCSP) enables applications to determine the (revocation) state of an identified certificate (RFC 2560). The ocsp command... openssl.1ssl OpenSSL is a cryptography toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) network protocols and related... pkcs12.1ssl The pkcs12 command allows PKCS#12 files (sometimes referred to as PFX files) to be created and parsed. PKCS#12 files are used by several programs including... pkcs7.1ssl The pkcs7 command processes PKCS#7 files in DER or PEM format. pkcs8.1ssl The pkcs8 command processes private keys in PKCS#8 format. It can handle both unencrypted PKCS#8 PrivateKeyInfo format and EncryptedPrivateKeyInfo format with a... pkey.1ssl The pkey command processes public or private keys. They can be converted between various forms and their components printed out. pkeyparam.1ssl The pkey command processes public or private keys. They can be converted between various forms and their components printed out. pkeyutl.1ssl The pkeyutl command can be used to perform public key operations using any supported algorithm. rehash.1ssl On some platforms, the OpenSSL rehash command is available as an external script called c_rehash. They are functionally equivalent, except for minor differences... req.1ssl The req command primarily creates and processes certificate requests in PKCS#10 format. It can additionally create self signed certificates for use as root CAs... rsa.1ssl The rsa command processes RSA keys. They can be converted between various forms and their components printed out. Note this command uses the traditional SSLeay... rsautl.1ssl The rsautl command can be used to sign, verify, encrypt and decrypt data using the RSA algorithm. s_client.1ssl The s_client command implements a generic SSL/TLS client which connects to a remote host using SSL/TLS. It is a very useful diagnostic tool for SSL servers. sess_id.1ssl The sess_id process the encoded version of the SSL session structure and optionally prints out SSL session details (for example the SSL session master key) in... smime.1ssl The smime command handles S/MIME mail. It can encrypt, decrypt, sign and verify S/MIME messages. speed.1ssl This command is used to test the performance of cryptographic algorithms. To see the list of supported algorithms, use the list --digest-commands or list... spkac.1ssl The spkac command processes Netscape signed public key and challenge (SPKAC) files. It can print out their contents, verify the signature and produce its own... s_server.1ssl The s_server command implements a generic SSL/TLS server which listens for connections on a given port using SSL/TLS. sslpasswd.1ssl The passwd command computes the hash of a password typed at run-time or the hash of each password in a list. The password list is taken from the named file for... sslrand.1ssl The rand command outputs num pseudo-random bytes after seeding the random number generator once. As in other openssl command line tools, PRNG seeding uses the... s_time.1ssl The s_time command implements a generic SSL/TLS client which connects to a remote host using SSL/TLS. It can request a page from the server and includes the... ts.1ssl The ts command is a basic Time Stamping Authority (TSA) client and server application as specified in RFC 3161 (Time-Stamp Protocol, TSP). A TSA can be part of... verify.1ssl The verify command verifies certificate chains. version.1ssl This command is used to print out version information about OpenSSL. x509.1ssl The x509 command is a multi purpose certificate utility. It can be used to display certificate information, convert certificates to various forms, sign... config.5ssl The OpenSSL CONF library can be used to read configuration files. It is used for the OpenSSL master configuration file openssl.cnf and in a few other places... x509v3_config.5ssl Several of the OpenSSL utilities can add extensions to a certificate or certificate request based on the contents of a configuration file. Typically the... crypto.7ssl The OpenSSL crypto library implements a wide range of cryptographic algorithms used in various Internet standards. The services provided by this library are... ct.7ssl This library implements Certificate Transparency (CT) verification for TLS clients, as defined in RFC 6962. This verification can provide some confidence that a... des_modes.7ssl Several crypto algorithms for OpenSSL can be used in a number of modes. Those are used for using block ciphers in a way similar to stream ciphers, among other... evp.7ssl The EVP library provides a high-level interface to cryptographic functions. EVP_Seal... and EVP_Open... provide public key encryption and decryption to... ssl.7ssl The OpenSSL ssl library implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols. It provides a rich API which is... x509.7ssl A X.509 certificate is a structured grouping of information about an individual, a device, or anything one can imagine. A X.509 CRL (certificate revocation...