pages.
Changes between 0.9.4 and 0.9.5 [xx XXX 1999]
+ *) Add options to some of the utilities to allow the pass phrase
+ to be included on either the command line (not recommended on
+ OSes like Unix) or read from the environment. Update the
+ manpages and fix a few bugs.
+ [Steve Henson]
+
*) Add a few manpages for some of the openssl commands.
[Steve Henson]
}
#endif
-int MS_CALLBACK key_callback(char *buf, int len, int verify, void *key)
+int MS_CALLBACK key_cb(char *buf, int len, int verify, void *key)
{
int i;
int str2fmt(char *s);
void program_name(char *in,char *out,int size);
int chopup_args(ARGS *arg,char *buf, int *argc, char **argv[]);
-int MS_CALLBACK key_callback(char *buf,int len,int verify,void *u);
+int MS_CALLBACK key_cb(char *buf,int len,int verify,void *u);
#define FORMAT_UNDEF 0
#define FORMAT_ASN1 1
#define FORMAT_TEXT 2
pkey=PEM_read_bio_PrivateKey(in,NULL,NULL,NULL);
else
{
- pkey=PEM_read_bio_PrivateKey(in,NULL,key_callback,key);
+ pkey=PEM_read_bio_PrivateKey(in,NULL,key_cb,key);
memset(key,0,strlen(key));
}
if (pkey == NULL)
int informat,outformat,text=0,noout=0;
int pubin = 0, pubout = 0;
char *infile,*outfile,*prog;
+ char *passin = NULL, *passout = NULL;
int modulus=0;
apps_startup();
if (--argc < 1) goto bad;
outfile= *(++argv);
}
+ else if (strcmp(*argv,"-passin") == 0)
+ {
+ if (--argc < 1) goto bad;
+ passin= *(++argv);
+ }
+ else if (strcmp(*argv,"-envpassin") == 0)
+ {
+ if (--argc < 1) goto bad;
+ if(!(passin= getenv(*(++argv))))
+ {
+ BIO_printf(bio_err,
+ "Can't read environment variable %s\n",
+ *argv);
+ badops = 1;
+ }
+ }
+ else if (strcmp(*argv,"-envpassout") == 0)
+ {
+ if (--argc < 1) goto bad;
+ if(!(passout= getenv(*(++argv))))
+ {
+ BIO_printf(bio_err,
+ "Can't read environment variable %s\n",
+ *argv);
+ badops = 1;
+ }
+ argv++;
+ }
+ else if (strcmp(*argv,"-passout") == 0)
+ {
+ if (--argc < 1) goto bad;
+ passout= *(++argv);
+ }
else if (strcmp(*argv,"-noout") == 0)
noout=1;
else if (strcmp(*argv,"-text") == 0)
bad:
BIO_printf(bio_err,"%s [options] <infile >outfile\n",prog);
BIO_printf(bio_err,"where options are\n");
- BIO_printf(bio_err," -inform arg input format - DER or PEM\n");
- BIO_printf(bio_err," -outform arg output format - DER or PEM\n");
- BIO_printf(bio_err," -in arg input file\n");
- BIO_printf(bio_err," -out arg output file\n");
- BIO_printf(bio_err," -des encrypt PEM output with cbc des\n");
- BIO_printf(bio_err," -des3 encrypt PEM output with ede cbc des using 168 bit key\n");
+ BIO_printf(bio_err," -inform arg input format - DER or PEM\n");
+ BIO_printf(bio_err," -outform arg output format - DER or PEM\n");
+ BIO_printf(bio_err," -in arg input file\n");
+ BIO_printf(bio_err," -passin arg input file pass phrase\n");
+ BIO_printf(bio_err," -envpassin arg environment variable containing input file pass phrase\n");
+ BIO_printf(bio_err," -out arg output file\n");
+ BIO_printf(bio_err," -passout arg input file pass phrase\n");
+ BIO_printf(bio_err," -envpassout arg environment variable containing input file pass phrase\n");
+ BIO_printf(bio_err," -des encrypt PEM output with cbc des\n");
+ BIO_printf(bio_err," -des3 encrypt PEM output with ede cbc des using 168 bit key\n");
#ifndef NO_IDEA
- BIO_printf(bio_err," -idea encrypt PEM output with cbc idea\n");
+ BIO_printf(bio_err," -idea encrypt PEM output with cbc idea\n");
#endif
- BIO_printf(bio_err," -text print the key in text\n");
- BIO_printf(bio_err," -noout don't print key out\n");
- BIO_printf(bio_err," -modulus print the DSA public value\n");
+ BIO_printf(bio_err," -text print the key in text\n");
+ BIO_printf(bio_err," -noout don't print key out\n");
+ BIO_printf(bio_err," -modulus print the DSA public value\n");
goto end;
}
else dsa=d2i_DSAPrivateKey_bio(in,NULL);
} else if (informat == FORMAT_PEM) {
if(pubin) dsa=PEM_read_bio_DSAPublicKey(in,NULL, NULL, NULL);
- else dsa=PEM_read_bio_DSAPrivateKey(in,NULL,NULL,NULL);
+ else {
+ if(passin) dsa=PEM_read_bio_DSAPrivateKey(in,NULL,
+ key_cb,passin);
+ else dsa=PEM_read_bio_DSAPrivateKey(in,NULL,NULL,NULL);
+ }
} else
{
BIO_printf(bio_err,"bad input format specified for key\n");
} else if (outformat == FORMAT_PEM) {
if(pubin || pubout)
i=PEM_write_bio_DSAPublicKey(out,dsa);
- else i=PEM_write_bio_DSAPrivateKey(out,dsa,enc,NULL,0,NULL,NULL);
- } else {
+ else {
+ if(passout) i=PEM_write_bio_DSAPrivateKey(out,dsa,enc,
+ NULL,0,key_cb, passout);
+ i=PEM_write_bio_DSAPrivateKey(out,dsa,enc,NULL,0,
+ NULL,NULL);
+ }
+ } else {
BIO_printf(bio_err,"bad output format specified for outfile\n");
goto end;
}
int informat,outformat,text=0,check=0,noout=0;
int pubin = 0, pubout = 0;
char *infile,*outfile,*prog;
+ char *passin = NULL, *passout = NULL;
int modulus=0;
apps_startup();
if (--argc < 1) goto bad;
outfile= *(++argv);
}
+ else if (strcmp(*argv,"-passin") == 0)
+ {
+ if (--argc < 1) goto bad;
+ passin= *(++argv);
+ }
+ else if (strcmp(*argv,"-envpassin") == 0)
+ {
+ if (--argc < 1) goto bad;
+ if(!(passin= getenv(*(++argv))))
+ {
+ BIO_printf(bio_err,
+ "Can't read environment variable %s\n",
+ *argv);
+ badops = 1;
+ }
+ }
+ else if (strcmp(*argv,"-envpassout") == 0)
+ {
+ if (--argc < 1) goto bad;
+ if(!(passout= getenv(*(++argv))))
+ {
+ BIO_printf(bio_err,
+ "Can't read environment variable %s\n",
+ *argv);
+ badops = 1;
+ }
+ argv++;
+ }
+ else if (strcmp(*argv,"-passout") == 0)
+ {
+ if (--argc < 1) goto bad;
+ passout= *(++argv);
+ }
else if (strcmp(*argv,"-pubin") == 0)
pubin=1;
else if (strcmp(*argv,"-pubout") == 0)
bad:
BIO_printf(bio_err,"%s [options] <infile >outfile\n",prog);
BIO_printf(bio_err,"where options are\n");
- BIO_printf(bio_err," -inform arg input format - one of DER NET PEM\n");
- BIO_printf(bio_err," -outform arg output format - one of DER NET PEM\n");
- BIO_printf(bio_err," -in arg input file\n");
- BIO_printf(bio_err," -out arg output file\n");
- BIO_printf(bio_err," -des encrypt PEM output with cbc des\n");
- BIO_printf(bio_err," -des3 encrypt PEM output with ede cbc des using 168 bit key\n");
+ BIO_printf(bio_err," -inform arg input format - one of DER NET PEM\n");
+ BIO_printf(bio_err," -outform arg output format - one of DER NET PEM\n");
+ BIO_printf(bio_err," -in arg input file\n");
+ BIO_printf(bio_err," -passin arg input file pass phrase\n");
+ BIO_printf(bio_err," -envpassin arg environment variable containing input file pass phrase\n");
+ BIO_printf(bio_err," -in arg input file\n");
+ BIO_printf(bio_err," -out arg output file\n");
+ BIO_printf(bio_err," -passout arg input file pass phrase\n");
+ BIO_printf(bio_err," -envpassout arg environment variable containing input file pass phrase\n");
+ BIO_printf(bio_err," -des encrypt PEM output with cbc des\n");
+ BIO_printf(bio_err," -des3 encrypt PEM output with ede cbc des using 168 bit key\n");
#ifndef NO_IDEA
- BIO_printf(bio_err," -idea encrypt PEM output with cbc idea\n");
+ BIO_printf(bio_err," -idea encrypt PEM output with cbc idea\n");
#endif
- BIO_printf(bio_err," -text print the key in text\n");
- BIO_printf(bio_err," -noout don't print key out\n");
- BIO_printf(bio_err," -modulus print the RSA key modulus\n");
- BIO_printf(bio_err," -check verify key consistency\n");
- BIO_printf(bio_err," -pubin expect a public key in input file\n");
- BIO_printf(bio_err," -pubout output a public key\n");
+ BIO_printf(bio_err," -text print the key in text\n");
+ BIO_printf(bio_err," -noout don't print key out\n");
+ BIO_printf(bio_err," -modulus print the RSA key modulus\n");
+ BIO_printf(bio_err," -check verify key consistency\n");
+ BIO_printf(bio_err," -pubin expect a public key in input file\n");
+ BIO_printf(bio_err," -pubout output a public key\n");
goto end;
}
#endif
else if (informat == FORMAT_PEM) {
if(pubin) rsa=PEM_read_bio_RSAPublicKey(in,NULL,NULL,NULL);
- else rsa=PEM_read_bio_RSAPrivateKey(in,NULL,NULL,NULL);
+ else {
+ if(passin) rsa=PEM_read_bio_RSAPrivateKey(in,NULL,
+ key_cb,passin);
+ else rsa=PEM_read_bio_RSAPrivateKey(in,NULL,NULL,NULL);
+ }
}
else
{
else if (outformat == FORMAT_PEM) {
if(pubout || pubin)
i=PEM_write_bio_RSAPublicKey(out,rsa);
- else
- i=PEM_write_bio_RSAPrivateKey(out,rsa,enc,NULL,0,NULL,NULL);
+ else {
+ if(passout) i=PEM_write_bio_RSAPrivateKey(out,rsa,
+ enc,NULL,0,key_cb,passout);
+ else i=PEM_write_bio_RSAPrivateKey(out,rsa,enc,NULL,
+ 0,NULL,NULL);
+ }
} else {
BIO_printf(bio_err,"bad output format specified for outfile\n");
goto end;
=head1 SYNOPSIS
-=item B<openssl> B<asn1parse>
+B<openssl> B<asn1parse>
[B<-inform PEM|DER>]
[B<-in filename>]
[B<-out filename>]
[B<-inform PEM|DER>]
[B<-outform PEM|DER>]
[B<-in filename>]
+[B<-passin password>]
+[B<-envpassin var>]
[B<-out filename>]
+[B<-passout password>]
+[B<-envpassout var>]
[B<-des>]
[B<-des3>]
[B<-idea>]
option is not specified. If the key is encrypted a pass phrase will be
prompted for.
+=item B<-passin password>
+
+the input file password. Since certain utilities like "ps" make the command line
+visible this option should be used with caution.
+
+=item B<-envpassin var>
+
+read the input file password from the environment variable B<var>.
+
=item B<-out filename>
This specifies the output filename to write a key to or standard output by
prompted for. The output filename should B<not> be the same as the input
filename.
+=item B<-passout password>
+
+the output file password. Since certain utilities like "ps" make the command line
+visible this option should be used with caution.
+
+=item B<-envpassout var>
+
+read the output file password from the environment variable B<var>.
+
=item B<-des|-des3|-idea>
These options encrypt the private key with the DES, triple DES, or the
B<oid_section> options in the configuration file. Any additional fields
will be treated as though they were a DirectoryString.
+=back
+
=head1 EXAMPLES
Examine and verify certificate request:
[B<-inform PEM|NET|DER>]
[B<-outform PEM|NET|DER>]
[B<-in filename>]
+[B<-passin password>]
+[B<-envpassin var>]
[B<-out filename>]
+[B<-passout password>]
+[B<-envpassout var>]
[B<-des>]
[B<-des3>]
[B<-idea>]
option is not specified. If the key is encrypted a pass phrase will be
prompted for.
+=item B<-passin password>
+
+the input file password. Since certain utilities like "ps" make the command line
+visible this option should be used with caution.
+
+=item B<-envpassin var>
+
+read the input file password from the environment variable B<var>.
+
=item B<-out filename>
This specifies the output filename to write a key to or standard output by
prompted for. The output filename should B<not> be the same as the input
filename.
+=item B<-passout password>
+
+the output file password. Since certain utilities like "ps" make the command line
+visible this option should be used with caution.
+
+=item B<-envpassout var>
+
+read the output file password from the environment variable B<var>.
+
=item B<-des|-des3|-idea>
These options encrypt the private key with the DES, triple DES, or the
=pod
-=head 1 NAME
+=head1 NAME
version - print version information
=head1 SYNOPSIS
-=item B<openssl version>
+B<openssl version>
[B<-a>]
[B<-v>]
[B<-b>]