openssl/doc/man1/openssl-passwd.pod.in

=pod
{- OpenSSL::safe::output_do_not_edit_headers(); -}

=head1 NAME

openssl-passwd - compute password hashes

=head1 SYNOPSIS

B<openssl passwd>
[B<-help>]
[B<-crypt>]
[B<-1>]
[B<-apr1>]
[B<-aixmd5>]
[B<-5>]
[B<-6>]
[B<-salt> I<string>]
[B<-in> I<file>]
[B<-stdin>]
[B<-noverify>]
[B<-quiet>]
[B<-table>]
{- $OpenSSL::safe::opt_r_synopsis -}
[I<password>]

=for openssl ifdef crypt

=head1 DESCRIPTION

This command computes the hash of a password typed at
run-time or the hash of each password in a list.  The password list is
taken from the named file for option B<-in>, from stdin for
option B<-stdin>, or from the command line, or from the terminal otherwise.
The Unix standard algorithm B<-crypt> and the MD5-based BSD password
algorithm B<-1>, its Apache variant B<-apr1>, and its AIX variant are
available.

=head1 OPTIONS

=over 4

=item B<-help>

Print out a usage message.

=item B<-crypt>

Use the B<crypt> algorithm (default).

=item B<-1>

Use the MD5 based BSD password algorithm B<1>.

=item B<-apr1>

Use the B<apr1> algorithm (Apache variant of the BSD algorithm).

=item B<-aixmd5>

Use the B<AIX MD5> algorithm (AIX variant of the BSD algorithm).

=item B<-5>

=item B<-6>

Use the B<SHA256> / B<SHA512> based algorithms defined by Ulrich Drepper.
See L<https://www.akkadia.org/drepper/SHA-crypt.txt>.

=item B<-salt> I<string>

Use the specified salt.
When reading a password from the terminal, this implies B<-noverify>.

=item B<-in> I<file>

Read passwords from I<file>.

=item B<-stdin>

Read passwords from B<stdin>.

=item B<-noverify>

Don't verify when reading a password from the terminal.

=item B<-quiet>

Don't output warnings when passwords given at the command line are truncated.

=item B<-table>

In the output list, prepend the cleartext password and a TAB character
to each password hash.

{- $OpenSSL::safe::opt_r_item -}

=back

=head1 EXAMPLES

  % openssl passwd -crypt -salt xx password
  xxj31ZMTZzkVA

  % openssl passwd -1 -salt xxxxxxxx password
  $1$xxxxxxxx$UYCIxa628.9qXjpQCjM4a.

  % openssl passwd -apr1 -salt xxxxxxxx password
  $apr1$xxxxxxxx$dxHfLAsjHkDRmG83UXe8K0

  % openssl passwd -aixmd5 -salt xxxxxxxx password
  xxxxxxxx$8Oaipk/GPKhC64w/YVeFD/

=head1 COPYRIGHT

Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.

Licensed under the Apache License 2.0 (the "License").  You may not use
this file except in compliance with the License.  You can obtain a copy
in the file LICENSE in the source distribution or at
L<https://www.openssl.org/source/license.html>.

=cut
'passwd' tool. 2000-02-11 05:50:52 +08:00			`=pod`
Use a function to generate do-not-edit comment Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10316) 2019-10-31 11:35:08 +08:00			`{- OpenSSL::safe::output_do_not_edit_headers(); -}`
Infrastructure for templated doc in POD files Use new doc-build capabilities Add -i flag to dofile. Add doc/man1 to SUBDIRS for the new templated doc files Rewrite commit a397aca (merged from PR 10118) to use the doc-template stuff. Put template references in common place Template options and text come at the end of command-specific options: opt_x, opt_trust, opt_r (in that order). Refactor xchain options. Do doc-nits after building generated sources. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10159) 2019-10-13 05:45:56 +08:00
'passwd' tool. 2000-02-11 05:50:52 +08:00			`=head1 NAME`

Deprecate unprefixed manual entries for openssl commands Initially, the manual page entry for the 'openssl cmd' command used to be available at 'cmd(1)'. Later, the aliases 'openssl-cmd(1)' was introduced, which made it easier to group the openssl commands using the 'apropos(1)' command or the shell's tab completion. In order to reduce cluttering of the global manual page namespace, the manual page entries without the 'openssl-' prefix have been deprecated in OpenSSL 3.0 and will be removed in OpenSSL 4.0. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9666) 2019-08-22 07:04:41 +08:00			`openssl-passwd - compute password hashes`
'passwd' tool. 2000-02-11 05:50:52 +08:00
			`=head1 SYNOPSIS`

			`B<openssl passwd>`
GH628: Add -help to all apps docs. Signed-off-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> 2016-02-06 00:58:45 +08:00			`[B<-help>]`
'passwd' tool. 2000-02-11 05:50:52 +08:00			`[B<-crypt>]`
Update 'openssl passwd' documentation on selection of algorithms. 2000-07-31 20:27:44 +08:00			`[B<-1>]`
Implement MD5-based "apr1" password hash. 2000-02-12 00:25:44 +08:00			`[B<-apr1>]`
'openssl passwd' command can now compute AIX MD5-based passwords hashes. The difference between the AIX MD5 password algorithm and the standard MD5 password algorithm is that in AIX there is no magic string while in the standard MD5 password algorithm the magic string is "$1$" Documentation of '-aixmd5' option of 'openssl passwd' command is added. 1 test is added in test/recipes/20-test-passwd.t Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2251) 2017-01-20 13:37:43 +08:00			`[B<-aixmd5>]`
Document the new SHA256 and SHA512 password generation options Reviewed-by: Rich Salz <rsalz@openssl.org> 2016-09-14 10:07:04 +08:00			`[B<-5>]`
			`[B<-6>]`
Change the example to show apr1 with an 8-character salt. 2000-02-18 19:51:58 +08:00			`[B<-salt> I<string>]`
			`[B<-in> I<file>]`
Implement MD5-based "apr1" password hash. 2000-02-12 00:25:44 +08:00			`[B<-stdin>]`
Improve usability of 'openssl passwd' by including password verification where it makes sense. 2000-11-17 17:03:02 +08:00			`[B<-noverify>]`
'passwd' tool. 2000-02-11 05:50:52 +08:00			`[B<-quiet>]`
			`[B<-table>]`
Infrastructure for templated doc in POD files Use new doc-build capabilities Add -i flag to dofile. Add doc/man1 to SUBDIRS for the new templated doc files Rewrite commit a397aca (merged from PR 10118) to use the doc-template stuff. Put template references in common place Template options and text come at the end of command-specific options: opt_x, opt_trust, opt_r (in that order). Refactor xchain options. Do doc-nits after building generated sources. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10159) 2019-10-13 05:45:56 +08:00			`{- $OpenSSL::safe::opt_r_synopsis -}`
Document command parameters. Add documentation for all commands that have parameters. Fix a couple of minor doc and programming bugs, too. Fixes #10313 Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/10371) 2019-09-20 09:33:17 +08:00			`[I<password>]`
'passwd' tool. 2000-02-11 05:50:52 +08:00
Replace '=for comment ifdef' with '=for openssl' Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10151) 2019-10-11 23:52:12 +08:00			`=for openssl ifdef crypt`
Add '=for comment ifdef' to pod pages Make find-doc-nits understand that =for comment ifdef ssl3 ... in a POD page means that the "-ssl3" flag might be ifdef'd out in the local environment, and not to complain about it. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9974) 2019-09-23 07:49:25 +08:00
'passwd' tool. 2000-02-11 05:50:52 +08:00			`=head1 DESCRIPTION`

Command docs: fix up command references Almost all OpenSSL commands are in reality 'openssl cmd', so make sure they are refered to like that and not just as the sub-command. Self-references are avoided as much as is possible, and replaced with "this command". In some cases, we even avoid that with a slight rewrite of the sentence or paragrah they were in. However, in the few cases where a self-reference is still admissible, they are done in bold, i.e. openssl-speed.pod references itself like this: B<openssl speed> References to other commands are done as manual links, i.e. CA.pl.pod references 'openssl req' like this: L<openssl-req(1)> Some commands are examples rather than references; we enclose those in C<>. While we are it, we abolish "utility", replacing it with "command", or remove it entirely in some cases. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/10065) 2019-10-02 01:43:36 +08:00			`This command computes the hash of a password typed at`
Implement MD5-based "apr1" password hash. 2000-02-12 00:25:44 +08:00			`run-time or the hash of each password in a list. The password list is`
Consistent formatting of flags with args For documentation of all commands with "-flag arg" format them consistently: "B<-flag> I<arg>", except when arg is literal (for example "B<-inform> B<PEM>\|B<DER>") Update find-doc-nits to complain if badly formatted strings are found. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10022) 2019-09-26 03:20:11 +08:00			`taken from the named file for option B<-in>, from stdin for`
Improve usability of 'openssl passwd' by including password verification where it makes sense. 2000-11-17 17:03:02 +08:00			`option B<-stdin>, or from the command line, or from the terminal otherwise.`
Command docs: replacables are in italics, options always start with a dash Quite a lot of replacables were still bold, and some options were mentioned without a beginning dash. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/10065) 2019-10-02 00:16:29 +08:00			`The Unix standard algorithm B<-crypt> and the MD5-based BSD password`
			`algorithm B<-1>, its Apache variant B<-apr1>, and its AIX variant are`
			`available.`
'passwd' tool. 2000-02-11 05:50:52 +08:00
			`=head1 OPTIONS`

			`=over 4`

GH628: Add -help to all apps docs. Signed-off-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> 2016-02-06 00:58:45 +08:00			`=item B<-help>`

			`Print out a usage message.`

'passwd' tool. 2000-02-11 05:50:52 +08:00			`=item B<-crypt>`

			`Use the B<crypt> algorithm (default).`

Update 'openssl passwd' documentation on selection of algorithms. 2000-07-31 20:27:44 +08:00			`=item B<-1>`

			`Use the MD5 based BSD password algorithm B<1>.`

Implement MD5-based "apr1" password hash. 2000-02-12 00:25:44 +08:00			`=item B<-apr1>`

Update 'openssl passwd' documentation on selection of algorithms. 2000-07-31 20:27:44 +08:00			`Use the B<apr1> algorithm (Apache variant of the BSD algorithm).`
Implement MD5-based "apr1" password hash. 2000-02-12 00:25:44 +08:00
'openssl passwd' command can now compute AIX MD5-based passwords hashes. The difference between the AIX MD5 password algorithm and the standard MD5 password algorithm is that in AIX there is no magic string while in the standard MD5 password algorithm the magic string is "$1$" Documentation of '-aixmd5' option of 'openssl passwd' command is added. 1 test is added in test/recipes/20-test-passwd.t Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2251) 2017-01-20 13:37:43 +08:00			`=item B<-aixmd5>`

			`Use the B<AIX MD5> algorithm (AIX variant of the BSD algorithm).`

Document the new SHA256 and SHA512 password generation options Reviewed-by: Rich Salz <rsalz@openssl.org> 2016-09-14 10:07:04 +08:00			`=item B<-5>`

			`=item B<-6>`

			`Use the B<SHA256> / B<SHA512> based algorithms defined by Ulrich Drepper.`
			`See L<https://www.akkadia.org/drepper/SHA-crypt.txt>.`

Change the example to show apr1 with an 8-character salt. 2000-02-18 19:51:58 +08:00			`=item B<-salt> I<string>`
'passwd' tool. 2000-02-11 05:50:52 +08:00
			`Use the specified salt.`
Improve usability of 'openssl passwd' by including password verification where it makes sense. 2000-11-17 17:03:02 +08:00			`When reading a password from the terminal, this implies B<-noverify>.`
'passwd' tool. 2000-02-11 05:50:52 +08:00
Change the example to show apr1 with an 8-character salt. 2000-02-18 19:51:58 +08:00			`=item B<-in> I<file>`
Implement MD5-based "apr1" password hash. 2000-02-12 00:25:44 +08:00
Change the example to show apr1 with an 8-character salt. 2000-02-18 19:51:58 +08:00			`Read passwords from I<file>.`
Implement MD5-based "apr1" password hash. 2000-02-12 00:25:44 +08:00
			`=item B<-stdin>`

			`Read passwords from B<stdin>.`

Improve usability of 'openssl passwd' by including password verification where it makes sense. 2000-11-17 17:03:02 +08:00			`=item B<-noverify>`

			`Don't verify when reading a password from the terminal.`

'passwd' tool. 2000-02-11 05:50:52 +08:00			`=item B<-quiet>`

Implement MD5-based "apr1" password hash. 2000-02-12 00:25:44 +08:00			`Don't output warnings when passwords given at the command line are truncated.`
'passwd' tool. 2000-02-11 05:50:52 +08:00
			`=item B<-table>`

			`In the output list, prepend the cleartext password and a TAB character`
			`to each password hash.`

Infrastructure for templated doc in POD files Use new doc-build capabilities Add -i flag to dofile. Add doc/man1 to SUBDIRS for the new templated doc files Rewrite commit a397aca (merged from PR 10118) to use the doc-template stuff. Put template references in common place Template options and text come at the end of command-specific options: opt_x, opt_trust, opt_r (in that order). Refactor xchain options. Do doc-nits after building generated sources. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10159) 2019-10-13 05:45:56 +08:00			`{- $OpenSSL::safe::opt_r_item -}`
Standardize apps use of -rand, etc. Standardized the -rand flag and added a new one: -rand file... Always reads the specified files -writerand file Always writes to the file on exit For apps that use a config file, the RANDFILE config parameter reads the file at startup (to seed the RNG) and write to it on exit if the -writerand flag isn't used. Ensured that every app that took -rand also took -writerand, and made sure all of that agreed with all the documentation. Fix error reporting in write_file and -rand Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/3862) 2017-07-05 22:58:48 +08:00
'passwd' tool. 2000-02-11 05:50:52 +08:00			`=back`

Change the example to show apr1 with an 8-character salt. 2000-02-18 19:51:58 +08:00			`=head1 EXAMPLES`
'passwd' tool. 2000-02-11 05:50:52 +08:00
Fix some issues found by Denian's lintian tool Also fix some L<> labels and =item entries found while doing this. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/6630) 2018-07-04 00:45:14 +08:00			`% openssl passwd -crypt -salt xx password`
			`xxj31ZMTZzkVA`
Implement MD5-based "apr1" password hash. 2000-02-12 00:25:44 +08:00
Fix some issues found by Denian's lintian tool Also fix some L<> labels and =item entries found while doing this. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/6630) 2018-07-04 00:45:14 +08:00			`% openssl passwd -1 -salt xxxxxxxx password`
			`$1$xxxxxxxx$UYCIxa628.9qXjpQCjM4a.`
Update 'openssl passwd' documentation on selection of algorithms. 2000-07-31 20:27:44 +08:00
Fix some issues found by Denian's lintian tool Also fix some L<> labels and =item entries found while doing this. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/6630) 2018-07-04 00:45:14 +08:00			`% openssl passwd -apr1 -salt xxxxxxxx password`
			`$apr1$xxxxxxxx$dxHfLAsjHkDRmG83UXe8K0`
'passwd' tool. 2000-02-11 05:50:52 +08:00
Fix some issues found by Denian's lintian tool Also fix some L<> labels and =item entries found while doing this. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/6630) 2018-07-04 00:45:14 +08:00			`% openssl passwd -aixmd5 -salt xxxxxxxx password`
			`xxxxxxxx$8Oaipk/GPKhC64w/YVeFD/`
'openssl passwd' command can now compute AIX MD5-based passwords hashes. The difference between the AIX MD5 password algorithm and the standard MD5 password algorithm is that in AIX there is no magic string while in the standard MD5 password algorithm the magic string is "$1$" Documentation of '-aixmd5' option of 'openssl passwd' command is added. 1 test is added in test/recipes/20-test-passwd.t Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2251) 2017-01-20 13:37:43 +08:00
Add copyright to manpages Reviewed-by: Richard Levitte <levitte@openssl.org> 2016-05-18 23:44:05 +08:00			`=head1 COPYRIGHT`

Deprecate unprefixed manual entries for openssl commands Initially, the manual page entry for the 'openssl cmd' command used to be available at 'cmd(1)'. Later, the aliases 'openssl-cmd(1)' was introduced, which made it easier to group the openssl commands using the 'apropos(1)' command or the shell's tab completion. In order to reduce cluttering of the global manual page namespace, the manual page entries without the 'openssl-' prefix have been deprecated in OpenSSL 3.0 and will be removed in OpenSSL 4.0. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9666) 2019-08-22 07:04:41 +08:00			`Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.`
Add copyright to manpages Reviewed-by: Richard Levitte <levitte@openssl.org> 2016-05-18 23:44:05 +08:00
Following the license change, modify the boilerplates in doc/man1/ [skip ci] Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7828) 2018-12-06 21:04:11 +08:00			`Licensed under the Apache License 2.0 (the "License"). You may not use`
Add copyright to manpages Reviewed-by: Richard Levitte <levitte@openssl.org> 2016-05-18 23:44:05 +08:00			`this file except in compliance with the License. You can obtain a copy`
			`in the file LICENSE in the source distribution or at`
			`L<https://www.openssl.org/source/license.html>.`

			`=cut`