mirror of
https://github.com/openssl/openssl.git
synced 2024-11-21 01:15:20 +08:00
Fix some of the command line password stuff. New function
that can automatically determine the type of a DER encoded "traditional" format private key and change some of the d2i functions to use it instead of requiring the application to work out the key type.
This commit is contained in:
parent
47134b7864
commit
20432eae41
10
CHANGES
10
CHANGES
@ -4,6 +4,14 @@
|
||||
|
||||
Changes between 0.9.4 and 0.9.5 [xx XXX 1999]
|
||||
|
||||
*) Add a function 'd2i_AutoPrivateKey()' this will automatically decide
|
||||
if a DER encoded private key is RSA or DSA traditional format. Changed
|
||||
d2i_PrivateKey_bio() to use it. This is only needed for the "traditional"
|
||||
format DER encoded private key. Newer code should use PKCS#8 format which
|
||||
has the key type encoded in the ASN1 structure. Added DER private key
|
||||
support to pkcs8 application.
|
||||
[Steve Henson]
|
||||
|
||||
*) SSL 3/TLS 1 servers now don't request certificates when an anonymous
|
||||
ciphersuites has been selected (as required by the SSL 3/TLS 1
|
||||
specifications). Exception: When SSL_VERIFY_FAIL_IF_NO_PEER_CERT
|
||||
@ -36,7 +44,7 @@
|
||||
check for an object with the same NID as the passed id. Functions can
|
||||
be provided to override either the default behaviour or the behaviour
|
||||
for a given id. SSL client, server and email already have functions
|
||||
in place for compatability: they check the NID and also return "trusted"
|
||||
in place for compatibility: they check the NID and also return "trusted"
|
||||
if the certificate is self signed.
|
||||
[Steve Henson]
|
||||
|
||||
|
@ -140,7 +140,7 @@ int MAIN(int argc, char **argv)
|
||||
else if (strcmp(*argv,"-envpassin") == 0)
|
||||
{
|
||||
if (--argc < 1) goto bad;
|
||||
if(!(passin= getenv(*(++argv))))
|
||||
if(!(passin= getenv(*(++argv))))
|
||||
{
|
||||
BIO_printf(bio_err,
|
||||
"Can't read environment variable %s\n",
|
||||
@ -151,14 +151,13 @@ int MAIN(int argc, char **argv)
|
||||
else if (strcmp(*argv,"-envpassout") == 0)
|
||||
{
|
||||
if (--argc < 1) goto bad;
|
||||
if(!(passout= getenv(*(++argv))))
|
||||
if(!(passout= getenv(*(++argv))))
|
||||
{
|
||||
BIO_printf(bio_err,
|
||||
"Can't read environment variable %s\n",
|
||||
*argv);
|
||||
badops = 1;
|
||||
}
|
||||
argv++;
|
||||
}
|
||||
else if (strcmp(*argv,"-passout") == 0)
|
||||
{
|
||||
|
@ -7,7 +7,9 @@
|
||||
# defined.
|
||||
HOME = .
|
||||
RANDFILE = $ENV::HOME/.rnd
|
||||
oid_file = $ENV::HOME/.oid
|
||||
|
||||
# Extra OBJECT IDENTIFIER info:
|
||||
#oid_file = $ENV::HOME/.oid
|
||||
oid_section = new_oids
|
||||
|
||||
# To use this configuration file with the "-extfile" option of the
|
||||
|
112
apps/pkcs8.c
112
apps/pkcs8.c
@ -57,6 +57,7 @@
|
||||
*/
|
||||
#include <stdio.h>
|
||||
#include <string.h>
|
||||
#include "apps.h"
|
||||
#include <openssl/pem.h>
|
||||
#include <openssl/err.h>
|
||||
#include <openssl/evp.h>
|
||||
@ -80,7 +81,7 @@ int MAIN(int argc, char **argv)
|
||||
X509_SIG *p8;
|
||||
PKCS8_PRIV_KEY_INFO *p8inf;
|
||||
EVP_PKEY *pkey;
|
||||
char pass[50];
|
||||
char pass[50], *passin = NULL, *passout = NULL;
|
||||
int badarg = 0;
|
||||
if (bio_err == NULL) bio_err = BIO_new_fp (stderr, BIO_NOCLOSE);
|
||||
informat=FORMAT_PEM;
|
||||
@ -123,6 +124,38 @@ int MAIN(int argc, char **argv)
|
||||
else if (!strcmp (*args, "-noiter")) iter = 1;
|
||||
else if (!strcmp (*args, "-nocrypt")) nocrypt = 1;
|
||||
else if (!strcmp (*args, "-nooct")) p8_broken = PKCS8_NO_OCTET;
|
||||
else if (!strcmp(*args,"-passin"))
|
||||
{
|
||||
if (!args[1]) goto bad;
|
||||
passin= *(++args);
|
||||
}
|
||||
else if (!strcmp(*args,"-envpassin"))
|
||||
{
|
||||
if (!args[1]) goto bad;
|
||||
if(!(passin= getenv(*(++args))))
|
||||
{
|
||||
BIO_printf(bio_err,
|
||||
"Can't read environment variable %s\n",
|
||||
*args);
|
||||
badarg = 1;
|
||||
}
|
||||
}
|
||||
else if (strcmp(*args,"-envpassout") == 0)
|
||||
{
|
||||
if (!args[1]) goto bad;
|
||||
if(!(passout= getenv(*(++args))))
|
||||
{
|
||||
BIO_printf(bio_err,
|
||||
"Can't read environment variable %s\n",
|
||||
*args);
|
||||
badarg = 1;
|
||||
}
|
||||
}
|
||||
else if (!strcmp(*args,"-passout"))
|
||||
{
|
||||
if (!args[1]) goto bad;
|
||||
passout= *(++args);
|
||||
}
|
||||
else if (!strcmp (*args, "-in")) {
|
||||
if (args[1]) {
|
||||
args++;
|
||||
@ -138,26 +171,31 @@ int MAIN(int argc, char **argv)
|
||||
}
|
||||
|
||||
if (badarg) {
|
||||
BIO_printf (bio_err, "Usage pkcs8 [options]\n");
|
||||
BIO_printf (bio_err, "where options are\n");
|
||||
BIO_printf (bio_err, "-in file input file\n");
|
||||
BIO_printf (bio_err, "-inform X input format (DER or PEM)\n");
|
||||
BIO_printf (bio_err, "-outform X output format (DER or PEM)\n");
|
||||
BIO_printf (bio_err, "-out file output file\n");
|
||||
BIO_printf (bio_err, "-topk8 output PKCS8 file\n");
|
||||
BIO_printf (bio_err, "-nooct use (broken) no octet form\n");
|
||||
BIO_printf (bio_err, "-noiter use 1 as iteration count\n");
|
||||
BIO_printf (bio_err, "-nocrypt use or expect unencrypted private key\n");
|
||||
BIO_printf (bio_err, "-v2 alg use PKCS#5 v2.0 and cipher \"alg\"\n");
|
||||
BIO_printf (bio_err, "-v1 obj use PKCS#5 v1.5 and cipher \"alg\"\n");
|
||||
bad:
|
||||
BIO_printf(bio_err, "Usage pkcs8 [options]\n");
|
||||
BIO_printf(bio_err, "where options are\n");
|
||||
BIO_printf(bio_err, "-in file input file\n");
|
||||
BIO_printf(bio_err, "-inform X input format (DER or PEM)\n");
|
||||
BIO_printf(bio_err, "-passin arg input file pass phrase\n");
|
||||
BIO_printf(bio_err, "-envpassin arg environment variable containing input file pass phrase\n");
|
||||
BIO_printf(bio_err, "-outform X output format (DER or PEM)\n");
|
||||
BIO_printf(bio_err, "-out file output file\n");
|
||||
BIO_printf(bio_err, "-passout arg input file pass phrase\n");
|
||||
BIO_printf(bio_err, "-envpassout arg environment variable containing input file pass phrase\n");
|
||||
BIO_printf(bio_err, "-topk8 output PKCS8 file\n");
|
||||
BIO_printf(bio_err, "-nooct use (broken) no octet form\n");
|
||||
BIO_printf(bio_err, "-noiter use 1 as iteration count\n");
|
||||
BIO_printf(bio_err, "-nocrypt use or expect unencrypted private key\n");
|
||||
BIO_printf(bio_err, "-v2 alg use PKCS#5 v2.0 and cipher \"alg\"\n");
|
||||
BIO_printf(bio_err, "-v1 obj use PKCS#5 v1.5 and cipher \"alg\"\n");
|
||||
return (1);
|
||||
}
|
||||
|
||||
if ((pbe_nid == -1) && !cipher) pbe_nid = NID_pbeWithMD5AndDES_CBC;
|
||||
|
||||
if (infile) {
|
||||
if (!(in = BIO_new_file (infile, "rb"))) {
|
||||
BIO_printf (bio_err,
|
||||
if (!(in = BIO_new_file(infile, "rb"))) {
|
||||
BIO_printf(bio_err,
|
||||
"Can't open input file %s\n", infile);
|
||||
return (1);
|
||||
}
|
||||
@ -165,21 +203,29 @@ int MAIN(int argc, char **argv)
|
||||
|
||||
if (outfile) {
|
||||
if (!(out = BIO_new_file (outfile, "wb"))) {
|
||||
BIO_printf (bio_err,
|
||||
BIO_printf(bio_err,
|
||||
"Can't open output file %s\n", outfile);
|
||||
return (1);
|
||||
}
|
||||
} else out = BIO_new_fp (stdout, BIO_NOCLOSE);
|
||||
|
||||
if (topk8) {
|
||||
if (!(pkey = PEM_read_bio_PrivateKey(in, NULL, NULL, NULL))) {
|
||||
BIO_printf (bio_err, "Error reading key\n", outfile);
|
||||
if(informat == FORMAT_PEM)
|
||||
pkey = PEM_read_bio_PrivateKey(in, NULL, PEM_cb, passin);
|
||||
else if(informat == FORMAT_ASN1)
|
||||
pkey = d2i_PrivateKey_bio(in, NULL);
|
||||
else {
|
||||
BIO_printf(bio_err, "Bad format specified for key\n");
|
||||
return (1);
|
||||
}
|
||||
if (!pkey) {
|
||||
BIO_printf(bio_err, "Error reading key\n", outfile);
|
||||
ERR_print_errors(bio_err);
|
||||
return (1);
|
||||
}
|
||||
BIO_free(in);
|
||||
if (!(p8inf = EVP_PKEY2PKCS8(pkey))) {
|
||||
BIO_printf (bio_err, "Error converting key\n", outfile);
|
||||
BIO_printf(bio_err, "Error converting key\n", outfile);
|
||||
ERR_print_errors(bio_err);
|
||||
return (1);
|
||||
}
|
||||
@ -194,17 +240,20 @@ int MAIN(int argc, char **argv)
|
||||
return (1);
|
||||
}
|
||||
} else {
|
||||
EVP_read_pw_string(pass, 50, "Enter Encryption Password:", 1);
|
||||
if(!passout) {
|
||||
passout = pass;
|
||||
EVP_read_pw_string(pass, 50, "Enter Encryption Password:", 1);
|
||||
}
|
||||
if (!(p8 = PKCS8_encrypt(pbe_nid, cipher,
|
||||
pass, strlen(pass),
|
||||
passout, strlen(passout),
|
||||
NULL, 0, iter, p8inf))) {
|
||||
BIO_printf (bio_err, "Error encrypting key\n",
|
||||
BIO_printf(bio_err, "Error encrypting key\n",
|
||||
outfile);
|
||||
ERR_print_errors(bio_err);
|
||||
return (1);
|
||||
}
|
||||
if(outformat == FORMAT_PEM)
|
||||
PEM_write_bio_PKCS8 (out, p8);
|
||||
PEM_write_bio_PKCS8(out, p8);
|
||||
else if(outformat == FORMAT_ASN1)
|
||||
i2d_PKCS8_bio(out, p8);
|
||||
else {
|
||||
@ -243,8 +292,11 @@ int MAIN(int argc, char **argv)
|
||||
ERR_print_errors(bio_err);
|
||||
return (1);
|
||||
}
|
||||
EVP_read_pw_string(pass, 50, "Enter Password:", 0);
|
||||
p8inf = M_PKCS8_decrypt(p8, pass, strlen(pass));
|
||||
if(!passin) {
|
||||
passin = pass;
|
||||
EVP_read_pw_string(pass, 50, "Enter Password:", 0);
|
||||
}
|
||||
p8inf = M_PKCS8_decrypt(p8, passin, strlen(passin));
|
||||
X509_SIG_free(p8);
|
||||
}
|
||||
|
||||
@ -274,8 +326,14 @@ int MAIN(int argc, char **argv)
|
||||
}
|
||||
|
||||
PKCS8_PRIV_KEY_INFO_free(p8inf);
|
||||
|
||||
PEM_write_bio_PrivateKey(out, pkey, NULL, NULL, 0, NULL, NULL);
|
||||
if(outformat == FORMAT_PEM)
|
||||
PEM_write_bio_PrivateKey(out, pkey, NULL, NULL, 0, PEM_cb, passout);
|
||||
else if(outformat == FORMAT_ASN1)
|
||||
i2d_PrivateKey_bio(out, pkey);
|
||||
else {
|
||||
BIO_printf(bio_err, "Bad format specified for key\n");
|
||||
return (1);
|
||||
}
|
||||
|
||||
EVP_PKEY_free(pkey);
|
||||
BIO_free(out);
|
||||
|
10
apps/req.c
10
apps/req.c
@ -237,14 +237,13 @@ int MAIN(int argc, char **argv)
|
||||
else if (strcmp(*argv,"-envpassout") == 0)
|
||||
{
|
||||
if (--argc < 1) goto bad;
|
||||
if(!(passout= getenv(*(++argv))))
|
||||
if(!(passout= getenv(*(++argv))))
|
||||
{
|
||||
BIO_printf(bio_err,
|
||||
"Can't read environment variable %s\n",
|
||||
*argv);
|
||||
badops = 1;
|
||||
}
|
||||
argv++;
|
||||
}
|
||||
else if (strcmp(*argv,"-passout") == 0)
|
||||
{
|
||||
@ -527,10 +526,9 @@ bad:
|
||||
goto end;
|
||||
}
|
||||
|
||||
/* if (keyform == FORMAT_ASN1)
|
||||
rsa=d2i_RSAPrivateKey_bio(in,NULL);
|
||||
else */
|
||||
if (keyform == FORMAT_PEM)
|
||||
if (keyform == FORMAT_ASN1)
|
||||
pkey=d2i_PrivateKey_bio(in,NULL);
|
||||
else if (keyform == FORMAT_PEM)
|
||||
{
|
||||
pkey=PEM_read_bio_PrivateKey(in,NULL,PEM_cb,passin);
|
||||
}
|
||||
|
@ -161,7 +161,6 @@ int MAIN(int argc, char **argv)
|
||||
*argv);
|
||||
badops = 1;
|
||||
}
|
||||
argv++;
|
||||
}
|
||||
else if (strcmp(*argv,"-passout") == 0)
|
||||
{
|
||||
|
@ -890,8 +890,6 @@ void ASN1_STRING_TABLE_cleanup(void);
|
||||
#define ASN1_F_D2I_POLICYINFO 269
|
||||
#define ASN1_F_D2I_POLICYQUALINFO 270
|
||||
#define ASN1_F_D2I_PRIVATEKEY 155
|
||||
#define ASN1_F_D2I_PRIVATEKEY_BIO 293
|
||||
#define ASN1_F_D2I_PRIVATEKEY_FP 294
|
||||
#define ASN1_F_D2I_PUBLICKEY 156
|
||||
#define ASN1_F_D2I_RSAPRIVATEKEY 157
|
||||
#define ASN1_F_D2I_RSAPUBLICKEY 158
|
||||
|
@ -163,8 +163,6 @@ static ERR_STRING_DATA ASN1_str_functs[]=
|
||||
{ERR_PACK(0,ASN1_F_D2I_POLICYINFO,0), "d2i_POLICYINFO"},
|
||||
{ERR_PACK(0,ASN1_F_D2I_POLICYQUALINFO,0), "d2i_POLICYQUALINFO"},
|
||||
{ERR_PACK(0,ASN1_F_D2I_PRIVATEKEY,0), "d2i_PrivateKey"},
|
||||
{ERR_PACK(0,ASN1_F_D2I_PRIVATEKEY_BIO,0), "d2i_PrivateKey_bio"},
|
||||
{ERR_PACK(0,ASN1_F_D2I_PRIVATEKEY_FP,0), "d2i_PrivateKey_fp"},
|
||||
{ERR_PACK(0,ASN1_F_D2I_PUBLICKEY,0), "d2i_PublicKey"},
|
||||
{ERR_PACK(0,ASN1_F_D2I_RSAPRIVATEKEY,0), "d2i_RSAPrivateKey"},
|
||||
{ERR_PACK(0,ASN1_F_D2I_RSAPUBLICKEY,0), "d2i_RSAPublicKey"},
|
||||
|
@ -112,3 +112,26 @@ err:
|
||||
return(NULL);
|
||||
}
|
||||
|
||||
/* This works like d2i_PrivateKey() except it automatically works out the type */
|
||||
|
||||
EVP_PKEY *d2i_AutoPrivateKey(EVP_PKEY **a, unsigned char **pp,
|
||||
long length)
|
||||
{
|
||||
STACK_OF(ASN1_TYPE) *inkey;
|
||||
unsigned char *p;
|
||||
int keytype;
|
||||
p = *pp;
|
||||
/* Dirty trick: read in the ASN1 data into a STACK_OF(ASN1_TYPE):
|
||||
* by analysing it we can determine the passed structure: this
|
||||
* assumes the input is surrounded by an ASN1 SEQUENCE.
|
||||
*/
|
||||
inkey = d2i_ASN1_SET_OF_ASN1_TYPE(NULL, &p, length, d2i_ASN1_TYPE,
|
||||
ASN1_TYPE_free, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL);
|
||||
/* Since we only need to discern "traditional format" RSA and DSA
|
||||
* keys we can just count the elements.
|
||||
*/
|
||||
if(sk_ASN1_TYPE_num(inkey) == 6) keytype = EVP_PKEY_DSA;
|
||||
else keytype = EVP_PKEY_RSA;
|
||||
sk_ASN1_TYPE_pop_free(inkey, ASN1_TYPE_free);
|
||||
return d2i_PrivateKey(keytype, a, pp, length);
|
||||
}
|
||||
|
@ -632,6 +632,8 @@ int i2d_PublicKey(EVP_PKEY *a, unsigned char **pp);
|
||||
|
||||
EVP_PKEY * d2i_PrivateKey(int type,EVP_PKEY **a, unsigned char **pp,
|
||||
long length);
|
||||
EVP_PKEY * d2i_AutoPrivateKey(EVP_PKEY **a, unsigned char **pp,
|
||||
long length);
|
||||
int i2d_PrivateKey(EVP_PKEY *a, unsigned char **pp);
|
||||
|
||||
int EVP_PKEY_copy_parameters(EVP_PKEY *to,EVP_PKEY *from);
|
||||
|
@ -656,7 +656,7 @@ PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_fp(FILE *fp,
|
||||
int i2d_PKCS8_PRIV_KEY_INFO_fp(FILE *fp,PKCS8_PRIV_KEY_INFO *p8inf);
|
||||
int i2d_PKCS8PrivateKeyInfo_fp(FILE *fp, EVP_PKEY *key);
|
||||
int i2d_PrivateKey_fp(FILE *fp, EVP_PKEY *pkey);
|
||||
EVP_PKEY *d2i_PrivateKey_fp(FILE *fp, int type, EVP_PKEY **a);
|
||||
EVP_PKEY *d2i_PrivateKey_fp(FILE *fp, EVP_PKEY **a);
|
||||
#endif
|
||||
|
||||
#ifdef HEADER_BIO_H
|
||||
@ -687,7 +687,7 @@ PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_bio(BIO *bp,
|
||||
int i2d_PKCS8_PRIV_KEY_INFO_bio(BIO *bp,PKCS8_PRIV_KEY_INFO *p8inf);
|
||||
int i2d_PKCS8PrivateKeyInfo_bio(BIO *bp, EVP_PKEY *key);
|
||||
int i2d_PrivateKey_bio(BIO *bp, EVP_PKEY *pkey);
|
||||
EVP_PKEY *d2i_PrivateKey_bio(BIO *bp, int type, EVP_PKEY **a);
|
||||
EVP_PKEY *d2i_PrivateKey_bio(BIO *bp, EVP_PKEY **a);
|
||||
#endif
|
||||
|
||||
X509 *X509_dup(X509 *x509);
|
||||
|
@ -486,17 +486,10 @@ int i2d_PrivateKey_fp(FILE *fp, EVP_PKEY *pkey)
|
||||
return(ASN1_i2d_fp(i2d_PrivateKey,fp,(unsigned char *)pkey));
|
||||
}
|
||||
|
||||
EVP_PKEY *d2i_PrivateKey_fp(FILE *fp, int type, EVP_PKEY **a)
|
||||
EVP_PKEY *d2i_PrivateKey_fp(FILE *fp, EVP_PKEY **a)
|
||||
{
|
||||
BIO *bp;
|
||||
EVP_PKEY *ret;
|
||||
if(!(bp = BIO_new_fp(fp, BIO_NOCLOSE))) {
|
||||
ASN1err(ASN1_F_D2I_PRIVATEKEY_FP,ERR_R_MALLOC_FAILURE);
|
||||
return NULL;
|
||||
}
|
||||
ret = d2i_PrivateKey_bio(bp, type, a);
|
||||
BIO_free(bp);
|
||||
return ret;
|
||||
return((EVP_PKEY *)ASN1_d2i_fp((char *(*)())EVP_PKEY_new,
|
||||
(char *(*)())d2i_AutoPrivateKey, (fp),(unsigned char **)(a)));
|
||||
}
|
||||
|
||||
#endif
|
||||
@ -531,50 +524,8 @@ int i2d_PrivateKey_bio(BIO *bp, EVP_PKEY *pkey)
|
||||
return(ASN1_i2d_bio(i2d_PrivateKey,bp,(unsigned char *)pkey));
|
||||
}
|
||||
|
||||
EVP_PKEY *d2i_PrivateKey_bio(BIO *bp, int type, EVP_PKEY **a)
|
||||
EVP_PKEY *d2i_PrivateKey_bio(BIO *bp, EVP_PKEY **a)
|
||||
{
|
||||
EVP_PKEY *ret;
|
||||
|
||||
if ((a == NULL) || (*a == NULL))
|
||||
{
|
||||
if ((ret=EVP_PKEY_new()) == NULL)
|
||||
{
|
||||
ASN1err(ASN1_F_D2I_PRIVATEKEY_BIO,ERR_R_EVP_LIB);
|
||||
return(NULL);
|
||||
}
|
||||
}
|
||||
else ret= *a;
|
||||
|
||||
ret->save_type=type;
|
||||
ret->type=EVP_PKEY_type(type);
|
||||
switch (ret->type)
|
||||
{
|
||||
#ifndef NO_RSA
|
||||
case EVP_PKEY_RSA:
|
||||
if ((ret->pkey.rsa=d2i_RSAPrivateKey_bio(bp,NULL)) == NULL)
|
||||
{
|
||||
ASN1err(ASN1_F_D2I_PRIVATEKEY_BIO,ERR_R_ASN1_LIB);
|
||||
goto err;
|
||||
}
|
||||
break;
|
||||
#endif
|
||||
#ifndef NO_DSA
|
||||
case EVP_PKEY_DSA:
|
||||
if ((ret->pkey.dsa=d2i_DSAPrivateKey_bio(bp, NULL)) == NULL)
|
||||
{
|
||||
ASN1err(ASN1_F_D2I_PRIVATEKEY_BIO,ERR_R_ASN1_LIB);
|
||||
goto err;
|
||||
}
|
||||
break;
|
||||
#endif
|
||||
default:
|
||||
ASN1err(ASN1_F_D2I_PRIVATEKEY_BIO,ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE);
|
||||
goto err;
|
||||
/* break; */
|
||||
}
|
||||
if (a != NULL) (*a)=ret;
|
||||
return(ret);
|
||||
err:
|
||||
if ((ret != NULL) && ((a == NULL) || (*a != ret))) EVP_PKEY_free(ret);
|
||||
return(NULL);
|
||||
return((EVP_PKEY *)ASN1_d2i_bio((char *(*)())EVP_PKEY_new,
|
||||
(char *(*)())d2i_AutoPrivateKey, (bp),(unsigned char **)(a)));
|
||||
}
|
||||
|
@ -11,7 +11,11 @@ B<openssl> B<pkcs8>
|
||||
[B<-inform PEM|DER>]
|
||||
[B<-outform PEM|DER>]
|
||||
[B<-in filename>]
|
||||
[B<-passin password>]
|
||||
[B<-envpassin var>]
|
||||
[B<-out filename>]
|
||||
[B<-passout password>]
|
||||
[B<-envpassout var>]
|
||||
[B<-noiter>]
|
||||
[B<-nocrypt>]
|
||||
[B<-nooct>]
|
||||
@ -53,6 +57,15 @@ This specifies the input filename to read a key from or standard input if this
|
||||
option is not specified. If the key is encrypted a pass phrase will be
|
||||
prompted for.
|
||||
|
||||
=item B<-passin password>
|
||||
|
||||
the input file password. Since certain utilities like "ps" make the command line
|
||||
visible this option should be used with caution.
|
||||
|
||||
=item B<-envpassin var>
|
||||
|
||||
read the input file password from the environment variable B<var>.
|
||||
|
||||
=item B<-out filename>
|
||||
|
||||
This specifies the output filename to write a key to or standard output by
|
||||
@ -60,6 +73,15 @@ default. If any encryption options are set then a pass phrase will be
|
||||
prompted for. The output filename should B<not> be the same as the input
|
||||
filename.
|
||||
|
||||
=item B<-passout password>
|
||||
|
||||
the output file password. Since certain utilities like "ps" make the command line
|
||||
visible this option should be used with caution.
|
||||
|
||||
=item B<-envpassout var>
|
||||
|
||||
read the output file password from the environment variable B<var>.
|
||||
|
||||
=item B<-nocrypt>
|
||||
|
||||
PKCS#8 keys generated or input are normally PKCS#8 EncryptedPrivateKeyInfo
|
||||
|
@ -11,7 +11,11 @@ B<openssl> B<req>
|
||||
[B<-inform PEM|DER>]
|
||||
[B<-outform PEM|DER>]
|
||||
[B<-in filename>]
|
||||
[B<-passin password>]
|
||||
[B<-envpassin var>]
|
||||
[B<-out filename>]
|
||||
[B<-passout password>]
|
||||
[B<-envpassout var>]
|
||||
[B<-text>]
|
||||
[B<-noout>]
|
||||
[B<-verify>]
|
||||
@ -59,11 +63,29 @@ This specifies the input filename to read a request from or standard input
|
||||
if this option is not specified. A request is only read if the creation
|
||||
options (B<-new> and B<-newkey>) are not specified.
|
||||
|
||||
=item B<-passin password>
|
||||
|
||||
the input file password. Since certain utilities like "ps" make the command line
|
||||
visible this option should be used with caution.
|
||||
|
||||
=item B<-envpassin var>
|
||||
|
||||
read the input file password from the environment variable B<var>.
|
||||
|
||||
=item B<-out filename>
|
||||
|
||||
This specifies the output filename to write to or standard output by
|
||||
default.
|
||||
|
||||
=item B<-passout password>
|
||||
|
||||
the output file password. Since certain utilities like "ps" make the command line
|
||||
visible this option should be used with caution.
|
||||
|
||||
=item B<-envpassout var>
|
||||
|
||||
read the output file password from the environment variable B<var>.
|
||||
|
||||
=item B<-text>
|
||||
|
||||
prints out the certificate request in text form.
|
||||
@ -269,7 +291,7 @@ consists of lines of the form:
|
||||
fieldName_min= 2
|
||||
fieldName_max= 4
|
||||
|
||||
"fieldName" is the field name being used, for example commonName.
|
||||
"fieldName" is the field name being used, for example commonName (or CN).
|
||||
The "prompt" string is used to ask the user to enter the relvant
|
||||
details. If the user enters nothing then the default value is used if no
|
||||
default value is present then the field is omitted. A field can
|
||||
|
@ -2158,3 +2158,4 @@ d2i_PrivateKey_fp 2182
|
||||
i2d_PrivateKey_bio 2183
|
||||
X509_reject_clear 2184
|
||||
X509_TRUST_set_default 2185
|
||||
d2i_AutoPrivateKey 2186
|
||||
|
Loading…
Reference in New Issue
Block a user