Document the behavior of the -inform and related options
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15100)
Tomas Mraz authored 3 years ago
Matt Caswell committed 3 years ago
49 | 49 | behaviour of openssl-genpkey(1) for DH parameter generation. |
50 | 50 | |
51 | 51 | *Shane Lontis* |
52 | ||
53 | * The openssl commands that read keys, certificates, and CRLs now | |
54 | automatically detect the PEM or DER format of the input files so it is not | |
55 | necessary to explicitly specify the input format anymore. However if the | |
56 | input format option is used the specified format will be required. | |
57 | ||
58 | *David von Oheimb, Richard Levitte, and Tomáš Mráz* | |
52 | 59 | |
53 | 60 | * Added enhanced PKCS#12 APIs which accept a library context `OSSL_LIB_CTX` |
54 | 61 | and (where relevant) a property query. Other APIs which handle PKCS#7 and |
113 | 113 | |
114 | 114 | =item B<-inform> B<DER>|B<PEM> |
115 | 115 | |
116 | The format of the data in certificate request input files. | |
117 | The default is PEM. | |
116 | The format of the data in certificate request input files; | |
117 | unspecified by default. | |
118 | See L<openssl-format-options(1)> for details. | |
118 | 119 | |
119 | 120 | =item B<-ss_cert> I<filename> |
120 | 121 | |
149 | 150 | |
150 | 151 | =item B<-certform> B<DER>|B<PEM>|B<P12> |
151 | 152 | |
152 | The format of the data in certificate input files. | |
153 | This option has no effect and is retained for backward compatibility only. | |
153 | The format of the data in certificate input files; unspecified by default. | |
154 | See L<openssl-format-options(1)> for details. | |
154 | 155 | |
155 | 156 | =item B<-keyfile> I<filename>|I<uri> |
156 | 157 | |
159 | 160 | |
160 | 161 | =item B<-keyform> B<DER>|B<PEM>|B<P12>|B<ENGINE> |
161 | 162 | |
162 | The format of the private key input file; the default is B<PEM>. | |
163 | The only value with effect is B<ENGINE>; all others have become obsolete. | |
163 | The format of the private key input file; unspecified by default. | |
164 | 164 | See L<openssl-format-options(1)> for details. |
165 | 165 | |
166 | 166 | =item B<-sigopt> I<nm>:I<v> |
817 | 817 | |
818 | 818 | The B<-section> option was added in OpenSSL 3.0.0. |
819 | 819 | |
820 | The B<-certform> and B<-multivalue-rdn> options | |
821 | have become obsolete in OpenSSL 3.0.0 and have no effect. | |
822 | ||
823 | All B<-keyform> values except B<ENGINE> have become obsolete in OpenSSL 3.0.0 | |
824 | and have no effect. | |
820 | The B<-multivalue-rdn> option has become obsolete in OpenSSL 3.0.0 and | |
821 | has no effect. | |
825 | 822 | |
826 | 823 | The B<-engine> option was deprecated in OpenSSL 3.0. |
827 | 824 |
731 | 731 | |
732 | 732 | =item B<-keyform> I<PEM|DER|P12|ENGINE> |
733 | 733 | |
734 | The format of the key input. | |
735 | The only value with effect is B<ENGINE>. | |
734 | The format of the key input; unspecified by default. | |
736 | 735 | See L<openssl(1)/Format Options> for details. |
737 | 736 | |
738 | 737 | =item B<-otherpass> I<arg> |
240 | 240 | |
241 | 241 | =item B<-keyform> B<DER>|B<PEM>|B<P12>|B<ENGINE> |
242 | 242 | |
243 | The format of the private key file; the default is B<PEM>. | |
244 | The only value with effect is B<ENGINE>; all others have become obsolete. | |
243 | The format of the private key file; unspecified by default. | |
245 | 244 | See L<openssl-format-options(1)> for details. |
246 | 245 | |
247 | 246 | =item B<-rctform> B<DER>|B<PEM>|B<SMIME> |
785 | 784 | |
786 | 785 | The -no_alt_chains option was added in OpenSSL 1.0.2b. |
787 | 786 | |
788 | All B<-keyform> values except B<ENGINE> have become obsolete in OpenSSL 3.0.0 | |
789 | and have no effect. | |
790 | ||
791 | 787 | The B<-nameopt> option was added in OpenSSL 3.0.0. |
792 | 788 | |
793 | 789 | The B<-engine> option was deprecated in OpenSSL 3.0. |
46 | 46 | |
47 | 47 | =item B<-inform> B<DER>|B<PEM> |
48 | 48 | |
49 | The CRL input format. | |
50 | This option has no effect and is retained for backward compatibility only. | |
49 | The CRL input format; unspecified by default. | |
50 | See L<openssl-format-options(1)> for details. | |
51 | 51 | |
52 | 52 | =item B<-outform> B<DER>|B<PEM> |
53 | 53 | |
60 | 60 | |
61 | 61 | =item B<-keyform> B<DER>|B<PEM>|B<P12> |
62 | 62 | |
63 | The format of the private key file. | |
64 | This option has no effect and is retained for backward compatibility only. | |
63 | The format of the private key file; unspecified by default. | |
64 | See L<openssl-format-options(1)> for details. | |
65 | 65 | |
66 | 66 | =item B<-in> I<filename> |
67 | 67 | |
155 | 155 | L<openssl-x509(1)>, |
156 | 156 | L<ossl_store-file(7)> |
157 | 157 | |
158 | =head1 HISTORY | |
159 | ||
160 | The B<-inform> and B<-keyform> options have become obsolete in OpenSSL 3.0.0 | |
161 | and have no effect. | |
162 | ||
163 | 158 | =head1 COPYRIGHT |
164 | 159 | |
165 | 160 | Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. |
107 | 107 | |
108 | 108 | =item B<-keyform> B<DER>|B<PEM>|B<P12>|B<ENGINE> |
109 | 109 | |
110 | The format of the key to sign with; the default is B<PEM>. | |
111 | The only value with effect is B<ENGINE>; all others have become obsolete. | |
110 | The format of the key to sign with; unspecified by default. | |
112 | 111 | See L<openssl-format-options(1)> for details. |
113 | 112 | |
114 | 113 | =item B<-sigopt> I<nm>:I<v> |
255 | 254 | The default digest was changed from MD5 to SHA256 in OpenSSL 1.1.0. |
256 | 255 | The FIPS-related options were removed in OpenSSL 1.1.0. |
257 | 256 | |
258 | All B<-keyform> values except B<ENGINE> have become obsolete in OpenSSL 3.0.0 | |
259 | and have no effect. | |
260 | ||
261 | 257 | The B<-engine> and B<-engine_impl> options were deprecated in OpenSSL 3.0. |
262 | 258 | |
263 | 259 | =head1 COPYRIGHT |
54 | 54 | |
55 | 55 | Print out a usage message. |
56 | 56 | |
57 | =item B<-inform> B<DER>|B<PEM>, B<-outform> B<DER>|B<PEM> | |
57 | =item B<-inform> B<DER>|B<PEM> | |
58 | 58 | |
59 | The input and formats; the default is B<PEM>. | |
59 | The key input format; unspecified by default. | |
60 | See L<openssl-format-options(1)> for details. | |
61 | ||
62 | =item B<-outform> B<DER>|B<PEM> | |
63 | ||
64 | The key output format; the default is B<PEM>. | |
60 | 65 | See L<openssl-format-options(1)> for details. |
61 | 66 | |
62 | 67 | Private keys are a sequence of B<ASN.1 INTEGERS>: the version (zero), B<p>, |
35 | 35 | |
36 | 36 | Print out a usage message. |
37 | 37 | |
38 | =item B<-inform> B<DER>|B<PEM>, B<-outform> B<DER>|B<PEM> | |
38 | =item B<-inform> B<DER>|B<PEM> | |
39 | 39 | |
40 | This option has become obsolete. | |
40 | The DSA parameters input format; unspecified by default. | |
41 | See L<openssl-format-options(1)> for details. | |
42 | ||
43 | =item B<-outform> B<DER>|B<PEM> | |
44 | ||
45 | The DSA parameters output format; the default is B<PEM>. | |
41 | 46 | See L<openssl-format-options(1)> for details. |
42 | 47 | |
43 | 48 | Parameters are a sequence of B<ASN.1 INTEGER>s: B<p>, B<q>, and B<g>. |
52 | 52 | |
53 | 53 | =item B<-inform> B<DER>|B<PEM>|B<P12>|B<ENGINE> |
54 | 54 | |
55 | The key input format; the default is B<PEM>. | |
56 | The only value with effect is B<ENGINE>; all others have become obsolete. | |
55 | The key input format; unspecified by default. | |
57 | 56 | See L<openssl-format-options(1)> for details. |
58 | 57 | |
59 | 58 | =item B<-outform> B<DER>|B<PEM> |
60 | 59 | |
61 | The key output formats; the default is B<PEM>. | |
60 | The key output format; the default is B<PEM>. | |
62 | 61 | See L<openssl-format-options(1)> for details. |
63 | 62 | |
64 | 63 | Private keys are an SEC1 private key or PKCS#8 format. |
42 | 42 | |
43 | 43 | Print out a usage message. |
44 | 44 | |
45 | =item B<-inform> B<DER>|B<PEM>, B<-outform> B<DER>|B<PEM> | |
45 | =item B<-inform> B<DER>|B<PEM> | |
46 | 46 | |
47 | The input and formats; the default is B<PEM>. | |
47 | The EC parameters input format; unspecified by default. | |
48 | See L<openssl-format-options(1)> for details. | |
49 | ||
50 | =item B<-outform> B<DER>|B<PEM> | |
51 | ||
52 | The EC parameters output format; the default is B<PEM>. | |
48 | 53 | See L<openssl-format-options(1)> for details. |
49 | 54 | |
50 | 55 | Parameters are encoded as B<EcpkParameters> as specified in IETF RFC 3279. |
14 | 14 | |
15 | 15 | Several OpenSSL commands can take input or generate output in a variety |
16 | 16 | of formats. |
17 | ||
17 | 18 | Since OpenSSL 3.0 keys, single certificates, and CRLs can be read from |
18 | files in any of the B<DER>, B<PEM> or B<P12> formats, | |
19 | while specifying their input format is no more needed. | |
19 | files in any of the B<DER>, B<PEM> or B<P12> formats. Specifying their input | |
20 | format is no more needed and the openssl commands will automatically try all | |
21 | the possible formats. However if the B<DER> or B<PEM> input format is specified | |
22 | it will be enforced. | |
23 | ||
20 | 24 | In order to access a key via an engine the input format B<ENGINE> may be used; |
21 | 25 | alternatively the key identifier in the <uri> argument of the respective key |
22 | 26 | option may be preceded by C<org.openssl.engine:>. |
38 | 42 | =item B<-keyform> I<format> |
39 | 43 | |
40 | 44 | Format of a private key input source. |
41 | The only value with effect is B<ENGINE>; all others have become obsolete. | |
42 | See L<openssl(1)/Format Options> for details. | |
43 | 45 | |
44 | 46 | =item B<-CRLform> I<format> |
45 | 47 |
77 | 77 | |
78 | 78 | =item B<-inform> B<DER>|B<PEM>|B<P12>|B<ENGINE> |
79 | 79 | |
80 | The key input format; the default is B<PEM>. | |
81 | The only value with effect is B<ENGINE>; all others have become obsolete. | |
80 | The key input format; unspecified by default. | |
82 | 81 | See L<openssl-format-options(1)> for details. |
83 | 82 | |
84 | 83 | =item B<-passin> I<arg> |
90 | 90 | |
91 | 91 | =item B<-keyform> B<DER>|B<PEM>|B<P12>|B<ENGINE> |
92 | 92 | |
93 | The key format; the default is B<PEM>. | |
94 | The only value with effect is B<ENGINE>; all others have become obsolete. | |
93 | The key format; unspecified by default. | |
95 | 94 | See L<openssl-format-options(1)> for details. |
96 | 95 | |
97 | 96 | =item B<-passin> I<arg> |
105 | 104 | |
106 | 105 | =item B<-peerform> B<DER>|B<PEM>|B<P12>|B<ENGINE> |
107 | 106 | |
108 | The peer key format; the default is B<PEM>. | |
109 | The only value with effect is B<ENGINE>; all others have become obsolete. | |
107 | The peer key format; unspecified by default. | |
110 | 108 | See L<openssl-format-options(1)> for details. |
111 | 109 | |
112 | 110 | =item B<-pubin> |
409 | 407 | |
410 | 408 | =head1 HISTORY |
411 | 409 | |
412 | All B<-keyform> values except B<ENGINE> have become obsolete in OpenSSL 3.0.0 | |
413 | and have no effect. | |
414 | ||
415 | 410 | The B<-engine> option was deprecated in OpenSSL 3.0. |
416 | 411 | |
417 | 412 | =head1 COPYRIGHT |
73 | 73 | |
74 | 74 | =item B<-inform> B<DER>|B<PEM>, B<-outform> B<DER>|B<PEM> |
75 | 75 | |
76 | The input and output formats; the default is B<PEM>. | |
76 | The input and output formats; unspecified by default. | |
77 | 77 | See L<openssl-format-options(1)> for details. |
78 | 78 | |
79 | 79 | The data is a PKCS#10 object. |
196 | 196 | |
197 | 197 | =item B<-keyform> B<DER>|B<PEM>|B<P12>|B<ENGINE> |
198 | 198 | |
199 | The format of the private key; the default is B<PEM>. | |
200 | The only value with effect is B<ENGINE>; all others have become obsolete. | |
199 | The format of the private key; unspecified by default. | |
201 | 200 | See L<openssl-format-options(1)> for details. |
202 | 201 | |
203 | 202 | =item B<-keyout> I<filename> |
736 | 735 | |
737 | 736 | The B<-section> option was added in OpenSSL 3.0.0. |
738 | 737 | |
739 | All B<-keyform> values except B<ENGINE> and the B<-multivalue-rdn> option | |
740 | have become obsolete in OpenSSL 3.0.0 and have no effect. | |
738 | The B<-multivalue-rdn> option has become obsolete in OpenSSL 3.0.0 and | |
739 | has no effect. | |
741 | 740 | |
742 | 741 | The B<-engine> option was deprecated in OpenSSL 3.0. |
743 | 742 | The <-nodes> option was deprecated in OpenSSL 3.0, too; use B<-noenc> instead. |
59 | 59 | |
60 | 60 | =item B<-inform> B<DER>|B<PEM>|B<P12>|B<ENGINE> |
61 | 61 | |
62 | The key input format; the default is B<PEM>. | |
63 | The only value with effect is B<ENGINE>; all others have become obsolete. | |
62 | The key input format; unspecified by default. | |
64 | 63 | See L<openssl-format-options(1)> for details. |
65 | 64 | |
66 | 65 | =item B<-outform> B<DER>|B<PEM> |
72 | 72 | |
73 | 73 | =item B<-keyform> B<DER>|B<PEM>|B<P12>|B<ENGINE> |
74 | 74 | |
75 | The key format; the default is B<PEM>. | |
76 | The only value with effect is B<ENGINE>; all others have become obsolete. | |
75 | The key format; unspecified by default. | |
77 | 76 | See L<openssl-format-options(1)> for details. |
78 | 77 | |
79 | 78 | =item B<-pubin> |
230 | 229 | |
231 | 230 | This command was deprecated in OpenSSL 3.0. |
232 | 231 | |
233 | All B<-keyform> values except B<ENGINE> have become obsolete in OpenSSL 3.0.0 | |
234 | and have no effect. | |
235 | ||
236 | 232 | The B<-engine> option was deprecated in OpenSSL 3.0. |
237 | 233 | |
238 | 234 | =head1 COPYRIGHT |
242 | 242 | |
243 | 243 | =item B<-certform> B<DER>|B<PEM>|B<P12> |
244 | 244 | |
245 | The client certificate file format to use; the default is B<PEM>. | |
246 | This option has no effect and is retained for backward compatibility only. | |
245 | The client certificate file format to use; unspecified by default. | |
246 | See L<openssl-format-options(1)> for details. | |
247 | 247 | |
248 | 248 | =item B<-cert_chain> |
249 | 249 | |
262 | 262 | |
263 | 263 | =item B<-CRLform> B<DER>|B<PEM> |
264 | 264 | |
265 | The CRL file format; the default is B<PEM>. | |
265 | The CRL file format; unspecified by default. | |
266 | 266 | See L<openssl-format-options(1)> for details. |
267 | 267 | |
268 | 268 | =item B<-crl_download> |
276 | 276 | |
277 | 277 | =item B<-keyform> B<DER>|B<PEM>|B<P12>|B<ENGINE> |
278 | 278 | |
279 | The key format; the default is B<PEM>. | |
280 | The only value with effect is B<ENGINE>; all others have become obsolete. | |
279 | The key format; unspecified by default. | |
281 | 280 | See L<openssl-format-options(1)> for details. |
282 | 281 | |
283 | 282 | =item B<-pass> I<arg> |
911 | 910 | |
912 | 911 | The B<-certform> option has become obsolete in OpenSSL 3.0.0 and has no effect. |
913 | 912 | |
914 | All B<-keyform> values except B<ENGINE> have become obsolete in OpenSSL 3.0.0 | |
915 | and have no effect. | |
916 | ||
917 | 913 | The B<-engine> option was deprecated in OpenSSL 3.0. |
918 | 914 | |
919 | 915 | =head1 COPYRIGHT |
224 | 224 | |
225 | 225 | =item B<-certform> B<DER>|B<PEM>|B<P12> |
226 | 226 | |
227 | The server certificate file format. | |
228 | This option has no effect and is retained for backward compatibility only. | |
227 | The server certificate file format; unspecified by default. | |
228 | See L<openssl-format-options(1)> for details. | |
229 | 229 | |
230 | 230 | =item B<-cert_chain> |
231 | 231 | |
257 | 257 | |
258 | 258 | =item B<-keyform> B<DER>|B<PEM>|B<P12>|B<ENGINE> |
259 | 259 | |
260 | The key format; the default is B<PEM>. | |
261 | The only value with effect is B<ENGINE>; all others have become obsolete. | |
260 | The key format; unspecified by default. | |
262 | 261 | See L<openssl-format-options(1)> for details. |
263 | 262 | |
264 | 263 | =item B<-pass> I<val> |
287 | 286 | |
288 | 287 | =item B<-dcertform> B<DER>|B<PEM>|B<P12> |
289 | 288 | |
290 | The format of the additional certificate file. | |
291 | This option has no effect and is retained for backward compatibility only. | |
289 | The format of the additional certificate file; unspecified by default. | |
290 | See L<openssl-format-options(1)> for details. | |
292 | 291 | |
293 | 292 | =item B<-dkeyform> B<DER>|B<PEM>|B<P12>|B<ENGINE> |
294 | 293 | |
295 | The format of the additional private key; the default is B<PEM>. | |
296 | The only value with effect is B<ENGINE>; all others have become obsolete. | |
297 | See L<openssl-format-options(1)>. | |
294 | The format of the additional private key; unspecified by default. | |
295 | See L<openssl-format-options(1)> for details. | |
298 | 296 | |
299 | 297 | =item B<-dpass> I<val> |
300 | 298 | |
332 | 330 | |
333 | 331 | =item B<-CRLform> B<DER>|B<PEM> |
334 | 332 | |
335 | The CRL file format; the default is B<PEM>. | |
333 | The CRL file format; unspecified by default. | |
336 | 334 | See L<openssl-format-options(1)> for details. |
337 | 335 | |
338 | 336 | =item B<-crl_download> |
843 | 841 | The |
844 | 842 | -allow-no-dhe-kex and -prioritize_chacha options were added in OpenSSL 1.1.1. |
845 | 843 | |
846 | All B<-keyform> and B<-dkeyform> values except B<ENGINE> | |
847 | have become obsolete in OpenSSL 3.0.0 and have no effect. | |
848 | ||
849 | The B<-certform> and B<-dcertform> options have become obsolete in OpenSSL 3.0.0 | |
850 | and have no effect. | |
851 | ||
852 | 844 | The B<-engine> option was deprecated in OpenSSL 3.0. |
853 | 845 | |
854 | 846 | =head1 COPYRIGHT |
126 | 126 | |
127 | 127 | =item B<-keyform> B<DER>|B<PEM>|B<P12>|B<ENGINE> |
128 | 128 | |
129 | The key format; the default is B<PEM>. | |
130 | The only value with effect is B<ENGINE>; all others have become obsolete. | |
129 | The key format; unspecified by default. | |
131 | 130 | See L<openssl-format-options(1)> for details. |
132 | 131 | |
133 | 132 | =item B<-stream>, B<-indef>, B<-noindef> |
480 | 479 | |
481 | 480 | The -no_alt_chains option was added in OpenSSL 1.1.0. |
482 | 481 | |
483 | All B<-keyform> values except B<ENGINE> have become obsolete in OpenSSL 3.0.0 | |
484 | and have no effect. | |
485 | ||
486 | 482 | The B<-engine> option was deprecated in OpenSSL 3.0. |
487 | 483 | |
488 | 484 | =head1 COPYRIGHT |
59 | 59 | |
60 | 60 | =item B<-keyform> B<DER>|B<PEM>|B<P12>|B<ENGINE> |
61 | 61 | |
62 | The key format; the default is B<PEM>. | |
63 | The only value with effect is B<ENGINE>; all others have become obsolete. | |
62 | The key format; unspecified by default. | |
64 | 63 | See L<openssl-format-options(1)> for details. |
65 | 64 | |
66 | 65 | =item B<-passin> I<arg> |
149 | 148 | |
150 | 149 | =head1 HISTORY |
151 | 150 | |
152 | All B<-keyform> values except B<ENGINE> have become obsolete in OpenSSL 3.0.0 | |
153 | and have no effect. | |
154 | ||
155 | 151 | The B<-engine> option was deprecated in OpenSSL 3.0. |
156 | 152 | |
157 | 153 | =head1 COPYRIGHT |
153 | 153 | |
154 | 154 | =item B<-inform> B<DER>|B<PEM> |
155 | 155 | |
156 | The CSR input file format; the default is B<PEM>. | |
156 | The input file format; unspecified by default. | |
157 | 157 | See L<openssl-format-options(1)> for details. |
158 | 158 | |
159 | 159 | =item B<-vfyopt> I<nm>:I<v> |
180 | 180 | |
181 | 181 | =item B<-keyform> B<DER>|B<PEM>|B<P12>|B<ENGINE> |
182 | 182 | |
183 | The key input format; the default is B<PEM>. | |
184 | The only value with effect is B<ENGINE>; all others have become obsolete. | |
183 | The key input format; unspecified by default. | |
185 | 184 | See L<openssl-format-options(1)> for details. |
186 | 185 | |
187 | 186 | =item B<-out> I<filename> |
467 | 466 | |
468 | 467 | =item B<-CAform> B<DER>|B<PEM>|B<P12>, |
469 | 468 | |
470 | The format for the CA certificate. | |
471 | This option has no effect and is retained for backward compatibility. | |
469 | The format for the CA certificate; unspecifed by default. | |
470 | See L<openssl-format-options(1)> for details. | |
472 | 471 | |
473 | 472 | =item B<-CAkey> I<filename>|I<uri> |
474 | 473 | |
478 | 477 | |
479 | 478 | =item B<-CAkeyform> B<DER>|B<PEM>|B<P12>|B<ENGINE> |
480 | 479 | |
481 | The format for the CA key; the default is B<PEM>. | |
482 | The only value with effect is B<ENGINE>; all others have become obsolete. | |
480 | The format for the CA key; unspecified by default. | |
483 | 481 | See L<openssl-format-options(1)> for details. |
484 | 482 | |
485 | 483 | =item B<-CAserial> I<filename> |
878 | 876 | The B<-signkey> option has been renamed to B<-key> in OpenSSL 3.0, |
879 | 877 | keeping the old name as an alias. |
880 | 878 | |
881 | All B<-keyform> and B<-CAkeyform> values except B<ENGINE> | |
882 | have become obsolete in OpenSSL 3.0.0 and have no effect. | |
883 | ||
884 | The B<-CAform> option has become obsolete in OpenSSL 3.0.0 and has no effect. | |
885 | ||
886 | 879 | The B<-engine> option was deprecated in OpenSSL 3.0. |
887 | 880 | |
888 | 881 | The B<-C> option was removed in OpenSSL 3.0. |