1*b077aed3SPierre Pronchery=pod 2*b077aed3SPierre Pronchery 3*b077aed3SPierre Pronchery=head1 NAME 4*b077aed3SPierre Pronchery 5*b077aed3SPierre Proncheryopenssl-format-options - OpenSSL command input and output format options 6*b077aed3SPierre Pronchery 7*b077aed3SPierre Pronchery=head1 SYNOPSIS 8*b077aed3SPierre Pronchery 9*b077aed3SPierre ProncheryB<openssl> 10*b077aed3SPierre ProncheryI<command> 11*b077aed3SPierre Pronchery[ I<options> ... ] 12*b077aed3SPierre Pronchery[ I<parameters> ... ] 13*b077aed3SPierre Pronchery 14*b077aed3SPierre Pronchery=head1 DESCRIPTION 15*b077aed3SPierre Pronchery 16*b077aed3SPierre ProncherySeveral OpenSSL commands can take input or generate output in a variety 17*b077aed3SPierre Proncheryof formats. 18*b077aed3SPierre Pronchery 19*b077aed3SPierre ProncherySince OpenSSL 3.0 keys, single certificates, and CRLs can be read from 20*b077aed3SPierre Proncheryfiles in any of the B<DER>, B<PEM> or B<P12> formats. Specifying their input 21*b077aed3SPierre Proncheryformat is no more needed and the openssl commands will automatically try all 22*b077aed3SPierre Proncherythe possible formats. However if the B<DER> or B<PEM> input format is specified 23*b077aed3SPierre Proncheryit will be enforced. 24*b077aed3SPierre Pronchery 25*b077aed3SPierre ProncheryIn order to access a key via an engine the input format B<ENGINE> may be used; 26*b077aed3SPierre Proncheryalternatively the key identifier in the <uri> argument of the respective key 27*b077aed3SPierre Proncheryoption may be preceded by C<org.openssl.engine:>. 28*b077aed3SPierre ProncherySee L<openssl(1)/Engine Options> for an example usage of the latter. 29*b077aed3SPierre Pronchery 30*b077aed3SPierre Pronchery=head1 OPTIONS 31*b077aed3SPierre Pronchery 32*b077aed3SPierre Pronchery=head2 Format Options 33*b077aed3SPierre Pronchery 34*b077aed3SPierre ProncheryThe options to specify the format are as follows. 35*b077aed3SPierre ProncheryRefer to the individual man page to see which options are accepted. 36*b077aed3SPierre Pronchery 37*b077aed3SPierre Pronchery=over 4 38*b077aed3SPierre Pronchery 39*b077aed3SPierre Pronchery=item B<-inform> I<format>, B<-outform> I<format> 40*b077aed3SPierre Pronchery 41*b077aed3SPierre ProncheryThe format of the input or output streams. 42*b077aed3SPierre Pronchery 43*b077aed3SPierre Pronchery=item B<-keyform> I<format> 44*b077aed3SPierre Pronchery 45*b077aed3SPierre ProncheryFormat of a private key input source. 46*b077aed3SPierre Pronchery 47*b077aed3SPierre Pronchery=item B<-CRLform> I<format> 48*b077aed3SPierre Pronchery 49*b077aed3SPierre ProncheryFormat of a CRL input source. 50*b077aed3SPierre Pronchery 51*b077aed3SPierre Pronchery=back 52*b077aed3SPierre Pronchery 53*b077aed3SPierre Pronchery=head2 Format Option Arguments 54*b077aed3SPierre Pronchery 55*b077aed3SPierre ProncheryThe possible format arguments are described below. 56*b077aed3SPierre ProncheryBoth uppercase and lowercase are accepted. 57*b077aed3SPierre Pronchery 58*b077aed3SPierre ProncheryThe list of acceptable format arguments, and the default, 59*b077aed3SPierre Proncheryis described in each command documentation. 60*b077aed3SPierre Pronchery 61*b077aed3SPierre Pronchery=over 4 62*b077aed3SPierre Pronchery 63*b077aed3SPierre Pronchery=item B<DER> 64*b077aed3SPierre Pronchery 65*b077aed3SPierre ProncheryA binary format, encoded or parsed according to Distinguished Encoding Rules 66*b077aed3SPierre Pronchery(DER) of the ASN.1 data language. 67*b077aed3SPierre Pronchery 68*b077aed3SPierre Pronchery=item B<ENGINE> 69*b077aed3SPierre Pronchery 70*b077aed3SPierre ProncheryUsed to specify that the cryptographic material is in an OpenSSL B<engine>. 71*b077aed3SPierre ProncheryAn engine must be configured or specified using the B<-engine> option. 72*b077aed3SPierre ProncheryA password or PIN may be supplied to the engine using the B<-passin> option. 73*b077aed3SPierre Pronchery 74*b077aed3SPierre Pronchery=item B<P12> 75*b077aed3SPierre Pronchery 76*b077aed3SPierre ProncheryA DER-encoded file containing a PKCS#12 object. 77*b077aed3SPierre ProncheryIt might be necessary to provide a decryption password to retrieve 78*b077aed3SPierre Proncherythe private key. 79*b077aed3SPierre Pronchery 80*b077aed3SPierre Pronchery=item B<PEM> 81*b077aed3SPierre Pronchery 82*b077aed3SPierre ProncheryA text format defined in IETF RFC 1421 and IETF RFC 7468. Briefly, this is 83*b077aed3SPierre Proncherya block of base-64 encoding (defined in IETF RFC 4648), with specific 84*b077aed3SPierre Proncherylines used to mark the start and end: 85*b077aed3SPierre Pronchery 86*b077aed3SPierre Pronchery Text before the BEGIN line is ignored. 87*b077aed3SPierre Pronchery ----- BEGIN object-type ----- 88*b077aed3SPierre Pronchery OT43gQKBgQC/2OHZoko6iRlNOAQ/tMVFNq7fL81GivoQ9F1U0Qr+DH3ZfaH8eIkX 89*b077aed3SPierre Pronchery xT0ToMPJUzWAn8pZv0snA0um6SIgvkCuxO84OkANCVbttzXImIsL7pFzfcwV/ERK 90*b077aed3SPierre Pronchery UM6j0ZuSMFOCr/lGPAoOQU0fskidGEHi1/kW+suSr28TqsyYZpwBDQ== 91*b077aed3SPierre Pronchery ----- END object-type ----- 92*b077aed3SPierre Pronchery Text after the END line is also ignored 93*b077aed3SPierre Pronchery 94*b077aed3SPierre ProncheryThe I<object-type> must match the type of object that is expected. 95*b077aed3SPierre ProncheryFor example a C<BEGIN X509 CERTIFICATE> will not match if the command 96*b077aed3SPierre Proncheryis trying to read a private key. The types supported include: 97*b077aed3SPierre Pronchery 98*b077aed3SPierre Pronchery ANY PRIVATE KEY 99*b077aed3SPierre Pronchery CERTIFICATE 100*b077aed3SPierre Pronchery CERTIFICATE REQUEST 101*b077aed3SPierre Pronchery CMS 102*b077aed3SPierre Pronchery DH PARAMETERS 103*b077aed3SPierre Pronchery DSA PARAMETERS 104*b077aed3SPierre Pronchery DSA PUBLIC KEY 105*b077aed3SPierre Pronchery EC PARAMETERS 106*b077aed3SPierre Pronchery EC PRIVATE KEY 107*b077aed3SPierre Pronchery ECDSA PUBLIC KEY 108*b077aed3SPierre Pronchery ENCRYPTED PRIVATE KEY 109*b077aed3SPierre Pronchery PARAMETERS 110*b077aed3SPierre Pronchery PKCS #7 SIGNED DATA 111*b077aed3SPierre Pronchery PKCS7 112*b077aed3SPierre Pronchery PRIVATE KEY 113*b077aed3SPierre Pronchery PUBLIC KEY 114*b077aed3SPierre Pronchery RSA PRIVATE KEY 115*b077aed3SPierre Pronchery SSL SESSION PARAMETERS 116*b077aed3SPierre Pronchery TRUSTED CERTIFICATE 117*b077aed3SPierre Pronchery X509 CRL 118*b077aed3SPierre Pronchery X9.42 DH PARAMETERS 119*b077aed3SPierre Pronchery 120*b077aed3SPierre ProncheryThe following legacy I<object-type>'s are also supported for compatibility 121*b077aed3SPierre Proncherywith earlier releases: 122*b077aed3SPierre Pronchery 123*b077aed3SPierre Pronchery DSA PRIVATE KEY 124*b077aed3SPierre Pronchery NEW CERTIFICATE REQUEST 125*b077aed3SPierre Pronchery RSA PUBLIC KEY 126*b077aed3SPierre Pronchery X509 CERTIFICATE 127*b077aed3SPierre Pronchery 128*b077aed3SPierre Pronchery=item B<SMIME> 129*b077aed3SPierre Pronchery 130*b077aed3SPierre ProncheryAn S/MIME object as described in IETF RFC 8551. 131*b077aed3SPierre ProncheryEarlier versions were known as CMS and are compatible. 132*b077aed3SPierre ProncheryNote that the parsing is simple and might fail to parse some legal data. 133*b077aed3SPierre Pronchery 134*b077aed3SPierre Pronchery=back 135*b077aed3SPierre Pronchery 136*b077aed3SPierre Pronchery=head1 COPYRIGHT 137*b077aed3SPierre Pronchery 138*b077aed3SPierre ProncheryCopyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved. 139*b077aed3SPierre Pronchery 140*b077aed3SPierre ProncheryLicensed under the Apache License 2.0 (the "License"). You may not use 141*b077aed3SPierre Proncherythis file except in compliance with the License. You can obtain a copy 142*b077aed3SPierre Proncheryin the file LICENSE in the source distribution or at 143*b077aed3SPierre ProncheryL<https://www.openssl.org/source/license.html>. 144*b077aed3SPierre Pronchery 145*b077aed3SPierre Pronchery=cut 146