algname just uses algorithm algname, and parameters, if necessary should be specified via -pkeyopt parameter.ĭsa:filename generates a DSA key using the parameters in the file filename. algname:file use algorithm algname and parameter file file: the two algorithms must match or an error occurs. Param:file generates a key using the parameter file or certificate file, the algorithm is determined by the parameters. newkey rsa specified, the default key size, specified in the configuration file is used.Īll other algorithms support the -newkey alg:file form, where file may be an algorithm parameter file, created by the genpkey -genparam command or and X.509 certificate for a key with appropriate algorithm. rsa:nbits, where nbits is the number of bits, generates an RSA key nbits in size. This option creates a new certificate request and a new private key. This can be used with a subsequent -rand flag. Writes random data to the specified file upon exit. The separator is for MS-Windows,, for OpenVMS, and : for all others. Multiple files can be specified separated by an OS-dependent character. rand file.Ī file or files containing random data used to seed the random number generator. If the -key option is not used it will generate a new RSA private key using information specified in the configuration file. The actual fields prompted for and their maximum and minimum sizes are specified in the configuration file and any requested extensions. It will prompt the user for the relevant field values. This option generates a new certificate request. This option prints out the value of the modulus of the public key contained in the request. This option prevents output of the encoded version of the request. Prints out the request subject (or certificate subject if -x509 is specified) -pubkey Prints out the certificate request in text form. For more information about the format of arg see "Pass Phrase Options" in openssl(1).
This specifies the output filename to write to or standard output by default. Names and values of these options are algorithm-specific. Pass options to the signature algorithm during sign or verify operations. A request is only read if the creation options ( -new and -newkey) are not specified. This specifies the input filename to read a request from or standard input if this option is not specified. This specifies the output format, the options have the same meaning and default as the -inform option. The PEM form is the default format: it consists of the DER format base64 encoded with additional header and footer lines. The DER option uses an ASN1 DER encoded form compatible with the PKCS#10. It can additionally create self signed certificates for use as root CAs for example. The req command primarily creates and processes certificate requests in PKCS#10 format. Openssl-req, req - PKCS#10 certificate request and certificate generating utility SYNOPSIS
0 kommentar(er)
