1.1 ssl command Series Preface
openssl command format is "the Command-openssl the Command Options args", the Command section there are many commands that need to rely on the openssl command to execute, so called pseudo-command ( pseudo-the Command), each with its own pseudo-command function, most of the command can be directly man command to see the command usage and functions.
1.2 openssl commander
The following are supported by pseudo-openssl command, the command may be used or frequently used commands on a bold and red shows the user these commands will be introduced one by one in a later article.
[root@docker-01 ~]# openssl --help openssl:Error: '--help' is an invalid command. Standard commands asn1parse ca ciphers cms crl crl2pkcs7 dgst dh dhparam dsa dsaparam ec ecparam enc engine errstr gendh gendsa genpkey genrsa nseq ocsp passwd pkcs12 pkcs7 pkcs8 pkey pkeyparam pkeyutl prime rand req rsa rsautl s_client s_server s_time sess_id smime speed spkac ts verify version x509
# Specifies the algorithm that is one-way encryption support when "dgst" command, actually supports more algorithms, see the specific command dgst
Message Digest commands (see the `dgst' command for more details) md2 md4 md5 rmd160 sha sha1
# Specifies the symmetric encryption algorithm supports symmetric encryption "enc"
Cipher commands (see the `enc' command for more details) aes-128-cbc aes-128-ecb aes-192-cbc aes-192-ecb aes-256-cbc aes-256-ecb base64 bf bf-cbc bf-cfb bf-ecb bf-ofb camellia-128-cbc camellia-128-ecb camellia-192-cbc camellia-192-ecb camellia-256-cbc camellia-256-ecb cast cast-cbc cast5-cbc cast5-cfb cast5-ecb cast5-ofb des des-cbc des-cfb des-ecb des-ede des-ede-cbc des-ede-cfb des-ede-ofb des-ede3 des-ede3-cbc des-ede3-cfb des-ede3-ofb des-ofb des3 desx idea idea-cbc idea-cfb idea-ecb idea-ofb rc2 rc2-40-cbc rc2-64-cbc rc2-cbc rc2-cfb rc2-ecb rc2-ofb rc4 rc4-40 rc5 rc5-cbc rc5-cfb rc5-ecb rc5-ofb seed seed-cbc seed-cfb seed-ecb seed-ofb zlib
The following are the options for each pseudo-command "-passin" and "-passout" might use a password to transfer format, "- passin" refers to the transfer of password decryption, "- passout" refers to the time of transfer encrypted output file password. If you do not format the given password you will be prompted to enter the terminal. This is no longer dwell in a later article.
Formats: pass: password: password indicates a plain text password transfer format two: env : var: var obtain the password value from the environment variable format three: File : filename: filename password the first acts of the file to be transferred. If the filename while passing to the " -passin " and " -passout " option, the filename of the first acts of " -passin " value, the second behavior " -passout " value quadruple form: stdin: from standard input to be passed to obtain password
For example, a key to encrypt the file so that each time you use that key documents are required to enter a password, use the "-passout" specify the encryption password when using the encrypted key file needs to be decrypted, using the "-passin" transfer to decrypt the password.