OpenSSL is an open source implementation of the SSL and TLS protocols.

The core library(written in the C programming language) implements the basic cryptographic functions and provides various utility functions. Wrappers allowing the use of the OpenSSL library in a variety of computer languages are available. Versions are available for most Unix-like operating systems (including Solaris, Linux, Mac OS X and the four open source BSD operating systems), OpenVMS and Microsoft Windows. IBM provides a port for the System i (OS/400). OpenSSL is based on SSLeay by Eric A. Young and Tim Hudson, development of which unofficially ended around December 1998, when Young and Hudson both started to work for RSA Security. Algorithms OpenSSL supports a number of different cryptographic algorithms: Ciphers AES, Blowfish, Camellia, SEED, CAST-128, DES, IDEA, RC2, RC4, RC5, Triple DES, GOST 2814789[2] Cryptographic hash functions MD5, MD2, SHA-1, SHA-2, RIPEMD-160, MDC-2, GOST R 34.11-94[2] Public-key cryptography RSA, DSA, DiffieHellman key exchange, Elliptic curve, GOST R 34.10-2001[2]

COMMAND SUMMARY The openssl program provides a rich variety of commands (command in the SYNOPSIS above), each of which often has a wealth of options and arguments (command_opts and command_args in the SYNOPSIS). The pseudo-commands list-standard-commands, list-message-digest-commands, and list-ciphercommands output a list (one entry per line) of the names of all standard commands, message digest commands, or cipher commands, respectively, that are available in the presentopenssl utility. The pseudo-commands list-cipher-algorithms and list-message-digest-algorithms list all cipher and message digest names, one entry per line. Aliases are listed as: from => to The pseudo-command list-public-key-algorithms lists all supported public key algorithms. The pseudo-command no-XXX tests whether a command of the specified name is available. If no command named XXX exists, it returns 0 (success) and prints no-XXX; otherwise it returns 1 and prints XXX. In both cases, the output goes to stdout and nothing is printed to stderr. Additional command line arguments are always ignored. Since for each cipher there is a command of the same name, this provides an easy way for shell scripts to test for the availability of ciphers in the openssl program. (no-XXX is not able to detect pseudo-commands such as quit,list-...commands, or no-XXX itself.) STANDARD COMMANDS ciphers Cipher Suite Description Determination. The cipherlist command converts OpenSSL cipher lists into ordered SSL cipher preference lists. It can be used as a test tool to determine the appropriate cipherlist. dgst Message Digest Calculation. The digest functions output the message digest of a supplied file or files in hexadecimal form. They can also be used for digital signing and verification. dsa DSA Data Management. The dsa command processes DSA keys. They can be converted between various forms and their components printed out. Note This command uses the traditional SSLeay compatible format for private key encryption: newer applications should use the more secure PKCS#8 format using the pkcs8 enc Encoding with Ciphers. passwd Generation of hashed passwords. . pkey Public and private key management. rand Generate pseudo-random bytes.

rsa RSA key management. s_time SSL Connection Timer. sess_id SSL Session Data Management. speed Algorithm Speed Measurement. version OpenSSL Version Information.

Certificate Generation Any of the following command is used to generate the key. gendsa Generation of DSA Private Key from Parameters. Superseded by genpkey and pkey genpkey Generation of Private Key or Parameters. genrsa Generation of RSA Private Key. Superceded by genpkey.

req PKCS#10 X.509 Certificate Signing Request (CSR) Management.

x509 X.509 Certificate Data Management. A X.509 certificate is a structured grouping of information about an individual, a device, or anything one can imagine. A X.509 CRL (certificate revocation list) is a tool to help determine if a certificate is still valid. The exact definition of those can be found in the X.509 document from ITUT, or in RFC3280 from PKIX. In OpenSSL, the type X509 is used to express such a certificate, and the type X509_CRL is used to express a CRL. pkcs12 PKCS#12 Data Management. The pkcs12 command allows PKCS#12 files (sometimes referred to as PFX files) to be created and parsed. PKCS#12 files are used by several programs including Netscape, MSIE and MS Outlook. pkcs7 PKCS#7 Data Management Verification of certificate verify X.509 Certificate Verification. Testing Certificate s_client This implements a generic SSL/TLS client which can establish a transparent connection to a remote server speaking SSL/TLS. It's intended for testing purposes only and provides only rudimentary interface functionality but internally uses mostly all functionality of the OpenSSL ssl library. s_server This implements a generic SSL/TLS server which accepts connections from remote clients speaking SSL/TLS. It's intended for testing purposes only and provides only rudimentary interface functionality but internally uses mostly all functionality of the OpenSSL ssl library. It provides both an own command line oriented protocol for testing SSL functions and a simple HTTP response facility to emulate an SSL/TLSaware webserver.