(2) OpenSSL command

The format for the OpenSSL command is "OpenSSL command command-options args", and the commandsection has a number of commands that rely on the OpenSSL command to execute, so called Pseudo-command (pseudo-command), each pseudo-command has its own function, most commands can be directly man command to see the use and function of the command.

The following are the pseudo-commands supported by OpenSSL, which are commonly used commands or possible commands with bold and red display.

[email protected] ~]# OpenSSL--helpopenssl:error: '--help ' is an invalid command. # supported standard commands, namely pseudo-command Commandsasn1parseCA Ciphers CMS CRL Crl2pkcs7 dgst dhdhparam DSA Dsaparam EC EcparamEnc Engine Errstr Gendh GENDSAGenpkey Genrsa   Nseq OCSPpasswdPKCS12 PKCS7 Pkcs8PkeyPkeyparamPkeyutlPrime Randreq  RSArsautl S_client s_server s_time sess_id smime   speedSPKAC TS Verify version x509 # When you specify the "dgst" commandone-way encryption supports algorithms that actually support more algorithms, specifically see the DGST commandMessage Digest commands (see the ' dgst ' command for more details) MD2 MD4 MD5 rmd160 sha SHA1 # SpecifySymmetric encryption algorithm supported when symmetric encryption "ENC"Cipher commands (see the ' enc ' command for more details) AES-128-CBC AES-128-ECB AES-192-CBC AES-192-ECB AES-256-CBC AES-256-ECB Base64 BF BF-CBC BF-CFB BF-ECB bf-ofb CAMELLIA-128-CBC CAMELLIA-128-ECB         CAMELLIA-192-CBC CAMELLIA-192-ECB CAMELLIA-256-CBC CAMELLIA-256-ECB cast CAST-CBC CAST5-CBC          CAST5-CFB cast5-ecb cast5-ofb des DES-CBC DES-CFB DES-ECB Des-ede DES-EDE-CBC des-ede-cfb des-ede-ofb des-ede3 DES-EDE3-CBC des-ede3- CFB Des-ede3-ofb DES-OFB des3 desx idea IDEA-CBC IDEA-CF b IDEA-ECB idea-ofb RC2 RC2-40-CBC RC2-64-CBC RC2-CBC rc2-c FB RC2-ECB rc2-ofb RC4 rc4-40 seed SEED-CBC SE ED-CFB SEED-ECB SEED-OFB zlib

Looks very complicated? In fact, it is not complicated, but pseudo-command more points, and many pseudo-commands often use the option of 1 to two.

The following are the possible password-passing formats for the options "-passin" and "-passout" for each pseudo-command, and"-passin" refers to the password that is passed when decrypting, and "-passout" refers to the password that is passed when the encrypted output file is delivered . If you do not give the password format, you will be prompted to enter from the terminal.

Format One: Pass:password:password represents the passed plaintext password

Format two: Env:var: Get the password value from the environment variable var

Format three: The first behavior in the File:filename:filename file to pass the password. if filename is passed to the "-passin" and "-passout" options simultaneously, the value of the first action "-passin" of filename, and the value of the second behavior "-passout"

Format four: stdin: Get the password to pass from standard input

For example, to encrypt a key file so that each use of the key file requires a password, use "-passout" to specify the encryption password, when using the encrypted key file needs to decrypt, using "-passin" to pass the decryption password.

(2) OpenSSL command