If no engine is used, the argument is taken as a file. If this option is not specified then the input file ( -in argument) must contain a private key. If additional certificates are present they will also be included in the PKCS#12 output file. The order of credentials in a file doesn't matter but one private key and its corresponding certificate should be present. With the -export option this is a file with certificates and a key, or a URI that refers to a key accessed via an engine. This specifies the input filename or URI. This specifies filename to write the PKCS#12 file to. This option specifies that a PKCS#12 file will be created rather than parsed. This option is deprecated since OpenSSL 3.0 use -noenc instead. Use IDEA to encrypt private keys before outputting. Use triple DES to encrypt private keys before outputting. Use DES to encrypt private keys before outputting. Use Camellia to encrypt private keys before outputting. Use ARIA to encrypt private keys before outputting. Use AES to encrypt private keys before outputting. Only output CA certificates (not client certificates). Only output client certificates (not CA certificates). nomacverÄon't attempt to verify the integrity MAC. Output additional information about the PKCS#12 file structure, algorithms used and iteration counts. The filename to write certificates and private keys to, standard output by default. For use with the -export option see the "PKCS#12 output (export) options" section. Without the -export option this must be PKCS#12 file to be parsed. PKCS#12 input (parsing) options -in filename| uri See "Random State Options" in openssl(1) for details. See "Provider Options" in openssl(1), provider(7), and property(7). provider name -provider-path path -propquery propq If the legacy option is not specified, then the legacy provider is not loaded and the default encryption algorithm for both certificates and private keys is AES_256_CBC with PBKDF2 for key derivation. The default algorithm for private key encryption is 3DES_CBC. In the legacy mode, the default algorithm for certificate encryption is RC2_CBC or 3DES_CBC depending on whether the RC2 cipher is enabled in the build. providers or to set the environment variable OPENSSL_MODULES to point to the directory where the providers can be found. If OpenSSL is not installed system-wide, it is necessary to also use, for example, -provider-path. Use legacy mode of operation and automatically load the legacy provider. This option inhibits all credentials output, and so the input is just verified. Cannot be used in combination with the options -password, -passin if importing from PKCS#12, or -passout if exporting. Prompt for separate integrity and encryption passwords: most software always assumes these are the same so this option will render such PKCS#12 files unreadable. With -export, -password is equivalent to -passout, otherwise it is equivalent to -passin. For more information about the format of arg see openssl-passphrase-options(1). The password source for the input, and for encrypting any private keys that are output. When encountering problems loading legacy PKCS#12 files that involve, for example, RC2-40-CBC, try using the -legacy option and, if needed, the -provider-path option. The default encryption algorithm is AES-256-CBC with PBKDF2 for key derivation. Conversely, the options regarding encryption of private keys when outputting PKCS#12 input are relevant only when the -export option is not given. The PKCS#12 export encryption and MAC options such as -certpbe and -iter and many further options such as -chain are relevant only with -export. A PKCS#12 file can be created by using the -export option (see below). There are a lot of options the meaning of some depends of whether a PKCS#12 file is being created or parsed. PKCS#12 files are used by several programs including Netscape, MSIE and MS Outlook. This command allows PKCS#12 files (sometimes referred to as PFX files) to be created and parsed. Openssl-pkcs12 - PKCS#12 file command SYNOPSIS
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |