| Dr. Stephen Henson | 5e76807 | 1999-11-12 01:04:39 +0000 | [diff] [blame] | 1 | =pod |
| 2 | |
| 3 | =head1 NAME |
| 4 | |
| 5 | pkcs7 - PKCS#7 utility |
| 6 | |
| 7 | =head1 SYNOPSIS |
| 8 | |
| 9 | B<openssl> B<pkcs7> |
| A J Mohan Rao | 169394d | 2016-02-05 11:58:45 -0500 | [diff] [blame] | 10 | [B<-help>] |
| Dr. Stephen Henson | 5e76807 | 1999-11-12 01:04:39 +0000 | [diff] [blame] | 11 | [B<-inform PEM|DER>] |
| 12 | [B<-outform PEM|DER>] |
| 13 | [B<-in filename>] |
| 14 | [B<-out filename>] |
| 15 | [B<-print_certs>] |
| Dr. Stephen Henson | 01aad2c | 1999-11-12 14:04:41 +0000 | [diff] [blame] | 16 | [B<-text>] |
| 17 | [B<-noout>] |
| Richard Levitte | bfa3555 | 2003-01-30 22:02:27 +0000 | [diff] [blame] | 18 | [B<-engine id>] |
| Dr. Stephen Henson | 5e76807 | 1999-11-12 01:04:39 +0000 | [diff] [blame] | 19 | |
| 20 | =head1 DESCRIPTION |
| 21 | |
| 22 | The B<pkcs7> command processes PKCS#7 files in DER or PEM format. |
| 23 | |
| Rich Salz | 3dfda1a | 2016-12-12 11:14:40 -0500 | [diff] [blame] | 24 | =head1 OPTIONS |
| Dr. Stephen Henson | 5e76807 | 1999-11-12 01:04:39 +0000 | [diff] [blame] | 25 | |
| 26 | =over 4 |
| 27 | |
| A J Mohan Rao | 169394d | 2016-02-05 11:58:45 -0500 | [diff] [blame] | 28 | =item B<-help> |
| 29 | |
| 30 | Print out a usage message. |
| 31 | |
| Dr. Stephen Henson | 5e76807 | 1999-11-12 01:04:39 +0000 | [diff] [blame] | 32 | =item B<-inform DER|PEM> |
| 33 | |
| 34 | This specifies the input format. B<DER> format is DER encoded PKCS#7 |
| 35 | v1.5 structure.B<PEM> (the default) is a base64 encoded version of |
| 36 | the DER form with header and footer lines. |
| 37 | |
| 38 | =item B<-outform DER|PEM> |
| 39 | |
| Rich Salz | 1bc7451 | 2016-05-20 08:11:46 -0400 | [diff] [blame] | 40 | This specifies the output format, the options have the same meaning as the |
| Dr. Stephen Henson | 5e76807 | 1999-11-12 01:04:39 +0000 | [diff] [blame] | 41 | B<-inform> option. |
| 42 | |
| 43 | =item B<-in filename> |
| 44 | |
| 45 | This specifies the input filename to read from or standard input if this |
| 46 | option is not specified. |
| 47 | |
| 48 | =item B<-out filename> |
| 49 | |
| 50 | specifies the output filename to write to or standard output by |
| 51 | default. |
| 52 | |
| 53 | =item B<-print_certs> |
| 54 | |
| 55 | prints out any certificates or CRLs contained in the file. They are |
| 56 | preceded by their subject and issuer names in one line format. |
| 57 | |
| Dr. Stephen Henson | 954ef7e | 1999-11-12 01:42:25 +0000 | [diff] [blame] | 58 | =item B<-text> |
| 59 | |
| 60 | prints out certificates details in full rather than just subject and |
| 61 | issuer names. |
| 62 | |
| 63 | =item B<-noout> |
| 64 | |
| 65 | don't output the encoded version of the PKCS#7 structure (or certificates |
| 66 | is B<-print_certs> is set). |
| 67 | |
| Richard Levitte | bfa3555 | 2003-01-30 22:02:27 +0000 | [diff] [blame] | 68 | =item B<-engine id> |
| 69 | |
| Dr. Stephen Henson | e5fa864 | 2009-04-15 15:27:03 +0000 | [diff] [blame] | 70 | specifying an engine (by its unique B<id> string) will cause B<pkcs7> |
| Richard Levitte | bfa3555 | 2003-01-30 22:02:27 +0000 | [diff] [blame] | 71 | to attempt to obtain a functional reference to the specified engine, |
| 72 | thus initialising it if needed. The engine will then be set as the default |
| 73 | for all available algorithms. |
| 74 | |
| Dr. Stephen Henson | 5e76807 | 1999-11-12 01:04:39 +0000 | [diff] [blame] | 75 | =back |
| 76 | |
| 77 | =head1 EXAMPLES |
| 78 | |
| 79 | Convert a PKCS#7 file from PEM to DER: |
| 80 | |
| 81 | openssl pkcs7 -in file.pem -outform DER -out file.der |
| 82 | |
| 83 | Output all certificates in a file: |
| 84 | |
| 85 | openssl pkcs7 -in file.pem -print_certs -out certs.pem |
| 86 | |
| Dr. Stephen Henson | 3142c86 | 2000-02-23 01:11:01 +0000 | [diff] [blame] | 87 | =head1 NOTES |
| 88 | |
| 89 | The PEM PKCS#7 format uses the header and footer lines: |
| 90 | |
| 91 | -----BEGIN PKCS7----- |
| 92 | -----END PKCS7----- |
| 93 | |
| Ulf Möller | 3b80e3a | 2001-09-07 06:13:40 +0000 | [diff] [blame] | 94 | For compatibility with some CAs it will also accept: |
| Dr. Stephen Henson | 3142c86 | 2000-02-23 01:11:01 +0000 | [diff] [blame] | 95 | |
| 96 | -----BEGIN CERTIFICATE----- |
| 97 | -----END CERTIFICATE----- |
| 98 | |
| Dr. Stephen Henson | 5e76807 | 1999-11-12 01:04:39 +0000 | [diff] [blame] | 99 | =head1 RESTRICTIONS |
| 100 | |
| 101 | There is no option to print out all the fields of a PKCS#7 file. |
| 102 | |
| Rich Salz | 1bc7451 | 2016-05-20 08:11:46 -0400 | [diff] [blame] | 103 | This PKCS#7 routines only understand PKCS#7 v 1.5 as specified in RFC2315 they |
| Dr. Stephen Henson | c447129 | 1999-11-12 01:07:33 +0000 | [diff] [blame] | 104 | cannot currently parse, for example, the new CMS as described in RFC2630. |
| Dr. Stephen Henson | 5e76807 | 1999-11-12 01:04:39 +0000 | [diff] [blame] | 105 | |
| 106 | =head1 SEE ALSO |
| 107 | |
| Rich Salz | 9b86974 | 2015-08-17 15:21:33 -0400 | [diff] [blame] | 108 | L<crl2pkcs7(1)> |
| Dr. Stephen Henson | 5e76807 | 1999-11-12 01:04:39 +0000 | [diff] [blame] | 109 | |
| Rich Salz | e2f9261 | 2016-05-18 11:44:05 -0400 | [diff] [blame] | 110 | =head1 COPYRIGHT |
| 111 | |
| 112 | Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. |
| 113 | |
| 114 | Licensed under the OpenSSL license (the "License"). You may not use |
| 115 | this file except in compliance with the License. You can obtain a copy |
| 116 | in the file LICENSE in the source distribution or at |
| 117 | L<https://www.openssl.org/source/license.html>. |
| 118 | |
| 119 | =cut |
