Chinaunix首页 | 论坛 | 博客
  • 博客访问: 561347
  • 博文数量: 375
  • 博客积分: 0
  • 博客等级: 民兵
  • 技术积分: 15
  • 用 户 组: 普通用户
  • 注册时间: 2013-09-20 10:21
文章分类

全部博文(375)

文章存档

2015年(1)

2014年(374)

分类: LINUX

2014-08-18 13:37:47

原文地址:[手册] Openssl 命令手册 作者:ailms

OPENSSL(1)      OpenSSL      OPENSSL(1)
 
 
 
NAME
       openssl - OpenSSL command line tool
 
# 注释 :openssl 是 OpenSSL 的命令行工具
 
SYNOPSIS
       openssl command [ command_opts ] [ command_args ]
 
       openssl [ list-standard-commands │ list-message-digest-commands │list-cipher-commands ]    # 注释 :这三个选项可以用于列出不同的命令
 
       openssl no-XXX [ arbitrary options ]
 
DESCRIPTION

       OpenSSL is a cryptography toolkit implementing the Secure Sockets
       Layer (SSL v2/v3) and Transport Layer Security (TLS v1) network proto-
       cols and related cryptography standards required by them.
 
        # 注释 :OpenSSL 是一个密码工具,用于实现 SSL (v2 和 v3)以及 TLS v1 协议,以及这些协议
 
        # 所要求的一些加密标准
 
       The openssl program is a command line tool for using the various cryp-
       tography functions of OpenSSL’s crypto library from the shell.  It can
       be used for
 
        # 注释 :openssl 是一个命令行工具,它使用于 OpenSSL 的各个加密库的不同加密函数,它可以用于 :
 
        #     -)1、建立 RSA、DH、DSA key 参数
        
        #     -)2、建立 X.509 证书、证书签名请求(CSR)和 CRLs(证书回收列表)
 
        #     -)3、计算消息摘要
 
        #     -)4、使用各种 Cipher 加密/解密
 
        #     -)5、SSL/TLS 客户端以及服务器的测试
 
        #     -)6、处理 S/MIME 或者加密邮件
 
 o  Creation of RSA, DH and DSA key parameters
 o  Creation of X.509 certificates, CSRs and CRLs
 o  Calculation of Message Digests
 o  Encryption and Decryption with Ciphers
 o  SSL/TLS Client and Server Tests
 o  Handling of S/MIME signed or encrypted mail
 
COMMAND SUMMARY

       The openssl program provides a rich variety of commands (command in
       the SYNOPSIS above), each of which often has a wealth of options and
       arguments (command_opts and command_args in the SYNOPSIS).
 
        # 注释 :openssl 提供了很多不同的命令,每个子命令有很多的选项和参数。
 
       The pseudo-commands list-standard-commands, list-message-digest-com-
       mands, and list-cipher-commands output a list (one entry per line) of
       the names of all standard commands, message digest commands, or cipher
       commands, respectively, that are available in the present openssl
       utility.
 
        # 注释 :上面提到的 list-standard-commands、list-message-digest-commands、list-cipher-commands
 
        # 是三个伪命令,它们用于输出一个所有标准命令、消息摘要命令、Cipher 命令的列表。
 
       The pseudo-command no-XXX tests whether a command of the specified
       name is available.  If no command named XXX exists, it returns 0 (suc-
       cess) and prints no-XXX; otherwise it returns 1 and prints XXX. In
       both cases, the output goes to stdout and nothing is printed to
       stderr. Additional command line arguments are always ignored.  Since
       for each cipher there is a command of the same name, this provides an
       easy way for shell scripts to test for the availability of ciphers in
       the openssl program.  (no-XXX is not able to detect pseudo-commands
       such as quit, list-...-commands, or no-XXX itself.)
 
        # 注释 :no-XXX 同样也是一个伪命令,它用于测试一个命令是否存在。如果 xxx 命令不存在,则返回 0,并打印 no-xxx
 
        # 如果它存在则返回1,并打印 xxx ,表示存在该命令 xxx
 
        # 这两种情况的结果都是输出到 stdout ,而不是输出到 stderr 。其他的命令行参数都会被忽略,
 
        # 这个命令可以被用于测试某个 Cipher 是否有效,不过它不能用于测试这些伪命令
 
[root@dhcp tmp]# openssl no-suchcmd
no-suchcmd
[root@dhcp tmp]# openssl no-rsa
rsa
[root@dhcp tmp]#
 
STANDARD COMMANDS                                # 注释 :下面是标准命令,必须有的
 
       asn1parse Parse an ASN.1 sequence.                    # 注释 :asn1parse 用于解释用 ANS.1 语法书写的语句,ASN 一般用于定义语法的构成
 
       ca  Certificate Authority (CA) Management.            # 注释 :ca 用于 CA 的管理
 
       ciphers  Cipher Suite Description Determination.        # 注释 :ciphers 是 Cipher suite 的介绍
 
       crl  Certificate Revocation List (CRL) Management.        # 注释 :crl 是用于管理 CRL 列表
 
       crl2pkcs7 CRL to PKCS#7 Conversion.                        # 注释 :crl2pcks7 是用于 CRL 和 PKCS#7 之间的转换
 
       dgst  Message Digest Calculation.                            # 注释 :dgst 用于计算消息摘要
 
       dh  Diffie-Hellman Parameter Management.  Obsoleted by dhparam.        
 
       dsa  DSA Data Management.                                   # 注释 :dsa 是 DSA 数据管理工具
 
       dsaparam  DSA Parameter Generation.                         # 注释 :dsaparm 是 DSA 的参数
 
       enc  Encoding with Ciphers.                                 # 注释 :enc 是 Cipher 所使用的编码
 
       errstr  Error Number to Error String Conversion.            # 注释 :errstr 是错误编号到错误字符串的转换
 
       dhparam  Generation and Management of Diffie-Hellman Parameters.        # 注释 :dhparm 是 Diffie-Hellman 参数的管理
 
       gendh  Generation of Diffie-Hellman Parameters.  Obsoleted by dhparam.    
 
       gendsa  Generation of DSA Parameters.                        # 注释 :gendsa 用于生成 DSA 参数
 
       genrsa  Generation of RSA Parameters.                        # 注释 :genrsa 用于生成 RSA 参数
 
       ocsp  Online Certificate Status Protocol utility.            # 注释 :oscp 是在线证书状态查询工具
 
       passwd  Generation of hashed passwords.                      # 注释 :passwd 是 hash 密码的管理
 
       pkcs12  PKCS#12 Data Management.                                # 注释 :pkcs12 是 PKCS#12 数据的管理
 
       pkcs7  PKCS#7 Data Management.                                # 注释 :pcks7 是 PCKS#7 数据的管理
 
       rand  Generate pseudo-random bytes.                            # 注释 :rand 是用于生成伪随机数
 
       req  X.509 Certificate Signing Request (CSR) Management.        # 注释 :req 生成一个 CSR
 
       rsa  RSA Data Management.                                        # 注释 :rsa 是 RSA 数据管理
 
       rsautl  RSA utility for signing, verification, encryption, and decryption.    # 注释 :rsautl 是 RSA 工具,用于签名、验证、加密、解密
 
       s_client  This implements a generic SSL/TLS client which can establish        # 注释 :s_client 是 SSL/TLS 客户端的实现。可以用于建立一个透明的
                   a transparent connection to a remote server speaking                       连接到一个远端的 SSL/TLS 服务器。该工具只是用于测试目的
                   SSL/TLS. It’s intended for testing purposes only and pro-                  
                   vides only rudimentary interface functionality but inter-
                   nally uses mostly all functionality of the OpenSSL ssl
                   library.
 
       s_server  This implements a generic SSL/TLS server which accepts con-            # 注释 :s_server 是 s_client 的相反,用于接受来自远程的
                   nections from remote clients speaking SSL/TLS. It’s intended                 SSL/TLS 连接。同样也只是用于测试目的而已
                   for testing purposes only and provides only rudimentary
                   interface functionality but internally uses mostly all func-
                   tionality of the OpenSSL ssl library. It provides both an
                   own command line oriented protocol for testing SSL functions
                   and a simple HTTP response facility to emulate an
                   SSL/TLS-aware webserver.
     
       s_time  SSL Connection Timer.            # 注释 :s_time 是 SSL 连接计时工具
 
       sess_id  SSL Session Data Management.    # 注释 :sess_id 是 SSL 会话管理
 
       smime  S/MIME mail processing.            # 注释 :smime 是 S/MIME 邮件处理
 
       speed  Algorithm Speed Measurement.        # 注释 :speed 是性能测试
 
       verify  X.509 Certificate Verification.    # 注释 :verify 用于验证一个 X.509 证书
 
       version  OpenSSL Version Information.        # 注释 :version 用于打印版本信息
 
       x509  X.509 Certificate Data Management.        # 注释 :x509 用于 X.509 证书的管理
 
 
MESSAGE DIGEST COMMANDS             # 注释 :下面是用于生成数字摘要的命令
 

       md2  MD2 Digest                    # 注释 :md2 是 MD2 数字摘要命令
 
       md5  MD5 Digest                    # 注释 :md5 是 MD5 数字摘要命令(最常用)
 
       mdc2  MDC2 Digest                  # 注释 :mdc2 是 MDC2 数字摘要命令
 
       rmd160  RMD-160 Digest             # 注释 :rmd160 是 RMD-160 数字摘要命令
 
       sha  SHA Digest                    # 注释 :sha 是 SHA 数字摘要
 
       sha1  SHA-1 Digest                 # 注释 :sha1 是 SHA-1 数字摘要(最常用)
 
 
ENCODING AND CIPHER COMMANDS         # 注释 :下面是编码和 Cipher(加密)命令

   base64  Base64 Encoding                # 注释 :下面是 Base64 编码的相关命令
 
       bf bf-cbc bf-cfb bf-ecb bf-ofb        # 注释 :有 bf、bf-cbc、 等5 个命令

   Blowfish Cipher                        # 注释 :下面是 Blowfish Cipher
 
       cast cast-cbc                         # 注释 :有2个命令
   CAST Cipher                            # 注释 :下面是 CAST Cipher
 
       cast5-cbc cast5-cfb cast5-ecb cast5-ofb        # 注释 :有4个命令
   CAST5 Cipher                            # 注释 :下面是 CAST5 Cipher 
 
       des des-cbc des-cfb des-ecb des-ede des-ede-cbc des-ede-cfb des-ede-ofb des-ofb
   DES Cipher                        # 注释 :下面是 DES Cipher
 
       des3 desx des-ede3 des-ede3-cbc des-ede3-cfb des-ede3-ofb

   Triple-DES Cipher
 
       idea idea-cbc idea-cfb idea-ecb idea-ofb
   IDEA Cipher
 
       rc2 rc2-cbc rc2-cfb rc2-ecb rc2-ofb
   RC2 Cipher
 
       rc4  RC4 Cipher
   RC5 Cipher
 
    rc5 rc5-cbc rc5-cfb rc5-ecb rc5-ofb
 
PASS PHRASE ARGUMENTS

       Several commands accept password arguments, typically using -passin
       and -passout for input and output passwords respectively. These allow
       the password to be obtained from a variety of sources. Both of these
       options take a single argument whose format is described below. If no
       password argument is given and a password is required then the user is
       prompted to enter one: this will typically be read from the current
       terminal with echoing turned off.
 
        # 注释 :有几个命令接受密码作为参数。一般是 -passin 和 -passout 用于输入/输出密码。
 
        # 它允许从多个源头获取密码,这两个选项都只接受一个参数,格式如下。
 
        # 如果没有给出 -passin 或者 -passout ,但实际需要密码,则会提示用户输入密码。
 
        # 它是从终端接受输入,而且关闭回显功能。
 
       pass:password
           the actual password is password. Since the password is visi-
           ble to utilities (like ’ps’ under Unix) this form should
           only be used where security is not important.
 
        # 注释 :pass:password 中的 passsword 是真正的密码,不过它可以被 ps 命令看到,所以不建议用该方式
 
       env:var
           obtain the password from the environment variable var. Since
           the environment of other processes is visible on certain
           platforms (e.g. ps under certain Unix OSes) this option
           should be used with caution.
 
        # 注释 :env:var 通过环境变量获取密码值。同样也是不安全。
 
       file:pathname
           the first line of pathname is the password. If the same
           pathname argument is supplied to -passin and -passout
           arguments then the first line will be used for the input
           password and the next line for the output password. pathname
           need not refer to a regular file: it could for example refer
           to a device or named pipe.
 
        # 注释 :file: ,如果同时给出了 -passin 和 -passout ,则第一个 file 是输入密码,第2个 file 是输出密码,
    
        # 一般是指向普通文件,但也可以是设备或者 named pipe 。建议使用这种。
 
       fd:number
            read the password from the file descriptor number. This can
            be used to send the data via a pipe for example.
 
        # 注释 :fd 读取指定的文件描述符。这可以通过管道发送密码
 
       stdin  read the password from standard input.
 
SEE ALSO
       asn1parse(1), ca(1), config(5), crl(1), crl2pkcs7(1), dgst(1),
       dhparam(1), dsa(1), dsaparam(1), enc(1), gendsa(1), genrsa(1),
       nseq(1), openssl(1), passwd(1), pkcs12(1), pkcs7(1), pkcs8(1),
       rand(1), req(1), rsa(1), rsautl(1), s_client(1), s_server(1),
       smime(1), spkac(1), verify(1), version(1), x509(1), crypto(3), ssl(3)
 
HISTORY
       The openssl(1) document appeared in OpenSSL 0.9.2.  The list-XXX-com-
       mands pseudo-commands were added in OpenSSL 0.9.3; the no-XXX pseudo-
       commands were added in OpenSSL 0.9.5a.  For notes on the availability
       of other commands, see their individual manual pages.
 
 
 
0.9.7a      2001-08-08      OPENSSL(1)
阅读(640) | 评论(0) | 转发(0) |
给主人留下些什么吧!~~