提交 af29811e 编写于 作者: D Dr. Stephen Henson

Add password command line options to some utils. Fix and update man

pages.
上级 53b1899e
......@@ -4,6 +4,12 @@
Changes between 0.9.4 and 0.9.5 [xx XXX 1999]
*) Add options to some of the utilities to allow the pass phrase
to be included on either the command line (not recommended on
OSes like Unix) or read from the environment. Update the
manpages and fix a few bugs.
[Steve Henson]
*) Add a few manpages for some of the openssl commands.
[Steve Henson]
......
......@@ -325,7 +325,7 @@ int app_init(long mesgwin)
}
#endif
int MS_CALLBACK key_callback(char *buf, int len, int verify, void *key)
int MS_CALLBACK key_cb(char *buf, int len, int verify, void *key)
{
int i;
......
......@@ -142,7 +142,7 @@ int args_from_file(char *file, int *argc, char **argv[]);
int str2fmt(char *s);
void program_name(char *in,char *out,int size);
int chopup_args(ARGS *arg,char *buf, int *argc, char **argv[]);
int MS_CALLBACK key_callback(char *buf,int len,int verify,void *u);
int MS_CALLBACK key_cb(char *buf,int len,int verify,void *u);
#define FORMAT_UNDEF 0
#define FORMAT_ASN1 1
#define FORMAT_TEXT 2
......
......@@ -534,7 +534,7 @@ bad:
pkey=PEM_read_bio_PrivateKey(in,NULL,NULL,NULL);
else
{
pkey=PEM_read_bio_PrivateKey(in,NULL,key_callback,key);
pkey=PEM_read_bio_PrivateKey(in,NULL,key_cb,key);
memset(key,0,strlen(key));
}
if (pkey == NULL)
......
......@@ -93,6 +93,7 @@ int MAIN(int argc, char **argv)
int informat,outformat,text=0,noout=0;
int pubin = 0, pubout = 0;
char *infile,*outfile,*prog;
char *passin = NULL, *passout = NULL;
int modulus=0;
apps_startup();
......@@ -131,6 +132,39 @@ int MAIN(int argc, char **argv)
if (--argc < 1) goto bad;
outfile= *(++argv);
}
else if (strcmp(*argv,"-passin") == 0)
{
if (--argc < 1) goto bad;
passin= *(++argv);
}
else if (strcmp(*argv,"-envpassin") == 0)
{
if (--argc < 1) goto bad;
if(!(passin= getenv(*(++argv))))
{
BIO_printf(bio_err,
"Can't read environment variable %s\n",
*argv);
badops = 1;
}
}
else if (strcmp(*argv,"-envpassout") == 0)
{
if (--argc < 1) goto bad;
if(!(passout= getenv(*(++argv))))
{
BIO_printf(bio_err,
"Can't read environment variable %s\n",
*argv);
badops = 1;
}
argv++;
}
else if (strcmp(*argv,"-passout") == 0)
{
if (--argc < 1) goto bad;
passout= *(++argv);
}
else if (strcmp(*argv,"-noout") == 0)
noout=1;
else if (strcmp(*argv,"-text") == 0)
......@@ -159,7 +193,11 @@ bad:
BIO_printf(bio_err," -inform arg input format - DER or PEM\n");
BIO_printf(bio_err," -outform arg output format - DER or PEM\n");
BIO_printf(bio_err," -in arg input file\n");
BIO_printf(bio_err," -passin arg input file pass phrase\n");
BIO_printf(bio_err," -envpassin arg environment variable containing input file pass phrase\n");
BIO_printf(bio_err," -out arg output file\n");
BIO_printf(bio_err," -passout arg input file pass phrase\n");
BIO_printf(bio_err," -envpassout arg environment variable containing input file pass phrase\n");
BIO_printf(bio_err," -des encrypt PEM output with cbc des\n");
BIO_printf(bio_err," -des3 encrypt PEM output with ede cbc des using 168 bit key\n");
#ifndef NO_IDEA
......@@ -198,7 +236,11 @@ bad:
else dsa=d2i_DSAPrivateKey_bio(in,NULL);
} else if (informat == FORMAT_PEM) {
if(pubin) dsa=PEM_read_bio_DSAPublicKey(in,NULL, NULL, NULL);
else {
if(passin) dsa=PEM_read_bio_DSAPrivateKey(in,NULL,
key_cb,passin);
else dsa=PEM_read_bio_DSAPrivateKey(in,NULL,NULL,NULL);
}
} else
{
BIO_printf(bio_err,"bad input format specified for key\n");
......@@ -245,7 +287,12 @@ bad:
} else if (outformat == FORMAT_PEM) {
if(pubin || pubout)
i=PEM_write_bio_DSAPublicKey(out,dsa);
else i=PEM_write_bio_DSAPrivateKey(out,dsa,enc,NULL,0,NULL,NULL);
else {
if(passout) i=PEM_write_bio_DSAPrivateKey(out,dsa,enc,
NULL,0,key_cb, passout);
i=PEM_write_bio_DSAPrivateKey(out,dsa,enc,NULL,0,
NULL,NULL);
}
} else {
BIO_printf(bio_err,"bad output format specified for outfile\n");
goto end;
......
......@@ -96,6 +96,7 @@ int MAIN(int argc, char **argv)
int informat,outformat,text=0,check=0,noout=0;
int pubin = 0, pubout = 0;
char *infile,*outfile,*prog;
char *passin = NULL, *passout = NULL;
int modulus=0;
apps_startup();
......@@ -134,6 +135,39 @@ int MAIN(int argc, char **argv)
if (--argc < 1) goto bad;
outfile= *(++argv);
}
else if (strcmp(*argv,"-passin") == 0)
{
if (--argc < 1) goto bad;
passin= *(++argv);
}
else if (strcmp(*argv,"-envpassin") == 0)
{
if (--argc < 1) goto bad;
if(!(passin= getenv(*(++argv))))
{
BIO_printf(bio_err,
"Can't read environment variable %s\n",
*argv);
badops = 1;
}
}
else if (strcmp(*argv,"-envpassout") == 0)
{
if (--argc < 1) goto bad;
if(!(passout= getenv(*(++argv))))
{
BIO_printf(bio_err,
"Can't read environment variable %s\n",
*argv);
badops = 1;
}
argv++;
}
else if (strcmp(*argv,"-passout") == 0)
{
if (--argc < 1) goto bad;
passout= *(++argv);
}
else if (strcmp(*argv,"-pubin") == 0)
pubin=1;
else if (strcmp(*argv,"-pubout") == 0)
......@@ -164,7 +198,12 @@ bad:
BIO_printf(bio_err," -inform arg input format - one of DER NET PEM\n");
BIO_printf(bio_err," -outform arg output format - one of DER NET PEM\n");
BIO_printf(bio_err," -in arg input file\n");
BIO_printf(bio_err," -passin arg input file pass phrase\n");
BIO_printf(bio_err," -envpassin arg environment variable containing input file pass phrase\n");
BIO_printf(bio_err," -in arg input file\n");
BIO_printf(bio_err," -out arg output file\n");
BIO_printf(bio_err," -passout arg input file pass phrase\n");
BIO_printf(bio_err," -envpassout arg environment variable containing input file pass phrase\n");
BIO_printf(bio_err," -des encrypt PEM output with cbc des\n");
BIO_printf(bio_err," -des3 encrypt PEM output with ede cbc des using 168 bit key\n");
#ifndef NO_IDEA
......@@ -234,8 +273,12 @@ bad:
#endif
else if (informat == FORMAT_PEM) {
if(pubin) rsa=PEM_read_bio_RSAPublicKey(in,NULL,NULL,NULL);
else {
if(passin) rsa=PEM_read_bio_RSAPrivateKey(in,NULL,
key_cb,passin);
else rsa=PEM_read_bio_RSAPrivateKey(in,NULL,NULL,NULL);
}
}
else
{
BIO_printf(bio_err,"bad input format specified for key\n");
......@@ -333,8 +376,12 @@ bad:
else if (outformat == FORMAT_PEM) {
if(pubout || pubin)
i=PEM_write_bio_RSAPublicKey(out,rsa);
else
i=PEM_write_bio_RSAPrivateKey(out,rsa,enc,NULL,0,NULL,NULL);
else {
if(passout) i=PEM_write_bio_RSAPrivateKey(out,rsa,
enc,NULL,0,key_cb,passout);
else i=PEM_write_bio_RSAPrivateKey(out,rsa,enc,NULL,
0,NULL,NULL);
}
} else {
BIO_printf(bio_err,"bad output format specified for outfile\n");
goto end;
......
......@@ -6,7 +6,7 @@ asn1parse - ASN.1 parsing tool
=head1 SYNOPSIS
=item B<openssl> B<asn1parse>
B<openssl> B<asn1parse>
[B<-inform PEM|DER>]
[B<-in filename>]
[B<-out filename>]
......
......@@ -10,7 +10,11 @@ B<openssl> B<dsa>
[B<-inform PEM|DER>]
[B<-outform PEM|DER>]
[B<-in filename>]
[B<-passin password>]
[B<-envpassin var>]
[B<-out filename>]
[B<-passout password>]
[B<-envpassout var>]
[B<-des>]
[B<-des3>]
[B<-idea>]
......@@ -53,6 +57,15 @@ This specifies the input filename to read a key from or standard input if this
option is not specified. If the key is encrypted a pass phrase will be
prompted for.
=item B<-passin password>
the input file password. Since certain utilities like "ps" make the command line
visible this option should be used with caution.
=item B<-envpassin var>
read the input file password from the environment variable B<var>.
=item B<-out filename>
This specifies the output filename to write a key to or standard output by
......@@ -60,6 +73,15 @@ is not specified. If any encryption options are set then a pass phrase will be
prompted for. The output filename should B<not> be the same as the input
filename.
=item B<-passout password>
the output file password. Since certain utilities like "ps" make the command line
visible this option should be used with caution.
=item B<-envpassout var>
read the output file password from the environment variable B<var>.
=item B<-des|-des3|-idea>
These options encrypt the private key with the DES, triple DES, or the
......
......@@ -299,6 +299,8 @@ Additional object identifiers can be defined with the B<oid_file> or
B<oid_section> options in the configuration file. Any additional fields
will be treated as though they were a DirectoryString.
=back
=head1 EXAMPLES
Examine and verify certificate request:
......
......@@ -11,7 +11,11 @@ B<openssl> B<rsa>
[B<-inform PEM|NET|DER>]
[B<-outform PEM|NET|DER>]
[B<-in filename>]
[B<-passin password>]
[B<-envpassin var>]
[B<-out filename>]
[B<-passout password>]
[B<-envpassout var>]
[B<-des>]
[B<-des3>]
[B<-idea>]
......@@ -54,6 +58,15 @@ This specifies the input filename to read a key from or standard input if this
option is not specified. If the key is encrypted a pass phrase will be
prompted for.
=item B<-passin password>
the input file password. Since certain utilities like "ps" make the command line
visible this option should be used with caution.
=item B<-envpassin var>
read the input file password from the environment variable B<var>.
=item B<-out filename>
This specifies the output filename to write a key to or standard output by
......@@ -61,6 +74,15 @@ is not specified. If any encryption options are set then a pass phrase will be
prompted for. The output filename should B<not> be the same as the input
filename.
=item B<-passout password>
the output file password. Since certain utilities like "ps" make the command line
visible this option should be used with caution.
=item B<-envpassout var>
read the output file password from the environment variable B<var>.
=item B<-des|-des3|-idea>
These options encrypt the private key with the DES, triple DES, or the
......
=pod
=head 1 NAME
=head1 NAME
version - print version information
=head1 SYNOPSIS
=item B<openssl version>
B<openssl version>
[B<-a>]
[B<-v>]
[B<-b>]
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册