NAME

gmssl - GmSSL command line tool

SYNOPSIS

gmssl command [ command_opts ] [ command_args ]

gmssl list [ standard-commands | digest-commands | cipher-commands | cipher-algorithms | digest-algorithms | public-key-algorithms]

gmssl no-XXX [ arbitrary options ]

DESCRIPTION

GmSSL is a cryptography toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) network protocols and related cryptography standards required by them.

The gmssl program is a command line tool for using the various cryptography functions of GmSSL's crypto library from the shell. It can be used for

GmSSL是实现安全套接字层(SSL v2 / v3)和传输层安全(TLS v1)网络协议 及其所需的相关加密标准的加密工具包。

o  Creation and management of private keys, public keys and parameters
o  Public key cryptographic operations
o  Creation of X.509 certificates, CSRs and CRLs
o  Calculation of Message Digests
o  Encryption and Decryption with Ciphers
o  SSL/TLS Client and Server Tests
o  Handling of S/MIME signed or encrypted mail
o  Time Stamp requests, generation and verification

创建并管理公钥,私钥和参数。

公钥加密操作。

x509,CSR和CRL的创建

计算消息摘要。

密码加密解密

SSC/TLS客户端服务器的测试

处理S / MIME签名或加密的邮件

时间戳请求,生成和验证

COMMAND SUMMARY

The gmssl program provides a rich variety of commands (command in the SYNOPSIS above), each of which often has a wealth of options and arguments (command_opts and command_args in the SYNOPSIS).

The list parameters standard-commands, digest-commands, and cipher-commands output a list (one entry per line) of the names of all standard commands, message digest commands, or cipher commands, respectively, that are available in the present gmssl utility.

The list parameters cipher-algorithms and digest-algorithms list all cipher and message digest names, one entry per line. Aliases are listed as:

from => to

The list parameter public-key-algorithms lists all supported public key algorithms.

The command no-XXX tests whether a command of the specified name is available. If no command named XXX exists, it returns 0 (success) and prints no-XXX; otherwise it returns 1 and prints XXX. In both cases, the output goes to stdout and nothing is printed to stderr. Additional command line arguments are always ignored. Since for each cipher there is a command of the same name, this provides an easy way for shell scripts to test for the availability of ciphers in the gmssl program. (no-XXX is not able to detect pseudo-commands such as quit, list, or no-XXX itself.)

gmssl程序提供丰富多样的命令(上面的概要中的命令),每个命令通常具有 丰富的选项和参数(概要中的command_opts和command_args)。

列表参数standard-commands,digest-commands和cipher-commands分别输出 目前gmssl实用程序中可用的所有标准命令,消息摘要命令或密码命令的列表 (每行一个条目)。

列表参数密码算法和摘要算法列出所有密码和消息摘要名称,每行一个条目。

列表参数public-key-algorithms列出了所有支持的公钥算法。

命令no-XXX测试指定名称的命令是否可用。 如果没有命名为XXX的命令, 则返回0(成功),并打印no-XXX; 否则返回1并打印XXX。 在这两种情况下, 输出到stdout,没有什么打印到stderr。 其他命令行参数始终被忽略。 因为每个密码都有一个相同名称的命令,这为shell脚本提供了一个简 单的方法来测试gmssl程序中密码的可用性。 (否 - XXX无法检测到伪命令 ,如quit,list或no-XXX本身。)

Standard Commands

asn1parse

Parse an ASN.1 sequence.

解析ASN1序列

ca

Certificate Authority (CA) Management.

CA管理

ciphers

Cipher Suite Description Determination.

密码套件描述确定。

cms

CMS (Cryptographic Message Syntax) utility

CMS有效。

crl

Certificate Revocation List (CRL) Management.

CRL管理

crl2pkcs7

CRL to PKCS#7 Conversion.

CRL转变为PKCS#7

dgst

Message Digest Calculation.

消息摘要计算

dh

Diffie-Hellman Parameter Management. Obsoleted by dhparam.

DH参数管理

dhparam

Generation and Management of Diffie-Hellman Parameters. Superseded by genpkey and pkeyparam

Diffie-Hellman参数的生成与管理。 被genpkey和pkeyparam取代

dsa

DSA Data Management.

DSA数据管理

dsaparam

DSA Parameter Generation and Management. Superseded by genpkey and pkeyparam

DSA参数的生成与管理

ec

EC/SM2 (Elliptic curve) key processing

EC/SM2密钥处理

ecparam

EC/SM2 parameter manipulation and generation

EC / SM2参数的操作和生成

enc

Encoding with Ciphers.

密码进行编码

engine

Engine (loadable module) information and manipulation.

引擎信息和操作

errstr

Error Number to Error String Conversion.

错误字符串转换的错误编号

gendh

Generation of Diffie-Hellman Parameters. Obsoleted by dhparam.

生成Diffie-Hellman参数。 被dhparam淘汰。

gendsa

Generation of DSA Private Key from Parameters. Superseded by genpkey and pkey

生成从参数的DSA私钥,被genpkey pkey淘汰

genpkey

Generation of Private Key or Parameters.

私钥和参数的生成

genrsa

Generation of RSA Private Key. Superseded by genpkey.

RSA私钥的生成

nseq

Create or examine a Netscape certificate sequence

创建或检查Netscape证书序列

ocsp

Online Certificate Status Protocol utility.

在线证书状态协议实用程序。

passwd

Generation of hashed passwords.

哈希密码生成

pkcs12

PKCS#12 Data Management.

PKCS#12 数据管理

pkcs7

PKCS#7 Data Management.

PKCS#7 数据管理

pkey

Public and private key management.

公私钥管理

pkeyparam

Public key algorithm parameter management.

公钥算法参数管理

pkeyutl

Public key algorithm cryptographic operation utility.

公钥算法加密运算实用程序。

rand

Generate pseudo-random bytes.

生成伪随机字节

req

PKCS#10 X.509 Certificate Signing Request (CSR) Management.

PKCS#10 X509 CSR管理

rsa

RSA key management.

RSA密钥管理

rsautl

RSA utility for signing, verification, encryption, and decryption. Superseded by pkeyutl

用于签名,验证,加密和解密的RSA实用程序。 取而代之的是pkeyutl

s_client

This implements a generic SSL/TLS client which can establish a transparent connection to a remote server speaking SSL/TLS. It's intended for testing purposes only and provides only rudimentary interface functionality but internally uses mostly all functionality of the GmSSL ssl library.

这实现了通用的SSL / TLS客户端,可以建立与远程服务器的SSL / TLS的透明连接。 它仅用于测试目的,仅提供基本的接口功能,但内部主要使用GmSSL ssl库的所有功能。

s_server

This implements a generic SSL/TLS server which accepts connections from remote clients speaking SSL/TLS. It's intended for testing purposes only and provides only rudimentary interface functionality but internally uses mostly all functionality of the GmSSL ssl library. It provides both an own command line oriented protocol for testing SSL functions and a simple HTTP response facility to emulate an SSL/TLS-aware webserver.

这实现了一个通用的SSL / TLS服务器,它接受来自远程客户端的SSL / TLS连接。 它仅用于测试目的,仅提供基本的接口功能,但内部主要使用GmSSL ssl库的所有功能。 它提供了一个用于测试SSL功能的自己的面向命令行的协议和一个简单的HTTP响应工具来模拟一个支持SSL / TLS的Web服务器。

s_time

SSL Connection Timer.

SSL连接计时器

sess_id

SSL Session Data Management.

SSL会议数据管理。

smime

S/MIME mail processing.

S/MIME 邮件处理

speed

Algorithm Speed Measurement.

算法速度测量

spkac

SPKAC printing and generating utility

SPKAC打印和生成实用程序。

ts

Time Stamping Authority tool (client/server)

时间戳机构工具(客户端/服务器)

verify

X.509 Certificate Verification.

X.509证书验证

version

GmSSL Version Information.

GmSSL 版本信息

x509

X.509 Certificate Data Management.

X.509证书数据管理

Message Digest Commands

sm3

SM3 Digest

SM3摘要

md5

MD5 Digest

MD5摘要

mdc2

MDC2 Digest

MDC2摘要

rmd160

RMD-160 Digest

RMD-160摘要

sha

SHA Digest

SHA摘要

sha1

SHA-1 Digest

SHA-1摘要

sha224

SHA-224 Digest

SHA-224摘要

sha256

SHA-256 Digest

SHA-256摘要

sha384

SHA-384 Digest

SHA-384摘要

sha512

SHA-512 Digest

SHA-512摘要

Encoding and Cipher Commands

base64

Base64 Encoding

Base64 编码

sms4 sms4-cbc sms4-cfb sms4-ecb sms4-ofb

SMS4 Cipher

SMS4密码

cast cast-cbc

CAST Cipher

CAST密码

cast5-cbc cast5-cfb cast5-ecb cast5-ofb

CAST5 Cipher

CAST5密码

des des-cbc des-cfb des-ecb des-ede des-ede-cbc des-ede-cfb des-ede-ofb des-ofb

DES Cipher

DES密码

des3 desx des-ede3 des-ede3-cbc des-ede3-cfb des-ede3-ofb

Triple-DES Cipher

三重DES密码

idea idea-cbc idea-cfb idea-ecb idea-ofb

IDEA Cipher

IDEA密码

rc2 rc2-cbc rc2-cfb rc2-ecb rc2-ofb

RC2 Cipher

RC2密码

rc4

RC4 Cipher

RC4密码

rc5 rc5-cbc rc5-cfb rc5-ecb rc5-ofb

RC5 Cipher

RC5密码

OPTIONS

Details of which options are available depend on the specific command. This section describes some common options with common behavior.

哪些选项可用的详细信息取决于具体的命令。 本节介绍一些常见的常见选项。

Common Options

-help

Provides a terse summary of all options.

输出所有选项的摘要

Pass Phrase Options

Several commands accept password arguments, typically using -passin and -passout for input and output passwords respectively. These allow the password to be obtained from a variety of sources. Both of these options take a single argument whose format is described below. If no password argument is given and a password is required then the user is prompted to enter one: this will typically be read from the current terminal with echoing turned off.

几个命令接受密码参数,通常分别使用-passin和-passout来输入和输出密码。 这些允许从各种来源获取密码。 这两个选项都有一个参数,其格式如下所述。 如果没有提供密码参数并且需要密码,则会提示用户输入密码:通常将从当前终端读取,并且回显关闭。

pass:password

the actual password is password. Since the password is visible to utilities (like 'ps' under Unix) this form should only be used where security is not important.

实际的密码是password。 由于密码对于实用程序是可见的(例如Unix下的“ps”) ,因此只能在安全性不重要的地方使用此表单。

env:var

obtain the password from the environment variable var. Since the environment of other processes is visible on certain platforms (e.g. ps under certain Unix OSes) this option should be used with caution.

从环境变量var获取密码。 由于其他进程的环境在某些平台上可见(例如某些Unix操作系统下的ps),因此谨慎使用此选项。

file:pathname

the first line of pathname is the password. If the same pathname argument is supplied to -passin and -passout arguments then the first line will be used for the input password and the next line for the output password. pathname need not refer to a regular file: it could for example refer to a device or named pipe.

路径名的第一行是密码。 如果相同的pathname参数提供给-passin和-passout参数, 则第一行将用于输入密码,输出密码的下一行将被使用。 路径名不需要引用常规文件: 例如可以参考设备或命名管道。

fd:number

read the password from the file descriptor number. This can be used to send the data via a pipe for example.

从文件描述符编号读取密码。比方说这可以用于通过管道发送数据。

stdin

read the password from standard input.

从标准输入读取密码。

SEE ALSO

asn1parse(1), ca(1), config(5), crl(1), crl2pkcs7(1), dgst(1), dhparam(1), dsa(1), dsaparam(1), enc(1), engine(1), gendsa(1), genpkey(1), genrsa(1), nseq(1), gmssl(1), passwd(1), pkcs12(1), pkcs7(1), pkcs8(1), rand(1), req(1), rsa(1), rsautl(1), s_client(1), s_server(1), s_time(1), smime(1), spkac(1), verify(1), version(1), x509(1), crypto(7), ssl(7), x509v3_config(5)

HISTORY

The list-XXX-algorithms pseudo-commands were added in GmSSL 1.0.0; For notes on the availability of other commands, see their individual manual pages.

COPYRIGHT

Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

Licensed under the GmSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.