gmssl - GmSSL command line tool
gmssl command [ command_opts ] [ command_args ]
gmssl list [ standard-commands | digest-commands | cipher-commands | cipher-algorithms | digest-algorithms | public-key-algorithms]
gmssl no-XXX [ arbitrary options ]
GmSSL is a cryptography toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) network protocols and related cryptography standards required by them.
The gmssl program is a command line tool for using the various cryptography functions of GmSSL's crypto library from the shell. It can be used for
GmSSL是实现安全套接字层(SSL v2 / v3)和传输层安全(TLS v1)网络协议 及其所需的相关加密标准的加密工具包。
o Creation and management of private keys, public keys and parameters
o Public key cryptographic operations
o Creation of X.509 certificates, CSRs and CRLs
o Calculation of Message Digests
o Encryption and Decryption with Ciphers
o SSL/TLS Client and Server Tests
o Handling of S/MIME signed or encrypted mail
o Time Stamp requests, generation and verification
创建并管理公钥,私钥和参数。
公钥加密操作。
x509,CSR和CRL的创建
计算消息摘要。
密码加密解密
SSC/TLS客户端服务器的测试
处理S / MIME签名或加密的邮件
时间戳请求,生成和验证
The gmssl program provides a rich variety of commands (command in the SYNOPSIS above), each of which often has a wealth of options and arguments (command_opts and command_args in the SYNOPSIS).
The list parameters standard-commands, digest-commands, and cipher-commands output a list (one entry per line) of the names of all standard commands, message digest commands, or cipher commands, respectively, that are available in the present gmssl utility.
The list parameters cipher-algorithms and digest-algorithms list all cipher and message digest names, one entry per line. Aliases are listed as:
from => to
The list parameter public-key-algorithms lists all supported public key algorithms.
The command no-XXX tests whether a command of the specified name is available. If no command named XXX exists, it returns 0 (success) and prints no-XXX; otherwise it returns 1 and prints XXX. In both cases, the output goes to stdout and nothing is printed to stderr. Additional command line arguments are always ignored. Since for each cipher there is a command of the same name, this provides an easy way for shell scripts to test for the availability of ciphers in the gmssl program. (no-XXX is not able to detect pseudo-commands such as quit, list, or no-XXX itself.)
gmssl程序提供丰富多样的命令(上面的概要中的命令),每个命令通常具有 丰富的选项和参数(概要中的command_opts和command_args)。
列表参数standard-commands,digest-commands和cipher-commands分别输出 目前gmssl实用程序中可用的所有标准命令,消息摘要命令或密码命令的列表 (每行一个条目)。
列表参数密码算法和摘要算法列出所有密码和消息摘要名称,每行一个条目。
列表参数public-key-algorithms列出了所有支持的公钥算法。
命令no-XXX测试指定名称的命令是否可用。 如果没有命名为XXX的命令, 则返回0(成功),并打印no-XXX; 否则返回1并打印XXX。 在这两种情况下, 输出到stdout,没有什么打印到stderr。 其他命令行参数始终被忽略。 因为每个密码都有一个相同名称的命令,这为shell脚本提供了一个简 单的方法来测试gmssl程序中密码的可用性。 (否 - XXX无法检测到伪命令 ,如quit,list或no-XXX本身。)
Parse an ASN.1 sequence.
解析ASN1序列
Certificate Authority (CA) Management.
CA管理
Cipher Suite Description Determination.
密码套件描述确定。
CMS (Cryptographic Message Syntax) utility
CMS有效。
Certificate Revocation List (CRL) Management.
CRL管理
CRL to PKCS#7 Conversion.
CRL转变为PKCS#7
Message Digest Calculation.
消息摘要计算
Diffie-Hellman Parameter Management. Obsoleted by dhparam.
DH参数管理
Generation and Management of Diffie-Hellman Parameters. Superseded by genpkey and pkeyparam
Diffie-Hellman参数的生成与管理。 被genpkey和pkeyparam取代
DSA Data Management.
DSA数据管理
DSA Parameter Generation and Management. Superseded by genpkey and pkeyparam
DSA参数的生成与管理
EC/SM2 (Elliptic curve) key processing
EC/SM2密钥处理
EC/SM2 parameter manipulation and generation
EC / SM2参数的操作和生成
Encoding with Ciphers.
密码进行编码
Engine (loadable module) information and manipulation.
引擎信息和操作
Error Number to Error String Conversion.
错误字符串转换的错误编号
Generation of Diffie-Hellman Parameters. Obsoleted by dhparam.
生成Diffie-Hellman参数。 被dhparam淘汰。
Generation of DSA Private Key from Parameters. Superseded by genpkey and pkey
生成从参数的DSA私钥,被genpkey pkey淘汰
Generation of Private Key or Parameters.
私钥和参数的生成
Generation of RSA Private Key. Superseded by genpkey.
RSA私钥的生成
Create or examine a Netscape certificate sequence
创建或检查Netscape证书序列
Online Certificate Status Protocol utility.
在线证书状态协议实用程序。
Generation of hashed passwords.
哈希密码生成
PKCS#12 Data Management.
PKCS#12 数据管理
PKCS#7 Data Management.
PKCS#7 数据管理
Public and private key management.
公私钥管理
Public key algorithm parameter management.
公钥算法参数管理
Public key algorithm cryptographic operation utility.
公钥算法加密运算实用程序。
Generate pseudo-random bytes.
生成伪随机字节
PKCS#10 X.509 Certificate Signing Request (CSR) Management.
PKCS#10 X509 CSR管理
RSA key management.
RSA密钥管理
RSA utility for signing, verification, encryption, and decryption. Superseded by pkeyutl
用于签名,验证,加密和解密的RSA实用程序。 取而代之的是pkeyutl
This implements a generic SSL/TLS client which can establish a transparent connection to a remote server speaking SSL/TLS. It's intended for testing purposes only and provides only rudimentary interface functionality but internally uses mostly all functionality of the GmSSL ssl library.
这实现了通用的SSL / TLS客户端,可以建立与远程服务器的SSL / TLS的透明连接。 它仅用于测试目的,仅提供基本的接口功能,但内部主要使用GmSSL ssl库的所有功能。
This implements a generic SSL/TLS server which accepts connections from remote clients speaking SSL/TLS. It's intended for testing purposes only and provides only rudimentary interface functionality but internally uses mostly all functionality of the GmSSL ssl library. It provides both an own command line oriented protocol for testing SSL functions and a simple HTTP response facility to emulate an SSL/TLS-aware webserver.
这实现了一个通用的SSL / TLS服务器,它接受来自远程客户端的SSL / TLS连接。 它仅用于测试目的,仅提供基本的接口功能,但内部主要使用GmSSL ssl库的所有功能。 它提供了一个用于测试SSL功能的自己的面向命令行的协议和一个简单的HTTP响应工具来模拟一个支持SSL / TLS的Web服务器。
SSL Connection Timer.
SSL连接计时器
SSL Session Data Management.
SSL会议数据管理。
S/MIME mail processing.
S/MIME 邮件处理
Algorithm Speed Measurement.
算法速度测量
SPKAC printing and generating utility
SPKAC打印和生成实用程序。
Time Stamping Authority tool (client/server)
时间戳机构工具(客户端/服务器)
X.509 Certificate Verification.
X.509证书验证
GmSSL Version Information.
GmSSL 版本信息
X.509 Certificate Data Management.
X.509证书数据管理
SM3 Digest
SM3摘要
MD5 Digest
MD5摘要
MDC2 Digest
MDC2摘要
RMD-160 Digest
RMD-160摘要
SHA Digest
SHA摘要
SHA-1 Digest
SHA-1摘要
SHA-224 Digest
SHA-224摘要
SHA-256 Digest
SHA-256摘要
SHA-384 Digest
SHA-384摘要
SHA-512 Digest
SHA-512摘要
Base64 Encoding
Base64 编码
SMS4 Cipher
SMS4密码
CAST Cipher
CAST密码
CAST5 Cipher
CAST5密码
DES Cipher
DES密码
Triple-DES Cipher
三重DES密码
IDEA Cipher
IDEA密码
RC2 Cipher
RC2密码
RC4 Cipher
RC4密码
RC5 Cipher
RC5密码
Details of which options are available depend on the specific command. This section describes some common options with common behavior.
哪些选项可用的详细信息取决于具体的命令。 本节介绍一些常见的常见选项。
Provides a terse summary of all options.
输出所有选项的摘要
Several commands accept password arguments, typically using -passin and -passout for input and output passwords respectively. These allow the password to be obtained from a variety of sources. Both of these options take a single argument whose format is described below. If no password argument is given and a password is required then the user is prompted to enter one: this will typically be read from the current terminal with echoing turned off.
几个命令接受密码参数,通常分别使用-passin和-passout来输入和输出密码。 这些允许从各种来源获取密码。 这两个选项都有一个参数,其格式如下所述。 如果没有提供密码参数并且需要密码,则会提示用户输入密码:通常将从当前终端读取,并且回显关闭。
the actual password is password. Since the password is visible to utilities (like 'ps' under Unix) this form should only be used where security is not important.
实际的密码是password。 由于密码对于实用程序是可见的(例如Unix下的“ps”) ,因此只能在安全性不重要的地方使用此表单。
obtain the password from the environment variable var. Since the environment of other processes is visible on certain platforms (e.g. ps under certain Unix OSes) this option should be used with caution.
从环境变量var获取密码。 由于其他进程的环境在某些平台上可见(例如某些Unix操作系统下的ps),因此谨慎使用此选项。
the first line of pathname is the password. If the same pathname argument is supplied to -passin and -passout arguments then the first line will be used for the input password and the next line for the output password. pathname need not refer to a regular file: it could for example refer to a device or named pipe.
路径名的第一行是密码。 如果相同的pathname参数提供给-passin和-passout参数, 则第一行将用于输入密码,输出密码的下一行将被使用。 路径名不需要引用常规文件: 例如可以参考设备或命名管道。
read the password from the file descriptor number. This can be used to send the data via a pipe for example.
从文件描述符编号读取密码。比方说这可以用于通过管道发送数据。
read the password from standard input.
从标准输入读取密码。
asn1parse(1), ca(1), config(5), crl(1), crl2pkcs7(1), dgst(1), dhparam(1), dsa(1), dsaparam(1), enc(1), engine(1), gendsa(1), genpkey(1), genrsa(1), nseq(1), gmssl(1), passwd(1), pkcs12(1), pkcs7(1), pkcs8(1), rand(1), req(1), rsa(1), rsautl(1), s_client(1), s_server(1), s_time(1), smime(1), spkac(1), verify(1), version(1), x509(1), crypto(7), ssl(7), x509v3_config(5)
The list-XXX-algorithms pseudo-commands were added in GmSSL 1.0.0; For notes on the availability of other commands, see their individual manual pages.
Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the GmSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.