Table of Contents for
Network Security with OpenSSL

Version ebook / Retour

Cover image for bash Cookbook, 2nd Edition Network Security with OpenSSL by Pravir Chandra Published by O'Reilly Media, Inc., 2002
  1. Cover
  2. Network Security with OpenSSL
  3. Network Security with OpenSSL
  4. Dedication
  5. A Note Regarding Supplemental Files
  6. Preface
  7. 1. Introduction
  8. 2. Command-Line Interface
  9. 3. Public Key Infrastructure (PKI)
  10. 4. Support Infrastructure
  11. 5. SSL/TLS Programming
  12. 6. Symmetric Cryptography
  13. 7. Hashes and MACs
  14. 8. Public Key Algorithms
  15. 9. OpenSSL in Other Languages
  16. 10. Advanced Programming Topics
  17. A. Command-Line Reference
  18. asn1parse
  19. ca
  20. ciphers
  21. crl
  22. crl2pkcs7
  23. dgst
  24. dhparam
  25. dsa
  26. dsaparam
  27. enc
  28. errstr
  29. gendsa
  30. genrsa
  31. nseq
  32. passwd
  33. pkcs7
  34. pkcs8
  35. pkcs12
  36. rand
  37. req
  38. rsa
  39. rsautl
  40. s_client
  41. s_server
  42. s_time
  43. sess_id
  44. smime
  45. speed
  46. spkac
  47. verify
  48. version
  49. x509
  50. Index
  51. About the Authors
  52. Colophon
  53. Copyright

Name

pkcs8

Synopsis

The pkcs8 command is used to create, examine, and manipulate PKCS#8-formatted files.

Options

-in filename

Specify the name of a file from which either a PKCS#8 structure or a private key will be read. If this option is omitted, stdin will be used.

-inform DER|PEM

Specify the format of the input data, either DER or PEM. If this option is omitted, PEM is the default format.

-out filename

Specify the name of a file to which the output from the command will be written. If this option is omitted, stdout will be used.

-outform DER|PEM

Specify the format of the output data, either DER or PEM. If this option is omitted, PEM is the default format.

-passin password

Specify the password to decrypt the input PKCS#8 structure or private key. This option follows the guidelines outlined in Chapter 2.

-passout password

Specify the password to encrypt the output PKCS#8 structure or private key. This option follows the guidelines outlined in Chapter 2.

-topk8

If this option is specified, a private key, either DSA or RSA, will be the expected input data, and the output will be a PKCS#8 structure. Otherwise, a PKCS#8 structure will be the expected input, and a private key will be the output.

-nocrypt

Cause the PKCS#8 structure that is output from this command to be unencrypted. If the input is a PKCS#8 key, it will be expected to be unencrypted.

-nooct

Cause the RSA private key output from this command to be written in a broken format that is required by some software. This option is ignored if the private key is not RSA or the input data is a PKCS#8 structure.

-embed

Cause the DSA private key output from this command to be written in a broken format that is required by some software. This option is ignored if the private key is not DSA or the input data is a PKCS#8 structure. With this option, the DSA parameters used to generate the private key are embedded in the output’s PrivateKey structure.

-nsdb

Cause the DSA private key output from this command to be written in a broken format that is required by Netscape private key databases. This option is ignored if the private key is not DSA or the input data is a PKCS#8 structure.

-v1 algorithm

Specify the PKCS#5 v1.5 or PKCS#12 algorithm to use for encryption in the PKCS#8 structure that is output. Valid algorithms are PBE-MD2-DES, PBE-MD5-DES, PBE-SHA1-RC2-64, PBE-MD2-RC2-64, PBE-MD5-RC2-64, PBE-SHA1-DES, PBE-SHA1-RC4-128, PBE-SHA1-RC4-40, PBE-SHA1-3DES, PBE-SHA1-2DES, PBE-SHA1-RC2-128, and PBE-SHA1-RC2-40.

-v2 algorithm

Specify the PKCS#5 v2.0 algorithm to use for encryption in the PKCS#8 structure that is output. Valid algorithms are des, des3, and rc2. The recommended algorithm is 3DES.