SYNOPSIS above), each of which often has a wealth of options and arguments
(I<command_opts> and I<command_args> in the SYNOPSIS).
+Many commands use an external configuration file for some or all of their
+arguments and have a B<-config> option to specify that file.
+The environment variable B<OPENSSL_CONF> can be used to specify
+the location of the file.
+If the environment variable is not specified, then the file is named
+B<openssl.cnf> in the default certificate storage area, whose value
+depends on the configuration flags specified when the OpenSSL
+was built.
+
The list parameters B<standard-commands>, B<digest-commands>,
and B<cipher-commands> output a list (one entry per line) of the names
of all standard commands, message digest commands, or cipher commands,
=head2 Standard Commands
-=over 10
+=over 4
=item L<B<asn1parse>|asn1parse(1)>
=item L<B<cms>|cms(1)>
-CMS (Cryptographic Message Syntax) utility
+CMS (Cryptographic Message Syntax) utility.
=item L<B<crl>|crl(1)>
=item L<B<dhparam>|dhparam(1)>
Generation and Management of Diffie-Hellman Parameters. Superseded by
-L<B<genpkey>|genpkey(1)> and L<B<pkeyparam>|pkeyparam(1)>
-
+L<B<genpkey>|genpkey(1)> and L<B<pkeyparam>|pkeyparam(1)>.
=item L<B<dsa>|dsa(1)>
=item L<B<dsaparam>|dsaparam(1)>
DSA Parameter Generation and Management. Superseded by
-L<B<genpkey>|genpkey(1)> and L<B<pkeyparam>|pkeyparam(1)>
+L<B<genpkey>|genpkey(1)> and L<B<pkeyparam>|pkeyparam(1)>.
=item L<B<ec>|ec(1)>
-EC (Elliptic curve) key processing
+EC (Elliptic curve) key processing.
=item L<B<ecparam>|ecparam(1)>
-EC parameter manipulation and generation
+EC parameter manipulation and generation.
=item L<B<enc>|enc(1)>
=item L<B<gendsa>|gendsa(1)>
Generation of DSA Private Key from Parameters. Superseded by
-L<B<genpkey>|genpkey(1)> and L<B<pkey>|pkey(1)>
+L<B<genpkey>|genpkey(1)> and L<B<pkey>|pkey(1)>.
=item L<B<genpkey>|genpkey(1)>
=item L<B<nseq>|nseq(1)>
-Create or examine a Netscape certificate sequence
+Create or examine a Netscape certificate sequence.
=item L<B<ocsp>|ocsp(1)>
PKCS#7 Data Management.
+=item L<B<pkcs8>|pkcs8(1)>
+
+PKCS#8 format private key conversion tool.
+
=item L<B<pkey>|pkey(1)>
Public and private key management.
Public key algorithm cryptographic operation utility.
+=item L<B<prime>|prime(1)>
+
+Compute prime numbers.
+
=item L<B<rand>|rand(1)>
Generate pseudo-random bytes.
+=item L<B<rehash>|rehash(1)>
+
+Create symbolic links to certficate and CRL files named by the hash values.
+
=item L<B<req>|req(1)>
PKCS#10 X.509 Certificate Signing Request (CSR) Management.
=item L<B<rsautl>|rsautl(1)>
RSA utility for signing, verification, encryption, and decryption. Superseded
-by L<B<pkeyutl>|pkeyutl(1)>
+by L<B<pkeyutl>|pkeyutl(1)>.
=item L<B<s_client>|s_client(1)>
=item L<B<spkac>|spkac(1)>
-SPKAC printing and generating utility
+SPKAC printing and generating utility.
+
+=item L<B<srp>|srp(1)>
+
+Maintain SRP password file.
+
+=item L<B<storeutl>|storeutl(1)>
+
+Utility to list and display certificates, keys, CRLs, etc.
=item L<B<ts>|ts(1)>
-Time Stamping Authority tool (client/server)
+Time Stamping Authority tool (client/server).
=item L<B<verify>|verify(1)>
=head2 Message Digest Commands
-=over 10
+=over 4
=item B<md2>
=head2 Encoding and Cipher Commands
-=over 10
+=over 4
=item B<base64>
=back
-=head1 COMMAND OPTIONS
+=head1 OPTIONS
Details of which options are available depend on the specific command.
This section describes some common options with common behavior.
=head2 Common Options
-=over 10
+=over 4
=item B<-help>
prompted to enter one: this will typically be read from the current
terminal with echoing turned off.
-=over 10
+=over 4
=item B<pass:password>
-the actual password is B<password>. Since the password is visible
+The actual password is B<password>. Since the password is visible
to utilities (like 'ps' under Unix) this form should only be used
where security is not important.
=item B<env:var>
-obtain the password from the environment variable B<var>. Since
+Obtain the password from the environment variable B<var>. Since
the environment of other processes is visible on certain platforms
(e.g. ps under certain Unix OSes) this option should be used with caution.
=item B<file:pathname>
-the first line of B<pathname> is the password. If the same B<pathname>
+The first line of B<pathname> is the password. If the same B<pathname>
argument is supplied to B<-passin> and B<-passout> arguments then the first
line will be used for the input password and the next line for the output
password. B<pathname> need not refer to a regular file: it could for example
=item B<fd:number>
-read the password from the file descriptor B<number>. This can be used to
+Read the password from the file descriptor B<number>. This can be used to
send the data via a pipe for example.
=item B<stdin>
-read the password from standard input.
+Read the password from standard input.
=back
=head1 SEE ALSO
-L<asn1parse(1)>, L<ca(1)>, L<config(5)>,
+L<asn1parse(1)>, L<ca(1)>, L<ciphers(1)>, L<cms(1)>, L<config(5)>,
L<crl(1)>, L<crl2pkcs7(1)>, L<dgst(1)>,
L<dhparam(1)>, L<dsa(1)>, L<dsaparam(1)>,
-L<enc(1)>, L<engine(1)>, L<gendsa(1)>, L<genpkey(1)>,
-L<genrsa(1)>, L<nseq(1)>, L<openssl(1)>,
+L<ec(1)>, L<ecparam(1)>,
+L<enc(1)>, L<engine(1)>, L<errstr(1)>, L<gendsa(1)>, L<genpkey(1)>,
+L<genrsa(1)>, L<nseq(1)>, L<ocsp(1)>,
L<passwd(1)>,
L<pkcs12(1)>, L<pkcs7(1)>, L<pkcs8(1)>,
-L<rand(1)>, L<req(1)>, L<rsa(1)>,
+L<pkey(1)>, L<pkeyparam(1)>, L<pkeyutl(1)>, L<prime(1)>,
+L<rand(1)>, L<rehash(1)>, L<req(1)>, L<rsa(1)>,
L<rsautl(1)>, L<s_client(1)>,
-L<s_server(1)>, L<s_time(1)>,
-L<smime(1)>, L<spkac(1)>,
+L<s_server(1)>, L<s_time(1)>, L<sess_id(1)>,
+L<smime(1)>, L<speed(1)>, L<spkac(1)>, L<srp(1)>, L<storeutl(1)>,
+L<ts(1)>,
L<verify(1)>, L<version(1)>, L<x509(1)>,
-L<crypto(3)>, L<ssl(3)>, L<x509v3_config(5)>
+L<crypto(7)>, L<ssl(7)>, L<x509v3_config(5)>
=head1 HISTORY
=head1 COPYRIGHT
-Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the OpenSSL license (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy