=head1 NAME
+openssl-ts,
ts - Time Stamping Authority tool (client/server)
=head1 SYNOPSIS
B<openssl> B<ts>
B<-query>
-[B<-rand> file:file...]
+[B<-rand file...>]
+[B<-writerand file>]
[B<-config> configfile]
[B<-data> file_to_hash]
[B<-digest> digest_bytes]
-[B<-[digest]>]
+[B<-I<digest>>]
[B<-tspolicy> object_id]
[B<-no_nonce>]
[B<-cert>]
[B<-queryfile> request.tsq]
[B<-passin> password_src]
[B<-signer> tsa_cert.pem]
-[B<-inkey> private.pem]
-[B<-sha1|-sha224|-sha256|-sha384|-sha512>]
+[B<-inkey> file_or_id]
+[B<-I<digest>>]
[B<-chain> certs_file.pem]
[B<-tspolicy> object_id]
[B<-in> response.tsr]
=over 4
-=item B<-rand> file:file...
+=item B<-rand file...>
-The files containing random data for seeding the random number
-generator. Multiple files can be specified, the separator is B<;> for
-MS-Windows, B<,> for VMS and B<:> for all other platforms. (Optional)
+A file or files containing random data used to seed the random number
+generator.
+Multiple files can be specified separated by an OS-dependent character.
+The separator is B<;> for MS-Windows, B<,> for OpenVMS, and B<:> for
+all others.
+
+=item [B<-writerand file>]
+
+Writes random data to the specified I<file> upon exit.
+This can be used with a subsequent B<-rand> flag.
=item B<-config> configfile
1AF601...). The number of bytes must match the message digest algorithm
in use. (Optional)
-=item B<-[digest]>
+=item B<-I<digest>>
The message digest to apply to the data file.
Any digest supported by the OpenSSL B<dgst> command can be used.
the certificate is going to be refused. Overrides the B<signer_cert>
variable of the config file. (Optional)
-=item B<-inkey> private.pem
+=item B<-inkey> file_or_id
The signer private key of the TSA in PEM format. Overrides the
B<signer_key> config file option. (Optional)
+If no engine is used, the argument is taken as a file; if an engine is
+specified, the argument is given to the engine as a key identifier.
-=item B<-sha1|-sha224|-sha256|-sha384|-sha512>
+=item B<-I<digest>>
Signing digest to use. Overrides the B<signer_digest> config file
option. (Optional)
=item B<signer_digest>
Signing digest to use. The same as the
-B<-sha1|-sha224|-sha256|-sha384|-sha512> command line option. (Optional)
+B<-I<digest>> command line option. (Optional)
=item B<default_policy>