diff options
Diffstat (limited to 'doc/apps/openssl.pod')
-rw-r--r-- | doc/apps/openssl.pod | 43 |
1 files changed, 43 insertions, 0 deletions
diff --git a/doc/apps/openssl.pod b/doc/apps/openssl.pod index c6f6771f03..1c529e689c 100644 --- a/doc/apps/openssl.pod +++ b/doc/apps/openssl.pod @@ -233,6 +233,49 @@ RC5 Cipher =back +=head1 PASS PHRASE ARGUMENTS + +Several commands accept password arguments, typically using B<-passin> +and B<-passout> for input and output passwords respectively. These allow +the password to be obtained from a variety of sources. Both of these +options take a single argument whose format is described below. If no +password argument is given and a password is required then the user is +prompted to enter one: this will typically be read from the current +terminal with echoing turned off. + +=over 10 + +=item B<pass:password> + +the actual password is B<password>. Since the password is visible +to utilities (like 'ps' under Unix) this form should only be used +where security is not important. + +=item B<env:var> + +obtain the password from the environment variable B<var>. Since +the environment of other processes is visible on certain platforms +(e.g. ps under certain Unix OSes) this option should be used with caution. + +=item B<file:pathname> + +the first line of B<pathname> is the password. If the same B<pathname> +argument is supplied to B<-passin> and B<-passout> arguments then the first +line will be used for the input password and the next line for the output +password. B<pathname> need not refer to a regular file: it could for example +refer to a device or named pipe. + +=item B<fd:number> + +read the password from the file descriptor B<number>. This can be used to +send the data via a pipe for example. + +=item B<stdin> + +read the password from standard input. + +=back + =head1 SEE ALSO L<asn1parse(1)|asn1parse(1)>, L<ca(1)|ca(1)>, L<config(5)|config(5)>, |