Go to main content

man pages section 1: User Commands

Exit Print View

Updated: Thursday, June 13, 2019
 
 

pkcs7 (1openssl)

Name

pkcs7 - PKCS#7 utility

Synopsis

openssl pkcs7 [-inform PEM|DER] [-outform PEM|DER] [-in filename] [-out
filename] [-print_certs] [-text] [-noout] [-engine id]

Description

PKCS7(1openssl)                     OpenSSL                    PKCS7(1openssl)



NAME
       openssl-pkcs7, pkcs7 - PKCS#7 utility

SYNOPSIS
       openssl pkcs7 [-inform PEM|DER] [-outform PEM|DER] [-in filename] [-out
       filename] [-print_certs] [-text] [-noout] [-engine id]

DESCRIPTION
       The pkcs7 command processes PKCS#7 files in DER or PEM format.

COMMAND OPTIONS
       -inform DER|PEM
           This specifies the input format. DER format is DER encoded PKCS#7
           v1.5 structure.PEM (the default) is a base64 encoded version of the
           DER form with header and footer lines.

       -outform DER|PEM
           This specifies the output format, the options have the same meaning
           as the -inform option.

       -in filename
           This specifies the input filename to read from or standard input if
           this option is not specified.

       -out filename
           specifies the output filename to write to or standard output by
           default.

       -print_certs
           prints out any certificates or CRLs contained in the file. They are
           preceded by their subject and issuer names in one line format.

       -text
           prints out certificates details in full rather than just subject
           and issuer names.

       -noout
           don't output the encoded version of the PKCS#7 structure (or
           certificates is -print_certs is set).

       -engine id
           specifying an engine (by its unique id string) will cause pkcs7 to
           attempt to obtain a functional reference to the specified engine,
           thus initialising it if needed. The engine will then be set as the
           default for all available algorithms.

EXAMPLES
       Convert a PKCS#7 file from PEM to DER:

        openssl pkcs7 -in file.pem -outform DER -out file.der

       Output all certificates in a file:

        openssl pkcs7 -in file.pem -print_certs -out certs.pem


ATTRIBUTES
       See attributes(7) for descriptions of the following attributes:


       +---------------+--------------------------+
       |ATTRIBUTE TYPE |     ATTRIBUTE VALUE      |
       +---------------+--------------------------+
       |Availability   | library/security/openssl |
       +---------------+--------------------------+
       |Stability      | Pass-through uncommitted |
       +---------------+--------------------------+
NOTES
       The PEM PKCS#7 format uses the header and footer lines:

        -----BEGIN PKCS7-----
        -----END PKCS7-----

       For compatibility with some CAs it will also accept:

        -----BEGIN CERTIFICATE-----
        -----END CERTIFICATE-----

RESTRICTIONS
       There is no option to print out all the fields of a PKCS#7 file.

       This PKCS#7 routines only understand PKCS#7 v 1.5 as specified in
       RFC2315 they cannot currently parse, for example, the new CMS as
       described in RFC2630.

SEE ALSO
       crl2pkcs7(1)


       This software was built from source available at
       https://github.com/oracle/solaris-userland.  The original community
       source was downloaded from
       https://www.openssl.org/source/openssl-1.0.2r.tar.gz

       Further information about this software can be found on the open source
       community website at https://www.openssl.org/.



1.0.2r                            2019-02-26                   PKCS7(1openssl)