51 By default the signing operation (see B<-sign> option) is assumed.
64 if this option is not specified.
71 the user can specify a digest algorithm by using the B<-digest> option.
75 This option can only be used with B<-sign> and B<-verify>.
76 For EdDSA (the Ed25519 and Ed448 algorithms) this option
79 The B<-digest> option implies B<-rawin> since OpenSSL 3.5.
83 This option can only be used with B<-sign> and B<-verify>.
85 before signing or verifying it with the input key. This option could be omitted
87 a pluggable hash function before signing (for instance, EdDSA). If this option
88 is omitted but the signature algorithm requires one and the B<-rawin> option
90 If this option is present, then the B<-rawin> option
94 so the B<-digest> option cannot be used with EdDSA.
135 With this option a public key is read instead.
153 Otherwise, the input data given with the B<-in> option is assumed to already
156 Even for other algorithms like ECDSA, where the additional B<-pkeyopt> option
162 Verify the input data against the signature given with the B<-sigfile> option
164 The input data given with the B<-in> option is assumed to be a hash value
165 unless the B<-rawin> option is specified or implied.
176 Note that here the input given with the B<-in> option is not a signature input
178 typically produced using the B<-sign> option.
180 This option is available only for use with RSA keys.
199 The I<-secret> option must also be provided to specify the output file for the
210 This option is used for I<-encap>/I<-decap> commands and specifies the KEM
213 If the algorithm has the default KEM operation, this option can be omitted.
238 Allows reading a public key option I<opt> from stdin or a password source.
250 When combined with the B<-verifyrecover> option, this may be useful only in case
258 When used with the B<-engine> option, it specifies to also use
275 Unless otherwise mentioned, all algorithms support the B<digest:>I<alg> option,
331 For B<pss> mode only this option specifies the salt length. Three special
396 the B<-pkeyopt> B<digest> option.
407 without hashing them first. The option B<-rawin> must be used with these
433 Otherwise the verification will fail. The ID string provided with this option
507 the B<-digest> option implies B<-rawin>, and these two options are
510 The B<-engine> option was deprecated in OpenSSL 3.0.

Last Index update Fri Nov 22 14:03:13 UTC 2024

Dedicated to & Maintained by Room-11