1=pod 2{- OpenSSL::safe::output_do_not_edit_headers(); -} 3 4=head1 NAME 5 6openssl-list - list algorithms and features 7 8=head1 SYNOPSIS 9 10B<openssl list> 11[B<-help>] 12[B<-verbose>] 13[B<-select> I<name>] 14[B<-1>] 15[B<-all-algorithms>] 16[B<-commands>] 17[B<-standard-commands>] 18[B<-digest-algorithms>] 19{- output_off() if $disabled{"deprecated-3.0"}; "" 20-}[B<-digest-commands>] 21{- output_on() if $disabled{"deprecated-3.0"}; "" 22-}[B<-kdf-algorithms>] 23[B<-mac-algorithms>] 24[B<-random-instances>] 25[B<-random-generators>] 26[B<-cipher-algorithms>] 27{- output_off() if $disabled{"deprecated-3.0"}; "" 28-}[B<-cipher-commands>] 29{- output_on() if $disabled{"deprecated-3.0"}; "" 30-}[B<-encoders>] 31[B<-decoders>] 32[B<-key-managers>] 33[B<-key-exchange-algorithms>] 34[B<-kem-algorithms>] 35[B<-signature-algorithms>] 36[B<-tls-signature-algorithms>] 37[B<-asymcipher-algorithms>] 38[B<-public-key-algorithms>] 39[B<-public-key-methods>] 40[B<-store-loaders>] 41[B<-providers>] 42{- output_off() if $disabled{"deprecated-3.0"}; "" 43-}[B<-engines>] 44{- output_on() if $disabled{"deprecated-3.0"}; "" 45-}[B<-disabled>] 46[B<-objects>] 47[B<-options> I<command>] 48{- $OpenSSL::safe::opt_provider_synopsis -} 49 50=head1 DESCRIPTION 51 52This command is used to generate list of algorithms or disabled 53features. 54 55=head1 OPTIONS 56 57=over 4 58 59=item B<-help> 60 61Display a usage message. 62 63=item B<-verbose> 64 65Displays extra information. 66The options below where verbosity applies say a bit more about what that means. 67 68=item B<-select> I<name> 69 70Only list algorithms that match this name. 71 72=item B<-1> 73 74List the commands, digest-commands, or cipher-commands in a single column. 75If used, this option must be given first. 76 77=item B<-all-algorithms> 78 79Display lists of all algorithms. These include: 80 81=over 4 82 83=item Asymmetric ciphers 84 85=item Decoders 86 87=item Digests 88 89=item Encoders 90 91=item Key derivation algorithms (KDF) 92 93=item Key encapsulation methods (KEM) 94 95=item Key exchange algorithms (KEX) 96 97=item Key managers 98 99=item Message authentication code algorithms (MAC) 100 101=item Random number generators (RNG, DRBG) 102 103=item Signature algorithms 104 105=item Store loaders 106 107=item Symmetric ciphers 108 109=back 110 111=item B<-commands> 112 113Display a list of standard commands. 114 115=item B<-standard-commands> 116 117List of standard commands. 118 119=item B<-digest-commands> 120 121This option is deprecated. Use B<digest-algorithms> instead. 122 123Display a list of message digest commands, which are typically used 124as input to the L<openssl-dgst(1)> or L<openssl-speed(1)> commands. 125 126=item B<-cipher-commands> 127 128This option is deprecated. Use B<cipher-algorithms> instead. 129 130Display a list of cipher commands, which are typically used as input 131to the L<openssl-enc(1)> or L<openssl-speed(1)> commands. 132 133=item B<-cipher-algorithms>, B<-digest-algorithms>, B<-kdf-algorithms>, 134B<-mac-algorithms>, 135 136Display a list of symmetric cipher, digest, kdf and mac algorithms. 137See L</Display of algorithm names> for a description of how names are 138displayed. 139 140In verbose mode, the algorithms provided by a provider will get additional 141information on what parameters each implementation supports. 142 143=item B<-random-instances> 144 145List the primary, public and private random number generator details. 146 147=item B<-random-generators> 148 149Display a list of random number generators. 150See L</Display of algorithm names> for a description of how names are 151displayed. 152 153=item B<-encoders> 154 155Display a list of encoders. 156See L</Display of algorithm names> for a description of how names are 157displayed. 158 159In verbose mode, the algorithms provided by a provider will get additional 160information on what parameters each implementation supports. 161 162=item B<-decoders> 163 164Display a list of decoders. 165See L</Display of algorithm names> for a description of how names are 166displayed. 167 168In verbose mode, the algorithms provided by a provider will get additional 169information on what parameters each implementation supports. 170 171=item B<-public-key-algorithms> 172 173Display a list of public key algorithms, with each algorithm as 174a block of multiple lines, all but the first are indented. 175The options B<key-exchange-algorithms>, B<kem-algorithms>, 176B<signature-algorithms>, and B<asymcipher-algorithms> will display similar info. 177 178=item B<-public-key-methods> 179 180Display a list of public key methods. 181 182=item B<-key-managers> 183 184Display a list of key managers. 185 186=item B<-key-exchange-algorithms> 187 188Display a list of key exchange algorithms. 189 190=item B<-kem-algorithms> 191 192Display a list of key encapsulation algorithms. 193 194=item B<-signature-algorithms> 195 196Display a list of signature algorithms. 197 198=item B<-tls-signature-algorithms> 199 200Display the list of signature algorithms available for TLS handshakes 201made available by all currently active providers. 202The output format is colon delimited in a form directly usable in 203L<SSL_CONF_cmd(3)> specifying SignatureAlgorithms. 204 205=item B<-asymcipher-algorithms> 206 207Display a list of asymmetric cipher algorithms. 208 209=item B<-store-loaders> 210 211Display a list of store loaders. 212 213=item B<-providers> 214 215Display a list of all loaded providers with their names, version and status. 216 217In verbose mode, the full version and all provider parameters will additionally 218be displayed. 219 220 221=item B<-engines> 222 223This option is deprecated. 224 225Display a list of loaded engines. 226 227=item B<-disabled> 228 229Display a list of disabled features, those that were compiled out 230of the installation. 231 232=item B<-objects> 233 234Display a list of built in objects, i.e. OIDs with names. They're listed in the 235format described in L<config(5)/ASN1 Object Configuration Module>. 236 237=item B<-options> I<command> 238 239Output a two-column list of the options accepted by the specified I<command>. 240The first is the option name, and the second is a one-character indication 241of what type of parameter it takes, if any. 242This is an internal option, used for checking that the documentation 243is complete. 244 245{- $OpenSSL::safe::opt_provider_item -} 246 247=back 248 249=head2 Display of algorithm names 250 251Algorithm names may be displayed in one of two manners: 252 253=over 4 254 255=item Legacy implementations 256 257Legacy implementations will simply display the main name of the 258algorithm on a line of its own, or in the form C<<foo > bar>> to show 259that C<foo> is an alias for the main name, C<bar> 260 261=item Provided implementations 262 263Implementations from a provider are displayed like this if the 264implementation is labeled with a single name: 265 266 foo @ bar 267 268or like this if it's labeled with multiple names: 269 270 { foo1, foo2 } @bar 271 272In both cases, C<bar> is the name of the provider. 273 274=back 275 276=head1 HISTORY 277 278The B<-engines>, B<-digest-commands>, and B<-cipher-commands> options 279were deprecated in OpenSSL 3.0. 280 281=head1 COPYRIGHT 282 283Copyright 2016-2024 The OpenSSL Project Authors. All Rights Reserved. 284 285Licensed under the Apache License 2.0 (the "License"). You may not use 286this file except in compliance with the License. You can obtain a copy 287in the file LICENSE in the source distribution or at 288L<https://www.openssl.org/source/license.html>. 289 290=cut 291