[B<-verify_name> I<name>]
[B<-x509_strict>]
[B<-md> I<digest>]
-[B<->I<cipher>]
+[B<-I<cipher>>]
[B<-nointern>]
[B<-noverify>]
[B<-nocerts>]
Digest algorithm to use when signing or resigning. If not present then the
default digest algorithm for the signing key will be used (usually SHA1).
-=item B<->I<cipher>
+=item B<-I<cipher>>
The encryption algorithm to use. For example triple DES (168 bits) - B<-des3>
or 256 bit AES - B<-aes256>. Any standard algorithm name (as used by the
=head1 SYNOPSIS
B<openssl dgst>
-[B<->I<digest>]
+[B<-I<digest>>]
[B<-help>]
[B<-c>]
[B<-d>]
Print out a usage message.
-=item B<->I<digest>
+=item B<-I<digest>>
Specifies name of a supported digest to be used. To see the list of
supported digests, use the command C<list --digest-commands>.
=head1 SYNOPSIS
B<openssl>
-[B<->I<cipher>]
+[B<-I<cipher>>]
[B<-help>]
[B<-ciphers>]
[B<-in> I<filename>]
[B<-out> I<filename>]
[B<-outform> B<DER>|B<PEM>]
[B<-pass> I<arg>]
-[B<->I<cipher>]
+[B<-I<cipher>>]
[B<-engine> I<id>]
[B<-paramfile> I<file>]
[B<-algorithm> I<alg>]
The output file password source. For more information about the format of B<arg>
see L<openssl(1)/Pass phrase options>.
-=item B<->I<cipher>
+=item B<-I<cipher>>
This option encrypts the private key with the supplied cipher. Any algorithm
name accepted by EVP_get_cipherbyname() is acceptable such as B<des3>.
[B<-resp_key_id>]
[B<-nrequest> I<n>]
[B<-rcid> I<digest>]
-[B<->I<digest>]
+[B<-I<digest>>]
=for comment ifdef multi
in the OCSP response. Any digest supported by the OpenSSL B<dgst> command can
be used. The default is the same digest algorithm used in the request.
-=item B<->I<digest>
+=item B<-I<digest>>
This option sets digest algorithm to use for certificate identification in the
OCSP request. Any digest supported by the OpenSSL B<dgst> command can be used.
[B<-writerand> I<file>]
[B<-nocrypt>]
[B<-traditional>]
-[B<-v2 alg>]
-[B<-v2prf alg>]
-[B<-v1 alg>]
+[B<-v2> I<alg>]
+[B<-v2prf> I<alg>]
+[B<-v1> I<alg>]
[B<-engine> I<id>]
[B<-scrypt>]
[B<-scrypt_N> I<N>]
Writes random data to the specified I<file> upon exit.
This can be used with a subsequent B<-rand> flag.
-=item B<-v2 alg>
+=item B<-v2> I<alg>
This option sets the PKCS#5 v2.0 algorithm.
B<aes128>, B<aes256> and B<des3>. If this option isn't specified then B<aes256>
is used.
-=item B<-v2prf alg>
+=item B<-v2prf> I<alg>
This option sets the PRF algorithm to use with PKCS#5 v2.0. A typical value
value would be B<hmacWithSHA256>. If this option isn't set then the default
Some implementations may not support custom PRF algorithms and may require
the B<hmacWithSHA1> option to work.
-=item B<-v1 alg>
+=item B<-v1> I<alg>
This option indicates a PKCS#5 v1.5 or PKCS#12 algorithm should be used. Some
older implementations may not support PKCS#5 v2.0 and may require this option.
[B<-out> I<filename>]
[B<-passout> I<arg>]
[B<-traditional>]
-[B<->I<cipher>]
+[B<-I<cipher>>]
[B<-text>]
[B<-text_pub>]
[B<-noout>]
with the appropriate encryption algorithm (if any). If the B<-traditional>
option is specified then the older "traditional" format is used instead.
-=item B<->I<cipher>
+=item B<-I<cipher>>
These options encrypt the private key with the supplied cipher. Any algorithm
name accepted by EVP_get_cipherbyname() is acceptable such as B<des3>.
[B<-keyform> B<DER>|B<PEM>]
[B<-keyout> I<filename>]
[B<-keygen_engine> I<id>]
-[B<-> I<digest>]
+[B<-I<digest>>]
[B<-config> I<filename>]
[B<-multivalue-rdn>]
[B<-x509>]
If this option is specified then if a private key is created it
will not be encrypted.
-=item B<->I<digest>
+=item B<-I<digest>>
This specifies the message digest to sign the request.
Any digest supported by the OpenSSL B<dgst> command can be used.
Writes random data to the specified I<file> upon exit.
This can be used with a subsequent B<-rand> flag.
-=item B<-pkcs, -oaep, -ssl, -raw>
+=item B<-pkcs>, B<-oaep>, B<-ssl>, B<-raw>
The padding to use: PKCS#1 v1.5 (the default), PKCS#1 OAEP,
special padding used in SSL v2 backwards compatible handshakes,
[B<-WWW>]
[B<-servername>]
[B<-servername_fatal>]
-[B<-cert2 infile>]
-[B<-key2 infile>]
+[B<-cert2> I<infile>]
+[B<-key2> I<infile>]
[B<-tlsextdebug>]
[B<-HTTP>]
[B<-id_prefix> I<val>]
[B<-pk7out>]
[B<-binary>]
[B<-crlfeol>]
-[B<->I<cipher>]
+[B<-I<cipher>>]
[B<-in> I<file>]
[B<-CAfile> I<file>]
[B<-CApath> I<dir>]
Digest algorithm to use when signing or resigning. If not present then the
default digest algorithm for the signing key will be used (usually SHA1).
-=item B<->I<cipher>
+=item B<-I<cipher>>
The encryption algorithm to use. For example DES (56 bits) - B<-des>,
triple DES (168 bits) - B<-des3>,
One or more certificates of message recipients: used when encrypting
a message.
-=item B<-to, -from, -subject>
+=item B<-to>, B<-from>, B<-subject>
The relevant mail headers. These are included outside the signed
portion of a message so they may be included manually. If signing
[B<-serial> I<arg>]
[B<-alias> I<arg>]
[B<-fingerprint> I<arg>]
-[B<->I<digest>]
+[B<-I<digest>>]
B<uri> ...
=head1 DESCRIPTION
Search for an object having the given fingerprint.
-=item B<->I<digest>
+=item B<-I<digest>>
The digest that was used to compute the fingerprint given with B<-fingerprint>.
[B<-config> I<configfile>]
[B<-data> I<file_to_hash>]
[B<-digest> I<digest_bytes>]
-[B<->I<digest>]
+[B<-I<digest>>]
[B<-tspolicy> I<object_id>]
[B<-no_nonce>]
[B<-cert>]
[B<-passin> I<password_src>]
[B<-signer> I<tsa_cert.pem>]
[B<-inkey> I<file_or_id>]
-[B<->I<digest>]
+[B<-I<digest>>]
[B<-chain> I<certs_file.pem>]
[B<-tspolicy> I<object_id>]
[B<-in> I<response.tsr>]
1AF601...). The number of bytes must match the message digest algorithm
in use. (Optional)
-=item B<->I<digest>
+=item B<-I<digest>>
The message digest to apply to the data file.
Any digest supported by the OpenSSL B<dgst> command can be used.
If no engine is used, the argument is taken as a file; if an engine is
specified, the argument is given to the engine as a key identifier.
-=item B<->I<digest>
+=item B<-I<digest>>
Signing digest to use. Overrides the B<signer_digest> config file
option. (Mandatory unless specified in the config file)
=item B<signer_digest>
Signing digest to use. The same as the
-B<->I<digest> command line option. (Mandatory unless specified on the command
+B<-I<digest>> command line option. (Mandatory unless specified on the command
line)
=item B<default_policy>
[B<-verify_name> I<name>]
[B<-x509_strict>]
[B<-show_chain>]
-[B<-sm2-id string>]
-[B<-sm2-hex-id hex-string>]
-[B<->]
+[B<-sm2-id> I<string>]
+[B<-sm2-hex-id> I<hex-string>]
+[B<-->]
[certificates]
=for comment ifdef engine sm2-id sm2-hex-id
Specify a binary ID string to use when signing or verifying using an SM2
certificate. The argument for this option is string of hexadecimal digits.
-=item B<->
+=item B<-->
Indicates the last option. All arguments following this are assumed to be
certificate files. This is useful if the first certificate filename begins
[B<-ext> I<extensions>]
[B<-certopt> I<option>]
[B<-C>]
-[B<->I<digest>]
+[B<-I<digest>>]
[B<-clrext>]
[B<-extfile> I<filename>]
[B<-extensions> I<section>]
This specifies the output filename to write to or standard output by
default.
-=item B<->I<digest>
+=item B<-I<digest>>
The digest to use.
This affects any signing or display option that uses a message