Standardize on =over 4 and check for it.

=item B<-c>

print out the digest in two digit groups separated by colons, only relevant if

Print out the digest in two digit groups separated by colons, only relevant if

B<hex> format output is used.

=item B<-d>

print out BIO debugging information.

Print out BIO debugging information.

=item B<-hex>

digest is to be output as a hex dump. This is the default case for a "normal"

Digest is to be output as a hex dump. This is the default case for a "normal"

digest as opposed to a digital signature.  See NOTES below for digital

signatures using B<-hex>.

=item B<-binary>

output the digest or signature in binary form.

Output the digest or signature in binary form.

=item B<-r>

output the digest in the "coreutils" format used by programs like B<sha1sum>.

Output the digest in the "coreutils" format used by programs like B<sha1sum>.

=item B<-out filename>

filename to output to, or standard output by default.

Filename to output to, or standard output by default.

=item B<-sign filename>

digitally sign the digest using the private key in "filename".

Digitally sign the digest using the private key in "filename".

=item B<-keyform arg>

Pass options to the signature algorithm during sign or verify operations.

Names and values of these options are algorithm-specific.

=item B<-passin arg>

the private key password source. For more information about the format of B<arg>

The private key password source. For more information about the format of B<arg>

see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)>.

=item B<-verify filename>

verify the signature using the public key in "filename".

Verify the signature using the public key in "filename".

The output is either "Verification OK" or "Verification Failure".

=item B<-prverify filename>

verify the signature using the private key in "filename".

Verify the signature using the private key in "filename".

=item B<-signature filename>

the actual signature to verify.

The actual signature to verify.

=item B<-hmac key>

create a hashed MAC using "key".

Create a hashed MAC using "key".

=item B<-mac alg>

create MAC (keyed Message Authentication Code). The most popular MAC

Create MAC (keyed Message Authentication Code). The most popular MAC

algorithm is HMAC (hash-based MAC), but there are other MAC algorithms

which are not based on hash, for instance B<gost-mac> algorithm,

supported by B<ccgost> engine. MAC keys and other options should be set

Passes options to MAC algorithm, specified by B<-mac> key.

Following options are supported by both by B<HMAC> and B<gost-mac>:

=over 8

=over 4

=item B<key:string>

=item B<-rand file(s)>

a file or files containing random data used to seed the random number

A file or files containing random data used to seed the random number

generator, or an EGD socket (see L<RAND_egd(3)>).

Multiple files can be specified separated by an OS-dependent character.

The separator is B<;> for MS-Windows, B<,> for OpenVMS, and B<:> for

=item B<-fips-fingerprint>

compute HMAC using a specific key

for certain OpenSSL-FIPS operations.

Compute HMAC using a specific key for certain OpenSSL-FIPS operations.

=item B<-engine id>

=item B<file...>

file or files to digest. If no files are specified then standard input is

File or files to digest. If no files are specified then standard input is

used.

=back

=head1 COPYRIGHT

Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.

Licensed under the OpenSSL license (the "License").  You may not use

this file except in compliance with the License.  You can obtain a copy

=head2 Standard Commands

=over 10

=over 4

=item L<B<asn1parse>|asn1parse(1)>

=item L<B<cms>|cms(1)>

CMS (Cryptographic Message Syntax) utility

CMS (Cryptographic Message Syntax) utility.

=item L<B<crl>|crl(1)>

=item L<B<dhparam>|dhparam(1)>

Generation and Management of Diffie-Hellman Parameters. Superseded by

L<B<genpkey>|genpkey(1)> and L<B<pkeyparam>|pkeyparam(1)>

L<B<genpkey>|genpkey(1)> and L<B<pkeyparam>|pkeyparam(1)>.

=item L<B<dsa>|dsa(1)>

=item L<B<dsaparam>|dsaparam(1)>

DSA Parameter Generation and Management. Superseded by

L<B<genpkey>|genpkey(1)> and L<B<pkeyparam>|pkeyparam(1)>

L<B<genpkey>|genpkey(1)> and L<B<pkeyparam>|pkeyparam(1)>.

=item L<B<ec>|ec(1)>

EC (Elliptic curve) key processing

EC (Elliptic curve) key processing.

=item L<B<ecparam>|ecparam(1)>

EC parameter manipulation and generation

EC parameter manipulation and generation.

=item L<B<enc>|enc(1)>

=item L<B<gendsa>|gendsa(1)>

Generation of DSA Private Key from Parameters. Superseded by

L<B<genpkey>|genpkey(1)> and L<B<pkey>|pkey(1)>

L<B<genpkey>|genpkey(1)> and L<B<pkey>|pkey(1)>.

=item L<B<genpkey>|genpkey(1)>

=item L<B<nseq>|nseq(1)>

Create or examine a Netscape certificate sequence

Create or examine a Netscape certificate sequence.

=item L<B<ocsp>|ocsp(1)>

=item L<B<rsautl>|rsautl(1)>

RSA utility for signing, verification, encryption, and decryption. Superseded

by  L<B<pkeyutl>|pkeyutl(1)>

by  L<B<pkeyutl>|pkeyutl(1)>.

=item L<B<s_client>|s_client(1)>

=item L<B<spkac>|spkac(1)>

SPKAC printing and generating utility

SPKAC printing and generating utility.

=item L<B<ts>|ts(1)>

Time Stamping Authority tool (client/server)

Time Stamping Authority tool (client/server).

=item L<B<verify>|verify(1)>

=head2 Message Digest Commands

=over 10

=over 4

=item B<md2>

=head2 Encoding and Cipher Commands

=over 10

=over 4

=item B<base64>

=head2 Common Options

=over 10

=over 4

=item B<-help>

prompted to enter one: this will typically be read from the current

terminal with echoing turned off.

=over 10

=over 4

=item B<pass:password>

the actual password is B<password>. Since the password is visible

The actual password is B<password>. Since the password is visible

to utilities (like 'ps' under Unix) this form should only be used

where security is not important.

=item B<env:var>

obtain the password from the environment variable B<var>. Since

Obtain the password from the environment variable B<var>. Since

the environment of other processes is visible on certain platforms

(e.g. ps under certain Unix OSes) this option should be used with caution.

=item B<file:pathname>

the first line of B<pathname> is the password. If the same B<pathname>

The first line of B<pathname> is the password. If the same B<pathname>

argument is supplied to B<-passin> and B<-passout> arguments then the first

line will be used for the input password and the next line for the output

password. B<pathname> need not refer to a regular file: it could for example

=item B<fd:number>

read the password from the file descriptor B<number>. This can be used to

Read the password from the file descriptor B<number>. This can be used to

send the data via a pipe for example.

=item B<stdin>

read the password from standard input.

Read the password from standard input.

=back

=head1 COPYRIGHT

Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.

Licensed under the OpenSSL license (the "License").  You may not use

this file except in compliance with the License.  You can obtain a copy

=head1 ENVIRONMENT

=over

=over 4

=item B<OPENSSL>

the configuration information. The general format of the string

is:

=over 2

=over 4

=item B<[modifier,]type[:value]>

The supported types are listed below. Unless otherwise specified

only the B<ASCII> format is permissible.

=over 2

=over 4

=item B<BOOLEAN>, B<BOOL>

the string format of the final type and value. The supported

formats are documented below.

=over 2

=over 4

=item B<EXPLICIT>, B<EXP>

is the type of the old format callback function. The meaning of each argument

is described below:

=over

=over 4

=item B<b>