[thirdparty/openssl.git] / doc / apps / dsa.pod

=pod

=head1 NAME

dsa - DSA key processing

=head1 SYNOPSIS

B<openssl> B<dsa>
[B<-inform PEM|DER>]
[B<-outform PEM|DER>]
[B<-in filename>]
[B<-passin arg>]
[B<-out filename>]
[B<-passout arg>]
[B<-des>]
[B<-des3>]
[B<-idea>]
[B<-text>]
[B<-noout>]
[B<-modulus>]
[B<-pubin>]
[B<-pubout>]
[B<-engine id>]

=head1 DESCRIPTION

The B<dsa> command processes DSA keys. They can be converted between various
forms and their components printed out. B<Note> This command uses the
traditional SSLeay compatible format for private key encryption: newer
applications should use the more secure PKCS#8 format using the B<pkcs8>

=head1 COMMAND OPTIONS

=over 4

=item B<-inform DER|PEM>

This specifies the input format. The B<DER> option with a private key uses
an ASN1 DER encoded form of an ASN.1 SEQUENCE consisting of the values of
version (currently zero), p, q, g, the public and private key components
respectively as ASN.1 INTEGERs. When used with a public key it uses a
SubjectPublicKeyInfo structure: it is an error if the key is not DSA.

The B<PEM> form is the default format: it consists of the B<DER> format base64
encoded with additional header and footer lines. In the case of a private key
PKCS#8 format is also accepted.

=item B<-outform DER|PEM>

This specifies the output format, the options have the same meaning as the 
B<-inform> option.

=item B<-in filename>

This specifies the input filename to read a key from or standard input if this
option is not specified. If the key is encrypted a pass phrase will be
prompted for.

=item B<-passin arg>

the input file password source. For more information about the format of B<arg>
see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)|openssl(1)>.

=item B<-out filename>

This specifies the output filename to write a key to or standard output by
is not specified. If any encryption options are set then a pass phrase will be
prompted for. The output filename should B<not> be the same as the input
filename.

=item B<-passout arg>

the output file password source. For more information about the format of B<arg>
see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)|openssl(1)>.

=item B<-des|-des3|-idea>

These options encrypt the private key with the DES, triple DES, or the 
IDEA ciphers respectively before outputting it. A pass phrase is prompted for.
If none of these options is specified the key is written in plain text. This
means that using the B<dsa> utility to read in an encrypted key with no
encryption option can be used to remove the pass phrase from a key, or by
setting the encryption options it can be use to add or change the pass phrase.
These options can only be used with PEM format output files.

=item B<-text>

prints out the public, private key components and parameters.

=item B<-noout>

this option prevents output of the encoded version of the key.

=item B<-modulus>

this option prints out the value of the public key component of the key.

=item B<-pubin>

by default a private key is read from the input file: with this option a
public key is read instead.

=item B<-pubout>

by default a private key is output. With this option a public
key will be output instead. This option is automatically set if the input is
a public key.

=item B<-engine id>

specifying an engine (by its unique B<id> string) will cause B<dsa>
to attempt to obtain a functional reference to the specified engine,
thus initialising it if needed. The engine will then be set as the default
for all available algorithms.

=back

=head1 NOTES

The PEM private key format uses the header and footer lines:

 -----BEGIN DSA PRIVATE KEY-----
 -----END DSA PRIVATE KEY-----

The PEM public key format uses the header and footer lines:

 -----BEGIN PUBLIC KEY-----
 -----END PUBLIC KEY-----

=head1 EXAMPLES

To remove the pass phrase on a DSA private key:

 openssl dsa -in key.pem -out keyout.pem

To encrypt a private key using triple DES:

 openssl dsa -in key.pem -des3 -out keyout.pem

To convert a private key from PEM to DER format: 

 openssl dsa -in key.pem -outform DER -out keyout.der

To print out the components of a private key to standard output:

 openssl dsa -in key.pem -text -noout

To just output the public part of a private key:

 openssl dsa -in key.pem -pubout -out pubkey.pem

=head1 SEE ALSO

L<dsaparam(1)|dsaparam(1)>, L<gendsa(1)|gendsa(1)>, L<rsa(1)|rsa(1)>,
L<genrsa(1)|genrsa(1)>

=cut
Commit	Line	Data
aba3e65f DSH	1	=pod
	2
	3	=head1 NAME
	4
	5	dsa - DSA key processing
	6
	7	=head1 SYNOPSIS
	8
	9	B<openssl> B<dsa>
	10	[B<-inform PEM\|DER>]
	11	[B<-outform PEM\|DER>]
	12	[B<-in filename>]
a3fe382e	13	[B<-passin arg>]
aba3e65f	14	[B<-out filename>]
a3fe382e	15	[B<-passout arg>]
aba3e65f DSH	16	[B<-des>]
	17	[B<-des3>]
	18	[B<-idea>]
	19	[B<-text>]
	20	[B<-noout>]
	21	[B<-modulus>]
	22	[B<-pubin>]
	23	[B<-pubout>]
bfa35550	24	[B<-engine id>]
aba3e65f DSH	25
	26	=head1 DESCRIPTION
	27
	28	The B<dsa> command processes DSA keys. They can be converted between various
	29	forms and their components printed out. B<Note> This command uses the
	30	traditional SSLeay compatible format for private key encryption: newer
	31	applications should use the more secure PKCS#8 format using the B<pkcs8>
	32
	33	=head1 COMMAND OPTIONS
	34
	35	=over 4
	36
	37	=item B<-inform DER\|PEM>
	38
	39	This specifies the input format. The B<DER> option with a private key uses
	40	an ASN1 DER encoded form of an ASN.1 SEQUENCE consisting of the values of
	41	version (currently zero), p, q, g, the public and private key components
13938ace DSH	42	respectively as ASN.1 INTEGERs. When used with a public key it uses a
13938ace DSH	43	SubjectPublicKeyInfo structure: it is an error if the key is not DSA.
aba3e65f DSH	44
aba3e65f DSH	45	The B<PEM> form is the default format: it consists of the B<DER> format base64
13938ace DSH	46	encoded with additional header and footer lines. In the case of a private key
13938ace DSH	47	PKCS#8 format is also accepted.
aba3e65f DSH	48
	49	=item B<-outform DER\|PEM>
	50
	51	This specifies the output format, the options have the same meaning as the
	52	B<-inform> option.
	53
	54	=item B<-in filename>
	55
	56	This specifies the input filename to read a key from or standard input if this
	57	option is not specified. If the key is encrypted a pass phrase will be
	58	prompted for.
	59
a3fe382e	60	=item B<-passin arg>
af29811e	61
a3fe382e DSH	62	the input file password source. For more information about the format of B<arg>
a3fe382e DSH	63	see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)\|openssl(1)>.
af29811e	64
aba3e65f DSH	65	=item B<-out filename>
	66
	67	This specifies the output filename to write a key to or standard output by
	68	is not specified. If any encryption options are set then a pass phrase will be
	69	prompted for. The output filename should B<not> be the same as the input
	70	filename.
	71
a3fe382e	72	=item B<-passout arg>
af29811e	73
a3fe382e DSH	74	the output file password source. For more information about the format of B<arg>
a3fe382e DSH	75	see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)\|openssl(1)>.
af29811e	76
aba3e65f DSH	77	=item B<-des\|-des3\|-idea>
	78
	79	These options encrypt the private key with the DES, triple DES, or the
	80	IDEA ciphers respectively before outputting it. A pass phrase is prompted for.
	81	If none of these options is specified the key is written in plain text. This
0cd4498b	82	means that using the B<dsa> utility to read in an encrypted key with no
aba3e65f DSH	83	encryption option can be used to remove the pass phrase from a key, or by
	84	setting the encryption options it can be use to add or change the pass phrase.
	85	These options can only be used with PEM format output files.
	86
	87	=item B<-text>
	88
	89	prints out the public, private key components and parameters.
	90
	91	=item B<-noout>
	92
	93	this option prevents output of the encoded version of the key.
	94
	95	=item B<-modulus>
	96
	97	this option prints out the value of the public key component of the key.
	98
	99	=item B<-pubin>
	100
0cd4498b DSH	101	by default a private key is read from the input file: with this option a
0cd4498b DSH	102	public key is read instead.
aba3e65f DSH	103
	104	=item B<-pubout>
	105
	106	by default a private key is output. With this option a public
	107	key will be output instead. This option is automatically set if the input is
	108	a public key.
	109
bfa35550 RL	110	=item B<-engine id>
bfa35550 RL	111
e5fa864f	112	specifying an engine (by its unique B<id> string) will cause B<dsa>
bfa35550 RL	113	to attempt to obtain a functional reference to the specified engine,
	114	thus initialising it if needed. The engine will then be set as the default
	115	for all available algorithms.
	116
aba3e65f DSH	117	=back
aba3e65f DSH	118
0286d944 DSH	119	=head1 NOTES
	120
	121	The PEM private key format uses the header and footer lines:
	122
	123	-----BEGIN DSA PRIVATE KEY-----
	124	-----END DSA PRIVATE KEY-----
	125
0cd4498b DSH	126	The PEM public key format uses the header and footer lines:
	127
	128	-----BEGIN PUBLIC KEY-----
	129	-----END PUBLIC KEY-----
	130
aba3e65f DSH	131	=head1 EXAMPLES
	132
	133	To remove the pass phrase on a DSA private key:
	134
1675f6eb	135	openssl dsa -in key.pem -out keyout.pem
aba3e65f DSH	136
	137	To encrypt a private key using triple DES:
	138
1675f6eb	139	openssl dsa -in key.pem -des3 -out keyout.pem
aba3e65f DSH	140
	141	To convert a private key from PEM to DER format:
	142
1675f6eb	143	openssl dsa -in key.pem -outform DER -out keyout.der
aba3e65f DSH	144
	145	To print out the components of a private key to standard output:
	146
1675f6eb	147	openssl dsa -in key.pem -text -noout
aba3e65f DSH	148
	149	To just output the public part of a private key:
	150
1675f6eb	151	openssl dsa -in key.pem -pubout -out pubkey.pem
aba3e65f DSH	152
	153	=head1 SEE ALSO
	154
bb075f88 RL	155	L<dsaparam(1)\|dsaparam(1)>, L<gendsa(1)\|gendsa(1)>, L<rsa(1)\|rsa(1)>,
bb075f88 RL	156	L<genrsa(1)\|genrsa(1)>
aba3e65f DSH	157
aba3e65f DSH	158	=cut