[thirdparty/openssl.git] / doc / apps / dsa.pod

=pod

=head1 NAME

dsa - DSA key processing

=head1 SYNOPSIS

B<openssl> B<dsa>
[B<-help>]
[B<-inform PEM|DER>]
[B<-outform PEM|DER>]
[B<-in filename>]
[B<-passin arg>]
[B<-out filename>]
[B<-passout arg>]
[B<-aes128>]
[B<-aes192>]
[B<-aes256>]
[B<-camellia128>]
[B<-camellia192>]
[B<-camellia256>]
[B<-des>]
[B<-des3>]
[B<-idea>]
[B<-text>]
[B<-noout>]
[B<-modulus>]
[B<-pubin>]
[B<-pubout>]
[B<-engine id>]

=head1 DESCRIPTION

The B<dsa> command processes DSA keys. They can be converted between various
forms and their components printed out. B<Note> This command uses the
traditional SSLeay compatible format for private key encryption: newer
applications should use the more secure PKCS#8 format using the B<pkcs8>

=head1 COMMAND OPTIONS

=over 4

=item B<-help>

Print out a usage message.

=item B<-inform DER|PEM>

This specifies the input format. The B<DER> option with a private key uses
an ASN1 DER encoded form of an ASN.1 SEQUENCE consisting of the values of
version (currently zero), p, q, g, the public and private key components
respectively as ASN.1 INTEGERs. When used with a public key it uses a
SubjectPublicKeyInfo structure: it is an error if the key is not DSA.

The B<PEM> form is the default format: it consists of the B<DER> format base64
encoded with additional header and footer lines. In the case of a private key
PKCS#8 format is also accepted.

=item B<-outform DER|PEM>

This specifies the output format, the options have the same meaning as the 
B<-inform> option.

=item B<-in filename>

This specifies the input filename to read a key from or standard input if this
option is not specified. If the key is encrypted a pass phrase will be
prompted for.

=item B<-passin arg>

the input file password source. For more information about the format of B<arg>
see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)>.

=item B<-out filename>

This specifies the output filename to write a key to or standard output by
is not specified. If any encryption options are set then a pass phrase will be
prompted for. The output filename should B<not> be the same as the input
filename.

=item B<-passout arg>

the output file password source. For more information about the format of B<arg>
see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)>.

=item B<-aes128|-aes192|-aes256|-camellia128|-camellia192|-camellia256|-des|-des3|-idea>

These options encrypt the private key with the specified
cipher before outputting it. A pass phrase is prompted for.
If none of these options is specified the key is written in plain text. This
means that using the B<dsa> utility to read in an encrypted key with no
encryption option can be used to remove the pass phrase from a key, or by
setting the encryption options it can be use to add or change the pass phrase.
These options can only be used with PEM format output files.

=item B<-text>

prints out the public, private key components and parameters.

=item B<-noout>

this option prevents output of the encoded version of the key.

=item B<-modulus>

this option prints out the value of the public key component of the key.

=item B<-pubin>

by default a private key is read from the input file: with this option a
public key is read instead.

=item B<-pubout>

by default a private key is output. With this option a public
key will be output instead. This option is automatically set if the input is
a public key.

=item B<-engine id>

specifying an engine (by its unique B<id> string) will cause B<dsa>
to attempt to obtain a functional reference to the specified engine,
thus initialising it if needed. The engine will then be set as the default
for all available algorithms.

=back

=head1 NOTES

The PEM private key format uses the header and footer lines:

 -----BEGIN DSA PRIVATE KEY-----
 -----END DSA PRIVATE KEY-----

The PEM public key format uses the header and footer lines:

 -----BEGIN PUBLIC KEY-----
 -----END PUBLIC KEY-----

=head1 EXAMPLES

To remove the pass phrase on a DSA private key:

 openssl dsa -in key.pem -out keyout.pem

To encrypt a private key using triple DES:

 openssl dsa -in key.pem -des3 -out keyout.pem

To convert a private key from PEM to DER format: 

 openssl dsa -in key.pem -outform DER -out keyout.der

To print out the components of a private key to standard output:

 openssl dsa -in key.pem -text -noout

To just output the public part of a private key:

 openssl dsa -in key.pem -pubout -out pubkey.pem

=head1 SEE ALSO

L<dsaparam(1)>, L<gendsa(1)>, L<rsa(1)>,
L<genrsa(1)>

=cut
Commit	Line	Data
aba3e65f DSH	1	=pod
	2
	3	=head1 NAME
	4
	5	dsa - DSA key processing
	6
	7	=head1 SYNOPSIS
	8
	9	B<openssl> B<dsa>
169394d4	10	[B<-help>]
aba3e65f DSH	11	[B<-inform PEM\|DER>]
	12	[B<-outform PEM\|DER>]
	13	[B<-in filename>]
a3fe382e	14	[B<-passin arg>]
aba3e65f	15	[B<-out filename>]
a3fe382e	16	[B<-passout arg>]
fc1d88f0 RS	17	[B<-aes128>]
	18	[B<-aes192>]
	19	[B<-aes256>]
	20	[B<-camellia128>]
	21	[B<-camellia192>]
	22	[B<-camellia256>]
aba3e65f DSH	23	[B<-des>]
	24	[B<-des3>]
	25	[B<-idea>]
	26	[B<-text>]
	27	[B<-noout>]
	28	[B<-modulus>]
	29	[B<-pubin>]
	30	[B<-pubout>]
bfa35550	31	[B<-engine id>]
aba3e65f DSH	32
	33	=head1 DESCRIPTION
	34
	35	The B<dsa> command processes DSA keys. They can be converted between various
	36	forms and their components printed out. B<Note> This command uses the
	37	traditional SSLeay compatible format for private key encryption: newer
	38	applications should use the more secure PKCS#8 format using the B<pkcs8>
	39
	40	=head1 COMMAND OPTIONS
	41
	42	=over 4
	43
169394d4 MR	44	=item B<-help>
	45
	46	Print out a usage message.
	47
aba3e65f DSH	48	=item B<-inform DER\|PEM>
	49
	50	This specifies the input format. The B<DER> option with a private key uses
	51	an ASN1 DER encoded form of an ASN.1 SEQUENCE consisting of the values of
	52	version (currently zero), p, q, g, the public and private key components
13938ace DSH	53	respectively as ASN.1 INTEGERs. When used with a public key it uses a
13938ace DSH	54	SubjectPublicKeyInfo structure: it is an error if the key is not DSA.
aba3e65f DSH	55
aba3e65f DSH	56	The B<PEM> form is the default format: it consists of the B<DER> format base64
13938ace DSH	57	encoded with additional header and footer lines. In the case of a private key
13938ace DSH	58	PKCS#8 format is also accepted.
aba3e65f DSH	59
	60	=item B<-outform DER\|PEM>
	61
	62	This specifies the output format, the options have the same meaning as the
	63	B<-inform> option.
	64
	65	=item B<-in filename>
	66
	67	This specifies the input filename to read a key from or standard input if this
	68	option is not specified. If the key is encrypted a pass phrase will be
	69	prompted for.
	70
a3fe382e	71	=item B<-passin arg>
af29811e	72
a3fe382e	73	the input file password source. For more information about the format of B<arg>
9b86974e	74	see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)>.
af29811e	75
aba3e65f DSH	76	=item B<-out filename>
	77
	78	This specifies the output filename to write a key to or standard output by
	79	is not specified. If any encryption options are set then a pass phrase will be
	80	prompted for. The output filename should B<not> be the same as the input
	81	filename.
	82
a3fe382e	83	=item B<-passout arg>
af29811e	84
a3fe382e	85	the output file password source. For more information about the format of B<arg>
9b86974e	86	see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)>.
af29811e	87
fc1d88f0	88	=item B<-aes128\|-aes192\|-aes256\|-camellia128\|-camellia192\|-camellia256\|-des\|-des3\|-idea>
aba3e65f	89
fc1d88f0 RS	90	These options encrypt the private key with the specified
fc1d88f0 RS	91	cipher before outputting it. A pass phrase is prompted for.
aba3e65f	92	If none of these options is specified the key is written in plain text. This
0cd4498b	93	means that using the B<dsa> utility to read in an encrypted key with no
aba3e65f DSH	94	encryption option can be used to remove the pass phrase from a key, or by
	95	setting the encryption options it can be use to add or change the pass phrase.
	96	These options can only be used with PEM format output files.
	97
	98	=item B<-text>
	99
	100	prints out the public, private key components and parameters.
	101
	102	=item B<-noout>
	103
	104	this option prevents output of the encoded version of the key.
	105
	106	=item B<-modulus>
	107
	108	this option prints out the value of the public key component of the key.
	109
	110	=item B<-pubin>
	111
0cd4498b DSH	112	by default a private key is read from the input file: with this option a
0cd4498b DSH	113	public key is read instead.
aba3e65f DSH	114
	115	=item B<-pubout>
	116
	117	by default a private key is output. With this option a public
	118	key will be output instead. This option is automatically set if the input is
	119	a public key.
	120
bfa35550 RL	121	=item B<-engine id>
bfa35550 RL	122
e5fa864f	123	specifying an engine (by its unique B<id> string) will cause B<dsa>
bfa35550 RL	124	to attempt to obtain a functional reference to the specified engine,
	125	thus initialising it if needed. The engine will then be set as the default
	126	for all available algorithms.
	127
aba3e65f DSH	128	=back
aba3e65f DSH	129
0286d944 DSH	130	=head1 NOTES
	131
	132	The PEM private key format uses the header and footer lines:
	133
	134	-----BEGIN DSA PRIVATE KEY-----
	135	-----END DSA PRIVATE KEY-----
	136
0cd4498b DSH	137	The PEM public key format uses the header and footer lines:
	138
	139	-----BEGIN PUBLIC KEY-----
	140	-----END PUBLIC KEY-----
	141
aba3e65f DSH	142	=head1 EXAMPLES
	143
	144	To remove the pass phrase on a DSA private key:
	145
1675f6eb	146	openssl dsa -in key.pem -out keyout.pem
aba3e65f DSH	147
	148	To encrypt a private key using triple DES:
	149
1675f6eb	150	openssl dsa -in key.pem -des3 -out keyout.pem
aba3e65f DSH	151
	152	To convert a private key from PEM to DER format:
	153
1675f6eb	154	openssl dsa -in key.pem -outform DER -out keyout.der
aba3e65f DSH	155
	156	To print out the components of a private key to standard output:
	157
1675f6eb	158	openssl dsa -in key.pem -text -noout
aba3e65f DSH	159
	160	To just output the public part of a private key:
	161
1675f6eb	162	openssl dsa -in key.pem -pubout -out pubkey.pem
aba3e65f DSH	163
	164	=head1 SEE ALSO
	165
9b86974e RS	166	L<dsaparam(1)>, L<gendsa(1)>, L<rsa(1)>,
9b86974e RS	167	L<genrsa(1)>
aba3e65f DSH	168
aba3e65f DSH	169	=cut