]>
Commit | Line | Data |
---|---|---|
aba3e65f DSH |
1 | =pod |
2 | ||
3 | =head1 NAME | |
4 | ||
5 | dsa - DSA key processing | |
6 | ||
7 | =head1 SYNOPSIS | |
8 | ||
9 | B<openssl> B<dsa> | |
169394d4 | 10 | [B<-help>] |
aba3e65f DSH |
11 | [B<-inform PEM|DER>] |
12 | [B<-outform PEM|DER>] | |
13 | [B<-in filename>] | |
a3fe382e | 14 | [B<-passin arg>] |
aba3e65f | 15 | [B<-out filename>] |
a3fe382e | 16 | [B<-passout arg>] |
fc1d88f0 RS |
17 | [B<-aes128>] |
18 | [B<-aes192>] | |
19 | [B<-aes256>] | |
20 | [B<-camellia128>] | |
21 | [B<-camellia192>] | |
22 | [B<-camellia256>] | |
aba3e65f DSH |
23 | [B<-des>] |
24 | [B<-des3>] | |
25 | [B<-idea>] | |
26 | [B<-text>] | |
27 | [B<-noout>] | |
28 | [B<-modulus>] | |
29 | [B<-pubin>] | |
30 | [B<-pubout>] | |
bfa35550 | 31 | [B<-engine id>] |
aba3e65f DSH |
32 | |
33 | =head1 DESCRIPTION | |
34 | ||
35 | The B<dsa> command processes DSA keys. They can be converted between various | |
36 | forms and their components printed out. B<Note> This command uses the | |
37 | traditional SSLeay compatible format for private key encryption: newer | |
38 | applications should use the more secure PKCS#8 format using the B<pkcs8> | |
39 | ||
40 | =head1 COMMAND OPTIONS | |
41 | ||
42 | =over 4 | |
43 | ||
169394d4 MR |
44 | =item B<-help> |
45 | ||
46 | Print out a usage message. | |
47 | ||
aba3e65f DSH |
48 | =item B<-inform DER|PEM> |
49 | ||
50 | This specifies the input format. The B<DER> option with a private key uses | |
51 | an ASN1 DER encoded form of an ASN.1 SEQUENCE consisting of the values of | |
52 | version (currently zero), p, q, g, the public and private key components | |
13938ace DSH |
53 | respectively as ASN.1 INTEGERs. When used with a public key it uses a |
54 | SubjectPublicKeyInfo structure: it is an error if the key is not DSA. | |
aba3e65f DSH |
55 | |
56 | The B<PEM> form is the default format: it consists of the B<DER> format base64 | |
13938ace DSH |
57 | encoded with additional header and footer lines. In the case of a private key |
58 | PKCS#8 format is also accepted. | |
aba3e65f DSH |
59 | |
60 | =item B<-outform DER|PEM> | |
61 | ||
62 | This specifies the output format, the options have the same meaning as the | |
63 | B<-inform> option. | |
64 | ||
65 | =item B<-in filename> | |
66 | ||
67 | This specifies the input filename to read a key from or standard input if this | |
68 | option is not specified. If the key is encrypted a pass phrase will be | |
69 | prompted for. | |
70 | ||
a3fe382e | 71 | =item B<-passin arg> |
af29811e | 72 | |
a3fe382e | 73 | the input file password source. For more information about the format of B<arg> |
9b86974e | 74 | see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)>. |
af29811e | 75 | |
aba3e65f DSH |
76 | =item B<-out filename> |
77 | ||
78 | This specifies the output filename to write a key to or standard output by | |
79 | is not specified. If any encryption options are set then a pass phrase will be | |
80 | prompted for. The output filename should B<not> be the same as the input | |
81 | filename. | |
82 | ||
a3fe382e | 83 | =item B<-passout arg> |
af29811e | 84 | |
a3fe382e | 85 | the output file password source. For more information about the format of B<arg> |
9b86974e | 86 | see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)>. |
af29811e | 87 | |
fc1d88f0 | 88 | =item B<-aes128|-aes192|-aes256|-camellia128|-camellia192|-camellia256|-des|-des3|-idea> |
aba3e65f | 89 | |
fc1d88f0 RS |
90 | These options encrypt the private key with the specified |
91 | cipher before outputting it. A pass phrase is prompted for. | |
aba3e65f | 92 | If none of these options is specified the key is written in plain text. This |
0cd4498b | 93 | means that using the B<dsa> utility to read in an encrypted key with no |
aba3e65f DSH |
94 | encryption option can be used to remove the pass phrase from a key, or by |
95 | setting the encryption options it can be use to add or change the pass phrase. | |
96 | These options can only be used with PEM format output files. | |
97 | ||
98 | =item B<-text> | |
99 | ||
100 | prints out the public, private key components and parameters. | |
101 | ||
102 | =item B<-noout> | |
103 | ||
104 | this option prevents output of the encoded version of the key. | |
105 | ||
106 | =item B<-modulus> | |
107 | ||
108 | this option prints out the value of the public key component of the key. | |
109 | ||
110 | =item B<-pubin> | |
111 | ||
0cd4498b DSH |
112 | by default a private key is read from the input file: with this option a |
113 | public key is read instead. | |
aba3e65f DSH |
114 | |
115 | =item B<-pubout> | |
116 | ||
117 | by default a private key is output. With this option a public | |
118 | key will be output instead. This option is automatically set if the input is | |
119 | a public key. | |
120 | ||
bfa35550 RL |
121 | =item B<-engine id> |
122 | ||
e5fa864f | 123 | specifying an engine (by its unique B<id> string) will cause B<dsa> |
bfa35550 RL |
124 | to attempt to obtain a functional reference to the specified engine, |
125 | thus initialising it if needed. The engine will then be set as the default | |
126 | for all available algorithms. | |
127 | ||
aba3e65f DSH |
128 | =back |
129 | ||
0286d944 DSH |
130 | =head1 NOTES |
131 | ||
132 | The PEM private key format uses the header and footer lines: | |
133 | ||
134 | -----BEGIN DSA PRIVATE KEY----- | |
135 | -----END DSA PRIVATE KEY----- | |
136 | ||
0cd4498b DSH |
137 | The PEM public key format uses the header and footer lines: |
138 | ||
139 | -----BEGIN PUBLIC KEY----- | |
140 | -----END PUBLIC KEY----- | |
141 | ||
aba3e65f DSH |
142 | =head1 EXAMPLES |
143 | ||
144 | To remove the pass phrase on a DSA private key: | |
145 | ||
1675f6eb | 146 | openssl dsa -in key.pem -out keyout.pem |
aba3e65f DSH |
147 | |
148 | To encrypt a private key using triple DES: | |
149 | ||
1675f6eb | 150 | openssl dsa -in key.pem -des3 -out keyout.pem |
aba3e65f DSH |
151 | |
152 | To convert a private key from PEM to DER format: | |
153 | ||
1675f6eb | 154 | openssl dsa -in key.pem -outform DER -out keyout.der |
aba3e65f DSH |
155 | |
156 | To print out the components of a private key to standard output: | |
157 | ||
1675f6eb | 158 | openssl dsa -in key.pem -text -noout |
aba3e65f DSH |
159 | |
160 | To just output the public part of a private key: | |
161 | ||
1675f6eb | 162 | openssl dsa -in key.pem -pubout -out pubkey.pem |
aba3e65f DSH |
163 | |
164 | =head1 SEE ALSO | |
165 | ||
9b86974e RS |
166 | L<dsaparam(1)>, L<gendsa(1)>, L<rsa(1)>, |
167 | L<genrsa(1)> | |
aba3e65f DSH |
168 | |
169 | =cut |