]>
Commit | Line | Data |
---|---|---|
aba3e65f DSH |
1 | =pod |
2 | ||
3 | =head1 NAME | |
4 | ||
3f2181e6 | 5 | openssl-dsa, |
aba3e65f DSH |
6 | dsa - DSA key processing |
7 | ||
8 | =head1 SYNOPSIS | |
9 | ||
10 | B<openssl> B<dsa> | |
169394d4 | 11 | [B<-help>] |
aba3e65f DSH |
12 | [B<-inform PEM|DER>] |
13 | [B<-outform PEM|DER>] | |
14 | [B<-in filename>] | |
a3fe382e | 15 | [B<-passin arg>] |
aba3e65f | 16 | [B<-out filename>] |
a3fe382e | 17 | [B<-passout arg>] |
fc1d88f0 RS |
18 | [B<-aes128>] |
19 | [B<-aes192>] | |
20 | [B<-aes256>] | |
d42d0a4d P |
21 | [B<-aria128>] |
22 | [B<-aria192>] | |
23 | [B<-aria256>] | |
fc1d88f0 RS |
24 | [B<-camellia128>] |
25 | [B<-camellia192>] | |
26 | [B<-camellia256>] | |
aba3e65f DSH |
27 | [B<-des>] |
28 | [B<-des3>] | |
29 | [B<-idea>] | |
30 | [B<-text>] | |
31 | [B<-noout>] | |
32 | [B<-modulus>] | |
33 | [B<-pubin>] | |
34 | [B<-pubout>] | |
bfa35550 | 35 | [B<-engine id>] |
aba3e65f DSH |
36 | |
37 | =head1 DESCRIPTION | |
38 | ||
39 | The B<dsa> command processes DSA keys. They can be converted between various | |
40 | forms and their components printed out. B<Note> This command uses the | |
41 | traditional SSLeay compatible format for private key encryption: newer | |
42 | applications should use the more secure PKCS#8 format using the B<pkcs8> | |
43 | ||
3dfda1a6 | 44 | =head1 OPTIONS |
aba3e65f DSH |
45 | |
46 | =over 4 | |
47 | ||
169394d4 MR |
48 | =item B<-help> |
49 | ||
50 | Print out a usage message. | |
51 | ||
aba3e65f DSH |
52 | =item B<-inform DER|PEM> |
53 | ||
54 | This specifies the input format. The B<DER> option with a private key uses | |
55 | an ASN1 DER encoded form of an ASN.1 SEQUENCE consisting of the values of | |
56 | version (currently zero), p, q, g, the public and private key components | |
13938ace DSH |
57 | respectively as ASN.1 INTEGERs. When used with a public key it uses a |
58 | SubjectPublicKeyInfo structure: it is an error if the key is not DSA. | |
aba3e65f DSH |
59 | |
60 | The B<PEM> form is the default format: it consists of the B<DER> format base64 | |
13938ace DSH |
61 | encoded with additional header and footer lines. In the case of a private key |
62 | PKCS#8 format is also accepted. | |
aba3e65f DSH |
63 | |
64 | =item B<-outform DER|PEM> | |
65 | ||
7477c83e TM |
66 | This specifies the output format, the options have the same meaning and default |
67 | as the B<-inform> option. | |
aba3e65f DSH |
68 | |
69 | =item B<-in filename> | |
70 | ||
71 | This specifies the input filename to read a key from or standard input if this | |
72 | option is not specified. If the key is encrypted a pass phrase will be | |
73 | prompted for. | |
74 | ||
a3fe382e | 75 | =item B<-passin arg> |
af29811e | 76 | |
c4de074e | 77 | The input file password source. For more information about the format of B<arg> |
9b86974e | 78 | see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)>. |
af29811e | 79 | |
aba3e65f DSH |
80 | =item B<-out filename> |
81 | ||
82 | This specifies the output filename to write a key to or standard output by | |
83 | is not specified. If any encryption options are set then a pass phrase will be | |
84 | prompted for. The output filename should B<not> be the same as the input | |
85 | filename. | |
86 | ||
a3fe382e | 87 | =item B<-passout arg> |
af29811e | 88 | |
c4de074e | 89 | The output file password source. For more information about the format of B<arg> |
9b86974e | 90 | see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)>. |
af29811e | 91 | |
dfee8626 | 92 | =item B<-aes128>, B<-aes192>, B<-aes256>, B<-aria128>, B<-aria192>, B<-aria256>, B<-camellia128>, B<-camellia192>, B<-camellia256>, B<-des>, B<-des3>, B<-idea> |
aba3e65f | 93 | |
fc1d88f0 RS |
94 | These options encrypt the private key with the specified |
95 | cipher before outputting it. A pass phrase is prompted for. | |
aba3e65f | 96 | If none of these options is specified the key is written in plain text. This |
0cd4498b | 97 | means that using the B<dsa> utility to read in an encrypted key with no |
aba3e65f DSH |
98 | encryption option can be used to remove the pass phrase from a key, or by |
99 | setting the encryption options it can be use to add or change the pass phrase. | |
100 | These options can only be used with PEM format output files. | |
101 | ||
102 | =item B<-text> | |
103 | ||
c4de074e | 104 | Prints out the public, private key components and parameters. |
aba3e65f DSH |
105 | |
106 | =item B<-noout> | |
107 | ||
c4de074e | 108 | This option prevents output of the encoded version of the key. |
aba3e65f DSH |
109 | |
110 | =item B<-modulus> | |
111 | ||
c4de074e | 112 | This option prints out the value of the public key component of the key. |
aba3e65f DSH |
113 | |
114 | =item B<-pubin> | |
115 | ||
c4de074e | 116 | By default, a private key is read from the input file. With this option a |
0cd4498b | 117 | public key is read instead. |
aba3e65f DSH |
118 | |
119 | =item B<-pubout> | |
120 | ||
c4de074e | 121 | By default, a private key is output. With this option a public |
aba3e65f DSH |
122 | key will be output instead. This option is automatically set if the input is |
123 | a public key. | |
124 | ||
bfa35550 RL |
125 | =item B<-engine id> |
126 | ||
c4de074e | 127 | Specifying an engine (by its unique B<id> string) will cause B<dsa> |
bfa35550 RL |
128 | to attempt to obtain a functional reference to the specified engine, |
129 | thus initialising it if needed. The engine will then be set as the default | |
130 | for all available algorithms. | |
131 | ||
aba3e65f DSH |
132 | =back |
133 | ||
0286d944 DSH |
134 | =head1 NOTES |
135 | ||
136 | The PEM private key format uses the header and footer lines: | |
137 | ||
138 | -----BEGIN DSA PRIVATE KEY----- | |
139 | -----END DSA PRIVATE KEY----- | |
140 | ||
0cd4498b DSH |
141 | The PEM public key format uses the header and footer lines: |
142 | ||
143 | -----BEGIN PUBLIC KEY----- | |
144 | -----END PUBLIC KEY----- | |
145 | ||
aba3e65f DSH |
146 | =head1 EXAMPLES |
147 | ||
148 | To remove the pass phrase on a DSA private key: | |
149 | ||
1675f6eb | 150 | openssl dsa -in key.pem -out keyout.pem |
aba3e65f DSH |
151 | |
152 | To encrypt a private key using triple DES: | |
153 | ||
1675f6eb | 154 | openssl dsa -in key.pem -des3 -out keyout.pem |
aba3e65f | 155 | |
1bc74519 | 156 | To convert a private key from PEM to DER format: |
aba3e65f | 157 | |
1675f6eb | 158 | openssl dsa -in key.pem -outform DER -out keyout.der |
aba3e65f DSH |
159 | |
160 | To print out the components of a private key to standard output: | |
161 | ||
1675f6eb | 162 | openssl dsa -in key.pem -text -noout |
aba3e65f DSH |
163 | |
164 | To just output the public part of a private key: | |
165 | ||
1675f6eb | 166 | openssl dsa -in key.pem -pubout -out pubkey.pem |
aba3e65f DSH |
167 | |
168 | =head1 SEE ALSO | |
169 | ||
9b86974e RS |
170 | L<dsaparam(1)>, L<gendsa(1)>, L<rsa(1)>, |
171 | L<genrsa(1)> | |
aba3e65f | 172 | |
e2f92610 RS |
173 | =head1 COPYRIGHT |
174 | ||
1212818e | 175 | Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. |
e2f92610 | 176 | |
449040b4 | 177 | Licensed under the Apache License 2.0 (the "License"). You may not use |
e2f92610 RS |
178 | this file except in compliance with the License. You can obtain a copy |
179 | in the file LICENSE in the source distribution or at | |
180 | L<https://www.openssl.org/source/license.html>. | |
181 | ||
182 | =cut |