[thirdparty/openssl.git] / doc / man1 / dsa.pod

=pod

=head1 NAME

dsa - DSA key processing

=head1 SYNOPSIS

B<openssl> B<dsa>
[B<-help>]
[B<-inform PEM|DER>]
[B<-outform PEM|DER>]
[B<-in filename>]
[B<-passin arg>]
[B<-out filename>]
[B<-passout arg>]
[B<-aes128>]
[B<-aes192>]
[B<-aes256>]
[B<-aria128>]
[B<-aria192>]
[B<-aria256>]
[B<-camellia128>]
[B<-camellia192>]
[B<-camellia256>]
[B<-des>]
[B<-des3>]
[B<-idea>]
[B<-text>]
[B<-noout>]
[B<-modulus>]
[B<-pubin>]
[B<-pubout>]
[B<-engine id>]

=head1 DESCRIPTION

The B<dsa> command processes DSA keys. They can be converted between various
forms and their components printed out. B<Note> This command uses the
traditional SSLeay compatible format for private key encryption: newer
applications should use the more secure PKCS#8 format using the B<pkcs8>

=head1 OPTIONS

=over 4

=item B<-help>

Print out a usage message.

=item B<-inform DER|PEM>

This specifies the input format. The B<DER> option with a private key uses
an ASN1 DER encoded form of an ASN.1 SEQUENCE consisting of the values of
version (currently zero), p, q, g, the public and private key components
respectively as ASN.1 INTEGERs. When used with a public key it uses a
SubjectPublicKeyInfo structure: it is an error if the key is not DSA.

The B<PEM> form is the default format: it consists of the B<DER> format base64
encoded with additional header and footer lines. In the case of a private key
PKCS#8 format is also accepted.

=item B<-outform DER|PEM>

This specifies the output format, the options have the same meaning and default
as the B<-inform> option.

=item B<-in filename>

This specifies the input filename to read a key from or standard input if this
option is not specified. If the key is encrypted a pass phrase will be
prompted for.

=item B<-passin arg>

The input file password source. For more information about the format of B<arg>
see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)>.

=item B<-out filename>

This specifies the output filename to write a key to or standard output by
is not specified. If any encryption options are set then a pass phrase will be
prompted for. The output filename should B<not> be the same as the input
filename.

=item B<-passout arg>

The output file password source. For more information about the format of B<arg>
see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)>.

=item B<-aes128|-aes192|-aes256|-aria128|-aria192|-aria256|-camellia128|-camellia192|-camellia256|-des|-des3|-idea>

These options encrypt the private key with the specified
cipher before outputting it. A pass phrase is prompted for.
If none of these options is specified the key is written in plain text. This
means that using the B<dsa> utility to read in an encrypted key with no
encryption option can be used to remove the pass phrase from a key, or by
setting the encryption options it can be use to add or change the pass phrase.
These options can only be used with PEM format output files.

=item B<-text>

Prints out the public, private key components and parameters.

=item B<-noout>

This option prevents output of the encoded version of the key.

=item B<-modulus>

This option prints out the value of the public key component of the key.

=item B<-pubin>

By default, a private key is read from the input file. With this option a
public key is read instead.

=item B<-pubout>

By default, a private key is output. With this option a public
key will be output instead. This option is automatically set if the input is
a public key.

=item B<-engine id>

Specifying an engine (by its unique B<id> string) will cause B<dsa>
to attempt to obtain a functional reference to the specified engine,
thus initialising it if needed. The engine will then be set as the default
for all available algorithms.

=back

=head1 NOTES

The PEM private key format uses the header and footer lines:

 -----BEGIN DSA PRIVATE KEY-----
 -----END DSA PRIVATE KEY-----

The PEM public key format uses the header and footer lines:

 -----BEGIN PUBLIC KEY-----
 -----END PUBLIC KEY-----

=head1 EXAMPLES

To remove the pass phrase on a DSA private key:

 openssl dsa -in key.pem -out keyout.pem

To encrypt a private key using triple DES:

 openssl dsa -in key.pem -des3 -out keyout.pem

To convert a private key from PEM to DER format:

 openssl dsa -in key.pem -outform DER -out keyout.der

To print out the components of a private key to standard output:

 openssl dsa -in key.pem -text -noout

To just output the public part of a private key:

 openssl dsa -in key.pem -pubout -out pubkey.pem

=head1 SEE ALSO

L<dsaparam(1)>, L<gendsa(1)>, L<rsa(1)>,
L<genrsa(1)>

=head1 COPYRIGHT

Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.

Licensed under the OpenSSL license (the "License").  You may not use
this file except in compliance with the License.  You can obtain a copy
in the file LICENSE in the source distribution or at
L<https://www.openssl.org/source/license.html>.

=cut
Commit	Line	Data
aba3e65f DSH	1	=pod
	2
	3	=head1 NAME
	4
	5	dsa - DSA key processing
	6
	7	=head1 SYNOPSIS
	8
	9	B<openssl> B<dsa>
169394d4	10	[B<-help>]
aba3e65f DSH	11	[B<-inform PEM\|DER>]
	12	[B<-outform PEM\|DER>]
	13	[B<-in filename>]
a3fe382e	14	[B<-passin arg>]
aba3e65f	15	[B<-out filename>]
a3fe382e	16	[B<-passout arg>]
fc1d88f0 RS	17	[B<-aes128>]
	18	[B<-aes192>]
	19	[B<-aes256>]
d42d0a4d P	20	[B<-aria128>]
	21	[B<-aria192>]
	22	[B<-aria256>]
fc1d88f0 RS	23	[B<-camellia128>]
	24	[B<-camellia192>]
	25	[B<-camellia256>]
aba3e65f DSH	26	[B<-des>]
	27	[B<-des3>]
	28	[B<-idea>]
	29	[B<-text>]
	30	[B<-noout>]
	31	[B<-modulus>]
	32	[B<-pubin>]
	33	[B<-pubout>]
bfa35550	34	[B<-engine id>]
aba3e65f DSH	35
	36	=head1 DESCRIPTION
	37
	38	The B<dsa> command processes DSA keys. They can be converted between various
	39	forms and their components printed out. B<Note> This command uses the
	40	traditional SSLeay compatible format for private key encryption: newer
	41	applications should use the more secure PKCS#8 format using the B<pkcs8>
	42
3dfda1a6	43	=head1 OPTIONS
aba3e65f DSH	44
	45	=over 4
	46
169394d4 MR	47	=item B<-help>
	48
	49	Print out a usage message.
	50
aba3e65f DSH	51	=item B<-inform DER\|PEM>
	52
	53	This specifies the input format. The B<DER> option with a private key uses
	54	an ASN1 DER encoded form of an ASN.1 SEQUENCE consisting of the values of
	55	version (currently zero), p, q, g, the public and private key components
13938ace DSH	56	respectively as ASN.1 INTEGERs. When used with a public key it uses a
13938ace DSH	57	SubjectPublicKeyInfo structure: it is an error if the key is not DSA.
aba3e65f DSH	58
aba3e65f DSH	59	The B<PEM> form is the default format: it consists of the B<DER> format base64
13938ace DSH	60	encoded with additional header and footer lines. In the case of a private key
13938ace DSH	61	PKCS#8 format is also accepted.
aba3e65f DSH	62
	63	=item B<-outform DER\|PEM>
	64
7477c83e TM	65	This specifies the output format, the options have the same meaning and default
7477c83e TM	66	as the B<-inform> option.
aba3e65f DSH	67
	68	=item B<-in filename>
	69
	70	This specifies the input filename to read a key from or standard input if this
	71	option is not specified. If the key is encrypted a pass phrase will be
	72	prompted for.
	73
a3fe382e	74	=item B<-passin arg>
af29811e	75
c4de074e	76	The input file password source. For more information about the format of B<arg>
9b86974e	77	see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)>.
af29811e	78
aba3e65f DSH	79	=item B<-out filename>
	80
	81	This specifies the output filename to write a key to or standard output by
	82	is not specified. If any encryption options are set then a pass phrase will be
	83	prompted for. The output filename should B<not> be the same as the input
	84	filename.
	85
a3fe382e	86	=item B<-passout arg>
af29811e	87
c4de074e	88	The output file password source. For more information about the format of B<arg>
9b86974e	89	see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)>.
af29811e	90
d42d0a4d	91	=item B<-aes128\|-aes192\|-aes256\|-aria128\|-aria192\|-aria256\|-camellia128\|-camellia192\|-camellia256\|-des\|-des3\|-idea>
aba3e65f	92
fc1d88f0 RS	93	These options encrypt the private key with the specified
fc1d88f0 RS	94	cipher before outputting it. A pass phrase is prompted for.
aba3e65f	95	If none of these options is specified the key is written in plain text. This
0cd4498b	96	means that using the B<dsa> utility to read in an encrypted key with no
aba3e65f DSH	97	encryption option can be used to remove the pass phrase from a key, or by
	98	setting the encryption options it can be use to add or change the pass phrase.
	99	These options can only be used with PEM format output files.
	100
	101	=item B<-text>
	102
c4de074e	103	Prints out the public, private key components and parameters.
aba3e65f DSH	104
	105	=item B<-noout>
	106
c4de074e	107	This option prevents output of the encoded version of the key.
aba3e65f DSH	108
	109	=item B<-modulus>
	110
c4de074e	111	This option prints out the value of the public key component of the key.
aba3e65f DSH	112
	113	=item B<-pubin>
	114
c4de074e	115	By default, a private key is read from the input file. With this option a
0cd4498b	116	public key is read instead.
aba3e65f DSH	117
	118	=item B<-pubout>
	119
c4de074e	120	By default, a private key is output. With this option a public
aba3e65f DSH	121	key will be output instead. This option is automatically set if the input is
	122	a public key.
	123
bfa35550 RL	124	=item B<-engine id>
bfa35550 RL	125
c4de074e	126	Specifying an engine (by its unique B<id> string) will cause B<dsa>
bfa35550 RL	127	to attempt to obtain a functional reference to the specified engine,
	128	thus initialising it if needed. The engine will then be set as the default
	129	for all available algorithms.
	130
aba3e65f DSH	131	=back
aba3e65f DSH	132
0286d944 DSH	133	=head1 NOTES
	134
	135	The PEM private key format uses the header and footer lines:
	136
	137	-----BEGIN DSA PRIVATE KEY-----
	138	-----END DSA PRIVATE KEY-----
	139
0cd4498b DSH	140	The PEM public key format uses the header and footer lines:
	141
	142	-----BEGIN PUBLIC KEY-----
	143	-----END PUBLIC KEY-----
	144
aba3e65f DSH	145	=head1 EXAMPLES
	146
	147	To remove the pass phrase on a DSA private key:
	148
1675f6eb	149	openssl dsa -in key.pem -out keyout.pem
aba3e65f DSH	150
	151	To encrypt a private key using triple DES:
	152
1675f6eb	153	openssl dsa -in key.pem -des3 -out keyout.pem
aba3e65f	154
1bc74519	155	To convert a private key from PEM to DER format:
aba3e65f	156
1675f6eb	157	openssl dsa -in key.pem -outform DER -out keyout.der
aba3e65f DSH	158
	159	To print out the components of a private key to standard output:
	160
1675f6eb	161	openssl dsa -in key.pem -text -noout
aba3e65f DSH	162
	163	To just output the public part of a private key:
	164
1675f6eb	165	openssl dsa -in key.pem -pubout -out pubkey.pem
aba3e65f DSH	166
	167	=head1 SEE ALSO
	168
9b86974e RS	169	L<dsaparam(1)>, L<gendsa(1)>, L<rsa(1)>,
9b86974e RS	170	L<genrsa(1)>
aba3e65f	171
e2f92610 RS	172	=head1 COPYRIGHT
e2f92610 RS	173
d42d0a4d	174	Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.
e2f92610 RS	175
	176	Licensed under the OpenSSL license (the "License"). You may not use
	177	this file except in compliance with the License. You can obtain a copy
	178	in the file LICENSE in the source distribution or at
	179	L<https://www.openssl.org/source/license.html>.
	180
	181	=cut